Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Communications

Tor Network May Be Attacked, Says Project Leader 42

Posted by timothy
from the routing-around-the-routing-around dept.
Earthquake Retrofit writes The Register is reporting that the Tor Project has warned that its network – used to mask peoples' identities on the internet – may be knocked offline in the coming days. In a Tor blog post, project leader Roger 'arma' Dingledine said an unnamed group may seize Tor's directory authority servers before the end of next week. These servers distribute the official lists of relays in the network, which are the systems that route users' traffic around the world to obfuscate their internet connections' public IP addresses.
Security

Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere 81

Posted by Soulskill
from the just-in-case-you-were-feeling-safe-and-secure-today dept.
krakman writes: Researchers discovered security flaws in SS7 that allow listening to private phone calls and intercepting text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available. The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging German Chancellor Angela's Merkel's phone.

Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption (Google translation of German original). There is also potential to defraud users and cellular carriers by using SS7 functions, the researchers say. This is another result of security being considered only after the fact, as opposed to being part of the initial design.
Bitcoin

Will Ripple Eclipse Bitcoin? 142

Posted by timothy
from the ask-the-magic-8-ball dept.
First time accepted submitter groggy.android writes This year's biggest news about Bitcoin may well turn out not to be the repeat of its surge in value last year against the dollar and other state currencies but its impending eclipse by another independent but corporate-backed digital currency. Popularly known as Ripple, XRP shot up in value last year along with other cryptocurrencies that took advantage of the hype around Bitcoin. However, among the top cryptocurrencies listed in Coinmarketcap.com, a site that monitors trading across different cryptocurrency exchanges, Ripple is the only one that not only regained its value after the collapse in the price of Bitcoin but has more than doubled from its peak last year. In September it displaced Litecoin to become the second most valuable cryptocurrency. Even more surpising, a Ripple fork, Stellar, is one of the two other cryptocurrencies in the Coinmarketcap top ten that have risen sharply in value during the last few weeks.

What makes Ripple different from Bitcoin? Strictly speaking, Ripple isn't the name of the digital currency but of the decentralized payment network and protocol created and maintained by the eponymous Ripple Labs. Users of the Ripple system are able to transact in both cryptocurrency and regular fiat currency like the dollar without passing through a central exchange. XRP is the name of the native unit of exchange used in the Ripple network to facilitate conversion between different currency types.
Censorship

Reaction To the Sony Hack Is 'Beyond the Realm of Stupid' 566

Posted by timothy
from the pretty-jaw-dropping dept.
rossgneumann writes North Korea may really be behind the Sony hack, but we're still acting like idiots. Peter W. Singer, one of the nations foremost experts on cybersecurity, says Sony's reaction has been abysmal. "Here, we need to distinguish between threat and capability—the ability to steal gossipy emails from a not-so-great protected computer network is not the same thing as being able to carry out physical, 9/11-style attacks in 18,000 locations simultaneously. I can't believe I'm saying this. I can't believe I have to say this."
Sony

US Links North Korea To Sony Hacking 180

Posted by samzenpus
from the who's-to-blame dept.
schwit1 writes Speaking off the record, senior intelligence officials have told the New York Times, CNN, and other news agencies that North Korea was "centrally involved" in the hack of Sony Pictures Entertainment. It is not known how the US government has determined that North Korea is the culprit, though it is known that the NSA has in the past penetrated North Korean computer systems. Previous analysis of the malware that brought down Sony Pictures' network showed that there were marked similarities to the tools used in last year's cyber-attack on South Korean media companies and the 2012 "Shamoon" attack on Saudi Aramco. While there was speculation that the "DarkSeoul" attack in South Korea was somehow connected to the North Korean regime, a firm link was never published.
Network

Single Group Dominates Second Round of Anti Net-Neutrality Comment Submissions 192

Posted by Soulskill
from the spamming-for-liberty dept.
New submitter aquadood writes: According to the Sunlight Foundation's analysis of recent comment submissions to the FCC regarding Net Neutrality, the majority (56.5%) were submitted by a single organization called American Commitment, which has "shadowy" ties to the Koch brothers' network. The blog article goes on to break down the comments in-depth, showing a roughly 60/40 split between those against net neutrality and those for it, respectively.
The Internet

A Domain Registrar Is Starting a Fiber ISP To Compete With Comcast 65

Posted by Soulskill
from the rise-of-the-micronetworks dept.
Jason Koebler writes: Tucows Inc., an internet company that's been around since the early 90s — it's generally known for being in the shareware business and for registering and selling premium domain names — announced that it's becoming an internet service provider. Tucows will offer fiber internet to customers in Charlottesville, Virginia — which is served by Comcast and CenturyLink — in early 2015 and eventually wants to expand to other markets all over the country. "Everyone who has built a well-run gigabit network has had demand exceeding their expectations," Elliot Noss, Tucows' CEO said. "We think there's space in the market for businesses like us and smaller."
Hardware Hacking

The Personal Computer Revolution Behind the Iron Curtain 115

Posted by samzenpus
from the do-what-you-can dept.
szczys writes Obviously the personal computer revolution was world-wide, but the Eastern Bloc countries had a story of PC evolution all their own. Martin Malý tells first hand of his experiences seeing black market imports, locally built clones of popular western machines, and all kinds of home-built equipment. From the article: "The biggest problem was a lack of modern technologies. There were a lot of skilled and clever people in eastern countries, but they had a lot of problems with the elementary technical things. Manufacturing of electronics parts was divided into diverse countries of Comecon – The Council for Mutual Economic Assistance. In reality, it led to an absurd situation: You could buy the eastern copy of Z80 (made in Eastern Germany as U880D), but you couldn’t buy 74LS00 at the same time. Yes, a lot of manufacturers made it, but 'it is out of stock now; try to ask next year.' So 'make a computer' meant 50 percent of electronics skills and 50 percent of unofficial social network and knowledge like 'I know a guy who knows a guy and his neighbor works in a factory, where they maybe have a material for PCBs' at those times."
Australia

Apparent Islamic Terrorism Strikes Sydney 874

Posted by timothy
from the serious-thoughts dept.
An anonymous reader send this link to a developing situation in Sydney, Australia, being reported on via live feed at the Guardian, and covered by various other news outlets as well. According to CNN's coverage, "CNN affiliate Seven Network said that at least 13 people are being held at the Lindt Chocolate Cafe. It published a photograph of people inside the cafe holding a black flag with Arabic writing on it. The flag reads: "There is no God but God and Mohammed is the prophet of God." From The New York Times' coverage: The police have shut down parts of the city’s transport system, and closed off the mall area. They would not confirm how many people were being held hostage inside the cafe, nor whether those inside are armed. Local media reports said that the airspace over Sydney had been closed and the famed Sydney Opera House evacuated. Television images showed heavily armed officers with their weapons trained on the cafe.
Build

3D Printer Owner's Network Puts Together Buyer's Guide 62

Posted by Soulskill
from the what's-the-best-under-$17 dept.
Lucas123 writes: Thousands of 3D printer owners who are part of a distributed online network were tapped for a buyer's guide, rating dozens of machines from tiny startups to major manufacturers. Surprisingly, the big-name 3D printer makers were nowhere to be found in the top picks. More obscure companies, like Makergear, a 12-person start-up in Ohio, or Zortrax, a Polish company that began as a Kickstarter project, took top spots in the reviews. The buyer's guide, put together by 3D Hubs, contains five different categories: Enthusiast Printers, Plug-n-Play Printers, Kit/DIY Printers, Budget Printers and Resin Printers. In all, 18 models made it to the top of the user communities' list, and only printers with more than 10 reviews were included in the buyer's guide. 3D Hubs also added a secondary "Printer Index" that includes 58 3D Printers that didn't make it to the top of their categories. Printers with more than five reviews are displayed in the index.
Yahoo!

"Lax" Crossdomain Policy Puts Yahoo Mail At Risk 49

Posted by samzenpus
from the protect-ya-neck dept.
msm1267 writes A researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that put email message content, contact information and much more at risk. The researcher said the weakness is relatively simple to exploit and puts users at high risk for data loss, identity theft, and more. Yahoo has patched one issue related to a specific .swf file hosted on Yahoo's content delivery network that contained a vulnerability that could give an attacker complete control over Yahoo Mail accounts cross origin. While the patch fixed this specific issue, the larger overall configuration issue remains, meaning that other vulnerable .swf files hosted outside the Yahoo CDN and on another Yahoo subdomain could be manipulated the same way.
United States

Report: Big Issues Remain Before Drones Can Safely Access National Airspace 129

Posted by samzenpus
from the drone-free-zone dept.
coondoggie writes The story sounds familiar – while the use of unmanned [aerial vehicles], sometimes illegally, is increasing, there are myriad challenges to ultimately allow them safe access to national airspace. The watchdogs at the Government Accountability Office issued a report on the integration of unmanned aerial systems, as it calls them, in US national airspace (NAS) today ahead of a congressional hearing on the topic. As it has noted in past reports, the GAO said the main issues continue to include the ability for drones to avoid other aircraft in the sky; what backup network is available and how should the system behave if it loses its communications link.
The Internet

Comcast Sued For Turning Home Wi-Fi Routers Into Public Hotspots 291

Posted by Soulskill
from the legal-hotspots dept.
HughPickens.com writes: Benny Evangelista reports at the San Francisco Chronicle that a class-action suit has been filed in District Court in San Francisco on behalf of Toyer Grear and daughter Joycelyn Harris, claiming that Comcast is "exploiting them for profit" by using their home router as part of a nationwide network of public hotspots. Comcast is trying to compete with major cell phone carriers by creating a public Xfinity WiFi Hotspot network in 19 of the country's largest cities by activating a second high-speed Internet channel broadcast from newer-model wireless gateway modems that residential customers lease from the company.

Although Comcast has said its subscribers have the right to disable the secondary signal, the suit claims the company turns the service on without permission. It also places "the costs of its national Wi-Fi network onto its customers" and quotes a test conducted by Philadelphia networking technology company Speedify that concluded the secondary Internet channel will eventually push "tens of millions of dollars per month of the electricity bills needed to run their nationwide public Wi-Fi network onto consumers." The suit also says "the data and information on a Comcast customer's network is at greater risk" because the hotspot network "allows strangers to connect to the Internet through the same wireless router used by Comcast customers."
Security

Sony Hacks Continue: PlayStation Hit By Lizard Squad Attack 170

Posted by samzenpus
from the hits-keep-coming dept.
An anonymous reader writes Hacker group Lizard Squad has claimed responsibility for shutting down the PlayStation Network, the second large scale cyber-attack on the Sony system in recent weeks. Although apparently unrelated, the outage comes just weeks after the much larger cyber-attack to the tech giant's film studios, Sony Pictures, which leaked confidential corporate information and unreleased movies.The group claiming to have taken down PSN today, Lizard Squad, first appeared earlier this year with another high-profile distributed denial of service attack on Xbox Live and World of Warcraft in August. The hacker collective claimed that this attack was just a 'small dose' of what was to come over the Christmas period.
Sony

Sony Employees Receive Email Threat From Hackers: 'Your Family Will Be In Danger 184

Posted by Soulskill
from the going-out-of-their-way dept.
MojoKid writes: Things are going from bad to worse when it comes to the recent Sony Pictures Entertainment breach. Not only has sensitive financial information been released — including the salaries of high-ranking Sony executives — but more damaging personal information including 47,000 Social Security numbers of employees and actors have been leaked to the internet. We're now learning some even more disturbing details, unfortunately. Guardians of Peace (GOP), the hackers claiming responsibility for infiltrating Sony's computer network, are now threatening to harm the families of Sony employees. GOP reportedly sent Sony employees an email, which just so happened to be riddled with spelling and grammatical errors, that read in part, "your family will be in danger."
Privacy

US Treasury Dept: Banks Should Block Tor Nodes 84

Posted by Soulskill
from the cutting-down-the-orchard-to-get-rid-of-the-bad-apples dept.
tsu doh nimh writes: A new report from the U.S. Treasury Department found that nearly $24 million in bank account takeovers by hackers (and other cyber theft over the past decade) might have been thwarted had affected institutions known to look for and block transactions coming through the Tor anonymity network. Brian Krebs cites from the non-public report, which relied on an analysis of suspicious activity reports filed by banks over the past decade: "Analysis of these documents found that few filers were aware of the connection to Tor, that the bulk of these filings were related to cybercrime, and that Tor-related filings were rapidly rising. Our BSA [Bank Secrecy Act] analysis of 6,048 IP addresses associated with the Tor darknet found that in the majority of the SAR filings, the underlying suspicious activity — most frequently account takeovers — might have been prevented if the filing institution had been aware that their network was being accessed via Tor IP addresses." Meanwhile, the Tor Project continues to ask for assistance in adapting the technology to an Internet that is increasingly blocking users who visit from Tor.
Communications

How the NSA Is Spying On Everyone: More Revelations 148

Posted by timothy
from the your-own-good dept.
The Intercept has published today a story detailing documents that "reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers." The documents also describe a years-long effort, aimed at hostile and friendly regimes, from the point of view of the U.S. government, to break the security of various countries' communications networks. "Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks."
Encryption

The Cost of the "S" In HTTPS 238

Posted by timothy
from the not-insignificant dept.
An anonymous reader writes Researchers from CMU, Telefonica, and Politecnico di Torino have presented a paper at ACM CoNEXT that quantifies the cost of the "S" in HTTPS. The study shows that today major players are embracing end-to-end encryption, so that about 50% of web traffic is carried by HTTPS. This is a nice testament to the feasibility of having a fully encrypted web. The paper pinpoints also the cost of encryption, that manifests itself through increases in the page loading time that go above 50%, and possible increase in battery usage. However, the major loss due to the "S" is the inability to offer any in-network value added services, that are offered by middle-boxes, such as caching, proxying, firewalling, parental control, etc. Are we ready to accept it? (Presentation can be downloaded from here.)
Programming

Celebrated Russian Hacker Now In Exile 130

Posted by Soulskill
from the hoping-the-next-leap-will-be-the-leap-home dept.
An anonymous reader writes: VKontakte is a Russian social network, more popular there than even Facebook. Its founder, Pavel Durov, was a celebrity for his entrepreneurial skills, much like Mark Zuckerberg elsewhere. But as Russia has cracked down on internet freedoms, 30-year-old Durov had to relinquish control of the social network. He eventually fled the country when the government pressured him to release data on Ukrainian protest leaders. He's now a sort of roving hacker, showing up where he's welcome and not staying too long. "Mr. Durov, known for his subversive wit and an all-black wardrobe that evokes Neo from the Matrix movies, is now a little-seen nomad, moving from country to country every few weeks with a small band of computer programmers. One day he is in Paris, another in Singapore." Durov said, "I'm very happy right now without any property anywhere. I consider myself a legal citizen of the world."
Python

The Life of an ATLAS Physicist At CERN 34

Posted by Soulskill
from the smashing-particles-for-fun-and-profit dept.
An anonymous reader writes: Anyone with even a passing interest in the sciences must have wondered what it's like to work at the European Organization for Nuclear Research, better known as CERN. What's it like working in the midst of such concentrated brain power? South African physicist Claire Lee, who works right on ATLAS – one of the two elements of the LHC project that confirmed the existence of the Higgs boson in 2012 — explains what a day in the life of a CERN worker entails. She says, "My standard day is usually comprised of some mix of coding and attending meetings ... There are many different types of work one can do, since I am mostly on analysis this means coding, in C++ or Python — for example, to select a particular subset of events that I am interested in from the full set of data. This usually takes a couple of iterations, where we slim down the dataset at each step and calculate extra quantities we may want to use for our selections.

The amount of data we have is huge – petabytes of data per year stored around the world at various high performance computing centers and clusters. It’s impossible to have anything but the smallest subset available locally – hence the iterations – and so we use the LHC Computing Grid (a specialized worldwide computer network) to send our analysis code to where the data is, and the code runs at these different clusters worldwide (most often in a number of different places, for different datasets and depending on which clusters are the least busy at the time)."

I am not now, nor have I ever been, a member of the demigodic party. -- Dennis Ritchie

Working...