Slashdot

alphadogg writes "Cisco has finally publicly acknowledged it won't add support for new third-party devices to its security information and event monitoring appliance, ending months of speculation about the future of its Monitoring, Analysis and Response System. Some claim it's the beginning of the end for MARS as a multi-vendor SIEM device. 'MARS customers can expect non-Cisco network device data and signature updates to continue for currently supported third-party systems, but no new third-party devices will be added,' Cisco declared in a statement, noting that 'Cisco MARS continues to focus on supporting Cisco devices for threat identification and mitigation.' Cisco's SIEM competitors this week have eagerly grabbed at the topic of Cisco MARS freezing third-party support because of a Gartner research memo published Oct. 29 in which analyst Mark Nicolett stated, 'Cisco has quietly begun informing its customers of a decision to freeze support for most non-Cisco event sources with its [MARS].'"

Trailrunner7 writes "Two separate bills that would require organizations to notify consumers when their personal information has been compromised have made their way out of committee in the Senate, a critical step toward the creation of a national data-breach notification bill. But the Data Breach Notification Act, S.139, exempts federal agencies and other organizations subject to the bill from disclosing a breach if the data involved in the breach was encrypted. This is a clause that has caused some controversy, as some experts say that simply encrypting data does not render it useless. Also, S.139 would grant an exemption for data that 'was rendered indecipherable through the use of best practices or methods, such as redaction, access controls, or other such mechanisms, that are widely accepted as an effective industry practice, or an effective industry standard.' That is a very broad exemption that could become a sticking point as the bill moves along. The terms 'access controls' and 'other such mechanisms' encompass a huge number of technologies."

Hugh Pickens writes "Evidence that the smell of fear is real was uncovered by US scientists last year who studied the underarm secretions of 20 terrified novice skydivers and found that people appear to respond unconsciously to the sweat smell of a frightened person. Now the Telegraph reports that researchers hope a 'fear detector' will make it possible to identify individuals at check points who are up to no good. 'The challenge lies in the characterization and identification of the specific chemical that gives away the signature of human fear, especially the fear in relation to criminal acts,' says Professor Tong Tun at City University London, who leads the team developing security sensor systems that can detect the human fear pheromone. The project will look at potential obstacles to the device, such as the effects of perfume and the variances in pheromone production and if the initial 18-month feasibility study is successful, the first detectors could be developed in the next two to three years. 'I do not see any particular reason why similar sensor techniques cannot be expanded to identify human smells by race, age or gender to build a profile of a criminal during or after an incident,' Tong added."

Trinity writes "Researchers from VUPEN have discovered critical vulnerabilities in Adobe Shockwave, a technology installed on over 450 million Internet-enabled desktops. The vulnerabilities could allow remote code execution by tricking a user into visiting a web page using Internet Explorer or even Mozilla Firefox. Version 11.5.1.601 as well as earlier ones are affected. The vendor recommends upgrading to version 11.5.1.602." Especially sobering when you consider Adobe's current push to be essentially required as an intermediary player for anyone who wants to see certain government data.

jamie writes with news of a Facebook app developer who found a significant security hole while he was trying to get around function limitations for his application. Quoting: "Luckily — just with browser AJAX requests — a flash application hosted on domain X is unable to open a file on domain Y. If this would be possible, domain X [would be] able to access content on domain Y, and when the user is logged in on domain Y retrieve and post back any personal data. In certain cases this could limit a Flash application's capabilities. ... To resolve such issues, Adobe (Flash's developers) introduced a 'crossdomain.xml' file which could allow certain domains to access another domain, leading to cross-domain access by certain or all domains. While indeed Facebook locked the front door from any non-Facebook domain access via Flash, a simple subdomain change allowed any flash application (domain="*") to access its domain data." He found a similar problem in MySpace's crossdomain.xml. Both sites were notified, and they have implemented fixes.

imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an 'authentication gap' exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."

ceswiedler writes "In Tuesday's election voters in Takoma Park, MD used a new cryptographic voting system designed by David Chaum with researchers from several universities including MIT and the University of Maryland. Voters use a special ink to mark their ballots, which reveals three-digit codes which they can later check against a website to verify their vote was tallied. Additionally, anyone can download election data from a Subversion repository and verify the overall accuracy of the results without seeing the actual choices of any individual voter."

remolacha writes "I've been given the task of tech chief for a biggish art museum (1,300 m^2, or about 13,000 sq ft) in Spain. The museum's designers want 20 'terminals' that will offer on-demand video and interactive content. The terminals' content will change with the exhibits; many will have touchscreens. More interesting forms of input are planned as well (floor sensors, big buttons). It's all on one floor, and the floors are raised, so I can run cabling and set up floor ethernet jacks. Max cable run is 60m / 190ft. The museum may expand to 4 times its projected size once open, by comandeering other floors in the building. To give an idea of where the designers heads are, they were talking about a massive DVD changer in a closet somewhere. I am thinking an intranet running a web server with a CMS and Flash media server, terminals running Firefox in kiosk mode. I'd love to do everything on Linux. Does anyone have experience with a setup like this, better ideas, or advice?"

m2pc writes "PayPal has just announced the availability of their Open API under the 'PayPal X Program.' This enables developers to integrate PayPal payment processing services without forcing users to redirect to PayPal's website to enter payment information. This new initiative is designed to allow the company to better compete with the likes of Google and Amazon, which offer similar services. I wonder how much they paid for their domain: x.com?"

clang_jangle writes with this excerpt from The Inquirer outlining Comcast's new traffic-throttling scheme, based on information from Comcast's latest FCC filing. "Its network throttling implements a two-tier packet queueing system at the routers, driven by two trigger conditions. Comcast's first traffic throttling trigger is tripped by using more than 70 per cent of your maximum downstream or upstream bandwidth for more than 15 minutes. Its second traffic throttling trigger is tripped when the Cable Modem Termination System you're hooked-up to – along with up to 15,000 other Comcast subscribers – gets congested, and your traffic is somehow identified as being responsible. Tripping either of Comcast's high bandwidth usage rate triggers results in throttling for at least 15 minutes, or until your average bandwidth utilisation rate drops below 50 per cent for 15 minutes."

palegray.net writes "SORBS, a well-known email blocklist provider, has reportedly been sold for $451k. Early reports indicate an acquisition by GFI, a company specializing in various communications services. In recent years, SORBS has been the target of frequent accusations of mismanagement and poor conduct, leading many to wonder if this turn in events might signal a chance for improved behavior. Citing lack of ISP support, the blocklist released statements earlier this year that they would be shuttering their operation."

Red Midnight and other readers brought to our attention a bug in most deployed versions of Linux that could result in untrusted users getting root access. The bug was found by Brad Spengler last month. "The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution... doesn't properly implement that protection... The... bug is mitigated by default on most Linux distributions, thanks to their correct implementation of the mmap_min_addr feature. ... [Spengler] said many other Linux users are also vulnerable because they run older versions or are forced to turn off [mmap_min_addr] to run certain types of applications." The register reprints a dialog from the OpenBSD-misc mailing list in which Theo De Raadt says, "For the record, this particular problem was resolved in OpenBSD a while back, in 2008. We are not super proud of the solution, but it is what seems best faced with a stupid Intel architectural choice. However, it seems that everyone else is slowly coming around to the same solution."

cyclocommuter writes "Some Toyota owners are up in arms as they suspect that accidents have been caused by some kind of glitch in the electronic computer system used in Toyotas that controls the throttle. Refusing to accept the explanation of Toyota and the federal government (it involves the driver's-side floor mat), hundreds of Toyota owners are in rebellion after a series of accidents caused by what they call 'runaway cars.' Four people have died." The article notes: "The National Highway Traffic Safety Administration has done six separate investigations of such acceleration surges in Toyotas since 2003 and found no defect in Toyota's electronics."

toppings writes "Microsoft Technical fellow Mark Russinovich explains why he is now retiring NewSID, which has been used by IT departments for years when deploying Windows to new systems from customized clone images. Russinovich writes: 'The reason that I began considering NewSID for retirement is that, although people generally reported success with it on Windows Vista, I hadn't fully tested it myself and I got occasional reports that some Windows component would fail after NewSID was used. When I set out to look into the reports I took a step back to understand how duplicate SIDs could cause problems, a belief that I had taken on faith like everyone else. The more I thought about it, the more I became convinced that machine SID duplication — having multiple computers with the same machine SID — doesn't pose any problem, security or otherwise. I took my conclusion to the Windows security and deployment teams and no one could come up with a scenario where two systems with the same machine SID, whether in a Workgroup or a Domain, would cause an issue. At that point the decision to retire NewSID became obvious.' He concludes: 'It's a little surprising that the SID duplication issue has gone unquestioned for so long, but everyone has assumed that someone else knew exactly why it was a problem. To my chagrin, NewSID has never really done anything useful and there's no reason to miss it now that it's retired. Microsoft's official policy on SID duplication will also now change and look for Sysprep to be updated in the future to skip SID generation.'"

Norsefire writes to mention a Register piece reporting that early adopters are having a tough time with Karmic Koala, Ubuntu's latest release. "Ubuntu 9.10 is causing outrage and frustration, with early adopters wishing they'd stuck with previous versions of the Linux distro. Blank and flickering screens, failure to recognize hard drives, defaulting to the old 2.6.28 Linux kernel, and failure to get encryption running are taking their toll, as early adopters turn to the web for answers and log fresh bug reports in Ubuntu forums." What has been your experience if you've moved to Karmic?

As Windows 7's market share passes 3.6%, up from 1.9% the day before launch, llManDrakell notes an experiment they did over at Sophos. They installed Windows 7 on a clean machine — with no anti-virus protection — with User Access Control in its default configuration. They threw at it the next 10 virus/worm samples that came in the door. Seven of them ran; UAC stopped only one baddie that had run in the absense of UAC. "Lesson learned? You still need to run anti-virus on Windows 7."

waderoush writes "In May 2008, Nicholas Negroponte, chairman of the One Laptop Per Child Foundation, unveiled an e-book like design for the second-generation XO Laptop, consisting of a pair of facing touchscreens. In a new e-mail interview, Negroponte says that design has been thrown out, and that instead the foundation is working on version '1.75' of the existing green-and-white laptop with a more powerful processor, as well as a '3.0' version that would look 'more like a sheet of paper.' Negroponte also addressed a range of other questions about the OLPC project, including the significance of the project to make 1.6 million e-books readable on the XO laptop and the organization's push to reach more children in Latin America, Africa, Afghanistan, and Pakistan."

pariax writes "So you wanna build your own massively distributed password cracking infrastructure? Electric Alchemy has published a writeup detailing their experiences cracking PGP ZIP archives using brute force computing power provided by Amazon EC2 and a distributed password cracker from Elcomsoft."

Several readers noted the indictment of hardware hacker Ryan Harris, known as DerEngel. Harris wrote the 2006 book Hacking the Cable Modem, explaining how to get upgraded speed or even free Internet service by bypassing the firmware locks on Motorola Surfboard modems. He has run a profitable business at tcniso.net since 2003, selling unlocked cable modems. (The site is now offline.) Harris has been charged with conspiracy, aiding and abetting computer intrusion, and wire fraud. Wired quotes Harris's reaction: "I read the indictment — it's complete bull****. I'll tell you right now I'm not going to plead guilty."

CWmike writes "Microsoft said today that computers in countries with high rates of software piracy are more likely to be infected because users are leery of applying security patches. 'There is a direct correlation between piracy and the malware infection rate,' said Jeff Williams, head manager of the Microsoft Malware Protection Center. Highlighting research that showed worms to be the most prevalent computer security problem today, Williams said the link between PC infection rates and piracy is due to the hesitancy of users of pirated software to use Windows Update. China's piracy rate is more than four times that of the US, but the use of Windows Update in China is significantly below that in this country. Same for Brazil and France. But Microsoft's own data doesn't always support William's contention that piracy, and the hesitancy to use Windows Update, leads to more infected PCs. China, for example, boasted a malware infection rate — as defined by the number of computers cleaned for each 1,000 executions of the MSRT — of just 6.7 per thousand, significantly below the global average of 8.7 or the US's rate of 8.2. France's infection rate of 7.9 in the first half of 2009 was also below the worldwide average."