An anonymous reader writes: LinkedIn has fixed a security bug that allowed attackers to use its own CSS code for clickjacking attacks. Basically attackers can create blog posts and load CSS classes from LinkedIn's own stylesheets. If a reader lands on that blog post, then a malicious link can be shown for the entire area of the page. Not something "unique" since this type of method is quite well-known, but you don't generally expect to find these kind of attacks on LinkedIn's own platform. (Here's a link to the LinkedIn security blog. Sorry for not linking to the particular blog — LinkedIn has a weird URL policy. It's the first one.)
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×
tedlistens writes: On August 11, 1994, 21-year-old Dan Kohn, founder of a pioneering, online commerce site, made his first web sale. His customer, a friend of his in Philadelphia, spent $12.48, plus shipping costs on Sting's CD "Ten Summoner's Tales," in a transaction protected by PGP encryption. "Even if the N.S.A. was listening in, they couldn't get his credit card number," Kohn told a New York Times reporter in an article about NetMarket the following day. According to a new short video about the history of online shopping, there were a few precedents, including a weed deal between grad students on the ARPANET and a 74-year-old British grandmother who in 1984 used a Videotex—essentially a TV connected to telephone lines—to order margarine, eggs, and cornflakes.
An anonymous reader writes: After years of rulings against The Pirate Bay around Europe, a Swedish court has now ruled that the country's ISPs can't be forced to block access to the torrent indexer. The case centers around copyright holders and an ISP called Bredbandsbolaget. The ISP refused to comply with demands that music pirates be cut off from internet access. When rightsholders couldn't get traction that way, they added Bredbandsbolaget to their list of targets. The court found that the ISP does not "participate" in copyright infringement carried out by its subscribers, and is thus not liable for any damages incurred.
An anonymous reader writes: UK prisons will roll out enhanced internet and mobile phone blocking technologies, according to new measures announced yesterday by Chancellor George Osborne in the Autumn Statement. The step, which seeks to stop inmate access to the internet and calls made from mobile devices, will involve part of a £1.3bn investment from the Ministry of Justice to improve the country's Prison Service. Through this strategy, the government hopes to drive "safety improvements" by denying calls and data used on illicit mobile devices. The latest development in blocking technologies promises to be better (paywalled) than earlier systems, which inmates have been able to get around.
JoeyRox points out that Glenn Greenwald has some harsh words for the CIA in an op-ed piece for the LA Times. From the article: "Decent people see tragedy and barbarism when viewing a terrorism attack. American politicians and intelligence officials see something else: opportunity. Bodies were still lying in the streets of Paris when CIA operatives began exploiting the resulting fear and anger to advance long-standing political agendas. They and their congressional allies instantly attempted to heap blame for the atrocity not on Islamic State but on several preexisting adversaries: Internet encryption, Silicon Valley's privacy policies and Edward Snowden."
An anonymous reader writes: According to a Google report the company has evaluated 1,234,092 URLs from 348,085 requests since the EU's May 2014 "right to be forgotten" ruling, and has removed 42% of those URLs. Engadget reports: "To show how it comes to its decisions, the company shared some of the requests it received and its decisions. For example: a private citizen that was convicted of a serious crime, but had that conviction overturned during appeal, had search results about the crime removed. Meanwhile a high ranking public official in Hungary failed to get the results squelched of a decades-old criminal conviction. Of course, that doesn't mean the system is perfect and the company has already been accused of making mistakes."
StewBeans writes: In this lighthearted article for the holiday, IT executives were asked, if they could invite any technologist living or deceased to their Thanksgiving dinner, who would they invite and why? One CTO said that he'd invite the CTO of Amazon, Werner Vogels, so he could hear his thoughts on the future of cloud computing. Another would invite Ratan Tata, who he calls the "Bill Gates of India." Other responses range from early visionaries like Grace Hopper and Vint Cerf to the mysterious inventors/designers of the Roland TR-808.
An anonymous reader writes with news that Cox Communications' insurer, Lloyds Of London underwriter Beazley, is refusing to cover legal costs and any liabilities from the case brought against it by BMG and Round Hill Music. TorrentFreak reports: "Trouble continues for one of the largest Internet providers in the United States, with a Lloyds underwriter now suing Cox Communications over an insurance dispute. The insurer is refusing to cover legal fees and potential piracy damages in Cox's case against BMG Rights Management and Round Hill Music. Following a ruling from a Virginia federal court that Cox is not protected by the safe-harbor provisions of the DMCA, the Internet provider must now deal with another setback. Following a ruling from a Virginia federal court that Cox is not protected by the safe-harbor provisions of the DMCA, the Internet provider must now deal with another setback."
An anonymous reader writes: Benedict Evans has an interesting post about where television hardware is headed. In the 1990s and early 2000s, the tech industry made a huge push to invade the living room, trying to make the internet mesh with traditional TV broadcasts. As we all know, their efforts failed. Now, we periodically see new waves of devices to attach to the TV, but none have been particularly ambitious. The most successful devices of the recent wave, like the Chromecast and Apple TV, are simply turning the TV into a dumb screen for streamed content. Meanwhile, consumption of all types of video content is growing on smaller screens — tablets, phones, etc. Even game consoles are starting to see their market eroded by boxes like the Steam Link, which acts as a pipe for a game being played elsewhere on a PC. It raises an intriguing question: where is the television headed? What uses and functions does one giant screen serve that can't be cleverly redistributed to smaller screens? Evans concludes, "The web's open, permissionless innovation beat the closed, top-down visions of interactive TV and the information superhighway."
szczys writes: Everyone loves Tamagochi, the little electronic keychains spawned in the '90s that let you raise digital pets. Some time ago, XKCD made a quip about an internet-based matrix of thousands of these digital entities. That quip is now a reality thanks to elite hardware hacker Jeroen Domburg (aka Sprite_TM). In his recent talk called "The Tamagochi Singularity" at the Hackaday SuperConference he revealed that he had built an infinite network of virtual Tamagochi by implementing the original hardware as a virtual machine. This included developing AI to keep them happy, and developing a protocol to emulate their IR interactions. But he went even further, hacking an original keychain to use wirelessly as a console which can look in on any of the virtual Tamagochi living on his underground network. This full-stack process is unparalleled in just about every facet: complexity, speed of implementation, awesome factor, and will surely spark legions of other Tamagochi Matrices.
Mickeycaskill writes: UK network operator EE says it is investigating the possibility of blocking adverts at a network level, allowing customers to limit the types and frequency of adverts they see in browsers and applications. The move is likely to concern digital publishers, many of whom rely on advertising revenue to fund their content. Ad blockers have become more popular in recent times, with many users employing them to save battery life, consume less data and protect against malvertising attacks. EE CEO Olaf Swantee said, "We think it’s important that, over time, customers start to be offered more choice and control over the level and intensity of ads on mobile. For EE, this is not about ad blocking, but about starting an important debate around customer choice, controls and the level of ads customers receive. This is an important debate that needs to happen soon."
blottsie writes: Since 2010, the Straters have been under assault from an online campaign of ever-increasing harassment — prank deliveries, smear attacks, high-profile hacks, and threats of violence against schools and law enforcement officials in their name — and it's slowly torn them apart. Masterminding it all is a teenage Lizard Squad hacker from Finland, at war with their son, Blair, over a seemingly minor dispute. "When the family started getting notices about their utilities being disconnected, they realized things were escalating out of control. Utility provider Commonwealth Edison once called the house to iron out the details about a request to have the power turned off after a supposed move. Something similar happened with their trash service. On Halloween 2013, Comcast shut off their cable and Internet service."
SysKoll writes: The DMCA is well-known for giving exorbitant powers to copyright holders, such as taking down a page or a whole web site without a court order. Media companies buy services from vendors like Rightscorp, a shake-down outfit that issues thousands of robot-generated take-down notices and issues threats against ISPs and sites ignoring them. Cox, like a lot of ISPs, is inundated with abusive take-down notices, in particular from Rightscorp. Now, BMG Rights Management and Round Hill Music are suing Cox for refusing to shut off the Internet access of subscribers that Rightscorp accused of downloading music via BitTorrent. Cox argues that as an ISP, they benefit from the Safe Harbor provision that shields access providers from subscribers' misbehavior. Not so, says U.S. District Judge Liam O'Grady. The judge sided with the media companies ahead of trial, saying Cox should have terminated the repeat offenders accused by Rightscorp. Cox's response is quite entertaining for a legal document (PDF): its description of Rightscorp includes the terms "shady," "shake-down," and "pay no attention to the facts." O'Grady also derided the Electronic Frontier Foundation's attempt to file an amicus brief supporting Cox, calling them hysterical crybabies.
JoeyRox writes: Yahoo is running an A/B test that blocks access to Yahoo email if the site detects that the user is running an Ad Blocker. Yahoo says that this a trial rather than a new policy, effecting only a "small number" of users. Those lucky users are greeted with a message that reads "Please disable Ad Blocker to continue using Yahoo Mail." Regarding the legality of the move, "Yahoo is well within its rights to do so," said Ansel Halliburton an attorney at Kronenberger Rosenfeld who specializes in Internet law.
itwbennett writes: "Over the last few days, the group responsible for extortion attempts and death threats against Ashley Madison users has turned to a new set of targets – Patreon users," writes CSO's Steve Ragan. A message sent from the same account used in previous campaigns by the scammers demands a payment of 1 BTC or else the Patreon user will have their personal information exposed. "The [Bitcoin] wallet being used by the group has barely collected anything," says Ragan, "suggesting that after their massive push towards Ashley Madison users, people have stopped falling for their scams."
An anonymous reader writes: The cyber attack on Sony was one of the highest profile hacks in the past several years. Slate tracked down two dozen people who worked there at the time, and asked them what it was like on the inside while it was happening. Quoting: "The telephone directory vanished. Voicemail was offline. Computers became bricks. Internet access on the lot was shuttered. The cafeteria went cash-only. Contracts—and the templates those contracts were based on—disappeared. Sony's online database of stock footage was unsearchable. It was near impossible for Sony to communicate directly with its employees—much less ex-employees, who were also gravely affected by the hack—to inform them of what was even happening and what to do about it. 'It was like moving back into an earlier time,' one employee says." Some employees had their workloads doubled, some had nothing to do. While the hack brought the company together at the beginning, it eventually descended into recriminations and lawsuits.
retroworks writes: According to a recent tweet from the #OpParis account, Anonymous are delivering on their threat to hack Isis, and are now flooding all pro-Isis hastags with the grandfather of all 2007 memes — Rick Astley's "Never Gonna Give You Up" music video. Whenever a targeted Isis account tries to spread a message, the topic will instead be flooded with countless videos of Rick Astley circa 1987. Not all are praising Anonymous methods, however. While Metro UK reports that the attacks have been successful, finding and shutting down 5,500 Twitter accounts, the article also indicates that professional security agencies have seen sources they monitor shut down. Rick Astley drowns out intelligence as well as recruitment.
StewBeans writes: Much has been discussed about the potential security risks of an Internet of Things future in which billions of devices and machines are all talking to each other automatically. But the IoT market is exploding at a breakneck pace, leaving all companies scrambling to figure out the security piece of the puzzle now, before it's too late. In fact, some experts believe this issue will be what separates the winners from the losers, as security concerns either stop companies from getting into the IoT market, or delay existing IoT projects and leave the door open to swifter competition. That's likely why, according to CIO Magazine's annual survey, CIOs are spending a third of their time on security. Adam Dennison from CIO said, "If IT leaders want to embrace the sexy, new technologies they are hearing about today—the SMAC stack, third platform, Internet of Things, etc—security is going to be upfront and at the center of the discussion."
Gumbercules!! writes: A small Australian ISP has received a demand that it block access to an overseas website or face legal action in the Federal Court, in a case in which a building company is demanding the ISP block access to an overseas site with a similar name. This case is being seen as a test case, potentially opening the way for companies and aggregated customers to use the new anti-piracy laws to block access to companies or their competition. The ISP in question has obviously been selected because they're very small and have limited financial capacity to fight a legal case.
An anonymous reader writes: Broadband service provider Gigaclear announced it will offer 5 Gbps internet service beginning next year. Most homes would be hard-pressed to consume data at this rate today, but these speeds will become necessary when over-the-top television services like Netflix and HBO GO become commonplace, television pixel densities grow to 8K (7680p X 4320p) at 60 to 120 fps, and the IoT connects every other home device to the internet. “We’re offering customers the chance to access absolutely phenomenal broadband speeds,” Gigaclear CEO Matthew Hare said in an official announcement. “To be clear, this is a premium service that gives the fastest Internet speeds in the country to those of our customers who want the best connection that they can get.”