Forgot your password?

typodupeerror

Check out SlashCloud for the latest in cloud computing.

Android

Java Spec Compatibility Weakened Android's TLS Encryption 26

Posted by Unknown Lamer
from the all-the-better-to-hear-you dept.
sfcrazy writes "It has been discovered that Google downgraded the SSL encryption of Android after version 2.3.4 and defaulted to RC4 and MD5 ciphers. It may appear that NSA is at play here as both are broken and can be easily compromised. But after digging the code Georg Lukas concluded that the blame goes to Oracle. 'The cipher order on the vast majority of Android devices was defined by Sun in 2002 and taken over into the Android project in 2010 as an attempt to improve compatibility.'" The Java spec from 2002 specified RC4 and MD5 as the first two ciphers for TLS; Android, however, used DHE-RSA-AES256-SHA by default. The default cipher list for Java 7 was updated, but Android is stuck using JDK 6 and a default cipher list over a decade old.
United States

Lessons From the Healthcare.gov Fiasco 373

Posted by samzenpus
from the better-luck-next-time dept.
Nerval's Lobster writes "In theory, the federal government's Health Insurance Marketplace was supposed to make things easy for anyone in the market for health insurance. But fourteen days after the Website made its debut, the online initiative—an integral part of the Obama administration's Affordable Care Act—has metastasized into a disaster. Despite costing $400 million (so far) and employing an army of experienced IT contractors (such as Booz Allen Hamilton and CGI Group), the Website is prone to glitches and frequent crashes, frustrating many of those seeking to sign up for a health-insurance policy. Unless you're the head of a major federal agency or a huge company launching an online initiative targeted at millions of users, it's unlikely you'll be the one responsible for a project (and problems) on the scale of the Health Insurance Marketplace. Nonetheless, the debacle offers some handy lessons in project management for Websites and portals of any size: know your IT specifications (federal contractors reportedly didn't receive theirs until a few months ago), choose management capable of recognizing the problems that arise (management of Healthcare.gov was entrusted to the Medicare and Medicaid agency, which didn't have the technical chops), roll out small if possible, and test, test, test. The Health Insurance Marketplace fiasco speaks to an unfortunate truth about Web development: even when an entity (whether public or private, corporation or federal government) has keen minds and millions of dollars at its disposal, forgetting or mishandling the basics of successful Web construction can lead to embarrassing problems."
Security

D-Link Router Backdoor Vulnerability Allows Full Access To Settings 212

Posted by samzenpus
from the protect-ya-neck dept.
StealthHunter writes "It turned out that just by setting a browsers user-agent to 'xmlset_roodkcableoj28840ybtide' anyone can remotely bypass all authentication on D-Link routers. It seems that thttpd was modified by Alphanetworks who inserted the backdoor. Unfortunately, vulnerable routers can be easily identified by services like shodanHQ. At least these models may have vulnerable firmware: DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240."
Bug

Obamacare Website Fixes Could Take Two Weeks Or Two Months 335

Posted by samzenpus
from the one-of-these-days dept.
An anonymous reader writes "It looks like nobody is quite sure how long it will take to fix the health insurance marketplace website. '"One person familiar with the system's development said that the project was now roughly 70 percent of the way toward operating properly, but that predictions varied on when the remaining 30 percent would be done," the Times reported yesterday. "'I've heard as little as two weeks or as much as a couple of months,' that person said. Others warned that the fixes themselves were creating new problems, and said that the full extent of the problems might not be known because so many consumers had been stymied at the first step in the application process."'"
Bug

Xerox "Routine Backup Test" Leave 17 States Without Food Stamps 288

Posted by samzenpus
from the time-to-revert dept.
An anonymous reader writes "inflatable water slide rentals san diego inflatable rentals san diego jumpers in san diego
People in Ohio, Michigan and 15 other states found themselves temporarily unable to use their food stamp debit-style cards on Saturday, after a routine test of backup systems by vendor Xerox Corp. resulted in a system failure. Xerox announced late in the evening that access has been restored for users in the 17 states affected by the outage, hours after the first problems were reported. 'Restarting the EBT system required time to ensure service was back at full functionality,' spokeswoman Jennifer Wasmer said in an email. An emergency voucher process was available in some of the areas while the problems were occurring, she said. U.S. Department of Agriculture spokeswoman Courtney Rowe underscored that the outage was not related to the government shutdown."
Security

Ask Slashdot: Mitigating DoS Attacks On Home Network? how to get thousands of subscribers on youtube increase youtube views real youtube views
306

Posted by timothy
from the send-them-to-your-dial-up-line-instead dept.
First time accepted submitter Gavrielkay writes "We seem to have attracted the attention of some less than savory types in online gaming and now find our home network relentlessly DoSed. We bought a new router that doesn't fall over quite so easily, but it still overwhelms our poor little DSL connection and prevents us web browsing and watching Netflix occasionally. What's worse is that it seems to find us even if we change the MAC address and IP address of the router. Often the router logs IPs from Russia or Korea in these attacks (no packet logging, just a blanket 'DoS attack from...' in the log. But more often lately I've noticed the IPs trace back to Microsoft or Amazon domains. Are they spoofing those IPs? Did they sign us up for something weird there? And how do they find us with a new MAC address and IP within minutes? We're looking for a way to hide from these idiots that doesn't involve going to the Feds, although that is what our ISP suggested. Piles of money for a commercial grade router is out of the question. We are running antivirus and anti-malware programs and haven't seen any evidence of hacked computers so far."
Spam

NY Comic Con Takes Over Attendees' Twitter Accounts To Praise Itself 149

Posted by timothy
from the you're-loving-it dept.
Okian Warrior writes "Attendees to this year's New York Comic Con convention were allowed to pre-register their RFID-enabled badges online and connect their social media profiles to their badges — something, the NYCC registration site explained, that would make the 'NYCC experience 100x cooler! For realz.' Most attendees didn't expect "100x cooler" to translate into 'we'll post spam in your feed as soon as the RFID badge senses that you've entered the show,' but that seems to be what happened."
Bug

Irony: iPhone 5S Users Reporting Blue Screen of Death 191

Posted by timothy
from the ok-this-feels-intuitive dept.
MojoKid writes "research papers examples custom essay writing services assignment writing
It's been a long time since many have seen a dreaded 'blue screen of death' (BSoD), but it's back and in the most unlikeliest of places. Oddly enough, some Apple iPhone 5S owners are reporting BSoD errors, though they're a little different from the ones you may remember seeing on Windows desktops. Rather than spit out an obscure error code with a generic description, some iPhone 5S devices are suddenly turning blue before automatically restarting. The Numbers app in Apple's iWork suite, a free program with new iPhones, seems to be the primary cause, though BSoD behavior has also been observed in other applications, according to complaints in Apple's support forum."
Graphics

Open-Source Intel Mesa Driver Now Supports OpenGL 3.2 34

Posted by Soulskill
from the please-comply dept.
An anonymous reader writes "Mesa and its open-source Intel graphics driver now are in compliance with the OpenGL 3.2 specification (PDF). It took four years for Mesa to get up to GL 3.2 / GLSL 1.50 compliance, and support for the other Mesa drivers isn't too far behind, but they're still years behind in supporting OpenGL 4. Supporting a major new OpenGL API has resulted in Mesa 10.0 being called the next release. It has many other features, like performance improvements and new Gallium3D features. OpenGL 3.3 support might also be completed prior to the Mesa 10.0 release in November."
DRM

Would You Secure Personal Data With DRM Tools? 99

Posted by Soulskill
from the enemy-of-my-enemy-is-my-friend dept.
museumpeace writes "From its own EmTech conference, Technology Review reports on a privacy strategy from Microsoft's Craig Mundie: When sharing music online took off in the 1990s, many companies turned to digital rights management (DRM) software as a way to restrict what could be done with MP3s and other music files — only to give up after the approach proved ineffective and widely unpopular. Today Craig Mundie, senior advisor to the CEO at Microsoft, resurrected the idea, proposing that a form of DRM could be used to prevent personal data from being misused." Mundie also thinks it should be a felony to misuse that data. He thinks larger penalties would help deter shady organizations from harvesting data the user isn't even aware of. "More and more, the data that you should be worried about, you don’t even know about."
Security

Want To Hijack a Domain? Just Get a Fax Machine 161

Posted by Soulskill
from the why-are-fax-machines-still-a-thing dept.
msm1267 writes "Metasploit's HD Moore says hackers sent a spoofed DNS change request via fax to Register.com that the registrar accepted, leading to a DNS hijacking attack against the Metasploit and Rapid7 websites. The two respective homepages were defaced with a message left by the same hacker collective that claimed responsibility for a similar DNS attack against Network Solutions. Rapid7 said the two sites' DNS records have been locked down and they are investigating."
Security

Stealing Silicon Valley 139

Posted by Soulskill
from the getaway-car-and-a-pocket-full-of-flash-drives dept.
pacopico writes "A series of robberies in Silicon Valley have start-ups feeling nervous. According to this report in Businessweek, a couple of networking companies were burgled recently with attempts made to steal their source code. The fear is that virtual attacks have now turned physical and that espionage in the area is on the rise. As a result, companies are now doing more physical penetration testing, including one case in which a guy was mailed in a FedEx box in a bid to try and break into a start-up."
Cloud

Will Cloud Services One Day Be Traded Just Like Stocks and Bonds? 168

Posted by timothy
from the too-compute-intensive-to-fail dept.
Brandon Butler writes "Today, cloud computing resources are bought and sold in a fairly straightforward process: A company needs extra compute capacity, for example, so they contract with a provider who spins up virtual machines for a certain amount of time. But what will that process look like in, say, 2020? If efforts by a handful of companies come to fruition, there could be a lot more wheeling and dealing that goes on behind the scenes. An idea is being floated to package cloud computing resources into blocks that can be bought and sold on a commodity futures trading market. It would be similar to how financial instruments like stocks, bonds and agricultural products like corn and wheat are traded on exchanges by investors. Blocks of cloud computing resources — for example a month's worth of virtual machines, or a year's worth of cloud storage — would be packaged by service providers and sold on a market. In the exchange, investors and traders could buy up these blocks and resell them to end users, or other investors, potentially turning a profit if the value of the resource increases."
Google

Google Offers Cash For Security Fixes To Linux and Other FOSS Projects 94

Posted by timothy
from the enlightened-self-interest dept.
jrepin writes "Google is offering rewards as high as $3,133.70 for software updates that improve the security of OpenSSL, OpenSSH, BIND, and several other open-source packages that are critical to the stability of the Internet. The program announced Wednesday expands on Google's current bug-bounty program, which pays from $500 to $3,133.70 to people who privately report bugs found in the company's software and Web properties." Google isn't the only company that sees the value in rewarding those who find security problems: Microsoft just paid British hacker James Forshaw $100,000 for finding a serious security flaw in Windows 8.1.
United States

Cost of Healthcare.gov: $634 Million — So Far 489

Posted by timothy
from the oh-c'mon-what's-a-sevenfold-increase-among-friends? dept.
First time accepted submitter Saethan writes "Healthcare.gov, the site to be used by people in 36 states to get insurance as part of the Affordable Care Act, has apparently cost the U.S. Government $634 million. Not only is this more than Facebook spent during its first 6 years in operation, it is also over $500 million above what the original estimate was: $93.7 million. Why, in a country with some of the best web development companies in the world, has this website, which is poor quality at best, cost so much?" That $634 million figure comes from this U.S. government budget-tracking system. Given that this system is national rather than for a single city, maybe everyone should just be grateful the contract didn't go to TechnoDyne.

Lead me not into temptation... I can find it myself.

Working...