Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security

Grinch Vulnerability Could Put a Hole In Your Linux Stocking 82

Posted by timothy
from the pretty-generic-description-there dept.
itwbennett writes In a blog post Tuesday, security service provider Alert Logic warned of a Linux vulnerability, named grinch after the well-known Dr. Seuss character, that could provide attackers with unfettered root access. The fundamental flaw resides in the Linux authorization system, which can inadvertently allow privilege escalation, granting a user full administrative access. Alert Logic warned that Grinch could be as severe as the Shellshock flaw that roiled the Internet in September. Update: 12/19 04:47 GMT by S : Reader deathcamaro points out that Red Hat and others say this is not a flaw at all, but expected behavior.
Security

Hackers Compromise ICANN, Access Zone File Data System 99

Posted by timothy
from the that-should-be-a-boss-level dept.
Trailrunner7 writes with this news from ThreatPost: Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names. The attack apparently took place in November and ICANN officials discovered it earlier this month. The intrusion started with a spear phishing campaign that targeted ICANN staffers and the email credentials of several staff members were compromised. The attackers then were able to gain access to the Centralized Zone Data System, the system that allows people to manage zone files. The zone files contain quite bit of valuable information, including domain names, the name server names associated with those domains and the IP addresses for the name servers. ICANN officials said they are notifying any users whose zone data might have been compromised." (Here's ICANN's public note on the compromise.)
Google

Google Proposes To Warn People About Non-SSL Web Sites 346

Posted by samzenpus
from the protect-ya-neck dept.
mrspoonsi writes The proposal was made by the Google developers working on the search firm's Chrome browser. The proposal to mark HTTP connections as non-secure was made in a message posted to the Chrome development website by Google engineers working on the firm's browser. If implemented, the developers wrote, the change would mean that a warning would pop-up when people visited a site that used only HTTP to notify them that such a connection "provides no data security". Currently only about 33% of websites use HTTPS, according to statistics gathered by the Trustworthy Internet Movement which monitors the way sites use more secure browsing technologies. In addition, since September Google has prioritised HTTPS sites in its search rankings.
Books

Book Review: Build Your Own Website: A Comic Guide to HTML, CSS, and WordPress 29

Posted by samzenpus
from the read-all-about-it dept.
MassDosage writes "At the the risk of exposing my age I remember building my first website using a rudimentary Unix text editor (Joe) and carefully handcrafting the Hypertext Markup Language (HTML) while directly logged on to the web server it was being served from. Back then Cascading Style Sheets (CSS) weren't even a glint in the eyes of their creators. A lot has changed and there's now a world of fancy WYSIWYG web page editors to choose from as well as Content Management Systems that allow you to create websites without looking at the underlying code at all. While this is all very useful and allows less technical people to create websites I still feel that having at least some knowledge of how everything works under the hood is empowering — especially in situations where you want to go beyond the limits placed on you by a certain tool. This is where Build Your Own Website: A comic guide to HTML, CSS and Wordpress comes into the picture. Its aim is to enable people new to web development to learn the subject by teaching the fundamentals of HTML and CSS first and only then describing how to use a Content Management System (CMS) — in this case Wordpress. While Wordpress might not be everyone's kettle of fish it's a good choice as an example of a modern CMS that is easily accessible and very popular. The concepts presented are simple enough that it should be easy enough for a reader to apply them to a different CMS should they want to. Read below for The rest of MassDosage's review.
Piracy

Sony Leaks Reveal Hollywood Is Trying To Break DNS 370

Posted by Soulskill
from the scorched-net-policy dept.
schwit1 sends this report from The Verge: Most anti-piracy tools take one of two paths: they either target the server that's sharing the files (pulling videos off YouTube or taking down sites like The Pirate Bay) or they make it harder to find (delisting offshore sites that share infringing content). But leaked documents reveal a frightening line of attack that's currently being considered by the MPAA: What if you simply erased any record that the site was there in the first place? To do that, the MPAA's lawyers would target the Domain Name System that directs traffic across the internet.

The tactic was first proposed as part of the Stop Online Piracy Act (SOPA) in 2011, but three years after the law failed in Congress, the MPAA has been looking for legal justification for the practice in existing law and working with ISPs like Comcast to examine how a system might work technically. If a takedown notice could blacklist a site from every available DNS provider, the URL would be effectively erased from the internet. No one's ever tried to issue a takedown notice like that, but this latest memo suggests the MPAA is looking into it as a potentially powerful new tool in the fight against piracy.
The Internet

A Domain Registrar Is Starting a Fiber ISP To Compete With Comcast 65

Posted by Soulskill
from the rise-of-the-micronetworks dept.
Jason Koebler writes: Tucows Inc., an internet company that's been around since the early 90s — it's generally known for being in the shareware business and for registering and selling premium domain names — announced that it's becoming an internet service provider. Tucows will offer fiber internet to customers in Charlottesville, Virginia — which is served by Comcast and CenturyLink — in early 2015 and eventually wants to expand to other markets all over the country. "Everyone who has built a well-run gigabit network has had demand exceeding their expectations," Elliot Noss, Tucows' CEO said. "We think there's space in the market for businesses like us and smaller."
Media

Webcast Funerals Growing More Popular 69

Posted by Soulskill
from the morbid-new-of-the-day dept.
HughPickens.com writes: Lex Berko reports in The Atlantic that although webcasting has been around since the mid-1990s, livestreamed funerals have only begun to go mainstream in the last few years. The National Funeral Directors Association has only this year introduced a new funeral webcasting license that permits funeral homes to legally webcast funerals that include copyrighted music. The webcast service's growing appeal is, by all accounts, a result of the increasing mobility of modern society. Remote participation is often the only option for those who live far away or have other barriers — financial, temporal, health-related — barring them from attending a funeral. "It's not designed to replace folks attending funerals," says Walker Posey. "A lot of folks just don't live where their family grew up and it's difficult to get back and forth."

But some funeral directors question if online funerals are helpful to the grieving process and eschew streaming funerals live because they do not want to replace a communal human experience with a solitary digital one. What happens if there's a technical problem with the webcast — will we grieve even more knowing we missed the service in person and online? Does webcasting bode well for the future of death acceptance, or does it only promote of our further alienation from that inevitable moment? "The physical dead body is proof of death, tangible evidence that the person we love is gone, and that we will someday be gone as well," says Caitlin Doughty, a death theorist and mortician. "To have death and mourning transferred online takes away that tangible proof. What is there to show us that death is real?"
Privacy

Snowden Leaks Prompt Internet Users Worldwide To Protect Their Data 53

Posted by Soulskill
from the for-differing-values-of-"protect" dept.
Lucas123 writes: A new international survey of internet users from 24 countries has found that more than 39% of them have taken steps to protect their data since Edward Snowden leaked the NSA's spying practices. The survey, conducted by the Center for International Governance Innovation, found that 43% of Internet users now avoid certain websites and applications and 39% change their passwords regularly. Security expert Bruce Schneier chastised the media for trying to downplay the numbers by saying "only" 39%" have taken action and "only 60%" have heard of Snowden. The news articles, "are completely misunderstanding the data," Schneier said, pointing out that by combining data on Internet penetration with data from the international survey, it works out to 706 million people who are now taking steps to protect their online data. Additionally, two-thirds (64%) of users indicated they are more concerned today about online privacy than they were a year ago. Another notable finding: 83% of users believe that affordable access to the Internet should be a basic human right.
Piracy

The Pirate Bay Responds To Raid 301

Posted by samzenpus
from the here-it-is dept.
An anonymous reader writes The Pirate Bay's crew have remained awfully quiet on the recent raid in public, but today Mr 10100100000 breaks the silence in order to get a message out to the world. In a nutshell, he says that they couldn't care less, are going to remain on hiatus, and a comeback is possible. In recent days mirrors of The Pirate Bay appeared online and many of these have now started to add new content as well. According to TPB this is a positive development, but people should be wary of scams. Mr 10100100000 says that they would open source the engine of the site, if the code "wouldn't be so s****y". In any case, they recommend people keeping the Kopimi spirit alive, as TPB is much more than some hardware stored in a dusty datacenter.
Canada

Govt Docs Reveal Canadian Telcos Promise Surveillance Ready Networks 74

Posted by samzenpus
from the we'll-do-it-for-you dept.
An anonymous reader writes "Michael Geist reports that Canadian telecom and Internet providers have tried to convince the government that they will voluntarily build surveillance capabilities into their networks. Hoping to avoid legislative requirements, the providers argue that "the telecommunications market will soon shift to a point where interception capability will simply become a standard component of available equipment, and that technical changes in the way communications actually travel on communications networks will make it even easier to intercept communications."
Censorship

9th Circuit Will Revisit "Innocence of Muslims" Takedown Order 158

Posted by timothy
from the aeshetics-and-obligations dept.
The Associated Press, as carried by ABC News, reports that "An 11-judge panel of the 9th U.S. Circuit Court of Appeals in Pasadena will hear arguments Monday by Google, which owns YouTube, disputing the court's decision to remove Innocence of Muslims from the popular video sharing service." At the heart of the earlier take-down order, which was the result of a 2-1 split from a 3-judge panel, is the assertion of copyright by actress Cindy Lee Garcia, who appeared in the film, but in a role considerably different from the one she thought she was playing. Google is supported in its appeal by an unusual alliance that includes filmmakers, Internet rivals such as Yahoo and prominent news media companies such as The New York Times that don't want the court to infringe on First Amendment rights. Garcia has support from the Screen Actors Guild and the American Federation of Musicians. If the court upholds the smaller panel's ruling, YouTube and other Internet companies could face takedown notices from others in minor video roles.
Privacy

How Identifiable Are You On the Web? 157

Posted by timothy
from the your-unique-aroma dept.
An anonymous reader writes How identifiable are you on the web? This updated browser fingerprinting tool implements the current state of the art in browser fingerprinting techniques(including canvas fingerprinting) to show you how unique your browser is on the web. Good food for thought when three-letter agencies talk about "mere metadata."
Google

Spanish Media Group Wants Gov't Help To Keep Google News In Spain 191

Posted by timothy
from the what's-english-for-bully? dept.
English-language site The Spain Report reports that Google's response to mandated payments for linking to and excerpting from Spanish news media sources — namely, shutting down Google News in Spain — doesn't sit well with Spanish Newspaper Publishers' Association, which issued a statement [Thursday] night saying that Google News was "not just the closure of another service given its dominant market position," recognising that Google's decision "will undoubtedly have a negative impact on citizens and Spanish businesses. Given the dominant position of Google (which in Spain controls almost all of the searches in the market and is an authentic gateway to the Internet), AEDE requires the intervention of Spanish and community authorities, and competition authorities, to effectively protect the rights of citizens and companies." Irene Lanzaco, a spokeswoman for AEDE, told The Spain Report by telephone that "we're not asking Google to take a step backwards, we've always been open to negotiations with Google" but, she said: "Google has not taken a neutral stance. Of course they are free to close their business, but one thing is the closure of Google News and quite another the positioning in the general index." Asked if the newspaper publishers' association had received any complaints from its members since Wednesday's announcement by Google, Mrs. Lanzaco refused to specify, but said: "Spanish publishers talk to AEDE constantly."
Google

Job Postings Offer Clues to Future of Google Fiber 38

Posted by timothy
from the it's-getting-oh-so-close dept.
New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch the very foundations of the internet with AT&T indefinitely halting future GigaPower FTTH rollouts due to uncertainty over the future of net neutrality and the Obama administration proposing to regulate the internet under Title 2, highly suggestive jobs were recently added to Google Careers.

These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.

One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?

At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?
Google

Hollywood's Secret War With Google 175

Posted by Soulskill
from the a-war-they'll-fight-aggressively-to-lose dept.
cpt kangarooski writes: Information has come to light (thanks to the recent Sony hack) that the MPAA and six major studios are pondering the legal actions available to them to compel an entity referred to as 'Goliath,' most likely Google, into taking aggressive anti-piracy action on behalf of the entertainment industry. The MPAA and member studios Universal, Sony, Fox, Paramount, Warner Bros., and Disney have had lengthy email discussions concerning how to block pirate sites at the ISP level, and how to take action at the state level to work around the failure of SOPA in 2012. Emails also indicate that they are working with Comcast (which owns Universal) on some form of traffic inspection to find copyright infringements as they happen.
Networking

BGP Hijacking Continues, Despite the Ability To Prevent It 57

Posted by Soulskill
from the won't-fix dept.
An anonymous reader writes: BGPMon reports on a recent route hijacking event by Syria. These events continue, despite the ability to detect and prevent improper route origination: Resource Public Key Infrastructure. RPKI is technology that allows an operator to validate the proper relationship between an IP prefix and an Autonomous System. That is, assuming you can collect the certificates. ARIN requires operators accept something called the Relying Party Agreement. But the provider community seems unhappy with the agreement, and is choosing not to implement it, just to avoid the RPA, leaving the the Internet as a whole less secure.
Crime

Tracking the Mole Inside Silk Road 2.0 81

Posted by Soulskill
from the doomed-from-day-one dept.
derekmead writes: The arrest of the Silk Road 2.0 leader and subsequent seizure of the site was partially due to the presence of an undercover U.S. Department of Homeland Security agent, who "successfully infiltrated the support staff involved in running the Silk Road 2.0 website," according to the FBI.

Referencing multiple interviews, publicly available information, and parts of the moderator forum shared with me, it appears likely that the suspicions of many involved in Silk Road 2.0 are true: the undercover agent that infiltrated the site was a relatively quiet staff member known as Cirrus.
Google

Google Closing Engineering Office In Russia 157

Posted by Soulskill
from the if-you-can't-stand-the-bears-get-out-of-the-kitchen dept.
An anonymous reader writes: The Wall Street Journal reports (paywalled) that Google is closing its engineering office in Russia. This follows ever-increasing crackdowns from the Russian government over internet freedoms, and intrusive data-handling requirements on internet companies. "[A] new law that takes effect next year requires information on Russian citizens to be stored in data centers in Russia. The law will also penalize Web firms for infringing on personal data rules in the country. Another law passed earlier this year requires bloggers with 3,000 or more daily readers to register with the government and provide their home address. The ruling prevents these bloggers from using foul language and forbids them from spreading false information."
China

New Compilation of Banned Chinese Search-Terms Reveals Curiosities 43

Posted by samzenpus
from the bad-words dept.
An anonymous reader writes Canada's Citizen Lab has compiled data from various research projects around the world in an attempt to create a manageable Github repository of government-banned Chinese keywords in internet search terms and which may appear in Chinese websites. Until now the study of such terms has proved problematic due to disparate research methods and publishing formats. A publicly available online spreadsheet which CCL have provided to demonstrate the project gives an interesting insight into the reactive and eccentric nature of the Great Blacklist of China, as far as outside research can deduce. Aside from the inevitable column listings of dissidents and references to government officials and the events in Tiananmen Square in 1989, search terms as basic as "system" and "human body" appear to be blocked.
Government

Army Building an Airport Just For Drones 48

Posted by timothy
from the first-part-of-the-plan dept.
schwit1 writes The Army's ever-growing use of unmanned aerial systems has gotten to the point where two of the most commonly used UAS are getting their own airport. The service's Corps of Engineers at Fort Worth, Texas, has awarded a $33 million contract to SGS to build a 150-acre unmanned aircraft launch and recovery complex at Fort Bliss for Grey Eagle and Shadow UAS. In related news, the FAA has just cleared 4 companies (Trimble Navigation Limited, VDOS Global, Clayco Inc. and Woolpert Inc.) to use drones commercially, for purposes such as site inspection and aerial surveys. (A lot of drones are already in use, of course, but the FAA doesn't like it.)

Economists state their GNP growth projections to the nearest tenth of a percentage point to prove they have a sense of humor. -- Edgar R. Fiedler

Working...