caseyb89 writes "Hacker Highschool is an after school program that teaches students the best practices of responsible hacking. The program is open source, and high schools across the country have begun offering the free program to students. Hacker Highschool recognized that teens are constantly taught that hacking is bad, and they realized that teens' amateur understanding of hacking was the cause of the biggest issues. The program aims to reverse this negative stereotype of hacking by encouraging teens to embrace ethical, responsible hacking."

EliSowash writes "A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to Kaspersky researchers. Gauss is a nation-state-sponsored banking Trojan which carries a warhead of unknown designation. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations. Just like Duqu was based on the 'Tilded' platform on which Stuxnet was developed, Gauss is based on the 'Flame' platform."

Nerval's Lobster writes that New York City isn't just gathering data on citizens with cameras and other data sources for sifting through later to seek evidence in the event of violent acts; it's using some of that data in real-time in an attempt to reveal potential criminal activity. They've even picked a name for their system that echoes DARPA's Total Information Awareness, which I guess is more diplomatic than just calling it Precrime: "The Domain Awareness System will draw data from 911 calls, previous crime reports, license-plate readers, law-enforcement databases, environmental sensors, and roughly 3,000 closed-circuit cameras. It will rely on the New York City Wireless Network (NYCWiN), a high-speed wireless broadband infrastructure that allows city agencies to rapidly transmit data, and used for everything from emergency response to reading meters. Mayor Bloomberg argued that the system isn't an example of Big Brother overstepping the line. 'What you're seeing is what the private sector has used for a long time,' he told Gothamist. 'If you walk around with a cell phone, the cell phone company knows where you are. We're not your mom and pop's police department anymore.'"

Hugh Pickens writes "Rebecca Rosen writes that when hackers broke into Mat Honan's Apple account last week, they couldn't answer his security questions but Apple didn't care and issued a temporary password anyway. This was a company disregarding its own measure, saying, effectively, security questions are a joke and we don't take them very seriously. But even if Apple had required the hackers to answer the questions, it's very likely that the hackers would have been able to find the right answers. 'The answers to the most common security questions — where did you go to high school? what is the name of the first street you lived on? — are often a matter of the public record,' writes Rosen, 'even more easily so today than in the 1980s when security questions evolved as a means of protecting bank accounts.' Part of the problem is that a good security question is hard to design and has to meet four criteria: A good security question should be definitive — there should only be one correct answer; Applicable — the question should be possible to answer for as large a portion of users as possible; Memorable — the user should have little difficulty remembering it; and Safe — it should be difficult to guess or find through research. Unfortunately few questions fit all these criteria and are known only by you. 'Perhaps mother's maiden name was good enough for banking decades ago, but I'm pretty sure anyone with even a modicum of Google skills could figure out my mom's maiden's name,' concludes Rosen. Passwords have reached the end of their useful life adds Bruce Schneier. 'Today, they only work for low-security applications. The secret question is just one manifestation of that fact.'"

wiredmikey writes "Despite its significant user base within enterprises, BlackBerry devices have managed to stay off the radar for malware writers. That may be ending, as four new Zeus-in-the-mobile (Zitmo) samples targeting BlackBerry users in Germany, Spain, and Italy have been found. Zitmo, which hit Android devices back in July 2011, refers to a version of the Zeus malware that specifically targets mobile devices. Denis Maslennikov, a security researcher at Kaspersky Lab, also identified a new Zitmo variant for Android using the same command and control (C&C) numbers as the BlackBerry versions. While previous Android variants have been primitive, the latest .apk dropper, which shows up as an app 'Zertifikat,' looks 'more similar to "classic" Zitmo,' he said. When executed, it displays a message in German that the installation was successful, along with an activation code. The Android sample also included a self-issued certificate that indicates it was developed less than a month ago."

TheNextCorner writes "With more data moving into the cloud, there is an increasing danger of data loss when one of these cloud computing data centers fails. Hurricanes pose a real threat to infrastructure located in Virginia and North Carolina, where Google, Apple & Facebook have opened large data centers. 'Where would the most damaging hit be? It's debatable, but the most detrimental hit may be in Virginia. Amazon Web Services (AWS) has one of their major centers in Northern Virginia. ... In a study involving millions of people, a third of those surveyed reported visiting a website every day that used Amazon's infrastructure. In 2011, Amazon's S3 cloud stored 762 billion objects. It's possible that Amazon's cloud alone holds an entire 1% of the Internet.' Could a category 5 Hurricane become a problem for these cloud data centers and take down parts the Internet?"

twoheadedboy writes "After being hit by a '72-hour' DDoS in May, WikiLeaks is claiming to be under attack yet again. All its sites appear to be down and fingers have already been pointed at government entities. WikiLeaks, posting on Twitter, said it had its suspicions of why it was being targeted. It was either because of its ongoing releases related to Stratfor and Syria, or because of an upcoming release, Julian Assange's organization speculated. The fact that everyone is currently engrossed in the Olympics may have given attackers good reason to target the websites right now, WikiLeaks said."

Lucas123 writes "Over the past three years, about 21 million patients have had their unencrypted medical records exposed in data security breaches that were big enough to require they be reported to the federal government. Each of the 477 breaches that were reported to the Office for Civil Rights (OCR) involved 500 or more patients, which the government posts on what the industry calls 'The Wall of Shame.' About 55,000 other breach reports involving fewer than 500 records where also reported to the OCR. Among the largest breaches reported was TRICARE Management Activity, the Department of Defense's health care program, which reported 4.9 million records lost when backup tapes went missing. Another five breaches involved 1 million or more records each. Yet, only two of the organizations involved in the breaches have been fined by the federal government."

netbuzz writes "Employment research firm Foote Partners says U.S. labor statistics from last month reveal an increase of some 18,200 jobs in IT, which represents the largest such monthly jump since 2008. 'The overall employment situation in the U.S. is lackluster, in fact this is the fifth consecutive month of subpar results,' says David Foote. 'But the fact that more than 18,000 new jobs were created last month for people with significant IT skills and experience — and nearly 57,000 new jobs added in the past three months — is incredibly good news.'"

Sparrowvsrevolution writes "Every day or so of the last six months, Carnegie Mellon computer security professor Nicolas Christin has crawled and scraped Silk Road, the Tor- and Bitcoin-based underground online market for illegal drug sales. Now Christin has released a paper (PDF) on his findings, which show that the site's business is booming: its number of sellers, who offer everything from cocaine to ecstasy, has jumped from around 300 in February to more than 550. Its total sales now add up to around $1.9 million a month. And its operators generate more than $6,000 a day in commissions for themselves, compared with around $2,500 in February. Most surprising, perhaps, is that buyers rate the sellers on the site as relatively trustworthy, despite the fact that no real identities are used. Close to 98% of ratings on the site are positive."

waderoush writes "PARC research fellow Van Jacobson argues that the Internet was never designed to carry exabytes of video, voice, and image data to consumers' homes and mobile devices, and that it will never be possible to increase bandwidth fast enough to keep up with demand. In fact, he thinks that the Internet has outgrown its original underpinnings as a network built on physical addresses, and that it's time to put aside TCP/IP and start over with a completely novel approach to naming, storing, and moving data. The fundamental idea behind Jacobson's alternative proposal — Content Centric Networking — is that to retrieve a piece of data, you should only have to care about what you want, not where it's stored. If implemented, the idea might undermine many current business models in the software and digital content industries — while at the same time creating new ones. In other words, it's exactly the kind of revolutionary idea that has remade Silicon Valley at least four times since the 1960s."

sweetpea86 writes "Mekong Development has become the first bank in Vietnam to launch fingerprint authentication enabled debit cards. Fingerprints are captured by Mekong Development at the point of opening an account, and then can be used, instead of a pin, to access funds. Not only has Mekong's account base tripled through the use of fingerprint technology since its launch in June, but the deposit balance per debit card account is two times higher than a regular account."

An anonymous reader writes "In a new study, Barracuda Labs analyzed a random sampling of more than 70,000 fake Twitter accounts that are being used to sell fake Twitter followers. They also analyzed some of the people that are using such fake followers including the recent example of U.S. presidential candidate Mitt Romney's Twitter account. Between Facebook's 10-Q filing stating that 83 million of its accounts are fake, to Mitt Romney's Twitter account recently falling under scrutiny for suspicious followings, fake social network profiles are a hot topic at the moment. And these fake profiles are at the center of a very vibrant and growing underground economy. This underground economy consists of dealers who create and sell the use of thousands of fake social accounts, and abusers who buy follows or likes from these fake accounts to boost their perceived popularity, sell advertising based on their now large social audience or conduct other malicious activity."

Nerval's Lobster writes "Between 4:52 and 5:12 on August 3, attackers used Wired writer Mat Honan's Apple ID to wipe his MacBook, before seizing control of his Gmail and other online identities ('My accounts were daisy-chained together,' he wrote in an Aug. 6 postmortem on Wired), and posting a message on Twitter for all to see: 'Clan Vv3 and Phobia hacked this twitter.' In the wake of Honan's high-profile hack, there are some key takeaways. Even if a typical user can't prevent a social-engineering attack on the company hosting their cloud account, they can armor their online life in ways that make attacks more difficult. First, two-factor authentication can prevent an attacker from seizing control of those vital 'hub' accounts (such as Gmail) where users tend to store much of their most vital information. Google offers two-step verification for signing in, as does Facebook. The truly security-conscious can also uncouple their cloud accounts; for example, making sure that iCloud and iTunes use two different sets of credentials. That might rob daily life in the cloud of some of its convenience, but it could also make you a harder target." Update: 08/08 01:17 GMT by S : This high-profile security breach has had an impact already: Apple has suspended password resets through customer support, and Amazon no longer lets users call in to change account settings.

coondoggie writes with word that a "group of researchers is proposing a sensor that would authenticate mobile and wearable computer systems by using the unique electrical properties of a person's body to recognize their identity. In a paper [presented Monday] at the USENIX Workshop on Health Security and Privacy, researchers from Dartmouth University Institute for Security, Technology, and Society defined this security sensor device, known as Amulet, as a 'piece of jewelry, not unlike a watch, that would contain small electrodes to measure bioimpedance — a measure of how the body's tissues oppose a tiny applied alternating current- and learns how a person's body uniquely responds to alternating current of different frequencies.'"