Subscribe: Slashdot: ITSearch Slashdot
http://rss.slashdot.org/Slashdot/slashdotit
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
access  email  manning  read story  read  report  school  service  slashdot  story slashdot  story  users  windows  years 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Slashdot: ITSearch Slashdot

Slashdot: ITSearch Slashdot



News for nerds, stuff that mattersSearch Slashdot stories



Published: 2017-01-21T13:35:16+00:00

 



Microsoft To Lay Off 700 Employees Next Week, Report Says

2017-01-21T13:00:00+00:00

According to a report by Business Insider (Warning: may be paywalled), Microsoft will cut about 700 jobs in conjunction with its quarterly earnings release next week. GeekWire reports: The latest layoffs are part of the company's previously announced plan to cut about 2,850 roles globally during its current fiscal year, according to the Business Insider report. The company declined to comment this afternoon, but we understand the report to be accurate, based on our own sources. Next week's cuts will be spread across a variety of job functions inside the company. The company's previous job cuts have come in areas including its smartphone business and global sales team. Microsoft announced its largest cuts in July 2014, eliminating 18,000 jobs, or 14 percent of the company at the time.

Read more of this story at Slashdot.

(image)



Lavabit Is Relaunching

2017-01-20T22:00:00+00:00

The encrypted email service once used by whistleblower Edward Snowden is relaunching today. Ladar Levison, the founder of the encrypted email service Lavabit, announced on Friday that he's relaunching the service with a new architecture that fixes the SSL problem and includes other privacy-enhancing features as well, such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate. In addition, he's also announcing plans to roll out end-to-end encryption later this year. The Intercept provides some backstory in its report: In 2013, [Levison] took the defiant step of shutting down the company's service rather than comply with a federal law enforcement request that could compromise its customers' communications. The FBI had sought access to the email account of one of Lavabit's most prominent users -- Edward Snowden. Levison had custody of his service's SSL encryption key that could help the government obtain Snowden's password. And though the feds insisted they were only after Snowden's account, the key would have helped them obtain the credentials for other users as well. Lavabit had 410,000 user accounts at the time. Rather than undermine the trust and privacy of his users, Levison ended the company's email service entirely, preventing the feds from getting access to emails stored on his servers. But the company's users lost access to their accounts as well. Levison, who became a hero of the privacy community for his tough stance, has spent the last three years trying to ensure he'll never have to help the feds break into customer accounts again. "The SSL key was our biggest threat," he says.

Read more of this story at Slashdot.

(image)



Top Security Researchers Ask The Guardian To Retract Its WhatsApp Backdoor Report

2017-01-20T16:00:00+00:00

Earlier this month The Guardian reported what it called a "backdoor" in WhatsApp, a Facebook-owned instant messaging app. Some security researchers were quick to call out The Guardian for what they concluded was irresponsible journalism and misleading story. Now, a group of over three dozen security researchers including Matthew Green and Bruce Schneier (as well as some from companies such as Google, Mozilla, Cloudflare, and EFF) have signed a long editorial post, pointing out where The Guardian's report fell short, and also asking the publication to retract the story. From the story: The WhatsApp behavior described is not a backdoor, but a defensible user-interface trade-off. A debate on this trade-off is fine, but calling this a "loophole" or a "backdoor" is not productive or accurate. The threat is remote, quite limited in scope, applicability (requiring a server or phone number compromise) and stealthiness (users who have the setting enabled still see a warning; "even if after the fact). The fact that warnings exist means that such attacks would almost certainly be quickly detected by security-aware users. This limits this method. Telling people to switch away from WhatsApp is very concretely endangering people. Signal is not an option for many people. These concerns are concrete, and my alarm is from observing what's actually been happening since the publication of this story and years of experience in these areas. You never should have reported on such a crucial issue without interviewing a wide range of experts. The vaccine metaphor is apt: you effectively ran a "vaccines can kill you" story without interviewing doctors, and your defense seems to be, "but vaccines do kill people [through extremely rare side effects]."

Read more of this story at Slashdot.

(image)



Viral Chinese Selfie App Meitu, Valued at Over $5 Billion, Phones Home With Personal Data

2017-01-20T15:20:00+00:00

The Meitu selfie horrorshow app going viral through Western audiences is a privacy nightmare, researchers say. The app, which has been featured on several popular outlets including the NYTimes, USA Today, and NYMag, harvests information about the devices on which it runs, includes invasive advertising tracking features and is just badly coded. From a report: But worst of all, the free app appears to be phoning some to share personal data with its makers. Meitu, a Chinese production, includes in its code up to three checks to determine if an iPhone handset is jailbroken, according to respected forensics man Jonathan Zdziarski, a function to grab mobile provider information, and various analytics capabilities. Zdziarski says the app also appears to build a unique device profile based in part on a handset's MAC address. "Meitu is a throw-together of multiple analytics and marketing/ad tracking packages, with something cute to get people to use it," Zdziarski says. Unique phone IMEI numbers are shipped to dozens of Chinese servers, malware researcher FourOctets found. The app, which was valued at over $5 billion last year due its popularity, seeks access to device and app history; accurate location; phone status; USB, photos, and files storage read and write; camera; Wifi connections; device ID & call information; full network access, run at startup, and prevent device from sleeping on Android phones.

Read more of this story at Slashdot.

(image)



Trump Trades in Android Phone For Secret Service-Approved Device

2017-01-20T14:00:00+00:00

Who's got two thumbs and a Secret Service-approved phone to tweet from? On arriving in Washington on Thursday ahead of his inauguration, Donald Trump has handed in his Android device in exchange for an unidentified locked-down phone, according to Associated Press. From a report: The phone comes with a new number that is known only to a limited number of people. This marks a big change for Trump, who's frequently on the line with friends, business contacts, reporters, foreign leaders and politicians. Barack Obama was the first president to use a mobile device approved by security agencies because of hacking concerns. Initially he had a heavily modified BlackBerry and later switched to another phone that had most features totally disabled. He was not known to use it for making or receiving calls, but it was one of few devices that had access to the @POTUS Twitter account.

Read more of this story at Slashdot.

(image)



ProtonMail Adds Tor Onion Site To Fight Risk Of State Censorship

2017-01-19T17:20:00+00:00

ProtonMail now has a home on the dark web. The encrypted email provider announced Thursday it will allow its users to access the site through the Tor anonymity service. From a report: Swiss-based PGP end-to-end encrypted email provider, ProtonMail, now has an onion address, allowing users to access its service via a direct connection to the Tor anonymizing network -- in what it describes as an active measure aimed at defending against state-sponsored censorship. The startup, which has amassed more than two million users for its e2e encrypted email service so far, launching out of beta just over a year ago, says it's worried about an increased risk of state-level blocking of pro-privacy tools -- pointing to recent moves such as encryption messaging app Signal being blocked in Egypt, and the UK passing expansive surveillance legislation that mandates tracking of web activity and can also require companies to eschew e2e encryption and backdoor products. The service also saw a bump in sign ups after the election of Donald Trump as US president, last fall -- with web users apparently seeking a non-US based secure email provider in light of the incoming commander-in-chief's expansive digital surveillance powers.

Read more of this story at Slashdot.

(image)



Krebs Pinpoints the Likely Author of the Mirai Botnet

2017-01-19T15:20:00+00:00

The Mirai botnet caused serious trouble last fall, first hijacking numerous IoT devices to make a historically massive Distributed Denial-Of-Service (DDoS) attack on KrebsOnSecurity's site in September before taking down a big chunk of the internet a month later. But who's responsible for making the malware? From a report on Engadget: After his site went dark, security researcher Brian Krebs went on a mission to identify its creator, and he thinks he has the answer: Several sources and corroborating evidence point to Paras Jha, a Rutgers University student and owner of DDoS protection provider Protraf Solutions. About a week after attacking the security site, the individual who supposedly launched the attack, going by the username Anna Senpai, released the source code for the Mirai botnet, which spurred other copycat assaults. But it also gave Krebs the first clue in their long road to uncover Anna Senpai's real-life identity -- an investigation so exhaustive, the Krebs made a glossary of cross-referenced names and terms along with an incomplete relational map.

Read more of this story at Slashdot.

(image)



Julian Assange Will Not Hand Himself In Because Chelsea Manning's Release Won't Happen Immediately, Lawyer Says

2017-01-19T03:30:00+00:00

President Obama commuted Chelsea Manning's prison sentence yesterday, reducing her time required to serve behind bars from 35 years to just over seven years. Prior to the commutation, WikiLeaks' Julian Assange pledged to surrender himself to U.S. authorities if Manning was pardoned. Roughly 24 hours have passed since the news broke and it appears that Assange will not hand himself in to the Department of Justice. The Independent reports: Mr Assange's lawyers initially seemed to suggest that promise would be carried through -- telling reporters that he stood by his earlier comments -- but it appears now that Mr Assange will stay inside the embassy. The commitment to accept extradition to the U.S. was based on Ms Manning being released immediately, Mr Assange's lawyer told The Hill. Ms Manning won't actually be released until May -- to allow for a standard 120-day transition period, which gives people time to prepare and find somewhere to live, an official told The New York Times for its original report about Ms Manning's clemency. "Mr. Assange welcomes the announcement that Ms. Manning's sentence will be reduced and she will be released in May, but this is well short of what he sought," Barry Pollack, Assange's U.S.-based attorney, told the site. "Mr. Assange had called for Chelsea Manning to receive clemency and be released immediately."

Read more of this story at Slashdot.

(image)



Malwarebytes Discovers 'First Mac Malware of 2017'

2017-01-19T00:45:00+00:00

wiredmikey writes: Security researchers have a uncovered a Mac OS based espionage malware they have named "Quimitchin." The malware is what they consider to be "the first Mac malware of 2017," which appears to be a classic espionage tool. While it has some old code and appears to have existed undetected for some time, it works. It was discovered when an IT admin noticed unusual traffic coming from a particular Mac, and has been seen infecting Macs at biomedical facilities. From SecurityWeek.com: "Quimitchin comprises just two files: a .plist file that simply keeps the .client running at all times, and the .client file containing the payload. The latter is a 'minified and obfuscated' perl script that is more novel in design. It combines three components, Thomas Reed, director of Mac offerings at Malwarebytes and author of the blog post told SecurityWeek: 'a Mac binary, another perl script and a Java class tacked on at the end in the __DATA__ section of the main perl script. The script extracts these, writes them to /tmp/ and executes them.' Its primary purpose seems to be screen captures and webcam access, making it a classic espionage tool. Somewhat surprisingly the code uses antique system calls. 'These are some truly ancient functions, as far as the tech world is concerned, dating back to pre-OS X days,' he wrote in the blog post. 'In addition, the binary also includes the open source libjpeg code, which was last updated in 1998.' The script also contains Linux shell commands. Running the malware on a Linux machine, Malwarebytes 'found that -- with the exception of the Mach-O binary -- everything ran just fine.' It is possible that there is a specific Linux variant of the malware in existence -- but the researchers have not been able to find one. It did find two Windows executable files, courtesy of VirusTotal, that communicated with the same CC server. One of them even used the same libjpeg library, which hasn't been updated since 1998, as that used by Quimitchin."

Read more of this story at Slashdot.

(image)



College Fires IT Admin, Loses Access To Google Email, Successfully Sues IT Admin For $250K

2017-01-19T00:05:00+00:00

An anonymous reader quotes a report from The Register: Shortly after the American College of Education (ACE) in Indiana fired IT administrator Triano Williams in April, 2016, it found that it no longer had any employees with admin access to the Google email service used by the school. In a lawsuit [PDF] filed against Williams in July, 2016, the school alleges that it asked Williams to return his work laptop, which was supposed to have the password saved. But when Williams did so in May that year, the complaint says, the computer was returned wiped, with a new operating system, and damaged to the point it could no longer be used. ACE claimed that its students could not access their Google-hosted ACE email accounts or their online coursework. The school appealed to Google, but Google at the time refused to help because the ACE administrator account had been linked to William's personal email address. "By setting up the administrator account under a non-ACE work email address, Mr Williams violated ACE's standard protocol with respect to administrator accounts," the school's complaint states. "ACE was unaware that Mr Williams' administrator account was not linked to his work address until after his employment ended." According to the school's court filing, Williams, through his attorney, said he would help the school reinstate its Google administrator account, provided the school paid $200,000 to settle his dispute over the termination of his employment. That amount is less than half the estimated $500,000 in harm the school says it has suffered due to its inability to access its Google account, according to a letter from William's attorney in Illinois, Calvita J Frederick. Frederick's letter claims that another employee set up the Google account and made Williams an administrator, but not the controlling administrator. It says the school locked itself out of the admin account through too many failed password attempts. Williams, in a counter-suit [PDF] filed last month, claims his termination followed from a pattern of unlawful discrimination by the school in the wake of a change in management. Pointing to the complaint she filed with the court in Illinois, Frederick said Williams wrote a letter [PDF] to a supervisor complaining about the poor race relations at the school and, as a result of that letter, he was told he had to relocate to Indianapolis. Read more of this story at Slashdot.[...]



Ukraine's Power Outage Was a Cyber Attack, Says Power Supplier

2017-01-18T16:00:00+00:00

A power blackout in Ukraine's capital Kiev last month was caused by a cyber attack and investigators are trying to trace other potentially infected computers and establish the source of the breach, utility Ukrenergo told Reuters on Wednesday. From the report: When the lights went out in northern Kiev on Dec. 17-18, power supplier Ukrenergo suspected a cyber attack and hired investigators to help it determine the cause following a series of breaches across Ukraine. Preliminary findings indicate that workstations and Supervisory Control and Data Acquisition (SCADA) systems, linked to the 330 kilowatt sub-station "North", were influenced by external sources outside normal parameters, Ukrenergo said in comments emailed to Reuters. "The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion," Ukrenergo said.

Read more of this story at Slashdot.

(image)



Dutch Developer Added Backdoor To Websites He Built, Phished Over 20,000 Users

2017-01-18T13:00:00+00:00

An anonymous reader quotes a report from BleepingComputer: A Dutch developer illegally accessed the accounts of over 20,000 users after he allegedly collected their login information via backdoors installed on websites he built. According to an official statement, Dutch police officials are now in the process of notifying these victims about the crook's actions. The hacker, yet to be named by Dutch authorities, was arrested on July 11, 2016, at a hotel in Zwolle, the Netherlands, and police proceeded to raid two houses the crook owned, in Leeuwarden and Sneek. According to Dutch police, the 35-years-old suspect was hired to build e-commerce sites for various companies. After doing his job, the developer also left backdoors in those websites, which he used to install various scripts that allowed him to collect information on the site's users. Police say that it's impossible to determine the full breadth of his hacking campaign, but evidence found on his laptop revealed he gained access to over 20,000 email accounts. Authorities say the hacker used his access to these accounts to read people's private email conversations, access their social media profiles, sign-up for gambling sites with the victim's credentials, and access online shopping sites to make purchases for himself using the victim's funds.

Read more of this story at Slashdot.

(image)



Blockchain Technology Could Save Banks $12 Billion a Year

2017-01-18T00:05:00+00:00

Mickeycaskill quotes a report from Silicon.co.uk: Accenture research has found Blockchain technology has the potential to reduce infrastructure costs by an average of 30 percent for eight of the world's ten biggest banks. That equates to annual cost savings of $8-12 billion. The findings of the "Banking on Blockchain: A Value Analysis for Investment Banks" report are based on an analysis of granular cost data from the eight banks to identify exactly where value could be achieved. A vast amount of cost for today's investment banks comes from complex data reconciliation and confirmation processes with their clients and counterparts, as banks maintain independent databases of transactions and customer information. However, Blockchain would enable banks to move to a shared, distributed database that spans multiple organizations. It has become increasingly obvious in recent months that blockchain will be key to the future of the banking industry, with the majority of banks expected to adopt the technology within the next three years.

Read more of this story at Slashdot.

(image)



President Obama Commutes Chelsea Manning's Sentence

2017-01-17T22:00:00+00:00

The New York Times is reporting that President Obama has commuted Chelsea Manning's sentence. What this translates to is a reduced sentence for Manning, from 35 years to just over seven years. Since Manning has already served a majority of those years, she is due to be released from federal custody on May 17th. The Verge reports: While serving as an intelligence analyst in Iraq, Manning leaked more than 700,000 documents to Wikileaks, including video of a 2007 airstrike in Baghdad that killed two Reuters employees. In 2013, Manning was sentenced to 35 years in prison for her role in the leak and has been held at the U.S. Disciplinary Barracks at Fort Leavenworth for the past three years. Julian Assange, who has long been sought by U.S. and EU authorities for extradition on Swedish rape charges, had previously pledged to surrender himself to U.S. authorities if Manning was pardoned. Born Bradley Manning, Chelsea announced her gender transition the day after the verdict was handed down. "I am Chelsea Manning. I am a female," she said in a statement. "Given the way that I feel, and have felt since childhood, I want to begin hormone therapy as soon as possible." Obtaining the resulting medical treatments was extremely difficult for Manning, and was the subject of significant and sustained activism. After a lawsuit, Manning was approved for hormone therapy in 2015. In September 2016, she launched a hunger strike, demanding access to gender reassignment surgery; the military complied five days later.

Read more of this story at Slashdot.

(image)



Microsoft: Windows 7 Does Not Meet the Demands of Modern Technology; Recommends Windows 10

2017-01-16T18:40:00+00:00

In a blog post, Microsoft says that continued usage of Windows 7 increases maintenance and operating costs for businesses. Furthermore, time is needlessly wasted on combating malware attacks that could have been avoided by upgrading to Windows 10. A report on Neowin adds: Microsoft also says that many hardware manufacturers do not provide drivers for Windows 7 any longer, and many developers and companies refrain from releasing programs on the outdated operating system. Markus Nitschke, Head of Windows at Microsoft Germany, had the following to say about Windows 7: "Today, it [Windows 7] does not meet the requirements of modern technology, nor the high security requirements of IT departments. As early as in Windows XP, we saw that companies should take early steps to avoid future risks or costs. With Windows 10, we offer our customers the highest level of security and functionality at the cutting edge.

Read more of this story at Slashdot.

(image)