×
Security

TrueCrypt To Go Through a Crowdfunded, Public Security Audit 104

Posted by timothy from the line-by-line dept.
An anonymous reader writes "After all the revelations about NSA's spying efforts, and especially after the disclosure of details about its Bullrun program aimed at subverting encryption standards and efforts around the world, the question has been raised of whether any encryption software can be trusted. Security experts have repeatedly said that it you want to trust this type of software, your best bet is to choose software that is open source. But, in order to be entirely sure, a security audit of the code by independent experts sounds like a definitive answer to that issue. And that it exactly what Matthew Green, cryptographer and research professor at Johns Hopkins University, and Kenneth White, co-founder of hosted healthcare services provider BAO Systems, have set out to do. The software that will be audited is the famous file and disk encryption software package TrueCrypt. Green and White have started fundraising at FundFill and IndieGoGo, and have so far raised over $50,000 in total." (Mentioned earlier on Slashdot; the now-funded endeavor is also covered at Slash DataCenter.)
Virtualization

Ask Slashdot: Tools For Managing Multiple Serial Console Servers? 104

Posted by timothy from the many-roads-to-rome dept.
An anonymous reader writes "I've recently been charged with updating our existing serial console access tools. We have 12 racks of servers each with a console server in it (OpenGear, ACS, and a few others). Several of these systems host virtual machines which are also configured to have 'serial' management (KVM, virt serial). In total it comes to about 600 'systems.' All the systems also have remote power management (various vendors). Right now our team has a set of home grown scripts and a cobbled together database for keeping this all together. Today any admin can simply ssh into the master, run 'manage hostname console' and automatically get a serial console or run 'manage hostname power off' to cut the power to a system. I'd rather use some tools with more of a community than just the 4 of us. What tool(s) should I move my group onto for remote serial/power management?"
Bitcoin

Security Breach Forces Bitcoin Bank Inputs.io To Halt Operations 285

Posted by timothy from the bank-holiday dept.
New submitter BitVulture writes "The hardcore Bitcoin community is abuzz with news of the closure of Inputs.io, a supposedly secure online Bitcoin wallet, after an attack resulted in the loss of 4100 Bitcoins. A PGP-signed message at the home page of the now mostly non-operational site briefly explains the situation: 'Two hacks totalling about 4100 BTC have left Inputs.io unable to pay all user balances. The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset). The attacker was able to bypass 2FA due to a flaw on the server host side.' There's no word yet whether Inputs.io will eventually resume operations or whether the security breach will force the Bitcoin bank out of business."
Bug

Microsoft and Facebook Launch Internet Bug Bounty Program 57

Posted by samzenpus from the track-them-down dept.
An anonymous reader writes "Microsoft and Facebook today jointly launched a new initiative called the Internet Bug Bounty program. In short, the two companies are looking to secure the Internet stack by rewarding anyone and everyone who hacks it, and responsibly discloses vulnerabilities they find. The minimum bounty for hacking any component of the Internet is $5,000."
Security

Edward Snowden Leaks Could Help Paedophiles Escape Police, Says UK Government 510

Posted by samzenpus from the root-of-all-evil dept.
An anonymous reader writes "Paedophiles may escape detection because highly-classified material about Britain's surveillance capabilities have been published by the Guardian newspaper, the UK government has claimed. A senior Whitehall official said data stolen by Edward Snowden, a former contractor to the US National Security Agency, could be exploited by child abusers and other cyber criminals. It could also put lives at risk by disclosing secrets to terrorists, insurgents and hostile foreign governments, he said."

Slashdot Top Deals