jfruh writes "Those Nigerian spam scams of the last decade may have just been the first step in a looming African cyber-crime wave. Africa has the world's fastest-growing middle class, whose members are increasingly tech-savvy and Internet connected — and the combination of ambitious, educated people, a ceiling on advancement due to corruption and lack of infrastructure, and lax law enforcement is a perfect petri dish for increased cybercrime."
Find out the latest on data centers with SlashDataCenter.
Hugh Pickens writes "Nicole Perlroth reports in the NY Times that the antivirus industry has a dirty little secret: antivirus products are not very good at stopping new viruses. Researchers collected and analyzed 82 new computer viruses and put them up against more than 40 antivirus products, made by top companies like Microsoft, Symantec, McAfee and Kaspersky Lab and found that the initial detection rate was less than 5 percent (PDF). 'The bad guys are always trying to be a step ahead,' says Matthew D. Howard, who previously set up the security strategy at Cisco Systems. 'And it doesn't take a lot to be a step ahead.' Part of the problem is that antivirus products are inherently reactive. Just as medical researchers have to study a virus before they can create a vaccine, antivirus makers must capture a computer virus, take it apart and identify its 'signature' — unique signs in its code — before they can write a program that removes it. That process can take as little as a few hours or as long as several years. In May, researchers at Kaspersky Lab discovered Flame, a complex piece of malware that had been stealing data from computers for an estimated five years. 'The traditional signature-based method of detecting malware is not keeping up,' says Phil Hochmuth. Now the thinking goes that if it is no longer possible to block everything that is bad, then the security companies of the future will be the ones whose software can spot unusual behavior and clean up systems once they have been breached. 'The bad guys are getting worse,' says Howard. 'Antivirus helps filter down the problem, but the next big security company will be the one that offers a comprehensive solution.'"
An anonymous reader writes "EFnet member Fionn 'Fudge' Kelleher reported several vulnerabilities in the IRC daemons charybdis, ircd-ratbox, and other derivative IRCds. The vulnerability was subsequently used to bring down large portions of the EFnet IRC network." By crafting a particular message, you can cause the IRC daemon to call strlen(NULL) and game over, core dumped.
CowboyRobot writes "The 802.11ac standard is expected to be ratified in 2013 and NetworkComputing has an interview with representatives of Cisco Systems and Aerohive Networks about what that will mean for everyone else. 'Out of the gate, the increases in performance over 11n will not be tremendously impressive. The second wave--which will require a hardware refresh--gets far more interesting... First-generation 802.11ac products will achieve up to 1.3 Gbps through the use of three spatial streams, 80-MHz-wide channels (double the largest 40 MHz channel width with 802.11n), and use of better hardware components that allow higher levels of modulation and encoding (up to 256-QAM). Whether we will actually see 802.11ac products capable of 6.9 Gbps is dependent on hardware enhancements on both the access point and client that are not certain.'"
tearmeapart writes "The teams at FreeBSD have reached another great achievement with FreeBSD 9.1, with improvements to the already fantastic zfs features, more VM improvements (helping bringing FreeBSD to the next generation of VMs), and improvements in speed to many parts of the network system. Support FreeBSD via the FreeBSD mall or download/upgrade FreeBSD from a mirror. Unfortunately, the torrent server is still down due to the previous security incident." And new submitter northar writes "The other day the NetBSD project released their first update to the 6.x series, 6.0.1. They also (rather discreetly) announced a fund drive targeting 60.000 USD before the end of 2012 in the release notes. They better get going if their donation page is anything like recently updated."
hypnosec writes "The Free Software Foundation is on an offensive against restricted boot systems and is busy appealing for donations and pledge in the form of signatures in a bid to stop systems such as the UEFI SecureBoot from being adopted on a large-scale basis and becoming a norm in the future. The FSF, through an appeal on its website, is requesting users to sign a pledge titled 'Stand up for your freedom to install free software' that they won't be purchasing or recommending for purchase any such system that is SecureBoot enabled or some other form of restricted boot techniques. The FSF has managed to receive, as of this writing, over 41,000 signatures. Organizations like the Debian, Edoceo, Zando, Wreathe and many others have also showed their support for the campaign."
An anonymous reader writes "Criminals are using a new Internet Explorer security hole to attack Windows computers in targeted attacks, though the vulnerability could end up being more widely exploited. While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are. It's great to see that the latest versions of IE are immune, but this new vulnerability is still bad news for Windows XP users and earlier since they cannot upgrade to more recent versions of Microsoft's browser. 'We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,' Dustin Childs of Microsoft Trustworthy Computing told TNW. 'We will take appropriate action to help keep customers protected once our analysis is complete. People using Internet Explorer 9-10 are not impacted.'"
New submitter FreaKBeaNie writes "Earlier this month, the FTC issued 9 orders to data brokerage companies to learn more about their privacy practices. Data brokers are skilled at connecting quasi-private data with publicly available data, like voter rolls, housing sales, and now gun ownership records. Unlike merchants or business partners, these data brokers may or may not have had any interaction with the 'subjects' of their data collection."
Rambo Tribble writes "England has awarded Raymond Roberts, one of the nine cryptanalysts responsible for breaking the Nazi Tunny code machine, (also known by the German designation Lorenz cipher machine) the MBE. Roberts is the last surviving member of the team which cracked the German army's cipher machine functionality, much like others at Bletchley broke the better-known Enigma machine."
The Washington Post reports on a development that may push Internet access on commercial aircraft from a pleasant luxury (but missing on most U.S. domestic flights) to commonplace. Writes the Post: "The Federal Communications Commission on Friday approved an application process for airlines to obtain broadband Internet licenses aboard their planes. Previously, airlines were granted permission on an ad hoc basis. Airlines need the FCC’s permission to tap into satellite airwaves while in flight that enable passengers to access the Internet. They also need permission from the Federal Aviation Administration, which oversees the safety of inflight Internet systems." I hope that on-board Internet not only becomes the default, but that free advertising-backed access does, too; especially for short flights, the "24-hour pass" paid access I've seen on United and Delta is tempting, but too pricey.
An anonymous reader points out just how thick a skin it takes to be a kernel developer sometimes, linking to a chain of emails on the Linux Kernel Mailing List in which Linus lets loose on a kernel developer for introducing a change that breaks userspace apps (in this case, PulseAudio). "Shut up, Mauro. And I don't _ever_ want to hear that kind of obvious garbage and idiocy from a kernel maintainer again. Seriously. I'd wait for Rafael's patch to go through you, but I have another error report in my mailbox of all KDE media applications being broken by v3.8-rc1, and I bet it's the same kernel bug. And you've shown yourself to not be competent in this issue, so I'll apply it directly and immediately myself. WE DO NOT BREAK USERSPACE! Seriously. How hard is this rule to understand? We particularly don't break user space with TOTAL CRAP. I'm angry, because your whole email was so _horribly_ wrong, and the patch that broke things was so obviously crap. ... The fact that you then try to make *excuses* for breaking user space, and blaming some external program that *used* to work, is just shameful. It's not how we work," writes Linus, and that's just the part we can print. Maybe it's a good thing, but there's certainly no handholding when it comes to changes to the heart of Linux.
An anonymous reader writes "Michigan joins Maryland as a state where employers may not ask employees or job applicants to divulge login information for Facebook and other social media sites. From the article: 'Under the law, employers cannot discipline employees or decline to hire job applicants because they do not give them access information, including user names, passwords, login information, or "other security information that protects access to a personal internet account," according to the bill. Universities and schools cannot discipline or fail to admit students if they do not give similar information.' There is one exception, however: 'However, accounts owned by a company or educational institution, such as e-mail, can be requested.'"
Every years, McAfee Labs produces a list of predictions relating to computer security for the next 12 months. Last year (PDF) they said Anonymous would have to reinvent itself, and that there would be an overall increase in online hacktivism. This year's report (PDF) is not as optimistic for the hacking collective. "Too many uncoordinated and unclear operations have been detrimental to its reputation. Added to this, the disinformation, false claims, and pure hacking actions will lead to the movement’s being less politically visible than in the past. Because Anonymous’ level of technical sophistication has stagnated and its tactics are better understood by its potential victims, the group’s level of success will decline." That's not to say they think hacktivism itself is on the decline, though: "Meanwhile, patriot groups self-organized into cyberarmies and spreading their extremist views will flourish. Up to now their efforts have had little impact (generally defacement of websites or DDoS for a very short period), but their actions will improve in sophistication and aggressiveness." The report also predicts that malware kits will lead to an "explosion in malware" for OS X and mobile, but that Windows 8 will be the next big target.
Orome1 writes "PandaLabs outlined its picks for the most unique viruses of the past year. Rather than a ranking of the most widespread viruses, or those that have caused most infections, these viruses are ones that deserve mention for standing out from the more than 24 million new strains of malware that emerged."
An anonymous reader writes "A new trojan for Android has been discovered that can help carry out Distributed Denial of Service (DDoS) attacks. The malware is also capable of receiving commands from criminals as well as sending text messages for spamming purposes. The threat, detected as "Android.DDoS.1.origin" by Russian security firm Doctor Web, likely spreads via social engineering tricks. The malware disguises itself as a legitimate app from Google, according to the firm."