Verizon technician admits he sold customer data for years

A former Verizon Wireless network technician in Alabama has admitted to using company computers to steal and sell private customers’ location and call data over a period of five years. As Ars Technica reports, Daniel Traeger of Birmingham faces up to five years in prison or a $250,000 fine for the federal hacking charge. As part of a plea deal, Traeger confessed that he sold the data to an unnamed private investigator.

Tags: 

via http://ift.tt/2dmp92Q

Microsoft, Bank of America Announce Blockchain Collaboration

Microsoft and Bank of America Merrill Lynch are collaborating on a new pilot project aimed at automating trade finance transactions using blockchain technology, the companies announced yesterday.

Blockchain is best known as the distributed database technology at the heart of cryptocurrencies like Bitcoin. It is hardened against tampering, preventing even its operators from revising or otherwise meddling with its continuously growing list of records.

Tags: 

via http://ift.tt/2dbc1PR

IEEE Sets New Ethernet Standard That Brings 5X the Speed Without Cable Ripping

Reader coondoggie writes: As expected the IEEE has ratified a new Ethernet specification — IEEE P802.3bz — that defines 2.5GBASE-T and 5GBASE-T, boosting the current top speed of traditional Ethernet five-times without requiring the tearing out of current cabling. The Ethernet Alliance wrote that the IEEE 802.3bz Standard for Ethernet Amendment sets Media Access Control Parameters, Physical Layers and Management Parameters for 2.5G and 5Gbps Operation lets access layer bandwidth evolve incrementally beyond 1Gbps, it will help address emerging needs in a variety of settings and applications, including enterprise, wireless networks. Indeed, the wireless component may be the most significant implication of the standard as 2.5G and 5G Ethernet will allow connectivity to 802.11ac Wave 2 Access Points, considered by many to be the real driving force behind bringing up the speed of traditional NBase-T products.



Share on Google+

Read more of this story at Slashdot.

via http://ift.tt/2dhvAYT

Revealed: How One Amazon Kindle Scam Made Millions of Dollars

An anonymous Slashdot reader shares an excerpt with us from a report via ZDNet that summarizes a catfishing scheme designed to deceive Amazon users into buy low-quality ebooks: Emma Moore is just one of hundreds of pseudonyms employed in a sophisticated "catfishing" scheme run by Valeriy Shershnyov, whose Vancouver-based business hoodwinks Amazon customers into buying low-quality ebooks, which have been boosted on the online marketplace by an unscrupulous system of bots, scripts, and virtual servers. Catfishing isn’t new — it’s been well documented. Some scammers buy fake reviews, while others will try other ways to game the system. Until now, nobody has been able to look inside at how one of these scams work — especially one that’s been so prolific, generating millions of dollars in royalties by cashing in on unwitting buyers who are tricked into thinking these ebooks have some substance. Shershnyov was able to stay in Amazon’s shadows for two years by using his scam server conservatively so as to not raise any red flags. What eventually gave him away weren’t customer complaints or even getting caught. It was good old-fashioned carelessness. He forgot to put a password on his server.



Share on Google+

Read more of this story at Slashdot.

via http://ift.tt/2dipJ5w

Facebook releases Osquery Security Tool for Windows

OSquery

, an open-source framework created by Facebook that allows organizations to look for potential malware or malicious activity on their networks, was available for Mac OS X and Linux environments until today.

But now the social network has announced that the company has developed a

Windows version of its osquery tool

, too.

When Facebook engineers want to monitor thousands of Apple Mac laptops across their organization, they use their own untraditional security tool called OSquery.

OSquery is a smart piece of cross-platform software that scans every single computer on an infrastructure and catalogs every aspect of it.

Then SQL-based queries allow developers and security teams to monitor low-level functions in real-time and quickly search for malicious behavior and vulnerable applications on their infrastructure.

In simple words, OSquery allows an organization to treat its infrastructure as a database, turning OS information into a format that can be queried using SQL-like statements.

This functionality is critical for administrators to perform incident response, diagnose systems and network level problems, help to troubleshoot performance issues, and more.

This open source endpoint security tool has become one of the most popular security projects on

GitHub

since its release in mid-2014 and was available for Linux distribution such as Ubuntu or CentOS, and Mac OS X machines.

So, if your organization was running a Windows environment, you were out of luck.

But, not today, as with the help of Trail of Bits, Facebook has finally launched the OSquery developer kit for Windows, allowing security teams to build customized solutions for their Windows networks.

As adoption for osquery grew, a strong and active community emerged in support of a more open approach to security,

” reads the earlier version of Facebook’s blog post provided to The Hacker News.

We saw the long-held misconception of ‘security by obscurity’ fall away as people started sharing tooling and experiences with other members of the community. Our initial release of osquery was supported for Linux and OS X, but the community was also excited for a Windows version — so we set out to build it.

To get started with the OSquery developer kit for Windows, check this official

documentation

, the development environment, and a single

script

. The build is easy to install, and you can start coding right away.

You can read the full documentation of the development process of the OSquery developer kit for Windows on the

blog post

by Trail of Bits.

via http://ift.tt/2ddd1TW

OWASP OWTF – Offensive Web Testing Framework

OWASP Offensive Web Testing Framework is a project focused on penetration testing efficiency and alignment of security tests to security standards like: The OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST.

OWASP OWTF - Offensive Web Testing Framework

The purpose of this tool is to automate the manual and uncreative parts of pen testing. For example, Figuring out how to call “tool X” then parsing results of “tool X” manually to feed “tool Y” and so on is time consuming.

By reducing this burden we hope pen testers will have more time to:

  • See the big picture and think out of the box,
  • Find, verify and combine vulnerabilities efficiently,
  • Have time to Investigate complex vulnerabilities like business logic, architectural flaws, virtual hosting sessions, etc.
  • Perform more tactical/targeted fuzzing on seemingly risky areas
  • Demonstrate true impact despite the short time-frames we are typically given to test.



This tool is however not a silver bullet and will only be as good as the person using it. Understanding and experience will be required to correctly interpret the tool output and decide what to investigate further in order to demonstrate the impact.

Features

  • Web UI. Now configure and monitor OWTF via a responsive and powerful interface accessible via your browser.
  • Exposes RESTful APIs to all core OWTF capabilties.
  • Instead of implementing yet another spider (a hard job), OWTF will scrub the output of all tools/plugins run to gather as many URLs as possible.
  • Scan by various aggression levels: OWTF supports scans which are based on the aggressiveness of the plugins/tools invoked.
  • Extensible OWTF manages tools through ‘plugins’ making it trivial to add new tools.
  • OWTF has been developed keeping Kali Linux in mind, but it also supports other pentesting distros such as Samurai-WTF, etc.
  • Tool paths and configuration can be easily modified in the web interface.
  • Fastest Python MiTM proxy yet!
  • Crash reporting directly to Github issue tracker
  • Comprehensive interactive report at end of each scan
  • Easy plugin-based system; currently 100+ plugins!
  • CLI and web interface

You can download OWASP OWTF here:



Or read more here.


via http://ift.tt/2dpJqsK

(IN)SECURE Magazine issue 51 released

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 51 has been released today.

(IN)SECURE Magazine issue 51

Table of contents

  • Hacking is the new espionage
  • New hyper-evasive threats are killing sandboxing as we know it
  • How to choose a perfect data control solution for your enterprise
  • What can Microsoft Patch Tuesday tell us about security trends in 2016?
  • Security experts are from Mars, business owners are from Venus
  • Report: Black Hat USA 2016
  • Build your own endpoint security stack
  • Securing your spot at the top: How to collaborate and when to compete
  • Shift from detection to response requires rethinking security infrastructure
  • Is your business still HIPAA complaint after the 2016 federal changes?
  • Encryption for the Internet of Things
  • Preparing for new EU cyber-security rules and regulations.

via http://ift.tt/2cIYmjt