Trailrunner7 writes "Facebook this week will begin turning on secure browsing by default for its millions of users in North America. The change will make HTTPS the default connection option for all Facebook sessions for those users, a shift that gives them a good baseline level of security and will help prevent some common attacks. Facebook users have had the option of turning on HTTPS since early 2011 when the company reacted to attention surrounding the Firesheep attacks. However, the technology was not enabled by default and users have had to opt-in and manually make the change in order to get the better protection of HTTPS."
Catch up on stories from the past week (and beyond) at the Slashdot story archive
CowboyRobot writes "While many mobile payments startups are using both traditional and nontraditional authentication methods, regulatory uncertainty still exists around liability for fraud attacks on customers using mobile payments. Although there haven't been any public attacks from fraudsters on alternative mobile payments providers such as Square, LevelUp or Dwolla, anecdotal stories are already circulating among security experts and regulators of such attacks. One thing that still has to be worked out in this area is regulatory oversight. 'The regulators are not yet clear who owns the regulatory oversight for these environments. These technologies tend to fall through the cracks even in terms of card-present or card-not-present.'"
hypnosec writes "The FreeBSD project has suffered a security breach. Hackers have successfully compromised servers that were part of the infrastructure used to build third-party software packages. The Security team over at the FreeBSD project is of the opinion that hackers were able to gain access to the servers using legitimate SSH keys and not by exploiting any operating system vulnerabilities. Instances of intrusion were first detected on November 11. FreeBSD project, through a message on public announcements mailing list said that the security breach hasn't affected the project's core components like kernel or system libraries but, has affected third-party software packages being distributed by the project."
An anonymous reader writes "The IT security pioneer John McAfee has launched a blog to document his life on the lam, as Belize police chase him down for suspicion of killing a neighbor. McAfee is using the blog to state his case, raise suspicions about Belize authorities and to offer a $25K reward to find the real killer or killers. From the article: 'McAfee writes that he is on run with a 20-year-old female named Sam, photos of whom are in the blog, along with a post from her. McAfee says a handful of friends and associates have been rounded up by police over the past week or so. His posts are filled with dramatic descriptions of his actions (including returning to his home in disguise to find police digging up his dead dogs and cutting off their heads) and lay bare his suspicions about Belize authorities. '"
hessian writes in with a story about the arbitrary and often outdated online decency standards being imposed by companies."A bastion of openness and counterculture, Silicon Valley imagines itself as the un-Chick-fil-A. But its hyper-tolerant facade often masks deeply conservative, outdated norms that digital culture discreetly imposes on billions of technology users worldwide. What is the vehicle for this new prudishness? Dour, one-dimensional algorithms, the mathematical constructs that automatically determine the limits of what is culturally acceptable. Consider just a few recent kerfuffles. In early September, The New Yorker found its Facebook page blocked for violating the site’s nudity and sex standards. Its offense: a cartoon of Adam and Eve in the Garden of Eden. Eve’s bared nipples failed Facebook’s decency test."
symbolset writes "As reported on The Verge, many people are experiencing freezing, rebooting and battery problems on their new Windows Phone 8 devices. This WP8Central thread shows many of the issues. Affected devices include Lumia 920 and HTC 8X." Every phone and every OS has its problems, and happy users probably aren't as vocal; it would be good to know how Windows Phone users who are also iOS and Android users compare them for reliability.
Freddybear writes "If your computer has been cracked and subverted for use by a botnet or other remote-access attack, is it legal for you to hack back into the system from which the attack originated? Over the last couple of years three legal scholars and bloggers have debated the question on The Volokh Conspiracy weblog. The linked webpage collects that debate into a coherent document. 'The debaters are:
- Stewart Baker, a former official at the National Security Agency and the Department of Homeland Security, a partner at Steptoe & Johnson with a large cybersecurity practice. Stewart Baker makes the policy case for counterhacking and challenges the traditional view of what remedies are authorized by the language of the CFAA.
- Orin Kerr, Fred C. Stevenson Research Professor of Law at George Washington School of Law, a former computer crimes prosecutor, and one of the most respected computer crime scholars. Orin Kerr defends the traditional view of the Act against both Stewart Baker and Eugene Volokh.
- Eugene Volokh, Gary T. Schwartz Professor of Law at UCLA School of Law, founder of the Volokh Conspiracy, and a sophisticated technology lawyer, presents a challenge grounded in common law understandings of trespass and tort.'"
An anonymous reader writes "Windows 8 may block most malware out of the box, but there is still malware out there that thwarts Microsoft's latest and greatest. A new Trojan variant, detected as Backdoor.Makadocs and spread via RTF and Microsoft Word document marked as Trojan.Dropper, has been discovered that not only adds a clause to target Windows 8 and Windows Server 2012, but also uses Google Docs as a proxy server to phone home to its Command & Control (C&C) server."
An anonymous reader writes "On Thursday, Anonymous reported that it took down close to 40 Israeli government and security establishment websites, although the single website that they presented as having been attacked belonged to a security and cleaning services company. The report came after Likud MK Danny Danon announced earlier in the week that his website had been taken down by a group calling itself TeaM KuWaiT HaCkErS. Danon's website had been hosting an online petition calling for the Israeli government to cut off the supply of electricity going from Israel to Gaza. " A report at Russia Today puts the number at "hundreds" of sites, instead.
An anonymous reader writes "Following recent compromises of the Linux kernel.org and Sourceforge, the FreeBSD Project is now reporting that several machines have been broken into. After a brief outage, ftp.FreeBSD.org and other services appear to be back. The project announcement states that some deprecated services (e.g., cvsup) may be removed rather than restored. Users are advised to check for packages downloaded between certain dates and replace them, although not because known trojans have been found, but rather because the project has not yet been able to confirm that they could not exist. Apparently initial access was via a stolen SSH key, but fortunately the project's clusters were partitioned so that the effects were limited. The announcement contains more detailed information — and we are left wondering, would proprietary companies that get broken into so forthcoming? Should they be?"
McGruber writes "The Associated Press is reporting that the U.S. Justice Department is suing eBay for allegedly agreeing with Intuit not to hire each other's employees. According to the article, 'eBay's agreement with Intuit hurt employees by lowering the salaries and benefits they might have received and deprived them of better job opportunities at the other company,' said acting Assistant Attorney General Joseph Wayland, who is in charge of the Justice Department's antitrust division. The division 'has consistently taken the position that these kinds of agreements are per se (on their face) unlawful under antitrust laws.'"
MojoKid writes "iOS 6, by all appearances, has a streaming problem. This is separate from the network issues that led Verizon to state that it wouldn't bill people for overages that were caused by spotty Wi-Fi connectivity. The issue has been detailed at PRX.org with information on how the team saw a huge spike in bandwidth usage after the release of iOS 6, and then carefully tested the behavior of devices and its own app to narrow the possible cause. In one case, the playback of a single 30MB episode caused the transfer of over 100MB of data. It is believed that the issue was solved with the release of iOS 6.0.1, but anecdotal evidence from readers points to continued incidents of high data usage, even after updating. If you own an iPhone 5 or upgraded to iOS 6 on an older device, it is strongly recommend to check your usage over the past two months, update to iOS 6.0.1, and plan for a lengthy discussion with your carrier if it turns out your data use went through the roof."
Hugh Pickens writes "For years lawmakers had heard warnings about holes in corporate and government systems that imperil U.S. economic and national security. Now Ward Carroll writes that in the face of what most experts label as a potential 'Cyber Pearl Harbor' threat, Republicans have stalled the Cybersecurity Act of 2012 with a Senate vote of 51–47 against the legislation. This drew a quick response from the staff of Secretary of Defense Leon Panetta: 'The U.S. defense strategy calls for greater investments in cybersecurity measures, and we will continue to explore ways to defend the nation against cyber threats,' says DoD spokesman George Little. 'If the Congress neglects to address this security problem urgently, the consequences could be devastating.' Many Senate Republicans took their cues from the U.S. Chamber of Commerce and businesses that framed the debate not as a matter of national security, but rather as a battle between free enterprise and an overreaching government. They wanted to let companies determine whether it would be more cost effective — absent liability laws around cyber attacks — to invest in the hardware, software, and manpower required to effectively prevent cyber attacks, or to simply weather attacks and fix what breaks afterwards. 'Until someone can argue both the national security and the economic parts of it, you're going to have these dividing forces,' says Melissa Hathaway, a White House cyber official in the Bush and Obama administrations. 'Most likely, big industry is going to win because at the end of the day our economy is still in trouble.'"
Dupple writes in with a story about the uncertain future of a proposed bio lab in the heart of cattle country. "Plans to build one of the world's most secure laboratories in the heart of rural America have run into difficulties. The National Bio and Agro defense facility (NBAF) would be the first US lab able to research diseases like foot and mouth in large animals. But reviews have raised worries about virus escapes in the middle of cattle country. For over fifty years the United States has carried out research on dangerous animal diseases at Plum Island, just off the coast of New York. However after 9/11 the Department of Homeland Security raised concerns about the suitability of the location and its vulnerability to terrorist attack."
OverTheGeicoE writes "The Homeland Security Subcommittee on Transportation Security held a hearing on TSA's recent decision to move X-ray body scanners from major airports to smaller ones, which the subcommittee refers to as a 'Scanner Shuffle.' John Sanders, TSA's assistant administrator for security capabilities, testified that 91 scanners recently removed from major airports were now in storage due to 'privacy concerns.' Although TSA originally planned to relocate the scanners to smaller airports, those plans have been shelved because smaller airports don't have room for them. The subcommitteee is also investigating allegations that the machines' manufacturer, Rapiscan, 'may have falsified tests of software intended to stop the machines from recording graphic images of travelers' (VIDEO). Coincidentally, shares of Rapiscan's parent company, OSI Systems Inc., dropped in value almost 25% today, its biggest intraday decline in about 12 years. If wrongdoing is proven, Rapiscan could face fines, prison terms and a ban on government contracting, according to a former head of federal procurement."