way2trivial writes with this snippet from Information Week about a warning from Microsoft reminding Windows administrators that an update scheduled for October 9th will require a higher standard for digital certificates. "That warning comes as Microsoft prepares to release an automatic security update for Windows on Oct. 9, 2012, that will make longer key lengths mandatory for all digital certificates that touch Windows systems. ... Internet Explorer won't be able to access any website secured using an RSA digital certificate with a key length of less than 1,024 bits. ActiveX controls might be blocked, users might not be able to install applications, and Outlook 2010 won't be able to encrypt or digitally sign emails, or communicate with an Exchange server for SSL/TLS communications."

dgharmon writes with word from the BBC that "A U.S. hacker who sold access to thousands of hijacked home computers has been jailed for 30 months. Joshua Schichtel of Phoenix, Arizona, was sentenced for renting out more than 72,000 PCs that he had taken over using computer viruses." Time is cheap: Schichtel admitted to giving access to those 72,000 computers for $1500.

AdmiralXyz writes "Even the darkest corners of the internet aren't immune to the Web 2.0 boom: BoingBoing reports that 4chan is working on the largest codebase update in its history. The new 4chan will include as standard the functionality of popular browser plugins for using the site, as well as a JSON API so- hooray?- anyone can have immediate access to the contents of 4chan for any purpose they like. This represents a significant update to the heretofore haphazard development process of 4chan, and opens up the possibility of third-party 4chan apps... though probably not on the App Store."

king.purpuriu writes "I'm a computer science high school student, and I'm looking for some work in IT freelancing. I have had a interest in computers and programming for a while, and I began learning on my own before high school. I would like to gain some experience (e.g. what the bulk of the jobs in various markets require, various technologies/frameworks and their usage) and possibly make some money on the side (not expecting too much; at this point, any non-negative amount will do). Key areas are web development, app programming and scripting. What solutions do you recommend? Any tips or tricks of which I should be aware? How should I deal with payment (in terms of fees and commissions; I'm from European country), and what type of work should I seek out? I would also be willing to do some small stuff for free in order to gain experience (small, static sites, small scripts, etc.)."

mpol writes "In the past, WhatsApp has been criticized over their insecure use of XMPP. Recently, new versions of their app have incorporated encryption. It seems the trouble isn't over yet for WhatsApp and its users. Sam Granger writes on his blog that WhatsApp is using IMEI numbers as passwords. This is at least the case with the Android app, but other platforms are probably using similar methods. Since someone's IMEI number is easily readable, this isn't really secret information that should be used for authentication."

mbone writes "A very interesting paper (PDF) has just hit the streets (or, at least, Physics Review Letters) about the Heisenberg uncertainty relationship as it was originally formulated about measurements. The researchers find that they can exceed the uncertainty limit in measurements (although the uncertainty limit in quantum states is still followed, so the foundations of quantum mechanics still appear to be sound.) This is really an attack on quantum entanglement (the correlations imposed between two related particles), and so may have immediate applications in cracking quantum cryptography systems. It may also be easier to read quantum communications without being detected than people originally thought."

First time accepted submitter brocket66 writes with this excerpt from BGR: "Three major revisions of Google's Android operating system have launched since the company released Android 2.3 more than 21 months ago in December 2010, but Gingerbread is still the most widely used version of Android by a wide margin. A study conducted early this year by graphic designer Chris Sauve projected that based on Android adoption trends up to that point, Android 2.3 Gingerbread would be the dominant version of Android in 2012 despite the fact that Android 3.0 Honeycomb and Android 4.0 Ice Cream Sandwich had already been released. Now, as the fourth quarter of 2012 approaches, data from Google's Android version distribution tracker confirms once again that those projections were accurate."

New submitter trokez writes "Symantec has monitored the activities of a group using a specific trojan (Hydraq/Aurora) since 2009. The particular group has been connected (by Symantec) to the attack on Gmail in China, but also other high-profile attacks. 'These attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. These attackers are systematic and re-use components of an infrastructure we have termed the "Elderwood Platform." The term "Elderwood" comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits.' The attacks seems to focus on industry espionage, with the defense industry and its suppliers at the focus."

chicksdaddy writes "A malicious software researcher finds herself in company with First Lady Michelle Obama and science fiction author Neil Gaiman: booted from the Web by hard-headed copyright protection algorithms, according to the Naked Security blog. Mila Parkour, a researcher who operates the Contagio malware blog, said on Thursday that she was kicked off the cloud based hosting service Mediafire, after three files she hosted there were flagged for copyright violations and ordered removed under the terms of the Digital Millennium Copyright Act (DMCA). The files included two compressed and encrypted malicious PDF files linked to Contagio blog posts from 2010. The firm responsible for filing the DMCA take down notice was Paris-based LeakID, which describes itself as a 'digital agency ...founded by experts from the world of radio, television and Internet.' LeakID markets 'Leaksearch,' an 'ownership tool that will alert you within seconds if your content...is being pirated.' According to Parkour, Mediafire received a notice from LeakID claiming that it was 'acting on behalf of the copyright owners,' though the owners and presumed copyrighted content weren't named."

This presentation was given by Joshua Corman at CodenomiCON 2012 in Las Vegas, an invitation-only security mini-conference sponsored by the pen-testing company Codenomicon that ran concurrently with Black Hat USA 2012. Josh is Director, Security Intelligence, for Akamai, and is one of the instigators of Rugged Software. He sympathizes with Anonymous more than with corporate or government forces that are determined to bring order to everything, including the Internet, on their terms. We have no transcript for this video since we only have permission to embed it, not to alter or add to it. But it's well worth watching, including the accompanying slides. And if Joshua Corman is speaking anywhere near you, it's well worth your time to go see him.

supersloshy writes "The launch of the GNOME 3 desktop environment sparked heated debate and criticism. GNOME developers have been listening to the concerns of its users and it is rolling out several significant changes in GNOME 3.6. The message tray, often called hard to use, was made much more visible in addition to being harder to accidentally trigger. The "lock" screen can now optionally control your music player, the system volume, and display notifications so you don't have to type in a password. GNOME will also support different input sources directly instead of requiring an add-on program. Nautilus, the GNOME file browser, is also getting a major face lift with a new, more compact UI, properly working search features, a "move to" and "copy to" option as an alternative to dragging and dropping, and a new "recent files" section. These changes, among many others including improvements to system settings, will be present in GNOME 3.6 when it is released later this month. Any other additions or changes not currently implemented by the GNOME team can be easily applied with only one click at the GNOME Extensions website."

Curseyoukhan writes "Norton released its annual cybercrime report on Wednesday, and the company put the 'direct costs associated with global consumer cybercrime at US $110 billion over the past twelve months.' Last year's report put the total 'at an annual price of $388 billion globally based on financial losses and time lost.' That's more than the estimated value of the global black market in marijuana, cocaine and heroin combined ($288 billion), the report said. But Norton makes no mention of the vast difference in 2011 and 2012 numbers. That's because last year's number was entirely fictitious." Something tells me that the scare-monger number-wavers aren't as embarrassed by this sort of logical deconstruction as they should be.

colinneagle writes with this excerpt from Network World: "If your password management system is to use your 'fingerprint as your master password,' and if your laptop uses UPEK software, then you'll not be happy to know your Windows password is not secure and instead is easily crackable. In fact, 'UPEK's implementation is nothing but a big, glowing security hole compromising (and effectively destroying) the entire security model of Windows accounts.' On the Elcomsoft blog about 'advanced password cracking insight,' Olga Koksharova had bad news for people who thought they were more secure by using biometrics, a UPEK fingerprint reader, instead of relying on a password. UPEK stores Windows account passwords in the registry 'almost in plain text, barely scrambled but not encrypted.' It's not just a few that are susceptible to hacking. 'All laptops equipped with UPEK fingerprint readers and running UPEK Protector Suite are susceptible. If you ever registered your fingerprints with UPEK Protector Suite for accelerated Windows login and typed your account password there, you are at risk.'"

An anonymous reader writes "The Raspberry Pi finally saw a release on February 29 this year and is thought to have sold 200,000 units, with a million expected to ship before the year is over. That's a lot of tiny PCs, but it's also been an opportunity for owners to feedback any problems or tweaks they'd like made to the board. The Raspberry Pi Foundation has taken the feedback on board and today announced a revised design is being put into production. The new Raspberry Pi, known as revision 2.0 PCB, is expected to start shipping in the next few weeks. The revision includes a number of changes, but is essentially the same board. To summarize it includes a new reset circuit, a replacement for the reset fuses allowing for more reliable USB hub power, two GPIO pin changes for JTAG debug support, four redundant GPIO signals have been removed, and a new connector has been added for attaching a range of boards including a clock or audio codec. Two of the more easily noticeable changes include a fix that stops the HDMI connection interfering with certain operations of the Raspberry Pi, and the addition of two 2.5mm mounting holes to allow for easier mounting."

SchrodingerZ writes "Scientists from around the world have collaborated to achieve quantum teleportation over 143 kilometers in free space. Quantum information was sent between the Canary Islands of La Palma and Tenerife. Quantum teleportation is not how it is made out in Star Trek, though. Instead of sending an object (in this case a photon) from one location to another; the information of its quantum state is sent, making a photon on the other end look identical to the original. 'Teleportation across 143 kilometres is a crucial milestone in this research, since that is roughly the minimum distance between the ground and orbiting satellites.' It is the hope of the research team that this experiment will lead to commercial use of quantum teleportation to interact with satellites and ground stations. This will increase the efficiency of satellite communication and help with the expansion of quantum internet usage. The full paper on the experiment can be found [note: abstract only, full article paywalled] in the journal Nature."