McGruber writes "Jonathan Corbett, the subject of the earlier Slashdot Story: 'The Ineffectiveness of TSA Body Scanners,' has an update for us. His video showing him wandering through a nude body scanner with undetected objects is now complete with the feeds from TSA's security cameras at the checkpoint."
SlashBI: Your dashboard for the latest in business-intelligence news and analysis.
Trailrunner7 writes "One of the attackers who has been targeting Syrian anti-government activists with malware and surveillance tools has returned and upped the ante with the use of the BlackShades RAT, a remote-access tool that gives him the ability to spy on victims machines through keylogging and screenshots. The original attacks against Syrian activists, who are working against the government's months-long violent crackdown, were using another RAT known as Xtreme RAT, with similar capabilities. That malware was being spread through a couple of different targeted attacks, including one in which activists were directed to YouTube videos and their account credentials were then stolen when they logged in to leave comments. That attack continued with the installation of the RAT, giving the attacker surreptitious access to the victims' machines, enabling him to monitor their activities online. Now, researchers say that at least one attacker who is known to be involved in these targeted attacks also is using the BlackShades RAT in a new set of attacks."
An anonymous reader writes "Five years after it was first introduced, Google's Safe Browsing program continues to provide a service to the 600 million Chrome, Firefox, and Safari users, as well as those searching for content through the company's eponymous search engine. According to Google Security Team member Niels Provos, the program detects about 9,500 new malicious websites and pops up several million warnings every day to Internet users. Once a site has been cleaned up, the warning is lifted. They provide malware warnings for about 300 thousand downloads per day through their download protection service for Chrome."
snydeq writes "Microsoft's plan to build its own Windows 8 tablets puts longtime allies in peril — and it may be the right thing to do. 'In announcing the Surface tablets, due to be released this fall, Microsoft CEO Steve Ballmer cited Apple's advantage (without mentioning Apple) of integrated software and hardware. "Things work better when hardware and software are considered together," he said. "We control it all, we design it all, and we manufacture it all ourselves." ... Like Apple, Microsoft will hire a few PC makers to do the actual production work. But the need for 20 brands of me-too laptops, tablets, and convertibles is low. Manufacturing sophisticated electronics is a skill requiring manufacturing innovation. But all those branded-but-otherwise-undifferentiated PCs, laptops, tablets, and smartphones just aren't needed in the vision Ballmer sketched out yesterday.'"
angry tapir writes "'Nigerian scams' (also known as '419 scams' but more accurately called 'advance fee fraud') continue to clog up inboxes with tales of fantastic wealth for the recipient. The raises the question: Do people still fall for this rubbish? The emails often outline ridiculous scenarios but promise millions if a person offers to help get money out of a country. The reason for the ridiculous scenarios seems obvious in retrospect: According to research by Cormac Herley at Microsoft, scammers are looking for the most gullible people, and their crazy emails can help weed out people who are savvy enough to know better. Contrary to what people believe, the scams aren't 'free' for the scammers (PDF): sending an email might have close to zero cost attached, but the process of getting money out of someone can be quite complicated and incurs costs (for example, recruiting other parties to participate in the scam). So at the end of the day, the scammer wants to find people who will almost certainly fall for the scam and offer a good return."
The Washington Post is reporting that the sophisticated 'Flame' malware was created by the United States and Israel in order to collect intelligence on Iranian computer networks. The intel was to be used in a cyber-sabotage campaign intended to slow Iran's development of nuclear weapons. This follows confirmation a few weeks ago that the U.S. and Israel were behind Stuxnet, which caused problems at Iran's nuclear facilities. From the article: "The emerging details about Flame provide new clues to what is thought to be the first sustained campaign of cyber-sabotage against an adversary of the United States. 'This is about preparing the battlefield for another type of covert action,' said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. 'Cyber-collection against the Iranian program is way further down the road than this.' ... The scale of the espionage and sabotage effort 'is proportionate to the problem that's trying to be resolved,' the former intelligence official said, referring to the Iranian nuclear program. Although Stuxnet and Flame infections can be countered, 'it doesn't mean that other tools aren't in play or performing effectively,' he said."
Nerval's Lobster writes "Oracle CEO Larry Ellison claimed during a June 6 presentation that the upcoming Oracle Cloud would offer more than 100 enterprise-grade applications. While Oracle certainly intends on offering a broad range of cloud products, at least one analyst has questioned how the company is counting up to that magic '100 applications' total. Meanwhile, another analyst feels that, despite Oracle's commanding presence in enterprise IT, it could face a significant challenge in its fight for the cloud-computing market."
alphadogg writes "Revelations by The New York Times that President Barack Obama in his role as commander in chief ordered the Stuxnet cyberattack against Iran's uranium-enrichment facility two years ago in cahoots with Israel is generating controversy, with Washington in an uproar over national-security leaks. But the important question is whether this covert action of sabotage against Iran, the first known major cyberattack authorized by a U.S. president, is the right course for the country to take. Are secret cyberattacks helping the U.S. solve geopolitical problems or actually making things worse? Bruce Schneier, whose most recent book is 'Liars and Outliers,' argues the U.S. made a mistake with Stuxnet, and he discusses why it's important for the world to tackle cyber-arms control now."
judgecorp writes "Fujitsu and partners have cracked a cryptogram which used 278-digit (923 bit) pairing-based cryptography. The technology was proposed as a next-generation standard, but Fujitsu cracked it, at this level in just over 148 days using 21 personal computers." Reader Thorfinn.au adds a snippet from Fujitsu's announcement of the break: "This was an extremely challenging problem as it required several hundred times computational power compared with the previous world record of 204 digits (676 bits). We were able to overcome this problem by making good use of various new technologies, that is, a technique optimizing parameter setting that uses computer algebra, a two dimensional search algorithm extended from the linear search, and by using our efficient programing techniques to calculate a solution of an equation from a huge number of data, as well as the parallel programming technology that maximizes computer power."
mikejuk writes "Andrew Gallagher at Cornell University in Ithaca, New York has improved the standard approach to automated jigsaw solving by copying what humans do in finding groups of pieces that best match and working outwards from there. With a speed of 10,000 pieces per 24 hours, it can solve large puzzles. Not only that, but the type of jigsaw it solves is more difficult than the usual in that the pieces are square and can be placed in any orientation. It is so good it can even solve problems consisting of a number of mixed up pieces without being told how many or their dimensions. Of course, as well as having fun beating humans at another recreational pastime, the technique could be used to unscramble shredded documents, as per the recent DARPA challenge."
John3 writes "For the past 15+ years I've maintained The Hardlines Digest (URL omitted to reduce the /. effect), an email discussion list for members of the retail hardware and lumber business. Since the beginning I've run the list on a Windows box running Lyris Listmanager, and it's worked admirably over the years. However, the list now has over 2,600 members and Listmanager doesn't have a nice web interface for users that like to read via their browser. Listmanager also doesn't handle attachments and HTML formatting well for the daily 'digest' version of the discussions. Finally, I'd really like to move hosting off-site so I don't need to maintain the server. The list members are hardware store owners and many are technically challenged, so I need to keep change to a minimum and make it easy for them to migrate. I've considered Google Groups and that seems to have most of the features I need. Are there any other low cost solutions for hosting a large discussion list?"
AlistairCharlton writes with a story about an Android Face unlock security system that could use some tweaking. "Android's Face Unlock security on the Samsung Galaxy S3 can be tricked into unlocking the phone by showing it a photograph of the owner. In a test carried out by IBTimes UK, we found that the Galaxy S3 cannot distinguish between a photograph and a real person, leading us to suggest users should select a more secure way of locking the phone, such as with a PIN or password."
AZA43 writes "Tokyo police have arrested six men, including two IT executives and one former tech exec, in connection with an Android malware campaign that netted $265,000. The men created a piece of Android malware that they disguised as a video player and distributed through an adult website. The app stole personal information and attempted to extort money for data 'protection services.' The malware doesn't appear to be particularly sophisticated, but it convinced more than 200 horny Japanese dudes to shell out $1200 each. And the arrests are one of, if not the, first time a major police force brought down criminals who used Android malware to extort a significant chunk of cash."
Sparrowvsrevolution writes "Governments are sticking their noses into Google's servers more than ever before. In the second half of 2011, Google received 6,321 requests that it hand over its users' private data to U.S. government agencies including law enforcement, and complied at least partially with those requests in 93% of cases, according to the latest update to the company's bi-annual Transparency Report. That's up from 5,950 requests in the first half of 2011, and marks a 37% increase in the number of requests over the same period the year before. Compared with the second half of 2009, the first time Google released the government request numbers, the latest figures represent a 76% spike. Data demands from foreign governments have increased even more quickly than those from the U.S., up to 11,936 in the second half of 2011 compared with 9,600 in the same period the year before, though Google was much less likely to comply with those non-U.S. government requests."
PatPending writes with this report on companies taking aggressive steps to deal with electronic attacks: "Known in the cyber security industry as "active defense" or "strike-back" technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures. Security experts say they even know of some cases where companies have taken action that could violate laws in the United States or other countries, such as hiring contractors to hack the assailant's own systems. Other security experts say a more aggressive posture is unlikely to have a significant impact in the near term in the overall fight against cybercriminals and Internet espionage. Veteran government and private officials warn that much of the activity is too risky to make sense, citing the chances for escalation and collateral damage." If you've been involved in such an action, how did it work out for you?