1sockchuck writes "Cloud provider Rackspace is looking to the emerging open source hardware ecosystem to transform its data centers. The cloud provider spends $200 million a year on servers and storage, and sees the Open Compute Project as the key to reducing its costs on hardware design and operations. Rackspace is keen on the potential of the new Open Rack program, and its buying power is motivating HP and Dell to develop for the new standard — partly because Rackspace has also been talking with original design manufacturers like Quantra and Wistron. It's an early look at how open source hardware could have a virtuous impact on the server economy. 'I think the OEMs were not very interested (in Open Compute) initially,' said Rackspace COO Mark Roenigk. 'But in the last six months they have become really focused.'"
Navigate with confidence through the cloud. Sign up for the SlashCloud Update newsletter now.
ancientribe writes "Phony AV scammers posing as Microsoft dialed the wrong number when they inadvertently phoned a security researcher at home. He lured them into a honeypot to study their actions, and posted the video online here. His main takeaway: they were 'Stone Age' when it came to their tech know-how."
phaedrus5001 writes "The mayor of West New York, New Jersey was arrested by the FBI after he and his son illegally took down a website that was calling for the recall of mayor Felix Roque (the site is currently down). From the article: 'According to the account of FBI Special Agent Ignace Ertilus, Felix and Joseph Roque took a keen interest in the recall site as early as February. In an attempt to learn the identity of the person behind the site, the younger Roque set up an e-mail account under a fictitious name and contacted an address listed on the website. He offered some "very good leads" if the person would agree to meet him. When the requests were repeatedly rebuffed, Joseph Rogue allegedly tried another route. He pointed his browser to Google and typed the search strings "hacking a Go Daddy Site," "recallroque log-in," and "html hacking tutorial."'"
Trailrunner7 writes "Yahoo on Wednesday launched a new browser called Axis and researchers immediately discovered that the company had mistakenly included its private signing key in the source file, a serious error that would allow an attacker to create a malicious, signed extension for a browser that the browser will then treat as authentic. The mistake was discovered on Wednesday, soon after Yahoo had launched Axis, which is both a standalone browser for mobile devices as well as an extension for Firefox, Chrome, Safari and Internet Explorer. ... Within hours of the Axis launch, a writer and hacker named Nik Cubrilovic had noticed that the source file for the Axis Chrome extension included the private PGP key that Yahoo used to sign the file. That key is what the Chrome browser would look for in order to ensure that the extension is legitimate and authentic, and so it should never be disclosed publicly."
shuttah writes "In the growing Al-Qaeda activity in Yemen, Secretary of State Hillary Clinton revealed today that 'cyber experts' had recently hacked into web sites being used by an Al-Qaeda affiliate, substituting the group's anti-American rhetoric with information about civilians killed in terrorist strikes. Also this week, a statement from the Senate Committee on Homeland Security and Governmental Affairs revealed the presence an Al-Qaeda video calling for 'Electronic Jihad.'"
Trailrunner7 writes "Two independent researchers are proposing an extension for TLS to provide greater trust in certificate authorities, which have become a weak link in the entire public key infrastructure after some big breaches involving fraudulent SSL certificates. TACK, short for Trust Assertions for Certificate Keys, is a dynamically activated public key framework that enables a TLS server to assert the authenticity of its public key. According to an IETF draft submitted by researchers Moxie Marlinspike and Trevor Perrin, a TACK key is used to sign the public key from the TLS server's certificate. Clients can 'pin' a hostname to the TACK key, based on a user's visitation habits, without requiring sites modify their existing certificate chains or limiting a site's ability to deploy or change certificate chains at any time. If the user later encounters a fraudulent certificate on a "pinned" site, the browser will reject the session and send a warning to the user. 'Since TACK pins are based on TACK keys (instead of CA keys), trust in CAs is not required. Additionally, the TACK key may be used to revoke previous TACK signatures (or even itself) in order to handle the compromise of TLS or TACK private keys,' according to the draft."
angry tapir writes "The creator of the Bredolab malware has received a four-year prison sentence in Armenia for using his botnet to launch DDoS attacks that damaged multiple computer systems owned by private individuals and organizations. G. Avanesov was sentenced by the Court of First Instance of Armenia's Arabkir and Kanaker-Zeytun administrative districts for offenses under Part 3 of the Article 253 of the country's Criminal Code — intentionally causing damage to a computer system with severe consequences."
squiggleslash writes "CNN reports that IBM CEO Jeanette Horan has banned Siri, the iPhone voice recognition system. Why? According to Horan '(IBM) worries that the spoken queries might be stored somewhere.' Siri's backend is a set of Apple-owned servers in North Carolina, and all spoken queries are sent to those servers to be converted to text, parsed, and interpreted. While Siri wouldn't work unless that processing was done, the centralization and cloud based nature of Siri makes it an obvious security hole."
An anonymous reader writes "I recently joined a startup, we have about 10 people altogether in various roles / responsibilities, and I handle most of the system / IT responsibilities (when I'm not in my primary role, which is software development). When trying to price licenses, I'm finding Microsoft offerings require quite a bit of upfront cost, so I'm trying the alternative solutions. LibreOffice and Google Docs work fine for the most part (we also have some MS Office users); however I'm having trouble getting a good / cheap / free solution to email, contacts, calendaring and user management in general. We have some Mac users, Windows users, need desktop clients for most of these uses as well — and there doesn't seem to be a solution that satisfies these myriad combinations." (Read more, below.)
redletterdave writes "With barcode scanning being so commonplace, nothing seemed out of the ordinary when Thomas Langenbach, the vice president of SAP, was found scanning boxes upon boxes of Lego toys before purchasing them. Little did anyone know, the 47-year-old Silicon Valley executive was actually engaged in a giant scam. Langenbach would visit several Target stores and cover the store's barcodes with his own, so when he would bring the boxes up to the register, Langenbach would pay a heavily-discounted price. For example, this tag swapping allowed him to buy a Millennium Falcon box of Legos worth $279 for just $49. Once he bought the discounted Lego boxes, the SAP executive would take to eBay (under the name 'tomsbrickyard') and sell the items. Langenbach reportedly sold more than 2,000 items on eBay, raking in about $30,000. He was finally caught by Target security on May 8, and he was arraigned on Tuesday on four counts of burglary."
yahoi writes "Researchers at NC State are sharing their analysis and classification of Android malware samples under a new project that they hope will help shape a new way of fighting malware, learning from the lessons of the PC generation and its traditional anti-malware products. Xuxian Jiang, the mastermind behind the Android Malware Genome Project, says defenses against this malware today are hampered by the lack of efficient access to samples (PDF), as well as a limited understanding of the various malware families targeting the Android. The goal is to establish a better way of sharing malware samples and analysis, and developing better tools to fight it, he says."
Fluffeh writes "A researcher has found and published a way to tune into an RSA SecurID Token. Once a few easy steps are followed, anyone can generate the exact numbers shown on the token. The method relies on finding the seed that is used to generate the numbers in a way that seems random. Once it is known, it can be used to generate the exact numbers displayed on the targeted Token. The technique, described on Thursday by a senior security analyst at a firm called SensePost, has important implications for the safekeeping of the tokens. An estimated 40 million people use these to access confidential data belonging to government agencies, military contractors, and corporations. Scrutiny of the widely used two-factor authentication system has grown since last year, when RSA revealed that intruders on its networks stole sensitive SecurID information that could be used to reduce its security. Defense contractor Lockheed Martin later confirmed that a separate attack on its systems was aided by the theft of the RSA data."
judgecorp writes with a synopsis of talk given by Kaspersky at CeBit "Cyber weapons are so dangerous, they should be limited by a treaty like those restricting chemical and nuclear arms, Russian security expert Eugene Kaspersky has told a conference. He also warned that online voting was essential or democracy will die out in 20 years."
First time accepted submitter Chankey Pathak writes "The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 6.00 from http://nmap.org/. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more!"
howhardcanitbetocrea writes "WHMCS has had 500,000 records leaked, credit cards included, by hackers calling themselves UGNazis. Apparently UGNazis succeeded in obtaining login details from the billing software's host by using social engineering. UGNazis accuse WHMCS of knowingly offering services to fraudsters. After almost 24 hours UGNazis still seem to have control of WHMCS twitter account @whmcs and is regularly updating their exploits. These tweets are also feeding into WHMCS software."