Subscribe: Slashdot: ITSearch Slashdot
http://rss.slashdot.org/Slashdot/slashdotit
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
anonymous reader  cloudflare  company  google  read story  read  reader  report  security  slashdot  story slashdot  story 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Slashdot: ITSearch Slashdot

Slashdot: ITSearch Slashdot



News for nerds, stuff that mattersSearch Slashdot stories



Published: 2017-08-16T17:22:13+00:00

 



Guam Radio Stations Accidentally Conduct Emergency Alert Amid North Korea Threat

2017-08-15T22:00:00+00:00

the_webmaestro writes: A couple of radio stations in Guam conducted an unscheduled test of the Emergency Alert Broadcast System, sending some residents -- already on edge due to the back and forth between the North Korean regime and the tweets made by the President of the United States -- into a panic. From the Guam Homeland Security/Office of Civil Defense Facebook page: "The Offices of Guam Homeland Security and Civil Defense (GHS/OCD), in conjunction with the Mariana Regional Fusion Center (MRFC), our federal and military partners, continue to monitor the recent events surrounding North Korea and their threatening actions. Residents and visitors may have noticed at 12:25 a.m., an unscheduled test of the Emergency Alert Broadcast System (EAS) was triggered from KTWG/KSTO AM. The message read: 'A BROADCAST STATION OR CABLE SYSTEM HAS ISSUED A CIVIL DANGER WARNING FOR THE FOLLOWING COUNTIES/AREAS: Guam, Guam; AT 12:25 AM ON AUG 15, 2017 EFFECTIVE UNTIL 12:40 AM. MESSAGE FROM KTWGKSTO.' The unauthorized test was NOT connected to any emergency, threat or warning. GHS/OCD has worked with KSTO to ensure the human error will not occur again. There is no scheduled test of the EAS or All Hazards Alert Warning System sirens today." In addition, the Guam Power Authority (GPA) reported there were two scheduled outages, for emergency interruption of power, at 2:30 p.m. and 7 p.m., August 14: "Unrelated to the EAS unauthorized test, the Guam Power Authority (GPA) reported there were two scheduled outages, for emergency interruption of power, at 2:30 p.m. and 7 p.m., August 14 for customers located in Talofofo located along along Rte.17, Chalan J. Kindo, Vicente Borja Dr., Felix Dydasco St., Henry Simpson area to bus shelter by Bishop Street and other customers in these locations."

Read more of this story at Slashdot.

(image)



Cloudflare is the One Tech Company Still Sticking By Neo-Nazi Websites

2017-08-15T20:40:00+00:00

An anonymous reader shares a report: One company is sticking by The Daily Stormer and other far-right websites: the cloud security and performance service Cloudflare. Cloudflare acts as a shield between websites and the outside world, protecting them from hackers and preserving the anonymity of the sites' owners. But Cloudflare is not a hosting service: It does not store website content on its servers. And that fact, as far as the company is concerned, exempts it from judgment over who its clients are -- even if those clients are literally Nazis. In a statement Cloudflare sent to Quartz and other publications yesterday, the company refused to explicitly say it will continue to do business with sites like The Daily Stormer, but pointed out that the content would exist regardless of what Cloudflare does or doesn't do. "Cloudflare is aware of the concerns that have been raised over some sites that have used our network. We find the content on some of these sites repugnant. While our policy is to not comment on any user specifically, we are cooperating with law enforcement in any investigation. Cloudflare is not the host of any website. Cloudflare is a network that provides performance and security services to more than 10% of all Internet requests. Cloudflare terminating any user would not remove their content from the Internet, it would simply make a site slower and more vulnerable to attack."

Read more of this story at Slashdot.

(image)



US Army Walks Back Decision To Ban DJI Drones Ever So Slightly

2017-08-15T00:05:00+00:00

garymortimer shares a report from sUAS News: News has reached me that another DJI memo was passed around on Friday the 11th of August. An exception to policy with recommendations from the asymmetric warfare group that will permit the use of DJI kit once some conditions have been met. The Android Tactical Assault Kit will become the ground control station (GCS) of choice when a DJI plugin has passed OPSEC (Operational Security) scrutiny. In a separate report from Reuters, DJI said it is "tightening data security in the hopes that the U.S. Army will lift its ban on DJI drones because of 'cyber vulnerabilities.'" The company is "speeding deployment of a system that allows users to disconnect from the internet during flights, making it impossible for flight logs, photos or videos to reach DJI's computer servers," reports Reuters. While the security measure has been in the works for several months, it's being rolled out sooner than planned because of the Army's decision to discontinue the use of DJI drones.

Read more of this story at Slashdot.

(image)



From Google To Yahoo, Tech Grapples With White Male Discontent

2017-08-14T21:20:00+00:00

Reader joshtops shares a Bloomberg report: Google isn't the only Silicon Valley employer being accused of hostility to white men. Yahoo and Tata Consultancy Services were already fighting discrimination lawsuits brought by white men before Google engineer James Damore ignited a firestorm -- and got himself fired -- with an internal memo criticizing the company's diversity efforts and claiming women are biologically less suited than men to be engineers. The Yahoo case began last year when two men sued, claiming they'd been unfairly fired after managers allegedly manipulated performance evaluations to favor women. They claim Marissa Mayer approved the review process and was involved in their terminations, and last month a judge ordered the former chief executive be deposed. TCS, meanwhile, is fighting three men who claim the Mumbai-based firm discriminates against non-Indians at its U.S. offices.

Read more of this story at Slashdot.

(image)



I Bought a Book About the Internet From 1994 and None of the Links Worked

2017-08-14T20:00:00+00:00

An anonymous reader shares a report (condensed for space and clarity): For crate-diggers of all stripes, the internet is awesome for one reason: The crate never ends. There's always something new to find online, because people keep creating new things to throw into that crate. But that crate has a hole at the bottom. Stuff is falling out just as quickly, and pieces of history that would stick around in meatspace disappear in an instant online. So as a result, there aren't a lot of websites from 1995 that made it through to the present day. Gopher sites? Odds are low. Text files? Perhaps. The endless pace of linkrot has left books about the internet in a curious limbo -- they're dead trees about the dead-tree killer, after all. [...] Recently, I bought a book -- a reference book, the kind that you can still pick up at Barnes and Noble today. The book, titled Free $tuff From the Internet (Coriolis Group Books, 1994), promises to help you find free content online. And, crucially, it focuses less on the web, which was still quite young, than on many of the alternative protocols of the era. This book links to FTP sites, telnet servers, and Gopher destinations, and I've tried many of them in an effort to figure out whether something, anything in this book works in the present day. These FTP servers were often based at universities which have a vested interest in keeping information online for a long-term period -- think the University of North Carolina, or Kansas State University. But despite this, I could not get most of these servers to load -- they were long ago murdered by the World Wide Web.

Read more of this story at Slashdot.

(image)



Spyware Apps Found on Google Play Store

2017-08-14T16:40:00+00:00

Researchers at the security firm Lookout have identified a family of malicious Android apps, referred to as SonicSpy. From a report: Experts say the malware author modified a version of the official Telegram app, injected the spyware code, rebranded it, and uploaded the modified app on the Play Store. In total, the crook uploaded the app three times on the Play Store under the names Soniac, Hulk Messenger, and Troy Chat. Only Soniac was active on Google's app store when researchers first spotted the spyware, as the other two apps were already taken down, most likely by the developer himself. At the time of writing, Lookout says they identified over 1,000 variations of this new spyware called SonicSpy, which they believe to be a new version of an older Android spyware named SpyNote.

Read more of this story at Slashdot.

(image)



Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware

2017-08-14T15:50:00+00:00

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Monday, the well-known security researcher who became famous after helping to stop the destructive WannaCry ransomware outbreak pleaded "not guilty" to creating software that would later become banking malware. Marcus Hutchins -- better known by his online nickname MalwareTech -- was arrested in early August in Las Vegas after the hacking conference Def Con. The US government accuses Hutchins of writing software in 2014 that would later become the banking malware Kronos. After getting out on bail and traveling to Milwaukee, he stood in front a judge on Monday for his arraignment. Prosecutors also allege he helped a still unknown co-defendant market and sell Kronos. Hutchins's lawyer Brian Klein declared in a packed courtroom in Milwaukee that Hutchins was "not guilty" of six charges related to the alleged creation and distribution of malware. Hutchins will be allowed to travel to Los Angeles, where he will live while he awaits trial. He will also be represented by Marcia Hoffman, formerly of the Electronic Frontier Foundation. Under the terms of his release, Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the WannaCry "sinkhole" he used to stop the outbreak of ransomware.

Read more of this story at Slashdot.

(image)



Hundreds Of Smart Locks Get Bricked By A Buggy Firmware Update

2017-08-13T16:24:00+00:00

An anonymous reader quotes BleepingComputer: On Tuesday, August 8, smart locks manufacturer LockState botched an over-the-air firmware update for its WiFi enabled [RemoteLock 6i] smart locks, causing the devices to lose connectivity to the vendor's servers and the ability to open doors for its users... The device costs $469 and is sold mainly to Airbnb hosts via an official partnership LockState has signed with the company. Hosts use the smart locks to configure custom access codes for each Airbnb renter without needing to give out a physical key to each one. The botched firmware bricked the device's smart code access mode. Physical keys continued to work. The botched firmware was a nuisance for private home owners, but it was a disaster for Airbnb hosts, who had to scramble to get customers physical keys so they could enter their rents. The post includes tweets from angry lock owners, one complaining about a two-week wait for a replacement. The company is also offering to fix the defective units within "5-7 days," promising that "Every employee and resource at LockState is focused on resolving this for you as quickly as possible."

Read more of this story at Slashdot.

(image)



Deserialization Issues Also Affect .NET, Not Just Java

2017-08-13T15:19:00+00:00

"The .NET ecosystem is affected by a similar flaw that has wreaked havoc among Java apps and developers in 2016," reports BleepingComputer. An anonymous reader writes: The issue at hand is in how some .NET libraries deserialize JSON or XML data, doing it in a total unsecured way, but also how developers handle deserialization operations when working with libraries that offer optional secure systems to prevent deserialized data from accessing and running certain methods automatically. The issue is similar to a flaw known as Mad Gadget (or Java Apocalypse) that came to light in 2015 and 2016. The flaw rocked the Java ecosystem in 2016, as it affected the Java Commons Collection and 70 other Java libraries, and was even used to compromise PayPal's servers. Organizations such as Apache, Oracle, Cisco, Red Hat, Jenkins, VMWare, IBM, Intel, Adobe, HP, and SolarWinds , all issued security patches to fix their products. The Java deserialization flaw was so dangerous that Google engineers banded together in their free time to repair open-source Java libraries and limit the flaw's reach, patching over 2,600 projects. Now a similar issue was discovered in .NET. This research has been presented at the Black Hat and DEF CON security conferences. On page 5 [of this PDF], researchers included reviews for all the .NET and Java apps they analyzed, pointing out which ones are safe and how developers should use them to avoid deserialization attacks when working with JSON data.

Read more of this story at Slashdot.

(image)



Amateur Drone Lands On British Air Carrier, Wired Reviews Anti-Drone Technology

2017-08-13T11:09:00+00:00

Long-time Slashdot reader mi quotes the BBC: The Ministry of Defence is reviewing security after a tiny drone landed on the deck of Britain's biggest warship. The Queen Elizabeth aircraft carrier was docked at Invergordon in the Highlands when an amateur photographer flew the drone close to the giant ship. When the aircraft sensed a high wind risk, it landed itself on the £3bn warship. The pilot told BBC Scotland: "I could have carried two kilos of Semtex and left it on the deck... I would say my mistake should open their eyes to a glaring gap in security." Meanwhile, tastic007 shares Wired's footage of anti-drone products being tested (like net guns, air-to-air combat counter-drones, and drone net shotgun shells) -- part of the research presented at this year's DEFCON.

Read more of this story at Slashdot.

(image)



Should Workplaces Be Re-Defined To Retain Older Tech Workers?

2017-08-12T16:34:00+00:00

rgh02 submitted this article from Backchannel which argues companies "need to work harder and more persistently to attract, retain, and recognize talent" -- especially older talent: We "elders" know perfectly well that our workplaces are by and large not about us. We don't drive how roles, functions, advancement, and success are seen. Career development options and the hierarchical career ladders everyone is expected to climb are designed for the majority: younger workers. What can be done? There has to be a systems overhaul... The article suggests restructuring workplaces with "individual contributor tracks" which reward people who don't go on to become managers, as well as things like paid mentoring positions and "phased retirement" programs that create part-time positions to allow a more gradual transition into retirement.

Read more of this story at Slashdot.

(image)



Chrome Extension Developers Under a Barrage of Phishing Attacks

2017-08-12T14:34:00+00:00

An anonymous reader quotes Bleeping Computer: Google's security team has sent out warnings via email to Chrome extension developers after many of them have been the targets of phishing attacks, some of which have been successful and resulted in crooks taking over extensions. These phishing attacks have come into the limelight this past week when phishers managed to compromise the developer accounts for two very popular Chrome extensions -- Copyfish and Web Developer. The phishers used access to these developer accounts to insert adware code inside the extensions and push out a malicious update that overlaid ads on top of web pages users were navigating. According to new information obtained by Bleeping Computer, these attacks started over two months ago and had been silently going on without anyone noticing. All phishing emails contained the same lure -- someone posing as Google was informing extension developers that their add-on broke Chrome Web Store rules and needed to be updated. The extension developer was lured onto a site to view what was the problem and possibly update the extension. Before seeing the alert, the site asked extension developers to log in with their Google developer account, a natural step when accessing a secure backend.

Read more of this story at Slashdot.

(image)



Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels

2017-08-12T13:00:00+00:00

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.

Read more of this story at Slashdot.

(image)



FBI Says Islamic State Used eBay, PayPal To Channel Money To the US

2017-08-12T03:30:00+00:00

An anonymous reader quotes a report from The Verge: Islamic State allegedly used PayPal and fake eBay transactions to channel money to an operative in the U.S., The Wall Street Journal reports. The man who allegedly received the money was American citizen Mohamed Elshinawy, who was arrested last year in Maryland. The FBI claims that Elshinawy, in his early 30s, sold computer printers on eBay as a front in order to receive the payments through PayPal. The details have come to light because of a recently unsealed FBI affidavit, which alleges Elshinawy was part of a worldwide network that used such channels to fund ISIS. Elshinawy received $8,700 from ISIS, including five PayPal payments from senior ISIS official Siful Sujan through his technology company. Those funds were used to buy a laptop, a cellphone, and a VPN to communicate with IS, according to the affidavit. Sujan was killed in a drone strike in 2015. eBay told The Wall Street Journal it "has zero tolerance for criminal activities taking place on our marketplace." Meanwhile, a spokeswoman for PayPal said it "invests significant time and resources in working to prevent terrorist activity on our platform. We proactively report suspicious activities and respond quickly to lawful requests to support law enforcement agencies in their investigations."

Read more of this story at Slashdot.

(image)



HBO Hacker Leaks Message From HBO Offering $250,000 'Bounty Payment'

2017-08-11T14:40:00+00:00

The HBO hacker has struck yet again. From a report: Variety has obtained a copy of another message released Thursday by the anonymous hacker to select journalists in which HBO is apparently responding to the initial video letter that was sent informing the Time Warner-owned company of the massive data breach. The message from HBO, dated July 27, features the network's offer to make a "bounty payment" of $250,000 as part of a program in which "white hat IT professionals" are rewarded for "bringing these types of things to our attention." While the message takes a curiously non-confrontational tone in response to a hacker out to damage HBO, a source close to the investigation who confirmed the veracity of the email explained it was worded that way to stall for time while the company attempted to assess the serious situation.

Read more of this story at Slashdot.

(image)