Forgot your password?

Become a fan of Slashdot on Facebook


Wikileaks and Anonymous Join Forces Against US Intelligence Community 268

Posted by samzenpus
from the when-our-powers-combine dept.
pigrabbitbear writes "The most recent bombshell of confidential documents dropped by infamous watchdog organization Wikileaks is already looking to have an enormous impact on our understanding of government security practices. Specifically, intimate details on the long-suspected fact that the U.S. has been paying a whole lot of money to have private corporations spy on citizens, activists and other groups and individuals on their ever-expanding, McCarthy-style naughty list. But perhaps more importantly, the docs demonstrate something very interesting about the nature of U.S. government intelligence: They haven't really got much of it."

EFF's HTTPS Everywhere Detects and Warns About Cryptographic Vulnerabilities 46

Posted by samzenpus
from the protect-ya-neck dept.
Peter Eckersley writes "EFF has released version 2 of the HTTPS Everywhere browser extension for Firefox, and a beta version for Chrome. The Firefox release has a major new feature called the Decentralized SSL Observatory. This optional setting submits anonymous copies of the HTTPS certificates that your browser sees to their Observatory database allowing them to detect attacks against the web's cryptographic infrastructure. It also allows us to send real-time warnings to users who are affected by cryptographic vulnerabilities or man-in-the-middle attacks. At the moment, the Observatory will send warnings if you connect to a device has a weak private key due to recently discovered random number generator bugs."

Vendors Take Blame For Most Data Center Incidents 57

Posted by samzenpus
from the who's-to-blame dept.
dcblogs writes "External forces who work on the customer's data center or supply equipment to it, including manufacturers, vendors, factory representatives, installers, integrators, and other third parties were responsible for 50% to 60% of abnormal incidents reported in a data center, according to Uptime Institute, which has been collecting data since 1994. Over the last three years, Uptime found that 34% of the abnormal incidents in 2009 were attributed to operations staff, followed by 41% in 2010, and 40% last year. Some 5% to 8% of the incidents each year were tied to things like sabotage, outside fires, other tenants in a shared facility. But when an abnormal incident leads to a major outage that causes a data center failure, internal staff gets the majority of blame. 'It's the design, manufacturing, installation processes that leave banana peels behind and the operators who slip and fall on them,' said Hank Seader, managing principal research and education at Uptime."

Torvalds Calls OpenSUSE Security 'Too Intrusive' 311

Posted by Unknown Lamer
from the permission-denied dept.
jfruh writes "The balance between security and ease of use is always a tricky one to strike, and Linux distros tend to err on the side of caution. But no less a luminary than Linus Torvalds thinks openSUSE has gone too far. When his kid needed to call from school for the root password just so he could add a printer to a laptop, that's when Linus decided things had gone off the rails."

GNOME 3.4 Preview 144

Posted by Unknown Lamer
from the needs-more-wasted-space dept.

A couple of days ago, GNOME released the first beta of version 3.4. Designer Allan Day has posted a tour of the major interface changes. Some of them seem good (everything looks shiny and clean), but some of them seem questionable. The big thing to take from this release cycle appears to be improvements to the underlying technology that might help other window managers take advantage of the GNOME 3 infrastructure (leading to a world where hackers, tablet users, and grandma can all get along).


What The DHS Is Looking For In Your Posts 278

Posted by Unknown Lamer
from the extreme-militia-rand-somalia-cheney-aid-missles dept.
New submitter lister king of smeg writes "As we all know The Department of Homeland Security monitors social networks,in an attempt to expose 'Items Of Interest.' As it turns out many terms including seemingly benign words such as flu, agent, response, cops drill, etc are on the list of words that set off warning bells for the government spooks. Many of the terms make sense ..., but there are some real stupid ones on the list to like 'social network' ... [according to a] list of key words provided to a DHS contractor that were released by EPIC."

Ask Slashdot: Best Practices For Leaving an IT Admin Position? 290

Posted by Soulskill
from the many-bosses-are-panicking-while-reading-this dept.
An anonymous reader writes "I've been the server admin at a university for the past five years. Recently, I was given the chance to move from servers to networking, and I jumped at it. I now find myself typing up all my open-ended projects, removing certain scripts and stopping others. What would the community recommend as best practices for passing on administration of some servers? I am trying to avoid a phone call that results in me having to remote in, explain something, jog to the other side of campus to access the machine, etc. Essentially, I'm trying to cover all my bases so any excuse my replacement has to call me is seen as nothing but laziness or incompetence. I am required to give him a day of training to show him where everything is on the servers (web and database), and during that day I'm going to have him change all the passwords. But aside from locking myself out and knowing what is where, what else should I be doing?"

How To Sneak In To a Security Conference 189

Posted by Soulskill
from the equip-yourself-with-a-fake-beard dept.
jfruh writes "You'd think that, of all events, security conferences would have tight security. But one anonymous human pen tester managed to sneak into the RSA conference without credentials, using tried and true techniques like waving a badge from another conference at security guards and slipping in through exits."

Google Offers $1 Million For Chrome Exploits 63

Posted by Soulskill
from the making-them-an-offer-they-can't-refuse dept.
PatPending writes with news that Google will be offering up to $1 million for the discovery of new exploits in their Chrome browser. This comes as part of the CanSecWest security conference, and the rewards will be broken down into categories: $60,000 for an exploit using only Chrome bugs, $40,000 for an exploit using a Chrome bug in conjunction with other bugs, and $20,000 for exploits that affect Chrome (and other browsers) but are due to bugs in other software, like Flash, Windows, or drivers. Google had originally planned to offer rewards through the Pwn2Own competition, but they were concerned by the contest rules: "Unfortunately, we decided to withdraw our sponsorship when we discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits (or even all of the bugs used!) to vendors. Full exploits have been handed over in previous years, but it’s an explicit non-requirement in this year’s contest, and that’s worrisome. ... We guarantee to send non-Chrome bugs to the appropriate vendor immediately."

Harris Exits Cloud Hosting, Citing Fed Server Hugging 95

Posted by timothy
from the sell-your-stock-in-the-less-efficient-agencies dept.
miller60 writes "Despite the publicity around the U.S. Government's 'Cloud First' approach to IT, many agencies are reluctant to shift mission critical assets to third-party facilities. That's the analysis from Harris Corp., which has decided to get out of the cloud hosting business and sell a data center in Virginia, just two years after it spent $200 million to build and equip it. 'It's becoming clear that customers, both government and commercial, currently have a preference for on-premise versus off-premise solutions,' said Harris' CEO."

Vatican Attack Provides Insight Into Anonymous 355

Posted by samzenpus
from the casting-the-first-e-stone dept.
Hugh Pickens writes "John Markoff writes that an unsuccessful campaign against the Vatican by Anonymous, which did not receive wide attention at the time, provides a rare glimpse into the recruiting, reconnaissance, and warfare tactics used by the shadowy hacking collective and may be the first end-to-end record of a full Anonymous attack. The attack, called Operation Pharisee in a reference to the sect that Jesus called hypocrites, was initially organized by hackers in South America and Mexico and was designed to disrupt Pope Benedict XVI's visit to Madrid in August 2011 for World Youth Day and draw attention to child sexual abuse by priests. First the hackers spent weeks spreading their message through their own website and social sites like Twitter and Flickr calling on volunteers to download free attack software and imploring them to 'stop child abuse' by joining the cause. It took the hackers 18 days to recruit enough people, then a core group of roughly a dozen skilled hackers spent three days poking around the church's World Youth Day site looking for common security holes that could let them inside. In this case, the scanning software failed to turn up any gaps so the hackers turned to a brute-force approach of a distributed denial-of-service, On the first day, the denial-of-service attack resulted in 28 times the normal traffic to the church site, rising to 34 times the next day but did not crash the site. 'Anonymous is a handful of geniuses surrounded by a legion of idiots,' says Cole Stryker, an author who has researched the movement. 'You have four or five guys who really know what they're doing and are able to pull off some of the more serious hacks, and then thousands of people spreading the word, or turning their computers over to participate in a DDoS attack.'"

Australia's Telstra Requires Fibre Customers To Use Copper Telephone 217

Posted by timothy
from the v8-and-a-buggywhip dept.
daria42 writes "Progress is happening rapidly in Australia, with the country's government continuing to roll out a nation-wide fibre network. However, the country's major telco Telstra doesn't appear to have quite gotten the message. Releasing its first National Broadband Network fibre broadband plans today, the telco stipulated that fibre customers will still be forced to make phone calls over the telco's existing copper network. Yup, that's right — fibre to people's houses, but phone calls over the copper network. Progress."

WikiLeaks Begins Releasing Stratfor Internal Emails 220

Posted by timothy
from the why-are-they-so-mean? dept.
owenferguson writes "WikiLeaks has begun leaking a cache of over 5 million internal emails from the the Texas-headquartered 'global intelligence' company Stratfor. The emails date from between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal's Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the U.S. Department of Homeland Security, the U.S. Marines and the U.S. Defense Intelligence Agency. The associated news release can be found on pastebin."

Ask Slashdot: How Do You Install Ubuntu On 30 Laptops and Keep Them In Sync? 202

Posted by timothy
from the not-gonna-pay-a-lot-for-this-muffler dept.
New submitter spadadot writes "I am setting up a new event in France (Open du Web), where between 15 and 30 laptops running Ubuntu Linux will be available. They came with Windows preinstalled and it must stay for other purposes. I'd like to take care of only one of them (resize the hard drive, install Ubuntu, add additional software and apply custom settings) and effortlessly replicate everything to the others including hard drive resizing (unattended installation). After replicating, what should I do if I need to install new software or change some settings without manually repeating the same task on each one of them? Should I look into FAI, iPXE, Clonezilla, OCS Inventory NG? Other configuration management software? I would also like to reset the laptops to the original environment after the event."
Operating Systems

DragonFly BSD 3.0 Released 102

Posted by timothy
from the it's-full-of-bug dept.
An anonymous reader writes with word of the release earlier this week, after eight months of development, of DragonFly BSD 3.0. The release includes improved scalability through finer-grained locking, improvements to the HAMMER file system in low-memory configurations, and a TrueCrypt-compatible disk encryption system. DragonFly is an installable system, but it can also be run live from CD, DVD, or USB key.

Organic chemistry is the chemistry of carbon compounds. Biochemistry is the study of carbon compounds that crawl. -- Mike Adams