Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Researchers Report Spike In Boot Time Malware 132

wiredmikey writes "In their most recent intelligence report, Symantec researchers pointed out a massive increase in the amount of boot time malware striking users, noting there have already been as many new boot time malware threats detected in the first seven months of 2011 as there were in the previous three years. Also known as MBR (master boot record) threats, the malware infect an area of the hard disk that makes them one of the first things to be read and executed when a computer is turned on. This enables the threats to effectively dodge many security defenses."

Zombie Cookies Just Won't Die 189

GMGruman wrote in to say "Microsoft embarrassed itself last week when it got caught using 'zombie cookies' — a form of tracking cookies that users can't delete, as they come back to life after you've 'killed' them. Microsoft says it'll stop the 'aberrant' practice. But Woody Leonhard says you ain't seen nothing yet. It turns out HTML5 offers a technical mechanism to give zombie cookies a new lease on life — and the Web browsers' private-browsing features can't stop them."

How To Steal ATM PINs With a Thermal Camera 157

An anonymous reader writes "Researchers from UCSD have demonstrated how thermal imagery cameras can be used to steal customers' PINs (PDF) when you withdraw cash from ATMs. Their paper, entitled 'Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks', (PDF) discovered that plastic PIN pads were the best for retaining heat signatures showing which numbers (and in which order) were used by bank customers. Fortunately the methodology does not appear to have been used by criminals yet, but a third of people surveyed admit that they do not check ATMs for tampering before withdrawing cash."

GPGPU Bitcoin Mining Trojan 258

An anonymous reader writes "Security researchers have unearthed a piece of malware that mints a digital currency known as Bitcoins by harnessing the immense power of an infected machine's graphical processing units. According to new research from antivirus provider Symantec, Trojan.Badminer uses GPUs to generate virtual coins through a practice known as minting. That's the term for solving difficult cryptographic proof-of-work problems and being rewarded with 50 Bitcoins for each per correct block."

Aaron Barr Talks About DEFCON, Anonymous Attacks 77

Trailrunner7 writes "Finding Aaron Barr at this year's DEFCON hacker conference in Las Vegas was like a giant game of 'Where's Waldo.' Given the events of the past year, you can hardly blame him for keeping a low profile. First there was the attack on him and his then-employer, HBGary Federal, his decision to part ways with HBGary, his work to rehabilitate his image and turn his personal misfortunes into a 'teaching moment' for the industry, and then the legal wrangling in recent weeks that threw cold water on his plans to take part in a panel discussion about Anonymous at DEFCON. Barr was courted by numerous news outlets at the show, including the mainstream media. But he preferred, for the most part, to keep his own counsel. But he offered his thoughts to Threatpost on the experience of being at the conference, what the attack by Anonymous has done to him and whether it's possible for the group to turn its attentions to more constructive pursuits."

WPA/WPA2 Cracking With CPUs, GPUs, and the Cloud 106

wintertargeter writes "Yeah, it's another article on security, but this time we finally get a complete picture. Tom's Hardware looks at WPA/WPA2 brute-force cracking with CPUs, GPUs, and Amazon's Nvidia Tesla-based EC2 cloud servers. Verdict? WPA/WPA2 is pretty damn secure. Now to wait for a side-channel attack. Sigh...."

US and UK Zombies Demand Top Dollar 62

coondoggie writes "Denizens of the malware underworld who sell access to compromised computers do so at varying rates depending on where the machines are located, researchers told the Usenix Security Symposium this week. The researchers followed what they called the pay-per-install (PPI) industry, which obtains infected machines from which malware can be launched and sells access to these machines to parties looking for someplace to execute malicious code. Sometimes the PPI sellers hire middlemen to supply the compromised machines, and the PPI dealer retails them."

Feds' Radios Have Significant Security Flaws 84

OverTheGeicoE writes "The Wall Street Journal has a story describing how the portable radios used by many federal law enforcement agents have major security flaws that allow for easy eavesdropping and jamming. Details are in a new study being released today (PDF). The authors of the study were able to intercept hundreds of hours of sensitive traffic inadvertently sent without encryption over the past two years. They also describe how a texting toy targeted at teenage girls can be modified to jam transmissions from the affected radios, either encrypted or not."

Macs More Vulnerable Than Windows For Enterprise 281

sl4shd0rk writes "At a Black Hat security conference in Las Vegas, researchers presented exploits on Apple's DHX authentication scheme which can compromise all connected Macs on the LAN within minutes. 'If we go into an enterprise with a Mac and run this tool we will have dozens or hundreds of passwords in minutes,' Stamos said. Macs are fine as long as you run them as little islands, but once you hook them up to each other, they become much less secure."

Building a Better 'Anonymous?' 119

An anonymous reader writes "A hacktivism panel at the DefCon hacker convention was conspicuously missing its star member Aaron Barr, who dropped out under legal pressure from his former company HBGary Federal, debated how Anonymous could channel its efforts for the greater good. Members of Anon attending the discussion chimed in, too."

IBM To Unveil Secure Open Wireless At Black Hat 91

Trailrunner7 writes "Researchers from IBM's ISS X-Force plan to unveil a new system for running an open wireless network in a secure mode at the Black Hat conference here this week. The system mimics the way that Web sites browsers use digital certificates to establish a trusted connection with one another. X-Force researchers have been working on the system for a while now and the company plans to demonstrate the technology on Thursday during the conference. One of the main problems with public wireless networks is that they're susceptible to a number of simple attacks, including passive sniffing and man-in-the-middle. The X-Force system is designed to get around these problems by using a digital certificate to assure users that they are communicating with the wireless hotspot that they think they are."

Governments, IOC and UN Hit By Massive Cyber Attack 122

fysdt writes "IT security firm McAfee claims to have uncovered one of the largest ever series of cyber attacks. It lists 72 different organisations that were targeted over five years, including the International Olympic Committee, the UN and security firms. McAfee will not say who it thinks is responsible, but there is speculation that China may be behind the attacks. Beijing has always denied any state involvement in cyber-attacks, calling such accusations 'groundless.'"

How Face Recognition Can Uncover SSNs 103

nonprofiteer writes "Building on previous work showing that social security numbers are not random, CMU researchers ran experiments in which they predicted students' social security numbers after taking a photo of them with a cheap webcam. Using off-the-shelf facial recognition technology and data-mining publicly available Facebook photos and profile information, they were able to come up with the social security numbers of several of the students. (More impressive, as they note that 60% of the students were foreign, and had no SSNs, leaving them a pool of less than 50)."

LulzSec Calls For PayPal Boycott, Spokesman Arrested 425

An anonymous reader writes "British police have arrested a 19-year-old man believed to be 'Topiary', the official spokesperson of the LulzSec hactivist group. The man was arrested at his home in the Shetland Islands earlier today (July 27), and is being transported to a central London police station." Also today, LulzSec has called for a boycott of PayPal saying “We encourage anyone using PayPal to immediately close their accounts and consider an alternative.”

Security Expert Slams Google+ Pseudonym Policy 373

An anonymous reader writes "A security expert has panned Google's "real name" policy on Google+, claiming that the hard line will damage privacy. Sophos's Chester Wisniewski says that closing accounts where users have adopted false names erodes privacy on the social network. 'What they seemed to have missed is that the very foundation of privacy is identity. Simply knowing my postal code or birth date is meaningless without a name to associate it with. By requiring people to only use their real names, unless they just happen to be a celebrity, they have eliminated the ability for people to be private in any meaningful way.'"

"No, no, I don't mind being called the smartest man in the world. I just wish it wasn't this one." -- Adrian Veidt/Ozymandias, WATCHMEN