jfruh writes "One of the most potent aspects of Anonymous is, well, its anonymity — but that isn't absolute. Eric Rosol was caught by federal authorities participating in a DDoS attack on a company owned by Koch Industry; for knocking a website offline for 15 minutes, Rosol got two years of probation and had to pay $183,000 in restitution (the amount Koch paid to a security consultant to protect its website ater the attack)." The worst part? From the article: "Eric J. Rosol, 38, is said to have admitted that on Feb. 28, 2011, he took part in a denial of service attack for about a minute on a Web page of Koch Industries..."
Slashdot is powered by your submissions, so send in your scoop
An anonymous reader writes "I work at a manufacturing company. We have roughly 150 employees, 130 desktops, 8 physical servers, 20 virtual servers + a commercial SAN. We're a Windows shop with Exchange 2013. That's the first part. The second part is we have an ERP system that controls every aspect of our business processes. It has over 100 customizations (VB, but transitioning over to C#). We also have 20 or so custom-made support applications that integrate with the ERP to provide a more streamlined interface to the factory workers in some cases, and in other cases to provide a functionality that is not present in the ERP at all. Our IT department consists of: 1 Network Administrator (me), 4 Programmers (one of which is also the IT Manager). I finally convinced our immediate boss that we need another network support person to back me up (but he must now convince the CEO who thinks we have a large IT department already). I would like them to also hire dedicated help desk people. As it stands, we all share help desk duties, but that leads to projects being seriously delayed or put on hold while we work on more mundane problems. It also leads to a good amount of stress, as I can't really create the solid infrastructure I want us to have, and the developers are always getting pressure from other departments for projects they don't have the manpower to even start. I'm not really sure how to convince them we need more people. I need something rather concrete, but there are widely varying ratios of IT/user ratios in different companies, and I'm sure their research turned up with some generic rule of thumb that leads them to believe we have too many already. What can we do?"
Trailrunner7 writes "The skies may soon be full of drones – some run by law enforcement agencies, others run by intelligence agencies and still others delivering novels and cases of diapers from Amazon. But a new project by a well-known hacker Samy Kamkar may give control of those drones to anyone with $400 and an hour of free time. Small drones, like the ones that Amazon is planning to use to deliver small packages in short timeframes in a few years, are quite inexpensive and easy to use. They can be controlled from an iPhone, tablet or Android device and can be modified fairly easily, as well. Kamkar, a veteran security researcher and hacker, has taken advantage of these properties and put together his own drone platform, called Skyjack. The drone has the ability to forcibly disconnect another drone from its controller and then force the target to accept commands from the Skyjack drone. All of this is done wirelessly and doesn't require the use of any exploit or security vulnerability."
Nerval's Lobster writes "The state of Oregon blames Oracle for the failures of its online health exchange. The health-insurance site still doesn't fully work as intended, with many customers forced to download and fill out paper applications rather than sign up online; Oracle has reportedly informed the state that it will sort out the bulk of technical issues by December 16, a day after those paper applications are due. 'It is the most maddening and frustrating position to be in, absolutely,' Liz Baxter, chairwoman of the board for the online exchange, told NPR. 'We have spent a lot of money to get something done—to get it done well—to serve the people in our state, and it is maddening that we can't seem to get over this last hump.' Oregon state officials insist that, despite payments of $43 million, Oracle missed multiple deadlines in the months leading up to the health exchange's bungled launch." (Read more, below.)
First time accepted submitter murpht2 writes "My company prides itself on an office environment that follows a modern design aesthetic: open floor plan, bold colors on the walls, cool lamps in the corners. We're now engaged in a significant upgrade to our IT systems and we have a clash: the IT team leader wants to run network cable in trays hanging from the ceiling so all the client computers have high-speed access to the new servers; the guy in charge of the office design wants to keep things looking clean and the cable trays don't fit the bill. We're in a building made entirely of bricks and concrete, so we lack some of the between-the-wall spaces that are used in other settings. Any suggestions for beautiful cable trays or other alternatives?"
An anonymous reader writes "D-Link has released firmware patches for a number of its older routers sporting a critical authentication security bypass vulnerability discovered in October. The flaw was discovered and its exploitability proved with a PoC by Tactical Network Solutions' security researcher Craig Heffner. D-Link confirmed the existence of the problem a few weeks later."
mrspoonsi writes "Studies suggest red-haired women tend to choose the best passwords and men with bushy beards or unkempt hair, the worst. These studies also reveal that when it comes to passwords, women prefer length and men diversity. On the internet, the most popular colour is blue, at least when it comes to passwords. If you are wondering why, it is largely because so many popular websites and services (Facebook, Twitter and Google to name but three) use the colour in their logo. That has a subtle impact on the choices people make when signing up and picking a word or phrase to form a supposedly super-secret password. The number one conclusion from looking at that data — people are lousy at picking good passwords. 'You have to remember we are all human and we all make mistakes,' says Mr Thorsheim. In this sense, he says, a good password would be a phrase or combination of characters that has little or no connection to the person picking it. All too often, Mr Thorsheim adds, people use words or numbers intimately linked to them. They use birthdays, wedding days, the names of siblings or children or pets. They use their house number, street name or pick on a favourite pop star. This bias is most noticeable when it comes to the numbers people pick when told to choose a four digit pin. Analysis of their choices suggests that people drift towards a small subset of the 10,000 available. In some cases, up to 80% of choices come from just 100 different numbers."
theodp writes "'The night watchman of the future,' explains the NY Times' John Markoff, 'is 5 feet tall, weighs 300 pounds and looks a lot like R2-D2 – without the whimsy. And will work for $6.25 an hour.' California-based Knightscope has developed a mobile robot known as the K5 Autonomous Data Machine as a safety and security tool for corporations, as well as for schools and neighborhoods. 'But what is for some a technology-laden route to safer communities and schools,' writes Markoff, 'is to others an entry point to a post-Orwellian, post-privacy world.'"
judgecorp writes "Fujitsu has launched a laptop which authenticates users using the veins of their palm. The contactless technology is hard to deceive and — since it detects haemoglobin in the veins, is not so likely to be breakable using the gruesome method of cutting off a hand."
CowboyRobot writes "The incentives are high for many businesses and government agencies to not be too heavy handed in combating the global botnet pandemic. There's money to be had and, with each passing day, more interesting ways are being uncovered in how to package the data, and how to employ it. It used to be that the worlds of bug hunters and malware analysts were separate and far between. In the last couple of years the ability to analyze malware samples and identify exploitable vulnerabilities in them has become very important. Given that some botnets have a bigger pool of victims than many commercial software vendors have licensed customers, the value of an exploit that grants reliable remote control of a popular malware agent is rising in value. In many ways, botnets have become a golden goose to those charged with gathering intelligence on the populations of foreign entities. The bulk of the victim's data is useful for mapping populations, communication profiles, and as egress points for counter intelligence exercises. Then, given how many botnet victims there are, the probability that a few 'interesting' computers will have succumbed along the way is similarly high — providing direct insight in to a pool of high value targets."
wiredmikey writes "A new Windows kernel zero-day vulnerability is being exploited in targeted attacks against Windows XP users. Microsoft confirmed the issue and published a security advisory to acknowledge the flaw after anti-malware vendor FireEye warned that the Windows bug is being used in conjunction with an Adobe Reader exploit to infect Windows machines with malware. Microsoft described the issue as an elevation of privilege vulnerability that allows an attacker to run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights."
hypnosec writes "A white hat hacker managed to break into multiple email accounts thereby forcing the European Parliament to cutoff its public Wi-Fi access. The French security researcher apparently performed man-in-the-middle attacks on multiple email accounts in a bid to expose the poor security at the Parliament. Through an internal mailer, members of the Parliament were informed that a 'hacker has captured the communication between private smartphones and the public Wi-Fi of the Parliament (EP-EXT Network).' The public Wi-Fi has been cut-off indefinitely and users at located at Brussels, Strasbourg and Luxembourg have been advised to apply for certificates and switch to more secure networks."
Daniel_Stuckey writes "Since Edward Snowden's disclosures about widespread NSA surveillance, Americans and people everywhere have been presented with a digital variation on an old analog threat: the erosion of freedoms and privacy in exchange, presumably, for safety and security. Bruce Schneier knows the debate well. He's an expert in cryptography and he wrote the book on computer security; Applied Cryptography is one of the field's basic resources, 'the book the NSA never wanted to be published,' raved Wired in 1994. He knows the evidence well too: lately he's been helping the Guardian and the journalist Glenn Greenwald review the documents they have gathered from Snowden, in order to help explain some of the agency's top secret and highly complex spying programs. To do that, Schneier has taken his careful digital privacy regime to a new level, relying on a laptop with an encrypted hard drive that he never connects to the internet. That couldn't prevent a pilfered laptop during, say, a 'black bag operation,' of course. 'I know that if some government really wanted to get my data, there'd be little I could do to stop them,' he says."
Barence writes "Anti-spam outfit Spamhaus has called on the UK government to fine those who are running Internet infrastructure that could be exploited by criminals. Those who leave open Domain Name Server resolvers vulnerable to attack should be fined, if they have previously received a warning, said chief information officer of Spamhaus, Richard Cox. When Spamhaus was hit by a massive distributed DDoS possibly the biggest ever recorded at more than 300Gbits/sec — open DNS resolvers were used to amplify the hit, which was aimed at one of the organization's upstream partners. 'Once they know it can be used for attacks and fraud, that should be an offense,' Cox said. 'You should be subject to something like a parking ticket... where the fine is greater than the cost of fixing it."
caferace writes "I've been around the block. I'm a long-time worker in the tech industry (nearly 30 years), absolutely kickass SQA and Hardware person, networking, you name it. But I'm 50+ now, and finding new regular or contract work is a pain. And it shouldn't be. I have the skills and the aptitude to absorb and adapt to any new situations and languages way beyond what any of my college age brethren might have. But when I send out a perfectly good resume and use the more obvious resources there are still precious few bites for someone requiring to work remotely. Am I just whining, or is this common? Are we being put out to pasture far too early?"
JackAcme writes "Searching for product reviews via Google mostly turns up sales sites masquerading as review sites. Consumer reviews on Amazon and other big retailers are suspect since so many manufacturers are paying for positive reviews. Where do Slashdotters turn for reliable, informed reviews of new hardware and software?"
Dega704 writes with news that Edward Snowden is believed to have a collection of highly sensitive classified documents that will be released in the event he is detained, hurt, or killed. According to Reuters, "The data is protected with sophisticated encryption, and multiple passwords are needed to open it, said two of the sources, who like the others spoke on condition of anonymity to discuss intelligence matters. The passwords are in the possession of at least three different people and are valid for only a brief time window each day, they said. The identities of persons who might have the passwords are unknown." These details have caused several security experts to express skepticism, but multiple sources, including Glenn Greenwald, believe Snowden has not released all of the documents he appropriated. "U.S. officials and other sources said only a small proportion of the classified material Snowden downloaded during stints as a contract systems administrator for NSA has been made public. Some Obama Administration officials have said privately that Snowden downloaded enough material to fuel two more years of news stories." Whether or not it's true, U.S. and U.K. officials clearly believe it, which can only serve to protect Snowden.
New submitter johnslater writes "The Chicago Transit Authority's new 'Ventra' stored-value fare card system has another big problem. It had a difficult birth, with troubles earlier this fall when legitimate cards failed to allow passage, or sometimes double-billed the holders. Last week a server failure disabled a large portion of the system at rush hour. Now it is reported that some federal government employee ID cards allow free rides on the system. The system is being implemented by Cubic Transportation Systems for the bargain price of $454 million."
Jah-Wren Ryel sends this quote from Ars: "Newegg, an online retailer that has made a name for itself fighting the non-practicing patent holders sometimes called 'patent trolls,' sits on the losing end of a lawsuit tonight. An eight-person jury came back shortly after 7:00pm and found that the company infringed all four asserted claims of a patent owned by TQP Development, a company owned by patent enforcement expert Erich Spangenberg. The jury also found that the patent was valid, apparently rejecting arguments by famed cryptographer Whitfield Diffie. Diffie took the stand on Friday to argue on behalf of Newegg and against the patent. In total, the jury ordered Newegg to pay $2.3 million, a bit less than half of the $5.1 million TQP's damage expert suggested. ... TQP's single patent is tied to a failed modem business run by Michael Jones, formerly president of Telequip. TQP has acquired more than $45 million in patent licensing fees by getting settlements from a total of 139 companies since TQP argues that its patent covers SSL or TLS combined with the RC4 cipher, a common Internet security system used by retailers like Newegg."
itwbennett writes "A timely CareerBuilder survey finds that 23% of IT pros spend the holiday with coworkers, either in the office or at another location. But the findings vary widely by city. In Boston, for example, you're pretty sure to be on your own for the holiday — only 6% of coworkers there nosh together. While in Atlanta (35%) or Dallas (30%) things are downright chummy."