Gunkerty Jeb writes "In a recent survey of IT managers and executives, nearly half of respondents admitted that if they were fired tomorrow they would walk out with proprietary data such as privileged password lists, company databases, R&D plans and financial reports — even though they know they are not entitled to it. So, it's no surprise that 71 percent believe the insider threat is the priority security concern and poses the most significant business risk. Despite growing awareness of the need to better monitor privileged accounts, only 57 percent say they actively do so. The other 43 percent weren't sure or knew they didn't. And of those that monitored, more than half said they could get around the current controls."
Become a fan of Slashdot on Facebook
Vigile writes "Today AMD is making an announcement that is the first step in a drastic transition for the company by integrating an ARM Cortex A5 processor on the same die with upcoming Fusion APUs. Starting in late 2013, all AMD APUs (processors that are combinations of x86 cores and Radeon SIMD arrays) will also integrate an ARM Cortex A5 processor to handle security for online transactions, banking, identity protection and DRM integration. The A5 is the smallest Cortex processor available, and that would make sense to use it in a full APU so it will not take up more than 10-15 square mm of die space. This marks the first time AMD has licensed ARM technology and while many people were speculating a pure ARM+Radeon hybrid, this move today is being described as the 'first step' for AMD down a new road of dexterity as an IP-focused technology company with their GPU technology as 'the crown jewel.' So while today's announcement might focus on using ARM processors for security purposes, the future likely holds much more these two partners."
Trailrunner7 writes, quoting Threatpost: "Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies, universities and defense contractors. The attacks are using highly customized malicious files to entice targeted users into opening them and starting the compromise. The attack campaign is using a series of hacked servers as command-and-control points and researchers say that the tactics and tools used by the attackers indicates that they may be located in China. The first evidence of the campaign was an attack on Digitalbond, a company that provides security services for ICS systems. ... In addition to the attack on Digitalbond, researchers have found that the campaign also has hit users at Carnegie Mellon University, Purdue University and the University of Rhode Island."
tsu doh nimh writes "The Justice Department on Monday announced the arrest of a Dutch man wanted for coordinating the theft of roughly 44,000 credit card numbers. The government hasn't released many details about the accused, except for his name and hacker handle, 'Fortezza.' But data from a variety of sources indicates that Fortezza was a lead administrator of Kurupt.su, a large, recently-shuttered forum dedicated to carding and Internet fraud. Krebsonsecurity.com provides some background on Fortezza, who 'claimed to be "quitting the scene," but spoke often about finishing a project with which he seemed obsessed: to hack and plunder all of the other carding forums.'"
concertina226 writes with this news snipped from Techworld UK: "Websites such as Facebook and Twitter could be forced to unmask so-called internet trolls, under new government proposals in the Defamation Bill. The move comes after a British woman won a landmark case to force Facebook to reveal the identities of internet trolls. On 30 May, Nicola Brookes from Brighton was granted a High Court order after receiving 'vicious and depraved' taunts on Facebook. The bill, which is being debated in the House of Commons [Tuesday], will allow victims of online abuse to discover the identity of their persecutors and bring a case against them. The move also aims to protect websites from threats of litigation for inadvertently displaying defamatory comments."
CowboyRobot writes with news on the FY2013 allocation of H-1B visas. From the article: "As of June 1, the government had issued 55,600 standard H-1B visas out of the annual allotment of 65,000, according to United States Immigration and Citizenship Services (USCIS). The feds also issued 18,700 H-1B visas reserved for graduates of advanced degree programs in the U.S., out of 20,000. " CowboyRobot continues, "Last year work visas did not run out until late November, but this year the pool of visas is almost entirely claimed and it's still only June. One interpretation of this is that the tech industry is hiring much more actively than it was a year ago. Some companies, such as Microsoft, have been lobbying to increase the number of available visas (currently limited to 65,000) while others argue that offering visas to foreign workers reduces job prospects for Americans." A bit more from the article: "Industry lobby group Partnership for A New American Economy last month released a study that claims the U.S. will face a shortage of 224,000 tech workers by 2018 unless immigration rules are loosened."
v3rgEz writes "Documents released by the FBI provide an unusual inside look at how the agency is struggling to penetrate 'darknet' Onion sites routed through Tor, the online privacy tool funded in part by government grants to help global activists. In this case, agents were unable to pursue specific leads about an easily available child pornography site, while files withheld indicate that the FBI has ongoing investigations tied to the Silk Road marketplace, a popular, anonymous Tor site for buying and selling drugs and other illegal materials." Sounds similar to the problems that plagued freenet.
snydeq writes "IT professionals jumping into the cloud with both feet beware: It's irresponsible to think that just because you push a problem outside your office, it ceases to be your problem. It's not just the possibility of empty promises and integration issues that dog the cloud decision; it's also the upgrade to the new devil, the one you don't know. You might be eager to relinquish responsibility of a cranky infrastructure component and push the headaches to a cloud vendor, but in reality you aren't doing that at all. Instead, you're adding another avenue for the blame to follow. The end result of a catastrophic failure or data loss event is exactly the same whether you own the service or contract it out.'"
First time accepted submitter zer0point writes "Apple has just announced the next-generation Macbook Pro with a retina display. Starting today you can also order a MacBook Pro upgraded with Ivy Bridge CPUs, and Nvidia graphics. Mountain Lion got some various updates, and as expected iOS 6 was announced. In rumor news, KGI Securities analyst Ming-Chi Kuo wrote in a note to investors, 'Based on the release schedule for iOS 6 GM, there is a very good chance iPhone 5 will start shipping also in early September.'"
First time accepted submitter anaphora writes "In this TED Talk, Rory Sutherland discusses the need for every company to have a staff member with the power to do big things but no budget to spend: these are the kinds of individuals who are not afraid to recommend cheap and effective ways to solve big company problems. This article argues that, in the IT world, this person is none other than a highly-skilled hacker. From the article: 'To the media, the term “hacker” refers to a user who breaks into a computer system. To a programmer, “hacker” simply means a great programmer. In the corporate IT field, hackers are both revered as individuals who get a lot done without a lot of resources but feared as individuals who may be a little more “loose cannon” than your stock IT employee. Telling your CEO you want to hire a hacker may not be the best decision for an IT manager, but actually hiring one may be the best decision you can make.'"
JohnBert writes "A security bug in MariaDB and MySQL has been revealed, allowing a known username and password to access the master user table of a MySQL server and dump it into a locally-stored file. By using a tool like John the Ripper, this file can be easily cracked to reveal text passwords that can provide further access. By committing a threaded brute-force module that abuses the authentication bypass flaw to automatically dump the password database, you can access the database using the cracked password hashes even if the authentication bypass vulnerability is fixed."
Trailrunner7 writes "Researchers digging through the code of the recently discovered Flame worm say they have come across a wealth of evidence that suggests Flame and the now-famous Stuxnet worm share a common origin. Researchers from Kaspersky Lab say that a critical module that the Flame worm used to spread is identical to a module used by Stuxnet.a, an early variant of the Stuxnet worm that began circulating in 2009, more than a year before a later variant of the worm was discovered by antivirus researchers at the Belarussian firm VirusBlokAda. The claims are the most direct, to date, that link the Flame malware, which attacked Iranian oil facilities, with Stuxnet, which is believed to have targeted Iran's uranium-enrichment facility at Natanz. If true, they suggest a widespread and multi-year campaign of offensive cyber attacks against multiple targets within that country."
An anonymous reader writes "Qualys researcher Francois Pesce used open source password cracker John the Ripper to try to crack SHA-1 hashes of leaked LinkedIn passwords. He ran the John the Ripper default command on a small default password dictionary of less than 4,000 words. The program then switched to incremental mode based on statistical analysis of known password structures, which generated more probable passwords. The results? After 4 hours, approximately 900,000 passwords had been cracked. Francois then ran numerous iterations, incorporating older dictionaries to uncover less common passwords and ended up cracking a total of 2,000,000 passwords."
First time accepted submitter Jizzbug writes "The X Window System made release X11 7.7 last night (June 9th): 'This release incorporates both new features and stability and correctness fixes, including support for reporting multi-touch events from touchpads and touchscreens which can report input from more than one finger at a time, smoother scrolling from scroll wheels, better cross referencing and formatting of the documentation, pointer barriers to control cursor movement, and synchronization fences to coordinate between X and other rendering engines such as OpenGL.'"
HappyDude writes "I've been asked to manage a department in our IT group. It's comprised of UNIX, VMWare, Citrix, EMC and HP SAN Admins, Technicians and Help Desk personnel. The group covers the spectrum in years of experience. I am a 20-year Admin veteran of Engineering and Health Care IT systems including UNIX, Oracle DBA, Apache HTTP/Tomcat, WebSphere, software design plus other sundry jack-of-all-trades kinds of stuff. Although I consider myself a hack at most of those trades, I'm reasonably good at any one of them when I'm submerged. I also have 10 years of Project Management experience in Engineering and Health Care related IT organizations. I do have formal PM training, but haven't bothered to seek credentialing. I'm being told that I'll be worth less to the organization as a supervisor than what I'm making now, but the earning potential is greater if I accept the management position. Out of the kindness of their hearts, they're offering to start me in the new position at the same wage I'm currently making. Does this make any sense, Slashdot? " Read on for further details.