Privacy

One In Four Indiana Residents' E-Record Data Exposed in Hack 59 59

Reader chicksdaddy reports that a data breach involving four million patients and more than 230 different data holders (from private practices to large hospitals) hit Indiana especially hard. It's the home state of Medical Informatics Engineering, maker of electronic records system NoMoreClipBoard. While data exposed in the breach affected 3.9 million people, 1.5 millon of them are in Indiana. According to the Security Ledger, though: [The] breach affects healthcare organizations from across the country, with healthcare providers ranging from prominent hospitals to individual physicians' offices and clinics are among 195 customers of the NoMoreClipboard product that had patient information exposed in the breach. And, more than a month after the breach was discovered, some healthcare organizations whose patients were affected are still waiting for data from EMI on how many and which patients had information exposed.

'We have received no information from MIE regarding that,' said a spokeswoman for Fort Wayne Radiology Association (http://www.fwradiology.com/), one of hundreds of healthcare organizations whose information was compromised in the attack on MIE..
Privacy

Ask Slashdot: Can You Disable Windows 10's Privacy-Invading Features? 439 439

An anonymous reader writes: I really want to upgrade to Windows 10, but have begun seeing stories come out about the new Terms and how they affect your privacy. It looks like the default Windows 10 system puts copies of your data out on the "cloud", gives your passwords out, and targets advertising to you. The main reason I am looking to upgrade is that Bitlocker is not available on Windows 7 Pro, but is on Windows 10 Pro, and Microsoft no longer offers Anytime Upgrades to Windows 7 Ultimate. However, I don't want to give away my privacy for security. The other option is to wait until October to see what the Windows 10 Enterprise version offers, but it may not be available through retail. Are the privacy minded Slashdot readers not going with Windows 10?

For reference, I am referring to these articles.
(Not to mention claims that it steals your bandwidth.)
Windows

Windows 10 Upgrade Strategies, Pitfalls and Fixes As MSFT Servers Are Hit Hard 180 180

MojoKid writes: The upgrade cycle begins, with Microsoft's latest operating system--the highly anticipated Windows 10--rolling out over Windows Update for free, for users of Windows 7, 8 and 8.1. For those that are ready to take the plunge over the weekend, there are some things to note. So far, Microsoft has been rolling out the upgrade in waves and stages. If you are not one of the 'lucky' ones to be in the first wave, you can take matters into your own hands and begin the upgrade process manually. While the process is mostly simple, it won't be for everyone. This guide steps through a few of the strategies and pitfalls. There are two main methods to upgrade, either through Windows Update or through the Media Creation Tool. In either case, you will need to have opted-in for the Windows 10 Free Upgrade program to reserve your license. Currently, the Windows Update method is hit or miss due to the requirement for additional updates needing to be installed first and Microsoft's servers being hit hard, leading to some rather humorous error messages like the oh-so helpful description, "Something Happened." Currently, it would be best to avoid the Windows Update upgrade, at least for the time being. Numerous issues with licensing have been reported, requiring manual activation either through the dreaded phone call, or by running slmgr.vbs /ato at the command prompt to force license registration.
Intel

10 Years of Intel Processors Compared 98 98

jjslash writes to Techspot's interesting look back at the evolution of Intel CPUs since the original Core 2 Duo E6600 and Core 2 Quad processors were introduced. The test pits the eight-year-old CPUs against their successors in the Nehalem, Sandy Bridge and Haswell families, including today's Celeron and Pentium parts which fare comparably well. A great reference just days before Intel's new Skylake processor debuts.
Communications

Questioning the Dispute Over Key Escrow 82 82

Nicola Hahn writes: The topic of key escrow encryption has once again taken center stage as former Secretary of Homeland Security Michael Chertoff has spoken out against key escrow both at this year's Aspen Security Forum and in an op-ed published recently by the Washington Post. However, the debate over cryptographic back doors has a glaring blind spot. As the trove of leaks from Hacking Team highlights, most back doors are implemented using zero-day exploits. Keep in mind that the Snowden documents reveal cooperation across the tech industry, on behalf of the NSA, to make products that were "exploitable." Hence, there are people who suggest the whole discussion over key escrow includes an element of theater. Is it, among other things, a public relations gambit, in the wake of the PRISM scandal, intended to cast Silicon Valley companies as defenders of privacy?
Networking

Critical BIND Denial-of-Service Flaw Could Take Down DNS Servers 62 62

alphadogg writes: Attackers could exploit a new vulnerability in BIND, the most popular Domain Name System (DNS) server software, to disrupt the Internet for many users. The vulnerability affects all versions of BIND 9, from BIND 9.1.0 to BIND 9.10.2-P2, and can be exploited to crash DNS servers that are powered by the software. The vulnerability announced and patched by the Internet Systems Consortium is critical because it can be used to crash both authoritative and recursive DNS servers with a single packet.
IT

System Administrator Appreciation Day 2015 44 44

ninjagin writes: They might be underneath a desk, hauling cables above your ceiling, swapping out a drive in your data center, putting the blue smoke back inside that old pizza box on the rack, up at 2 :00AM dealing with an alarm, or upgrading or patching your systems over the weekend. But wherever they are today, take a moment to thank your friendly neighborhood system administrator. We always look to them to fix things up when things go bad, but they are rarely recognized for the majority of their effort — the quiet work they do in the background to keep the bits flying and things running smoothly.
United States

Germany Won't Prosecute NSA, But Bloggers 106 106

tmk writes: Despite plenty of evidence that the U.S. spied on German top government officials, German Federal Prosecutor General Harald Range has declined to investigate any wrongdoings of the secret services of allied nations like the NSA or the British GCHQ. But after plans of the German secret service "Bundesamt für Verfassungsschutz" to gain some cyper spy capabilities like the NSA were revealed by the blog netzpolitik.org, Hange started an official investigation against the bloggers and their sources. They are now being probed for possible treason charges.
Windows

A Naysayer's Take On Windows 10: Potential Privacy Mess, and Worse 483 483

Lauren Weinstein writes: I had originally been considering accepting Microsoft's offer of a free upgrade from Windows 7 to Windows 10. After all, reports have suggested that it's a much more usable system than Windows 8/8.1 — but of course in keeping with the 'every other MS release of Windows is a dog' history, that's a pretty low bar. However, it appears that MS has significantly botched their deployment of Windows 10. I suppose we shouldn't be surprised, even though hope springs eternal. Since there are so many issues involved, and MS is very aggressively pushing this upgrade, I'm going to run through key points here quickly, and reference other sites' pages that can give you more information right now. But here's my executive summary: You may want to think twice, or three times, or many more times, about whether or not you wish to accept the Windows 10 free upgrade on your existing Windows 7 or 8/8.1 system. Now that we're into the first week of widespread availability for the new version, if you're a Windows user and upgrader, has your experience been good, horrible, or someplace between?
Bug

Samsung Finds, Fixes Bug In Linux Trim Code 181 181

New submitter Mokki writes: After many complaints that Samsung SSDs corrupted data when used with Linux, Samsung found out that the bug was in the Linux kernel and submitted a patch to fix it. It turns out that kernels without the final fix can corrupt data if the system is using linux md raid with raid0 or raid10 and issues trim/discard commands (either fstrim or by the filesystem itself). The vendor of the drive did not matter and the previous blacklisting of Samsung drives for broken queued trim support can be most likely lifted after further tests. According to this post the bug has been around for a long time.
Databases

Oracle To Debut Low-Cost SPARC Chip Next Month 91 91

jfruh writes: Of the many things Oracle acquired when it absorbed Sun, the SPARC processors have not exactly been making headlines. But that may change next month when the company debuts a new, lower-cost chip that will compete with Intel's Xeon. "Debut," in this case, means only an introduction, though -- not a marketplace debut. From the article: [T]he Sparc M7 will have technologies for encryption acceleration and memory protection built into the chip. It will also include coprocessors to accelerate database performance. "The idea of Sonoma is to take exactly those same technologies and bring them down to very low cost points, so that people can use them in cloud computing and for smaller applications, and even for smaller companies who need a lower entry point," [Oracle head of systems John] Fowler said. ... [Fowler] didn’t talk about prices or say how much cheaper the new Sparc systems will be, and it could potentially be years before Sonoma comes to market—Oracle isn’t yet saying. Its engineers are due to discuss Sonoma at the Hot Chips conference in Silicon Valley at the end of the month, so we might learn more then.
Businesses

Symantec: Hacking Group Black Vine Behind Anthem Breach 18 18

itwbennett writes: Symantec said in a report that the hacking group Black Vine, which has been active since 2012 and has gone after other businesses that deal with sensitive and critical data, including organizations in the aerospace, technology and finance industries, is behind the hack against Anthem. The Black Vine malware Mivast was used in the Anthem breach, according to Symantec.
Businesses

How Developers Can Fight Creeping Mediocrity 133 133

Nerval's Lobster writes: As the Slashdot community well knows, chasing features has never worked out for any software company. "Once management decides that's where the company is going to live, it's pretty simple to start counting down to the moment that company will eventually die," software engineer Zachary Forrest y Salazar writes in a new posting. But how does any developer overcome the management and deadlines that drive a lot of development straight into mediocrity, if not outright ruination? He suggests a damn-the-torpedoes approach: "It's taking the code into your own hands, building or applying tools to help you ship faster, and prototyping ideas," whether or not you really have the internal support. But given the management issues and bureaucracy confronting many companies, is this approach feasible?
Security

Research: Industrial Networks Are Vulnerable To Devastating Cyberattacks 76 76

Patrick O'Neill writes: New research into Industrial Ethernet Switches reveals a wide host of vulnerabilities that leave critical infrastructure facilities open to attackers. Many of the vulnerabilities reveal fundamental weaknesses: Widespread use of default passwords, hardcoded encryption keys, a lack of proper authentication for firmware updates, a lack of encrypted connections, and more. Combined with a lack of network monitoring, researchers say the situation showcases "a massive lack of security awareness in the industrial control systems community."
Security

Tools Coming To Def Con For Hacking RFID Access Doors 27 27

jfruh writes: Next month's Def Con security conference will feature, among other things, new tools that will help you hack into the RFID readers that secure doors in most office buildings. RFID cards have been built with more safeguards against cloning; these new tools will bypass that protection by simply hacking the readers themselves. ITWorld reports that Francis Brown, a partner at the computer security firm Bishop Fox, says: "...his aim is to make it easier for penetration testers to show how easy it is to clone employee badges, break into buildings and plant network backdoors—without needing an electrical engineering degree to decode the vagaries of near-field communication (NFC) and RFID systems."
China

What Federal Employees Really Need To Worry About After the Chinese Hack 122 122

HughPickens.com writes: Lisa Rein writes in the Washington Post that a new government review of what the Chinese hack of sensitive security clearance files of 21 million people means for national security is in — and some of the implications are quite grave. According to the Congressional Research Service, covert intelligence officers and their operations could be exposed and high-resolution fingerprints could be copied by criminals. Some suspect that the Chinese government may build a database of U.S. government employees that could help identify U.S. officials and their roles or that could help target individuals to gain access to additional systems or information. National security concerns include whether hackers could have obtained information that could help them identify clandestine and covert officers and operations (PDF).

CRS says that if the fingerprints in the background investigation files are of high enough quality, "depending on whose hands the fingerprints come into, they could be used for criminal or counterintelligence purposes." Fingerprints also could be trafficked on the black market for profit — or used to blow the covers of spies and other covert and clandestine officers, the research service found. And if they're compromised, fingerprints can't be reissued like a new credit card, the report says, making "recovery from the breach more challenging for some."
vivaoporto Also points out that these same hackers are believed to be responsible for hacking United Airlines.
Android

Maliciously Crafted MKV Video Files Can Be Used To Crash Android Phones 91 91

itwbennett writes: Just days after publication of a flaw in Android's Stagefright, which could allow attackers to compromise devices with a simple MMS message, researchers have found another Android media processing flaw. The latest vulnerability is located in Android's mediaserver component, more specifically in how the service handles files that use the Matroska video container (MKV), Trend Micro researchers said. "When the process opens a malformed MKV file, the service may crash (and with it, the rest of the operating system). The vulnerability is caused by an integer overflow when the mediaserver service parses an MKV file. It reads memory out of buffer or writes data to NULL address when parsing audio data."
Security

Hacking a 'Smart' Sniper Rifle 72 72

An anonymous reader writes: It was inevitable: as soon as we heard about computer-aimed rifles, we knew somebody would find a way to compromise their security. At the upcoming Black Hat security conference, researchers Runa Sandvik and Michael Auger will present their techniques for doing just that. "Their tricks can change variables in the scope's calculations that make the rifle inexplicably miss its target, permanently disable the scope's computer, or even prevent the gun from firing." In one demonstration they were able to tweak the rifle's ballistic calculations by making it think a piece of ammunition weighed 72 lbs instead of 0.4 ounces. After changing this value, the gun tried to automatically adjust for the weight, and shot significantly to the left. Fortunately, they couldn't find a way to make the gun fire without physically pulling the trigger.
Bug

Honeywell Home Controllers Open To Any Hacker Who Can Find Them Online 85 85

Trailrunner7 writes: Security issues continue to crop up within the so-called "smart home." A pair of vulnerabilities have been reported for the Tuxedo Touch controller made by Honeywell, a device that's designed to allow users to control home systems such as security, climate control, lighting, and others. The controller, of course, is accessible from the Internet. Researcher Maxim Rupp discovered that the vulnerabilities could allow an attacker to take arbitrary actions, including unlocking doors or modifying the climate controls in the house.
Programming

Ask Slashdot: Everyone Building Software -- Is This the Future We Need? 352 352

An anonymous reader writes: I recently stumbled upon Apple's headline for version 2 of its Swift programming language: "Now everyone can build amazing apps." My question: is this what we really need? Tech giants (not just Apple, but Microsoft, Facebook, and more) are encouraging kids and adults to become developers, adding to an already-troubled IT landscape. While many software engineering positions are focused only on a business's internal concerns, many others can dramatically affect other people's lives. People write software for the cars we drive; our finances are in the hands of software, and even the medical industry is replete with new software these days. Poor code here can legitimately mess up somebody's life. Compare this to other high-influence professions: can you become surgeon just because you bought a state-of-art turbo laser knife? Of course not. Back to Swift: the app ecosystem is already chaotic, without solid quality control and responsibility from most developers. If you want simple to-do app, you'll get never-ending list of software artifacts that will drain your battery, eat memory, freeze the OS and disappoint you in every possible way. So, should we really be focusing on quantity, rather than quality?