International Exploit Kit Angler Thwarted By Cisco Security Team 28

An anonymous reader writes: Researchers at a Cisco security unit have successfully interrupted the spread of a massive international exploit kit which is commonly used in ransomware attacks. The scientists discovered that around 50% of computers infected with Angler were connecting with servers based at a Dallas facility, owned by provider Limestone Networks. Once informed, Limestone cut the servers from its network and handed over the data to the researchers who were able to recover Angler authentication protocols, information needed to disrupt future diffusion.
Electronic Frontier Foundation

EFF Joins Nameless Coalition and Demands Facebook Kills Its Real Names Policy 191

Mark Wilson writes: Facebook has seen heavy criticism for its real names (or 'authentic identities' as they are known to the social network) policy. Over the last year, all manner of rights groups and advocates have tried to convince Facebook to allow users to drop their real name in favor of a pseudonym if they want. Now the Electronic Frontier Foundation is part of the 74-member strong Nameless Coalition and has written to Facebook demanding a rethink on the ground of safety, privacy, and equality. This is far from being the first time Facebook has been called on to allow the use of 'fake names', and the latest letter is signed by LGBT groups, freedom advocates, privacy supporters, and feminist organizations.

Twitter Shuts Down JSON API and Names New CEO 100

An anonymous reader writes: This month Twitter is closing down the JSON endpoint API which thousands of third-party software and plugin developers have depended upon for years. The alternative Rest API offers data which is aggregated or limited in other ways, whilst the full-featured share data offered by Gnip (purchased last year by Twitter) can cost developers thousands per month to access — in one case up to £20,000 a month. The general objective seems to be to either drive users back to the core Twitter interface where they can be monetized via the social network's advertising, or to regain lost advertising by converting open source data — currently utilized a lot in scientific research — into premium information, offering the possibility for well-funded organizations to gain reputations as Twitter barometers without ever needing to expose the expensive, accurate share figures. The company also announced today that co-founder Jack Dorsey would be the new CEO.
Hardware Hacking

Sensor Network Makes Life Easier For Japan's Aging Rice Farmers 87

szczys writes: The average age of Japan's rice farmers is 65-70 years old. The work is difficult and even small changes to the way things are done can have a profound impact on these lives. The flooded paddies where the rice is grown must maintain a consistent water level, which means farmers must regularly traverse the terraced fields to check many different paddies. A simple sensor board is changing this, letting farmers check their fields by phone instead of in person.

This might not sound like much, but reducing the number of times someone needs to walk the fields has a big effect on the man-hours spent on each crop. The system, called TechRice, is inexpensive and the nodes recharge batteries from a solar cell. The data is aggregated on the Internet and can be presented as a webpage, a text-message interface, or any other reporting scheme imaginable by utilizing the API of the Open Source software. This is a testament to the power we have as small groups of engineers to improve the world.

Vigilante Malware Protects Routers Against Other Security Threats 78

Mickeycaskill writes: Researchers at Symantec have documented a piece of malware that infects routers and other connected devices, but instead of harming them, improves their security. Affected routers connect to a peer-to-peer network with other compromised devices, to distribute threat updates. 'Linux.Wifatch' makes no attempt to conceal itself and even left messages for users, urging them to change their passwords and update their firmware. Symantec estimates 'tens of thousands' of devices are affected and warns that despite Wifatch's seemingly philanthropic intentions, it should be treated with caution.

"It should be made clear that Linux.Wifatch is a piece of code that infects a device without user consent and in that regard is the same as any other piece of malware," said Symantec. "It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions." There is one simple solution to rid yourself of the malware though: reset your device

30 Years a Sysadmin 162

itwbennett writes: Sandra Henry-Stocker's love affair with Unix started in the early 1980s when she 'was quickly enamored of the command line and how much [she] could get done using pipes and commands like grep.' Back then, she was working on a Zilog minicomputer, a system, she recalls, that was 'about this size of a dorm refrigerator'. Over the intervening years, a lot has changed, not just about the technology, but about the job itself. 'We might be 'just' doing systems administration, but that role has moved heavily into managing security, controlling access to a wide range of resources, analyzing network traffic, scrutinizing log files, and fixing the chinks on our cyber armor,' writes Henry-Stocker. What hasn't changed? Systems administration remains a largely thankless role with little room for career advancement, albeit one that she is quick to note is 'seldom boring' and 'reasonably' well-paid. And while 30 years might not be a world's record, it's pretty far along the bell curve; have you been at it longer?

Snowden Joins Twitter, Follows NSA 206

wiredmikey writes: Edward Snowden joined Twitter Tuesday, picking up more than a quarter of a million followers on the social network in just over two hours. Snowden followed a single Twitter account: the U.S. National Security Agency, from which he stole electronic documents revealing the agency's secret surveillance programs. "Can you hear me now?" he asked in his first tweet, which was quickly resent by Twitter users tens of thousands of times. In his second, Snowden noted the recent news about the planet Mars and then quipped about the difficulty he had finding asylum after the U.S. government fingered him as the source of the NSA leaks. "And now we have water on Mars!" he wrote. "Do you think they check passports at the border? Asking for a friend."
United States

Raytheon Wins US Civilian Cyber Contract Worth $1 Billion 62

Tokolosh writes: Raytheon is a company well-known in military-industrial and political circles, but not so much for software, networking and cybersecurity. That has not stopped the DHS awarding it a $1 billion, five year contract to help more than 100 civilian agencies manage their computer security. Raytheon said DHS selected it to be the prime contractor and systems integrator for the agency's Network Security Deployment (NSD) division, and its National Cybersecurity Protection System (NCPS). The contract runs for five years, but some orders could be extended for up to an additional 24 months, it said. Dave Wajsgras, president of Raytheon Intelligence, Information and Services, said the company had invested over $3.5 billion in recent years to expand its cybersecurity capabilities. He said cybersecurity incidents had increased an average of 66 percent a year worldwide between 2009 and 2014. As you might expect, Raytheon spends heavily on political contributions and lobbying.
United Kingdom

Does IoT Data Need Special Regulation? 99

dkatana writes: As part of the UK's Smart Meter Implementation Programme, Spain's Telefonica is deploying a M2M solution, using its own proprietary network, to collect and transmit data from 53 million gas and electricity smart meters. The most troubling issue is that the UK government awarded the contract to a private telecom that uses a proprietary network rather than to an independent organization that uses freely available spectrum and open source solutions. Those Smart Meters are supposed to be in operation for more than three decades, and rely on a network that can cease to exist. On top of that, the network, running proprietary protocols, can be hacked, and "will be hacked". Only Telefonica will be able to fix it.

Inside Amazon's Cloud Computing Infrastructure 76

1sockchuck writes: As Sunday's outage demonstrates, the Amazon Web Services cloud is critical to many of its more than 1 million customers. Data Center Frontier looks at Amazon's cloud infrastructure, and how it builds its data centers. The company's global network includes at least 30 data centers, each typically housing 50,000 to 80,000 servers. "We really like to keep the size to less than 100,000 servers per data center," said Amazon CTO Werner Vogels. Like Google and Facebook, Amazon also builds its own custom server, storage and networking hardware, working with Intel to produce processors that can run at higher clockrates than off-the-shelf gear.

Video Security is an Important Coding Consideration Even When You Use Containers (Video) 57

Last month Tom Henderson wrote an article titled Container wars: Rocket vs. Odin vs. Docker. In that article he said, "All three are potentially very useful and also potentially very dangerous compared to traditional hypervisor and VM combinations."

Tom's list of contributions at Network World show you that he's not a neophyte when it comes to enterprise-level security, and that he's more of a product test/analytical person than a journalist. And afraid to state a strong opinion? That's someone else, not Tom, who got flamed hard for his "Container Wars" article, but has been proved right since it ran. Tom also says, in today's interview, that the recent Apple XcodeGhost breach should be a loud wake-up call for developers who don't worry enough about security. But will it? He's not too sure. Are you?

Misusing Ethernet To Kill Computer Infrastructure Dead 303

Some attacks on computers and networks are subtle; think Stuxnet. An anonymous reader writes with a report at Net Security of researcher Grigorios Fragkos's much more direct approach to compromising a network: zap the hardware from an unattended ethernet port with a jolt of electricity. Fragkos, noticing that many networks include links to scattered and unattended ethernet ports, started wondering whether those ports could be used to disrupt the active parts of the network. Turns out they can, and not just the ports they connect to directly: with some experimentation, he came up with a easily carried network zapping device powerful enough to send a spark to other attached devices, too, but not so powerful -- at least in his testing -- to set the building on fire. As he explains: I set up a network switch, and over a 5 meters Ethernet cable I connected an old working laptop. Over a 3 meters cable I connected a network HDD and over a 100 meters cable I connected my “deathray” device. I decided to switch on the device and apply current for exactly 2 seconds. The result was scary and interesting as well. The network switch was burned instantly with a little “tsaf” noise. There was also a buzzing noise coming from the devices plugged-in to the network switch, for a less than a second. There was a tiny flash from the network HDD and the laptop stopped working. It is not the cheapest thing in the world to test this, as it took all of my old hardware I had in my attic to run these experiments. I believe the threat from such a high-voltage attack against a computer infrastructure is real and should be dealt with.

Chinese Researchers Propose Tor-Inspired Overhaul of Bitcoin 46

Patrick O'Neill writes: Although Bitcoin was never designed to be anonymous, many of its users have used it as if it were. Now, two prominent Chinese researchers are proposing a system that encrypts all new Bitcoin transactions layer by layer to beat network analysis that can unmask Bitcoin users. The new research is inspired by the Tor anonymity network. The researchers' paper is at arXiv. (Also covered by The Stack.)

Facebook Dislike Hype Exploited In Phishing Campaign 54

An anonymous reader writes: A new Facebook scam is quickly spreading across the social network which plays on the announcement of the highly-anticipated 'Dislike' button. A new scamming campaign is now exploiting impatient Facebook users anxiously awaiting the dislike button addition, by tricking them into believing that they can click on a link to gain early access to the feature. Once the unsuspecting victim selects a link, they are led to a malicious website, which enables access to their private Facebook accounts and allows the hackers to share further scam links on their behalf.

AVG Proudly Announces It Will Sell Your Browsing History To Online Advertisers 229

An anonymous reader writes: AVG, the Czech antivirus company, has announced a new privacy policy in which it boldly and openly admits it will collect user details and sell them to online advertisers for the purpose of continuing to fund its freemium-based products. This new privacy policy is slated to come into effect starting October 15. The policy says: We collect non-personal data to make money from our free offerings so we can keep them free, including: Advertising ID associated with your device; Browsing and search history, including meta data; Internet service provider or mobile network you use to connect to our products, and Information regarding other applications you may have on your device and how they are used.

AT&T Says Malware Secretly Unlocked Hundreds of Thousands of Phones 123

alphadogg writes: AT&T said three of its employees secretly installed software on its network so a cellphone unlocking service could surreptitiously funnel hundreds of thousands of requests to its servers to remove software locks on phones. The locks prevent phones from being used on competing networks and have been an important tool used by cellular carriers to prevent customers from jumping ship.

Microsoft Has Built a Linux Distro 282

jbernardo writes: Microsoft has built a Linux distro, and is using it for their Azure data centers. From their blog post: "It is a cross-platform modular operating system for data center networking built on Linux." Apparently, the existing SDN (Software Defined Network) implementations didn't fit Microsoft's plans for the ACS (Azure Cloud Switch), so they decided to roll their own infrastructure. No explanation why they settled on Linux, though — could it be that there is no Windows variant that would fit the bill? In other news, Lucifer has been heard complaining of the sudden cold.

Apple's First Android App Makes It Easy To Move To iOS 174

Mark Wilson writes: Apple has released its first ever Android app. No, there's not an Android version of Safari or anything like that, but a tool designed to simplify the process of switching to iOS. The predictably named Move to iOS will appeal to anyone who was persuaded to switch allegiances by the release of the iPhone 6s and iPhone 6s Plus, or indeed iOS 9. The app can be used to move contacts, messages, photos and more to a new iPhone or iPad, and is compatible with phones and tablets running Android 4.0 and newer. It works slightly differently to what you may have expected. Rather than uploading data to the cloud, it instead creates private Wi-Fi network between an Android and iOS device and securely transfers it.

Followup: Library Board Unanimously Supports TOR Relay 95

Wrath0fb0b writes: Last week, the administrators of the Kilton Public Library in New Hampshire suspended a project to host a Tor relay after the DHS sent them an email asking them to reconsider. At a board meeting yesterday, the exit node was reinstated by unanimous vote. Board member Francis Oscadal said, "With any freedom there is risk. It came to me that I could vote in favor of the good ... or I could vote against the bad. I’d rather vote for the good because there is value to this." Deputy Police Chief Philip Roberts said, "We simply came in as law enforcement and said, 'These are the concerns.' We wanted to inform everyone so it was an educated decision by everyone involved." Deputy City Manager Paula Maville added, "This is about making an informed decision. Whatever you need to do, we’re here to support that."

Nine of World's Biggest Banks Create Blockchain Partnership 93

An anonymous reader writes: Nine major banks, including Barclays, Goldman Sachs, Credit Suisse, and JP Morgan have teamed up to bring Bitcoin's blockchain technology to financial markets. "Over the past year, interest in blockchain technology has grown rapidly. It has already attracted significant investment from many major banks, which reckon it could save them money by making their operations faster, more efficient and more transparent." Leaving aside the question of whether banks actually want to become more transparent, they're funding a firm dedicated to running tests on how data can be shared and collected through the blockchain. "The blockchain works as a huge, decentralized ledger of every bitcoin transaction ever made that is verified and shared by a global network of computers and therefore is virtually tamper-proof. ... The data that can be secured using the technology is not restricted to bitcoin transactions. Two parties could use it to exchange any other information, within minutes and with no need for a third party to verify it."