Krystalo writes "Belkin on Thursday announced plans to acquire Cisco's Home Networking Business Unit, including its products, technology, employees, and even the well-known Linksys brand. Belkin says it plans to maintain the Linksys brand and will offer support for Linksys products as part of the transaction, financial details for which were not disclosed. This should be a relatively smooth transition that won't affect current customers: Belkin says it will honor all valid warranties for current and future Linksys products. After the transaction closes, Belkin will account for approximately 30 percent of the U.S. retail home and small business networking market."
Catch up on stories from the past week (and beyond) at the Slashdot story archive
tsamsoniw writes "Dozens of privacy advocates, Internet activists, and journalists have issued an open letter to Skype and Microsoft, calling on the companies to finally get around to being clear and transparent as to who has access to Skype user data and how that data is secured. 'Since Skype was acquired by Microsoft, both entities have refused to answer questions about exactly what kinds of user data can be intercepted, what user data is retained, or whether eavesdropping on Skype conversations may take place,' reads the letter, signed by such groups as the Digital Rights Foundation and the Electronic Frontier Foundation."
twoheadedboy writes "Two members of the Anonymous hacking collective have been handed a total of 25 months in prison. Christopher Weatherhead, a 22-year-old who went under the pseudonym Nerdo, received the most severe punishment — 18 months in prison. Another member, Ashley Rhodes, was handed seven months, whilst Peter Gibson was given a six-month suspended sentence. They were convicted for hitting a variety of websites, including those belonging to PayPal and MasterCard."
Orome1 writes "Barracuda Networks has released firmware updates that remove SSH backdoors in a number of their products and resolve a vulnerability in Barracuda SSL VPN that allows attackers to bypass access restrictions to download potentially insecure files, set new admins passwords, or even shut down the device. The backdoor accounts are present on in all available versions of Barracuda Spam and Virus Firewall, Web Filter, Message Archiver, Web Application Firewall, Link Balancer, Load Balancer, and SSL VPN appliances." Here's Barracuda's tech note about the exploitable holes.
Sockatume writes "The UK's information protection authority, the ICO, has fined Sony for failing to adequately secure the information of PlayStation Network users. The investigation was triggered by a 2011 security breach, during which personally identifying information (including password hashes) was recovered from a Sony database where it had been stored without encryption. In the ICO's view Sony's security measures were inadequate, and the attack could have been prevented. The £250,000 (ca. $400,000) fine, the largest the ICO has ever imposed, is equivalent to a few pennies per affected user. Sony disagrees with the ICO's decision and intends to appeal."
An anonymous reader writes "The Security Ledger writes that the expulsion of Ahmed Al-Khabaz, a 20-year-old computer sciences major at Dawson College in Montreal, has exposed a yawning culture gap between academic computer science programs and the contemporary marketplace for software engineering talent. In an opinion piece in the Montreal Gazette on Tuesday, Dawson computer science professor Alex Simonelis said his department forbids hacking as an 'extreme example' of 'behavior that is unacceptable in a computing professional.' And, in a news conference on Tuesday, Dawson's administration stuck to that line, saying that Al-Khabaz's actions show he is 'no longer suited for the profession.' In the meantime, Al-Khabaz has received more than one job offer from technology firms, including Skytech, the company that makes Omnivox. Chris Wysopal, the CTO of Veracode, said that the incident shows that 'most computer science departments are still living in the pre-Internet era when it comes to computer security.' 'Computer Science is taught in this idealized world separate from reality. They're not dealing with the reality that software has to run in a hostile environment,' he said. 'Teaching students how to write applications without taking into account the hostile environment of the Internet is like teaching architects how to make buildings without taking into account environmental conditions like earthquakes, wind and rain,' Wysopal said."
SonicSpike writes "AT&T U-verse customers are reporting this morning that an outage that began Monday and is affecting at least 15 states is still not resolved. Some customers were told this morning that the problem will not be fixed for at least 24 hours."
Curseyoukhan writes with a skeptical perspective on the U.S. Cyberwar posturing. From the article: "The first shot was probably the release of Stuxnet sometime during or before 2009. Even though no one has officially claimed responsibility everyone knows who was behind it. Stuxnet hit with a bang and did a whole lot of damage to Iran's uranium-enrichment capabilities. We followed up Stuxnet with Flame — the Ebola virus of spyware. What did the Iranians fire back with? A series of massive, on-going and ineffective DDoS attacks on American banks. This is a disproportionate response but not in the way military experts usually mean that phrase. It's the equivalent of someone stealing your car and you throwing an ever-increasing number of eggs at his house in response. It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub. Keep that in mind the next time you hear that a 'cyber Pearl Harbor' is imminent."
Dangerous_Minds writes "Recently, Slashdot posted about how cloud storage company Mega was 'riddled' with security holes. Freezenet points out that Mega has issued a response to some of these criticisms including one which criticized its use of SSL. Mega responded saying that if you could break SSL, you could break things much more interesting than Mega."
CowboyRobot writes "In 25 years, an odd thing will happen to some of the no doubt very large number of computing devices in our world: an old, well-known and well-understood bug will cause their calculation of time to fail. The problem springs from the use of a 32-bit signed integer to store a time value, as a number of seconds since 00:00:00 UTC on Thursday, 1 January 1970, a practice begun in early UNIX systems with the standard C library data structure time_t. On January 19, 2038, at 03:14:08 UTC that integer will overflow. It's not difficult to come up with cases where the problem could be real today. Imagine a mortgage amortization program projecting payments out into the future for a 30-year mortgage. Or imagine those phony programs politicians use to project government expenditures, or demographic software, and so on. It's too early for panic, but those of us in the early parts of their careers will be the ones who have to deal with the problem."
twoheadedboy writes "Kim Dotcom launched his new project Mega on Sunday, claiming it was to be 'the privacy company.' But it might not be so private after all, as security professionals have ripped it to shreds. There are numerous problems with how encryption is handled, an XSS flaw and users can't change their passwords, they say. But there are suspicions Mega is handing out encryption keys to users and touting strong security to cover its own back. After all, if Kim Dotcom and Co don't know what goes on the site, they might not be liable for copyright prosecutions, as they were for Megaupload, Mega's preprocessor." On this front, reader mask.of.sanity points out a tool in development called MegaCracker that could reveal passwords as users sign up for the site.
DavidGilbert99 writes "Eugene Kaspersky and Mikko Hypponen have been watching the cyber security world every since happy hackers were writing viruses for nothing more than their own entertainment. Today however things are very much different. At the DLD 2013 conference, the pair debated the current state of cyber warfare and cyber weapons. Kaspersky said that while cyber weapons may be much 'cleaner' than traditional missiles, guns and bombs, they are 'much worse' as they can be used by just about anyone who has some level of computer proficiency. Both agreed that it was very difficult to protect against the highly-complex nation-state developed malware like Stuxnet, Flame and Gauss. Hypponen said that we are in the 'first stages of a cyber-arms race' warning: 'I think we've only seen the very beginning of these problems.'"
innocent_white_lamb writes "In what appears to be a more-and-more common occurrence, Ahmed Al-Khabez has been expelled from Dawson College in Montreal after he discovered a flaw in the software that the college (and apparently all other colleges across Quebec) uses to track student information. His original intention was to write a mobile app to allow students to access their college account more easily, but during the development of his app he discovered 'sloppy coding' that would allow anyone to access all of the information that the system contains about any student. He was initially ordered to sign a non-disclosure agreement stating that he would never talk about the flaw that he discovered, and he was expelled from the college shortly afterward."
Kim Dotcom's new "Mega" cloud service appears to be a hit. According to Dotcom over 1 million have signed up for their free 50 gigabytes of storage. Although that is about 1% of the Dropbox user base, it's not a bad start. From the article: "Mega quickly jumped up to around 100,000 users within an hour or so of the site's official launch. A few hours after that, Mega had ballooned up to approximately a quarter of a million users. Demand was great enough to knock Mega offline for a number of users attempting to either connect up or sign up for new accounts, and Mega's availability remains spotty as of this articles' writing."
An anonymous reader writes "NewScientist reports, 'Along with birthdays, names of pets and ascending number sequences, add one more thing to the list of password no-nos: good grammar.' Researchers from Carnegie Mellon University seem to have developed a password cracking algorithm that targets grammatically correct passwords. Can bad grammar really make your password secure?"