hypnosec writes "Kevin Mitnick, who was one of the most wanted computer hacker in the US at one time, is now heading a security consultancy firm – Mitnick Security Consulting, and is entrusted with the task of securing Sunday's presidential elections in Ecuador. Mitnick tweeted, '18 years ago I was busted for hacking. I do the same thing today but with full authorization. How cool is that?' His company will focus on protecting the Net Lock computer system tasked with tabulating Ecuador's elections."
Catch up on stories from the past week (and beyond) at the Slashdot story archive
An anonymous reader writes "Netcraft confirms a recent increase in the number of malicious proxy auto-config (PAC) scripts being used to sneakily route webmail and online banking traffic through rogue proxy servers. The scripts are designed to only proxy traffic destined for certain websites, while all other traffic is allowed to go direct. If the proxy can force the user to keep using HTTP instead of HTTPS, the fraudsters running these attacks can steal usernames, passwords, session cookies and other sensitive information from online banking sessions."
badger.foo writes "You thought you had successfully avoided the tiresome password guessing bots groping at your SSH service by moving the service to a non-standard port? It seems security by obscurity has lost the game once more. We're now seeing ssh bruteforce attempts hitting other ports too, Peter Hansteen writes in his latest column." For others keeping track, have you seen many such attempts?
Trailrunner7 writes "Laptops belonging to several Facebook employees were compromised recently and infected with malware that the company said was installed through the use of a Java zero-day exploit that bypassed the software's sandbox. Facebook claims that no user data was affected by the attack and says that it has been working with law enforcement to investigate the attack, which also affected other unnamed companies. Facebook officials did not identify the specific kind of malware that the attackers installed on the compromised laptops, but said that the employee's machines were infected when they visited a mobile developer Web site that was hosting the Java exploit. When the employees visited the site, the exploit attacked a zero-day vulnerability in Java that was able to bypass the software's sandbox and enable the attackers to install malware. The company said it reported the vulnerability to Oracle, which then patched the Java bug on Feb. 1."
An anonymous reader writes "Dutch Member of Parliament (MP) Henk Krol was fined 750 (US$1,000) by the district court of Oost-Brabant on Friday for breaking and entering the system of the Dutch medical laboratory Diagnostics for You. Krol said he entered the system as an ethical hacker to show that it was easy to access and download confidential medical information. Krol, leader of the Dutch 50plus party, accessed the systems of the laboratory with a login and password he had obtained from a patient of the clinic, who in turn had overheard the information at the laboratory from a psychiatrist that worked there ... In April last year, Krol used the login information to enter the company's Web server and subsequently viewed and downloaded medical files of several patients. He did this to prove how easy it was to get access to the systems, according to the ruling (PDF in Dutch).'"
g01d4 writes "According to the LA Times, 'California's computer problems, which have already cost taxpayers hundreds of millions of dollars, have mounted as state officials cut short work on a $208-million DMV technology overhaul that is only half done. The state has spent $135 million total on the overhaul so far. The state's contractor, HP Enterprise Services, has received nearly $50 million of the money spent on the project. Botello said the company will not receive the remaining $26 million in its contract. ... Last week, the controller's office fired the contractor responsible for a $371-million upgrade to the state's payroll system, citing a trial run filled with mishaps. More than $254 million has already been spent.' It's hard not to feel like the Tokyo man in the street watching the latest round of Godzilla the state vs. Rodan the big contractor."
Hugh Pickens writes writes "The Guardian reports that Frank Lecerf was driving his Renault Laguna in Northern France when the car's speed jammed at 60mph. Then each time he tried to brake, the car accelerated, eventually reaching 125mph and sticking there. While uncontrollably speeding through the fast lane as other cars swerved out of his way, he managed to call emergency services who immediately dispatched a platoon of police cars. Realizing Lecerf had no choice but to keep racing along until his fuel ran out, they escorted him at high speed across almost 125 miles of French motorway, past Calais and Dunkirk, and over the Belgian border. After about an hour, Lecerf's tank spluttered empty and he managed to swerve into a ditch in Alveringem in Belgium, about 125 miles from his home. 'My life flashed before me,' says Lecerf. 'I just wanted it to stop.' His lawyer says Lecerf will file a legal complaint over 'endangerment of a person's life.'"
Celarent Darii writes "Slashdot readers have undoubtedly heard of Google Docs and the many other online word processing solutions that run in the browser. However, as a long-time user of TeX and LaTeX, these solutions are not my favorite way of doing things. Wouldn't it be nice to TeX something in your browser? Well, look no further, there is now an online collaborative LaTeX editor with integrated rapid preview. Some fantastic features: quasi-instant preview, automatic versioning of source, easy collaboration and you can even upload files and pictures. Download your project later when you get home. Are you a TeX guru with some masterpieces? Might I suggest uploading them? For the beginner: you can start here."
Noryungi writes "Researchers at the University of Erlangen demonstrate how to recover an Android phone's confidential content, with the help of a freezer and FROST, a specially-crafted Android ROM. Quite an interesting set of pictures, starting with wrapping your Android phone in a freezer bag."
Yvonne Lee, Community Manager at Dice.com writes, "Not using standard job titles, not tying your work to real business results and not using the right keywords can mean never getting called for an interview, even if you have the right skills to do the job. I once heard advice to use the exact wording found in the ad when placing your keywords. I think you're even more unlikely to get a job if you do some of the things on this list."
holy_calamity writes "MIT Technology Review reports that efforts by U.S. government agencies and defense contractors to develop malware to attack enemies is driving a black market in zero-day vulnerabilities. Experts warn that could make the internet less secure for everyone, since malicious code is typically left behind on targeted systems and often shows up on untargeted ones, providing opportunities for reverse engineering. '"On the one hand the government is freaking out about cyber-security, and on the other the U.S. is participating in a global market in vulnerabilities and pushing up the prices," says Soghoian, who says he has spoken with people involved in the trade and that prices range from the thousands to the hundreds of thousands. Even civilian law-enforcement agencies pay for zero-days, Soghoian says, in order to sneak spy software onto suspects’ computers or mobile phones.'"
An anonymous reader writes "Last night before the State of the Union speech, President Obama signed an executive order for improving cybersecurity of critical infrastructure (PDF). The highlights of the order are: 'information sharing programs' for the government to provide threat reports to industry; an overarching cybersecurity framework developed by NIST to figure out best practices for securing critical infrastructure; and reviews of existing regulations to make sure they're effective. The ACLU supports the Order, as does the EFF. '"A lot of what this shows is that the president can do a lot without cybersecurity legislation," said Mark Jaycox, policy analyst and legislative assistant for the Electronic Frontier Foundation, who points out that the executive order satisfies the need for information sharing without the privacy problems that existed under legislative proposals where loopholes would have allowed companies to dump large amounts of data on the government in an effort to obtain legal immunities. Without those immunities, companies will by nature be more circumspect about what they provide the government, thus limiting what they hand over, Jaycox said.'"
dstates writes with news from NASA about the state of available water in the Middle East. From the NASA article: "'GRACE data show an alarming rate of decrease in total water storage in the Tigris and Euphrates river basins, which currently have the second fastest rate of groundwater storage loss on Earth, after India,' said Jay Famiglietti, principal investigator of the study and a hydrologist and professor at UC Irvine. 'The rate was especially striking after the 2007 drought. Meanwhile, demand for freshwater continues to rise, and the region does not coordinate its water management because of different interpretations of international laws.'" dstates adds: "Water is a huge global security issue. To understand the middle east, you need to understand that the Golan Heights provides a significant amount of the water used in Israel. Focusing on conflicts and politics means that huge volumes of valuable water are being wasted in the Middle East, and this will only exacerbate future conflicts. Water is a serious issue between India and China. And then there is Africa. U.S. food exports are in effect exporting irrigation water drawn from the Ogallala aquifer. Fracking trades water for energy, and lack of water limits fracking in many parts of th world. Think about it."
jfruh writes "Here's an old computer science joke: What's the difference between hardware and software? If you use hardware long enough, it breaks. If you use software long enough, it works. The truth behind that is the reason that so much decades-old COBOL code is out there still driving crucial applications at banks and other huge companies. Many attempts to replace COBOL applications flopped in the 1980s and '90s, and we're stuck with them for the foreseeable future — but the Baby Boomers who wrote all that code are now retiring en masse."
isoloisti writes "An article by some Microsofties in the latest issue of Computing Now magazine claims we have got passwords all wrong. When money is stolen, consumers are reimbursed for stolen funds and it is money mules, not banks or retail customers, who end up with the loss. Stealing passwords is easy, but getting money out is very hard. Passwords are not the bottleneck in cyber-crime and replacing them with something stronger won't reduce losses. The article concludes that banks have no interest in shifting liability to consumers, and that the switch to financially-motivated cyber-crime is good news, not bad. Article is online at computer.org site (hard-to-read multipage format) or as PDF from Microsoft Research."