By EditorDavid from Slashdot's million-IP-march department
Cisco says in just one week in February they detected 1,127,818 different IP addresses being used to launch 744,361,093 login attempts on 220,758,340 different email addresses -- and that 93% of those attacks were directed at two financial institutions in a massive Account Takeover (ATO) campaign. An anonymous reader writes: Crooks used 993,547 distinct IPs to check login credentials for 427,444,261 accounts. For most of these attacks, the crooks used proxy servers, but also two botnets, one of compromised Arris cable modems, and one of ZyXel routers/modems. Most of these credentials have been acquired from public breaches or underground hacking forums. This happened before the recent huge data breaches such as MySpace, LinkedIn, Tumblr, and VK.com.
It's apparently similar to the stolen-credentials-from-other-sites attack that was launched against GitHub earlier this week.Read Replies (0)
By EditorDavid from Slashdot's robot-chauffeurs department
An anonymous reader quotes an article from the Bay Area News Group:
Imagine your fully autonomous self-driving car totals a minivan. Who pays for the damages? "There wouldn't be any liability on you, because you're just like a passenger in a taxi," says Santa Clara University law professor Robert Peterson. Instead, the manufacturer of your car or its software would probably be on the hook... Virtually everything around car insurance is expected to change, from who owns the vehicles to who must carry insurance to who -- or what -- is held responsible for causing damage, injuries and death in an accident."
Ironically, if you're only driving a semi-autonomous car, "you could end up in court fighting to prove the car did wrong, not you," according to the article. Will human drivers be considered a liability -- by insurers, and even by car owners? The article notes that Google is already testing a car with no user-controlled brake pedal or steering wheel. Of course, one consumer analyst warns the newspaper that "hackers will remain a risk, necessitating insurance coverage for hostile takeover of automated systems..."Read Replies (0)
By EditorDavid from Slashdot's money-talks department
Thursday's new of a $50 million heist of digital currency at Ethereum. was followed today be reports of a second heist from the DAO, according to the Bitcoin News Service -- this one for just 22 Ether. "It appears this is just someone who wanted to test the exploit and see if they could use it to their advantage... " Slashdot reader Patrick O'Neill writes:
The currency's community is currently debating a course forward for a currency who is built on the idea that it is governed by software and not human beings. One option is to fork the code, another is to do absolutely nothing at all."
Vitalik Buterin, the co-founder of Ethereum, posted Sunday that "Over the last day with the community's help we have crowdsourced a list of all of the major bugs with smart contracts on Ethereum so far, including both the DAO as well as various smaller 100-10000 ETH thefts and losses in games and token contracts." The list begins by including "The DAO (obviously)," but is followed by a warning that "progress in smart contract safety is necessarily going to be layered, incremental, and necessarily dependent on defense-in-depth. There will be further bugs, and we will learn further lessons; there will not be a single magic technology that solves everything."
The Daily Dot wrote Friday that "Because of the way the code in question is written, Etherum's developers and community have 27 days to decide what to do before the hackers are able to move the money and cash out... What's happening now amounts to a political campaign. But the debate is far from over. The clock is ticking now, the world is watching, and the next step of the cryptocurrency experiment is unfolding under a spotlight burning hotter every day."Read Replies (0)
By manishs from Slashdot's apple-vs-right-to-repair department
Damon Beres, writing for The Huffington Post: Major tech companies like Apple have trampled legislation that would have helped consumers and small businesses fix broken gadgets. New York state legislation that would have required manufacturers to provide information about how to repair devices like the iPhone failed to get a vote, ending any chance of passage this legislative session. Similar measures have met the same fate in Minnesota, Nebraska, Massachusetts and, yes, even previously in New York. Essentially, politicians never get to vote on so-called right to repair legislation because groups petitioning on behalf of the electronics industry gum up the proceedings. "We were disappointed that it wasn't brought to the floor, but we were successful in bringing more attention to the issue," New York state Sen. Phil Boyle (R), a sponsor of the bill, told The Huffington Post.Read Replies (0)
By EditorDavid from Slashdot's resolved department
About 50 KDE developers met this week in the Swiss Alps for the annual Randa Meetings, "seven days of intense in-person work, pushing KDE technologies forward and discussing how to address the next-generation demands for software systems." Christoph Cullmann, who maintains the Kate editor, blogs that during this year's sprint, they finally fixed a 13-year-old bug. He'd filed the bug report himself -- back in 2003 -- and writes that over the next 13 years, no one ever found the time to fix it. (Even though the bug received 333 "importance" votes...) After finally being marked Resolved, the bug's tracking page at KDE.org began receiving additional comments marveling at how much time had passed.
Just think, when this bug was first reported:
-- The current Linux Kernel was 2.6.31...
-- Windows XP was the most current desktop verison. Vista was still 3 years away.
-- Top 2 Linux verions? Mandrake and Redhat (Fedora wouldn't be released for another 2 months, Ubuntu's first was more than a year away.)Read Replies (0)
By EditorDavid from Slashdot's hatching-a-plan department
HughPickens.com shares an article from The Verge: Bill Gates' philanthropic efforts are usually greeted with near-universal praise, but a recent attempt by the US billionaire to donate 100,000 chickens ruffled some feathers. The leftist government of Bolivia...has refused the donation, describing Gates' gift as "offensive." "He does not know Bolivia's reality to think we are living 500 years ago, in the middle of the jungle not knowing how to produce," said Cesar Cocarico [Bolivia's minister of land and rural development]... "Respectfully, he should stop talking about Bolivia, and once he knows more, apologize to us."
Gates' "Coop Dreams" initiative partnered with Heifer International, a group which fights poverty by delivering livestock and agricultural training, to deliver 100,000 chickens around the world, mostly to sub-Saharan Africa, as a way to improve the lives of people making $2 a day. In a blog post Gates noted that chickens are cheap and easy to take care, while selling flocks of chickens can be a profitable business, and raising chickens offers other benefits to children and families. "Our foundation is betting on chickens..." Gates writes, adding "if I were in their shoes, that's what I would do -- I would raise chickens."Read Replies (0)
By manishs from Slashdot's technology-and-money department
In an interview with The Atlantic, Ev Williams, best known for co-founding Blogger, Twitter, and Medium, says the web is about money now -- and not creativity. According to him, the burst of creativity has repeatedly been followed by big companies showing up and locking it down. From the article: But the thing about dreaming up a future, and making it real, is then you have to live in it. Back in San Francisco, coming out of the BART station on Market Street, he admits that the web game has changed since he came up. [Editor's note: he is talking about web services that allow you to book a taxi with an app, pay for stuff you purchase with your phone]. "There were always ecommerce startups," he says. "I was never part of that world, and we kind of looked down on them when the whole boom was happening. We were creating businesses, but ours had more creativity, ours weren't just for the money. Or maybe ours were even for utility but not just money, whereas clearly there are ways for both." He laughs. "Even the Google guys -- they were trying to create something really useful and good for the world, and they made all the money." Software developer and writer Dave Winer disagrees. He believes that not all technologies are money-driven -- at least when you look at it from a different perspective. He writes: The fun is over. Now it's about money. I guess that's what you see from his perspective. And from Facebook, Apple and Google, and maybe Oracle and Salesforce, and a few others. But there are technologies that went a different way. My favorite example is Manhattan's relationship to Central Park. The apartment buildings around the park are the money, and the creativity is in the park. The buildings are exclusive, the most expensive real estate in the world. The park is open to anyone, rich or poor, from anywhere in the world. The park is the engine of renewal. It's where the new stuff comes from. The buildings are where the money is parked. In the interview Williams did with the Atlantic, in NYC, they looked into the park from a nearby hotel. That's one valid perspective of course. Or you could go for a walk and see wha''s happening inside the park. You can see a great concert at Lincoln Center or Carnegie Hall, but there's great music in the park too. It's different. But it's good music. And the price is right.Read Replies (0)
By EditorDavid from Slashdot's Flash-in-the-pan department
An anonymous reader quotes an article from BankInfoSecurity:
Security experts are once again warning enterprises to immediately update -- or delete -- all instances of the Adobe Flash Player they may have installed on any system in the wake of reports that a zero-day flaw in the web browser plug-in is being targeted by an advanced persistent threat group.... The bug exists in Adobe Flash Player 126.96.36.199 and earlier versions -- running on Windows, Mac, Linux, and Chrome OS -- and "successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system."
Thursday Adobe released an updated version of Flash patching 36 separate vulnerabilities, including the critical vulnerability which "if exploited would allow malicious native-code to execute, potentially without a user being aware." While applauding Adobe's quick response, researchers at Kaspersky Lab say it's already been exploited in Russia, Nepal, South Korea, China, India, Kuwait and Romania, and BankInfoSecurity writes that "The latest warning over this campaign reinforces just how often APT attackers target Flash, thus making a potential business case for banning it for inside the enterprise."Read Replies (0)
By manishs from Slashdot's this-should-be-fun department
Even if you pay only a fraction of your time on security news, you probably already know Mikko Hypponen (Twitter, Wikipedia). He is the Chief Research Officer at F-Secure, a security firm he joined over two decades ago. Hypponen has assisted law enforcement in the United States, Europe and Asia on cybercrime cases, and has also made several appearances on BBC, TED talks, TEDx, DLD, SXSW, Black Hat, DEF CON, and Google Zeitgeist among others. He has also written for CNN, The New York Times, Wired, and BetaNews. Hypponen has closely watched computers, networks, and security spaces grow over the years. In 2011, Hypponen tracked down the authors of the first PC virus in history -- Brain.A. Whether you want to know about the early days of malware -- when they were mostly created by hobbyists, or an inside view of the challenges security firms face today, or how exactly does one keep himself or herself safe in the increasingly terrifying world, use the comments section to leave your question.Read Replies (0)