wrekkuh writes "The Economist has printed an interesting look at the concerns and speculations of the fast-growing Chinese telecom giant Huawei, and its spread into western markets. Of particular concern is Huawei's state funding, and the company's founder, Ren Zhengfei, who once served as an engineer in the People's Liberation Army (PLA). However, another article from The Economist goes into greater detail about the steps Huawei has taken to mitigate some of these concerns in England — including co-operating with the GCHQ in Britain, the UK's signals-intelligence agency, to ensure equipment built by Huawei is not back-doored."

Robadob writes "Yesterday a hacker gained access to Mat Honan's (An editor at Gizmodo) Apple iCloud account allowing the attacker to reset his iPhone, iPad, and Macbook. The attacker was also able to gain access to Google and Twitter accounts by sending password recovery emails. At the time this was believed to be down to a brute-force attack, however today it has come out that the hacker used social engineering to convince Apple customer support to allow him to bypass the security questions on the account."

An anonymous reader writes "Researchers on the Square Kilometer Array project to build the world's largest radio telescope believe that a GPU cluster could be suited to stitching together the more than an exabyte of data that will be gathered by the telescope each day after its completion in 2024. One of the project heads said that graphics cards could be cut out for the job because of their high I/O and core count, adding that a conventional CPU-based supercomputer doesn't have the necessary I/O bandwidth to do the work."

As data centers become more common and more advanced, there's been a movement to automate and consolidate control of data center components, and an industry is starting to grow around it. "While VMware pushes a programmable data model based on its technologies, vendors such as Puppet Labs are making the case for a more platform-neutral approach. Puppet Labs has developed a declarative language for configuring systems that can be extended across the data center: the organization recently announced the creation of an open source project in conjunction with EMC, called Razor, to accomplish that goal. There’s already open source project known as Chef, created by Opscode, with a similar set of goals. In a similar vein, Reflex Systems, a provider of virtualization management tools, is trying to drum interest in VQL, a query language that the company specifically developed for IT pros."

wiredmikey sends this excerpt from SecurityWeek: "A recent article on ProPublica dissected two commonly quoted figures about cybersecurity: $1 trillion in losses due to cybercrime itself and $388 million in IP losses for American companies. Both figures have been scrutinized and challenged by many, and viewed as typical security vendor FUD. ... The $1 trillion figure is attributed to anti-virus vendor McAfee, while the $388 million in IP losses number belongs to Symantec's Norton division. According to ProPublica, 'The report was not actually researched by Norton employees; it was outsourced to a market research firm, StrategyOne, which is owned by the public relations giant Edelman.' The problem with both of these figures — $1 trillion and $388 million — is, as Microsoft researchers pointed out earlier this year in a report fittingly titled 'Sex, Lies, and Cybercrime,' they are studded with outliers. In one example they cite that a single individual who claims $50,000 losses, in an N = 1000 person survey, is enough to extrapolate a $10 billion loss over the population. In another, one unverified claim of $7,500 in phishing losses translates into $1.5 billion over the population. The Microsoft researchers concluded: 'Are we really producing cyber-crime estimates where 75% of the estimate comes from the unverified self-reported answers of one or two people? Unfortunately, it appears so. Can any faith whatever be placed in the surveys we have? No, it appears not.'"

An anonymous reader writes "John James Jr., director of the U.S. Missile Defense Agency, who is responsible for the nation's missile defense system, recently sent out a one-page memo warning employees and contractors to stop using agency computers to visit pornographic Web sites. That's right; apparently they were watching the wrong type of bombshells."

schliz writes "iTnews in Australia has published an interview with CERN's deputy head of IT, David Foster, who explains what last month's discovery of a 'particle consistent with the Higgs Boson' means for the organization's IT department, why it needs a second 'Tier Zero' data center, and how it is using grid computing and the cloud. Quoting: 'If you were to digitize all the information from a collision in a detector, it’s about a petabyte a second or a million gigabytes per second. There is a lot of filtering of the data that occurs within the 25 nanoseconds between each bunch crossing (of protons). Each experiment operates their own trigger farm – each consisting of several thousand machines – that conduct real-time electronics within the LHC. These trigger farms decide, for example, was this set of collisions interesting? Do I keep this data or not? The non-interesting event data is discarded, the interesting events go through a second filter or trigger farm of a few thousand more computers, also on-site at the experiment. [These computers] have a bit more time to do some initial reconstruction – looking at the data to decide if it’s interesting. Out of all of this comes a data stream of some few hundred megabytes to 1Gb per second that actually gets recorded in the CERN data center, the facility we call "Tier Zero."'"

colinneagle writes "When someone calls into support, we first verify his or her account information. On the phone, this can take seconds. On a chat feature it can take a minute or two because people type slower than they speak. I also find that when people type in a chat they try to make the process go quicker by abbreviating the conversation. This means they might not give me all the information they would have if we were talking on the phone. The more descriptive a customer is about a problem, the easier and faster it will be to solve their issue. But the nature of a chat feature means people will abbreviate their stories to be more efficient, without realizing this just makes it more difficult to solve the problem. I end up asking more questions, which takes longer for the full story to come out. Explaining how to fix a problem can be difficult on the phone, but on a chat feature where I can't see your screen and likely have less information to work with, it can make it impossible to tackle a complex issue. It would be much more efficient for both me and the customer to talk on the phone so I can walk the customer through the steps I am taking."

twoheadedboy writes "Yahoo is being sued by one of its users, who has claimed the US Internet company was guilty of negligence when 450,000 passwords of the members of the Yahoo Voices blogging community were posted online. Jeff Allan from New Hampshire has turned to a federal court in San Jose, California, after his eBay account, which used the same password as his Voices account, was compromised. The breach at Yahoo followed similar hits on LinkedIn and Nvidia, which together saw millions of passwords leaked."

twoheadedboy writes "Iran may have been hit hard by Stuxnet, but officials have said that reports of a virus infecting its nuclear facilities and forcing computers to play the AC/DC classic 'Thunderstruck' were rubbish. Last month, F-Secure's chief research officer, Mikko Hypponen, was sent an email that appeared to be from a scientist working at the Atomic Energy Organization of Iran (AEOI), claiming nuclear systems had been targeted by cyber attackers. Whilst the chief of the AEOI has come out to deny those claims, the sender of that email still managed to get hold of an official aeoi.org.ir email address. That has left some onlookers baffled about what is going on."

alstor writes "Yesterday an update to Knight Capital Group's algorithmic trading software caused massive volume buys and sells, resulting in large price swings on the New York Stock Exchange. As a result, the NYSE canceled some of the trades, but today the loss to Knight has been calculated at $440 million. Ignoring adjustments for inflation, this makes the cost of this glitch almost as much as the $475 million charge Intel took for the Pentium FDIV Bug, which might warrant adding this bug to the list of worst bugs. In light of this loss and the May 6, 2010 Flash Crash, perhaps investors will demand changes from firms using algorithmic trading, since the SEC is apparently too antiquated to do anything about it (PDF)."

wiredmikey writes "Despite a recent push by legislators, it remains unclear whether the Senate will manage to vote on the proposed comprehensive cybersecurity legislation (Cybersecurity Act of 2012) before Congress adjourns at the end of the week for its summer recess. Once all the amendments (over 70) have been dealt with, the Senate could decide to vote on the bill immediately, or wait till after the summer recess. As usual, the Democrats and Republicans have been unable to agree on which amendments will be considered, effectively stalling the bill. And most interesting, is that in typical U.S. political fashion, some of the amendments have nothing to with the topic on hand (cybersecurity): ... Sen. Frank Lautenberg has filed a measure to ban high-capacity ammunition clips as part of a gun-reform proposal. And Sen. Mike Lee filed a bill that would ban abortion in Washington, D.C. after 20 weeks of pregnancy. Sen. Michael Bennet and Tom Coburn filed an amendment to expand the Office for Personnel Management's federal government's data center consolidation initiative. Senate Minority Leader Mitch McConnell suggested an amendment to repeal the Affordable Care Act."

hypnosec tipped us to reports that Demonoid is still down after a suffering a massive DDoS last week, and that the domain is now redirecting to a malware-ridden spam site. Notable for surviving a CRIA mandated shutdown, this may be lights out for the torrent tracker: "To begin, while Demonoid’s admin told us that he would eventually bring the site back online, he clearly has other things on his mind. A really important family event puts a torrent site nowhere near the top of his priorities. ... Demonoid has been experiencing staffing issues this year. As we mentioned in an earlier article, there were rumors that one or maybe more Demonoid staffers had been questioned by authorities about their involvement in the site."

sabri writes "Cnet reports that German security expert Felix Lindner has unearthed several vulnerabilities in Huawei's carrier grade routers. These vulnerabilities could potentially enable attackers, or the Chinese government, to snoop on users' traffic and/or perform a man-in-the-middle attack. While these routers are mostly in use in Asia, Africa and the Middle East, they are increasingly being used in other parts of the world as well, because of their dirt-cheap pricing. Disclaimer: I work for one of their competitors." Via the H, you can check out the presentation slides. Yesterday Huawei issued a statement 'We are aware of the media reports on security vulnerabilities in some small Huawei routers and are verifying these claims...'

An anonymous reader tips news that Google has sent out a letter to app developers explaining policy changes for any new apps published on the Google Play store. In-app purchases must now use Google Play's payment system unless it's for goods or services used outside the app itself. They've added language to dissuade developers from making their apps look like other apps, or like they come from other developers. But more significantly, Google has explained in detail what qualifies as spam: repetitive content, misleading product descriptions, gaming the rating system, affiliate traffic apps, or apps that send communications without user consent. Also, advertisements within apps must now follow the same rules as the app itself, and they can't be intrusive: Ads can't install things like shortcuts or icons without consent, they must notify the user of settings changes, they can't simulate notifications, and they can't request personal information to grant full app function.