KevLar's Space

my little space on the interwebs

Uber Hires Hackers Who Remotely Killed a Jeep

An anonymous reader writes: The past several weeks have been rife with major vulnerabilities in modern cars, but none were so dramatic as when Charlie Miller and Chris Valasek tampered with the systems on a moving Jeep Cherokee. Now, Miller and Valasek have left their jobs to join a research laboratory for Uber. It’s the same lab that became home for a number of autonomous vehicle experts poached from Carnegie Mellon University. From the article: “As Uber plunges more deeply into developing or adapting self-driving cars, Miller and Valasek could help the company make that technology more secure. Uber envisions autonomous cars that could someday replace its hundreds of thousands of contract drivers. The San Francisco company has gone to top-tier universities and research centers to build up this capability.”

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1F4fOnI

Symantec Researchers Find 49 New Modules of Regin Spying Tool

itwbennett writes: Security researchers from Symantec have identified 49 more modules (bringing the total number found so far to 75) of the sophisticated Regin cyberespionage platform that many believe is used by the U.S. National Security Agency and its close allies. Some of the modules implement basic malware functions, while other modules are much more specialized and built with specific targets in mind. ‘One module was designed to monitor network traffic to Microsoft Internet Information Services (IIS) web servers, another was observed collecting administration traffic for mobile telephony base station controllers, while another was created specifically for parsing mail from Exchange databases,’ the Symantec researchers said in an updated version of their white paper (PDF) published Thursday.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1PXIpS3

Ashley Madison CEO Steps Down, Reporter Finds Clues To Hacker’s Identity

Dave Knott writes: Following the recent hacks on the infidelity website Ashley Madison, Noel Biderman has stepped down as CEO of both AshleyMadison.com and its parent company. Avid Life Media Inc., the company that owns the site and many others, announced Biderman’s move in a short press release on Friday: “Noel Biderman, in mutual agreement with the company, is stepping down as chief executive officer of Avid Life Media Inc. (ALM) and is no longer with the company. Until the appointment of a new CEO, the company will be led by the existing senior management team.” Before the data hack, the company was planning an IPO in London that would have taken in as much as $200 million from investors. According to regulatory filings, the company had $115 million in revenue last year, more than four times the amount it obtained in 2009.

Meanwhile, in related news, Brian Krebs (the reporter who first uncovered the hack) says he has uncovered clues to the possible identity of the hacker.
Krebs says he noticed the Twitter account operated by a known hacker recently posted a link to Ashley Madison’s stolen proprietary source code before it was made public. Intrigued by the poster’s apparent access, he examined the account’s posting history and noticed a predilection for the music of Australian hard rock band AC/DC. This jibes with the behavior of the hacker(s), who had displayed threatening messages on the computers of Ashley Madison employees, accompanied by AC/DC song Thunderstruck. In a series of tweets, the owner of the account, one Thadeus Zu, appears to deny that he was behind the hack, and indeed makes several suggestions that the account itself isn’t even run by one person, but is instead an amalgam of like-minded digital vigilantes.
The NY Times also reports that people whose details were contained in the leak are beginning to face threats of blackmail.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1F3CLrg

Chrome To Freeze Flash Ads On Sight From September 1

An anonymous reader writes: Shaun Nichols from the Register reports that unimportant Flash content will be click-to-play by default in Google Chrome from September 1. He writes, “Google is making good on its promise to strangle Adobe Flash’s ability to auto-play in Chrome. The web giant has set September 1, 2015 as the date from which non-important Flash files will be click-to-play in the browser by default – effectively freezing out ‘many’ Flash ads in the process. Netizens can right-click over the security-challenged plugin and select ‘Run this’ if they want to unfreeze an ad. Otherwise, the Flash files will remain suspended in a grey box, unable to cause any harm nor any annoyance.”

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1F2BHnx

Ask Slashdot: Advice On Enterprise Architect Position

dave562 writes: I could use some advice from the community. I have almost 20 years of IT experience, 5 of it with the company I am currently working for. In my current position, the infrastructure and applications that I am responsible for account for nearly 80% of the entire IT infrastructure of the company. In broad strokes our footprint is roughly 60 physical hosts that run close to 1500 VMs and a SAN that hosts almost 4PB of data. The organization is a moderate sized (~3000 employees), publicly traded company with a nearly $1 billion market value (recent fluctuations not withstanding). I have been involved in a constant struggle with the core IT group over how to best run the operations. They are a traditional, internal facing IT shop. They have stumbled through a private cloud initiative that is only about 30% realized. I have had to drag them kicking and screaming into the world of automated provisioning, IaaS, application performance monitoring, and all of the other IT “must haves” that a reasonable person would expect from a company of our size. All the while, I have never had full access to the infrastructure. I do not have access to the storage. I do not have access to the virtualization layer. I do not have Domain Admin rights. I cannot see the network. The entire organization has been ham strung by an “enterprise architect” who relies on consultants to get the job done, but does not have the capability to properly scope the projects. This has resulted in failure after failure and a broken trail of partially implemented projects. (VMware without SRM enabled. EMC storage hardware without automated tiering enabled. Numerous proof of concept systems that never make it into production because they were not scoped properly.) After 5 years of succeeding in the face of all of these challenges, the organization has offered me the Enterprise Architect position. However they do not think that the position should have full access to the environment. It is an “architecture” position and not a “sysadmin” position is how they explained it to me. That seems insane. It is like asking someone to draw a map, without being able to actually visit the place that needs to be mapped. For those of you in the community who have similar positions, what is your experience? Do you have unfettered access to the environment? Are purely architectural / advisory roles the norm at this level?

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1JAVWcJ

Inside the Booming, Unhinged, and Dangerous Malvertising Menace

mask.of.sanity writes: The Register has a feature on the online malicious advertising (malvertising) menace that has become an explosively potent threat to end-user security on the internet. Experts say advertising networks and exchanges need to vet their customers, and publishers need to vet the third party content they display. Users should also consider script and ad blockers in the interim. From the article: “Ads as an attack vector was identified in 2007 when security responders began receiving reports of malware hitting user machines as victims viewed online advertisements. By year’s end William Salusky of the SANS Internet Storms Centre had concocted a name for the attacks. Since then malvertising has exploded. This year it increased by more than 260 percent on the previous year, with some 450,000 malicious ads reported in the first six months alone, according to numbers by RiskIQ. Last year, security firm Cyphort found a 300 percent increase in malvertising. In 2013, the Online Trust Alliance logged a more than 200 percent increase in malvertising incidents compared to 2012, serving some 12.4 billion malvertisement impressions.”

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1Lzp5ZN

Most Healthcare Managers Admit Their IT Systems Have Been Compromised

Lucas123 writes: Eighty-one percent of healthcare IT managers say their organizations have been compromised by at least one malware, botnet or other kind of cyber attack during the past two years, and only half of those managers feel that they are adequately prepared to prevent future attacks, according to a new survey by KPMG. The KPMG survey polled 223 CIOs, CTOs, chief security officers and chief compliance officers at healthcare providers and health plans, and found 65% indicated malware was most frequently reported line of attack during the past 12 to 24 months. Additionally, those surveyed indicated the areas with the greatest vulnerabilities within their organization include external attackers (65%), sharing data with third parties (48%), employee breaches (35%), wireless computing (35%) and inadequate firewalls (27%). Top among reasons healthcare facilities are facing increased risk, was the adoption of digital patient records and the automation of clinical systems.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1ImxTNO

A “Public Health” Approach To Internet of Things Security

New submitter StewBeans writes: Guaranteeing your personal privacy in an era when more and more devices are connecting our daily lives to the Internet is becoming increasingly difficult to do. David Bray, CIO of the FCC, emphasizes the exponential growth we are facing by comparing the Internet we know today to a beachball, and the Internet of Everything future to the Sun. Bray says unless you plan to unplug from the Internet completely, every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything. He says this might look similar to public health on the consumer side — the digital equivalent of hand washing — and involve an open, opt-in model for the rapid detection of abnormal trends across global organizations and networks.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1WV9IRM

AMD Unveils Radeon R9 Nano, Targets Mini ITX Gaming Systems With a New Fury

MojoKid writes: AMD today added a third card to its new Fury line that’s arguably the most intriguing of the bunch, the Radeon R9 Nano. True to its name, the Nano is a very compact card, though don’t be fooled by its diminutive stature. Lurking inside this 6-inch graphics card is a Fiji GPU core built on a 28nm manufacturing process paired with 4GB of High Bandwidth Memory (HBM). It’s a full 1.5 inches shorter than the standard Fury X, and unlike its liquid cooled sibling, there’s no radiator and fan assembly to mount. The Fury Nano sports 64 compute units with 64 stream processors each for a total of 4,096 stream processors, just like Fury X. It also has an engine clock of up to 1,000MHz and pushes 8.19 TFLOPs of compute performance. That’s within striking distance of the Fury X, which features a 1,050MHz engine clock at 8.6 TFLOPs. Ars Technica, too, takes a look at the new Nano.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1hhEzHi

Contiki 3.0 Released, Retains Support For Apple II, C64

An anonymous reader writes that on Wednesday the Contiki team announced the release of Contiki 3.0, the latest version of the open source IoT operating system. The 3.0 release is a huge step up from the 2.x branch and brings support for new and exciting hardware, a set of new network protocols, a bunch of improvements in the low-power mesh networking protocols, along with a large number of general stability improvements. And, yes, the system still runs on the Commodore 64/128, Apple II, Atari.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1UeZuHI

Follow

Get every new post delivered to your Inbox.