By timothy from Slashdot's setting-aside-whether-you-like-particular-users department
writes with a link to the Daily Dot's "comprehensive analysis of hundreds of police raids and arrests made involving Tor users in the last eight years," which explains that "the software's biggest weakness is and always has been the same single thing: It's you
." A small slice: In almost all the cases we know about, it’s trivial mistakes that tend to unintentionally expose Tor users.
Several top Silk Road administrators were arrested because they gave proof of identity to Dread Pirate Roberts, data that was owned by the police when Ulbricht was arrested. Giving your identity away, even to a trusted confidant, is always huge mistake.
A major meth dealer’s operation was discovered after the IRS started investigating him for unpaid taxes, and an OBGYN who allegedly sold prescription pills used the same username on Silk Road that she did on eBay.
Likewise, the recent arrest of a pedophile could be traced to his use of “gateway sites” (such as Tor2Web), which allow users to access the Deep Web but, contrary to popular belief, do not offer the anonymizing power of Tor.
"There's not a magic way to trace people [through Tor], so we typically capitalize on human error, looking for whatever clues people leave in their wake," James Kilpatrick, a Homeland Security Investigations agent, told the Wall Street Journal.Read Replies (0)
By timothy from Slashdot's such-small-portions department
writes Buried in the details of Microsoft's technical preview for Windows 10 is a bit of a footnote concerning the operating system's requirements. Windows 10 will have exactly the same requirements as Windows 8.1, which had the same requirements as Windows 8, which stuck to Windows 7 specs, which was the same as Windows Vista. At this point, it's something we take for granted with future Windows release. As the years roll by, you can't help wondering what we're actually giving up in exchange for holding the minimum system spec at a single-core 1GHz, 32-bit chip with just 1GB of RAM. The average smartphone is more powerful than this these days. For decades, the standard argument has been that Microsoft had to continue supporting ancient operating systems and old configurations, ignoring the fact that the company did its most cutting-edge work when it was willing to kill off its previous products in fairly short order. what would Windows look like if Microsoft at least mandated a dual-core product? What if DX10 — a feature set that virtually every video card today supports, according to Valve's Steam Hardware Survey, became the minimum standard, at least on the x86 side of the equation? How much better might the final product be if Microsoft put less effort into validating ancient hardware and kicked those specs upwards, just a notch or two?
If Microsoft did
raise the specs a notch or two with each release, I think there'd be some justified complaints about failing to leave well enough alone, at least on the low end.Read Replies (0)
By timothy from Slashdot's distract-them-with-fresh-targets department
writes A look at some of the Shellshock-related reports from the past week makes it seem as if attackers are flooding networks with cyberattacks targeting the vulnerability in Bash that was disclosed last week. While the attackers haven't wholesale adopted the flaw, there have been quite a few attacks—but the reality is that attackers are treating the flaw as just one of many methods available in their tool kits. One way to get a front-row seat of what the attacks look like is to set up a honeypot. Luckily, threat intelligence firm ThreatStream released ShockPot, a version of its honeypot software with a specific flag, "is_shellshock," that captures attempts to trigger the Bash vulnerability. Setting up ShockPot on a Linux server from cloud host Linode.com is a snap. Since attackers are systematically scanning all available addresses in the IPv4 space, it's just a matter of time before someone finds a particular ShockPot machine. And that was definitely the case, as a honeypot set up by a Dice (yes, yes, we know) tech writer captured a total of seven Shellshock attack attempts out of 123 total attacks. On one hand, that's a lot for a machine no one knows anything about; on the other, it indicates that attackers haven't wholesale dumped other methods in favor of going after this particular bug. PHP was the most common attack method observed on this honeypot, with various attempts to trigger vulnerabilities in popular PHP applications and to execute malicious PHP scripts.Read Replies (0)
By timothy from Slashdot's avoiding-panic-has-an-upside department
As reported by Bloomberg News, The Washington Post, and other outlets, the Liberian patient whose diagnosis of Ebola infection marks him as the first such case to have been first diagnosed within the United States
may have had contact with more people than previously estimated, and 80 people in the Dallas area
are nowbelieved to have come into contact with him
. While Bloomberg reports that this larger group of potential contacts is "being monitored for symptoms," the Washington Post's slightly later story says that, in keeping with the best current knowledge about Ebola's spread,"Dallas County Health and Human Services Director Zachary Thompson said that these [newly identified contacts] are not being watched or monitored and are not showing any symptoms of the illness. Only the immediate family members of the victim are being regularly monitored for Ebola symptoms; they've been ordered to stay at home and avoid contact with others."Read Replies (0)
By timothy from Slashdot's we-call-this-the-low-priority-unit department
writes Earlier this week, an indictment was unsealed outlining a long list of charges against a group of men that stole intellectual property from gaming companies such as Epic Games, Valve, Activision and Microsoft. An Australian member of the group, Dylan Wheeler, describes how it was betrayed by an informant working for the FBI, which bought a hardware mockup of an Xbox One that the group built using source code stolen from Microsoft's Game Developer Network Portal. The device, which the FBI paid $5,000 for, was supposed to be sent to the Seychelles, but never arrived, which indicated the hacking collective had a mole.Read Replies (0)