Forgot your password?
typodupeerror

Follow Slashdot stories on Twitter

Security

Internet Explorer Vulnerabilities Increase 100% 137

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities. Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.
Security

The Psychology of Phishing 126

Posted by samzenpus
from the click-and-release dept.
An anonymous reader writes Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals understand that we are a generation of clickers and they use this to their advantage. They will take the time to create sophisticated phishing emails because they understand that today users can tell-apart spam annoyances from useful email, however they still find it difficult identifying phishing emails, particularly when they are tailored to suit each recipient individually. Fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link. To put that into context a legitimate marketing department at a FTSE 100 company typically expects less than a 2% click rate on their advertising campaigns. So, how are the cybercriminals out-marketing the marketing experts?
Cellphones

Why My LG Optimus Cellphone Is Worse Than It's Supposed To Be 290

Posted by samzenpus
from the no-sir-I-don't-like-it dept.
Bennett Haselton writes My LG Optimus F3Q was the lowest-end phone in the T-Mobile store, but a cheap phone is supposed to suck in specific ways that make you want to upgrade to a better model. This one is plagued with software bugs that have nothing to do with the cheap hardware, and thus lower one's confidence in the whole product line. Similar to the suckiness of the Stratosphere and Stratosphere 2 that I was subjected to before this one, the phone's shortcomings actually raise more interesting questions — about why the free-market system rewards companies for pulling off miracles at the hardware level, but not for fixing software bugs that should be easy to catch. Read below to see what Bennett has to say.
Transportation

"Intelligent" Avatars Poised To Manage Airline Check-In 102

Posted by samzenpus
from the even-better-than-the-real-thing dept.
An anonymous reader writes One of the developers behind special effects used in the film Avatar has inked a deal with airline check-in kiosk manufacturer BCS to implement avatars for personalized and interactive customer service. Dr Mark Sagar's Limbic IO is applying 'neurobehavioral animation' combining biologically based models of faces and neural systems to create live, naturally intelligent, and expressive interactive systems. "One of the comments levelled at self-service check in is that it has lost the human touch that people had when checking in at a traditional manned counter," Patrick Teo, BCS CEO says. "Travelling can be stressful and our aim is to make the interaction between human (passenger) and computer (check-in) as natural and helpful as possible."
Education

How To Fix The Shortage of K-5 Scholastic Chess Facilitators 128

Posted by samzenpus
from the checking-the-checkmate dept.
theodp writes The good news, writes Michael Thomas, is that wired kids are learning chess at an unprecedented rate. Young children learning chess from tablets can quickly become more knowledgeable than their parents. But the bad news, laments Thomas, is there is so much demand for scholastic chess that there are not enough experienced chess facilitators to go around. Could technology like RFID-tagged chess pieces or services like ChessStream.com be employed to referee second-grader chess matches, Thomas wonders, or are more well-meaning-but-not-necessarily-expert human facilitators — a la T-ball coaches — the answer?
Google

How Google Map Hackers Can Destroy a Business 132

Posted by timothy
from the you-aren't-here dept.
An anonymous reader writes with an excerpt from Wired about the one big problem that comes with crowdsourced data: enough eyeballs may make all bugs shallow, but may not fare as well against malice and greed: Maps are dotted with thousands of spam business listings for nonexistent locksmiths and plumbers. Legitimate businesses sometimes see their listings hijacked by competitors or cloned into a duplicate with a different phone number or website. In January, someone bulk-modified the Google Maps presence of thousands of hotels around the country, changing the website URLs to a commercial third-party booking site ... Small businesses are the usual targets. ....These attacks happen because Google Maps is, at its heart, a massive crowdsourcing project, a shared conception of the world that skilled practitioners can bend and reshape in small ways using tools like Google's Mapmaker or Google Places for Business. ... In February, an SEO consultant-turned-whistleblower named Bryan Seely demonstrated the risk dramatically when he set up doppelganger Google Maps listings for the offices of the FBI and Secret Service..
Canada

Krebs on Microsoft Suspending "Patch Tuesday" Emails and Blaming Canada 130

Posted by samzenpus
from the who's-to-blame dept.
tsu doh nimh writes In a move that may wind up helping spammers, Microsoft is blaming a new Canadian anti-spam law for the company's recent decision to stop sending regular emails about security updates for its Windows operating system and other Microsoft software. Some anti-spam experts who worked very closely on Canada's Anti-Spam Law (CASL) say they are baffled by Microsoft's response to a law which has been almost a decade in the making. Indeed, an exception in the law says it does not apply to commercial electronic messages that solely provide "warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased." Several people have observed that Microsoft likely is using the law as a convenient excuse for dumping an expensive delivery channel.
Security

Microsoft Suspending "Patch Tuesday" Emails 145

Posted by timothy
from the just-visit-our-lair-for-updates dept.
New submitter outofluck70 (1734164) writes Got an email today from Microsoft, text is below. [Note: text here edited for formatting and brevity; see the full text at seclists.org.] They are no longer going to send out emails regarding patches, you have to use RSS or keep visiting their security sites. They blame "governmental policies" as the reason. What could the real reason be? Anybody in the know? From the email: "Notice to IT professionals: As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following: Security bulletin advance notifications; Security bulletin summaries; New security advisories and bulletins; Major and minor revisions to security advisories and bulletins. In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website." WindowsIT Pro blames Canada's new anti-spam law.
Spam

Researchers Outline Spammers' Business Ecosystem 14

Posted by timothy
from the is-that-enough-info-to-send-the-rebel-alliance? dept.
An anonymous reader writes A team of researchers at the UC Santa Barbara and RWTH Aachen presented new findings on the relationship of spam actors [abstract; full paper here] at the ACM Symposium on Information, Computer and Communications Security. This presents the first end-to-end analysis of the spam delivery ecosystem including: harvesters crawl the web and compile email lists, botmasters infect and operate botnets, and spammers rent botnets and buy email lists to run spam campaigns. Their results suggest that spammers develop a type of "customer loyalty"; spammers likely purchase preferred resources from actors that have "proven" themselves in the past. Previous work examined the market economy of the email address market in preparatory work: 1 million email addresses were offered on the examined forum for anywhere ranging between 20 and 40 Euros.
Social Networks

LinkedIn Spam Lawsuit Can Continue 50

Posted by timothy
from the unrepentant-spammers dept.
Charliemopps (1157495) writes "A lawsuit filed in September 2013 in the Northern District of California alleged that LinkedIn misled its users about the number of times it would attempt to invite their contacts using their name. LinkedIn tried to get the suit dismissed but Thursday Judge Lucy Koh ruled the suit can continue."
Crime

Cybercriminals Ramp Up Activity Ahead of 2014 World Cup 90

Posted by samzenpus
from the crime-wave dept.
wiredmikey (1824622) writes With the FIFA World Cup 2014 kicking off this week in Brazil, cybercriminals and scammers are working hard to take advantage of visitors to the World Cup in Brazil and those following the world soccer tournament online. In recent months, several security vendors have published advisories about the various scams, phishing and malware operations that target Internet users interested in the World Cup. While individuals from all over the world have been targeted, many of the malicious campaigns focus on Brazil and neighboring South American countries. While news that cybercriminals are zoning in on a large global event is no surprise, the scale and tactics being used is quite wide in scope, ranging from malware distribution and phishing scams, to fraudulent ticket sales, spam and other promising yet fraudulent schemes.For those visiting Brazil to watch the games in person, the cyber threats also include rogue wireless access points, ATMs rigged with card skimmers and Point-of-Sale malware.
Crime

Justice Dept. Names ZeuS Trojan Author, Seizes Control of P2P "Gameover" Botnet 76

Posted by samzenpus
from the shutting-it-down dept.
tsu doh nimh (609154) writes "The U.S. Justice Department announced today an international law enforcement operation to seize control over the Gameover ZeuS botnet, a sprawling network of hacked Microsoft Windows computers that currently infects an estimated 500,000 to 1 million compromised systems globally. Experts say PCs infected with Gameover are being harvested for sensitive financial and personal data, and that the botnet is responsible for more than $100 million in losses from online banking account takeovers. The government alleges that Gameover also was rented out to an elite cadre of hackers for use in online extortion attacks, spam and other illicit moneymaking schemes. In a complaint unsealed today, the DOJ further alleges that ZeuS and Gameover are the brainchild of a Russian man named Evgeniy Mikhailovich Bogachev, a.k.a. 'Slavik.'"
America Online

AOL Finally Admits They Were Hacked 54

Posted by Soulskill
from the change-the-password-on-your-coasters dept.
pdclarry writes: "Anyone managing email servers or lists has suspected for several weeks a major hack of AOL's servers, based on a sudden spurt in spam ostensibly from AOL email addresses (but actually spoofed) and sent to the contact lists of those AOL accounts. Of course, there is a steady stream of such spam from hacked individual accounts on many services, but the magnitude and suddenness of the most recent spam attack argues against individual account invasions. Well, AOL has finally come clean. Apparently unknown individuals accessed AOL's servers and took screen names, account information including mailing addresses, contact lists, encrypted passwords and encrypted answers to security questions. And possibly credit card information. AOL claims that it affects 'only' 2% of their members, but recommends that everyone change their passwords and security questions."
United States

Cuba: US Using New Weapon Against Us -- Spam 139

Posted by samzenpus
from the filling-the-pipes dept.
mpicpp (3454017) writes in with news about accusations from Cuban officials about a spamming campaign against the country by the U.S.. "Cuban officials have accused the U.S. government of bizarre plots over the years, such as trying to kill Fidel Castro with exploding cigars. On Wednesday, they said Washington is using a new weapon against the island: spam. 'It's overloading the networks, which creates bad service and affects our customers,' said Daniel Ramos Fernandez, chief of security operations at the Cuban government-run telecommunications company ETECSA. At a news conference Wednesday, Cuban officials said text messaging platforms run by the U.S. government threatened to overwhelm Cuba's creaky communications system and violated international conventions against junk messages. The spam, officials claim, comes in the form of a barrage of unwanted text messages, some political in nature. Ramos said that during a 2009 concert in Havana performed by the Colombian pop-star Juanes, a U.S. government program blanketed Cuban cell phone networks with around 300,000 text messages over about five hours."
Communications

Yahoo DMARC Implementation Breaks Most Mailing Lists 83

Posted by Soulskill
from the we-can-think-this-through-after-it's-pushed-live dept.
pdclarry writes: "On April 8, Yahoo implemented a new DMARC policy that essentially bars any Yahoo user from accessing mailing lists hosted anywhere except on Yahoo and Google. While Yahoo is the initiator, it also affects Comcast, AT&T, Rogers, SBCGlobal, and several other ISPs. Internet Engineering Council expert John R. Levine, a specialist in email infrastructure and spam filtering, said, 'Yahoo breaks every mailing list in the world including the IETF's' on the Internet Engineering Task Force (IETF) list.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a two-year-old proposed standard previously discussed on Slashdot that is intended to curb email abuse, including spoofing and phishing. Unfortunately, as implemented by Yahoo, it claims most mailing list users as collateral damage. Messages posted to mailing lists (including listserv, mailman, majordomo, etc) by Yahoo subscribers are blocked when the list forwards them to other Yahoo (and other participating ISPs) subscribers. List members not using Yahoo or its partners are not affected and will receive posts from Yahoo users. Posts from non-Yahoo users are delivered to Yahoo members. So essentially those suffering the most are Yahoo's (and Comcast's, and AT&T's, etc) own customers. The Hacker News has details about why DMARC has this effect on mailing lists. Their best proposed solution is to ban Yahoo email users from mailing lists and encourage them to switch to other ISPs. Unfortunately, it isn't just Yahoo, although they are getting the most attention."
Hardware

An SSD for Your Current Computer May Save the Cost of a New One (Video) 353

Posted by Roblimo
from the breaking-the-i/o-speed-barrier dept.
Obviously, the first performance enhancement you do on any computer you own is max out the RAM. RAM has gotten cheap, and adding more of it to almost any computer will make it faster without requiring any other modification (or any great skill). The next thing you need to do, says Larry O'Connor, the founder and CEO of Other World Computing (OWC), is move from a "platter" hard drive to a Solid State Drive (SSD). Larry's horse in this race is that his company sells SSDs, mostly for Macs. But he's a real evangelist about SSDs and computer mods in general, even if you buy them from NewEgg, Amazon or another vendor.

A big (vendor-neutral) thing Larry points out is that just because you have a Terabyte drive in your computer now doesn't mean you need a Terabyte SSD, which can easily cost $500. Rather, he says, all you need is a large enough SSD to contain your OS and software and whatever data you're working with at the moment, so you might be able to get by with a 120 GB SSD that costs well under $100. Clone your current main drive, stick in the new SSD, and if your need more storage, get another hard drive (or use your old one). Simple. Efficient. And a lot cheaper than buying a new computer, whether we're talking about home, business or even enterprise use. (Alternate video link.)
Hardware

Used IT Equipment Can Be Worth a Fortune (Video) 79

Posted by Roblimo
from the how-much-is-that-mainframe-in-the-window? dept.
This is a conversation with Frank Muscarello, CEO and co-founder of MarkiTx, a company that brokers used and rehabbed IT equipment. We're not talking about an iPhone 3 you might sell on craigslist, but enterprise-level items. Cisco. Oracle. IBM mainframes. Racks full of HP or Dell servers. That kind of thing. In 2013 IDC pegged the value of the used IT equipment market at $70 billion, so this is a substantial business. MarkiTx has three main bullet points: *Know what your gear is worth; *Sell with ease at a fair price; and *Buy reliable, refurbished gear. Pricing is the big deal, Frank says. With cars you have Cars.com and Kelley Blue Book. There are similar pricing services for commercial trucks, construction equipment, and nearly anything else a business or government agency might buy or sell used. For computers? Not so much. Worth Monkey calls itself "The blue book for used electronics and more," but it only seems to list popular consumer equipment. I tried looking up several popular Dell PowerEdge servers. No joy. An HTC Sensation phone or an Acer Aspire notebook? Sure. With price ranges based on condition, same as Kelley Blue Book does with cars. Now back to the big iron. A New York bank wants to buy new servers. Their old ones are fully depreciated in the tax sense, and their CTO can show stats saying they are going to suffer from decreasing reliability. So they send out for bids on new hardware. Meanwhile, there's a bank in Goa, India, that is building a server farm on a tight budget. If they can buy used servers from the New York bank, rehabbed and with a warranty, for one-third what they'd cost new, they are going to jump on this deal the same way a small earthmoving operation buys used dump trucks a multinational construction company no longer wants.

In February, 2013 Computerworld ran an article titled A new way to sell used IT equipment about MarkiTx. The main differentiator between MarkiTx and predecessor companies is that this is primarily an information company. It is not eBay, where plenty of commercial IT equipment changes hands, nor is it quite like UK-based Environmental Computer, which deals in used and scrap computer hardware. It is, rather, the vanguard of computer hardware as a commodity; as something you don't care about as long as it runs the software you need it to run, and you can buy it at a good price -- or more and more, Frank notes -- rent a little bit of its capacity in the form of a cloud service, a direction in which an increasing number of business are moving for their computing needs. Even more fun: Let's say you are (or would like to be) a local or regional computer service company and you want to buy or sell or broker a little used hardware. You could use MarkiTx's price information to set both your buy and sell prices, same as a car dealer uses Kelley Blue Book. We seem to be moving into a whole new era of computer sales and resales. MarkiTx is one company making a splash in this market. But there are others, and there are sure to be even more before long. (Alternate video link.)
China

China Arrests 1,500 People For Sending Spam Messages From Fake Mobile Bases 35

Posted by samzenpus
from the watch-what-you-text dept.
concertina226 (2447056) writes "Chinese authorities have detained a total of 1,530 suspects in a crackdown on spam SMS text messages being sent out by illegal telecoms equipment, according to Chinese news agency ECNS. Over 2,600 fake mobile base stations were seized and 24 sites manufacturing illegal telecoms equipment shut down as part of a massive nationwide operation involving nine central government and Communist Party of China departments. A report released by Trend Micro this month looked into the telecoms equipment black market in China (PDF) and found that cybercriminals routinely use either a GSM modem, an internet short message gateway and an SMS server to send out spam messages. On the underground market, SMS servers come in 'all-in-one' packages that include a laptop, a GSM mobile phone, an SMS server, an antenna to send out the fake signal and a USB cable, all for RMB 45,000 (£4,355)."
Security

Malware Attack Infected 25,000 Linux/UNIX Servers 220

Posted by Soulskill
from the sudo-configure-your-stuff-properly dept.
wiredmikey writes "Security researchers from ESET have uncovered a widespread attack campaign that has infected more than 25,000 Linux and UNIX servers around the world. The servers are being hijacked by a backdoor Trojan as part of a campaign the researchers are calling 'Operation Windigo.' Once infected, victimized systems are leveraged to steal credentials, redirected web traffic to malicious sites and send as many as 35 million spam messages a day. 'Windigo has been gathering strength, largely unnoticed by the security community, for more than two and a half years and currently has 10,000 servers under its control,' said Pierre-Marc Bureau, security intelligence program manager at ESET, in a statement.

There are many misconceptions around Linux security, and attacks are not something only Windows users need to worry about. The main threats facing Linux systems aren't zero-day vulnerabilities or malware, but things such as Trojanized applications, PHP backdoors, and malicious login attempts over SSH. ESET recommends webmasters and system administrators check their systems to see if they are compromised, and has published a detailed report presenting the findings and instructions on how to remove the malicious code if it is present."
Google

Using Google Maps To Intercept FBI and Secret Service Calls 137

Posted by Soulskill
from the enjoy-your-stay-on-government-watchlists dept.
An anonymous reader sends in a story about a network engineer named Bryan Seely, who was tired of seeing fake listings and spam on Google Maps. He contacted the company and tried to convince them to fix their system, but didn't have much luck. Afterward, he thought of an effective demonstration. He put up fake listings for the FBI and the Secret Service with phone numbers that sent the calls to him. When people called, he forwarded them to the actual agencies while he listened in. After recording a couple of calls for proof, he went to a local Secret Service office to explain the problem: "After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room. Email correspondence with the Secret Service indicates that the special agent in charge called him a 'hero' for bringing this major security flaw to light. They let him go after a few hours. Seely says the fake federal listings, which were both ranked second every time I checked Google Maps, were up for four days. He took them down himself when the Secret Service asked."

Philogyny recapitulates erogeny; erogeny recapitulates philogyny.

Working...