Hugh Pickens writes "Nicole Perlroth reports in the NY Times that the antivirus industry has a dirty little secret: antivirus products are not very good at stopping new viruses. Researchers collected and analyzed 82 new computer viruses and put them up against more than 40 antivirus products, made by top companies like Microsoft, Symantec, McAfee and Kaspersky Lab and found that the initial detection rate was less than 5 percent (PDF). 'The bad guys are always trying to be a step ahead,' says Matthew D. Howard, who previously set up the security strategy at Cisco Systems. 'And it doesn't take a lot to be a step ahead.' Part of the problem is that antivirus products are inherently reactive. Just as medical researchers have to study a virus before they can create a vaccine, antivirus makers must capture a computer virus, take it apart and identify its 'signature' — unique signs in its code — before they can write a program that removes it. That process can take as little as a few hours or as long as several years. In May, researchers at Kaspersky Lab discovered Flame, a complex piece of malware that had been stealing data from computers for an estimated five years. 'The traditional signature-based method of detecting malware is not keeping up,' says Phil Hochmuth. Now the thinking goes that if it is no longer possible to block everything that is bad, then the security companies of the future will be the ones whose software can spot unusual behavior and clean up systems once they have been breached. 'The bad guys are getting worse,' says Howard. 'Antivirus helps filter down the problem, but the next big security company will be the one that offers a comprehensive solution.'"

An anonymous reader writes "EFnet member Fionn 'Fudge' Kelleher reported several vulnerabilities in the IRC daemons charybdis, ircd-ratbox, and other derivative IRCds. The vulnerability was subsequently used to bring down large portions of the EFnet IRC network." By crafting a particular message, you can cause the IRC daemon to call strlen(NULL) and game over, core dumped.

CowboyRobot writes "The 802.11ac standard is expected to be ratified in 2013 and NetworkComputing has an interview with representatives of Cisco Systems and Aerohive Networks about what that will mean for everyone else. 'Out of the gate, the increases in performance over 11n will not be tremendously impressive. The second wave--which will require a hardware refresh--gets far more interesting... First-generation 802.11ac products will achieve up to 1.3 Gbps through the use of three spatial streams, 80-MHz-wide channels (double the largest 40 MHz channel width with 802.11n), and use of better hardware components that allow higher levels of modulation and encoding (up to 256-QAM). Whether we will actually see 802.11ac products capable of 6.9 Gbps is dependent on hardware enhancements on both the access point and client that are not certain.'"

tearmeapart writes "The teams at FreeBSD have reached another great achievement with FreeBSD 9.1, with improvements to the already fantastic zfs features, more VM improvements (helping bringing FreeBSD to the next generation of VMs), and improvements in speed to many parts of the network system. Support FreeBSD via the FreeBSD mall or download/upgrade FreeBSD from a mirror. Unfortunately, the torrent server is still down due to the previous security incident." And new submitter northar writes "The other day the NetBSD project released their first update to the 6.x series, 6.0.1. They also (rather discreetly) announced a fund drive targeting 60.000 USD before the end of 2012 in the release notes. They better get going if their donation page is anything like recently updated."

hypnosec writes "The Free Software Foundation is on an offensive against restricted boot systems and is busy appealing for donations and pledge in the form of signatures in a bid to stop systems such as the UEFI SecureBoot from being adopted on a large-scale basis and becoming a norm in the future. The FSF, through an appeal on its website, is requesting users to sign a pledge titled 'Stand up for your freedom to install free software' that they won't be purchasing or recommending for purchase any such system that is SecureBoot enabled or some other form of restricted boot techniques. The FSF has managed to receive, as of this writing, over 41,000 signatures. Organizations like the Debian, Edoceo, Zando, Wreathe and many others have also showed their support for the campaign."

An anonymous reader writes "Criminals are using a new Internet Explorer security hole to attack Windows computers in targeted attacks, though the vulnerability could end up being more widely exploited. While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are. It's great to see that the latest versions of IE are immune, but this new vulnerability is still bad news for Windows XP users and earlier since they cannot upgrade to more recent versions of Microsoft's browser. 'We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,' Dustin Childs of Microsoft Trustworthy Computing told TNW. 'We will take appropriate action to help keep customers protected once our analysis is complete. People using Internet Explorer 9-10 are not impacted.'"

New submitter FreaKBeaNie writes "Earlier this month, the FTC issued 9 orders to data brokerage companies to learn more about their privacy practices. Data brokers are skilled at connecting quasi-private data with publicly available data, like voter rolls, housing sales, and now gun ownership records. Unlike merchants or business partners, these data brokers may or may not have had any interaction with the 'subjects' of their data collection."

Rambo Tribble writes "England has awarded Raymond Roberts, one of the nine cryptanalysts responsible for breaking the Nazi Tunny code machine, (also known by the German designation Lorenz cipher machine) the MBE. Roberts is the last surviving member of the team which cracked the German army's cipher machine functionality, much like others at Bletchley broke the better-known Enigma machine."

The Washington Post reports on a development that may push Internet access on commercial aircraft from a pleasant luxury (but missing on most U.S. domestic flights) to commonplace. Writes the Post: "The Federal Communications Commission on Friday approved an application process for airlines to obtain broadband Internet licenses aboard their planes. Previously, airlines were granted permission on an ad hoc basis. Airlines need the FCC’s permission to tap into satellite airwaves while in flight that enable passengers to access the Internet. They also need permission from the Federal Aviation Administration, which oversees the safety of inflight Internet systems." I hope that on-board Internet not only becomes the default, but that free advertising-backed access does, too; especially for short flights, the "24-hour pass" paid access I've seen on United and Delta is tempting, but too pricey.

An anonymous reader points out just how thick a skin it takes to be a kernel developer sometimes, linking to a chain of emails on the Linux Kernel Mailing List in which Linus lets loose on a kernel developer for introducing a change that breaks userspace apps (in this case, PulseAudio). "Shut up, Mauro. And I don't _ever_ want to hear that kind of obvious garbage and idiocy from a kernel maintainer again. Seriously. I'd wait for Rafael's patch to go through you, but I have another error report in my mailbox of all KDE media applications being broken by v3.8-rc1, and I bet it's the same kernel bug. And you've shown yourself to not be competent in this issue, so I'll apply it directly and immediately myself. WE DO NOT BREAK USERSPACE! Seriously. How hard is this rule to understand? We particularly don't break user space with TOTAL CRAP. I'm angry, because your whole email was so _horribly_ wrong, and the patch that broke things was so obviously crap. ... The fact that you then try to make *excuses* for breaking user space, and blaming some external program that *used* to work, is just shameful. It's not how we work," writes Linus, and that's just the part we can print. Maybe it's a good thing, but there's certainly no handholding when it comes to changes to the heart of Linux.

An anonymous reader writes "Michigan joins Maryland as a state where employers may not ask employees or job applicants to divulge login information for Facebook and other social media sites. From the article: 'Under the law, employers cannot discipline employees or decline to hire job applicants because they do not give them access information, including user names, passwords, login information, or "other security information that protects access to a personal internet account," according to the bill. Universities and schools cannot discipline or fail to admit students if they do not give similar information.' There is one exception, however: 'However, accounts owned by a company or educational institution, such as e-mail, can be requested.'"

Every years, McAfee Labs produces a list of predictions relating to computer security for the next 12 months. Last year (PDF) they said Anonymous would have to reinvent itself, and that there would be an overall increase in online hacktivism. This year's report (PDF) is not as optimistic for the hacking collective. "Too many uncoordinated and unclear operations have been detrimental to its reputation. Added to this, the disinformation, false claims, and pure hacking actions will lead to the movement’s being less politically visible than in the past. Because Anonymous’ level of technical sophistication has stagnated and its tactics are better understood by its potential victims, the group’s level of success will decline." That's not to say they think hacktivism itself is on the decline, though: "Meanwhile, patriot groups self-organized into cyberarmies and spreading their extremist views will flourish. Up to now their efforts have had little impact (generally defacement of websites or DDoS for a very short period), but their actions will improve in sophistication and aggressiveness." The report also predicts that malware kits will lead to an "explosion in malware" for OS X and mobile, but that Windows 8 will be the next big target.

Orome1 writes "PandaLabs outlined its picks for the most unique viruses of the past year. Rather than a ranking of the most widespread viruses, or those that have caused most infections, these viruses are ones that deserve mention for standing out from the more than 24 million new strains of malware that emerged."

An anonymous reader writes "A new trojan for Android has been discovered that can help carry out Distributed Denial of Service (DDoS) attacks. The malware is also capable of receiving commands from criminals as well as sending text messages for spamming purposes. The threat, detected as "Android.DDoS.1.origin" by Russian security firm Doctor Web, likely spreads via social engineering tricks. The malware disguises itself as a legitimate app from Google, according to the firm."

L3sPau1 writes "A zero-day exploit has been found in the Nvidia Display Driver Service on Windows machines. An attacker with local access can use the exploit to gain root privileges on a Windows machine. Windows domains with relaxed firewall rules or file sharing enabled can also pull off the exploit, which was posted to Pastebin by researcher Peter Winter-Smith."

chicksdaddy writes in with a warning about a popular Wordpress plugin. "A security researcher is warning WordPress users that a popular plugin may leave sensitive information from their blog accessible from the public Internet with little more than a Google search. The researcher, Jason A. Donenfeld, who uses the handle 'zx2c4' posted a notice about the add-on, W3 Total Cache on the Full Disclosure security mailing list on Sunday, warning that many WordPress blogs that had added the plugin had directories of cached content that could be browsed by anyone with a web browser and the knowledge of where to look. The content of those directories could be downloaded, including directories containing sensitive data like password hashes, Donenfeld wrote. W3 Total Cache is described as a 'performance framework' that speeds up web sites that use the WordPress content management system by caching site content, speeding up page loads, downloads and the like. The plugin has been downloaded 1.39 million times and is used by sites including mashable.com and smashingmagazine.com, according to the WordPress web site."

sneakyimp writes "We've seen increasingly creative ways for bad guys to compromise your system like infected pen drives, computers preloaded with malware, mobile phone apps with malware, and a $300 app that can sniff out your encryption keys. On top of these obvious risks, there are lingering questions about the integrity of common operating systems and cloud computing services. Do Windows, OSX, and Linux have security holes? Does Windows supply a backdoor for the U.S. or other governments? Should you really trust your Linux multiverse repository? Do Google and Apple data mine your private mobile phone data for private information? Does Ubuntu's sharing of my data with Amazon compromise my privacy? Can the U.S. Government seize your cloud data without a warrant? Can McAfee or Kaspersky really be trusted? Naturally, the question arises of how to establish and maintain an ironclad workstation or laptop for the purpose of handling sensitive information or doing security research. DARPA has approached the problem by awarding a $21.4M contract to Invincea to create a secure version of Android. What should we do if we don't have $21.4M USD? Is it safe to buy a PC from any manufacturer? Is it even safe to buy individual computer components and assemble one's own machine? Or might the motherboard firmware be compromised? What steps can one take to ensure a truly secure computing environment? Is this even possible? Can anyone recommend a through checklist or suggest best practices?"

cstacy writes "Tatu Yionen, inventor of SSH, says he feels 'a moral responsibility' to come out of retirement and warn that a 'little-noticed problem' could jeopardize the security of much of the world's confidential data. He is referring to the management (or lack thereof) of SSH keys (i.e. 'authorized_keys') files. He suggests that most organizations simply allow the SSH key files to be created, copied, accumulated, and abandoned, all over their network, making easy pickings for intruders to gain access. Do you think this is a widespread problem? How does your company manage SSH keys?" cstacy's summary here is accurate, but as charlesTheLurker notes, the article is a bit over the top: "The Washington Times claims that there's a huge vulnerability in ssh. It turns out that some reporter there has discovered that you can do passwordless login with the software, and has spun this into a story of a dangerous vulnerability. Sigh."

wiredmikey writes "Iranian officials on Tuesday said a 'Stuxnet-like' cyberattack hit some industrial units in a southern province. 'A virus had penetrated some manufacturing industries in Hormuzgan province, but its progress was halted,' Ali Akbar Akhavan said, quoted by the ISNA news agency. Akhavan said the malware was 'Stuxnet-like' but did not elaborate, and that the attack had occurred over the 'past few months.' One of the targets of the latest attack was the Bandar Abbas Tavanir Co, which oversees electricity production and distribution in Hormuzgan and adjacent provinces. He also accused 'enemies' of constantly seeking to disrupt operations at Iran's industrial units through cyberattacks, without specifying how much damage had been caused. Iran has blamed the U.S. and Israel for cyberattacks in the past. In April, it said a voracious malware attack had hit computers running key parts of its oil sector and succeeded in wiping data off official servers."

badger.foo writes "When you're hit with a DDOS, what do you do? In his most recent column, Peter Hansteen narrates a recent incident that involved a DNS based DDOS against his infrastructure and that of some old friends of his. He ends up asking: should we actively publish or 'name and shame' DDOS participants (or at least their IP addresses)? How about scans that may or may not be preparations for DDOSes to come?"