Forgot your password?
typodupeerror

Please create an account to participate in the Slashdot moderation system

Security

Nuclear Weapons Create Their Own Security Codes With Radiation 18

Posted by samzenpus
from the missile-protect-thyself dept.
Zothecula writes "Nuclear weapons are a paradox. No one in their right mind wants to use one, but if they're to act as a deterrent, they need to be accessible. The trick is to make sure that access is only available to those with the proper authority. To prevent a real life General Jack D Ripper from starting World War III, Livermore National Laboratory's (LLNL) Defense Technologies Division is developing a system that uses a nuclear weapon's own radiation to protect itself from tampering.
Encryption

Another Hint For Kryptos 49

Posted by timothy
from the it's-about-where-to-get-local-donuts dept.
rastos1 writes Four years ago Jim Sanborn, the sculptor who created the wavy metal pane called Kryptos that sits in front of the CIA in Langley revealed a clue for breaking the last remaining part of the encrypted message on Kryptos. The clue was: BERLIN. But the puzzle resisted all all decryption efforts and is still unsolved. To honor the 25th anniversary of the Wall's demise and the artist's 69th birthday this year, Sanborn has decided to reveal a new clue to help solve his iconic and enigmatic artwork. It's only the second hint he's released since the sculpture was unveiled in 1990 and may finally help unlock the fourth and final section of the encrypted sculpture, which frustrated sleuths have been struggling to crack for more than two decades. The next word in the sequence is: "clock."
United States

Greenwald Advises Market-Based Solution To Mass Surveillance 145

Posted by samzenpus
from the you-get-what-you-demand dept.
Nicola Hahn writes In his latest Intercept piece Glenn Greenwald considers the recent defeat of the Senate's USA Freedom Act. He remarks that governments "don't walk around trying to figure out how to limit their own power." Instead of appealing to an allegedly irrelevant Congress Greenwald advocates utilizing the power of consumer demand to address the failings of cyber security. Specifically he argues that companies care about their bottom line and that the trend of customers refusing to tolerate insecure products will force companies to protect user privacy, implement encryption, etc. All told Greenwald's argument is very telling: that society can rely on corporate interests for protection. Is it true that representative government is a lost cause and that lawmakers would never knowingly yield authority? There are people who think that advising citizens to devolve into consumers is a dubious proposition.
Bitcoin

Tracking a Bitcoin Thief, Part II: Illustrating the Issue of Trust In Altcoins 46

Posted by timothy
from the sometimes-the-good-guys-win dept.
An anonymous reader writes The team over at the BITCOMSEC (Bitcoin Community Security) project released a second part to their 'Tracking a Bitcoin Thief' series in which they disclose what happened to a once-rising alternate crypto currency project that promised to place guaranteed value of its MidasCoins by backing it with actual Gold. Dealing with the reality of user compromise, the projects founder ups and runs away with all of the communities coins; cashing them out at an exchange for Bitcoins. A sobering tale of trust issues within the alternate crypto currency community. (The first part is interesting, too.)
Operating Systems

Ask Slashdot: Workaday Software For BSD On the Desktop? 265

Posted by timothy
from the clever-little-devil dept.
An anonymous reader writes So for a variety of reasons (some related to recent events, some ongoing for a while) I've kinda soured on Linux and have been looking at giving BSD a shot on the desktop. I've been a Gentoo user for many years and am reasonably comfortable diving into stuff, so I don't anticipate user friendliness being a show stopper. I suspect it's more likely something I currently do will have poor support in the BSD world. I have of course been doing some reading and will probably just give it a try at some point regardless, but I was curious what experience and advice other slashdot users could share. There's been many bold comments on slashdot about moving away from Linux, so I suspect I'm not the only one asking these questions. Use-case wise, my list of must haves is: Minecraft, and probably more dubiously, FTB; mplayer or equivalent (very much prefer mplayer as it's what I've used forever); VirtualBox or something equivalent; Firefox (like mplayer, it's just what I've always used, and while I would consider alternatives, that would definitely be a negative); Flash (I hate it, but browsing the web sans-flash is still a pain); OpenRA (this is the one I anticipate giving me the most trouble, but playing it is somewhat of an obsession).

Stuff that would be nice but I can live without: Full disk encryption; Openbox / XFCE (It's what I use now and would like to keep using, but I could probably switch to something else without too much grief); jackd/rakarrack or something equivalent (currently use my computer as a cheap guitar amp/effects stack); Qt (toolkit of choice for my own stuff).
What's the most painless way to transition to BSD for this constellation of uses, and which variety of BSD would you suggest?
Communications

WhatsApp To Offer End-to-End Encryption 93

Posted by timothy
from the trend-worth-extending dept.
L-One-L-One (173461) writes In a surprise move, nine months after being bought by Facebook, WhatsApp has begun rolling out end-to-end encryption for its users. With true end-to-end encryption data becomes unaccessible to admins of WhatsApp or law enforcement authorities. This new feature first proposed on Android only has been developed in cooperation with Open Whisper Systems, based on TextSecure. With hundreds of million users, WhatsApp becomes by far the largest secure messaging application. FBI Director James Comey might not be pleased. Do you have a current favorite for encrypted online chat?
Encryption

Launching 2015: a New Certificate Authority To Encrypt the Entire Web 204

Posted by Soulskill
from the respect-their-authority dept.
Peter Eckersley writes: Today EFF, Mozilla, Cisco, and Akamai announced a forthcoming project called Let's Encrypt. Let's Encrypt will be a certificate authority that issues free certificates to any website, using automated protocols (demo video here). Launching in summer 2015, we believe this will be the missing piece that deprecates the woefully insecure HTTP protocol in favor of HTTPS.
Communications

81% of Tor Users Can Be De-anonymized By Analysing Router Information 136

Posted by timothy
from the keep-him-on-the-line dept.
An anonymous reader writes A former researcher at Columbia University's Network Security Lab has conducted research since 2008 indicating that traffic flow software included in network routers, notably Cisco's 'Netflow' package, can be exploited to deanonymize 81.4% of Tor clients. Professor Sambuddho Chakravarty, currently researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology, uses a technique which injects a repeating traffic pattern into the TCP connection associated with an exit node, and then compares subsequent aberrations in network timing with the traffic flow records generated by Netflow (or equivalent packages from other router manufacturers) to individuate the 'victim' client. In laboratory conditions the success rate of this traffic analysis attack is 100%, with network noise and variations reducing efficiency to 81% in a live Tor environment. Chakravarty says: 'it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods [] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection.'
United States

Department of Justice Harvests Cell Phone Data Using Planes 201

Posted by samzenpus
from the we-can-hear-you-now dept.
Tyketto writes The US Department of Justice has been using fake communications towers installed in airplanes to acquire cellular phone data for tracking down criminals, reports The Wall Street Journal. Using fix-wing Cessnas outfitted with DRT boxes produced by Boeing, the devices mimic cellular towers, fooling cellphones into reporting "unique registration information" to track down "individuals under investigation." The program, used by the U.S. Marshals Service, has been in use since 2007 and deployed around at least five major metropolitan areas, with a flying range that can cover most of the US population. As cellphones are designed to connect to the strongest cell tower signal available, the devices identify themselves as the strongest signal, allowing for the gathering of information on thousands of phones during a single flight. Not even having encryption on one's phone, like found in Apple's iPhone 6, prevents this interception. While the Justice Department would not confirm or deny the existence of such a program, Verizon denies any involvement in this program, and DRT (a subsidiary of Boeing), AT&T, and Sprint have all declined to comment.
The Internet

After Silk Road 2.0 Shutdown, Rival Dark Net Markets Grow Quickly 86

Posted by Soulskill
from the enjoy-the-calm-before-your-storm dept.
apexcp writes: A week ago, Silk Road 2.0 was theatrically shut down by a global cadre of law enforcement. This week, the dark net is realigning. "In the wake of the latest police action against online bazaars, the anonymous black market known as Evolution is now the biggest Dark Net market of all time. Today, Evolution features 20,221 products for sale, a 28.8 percent increase from just one month ago and an enormous 300 percent increase over the past six months."
Encryption

ISPs Removing Their Customers' Email Encryption 245

Posted by Soulskill
from the aggressively-anticonsumer dept.
Presto Vivace points out this troubling new report from the Electronic Frontier Foundation: Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the U.S. and Thailand intercepting their customers' data to strip a security flag — called STARTTLS — from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.
Android

Start-Up Vsenn Emerges From Stealth With Project Ara Modular Phone Competitor 30

Posted by timothy
from the stick-'em-up-I-mean-together dept.
MojoKid writes When Phonebloks visionary Dave Hakkens began evangelizing the idea of a modular phone with interchangeable components, many scoffed at the idea saying it couldn't be done or wasn't commercially feasible, that is until Google stepped up and backed a team of engineers for Project Ara. Ultimately, Project Ara's proof of concept efforts bore fruit and the vision is quickly becoming reality, now with apparently new competitors entering the fray. A start-up company by the name of Vsenn has come out of cover to disclose its intention to start a "smartphone evolution" and it also turns out that company has been co-founded by a former Nokia Android X Program Manager. The company also makes some lofty promises and has set big goals, noting not only modular hardware design but "guaranteed updates, maximum security and customizable looks." From encryption to secure VPN cloud services and back covers that are easily changed out, Vsenn seems to be targeting not only "Phonebloks-style" modularity and customizations like Project Ara but also some of the secure device and communication hot buttons that both Apple and Google have been acting on as of late with iOS and Android Lollipop.
The Internet

More Tor .Onion Sites May Get Digital Certificates Soon 52

Posted by timothy
from the try-to-stop-from-crying dept.
Trailrunner7 writes News broke last week that Facebook had built a hidden services version of its social network available to users browsing anonymously via the Tor Project's proxy service. Unlike any .onion domain before it, Facebook's would be verified by a legitimate digital signature, signed and issued by DigiCert. Late yesterday, Jeremy Rowley, DigiCert's vice president of business development and legal, explained his company's decision to support this endeavor in a blog entry. He also noted that DigiCert is considering opening up its certification business to other .Onion domains in the future. "Using a digital certificate from DigiCert, Tor users are able to identify the exact .onion address operated by Facebook," Rowley explained. "Tor users can evaluate the digital certificate contents to discover that the entity operating the onion address is the same entity as the one operating facebook.com."
Crime

Silk Road 2.0 Seized By FBI, Alleged Founder Arrested In San Francisco 219

Posted by timothy
from the slippery-stuff-that-silk dept.
blottsie writes The FBI has arrested the online persona "Defcon," identified as Blake Benthall, a 26-year-old in San Francisco, who the agency claims ran the massive online black market Silk Road 2.0. Benthall's FBI arrest comes a year after that of Ross Ulbricht, also from San Francisco, who's the alleged mastermind of the original Silk Road and still awaiting trial. The largest of those reported down is Silk Road 2.0. But a host of smaller markets also seized by law enforcement include Appaca, BlueSky, Cloud9, Hydra, Onionshop, Pandora, and TheHub. Also at Ars Technica.
Google

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40 70

Posted by samzenpus
from the get-it-out dept.
An anonymous reader writes Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company's disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack for which it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE). Following Mozilla's decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team's Bodo Möller stated at the time: "In the coming months, we hope to remove support for SSL 3.0 completely from our client products."
Communications

"Police Detector" Monitors Emergency Radio Transmissions 215

Posted by samzenpus
from the warning-warning-warning dept.
schwit1 writes A Dutch company has introduced a detection system that can alert you if a police officer or other emergency services official is using a two-way radio nearby. Blu Eye monitors frequencies used by the encrypted TETRA encrypted communications networks used by government agencies in Europe. It doesn't allow the user to listen in to transmissions, but can detect a radio in operation up to one kilometer away. Even if a message isn't being sent, these radios send pulses out to the network every four seconds and Blu Eye can also pick these up, according to The Sunday Times. A dashboard-mounted monitor uses lights and sounds to alert the driver to the proximity of the source, similar to a radar detector interface.
Encryption

Deutsche Telecom Upgrades T-Mobile 2G Encryption In US 27

Posted by timothy
from the tell-all-your-grandparents dept.
An anonymous reader writes T-Mobile, a major wireless carrier in the U.S. and subsidiary of German Deutsche Telecom, is hardening the encryption on its 2G cellular network in the U.S., reports the Washington Post. According to Cisco, 2G cellular calls still account for 13% of calls in the US and 68% of wireless calls worldwide. T-Mobile's upgrades will bring the encryption of older and inexpensive 2G GSM phone signals in the US up to par with that of more expensive 3G and 4G handsets. Parent company Deutsche Telecom had announced a similar upgrade of its German 2G network after last year's revelations of NSA surveillance. 2G is still important not only for that 13 percent of calls, but because lots of connected devices rely on it, or will, even while the 2G clock is ticking. The "internet of things" focuses on cheap and ubiquitous, and in the U.S. that still means 2G, but lots of things that might be connected that way are ones you'd like to be encrypted.
Android

Delivering Malicious Android Apps Hidden In Image Files 113

Posted by timothy
from the best-case-never-touch-a-phone dept.
An anonymous reader writes "Researchers have found a way to deliver a malicious app to Android users by hiding it into what seems to be an encrypted image file, which is then delivered via a legitimate, seemingly innocuous wrapper app. Fortinet malware researcher Axelle Apvrille and reverse engineer Ange Albertini created a custom tool they dubbed AngeCryption, which allows them to encrypt the payload Android application package (APK) and make it look like an image (PNG, JPG) file . They also had to create another APK that carries the "booby-trapped" image file and which can decrypt it to unveil the malicious APK file and install it. A malicious app thusly encrypted is nearly invisible to reverse engineers, and possibly even to AV solutions and Google's Android Bouncer." (Here's the original paper, from researchers Axelle Apvrille and Ange Albertini.)
Encryption

'Endrun' Networks: Help In Danger Zones 28

Posted by timothy
from the pinging-mr-bourne-mr-jason-bourne dept.
kierny writes Drawing on networking protocols designed to support NASA's interplanetary missions, two information security researchers have created a networking system that's designed to transmit information securely and reliably in even the worst conditions. Dubbed Endrun, and debuted at Black Hat Europe, its creators hope the delay-tolerant and disruption-tolerant system — which runs on Raspberry Pi — could be deployed everywhere from Ebola hot zones in Liberia, to war zones in Syria, to demonstrations in Ferguson.
Privacy

FBI Director Continues His Campaign Against Encryption 284

Posted by samzenpus
from the don't-lock-it-down dept.
apexcp writes Following the announcements that Apple and Google would make full disk encryption the default option on their smartphones, FBI director James Comey has made encryption a key issue of his tenure. His blitz continues today with a speech that says encryption will hurt public safety.

Did you know that for the price of a 280-Z you can buy two Z-80's? -- P.J. Plauger

Working...