An anonymous reader writes "Now that Windows 8 is on sale and has already been purchased by millions, expect very close scrutiny of Microsoft's latest and greatest security features. 0-day vulnerabilities are already being claimed, but what about the malware that's already out there? When tested against the top threats, Windows 8 is immune to 85 percent of them, and gets infected by 15 percent, according to tests run by BitDefender."
Catch up on stories from the past week (and beyond) at the Slashdot story archive
An anonymous reader writes "I am getting ready to start learning the use of virtual machines. What VM software would you recommend? This is for personal use. It would be good to run both Windows VMs and Linux VMs. Early use would be maintaining multiple Windows installs using only one desktop computer with plenty of cores and memory. I would be starting with a Windows host, but probably later switching to a Linux host after I learn more about it. Free is good, but reliability and ease of use are better. What is your preferred choice for a VM beginner? VMware? Xen? VirtualBox? Something else?" It may also be helpful if you can recommend particular VM software for particular uses, or provide some insight on different hosting options.
cheesecake23 writes "Many talking heads have attributed Obama's success to an unmatched 'ground game.' Now, inside reports from campaign volunteers suggest that Project Orca, a Republican, tech-based voter monitoring effort with 37,000 volunteers in swing states, turned out to be an epic failure due to dismal IT. Problems ranged from state-wide incorrect PINs, to misleading and delayed information packets delivered to volunteers, to a server outage and missing redirection of secure URLs."
Qedward writes "A high court judge has ruled that companies do not have a general claim of ownership of the content contained in staff emails. The decision creates a potential legal minefield for the terms of staff contracts and an administrative nightmare for IT teams running email servers, back up and storage. The judge ruled businesses do not have an 'enforceable proprietary claim' to staff email content unless that content can be considered to be confidential information belonging to a business, unless business copyright applies to the content, or unless the business has a contractual right of ownership over the content. Justice Edwards-Stuart added it was 'quite impractical and unrealistic' to determine that ownership of the content of emails either belongs exclusively to the creator or the recipient of an email."
Esther Schindler writes "The job of dealing with an under-performing employee doesn't end when the culprit is shown the door. Everyone focuses on security tasks, after you fire the idiot, such as changing passwords, but that's just one part of the To Do list. More important, in the long run, is the cleanup job that needs to be done after you fire the turkey, looking for the hidden messes and security flaws the ex-employee may have left behind. Otherwise, you'll still be cleaning up the problems six months later."
littlekorea writes "Australia's telcos have declared that SMS technology should not be used by banks to verify identities for online banking transactions, in a bid to wash their hands of culpability for phone porting hacks. But three of Australia's largest four banks insist they will continue to use SMS messages to carry authentication codes for transactions."
coondoggie writes "NASA said today it had teamed with the European Space Agency to successfully test an experimental version of an 'interplanetary Internet' to control a robot on the ground in Germany from a laptop onboard the International Space Station."
An anonymous reader writes "The Apache Foundation revealed in Sinsheim, Germany their plans for a cloud version of OpenOffice.org based on HTML5. Chinese and German engineers use OpenOffice in 'headless' mode as a base."
tsu doh nimh writes with this excerpt from Krebs on Security: "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they've discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X — Adobe introduced a 'sandbox' feature aimed at blocking the exploitation of previously unidentified security holes in its software, and until now that protection has held its ground. Adobe, meanwhile, says it has not yet been able to verify the zero-day claims."
concealment writes "During a pre-trial hearing in military court today, [alleged Wikileaks source Bradley] Manning's attorney, David Coombs, proposed a partial guilty plea covering a subset of the slew of criminal charges that the U.S. Army has lodged against him. "Manning is attempting to accept responsibility for offenses that are encapsulated within, or are a subset of, the charged offenses," Coombs wrote on his blog this evening. "The court will consider whether this is a permissible plea.""
An anonymous reader writes "In Britain, where it is custom and practice to charge around £10 for a copy of your medical results, a patient has discovered that his copy will cost him £2,000 because the records are stored on an obsolete system that the current IT systems cannot access. Can this be good for patient care if no-one can access records dating back from a previous filing system? Perhaps we need to require all current systems to store data in a way that is vendor independent, and DRM-free, too?"
angry tapir writes "Google security engineer Tavis Ormandy discovered several flaws in Sophos antivirus and says the product should be kept away from high value information systems unless the company can avoid easy mistakes and issue patches faster. Ormandy has released a scathing 30-page analysis (PDF) 'Sophail: Applied attacks against Sophos Antivirus,' in which he details several flaws 'caused by poor development practices and coding standards,' topped off by the company's sluggishly response to the warning he had working exploits for those flaws. One of the exploits Ormandy details is for a flaw in Sophos' on-access scanner, which could be used to unleash a worm on a network simply by targeting a company receiving an attack email via Outlook. Although the example he provided was on a Mac, the 'wormable, pre-authentication, zero-interaction, remote root' affected all platforms running Sophos. (Ormandy released the paper as an independent researcher, not in his role as a Google employee.)"
Several readers have submitted news of the inevitable problems involved with trying to securely collect information from tens of millions of people on the same day. A video is making the rounds of a touchscreen voting machine registering a vote for Mitt Romney when Barack Obama was selected. A North Carolina newspaper is reporting that votes for Romney are being switched to Obama. Voters are being encouraged to check and double-check that their votes are recorded accurately. In Ohio, some recently-installed election software got a pass from a District Court Judge. In Galveston County, Texas, poll workers didn't start their computer systems early enough to be ready for the opening of the polls, which led to a court order requiring the stations to be open for an extra two hours at night. Yesterday we discussed how people in New Jersey who were displaced by the storm would be allowed to vote via email; not only are some of the emails bouncing, but voters are being directed to request ballots from a county clerk's personal Hotmail account. If only vote machines were as secure as slot machines. Of course, there's still the good, old fashioned analog problems; workers tampering with ballots, voters being told they can vote tomorrow, and people leaving after excessively long wait times.
Riskable writes "Version 1.1 of Gate One (HTML5 terminal emulator/SSH client) was just released (download). New features include security enhancements, major performance improvements, mobile browser support, improved terminal emulation, automatic syntax highlighting of syslog messages, PDFs can now be captured/displayed just like images, Python 3 support, Internet Explorer (10) support, and quite a lot more (full release notes). There's also a new demo where you can try out vim in your browser, play terminal games (nethack, vitetris, adventure, zangband, battlestar, greed, robotfindskitten, and hangman), surf the web in lynx, and a useful suite of IPv6-enabled network tools (ping, traceroute, nmap, dig, and a domain name checker)." Gate One is dual licensed (AGPLv3/Commercial Licensing); for individuals, it's pay-as-you-please.