Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×
Encryption

Turkey Arrests Journalists For Using Encryption 44

An anonymous reader sends news that three employees of Vice News were arrested in Turkey because one of them used an encryption system on his personal computer. That particular type of encryption has been used by the terrorist organization known as the Islamic State, so the men were charged with "engaging in terrorist activity." The head of a local lawyers association said, "I find it ridiculous that they were taken into custody. I don't believe there is any accuracy to what they are charged for. To me, it seems like an attempt by the government to get international journalists away from the area of conflict." The Turkish government denied these claims: "This is an unpleasant incident, but the judiciary is moving forward with the investigation independently and, contrary to claims, the government has no role in the proceedings."
Firefox

Video Mozilla Project Working on Immersive Displays (Video) 27

Yes, it's 3-D, and works with the Firefox browser. But that's not all. The MozVR virtual reality system is not just for Firefox, and it can incorporate infrared and other sensors to give a more complete picture than can be derived from visible light alone. In theory, the user's (client) computer needs no special hardware beyond a decent GPU and an Oculus Rift headset. Everything else lives on a server.

Is this the future of consumer displays? Even if not, the development is fun to watch, which you can start doing at mozvr.com -- and if you're serious about learning about this project you may want to read our interview transcript in addition to watching the video, because the transcript contains additional information.
Security

Bugs In Belkin Routers Allow DNS Spoofing, Credential Theft 42

Trailrunner7 writes: The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers. The vulnerabilities affect the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17, and potentially earlier versions of the firmware, as well. The vulnerabilities have not been patched by Belkin, the advisory from the CERT/CC says there aren't any practical workarounds for them. "DNS queries originating from the Belkin N600, such as those to resolve the names of firmware update and NTP servers, use predictable TXIDs that start at 0x0002 and increase incrementally. An attacker with the ability to spoof DNS responses can cause the router to contact incorrect or malicious hosts under the attacker's control," the advisory says.
Stats

Windows 10 Grabs 5.21% Market Share, Passing Windows Vista and Windows 8 194

An anonymous reader writes: The effects of a free upgrade to Windows 10 are starting to trickle in. Available for just over a month, Windows 10 has now captured more than 5 percent market share, according to the latest figures from Net Applications. In just four weeks, Windows 10 has already been installed on over 75 million PCs. Microsoft is aiming to have 1 billion devices running Windows 10 "in two to three years," though that includes not just PCs, but smartphones, consoles, and other devices as well.
Spam

Ask Slashdot: Should I Publish My Collection of Email Spamming IP Addresses? 91

An anonymous reader writes: I have, for a while now, been collecting IP addresses from which email spam has been sent to, or attempted to be relayed through, my email server. I was wondering if I should publish them, so that others can adopt whatever steps are necessary to protect their email servers from that vermin. However, I am facing ethical issues here. What if the addresses are simply spoofed, and therefore branding them as spamming addresses might cause harm to innocent parties? What if, after having been co-opted by spammers, they are now used legitimately? I wonder if there's a market for all the thousands of webmail addresses that send Slashdot nothing but spam.
United States

US Weighs Sanctioning Russia As Well As China In Cyber Attacks 72

New submitter lvbees7 writes with news that U.S. officials have warned that the government may impose sanctions against Russia and China following cyber attacks to commercial targets. According to the Reuters story: The officials, who spoke on condition of anonymity, said no final decision had been made on imposing sanctions, which could strain relations with Russia further and, if they came soon, cast a pall over a state visit by Chinese President Xi Jinping in September. The Washington Post first reported the Obama administration was considering sanctioning Chinese targets, possibly within the next few weeks, and said that individuals and firms from other nations could also be targeted. It did not mention Russia.
Security

Six UK Teens Arrested For Being "Customers" of Lizard Squad's DDoS Service 72

An anonymous reader writes: UK officials have arrested six teenagers suspected of utilizing Lizard Squad's website attack tool called "Lizzard Stresser". Lizard Squad claimed responsibility for the infamous Christmas Day Xbox Live and PlayStation Network attacks. The teenagers "are suspected of maliciously deploying Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous," an NCA spokesperson wrote in an official statement on the case. "Organizations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies, and a number of online retailers."
Businesses

Apple Partners With Cisco To Boost Enterprise Business 84

An anonymous reader writes: Apple and Cisco announced a partnership aimed at helping Apple's devices work better for businesses. Cisco will provide services specially optimized for iOS devices across mobile, cloud, and on premises-based collaboration tools such as Cisco Spark, Cisco Telepresence and Cisco WebEx, the companies said in a statement. "What makes this new partnership unique is that our engineering teams are innovating together to build joint solutions that our sales teams and partners will take jointly to our customers," Cisco Chief Executive Chuck Robbins said in a blog post.
Programming

The Most Important Obscure Languages? 420

Nerval's Lobster writes: If you're a programmer, you're knowledgeable about "big" languages such as Java and C++. But what about those little-known languages you only hear about occasionally? Which ones have an impact on the world that belies their obscurity? Erlang (used in high-performance, parallel systems) springs immediately to mind, as does R, which is relied upon my mathematicians and analysts to crunch all sorts of data. But surely there are a handful of others, used only by a subset of people, that nonetheless inform large and important platforms that lots of people rely upon... without realizing what they owe to a language that few have ever heard of.
IOS

Over 225,000 Apple Accounts Compromised Via iOS Malware 197

An anonymous reader writes: Researchers from Palo Alto Networks and WeipTech have unearthed a scheme that resulted in the largest known Apple account theft caused by malware. All in all, some 225,000 valid Apple accounts have been compromised. The theft is executed via variants of the KeyRaider iOS malware, which targets jailbroken iOS devices. Most of the victims are Chinese — the malware is distributed through third-party Cydia repositories in China — but users in other countries have also been affected (European countries, the U.S., Australia, South Korea, and so on). "The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device," Palo Alto researcher Claud Xiao explained. "KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads."
The Internet

CenturyLink Takes $3B In Subsidies For Building Out Rural Broadband 198

New submitter club77er writes with a link to a DSL Reports article outlining some hefty subsidies (about $3 billion, all told) that CenturyLink has signed up to receive, in exchange for expanding its coverage to areas considered underserved: According to the CenturyLink announcement, the telco will take $500 million a year for six years from the Federal Communications Commission (FCC)'s Connect America Fund (CAF). In exchange, it will expand broadband to approximately 1.2 million rural households and businesses in 33 states. While the FCC now defines broadband as 25 Mbps down, these subsidies require that the deployed services be able to provide speeds of at least 10 Mbps down.
Open Source

Linux Kernel 4.2 Released 138

An anonymous reader writes: The Linux 4.2 kernel is now available. This kernel is one of the biggest kernel releases in recent times and introduces rewrites of some of the kernel's Intel Assembly x86 code, new ARM board support, Jitter RNG improvements, queue spinlocks, the new AMDGPU kernel driver, NCQ TRIM handling, F2FS per-file encryption, and many other changes to benefit most Linux users.
Communications

Ask Slashdot: Suggestions For Taking a Business Out Into the Forest? 144

An anonymous reader writes: I'm a huge fan of primitive survival reality TV. I am also self-employed in web troubleshooting and hosting services. I have to be available 24/7, but a lot of my work is just being online for a few minutes at a time. I often think about taking my business 'outdoors', camping, 3-7 days or so at a time — but staying online. Has anyone had experience with this? How did you do it, in terms of internet connectivity and portable power? Satellite internet or long distance Wi-Fi antennaes and a very tall pole? I've looked at some portable power stations with solar attachments, but the idea of hand-cranking to recharge if it's overcast isn't fun, after all, the point is to relax. But I'm willing to manually recharge if it's realistic (would prefer pedaling though!) I happen to have a Toughbook CF-52 (I just thought it was cool) but I may need to replace that with a more eco-friendly laptop as well. Thanks!
Crime

The Coming Terrorist Threat From Autonomous Vehicles 212

HughPickens.com writes: Alex Rubalcava writes that autonomous vehicles are the greatest force multiplier to emerge in decades for criminals and terrorists and open the door for new types of crime not possible today. According to Rubalcava, the biggest barrier to carrying out terrorist plans until now has been the risk of getting caught or killed by law enforcement so that only depraved hatred, or religious fervor has been able to motivate someone to take on those risks as part of a plan to harm other people. "A future Timothy McVeigh will not need to drive a truck full of fertilizer to the place he intends to detonate it," writes Rubalcava. "A burner email account, a prepaid debit card purchased with cash, and an account, tied to that burner email, with an AV car service will get him a long way to being able to place explosives near crowds, without ever being there himself." A recent example is instructive. Dzhokhar and Tamerlan Tsarnaev were identified by an examination of footage from numerous private security cameras that were recording the crowd in downtown Boston during the Marathon. Imagine if they could have dispatched their bombs in the trunk of a car that they were never in themselves? Catching them might have been an order of magnitude more difficult than it was.

According to Rubalcava the reaction to the first car bombing using an AV is going to be massive, and it's going to be stupid. There will be calls for the government to issue a stop to all AV operations, much in the same way that the FAA made the unprecedented order to ground 4,000-plus planes across the nation after 9/11. "But unlike 9/11, which involved a decades-old transportation infrastructure, the first AV bombing will use an infrastructure in its infancy, one that will be much easier to shut down" says Rubalcava. "That shutdown could stretch from temporary to quasi-permanent with ease, as security professionals grapple with the technical challenge of distinguishing between safe, legitimate payloads and payloads that are intended to harm."
(And don't forget The Dead Pool.)
Graphics

Do We Need More Emojis? 263

mikejuk writes to note that the Unicode Consortium has accepted 38 new emoji characters as candidates for Unicode 9.0, including characters depicting bacon and a duck."Why could we possibly need a duck? Many of the new characters are the 'other half' of gender-matched pairs, so the Dancer emoji (which is usually rendered as Apple's salsa dancing woman) gets a Man Dancing emoji, who frankly looks like a cross between John Travolta in Saturday Night Fever and your dad at the wedding disco. ... Other additions include carrot, cucumber, and avocado, and bacon. ... The list of additions is rounded off with new animal emojis. Some are the 'missing' zodiac symbols (lion and crab). Others are as baffling as ever – is there *really* a demand for a mallard duck? Sorry: it's in fact a drake!
Security

Abusing Symbolic Links Like It's 1999 53

An anonymous reader writes with this snippet from James Forshaw's recent post at Google's Project Zero, which begins For the past couple of years I've been researching Windows elevation of privilege attacks. This might be escaping sandboxing or gaining system privileges. One of the techniques I've used multiple times is abusing the symbolic link facilities of the Windows operating system to redirect privileged code to create files or registry keys to escape the restrictive execution context. Symbolic links in themselves are not vulnerabilities, instead they're useful primitives for exploiting different classes of vulnerabilities such as resource planting or time-of-check time-of-use. Click through that link to see examples of this abuse in action, but also information about how the underlying risks have been (or can be) mitigated.
Security

Systemd Absorbs "su" Command Functionality 740

jones_supa writes: With a pull request systemd now supports a su command functional and can create privileged sessions that are fully isolated from the original session. The su command is seen as bad because what it is supposed to do is ambiguous. On one hand it's supposed to open a new session and change a number of execution context parameters, and on the other it's supposed to inherit a lot concepts from the originating session. Lennart Poettering's long story short: "`su` is really a broken concept. It will given you kind of a shell, and it's fine to use it for that, but it's not a full login, and shouldn't be mistaken for one." The replacement command provided by systemd is machinectl shell.
Transportation

Uber Hires Hackers Who Remotely Killed a Jeep 31

An anonymous reader writes: The past several weeks have been rife with major vulnerabilities in modern cars, but none were so dramatic as when Charlie Miller and Chris Valasek tampered with the systems on a moving Jeep Cherokee. Now, Miller and Valasek have left their jobs to join a research laboratory for Uber. It's the same lab that became home for a number of autonomous vehicle experts poached from Carnegie Mellon University. From the article: "As Uber plunges more deeply into developing or adapting self-driving cars, Miller and Valasek could help the company make that technology more secure. Uber envisions autonomous cars that could someday replace its hundreds of thousands of contract drivers. The San Francisco company has gone to top-tier universities and research centers to build up this capability."
Security

Symantec Researchers Find 49 New Modules of Regin Spying Tool 23

itwbennett writes: Security researchers from Symantec have identified 49 more modules (bringing the total number found so far to 75) of the sophisticated Regin cyberespionage platform that many believe is used by the U.S. National Security Agency and its close allies. Some of the modules implement basic malware functions, while other modules are much more specialized and built with specific targets in mind. 'One module was designed to monitor network traffic to Microsoft Internet Information Services (IIS) web servers, another was observed collecting administration traffic for mobile telephony base station controllers, while another was created specifically for parsing mail from Exchange databases,' the Symantec researchers said in an updated version of their white paper (PDF) published Thursday.
Privacy

Ashley Madison CEO Steps Down, Reporter Finds Clues To Hacker's Identity 213

Dave Knott writes: Following the recent hacks on the infidelity website Ashley Madison, Noel Biderman has stepped down as CEO of both AshleyMadison.com and its parent company. Avid Life Media Inc., the company that owns the site and many others, announced Biderman's move in a short press release on Friday: "Noel Biderman, in mutual agreement with the company, is stepping down as chief executive officer of Avid Life Media Inc. (ALM) and is no longer with the company. Until the appointment of a new CEO, the company will be led by the existing senior management team." Before the data hack, the company was planning an IPO in London that would have taken in as much as $200 million from investors. According to regulatory filings, the company had $115 million in revenue last year, more than four times the amount it obtained in 2009.

Meanwhile, in related news, Brian Krebs (the reporter who first uncovered the hack) says he has uncovered clues to the possible identity of the hacker. Krebs says he noticed the Twitter account operated by a known hacker recently posted a link to Ashley Madison's stolen proprietary source code before it was made public. Intrigued by the poster's apparent access, he examined the account's posting history and noticed a predilection for the music of Australian hard rock band AC/DC. This jibes with the behavior of the hacker(s), who had displayed threatening messages on the computers of Ashley Madison employees, accompanied by AC/DC song Thunderstruck. In a series of tweets, the owner of the account, one Thadeus Zu, appears to deny that he was behind the hack, and indeed makes several suggestions that the account itself isn't even run by one person, but is instead an amalgam of like-minded digital vigilantes.
The NY Times also reports that people whose details were contained in the leak are beginning to face threats of blackmail.