owenferguson writes "WikiLeaks has begun leaking a cache of over 5 million internal emails from the the Texas-headquartered 'global intelligence' company Stratfor. The emails date from between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal's Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the U.S. Department of Homeland Security, the U.S. Marines and the U.S. Defense Intelligence Agency. The associated news release can be found on pastebin."

New submitter spadadot writes "I am setting up a new event in France (Open du Web), where between 15 and 30 laptops running Ubuntu Linux will be available. They came with Windows preinstalled and it must stay for other purposes. I'd like to take care of only one of them (resize the hard drive, install Ubuntu, add additional software and apply custom settings) and effortlessly replicate everything to the others including hard drive resizing (unattended installation). After replicating, what should I do if I need to install new software or change some settings without manually repeating the same task on each one of them? Should I look into FAI, iPXE, Clonezilla, OCS Inventory NG? Other configuration management software? I would also like to reset the laptops to the original environment after the event."

An anonymous reader writes with word of the release earlier this week, after eight months of development, of DragonFly BSD 3.0. The release includes improved scalability through finer-grained locking, improvements to the HAMMER file system in low-memory configurations, and a TrueCrypt-compatible disk encryption system. DragonFly is an installable system, but it can also be run live from CD, DVD, or USB key.

wiredmikey writes with this extract from Security Week: "On Friday, researchers from security firm Intego reported that a new variant of Flashback is targeting passwords and as a byproduct of infection, Flashback is crashing several notable applications. Flashback was first discovered by Intego in September of 2011. It targets Java vulnerabilities on OS X, two of them to be exact, in order to infect the system. Should Flashback find that Java is fully updated, it will attempt to social engineer the malware's installation, by presenting an applet with a self-signed certificate. The certificate claims to be signed by Apple, but is clearly marked as invalid. However, users are known to skip such warnings, thus allowing the malware to be installed. ... The newest variant will render programs such as Safari and Skype unstable, causing them to crash. Interestingly enough, normally these are stable programs, so if they start suddenly crashing might be a sign of larger issues."

An anonymous reader writes "Communications of the ACM is carrying two articles promoting the Capsicum security model developed by Robert Watson (FreeBSD — Cambridge) and Ben Laurie (Apache/OpenSSL, ChromeOS — Google) for thin-client operating systems such as ChromeOS. They demonstrate how Chrome web browser sandboxing using Capsicum is not only stronger, but also requires only 100 lines of code, vs 22,000 lines of code on Windows! FreeBSD 9.0 shipped with experimental Capsicum support, OpenBSD has patches, and Google has developed a Linux prototype." While the ACM's stories are both paywalled, the Capsicum project itself has quite a bit of information online in the form of various papers and a video, as well as links to (BSD-licensed) code and to various subprojects.

MojoKid writes "Fraunhofer IIS has chosen Mobile World Congress as the place to present the world's first Full-HD Voice mobile phone calls over an LTE network. Verizon Wireless has toyed with VoLTE (Voice over LTE) before, but this particular method enables mobile phone calls to sound as clear as talking to another person in the same room. Full-HD Voice is already established in several VoIP, video telephony and conferencing systems. However, this will mark the first time Fraunhofer's Full-HD Voice codec AAC-ELD has been integrated into a mobile communications system. Currently, the majority of phone calls are limited to the 3.5 kHz range, whereas humans are able to perceive audio signals up to 20 kHz. The Full-HD Voice codec AAC-ELD gives access to the full audible audio spectrum."

itwbennett writes "Conventional wisdom holds that more connections make networks more resilient, but a team of mathematicians at UC Davis have found that that is only true up to a point. The team built a model to determine the ideal number of cross-network connections. 'There are some benefits to opening connections to another network. When your network is under stress, the neighboring network can help you out. But in some cases, the neighboring network can be volatile and make your problems worse. There is a trade-off,' said researcher Charles Brummit. 'We are trying to measure this trade-off and find what amount of interdependence among different networks would minimize the risk of large, spreading failures.' Brummitt's team published its work (PDF) in the Proceedings of The National Academies of Science."

c0mpliant writes "Researchers at Symantec have identified a new variant of the ZeuS botnet which no longer requires a Command and Control server. The new variant uses a P2P system, which means that each bot acts like a C&C server, but none of them really are. The effect of which is that takedowns of such a network will be extremely difficult because there is no one central source to attack."

chicksdaddy writes "Tech-enabled filtering and blocking of Web sites and Internet addresses that are deemed hostile to repressive regimes has been a major political and human rights issue in the last year, as popular protests in Egypt, Tunisia, Libya and Syria erupted. Now it looks as if Pakistan's government is looking for a way to strengthen its hand against online content it considers undesirable. According to a request for proposals from the National ICT (Information and Communications and Technologies) R&D Fund, the Pakistani government is struggling to keep a lid on growing Internet and Web use and is looking for a way to filter out undesirable Web sites. The 'indigenous' filtering system would be 'deployed at IP backbones in major cities, i.e., Karachi, Lahore and Islamabad,' the RFP reads (PDF). It would be 'centrally managed by a small and efficient team stationed at POPs of backbone providers,' and must be capable of supporting 100Gbps interfaces and filtering Web traffic against a block list of up to 50 million URLs without latency of more than 1 millisecond."

nonprofiteer writes "A profile of Facebook's CSO reveals that his 70-person security team includes 25 people dedicated solely to handling information requests from law enforcement. They get thousands of calls and e-mails from authorities each week, though Facebook requires police to get a warrant for anything beyond a subscriber's name, email and IP address. CSO Joe Sullivan says that some government agency tried to push Facebook to start collecting more information about their users for the benefit of authorities: 'Recently a government agency wanted us to start logging information we don't log. We told them we wouldn't start logging that piece of data because we don't need it to provide a good product. We talked to our general counsel. The law is not black-and-white. That agency thinks they can compel us to. We told them to go to court. They haven't done that yet.'"

An anonymous reader writes "The U.S. 11th Circuit Court of Appeals has found that forcing a suspect to decrypt his hard drive when the government did not already know what it contained would violate his 5th Amendment rights. According to Orin Kerr of the Volohk Conspiracy, 'the court's analysis (PDF) isn't inconsistent with Boucher and Fricosu, the two district court cases on 5th Amendment limits on decryption. In both of those prior cases, the district courts merely held on the facts of the case that the testimony was a foregone conclusion.'"

judgecorp writes "Nordic nations are all pitching for business from data centre owners, based on their countries' excellent network provision, plentiful electricity from renewable sources, and a climate where servers can be kept cool cheaply, using the ambient air temperature, with no need for chillers. A Swedish delegation is visiting California to lure other players to follow Facebook into Sweden. Meanwhile, Iceland now has a new multi-tenant data centre to join the existing Thor site, and Denmark has a container-park data centre for its financial industry."

Barence writes "PC Pro's Davey Winder has revealed how pre-school children are being targeted by data thieves. Security vendors have uncovered a bunch of Flash-based games, colorful and attractive to young kids, which came complete with a remote access trojan. The trojan is usually installed behind a button to download more free games, but BitDefender even found one painting application where the very act of swiping the paintbrush over an online pet to change the color of the virtual animal was enough to trigger redirection to an infected site."

hapworth writes "IT professionals were recently outraged to hear that the Smithsonian acquired some code from MIT lecturer VA Shiva Ayyadurai who has convinced no less august pubs than Time Magazine and The Washington Post that he invented email. While objectors howl on forums and message boards, VA Shiva Ayyadurai spoke up today to defend his standing as email's creator, claiming he doesn't regret not patenting it because he doesn't believe in software patents."

alphadogg provides this extract from Network World: "The Metro Ethernet Forum has updated its Carrier Ethernet specification, hoping to standardize the use of Ethernet for global multicarrier services. 'With Carrier Ethernet 2, we're expanding Quality-of-Service [QoS] well beyond best efforts, and will now allow carriers to interconnect to provide worldwide [Ethernet] service,' said Bob Metcalfe, co-inventor of Ethernet, during a Metro Ethernet Forum Web conference held Thursday to announce the specification. The forum introduced Carrier Ethernet in 2005 as a set of extensions that describe how data communications carriers should use Ethernet in a consistent manner. The new specification, Carrier Ethernet 2, establishes an additional set of rules."

smitty777 writes "An Australian woman who was being used by a group of Nigerian scam artists stole over $33,000 from the group who employed her. Her bank account was being used to funnel the cash from a dodgy internet car sales website. Irony aside, it makes one wonder how these folks ever got the nerve to go to the police with this matter. Those of you wondering, this article offers some answers to the question of why so many of these scams originate from this area."

OverTheGeicoE writes "Here's a familiar story: a breast cancer survivor's mastectomy scars showed up on a TSA scan, which forced a horrifying pat-down ('feel-up' in her words) of the affected area. The woman decided that she would not subject herself to that again, and was barred from a later flight from Seattle to Juneau for that reason. But now the story takes an interesting turn: the woman is Alaska State Rep. Sharon Cissna, and once she finally made it back to Alaska she started sponsoring legislation to restrict TSA searches. Her many bills, if passed, would criminalize both pat-downs and 'naked scanning,' as well as require better health warnings for X-ray scanners and even studies of airport screenings' physical and psychological effects. Other states, including Utah and Texas, are considering similar legislation. For example, Texas State Rep. David Simpson is preparing to reintroduce his Traveler Dignity Act again in 2013 if he is re-elected. The last time that bill was being considered the Federal government threatened to turn all of Texas into a 'no-fly zone'."

alphadogg writes "U.S. Internet service providers should take new steps to protect subscribers against cyber attacks, including notifying customers when their computers are compromised, the chairman of the FCC said Wednesday. Julius Genachowski called on ISPs to notify subscribers whose computers are infected with malware and tied to a botnet and to develop a code of conduct to combat botnets. Genachowski also called on ISPs to adopt secure routing standards to protect against Internet Protocol hijacking and to implement DNSSEC, a suite of security tools for the Internet's Domain Name System."

First time accepted submitter El Fantasmo writes "I work in public education, K-12, for a small, economically shaky, low performing school district. What are some good or effective tactics for getting budget controllers to stop bypassing the IT boss/department? We sometimes we end up with LOW end MS Win 7 Home laptops, that basically can't get on our network (internet only) or be managed. The purchaser refuses to return them for proper setups. Unfortunately, IT is currently under the 'asst. superintendent of curriculum and instruction,' who has no useful understanding of maintaining and acquiring IT resources and lets others make poor IT purchasing decisions, by bypassing the IT department, and dips into IT funds when their pet project budgets run low. How can this be reversed when you get commands like 'make it work' and the budget is effectively $0?"

tsu doh nimh writes "Millions of computers infected with the stealthy and tenacious DNSChanger Trojan may be spared a planned disconnection from the Internet early next month if a New York court approves a new request by the U.S. government. Meanwhile, six men accused of managing and profiting from the huge collection of hacked PCs are expected to soon be extradited from their native Estonia to face charges in the United States."