Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Transportation

Amazon UK Found Guilty Of Airmailing Dangerous Goods (theguardian.com) 56

Amazon UK has been found guilty and fined 65,000 euro for breaking aviation safety laws after repeatedly trying to send dangerous goods by airmail, reports The Guardian. From the article: A judge at Southwark crown court in London said on Friday that Amazon knew the rules, had been warned repeatedly, but had failed to take reasonable care. Although the risks from the goods sent for shipment by air were low, he blamed the breaches on "systemic failure" at the online retailer. As well as the fine, Amazon was ordered to pay 60,000 euro towards prosecution costs. Earlier in the week, the jury found Amazon guilty of breaching rules for shipping dangerous goods by airmail on four counts between November 2013 and May 2015. The prosecution was brought by the Civil Aviation Authority, after a complaint from Royal Mail. Some offences took place after Amazon knew it was under investigation. In each case, the items -- two packages containing laptop lithium batteries and two containing aerosols that used flammable gas propellant -- had been flagged up by Amazon's computer systems as possibly dangerous goods, and subject to restricted shipping rules.
Facebook

Facebook Inflated Video Viewing Stats For Two Years (cnet.com) 49

Facebook has admitted inflating the average time people spend watching videos for two years by failing to count people who watched for less than three seconds. CNET reports: The metric was artificially inflated because it only counted videos as viewed if they had been seen for three or more seconds, not taking into account shorter views, the company revealed several weeks ago in a post on its advertiser help center web page. Facebook has been putting a greater emphasis on video in recent years, particularly live video. In March, Facebook began giving anyone with a phone and internet connection an easy way to broadcast live video to the 1.7 billion people who use its service every day.
Security

Akamai Kicked Journalist Brian Krebs' Site Off Its Servers After He Was Hit By a Record Cyberattack (businessinsider.com) 207

An anonymous reader writes:Cloud hosting giant Akamai Technologies has dumped journalist Brian Krebs from its servers after his website came under a "record" cyberattack. "It's looking likely that KrebsOnSecurity will be offline for a while," Krebs tweeted Thursday. "Akamai's kicking me off their network tonight." Since Tuesday, Krebs' site has been under sustained distributed denial-of-service (DDoS), a crude method of flooding a website with traffic in order to deny legitimate users from being able to access it. The assault has flooded Krebs' site with more than 620 Gbps per second of traffic -- nearly double what Akamai has seen in the past.
IOS

19-Year-Old Jailbreaks iPhone 7 In 24 Hours (vice.com) 97

An anonymous reader writes: 19-year-old hacker qwertyoruiop, aka Luca Todesco, jailbroke the new iPhone 7 just 24 hours after he got it, in what's the first known iPhone 7 jailbreak. Todesco tweeted a screenshot of a terminal where he has "root," alongside the message: "This is a jailbroken iPhone 7." He even has video proof of the jailbreak. Motherboard reports: "He also said that he could definitely submit the vulnerabilities he found to Apple, since they fall under the newly launched bug bounty, but he hasn't decided whether to do that yet. The hacker told me that he needs to polish the exploits a bit more to make the jailbreak 'smoother,' and that he is also planning to make this jailbreak work through the Safari browser just like the famous 'jailbreakme.com,' which allowed anyone to jailbreak their iPhone 4 just by clicking on a link." Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."
Government

Hacker Leaks Michelle Obama's Passport (nypost.com) 122

The hacker who leaked Colin Powell's private email account last week has struck again. This time they have hacked a low-level White House staffer and released a picture of Michelle Obama's passport, along with detailed schedules for top U.S. officials and private email messages. New York Post reports: The information has been posted online by the group DC Leaks. The White House staffer -- who also apparently does advance work for Hillary Clinton's presidential campaign -- is named Ian Mellul. The released documents include a PowerPoint outline of Vice President Joe Biden's recent Cleveland trip, showing his planned route, where he'll meet with individuals and other sensitive information, according to the Daily Mail. In an email to The Post, the hacker writes, "The leaked files show the security level of our government. If terrorists hack emails of White House Office staff and get such sensitive information we will see the fall of our country." The hacker adds, "We hope you will tell the people about this criminal negligence of White House Office staffers."
Security

Yahoo Confirms Massive Data Breach, 500 Million Users Impacted [Updated] (recode.net) 169

Update: 09/22 18:47 GMT by M :Yahoo has confirmed the data breach, adding that about 500 million users are impacted. Yahoo said "a copy of certain user account information was stolen from the company's network in late 2014 by what it believes is a state-sponsored actor." As Business Insider reports, this could be the largest data breach of all time. In a blog post, the company said:Yahoo is notifying potentially affected users and has taken steps to secure their accounts. These steps include invalidating unencrypted security questions and answers so that they cannot be used to access an account and asking potentially affected users to change their passwords. Yahoo is also recommending that users who haven't changed their passwords since 2014 do so. The Intercept reporter Sam Biddle commented, "It took Yahoo two years to announce that info on half a billion user accounts was stolen." Amid its talks with Verizon for a possible acquisition -- which did happen -- Yahoo knew about the attack, but didn't inform Verizon about it, Business Insider reports. Original story, from earlier today, follows.

Last month, it was reported that a hacker was selling account details of at least 200 million Yahoo users. The company's service had apparently been hacked, putting several hundred million users accounts at risk. Since then Yahoo has remained tight-lipped on the matter, but that could change very soon. Kara Swisher of Recode is reporting that Yahoo is poised to confirm that massive data breach of its service. From the report: While sources were unspecific about the extent of the incursion, since there is the likelihood of government investigations and legal action related to the breach, they noted that it is widespread and serious. Earlier this summer, Yahoo said it was investigating a data breach in which hackers claimed to have access to 200 million user accounts and was selling them online. "It's as bad as that," said one source. "Worse, really." The announcement, which is expected to come this week, also possible larger implications on the $4.8 billion sale of Yahoo's core business -- which is at the core of this hack -- to Verizon. The scale of the liability could be large and bring untold headaches to the new owners. Shareholders are likely to worry that it could lead to an adjustment in the price of the transaction.
Piracy

Hackers Seed Torrent Trackers With Malware Disguised as Popular Downloads (grahamcluley.com) 64

An anonymous reader writes: Cybercriminals are spreading malware via torrent distribution networks, using an automated tool to disguise the downloads as trending audio, video and other digital content in an attempt to infect more unsuspecting victims. Researchers at InfoArmor say they have uncovered a malicious torrent distribution network that relies on a tool called RAUM to infect computers with malware. The network begins with a torrent parser, which collects information about some of the most popular torrent files circulating around the web. Computer criminals then apply their RAUM tool to create a series of malicious files. Some are fake copies of those popular torrent files that in reality hide notorious malware such as CryptXXX, Cerber, or Dridex. Others are weaponized torrent files, while others still are parsed torrent files that rely on a high download rating, a reputation which the attackers artificially inflate by abusing compromised users' accounts to set up new seeds.
Democrats

Oversight Orders Reddit To Preserve Deleted Posts In Clinton Investigation (thehill.com) 382

HockeyPuck writes: The House Oversight Committee has ordered Reddit to preserve deleted posts believed to be written by Paul Combetta, an IT technician the committee suspects may have deleted Hillary Clinton emails that were under subpoena. This follows up on an earlier report on reddit users' findings. Reddit users found that Combetta, through the username "StoneTear," requested help in relation to retaining and purging email messages after 60 days, and requested advice on how to remove a "VERY VIP" individual's email address from archived content. The Hill says in its report: "It's unclear what, exactly, the committee will be able to learn from the information Reddit preserves. According to the company's public policy for handling official requests, it maintains basic subscriber information, like IP logs, which identify the computer used to access a site. According to the policy, Reddit can maintain deleted records -- like a user's account -- for 90 days if it receives an official preservation order. Otherwise, the information will be subject to Reddit's 'normal retention or destruction schedules.'"
Security

Tesla Fixes Security Bugs After Claims of Model S Hack (reuters.com) 76

An anonymous reader quotes a report from Reuters: Tesla Motors Inc has rolled out a security patch for its electric cars after Chinese security researchers uncovered vulnerabilities they said allowed them to remotely attack a Tesla Model S sedan. The automaker said that it had patched the bugs in a statement to Reuters on Tuesday, a day after cybersecurity researchers with China'a Tencent Holdings Ltd disclosed their findings on their blog. Tesla said it was able to remedy the bugs uncovered by Tencent using an over-the-air fix to its vehicles, which saved customers the trouble of visiting dealers to obtain the update. Tencent's Keen Security Lab said on its blog that its researchers were able to remotely control some systems on the Tesla S in both driving and parking modes by exploiting the security bugs that were fixed by the automaker. The blog said that Tencent believed its researchers were the first to gain remote control of a Tesla vehicle by hacking into an onboard computer system known as a CAN bus. In a demonstration video, Tencent researchers remotely engaged the brake on a moving Tesla Model S, turned on its windshield wipers and opened the trunk. Tesla said it pushed out an over-the-air update to automatically update software on its vehicles within 10 days of learning about the bugs. It said the attack could only be triggered when a Tesla web browser was in use and the vehicle was close enough to a malicious Wi-Fi hotspot to connect to it. Slashdot reader weedjams adds some commentary: Does no one else think cars + computers + network connectivity = bad?
Security

College Student Got 15 Million Miles By Hacking United Airlines (fortune.com) 79

An anonymous reader quotes a report from Fortune: University of Georgia Tech student Ryan Pickren used to get in trouble for hacking websites -- in 2015, he hacked his college's master calendar and almost spent 15 years in prison. But now he's being rewarded for his skills. Pickren participated in United Airlines' Bug Bounty Program and earned 15 million United miles. At two cents a mile, that's about $300,000 worth. United's white hat hacking program invites computer experts to legally hack their systems, paying up to one million United miles to hackers who can reveal security flaws. At that rate, we can presume Pickren reported as many as 15 severe bugs. The only drawback to all those free miles? Taxes. Having earned $300,000 of taxable income from the Bug Bounty Program, Pickren could owe the Internal Revenue Service tens of thousands of dollars. He's not keeping all of the, though: Pickren donated five million miles to Georgia Tech. The ultimate thank-you for not pressing charges last year. In May, certified ethical hackers at Offensi.com identified a bug allowing remote code execution on one of United Airlines' sites and were rewarded with 1,000,000 Mileage Plus air miles. Instead of accepting the award themselves, they decided to distribute their air miles among three charities.
Security

Anonymous Hacker Explains His Attack On Boston Children's Hospital (huffingtonpost.com) 294

Okian Warrior writes: Martin Gottesfeld of Anonymous was arrested in connection with the Spring 2014 attacks on a number of healthcare and treatment facilities in the Boston area. The attacks were in response/defense of a patient there named Justina Pelletier. Gottesfeld now explains why he did what he did, in a statement provided to The Huffington Post. Here's an excerpt from his statement: [Why I Knocked Boston Children's Hospital Off The Internet] The answer is simpler than you might think: The defense of an innocent, learning disabled, 15-year-old girl. In the criminal complaint, she's called 'Patient A,' but to me, she has a name, Justina Pelletier. Boston Children's Hospital disagreed with her diagnosis. They said her symptoms were psychological. They made misleading statement on an affidavit, went to court, and had Justina's parents stripped of custody. They stopped her painkillers, leaving her in agony. They stopped her heart medication, leaving her tachycardic. They said she was a danger to herself, and locked her in a psych ward. They said her family was part of the problem, so they limited, monitored, and censored her contact with them..."
Security

Cisco Scrambles To Patch Second Shadow Brokers Bug In Firewalls (onthewire.io) 30

Trailrunner7 writes: Cisco is scrambling to patch another vulnerability in many of its products that was exposed as part of the Shadow Brokers dump last month. The latest vulnerability affects many different products, including all of the Cisco PIX firewalls. The latest weakness lies in the code that Cisco's IOS operating system uses to process IKEv1 packets. IKE is used in the IPSec protocol to help set up security associations, and Cisco uses it in a number of its products. The company said in an advisory that many versions of its IOS operating system are affected, including IOS XE and XR. Cisco does not have patches available for this vulnerability yet, and said there are no workarounds available to protect against attacks either. Many of the products affected by this flaw are older releases and are no longer supported, specifically the PIX firewalls, which haven't been supported since 2009.
United States

Oregon Settles $6 Billion Lawsuit Over Oracle's Botched Healthcare Website (registerguard.com) 113

"While the crippled website eventually worked, Oregon failed to enroll a single person online [and] had to resort to hiring 400 people to process paper applications." An anonymous Slashdot reader quotes the AP: The state paid Oracle $240 million to create its Cover Oregon website but ultimately abandoned the site and joined the federal exchange to comply with the Affordable Care Act... The state initially asked for more than $6 billion in punitive damages when it filed the lawsuit in 2014 against the Redwood City company, but Oregon ultimately accepted a package that included $35 million in cash payments and software licensing agreements and technical support with an estimated upfront worth of $60 million...

Six years of unlimited Oracle software and technical support included in the deal will save the state hundreds of millions of dollars in years to come and ends a bitter legal battle that has damaged Oregon's "collective psyche," Attorney General Ellen Rosenblum said in a statement. "The beauty of the deal is that if we choose to take full advantage of the free (software), we are uniquely situated to modernize our statewide IT systems over the next six years -- something we could not otherwise afford to do," she said.

"Oracle has insisted the website worked but former Gov. John Kitzhaber chose not to use it for political reasons."
China

China's Atomic Clock in Space Will Stay Accurate For a Billion Years (rt.com) 111

The space laboratory that China launched earlier this week has an atomic clock in it which is more accurate than the best timepiece operated by America's National Institute of Standards and Technology, according to Chinese engineers. The atomic called, dubbed CACS or Cold Atomic Clock in Space, will slow down by only one second in a billion years. In comparison, the NIST's F2 atomic clock, which serves as the United States' primary time and frequency standard, loses a second every 300 million years. From an RT report:"It is the world's first cold atomic clock to operate in space... it will have military and civilian applications," said Professor Xu Zhen from the Shanghai Institute of Optics and Fine Mechanics, who was involved in the CACS project. An atomic clock uses vibrations of atoms to measure time, which are very consistent as long as the atoms are held at constant temperature. In fact, since 1967 the definition of second has been "9,192,631,770 vibrations of a cesium-133 atom." In a cold atomic clock, the atoms are cooled down with a laser to decrease the effect of atom movement on the measurements. CACS goes even further and eliminates the pull of Earth's gravity by being based in orbit.
Open Source

The World's Most Secure Home Computer Reaches Crowdfunding Goal (pcworld.com) 126

"If the PC is tampered with, it will trigger an alert and erase the PC's encryption key, making the data totally inaccessible." Last month Design SHIFT began crowdfunding an elaborate "open source, physically secure personal computer" named ORWL (after George Orwell). "Having exceeded its $25,000 funding goal on Crowd Supply, the super-secure PC is in production," reports PC World, in an article shared by Slashdot reader ogcricket about the device which tries to anticipate every possible attack: The encryption key to the drive is stored on a security microcontroller instead of the drive... The ORWL's makers say the wire mesh itself is constantly monitored... Any attempts to trick, bypass, or short the wire mesh will cause the encryption key to be deleted. The unit's security processor also monitors movement, and a user can select a setting that will wipe or lock down the PC's data if it is moved to another location... The RAM is soldered to the motherboard and can't be easily removed to be read elsewhere...

Your ORWL unlocks by using a secure NFC and Bluetooth LE keyfob. Pressing it against the top of the ORWL and entering a password authenticates the user. Once the user has been authenticated, Bluetooth LE is then ensures that the user is always nearby. Walk away, and the ORWL will lock.

Encryption

How The FBI Might've Opened the San Bernardino Shooter's iPhone 5c (schneier.com) 66

"Remember the San Bernardino killer's iPhone, and how the FBI maintained that they couldn't get the encryption key without Apple providing them with a universal backdoor?" Slashdot reader LichtSpektren quotes Bruce Schneier: Many of us computer-security experts said that they were wrong, and there were several possible techniques they could use. One of them was manually removing the flash chip from the phone, extracting the memory, and then running a brute-force attack without worrying about the phone deleting the key. The FBI said it was impossible. We all said they were wrong. Now, Sergei Skorobogatov has proved them wrong.
Sergei's new paper describes "a real world mirroring attack on the Apple iPhone 5c passcode retry counter under iOS 9." The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors. By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts... Although the process can be improved, it is still a successful proof-of-concept project.
Security

Alleged Hacker Lauri Love To Be Extradited To US (bbc.com) 71

An anonymous reader quotes a report from BBC: An autistic man suspected of hacking into U.S. government computer systems is to be extradited from Britain to face trial, a court has ruled. Lauri Love, 31, who has Asperger's syndrome, is accused of hacking into the FBI, the U.S. central bank and the country's missile defense agency. Mr Love, from Stradishall, Suffolk, has previously said he feared he would die in a U.S. prison if he was extradited. Earlier, his lawyer said his alleged hacking had "embarrassed" U.S. authorities. Tor Ekeland said the U.S. government "had very, very bad security and these hacks utilized exploits that were publicly-known for months." Mr Love's lawyers said he could face up to 99 years in prison if convicted of the hacking offenses. Mr Love's defense team argues his depression and Asperger's syndrome mean he should not be sent abroad, but U.S. prosecutors say he is using his mental health issues as an excuse to escape justice.
Government

NYPD Says Talking About Its IMSI Catchers Would Make Them Vulnerable To Hacking (vice.com) 53

An anonymous reader quotes a report from Motherboard: Typically, cops don't like talking about IMSI catchers, the powerful surveillance technology used to monitor mobile phones en masse. In a recent case, the New York Police Department (NYPD) introduced a novel argument for keeping mum on the subject: Asked about the tools it uses, it argued that revealing the different models of IMSI catchers the force owned would make the devices more vulnerable to hacking. The New York Civil Liberties Union (NYCLU), an affiliate of the ACLU, has been trying to get access to information about the NYPD's IMSI catchers under the Freedom of Information Law. These devices are also commonly referred to as "stingrays," after a particularly popular model from Harris Corporation. Indeed, the NYCLU wants to know which models of IMSI catchers made by Harris the police department has. "Public disclosure of this information, and the amount of taxpayer funds spent to buy the devices, directly advances the Freedom of Information Law's purpose of informing a robust public debate about government actions," the NYCLU writes in a court filing. The group has requested documents that show how much money has been spent on the technology. After the NYPD withheld the records, the FOI request was escalated to a lawsuit, which is where the NYPD's strange argument comes in (among others). "Public disclosure of the specifications of the CSS [cell site simulator] technologies in NYPD's possession from the Withheld Records would make the software vulnerable to hacking and would jeopardize NYPD's ability to keep the technologies secure," an affidavit from NYPD Inspector Gregory Antonsen, dated August 17, reads. Antonsen then imagines a scenario where a "highly sophisticated hacker" could use their knowledge of the NYPD's Stingrays to lure officers into a trap and ambush them.
Mozilla

Mozilla Checks If Firefox Is Affected By Same Malware Vulnerability As Tor (arstechnica.com) 45

Mozilla is investigating whether the fully patched version of Firefox is affected by the same cross-platform, malicious code-execution vulnerability patched on Friday in the Tor browser. Dan Goodin, reporting for ArsTechnica: The vulnerability allows an attacker who has a man-in-the-middle position and is able to obtain a forged certificate to impersonate Mozilla servers, Tor officials warned in an advisory. From there, the attacker could deliver a malicious update for NoScript or any other Firefox extension installed on a targeted computer. The fraudulent certificate would have to be issued by any one of several hundred Firefox-trusted certificate authorities (CA). While it probably would be challenging to hack a CA or trick one into issuing the necessary certificate for addons.mozilla.org, such a capability is well within reach of nation-sponsored attackers, who are precisely the sort of adversaries included in the Tor threat model. In 2011, for instance, hackers tied to Iran compromised Dutch CA DigiNotar and minted counterfeit certificates for more than 200 addresses, including Gmail and the Mozilla addons subdomain.
Government

AP, Vice, USA Today Sue FBI For Info On Phone Hack of San Bernardino Shooter (usatoday.com) 49

Three news organizations filed a lawsuit Friday seeking information about how the FBI was able to break into the locked iPhone of one of the gunmen in the December terrorist attack in San Bernardino. From a USA Today report: The Justice Department spent more than a month this year in a legal battle with Apple over it could force the tech giant to help agents bypass a security feature on Syed Rizwan Farook's iPhone. The dispute roiled the tech industry and prompted a fierce debate about the extent of the government's power to pry into digital communications. It ended when the FBI said an "outside party" had cracked the phone without Apple's help. The news organizations' lawsuit seeks information about the source of the security exploit agents used to unlock the phone, and how much the government paid for it. It was filed in federal court in Washington by USA TODAY's parent company, Gannett, the Associated Press and Vice Media. The FBI refused to provide that information to the organizations under the Freedom of Information Act. The lawsuit charges that "there is no lawful basis" for the FBI to keep the records secret.

Slashdot Top Deals