theodp writes "IBM CEO Virginia M. Rometty's Big Blue bio boasts that she led the development of IBM Global Delivery Centers in India. In his latest column, Robert X. Cringely wonders if customers of those centers know what they're getting for their outsourcing buck. 'Right now,' writes Cringely, 'IBM is preparing to launch an internal program with the goal of increasing in 2013 the percentage of university graduates working at its Indian Global Delivery Centers (GDCs) to 50 percent. This means that right now most of IBM's Indian staffers are not college graduates. Did you know that? I didn't. I would be very surprised if IBM customers knew they were being supported mainly by graduates of Indian high schools.'"

Sherloqq sends this quote from a Bloomberg report: "FinFisher, a spyware sold by U.K.- based Gamma Group, can secretly take remote control of a computer, copying files, intercepting Skype calls and logging every keystroke. For the past year, human rights advocates and virus hunters have scrutinized FinFisher, seeking to uncover potential abuses. They got a glimpse of its reach when a FinFisher sales pitch to Egyptian state security was uncovered after that country's February 2011 revolution. In December, anti-secrecy website WikiLeaks published Gamma promotional videos showing how police could plant FinFisher on a target's computer. ... Researchers believe they’ve identified copies of FinFisher, based on an examination of malicious software e-mailed to Bahraini activists, they say. ... The findings illustrate how the largely unregulated trade in offensive hacking tools is transforming surveillance, making it more intrusive as it reaches across borders and peers into peoples’ digital devices. From anywhere on the globe, the software can penetrate the most private spaces, turning on computer web cameras and reading documents as they are being typed."

Maximum Prophet writes "If you've ever had your eyes scanned, be sure to install new ones every 90 days. Wired reports on research being released at Black Hat: 'The replica images, they say, can trick commercial iris-recognition systems into believing they’re real images and could help someone thwart identification at border crossings or gain entry to secure facilities protected by biometric systems. The work goes a step beyond previous work on iris-recognition systems. Previously, researchers have been able to create wholly synthetic iris images that had all of the characteristics of real iris images — but weren’t connected to real people. The images were able to trick iris-recognition systems into thinking they were real irises, though they couldn’t be used to impersonate a real person. But this is the first time anyone has essentially reverse-engineered iris codes to create iris images that closely match the eye images of real subjects, creating the possibility of stealing someone’s identity through their iris.'"

alphadogg writes with an excerpt from an interview with the designer of SSH-1: "Tatu Ylönen has garnered fame in technology circles as the inventor of Secure Shell (SSH), the widely used protocol to protect data communications. The CEO of SSH Communications Security — whose crypto-based technology invented in 1995 continues to be used in hundreds of millions of computers, routers and servers — recently spoke with Network World on a variety of security topics, including the disappearance of consumer privacy and the plight of SSL. (At the Black Hat Conference this week, his company is also announcing CryptoAuditor.)"

MrSeb writes with an excerpt from Extreme Tech about a presentation at Black Hat: "Bad news: With an Arduino microcontroller and a little bit of programming, it's possible for a hacker to gain instant, untraceable access to millions of key card-protected hotel rooms. This hack was demonstrated by Cody Brocious, a Mozilla software developer, at the Black Hat security conference in Las Vegas. At risk are four million hotel rooms secured by Onity programmable key card locks. According to Brocious, who didn't disclose the hack to Onity before going public, there is no easy fix: There isn't a firmware upgrade — if hotels want to secure their guests, every single lock will have to be changed. I wish I could say that Brocious spent months on this hack, painstakingly reverse-engineering the Onity lock protocol, but the truth — as always, it seems — is far more depressing. 'With how stupidly simple this is, it wouldn't surprise me if a thousand other people have found this same vulnerability and sold it to other governments,' says Brocious. 'An intern at the NSA could find this in five minutes.'"

mask.of.sanity writes "The Tor Project is considering paying exit relay hosts to make the network faster and more secure. The project has called for discussion on the idea, notably from relay hosts. Its founder has suggested $100 a month would attract fast and diverse nodes. Exit nodes are the last hopping point on the Tor network and are critical to its performance and safety." The problem: "But lately the Tor network has become noticeably faster, and I think it has a lot to do with the growing amount of excess relay capacity relative to network load ... on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays. ... Since we're not doing particularly well at diversity with the current approach, we're going to try an experiment: we'll connect funding to exit relay operators so they can run bigger and/or better exit relays." As to funding: "We've lined up our first funder (BBG, ...), and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits."

An anonymous reader writes "Like most web users these days, I have enough accounts on enough websites – most of which have *inconsistent* password syntax restrictions — that when I need to log into a site I don't visit very often, I now basically just hit the "Forgot Password" button immediately. Microsoft's "Passport" gave us the promise of a single web sign-on. What happened to that idea? Why hasn't some bright spark (or ubiquitous web corporation) already made a fortune standardizing on one? I can now buy my coffee with my phone. Why do I have to still scratch my passwords on the underside of my desk?"

An anonymous reader writes with this excerpt from Network World: "For the first time, Apple will officially be in attendance at the annual Black Hat security conference which is scheduled to run through Thursday of this week. This is a notable development for two reasons. First, Apple has never formally attended the conference. Two, many of the more prominent stories to emerge out of previous Black Hat events have centered on Apple security. Representing Apple at the conference will be Apple platform security manager Dallas De Atley who is scheduled to deliver a speech on Thursday about the security technologies in iOS. Some have speculated that Apple's decision to attend the conference is rooted in their desire to make further inroads in the enterprise market while others believe it's a sign that Apple recognizes the growing importance of having a more open relationship with the hacker community at large."

jones_supa writes "Two sources have told Reuters that Apple's new iPhone will drop the classic wide dock connector used in the company's gadgets for the best part of a decade in favor of a smaller one. The refresh will be a 19-pin connector port at the bottom instead of the previous 30-pin port 'to make room for the earphone moving to the bottom.' That would mean the new phone would not connect with the myriad of accessories playing a part in the current ecosystem of iPods, iPads and iPhones, at least without an adapter. On the upside, a smaller connector will allow for more compact product designs. Some enterprising vendors in China have already begun offering cases for the new phone, complete with earphone socket on the bottom and a 'guarantee' that the dimensions are correct." Gizmodo writer Adrian Covert says it's for your own good.

nk497 writes "A Gartner analyst made headlines after describing Windows 8 desktop as: 'in a word: bad.' After web reaction, including one story asking why anyone bothers to listen to the consultancy firm anymore, Gunnar Berger has now yanked the offending sentence from his blog post, saying it was taken out of context and only applied to using the desktop with a mouse and keyboard, and that overall Windows 8 is a good thing. 'If you look at my blog, I've gotten rid of it,' he said. 'It's upsetting me that it's being taken completely out of context.'"

decora writes "Ellen Nakashima of the Washington Post reports that the NSA has just declassified one of the 5 documents NSA whistleblower Thomas Andrews Drake was charged under the Espionage Act for retaining in his basement. The document, which Drake previously faced years in prison for possessing, is essentially a cheerleading memo, complimenting the Trailblazer project team for a great presentation and demo. It stands in stark contrast to numerous other reports that described the NSA IT project as an overbudget, ineffective, billion dollar seven year boondoggle."

wiredmikey writes "Later this week, the NSA's organizational leader and head of the U.S. Cyber Command – General Keith Alexander — will address an audience of hackers at DEF CON. News of General Alexander's talk at Def Con broke on Friday. Up until that point, the 12:00 Track 1 slot was kept secret, leaving attendees to the world's largest hacker conference to speculate. The buzz was that it would be something interesting – if only because this year is Def Con's 20th anniversary. General Alexander will be giving a talk titled 'Shared Values, Shared Responsibility,' which is outlined as a presentation that will focus on the shared core values between the hacker community and the government's cyber community. Namely, the vision of the Internet as a positive force, the fact that information increases value by sharing, the respect and protection of privacy and civil liberties, and the opposition to malicious and criminal behavior."

beaverdownunder writes "Many Aussies across New South Wales and South Australia had a bit of a shock this morning when they received an SMS threatening them with assassination. Although somewhat varied, the messages have typically read, 'Someone paid me to kill you. If you want me to spare you, I'll give you two days to pay $5000. If you inform the police or anybody, you will die, I am monitoring you', and signed with the e-mail address killerking247@yahoo.com. Police and the Australian Competition and Consumer Commission have warned that the messages are almost certainly fake, and that no dialogue should be entered into with scammers." I hope "almost certainly" is droll understatement.

An anonymous reader writes "7,500 Black Hat USA 2012 attendees may have been surprised to get a fake password reset e-mail sent to accounts they used to register for the conference. Black Hat has apologized and explained the lame phishing spam attempt."

mikejuk writes "Support Vector Machines (SVMs) are fairly simple but powerful machine learning systems. They learn from data and are usually trained before being deployed. SVMs are used in security to detect abnormal behavior such as fraud, credit card use anomalies and even to weed out spam. In many cases they need to continue to learn as they do the job and this raised the possibility of feeding it with data that causes it to make bad decisions. Three researchers have recently demonstrated how to do this with the minimum poisoned data to maximum effect. What they discovered is that their method was capable of having a surprisingly large impact on the performance of the SVMs tested. They also point out that it could be possible to direct the induced errors so as to produce particular types of error. For example, a spammer could send some poisoned data so as to evade detection for a while. AI based systems may be no more secure than dumb ones."