×
Security

Adobe Changes Its Tune On Forcing Paid Upgrade To Fix Security Flaws 90

Posted by Soulskill from the give-the-people-what-they-scream-about dept.
wiredmikey writes with a followup to Thursday's news that Adobe was recommending paid software upgrades in lieu of fixing security holes in some of its applications. After receiving criticism for the security bulletin, Adobe changed its mind and announced that it's developing patches to fix the vulnerabilities. "Developing a patch, especially for three different applications, can be costly and time consuming. Developing these patches consumes development resources, then must run through a QA process, and the patch needs to be communicated and distributed to users. And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial. For a popular product that was just over two years old, providing a fix to address a serious security flaw its what customers deserve. And while Adobe may have originally tried to sneak by without addressing the issue and pushing users to upgrade to its new product, the company made the right move in the end."
Security

Ask Slashdot: Open Source Multi-User Password Management? 198

Posted by timothy from the login-admin-password-blank dept.
An anonymous reader writes "I work in a network environment that requires multiple people to have access to numerous Wireless Access Keys, iTunes/iCloud accounts/passwords, hardware appliance logins, etc. I'm attempting to replace the ever popular 'protected' excel spreadsheet that exists in almost every network with all usernames and passwords just waiting to be discovered. Are there any open source, multi-user, secure and preferably Linux-based password management tools that the Slashdot community would recommend?"
Government

US Grabs More Domain Names, $1.4M From Online Counterfeit Operations 69

Posted by timothy from the business-as-increasingly-usual dept.
coondoggie writes "According to court documents, investigation by federal law enforcement agents revealed that subjects whose domain names had been seized in a November 2010 operation continued to sell counterfeit goods using new domain names. In particular, the individuals, based in China, sold counterfeit professional and collegiate sports apparel, primarily counterfeit sports jerseys." So now the government has again taken over a swathe of domain names used in crime.
Government

Senator Seeks More Info On DOJ Location Tracking Practices 35

Posted by Soulskill from the he-knows-when-you've-been-bad-or-good dept.
Gunkerty Jeb writes "Senator Al Franken (D-MN) is demanding answers to questions about the U.S. Department of Justice practice of gathering data from wireless providers in order to monitor individuals' movements using mobile phone location data. In a letter (PDF) to Attorney General Eric Holder, Franken said, 'I was further concerned to learn that in many cases, these agencies appear to be obtaining precise records of individuals' past and current movements from carriers without first obtaining a warrant for this information. I think that these actions may violate the spirit if not the letter of the Jones decision.'"
Google

Court Rules NSA Doesn't Have To Confirm Or Deny Secret Relationship With Google 119

Posted by Soulskill from the mum's-the-word dept.
Sparrowvsrevolution writes "A DC appeals court has ruled that the National Security Agency doesn't need to either confirm or deny its secret relationship with Google in response to a Freedom of Information Act (FOIA) request and follow-up lawsuit filed by the Electronic Privacy Information Center. The NSA cited a FOIA exemption that covers any documents whose exposure might hinder the NSA's national security mission, and responded to EPIC with a 'no comment.' Beyond merely rejecting the FOIA request, the court has agreed with the NSA that it has the right to simply not respond to the request, as even a rejection of the request might reveal details of a suspected relationship with Google that it has sought to keep secret. Google was reported to have partnered with the NSA to bolster its defenses against hackers after its breach by Chinese cyberspies in early 2010. But to the dismay of privacy advocates who fear the NSA's surveillance measures coupled with Google's trove of data, the company has never explained the details of that partnership."
Security

New .secure Internet Domain On Tap 129

Posted by Soulskill from the it-says-so-right-in-the-url dept.
CowboyRobot writes "A new top-level domain (TLD) in the works for the Internet will bake security in from the outset: The .secure domain will require fully encrypted HTTPS sessions and a comprehensive vetting process for websites and their operators. If the new domain takes off, it could shift the way Web domains are secured. ICANN is expected to sign off on .secure, and for the new TLD to be up and running June or July 2013."
Security

Adobe Introduces the Paid Security Fix 392

Posted by timothy from the sure-would-be-a-shame-if-somethin'-was-ta-happen dept.
Nimey writes "Adobe has posted a security bulletin for Photoshop CS5 for Windows and OSX. It seems there is a critical security hole that will allow attackers to execute arbitrary code in the context of the user running the affected application. Adobe's fix? You need to pay to upgrade to Photoshop CS6. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources."
Security

New York City Pushes Plan To Prevent Cyberattacks On Elevators, Boilers 171

Posted by timothy from the what-about-egg-poachers-and-escalators? dept.
coondoggie writes "Imagine what would happen if an attacker broke into the network for the industrial control systems for New York City's elevators and boiler systems and decided to disrupt them, imperiling the lives of hundreds of thousands of residents relying on them. Think it could never happen? Think again. 'You could increase the speed of how elevators go up or down,' says Steve Ramirez, business analyst, analysis and communications in the Office of the CIO of the New York City Housing Authority, which provides public housing for low- to moderate-income families in the five boroughs of the city. And if attackers ever successfully penetrated the network-based industrial control systems for the boilers, they could raise the heat levels for municipal boilers, causing them to explode." Maybe Bruce Schneier could run a new movie-scenario contest about ways this could play out.
Security

Apple Auto-Disables Old Flash Players In Mac OS X 10.7.4 155

Posted by timothy from the for-your-own-good dept.
wiredmikey writes "Just released, and coming in at 370 MB in size, the Mac OS X 10.7.4 update includes general OS fixes, and addresses more than 30 security vulnerabilities. But aside from typical security fixes, Apple has made an interesting move in an effort to protect users. Through this latest software update, Safari 5.1.7 will now automatically disable older — and typically more vulnerable — versions of the Adobe Flash player. While many software vendors would prefer OS makers to keep their hands off their software, the move appears to be welcomed by Adobe, which has constantly battled vulnerabilities in its widely installed Flash Player."
Music

Pirate Bay Criticizes Anonymous' Attack On Virgin 89

Posted by timothy from the leave-that-virgin-alone! dept.
judgecorp writes "Anonymous launched a DDoS attack on Virgin Media, apparently in protest at Virgin's decision to block the Pirate Bay. Now the Pirate Bay has criticized Anonymous, saying it doesn't support DDoS as a form of protest. The statement is interesting, given that Anonymous has been attacking music industry sites and other targets for some years, saying it is in support of the Pirate Bay."
Security

North Korea Jamming GPS Signals In South Korea 290

Posted by samzenpus from the no-directions-for-you dept.
Fluffeh writes "North Korea has been looking for new and inventive ways to mess with South Korea. It seems that their missile launch fizzled a bit though, so those wacky folks from the North have bought a few GPS jamming trucks from Russia and are now blocking GPS signals around their city of Kaeson. While Kaeson is around 60 Km inside their borders, the jamming circle is around 100 Km, so it actually covers good parts of South Korea including the airports at Inchon and Gimpo. While no accidents have been caused as yet, it has caused quite some disruption and has made ocean going craft suffer as well due to their heavy reliance on GPS signals."
Privacy

Homeland Security: New Body Scanners Have Issues 181

Posted by Soulskill from the many-tax-dollars-were-spent-to-reach-this-conclusion dept.
Fluffeh writes "Although the DHS has spent around $90 million upgrading magnetometers to the new body scanners, federal investigators 'identified vulnerabilities in the screening process' at domestic airports using the new machines, according to a classified internal Department of Homeland Security report. Exactly how bad the body scanners are is not being divulged publicly, but the Inspector General's report (PDF) made eight separate recommendations on how to improve screening. To quiet privacy concerns, the authorities are also spending $7 million to 'remove the human factor from the image review process' and replace the passenger's image with an avatar."
Java

Why You Can't Dump Java (Even Though You Want To) 402

Posted by Soulskill from the i-think-the-EPA-frowns-on-that dept.
snydeq writes "Since so many recent exploits have used Java as their attack vector, you might conclude Java should be shown the exit, but the reality is that Java is not the problem, writes Security Advisor's Roger Grimes. 'Sure, I could opt not to use those Java-enabled services or install Java and uninstall when I'm finished. But the core problem isn't necessarily Java's exploitability; nearly all software is exploitable. It's unpatched Java. Few successful Java-related attacks are related to zero-day exploits. Almost all are related to Java security bugs that have been patched for months (or longer),' Grimes writes. 'The bottom line is that we aren't addressing the real problems. It isn't a security bug here and there in a particular piece of software; that's a problem we'll never get rid of. Instead, we allow almost all cyber criminals to get away with their Internet crime without any penalty. They almost never get caught and punished. Until we solve the problem of accountability, we will never get rid of the underlying problem.'"
Transportation

TSA's mm-Wave Body Scanner Breaks Diabetic Teen's $10K Insulin Pump 811

Posted by Soulskill from the terrorists-are-known-to-have-insulin dept.
OverTheGeicoE writes "Savannah Barry, a Colorado teenager, was returning home from a conference in Salt Lake City. She is a diabetic and wears an insulin pump to control her insulin levels 24/7. She carries documentation of her condition to assist screeners, who usually give her a pat-down search. This time the screeners listened to her story, read her doctor's letter, and forced her to go through a millimeter-wave body scanner anyway. The insulin pump stopped working correctly, and of course, she was subjected to an invasive manual search. 'My life is pretty much in their hands when I go through a body scan with my insulin pump on,' she says. She wants TSA screeners to have more training. Was this a predictable outcome, considering that no one outside TSA has access to millimeter-wave scanners for testing? Would oversight from the FDA or FCC prevent similar incidents from happening in the future?"
Facebook

Facebook Spammers Make $20M, Get $100K Fine 74

Posted by timothy from the bad-work-if-you-can-get-it dept.
jfruh writes "Adscend Media, which has been making up to $20M a year from so-called 'likejacking' spam on Facebook, has reached an agreement with the Attorney General of Washington to stop those activities and pay $100,000 in court costs. Among other nefarious techniques, Adscend would overlay Facebook 'like' buttons with provocative photos to spread links to ads from which Adscend would earn referral fees. Adscend also settled out of court with Facebook for an undisclosed amount."
Security

DHS Asked Gas Pipeline Firms To Let Attackers Lurk Inside Networks 114

Posted by Soulskill from the what-could-possibly-go-wrong dept.
wiredmikey writes "According to reports, which were confirmed Friday by ICS-CERT (PDF), there has been an active cyber attack campaign targeting the natural gas industry. However, it's the advice from the DHS that should raise some red flags. 'There are several intriguing and unusual aspects of the attacks and the U.S. response to them not described in Friday's public notice,' Mark Clayton wrote. 'One is the greater level of detail in these alerts than in past alerts. Another is the unusual if not unprecedented request to leave the cyber spies alone for a little while.' According to the source, the companies were 'specifically requested in a March 29 alert not to take action to remove the cyber spies if discovered on their networks, but to instead allow them to persist as long as company operations did not appear to be endangered.' While the main motive behind the request is likely to gain information on the attackers, letting them stay close to critical systems is dangerous. The problem lies in the complexities of our critical infrastructures and the many highly specialized embedded systems that comprise them."
Networking

IEEE Approves Revision of Wireless LAN Standard 61

Posted by Soulskill from the we-live-in-exciting-times dept.
An anonymous reader writes "IEEE announced the publication of IEEE 802.11-2012, which defines the technology for the world's premier wireless LAN products. The new IEEE 802.11-2012 revision has been expanded significantly by supporting devices and networks that are faster and more secure, while offering improved Quality of Service and improved cellular network hand-off. The standard's relevance continues to expand with the emergence of new applications, such as the smart grid, which augments the facility for electricity generation, distribution, delivery and consumption with a two-way, end-to-end network for communications and control."
Programming

Ask Slashdot: What Language Should a Former Coder Dig Into? 530

Posted by samzenpus from the getting-your-chops-back dept.
An anonymous reader writes "I was a consultant for nearly 20 years and I got into projects where I had to work with a huge variety of software, operating systems, hardware, programming languages, and other assorted technologies. After retiring from that I have spent the last 10 years in a completely different sector. Now I find myself wanting to really focus on coding for personal reasons. You can imagine how out-of-touch I am since I never really was more than a hack to begin with. I can learn syntax and basics in a weekend, question is, what Language should I become native to? Never liked anything 'lower-level' than C, and I don't have the funds to 'buy' my development environment....help me Slashdot, you're my only hope."
Bug

Apple Security Blunder Exposes Lion Login Passwords In Clear Text 205

Posted by samzenpus from the whoops dept.
An anonymous reader writes "An Apple programmer, apparently by accident, left a debug flag open in the most recent version of its Mac OS X operating system. In specific configurations, applying the OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. The passwords are stored in clear text."
Censorship

Facebook Says It's Filtering Comments For Spam, Not Censoring Them 155

Posted by timothy from the you're-not-worthy-you're-not-worthy dept.
bhagwad writes "Apparently Robert Scoble tried to post a long comment on Facebook only to have a message pop up saying 'This comment seems irrelevant or inappropriate and can't be posted. To avoid having your comments blocked, please make sure they contribute to the post in a positive way.' If true, this is huge. For one the self-moderating system of comments has always been the rule so far. And with countries like India rooting for the pre-screening of content and comments, is Facebook thinking of caving into these demands?" Facebook says there's a more innocuous explanation: namely, that the comment triggered a spam filter.

Slashdot Top Deals