First time accepted submitter gpowers writes "I am the IT Manager for Shambhala Mountain Center, near Red Feather Lakes, Colorado. We are in the pre-evacuation area for the High Park Fire. What is the best way to load 50+ workstations, 6 servers, IP phones, networking gear, printers and wireless equipment into a 17-foot U-Haul? We have limited packing supplies. We also need to spend as much time as possible working with the fire crew on fire risk mitigation."

New submitter quantic_oscillation7 writes with this excerpt from the Register: "Phil Zimmermann and some of the original PGP team have joined up with former U.S. Navy SEALs to build an encrypted communications platform that should be proof against any surveillance. The company, called Silent Circle, will launch later this year, when $20 a month will buy you encrypted email, text messages, phone calls, and videoconferencing in a package that looks to be strong enough to have the NSA seriously worried. ... While software can handle most of the work, there still needs to be a small backend of servers to handle traffic. The company surveyed the state of privacy laws around the world and found that the top three choices were Switzerland, Iceland, and Canada, so they went for the one within driving distance."

An anonymous reader writes "A 56-page leaked document details Microsoft's plans to build a Project Glass competitor. Kinect Glasses is marked as a 2014 project designed to connect to a future Xbox 720 console. The document also includes potential pricing for the next Xbox — $299 with a Kinect 2."

First time accepted submitter ctrl-alt-canc writes "The udpdate to Android ICS offered for free by Sony to the Xperia smarphone users has caused plenty of troubles. Not only the decision by Sony of not updating Xperia Play phones to ICS caused rage among customers, but those who were lucky to get an upgrade for their smartphones discovered that WiFi connection did not work anymore. Up to now, the only suggestion proposed by Sony to fix the problem is to turn off the encryption, and reboot the smartphone and the access point."

First time accepted submitter jez9999 writes "I recently worked for a relatively large company that imposed so-called transparent HTTPS proxying on their network. In practice, what this means is that they allow you to use HTTPS through their network, but it must be proxied through their server and their server must be trusted as a root CA. They were using the Cisco IronPort device to do this. The "transparency" seems to come from the fact that they tend to install their root CA into Internet Explorer's certificate store, so IE won't actually warn you that your HTTPS traffic may be being snooped on (nor will any other browser that uses IE's cert store, like Chrome). Is this a reasonable policy? Is it worth leaving a job over? Should it even be legal? It seems to me rather mad to go to huge effort to create a secure channel of communication for important data like online banking, transactions, and passwords, and then to just effectively hand over the keys to your employer. Or am I overreacting?"

Fnord666 writes "The U.S. Computer Emergency Readiness Team (US-CERT) has disclosed a flaw in Intel chips that could allow hackers to gain control of Windows and other operating systems, security experts say. The flaw was disclosed the vulnerability in a security advisory released this week. Hackers could exploit the flaw to execute malicious code with kernel privileges, said a report in the Bitdefender blog. 'Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack,' the US-CERT advisory says. 'The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.'" According to the article, exposed OSes include "Windows 7, Windows Server 2008 R2, 64-bit versions of FreeBSD and NetBSD, as well as systems that include the Xen hypervisor."

ArmageddonLord writes with this news from the IEEE Spectrum, reporting on display industry gathering Display Week: "Liquid crystal displays dominate today's big, bright world of color TVs. But they're inefficient and don't produce the vibrant, richly hued images of organic light-emitting diode (OLED) screens, which are expensive to make in large sizes. Now, a handful of start-up companies aim to improve the LCD by adding quantum dots, the light-emitting semiconductor nanocrystals that shine pure colors when excited by electric current or light. When integrated into the back of LCD panels, the quantum dots promise to cut power consumption in half while generating 50 percent more colors. Quantum-dot developer Nanosys says an LCD film it developed with 3M is now being tested, and a 17-inch notebook incorporating the technology should be on shelves by year's end."

Lucas123 writes "New numbers show hybrid drives, which combine NAND flash with spinning disk, will double in sales from 1 million to 2 million units this year. Unfortunately for Seagate — the only manufacturer of hybrids — solid-state drive sales are expected to hit 18 million units this year and 69 million by 2016. Low-capacity, cache SSDs, which typically have 20GB to 40GB of capacity and run along side hard drives in notebooks and desktops, will see their shipments rise even more this year to 23.9 million units, up by an astounding 2,660% from just 864,000 units in 2011. Shipments will then jump to 67.7 million units next year, cross the hundred-million-unit mark in 2015, and hit 163 million units by 2016, according to IHS iSuppli. If hybrid drives are to have a chance at surviving, more manufacturers will need to produce them, and they'll need to come in thinner form factors to fit today's ultrabook laptops."

New submitter halcyon1234 writes "I'm currently cutting the webhost cord, and setting up a simple webserver at home to host a couple hobby websites and a blog. The usual LAMP stuff. I have just enough knowledge to be dangerous; I know how to get everything set up and get it up to date, but not enough to be sure I'm not overlooking common, simple security configurations. And then there's the issue of new vulnerabilities being found that I'm not even aware of. The last thing I want is to contribute to someone's botnet or spam relay. What readings/subscriptions would you recommend for security discussions/heads up? Obviously I already read (too much) Slashdot daily, which I credit for hearing about some major security issues. Are there any RSS feeds or mailing lists you rely on for keeping up to date on security issues?"

chicksdaddy writes "A web site used to distribute software updates for a wide range medical equipment, including ventilators has been blocked by Google after it was found to be riddled with malware and serving up attacks. The U.S. Department of Homeland Security is looking into the compromise. The site belongs to San Diego-based CareFusion Inc., a hospital equipment supplier. The infected Web sites, which use a number of different domains, distribute firmware updates for a range of ventilators and respiratory products. Scans by Google's Safe Browsing program in May and June found the sites were rife with malware. For example, about six percent of the 347 Web pages hosted at Viasyshealthcare.com, a CareFusion Web site that is used to distribute software updates for the company's AVEA brand ventilators, were found to be infected and pushing malicious software to visitors' systems."

OverTheGeicoE writes "Over a month after Sen. Rand Paul announced his desire to pull the plug on TSA, he has finally released his legislation that he tweets will 'abolish the #TSA & establish a passengers "Bill of Rights."' Although the tweet sounds radical, the press release describing his proposed legislation is much less so. 'Abolition' really means privatization; one of Paul's proposals would simply force all screenings to be conducted by private screeners. The proposed changes in the 'passenger Bill of Rights' appear to involve slight modifications to existing screening methods at best. Many of his 'rights' are already guaranteed under current law, like the right to opt-out of body scanning. Others can only vaguely be described as rights, like 'expansion of canine screening.' Here's to the new boss..."

Sparrowvsrevolution writes "In the wake of confirmation that the U.S. government was involved in the creation of Stuxnet and likely Flame, a look over job listings on defense contractor sites shows just how explicitly the Pentagon and the firms that service it are recruiting offense-oriented hackers. Northrop Grumman, Raytheon, Lockheed Martin, SAIC, and Booz Allen have all posted job ads that require skills like 'exploit development,' have titles like 'Windows Attack Developer,' or asks them to 'plan, execute, and assess an Offensive Cyberspace Operation.'"

MrSeb writes "Researchers from Texas A&M University claim to have pioneered unbreakable cryptography based on the laws of thermodynamics; classical physics, rather than quantum. In theory, quantum crypto (based on the laws of quantum mechanics) can guarantee the complete secrecy of transmitted messages: To spy upon a quantum-encrypted message would irrevocably change the content of the message, thus making the messages unbreakable. In practice, though, while the communication of the quantum-encrypted messages is secure, the machines on either end of the link can never be guaranteed to be flawless. According to Laszlo Kish and his team from Texas A&M, however, there is a way to build a completely secure end-to-end system — but instead of using quantum mechanics, you have to use classical physics: the second law of thermodynamics, to be exact. Kish's system is made up of a wire (the communication channel), and two resistors on each end (one representing binary 0, the other binary 1). Attached to the wire is a power source that has been treated with Johnson-Nyquist noise (thermal noise). Johnson noise is often the basis for creating random numbers with computer hardware."

Barence writes "U.S. government officials could be working under cover at Microsoft to help the country's cyber-espionage programme, according to one leading security expert. According to Mikko Hypponen, chief research officer at security firm F-Secure, the claim is a logical conclusion to a series of recent discoveries and disclosures linking the U.S. government to 2010's Stuxnet attack on Iran and ties between Stuxnet and the recent Flame attack. 'It's plausible that if there is an operation under way and being run by a U.S. intelligence agency it would make perfect sense for them to plant moles inside Microsoft to assist in pulling it off, just as they would in any other undercover operation,' he said. 'It's not certain, but it would be common sense to expect they would do that.'"

An anonymous reader writes "Anyone who uses Skype on Linux will be happy to hear that a new version has been made available today, bringing with it a host of essential updates and new features. Skype 4.0, codenamed "Four Rooms for Improvement," is long overdue, and Marco Cimmino makes a point of thanking Linux users for their patience on the Skype blog. The main improvements Skype is delivering include much improved audio call quality, better video support, and improved chat synchronization. For video specifically, Skype has spent time implementing support for a much wider range of webcams, so if your camera didn't work before today you might be surprised to find it does in Skype 4.0. Visually, Skype has received a new Conversations View, which brings all chats into a single, unified window (you can revert to the old view if you prefer). There's also a new Call View, presence and emoticons have been redesigned, and you can now store and view numbers within each Skype profile."