Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Advertising

Inside the Booming, Unhinged, and Dangerous Malvertising Menace 116

mask.of.sanity writes: The Register has a feature on the online malicious advertising (malvertising) menace that has become an explosively potent threat to end-user security on the internet. Experts say advertising networks and exchanges need to vet their customers, and publishers need to vet the third party content they display. Users should also consider script and ad blockers in the interim. From the article: "Ads as an attack vector was identified in 2007 when security responders began receiving reports of malware hitting user machines as victims viewed online advertisements. By year's end William Salusky of the SANS Internet Storms Centre had concocted a name for the attacks. Since then malvertising has exploded. This year it increased by more than 260 percent on the previous year, with some 450,000 malicious ads reported in the first six months alone, according to numbers by RiskIQ. Last year, security firm Cyphort found a 300 percent increase in malvertising. In 2013, the Online Trust Alliance logged a more than 200 percent increase in malvertising incidents compared to 2012, serving some 12.4 billion malvertisement impressions."
Communications

A "Public Health" Approach To Internet of Things Security 39

New submitter StewBeans writes: Guaranteeing your personal privacy in an era when more and more devices are connecting our daily lives to the Internet is becoming increasingly difficult to do. David Bray, CIO of the FCC, emphasizes the exponential growth we are facing by comparing the Internet we know today to a beachball, and the Internet of Everything future to the Sun. Bray says unless you plan to unplug from the Internet completely, every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything. He says this might look similar to public health on the consumer side — the digital equivalent of hand washing — and involve an open, opt-in model for the rapid detection of abnormal trends across global organizations and networks.
Privacy

Tech Nightmares That Keep Turing Award Winners Up At Night 79

itwbennett writes: At the Heidelberg Laureate Forum in Germany this week, RSA encryption algorithm co-inventor Leonard Adelman, "Father of the Internet" Vint Cerf, and cryptography innovator Manuel Blum were asked "What about the tech world today keeps you up at night?" And apparently they're not getting a whole lot of sleep these days. Cerf is predicting a digital dark age arising from our dependence on software and our lack of "a regime that will allow us to preserve both the content and the software needed to render it over a very long time." Adelman worries about the evolution of computers into "their own species" — and our relation to them. Blum's worries, by contrast, lean more towards the slow pace at which computers are taking over: "'The fact that we have brains hasn't made the world any safer,' he said. 'Will it be safer with computers? I don't know, but I tend to see it as hopeful.'"
IBM

IBM Tells Administrators To Block Tor On Security Grounds 69

Mickeycaskill writes: IBM says Tor is increasingly being used to scan organizations for flaws and launch DDoS, ransomware and other attacks. Tor, which provides anonymity by obscuring the real point of origin of Internet communications, was in part created by the US government, which helps fund its ongoing development, due to the fact that some of its operations rely on the network. However, the network is also widely used for criminal purposes. A report by the IBM says administrators should block access to Tor , noting a "steady increase" an attacks originating from Tor exit nodes, with attackers increasingly using Tor to disguise botnet traffic. "Spikes in Tor traffic can be directly tied to the activities of malicious botnets that either reside within the Tor network or use the Tor network as transport for their traffic," said IBM. "Allowing access between corporate networks and stealth networks can open the corporation to the risk of theft or compromise, and to legal liability in some cases and jurisdictions."
The Internet

Why In-Flight Wi-Fi Is Still Slow and Expensive 188

An anonymous reader writes: Let's grant that having access to the internet while on an airplane is pretty amazing. When airlines first began offering it several years ago, it was agonizingly slow and somewhat pricey as well. Unfortunately, it's only gotten more expensive over the years, and the speeds are still frustrating. This is in part because the main provider of in-flight internet, Gogo, knows most of its regular customers will pay for it, regardless of cost. Business travelers with expense accounts don't care if it's $1 or $10 or $50 — they need to stay connected. Data speeds haven't improved because Gogo says the scale isn't big enough to do much infrastructure investment, and most of the hardware is custom-made. A third of Gogo-equipped planes can manage 10 Mbps, while the rest top out at 3 Mbps. There's hope on the horizon — the company says a new satellite service should enable 70 Mbps per plane by the end of the year — but who knows how much they'll charge for an actual useful connection.
AT&T

AT&T Hotspots Now Injecting Ads 177

An anonymous reader writes: Computer scientist Jonathan Mayer did some investigating after seeing some unexpected ads while he browsed the web at an airport (Stanford hawking jewelry? The FCC selling shoes?). He found that AT&T's public Wi-Fi hotspot was messing with HTTP traffic, injecting advertisements using a service called RaGaPa. As an HTML pages loads over HTTP, the hotspot adds an advertising stylesheet, injects a simple advertisement image (as a backup), and then injects two scripts that control the loading and display of advertising content. Mayer writes, "AT&T has an (understandable) incentive to seek consumer-side income from its free Wi-Fi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user's browsing activity to an undisclosed and untrusted business. It clutters the user's web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service.3 And it introduces security and breakage risks, since website developers generally don't plan for extra scripts and layout elements."
The Internet

The Muddy Truth About Kickstarter 'Staff Picks' 50

szczys writes: Crowd Funding is the wild-wild west of business financing, and it's not just the people starting campaigns that are playing without many rules. One of Kickstarter's sort algorithm triggers is the "Staff Pick." Research indicates being featured by Kickstarter staff is a huge predictor for success. But there is no published benchmark for how these are chosen. Oddly, Kickstarter only discourages users from falsely labeling their campaign as a Staff Pick. To protect backers and ensure the crowdfunding ecosystem isn't sullied by scammers, Kickstarter needs to boost their transparency starting with this Staff Pick conundrum.
Networking

Virgin Media To Base a Public Wi-Fi Net On Paying Customers' Routers 112

An anonymous reader writes with a story that Virgin Media "announced this month its plans to roll out a free public WiFi network this autumn, using subscribers' personal routers and existing infrastructure to distribute the service across UK cities." And while regular customers' routers are to be the basis of the new network, the publicly viewable overlay would operate over "a completely separate connection," and the company claims subscribers' performance will not be hindered. Why, then, would customers bother to pay? For one thing, because the free version is slow: 0.5Mbps, vs. 10Mbps for Virgin's customers.
Open Source

Happy Birthday, Linux! An OS At 24 150

prisoninmate writes: It has been 24 long years since the first ever release of the Linux project on August 25, 1991, which is the core component of any GNU/Linux distribution. With this occasion we want to remind everyone that Linux is everywhere, even if you don't see it. You use Linux when you search on Google, when you use your phone, when buy metro tickets, actually the whole Internet is powered by Linux. Happy Birthday, Linux!
Businesses

Comcast Planning Gigabit Cable For Entire US In 2-3 Years 252

An anonymous reader writes: Robert Howald, Comcast's VP of network architecture, said the company is hoping to upgrade its entire cable network within the next two years. The upgraded DOCSIS 3.1 network can support maximum speeds of 10 Gpbs. "Our intent is to scale it through our footprint through 2016," Howald said. "We want to get it across the footprint very quickly... We're shooting for two years."
Input Devices

Skylake Has a Voice DSP and Listens To Your Commands 98

itwbennett writes: Intel's new Skylake processor (like the Core M processor released last year) comes with a built-in digital signal processor (DSP) that will allow you to turn on and control your PC with your voice. Although the feature is not new, what is new is the availability of a voice controlled app to use it: Enter Windows 10 and Cortana. If this sounds familiar, it should, writes Andy Patrizio: 'A few years back when the Xbox One was still in development, word came that Kinect, its motion and audio sensor controller, would be required to use the console and Kinect would always be listening for voice commands to start the console. This caused something of a freak-out among gamers, who feared Microsoft would be listening.'
Media

A Farewell To Flash 201

An anonymous reader writes: The decline of Flash is well and truly underway. Media publishers now have no choice but to start changing the way they bring content to the web. Many of them are not thrilled about the proposition (change is scary), but it will almost certainly be better for all of us in the long run. "By switching their platform to HTML5, companies can improve supportability, development time will decrease and the duplicative efforts of supporting two code bases will be eliminated. It will also result in lower operating costs and a consistent user experience between desktop and mobile web." This is on top of the speed, efficiency, and security benefits for consumers. "A major concern for publishers today is the amount of media consumption that's occurring in mobile environments. They need to prioritize providing the best possible experience on mobile, and the decline of Flash and movement to HTML5 will do just that, as Flash has never worked well on mobile."
Cloud

Ubuntu Core Gets Support For Raspberry Pi 2 GPIO and I2C 57

An anonymous reader writes: Ubuntu Core is a tiny Ubuntu distribution aimed at the Internet of Things, using a new transactional packaging format called Snappy rather than the venerable Debian packaging format. It recently gained support for I2C and GPIO on the Raspberry Pi 2, and a quick demo is given here. Ubuntu's Core support site says that the support for Raspberry Pi 2 isn't yet official, but provides some handy tips for anyone who wants to try it out.
Security

WordPress Hacks Behind Surging Neutrino EK Traffic 51

msm1267 writes: More than 2,000 websites running WordPress have been compromised and are responsible for a surge this week in traffic from the Neutrino Exploit Kit. Attacks against sites running older versions of the content management system, 4.2 and earlier, were spotted by Zscaler. Those sites are backdoored and redirect a victim's browser through iframes to a landing page hosting the exploit kit where a Flash exploit awaits. The exploits generally target Internet Explorer, Zscaler said, and victims' computers are eventually infected with CryptoWall 3.0 ransomware. This analysis is in line with a similar report from the SANS Institute, which pointed the finger at a particular cybercrime group that had steered away from using the prolific Angler Exploit Kit and moved operations to Neutrino.
Privacy

More Ashley Madison Files Published 301

An anonymous reader writes: A second round of Ashley Madison data was released today. The data dump was twice as large as the first time, which was bad enough for "19 Kids and Counting" star Josh Duggar, and includes some of CEO Noel Biderman's email as well. The release of the cheating sites data has spawned a small scammer industry as people scramble to find a way to have their information deleted from the leaks. Wired reports: "The new release is accompanied by the note: 'Hey Noel, you can admit it's real now.' The message is likely a response to assertions made by the company's former CTO this week, who tried hard to convince reporters after the first leak occurred that the data dump was fake."
Encryption

Engaging Newbies In Email Encryption and Network Privacy 81

reifman writes: All six parts of my series introducing beginners to PGP encryption and network privacy are now freely available. I hope it's useful for Slashdot readers to share with their less-technical acquaintances. There's an introduction to PGP, a guide to email encryption on the desktop, smartphone and in the browser, an introduction to the emerging key sharing and authentication startup, Keybase.io, and an intro to VPNs. There's a lot more work for us to do in the ease of use of communications privacy but this helps people get started more with what's available today.
Cloud

Startup Builds Prototype For Floating Data Center 96

1sockchuck writes: California startup Nautilus Data Technologies has developed a floating data center that it says can dramatically slash the cost of cooling servers. The company's data barge is being tested near San Francisco, and represents the latest chapter in a long-running effort to develop a water-based data center. Google kicked things off with a 2008 patent for a sea-going data center that would be powered and cooled by waves, conjuring visions of offshore data havens. Google never built it, but IDS soon launched its own effort to convert old Navy vessels into "data ships" before going bankrupt. Nautilus is using barges moored at piers, which allows it to use bay water in its cooling system,eliminating the need for CRAC units and chillers. The company says its offering may benefit from the growing focus on data centers' water use amid California's drought.
The Internet

Former Russian Troll Wins Lawsuit Against Propaganda "Factory" 49

An anonymous reader writes: Lyudmila Savchuk, a former Russian internet "troll" has been awarded one rouble ($0.01) in damages after she sued her ex-employer claiming it was a propaganda "factory". A Russian court ordered the secretive agency to pay her symbolic damages. Savchuk claims that she and her co-workers at Internet Research were paid to flood websites with pro-Putin commentary. The BBC reports: "Ms Savchuk said she was happy with the result because she had succeeded in exposing the work of Russia's internet 'trolls'. Russian media quoted a spokesman for Internet Research denying the accusations. The Kremlin says it has no links to Internet Research's operations. Since leaving the agency, Ms Savchuk has been organizing a public movement against online trolling."
Security

Reflection DDoS Attacks Abusing RPC Portmapper 34

msm1267 writes: Attackers have figured out how to use Portmapper, or RPC Portmapper, in reflection attacks where victims are sent copious amounts of responses from Portmapper servers, saturating bandwidth and keeping websites and web-based services unreachable. Telecommunications and Internet service provider Level 3 Communications of Colorado spotted anomalous traffic on its backbone starting in mid-June almost as beta runs of attacks that were carried out Aug. 10-12 against a handful of targets in the gaming and web hosting industries. There are 1.1 million Portmapper servers accessible online, and those open servers can be abused to similar effect as NTP servers were two years ago in amplification attacks.