KevLar's Space

my little space on the interwebs

Malware Distributed Through Twitch Chat Is Hijacking Steam Accounts

An anonymous reader writes If you use Twitch don’t click on any suspicious links in the video streaming platform’s chat feature. Twitch Support’s official Twitter account issued a security warning telling users not to click the “csgoprize” link in chat. According to f-secure, the link leads to a Java program that asks for your name and email. If you provide the info it will install a file on your computer that’s able to take out any money you have in your Steam wallet, as well as sell or trade items in your inventory. “This malware, which we call Eskimo, is able to wipe your Steam wallet, armory, and inventory dry,” says F-Secure. “It even dumps your items for a discount in the Steam Community Market. Previous variants were selling items with a 12 percent discount, but a recent sample showed that they changed it to 35 percent discount. Perhaps to be able to sell the items faster.”

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/XmSJgq

High School Student Builds Gun That Unlocks With Your Fingerprint

An anonymous reader writes: Kai Kloepfer is a 17-year-old high school student from Colorado who just won the Smart Tech for Firearms Challenge. Kloepfer designed and built a smart gun that will only unlock and fire for users who supply the proper fingerprints. “The gun works by creating a user ID and locking in the fingerprint of each user allowed to use the gun. The gun will only unlock with the unique fingerprint of those who have already permission to access the gun. … According to him, all user data is kept right on the gun and nothing is uploaded anywhere else so it would be pretty hard to hack.” The gun can have up to 999 authorized users, and its accuracy at detecting fingerprints is 99.99%. For winning the challenge, he won $50,000 in funding to continue developing the smart gun. Some of the fund have already gone toward 3-D printing portions of the prototype.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1y1MVtA

City of Turin To Switch From Windows To Linux and Save 6M Euros

jrepin writes: The municipality of Turin in Italy hopes to save 6 million Euro over five years by switching from Windows XP to Ubuntu Linux in all of its offices. The move will mean installing the open source operating system on 8,300 PCs, which will generate an immediate saving of roughly €300 per machine (almost €2.5m altogether, made up from the cost of Windows and Office licences) — a sum that will grow over the years as the need for the renewal of proprietary software licences vanishes, and the employees get used to the new machines.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/YEDkcL

Ask Slashdot: Advice On Building a Firewall With VPN Capabilities?

An anonymous reader writes “I currently connect to the internet via a standard router, but I’m looking at bulking up security. Could people provide their experiences with setting up a dedicated firewall machine with VPN capabilities? I am a novice at Linux/BSD, so would appreciate pointers at solutions that require relatively little tweaking. Hardware-wise, I have built PC’s, so I’m comfortable with sourcing components and assembling into a case. The setup would reside in my living room, so a quiet solution is required. The firewall would handle home browsing and torrenting traffic. Some of the questions knocking around in my head: 1. Pros and cons of buying an off-the-shelf solution versus building a quiet PC-based solution? 2. Software- versus hardware-based encryption — pros and cons? 3. What are minimum requirements to run a VPN? 4. Which OS to go for? 5. What other security software should I include for maximum protection? I am thinking of anti-virus solutions.”

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/WTDlrj

L.A. TV Stations Free Up Some Spectrum For Wireless Broadband

alphadogg (971356) writes An effort to free up some of the airwaves used by TV broadcasts and make them available for wireless broadband took a big step forward this week in the U.S. Two TV stations in Los Angeles, KLCS and KCET, have agreed to share a single frequency to deliver their programming freeing up a channel that can be auctioned off to wireless carriers next year. The change, which the Federal Communications Commission calls “repackaging,” is possible because digital TV broadcasts don’t need the full 6MHz of broadcast spectrum that was used for analog TV.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1m01l8c

Turning the Tables On “Phone Tech Support” Scammers

mask.of.sanity writes A security pro has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among “Hi this is Microsoft, there’s a problem with your computer” tech support scammers. The hack detailed in Matthew Weeks’ technical post works from the end-user, meaning victims can send scammers the hijacking exploit when they request access to their machines. Victims should provide scammers with their external IP addresses rather than their Ammyy identity numbers as the exploit was not yet built to run over the Ammyy cloud, according to the exploit readme. This is much more efficient than just playing along but “accidentally” being unable to follow their instructions.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1qrpXbd

Mining iPhones and iCloud For Data With Forensic Tools

SternisheFan points out an article that walks us through the process of using forensic tools to grab data from iPhones and iCloud using forensic tools thought to have been employed in the recent celebrity photo leak. There are a number of ways to break into these devices and services depending on what kind of weakness an attacker has found. For example, if the attacked has possession of a target’s iPhone, a simple command-line toolkit from Elcomsoft uses a jailbreak to bypass the iPhone’s security. A different tool can extract iCloud data with access to a computer that has a local backup of a phone’s data, or access to a computer that simply has stored credentials. The discusses also details a method for spoofing device identification to convince iCloud to restore data to a device mimicking the target’s phone. The author concludes, “Apple could go a long way toward protecting customer privacy just by adding a second credential to encrypt stored iCloud data. An encryption password could be used to decrypt the backup when downloaded to iTunes or to the device, or it could be used to decrypt the data as it is read by iCloud to stream down to the device.”

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1qnBxnH

5 Million Gmail Passwords Leaked, Google Says No Evidence Of Compromise

kierny writes After first appearing on multiple Russian cybercrime boards, a list of 5 million Google account usernames — which of course double as email usernames — are circulating via file-sharing sites. Experts say the information most likely didn’t result from a hack of any given site, including Google, but was rather amassed over time, likely via a number of hacks of smaller sites, as well as via malware infections. Numerous commenters who have found their email addresses included in the list of exposed credentials say the included password appears to date from at least three years ago, if not longer. That means anyone who’s changed their Google/Gmail password in the last three years is likely safe from account takeover.

Read more of this story at Slashdot.



via Slashdot: IT http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/MqrNavdv8Fg/story01.htm

Research Finds No Large-Scale Exploits of Heartbleed Before Disclosure

Trailrunner7 writes: In the days and weeks following the public disclosure of the OpenSSL Heartbleed vulnerability in April, security researchers and others wondered aloud whether there were some organizations – perhaps the NSA – that had known about the bug for some time and had been using it for targeted attacks. A definitive answer to that question may never come, but traffic data collected by researchers on several large networks shows no large-scale exploit attempts in the months leading up to the public disclosure. “For all four networks, over these time periods our detector found no evidence of any exploit attempt up through April 7, 2014. This provides strong evidence that at least for those time periods, no attacker with prior knowledge of Heartbleed conducted widespread scanning looking for vulnerable servers. Such scanning however could have occurred during other time periods.” That result also doesn’t rule out the possibility that an attacker or attackers may have been doing targeted reconnaissance on specific servers or networks. The researchers also conducted similar monitoring of the four networks, and noticed that the first attempted exploits occurred within 24 hours of the OpenSSL disclosure.

Read more of this story at Slashdot.



via Slashdot: IT http://ift.tt/1rBFQXT

Steve Ballmer Authored the Windows 3.1 Ctrl-Alt-Del Screen

Nerval’s Lobster writes According to Microsoft developer Raymond Chen, Steve Ballmer didn’t like the original text that accompanied the Ctrl-Alt-Del screen in Windows 3.1, so he wrote up a new version. If you used Windows at any point in the past two decades, you can thank him for that infuriatingly passive ‘This Windows application has stopped responding to the system’ message, accompanied by the offer to hit Ctrl+Alt+Delete again to restart the PC (and lose all your unsaved data). Update: 09/09 15:30 GMT by S : Changed headline and summary to reflect that Ballmer authored the Ctrl-Alt-Del screen, not the BSoD, as originally stated.

Read more of this story at Slashdot.


via Slashdot: IT http://ift.tt/1rBFOPM

Follow

Get every new post delivered to your Inbox.