Forgot your password?
typodupeerror

Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

United States

DHS Set To Destroy "Einstein" Surveillance Records 70

Posted by samzenpus
from the nothing-to-see-here dept.
schwit1 sends word that The Department of Homeland Security plans on disposing of all the records from a 3-year-long surveillance program without letting the public have access to them. The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called "Einstein" that are at least three years old, but not for security reasons. DHS reasons the files — which include data about traffic to government websites, agency network intrusions and general vulnerabilities — have no research significance. But some security experts say, to the contrary, DHS would be deleting a treasure chest of historical threat data. And privacy experts, who wish the metadata wasn't collected at all, say destroying it could eliminate evidence that the government wide surveillance system does not perform as intended. The National Archives and Records Administration has tentatively approved the disposal plan, pending a public comment period.
Books

Book Review: Bulletproof SSL and TLS 84

Posted by samzenpus
from the read-all-about-it dept.
benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review.
Australia

UNSW Has Collected an Estimated $100,000 In Piracy Fines Since 2008 98

Posted by timothy
from the quasi-private-justice dept.
Jagungal (36053) writes The SMH reports that The University of NSW says it has issued 238 fines estimated to total around $100,000 - to students illicitly downloading copyright infringing material such as movies and TV shows on its Wi-Fi network since 2008. The main issues are that the University is not returning any money to the copyright holders but is instead using the money raised for campus facilities and that it is essentially enforcing a commonwealth law.
Facebook

How Facebook Is Influencing Who Will Win the Next Election 71

Posted by Soulskill
from the setting-up-a-scapegoat dept.
An anonymous reader sends this excerpt from Forbes: [Facebook] announced yesterday that it was shutting down a feature that the Obama campaign used in 2012 to register over a million voters. During the election supporters shared access to their list of Facebook friends list with the campaign through an app. Researchers have found that while people view often political messages with skepticism, they are more receptive and trusting when the information is coming from somebody they know. The feature was credited with boosting Obama’s get-out-the-vote efforts which were crucial to his victory, but Facebook has decided to disable this ability in order to (rightfully) protect users from third-party apps collecting too much of their information.

The company insists that it favors no particular ideology and that its efforts are “neutral.” The first part is likely true, but the second is not possible. The company’s algorithms take into account a proprietary mix of our own biases, connections, and interests combined with Facebook’s business priorities; that is the farthest thing from neutral. Facebook says it just want to encourage “civic participation,” but politically mobilizing the subsection of people that are on their network is not without its own impacts.
Space

Elusive Dark Matter May Be Detected With GPS Satellites 67

Posted by Soulskill
from the when-they're-not-busy-telling-you-how-far-you-are-from-a-starbucks dept.
An anonymous reader writes: Two researchers say time disparities identified through the network of satellites that make up our modern GPS infrastructure can help detect dark matter. In a paper in the online version of the scientific journal Nature Physics, they write that dark matter may be organized as a large gas-like collection of topological defects, or energy cracks. "We propose to detect the defects, the dark matter, as they sweep through us with a network of sensitive atomic clocks. The idea is, where the clocks go out of synchronization, we would know that dark matter, the topological defect, has passed by." Another reader adds this article about research into dark energy: The particles of the standard model, some type of dark matter and dark energy, and the four fundamental forces. That's all there is, right? But that might not be the case at all. Dark energy may not simply be the energy inherent to space itself, but rather a dynamical property that emerges from the Universe: a sort of fifth force. This is speculation that's been around for over a decade, but there hasn't been a way to test it until now. If this is the case, it may be accessible and testable by simply using presently existing vacuum chamber technology
Science

Major Brain Pathway Rediscovered After Century-old Confusion, Controversy 114

Posted by timothy
from the hey-if-you-can-find-a-new-knee-bone dept.
vinces99 writes A couple of years ago a scientist looking at dozens of MRI scans of human brains noticed something surprising: A large fiber pathway that seemed to be part of the network of connections that process visual information that wasn't mentioned in any modern-day anatomy textbooks. "It was this massive bundle of fibers, visible in every brain I examined," said Jason Yeatman, a research scientist at the University of Washington's Institute for Learning & Brain Sciences. "... As far as I could tell, it was absent from the literature and from all major neuroanatomy textbooks.'"With colleagues at Stanford University, Yeatman started some detective work to figure out the identity of that mysterious fiber bundle. The researchers found an early 20th century atlas that depicted the structure, now known as the vertical occipital fasciculus. But the last time that atlas had been checked out was 1912, meaning the researchers were the first to view the images in the last century. They describes the history and controversy of the elusive pathway in a paper published Nov. 17 in the Proceedings of the National Academy of Sciences. You'd think that we'd have found all the parts of the human body by now, but not necessarily.
Privacy

Tor Eyes Crowdfunding Campaign To Upgrade Its Hidden Services 106

Posted by samzenpus
from the price-of-privacy dept.
apexcp writes The web's biggest anonymity network is considering a crowdfunding campaign to overhaul its hidden services. From the article: "In the last 15 months, several of the biggest anonymous websites on the Tor network have been identified and seized by police. In most cases, no one is quite sure how it happened. The details of such a campaign have yet to be revealed. With enough funding, Tor could have developers focusing their work entirely on hidden services, a change in developer priorities that many Tor users have been hoping for in recent years."
United States

State Department Joins NOAA, USPS In Club of Hacked Federal Agencies 54

Posted by timothy
from the more-funding-next-year dept.
Hot on the heels of recent cyber attacks on NOAA, the USPS, and the White House, the New York Times reports that the U.S. State Department has also suffered an online security breach, though it's not clear who to blame. “This has impacted some of our unclassified email traffic and our access to public websites from our main unclassified system,” said one senior State Department official, adding that the department expected its systems to be up soon. ....The breach at the White House was believed to be the work of hackers in Russia, while the breaches at NOAA and the Postal Service were believed to the work of hackers inside China. Attributing attacks to a group or nation is difficult because hackers typically tend to route their attack through compromised web servers all over the world. A senior State Department official said the breach was discovered after “activity of concern” was detected on portions of its unclassified computer system. Officials did not say how long hackers may have been lurking in those systems, but security improvements were being added to them on Sunday.
United Kingdom

World's Youngest Microsoft Certificated Professional Is Five Years Old 276

Posted by timothy
from the so-long-as-he-likes-it dept.
HughPickens.com writes Gurvinder Gill writes at BBC that Ayan Qureshi is the world's youngest Microsoft Certified Professional after passing the tech giant's exam when he was just five years old. Qureshi's father introduced his son to computers when he was three years old. He let him play with his old computers, so he could understand hard drives and motherboards. "I found whatever I was telling him, the next day he'd remember everything I said, so I started to feed him more information," Qureshi explained. "Too much computing at this age can cause a negative effect, but in Ayan's case he has cached this opportunity." Ayan has his own computer lab at his home in Coventry, containing a computer network which he built and spends around two hours a day learning about the operating system, how to install programs, and has his own web site.

Microsoft Certified Professional (MCP) is a certification that validates IT professional and developer technical expertise through rigorous, industry-proven, and industry-recognized exams. MCP exams cover a wide range of Microsoft products, technologies, and solutions. When the boy arrived to take the Microsoft exam, the invigilators were concerned that he was too young to be a candidate. His father reassured them that Ayan would be all right on his own. "There were multiple choice questions, drag and drop questions, hotspot questions and scenario-based questions," Ayan's father told the BBC Asian Network. "The hardest challenge was explaining the language of the test to a five-year-old. But he seemed to pick it up and has a very good memory."
AI

A Worm's Mind In a Lego Body 200

Posted by timothy
from the with-very-few-exceptions-is-not-a-worm dept.
mikejuk writes The nematode worm Caenorhabditis elegans (C. elegans) is tiny and only has 302 neurons. These have been completely mapped, and one of the founders of the OpenWorm project, Timothy Busbice, has taken the connectome and implemented an object oriented neuron program. The neurons communicate by sending UDP packets across the network. The software works with sensors and effectors provided by a simple LEGO robot. The sensors are sampled every 100ms. For example, the sonar sensor on the robot is wired as the worm's nose. If anything comes within 20cm of the 'nose' then UDP packets are sent to the sensory neurons in the network. The motor neurons are wired up to the left and right motors of the robot. It is claimed that the robot behaved in ways that are similar to observed C. elegans. Stimulation of the nose stopped forward motion. Touching the anterior and posterior touch sensors made the robot move forward and back accordingly. Stimulating the food sensor made the robot move forward. The key point is that there was no programming or learning involved to create the behaviors. The connectome of the worm was mapped and implemented as a software system and the behaviors emerge. Is the robot a C. elegans in a different body or is it something quite new? Is it alive? These are questions for philosophers, but it does suggest that the ghost in the machine is just the machine. The important question is does it scale?
Communications

81% of Tor Users Can Be De-anonymized By Analysing Router Information 136

Posted by timothy
from the keep-him-on-the-line dept.
An anonymous reader writes A former researcher at Columbia University's Network Security Lab has conducted research since 2008 indicating that traffic flow software included in network routers, notably Cisco's 'Netflow' package, can be exploited to deanonymize 81.4% of Tor clients. Professor Sambuddho Chakravarty, currently researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology, uses a technique which injects a repeating traffic pattern into the TCP connection associated with an exit node, and then compares subsequent aberrations in network timing with the traffic flow records generated by Netflow (or equivalent packages from other router manufacturers) to individuate the 'victim' client. In laboratory conditions the success rate of this traffic analysis attack is 100%, with network noise and variations reducing efficiency to 81% in a live Tor environment. Chakravarty says: 'it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods [] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection.'
Space

Boeing Readies For First Ever Conjoined Satellite Launch 67

Posted by samzenpus
from the two-by-two dept.
Zothecula writes Boeing has successfully joined two of its 702SP satellites in a stacked configuration in preparation for a launch scheduled for early 2015. Aside from being the first involving conjoined satellites, the launch will also put the first satellites to enter service boasting an all-electric propulsion system into orbit. "Designed by Boeing Network & Space Systems and its defense and security advanced prototyping arm, Phantom Works, the 702SP (small platform) satellites are an evolution of the company's 702 satellite. Operating in the low- to mid-power ranges of 3 to 9 kW, instead of chemical propulsion, the satellites boast an all-electric propulsion system that Boeing says minimizes the mass of the spacecraft and maximizes payload capacity."
China

US Weather System and Satellite Network Hacked 76

Posted by samzenpus
from the all-your-weather-are-belong-to-us dept.
mpicpp writes with this story about Chinese hackers breaching the federal weather network. "Hackers attacked the U.S. weather system in October, causing a disruption in satellite feeds and several pivotal websites. The National Oceanic and Atmospheric Administration, NOAA, said that four of its websites were hacked in recent weeks. To block the attackers, government officials were forced to shut down some of its services. This explains why satellite data was mysteriously cut off in October, as well as why the National Ice Center website and others were down for more than a week. During that time, federal officials merely stated a need for "unscheduled maintenance." Still, NOAA spokesman Scott Smullen insisted that the aftermath of the attack "did not prevent us from delivering forecasts to the public." Little more is publicly known about the attack, which was first revealed by The Washington Post. It's unclear what damage, if any, was caused by the hack. But hackers managed to penetrate what's considered one of the most vital aspects of the U.S. government. The nation's military, businesses and local governments all rely on nonstop reports from the U.S. weather service."
Encryption

ISPs Removing Their Customers' Email Encryption 245

Posted by Soulskill
from the aggressively-anticonsumer dept.
Presto Vivace points out this troubling new report from the Electronic Frontier Foundation: Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the U.S. and Thailand intercepting their customers' data to strip a security flag — called STARTTLS — from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.
AT&T

AT&T Won't Do In-Flight Wi-Fi After All 35

Posted by timothy
from the back-to-the-ebooks dept.
jfruh writes In-flight Wi-Fi services tend to be expensive and disappointingly slow. So when AT&T announced a few months ago that it was planning on getting into the business, with customer airlines being able to connect to AT&T's LTE network instead of slow satellite services, the industry shook. But now AT&T has announced that, upon further review, they're not going to bother.
Privacy

Tor Project Mulls How Feds Took Down Hidden Websites 135

Posted by Soulskill
from the inside-job dept.
HughPickens.com writes: Jeremy Kirk writes at PC World that in the aftermath of U.S. and European law enforcement shutting down more than 400 websites (including Silk Road 2.0) which used technology that hides their true IP addresses, Tor users are asking: How did they locate the hidden services? "The first and most obvious explanation is that the operators of these hidden services failed to use adequate operational security," writes Andrew Lewman, the Tor project's executive director. For example, there are reports of one of the websites being infiltrated by undercover agents and one affidavit states various operational security errors." Another explanation is exploitation of common web bugs like SQL injections or RFIs (remote file inclusions). Many of those websites were likely quickly-coded e-shops with a big attack surface. Exploitable bugs in web applications are a common problem says Lewman adding that there are also ways to link transactions and deanonymize Bitcoin clients even if they use Tor. "Maybe the seized hidden services were running Bitcoin clients themselves and were victims of similar attacks."

However the number of takedowns and the fact that Tor relays were seized could also mean that the Tor network was attacked to reveal the location of those hidden services. "Over the past few years, researchers have discovered various attacks on the Tor network. We've implemented some defenses against these attacks (PDF), but these defenses do not solve all known issues and there may even be attacks unknown to us." Another possible Tor attack vector could be the Guard Discovery attack. The guard node is the only node in the whole network that knows the actual IP address of the hidden service so if the attacker manages to compromise the guard node or somehow obtain access to it, she can launch a traffic confirmation attack to learn the identity of the hidden service. "We've been discussing various solutions to the guard discovery attack for the past many months but it's not an easy problem to fix properly. Help and feedback on the proposed designs is appreciated."

According to Lewman, the task of hiding the location of low-latency web services is a very hard problem and we still don't know how to do it correctly. It seems that there are various issues that none of the current anonymous publishing designs have really solved. "In a way, it's even surprising that hidden services have survived so far. The attention they have received is minimal compared to their social value and compared to the size and determination of their adversaries."
United States

US Postal Service Hacked, 500k+ Employees and Public Data Breached 46

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes "The U.S. Postal Service has admitted that it has suffered a massive security breach, with the disclosure to hackers of the personal details of over 500,000 USPS workers, along with details supplied by members of the public when contacting Postal Service call centers between January and mid-August of 2014. The breach is a hard blow to the integrity and reputation of the USPS's internal security set-up, the Corporate Information Security Office (CISO). In 2012 CISO reports that it blocked 257 billion unauthorized attempts to access the USPS network, 66,734 attempts to distribute credit-card information, 1,278 attempts to reveal USPS-ordained credit-card transactions and 345,342 attempts to distribute social security numbers.
Mozilla

Mozilla Launches Browser Built For Developers 74

Posted by samzenpus
from the made-just-for-you dept.
HughPickens.com writes "Mozilla announced that they are excited to unveil Firefox Developer Edition, the first browser created specifically for developers that integrates two powerful new features, Valence and WebIDE that improve workflow and help you debug other browsers and apps directly from within Firefox Developer Edition. Valence (previously called Firefox Tools Adapter) lets you develop and debug your app across multiple browsers and devices by connecting the Firefox dev tools to other major browser engines. WebIDE allows you to develop, deploy and debug Web apps directly in your browser, or on a Firefox OS device. "It lets you create a new Firefox OS app (which is just a web app) from a template, or open up the code of an existing app. From there you can edit the app's files. It's one click to run the app in a simulator and one more to debug it with the developer tools."

Firefox Developer Edition also includes all the tools experienced Web developers are familiar with including: Responsive Design Mod, Page Inspector, Web Console, JavaScript Debugger, Network Monitor, Style Editor, and Web Audio Editor. At launch, Mozilla is starting off with Chrome for Android and Safari for iOS. and the eventual goal is to support more browsers, depending on what developers tell Mozilla they want, but the primary focus is on the mobile Web. "One of the biggest pain points for developers is having to use numerous siloed development environments in order to create engaging content or for targeting different app stores. For these reasons, developers often end up having to bounce between different platforms and browsers, which decreases productivity and causes frustration," says the press release. "If you're a new Web developer, the streamlined workflow and the fact that everything is already set up and ready to go makes it easier to get started building sophisticated applications."
Mozilla released a teaser trailer for the browser last week.
Facebook

New Facebook Update Lets You Choose News Feed Content 54

Posted by samzenpus
from the new-feature dept.
An anonymous reader writes The company has rolled out some changes that make it easier to control what comes in your News Feed. From the article: "The social network unveiled a new settings menu and customization options for News Feed that allows users to personalize the types of content they see. The News Feed settings menu, which appears in the Facebook apps and on the web, displays which friends appear most often in your News Feed and which friends you've chosen to unfollow. From there, you can choose to unfollow people you don't want to see anymore or re-follow (Facebook calls it "reconnecting" with) those you've previously hidden from your feed."
The Internet

More Tor .Onion Sites May Get Digital Certificates Soon 52

Posted by timothy
from the try-to-stop-from-crying dept.
Trailrunner7 writes News broke last week that Facebook had built a hidden services version of its social network available to users browsing anonymously via the Tor Project's proxy service. Unlike any .onion domain before it, Facebook's would be verified by a legitimate digital signature, signed and issued by DigiCert. Late yesterday, Jeremy Rowley, DigiCert's vice president of business development and legal, explained his company's decision to support this endeavor in a blog entry. He also noted that DigiCert is considering opening up its certification business to other .Onion domains in the future. "Using a digital certificate from DigiCert, Tor users are able to identify the exact .onion address operated by Facebook," Rowley explained. "Tor users can evaluate the digital certificate contents to discover that the entity operating the onion address is the same entity as the one operating facebook.com."

"When the going gets weird, the weird turn pro..." -- Hunter S. Thompson

Working...