John3 writes "For the past 15+ years I've maintained The Hardlines Digest (URL omitted to reduce the /. effect), an email discussion list for members of the retail hardware and lumber business. Since the beginning I've run the list on a Windows box running Lyris Listmanager, and it's worked admirably over the years. However, the list now has over 2,600 members and Listmanager doesn't have a nice web interface for users that like to read via their browser. Listmanager also doesn't handle attachments and HTML formatting well for the daily 'digest' version of the discussions. Finally, I'd really like to move hosting off-site so I don't need to maintain the server. The list members are hardware store owners and many are technically challenged, so I need to keep change to a minimum and make it easy for them to migrate. I've considered Google Groups and that seems to have most of the features I need. Are there any other low cost solutions for hosting a large discussion list?"

AlistairCharlton writes with a story about an Android Face unlock security system that could use some tweaking. "Android's Face Unlock security on the Samsung Galaxy S3 can be tricked into unlocking the phone by showing it a photograph of the owner. In a test carried out by IBTimes UK, we found that the Galaxy S3 cannot distinguish between a photograph and a real person, leading us to suggest users should select a more secure way of locking the phone, such as with a PIN or password."

AZA43 writes "Tokyo police have arrested six men, including two IT executives and one former tech exec, in connection with an Android malware campaign that netted $265,000. The men created a piece of Android malware that they disguised as a video player and distributed through an adult website. The app stole personal information and attempted to extort money for data 'protection services.' The malware doesn't appear to be particularly sophisticated, but it convinced more than 200 horny Japanese dudes to shell out $1200 each. And the arrests are one of, if not the, first time a major police force brought down criminals who used Android malware to extort a significant chunk of cash."

Sparrowvsrevolution writes "Governments are sticking their noses into Google's servers more than ever before. In the second half of 2011, Google received 6,321 requests that it hand over its users' private data to U.S. government agencies including law enforcement, and complied at least partially with those requests in 93% of cases, according to the latest update to the company's bi-annual Transparency Report. That's up from 5,950 requests in the first half of 2011, and marks a 37% increase in the number of requests over the same period the year before. Compared with the second half of 2009, the first time Google released the government request numbers, the latest figures represent a 76% spike. Data demands from foreign governments have increased even more quickly than those from the U.S., up to 11,936 in the second half of 2011 compared with 9,600 in the same period the year before, though Google was much less likely to comply with those non-U.S. government requests."

PatPending writes with this report on companies taking aggressive steps to deal with electronic attacks: "Known in the cyber security industry as "active defense" or "strike-back" technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures. Security experts say they even know of some cases where companies have taken action that could violate laws in the United States or other countries, such as hiring contractors to hack the assailant's own systems. Other security experts say a more aggressive posture is unlikely to have a significant impact in the near term in the overall fight against cybercriminals and Internet espionage. Veteran government and private officials warn that much of the activity is too risky to make sense, citing the chances for escalation and collateral damage." If you've been involved in such an action, how did it work out for you?

First time accepted submitter gpowers writes "I am the IT Manager for Shambhala Mountain Center, near Red Feather Lakes, Colorado. We are in the pre-evacuation area for the High Park Fire. What is the best way to load 50+ workstations, 6 servers, IP phones, networking gear, printers and wireless equipment into a 17-foot U-Haul? We have limited packing supplies. We also need to spend as much time as possible working with the fire crew on fire risk mitigation."

New submitter quantic_oscillation7 writes with this excerpt from the Register: "Phil Zimmermann and some of the original PGP team have joined up with former U.S. Navy SEALs to build an encrypted communications platform that should be proof against any surveillance. The company, called Silent Circle, will launch later this year, when $20 a month will buy you encrypted email, text messages, phone calls, and videoconferencing in a package that looks to be strong enough to have the NSA seriously worried. ... While software can handle most of the work, there still needs to be a small backend of servers to handle traffic. The company surveyed the state of privacy laws around the world and found that the top three choices were Switzerland, Iceland, and Canada, so they went for the one within driving distance."

An anonymous reader writes "A 56-page leaked document details Microsoft's plans to build a Project Glass competitor. Kinect Glasses is marked as a 2014 project designed to connect to a future Xbox 720 console. The document also includes potential pricing for the next Xbox — $299 with a Kinect 2."

First time accepted submitter ctrl-alt-canc writes "The udpdate to Android ICS offered for free by Sony to the Xperia smarphone users has caused plenty of troubles. Not only the decision by Sony of not updating Xperia Play phones to ICS caused rage among customers, but those who were lucky to get an upgrade for their smartphones discovered that WiFi connection did not work anymore. Up to now, the only suggestion proposed by Sony to fix the problem is to turn off the encryption, and reboot the smartphone and the access point."

First time accepted submitter jez9999 writes "I recently worked for a relatively large company that imposed so-called transparent HTTPS proxying on their network. In practice, what this means is that they allow you to use HTTPS through their network, but it must be proxied through their server and their server must be trusted as a root CA. They were using the Cisco IronPort device to do this. The "transparency" seems to come from the fact that they tend to install their root CA into Internet Explorer's certificate store, so IE won't actually warn you that your HTTPS traffic may be being snooped on (nor will any other browser that uses IE's cert store, like Chrome). Is this a reasonable policy? Is it worth leaving a job over? Should it even be legal? It seems to me rather mad to go to huge effort to create a secure channel of communication for important data like online banking, transactions, and passwords, and then to just effectively hand over the keys to your employer. Or am I overreacting?"

Fnord666 writes "The U.S. Computer Emergency Readiness Team (US-CERT) has disclosed a flaw in Intel chips that could allow hackers to gain control of Windows and other operating systems, security experts say. The flaw was disclosed the vulnerability in a security advisory released this week. Hackers could exploit the flaw to execute malicious code with kernel privileges, said a report in the Bitdefender blog. 'Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack,' the US-CERT advisory says. 'The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.'" According to the article, exposed OSes include "Windows 7, Windows Server 2008 R2, 64-bit versions of FreeBSD and NetBSD, as well as systems that include the Xen hypervisor."

ArmageddonLord writes with this news from the IEEE Spectrum, reporting on display industry gathering Display Week: "Liquid crystal displays dominate today's big, bright world of color TVs. But they're inefficient and don't produce the vibrant, richly hued images of organic light-emitting diode (OLED) screens, which are expensive to make in large sizes. Now, a handful of start-up companies aim to improve the LCD by adding quantum dots, the light-emitting semiconductor nanocrystals that shine pure colors when excited by electric current or light. When integrated into the back of LCD panels, the quantum dots promise to cut power consumption in half while generating 50 percent more colors. Quantum-dot developer Nanosys says an LCD film it developed with 3M is now being tested, and a 17-inch notebook incorporating the technology should be on shelves by year's end."

Lucas123 writes "New numbers show hybrid drives, which combine NAND flash with spinning disk, will double in sales from 1 million to 2 million units this year. Unfortunately for Seagate — the only manufacturer of hybrids — solid-state drive sales are expected to hit 18 million units this year and 69 million by 2016. Low-capacity, cache SSDs, which typically have 20GB to 40GB of capacity and run along side hard drives in notebooks and desktops, will see their shipments rise even more this year to 23.9 million units, up by an astounding 2,660% from just 864,000 units in 2011. Shipments will then jump to 67.7 million units next year, cross the hundred-million-unit mark in 2015, and hit 163 million units by 2016, according to IHS iSuppli. If hybrid drives are to have a chance at surviving, more manufacturers will need to produce them, and they'll need to come in thinner form factors to fit today's ultrabook laptops."

New submitter halcyon1234 writes "I'm currently cutting the webhost cord, and setting up a simple webserver at home to host a couple hobby websites and a blog. The usual LAMP stuff. I have just enough knowledge to be dangerous; I know how to get everything set up and get it up to date, but not enough to be sure I'm not overlooking common, simple security configurations. And then there's the issue of new vulnerabilities being found that I'm not even aware of. The last thing I want is to contribute to someone's botnet or spam relay. What readings/subscriptions would you recommend for security discussions/heads up? Obviously I already read (too much) Slashdot daily, which I credit for hearing about some major security issues. Are there any RSS feeds or mailing lists you rely on for keeping up to date on security issues?"

chicksdaddy writes "A web site used to distribute software updates for a wide range medical equipment, including ventilators has been blocked by Google after it was found to be riddled with malware and serving up attacks. The U.S. Department of Homeland Security is looking into the compromise. The site belongs to San Diego-based CareFusion Inc., a hospital equipment supplier. The infected Web sites, which use a number of different domains, distribute firmware updates for a range of ventilators and respiratory products. Scans by Google's Safe Browsing program in May and June found the sites were rife with malware. For example, about six percent of the 347 Web pages hosted at Viasyshealthcare.com, a CareFusion Web site that is used to distribute software updates for the company's AVEA brand ventilators, were found to be infected and pushing malicious software to visitors' systems."