×
Communications

Pakistan To Cut Phone Services To Prevent Muharram Attacks 119

Posted by timothy from the this-interruption-brought-to-you-by dept.
A reader writes with this news from the Indian Express: "Pakistan's interior minister Friday said the government will suspend cell phone services in most parts of the country over the next two days to prevent attacks against Shia Muslims during a key religious commemoration. Militants often detonate bombs using cell phones and this is the first time the government has implemented such a wide-scale suspension. Saturday and Sunday are the most important days of Muharram, the first month of the Islamic calendar, especially important to Shias. Pakistani Shias Sunday observe Ashoura, commemorating the 7th century death of Imam Hussein, the Prophet Muhammad's grandson. Different parts of the Muslim world mark Ashoura on different days —neighbouring Afghanistan, for example, observes it on Saturday. 'The suspension of cell phone services will begin at 6 am Saturday and run through the next day,' Interior Minister Rehman Malik told reporters in Pakistan's capital, Islamabad. He said 90 per cent of the bombs set off by militants in Pakistan have been detonated using cell phones. Some criticized the government for suspending services, saying it was a huge inconvenience."
Security

U.S. Denies Using Flame Malware To Spy On French President 52

Posted by Unknown Lamer from the mailbomb-csim-morse-baguette dept.
CowboyRobot writes with the (not unexpected) official U.S. denial of using the Flame malware to spy on France. From the article: "That allegation was leveled at the U.S. government by unnamed French officials, according to a Tuesday report in the weekly French newspaper L'Express. It reported that computers belonging to top advisers to then French president Nicolas Sarkozy had been hacked using the Flame cyberespionage malware, which was designed to be used in highly targeted attacks... Napolitano was also asked if it wasn't ironic that while the United States has been sounding alarms over the growing amount of malware that's targeting U.S. government system, it also commissioning the Stuxnet and Flame cyber-espionage malware used against Iran. Napolitano, however, pled official ignorance. 'These programs were never attributed in any way to the U.S. government.'"
Security

HTTP Strict Transport Security Becomes Internet Standard 98

Posted by samzenpus from the way-it-is dept.
angry tapir writes "A Web security policy mechanism that promises to make HTTPS-enabled websites more resilient to various types of attacks has been approved and released as an Internet standard — but despite support from some high-profile websites, adoption elsewhere is still low. HTTP Strict Transport Security (HSTS) allows websites to declare themselves accessible only over HTTPS (HTTP Secure) and was designed to prevent hackers from forcing user connections over HTTP or abusing mistakes in HTTPS implementations to compromise content integrity."
Facebook

Facebook To Eliminate Voting On Privacy Changes 52

Posted by timothy from the three-sheep-and-a-wolf dept.
Orome1 writes "Facebook has announced some proposed updates to their Data Use Policy (how user data is collected and used) and their Statement of Rights and Responsibilities (explains the terms governing use of their services). These updates include new tools for managing Facebook Messages, changes to how they refer to certain products, tips on managing one's timelines, and reminders about what's visible to other people on Facebook. Elliot Schrage, Facebook's vice president of communications, public policy, and marketing, said: 'We found that the voting mechanism, which is triggered by a specific number of comments, actually resulted in a system that incentivized the quantity of comments over their quality,' he explained. 'Therefore, we're proposing to end the voting component of the process in favor of a system that leads to more meaningful feedback and engagement.'"
Chrome

Researcher Claims To Have Chrome Zero-Day, Google Says "Prove It" 106

Posted by samzenpus from the secret-security dept.
chicksdaddy writes "Google's been known to pay $60,000 for information on remotely exploitable vulnerabilities in its Chrome web browser. So, when a researcher says that he has one, but isn't interested in selling it, eyebrows get raised. And that's just what's happening this week, with Google saying it will wait and see what Georgian researcher Ucha Gobejishvili has up his sleeve in a presentation on Saturday at the Malcon conference in New Delhi. Gobejishvili has claimed that he will demonstrate a remotely exploitable hole in the Chrome web browser at Malcon. He described the security hole in Chrome as a 'critical vulnerability' in a Chrome DLL. 'It has silent and automatically (sp) download function and it works on all Windows systems,' he told Security Ledger. However, more than a few questions hang over Gobejishvili's talk. The researcher said he discovered the hole in July, but hasn't bothered to contact Google. He will demonstrate the exploit at MalCon, and have a 'general discussion' about it, but won't release source code for it. 'I know this is a very dangerous issue that's why I am not publishing more details about this vulnerability,' he wrote. Google said that, with no information on the hole, it can only wait to hear the researcher's Malcon presentation before it can assess the threat to Chrome users."
Security

Ask Slashdot: Should Hosting Companies Have Change Freezes? 138

Posted by Soulskill from the what-about-change-burns dept.
AngryDad writes "Today I received a baffling email from my hosting provider that said, 'We have a company-wide patching freeze and we will not be releasing patches to our customers who utilize the patching portal for the months of November and December.' This means that myself and all other customers of theirs who run Windows servers will have to live with several critical holes for at least two months. Is this common practice with mid-tier hosting providers? If so, may I ask Eastern-EU folks to please refrain from hacking my servers during the holiday season?"
Crime

High-Voltage Fences For Zapping Would-Be Copper Thieves 363

Posted by Soulskill from the Cu-on-the-other-side dept.
coondoggie writes "It may be a gimmick or the ultimate answer, but a California city this week okay-ed a draft ordinance that would let businesses install 7,000-volt electric fences to protect sites from rampant copper thieves. As reported by the Sacramento CBS station, the reaction from one business owner to the ordinance says it all: 'It'll be a little fun to watch one of these guys get electrocuted holding my fence trying to rob me.'"
Microsoft

The Linux Foundation's UEFI Secure Boot Pre-Bootloader Delayed 179

Posted by Soulskill from the threatening-to-become-post-bootloader dept.
hypnosec writes "The Linux Foundation's plans for releasing a signed pre-bootloader that will enable users to install Linux alongside Windows 8 systems with UEFI have been reportedly delayed. The Foundation proposed a signed pre-bootloader that will chain-load a bootloader which, in turn, will boot the desired operating system, thus keeping Linux installations for novice users as simple as it was before. Further, this particular component is meant for small-time Linux distros which otherwise wouldn't have the required expertise or resources to develop their own system to tackle the secure boot issue. This was going as per plans up until Linux kernel maintainer James Bottomley disclosed that he has been having rather bizarre experiences with Microsoft sysdev centre. Bottomley said, 'The first time I sent the loader through, it got stuck (it still is, actually). So I sent another one through after a week or so. That actually produced a download, which I've verified is signed (by the MS UEFI key) and works, but now the Microsoft sysdev people claim it was "improperly" signed and we have to wait for them to sort it out. I've pulled the binary apart, and I think the problem is that it's not signed with a LF [Linux Foundation] specific key, it's signed by a generic one rooted in the UEFI key. I'm not sure how long it will take MS to get their act together but I'm hoping its only a few days." Update: 11/21 14:22 GMT by U L : See the Original weblog post, and one interesting tidbit: Microsoft banned bootloaders licensed under the GPLv3 and "similar open source licenses."
Security

Hosting Provider Automatically Fixes Vulnerabilities In Customers' Websites 73

Posted by Soulskill from the what-could-possibly-go-wrong dept.
An anonymous reader writes "Dutch hosting provider Antagonist announced their in-house developed technology that automatically detects and fixes vulnerabilities in their customers' websites. The service is aimed at popular software such as WordPress, Drupal and Joomla. 'As soon as a vulnerability is detected, we inform the customer. We also explain how the customer can resolve the issue. In case the customer does not respond to our first notice within the next two weeks, we automatically patch the vulnerability.' Antagonist plans to license the technology to other hosting providers as well."
Encryption

Quantum Cryptography Conquers Noise Problem 79

Posted by Soulskill from the to-the-victor-go-the-quantum-spoils dept.
ananyo writes "Quantum-encryption systems that encode signals into a series of single photons have so far been unable to piggyback on existing telecommunications lines because they don't stand out from the millions of others in an optical fiber. But now, physicists using a technique for detecting dim light signals have transmitted a quantum key along 90 kilometers of noisy optical fiber. The feat could see quantum cryptography finally enter the mainstream. The researchers developed a detector that picks out photons only if they strike it at a precise instant, calculated on the basis of when the encoded photons were sent. The team's 'self-differentiating' detector activates for 100 picoseconds, every nanosecond. The weak charge triggered by a photon strike in this short interval would not normally stand out, but the detector measures the difference between the signal recorded during one operational cycle and the signal from the preceding cycle — when no matching photon was likely to be detected. This cancels out the background hum. Using this device, the team has transmitted a quantum key along a 90-kilometer fiber, which also carried noisy data at 1 billion bits per second in both directions — a rate typical of a telecommunications fiber."
Security

Israeli Infrastructure Proves Too Strong For Anonymous 569

Posted by Soulskill from the adobe-flash-up-to-date-on-all-government-sites dept.
Mephistophocles writes "Ever since the beginning of Operation Pillar of Defense, hackers have been working overtime to strike a blow against the Israeli government's computer systems, Finance Minister Yuval Steinitz said Sunday. No fewer than 44 million attacks have been recorded since the operation began five days ago — with nearly all of them failing, thanks to the recent strengthening of computer defense systems in Israel. Speaking at a special press conference at the Government Computing Center in Jerusalem about the cyber war against Israel that has accompanied Hamas's rocket attacks, Steinitz said that hackers 'are trying to disable the symbols of Israeli sovereignty, to enter web sites and install anti-Israel content, thus compromising information and data and damaging the government's ability to serve the public.' Most of the attacks, he said, were against government sites, like the Prime Minister's Office site, and security-related sites, such as that of the Home Front Command, the body charged with informing Israelis on how to protect themselves in the event of an attack. Out of those 44 million-plus attacks on government and defense related sites, said Steinitz, only one succeeded – partially. One site, which he did not name, was 'wobbly for a few minutes,' but quickly recovered. Even though the government has been successful in warding off hack attacks, Steinitz said that government sites were fully backed up and mirrored, meaning that they could be replaced by a duplicate site instantly if the original site were compromised."
Government

Jail Looms For Man Who Revealed AT&T Leaked iPad User E-Mails 124

Posted by Soulskill from the doing-it-wrong dept.
concealment sends this quote from MIT's Technology Review: "AT&T screwed up in 2010, serving up the e-mail addresses of over 110,000 of its iPad 3G customers online for anyone to find. But Andrew Auernheimer, an online activist who pointed out AT&T's blunder to Gawker Media, which went on to publicize the breach of private information, is the one in federal court this week. Groups like the Electronic Frontier Foundation worry that should that charge succeed it will become easy to criminalize many online activities, including work by well-intentioned activists looking for leaks of private information or other online security holes. [Auernheimer's] case hasn't received much attention so far, but should he be found guilty this week it will likely become well known, fast."
Security

New Linux Rootkit Emerges 172

Posted by timothy from the horses-getting-nervous dept.
Trailrunner7 writes "A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for 64-bit Linux systems, and while it has some interesting features, it does not appear to be the work of a high-level programmer or be meant for use in targeted attacks. The Linux rootkit does not appear to be a modified version of any known piece of malware and it first came to light last week when someone posted a quick description and analysis of it on the Full Disclosure mailing list. That poster said his site had been targeted by the malware and some of his customers had been redirected to malicious sites."
Facebook

Facebook Switching To HTTPS By Default 92

Posted by Unknown Lamer from the single-party-spying dept.
Trailrunner7 writes "Facebook this week will begin turning on secure browsing by default for its millions of users in North America. The change will make HTTPS the default connection option for all Facebook sessions for those users, a shift that gives them a good baseline level of security and will help prevent some common attacks. Facebook users have had the option of turning on HTTPS since early 2011 when the company reacted to attention surrounding the Firesheep attacks. However, the technology was not enabled by default and users have had to opt-in and manually make the change in order to get the better protection of HTTPS."
Businesses

Unresolved Issues Swirl Around Securing Mobile Payments 44

Posted by samzenpus from the at-your-own-risk dept.
CowboyRobot writes "While many mobile payments startups are using both traditional and nontraditional authentication methods, regulatory uncertainty still exists around liability for fraud attacks on customers using mobile payments. Although there haven't been any public attacks from fraudsters on alternative mobile payments providers such as Square, LevelUp or Dwolla, anecdotal stories are already circulating among security experts and regulators of such attacks. One thing that still has to be worked out in this area is regulatory oversight. 'The regulators are not yet clear who owns the regulatory oversight for these environments. These technologies tend to fall through the cracks even in terms of card-present or card-not-present.'"
Security

Two FreeBSD Project Servers Hacked 46

Posted by samzenpus from the protect-ya-neck dept.
hypnosec writes "The FreeBSD project has suffered a security breach. Hackers have successfully compromised servers that were part of the infrastructure used to build third-party software packages. The Security team over at the FreeBSD project is of the opinion that hackers were able to gain access to the servers using legitimate SSH keys and not by exploiting any operating system vulnerabilities. Instances of intrusion were first detected on November 11. FreeBSD project, through a message on public announcements mailing list said that the security breach hasn't affected the project's core components like kernel or system libraries but, has affected third-party software packages being distributed by the project."
Crime

John McAfee Launches Blog, Offers $25K Reward For "Real Killers" 377

Posted by samzenpus from the on-the-run dept.
An anonymous reader writes "The IT security pioneer John McAfee has launched a blog to document his life on the lam, as Belize police chase him down for suspicion of killing a neighbor. McAfee is using the blog to state his case, raise suspicions about Belize authorities and to offer a $25K reward to find the real killer or killers. From the article: 'McAfee writes that he is on run with a 20-year-old female named Sam, photos of whom are in the blog, along with a post from her. McAfee says a handful of friends and associates have been rounded up by police over the past week or so. His posts are filled with dramatic descriptions of his actions (including returning to his home in disguise to find police digging up his dead dogs and cutting off their heads) and lay bare his suspicions about Belize authorities. '"
Censorship

You Can't Say That On the Internet 432

Posted by samzenpus from the watch-what-you-say dept.
hessian writes in with a story about the arbitrary and often outdated online decency standards being imposed by companies."A bastion of openness and counterculture, Silicon Valley imagines itself as the un-Chick-fil-A. But its hyper-tolerant facade often masks deeply conservative, outdated norms that digital culture discreetly imposes on billions of technology users worldwide. What is the vehicle for this new prudishness? Dour, one-dimensional algorithms, the mathematical constructs that automatically determine the limits of what is culturally acceptable. Consider just a few recent kerfuffles. In early September, The New Yorker found its Facebook page blocked for violating the site’s nudity and sex standards. Its offense: a cartoon of Adam and Eve in the Garden of Eden. Eve’s bared nipples failed Facebook’s decency test."
Microsoft

Windows Phone 8 Users Hit Some Snags 391

Posted by timothy from the my-android-phone-freezes-way-too-often dept.
symbolset writes "As reported on The Verge, many people are experiencing freezing, rebooting and battery problems on their new Windows Phone 8 devices. This WP8Central thread shows many of the issues. Affected devices include Lumia 920 and HTC 8X." Every phone and every OS has its problems, and happy users probably aren't as vocal; it would be good to know how Windows Phone users who are also iOS and Android users compare them for reliability.

Slashdot Top Deals