wiredmikey writes "Later this week, the NSA's organizational leader and head of the U.S. Cyber Command – General Keith Alexander — will address an audience of hackers at DEF CON. News of General Alexander's talk at Def Con broke on Friday. Up until that point, the 12:00 Track 1 slot was kept secret, leaving attendees to the world's largest hacker conference to speculate. The buzz was that it would be something interesting – if only because this year is Def Con's 20th anniversary. General Alexander will be giving a talk titled 'Shared Values, Shared Responsibility,' which is outlined as a presentation that will focus on the shared core values between the hacker community and the government's cyber community. Namely, the vision of the Internet as a positive force, the fact that information increases value by sharing, the respect and protection of privacy and civil liberties, and the opposition to malicious and criminal behavior."
SlashBI: Your dashboard for the latest in business-intelligence news and analysis.
beaverdownunder writes "Many Aussies across New South Wales and South Australia had a bit of a shock this morning when they received an SMS threatening them with assassination. Although somewhat varied, the messages have typically read, 'Someone paid me to kill you. If you want me to spare you, I'll give you two days to pay $5000. If you inform the police or anybody, you will die, I am monitoring you', and signed with the e-mail address firstname.lastname@example.org. Police and the Australian Competition and Consumer Commission have warned that the messages are almost certainly fake, and that no dialogue should be entered into with scammers." I hope "almost certainly" is droll understatement.
mikejuk writes "Support Vector Machines (SVMs) are fairly simple but powerful machine learning systems. They learn from data and are usually trained before being deployed. SVMs are used in security to detect abnormal behavior such as fraud, credit card use anomalies and even to weed out spam. In many cases they need to continue to learn as they do the job and this raised the possibility of feeding it with data that causes it to make bad decisions. Three researchers have recently demonstrated how to do this with the minimum poisoned data to maximum effect. What they discovered is that their method was capable of having a surprisingly large impact on the performance of the SVMs tested. They also point out that it could be possible to direct the induced errors so as to produce particular types of error. For example, a spammer could send some poisoned data so as to evade detection for a while. AI based systems may be no more secure than dumb ones."
wiredmikey writes "A researcher specializing in smart grids has released an open-source tool designed to assess the security of smart meters. Dubbed 'Termineter,' the framework would allow users, such as grid operators and administrators, to test smart meters for vulnerabilities. Termineter uses the serial port connection that interacts with the meter's optical infrared interface to give the user access to the smart meter's inner workings. The user interface is much like the interface used by the Metasploit penetration testing framework. It relies on modules to extend its testing capabilities. Spencer McIntyre, a member of SecureState's Research and Innovation Team, is scheduled to demonstrate Termineter in a session 'How I Learned to Stop Worrying and Love the Smart Meter,' at Security B-Sides Vegas on July 25. The Termineter Framework can be downloaded here." As the recent lucky winner of a smart meter from the local gas company, I wish householder access to this data was easy and expected.
First time accepted submitter rawket.scientist writes "I'm a full time lawyer and part time nerd doing most of the IT support for my small (~10 person) firm. We make heavy use of our old Windows Server 2003 machine for networked storage, and we use it as a DNS server (by choice, not necessity), but we don't use it for our e-mail, web hosting, productivity or software licensing. No Sharepoint, no Exchange, etc. Now old faithful is giving signs of giving out, and I'm seriously considering replacing it with a NAS device like the Synology DS1512+ or Dell PowerVault NX200. Am I penny-wise but pound foolish here? And is it overambitious for someone who's only dabbled in networking 101 to think of setting up a satisfactory, secure VPN or FTP server on one of these? We've had outside consultants and support in the past, but I always get the first 'Why is it doing this?' call, and I like to have the answer, especially if I was the one who recommended the hardware."
An anonymous reader writes "The Power Pwn may look like a power strip, but it's actually a DARPA-funded hacking tool for launching remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks. If you see one around the office, make a point to ask if it's supposed to be there. Pwnie Express, which developed the $1,295 tool, says it's 'a fully-integrated enterprise-class penetration testing platform.' That's great, but the company also notes its 'ingenious form-factor' (again, look at the above picture) and 'highly-integrated/modular hardware design,' which to me makes it look like the perfect gizmo for nefarious purposes."
diegocg writes "Linux 3.5 has been released. New features include support for metadata checksums in Ext4, userspace probes for performance profiling with systemtap/perf, a simple sandboxing mechanism that can filter syscalls, a new network queue management algorithm designed to fight bufferbloat, support for checkpointing and restoring TCP connections, support for TCP Early Retransmit (RFC 5827), support for android-style opportunistic suspend, btrfs I/O failure statistics, and SCSI over Firewire and USB. Here's the full changelog."
First time accepted submitter thecrazyivan writes "As companies like Reddit and Foursquare have shown, Internet users enjoy earning points in arbitrary social games. So why not apply that competitive motivation to something useful, like cleaning up the world's PCs? A startup called Jumpshot is raising funds to launch a new, friendlier form of computer security. Jumpshot is still in its infancy, but it seems to have excited plenty of users with its potential: The company launched a Kickstarter project and almost immediately raised nearly three times its funding goal."
kgeiger writes "The FCC is changing the call termination tariffs that subsidized rural wireline service and coincidentally free conference calls. Free conference call services had located their dial-in centers in rural areas to scoop up FCC tariffs from its Universal Service Fund. USF monies will go to broadband deployment instead. Be prepared to put more nickels in the box." On the other hand, maybe ad-driven Internet services (whether free or "freemium") will step in to the free-conference gap with some good-enough options, as they have for many other services, like email and faxing.
An anonymous reader writes "Last week Russian developer Alexey Borodin hacked Apple's In-App Purchase program for all devices running iOS 3.0 or later, allowing iPhone, iPad, and iPod touch users to circumvent the payment process and essentially steal in-app content. Apple [Friday] announced a temporary fix and that it would patch the holes with the release of iOS 6. While Cupertino was distracted, Borodin came in and pulled off the same scheme on the Mac."
dell623 writes "Google has begun updating the Google Nexus S, which was released in December 2010 to Android 4.1 Jelly Bean. The update comes with all the new features of JB, including Google Now. The update makes the almost two year old phone smooth and in many ways superior to newer, more expensive Android devices that are unlikely to even be updated to Android 4.0. The update is impressive, but also exposes the problems of Android fragmentation and the failure of other Android device manufacturers to develop better software than Google, or issue timely updates."
MojoKid writes "When USB debuted in 1999, it offered maximum throughput of 12Mb/s. Today, USB 3.0 offers 4.8Gb/s. Interestingly, modern USB 3 controllers use the same Bulk-Only Transport (BOT) protocol that first debuted in 1999. Before the advent of USB 3, relying on BOT made sense. Since hard drives were significantly faster than the USB 2 bus itself, the HDD was always going to be waiting on the host controller. USB 3 changed that. With 4.8Gbits/s of throughput (600MB/s), only the highest-end hardware is capable of saturating the bus. That's exposed some of BOT's weaknesses. UASP, or the USB Attached SCSI Protocol, is designed to fix these limitations, and bring USB 3 fully into the 21st century. It does this by implementing queue functions, reducing command latency, and allowing the device to transfer commands and data independently from each other. Asus is the first manufacturer to have implemented UASP in current generation motherboards and the benchmarks show transfer speeds can be improved significantly."
schliz writes "A group of Australian network engineers is planning to launch a not-for-profit internet service provider that will provide access to the nation's high-speed NBN fibre network for like-minded people. The cooperative, dubbed 'No ISP,' has no staff or add-on services to keep costs down. Members will be able to 'trade' excess download quota for a market-based price, depending on supply and demand."
Nerval's Lobster writes with news that U.S. federal agencies are falling behind in their efforts to consolidate government data centers. Current plans call for a savings of $2.4 billion and the closing of over a thousand data centers, but 17 of 24 agencies still haven't provided details on their IT infrastructure and usage. A new report from the Government Accountability Office highlights the problems with this consolidation effort. "Data centers represent a significant cost to the federal government. Electricity to operate federal servers and data centers costs around $450 million a year, according to an EPA estimate cited in the report. Moreover, federal agencies reported limited reuse of data centers, along with server utilization rates dipping as low as 5 percent. The GAO report features agencies claiming several challenges on the way to data-center consolidation. These included accepting cultural change as part of the consolidation; funding the consolidation and identifying the resulting cost savings; operational challenges including procurement and resource constraints; and difficulties in planning a migration strategy."