Forgot your password?
typodupeerror
Australia

Australian Telcos Declare SMS Unsafe For Bank Transactions 42

Posted by timothy
from the txt-me-ok? dept.
littlekorea writes "Australia's telcos have declared that SMS technology should not be used by banks to verify identities for online banking transactions, in a bid to wash their hands of culpability for phone porting hacks. But three of Australia's largest four banks insist they will continue to use SMS messages to carry authentication codes for transactions."
Security

$50,000 Zero-Day Exploit Evades Adobe's Sandbox, Say Russian Analysts 56

Posted by timothy
from the kicking-sand-in-your-face dept.
tsu doh nimh writes with this excerpt from Krebs on Security: "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they've discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X — Adobe introduced a 'sandbox' feature aimed at blocking the exploitation of previously unidentified security holes in its software, and until now that protection has held its ground. Adobe, meanwhile, says it has not yet been able to verify the zero-day claims."
Government

Bradley Manning Offers Partial Guilty Plea To Military Court 380

Posted by timothy
from the ok-but-you-had-it-coming dept.
concealment writes "During a pre-trial hearing in military court today, [alleged Wikileaks source Bradley] Manning's attorney, David Coombs, proposed a partial guilty plea covering a subset of the slew of criminal charges that the U.S. Army has lodged against him. "Manning is attempting to accept responsibility for offenses that are encapsulated within, or are a subset of, the charged offenses," Coombs wrote on his blog this evening. "The court will consider whether this is a permissible plea.""
Medicine

Man Charged £2,000 For Medical Records Stored On Obsolete System 368

Posted by Soulskill
from the boy-that-costs-a-ton dept.
An anonymous reader writes "In Britain, where it is custom and practice to charge around £10 for a copy of your medical results, a patient has discovered that his copy will cost him £2,000 because the records are stored on an obsolete system that the current IT systems cannot access. Can this be good for patient care if no-one can access records dating back from a previous filing system? Perhaps we need to require all current systems to store data in a way that is vendor independent, and DRM-free, too?"
Security

The Web Won't Be Safe Or Secure Until We Break It 180

Posted by Soulskill
from the i'll-get-the-hammer dept.
CowboyRobot writes "Jeremiah Grossman of Whitehat Security has an article at the ACM in which he outlines the current state of browser security, specifically drive-by downloads. 'These attacks are primarily written with HTML, CSS, and JavaScript, so they are not identifiable as malware by antivirus software in the classic sense. They take advantage of the flawed way in which the Internet was designed to work.' Grossman's proposed solution is to make the desktop browser more like its mobile cousins. 'By adopting a similar application model on the desktop using custom-configured Web browsers (let's call them DesktopApps), we could address the Internet's inherent security flaws. These DesktopApps could be branded appropriately and designed to launch automatically to Bank of America's or Facebook's Web site, for example, and go no further. Like their mobile application cousins, these DesktopApps would not present an URL bar or anything else making them look like the Web browsers they are on the surface, and of course they would be isolated from one another.'"
Security

Google Security Engineer Issues Sophos Warning 89

Posted by Soulskill
from the you-have-been-called-out dept.
angry tapir writes "Google security engineer Tavis Ormandy discovered several flaws in Sophos antivirus and says the product should be kept away from high value information systems unless the company can avoid easy mistakes and issue patches faster. Ormandy has released a scathing 30-page analysis (PDF) 'Sophail: Applied attacks against Sophos Antivirus,' in which he details several flaws 'caused by poor development practices and coding standards,' topped off by the company's sluggishly response to the warning he had working exploits for those flaws. One of the exploits Ormandy details is for a flaw in Sophos' on-access scanner, which could be used to unleash a worm on a network simply by targeting a company receiving an attack email via Outlook. Although the example he provided was on a Mac, the 'wormable, pre-authentication, zero-interaction, remote root' affected all platforms running Sophos. (Ormandy released the paper as an independent researcher, not in his role as a Google employee.)"
Image

Voting Machine Problem Reports Already Rolling In 386

Posted by Soulskill
from the let-the-conspiracy-nuttery-commence dept.
Several readers have submitted news of the inevitable problems involved with trying to securely collect information from tens of millions of people on the same day. A video is making the rounds of a touchscreen voting machine registering a vote for Mitt Romney when Barack Obama was selected. A North Carolina newspaper is reporting that votes for Romney are being switched to Obama. Voters are being encouraged to check and double-check that their votes are recorded accurately. In Ohio, some recently-installed election software got a pass from a District Court Judge. In Galveston County, Texas, poll workers didn't start their computer systems early enough to be ready for the opening of the polls, which led to a court order requiring the stations to be open for an extra two hours at night. Yesterday we discussed how people in New Jersey who were displaced by the storm would be allowed to vote via email; not only are some of the emails bouncing, but voters are being directed to request ballots from a county clerk's personal Hotmail account. If only vote machines were as secure as slot machines. Of course, there's still the good, old fashioned analog problems; workers tampering with ballots, voters being told they can vote tomorrow, and people leaving after excessively long wait times.
Cloud

Gate One 1.1 Released: Run Vim In Your Browser 150

Posted by timothy
from the until-it's-included-in-the-browser dept.
Riskable writes "Version 1.1 of Gate One (HTML5 terminal emulator/SSH client) was just released (download). New features include security enhancements, major performance improvements, mobile browser support, improved terminal emulation, automatic syntax highlighting of syslog messages, PDFs can now be captured/displayed just like images, Python 3 support, Internet Explorer (10) support, and quite a lot more (full release notes). There's also a new demo where you can try out vim in your browser, play terminal games (nethack, vitetris, adventure, zangband, battlestar, greed, robotfindskitten, and hangman), surf the web in lynx, and a useful suite of IPv6-enabled network tools (ping, traceroute, nmap, dig, and a domain name checker)." Gate One is dual licensed (AGPLv3/Commercial Licensing); for individuals, it's pay-as-you-please.
Networking

Welsh Scientists Radically Increase Fiber Broadband Speeds With COTS Parts 72

Posted by timothy
from the believe-it-when-it-appears-in-your-home dept.
Mark.JUK writes "Scientists working under an EU funded (3 Million Euros) project out of Bangor University in Wales (United Kingdom) have developed a commercially-exploitable way of boosting broadband speeds over end-user fibre optic lines by using Optical Orthogonal Frequency Division Multiplexing (OOFDM) technology, which splits a laser down to multiple different optical frequencies (each of which can be used to carry data), and low-cost off-the-shelf components. The scientists claim that their solution has the ability to 'increase broadband transmission by up to two thousand times the current speed and capacity' (most UK Fibre-to-the-Home or similar services currently offer less than 100 Megabits per second) and it can do this alongside a 'significant reduction in electrical power consumption.'"
Businesses

GM Brings IT Dev Back In House; Self-Driving Caddy In the Works 171

Posted by timothy
from the oh-christine dept.
dstates writes "Want a good job in IT? Detroit of all places may be the place to be. GM is bringing IT development back in house to speed innovation. Among other initiatives, a self driving Cadillac is planned by mid decade. Ford is also actively developing driver assist technology and is betting big on voice recognition. Ann Arbor has thousands of smart cars wirelessly connected on the road. Think about all those aging baby boomers with houses in the burbs and no desire to move as their vision and reflexes decline. The smart car is a huge market. Seriously, Detroit and SE Michigan have good jobs, great universities, cheap housing and easy access to great sports and outdoors activities."
Encryption

Attack Steals Crypto Key From Co-Located Virtual Machines 73

Posted by Unknown Lamer
from the can't-patch-that dept.
Gunkerty Jeb writes "Side-channel attacks against cryptography keys have, until now, been limited to physical machines. Researchers have long made accurate determinations about crypto keys by studying anything from variations in power consumption to measuring how long it takes for a computation to complete. A team of researchers from the University of North Carolina, University of Wisconsin, and RSA Security has ramped up the stakes, having proved in controlled conditions (PDF) that it's possible to steal a crypto key from a virtual machine. The implications for sensitive transactions carried out on public cloud infrastructures could be severe should an attacker land his malicious virtual machine on the same physical host as the victim. Research has already been conducted on how to map a cloud infrastructure and identify where a target virtual machine is likely to be."
Programming

What's the Shelf Life of a Programmer? 388

Posted by samzenpus
from the ending-the-game dept.
Esther Schindler writes "Why is it that young developers imagine that older programmers can't program in a modern environment? Too many of us of a 'certain age' are facing an IT work environment that is hostile to older workers. Lately, Steven Vaughan-Nichols has been been noticing that the old meme about how grandpa can't understand iPhones, Linux, or the cloud is showing up more often even as it's becoming increasingly irrelevant. The truth is: Many older developers are every bit as good as young programmers, and he cites plenty of example of still-relevant geeks to prove it. And he writes, 'Sadly, while that should have put an end to the idea that long hours are a fact of IT life, this remnant of our factory-line past lingers both in high tech and in other industries. But what really matters is who's productive and who's not.'"
Businesses

Should Hacked Companies Disclose Their Losses? 68

Posted by samzenpus
from the what-did-you-lose? dept.
derekmead writes "By law, US companies don't have to say a word about hacker attacks, regardless of how much it might've cost their bottom line. Comment, the group of Chinese hackers suspected in the recent-reported Coke breach, also broke into the computers of the world's largest steel company, ArcelorMittal. ArcelorMittal doesn't know exactly how much was stolen and didn't think it was relevant to share news of the attack with its shareholders. Same goes for Lockheed Martin who fended off a 'significant and tenacious' attack last May but failed to disclose the details to investors and the Securities Exchange Commission. Dupont got hit twice by Chinese hackers in 2009 and 2010 and didn't say a word. Former U.S. counterintelligence chief Joel Brenner recently said that over 2,000 companies, ISPs and research centers had been hit by Chinese hackers in the past decade and few of them told their shareholders about it. This is even after the SEC has made multiple requests for companies to come clean about cyber security breaches in their quarterly or annual earnings reports. Because the potential losses, do hacked companies have a responsibility to report security breaches to investors?"

While money doesn't buy love, it puts you in a great bargaining position.

Working...