×
Facebook

Facebook Changes Privacy Policies, Scraps User Voting 119

Posted by samzenpus from the read-it-and-weep dept.
Orome1 writes "The voting period for the proposed changes to Facebook's Statement of Rights and Responsibilities and Data Use Policy has ended on Monday, and despite the email sent out to the users asking them to review the changes and cast their vote, less than one percent of all users have done so. 'An external auditor has reviewed and confirmed the final results. Of the 668,872 people who voted, 589,141 recommended we keep our existing SRR and Data Use Policy,' stated Elliot Schrage, Facebook's vice president of communications, public policy, and marketing. Still, that is not nearly enough to prevent the proposed changes — as required by Facebook, at least 30 percent of the users should have voted against them in order to keep the previous versions of the policies. Schrage pointed out that that the whole experience illustrated the clear value of Facebook's notice and comment process."
Internet Explorer

IE Flaw Lets Sites Track Your Mouse Cursor, Even When You Aren't Browsing 149

Posted by Soulskill from the now-everybody-knows-your-goofy-little-mouse-movements dept.
An anonymous reader writes "A new Internet Explorer vulnerability has been discovered that allows an attacker to track your mouse cursor anywhere on the screen, even if the browser isn't being actively used. 'Whilst the Microsoft Security Research Center has acknowledged the vulnerability in Internet Explorer, they have also stated that there are no immediate plans to patch this vulnerability in existing versions of the browser. It is important for users of Internet Explorer to be made aware of this vulnerability and its implications. The vulnerability is already being exploited by at least two display ad analytics companies across billions of page impressions per month.' All supported versions of Microsoft's browser are reportedly affected: IE6, IE7, IE8, IE9, and IE10."
Google

Zero Day Hole In Samsung Smart TVs Could Have TV Watching You 249

Posted by Unknown Lamer from the put-some-pants-on-man dept.
chicksdaddy writes with news of a remote exploit in Samsung Smart TVs, and a warning for those who got one with a built-in camera. From the article: "The company that made headlines in October for publicizing zero day holes in SCADA products now says it has uncovered a remotely exploitable security hole in Samsung Smart TVs. If left unpatched, the vulnerability could allow hackers to make off with owners' social media credentials and even to spy on those watching the TV using built-in video cameras and microphones. In an e-mail exchange with Security Ledger, the Malta-based firm said that the previously unknown ('zero day') hole affects Samsung Smart TVs running the latest version of the company's Linux-based firmware. It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing a compromised set."
Upgrades

Linux Nukes 386 Support 464

Posted by Unknown Lamer from the upgrade-time dept.
sfcrazy writes with news that Linus pulled a patch by Ingo Molnar to remove support for the 386 from the kernel. From Ingo's commit log: "Unfortunately there's a nostalgic cost: your old original 386 DX33 system from early 1991 won't be able to boot modern Linux kernels anymore. Sniff." Linus adds: "I'm not sentimental. Good riddance."
Education

Hacked Review System Leads To Fake Reviews and Retraction of Scientific Papers 67

Posted by Unknown Lamer from the too-good-to-review dept.
dstates writes "Retraction Watch reports that fake reviewer information was placed in Elsevier's peer review database allowing unethical authors to review their own or colleagues manuscripts. As a result, 11 scientific publications have been retracted. The hack is particularly embarrassing for Elsevier because the commercial publisher has been arguing that the quality of its review process justifies its restrictive access policies and high costs of the journals it publishes."
Communications

Text Message Spammer Wants FCC To Declare Spam Filters Illegal 338

Posted by Soulskill from the hello-sir-madam dept.
TCPALaw writes "ccAdvertising, a company purported to have 'a long, long, long history of pumping spam out of every telecommunications orifice, and even boasting of voter suppression' has asked the FCC to declare spam filters illegal. Citing Free Speech rights, the company claims wireless carriers should be prohibited from employing spam filters that might block ccAdvertising's political spam. Without stating it explicitly, the filing implies that network neutrality must apply to spam, so the FCC must therefore prohibit spam filters (unless political spam is whitelisted). In an earlier filing, the company suggests it is proper that recipients 'bear some cost' of unsolicited political speech sent to their cell phones. The public can file comments with the FCC on ccAdvertising's filing online."
Security

Malicious QR Codes Posted Where There's Lots of Foot Traffic 89

Posted by Soulskill from the neither-idiotproof-nor-jerkproof dept.
Orome1 writes "QR codes are very handy for directing users to specific sites by simply scanning them with their smartphones. But the ease with which this technology works has also made it a favorite of malware peddlers and online crooks, who have taken to including QR codes that lead to malicious sites in spam emails. They have also begun using the same tactic in the physical world, by printing out the malicious QR codes on stickers and affixing them on prominent places in locations where there is a lot of foot traffic. According to Symantec Hosted Services director Warren Sealey, these locations include airports and city centers, where the crooks stick them over genuine QR codes included in advertisements and notices, and most likely anywhere a person might look and be tempted to scan them."
Chrome

Google Sync Clobbers Chrome Browsers 102

Posted by timothy from the browser-is-the-network-is-the-computer dept.
If you use Chrome along with Google's Sync, you may have noticed something strange Monday: normally stable Chrome crashing. An article at Wired (excerpt below) explains why: "Late Monday, Google engineer Tim Steele confirmed what developers had been suspecting. The crashes were affecting Chrome users who were using another Google web service known as Sync, and that Sync and other Google services — presumably Gmail too — were clobbered Monday when Google misconfigured its load-balancing servers. ... Steele wrote in a developer discussion forum, a problem with Google's Sync servers kicked off an error on the browser, which made Chrome abruptly shut down on the desktop. 'It's due to a backend service that sync servers depend on becoming overwhelmed, and sync servers responding to that by telling all clients to throttle all data types,' Steele said. That 'throttling' messed up things in the browser, causing it to crash."
Open Source

Linux 3.7 Released 151

Posted by timothy from the under-the-radar dept.
The wait is over; diegocg writes "Linux kernel 3.7 has been released. This release adds support for the new ARM 64-bit architecture, ARM multiplatform — the ability to boot into different ARM systems using a single kernel; support for cryptographically signed kernel modules; Btrfs support for disabling copy-on-write on a per-file basis using chattr; faster Btrfs fsync(); a new experimental 'perf trace' tool modeled after strace; support for the TCP Fast Open feature in the server side; experimental SMBv2 protocol support; stable NFS 4.1 and parallel NFS; a vxlan tunneling protocol that allows to transfer Layer 2 ethernet packets over UDP; and support for the Intel SMAP security feature. Many small features and new drivers and fixes are also available. Here's the full list of changes."
Security

GhostShell Hackers Release Data From Exploiting NASA, FBI, ESA 124

Posted by Unknown Lamer from the infernal-script-kiddies dept.
An anonymous reader writes "The Register is reporting that the hacking collective GhostShell has announced it has [dumped] around 1.6 million account details purloined from government, military, and industry. The [hacking] group said in a statement: 'we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more.'"
Android

Google App Verification Service Detects Only 15% of Infected Apps 99

Posted by samzenpus from the low-expectations dept.
ShipLives writes "Researchers have tested Google's app verification service (included in Android 4.2 last month), and found that it performed very poorly at identifying malware in apps. Specifically, the app verification service identified only ~15% of known malware in testing — whereas existing third-party security apps identified between 51% and 100% of known malware in testing."
Security

Researchers Find Crippling Flaws In Global GPS 179

Posted by samzenpus from the where-in-the-world dept.
mask.of.sanity writes "Researchers have developed attacks capable of crippling Global Positioning System infrastructure critical to the navigation of a host of military and civilian technologies including planes, ships and unamed drones. The novel remote attacks can be made against consumer and professional-grade receivers using $2500 worth of custom-built equipment. Researchers from Carnegie Mellon University and Coherent Navigation detailed the attacks in a paper. (pdf)"
Botnet

Tor Network Used To Command Skynet Botnet 105

Posted by samzenpus from the bad-stuff dept.
angry tapir writes "Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7. The botnet is called Skynet and can be used to launch DDoS (distributed denial-of-service) attacks, generate Bitcoins — a type of virtual currency — using the processing power of graphics cards installed in infected computers, download and execute arbitrary files or steal login credentials for websites, including online banking ones. However, what really makes this botnet stand out is that its command and control (C&C) servers are only accessible from within the Tor anonymity network using the Tor Hidden Service protocol."
Crime

Former Anonymous Spokesperson Indicted 114

Posted by Soulskill from the be-careful-what-links-you-copy dept.
A reader sends this quote from Ars: "On Friday, a federal grand jury in Dallas indicted Barrett Brown, a former self-proclaimed Anonymous spokesperson, for trafficking 'stolen authentication features,' as well as 'access device fraud' and 'aggravated identity theft.' Brown has been detained since he was arrested in September for allegedly threatening a federal agent. 10 counts of the 12-count indictment concern the aggravated identity theft charge (the indictment references 10 people from whom Brown is alleged to have stolen information), but the most interesting charge is probably the first; a single count saying Brown, 'did knowingly traffic in more than five authentication features knowing that such features were stolen and produced without lawful authority.' But rather than a physical back-alley hand-off, this alleged trafficking happened online when Barrett transferred a hyperlink, 'from the Internet Relay Chat (IRC) channel called "#Anonops" to an IRC channel under Brown's control, called "#ProjectPM."' That hyperlink happened to include over 5,000 credit card numbers, associating Ids, and Card Verification Values (CVVs) from the Stratfor Global Intelligence database."
Privacy

Maker of Hackable Hotel Locks Finally Agrees To Pay For Bug Fix 66

Posted by samzenpus from the cleaning-up-your-mess dept.
Sparrowvsrevolution writes "Slashdot readers are no doubt familiar by now with the case of Onity, the company whose locks are found on 4 million hotel room doors worldwide and, as came to light over the summer, can be opened in seconds with a $50 Arduino device. Since that hacking technique was unveiled by Mozilla developer Cody Brocious at Black Hat, Onity first downplayed its security flaws and then tried to force its hotel customers to pay the cost of the necessary circuit board replacements to fix the bug. But now, after at least one series of burglaries exploiting the bug hit a series of hotel rooms in Texas, Onity has finally agreed to shoulder the cost of replacing the hardware itself — at least for its locks in major chain hotels in the U.S. installed after 2005. Score one point for full disclosure."
Government

US Security Classifications Needs Re-Thinking, Says Board 76

Posted by timothy from the this-post-is-ultra-double-secret-probation-only dept.
coondoggie writes "The U.S. government's overly complicated way of classifying and declassifying information needs to be dumped and reinvented with the help of a huge technology injection if it is to keep from being buried under its own weight. That was one of the main conclusions of a government board tasked with making recommendations on exactly how the government should transform the current security classification system (PDF)."
Hardware

Ask Slashdot: Old Technology Coexisting With New? 338

Posted by timothy from the revisiting-the-unary-days dept.
New submitter thereitis writes "Looking over my home computing setup, I see equipment ranging from 20 years old to several months old. What sorts of old and new equipment have you seen coexisting, and in what type of environment?" I regularly use keyboards from the mid 1980s, sometimes with stacked adapters to go from ATX to PS/2, and PS/2 to USB, and I'm sure that's not too unusual.
Security

How the Eurograbber Attack Stole 36M Euros 57

Posted by samzenpus from the now-you-see-it-now-you-don't dept.
Orome1 writes "Check Point has revealed how a sophisticated malware attack was used to steal an estimated €36 million from over 30,000 customers of over 30 banks in Italy, Spain, Germany and Holland over summer this year. The theft used malware to target the PCs and mobile devices of banking customers (PDF). The attack also took advantage of SMS messages used by banks as part of customers' secure login and authentication process. The attack infected both corporate and private banking users, performing automatic transfers that varied from €500 to €250,000 each to accounts spread across Europe."
The Almighty Buck

If Tech Is So Important, Why Are IT Wages Flat? 660

Posted by Soulskill from the all-about-the-benjamins dept.
dcblogs writes "Despite the fact that technology plays an increasingly important role in the economy, IT wages remain persistently flat. This may be tech's inconvenient truth. In 2000, the average hourly wage was $37.27 in computer and math occupations for workers with at least a bachelor's degree. In 2011, it was $39.24, adjusted for inflation, according to a new report by the Economic Policy Institute. That translates to an average wage increase of less than a half percent a year. In real terms, IT wages overall have gone up by $1.97 an hour in just over 10 years, according to the EPI. Data from professional staffing firm Yoh shows wages in decline. In its latest measure for week 12 of 2012, the hourly wages were $31.45 and in 2010, for the same week, at $31.78. The worker who earned $31.78 in 2010 would need to make $33.71 today to stay even with inflation. Wages vary by skill and this data is broad. The unemployment rate for tech has been in the 3-4% range, but EPI says full employment has been historically around 2%."
Encryption

New 25-GPU Monster Devours Strong Passwords In Minutes 330

Posted by Soulskill from the om-nom-nom dept.
chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney's system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft's LM and NTLM, obsolete. In a test, the researcher's system was able to generate 348 billion NTLM password hash checks per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference. For some context: In June, Poul-Henning Kamp, creator of the md5crypt() function used by FreeBSD and other, Linux-based operating systems, was forced to acknowledge that the hashing function is no longer suitable for production use — a victim of GPU-powered systems that could perform 'close to 1 million checks per second on COTS (commercial off the shelf) GPU hardware,' he wrote. Gosney's cluster cranks out more than 77 million brute force attempts per second against MD5crypt."

Slashdot Top Deals