Slashdot videos: Now with more Slashdot!
We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).
Currently an iCloud exploit is being offered for sale on the site with a price tag of $17,000 in bitcoin, claiming to be a new method of hacking Apple iCloud accounts. "Any account can be accessed with a malicious request from a proxy account," reads the description. "Please arrange a demonstration using my service listing to hack an account of your choice." Others include a technique to hack WordPress' multisite configuration, an exploit against Android's Webview stock browser, and an Internet Explorer attack that claims to work on Windows XP, Windows Vista and Windows 7, available for around $8,000 in bitcoin. None of these zero days have yet been proven to be real, but an escrow system on the site using bitcoin's multisignature transaction feature is designed to prevent scammers from selling fake exploits.
Fallin and other supporters of the procedure say it's pain-free and effective, noting that the nitrogen would render inmates unconscious within ten seconds and kill them in minutes. It's also cheap: state representatives say the method only requires a nitrogen tank and a gas mask, but financial analysts say its impossible to give precise figures, the Post reports.
Oklahoma's primary execution method is still lethal injection, but the state's procedure is currently under review by the Supreme Court. Earlier this week, Tennessee suspended executions statewide following challenges to its own lethal injection protocol.
In court documents filed last week, prosecutors said there is evidence to support the theory Tipton used his privileged position inside the lottery association to enter a locked room that housed the random number generating computers and
infect them with software that allowed him to control the winning numbers. The room was enclosed in glass, could only be entered by two people at a time, and was monitored by a video camera. To prevent outside attacks, the computers aren't connected to the Internet. Prosecutors said Tipton entered the so-called draw room on November 20, 2010, ostensibly to change the time on the computers. The cameras on that date recorded only one second per minute rather than running continuously like normal.
"Four of the five individuals who have access to control the camera's settings will testify they did not change the cameras' recording instructions," prosecutors wrote. "The fifth person is defendant. It is a reasonable deduction to infer that defendant tampered with the camera equipment to have an opportunity to insert a thumbdrive into the RNG tower without detection."
The student also revealed his secrets after he was caught – the password was the teacher's last name, and the teacher had typed it in in full view of the students. The student said many other students used these administrators' passwords (their teachers' last names) so they can screen-share and video chat with other students. The student was briefly held in a nearby detention center, and the county Sheriff warned that other teenagers caught doing the same thing will "face the same consequences."
"We have been talking about police brutality for years. And now, because of videos, we are seeing just how systemic and widespread it is," tweeted Deray McKesson, an activist in Ferguson, after the videos emerged Tuesday night. "The videos over the past seven months have empowered us to ask deeper questions, to push more forcefully in confronting the system." The process of ascertaining the truth of the world has to start somewhere. A video is one more assertion made about what is real concludes Robinson. "Today, through some unknown hero's stubborn internal choice to witness instead of flee, to press record and to watch something terrible unfold, we have one more such assertion of reality."
According to Websense, these attacks are low tech. The fraudsters register "typo squatting" domains that look like the target company's domain, but are subtly different. They then set up e-mails at the typo squatted domain designed to mirror legitimate executive email accounts. Like many phishing scams, these attacks rely on the similarities of the domains and often extensive knowledge of key players within the company, creating e-mails that are highly convincing to recipients.
The key element of their attack is – simply – "obeisance," Websense notes. "When the CEO or CFO tells you to do something, you do it." The messages were brief and urgent, included (phony) threads involving other company executives and demanded updates on the progress of the transfer, making the request seem more authentic. Rather than ask the executive for clarification (or scrutinize the FROM line), the employees found it easier to just wire the money to the specified account, Websense reports.
Websense notes the similarities between the technique used in the latest phishing attack and the grain trading firm Scoular in June, 2014. That company was tricked into wiring some $17 million to a bank in China, with employees believing they were acting on the wishes of executives who had communicated through e-mail.