×
Australia

Fighting Rogue Access Points At linux.conf.au 80

An anonymous reader writes "Last week's linux.conf.au saw the return of the rogue access points. These are Wi-Fi access points which bear the same SSID as official conference hotspots. Often it might be a simple mistake, but sometimes it's more nefarious. To combat the attacks this year, conference organisers installed a Linux-based Wi-Fi 'intrusion prevention and detection system' supplied by sponsor Xirrius." At most conferences I've been to, I'd be grateful just to be able to get on any access point.
Security

Pwn2Own 2012 Set To Reveal More Browser Vulnerabilities Than In the Past 57

darthcamaro writes "In any given year, Slashdot always has stories about how a researcher hacked a browser in only a few minutes at the Pwn2own hacking challenge. This year the rules are a bit different, and instead of hackers winning for just one vulnerability, the rules allow for multiple vulnerabilities to be presented. The winner isn't the first one to hack a browser, but is the one that can hack the browser the most. 'In the past, due to the way the competition was architected, we had lots of sensationalist headlines, things like "Mac hacked in three seconds,"' said Aaron Portnoy, Manager of the Security Research Team at HP TippingPoint. 'We don't think that type of sensationalism was representative of all the research that was going on.'"
Privacy

US Judge Rules Defendant Can Be Forced To Decrypt Hard Drive 1047

A Commentor writes "Perhaps to balance the good news with the Supreme Court ruling on GPS, a judge in Colorado has ordered a defendant to decrypt her hard drive. The government doesn't have the capability to break the PGP encryption, and 'the Fifth Amendment is not implicated by requiring production of the unencrypted contents' of the defendant's computer."
Transportation

Hackers Manipulated Railway Computers, TSA Memo Says 116

An anonymous reader sends this excerpt from Nextgov: "Hackers, possibly from abroad, executed an attack on a Northwest rail company's computers that disrupted railway signals for two days in December, according to a government memo recapping outreach with the transportation sector during the emergency. ... While government and critical industry sectors have made strides in sharing threat intelligence, less attention has been paid to translating those analyses into usable information for the people in the trenches, who are running the subways, highways and other transit systems, some former federal officials say. The recent TSA outreach was unique in that officials told operators how the breach interrupted the railway's normal activities, said Steve Carver, a retired Federal Aviation Administration information security manager, now an aviation industry consultant, who reviewed the memo."
Image

Tales of IT Idiocy Screenshot-sm 181

snydeq writes "IT fight club, dirty dev data, meatball sandwiches — InfoWorld offers nine more tales of brain fail beyond belief. 'You'd think we'd run out of them, but technology simply hasn't advanced enough to take boneheaded users out of the daily equation that is the IT admin's life. Whether it's clueless users, evil admins, or just completely bad luck, Mr. Murphy has the IT department pinned in his sights — and there's no escaping the heartache, headaches, hassles, and hilarity of cluelessness run amok.'"
Hardware

A Data Center That Looks Like a Mansion 101

1sockchuck writes "A luxury homebuilder in Minnesota wants to build a data center that looks like a mansion, allowing the commercial building to fit into a residential neighborhood. The 'community-based data center' designed for FiberPop features a stone facade and sloped roof with dormers, along with an underground data hall."
Security

Researchers Find Slew of Flaws In SCADA Hardware, Software 110

Trailrunner7 writes "At the S4 security conference this week, 'Project Basecamp,' a volunteer-led security audit of leading programmable logic controllers (PLCs), performed by a team of top researchers found that decrepit hardware, buggy software and pitiful or nonexistent security features make thousands of PLCs vulnerable to trivial attacks by external hackers that could cause PLC devices to crash or run malicious code. 'We were looking for a Firesheep moment in PLC security,' Peterson told the audience of ICS security experts. They got one. 'It's a blood bath mostly,' said Wightman of Digital Bond. 'Many of these devices lack basic security features.' While the results of analysis of the various PLCs varied, the researchers found significant security issues with every system they tested, with some PLCs too brittle and insecure to even tolerate security scans and probing."
Cloud

'Blind' Quantum Computing Proposed For the Cloud 89

judgecorp writes "Researchers at Vienna's Quantum Science and Technology Center have proposed that 'blind' quantum computing could be carried out securely in the cloud. When (if?) quantum computers are developed, they will be very fast, but not everyone will have them. Blind quantum computing will be useful, because it shows that users can encode 'qubits' and send them to a shared quantum computer to be worked on — without the quantum computer having any knowledge of what the data is (abstract). The data also cannot be decoded form the qubit while it is in transit. It's good to know that quantum computers will be secure when they exist. At the moment, of course, they are even more secure, by virtue of their non-existence."
Security

Dreamhost FTP/Shell Password Database Breached 123

New submitter Ccmods writes "Below is a snippet from an email Dreamhost sent to subscribers early Saturday morning, describing an intrusion into the database storing FTP and SSH usernames and passwords: 'We are writing to let you know that there may have been illegal and unauthorized access to some of your passwords at DreamHost today. Our security systems detected the potential breach this morning and we immediately took the defensive precaution of expiring and resetting all FTP/shell access passwords for all DreamHost customers and their users. ... Only the FTP/shell access passwords appear to have been compromised by the illegal access. Web panel passwords, email passwords and billing information for DreamHost customers were not affected or accessed.'"
Mozilla

Mozilla Offers Alternative To OpenID 105

Orome1 writes "Mozilla has been working for a while now on a new browser-based system for identifying and authenticating users it calls BrowserID, but it's only this month that all of its sites have finally been outfitted with the technology. Mozilla aims for BrowserID to become a more secure alternative to OpenID, the decentralized authentication system offered to users of popular sites such as Google, Yahoo!, PayPal, MySpace and others."
Businesses

Former Dell Execs Involved In Massive Insider Trading Probe 149

DMandPenfold writes "Two former Dell employees, including a former investor relations manager, were part of a $62 million record-breaking insider trading scam, involving the company's shares as well as Nvidia stock, according to the FBI. The news comes as the U.S. authorities step up their pursuit of inside traders. Two months ago, Galleon hedge fund founder Raj Rajaratnam was sentenced to 11 years in jail for his role in a scam involving AMD, IBM and 3Com stock. Yesterday, Sandeep Goyal, an employee at Dell's U.S. headquarters between 2006 and 2007 before becoming a financial analyst, was arrested. An unnamed co-conspirator in Dell's investor relations department from 2007 to 2009 is also alleged to have been part of the scam. ... Goyal allegedly made $175,000 by providing inside information about Dell to a hedge fund. He has pleaded guilty to charges of securities fraud."
Medicine

The Problem With Personalized Medicine 216

gManZboy writes "Talk of individually tailored medical treatment isn't pie in the sky. This approach eventually will help us address risk factors even before a disease can invade our cells, and detect preclinical disease before it gets out of hand. What role will medical informatics play in this brave new world? Hint: Little data projects may be as important as big data projects such as gene sequencing. At a recent symposium on personalized medicine, Ezekiel J. Emanuel, MD, chairman of the Department of Medical Ethics and Health at the University of Pennsylvania, questioned whether it would make more sense to target all the lifestyle mistakes that patients make rather than analyze genetic defects. His view: 'Personalized medicine misses the most important fact about modern society--little ill health and premature death is genetic, much more is lifestyle and social.' Is Emanuel a dinosaur or a pragmatist?"
Programming

The Headaches of Cross-Platform Mobile Development 197

snydeq writes "Increased emphasis on distinctive smartphone UIs means even more headaches for cross-platform mobile developers, writes Fatal Exception's Neil McAllister, especially as users continue to favor native over Web-based apps on mobile devices. 'Google and Microsoft are both placing renewed emphasis on their platforms' user experience. That means not just increased competition among smartphone and tablet platforms, but also new challenges for mobile application developers. ... The more the leading smartphone platform UIs differ from one another, the more effort is required to write apps that function comparably across all of them. Dialog boxes, screen transitions, and gestures that are appropriate for one platform might be all wrong for another. Coding the same app for three or four different sets of user interface guidelines adds yet another layer of cost and complexity to cross-platform app development."
Government

Post-9/11 DOJ Tech Project Dying After 10 Years? 115

gManZboy writes "A secure, interoperable radio network that the Department of Justice has been working on for more than a decade and that has cost the agency $356 million may be headed for failure, according to a new report by the agency's inspector general. Called for in the wake of 9/11, the Integrated Wireless Network (IWS) project has already been repeatedly scaled back. Today, the Department of Justice continues to rely on several separate land mobile radio systems, some of which are unreliable, obsolete, and fail to interoperate with one another. Agents often have to swap radios, share channels, or refer to a book of radio frequencies and manually switch between those frequencies to stay online. Radios remain insecure, as much of the current equipment fails to meet encryption requirements. Much of the agency's equipment is more than 15 years old and is no longer even supported by the manufacturer."
Crime

Man Charged With Stealing Code From Federal Reserve Bank 199

wiredmikey writes "A Chinese computer programmer was arrested by U.S. authorities in New York on Wednesday, on charges that he stole proprietary source code while working on a project at the Federal Reserve Bank of New York. The man arrested, Bo Zhang of New York, worked as a contract employee developing a specific portion of the GWA's (Government-Wide Accounting and Reporting Program) source code at the Federal Reserve Bank of New York where the code is maintained. The complaint alleges that in the summer of 2011, Zhang stole the GWA code, something he admitted to in July 2011. Zhang said that he used the GWA Code in connection with a private business he ran training individuals in computer programming."
Hardware

Do Data Center Audits Mean Anything? 84

1sockchuck writes "Data center service providers often tout certifications such as SAS 70, SSAE 16 and SOC 2 as evidence that they meet lofty operational standards. But some of these certifications are based on self-defined standards, and the entire situation is confusing and frustrating to customers, according to one critic, who says data center shoppers are poorly served by the jumble of acronyms and standards. Do these certifications matter when users are seeking data center space? Should they?"
Privacy

Teens Share Passwords As a Form of Intimacy 533

nonprofiteer writes "The New York Times claims that the hot new trend among teenagers in love is to share passwords to their email and Facebook accounts, as the ultimate form of trust. According to Pew, 33% of teens surveyed say they do this. One expert says the pressure to share passwords is akin to the pressure to have sex. Forbes says don't do it! 'There is something pure and romantic about the idea of sharing everything, and having no secrets from one another. But it's romantic the same way that Romeo and Juliet is romantic, in a tragic, horrible, everyone-is-miserable-and-dies-at-the-end kind of way.' Sam Biddle at Gizmodo writes about which passwords are okay to share (like Netflix), but says to stay away from handing over email or Facebook passwords. 'We all need whatever scraps of privacy we have left, and your email is just that.'"
Security

Symantec Admits Its Networks Were Hacked in 2006 113

Orome1 writes "After having first claimed that the source code leaked by Indian hacking group Dharmaraja was not stolen through a breach of its networks, but possibly by compromising the networks of a third-party entity, Symantec backpedalled and announced that the code seems to have exfiltrated during a 2006 breach of its systems. Symantec spokesman Cris Paden has confirmed that unknown hackers have managed to get their hands on the source code to the following Symantec solutions: Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere."
Security

Will Secure Boot Cripple Linux Compatibility? 545

MojoMax writes "The advent of Windows 8 is drawing ever nearer and recently we have learned that ARM devices installed with Windows 8 will not be able to disable the UEFI secure boot feature that many of us are deeply concerned about. However, UEFI is still a very real danger to Linux and the freedom to use whichever OS you chose. Regardless of information for OEMs to enable customers to install their own keys, such as that published by the Linux Foundation, there are still very serious and as yet unresolved issues with using secure boot and Linux. These issues are best summarized quoting Matthew Garrett: 'Signing the kernel isn't enough. Signed Linux kernels must refuse to load any unsigned kernel modules. Virtualbox on Linux? Dead. Nvidia binary driver on Linux? Dead. All out of tree kernel modules? Utterly, utterly dead. Building an updated driver locally? Not going to happen. That's going to make some people fairly unhappy.'"
Crime

Hackers Steal $6.7M In Bank Cyber Heist 91

Orome1 writes "A perfectly planned and coordinated bank robbery was executed during the first three days of the new year in Johannesburg, and left the targeted South African Postbank — part of the nation's Post Office service — with a loss of some $6.7 million. The cyber gang behind the heist was obviously very well informed about the post office's IT systems, and began preparing the ground for the heist a few months before, by opening accounts in post offices across the country and compromising an employee computer in the Rustenburg Post Office."

Slashdot Top Deals