Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Encryption

FBI Director Says Prolific Default Encryption Hurting Government Spying Efforts (go.com) 92

SonicSpike quotes a report from ABC News: FBI Director James Comey warned again Tuesday about the bureau's inability to access digital devices because of encryption and said investigators were collecting information about the challenge in preparation for an "adult conversation" next year. Widespread encryption built into smartphones is "making more and more of the room that we are charged to investigate dark," Comey said in a cybersecurity symposium. The remarks reiterated points that Comey has made repeatedly in the last two years, before Congress and in other settings, about the growing collision between electronic privacy and national security. "The conversation we've been trying to have about this has dipped below public consciousness now, and that's fine," Comey said at a symposium organized by Symantec, a technology company. "Because what we want to do is collect information this year so that next year we can have an adult conversation in this country." The American people, he said, have a reasonable expectation of privacy in private spaces -- including houses, cars and electronic devices. But that right is not absolute when law enforcement has probable cause to believe that there's evidence of a crime in one of those places, including a laptop or smartphone. "With good reason, the people of the United States -- through judges and law enforcement -- can invade our private spaces," Comey said, adding that that "bargain" has been at the center of the country since its inception. He said it's not the role of the FBI or tech companies to tell the American people how to live and govern themselves. "We need to understand in the FBI how is this exactly affecting our work, and then share that with folks," Comey said, conceding the American people might ultimately decide that its privacy was more important than "that portion of the room being dark." Comey made his remarks to the 2016 Symantec Government Symposium. The Daily Dot has another take on Comey's remarks, which you can read here.
Software

Companies Are Developing More Apps With Fewer Developers (fortune.com) 107

Fortune reports that the "yawning gap in tech skills" has resulted in a surprising shift in supply and demand in the software industry. And in many companies now, a growing trend of developer jobs being given to non-developers can be seen. From the article: That's because a relatively new technology, known as low-code or no-code platforms, is now doing a big chunk of the work that high-priced human talent used to do. Low-code platforms are designed so that people with little or no coding or software engineering background -- known in the business as "citizen developers" -- can create apps, both for use in-house and for clients. Not surprisingly, the low-code platform industry, made up of about 40 small companies (so far), is growing like crazy. A recent Forrester Research report put its total revenues at about $1.7 billion in 2015, a figure that's projected to balloon to $15 billion in the next four years. Low-code-platform providers, notes Forrester, are typically seeing sales increases in excess of 50% a year.The report cites QuickBase, a company whose low-code platforms are used by half of the Fortune 500 companies, as an example. Its CEO Allison Mnookin says that almost any employee can now do most or all of the same work that developers used to do. Mnookin adds that there's a big advantage in this. "Opening an app's development to the non-techies who need the app removes misunderstandings between the IT department and other employees about what the end user needs."
IT

Not Using Smartphones Can Improve Productivity By 26%, Says Study (business-standard.com) 120

Smartphones do a plethora of things for us. But if you stopped using them, you might actually start seeing improvements in the work you do. From a Business-Standard report: The study, commissioned by Kaspersky Lab, showed that employees' performance improved 26 percent when their smartphones were taken away. The experiment tested the behaviour of 95 persons between 19 and 56 years of age in laboratories at the universities of Wurzburg and Nottingham-Trent. The experiment unearthed a correlation between productivity levels and the distance between participants and their smartphones. "Instead of expecting permanent access to their smartphones, employee productivity might be boosted if they have dedicated 'smartphone-free' time. One way of doing this is to enforce rules such as no phones in the normal work environment," says Altaf Halde, managing director, South Asia at Kaspersky Lab.
Transportation

Vienna Airport Says Glitch That Disrupted Dozens Of Flights Resolved (reuters.com) 16

On Sunday, Vienna Airport was at the receiving end of a number of flight delays and cancellations due to data transmission issues. On Monday, it announced that all the issues have been resolved. Reuters reports:"Austrian air traffic control has solved the issue," the airport said on its website early on Monday. "At the moment there are no delayed or canceled flights. We advise passengers to contact their airline." The automated transfer of flight planning data between air traffic control centers in Brussels and Vienna collapsed completely for a while on Sunday afternoon, said a spokesman for Austro Control, which monitors Austrian air space.
Government

FBI Says Foreign Hackers Breached State Election Systems (theguardian.com) 158

The FBI has uncovered evidence that foreign hackers breached two state election databases in recent weeks, and it has warned election officials across the country to some measures to step up the security of their computer systems. The Guardian reports: The FBI warning did not identify the two states targeted by cyber intruders, but Yahoo News said sources familiar with the document said it referred to Arizona and Illinois, whose voter registration systems were penetrated. Citing a state election board official, Yahoo News said the Illinois voter registration system was shut down for 10 days in late July after hackers downloaded personal data on up to 200,000 voters. The Arizona attack was more limited and involved introducing malicious software into the voter registration system, Yahoo News quoted a state official as saying. No data was removed in that attack, the official said. US intelligence officials have become increasingly worried that hackers sponsored by Russia or other countries may attempt to disrupt the November presidential election.
Security

Tens of Thousands of Infowars Accounts Hacked (vice.com) 112

Joseph Cox, reporting for Motherboard: Tens of thousands of subscriber accounts for media company Infowars are being traded in the digital underground. Infowars, created by famed radio host and conspiracy theorist Alex Jones, produces radio, documentaries and written pieces. The dumped data relates to Prison Planet TV, which gives paying subscribers access to a variety of Infowars content. The data includes email addresses, usernames, and poorly hashed passwords. The administrator of breach notification site Databases. Land provided a copy of 100,223 records to Motherboard for verification purposes. Vigilante.PW, another breach notification service, also has the Infowars dump listed on its site, and says the data comes from 2014. However, every record appears to have been included twice in the data, making the actual number of user accounts closer to 50,000.Motherboard adds that it tested a few of the login credentials and that they worked.
Security

Cyber Security Should Be Expanded To Departments Other Than IT: CII-KPMG (www.bgr.in) 38

An anonymous reader shares a BGR report: Cyber threats today are no longer restricted to a company's communications and IT domains, calling for more than just technical controls to avert attacks and protect the business from future risks and breaches, a new report said. According to the joint report of the Confederation of Indian Industry (CII) and KPMG, cyber security today embraces multiple units of an organization like human resource, supply chain, administration and infrastructure. It, therefore, requires governance at the highest levels. "It is vital to keep pace with the changing regulatory and technology landscape to safeguard and advance business objectives. Working backwards by identifying and understanding future risks, predicting risks and acting ahead of competition, can make a company more robust," said Richard Rekhy, Chief Executive Officer, KPMG, India.
Opera

Opera Sync Users May Have Been Compromised In Server Breach (fortune.com) 26

An anonymous reader writes: Someone broke into Opera's servers. The Opera browser has a handy feature for synchronizing browsing data across different devices. Unfortunately, some of the passwords and login information used to enable the feature may have been stolen from Opera's servers. Opera's sync service is used by around 1.7 million people each month. Overall, the browser has 350 million users. The Norwegian firm told its users that someone had gained access to the Opera sync system, and "some of our sync users' passwords and account information, such as login names, may have been compromised." As a result, Opera had to reset all the passwords for the feature, meaning users will need to select new ones.
Security

How Security Experts Are Protecting Their Own Data (siliconvalley.com) 206

Today the San Jose Mercury News asked several prominent security experts which security products they were actually using for their own data. An anonymous Slashdot reader writes: The EFF's chief technologist revealed that he doesn't run an anti-virus program, partly because he's using Linux, and partly because he feels anti-virus software creates a false sense of security. ("I don't like to get complacent and rely on it in any way...") He does regularly encrypt his e-mail, "but he doesn't recommend that average users scramble their email, because he thinks the encryption software is just too difficult to use."

The newspaper also interviewed security expert Eugene Spafford, who rarely updates the operating system on one of his computers -- because it's not connected to the internet -- and sometimes even accesses his files with a virtual machine, which he then deletes when he's done. His home router is equipped with a firewall device, and "he's developed some tools in his research center that he uses to try to detect security problems," according to the article. "There are some additional things I do," Spafford added, telling the reporter that "I'm not going to give details of all of them, because that doesn't help me."

Bruce Schneier had a similar answer. When the reporter asked how he protected his data, Schneier wouldn't tell them, adding "I'm kind of a target..."
Data Storage

Ask Slashdot: What's The Best Way To Backup Large Amounts Of Personal Data? (foxdeploy.com) 356

An anonymous Slashdot reader has "approximately two terabytes of photos, currently sitting on two 4-terabyte 'Intel Rapid Storage' RAID 1 disks." But now they're considering three alternatives after moving to a new PC: a) Keep these exactly as they are... The current configuration is OK, but it's a pain if a RAID re-sync is needed as it takes a long time to check four terabytes.

b) Move to "Storage Spaces". I've not used Storage Spaces before, but reports seem to show it's good... It's a Good Thing that the disks are 100% identical and removable and readable separately. Downside? Unknown territory.

c) Break the RAID, and set up the second disk as a file-copied backup... [This] would lose a (small) amount of resilience, but wouldn't suffer from the RAID-sync issues, ideally a Mac-like "TimeMachine" backup would handle file histories.

Any recommendations?

This is also a good time to share your experiences with Storage Spaces, so leave your answers in the comments. What's the best way to backup large amounts of personal data?
Security

New Ransomware Poses As A Windows Update (hothardware.com) 88

Slashdot reader MojoKid quotes an article from Hot Hardware: A security researcher for AVG has discovered a new piece of ransomware called Fantom that masquerades as a critical Windows update. Victims who fall for the ruse will see a Windows screen acting like it's installing the update, but what's really happening is that the user's documents and files are being encrypted in the background...

The scam starts with a pop-up labeled as a critical update from Microsoft. Once a user decides to apply the fake update, it extracts files and executes an embedded program called WindowsUpdate.exe... As with other EDA2 ransomware, Fantom generates a random AES-128 key, encrypts it using RSA, and then uploads it to the culprit. From there, Fantom targets specific file extensions and encrypts those files using AES-128 encryption... Users affected by this are instructed to email the culprit for payment instructions.

While the ransomware is busy encrypting your files, it displays Microsoft's standard warning about not turning off the computer while the "update" is in progress. Pressing Ctrl+F4 closes that window, according to the article, "but that doesn't stop the ransomware from encrypting files in the background."
Microsoft

Microsoft Lost a City Because They Used Wikipedia Data (theregister.co.uk) 108

"Microsoft can't tell North from South on Bing Maps," joked The Register, reporting that Microsoft's site had "misplaced Melbourne, the four-million-inhabitant capital of the Australian State of Victoria." Long-time Slashdot reader RockDoctor writes: Though they're trying to minimise it, the recent relocation of Melbourne Australia to the ocean east of Japan in Microsoft's flagship mapping application is blamed on someone having flipped a sign in the latitude given for the city's Wikipedia page. Which may or may not be true. But the simple stupidity of using a globally-editable data source for feeding a mapping and navigation system is ... "awesome" is (for once) an appropriate word.

Well, it's Bing, so at least no-one was actually using it.

"Bing's not alone in finding Australia hard to navigate," reports The Register. "In 2012 police warned not to use Apple Maps as it directed those seeking the rural Victorian town of Mildura into the middle of a desert."
Iphone

Apple Fixes Three Zero Days Used In Targeted Attack (onthewire.io) 75

Trailrunner7 quotes a report from On The Wire: Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix them.

The attack that set off the investigation into the vulnerabilities targeted Ahmed Mansoor, an activist living in the UAE. Earlier this month, he received a text message that included a link to what was supposedly new information on human rights abuses. Suspicious, Manor forwarded the link to researchers at the University of Toronto's Citizen Lab, who recognized what they were looking at. "On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising ;new secrets' about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based 'cyber war' company that sells Pegasus, a government-exclusive "lawful intercept" spyware product," Citizen Lab said in a new report on the attack and iOS flaws.

Japan

Japanese Government Plans Cyber Attack Institute (thestack.com) 12

An anonymous reader quotes a report from The Stack: The government of Japan will create an institute to train employees to counter cyber attacks. The institute, which will be operational early next year, will focus on preventing cyber attacks on electrical systems and other infrastructure. The training institute, which will operate as part of Japan's Information Technology Promotion Agency (IPA), is the first center for training in Japan to focus on preventing cyber attacks.

A government source said that the primary aims will be preventing a large-scale blackout during the Tokyo Olympics and Paralympics in 2020, and stopping leaks of sensitive power plant designs. The source also stated that there is potential for a joint exercise in cyber awareness between the Japanese group and foreign cybersecurity engineers in the future.

The Internet

New SWEET32 Crypto Attacks Speed Up Deprecation of 3DES, Blowfish (threatpost.com) 53

Researchers "have devised a new way to decrypt secret cookies which could leave your passwords vulnerable to theft," reports Digital Trends. Slashdot reader msm1267 writes: New attacks revealed today against 64-bit block ciphers push cryptographic ciphers such as Triple-DES (3DES) and Blowfish closer to extinction. The attacks, known as SWEET32, allow for the recovery of authentication cookies from HTTPS traffic protected by 3DES, and BasicAUTH credentials from OpenVPN traffic protected by default by Blowfish.

In response, OpenSSL is expected to remove 3DES from its default bulid in 1.1.0, and lower its designation from High to Medium 1.0.2 and 1.0.1. OpenVPN, meanwhile, is expected to release a new version as well with a warning about Blowfish and new configuration advice protecting against the SWEET32 attacks. The researchers behind SWEET32 said this is a practical attack because collisions begin after a relatively short amount of data is introduced. By luring a victim to a malicious site, the attacker can inject JavaScript into the browser that forces the victim to connect over and over to a site they're authenticated to. The attacker can then collect enough of that traffic -- from a connection that is kept alive for a long period of time -- to recover the session cookie.

Communications

Cybercriminals Select Insiders To Attack Telecom Providers (helpnetsecurity.com) 24

An anonymous reader quotes a report from Help Net Security: Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, according to Kaspersky Lab. In addition, these criminals are also recruiting disillusioned employees through underground channels and blackmailing staff using compromising information gathered from open sources...

According to Kaspersky Lab researchers, if an attack on a cellular service provider is planned, criminals will seek out employees who can provide fast track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet service provider, the attackers will try to identify the employees who can enable network mapping and man-in-the-middle attacks.

Privacy

Eavesdropping On Tinder: Researcher Demonstrates Man-in-the-Middle Attacks (hert.org) 19

An anonymous Slashdot reader writes: Security expert Anthony Zboralski posted on HERT a social engineering attack for Tinder that lets you perform a man-in-the-middle attack against unsuspecting users. Zboralski says, "Not only we can eavesdrop on the conversation of two strangers, we can also change their reality." The attack can easily be extended to SMS, Whatsapp, iMessage and voice.
"At some point people exchange phone numbers and the Tinder convo stops. That's not a problem..." Zboralski explains, suggesting more ways to continue the man-in-the-middle exploits..

His article drew a response from Tinder, arguing they "employ several manual and automated mechanisms" to deter fake and duplicate profiles. But while they're looking for ways to improve, "ultimately, it is unrealistic for any company to positively validate the real-world identity of millions of users while maintaining the commonly expected level of usability."
United Kingdom

British Companies Are Selling Advanced Spy Tech To Authoritarian Regimes (vice.com) 57

An anonymous reader quotes a report from Motherboard: Since early 2015, over a dozen UK companies have been granted licenses to export powerful telecommunications interception technology to countries around the world, Motherboard has learned. Many of these exports include IMSI-catchers, devices which can monitor large numbers of mobile phones over broad areas. Some of the UK companies were given permission to export their products to authoritarian states such as Saudi Arabia, the United Arab Emirates, Turkey, and Egypt; countries with poor human rights records that have been well-documented to abuse surveillance technology. In 2015, the UK's Department for Business, Innovation and Skills (BIS) started publishing basic data about the exportation of telecommunications interception devices. Through the Freedom of Information Act, Motherboard obtained the names of companies that have applied for exportation licenses, as well as details on the technologies being shipped, including, in some cases, individual product names. The companies include a subsidiary of defense giant BAE Systems, as well as Pro-Solve International, ComsTrac, CellXion, Cobham, and Domo Tactical Communications (DTC). Many of these companies sell IMSI-catchers. IMSI-catchers, sometimes known as "Stingrays" after a particularly popular brand, are fake cell phone towers which force devices in their proximity to connect. In the data obtained by Motherboard, 33 licenses are explicitly marked as being for IMSI-catchers, including for export to Turkey and Indonesia. Other listings heavily suggest the export of IMSI-catchers too: one granted application to export to Iraq is for a "Wideband Passive GSM Monitoring System," which is a more technical description of what many IMSI-catchers do. In all, Motherboard received entries for 148 export license applications, from February 2015 to April 2016. A small number of the named companies do not provide interception capabilities, but defensive measures, for example to monitor the radio spectrum.
The Almighty Buck

Amazon Is Testing a 30-Hour, 75% Salary Workweek (washingtonpost.com) 184

Amazon is planning a pilot program in which a select group of workers will need to work for 30 hours a week, instead of the usual 40 to 70 hours, and make 75 percent of the salary + benefits (alternate source). From the report:Currently, the pilot program will be small, consisting of a few dozen people. These teams will work on tech products within the human resources division of the company, working Monday through Thursday from 10 a.m. to 2 p.m., with additional flex hours. Their salaries will be lower than 40-hour workers, but they will have the option to transition to full-time if they choose. Team members will be hired from inside and outside the company. As of now, Amazon does not have plans to alter the 40-hour workweek on a companywide level, the spokesman said.
Security

Dropbox Is Urging Users To Reset Their Passwords (fortune.com) 30

Dropbox is forcing a number of users to change their passwords after the cloud storage company found some account details linked to an old data breach. "The next time you visit dropbox.com, you may be asked to create a new password. We proactively initiated this password update prompt for Dropbox users who meet certain criteria," the company writes on its website. Fortune reports: The popular cloud storage said the move was related to the theft of an old set of Dropbox credentials, dating back to 2012. So the users the company has contacted are those who created Dropbox accounts before mid-2012 and have not updated their passwords since that time. Dropbox disclosed in July 2012 that some users were getting spammed, and the cause appeared to be the theft of usernames and passwords from other websites. As is often the case, some people reuse their usernames and passwords across different web services. (If it still needs saying, you really shouldn't reuse your passwords, ever.)

Slashdot Top Deals