The man called jail employees and posed as local IT staffers, tricking some into accessing a website, and downloading and installing malware under the guise of a jail system upgrade. Once the man (Konrads Voits) had access to this data, investigators said he accessed the XJail system, searched and accessed the records of several inmates, and modified at least one entry "in an effort to get that inmate released early." Jail employees noticed the modification right away and alerted the FBI. The man as arrested a month later and is now awaiting sentencing (maximum 10 years and a fine of up to $250,000).
In December 2016, Congress passed the Better Online Ticket Sales (BOTS) Act, which Schumer sponsored, to crack down on their use to buy concert tickets, but the measure doesn't apply to other consumer products. He wants that law expanded but knows that won't happen in time for this holiday season. In the meantime, Schumer wants the National Retail Federation and the Retail Industry Leaders Association to block the bots and lead the effort to stop them from buying toys at fair retail prices and then reselling them at outrageous markups.
At least three Dell computers can be configured with an "Intel vPro -- ME Inoperable, Custom Order" option, although you'll have to pay a little extra for those configurations... While Intel doesn't officially provide an option to disable its Management Engine, independent security researchers have discovered methods for doing that and we're starting to see PC makers make use of those methods.
The option appears to be available on most of Dell's Latitude laptops (from the 12- to 15-inch screens), including the 7480, 5480, and 5580 and the Latitude 14 5000 Series (as well as several "Rugged" and "Rugged Extreme" models).
Dell is charging anywhere from $20.92 to $40 to disable Intel's Management Engine.
The original submission also says StartCom sent an email to all their former customers -- including customers of their free StartSSL certificates -- announcing their intentions. As you are surely aware, the browser makers distrusted StartCom around a year ago and therefore all the end entity certificates newly issued by StartCom are not trusted by default in browsers.
The browsers imposed some conditions in order for the certificates to be re-accepted. While StartCom believes that these conditions have been met, it appears there are still certain difficulties forthcoming. Considering this situation, the owners of StartCom have decided to terminate the company as a Certification Authority as mentioned in Startcoms website.
StartCom will stop issuing new certificates starting from January 1st, 2018 and will provide only CRL and OCSP services for two more years. StartCom would like to thank you for your support during this difficult time.
Of all changes, the most significant is, by far, the support for Argon2, a password hashing algorithm developed in the early 2010s. Back in 2015, Argon2 beat 23 other algorithms to win the Password Hashing Competition, and is now in the midst of becoming a universally recognized Internet standard at the Internet Engineering Task Force (IETF), the reward for winning the contest. The algorithm is currently considered to be superior to Bcrypt, today's most widely used password hashing function, in terms of both security and cost-effectiveness, and is also slated to become a favorite among cryptocurrencies, as it can also handle proof-of-work operations.
The other major change in PHP 7.2 was the removal of the old Mcrypt cryptographic library from the PHP core and the addition of Libsodium, a more modern alternative.
Allcock's discovery that more money is being used by Stanford to entice the best students with financial backgrounds suggests an admissions strategy that helps the school achieve the highest starting compensation packages of any MBA program in the world. That is largely because prior work experience in finance is generally required to land jobs in the most lucrative finance fields in private equity, venture capital and hedge funds.
Half the school's students are awarded financial aid, and though Stanford always insisted it was awarded based only on need, the report concluded the school had been "lying to their faces" for more than a decade, also identifying evidece of "systemic biases against international students."
Besides the embarrassing exposure of their financial aid policies, there's another obvious lesson, writes Slashdot reader twentysixV. "It's actually way too easy for users to improperly secure their files in a shared file system, especially if the users aren't particularly familiar with security settings." Especially since Friday the university also reported another university-wide file-sharing platform had exposed "a variety of information from several campus offices, including Clery Act reports of sexual violence and some confidential student disciplinary information from six to 10 years ago."
"The individuals on these lists are guaranteed money," said a Republican fundraiser. "They will give. These are not your regular D.C. PAC list"... The list has helped the NRCC raise over $77 million this year to defend the House in 2018... Though the House and Senate campaign arms share the similar goal of electing Republican candidates and often coordinate strategy in certain states, they operate on distinct tracks and compete for money from small and large donors.
Long-time Slashdot reader SethJohnson says the data breach "is the result of poor deprovisioning policies within the House Republican Campaign Committee -- allowing staff logins to persist after a person has left the organization."
NRCC officials who learned of the breach "are really pissed," one source told the site.
"In each of the cases, the satellite did not reach its desired orbit," reports Ars Technica, adding "As the country's heritage rockets and upper stages continue to age, the concern is that the failure rate will increase."
Public-key cryptography relies on pairs of keys, one public and one private, which are used to authenticate users and verify their encrypted transactions. Bitcoin users are represented on the blockchain by strings of characters called addresses, which are derived from their public keys. The "wallet" applications they use to hold and exchange digital coins are essentially management systems for their private keys. Just like a real wallet, they can also hold credentials that serve as proof of identification, says Reed. Using a smartphone or some other device, a person could use a wallet-like application to manage access to these credentials. But will regular consumers buy in? Technologists will need to create a form factor and user experience compelling enough to convince them to abandon their familiar usernames and passwords, says Meltem Demirors, development director at Digital Currency Group, an investment firm that funds blockchain companies. The task calls for reinforcements, she says: "The geeks are working on it right now, but we need the designers, we need the sociologists, and we need people who study ethics of technology to participate."
"We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers," Sen. Bill Nelson, D-Fla., said in a statement. "Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what's best for consumers, the choice is clear."
"It's utterly confounding," said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. "You've got to tell your people. You've got to protect your people." The FBI declined to answer most questions from AP about how it had responded to the spying campaign... A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on timing but said that the bureau was overwhelmed by the sheer number of attempted hacks... A few more were contacted by the FBI after their emails were published in the torrent of leaks that coursed through last year's electoral contest. But to this day, some leak victims have not heard from the bureau at all.
Here's an interesting statistic from the AP's analysis. "Out of 312 U.S. military and government figures targeted by Fancy Bear, 131 clicked the links sent to them."
Based on my own experience, Fidelity now enables MyVoice automatically for its customers who call in for other reasons. Apparently, their conversation with Fidelity customer service provides enough data for MyVoice to recognize them. (Customers are informed afterward that MyVoice has been enabled, and they can opt out, although they aren't told that opting out is possible.)
It's not clear whether Fidelity is creating voice profiles of their customers without asking first. (Fidelity's site says only that their representatives will "offer" to enroll you the next time you call.) But the original submission ends with two more questions. "In an era where Apple's face recognition is easily defeated by family members, is voice recognition any more secure?"
And "Is a 'voiceprint' even possible?"
Do they just want to say they advertised for the position, or are they really so immensely stupid, so disconnected from their own needs, that they think they are actually asking for something they can have...? Here is a Harvard Study that addresses one particular angle of this. It doesn't answer any questions, but it does prove that you aren't crazy. And it quantifies the craziness.
The study's author calls it "degree inflation," and after studying 26 million job postings concluded that employers are now less willing to actually train new people on the job, possibly to save money. "Many companies have fallen into a lazy way of thinking about this," the study's author tells The Street, saying companies are "[looking for] somebody who is just job-ready to just show up." The irony is that college graduates will ultimately be paid a higher salary -- even though for many jobs, the study found that a college degree yields zero improvement in actual performance.
The Street reports that "In a market where companies increasingly rely on computerized systems to cull out early-round applicants, that has led firms to often consider a bachelor's degree indicative of someone who can socialize, run a meeting and generally work well with others." One company tells them that "we removed the requirement to have a computer science degree, and we removed the requirement to have experience in development computer programming. And when we removed those things we found that the pool of potential really good team members drastically expanded."
JPCERT's warning says that the attacker must be on the same LAN to impersonate you, though "as a result, there is a possibility that an arbitrary operation may be conducted."
Though most of the suggestions cost little or nothing to implement and will strike security professionals as common sense, notorious attacks including the leak of the emails of Hillary Clinton's campaign chair, John Podesta, have succeeded because basic security practices were not followed... "We heard from campaigns that there is nothing like this that exists," said Debora Plunkett, a 31-year veteran of the National Security Agency who joined the Belfer Center this year. "We had security experts who understood security and election experts who understood campaigns, and both sides were eager to learn how the other part worked."
The group includes "top security experts" from both Google and Facebook.