Forgot your password?
typodupeerror

Slashdot is powered by your submissions, so send in your scoop

Businesses

The Top Five IT Budget Busters and How To Avoid Them (Video) 1

Posted by Roblimo
from the momey-money-money-money dept.
Today's interview victim, Jerry Irvine, is CIO of Chicago-area IT consultancy Prescient Solutions and is also a member of the National Cybersecurity Task Force. He concentrates on security but is a broad-spectrum IT expert who is entitled to put all these initials after his name: CISM, CISSP, MCSE, CCNA, CCNP, CCDA, CCDP, CNE, CBCP, CASP, CIPP/IT. He's also a really nice guy. In this video he talks about common ways IT departments blow their budgets and how not to have these problems where you work. (Hint: If you're an IT manager or CIO who has trouble getting your bosses to come across with an adequate IT budget, you might want to share this video with them.)
Security

Interviews: Eugene Kaspersky Answers Your Questions 82

Posted by timothy
from the that's-just-what-they-want-you-to-think dept.
Last week, you asked questions of Eugene Kaspersky; below, find his answers on a range of topics, from the relationship of malware makers to malware hunters, to Kasperky Labs' relationship to the Putin government, as well as whitelisting vs. signature-based detection, Internet ID schemes, and the SCADA-specific operating system Kaspersky is working on. Spoiler: There are a lot of interesting facts here, as well as some teases.
Censorship

Hotmail & Yahoo Mail Using Secret Domain Blacklist 345

Posted by timothy
from the it-looks-like-you're-reading-a-newsletter dept.
Frequent contributor Bennett Haselton writes: "Hotmail and Yahoo Mail are apparently sharing a secret blacklist of domain names such that any mention of these domains will cause a message to be bounced back to the sender as spam. I found out about this because — surprise! — some of my new proxy site domains ended up on the blacklist. Hotmail and Yahoo are stonewalling, but here's what I've dug up so far — and why you should care." Read on for much more on how Bennett figured out what's going on, and why it's a hard problem to solve.
Google

Revamped Google Maps Finally Available On iOS 279

Posted by timothy
from the no-more-billabong-diving dept.
hcs_$reboot writes "After the disastrous Apple Maps replacement over Google Maps in September, Google has a Maps app on iOS approved and released by Apple today. The app includes turn-by-turn directions, vector-based graphics and live traffic data. It's available from the Apple Store for iPhone and iPod touch (and iPad — iPhone format)." Adds reader snowtigger: "It's a sharper looking, vector-based map that loads quickly and provides smooth tilting and rotating of 2D and 3D views. Google also released the Google Maps SDK for iOS, and a simple URL scheme to help developers use Google Maps when building their beautiful and innovative apps. The new Google Maps app is available for the iPhone and iPod Touch (4th gen) iOS 5.1 and higher, in more than 40 countries and 29 languages." SlashCloud points out that Apple's own maps will be forced to improve as a consequence: "Directions will become more accurate, major towns and landmarks will appear in their proper places. But now that a free, standalone Google Maps app is available for download from Apple’s App Store, will iOS users even give those improving Apple Maps a chance?"
Facebook

Facebook Changes Privacy Policies, Scraps User Voting 119

Posted by samzenpus
from the read-it-and-weep dept.
Orome1 writes "The voting period for the proposed changes to Facebook's Statement of Rights and Responsibilities and Data Use Policy has ended on Monday, and despite the email sent out to the users asking them to review the changes and cast their vote, less than one percent of all users have done so. 'An external auditor has reviewed and confirmed the final results. Of the 668,872 people who voted, 589,141 recommended we keep our existing SRR and Data Use Policy,' stated Elliot Schrage, Facebook's vice president of communications, public policy, and marketing. Still, that is not nearly enough to prevent the proposed changes — as required by Facebook, at least 30 percent of the users should have voted against them in order to keep the previous versions of the policies. Schrage pointed out that that the whole experience illustrated the clear value of Facebook's notice and comment process."
Internet Explorer

IE Flaw Lets Sites Track Your Mouse Cursor, Even When You Aren't Browsing 149

Posted by Soulskill
from the now-everybody-knows-your-goofy-little-mouse-movements dept.
An anonymous reader writes "A new Internet Explorer vulnerability has been discovered that allows an attacker to track your mouse cursor anywhere on the screen, even if the browser isn't being actively used. 'Whilst the Microsoft Security Research Center has acknowledged the vulnerability in Internet Explorer, they have also stated that there are no immediate plans to patch this vulnerability in existing versions of the browser. It is important for users of Internet Explorer to be made aware of this vulnerability and its implications. The vulnerability is already being exploited by at least two display ad analytics companies across billions of page impressions per month.' All supported versions of Microsoft's browser are reportedly affected: IE6, IE7, IE8, IE9, and IE10."
Google

Zero Day Hole In Samsung Smart TVs Could Have TV Watching You 249

Posted by Unknown Lamer
from the put-some-pants-on-man dept.
chicksdaddy writes with news of a remote exploit in Samsung Smart TVs, and a warning for those who got one with a built-in camera. From the article: "The company that made headlines in October for publicizing zero day holes in SCADA products now says it has uncovered a remotely exploitable security hole in Samsung Smart TVs. If left unpatched, the vulnerability could allow hackers to make off with owners' social media credentials and even to spy on those watching the TV using built-in video cameras and microphones. In an e-mail exchange with Security Ledger, the Malta-based firm said that the previously unknown ('zero day') hole affects Samsung Smart TVs running the latest version of the company's Linux-based firmware. It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing a compromised set."
Upgrades

Linux Nukes 386 Support 464

Posted by Unknown Lamer
from the upgrade-time dept.
sfcrazy writes with news that Linus pulled a patch by Ingo Molnar to remove support for the 386 from the kernel. From Ingo's commit log: "Unfortunately there's a nostalgic cost: your old original 386 DX33 system from early 1991 won't be able to boot modern Linux kernels anymore. Sniff." Linus adds: "I'm not sentimental. Good riddance."
Education

Hacked Review System Leads To Fake Reviews and Retraction of Scientific Papers 67

Posted by Unknown Lamer
from the too-good-to-review dept.
dstates writes "Retraction Watch reports that fake reviewer information was placed in Elsevier's peer review database allowing unethical authors to review their own or colleagues manuscripts. As a result, 11 scientific publications have been retracted. The hack is particularly embarrassing for Elsevier because the commercial publisher has been arguing that the quality of its review process justifies its restrictive access policies and high costs of the journals it publishes."
Communications

Text Message Spammer Wants FCC To Declare Spam Filters Illegal 338

Posted by Soulskill
from the hello-sir-madam dept.
TCPALaw writes "ccAdvertising, a company purported to have 'a long, long, long history of pumping spam out of every telecommunications orifice, and even boasting of voter suppression' has asked the FCC to declare spam filters illegal. Citing Free Speech rights, the company claims wireless carriers should be prohibited from employing spam filters that might block ccAdvertising's political spam. Without stating it explicitly, the filing implies that network neutrality must apply to spam, so the FCC must therefore prohibit spam filters (unless political spam is whitelisted). In an earlier filing, the company suggests it is proper that recipients 'bear some cost' of unsolicited political speech sent to their cell phones. The public can file comments with the FCC on ccAdvertising's filing online."
Security

Malicious QR Codes Posted Where There's Lots of Foot Traffic 89

Posted by Soulskill
from the neither-idiotproof-nor-jerkproof dept.
Orome1 writes "QR codes are very handy for directing users to specific sites by simply scanning them with their smartphones. But the ease with which this technology works has also made it a favorite of malware peddlers and online crooks, who have taken to including QR codes that lead to malicious sites in spam emails. They have also begun using the same tactic in the physical world, by printing out the malicious QR codes on stickers and affixing them on prominent places in locations where there is a lot of foot traffic. According to Symantec Hosted Services director Warren Sealey, these locations include airports and city centers, where the crooks stick them over genuine QR codes included in advertisements and notices, and most likely anywhere a person might look and be tempted to scan them."
Chrome

Google Sync Clobbers Chrome Browsers 102

Posted by timothy
from the browser-is-the-network-is-the-computer dept.
If you use Chrome along with Google's Sync, you may have noticed something strange Monday: normally stable Chrome crashing. An article at Wired (excerpt below) explains why: "Late Monday, Google engineer Tim Steele confirmed what developers had been suspecting. The crashes were affecting Chrome users who were using another Google web service known as Sync, and that Sync and other Google services — presumably Gmail too — were clobbered Monday when Google misconfigured its load-balancing servers. ... Steele wrote in a developer discussion forum, a problem with Google's Sync servers kicked off an error on the browser, which made Chrome abruptly shut down on the desktop. 'It's due to a backend service that sync servers depend on becoming overwhelmed, and sync servers responding to that by telling all clients to throttle all data types,' Steele said. That 'throttling' messed up things in the browser, causing it to crash."
Open Source

Linux 3.7 Released 151

Posted by timothy
from the under-the-radar dept.
The wait is over; diegocg writes "Linux kernel 3.7 has been released. This release adds support for the new ARM 64-bit architecture, ARM multiplatform — the ability to boot into different ARM systems using a single kernel; support for cryptographically signed kernel modules; Btrfs support for disabling copy-on-write on a per-file basis using chattr; faster Btrfs fsync(); a new experimental 'perf trace' tool modeled after strace; support for the TCP Fast Open feature in the server side; experimental SMBv2 protocol support; stable NFS 4.1 and parallel NFS; a vxlan tunneling protocol that allows to transfer Layer 2 ethernet packets over UDP; and support for the Intel SMAP security feature. Many small features and new drivers and fixes are also available. Here's the full list of changes."
Security

GhostShell Hackers Release Data From Exploiting NASA, FBI, ESA 124

Posted by Unknown Lamer
from the infernal-script-kiddies dept.
An anonymous reader writes "The Register is reporting that the hacking collective GhostShell has announced it has [dumped] around 1.6 million account details purloined from government, military, and industry. The [hacking] group said in a statement: 'we have prepared a juicy release of 1.6 million accounts/records from fields such as aerospace, nanotechnology, banking, law, education, government, military, all kinds of wacky companies & corporations working for the department of defense, airlines and more.'"
Android

Google App Verification Service Detects Only 15% of Infected Apps 99

Posted by samzenpus
from the low-expectations dept.
ShipLives writes "Researchers have tested Google's app verification service (included in Android 4.2 last month), and found that it performed very poorly at identifying malware in apps. Specifically, the app verification service identified only ~15% of known malware in testing — whereas existing third-party security apps identified between 51% and 100% of known malware in testing."

Save the whales. Collect the whole set.

Working...