Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

The Internet

Analyzing Silk Road 2.0 47

Posted by Soulskill
from the welcome-to-narcoanalytics dept.
An anonymous reader writes: After a recent article about breaking the CAPTCHA on the latest incarnation of Silk Road (the darknet-enabled drug market place), Darryl Lau decided to investigate exactly what narcotics people were buying and selling online. He found roughly 13,000 separate listings. Some sellers identify the country they're in, and the top six are the U.S., Australia, England, Germany, and the Netherlands, and Canada. The site also has a bunch of product reviews. If you assume that each review comes from a sale, and multiply that by the listed prices, reviewed items alone represent $20 million worth of business. Lau also has some interesting charts, graphs, and assorted stats. MDMA is the most listed and reviewed drug, and sellers are offering it in quantities of up to a kilogram at a time. The average price for the top 1000 items is $236. Prescription drugs represent a huge portion of the total listings, though no individual prescription drugs have high volume on their own.
Security

FBI Plans To Open Up Malware Analysis Tool To Outside Researchers 15

Posted by Soulskill
from the definitely-totally-detects-fbi-malware-totally-definitely dept.
Trailrunner7 writes: The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. Once a file is uploaded, the system runs it through a cluster of antimalware engines, somewhat akin to the way that Virus Total handles submissions, and returns a wide variety of information about the file.

Users can see what the detection rate is among AV engines, network connection attempts, whether the file has been seen by the system before, destination and source IP addresses and what protocols it uses.Right now, Malware Investigator is able to analyze Windows executables, PDFs and other common file types. But Burns said that the bureau is hoping to expand the portal's reach in the near future. "We are going to be doing dynamic analysis of Android files, with an eye toward other operating systems and executables soon," he said.
Cloud

CloudFlare Announces Free SSL Support For All Customers 56

Posted by Soulskill
from the big-step-in-the-right-direction dept.
Z80xxc! writes: CloudFlare, a cloud service that sits between websites and the internet to provide a CDN, DDOS and other attack prevention, speed optimization, and other services announced today that SSL will now be supported for all customers, including free customers. This will add SSL support to approximately 2 million previously unprotected websites. Previously SSL was only available to customers paying at least $20/month for a "Pro" plan or higher.

Browsers connect to CloudFlare's servers and receive a certificate provided by CloudFlare. CloudFlare then connects to the website's server to retrieve the content, serving as a sort of reverse proxy. Different security levels allow CloudFlare to connect to the website host using no encryption, a self-signed certificate, or a verified certificate, depending on the administrator's preferences. CloudFlare's servers will use SNI for free accounts, which is unsupported for IE on Windows XP and older, and Android Browser on Android 2.2 and older.
Encryption

Tor Executive Director Hints At Firefox Integration 89

Posted by Soulskill
from the foxes-love-onions dept.
blottsie writes: Several major tech firms are in talks with Tor to include the software in products that can potentially reach over 500 million Internet users around the world. One particular firm wants to include Tor as a "private browsing mode" in a mainstream Web browser, allowing users to easily toggle connectivity to the Tor anonymity network on and off. "They very much like Tor Browser and would like to ship it to their customer base," Tor executive director Andrew Lewman wrote, explaining the discussions but declining to name the specific company. "Their product is 10-20 percent of the global market, this is of roughly 2.8 billion global Internet users." The product that best fits Lewman's description, by our estimation, is Mozilla Firefox, the third-most popular Web browser online today and home to, you guessed it, 10 to 20 percent of global Internet users.
United Kingdom

Piracy Police Chief Calls For State Interference To Stop Internet "Anarchy" 288

Posted by samzenpus
from the lock-it-down dept.
An anonymous reader writes The City of London Police's Intellectual Property Crime Unit (PIPCU) is determined to continue its anti-piracy efforts in the years to come. However, the unit's head, Andy Fyfe, also believes that the government may have to tighten the rules on the Internet to stop people from breaking the law. PIPCU's chief believes the public has to be protected from criminals, including pirate site operators who take advantage of their trust. If that doesn't happen, then the Internet may descend into anarchy, he says, suggesting that the government may have to intervene to prevent this. The Police chief believes tighter rules may be needed to prevent people from breaking the law in the future. This could mean not everyone is allowed to launch a website, but that a license would be required, for example.
United States

FCC To Rule On "Paid Prioritization" Deals By Internet Service Providers 125

Posted by samzenpus
from the highest-bidder dept.
An anonymous reader writes "After a record 3.7 million public comments on net neutrality, the FCC is deciding if the company that supplies your internet access should be allowed to make deals with online services to move their content faster. The FCC's chairman Tom Wheeler says financial arrangements between providers and content sites might be OK if the agreement is "commercially reasonable" and companies say publicly how they prioritize traffic. Many disagree, saying this sets up an internet for the highest bidder. "If Comcast and Time Warner – who already have a virtual monopoly on Internet service – have the ability to manage and manipulate Internet speeds and access to benefit their own bottom line, they will be able to filter content and alter the user experience," said Barbara Ann Luttrell, 26, of Atlanta, in a recent submission to the FCC."
The Internet

World's Smallest 3G Module Will Connect Everything To the Internet 115

Posted by samzenpus
from the get-connected dept.
jfruh writes The U-blox SARA-U260 chip module is only 16 by 26 millimeters — and it's just been certified to work with AT&T's 3G network. While consumers want 4G speeds for their browsing needs, 3G is plenty fast for the innumerable automated systems that will be necessary for the Internet of Things to work. From the article: "The U-blox SARA-U260 module, which measures 16 by 26 millimeters, can handle voice calls. But it's not designed for really small phones for tiny hands. Instead, it's meant to carry the small amounts of data that machines are sending to each other over the 'Internet of things,' where geographic coverage -- 3G's strong suit -- matters more than top speed. That means things like electric meters, fitness watches and in-car devices that insurance companies use to monitor policyholders' driving."
Cellphones

When Everything Works Like Your Cell Phone 171

Posted by Soulskill
from the looking-forward-to-jailbreaking-my-breadmaker dept.
The Atlantic is running an article about how "smart" devices are starting to see everyday use in many people's home. The authors say this will fundamentally change the concept of what it means to own and control your possessions. Using smartphones as an example, they extrapolate this out to a future where many household items are dependent on software. Quoting: These phones come with all kinds of restrictions on their possible physical capabilities. You may not take them apart. Depending on the plan, not all software can be downloaded onto them, not every device can be tethered to them, and not every cell phone network can be tapped. "Owning" a phone is much more complex than owning a plunger. And if the big tech players building the wearable future, the Internet of things, self-driving cars, and anything else that links physical stuff to the network get their way, our relationship to ownership is about to undergo a wild transformation. They also suggest that planned obsolescence will become much more common. For example, take watches: a quality dumbwatch can last decades, but a smartwatch will be obsolete in a few years.
Yahoo!

Yahoo Shuttering Its Web Directory 113

Posted by Soulskill
from the 27-people-are-going-to-be-very-upset-to-hear-this dept.
An anonymous reader writes You may or may not remember this, but before the advent of reliable search engines, web listings used to be a popular way to organize the web. Yahoo had one of the more popular hierarchical website directories around. On Friday, as part of its on-going streamlining process, Yahoo announced that their 20-year-old web directory will be no more: "While we are still committed to connecting users with the information they're passionate about, our business has evolved and at the end of 2014 (December 31), we will retire the Yahoo Directory."
Security

Security Collapse In the HTTPS Market 185

Posted by Soulskill
from the many-points-of-failure dept.
CowboyRobot writes: HTTPS has evolved into the de facto standard for secure Web browsing. Through the certificate-based authentication protocol, Web services and Internet users first authenticate one another ("shake hands") using a TLS/SSL certificate, encrypt Web communications end-to-end, and show a padlock in the browser to signal that a communication is secure. In recent years, HTTPS has become an essential technology to protect social, political, and economic activities online. At the same time, widely reported security incidents (such as DigiNotar's breach, Apple's #gotofail, and OpenSSL's Heartbleed) have exposed systemic security vulnerabilities of HTTPS to a global audience. The Edward Snowden revelations (notably around operation BULLRUN, MUSCULAR, and the lesser-known FLYING PIG program to query certificate metadata on a dragnet scale) have driven the point home that HTTPS is both a major target of government hacking and eavesdropping, as well as an effective measure against dragnet content surveillance when Internet traffic traverses global networks. HTTPS, in short, is an absolutely critical but fundamentally flawed cybersecurity technology.
The Internet

BT and Coke To Offer Free Rural Wi-Fi In South Africa Through Vending Machines 71

Posted by samzenpus
from the have-some-internet dept.
An anonymous reader writes "BT Global Services is installing free Wi-Fi access points in Coca-Cola vending machines in rural parts of South Africa. "South African consumers will soon be able to quench their thirst and check their e-mail at the same time. Coca-Cola and BT Global Services have announced plans to offer free Wi-Fi Internet access in impoverished communities using Coke’s vending machines. BT – formerly British Telecom – will provide connectivity, support and business training as part of the roll-out. The pilot project has been launched in the rural Eastern Cape and in rural Mpumalanga. Sites were chosen for their accessibility to local communities, the companies said."
Mars

Indian Mars Mission Beams Back First Photographs 112

Posted by samzenpus
from the worth-a-thousand-words dept.
astroengine writes India's Mars Orbiter Mission (MOM) got straight to work as it closed in on Martian orbit on Tuesday — it began taking photographs of the Red Planet and its atmosphere and surface as it slowed down to reach its ultimate destination. After a two day wait, those first images are slowly trickling onto the Internet.
Botnet

First Shellshock Botnet Attacking Akamai, US DoD Networks 236

Posted by samzenpus
from the that-didn't-take-very-long dept.
Bismillah writes The Bash "Shellshock" bug is being used to spread malware to create a botnet, that's active and attacking Akamai and Department of Defense networks. "The 'wopbot' botnet is active and scanning the internet for vulnerable systems, including at the United States Department of Defence, chief executive of Italian security consultancy Tiger Security, Emanuele Gentili, told iTnews. 'We have found a botnet that runs on Linux servers, named “wopbot", that uses the Bash Shellshock bug to auto-infect other servers,' Gentili said."
OS X

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild 316

Posted by timothy
from the oy-oy-oy dept.
The recently disclosed bug in bash was bad enough as a theoretical exploit; now, reports Ars Technica, it could already be being used to launch real attacks. In a blog post yesterday, Robert Graham of Errata Security noted that someone is already using a massive Internet scan to locate vulnerable servers for attack. In a brief scan, he found over 3,000 servers that were vulnerable "just on port 80"—the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests. And his scan broke after a short period, meaning that there could be vast numbers of other servers vulnerable. A Google search by Ars using advanced search parameters yielded over two billion web pages that at least partially fit the profile for the Shellshock exploit. More bad news: "[T]he initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry." And CNET is not the only one to say that Shellshock, which can affect Macs running OS X as well as Linux and Unix systems, could be worse than Heartbleed.
Communications

Facebook To Start Testing Internet-Beaming Drones In 2015 42

Posted by timothy
from the don't-worry-that's-next-year dept.
Zothecula writes There was an understandable amount of skepticism when Amazon announced its grand plans for delivery drones last year. But if the last twelve months are any indication, Jeff Bezos and his fellow tech heavyweights are actually kinda serious about the potential of unmanned aerial vehicles. Speaking at the Social Good Summit in New York on Monday, engineering director at Facebook Connectivity Lab, Yael Maguire, has further detailed the company's vision of internet-carrying drones, with plans to begin testing in 2015.
Privacy

Australian Senate Introduces Laws To Allow Total Internet Surveillance 210

Posted by samzenpus
from the watching-you dept.
First time accepted submitter Marquis231 writes New laws due to be passed in Australia allow intelligence agency ASIO to spy on domestic internet traffic like never before. The Sydney Morning Herald reports: "Spy agency ASIO will be given the power to monitor the entire Australian internet and journalists' ability to write about national security will be curtailed when new legislation – expected to pass in the Senate as early as Wednesday – becomes law, academics, media organisations, lawyers, the Greens party and rights groups fear."
Privacy

Stanford Promises Not To Use Google Money For Privacy Research 54

Posted by samzenpus
from the bang-for-your-buck dept.
An anonymous reader writes Stanford University has pledged not to use money from Google to fund privacy research at its Center for Internet and Society — a move that critics claim poses a threat to academic freedom. The center has long been generously funded by Google but its privacy research has proved damaging to the search giant as of late. Just two years ago, a researcher at the center helped uncover Google privacy violations that led to the company paying a record $22.5 million fine. In 2011-2012, the center's privacy director helped lead a project to create a "Do Not Track" standard. The effort, not supported by Google, would have made it harder for advertisers to track what people do online, and likely would have cut into Google's ad revenue. Both Stanford and Google say the change in funding was unrelated to the previous research.
The Internet

Emma Watson Leaked Photo Threat Was a Plot To Attack 4chan 590

Posted by Soulskill
from the i'm-sure-there-won't-be-any-kind-of-retaliation dept.
ideonexus writes: After Emma Watson gave a speech on the need for feminism (video) to the United Nations, 4chan users threatened to release nude photos of the Harry Potter star in retaliation, setting up the emmayouarenext.com website with a countdown clock. Now it has been revealed that the site was an elaborate hoax intended publicize a movement to shut down 4chan.
Security

Popular Wi-Fi Thermostat Full of Security Holes 103

Posted by Soulskill
from the building-vulnerabilities-one-appliance-at-a-time dept.
Threatpost reports: Heatmiser, a U.K.-based manufacturer of digital thermostats, is contacting its customers today about a series of security issues that could expose a Wi-Fi-connected version of its product to takeover. Andrew Tierney, a "reverse-engineer by night," whose specialty is digging up bugs in embedded systems wrote on his blog, that he initially read about vulnerabilities in another one of the company's products, NetMonitor, and decided to poke around its product line further. This led him to discover a slew of issues in the company's Wi-Fi-enabled thermostats running firmware version 1.2. The issues range from simple security missteps to critical oversights.For example, when users go to connect the thermostat via a Windows utility, it uses default web credentials and PINs. ...Elsewhere, the thermostat leaks Wi-Fi credentials, like its password, username, Service Set Identifier (SSID) and so on, when its logged in. Related: O'Reilly Radar has an interesting conversation about what companies will vie for control of the internet-of-things ecosystem.
Government

To Fight $5.2B In Identity Theft, IRS May Need To Change the Way You File Taxes 405

Posted by Soulskill
from the your-tax-dollars-at-work dept.
coondoggie writes: Based on preliminary analysis, the Internal Revenue Service (IRS) estimates it paid $5.2 billion in fraudulent identity theft refunds in filing season 2013 while preventing an additional $24.2 billion (based on what it could detect). As a result, the IRS needs to implement changes (PDF) in a system that apparently can't begin verifying refund information until July, months after the tax deadline. Such changes could impact legitimate taxpayers by delaying refunds, extending tax season and likely adding costs to the IRS.

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson

Working...