Forgot your password?
typodupeerror

Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

Crime

World Health Organization Calls For Decriminalization of Drug Use 464

Posted by Soulskill
from the WHO-already-dismissed-by-old-people-as-being-a-bunch-of-potheads dept.
An anonymous reader writes: We've known for a while: the War on Drugs isn't working. Scientists, journalists, economists, and politicians have all argued against continuing the expensive and ineffective fight. Now, the World Health Organization has said flat out that nations should work to decriminalize the use of drugs. The recommendations came as part of a report released this month focusing on the prevention and treatment of HIV. "The WHO's unambiguous recommendation is clearly grounded in concerns for public health and human rights. Whilst the call is made in the context of the policy response to HIV specifically, it clearly has broader ramifications, specifically including drug use other than injecting. In the report, the WHO says: 'Countries should work toward developing policies and laws that decriminalize injection and other use of drugs and, thereby, reduce incarceration. ...Countries should ban compulsory treatment for people who use and/or inject drugs." The bottom line is that the criminalization of drug use comes with substantial costs, while providing no substantial benefit.
Education

Geographic Segregation By Education 230

Posted by Soulskill
from the philosophy-majors-in-philly,-music-majors-in-singapore dept.
The wage gap between college-educated workers and those with just a high school diploma has been growing — and accelerating. But the education gap is also doing something unexpected: clustering workers with more education in cities with similar people. "This effectively means that college graduates in America aren't simply gaining access to higher wages. They're gaining access to high-cost cities like New York or San Francisco that offer so much more than good jobs: more restaurants, better schools, less crime, even cleaner air." Most people are aware of the gentrification strife occurring in San Francisco, but it's one among many cities experiencing this. "[Research] also found that as cities increased their share of college graduates between 1980 and 2000, they also increased their bars, restaurants, dry cleaners, museums and art galleries per capita. And they experienced larger decreases in pollution and property crime, suggesting that cities that attract college grads benefit from both the kind of amenities that consumers pay for and those that are more intangible." The research shows a clear trend of the desirable cities becoming even more desirable, to the point where it's almost a necessity for city planners to lure college graduates or face decline.
Crime

Source Code Leaked For Tinba Banking Trojan 75

Posted by timothy
from the small-can-be-potent dept.
msm1267 (2804139) writes "The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the crimeware kit. Tinba performs many of the same malicious functions as other banker Trojans, injecting itself into running processes on an infected machine, including the browser and explorer.exe. The malware is designed to steal financial information, including banking credentials and credit-card data and also makes each infected computer part of a botnet. Compromised machines communicate with command-and-control servers over encrypted channels. Tinba got its name from an abbreviation of "tiny banker," and researchers say that it's only about 20 KB in size."
China

Chinese Hackers Infiltrate Firms Using Malware-Laden Handheld Scanners 93

Posted by timothy
from the location-location-location dept.
wiredmikey (1824622) writes China-based threat actors are using sophisticated malware installed on handheld scanners to target shipping and logistics organizations from all over the world. According to security firm TrapX, the attack begins at a Chinese company that provides hardware and software for handheld scanners used by shipping and logistics firms worldwide to inventory the items they're handling. The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices.

Experts determined that the threat group targets servers storing corporate financial data, customer data and other sensitive information. A second payload downloaded by the malware then establishes a sophisticated C&C on the company's finance servers, enabling the attackers to exfiltrate the information they're after. The malware used by the Zombie Zero attackers is highly sophisticated and polymorphic, the researchers said. In one attack they observed, 16 of the 48 scanners used by the victim were infected, and the malware managed to penetrate the targeted organization's defenses and gain access to servers on the corporate network. Interestingly, the C&C is located at the Lanxiang Vocational School, an educational institution said to be involved in the Operation Aurora attacks against Google, and which is physically located only one block away from the scanner manufacturer, TrapX said.
Botnet

Gameover ZeuS Re-Emerges As Fast-Fluxing Botnet 62

Posted by Soulskill
from the game-not-quite-over-after-all dept.
New submitter tylke (621801) writes: "Brian Krebs is reporting that the Gameover ZeuS botnet recently taken down by the U.S. Justice Department in June has re-emerged. The new variant of the Trojan is "stripped of the P2P code, and relies instead on an approach known as fast-flux hosting," a kind of round-robin technique that lets botnets hide phishing and malware delivery sites behind a network of compromised systems. Krebs says, "[T]his variant also includes a 'domain name generation algorithm' or DGA, which is a failsafe mechanism that can be invoked if the botnet’s normal communications system fails. The DGA creates a constantly-changing list of domain names each week (gibberish domains that are essentially long jumbles of letters). In the event that systems infected with the malware can’t reach the fast-flux servers for new updates, the code instructs the botted systems to seek out active domains from the list specified in the DGA. All the botmasters need to do in this case to regain control over his crime machine is register just one of those domains and place the update instructions there." (Disclosure: I work for Malcovery Security, the company credited with identifying the new variant.)
Crime

Police Recording Confirms NYPD Flew At a Drone and Never Feared Crashing 310

Posted by timothy
from the where-is-your-flightplan? dept.
Jason Koebler (3528235) writes An air traffic control recording confirms that a New York Police Department helicopter flew at a drone hovering near the George Washington Bridge earlier this week—not the other way around. What's more, police had no idea what to charge the drone pilots with, and never appeared to fear a crash with the drone.
Two men were arrested Monday on felony reckless endangerment charges after the NYPD said the two flew their drone "very close" to a law enforcement chopper, causing the police helicopter to take evasive maneuvers. Air traffic control recordings suggest that only happened after the chopper pilot decided to chase the drone.
Crime

Maldives Denies Russian Claims That Secret Service Kidnapped a Politician's Son 100

Posted by timothy
from the 30-year-old-napping-is-totally-different dept.
Rei (128717) writes As was previously reported here, the Russian government has accused the U.S. Secret Service of kidnapping the son of ultranationalist LDPR MP Valery Seleznev in the Maldives. The son, Roman Seleznev, stands accused of running one of the world's largest carding operations, with others charged in the affair having already been convicted; however, Roman had until recently been considered out of reach in Russia. Now the Maldives has struck back against these claims, insisting that they arrested him on an Interpol Red Notice and transferred him to the US, as they are legally required as an Interpol member state to do. "No outsider came here to conduct an operation," president Abdulla Yameen stated. "No officials from another country can come here to arrest anyone. The government has the necessary documentation to prove it." Note: the Slashdot post linked didn't include the accusations of kidnapping, but the Krebs On Security link above mentions these claims.
Privacy

Meet the Muslim-American Leaders the FBI and NSA Have Been Spying On 223

Posted by Unknown Lamer
from the electric-eye dept.
Advocatus Diaboli (1627651) writes The National Security Agency and FBI have covertly monitored the emails of prominent Muslim-Americans — including a political candidate and several civil rights activists, academics, and lawyers — under secretive procedures intended to target terrorists and foreign spies. From the article: "The individuals appear on an NSA spreadsheet in the Snowden archives called 'FISA recap.' Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to believe that American targets are not only agents of an international terrorist organization or other foreign power, but also 'are or may be' engaged in or abetting espionage, sabotage, or terrorism. The authorizations must be renewed by the court, usually every 90 days for U.S. citizens. ... The five Americans whose email accounts were monitored by the NSA and FBI have all led highly public, outwardly exemplary lives. All five vehemently deny any involvement in terrorism or espionage, and none advocates violent jihad or is known to have been implicated in any crime, despite years of intense scrutiny by the government and the press. Some have even climbed the ranks of the U.S. national security and foreign policy establishments."
Microsoft

Tired of Playing Cyber Cop, Microsoft Looks For Partners In Crime Fighting 113

Posted by Soulskill
from the every-batman-needs-a-robin dept.
chicksdaddy writes: When it comes to fighting cybercrime, few companies can claim to have done as much as Redmond, Washington-based Microsoft, which spent the last five years as the Internet's Dirty Harry: using its size, legal muscle and wealth to single-handedly take down cyber criminal networks from Citadel, to Zeus to the recent seizure of servers belonging to the (shady) managed DNS provider NO-IP. The company's aggressive posture towards cyber crime outfits and the companies that enable them has earned it praise, but also criticism. That was the case last week after legitimate customers of NO-IP alleged that Microsoft's unilateral action had disrupted their business. There's evidence that those criticisms are hitting home – and that Microsoft may be growing weary of its role as judge, jury and executioner of online scams. Microsoft Senior Program Manager Holly Stewart gave a sober assessment of the software industry's fight against cyber criminal groups and other malicious actors. Speaking to a gathering of cyber security experts and investigators at the 26th annual FIRST Conference in Boston, she said that the company has doubts about the long term effectiveness of its botnet and malware takedowns.
Crime

US Arrests Son of Russian MP In Maldives For Hacking 176

Posted by timothy
from the by-coincidence dept.
First time accepted submitter ugen (93902) writes "The son of a Russian lawmaker has been arrested by the U.S. on charges of selling credit card information he stole by hacking into the computers of American retailers. Roman Seleznev, 30, was arrested overseas by the U.S. Secret Service on July 5 and was ordered detained today during a hearing in federal court in Guam, the Justice Department said in a statement."
Encryption

Use of Encryption Foiled the Cops a Record 9 Times In 2013 115

Posted by timothy
from the achievement-unlocked dept.
realized (2472730) writes "In nine cases in 2013, state police were unable to break the encryption used by criminal suspects they were investigating, according to an annual report on law enforcement eavesdropping released by the U.S. court system on Wednesday. That's more than twice as many cases as in 2012, when police said that they'd been stymied by crypto in four cases—and that was the first year they'd ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero."
Communications

Austrian Tor Exit Node Operator Found Guilty As an Accomplice 255

Posted by timothy
from the blame-thompson-for-babyface-nelson dept.
An anonymous reader writes with this excerpt from TechDirt: Three years ago we wrote about how Austrian police had seized computers from someone running a Tor exit node. This kind of thing happens from time to time, but it appears that folks in Austria have taken it up a notch by... effectively now making it illegal to run a Tor exit node. According to the report, which was confirmed by the accused, the court found that running the node violated 12 of the Austrian penal code, which effectively says:"Not only the immediate perpetrator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action." In other words, it's a form of accomplice liability for criminality. It's pretty standard to name criminal accomplices liable for "aiding and abetting" the activities of others, but it's a massive and incredibly dangerous stretch to argue that merely running a Tor exit node makes you an accomplice that "contributes to the completion" of a crime. Under this sort of thinking, Volkswagen would be liable if someone drove a VW as the getaway car in a bank robbery. It's a very, very broad interpretation of accomplice liability, in a situation where it clearly does not make sense.
Crime

Judge Frees "Cannibal Cop" Who Shared His Fantasies Online 185

Posted by timothy
from the not-my-first-choice-for-babysitter dept.
AthanasiusKircher (1333179) writes The story is classic: Boy meets Girl. Boy likes Girl. Boy goes on the internet and writes about his fantasies that involve killing and eating Girl. Boy goes to jail. In this case, the man in question, NYC police officer Gilberto Valle, didn't act on his fantasies — he just shared them in a like-minded internet forum. Yesterday, Valle was released from jail after a judge overturned his conviction on appeal. U.S. District Judge Paul Gardephe wrote that Valle was "guilty of nothing more than very unconventional thoughts... We don't put people in jail for their thoughts. We are not the thought police and the court system is not the deputy of the thought police." The judge concluded that there was insufficient evidence, since "this is a conspiracy that existed solely in cyberspace" and "no reasonable juror could have found that Valle actually intended to kidnap a woman... the point of the chats was mutual fantasizing about committing acts of sexual violence on certain women." (A New York magazine article covered the details of the case and the implications of the original conviction earlier this year.)
Crime

Cybercrooks May Have Stolen Billions Using Brazilian "Boletos" 69

Posted by samzenpus
from the making-that-money dept.
wiredmikey writes Researchers with RSA have discovered a Boleto malware (Bolware) ring that compromised as many as 495,753 Boleto transactions during a two-year period. Though it is not clear whether the thieves successfully collected on all of the compromised transactions, the value of those transactions is estimated to be worth as much as $3.75 billion. A Boleto is essentially a document that allows a customer to pay an exact amount to a merchant. Anyone who owns a bank account — whether a company or an individual — can issue a Boleto associated with their bank. The first signs of its existence appeared near the end of 2012 or early 2013, when it began to be reported in the local news media," according to the report (PDF). "The RSA Research Group analyzed version 17 of the malware, gathering data between March 2014 and June 2014. The main goal of Boleto malware is to infiltrate legitimate Boleto payments from individual consumers or companies and redirect those payments from victims to fraudster accounts."
Security

Western Energy Companies Under Sabotage Threat 86

Posted by timothy
from the shame-if-anything-was-t'-happen dept.
An anonymous reader writes In a post published Monday, Symantec writes that western countries including the U.S., Spain, France, Italy, Germany, Turkey, and Poland are currently the victims of an ongoing cyberespionage campaign. The group behind the operation, called Dragonfly by Symantec, originally targeted aviation and defense companies as early as 2011, but in early 2013, they shifted their focus to energy firms. They use a variety of malware tools, including remote access trojans (RATs) and operate during Eastern European business hours. Symantec compares them to Stuxnet except that "Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required."
Government

Mayors of Atlanta & New Orleans: Uber Will Knock-Out Taxi Industry 273

Posted by samzenpus
from the one-ride-share-to-rule-them-all dept.
McGruber writes Atlanta Mayor Kasim Reed and New Orleans Mayor Mitch Landrieu agree: there will a 15 round fight between Uber and the taxicab industry that currently enjoys regulatory capture, but after a long fight, Uber will win. Landrieu says: "It actually is going to be a 15 round fight. And it's going to take time to work out, hopefully sooner rather than later. But that debate will be held.....But it is a forceful fight, and our city council is full of people on Uber's side, people on the cabs' side, and it's a battle." Mayor Reed of Atlanta also expressed how politically powerful the taxi cartels can be: "I tell you, Uber's worth more than Sony, but cab drivers can take you out. So you've got to [weigh that]. Get in a cab and they say, 'Well that mayor, he is sorry.' You come to visit Atlanta, they say, 'Well that Mayor Reed is as sorry as the day is long. Let me tell you how sorry he is while I drive you to your hotel. And I want you to know that crime is up.' This guy might knock you out. I want you to know it can get really real. It's not as easy as it looks."
Crime

Cracking Atlanta Subway's Poorly-Encrypted RFID Smart Cards Is a Breeze, Part II 170

Posted by timothy
from the connecting-supply-and-demand dept.
McGruber (1417641) writes In December 2013, Slashdot reported the arrest of seven metro Atlanta residents for allegedly selling counterfeit MARTA Breeze cards, stored-value smart cards that passengers use as part of an automated fare collection system on Atlanta's subway. Now, six months later (June 2014), the seven suspects have finally been indicted. According to the indictment, the co-conspirators purchased legitimate Breeze cards for $1, then fraudulently placed unlimited or monthly rides on the cards. They then sold the fraudulent cards to MARTA riders for a discounted cash price. Distributors of the fraudulent cards were stationed at several subway stations. The indictment claims that the ring called their organization the "Underground Railroad."
Medicine

Hospitals Begin Data-Mining Patients 162

Posted by Unknown Lamer
from the records-indicate-you-don't-deserve-care dept.
schwit1 (797399) sends word of a new and exciting use for all of the data various entities are collecting about you. From the article: You may soon get a call from your doctor if you've let your gym membership lapse, made a habit of ordering out for pizza or begin shopping at plus-sized stores. That's because some hospitals are starting to use detailed consumer data to create profiles on current and potential patients to identify those most likely to get sick, so the hospitals can intervene before they do. Acxiom Corp. (ACXM) and LexisNexis are two of the largest data brokers who collect such information on individuals. They say their data are supposed to be used only for marketing, not for medical purposes or to be included in medical records. While both sell to health insurers, they said it's to help those companies offer better services to members.
The Courts

Supreme Court Rules Cell Phones Can't Be Searched Without a Warrant 249

Posted by Unknown Lamer
from the sanity-outbreak dept.
New submitter CarlThansk (3713681) writes The courts have long debated on if cell phones can be searched during an arrest without a warrant. Today, the Supreme Court unanimously ruled that the police need warrants to search the cellphones of people they arrest. "Chief Justice John G. Roberts Jr., writing for the court, said the vast amount of data contained on modern cellphones must be protected (PDF) from routine inspection." Phones may still be searched under limited circumstances (imminent threats), but this looks like a clear win for privacy. Quoting the decision: "We cannot deny that our decision today will have an impact on the ability of law enforcement to combat crime. Cell phones have become important tools in facilitating coordination and communication among members of criminal enterprises, and can provide valuable incriminating information about dangerous criminals. Privacy comes at a cost."
Security

Banking Fraud Campaign Steals 500k Euros In a Week 35

Posted by Unknown Lamer
from the red-stapler dept.
An anonymous reader writes The experts at Kaspersky Lab have discovered evidence of a targeted attack against the clients of a large European bank. According to the logs found in the server used by the attackers, apparently in the space of just one week cybercriminals stole more than half a million euros from accounts in the bank. The experts also detected transaction logs on the server, containing information about which sums of money were taken from which accounts. All in all, more than 190 victims could be identified, most of them located in Italy and Turkey. The sums stolen from each bank account, according to the logs, ranged between 1,700 to 39,000 euros.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (9) Dammit, little-endian systems *are* more consistent!

Working...