Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror

Submission + - DNA, Crypto & Shakespeare: Sandia Labs Creates Mind-Blowing Storage Technolo (darkreading.com)

Submitted by ancientribe
ancientribe writes: Researchers from Sandia National Labs are experimenting with a new more secure form of data storage that--get this--is based on DNA. The project is for a long-term archival technology that could securely store records for the National Archives, government personnel records, research findings at the national labs, or other sensitive classified information. (Paging the US State Department). How does The Bard fit in? The researchers got the idea from the European Bioinformatics Institute's experiment that recorded all of Shakespeare’s sonnets into 2.5 million base pairs of DNA. Welcome to the future.

Submission + - Microsoft Invests $1 Billion In 'Holistic' Security Strategy (darkreading.com)

Submitted by ancientribe
ancientribe writes: Microsoft over the past year has invested $1 billion in security and doubled its number of security executives, the company's CISO Bret Arsenault told Dark Reading. CEO Satya Nadella today officially announced the launch of a new managed security services group and a new cyber defense operations center — all part of its new strategy of holistic and integrated security across its products and services. Microsoft execs rarely detail the company's strategy so publicly, so that in itself underlines how security is a major element in its strategy.

Submission + - State Trooper Cars Hacked

Submitted by ancientribe
ancientribe writes: Two models of Virginia State Police cruisers were hacked in an experiment to expose vulnerabilities in the vehicles and to come up with ways to protect the cars from hackers. Mitre, the Virginia Dept. of Motor Vehicles, the University of Virginia, and other organizations in cooperation with DHS and the DOT demonstrated the attacks on an unmarked 2012 Chevrolet Impala and a marked patrol car, a 2013 Ford Taurus. GM and Ford even provided their comments to the press in the wake of the experiment.

Submission + - 'Bar Mitzvah Attack' Plagues SSL/TLS Encryption (darkreading.com)

Submitted by ancientribe
ancientribe writes: Once again, SSL/TLS encryption is getting dogged by outdated and weak options that make it less secure. This time, it's the weak keys in the older RC4 crypto algorithm, which can be abused such that an attacker can sniff credentials or other data in an SSL session, according to a researcher who revealed the hack today at Black Hat Asia in Singapore.

Submission + - Hackin' At The Car Wash, (Yeah) (darkreading.com)

Submitted by PLAR
PLAR writes: Those LaserWash automatic car washes can be easily hacked via the Internet to get a free car wash or to manipulate the machines that clean the cars, a security researcher has found. Billy Rios says these car washes have web interfaces with weak/default passwords that if obtained, could allow an attacker to telent in and use an HTTP GET request to control the machines. And this very likely isn't the only car wash brand that's vulnerable, according to Rios.

Submission + - Forget Stuxnet: Banking Trojans Attacking Power Plants (darkreading.com)

Submitted by PLAR
PLAR writes: Everyone's worried about the next Stuxnet sabotaging the power grid, but a security researcher says there's been a spike in traditional banking Trojan attacks against plant floor networks. The malware poses as legitimate ICS/SCADA software updates from Siemens, GE and Advantech. Kyle Wilhoit, the researcher who discovered the attacks, says the attackers appear to be after credentials and other financial information, so it looks like pure cybercrime, not nation-state activity.

Submission + - The World's Most Hackable Cars (darkreading.com)

Submitted by ancientribe
ancientribe writes: If you're wondering whether the most tech-loaded vehicles are also the most vulnerable to hackers, there is now research that shows it. Charlie Miller, a security engineer with Twitter, and Chris Valasek, director of security intelligence at IOActive, studied modern auto models and concluded that the 2014 Jeep Cherokee, the 2014 Infiniti Q50, and the 2015 Escalade are the most likely to get hacked. The key is whether their networked features that can communicate outside the vehicle are on the same network as the car's automated physical functions. They also name the least-hackable cars, and will share the details of their new findings next week at Black Hat USA in Las Vegas.

Submission + - Red Team, Blue Team: The Only Woman On The Team (darkreading.com)

Submitted by ancientribe
ancientribe writes: Cyber security pro Kerstyn Clover in this Dark Reading post shares some rare insight into what it's like to be a woman in the field. She ultimately found her way to her current post as a member of the incident response and forensics team at SecureState, despite the common societal hurdles women face today in the STEM field: "I taught myself some coding and computer repair in probably the most painstaking ways possible, but my experiences growing up put me at a disadvantage that I am still working to overcome," she writes.

Submission + - Stuxnet Expert Dismisses NIST Cyber Security Framework, Proposes Alternative (darkreading.com)

Submitted by Anonymous Coward
An anonymous reader writes: Ralph Langner, the security expert who deciphered how Stuxnet targeted the Siemens PLCs in Iran's Natanz nuclear facility, has come up with a cybersecurity framework for industrial control systems (ICS) that he says is a better fit than the U.S. government's Cyber Security Framework. Langner's Robust ICS Planning and Evaluation, or RIPE, framework takes a different approach to locking down ICS/SCADA plants than the NIST-led one, focusing on security capabilities rather than risk. He hopes it will help influence the final version of the U.S. government's framework.

Submission + - Consumer Device Hacking Getting Lost In Translation (darkreading.com)

Submitted by ancientribe
ancientribe writes: Hackers who hack insulin pumps, heart monitors, HVAC systems, home automation systems, and cars are finding some life-threatening security flaws in these newly networked consumer devices, but their work is often dismissed or demonized by those industries and the policymakers who govern their safety. A grass-roots movement is now under way to help bridge this dangerous gap between the researcher community and consumer product policymakers and manufacturers. The security experts driving this effort appealed to the DEF CON 21 hacking conference audience to help them recruit intermediaries who can speak both hacker and consumer product and policy.
Security

Submission + - RATs Are Found Riddled With Bugs And Weak Encryption (darkreading.com)

Submitted by ancientribe
ancientribe writes: A couple of college interns have discovered that remote administration tools (RATs) often used for cyberspying and targeted cyberattacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers. RATs conduct keylogging, screen and camera capture, file management, code execution, and password-sniffing,and give the attacker a foothold in the infected machine as well as the targeted organization. This new research opens the door for incident responders to detect these attacker tools in their network and fight back.
Security

Submission + - AT&T Sponsors Zero-Day Hacking Contest For Kids (darkreading.com)

Submitted by yahoi
yahoi writes: AT&T has teamed up with an 11-year-old hacker and DefCon Kids to host a hacking contest during the second annual conference that runs in conjunction with the adult Def Con hacker show later this month in Las Vegas. The kid who finds the most zero-day bugs in mobile apps wins $1,000 and an IPad, courtesy of DefCon Kids. The contest was inspired by the mini-hacker's discovery last year of a whole new class of mobile app vulnerabilities.
Security

Submission + - Apple Hacker To Demo Dangers Of Near-Field Communications (darkreading.com)

Submitted by Anonymous Coward
An anonymous reader writes: Apple's hacker nemesis Charlie Miller, who the company banned from its app store developer program, apparently hasn't been waiting around for his suspension to be lifted. His latest pet project is hacking near-field communications (NFC), and at Black Hat USA in Vegas this month, he will demonstrate the dangers of using your smartphone to pay your cabfare. (But when his Apple "sentence" is up, look out).
Crime

Submission + - SAP's VP Arrested In False Barcode Scheme (ibtimes.com)

Submitted by
redletterdave
redletterdave writes: "With barcode scanning being so commonplace, nothing seemed out of the ordinary when Thomas Langenbach, the vice president of SAP, was found scanning boxes upon boxes of Lego toys before purchasing them. Little did anyone know, the 47-year-old Silicon Valley executive was actually engaged in a giant scam. Langenbach would visit several Target stores and cover the store's barcodes with his own, so when he would bring the boxes up to the register, Langenbach would pay a heavily-discounted price. For example, this tag swapping allowed him to buy a Millennium Falcon box of Legos worth $279 for just $49. Once he bought the discounted Lego boxes, the SAP executive would take to eBay (under the name "tomsbrickyard") and sell the items. Langenbach reportedly sold more than 2,000 items on eBay, raking in about $30,000. He was finally caught by Target security on May 8, and he was arraigned on Tuesday on four counts of burglary."

Slashdot Top Deals

"An ounce of prevention is worth a ton of code." -- an anonymous programmer

Close