We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!
mrspoonsi writes The proposal was made by the Google developers working on the search firm's Chrome browser. The proposal to mark HTTP connections as non-secure was made in a message posted to the Chrome development website by Google engineers working on the firm's browser. If implemented, the developers wrote, the change would mean that a warning would pop-up when people visited a site that used only HTTP to notify them that such a connection "provides no data security". Currently only about 33% of websites use HTTPS, according to statistics gathered by the Trustworthy Internet Movement which monitors the way sites use more secure browsing technologies. In addition, since September Google has prioritised HTTPS sites in its search rankings.
142 comments | 6 hours ago
tobiasly writes The country's top five theater chains — Regal Entertainment, AMC Entertainment, Cinemark, Carmike Cinemas and Cineplex Entertainment — have decided not to play Sony's The Interview. This comes after the group which carried off a massive breach of its networks threatened to carry out "9/11-style attacks" on theaters that showed the film. Update: Sony has announced that it has cancelled the planned December 25 theatrical release.
359 comments | 8 hours ago
Trailrunner7 writes that researchers at Palo Alto Networks have found a backdoor in Android devices sold by Coolpad. "A popular Android smartphone sold primarily in China and Taiwan but also available worldwide, contains a backdoor from the manufacturer that is being used to push pop-up advertisements and install apps without users' consent. The Coolpad devices, however, are ripe for much more malicious abuse, researchers at Palo Alto Networks said today, especially after the discovery of a vulnerability in the backend management interface that exposed the backdoor's control system. Ryan Olson, intelligence director at Palo Alto, said the CoolReaper backdoor not only connects to a number of command and control servers, but is also capable of downloading, installing and activating any Android application without the user's permission. It also sends phony over-the-air updates to devices that instead install applications without notifying the user. The backdoor can also be used to dial phone numbers, send SMS and MMS messages, and upload device and usage information to Coolpad."
64 comments | 11 hours ago
theodp writes "Investors have poured over $2 billion into businesses built on Hadoop," writes the WSJ's Elizabeth Dwoskin, "including Hortonworks Inc., which went public last week, its rivals Cloudera Inc. and MapR Technologies, and a growing list of tiny startups. Yet companies that have tried to use Hadoop have met with frustration." Dwoskin adds that Hadoop vendors are responding with improvements and additions, but for now, "It can take a lot of work to combine data stored in legacy repositories with the data that's stored in Hadoop. And while Hadoop can be much faster than traditional databases for some purposes, it often isn't fast enough to respond to queries immediately or to work on incoming information in real time. Satisfying requirements for data security and governance also poses a challenge."
49 comments | 12 hours ago
An anonymous reader sends word that Apple's iTunes DRM case has already been decided. The 8-person jury took only a few hours to decide that the features introduced in iTunes 7.0 were good for consumers and did not violate antitrust laws. Following the decision, the plaintiff's head attorney Patrick Coughlin said an appeal is already planned. He also expressed frustrations over getting two of the security features — one that checks the iTunes database, and another that checks each song on the iPod itself — lumped together with the other user-facing features in the iTunes 7.0 update, like support for movies and games. "At least we got a chance to get it in front of the jury," he told reporters. ... All along, Apple's made the case that its music store, jukebox software, and hardware was simply an integrated system similar to video game consoles from Sony, Microsoft, and Nintendo. It built all those pieces to work together, and thus it would be unusual to expect any one piece from another company to work without issues, Apple's attorneys said. But more importantly, Apple offered, any the evolution of its DRM that ended up locking out competitors was absolutely necessary given deals it had with the major record companies to patch security holes.
174 comments | yesterday
mpicpp sends this report from CNN: Uber has rolled back employee access to its "God view" mode, which allows the company to track riders' locations and other data. The ride service company was faced with questions about its privacy policies from U.S. Senator Al Franken, following a series of recent privacy debacles. Uber's updated policy is detailed in its response to the senator's questions. Franken sent Uber a letter (PDF, Uber's response) in November after news reports made two things clear: The ride service company collects lots of data on customers — and some executives don't exercise that power responsibly. In one case, an Uber employee using "God View" easily tracked a reporter's movements on her way to a meeting.
76 comments | yesterday
Lucas123 writes: A new international survey of internet users from 24 countries has found that more than 39% of them have taken steps to protect their data since Edward Snowden leaked the NSA's spying practices. The survey, conducted by the Center for International Governance Innovation, found that 43% of Internet users now avoid certain websites and applications and 39% change their passwords regularly. Security expert Bruce Schneier chastised the media for trying to downplay the numbers by saying "only" 39%" have taken action and "only 60%" have heard of Snowden. The news articles, "are completely misunderstanding the data," Schneier said, pointing out that by combining data on Internet penetration with data from the international survey, it works out to 706 million people who are now taking steps to protect their online data. Additionally, two-thirds (64%) of users indicated they are more concerned today about online privacy than they were a year ago. Another notable finding: 83% of users believe that affordable access to the Internet should be a basic human right.
53 comments | 2 days ago
jfruh writes Google Chairman Eric Schmidt told a conference on surveillance at the Cato Institute that Edward Snowden's revelations on NSA spying shocked the company's engineers — who then immediately started working on making the company's servers and services more secure. Now, after a year and a half of work, Schmidt says that Google's services are the safest place to store your sensitive data.
273 comments | 2 days ago
retroworks writes Motherboard.vice offers an interesting scoop from the hacked Sony Pictures email trove. A plan championed by Polish marketing employee Magda Mastalerz was to upload false versions of highly-pirated Sony programming, effectively polluting torrent sites with false positives. For example, a "Hannibal"-themed anti-piracy ad to popular torrent sites disguised as the first episode. Sony Pictures legal department quashed the idea, saying that if pirate sites were illegal, it would also be illegal for Sony Pictures to upload onto them. There were plans in WW2 to drop phony counterfeit currency to disrupt markets, and I wonder why flooding underground markets with phony products isn't widespread. Why don't credit card companies manufacture fake lists of stolen credit card numbers, or phony social security numbers, for illegal trading sites? For that matter, would fake ivory, fake illegal porn, and other "false positives" discourage buyers? Or create alibis?
130 comments | 2 days ago
Home automation is a recurring topic around here; we've had stories about X-10-based home-brewed systems, a protocol designed for automation, and more than a few Ask Slashdots. Now, an anonymous reader writes OpenMotics is an open source home automation hardware and software system that offers features like switching lights and outputs, multi-zone heating and cooling, power measurements, and automated actions. The system encompasses both open source software and hardware. For interoperability with other systems, the OpenMotics Gateway provides an API through which various actions can be executed. The project was open sourced 2 years ago and was started about 10 years. The choice to open source the project was very conscious: we want to offer a system where users are in full control over their home automation system.
36 comments | 4 days ago
An anonymous reader writes Google [on Friday] announced it plans to retire the Google Earth API on December 12, 2015. The reason is simple: Both Chrome and Firefox are removing support for Netscape Plugin Application Programming Interface (NPAPI) plugins due to security reasons, so the API's death was inevitable. The timing makes sense. Last month, Google updated its plan for killing off NPAPI support in Chrome, saying that it would block all plugins by default in January and drop support completely in September. The company also revealed that the Google Earth plugin had dropped in usage from 9.1 percent of Chrome users in October 2013 to 0.1 percent in October 2014. Add dwindling cross-platform support (particularly on mobile devices), and we're frankly surprised the announcement didn't come sooner.
74 comments | 4 days ago
An anonymous reader writes: BGPMon reports on a recent route hijacking event by Syria. These events continue, despite the ability to detect and prevent improper route origination: Resource Public Key Infrastructure. RPKI is technology that allows an operator to validate the proper relationship between an IP prefix and an Autonomous System. That is, assuming you can collect the certificates. ARIN requires operators accept something called the Relying Party Agreement. But the provider community seems unhappy with the agreement, and is choosing not to implement it, just to avoid the RPA, leaving the the Internet as a whole less secure.
57 comments | 5 days ago
colinneagle writes: Who's old enough to remember when the best technology was found at work, while at home we got by with clunky home computers and pokey dial-up modems? Those days are gone, and they don't look like they're ever coming back.
Instead, today's IT department is scrambling to deliver technology offerings that won't get laughed at — or, just as bad, ignored — by a modern workforce raised on slick smartphones and consumer services powered by data centers far more powerful than the one their company uses. And those services work better and faster than the programs they offer, partly because consumers don't have to worry about all the constraints that IT does, from security and privacy to, you know, actually being profitable. Plus, while IT still has to maintain all the old desktop apps, it also needs to make sure mobile users can do whatever they need to from anywhere at any time.
And that's just the users. IT's issues with corporate peers and leaders may be even rockier. Between shadow IT and other Software-as-a-Service, estimates say that 1 in 5 technology operations dollars are now being spent outside the IT department, and many think that figure is actually much higher. New digital initiatives are increasingly being driven by marketing and other business functions, not by IT. Today's CMOs often outrank the CIO, whose role may be constrained to keeping the infrastructure running at the lowest possible cost instead of bringing strategic value to the organization. Hardly a recipe for success and influence.
238 comments | 5 days ago
derekmead writes: The arrest of the Silk Road 2.0 leader and subsequent seizure of the site was partially due to the presence of an undercover U.S. Department of Homeland Security agent, who "successfully infiltrated the support staff involved in running the Silk Road 2.0 website," according to the FBI.
Referencing multiple interviews, publicly available information, and parts of the moderator forum shared with me, it appears likely that the suspicions of many involved in Silk Road 2.0 are true: the undercover agent that infiltrated the site was a relatively quiet staff member known as Cirrus.
81 comments | 5 days ago
msm1267 writes A researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that put email message content, contact information and much more at risk. The researcher said the weakness is relatively simple to exploit and puts users at high risk for data loss, identity theft, and more. Yahoo has patched one issue related to a specific .swf file hosted on Yahoo's content delivery network that contained a vulnerability that could give an attacker complete control over Yahoo Mail accounts cross origin. While the patch fixed this specific issue, the larger overall configuration issue remains, meaning that other vulnerable .swf files hosted outside the Yahoo CDN and on another Yahoo subdomain could be manipulated the same way.
49 comments | 5 days ago
HughPickens.com writes Lily Hay Newman reports at Slate that Sony is counterhacking to keep its leaked files from spreading across torrent sites. According to Recode, Sony is using hundreds of computers in Asia to execute a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter. Sony used a similar approach in the early 2000s working with an anti-piracy firm called MediaDefender, when illegal file sharing exploded. The firm populated file-sharing networks with decoy files labeled with the names of such popular movies as "Spider-Man," to entice users to spend hours downloading an empty file. "Using counterattacks to contain leaks and deal with malicious hackers has been gaining legitimacy," writes Newman. "Some cybersecurity experts even feel that the Second Amendment can be interpreted as applying to 'cyber arms'."
185 comments | about a week ago
First time accepted submitter Amanda Parker writes In July the US warned of a terrorism risk which led countries, such as France and the UK, to step up their security screening for flights to the US. Secretary of Homeland Security Jeh Johnson directed the TSA to implement enhanced security measures. In his statement on 6 July, Johnson warned that passengers could also be asked to "power up some devices, including cell phones" and stated that "powerless devices will not be permitted on board the aircraft". In light of the US Transportation Security Administration's (TSA) recent tightening of airport security to include stricter screening of electronic devices, is the TSA right to be cautious or have its actions caused unnecessary hassle for passengers?
184 comments | about a week ago
An anonymous reader writes Trusteer Rapport, a software package whose installation is promoted by several major banks as an anti-fraud tool, has recently been acquired by IBM and has an updated EULA. Among other things, the new EULA includes this gem: "In addition, You authorize personnel of IBM, as Your Sponsoring Enterprise's data processor, to use the Program remotely to collect any files or other information from your computer that IBM security experts suspect may be related to malware or other malicious activity, or that may be associated with general Program malfunction." Welcome to the future...
135 comments | about a week ago
An anonymous reader writes A security researcher has released a humorous vulnerability description for the Keurig 2.0 coffee maker, which includes DRM designed to only brew Keurig brand coffe pods (K-Cups): "Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup." The vulnerability description even includes mitigating controls, such as keeping the Keurig in a locked cabinet when not in use. Also at Hackaday.
269 comments | about a week ago
New submitter dubner writes Simply hand the law enforcement officer your mobile phone. That's what you can do in Iowa rather than "digging through clutter in your glove compartment for an insurance card." And soon your driver's license will be available on your phone too, according to a story in the (Des Moines Register). Iowans will soon be able to use a mobile app on their smartphones as their official driver's license issued by the Iowa Department of Transportation. Some marvelous quotes in TFA: "The new app should be highly secure ... People will use a pin number for verification." And "Branstad (Iowa governor)... noted that even Iowa children are now working on digital development projects." A raft of excuses ("battery's dead") and security problems come to mind; how would you implement such a system?
207 comments | about a week ago