Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Researchers Report Spike In Boot Time Malware 132

wiredmikey writes "In their most recent intelligence report, Symantec researchers pointed out a massive increase in the amount of boot time malware striking users, noting there have already been as many new boot time malware threats detected in the first seven months of 2011 as there were in the previous three years. Also known as MBR (master boot record) threats, the malware infect an area of the hard disk that makes them one of the first things to be read and executed when a computer is turned on. This enables the threats to effectively dodge many security defenses."

Zombie Cookies Just Won't Die 189

GMGruman wrote in to say "Microsoft embarrassed itself last week when it got caught using 'zombie cookies' — a form of tracking cookies that users can't delete, as they come back to life after you've 'killed' them. Microsoft says it'll stop the 'aberrant' practice. But Woody Leonhard says you ain't seen nothing yet. It turns out HTML5 offers a technical mechanism to give zombie cookies a new lease on life — and the Web browsers' private-browsing features can't stop them."

How To Steal ATM PINs With a Thermal Camera 157

An anonymous reader writes "Researchers from UCSD have demonstrated how thermal imagery cameras can be used to steal customers' PINs (PDF) when you withdraw cash from ATMs. Their paper, entitled 'Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks', (PDF) discovered that plastic PIN pads were the best for retaining heat signatures showing which numbers (and in which order) were used by bank customers. Fortunately the methodology does not appear to have been used by criminals yet, but a third of people surveyed admit that they do not check ATMs for tampering before withdrawing cash."

GPGPU Bitcoin Mining Trojan 258

An anonymous reader writes "Security researchers have unearthed a piece of malware that mints a digital currency known as Bitcoins by harnessing the immense power of an infected machine's graphical processing units. According to new research from antivirus provider Symantec, Trojan.Badminer uses GPUs to generate virtual coins through a practice known as minting. That's the term for solving difficult cryptographic proof-of-work problems and being rewarded with 50 Bitcoins for each per correct block."

Aaron Barr Talks About DEFCON, Anonymous Attacks 77

Trailrunner7 writes "Finding Aaron Barr at this year's DEFCON hacker conference in Las Vegas was like a giant game of 'Where's Waldo.' Given the events of the past year, you can hardly blame him for keeping a low profile. First there was the attack on him and his then-employer, HBGary Federal, his decision to part ways with HBGary, his work to rehabilitate his image and turn his personal misfortunes into a 'teaching moment' for the industry, and then the legal wrangling in recent weeks that threw cold water on his plans to take part in a panel discussion about Anonymous at DEFCON. Barr was courted by numerous news outlets at the show, including the mainstream media. But he preferred, for the most part, to keep his own counsel. But he offered his thoughts to Threatpost on the experience of being at the conference, what the attack by Anonymous has done to him and whether it's possible for the group to turn its attentions to more constructive pursuits."

US and UK Zombies Demand Top Dollar 62

coondoggie writes "Denizens of the malware underworld who sell access to compromised computers do so at varying rates depending on where the machines are located, researchers told the Usenix Security Symposium this week. The researchers followed what they called the pay-per-install (PPI) industry, which obtains infected machines from which malware can be launched and sells access to these machines to parties looking for someplace to execute malicious code. Sometimes the PPI sellers hire middlemen to supply the compromised machines, and the PPI dealer retails them."

Building a Better 'Anonymous?' 119

An anonymous reader writes "A hacktivism panel at the DefCon hacker convention was conspicuously missing its star member Aaron Barr, who dropped out under legal pressure from his former company HBGary Federal, debated how Anonymous could channel its efforts for the greater good. Members of Anon attending the discussion chimed in, too."

Are Google's Best Days Behind It? 283

snydeq writes "InfoWorld's Neil McAllister questions whether slowing product development, legal woes, and rising bureaucracy will signal trying times ahead for Google. 'With Google's rapid growth have come new challenges. It faces intense competition in all of its major markets, even as it enters new ones. Its newer initiatives have often struggled to reach profitability. It must answer multiple ongoing legal challenges, to say nothing of antitrust probes in the United States and Europe. Privacy advocates accuse it of running roughshod over individual rights. As a result, it's becoming more cautious and risk-averse. But worst of all, as it grows ever larger and more cumbersome, it may be losing its appeal to the highly educated, impassioned workers that power its internal knowledge economy.'"

Governments, IOC and UN Hit By Massive Cyber Attack 122

fysdt writes "IT security firm McAfee claims to have uncovered one of the largest ever series of cyber attacks. It lists 72 different organisations that were targeted over five years, including the International Olympic Committee, the UN and security firms. McAfee will not say who it thinks is responsible, but there is speculation that China may be behind the attacks. Beijing has always denied any state involvement in cyber-attacks, calling such accusations 'groundless.'"

LulzSec Calls For PayPal Boycott, Spokesman Arrested 425

An anonymous reader writes "British police have arrested a 19-year-old man believed to be 'Topiary', the official spokesperson of the LulzSec hactivist group. The man was arrested at his home in the Shetland Islands earlier today (July 27), and is being transported to a central London police station." Also today, LulzSec has called for a boycott of PayPal saying “We encourage anyone using PayPal to immediately close their accounts and consider an alternative.”

Security Expert Slams Google+ Pseudonym Policy 373

An anonymous reader writes "A security expert has panned Google's "real name" policy on Google+, claiming that the hard line will damage privacy. Sophos's Chester Wisniewski says that closing accounts where users have adopted false names erodes privacy on the social network. 'What they seemed to have missed is that the very foundation of privacy is identity. Simply knowing my postal code or birth date is meaningless without a name to associate it with. By requiring people to only use their real names, unless they just happen to be a celebrity, they have eliminated the ability for people to be private in any meaningful way.'"

Why IT Won't Like Mac OS X Lion Server 341

snydeq writes "InfoWorld's John Rizzo sees Mac OS X Lion Server as a downgrade that may prompt a move to Windows Server. 'Mac OS X 10.7 Lion Server adds innovative features and a new low price tag, but cuts in services and the elimination of advanced GUI administration tools may force some enterprise departments to think twice about the role of Mac servers on their networks,' Rizzo writes. 'Looking more deeply inside Lion Server, it's impossible to avoid the conclusion that Lion Server is not built for those of us in IT. The $50 price tag — down from $500 — is the first clue that Lion Server trying to be a server for the consumer. But the ironic part for IT administrators is that Lion Server actually requires a greater degree of technical knowledge than its predecessors.'"

Could the KGB Infiltrate LulzSec? 162

Barence writes "Foreign powers could try to infiltrate hacktivist networks in order to manipulate their actions, according to a security expert who advises governments and businesses on internet issues. Likening the emergence of the hacktivist movement to the arrival of militant groups such as the Red Brigade during the 1970s, government advisor and chair of the International E-crime Congress, Simon Moores, said that hacker groups could eventually be swayed by outside influences. 'If you have a LulzSec or an Anonymous that is perhaps being manipulated by a foreign actor, it takes us back to the days of the Stasi and the KGB, which were manipulating [anti-nuclear campaign group] CND quite easily from Moscow,' he said."

Google Warns Users About Active Malware Infection 80

dinscott writes "Google has begun notifying its users that a particular piece of malware is installed on their computers by showing a big yellow notification above their search results. The warning begun popping up yesterday, and does so only for users whose computers have been infected by a particular strain of malware that hijacks search results in order to drive users towards websites that use pay-per-click schemes."

Remember: use logout to logout.