theodp writes "The NYT's Steve Lohr reports that his has been the crossover year for Big Data — as a concept, term and marketing tool. Big Data has sprung from the confines of technology circles into the mainstream, even becoming grist for Dilbert satire ('Big Data lives in The Cloud. It knows what we do.'). At first, Jim Davis, CMO at analytics software vendor SAS, viewed Big Data as part of another cycle of industry phrasemaking. 'I scoffed at it initially,' Davis recalls, noting that SAS's big corporate customers had been mining huge amounts of data for decades. But as the vague-but-catchy term for applying tools to vast troves of data beyond that captured in standard databases gained world-wide buzz and competitors like IBM pitched solutions for Taming The Big Data Tidal Wave, 'we had to hop on the bandwagon,' Davis said (SAS now has a VP of Big Data). Hey, never underestimate the power of a meme!"

Jeremiah Cornelius writes with a note that on Thursday of this week "The Electronic Privacy Information Center posted a brief and detailed notice about the removal of a petition regarding security screenings by the TSA at US airports and other locations. 'At approximately 11:30 am EDT, the White House removed a petition about the TSA airport screening procedures from the White House 'We the People' website. About 22,500 of the 25,000 signatures necessary for a response from the Administration were obtained when the White House unexpectedly cut short the time period for the petition. The site also went down for 'maintenance' following an article in Wired that sought support for the campaign."

wiredmikey writes "A new malware intelligence system developed at Georgia Tech Research Institute is helping organizations share threat intelligence and work together to understand malware and cyber attacks. Dubbed "Titan", the system lets members submit threat data and collaborate on malware analysis and classification. Unlike some other systems, members contribute data anonymously so no one would know which specific organizations had been affected by a specific attack. Titan users also get reports on malware samples they have submitted, such as the potential harm, the likely source, the best remedy, and the risks posed by the sample. The analysis is based on what GTRI researchers learn by reverse-engineering the malware. The project currently analyzes and classifies an average of 100,000 pieces of malicious code each day and growing. While other information sharing initiatives have been launched, many are by vendors, which sometimes sparks concern that the vendor may have some bias, and may be pushing a certain product. Not the case with Titan."

An anonymous reader writes "As we (very gradually) move away from feudal, leader-based forms of governance to collaborative and open source governance, some interesting new issues arise. The biggest is usually user authentication: how can we avoid sock-puppets and spammers from overtaking the voting process? Enter the concept of the streetwiki, an ingenious system for having humans validate their physical neighbors. Bleeding-edge social organization meets ancient validation protocol."

SternisheFan snips this news from Tech Radar: "The Surface tablets that Microsoft will start selling on 26 October at Microsoft Stores (and in temporary 'holiday stores' in twelve US cities including New York) are only the first of a planned family of Windows devices and Surface 2.0 is already under development. Although Microsoft corporate communications chief Frank Shaw said recently that calling Surface 'our new family of PCs built to be the ultimate stage for Windows' was no more than 'literary licence' and that there was nothing more than the two tablets already announced, the Surface team is 'currently building the next generation' of 'devices that fully express the Windows vision' — according to more than a dozen job adverts posted on the Microsoft Careers site between June and August."

New submitter rabok writes "If a Microsoft job posting can be believed, we are set to get a new Xbox on store shelves by March 2014 at the latest. Regardless of when it does eventually arrive, it seems an image claiming to be the output of a Kinect 2 has hit the web by a user on twitter. Kinect 2 is expected to be much more accurate — even able to see individual fingers, read lips, and gauge moods. This image seems to back up that improvement in both depth perception and the ability to distinguish individual fingers."

An anonymous reader writes "I know most people use backup services in the cloud now, off-site, but does anyone have good ideas on how to best protect data without it leaving the site? I'm a photographer and, I shoot 32GB to 64GB in a couple of hours. I've accumulated about 8TB of images over the past decade and just can't imagine paying to host them somewhere off-site. I don't make enough money as it is. Currently I just redundantly back them up to hard drives in different rooms of my house, but that's a total crapshoot — if there's a fire, I'd be out of luck. Does anyone keep a hard disk or NAS inside a fireproof safe? In a bunker in the cellar? In the detached garage? It's so much data that even doing routine backups bogs the system down for days. I'd love suggestions, especially from gamers or videographers who have TBs of data they need to back up, on what options there are with a limited budget to maximize protection."

OverTheGeicoE writes "Why is it that airport security never seems to change in the United States? Perhaps it's because most Americans think the TSA is doing a 'good job,' according to a surprise Gallup poll, allegedly commissioned by no one but the kind editors at Gallup. The poll found that 54% of Americans believe the TSA is doing a good or excellent job, and that 57% have a good or excellent opinion of the agency. So why all the criticism? According to the article, criticism of the TSA comes primarily from 'Internet sites, where reporting standards are generally not at the same level as newspapers, where reporters are taught to consider what is told to them with skepticism and to seek responses to charges.' Furthermore, 'the TSA is put into a difficult situation when such charges are posted with little or no fact checking by reporters.' Other sources, of course, have different interpretations of Gallup's results, including questions about whether the poll was biased. If Americans secretly do love the TSA, that could explain why the recent whitehouse.gov petition failed to gather enough signatures for a 'response.' In fact, you'll find so little information about the petition remains on whitehouse.gov that you'll wonder if my link is correct. And these are not the droids you're looking for. Move along."

CowboyRobot writes "Last week, a bug in high-frequency trading software from Knight Capital Group resulted in erroneous trades costing almost a half-billion dollars. So, what went wrong and how can they, or any other software developer, prevent something similar from happening again? In hindsight, it's clear that the developers did not verify the code under enough conditions. But the real issue is how these high-frequency trades work in the first place. Robert Dewar at Dr. Dobb's suggests the financial industry needs to take a page from the avionics rulebook, which has very strict guidelines about what code can be implemented due to the high cost of failure in that field. 'High-frequency automated trading is not avionics flight control, but the aviation industry has demonstrated that safe, reliable real-time software is possible, practical, and necessary. It requires appropriate development technology and processes as well as a culture that thinks in terms of safety (or reliability) first. That is the real lesson to be learned from last week's incident. It doesn't come for free, but it certainly costs less than $440M.'"

An anonymous reader writes "Blizzard announced today that its Battle.net service was compromised. The company is urging users to change their login information immediately. Blizzard is stressing that payment information was not compromised. 'The unauthorized access included email addresses associated with Battle.net accounts in all regions, outside of China. Additional information from accounts associated with the North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) was also accessed, including cryptographically scrambled versions of passwords (not actual passwords), the answer to a personal security question, and information relating to Mobile and Dial-In Authenticators. It's important to note that at this time, Blizzard does not believe this information alone is enough to gain access to Battle.net accounts.'"

caseyb89 writes "Hacker Highschool is an after school program that teaches students the best practices of responsible hacking. The program is open source, and high schools across the country have begun offering the free program to students. Hacker Highschool recognized that teens are constantly taught that hacking is bad, and they realized that teens' amateur understanding of hacking was the cause of the biggest issues. The program aims to reverse this negative stereotype of hacking by encouraging teens to embrace ethical, responsible hacking."

EliSowash writes "A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to Kaspersky researchers. Gauss is a nation-state-sponsored banking Trojan which carries a warhead of unknown designation. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations. Just like Duqu was based on the 'Tilded' platform on which Stuxnet was developed, Gauss is based on the 'Flame' platform."

Nerval's Lobster writes that New York City isn't just gathering data on citizens with cameras and other data sources for sifting through later to seek evidence in the event of violent acts; it's using some of that data in real-time in an attempt to reveal potential criminal activity. They've even picked a name for their system that echoes DARPA's Total Information Awareness, which I guess is more diplomatic than just calling it Precrime: "The Domain Awareness System will draw data from 911 calls, previous crime reports, license-plate readers, law-enforcement databases, environmental sensors, and roughly 3,000 closed-circuit cameras. It will rely on the New York City Wireless Network (NYCWiN), a high-speed wireless broadband infrastructure that allows city agencies to rapidly transmit data, and used for everything from emergency response to reading meters. Mayor Bloomberg argued that the system isn't an example of Big Brother overstepping the line. 'What you're seeing is what the private sector has used for a long time,' he told Gothamist. 'If you walk around with a cell phone, the cell phone company knows where you are. We're not your mom and pop's police department anymore.'"

Hugh Pickens writes "Rebecca Rosen writes that when hackers broke into Mat Honan's Apple account last week, they couldn't answer his security questions but Apple didn't care and issued a temporary password anyway. This was a company disregarding its own measure, saying, effectively, security questions are a joke and we don't take them very seriously. But even if Apple had required the hackers to answer the questions, it's very likely that the hackers would have been able to find the right answers. 'The answers to the most common security questions — where did you go to high school? what is the name of the first street you lived on? — are often a matter of the public record,' writes Rosen, 'even more easily so today than in the 1980s when security questions evolved as a means of protecting bank accounts.' Part of the problem is that a good security question is hard to design and has to meet four criteria: A good security question should be definitive — there should only be one correct answer; Applicable — the question should be possible to answer for as large a portion of users as possible; Memorable — the user should have little difficulty remembering it; and Safe — it should be difficult to guess or find through research. Unfortunately few questions fit all these criteria and are known only by you. 'Perhaps mother's maiden name was good enough for banking decades ago, but I'm pretty sure anyone with even a modicum of Google skills could figure out my mom's maiden's name,' concludes Rosen. Passwords have reached the end of their useful life adds Bruce Schneier. 'Today, they only work for low-security applications. The secret question is just one manifestation of that fact.'"

wiredmikey writes "Despite its significant user base within enterprises, BlackBerry devices have managed to stay off the radar for malware writers. That may be ending, as four new Zeus-in-the-mobile (Zitmo) samples targeting BlackBerry users in Germany, Spain, and Italy have been found. Zitmo, which hit Android devices back in July 2011, refers to a version of the Zeus malware that specifically targets mobile devices. Denis Maslennikov, a security researcher at Kaspersky Lab, also identified a new Zitmo variant for Android using the same command and control (C&C) numbers as the BlackBerry versions. While previous Android variants have been primitive, the latest .apk dropper, which shows up as an app 'Zertifikat,' looks 'more similar to "classic" Zitmo,' he said. When executed, it displays a message in German that the installation was successful, along with an activation code. The Android sample also included a self-issued certificate that indicates it was developed less than a month ago."