snydeq writes "A growing trend faces business executives traveling to China: government or industry spooks stealing data from their laptops and installing spyware. 'While you were out to dinner that first night, someone entered your room (often a nominal hotel staffer), carefully examined the contents of your laptop, and installed spyware on the computer — without your having a clue. The result? Exposure of information, including customer data, product development documentation, countless emails, and other proprietary information of value to competitors and foreign governments. Perhaps even, thanks to the spyware, there's an ongoing infection in your corporate network that continually phones home key secrets for months or years afterward.'"
Follow Slashdot stories on Twitter
Rambo Tribble writes "The Swiss spy agency, NDB, reports a disaffected employee walked out with drives containing terabytes of data shared by counter-terrorism agencies in Switzerland, the U.S. and Britain. It is not yet known if he was able to pass on any information before he was apprehended. 'A European security source said investigators now believe the suspect became disgruntled because he felt he was being ignored and his advice on operating the data systems was not being taken seriously.'"
Hugh Pickens writes "In the old days, traditional computer security centered around users. However, Bruce Schneier writes that now some of us have pledged our allegiance to Google (using Gmail, Google Calendar, Google Docs, and Android phones) while others have pledged allegiance to Apple (using Macintosh laptops, iPhones, iPads; and letting iCloud automatically synchronize and back up everything) while others of us let Microsoft do it all. 'These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them — or to a particular one we don't like. Or we can spread our allegiance around. But either way, it's becoming increasingly difficult to not pledge allegiance to at least one of them.' Classical medieval feudalism depended on overlapping, complex, hierarchical relationships. Today we users must trust the security of these hardware manufacturers, software vendors, and cloud providers and we choose to do it because of the convenience, redundancy, automation, and shareability. 'In this new world of computing, we give up a certain amount of control, and in exchange we trust that our lords will both treat us well and protect us from harm (PDF). Not only will our software be continually updated with the newest and coolest functionality, but we trust it will happen without our being overtaxed by fees and required upgrades.' In this system, we have no control over the security provided by our feudal lords. Like everything else in security, it's a trade-off. We need to balance that trade-off. 'In Europe, it was the rise of the centralized state and the rule of law that undermined the ad hoc feudal system; it provided more security and stability for both lords and vassals. But these days, government has largely abdicated its role in cyberspace, and the result is a return to the feudal relationships of yore,' concludes Schneier, adding that perhaps it's time for government to create the regulatory environments that protect us vassals. 'Otherwise, we really are just serfs.'"
hypnosec writes "The Linux 3.7 kernel has been delayed by one week as Linus Torvalds has released the Linux 3.7-rc8 instead. Because of some hiccups following the 'resurrection of a kswapd issue,' Torvalds wasn't comfortable releasing version 3.7 this week and instead went ahead with another release candidate. Torvalds revealed in his release announcement that because of this delay, the merge window for Linux 3.8 will close just around Christmas time."
Yes, you can now have full remote access to your home computer or a server at work that's running Ubuntu Linux. Really any Linux distro, although only Ubuntu is formally supported by Splashtop. What? You say you already control your home and work Linux computers from your Android tablet with VNC? That there's a whole bunch of Android VNC apps out there already? And plenty for iOS, too? You're right. But Cliff says Splashtop is better than the others. It can play video at a full 30 frames per second, and has low enough latency (depending on your connection) that you can play video games remotely in between taking care of that list of server issues your boss emailed to you. Or perhaps, in between work tasks, you take a dip in the ocean, because you're working from the beach, not from a stuffy office. It seems that work and living locations get a little more remote from each other every year, and Splashtop is helping to make that happen. This video interview is, itself, an example of how our world has gotten flatter; Cliff was in China and I was in Florida. The connection wasn't perfect, but the fact that we could have this conversation at all is a wonder. Please note, too, that while Cliff Miller is now Chief Marketing Officer for Splashtop, he was also the founder and first CEO of TurboLinux, so he is not new to Linux. And Splashtop is the company that supplied the "instant on" Linux OS a lot of computer manufacturers bundled with their Windows computers for a few years. Now, of course, they're focusing on the remote desktop, and seem to be making a go of it despite heavy competition in that market niche.
Sparrowvsrevolution writes "In the wake of Syria's 52-hour digital blackout last week, the networking firm Renesys performed an analysis of which countries are most susceptible to an Internet shutdown, based simply on how many distinct entities control the connections between the country's networks and those of the outside world. It found that for 61 countries and territories, just one or two Internet service providers maintain all external connections–a situation that could make possible a quick cutoff from the world with a well-placed government order or physical attack."
Eugene Kaspersky probably hates malware just as much as you do on his own machines, but as the head of Kaspersky Labs, the world's largest privately held security software company, he might have a different perspective — the existence of malware and other forms of online malice drives the need for security software of all kinds, and not just on personal desktops or typical internet servers. The SCADA software vulnerabilities of the last few years have led him to announce work on an operating system for industrial control systems of the kind affected by Flame and Stuxnet. But Kaspersky is not just toiling away in the computer equivalent of the CDC: He's been outspoken in his opinions — some of which have drawn ire on Slashdot, like calling for mandatory "Internet ID" and an "Internet Interpol". He's also come out in favor of Internet voting, and against SOPA, even pulling his company out of the BSA over it. More recently, he's been criticized for ties to the current Russian government. (With regard to that Wired article, though, read Kaspersky's detailed response to its claims.) Now, he's agreed to answer Slashdot readers' questions. As usual, you're encouraged to ask all the question you'd like, but please confine your questions to one per post. We'll pass on the best of these for Kaspersky's answers. Update: 12/04 14:20 GMT by T : For more on Kaspersky's thoughts on the importance of online IDs, see this detailed blog posting.
wiredmikey writes "Over the weekend, a security researcher disclosed seven security vulnerabilities related to MySQL. Of the flaws disclosed, CVE assignments have been issued for five of them. The Red Hat Security Team has opened tracking reports, and according to comments on the Full Disclosure mailing list, Oracle is aware of the zero-days, but has not yet commented on them directly. Researchers who have tested the vulnerabilities themselves state that all of them require that the system administrator failed to properly setup the MySQL server, or the firewall installed in front of it. Yet, they admit that the disclosures are legitimate, and they need to be fixed. One disclosure included details of a user privilege elevation vulnerability, which if exploited could allow an attacker with file permissions the ability to elevate its permissions to that of the MySQL admin user."
Hugh Pickens writes writes "The Washington Post reports that Apple has finally unveiled their new version of iTunes, overhauling its look and feel and integrating it more closely with the company's iCloud Internet- storage service with one of the biggest upgrades Apple has made to the program with 400 million potential users since its debut more than a decade ago. The new design of iTunes moves away from the spreadsheet format that Apple has featured since its debut and adds more art and information about musicians, movies and television shows. It also adds recommendation features so users can find new material. According to David Pogue of the NY Times Apple has fixed some of the dumber design elements that have always plagued iTunes. 'For years, the store was represented only as one item in the left-side list, lost among less important entries like Radio and Podcasts. Now a single button in the upper-right corner switches between iTunes's two personalities: Store (meaning Apple's stuff) and Library (meaning your stuff).' Unfortunately, Apple hasn't fixed the Search box. As before, you can't specify in advance what you're looking for: an app, a song, a TV show, a book. Whatever you type into the Search box finds everything that matches, and you can't filter it until after you search. It feels like a two-step process when one should do. 'Improvements in visual navigation and a more logical arrangement of tools are good, but for me the biggest positive within iTunes 11 remains its vastly improved performance on all three Macs I've tested it on, including a relatively ancient five-year-old MacBook,' writes Jonny Evans."
An anonymous reader writes "Just three months ago, we reported how Windows 7 had finally overtaken Windows XP in terms of market share. Now it's time to see how long it takes Windows 8 to succeed its predecessors. Between October to November, Windows XP fell to 39.82 percent while Windows 8 jumped to 1.09 percent."
jamaicaplain writes "In an extensive look at rebel communications, the New York Times reports that, 'In a demonstration of their growing sophistication and organization, Syrian rebels responded to a nationwide shutdown of the Internet by turning to satellite technology to coordinate within the country and to communicate with outside activists. To prepare, they have spent months smuggling communications equipment like mobile handsets and portable satellite phones into the country.'"
nonprofiteer writes "This is a crazy story. An FBI agent put spyware on his kid's school-issued laptop in order to monitor his Internet use. Before returning the laptop to the school, he tried to wipe the program (SpectorSoft's eBlaster) by having FBI agents scrub the computer and by taking it to a computer repair shop to be re-imaged. It somehow survived and began sending him reports a week later about child porn searches. He winds up busting the school principal for child porn despite never getting a warrant, subpoena, etc. The case was a gift-wrapped present, thanks to spyware. A judge says the principal has no 4th Amendment protection because 1. FBI dad originally installed spyware as a private citizen not an officer and 2. he had no reasonable expectation of privacy on a computer he didn't own/obtained by fraud."
An anonymous reader writes "A Tor Exit node owner is being prosecuted in Austria. As part of the prosecution, all of his electronics have been held by the authorities, including over 20 computers, his cell phone and hard disks. 'During interview with police later on Wednesday, Weber said there was a "more friendly environment" once investigators understood the Polish server that transmitted the illegal images was used by Tor participants rather than by Weber himself. But he said he still faces the possibility of serious criminal penalties and the possibility of a precedent that Tor operators can be held liable if he's convicted.' This brings up the question: What backup plan, if any, should the average nerd have for something like this?"
helix2301 writes "Every two months, AV-Test takes a look at popular antivirus software and security suites and tests them in several ways. In their latest test which was performed on Windows 7 during September and October, Microsoft Security Essentials didn't pass the test to achieve certification. Although that may not sound that impressive, Microsoft's program was the only one which didn't receive AV-Test's certificate. For comparison, the other free antivirus software, including Avast, AVG and Panda Cloud did."
Nerval's Lobster writes "While Microsoft claims it's sold 40 million Windows 8 licenses in the month since launch—a more rapid pace than Windows 7—new data from research firm The NPD Group suggests that isn't helping sales of actual Windows devices, which, in its estimation, are down 21 percent from last year. Desktops dropped 9 percent year-over-year, while notebooks fell 24 percent. 'After just four weeks on the market, it's still early to place blame on Windows 8 for the ongoing weakness in the PC market,' Stephen Baker, vice president of industry analysis at The NPD Group, wrote in a Nov. 29 statement attached to the data. 'We still have the whole holiday selling season ahead of us, but clearly Windows 8 did not prove to be the impetus for a sales turnaround some had hoped for.'" That seems to match the public grumbling of Acer and Asus about early sales. And though these figures exclude Surface sales, the newly announced prices on for new Windows 8 Pro-equipped Surface tablets might not endear them to anyone. Have you (or has your business?) moved to Windows 8?