Forgot your password?

Catch up on stories from the past week (and beyond) at the Slashdot story archive


Syrian Electronic Army Takes Credit For News Site Hacking 17

Posted by timothy
from the how-to-win-no-friends-and-influence-people dept.
New submitter ddtmm writes The Syrian Electronic Army is claiming responsibility for the hacking of multiple news websites, including CBC News. Some users trying to access the CBC website reported seeing a pop-up message reading: "You've been hacked by the Syrian Electronic Army (SEA)." It appears the hack targeted a network used by many news organizations and businesses. A tweet from an account appearing to belong to the Syrian Electronic Army suggested the attacks were meant to coincide with the U.S. Thanksgiving on Thursday. The group claimed to have used the domain, a company that offers businesses a customer identity management platform, to hack into other sites via GoDaddy, its domain registrar. Gigya is "trusted by more than 700 leading brands," according to its website. The hacker or hackers redirected sites to the Syrian Electronic Army image that users saw. Gigya's operations team released a statement Thursday morning saying that it identified an issue with its domai registrar at 6:45 a.m. ET. The breach "resulted in the redirect of the domain for a subset of users," the company said. Among the websites known to be hacked so far are New York Times, Chicago Tribune, CNBC, PC World, Forbes, The Telegraph, Walmart and Facebook.

Riecoin Breaks World Record For Largest Prime Sextuplet, Twice 44

Posted by timothy
from the well-the-sextuplet-was-just-sitting-there dept.
An anonymous reader writes Last week, Riecoin – a project that doubles as decentralized virtual currency and a distributed computing system — quietly broke the record for the largest prime number sextuplet. This happened on November 17, 2014 at 19:50 GMT and the calculation took only 70 minutes using the massive distributed computing power of its network. This week the feat was outdone and the project beat its own record on November 24, 2014 at 20:28 GMT achieving numbers 654 digits long, 21 more than its previous record.

Ask Slashdot: Best Biometric Authentication System? 125

Posted by samzenpus
from the eyes-have-it dept.
kwelch007 writes I run a network for a company that does manufacturing primarily in a clean-room. We have many systems in place that track countless aspects of every step. However, we do not have systems in place to identify the specific user performing the step. I could do this easily, but asking users to input their AD login every time they perform a task is a time-waster (we have "shared" workstations throughout.) My question is, what technologies are people actually using successfully for rapid authentication? I've thought about fingerprint scanners, but they don't work because in the CR we have to wear gloves. So, I'm thinking either face-recognition or retinal scans...but am open to other ideas if they are commercially viable.

Bitcoin Is Not Anonymous After All 114

Posted by samzenpus
from the pulling-back-the-curtain dept.
Taco Cowboy points out a new study that shows it is possible to figure out the IP address of someone who pays for transactions anonymously online using bitcoins. "The Bitcoin system is not managed by a central authority, but relies on a peer-to-peer network on the Internet. Anyone can join the network as a user or provide computing capacity to process the transactions. In the network, the user's identity is hidden behind a cryptographic pseudonym, which can be changed as often as is wanted. Transactions are signed with this pseudonym and broadcast to the public network to verify their authenticity and attribute the Bitcoins to the new owner. In their new study, researchers at the Laboratory of Algorithmics, Cryptology and Security of the University of Luxembourg have shown that Bitcoin does not protect user's IP address and that it can be linked to the user's transactions in real-time. To find this out, a hacker would need only a few computers and about €1500 per month for server and traffic costs. Moreover, the popular anonymization network "Tor" can do little to guarantee Bitcoin user's anonymity, since it can be blocked easily."
United States

DHS Set To Destroy "Einstein" Surveillance Records 71

Posted by samzenpus
from the nothing-to-see-here dept.
schwit1 sends word that The Department of Homeland Security plans on disposing of all the records from a 3-year-long surveillance program without letting the public have access to them. The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called "Einstein" that are at least three years old, but not for security reasons. DHS reasons the files — which include data about traffic to government websites, agency network intrusions and general vulnerabilities — have no research significance. But some security experts say, to the contrary, DHS would be deleting a treasure chest of historical threat data. And privacy experts, who wish the metadata wasn't collected at all, say destroying it could eliminate evidence that the government wide surveillance system does not perform as intended. The National Archives and Records Administration has tentatively approved the disposal plan, pending a public comment period.

Book Review: Bulletproof SSL and TLS 89

Posted by samzenpus
from the read-all-about-it dept.
benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review.

UNSW Has Collected an Estimated $100,000 In Piracy Fines Since 2008 98

Posted by timothy
from the quasi-private-justice dept.
Jagungal (36053) writes The SMH reports that The University of NSW says it has issued 238 fines estimated to total around $100,000 - to students illicitly downloading copyright infringing material such as movies and TV shows on its Wi-Fi network since 2008. The main issues are that the University is not returning any money to the copyright holders but is instead using the money raised for campus facilities and that it is essentially enforcing a commonwealth law.

How Facebook Is Influencing Who Will Win the Next Election 72

Posted by Soulskill
from the setting-up-a-scapegoat dept.
An anonymous reader sends this excerpt from Forbes: [Facebook] announced yesterday that it was shutting down a feature that the Obama campaign used in 2012 to register over a million voters. During the election supporters shared access to their list of Facebook friends list with the campaign through an app. Researchers have found that while people view often political messages with skepticism, they are more receptive and trusting when the information is coming from somebody they know. The feature was credited with boosting Obama’s get-out-the-vote efforts which were crucial to his victory, but Facebook has decided to disable this ability in order to (rightfully) protect users from third-party apps collecting too much of their information.

The company insists that it favors no particular ideology and that its efforts are “neutral.” The first part is likely true, but the second is not possible. The company’s algorithms take into account a proprietary mix of our own biases, connections, and interests combined with Facebook’s business priorities; that is the farthest thing from neutral. Facebook says it just want to encourage “civic participation,” but politically mobilizing the subsection of people that are on their network is not without its own impacts.

Elusive Dark Matter May Be Detected With GPS Satellites 67

Posted by Soulskill
from the when-they're-not-busy-telling-you-how-far-you-are-from-a-starbucks dept.
An anonymous reader writes: Two researchers say time disparities identified through the network of satellites that make up our modern GPS infrastructure can help detect dark matter. In a paper in the online version of the scientific journal Nature Physics, they write that dark matter may be organized as a large gas-like collection of topological defects, or energy cracks. "We propose to detect the defects, the dark matter, as they sweep through us with a network of sensitive atomic clocks. The idea is, where the clocks go out of synchronization, we would know that dark matter, the topological defect, has passed by." Another reader adds this article about research into dark energy: The particles of the standard model, some type of dark matter and dark energy, and the four fundamental forces. That's all there is, right? But that might not be the case at all. Dark energy may not simply be the energy inherent to space itself, but rather a dynamical property that emerges from the Universe: a sort of fifth force. This is speculation that's been around for over a decade, but there hasn't been a way to test it until now. If this is the case, it may be accessible and testable by simply using presently existing vacuum chamber technology

Major Brain Pathway Rediscovered After Century-old Confusion, Controversy 114

Posted by timothy
from the hey-if-you-can-find-a-new-knee-bone dept.
vinces99 writes A couple of years ago a scientist looking at dozens of MRI scans of human brains noticed something surprising: A large fiber pathway that seemed to be part of the network of connections that process visual information that wasn't mentioned in any modern-day anatomy textbooks. "It was this massive bundle of fibers, visible in every brain I examined," said Jason Yeatman, a research scientist at the University of Washington's Institute for Learning & Brain Sciences. "... As far as I could tell, it was absent from the literature and from all major neuroanatomy textbooks.'"With colleagues at Stanford University, Yeatman started some detective work to figure out the identity of that mysterious fiber bundle. The researchers found an early 20th century atlas that depicted the structure, now known as the vertical occipital fasciculus. But the last time that atlas had been checked out was 1912, meaning the researchers were the first to view the images in the last century. They describes the history and controversy of the elusive pathway in a paper published Nov. 17 in the Proceedings of the National Academy of Sciences. You'd think that we'd have found all the parts of the human body by now, but not necessarily.

Tor Eyes Crowdfunding Campaign To Upgrade Its Hidden Services 106

Posted by samzenpus
from the price-of-privacy dept.
apexcp writes The web's biggest anonymity network is considering a crowdfunding campaign to overhaul its hidden services. From the article: "In the last 15 months, several of the biggest anonymous websites on the Tor network have been identified and seized by police. In most cases, no one is quite sure how it happened. The details of such a campaign have yet to be revealed. With enough funding, Tor could have developers focusing their work entirely on hidden services, a change in developer priorities that many Tor users have been hoping for in recent years."
United States

State Department Joins NOAA, USPS In Club of Hacked Federal Agencies 54

Posted by timothy
from the more-funding-next-year dept.
Hot on the heels of recent cyber attacks on NOAA, the USPS, and the White House, the New York Times reports that the U.S. State Department has also suffered an online security breach, though it's not clear who to blame. “This has impacted some of our unclassified email traffic and our access to public websites from our main unclassified system,” said one senior State Department official, adding that the department expected its systems to be up soon. ....The breach at the White House was believed to be the work of hackers in Russia, while the breaches at NOAA and the Postal Service were believed to the work of hackers inside China. Attributing attacks to a group or nation is difficult because hackers typically tend to route their attack through compromised web servers all over the world. A senior State Department official said the breach was discovered after “activity of concern” was detected on portions of its unclassified computer system. Officials did not say how long hackers may have been lurking in those systems, but security improvements were being added to them on Sunday.
United Kingdom

World's Youngest Microsoft Certificated Professional Is Five Years Old 276

Posted by timothy
from the so-long-as-he-likes-it dept. writes Gurvinder Gill writes at BBC that Ayan Qureshi is the world's youngest Microsoft Certified Professional after passing the tech giant's exam when he was just five years old. Qureshi's father introduced his son to computers when he was three years old. He let him play with his old computers, so he could understand hard drives and motherboards. "I found whatever I was telling him, the next day he'd remember everything I said, so I started to feed him more information," Qureshi explained. "Too much computing at this age can cause a negative effect, but in Ayan's case he has cached this opportunity." Ayan has his own computer lab at his home in Coventry, containing a computer network which he built and spends around two hours a day learning about the operating system, how to install programs, and has his own web site.

Microsoft Certified Professional (MCP) is a certification that validates IT professional and developer technical expertise through rigorous, industry-proven, and industry-recognized exams. MCP exams cover a wide range of Microsoft products, technologies, and solutions. When the boy arrived to take the Microsoft exam, the invigilators were concerned that he was too young to be a candidate. His father reassured them that Ayan would be all right on his own. "There were multiple choice questions, drag and drop questions, hotspot questions and scenario-based questions," Ayan's father told the BBC Asian Network. "The hardest challenge was explaining the language of the test to a five-year-old. But he seemed to pick it up and has a very good memory."

A Worm's Mind In a Lego Body 200

Posted by timothy
from the with-very-few-exceptions-is-not-a-worm dept.
mikejuk writes The nematode worm Caenorhabditis elegans (C. elegans) is tiny and only has 302 neurons. These have been completely mapped, and one of the founders of the OpenWorm project, Timothy Busbice, has taken the connectome and implemented an object oriented neuron program. The neurons communicate by sending UDP packets across the network. The software works with sensors and effectors provided by a simple LEGO robot. The sensors are sampled every 100ms. For example, the sonar sensor on the robot is wired as the worm's nose. If anything comes within 20cm of the 'nose' then UDP packets are sent to the sensory neurons in the network. The motor neurons are wired up to the left and right motors of the robot. It is claimed that the robot behaved in ways that are similar to observed C. elegans. Stimulation of the nose stopped forward motion. Touching the anterior and posterior touch sensors made the robot move forward and back accordingly. Stimulating the food sensor made the robot move forward. The key point is that there was no programming or learning involved to create the behaviors. The connectome of the worm was mapped and implemented as a software system and the behaviors emerge. Is the robot a C. elegans in a different body or is it something quite new? Is it alive? These are questions for philosophers, but it does suggest that the ghost in the machine is just the machine. The important question is does it scale?

81% of Tor Users Can Be De-anonymized By Analysing Router Information 136

Posted by timothy
from the keep-him-on-the-line dept.
An anonymous reader writes A former researcher at Columbia University's Network Security Lab has conducted research since 2008 indicating that traffic flow software included in network routers, notably Cisco's 'Netflow' package, can be exploited to deanonymize 81.4% of Tor clients. Professor Sambuddho Chakravarty, currently researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology, uses a technique which injects a repeating traffic pattern into the TCP connection associated with an exit node, and then compares subsequent aberrations in network timing with the traffic flow records generated by Netflow (or equivalent packages from other router manufacturers) to individuate the 'victim' client. In laboratory conditions the success rate of this traffic analysis attack is 100%, with network noise and variations reducing efficiency to 81% in a live Tor environment. Chakravarty says: 'it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods [] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection.'

Boeing Readies For First Ever Conjoined Satellite Launch 67

Posted by samzenpus
from the two-by-two dept.
Zothecula writes Boeing has successfully joined two of its 702SP satellites in a stacked configuration in preparation for a launch scheduled for early 2015. Aside from being the first involving conjoined satellites, the launch will also put the first satellites to enter service boasting an all-electric propulsion system into orbit. "Designed by Boeing Network & Space Systems and its defense and security advanced prototyping arm, Phantom Works, the 702SP (small platform) satellites are an evolution of the company's 702 satellite. Operating in the low- to mid-power ranges of 3 to 9 kW, instead of chemical propulsion, the satellites boast an all-electric propulsion system that Boeing says minimizes the mass of the spacecraft and maximizes payload capacity."

US Weather System and Satellite Network Hacked 76

Posted by samzenpus
from the all-your-weather-are-belong-to-us dept.
mpicpp writes with this story about Chinese hackers breaching the federal weather network. "Hackers attacked the U.S. weather system in October, causing a disruption in satellite feeds and several pivotal websites. The National Oceanic and Atmospheric Administration, NOAA, said that four of its websites were hacked in recent weeks. To block the attackers, government officials were forced to shut down some of its services. This explains why satellite data was mysteriously cut off in October, as well as why the National Ice Center website and others were down for more than a week. During that time, federal officials merely stated a need for "unscheduled maintenance." Still, NOAA spokesman Scott Smullen insisted that the aftermath of the attack "did not prevent us from delivering forecasts to the public." Little more is publicly known about the attack, which was first revealed by The Washington Post. It's unclear what damage, if any, was caused by the hack. But hackers managed to penetrate what's considered one of the most vital aspects of the U.S. government. The nation's military, businesses and local governments all rely on nonstop reports from the U.S. weather service."

ISPs Removing Their Customers' Email Encryption 245

Posted by Soulskill
from the aggressively-anticonsumer dept.
Presto Vivace points out this troubling new report from the Electronic Frontier Foundation: Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the U.S. and Thailand intercepting their customers' data to strip a security flag — called STARTTLS — from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.

AT&T Won't Do In-Flight Wi-Fi After All 35

Posted by timothy
from the back-to-the-ebooks dept.
jfruh writes In-flight Wi-Fi services tend to be expensive and disappointingly slow. So when AT&T announced a few months ago that it was planning on getting into the business, with customer airlines being able to connect to AT&T's LTE network instead of slow satellite services, the industry shook. But now AT&T has announced that, upon further review, they're not going to bother.

Tor Project Mulls How Feds Took Down Hidden Websites 135

Posted by Soulskill
from the inside-job dept. writes: Jeremy Kirk writes at PC World that in the aftermath of U.S. and European law enforcement shutting down more than 400 websites (including Silk Road 2.0) which used technology that hides their true IP addresses, Tor users are asking: How did they locate the hidden services? "The first and most obvious explanation is that the operators of these hidden services failed to use adequate operational security," writes Andrew Lewman, the Tor project's executive director. For example, there are reports of one of the websites being infiltrated by undercover agents and one affidavit states various operational security errors." Another explanation is exploitation of common web bugs like SQL injections or RFIs (remote file inclusions). Many of those websites were likely quickly-coded e-shops with a big attack surface. Exploitable bugs in web applications are a common problem says Lewman adding that there are also ways to link transactions and deanonymize Bitcoin clients even if they use Tor. "Maybe the seized hidden services were running Bitcoin clients themselves and were victims of similar attacks."

However the number of takedowns and the fact that Tor relays were seized could also mean that the Tor network was attacked to reveal the location of those hidden services. "Over the past few years, researchers have discovered various attacks on the Tor network. We've implemented some defenses against these attacks (PDF), but these defenses do not solve all known issues and there may even be attacks unknown to us." Another possible Tor attack vector could be the Guard Discovery attack. The guard node is the only node in the whole network that knows the actual IP address of the hidden service so if the attacker manages to compromise the guard node or somehow obtain access to it, she can launch a traffic confirmation attack to learn the identity of the hidden service. "We've been discussing various solutions to the guard discovery attack for the past many months but it's not an easy problem to fix properly. Help and feedback on the proposed designs is appreciated."

According to Lewman, the task of hiding the location of low-latency web services is a very hard problem and we still don't know how to do it correctly. It seems that there are various issues that none of the current anonymous publishing designs have really solved. "In a way, it's even surprising that hidden services have survived so far. The attention they have received is minimal compared to their social value and compared to the size and determination of their adversaries."

The reason that every major university maintains a department of mathematics is that it's cheaper than institutionalizing all those people.