Businesses

Ask Slashdot: How Do You Find Jobs That Offer Working From Home? 51 51

jez9999 writes: I'm a software developer in the UK, and I've found that it's very rare (maybe 5% of the time) to find an employer that will even consider any working from home, let alone for the majority of the time. I see it as a win-win; you're able to work in the home environment you are most productive in, and you can use the time you would've been commuting to work a bit longer for the employer. Not only that, but you're not adding to road congestion either. Skype, etc. make communication with coworkers a snap these days. So how do you go about finding homeworking jobs? Is it better to demand it from the get-go, or wait a few months and then ask for it? Is it more common than 5% of jobs in the US (in which case I guess it's a cultural thing the UK needs to catch up with)?
Security

Click-Fraud Trojan Politely Updates Flash On Compromised Computers 40 40

jfruh writes: Kotver is in many ways a typical clickfraud trojan: it hijacks the user's browser process to create false clicks on banner ads, defrauding advertisers and ad networks. But one aspect of it is unusual: it updates the victim's installation of Flash to the most recent version, ensuring that similar malware can't get in.
Businesses

Software Devs Leaving Greece For Good, Finance Minister Resigns 341 341

New submitter TheHawke writes with this story from ZDNet about the exodus of software developers from Greece. "In the last three years, almost 80 percent of my friends, mostly developers, left Greece," software developer Panagiotis Kefalidis told ZDNet. "When I left for North America, my mother was not happy, but... it is what it is." It's not just the software developers quitting either. The Greek Finance Minister Yanis Varoufakis also resigned. A portion of his resignation announcement reads: "Soon after the announcement of the referendum results, I was made aware of a certain preference by some Eurogroup participants, and assorted ‘partners’, for my ‘absence’ from its meetings; an idea that the Prime Minister judged to be potentially helpful to him in reaching an agreement. For this reason I am leaving the Ministry of Finance today."
Censorship

Chilling Effect of the Wassenaar Arrangement On Exploit Research 28 28

Bismillah writes: Security researchers are confused as to how the export control and licensing controls covering exploits affect their work. The upcoming Wassenaar restrictions were expected to discourage publication of such research, and now it's already started to happen. Grant Wilcox, writing his dissertation for the University of Northumbria at Newcastle, was forced to take a better-safe-than-sorry approach when it came time to release the vulnerabilities he found in Microsoft's EMET 5.1. "No legal consultation on the matter took place, but Wilcox noted that exploit vendors such as Vupen had started to restrict sales of their products and services because of new export control and licensing provisions under the Wassenaar Arrangement. ... Wilcox investigated the export control regulations but was unable to clarify whether it applied to his academic work. The university did not take part. He said the provisions defining which type of exploits and software are and aren't controlled were written in ambiguous language and appeared to contradict each other."
Security

Hacking Team Hacked, Attackers Grab 400GB of Internal Data 90 90

Several readers sent word that notorious surveillance company Hacking Team has itself been hacked. Attackers made off with 400GB worth of emails, documents, and source code. The company is known for providing interception tools to government and law enforcement agencies. According to the leaked files, Hacking Team has customers in Egypt, South Korea, Kazakhstan, Saudi Arabia, Oman, Lebanon, Mongolia, Russia, Germany, Sudan, and the United States — to name a few. It has been labeled an enemy of the internet by Reporters Without Borders. "Clients have had their passwords exposed as well, as several documents related to contracts and configurations have been circulating online." Nobody knows yet who perpetrated the hack.
Businesses

Silicon Valley Is Filling Up With Ex-Obama Staffers 197 197

HughPickens.com writes: Edward-Isaac Dovere reports in Politico that the fastest-growing chapter of the Obama alumni association is in Silicon Valley. For the people who helped get Obama elected and worked for him once he did, there's something about San Francisco and its environs that just feels right: the emphasis on youth and trying things that might fail, chasing that feeling of working for the underdog, and even using that word "disrupting" to describe what they do. "A lot of people who moved out here were present at the creation of the Obama '08 campaign," says Tommy Vietor. "There's a piece of them that wants to replicate that." Vietor left the White House two years ago, and he and his business partner, former Obama speechwriter Jon Favreau, founded a communications strategy firm with a focus on speechwriting for tech and other start-ups. "If you're writing for a CEO out here, they're more likely to be your peer than your grandfather," says Vietor. "They're young, they're cool, they get it."

Other former Obama staffers who have come to Silicon Valley include former campaign manager and White House adviser David Plouffe at Uber, Kyle O'Connor at Nest, Semonti Stephens at Twitter; Mike Masserman, at Lyft; Brandon Lepow at Facebook; Nicole Isaac, at LinkedIn; Liz Jarvis-Shean at Civis; Jim Green and Vivek Kundra at Salesforce, Alex McPhillips at Google; Gillian Bergeron, at NextDoor; Natalie Foster at the Institute for the Future; Catherine Bracy at Code for America; Hallie Montoya Tansey at Target Labs. Nick Papas, John Baldo, Courtney O'Donnell and Clark Stevens at AirBnB, and Jessica Santillo at Uber.

There are so many former Obama staffers in the Bay Area that a recent visit by former White House senior adviser David Axelrod served as a reunion of sorts, with more than a dozen campaign and White House veterans gathering over lunch to discuss life after the administration. Obama himself rarely misses an opportunity to come to San Francisco. He says he loves the energy there, loves the people and according to Dovere, the city's ultra-liberal leanings mean he was greeted as a rock star even during the dark days before last year's midterms. Obama's even become friendly with Elon Musk. "There should be a welcome booth at the SFO airport," says Jon Carson, the former Organizing for Action executive director now at SolarCity.
Bitcoin

Bitcoin Snafu Causes Miners To Generate Invalid Blocks 175 175

An anonymous reader writes: A notice at bitcoin.org warns users of the cryptocurrency that many miners are currently generating invalid blocks. The cause seems to be out-of-date software, and software that assumed blocks were valid instead of checking them. They explain further "For several months, an increasing amount of mining hash rate has been signaling its intent to begin enforcing BIP66 strict DER signatures. As part of the BIP66 rules, once 950 of the last 1,000 blocks were version 3 (v3) blocks, all upgraded miners would reject version 2 (v2) blocks. Early morning UTC on 4 July 2015, the 950/1000 (95%) threshold was reached. Shortly thereafter, a small miner (part of the non-upgraded 5%) mined an invalid block--as was an expected occurrence. Unfortunately, it turned out that roughly half the network hash rate was mining without fully validating blocks (called SPV mining), and built new blocks on top of that invalid block. Note that the roughly 50% of the network that was SPV mining had explicitly indicated that they would enforce the BIP66 rules. By not doing so, several large miners have lost over $50,000 dollars worth of mining income so far."
Security

Researcher Who Reported E-voting Vulnerability Targeted By Police Raid in Argentina 116 116

TrixX writes: Police have raided the home of an Argentinian security professional who discovered and reported several vulnerabilities in the electronic ballot system (Google translation of Spanish original) to be used next week for elections in the city of Buenos Aires. The vulnerabilities (exposed SSL keys and ways to forge ballots with multiple votes) had been reported to the manufacturer of the voting machines, the media, and the public about a week ago. There has been no arrest, but his computers and electronics devices have been impounded (Spanish original). Meanwhile, the information security community in Argentina is trying to get the media to report this notorious attempt to "kill the messenger." Another source (Spanish original).
Firefox

Firefox 39 Released, Bringing Security Improvements and Social Sharing 162 162

An anonymous reader writes: Today Mozilla announced the release of Firefox 39.0, which brings an number of minor improvements to the open source browser. (Full release notes.) They've integrated Firefox Share with Firefox Hello, which means that users will be able to open video calls through links sent over social media. Internally, the browser dropped support for the insecure SSLv3 and disabled use of RC4 except where explicitly whitelisted. The SafeBrowsing malware detection now works for downloads on OS X and Linux. (Full list of security changes.) The Mac OS X version of Firefox is now running Project Silk, which makes animations and scrolling noticeably smoother. Developers now have access to the powerful Fetch API, which should provide a better interface for grabbing things over a network.
Businesses

MasterCard To Approve Online Payments Using Your Selfies 77 77

An anonymous reader writes: MasterCard is experimenting with a new program: approving online purchases with a facial scan. Once you’re done shopping online, instead of a password, the service will require you to snap a photo of your face, so you won’t have to worry about remembering a password. The Stack reports: "MasterCard will be joining forces with tech leaders Apple, BlackBerry, Google, Samsung and Microsoft as well as two major banks to help make the feature a reality. Currently the international group uses a SecureCode solution which requires a password from its customers at checkout. The system was used across 3 billion transactions last year, the company said. It is now exploring biometric alternatives to protect against unauthorized payment card transactions. Customers trialling the new technologies are required to download the MasterCard app onto their smart device. At checkout two authorization steps will be taken; fingerprint recognition and facial identification using the device's camera. The system will check for blinking to avoid criminals simply holding a photograph up to the lens."
Google

Google Hangouts and SMS Integration: A Mess, For Now 62 62

Android Headlines reports that a bug in the Google Hangouts app is causing confusion for users who would like to send and receive SMS messages. According to the article, [S]ome users are reporting an issue that is preventing the merging of SMS messages with Hangouts. The exact nature of what is causing this error is still unknown, as Google has not divulged any concrete information. They did state though that they are working on a fix and will have it ready for release as soon as they figure out what is going on. On this front, I wish there were a good roadmap for all the overlapping and sometimes circular-seeming options for Google's various flavors of VoiP and messaging. Between Google Voice, Google Plus, Messenger (not Facebook's Messenger), Gmail, and now Google Fi, it's hard to tell quite where the there begins. After setting up a new phone through Google Fi, I find that the very pleasant full-screen text-message window I used to like with Google Voice is now one I can't figure out how to reach, and the screen directs me to use Hangouts instead.
Encryption

Cameron Asserts UK Gov't Will Leave No "Safe Space" For Private Communications 257 257

An anonymous reader writes with the story from Ars Technica that UK prime minister David Cameron "has re-iterated that the UK government does not intend to 'leave a safe space — a new means of communication — for terrorists to communicate with each other.'" That statement came Monday, as a response to Conservative MP David Bellingham, "who asked [Cameron, on the floor of the House of Commons] whether he agreed that the 'time has come for companies such as Google, Facebook and Twitter to accept and understand that their current privacy policies are completely unsustainable?' To which Cameron replied: 'we must look at all the new media being produced and ensure that, in every case, we are able, in extremis and on the signature of a warrant, to get to the bottom of what is going on.'" This sounds like the UK government is declaring a blustery war on encryption, and it might not need too much war: some companies can be persuaded (or would be eager) to cooperate with the government in handing over all kinds of information. However, the bluster part may leave even the fiercest surveillance mostly show: as Ars writer Glyn Moody asks, what about circumstances "where companies can't hand over keys, or where there is no company involved, as with GnuPG, the open source implementation of the OpenPGP encryption system?" Or Tor?
Security

Angler Exploit Kit Evasion Techniques Keep Cryptowall Thriving 36 36

msm1267 writes: Since the Angler Exploit Kit began pushing the latest version of Cryptowall ransomware, the kit has gone to great lengths to evade detection from IDS and other security technologies. The latest tactic is an almost-daily change to URL patterns used by the kit in HTTP GET requests for the Angler landing page, requests for a Flash exploit, and requests for the Cryptowall 3.0 payload. Traffic patterns as of yesterday are almost unrecognizable compared to those of as recent as three weeks ago.
Security

Ask Slashdot: Dealing With Passwords Transmitted As Cleartext? 243 243

An anonymous reader writes: My brother recently requested a transcript from his university and was given the option to receive the transcript electronically. When he had problems accessing the document, he called me in to help. What I found was that the transcript company had sent an e-mail with a URL (not a link) to where the document was located. What surprised me was that a second e-mail was also sent containing the password (in cleartext) to access the document.

Not too long ago I had a similar experience when applying for a job online (ironically for an entry-level IT position). I was required to setup an account with a password and an associated e-mail address. While filling out the application, I paused the process to get some information I didn't have on hand and received an e-mail from the company that said I could continue the process by logging on with my account name and password, both shown in cleartext in the message.

In my brother's case, it was an auto-generated password but still problematic. In my case, it showed that the company was storing my account information in cleartext to be able to e-mail it back to me. Needless to say, I e-mailed the head of their IT department explaining why this was unacceptable.

My questions are: How frequently have people run into companies sending sensitive information (like passwords) in cleartext via e-mail? and What would you do if this type of situation happened to you?
Businesses

Exploring the Relationships Between Tech Skills (Visualization) 64 64

Nerval's Lobster writes: Simon Hughes, Dice's Chief Data Scientist, has put together an experimental visualization that explores how tech skills relate to one another. In the visualization, every circle or node represents a particular skill; colors designate communities that coalesce around skills. Try clicking "Java", for example, and notice how many other skills accompany it (a high-degree node, as graph theory would call it). As a popular skill, it appears to be present in many communities: Big Data, Oracle Database, System Administration, Automation/Testing, and (of course) Web and Software Development. You may or may not agree with some relationships, but keep in mind, it was all generated in an automatic way by computer code, untouched by a human. Building it started with Gephi, an open-source network analysis and visualization software package, by importing a pair-wise comma-separated list of skills and their similarity scores (as Simon describes in his article) and running a number of analyses: Force Atlas layout to draw a force-directed graph, Avg. Path Length to calculate the Betweenness Centrality that determines the size of a node, and finally Modularity to detect communities of skills (again, color-coded in the visualization). The graph was then exported as an XML graph file (GEXF) and converted to JSON format with two sets of elements: Nodes and Links. "We would love to hear your feedback and questions," Simon says.
Windows

Windows 10 Shares Your Wi-Fi Password With Contacts 483 483

gsslay writes: The Register reports that Windows 10 will include, defaulted on, "Wi-Fi Sense" which shares wifi passwords with Outlook.com contacts, Skype contacts and, with an opt-in, Facebook friends. This involves Microsoft storing the wifi passwords entered into your laptop which can then be used by any other person suitably connected to you. If you don't want someone's Windows 10 passing on your password, Microsoft has two solutions; only share passwords using their Wi-Fi Sense service, or by adding "_optout" to your SSID.
Security

Amazon's New SSL/TLS Implementation In 6,000 Lines of Code 107 107

bmearns writes: Amazon has announced a new library called "s2n," an open source implementation of SSL/TLS, the cryptographic security protocols behind HTTPS, SSH, SFTP, secure SMTP, and many others. Weighing in at about 6k lines of code, it's just a little more than 1% the size of OpenSSL, which is really good news in terms of security auditing and testing. OpenSSL isn't going away, and Amazon has made clear that they will continue to support it. Notably, s2n does not provide all the additional cryptographic functions that OpenSSL provides in libcrypto, it only provides the SSL/TLS functions. Further more, it implements a relatively small subset of SSL/TLS features compared to OpenSSL.
Encryption

MIT's Bitcoin-Inspired 'Enigma' Lets Computers Mine Encrypted Data 46 46

Guy Zyskind, Oz Nathan, and the MIT Media Lab have developed a system to encrypt data in a way that it can still be shared and used without being decrypted. "To keep track of who owns what data—and where any given data’s pieces have been distributed—Enigma stores that metadata in the bitcoin blockchain, the unforgeable record of messages copied to thousands of computers to prevent counterfeit and fraud in the bitcoin economy." Enigma needs a fairly large base of users to operate securely, so its creators have proposed requiring a fee for anyone who wants data processed in this way. That fee would then be split among the users doing the processing. Those with encrypted datasets on the Enigma network could also sell access to datamining operations without letting the miners see the unencrypted data.
Security

Stanford Starts the 'Secure Internet of Things Project' 77 77

An anonymous reader writes: The internet-of-things is here to stay. Lots of people now have smart lights, smart thermostats, smart appliances, smart fire detectors, and other internet-connect gadgets installed in their houses. The security of those devices has been an obvious and predictable problem since day one. Manufacturers can't be bothered to provide updates to $500 smartphones more than a couple years after they're released; how long do you think they'll be worried about security updates for a $50 thermostat? Security researchers have been vocal about this, and they've found lots of vulnerabilities and exploits before hackers have had a chance to. But the manufacturers have responded in the wrong way.

Instead of developing a more robust approach to device security, they've simply thrown encryption at everything. This makes it temporarily harder for malicious hackers to have their way with the devices, but also shuts out consumers and white-hat researchers from knowing what the devices are doing. Stanford, Berkeley, and the University of Michigan have now started the Secure Internet of Things Project, which aims to promote security and transparency for IoT devices. They hope to unite regulators, researchers, and manufacturers to ensure nascent internet-connected tech is developed in a way that respects customer privacy and choice.
Government

White House Lures Mudge From Google To Launch Cyber UL 23 23

chicksdaddy writes: The Obama Whitehouse has tapped famed hacker Peiter Zatko (aka "Mudge") to head up a new project aimed at developing an "underwriters' lab" for cyber security. The new organization would function as an independent, non-profit entity designed to assess the security strengths and weaknesses of products and publishing the results of its tests.

Zatko is a famed hacker and security luminary, who cut his teeth with the Boston-based hacker collective The L0pht in the 1990s before moving on to work in private industry and, then, to become a program manager at the DARPA in 2010. Though known for keeping a low profile, his scruffy visage (circa 1998) graced the pages of the Washington Post in a recent piece that remembered testimony that Mudge and other L0pht members gave to Congress about the dangers posed by insecure software.