An anonymous reader writes "IEEE Spectrum reports on a method that exploits the decaying contents of unpowered computer memory to create an hourglass-like 'time machine' that rate limits brute force attacks against contactless smartcards and RFIDs. The paper takes an odd twist on the 'cold boot' attack reported four years ago at USENIX Security. Not quite as cool as a hot tub time machine though. " Full paper (PDF).
Please create an account to participate in the Slashdot moderation system
An anonymous reader writes "Apparently someone set up a fake Twitter account under the name of a Russian Foreign Minister and said President Assad of Syria had been hurt/killed. From the article: 'The ministry and the embassy denied the veracity of the report and a message later appeared on the same Twitter account saying "this account is a hoax." It did not say what the aim of the hoax was although it had briefly affected oil markets.'"
1sockchuck writes "Some data centers are kept as chilly as meat lockers. But IT operations in colder regions face challenges in managing conditions — hence Facebook's to use environmentally controlled trucks to make deliveries to its new data center in Sweden, which is located on the edge of the Arctic Circle. The problem is the temperature change in transporting gear. 'A rapid rate of change (in temperature) can create condensation on the electronics, and that's no good,' said Facebook's Frank Frankovsky."
zacharye writes "Bruised mobile carriers such as AT&T and Verizon are 'fighting back' against Apple's iPhone, despite the fact that the device has helped them eke out consistently higher average revenue per wireless subscribers since its launch. To hear the carriers tell it, the iPhone is a major inhibitor to their profits as last year they were 'only' generating wireless service profit margins in the 38% to 42% range. But ever since these beleaguered companies started 'fighting back' by implementing data caps, increasing fees for device upgrades and implementing longer waiting periods before users can switch devices, they’ve seen their wireless service profit margins surge. AT&T reported a 45% margin in Q2 2012 and Verizon reported a record-high 49% margin."
DavidGilbert99 writes "The Iranian minister for telecommunication has said that the government will be taking key ministries and state agencies offline in the next month to protect sensitive information from cyber-attacks. However this move is just the initial step in an 18 month plan to take the country off the world wide web, and replace it with a state-controlled intranet. From the article: 'The US began offensive cyber-attacks against Iran during the presidency of George W. Bush when the Olympics Games project was founded. Out of this was [born] the Stuxnet cyber-weapon, which was designed to specifically target the Natanz nuclear enrichment facility in Iran.'"
wiredmikey writes "Microsoft has released the public version of Attack Surface Analyzer, a tool designed to help software developers and independent software vendors assess the attack surface of an application or software platform. The tool was pushed out of beta with Version 1.0 released on Thursday. Since ASA doesn't require the original source code, managers and executives can also use the tool to determine how a new application or software being considered would affect the organization's overall security before deploying it. The tool takes snapshots of the system before and after an application was installed, and compares them to identify changes made when new applications were installed. A stand-alone wizard guides users through the scanning and analysis process and a command-line version is available for use with automated tools. Attack Surface Analyzer 1.0 can be downloaded from Microsoft here."
wrekkuh writes "The Economist has printed an interesting look at the concerns and speculations of the fast-growing Chinese telecom giant Huawei, and its spread into western markets. Of particular concern is Huawei's state funding, and the company's founder, Ren Zhengfei, who once served as an engineer in the People's Liberation Army (PLA). However, another article from The Economist goes into greater detail about the steps Huawei has taken to mitigate some of these concerns in England — including co-operating with the GCHQ in Britain, the UK's signals-intelligence agency, to ensure equipment built by Huawei is not back-doored."
Robadob writes "Yesterday a hacker gained access to Mat Honan's (An editor at Gizmodo) Apple iCloud account allowing the attacker to reset his iPhone, iPad, and Macbook. The attacker was also able to gain access to Google and Twitter accounts by sending password recovery emails. At the time this was believed to be down to a brute-force attack, however today it has come out that the hacker used social engineering to convince Apple customer support to allow him to bypass the security questions on the account."
An anonymous reader writes "Researchers on the Square Kilometer Array project to build the world's largest radio telescope believe that a GPU cluster could be suited to stitching together the more than an exabyte of data that will be gathered by the telescope each day after its completion in 2024. One of the project heads said that graphics cards could be cut out for the job because of their high I/O and core count, adding that a conventional CPU-based supercomputer doesn't have the necessary I/O bandwidth to do the work."
As data centers become more common and more advanced, there's been a movement to automate and consolidate control of data center components, and an industry is starting to grow around it. "While VMware pushes a programmable data model based on its technologies, vendors such as Puppet Labs are making the case for a more platform-neutral approach. Puppet Labs has developed a declarative language for configuring systems that can be extended across the data center: the organization recently announced the creation of an open source project in conjunction with EMC, called Razor, to accomplish that goal. There’s already open source project known as Chef, created by Opscode, with a similar set of goals. In a similar vein, Reflex Systems, a provider of virtualization management tools, is trying to drum interest in VQL, a query language that the company specifically developed for IT pros."
wiredmikey sends this excerpt from SecurityWeek: "A recent article on ProPublica dissected two commonly quoted figures about cybersecurity: $1 trillion in losses due to cybercrime itself and $388 million in IP losses for American companies. Both figures have been scrutinized and challenged by many, and viewed as typical security vendor FUD. ... The $1 trillion figure is attributed to anti-virus vendor McAfee, while the $388 million in IP losses number belongs to Symantec's Norton division. According to ProPublica, 'The report was not actually researched by Norton employees; it was outsourced to a market research firm, StrategyOne, which is owned by the public relations giant Edelman.' The problem with both of these figures — $1 trillion and $388 million — is, as Microsoft researchers pointed out earlier this year in a report fittingly titled 'Sex, Lies, and Cybercrime,' they are studded with outliers. In one example they cite that a single individual who claims $50,000 losses, in an N = 1000 person survey, is enough to extrapolate a $10 billion loss over the population. In another, one unverified claim of $7,500 in phishing losses translates into $1.5 billion over the population. The Microsoft researchers concluded: 'Are we really producing cyber-crime estimates where 75% of the estimate comes from the unverified self-reported answers of one or two people? Unfortunately, it appears so. Can any faith whatever be placed in the surveys we have? No, it appears not.'"
An anonymous reader writes "John James Jr., director of the U.S. Missile Defense Agency, who is responsible for the nation's missile defense system, recently sent out a one-page memo warning employees and contractors to stop using agency computers to visit pornographic Web sites. That's right; apparently they were watching the wrong type of bombshells."
schliz writes "iTnews in Australia has published an interview with CERN's deputy head of IT, David Foster, who explains what last month's discovery of a 'particle consistent with the Higgs Boson' means for the organization's IT department, why it needs a second 'Tier Zero' data center, and how it is using grid computing and the cloud. Quoting: 'If you were to digitize all the information from a collision in a detector, it’s about a petabyte a second or a million gigabytes per second. There is a lot of filtering of the data that occurs within the 25 nanoseconds between each bunch crossing (of protons). Each experiment operates their own trigger farm – each consisting of several thousand machines – that conduct real-time electronics within the LHC. These trigger farms decide, for example, was this set of collisions interesting? Do I keep this data or not? The non-interesting event data is discarded, the interesting events go through a second filter or trigger farm of a few thousand more computers, also on-site at the experiment. [These computers] have a bit more time to do some initial reconstruction – looking at the data to decide if it’s interesting. Out of all of this comes a data stream of some few hundred megabytes to 1Gb per second that actually gets recorded in the CERN data center, the facility we call "Tier Zero."'"
colinneagle writes "When someone calls into support, we first verify his or her account information. On the phone, this can take seconds. On a chat feature it can take a minute or two because people type slower than they speak. I also find that when people type in a chat they try to make the process go quicker by abbreviating the conversation. This means they might not give me all the information they would have if we were talking on the phone. The more descriptive a customer is about a problem, the easier and faster it will be to solve their issue. But the nature of a chat feature means people will abbreviate their stories to be more efficient, without realizing this just makes it more difficult to solve the problem. I end up asking more questions, which takes longer for the full story to come out. Explaining how to fix a problem can be difficult on the phone, but on a chat feature where I can't see your screen and likely have less information to work with, it can make it impossible to tackle a complex issue. It would be much more efficient for both me and the customer to talk on the phone so I can walk the customer through the steps I am taking."
twoheadedboy writes "Yahoo is being sued by one of its users, who has claimed the US Internet company was guilty of negligence when 450,000 passwords of the members of the Yahoo Voices blogging community were posted online. Jeff Allan from New Hampshire has turned to a federal court in San Jose, California, after his eBay account, which used the same password as his Voices account, was compromised. The breach at Yahoo followed similar hits on LinkedIn and Nvidia, which together saw millions of passwords leaked."