Feed aggregator

Jobvite Recruitment Service Website Vulnerable to Hackers

The Hacker News -

Jobvite, a recruiting platform for the social web, is found vulnerable to the most common, but critical web application vulnerabilities that could allow an attacker to compromise and steal the database of the company's website. Jobvite is a Social recruiting and applicant tracking created for companies with the highest expectations of recruiting technology and candidate quality. Growing

Tesla's Already Shopping For More Office Space

Slashdot -

cartechboy writes Remember four years ago when Tesla's new headquarters in Palo Alto, California seemed like a big risk? Yeah, time flies and now the Silicon Valley startup is already running out of room. Apparently the electric-car maker is already looking for 200,000-300,000 square feet of office space in the lower Peninsula market. Part of the motivation is that the company would like to have employees closer to its Fremont factory, which is 20 miles from its current headquarters. With heavy traffic that journey can take up to an hour or more. While not looking to relocate its headquarters, Tesla's simply looking to expand its space. Meanwhile, we all eagerly await to hear if the Gigafactory will indeed end up being built in Nevada.

Read more of this story at Slashdot.

Linux Kernel Shuffling Zombie Juror Aka 3.16 Released

Slashdot -

sfcrazy writes Linus Torvalds has announced the release of Linux kernel 3.16 codenamed "Shuffling Zombie Juror", which brings many notable improvements. Linus said, "So while 3.16 looked a bit iffy for a while, things cleared up nicely, and there was no reason to do extra release candidates like I feared just a couple of weeks ago." It also means that working on 3.17 has started, "And as usual (previous release being the exception) that means that the merge window for 3.17 is obviously open," said Linus.

Read more of this story at Slashdot.

Tor on Campus, Part II: Icebreakers and Risk Mitigation Strategies

EFF's Deeplinks -

In part one of this blogpost, we discuss why it makes good sense to contribute to the Tor project on university campuses, and we offer some examples of students who have been able to set up relays or exit nodes in recent years.

EFF realizes that many students may be interested in contributing to the Tor Project, but are unsure of how to get the conversation with their university started. In this post, we offer some tips that we've pulled from successful efforts to establish an exit or a relay node on campus. We also provide some suggestions for addressing concerns students are likely to encounter from their campus administration.

Many campus IT departments may be understandably concerned about the risk of having Tor traffic exit from their network. There is a potential for legally questionable activity to occur over Tor, and anonymized traffic will appear to have originated from the campus. This can cause law enforcement to first come to the campus in search of the origin of the suspicious activity or for DMCA copyright complaints to be sent to the host of the exit node. Though this can often be addressed through an explanation of Tor to the complaining party, and it is rare for the host of an exit node to be troubled by law enforcement, we highly recommend reading our legal FAQ to better understand the risks.

Let’s start with some tactics for organizing on campus. If you encounter resistance, please use and remix our Open Letter Urging Universities To Encourage Conversation About Online Privacy.

Start a conversation about Tor on Campus

Ask your friends and other professors if they know of someone working in the computer science, political science, or journalism department that may already advocate for security or online privacy. Students will often need faculty allies to initiate running a Tor node on campus, and often there are already professors and technologists at universities who are familiar with and support the Tor Project. If you don't already have contacts, try searching through your computer science, journalism, political science, or any related departments' websites to see if any professor specializes in online privacy, security, or communications and human rights. Email them to set up a meeting to talk about setting up a Tor node on campus.

Contact a computer science or human rights group on campus. There is a great chance that other students will want to be involved or get excited about the prospect of contributing to the Tor Project. You all can work together to find out who the professors and IT professionals are on campus that you'd need to talk to in order to get the project started.

Start a digital rights campus group. Often the biggest barrier to setting up a Tor node on campus is one of understanding. The faculty and the IT department might not be convinced that supporting a freedom-enhancing technology project is worth the potential risk, so sometimes it might take a series of information sessions and ongoing meetings to demystify Tor for people that are new to the concept of online anonymity. Check out our organizing resources and start a campus group. Setting up a Tor node is a great first project.

Understand the Risks and Try to Address Potential Concerns

Try to dedicate a separate IP address to the relay or exit node. Some servers blacklist Tor traffic, so having a separate IP address will help to ensure that only traffic from the dedicated Tor IP address will be blacklisted or affected, and not other users of the campus network who share an IP address with the Tor node. Note that EFF believes that Tor relays should be protected from copyright liability for the acts of their users and that a Tor relay operator can raise an immunity defense under the DMCA as well as defenses under copyright's secondary liability doctrines. However, no court has yet addressed these issues in the context of Tor itself. Check out our legal FAQ, which includes a template for a response to a DMCA notice.

Consider a reduced exit policy. Exit policies allow hosts of Tor nodes to decide what kind of traffic is allowed to travel through their node. The Tor Project has an excellent explainer on the kinds of exit policies available for exit node hosts and how limiting what is allowed to travel through your node can reduce its risk of receiving legal complaints. Most reduced exit policies still allow web browsing activity that may give rise to content-related complaints or investigations.

Set up a reverse DNS entry for the IP address. By setting up a reverse domain name for the IP address running the Tor node, you can help to alleviate knee-jerk reactions from sysadmins and people who see unfamiliar traffic coming from your IP node. A domain name like tor-exit.yourdomain.edu or tor-proxy-readme.yourdomain.edu might be useful.

Set up a Tor Exit Notice. Once you have a good reverse DNS name, you should put some content there that explains what Tor is for those who see the name and try to visit it via HTTP. If you run your DirPort on port 80, you can use the Tor config option "DirPortFrontPage" to display a notice explaining that you are running an exit node. This sample content from The Tor Project website will help educate and inform people who stumble upon the Tor exit node DNS name. Be sure to update the contact info and other places marked with FIXME in the notice.

Tell us how it goes

We want to Tor project to become as robust as possible and encourage students contribute in any way they can. Even if you are unable to get past the concerns or bureaucracy of the campus administration, the fact that the conversation has been started is a wonderful contribution in and of itself. At the moment, too many Internet users wrongly associate the need for privacy and anonyminity online with deviance, ignorant to the fact that these tools are essential for journalists, activists, medical and legal professionals, as well as everyday users around the world need to circumvent government censorship to communicate and stay informed.

Email info@eff.org to keep us posted, and good luck!

In part one of this blogpost, we discuss why it makes good sense to contribute to the Tor project on university campuses, and we offer some examples of students who have been able to set up relays or exit nodes in recent years.


Share this:   ||  Join EFF

Planes Can Be Hacked Via Inflight Wi-fi, Says Researcher

Slashdot -

wired_parrot writes In a presentation to be shown Thursday at the Black Hat conference, cybersecurity consultant Ruben Santamarta is expected to outline how planes can be hacked via inflight wi-fi. Representatives of in-flight communication systems confirmed his findings but downplayed the risks, noting that physical access to the hardware would still be needed and only the communication system would be affected.

Read more of this story at Slashdot.

Experimental drug 'likely saved' first two Americans with Ebola

Boing Boing -

  • Kent Brantly, a doctor who contracted Ebola in Liberia, shown with colleagues in this undated photograph provided by Samaritan's Purse. Samaritan's Purse//Reuters

    CNN reports that an experimental treatment for Ebola known as ZMapp was "flown into Liberia last week in a last-ditch effort to save two American missionary workers who had contracted Ebola." So far, it has worked: both are still alive.

    Read the rest

  • Manage Yubikeys for LUKS encryption with privacyIDEA

    HowtoForge - Linux Howtos and Tutorials -

    Manage Yubikeys for LUKS encryption with privacyIDEA

    So today we will show, how you can manage many yubikeys for many notebooks using privacyIDEA. privacyIDEA is an authentication system for two factor authentication - usually with OTP devices. In a recent version privacyIDEA started to not only answer authentication request, but it was also enhanced to be able to define client machines and add information, which authentication device could be used for an application on a client machine.


    Subscribe to debianHELP aggregator