Forgot your password?
typodupeerror

Slashdot is powered by your submissions, so send in your scoop

Security

Nike+ FuelBand: Possibly a Big Security Hole For Your Life 162

Posted by Soulskill
from the youtube-generation-wouldn't-even-flinch dept.
MojoKid writes "Nike+ FuelBand is a $149 wristband with LED display that tracks your daily activity, tells you how many calories you've burned, lets you know how much fuel you have left in the tank, and basically keeps track of 'every move you make.' If you think that sounds like a privacy nightmare waiting to happen, it pretty much is. A source directly connected to Nike reported an amusing, albeit startling anecdote about a guy who got caught cheating on his girlfriend because of the Nike+ FuelBand. 'They shared their activity between each other and she noticed he was active at 1-2AM, when he was supposed to be home.' That's just one scenario. What if the wristband gets lost or stolen? How much data is actually stored on these sorts of devices? And remember, you're syncing it to the cloud with an iOS or Android app."
Security

Critical Vulnerabilities In Call of Duty: Modern Warfare 3, CryEngine 3 77

Posted by Soulskill
from the can't-even-trust-games-anymore dept.
hypnosec writes with news that two security consultants have found vulnerabilities in Call of Duty: Modern Warfare 3 and the CryEngine 3 graphics engine that could harm game makers and players alike. Presenting at the Power of Community (POC2012) security conference, the researchers demonstrated how a denial-of-service attack could affect Modern Warfare 3, and how a server-level attack on CryEngine 3 allowed them to "create a remote shell on a game-player's computer." "'Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server,' Ferrante said. In general, game companies don't seem to be very focused on security but rather on performance of the game itself, Ferrante said. Adding security checks can slow down games, and if the companies don't deem the problem a very critical issue, it will usually be ignored. 'These are games that have a very large market,' Auriemma said."
Security

Blizzard Sued Over Battle.net Authentication 217

Posted by Soulskill
from the did-you-try-googling-your-problem-first dept.
An anonymous reader writes "A man has initiated a class-action suit against Blizzard over a product used to shore up Battle.net security. Benjamin Bell alleges that Blizzard's sale of Authenticators — devices that enable basic two-tier authentication — represents deceptive and unfair additional costs to their basic games. (Blizzard sells the key fob versions for $6.50, and provides a free mobile app as an alternative. Neither are mandatory.) The complaint accuses Blizzard of making $26 million in Authenticator sales. In response, Blizzard made a statement refuting some of the complaint's claims and voicing their intention to 'vigorously defend' themselves."
Security

Stuxnet Infected (But Didn't Affect) Chevron Network In 2010 82

Posted by Soulskill
from the collateral-damage dept.
Penurious Penguin writes "The Wall Street Journal, in correspondence with Chevron representatives, reveals that back in 2010, Stuxnet reached Chevron, where it managed to infect — but not significantly affect — the oil giant's network. According to a Chevron representative speaking to CNET, the issue was 'immediately addressed ... without incident.' The Stuxnet worm is believed to be the work of the U.S. and Israel, and this report is confirmation that it struck well wide of its intended targets. Chevron's general manager of the earth sciences department, Mark Koelmel, said to CIO Journal, 'I don't think the U.S. government even realized how far it had spread ... I think the downside of what they did is going to be far worse than what they actually accomplished.'"
Microsoft

Windows 8 Defeats 85% of Malware Detected In the Past 6 Months 299

Posted by timothy
from the it's-like-voltron dept.
An anonymous reader writes "Now that Windows 8 is on sale and has already been purchased by millions, expect very close scrutiny of Microsoft's latest and greatest security features. 0-day vulnerabilities are already being claimed, but what about the malware that's already out there? When tested against the top threats, Windows 8 is immune to 85 percent of them, and gets infected by 15 percent, according to tests run by BitDefender."
Virtualization

Ask Slashdot: Which Virtual Machine Software For a Beginner? 361

Posted by Soulskill
from the not-the-holodeck dept.
An anonymous reader writes "I am getting ready to start learning the use of virtual machines. What VM software would you recommend? This is for personal use. It would be good to run both Windows VMs and Linux VMs. Early use would be maintaining multiple Windows installs using only one desktop computer with plenty of cores and memory. I would be starting with a Windows host, but probably later switching to a Linux host after I learn more about it. Free is good, but reliability and ease of use are better. What is your preferred choice for a VM beginner? VMware? Xen? VirtualBox? Something else?" It may also be helpful if you can recommend particular VM software for particular uses, or provide some insight on different hosting options.
Republicans

Project Orca: How an IT Disaster Destroyed Republicans' Get-Out-The-Vote Effort 578

Posted by Soulskill
from the whale-of-a-campaign-killer dept.
cheesecake23 writes "Many talking heads have attributed Obama's success to an unmatched 'ground game.' Now, inside reports from campaign volunteers suggest that Project Orca, a Republican, tech-based voter monitoring effort with 37,000 volunteers in swing states, turned out to be an epic failure due to dismal IT. Problems ranged from state-wide incorrect PINs, to misleading and delayed information packets delivered to volunteers, to a server outage and missing redirection of secure URLs."
Communications

Staff Emails Are Not Owned By Firms, UK Judge Rules 111

Posted by Soulskill
from the what-about-their-thoughts dept.
Qedward writes "A high court judge has ruled that companies do not have a general claim of ownership of the content contained in staff emails. The decision creates a potential legal minefield for the terms of staff contracts and an administrative nightmare for IT teams running email servers, back up and storage. The judge ruled businesses do not have an 'enforceable proprietary claim' to staff email content unless that content can be considered to be confidential information belonging to a business, unless business copyright applies to the content, or unless the business has a contractual right of ownership over the content. Justice Edwards-Stuart added it was 'quite impractical and unrealistic' to determine that ownership of the content of emails either belongs exclusively to the creator or the recipient of an email."
IT

What To Do After You Fire a Bad Sysadmin Or Developer 245

Posted by samzenpus
from the cleaning-up-the-mess dept.
Esther Schindler writes "The job of dealing with an under-performing employee doesn't end when the culprit is shown the door. Everyone focuses on security tasks, after you fire the idiot, such as changing passwords, but that's just one part of the To Do list. More important, in the long run, is the cleanup job that needs to be done after you fire the turkey, looking for the hidden messes and security flaws the ex-employee may have left behind. Otherwise, you'll still be cleaning up the problems six months later."
Australia

Australian Telcos Declare SMS Unsafe For Bank Transactions 42

Posted by timothy
from the txt-me-ok? dept.
littlekorea writes "Australia's telcos have declared that SMS technology should not be used by banks to verify identities for online banking transactions, in a bid to wash their hands of culpability for phone porting hacks. But three of Australia's largest four banks insist they will continue to use SMS messages to carry authentication codes for transactions."
Security

$50,000 Zero-Day Exploit Evades Adobe's Sandbox, Say Russian Analysts 56

Posted by timothy
from the kicking-sand-in-your-face dept.
tsu doh nimh writes with this excerpt from Krebs on Security: "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they've discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X — Adobe introduced a 'sandbox' feature aimed at blocking the exploitation of previously unidentified security holes in its software, and until now that protection has held its ground. Adobe, meanwhile, says it has not yet been able to verify the zero-day claims."
Government

Bradley Manning Offers Partial Guilty Plea To Military Court 380

Posted by timothy
from the ok-but-you-had-it-coming dept.
concealment writes "During a pre-trial hearing in military court today, [alleged Wikileaks source Bradley] Manning's attorney, David Coombs, proposed a partial guilty plea covering a subset of the slew of criminal charges that the U.S. Army has lodged against him. "Manning is attempting to accept responsibility for offenses that are encapsulated within, or are a subset of, the charged offenses," Coombs wrote on his blog this evening. "The court will consider whether this is a permissible plea.""
Medicine

Man Charged £2,000 For Medical Records Stored On Obsolete System 368

Posted by Soulskill
from the boy-that-costs-a-ton dept.
An anonymous reader writes "In Britain, where it is custom and practice to charge around £10 for a copy of your medical results, a patient has discovered that his copy will cost him £2,000 because the records are stored on an obsolete system that the current IT systems cannot access. Can this be good for patient care if no-one can access records dating back from a previous filing system? Perhaps we need to require all current systems to store data in a way that is vendor independent, and DRM-free, too?"

Per buck you get more computing action with the small computer. -- R.W. Hamming

Working...