×
Security

The Hi-Tech Security at the Super Bowl 265

Posted by samzenpus from the bubble-ball dept.
Hugh Pickens writes "As millions of fans sit glued to their sets next Sunday, one part of the game they will not see is the massive deployment of federal and local law enforcement resources to achieve what is being called the most technologically secure Super Bowl in history, an event that has been officially designated as a National Security Special Event (PDF). At the top of the list are gamma-ray cargo and vehicles scanners that can reportedly see through six inches of steel to reveal the contents of large vehicles. 'We can detect people, handguns and rifles,' says Customs and Border Protection Officer Brian Bell. 'You'd be a fool to bring something into that stadium that you shouldn't. We're going to catch it. Our goal is to look at every vehicle that makes a delivery inside the stadium and inside the secure perimeter.' Next is the 51-foot Featherlite mobile command center for disaster response that will support the newly constructed $18 million Regional Operations Center (ROC) for the Marion County Department of Homeland Security that will serve as a fusion center for coordinating the various federal agencies involved in providing security for the Super Bowl. One interesting security measure are the 'Swiveloc' explosion-proof manhole covers (video) that Indianapolis has spent $150,000 installing that are locked down during the Super Bowl. In case of an underground explosion, the covers lift a couple of inches off the ground — enough to vent gas out without feeding in oxygen to make an explosion bigger — before falling back into place. Finally the Department of Homeland Security and the FBI has installed a network of cameras that will be just a click away for government officials. 'If you had the right (Internet) address, you could set up a laptop anywhere and you could watch the camera from there,' says Brigadier General Stewart Goodwin."
Upgrades

Unicode 6.1 Released 170

Posted by Unknown Lamer from the tent-emoji-style dept.
An anonymous reader writes "The latest version of the Unicode standard (v. 6.1.0) was officially released January 31. The latest version includes 732 new characters, including seven brand new scripts. It also adds support for distinguishing emoji-style and text-style symbols and emoticons with variation selectors, updates to the line-breaking algorithm to more accurately reflect Japanese and Hebrew texts, and updates other algorithms and technical notes to reflect new characters and newly documented text behaviors."
Apple

Apple Forcing IT Shops To 'Adapt Or Die' 715

Posted by Soulskill from the techno-industrial-darwinism dept.
alphadogg writes "Many IT departments are struggling with Apple's 'take it or leave it' attitude, based on discussions last week at MacIT, which is Macworld|iWorld's companion conference for IT professionals. Much of the questioning following technical presentations wasn't about Apple technology or products. It was about the complexities and confusions of trying to sort out for the enterprise Apple's practices. Those practices include the use of Apple IDs and iTunes accounts, which are designed for individual Mac or iPad or iPhone users, and programs like Apple's Volume Purchase Program, which, according to Apple 'makes it simple to find, buy, and distribute the apps your business needs' and to buy custom, third-party B2B apps."
Government

Ongoing Attacks Target Defense, Aerospace Industries 77

Posted by Soulskill from the hackers-want-spaceships-with-lasers dept.
Gunkerty Jeb writes "Researchers have identified a strain of malware that's being used in a string of targeted attacks against defense contractors, government agencies and other organizations by leveraging exploits against zero-day vulnerabilities. The attacks may have been going on since 2009 in some form and the emails containing the malicious attachments are specifically targeted at executives and officials in various industries using fake conference invitations. The attack campaign, as many do, appears to be changing frequently, as the attackers use different binaries and change up their patterns for connecting to remote command-and-control servers. The research, done by Seculert and Zscaler, shows that the attackers are patient, taking the time to dig up some information about their potential targets, and are carefully choosing organizations that have high-value intellectual property and assets (PDF)."
Privacy

Surveillance Cameras Used To Study Customer Behavior 126

Posted by samzenpus from the unseen-mechanized-eye dept.
An anonymous reader writes "Technology Review reports on a startup with software used by stores to track, count and log people captured by security cameras. Prism Skylab's technology can produce heatmaps showing where people went and produce other statistics that the company claims offer tracking and analytics like those used online for the real world. One use case is for businesses to correlate online promotions and deals — such as Groupon offers — with real world footfall and in-store behavior."
Google

Apple Versus Google Innovation Strategies 187

Posted by samzenpus from the getting-it-done dept.
porsche911 writes "The NY Times has a great story comparing the top-down versus bottom-up innovation approaches of Apple and Google. From the article: '"There is nothing democratic about innovation," says Paul Saffo, a veteran technology forecaster in Silicon Valley. "It is always an elite activity, whether by a recognized or unrecognized elite."'"
Security

DHS Sends Tourists Home Over Twitter Jokes 709

Posted by Unknown Lamer from the it's-not-like-anyone-would-miss-la dept.
itwbennett writes "In a classic case of 'we say destroy, you say party hard,' the U.S. Dept. of Homeland Security detained a pair of British twenty-somethings for 12 hours and then sent them packing back to the land of the cheeky retort. At issue is a Tweet sent by Leigh Van Bryan about plans to 'destroy America,' starting with LA, which, really, isn't that bad an idea."
Government

10-Year Gary McKinnon Case To End This Year 72

Posted by Soulskill from the right-to-a-speedy-trial dept.
judgecorp writes "The ten-year legal quagmire surrounding Gary McKinnon, who hacked into U.S. military and NASA computers in 2001 and 2002, must end this year, a British High Court Judge has ordered. McKinnon has been appealing against extradition to the U.S., and two medical experts must report in 28 days on his mental state, ruling whether he would be a suicide risk if deported. This ruling could short-circuit an extradition appeal hearing in July."
Crime

Shmoocon Demo Shows Easy, Wireless Credit Card Fraud 273

Posted by timothy from the now-how-much-would-you-pay dept.
Sparrowvsrevolution writes with this excerpt from a Forbes piece recounting a scary demo at the just-ended Shmoocon: "[Security researcher Kristin] Paget aimed to indisputably prove what hackers have long known and the payment card industry has repeatedly downplayed and denied: That RFID-enabled credit card data can be easily, cheaply, and undetectably stolen and used for fraudulent transactions. With a Vivotech RFID credit card reader she bought on eBay for $50, Paget wirelessly read a volunteer's credit card onstage and obtained the card's number and expiration date, along with the one-time CVV number used by contactless cards to authenticate payments. A second later, she used a $300 card-magnetizing tool to encode that data onto a blank card. And then, with a Square attachment for the iPhone that allows anyone to swipe a card and receive payments, she paid herself $15 of the volunteer's money with the counterfeit card she'd just created. (She also handed the volunteer a twenty dollar bill, essentially selling the bill on stage for $15 to avoid any charges of illegal fraud.) ... A stealthy attacker in a crowded public place could easily scan hundreds of cards through wallets or purses."
Facebook

Big Internet Players Propose DMARC Anti-Phishing Protocol 92

Posted by timothy from the gotta-have-a-license dept.
judgecorp writes "Google, Microsoft, PayPal, Facebook and others have proposed DMARC, or Domain-based Message Authentication, Reporting and Conformance, an email authentication protocol to combat phishing attacks. Authentication has been proposed before; this group of big names might get it adopted." Adds reader Trailrunner7, "The specification is the product of a collaboration among the large email receivers such as AOL, Gmail, Yahoo Mail and Hotmail, and major email senders such as Facebook, Bank of America and others, all of whom have a vested interest in either knowing which emails are legitimate or being able to prove that their messages are authentic. The DMARC specification is meant to be a policy layer that works in conjunction with existing mail authentication systems such as DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework)."
Government

Maine Senator Wants Independent Study of TSA's Body Scanners 335

Posted by timothy from the but-first-this-delicious-barium dept.
OverTheGeicoE writes "U.S. Senator Susan Collins, the top Republican on the homeland security committee, plans to introduce a bill that would require a new health study of the X-ray body scanners used to screen airline passengers nationwide. If the bill becomes law, TSA would be required to choose an 'independent laboratory' to measure the radiation emitted by a scanner currently in use at an airport checkpoint and use the data to produce a peer-reviewed study, to be submitted to Congress, based on its findings. The study would also evaluate the safety mechanisms on the machine and determine 'whether there are any biological signs of cellular damage caused by the scans.' Many Slashdotters are or have been involved in science. Is this a credible experimental protocol? Is it reasonable to expect an organization accused of jeopardizing the health and safety of hundreds of millions of air travelers to pick a truly unbiased lab? Would any lab chosen deliver a critical report and risk future funding? Should the public trust a study of radiology and human health designed by a US Senator whose highest degree is a bachelor's degree in government?"
Crime

SEC Takes Action Against Latvian Hacker 57

Posted by timothy from the latvia-lady-toniiight dept.
wiredmikey writes "The SEC has filed charges against a trader in Latvia for conducting a widespread online account intrusion scheme in which he manipulated the prices of more than 100 NYSE and Nasdaq securities by making unauthorized purchases or sales from hijacked brokerage accounts. The SEC also went after four online trading firms and eight executives who are said to have helped the hacker make more than $850,000 in ill-gotten funds. The SEC's actions occurred on the same day that the Financial Industry Regulatory Authority (FINRA) issued an investor alert and a regulatory notice about an increase in financially motivated attacks targeting email."
Crime

Hijacked Web Traffic For Sale 68

Posted by timothy from the 1-crying-young-spying-young-viewer-for-sale dept.
mask.of.sanity writes "If you can't create valuable content to attract users to your site, Russian cyber criminals will sell them to you. A web store has been discovered that sells hacked traffic that has been redirected from legitimate sites. Sellers inject hidden iframes into popular web sites and redirect the traffic to a nominated domain. Buyers purchase the traffic from the store to direct to their sites and the sellers get paid."
Cellphones

Defending Your Cellphone Against Malware 157

Posted by timothy from the did-anyone-else-pack-your-cellphone-today dept.
Hugh Pickens writes "Kate Murphy writes that as cellphones have gotten smarter, they have become less like phones and more like computers, and that with more than a million phones worldwide already hacked, technology experts expect breached, infiltrated or otherwise compromised cellphones to be the scourge of 2012. Cellphones are often loaded with even more personal information than PCs, so an undefended or carelessly operated phone can result in a breathtaking invasion of individual privacy as well as the potential for data corruption and outright theft. But there are a few common sense ways to protect yourself: Avoid free, unofficial versions of popular apps that often have malware hidden in the code, avoid using Wi-Fi in a Starbucks or airport which leaves you open to hackers, and be wary of apps that want permission to make phone calls, connect to the Internet or reveal your identity and location."
Facebook

Facebook, Washington State Sue Firm Over Clickjacking 71

Posted by timothy from the just-trying-to-earn-a-living dept.
Trailrunner7 writes "Facebook and the state of Washington are suing an ad network they accuse of encouraging people to spread spam through clickjacking schemes and other tactics. The company at the center of the allegations, Adscend Media, denies the charges and said it will fight them vigorously. According to the office of Washington Attorney General Rob McKenna, the company paid and encouraged scammers to design Facebook pages to bait users into visiting Websites that pay the company. The bait pages would appear in posts that seem to originate from a person's Facebook friends and offer visitors an opportunity to view 'provocative' content in exchange for clicking the 'like' button on the Facebook page."
Android

Android Malware May Have Infected 5 Million Users 280

Posted by timothy from the there-aren't-enough-whips-in-the-world dept.
bonch writes "A massive Android malware campaign may be responsible for duping as many as 5 million users into downloading the Android.Counterclan infection from the Google Android Market. The trojan collects the user's personal information, modifies the home page, and displays unwanted advertisements. It is packaged in 13 different applications, some of which have been on the store for at least a month. Several of the malicious apps are still available on the Android Market as of 3 P.M. ET. Symantec has posted the full list of infected applications."
Security

How Allan Scherr Hacked Around the First Computer Password 89

Posted by timothy from the used-his-onion dept.
New submitter MikeatWired writes "If you're like most people, you're annoyed by passwords. So who's to blame? Who invented the computer password? They probably arrived at MIT in the mid-1960s, when researchers built a massive time-sharing computer called CTSS. Technology changes. But, then again, it doesn't, writes Bob McMillan. Twenty-five years after the fact, Allan Scherr, a Ph.D. researcher at MIT in the early '60s, came clean about the earliest documented case of password theft. In the spring of 1962, Scherr was looking for a way to bump up his usage time on CTSS. He had been allotted four hours per week, but it wasn't nearly enough time to run the detailed performance simulations he'd designed for the new computer system. So he simply printed out all of the passwords stored on the system. 'There was a way to request files to be printed offline by submitting a punched card,' he remembered in a pamphlet (PDF) written last year to commemorate the invention of the CTSS. 'Late one Friday night, I submitted a request to print the password files and very early Saturday morning went to the file cabinet where printouts were placed and took the listing.' To spread the guilt around, Scherr then handed the passwords over to other users. One of them — J.C.R. Licklieder — promptly started logging into the account of the computer lab's director Robert Fano, and leaving 'taunting messages' behind."
Security

DARPA Funding a $50 Drone-Droppable Spy Computer 86

Posted by Soulskill from the this-is-how-you-name-your-device dept.
Sparrowvsrevolution writes "At the Shmoocon security conference, researcher Brendan O'Connor plans to present the F-BOMB, or Falling or Ballistically-launched Object that Makes Backdoors. Built from just the disassembled hardware in a commercially-available PogoPlug mini-computer, a few tiny antennae, eight gigabytes of flash memory and some 3D-printed plastic casing, the F-BOMB serves as 3.5"-by-4"-by-1" spy computer. With a contract from DARPA, O'Connor has designed the cheap gadgets to be spy nodes, ready to be dropped from a drone, plugged inconspicuously into a wall socket, (one model impersonates a carbon monoxide detector) thrown over a barrier, or otherwise put into irretrievable positions to quietly collect data and send it back to the owner over any available Wi-Fi network. O'Connor built his prototypes with gear that added up to just $46 each, so sacrificing one for a single use is affordable."

Slashdot Top Deals