An anonymous reader writes "During the 12th Annual Global LambdaGrid Workshop in Chicago, researchers have demonstrated interactive multi-point streaming of 8K/UHDTV (i.e., 16x Full HD resolution) using commodity PC hardware running Linux and open-source UltraGrid software. The transmissions featured GPU-accelerated JPEG and DXT compressions implemented using the NVIDIA CUDA platform, which are also available as open-source software. The streams were distributed from the source to one location in the USA and to another location in the Czech Republic over 10Gbps GLIF network infrastructure."

coondoggie writes "NASA today said it wants to gauge industry interest in the agency holding one of its patented Centennial Challenges to build the next cool unmanned aircraft. NASA said it is planning this Challenge in collaboration with the Federal Aviation Administration and the Air Force Research Lab, with NASA providing the prize purse of up to $1.5 million."

First time accepted submitter titan1070 writes "French scientist Dr. Spitzer and his colleagues have been working on a device that can sense faint traces of TNT and other explosives being smuggled into airports and other transportation methods. the hope for this device is that it will surpass the best bomb finder in the business, the sniffer dog. From the article: ' While researchers like Dr. Spitzer are making progress — and there are some vapor detectors on the market — when it comes to sensitivity and selectivity, dogs still reign supreme. “Dogs are awesome,” said Aimee Rose, a product sales director at the sensor manufacturer Flir Systems, which markets a line of explosives detectors called Fido. “They have by far the most developed ability to detect concealed threats,” she said. But dogs get distracted, cannot work around the clock and require expensive training and handling, Dr. Rose said, so there is a need for instruments.'"

Frequent contributor Bennett Haselton writes: After I sent 10 new proxy sites to my (confirmed-opt-in) mailing list, two of them ended up on one of Spamhaus's blacklists, and as a result, all 10 domains were disabled by the domain registrar, so the sites disappeared from the Web. Did you even know this could happen?"

Dupple sends this quote from MIT's Technology Review: "Computerized hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable. While no injuries have been reported, the malware problem at hospitals is clearly rising nationwide, says Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, who took part in the panel discussion. [He said], 'Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems. There's little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches.' ... Despite FDA guidance issued in 2009 to hospitals and manufacturers—encouraging them to work together and stressing that eliminating security risks does not always require regulatory review—many manufacturers interpret the fine print in other ways and don't offer updates, Fu says. And such reporting is not required unless a patient is harmed."

Via the H comes news of a possible remote attack vector using the protocol handler installed by Valve's Steam platform: "During installation, it registers the steam:// URL protocol which is capable of connecting to game servers and launching games ... In the simplest case, an attacker can use this to interfere with the parameters that are submitted to the program. For example, the Source engine's command line allows users to select a specific log file and add items to it. The ReVuln researchers say that they successfully used this attack vector to infect a system (PDF) via a batch file that they had created in the autostart folder. ... In the even more popular Unreal engine, the researchers also found a way to inject and execute arbitrary code. Potential attackers would, of course, first have to establish which games are installed on the target computer. "

concealment writes with news of those Swedish pirates improving their infrastructure. From the article: "The Pirate Bay has made an important change to its infrastructure. The world's most famous BitTorrent site has switched its entire operation to the cloud. From now on The Pirate Bay will serve its users from several cloud hosting providers scattered around the world. The move will cut costs, ensure better uptime, and make the site virtually invulnerable to police raids — all while keeping user data secure." They are still running their own dedicated load balancers that forward encrypted traffic to one of their "cloud" providers, rather than dealing with physical colocation. Seems like a sensible decision any IT manager would make.

Bismillah writes "Pacemakers seem to be hackable now too, if researcher Barnaby Jack is to be believed. And the consequences of that are deadly. Anonymous assassinations within 30 feet of the pacemaker seem to be possible. From the article: 'In a video demonstration, which Jack declined to release publicly because it may reveal the name of the manufacturer, he issued a series of 830 volt shocks to the pacemaker using a laptop. The pacemakers contained a "secret function" which could be used to activate all pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30 foot -plus vicinity. ... In reverse-engineering the terminals – which communicate with the pacemakers – he discovered no obfuscation efforts and even found usernames and passwords for what appeared to be the manufacturer’s development server. That data could be used to load rogue firmware which could spread between pacemakers with the "potential to commit mass murder."'"

Sparrowvsrevolution writes "Maybe instead of zero-day vulnerabilities, we should call them -312-day vulnerabilities. That's how long it takes, on average, for software vendors to become aware of new vulnerabilities in their software after hackers begin to exploit them, according to a study presented by Symantec at an Association of Computing Machinery conference in Raleigh, NC this week. The researchers used data collected from 11 million PCs to correlate a catalogue of zero-day attacks with malware signatures taken from those machines. Using that retrospective analysis, they found 18 attacks that represented zero-day exploits between February 2008 and March of 2010, seven of which weren't previously known to have been zero-days. And most disturbingly, they found that those attacks continued more than 10 months on average – up to 2.5 years in some cases – before the security community became aware of them. 'In fact, 60% of the zero-day vulnerabilities we identify in our study were not known before, which suggests that there are many more zero-day attacks than previously thought — perhaps more than twice as many,' the researchers write."

An anonymous reader writes "The Information Commissioner's Office has filed a suit for £120,000 against the Greater Manchester Police because officers regularly used memory sticks without passwords to copy data from police computers and work on it away from the department. In July 2011, thousands of peoples' information was stolen from a officer's home on an unencrypted memory stick. A similar event happened at the same department in September 2010. 'This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine,' said ICO deputy commissioner David Smith."

Trailrunner7 writes "Attacks against SCADA and industrial-control systems have become a major concern for private companies as well as government agencies, with executives and officials worried about the potential effects of a major compromise. Security experts in some circles have been warning about the possible ramifications of such an attack for some time now, and researchers have found scores of vulnerabilities in SCADA and ICS systems in the last couple of years. Now, engineers at Kaspersky Lab have begun work on new operating system designed to be a secure-by-design environment for the operation of SCADA and ICS systems. 'Well, re-designing ICS applications is not really an option. Again, too long, too pricey and no guarantees it will fit the process without any surprises. At the same time, the crux of the problem can be solved in a different way. OK, here is a vulnerable ICS but it does its job pretty well in controlling the process. We can leave the ICS as is but instead run it in a special environment developed with security in mind! Yes, I'm talking about a highly-tailored secure operating system dedicated to critical infrastructure,' Eugene Kaspersky said in an interview."

Dupple writes "The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number."

coondoggie writes "This had to be one hell of a ride. The CIA today said it added a pretty cool item to its museum archives — the instruction card for officers being plucked off the ground by a contraption that would allow a person to be snatched off the ground by a flying aircraft without the plane actually landing."

benrothke writes "When Bruce Schneier first published Applied Cryptography in 1994, it was a watershed event, given that is was one of the first comprehensive texts on the topic that existed outside of the military. In the nearly 20 years since the book came out, a lot has changed in the world of encryption and cryptography. A number of books have been written to fill that gap and Everyday Cryptography: Fundamental Principles and Applications is one of them. While the title may give the impression that this is an introductory text; that is not the case. Author Keith Martin is the director of the information security group at Royal Holloway, a division of the University of London, and the book is meant for information security professionals in addition to being used as a main reference for a principles of cryptography course. The book is also a great reference for those studying for the CISSP exam." Read below for the rest of Ben's review.

Gunkerty Jeb writes "Initially thought to be merely a module of the now-infamous Flame malware, MiniFlame, or SPE is, in reality, a secondary surveillance tool deployed against specially identified targets following an initial Flame or Gauss compromise. MiniFlame/SPE was one of three previously unseen pieces of malware discovered during a forensic analysis of Flame's command and control servers. Researchers at Kaspersky Lab and CERT-Bund/BSI determined that the program, which has compromised somewhere between 10 and 20 machines, can stand alone as an independent piece of malware or run as a plug-in for both Flame and Gauss."

A reader writes in with this Times article about more trouble brewing between the U.S. and Iran. "American intelligence officials are increasingly convinced that Iran was the origin of a serious wave of network attacks that crippled computers across the Saudi oil industry and breached financial institutions in the United States, episodes that contributed to a warning last week from Defense Secretary Leon E. Panetta that the United States was at risk of a 'cyber-Pearl Harbor.' After Mr. Panetta's remarks on Thursday night, American officials described an emerging shadow war of attacks and counterattacks already under way between the United States and Iran in cyberspace. Among American officials, suspicion has focused on the 'cybercorps' that Iran's military created in 2011 — partly in response to American and Israeli cyberattacks on the Iranian nuclear enrichment plant at Natanz — though there is no hard evidence that the attacks were sanctioned by the Iranian government. The attacks emanating from Iran have inflicted only modest damage. Iran's cyberwarfare capabilities are considerably weaker than those in China and Russia, which intelligence officials believe are the sources of a significant number of probes, thefts of intellectual property and attacks on American companies and government agencies."

McGruber writes "The Wall Street Journal is reporting that Facebook revealed the sexual preferences of users despite those users have chosen 'privacy lock-down' settings on Facebook. The article describes two students who were casualties of a privacy loophole on Facebook—the fact that anyone can be added to a group by a friend without their approval. As a result, the two lost control over their secrets, even though both students were sophisticated users who had attempted to use Facebook's privacy settings to shield some of their activities from their parents. Facebook spokesman Andrew Noyes responded with a statement blaming the users: 'Our hearts go out to these young people. Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls.'"

An anonymous reader writes "Is Google planning on integrating an antivirus scanner into Android? A just-released Google Play store app update, as well as the company's recent acquisition of VirusTotal seem to hint that yes, Google is looking into it. 'Google yesterday started rolling out an update to its Google Play Store app: version 3.8.17 from August was bumped to version 3.9.16 in October. Android Police got its hands on the APK and posted an extensive tear down. The first change noted was the addition of new security-related artwork (exclamation icons and security shields) as well as the following strings: App Check 'Allow Google to check all apps installed to this device for harmful behavior? To learn more, go to Settings > Security.''"

gManZboy writes "If you skip Windows 8, you lose the appealing opportunity to synchronize all of your devices on a single platform — or so goes the argument. If you're skeptical, you're not alone. OS monogamy may be in Apple's interest, and Microsoft's, but ask why it's in your interest. Can Microsoft convince the skeptics? 'If the hardware and software are the same at home and at work, one can't be "better" than the other. It would help if Microsoft convinced users like me that their platform is so good, we'd be fools to go anywhere else,' writes Kevin Casey."

SpzToid writes "U.S. Secretary of Defense Leon E. Panetta has warned that the country is 'facing the possibility of a "cyber-Pearl Harbor" and [is] increasingly vulnerable to foreign computer hackers who could dismantle the nation's power grid, transportation system, financial networks and government.' Countries such as Iran, China, and Russia are claimed to be motivated to conduct such attacks (though in at least Iran's case, it could be retaliation). Perhaps this is old news around here, even though Panetta is requesting new legislation from Congress. I think the following message from Richard Bejtlich is more wise and current: 'We would be much better served if we accepted that prevention eventually fails, so we need detection, response, and containment for the incidents that will occur.' Times do changes, even in the technology sector. Currently Congress is preoccupied with the failure of U.S. security threats in Benghazi, while maybe Leon isn't getting the press his recent message deserves?"