An anonymous reader writes "Altinn.no is a web service run by the Norwegian government, on which citizens can find, fill out and deliver forms electronically. Every year Norwegian citizens can also log in to check their tax results. This year, as every year, the site was unable to cope with the traffic generated from everyone wanting to check their taxes at the same time. New this year, however, was that once people were finally able to log in, a significant amount of people were logged in as someone else. Users then had access to all financial data of this unfortunate person over two years back in time, in addition to the financial information of his wife and the company he worked for. Altinn shut down some 15 minutes later, and has been down since."

Sparrowvsrevolution writes "Forbes profiles Vupen, a French security firm that openly sells secret software exploits to spies and government agencies. Its customers pay a $100,000 annual fee simply for the privilege of paying extra fees for the exploits that Vupen's hackers develop, which the company says can penetrate every major browser, as well as other targets like iOS, Android, Adobe Reader and Microsoft Word. Those individual fees often cost much more than that six-figure subscription, and Vupen sells them non-exclusively to play its customers off each other in an espionage arms race. The company's CEO, Chaouki Bekrar, says Vupen only sells to NATO governments and 'NATO partners' but he admits 'if you sell weapons to someone, there's no way to ensure that they won't sell to another agency.'"

An anonymous reader writes "Microsoft has demoed a working prototype of Microsoft Dynamics GP (an ERP package) running on Windows 8, with a full Metro UI. This is the first example of an enterprise app for the Windows 8 metro 'wall.' The one hour keynote is available online behind a short registration form ... (demos start around 40 minutes in). Screenshots available at source."

alphadogg writes with this excerpt from Network World: "Many mobile apps include ads that can threaten users' privacy and network security, according to North Carolina State University researchers. The National Science Foundation-funded researchers studied 100,000 apps in Google Play (formerly Android Market) and found that more than half contained ad libraries, nearly 300 of which were enabled to grab code from remote servers that could give malware and hackers a way into your smartphone or tablet. 'Running code downloaded from the Internet is problematic because the code could be anything,' says Xuxian Jiang, an assistant professor of computer science at NC State."

zrbyte writes "A growing number of complexity theorists are beginning to recognize some potential problems with cloud computing. The growing consensus is that bizarre and unpredictable behavior often emerges in systems made up of 'networks of networks,' such as a business using the computational resources of a cloud provider. Bryan Ford at Yale University in New Haven says the full risks of the migration to the cloud have yet to be properly explored. He points out that complex systems can fail in many unexpected ways, and he outlines various simple scenarios in which a cloud could come unstuck."

snydeq writes "A hard-to-detect piece of malware that doesn't create any files on the affected systems was dropped onto the computers of visitors to popular news sites in Russia in a drive-by download attack, according to Kaspersky Lab. 'What's interesting about this particular attack is the type of malware that was installed in cases of successful exploitation: one that only lives in the computer's memory. ... It's ideal to stop the infection in its early stages, because once this type of "fileless" malware gets loaded into memory and attaches itself to a trusted process, it's much harder to detect by antivirus programs.'"

wiredmikey writes "Earlier this month, researchers from Kaspersky Lab reached out to the security and programming community in an effort to help solve a mystery related to 'Duqu,' the Trojan often referred to as 'Son of Stuxnet,' which surfaced in October 2010. The mystery rested in a section of code written an unknown programming language and used in the Duqu Framework, a portion of the Payload DLL used by the Trojan to interact with Command & Control (C&C) servers after the malware infected system. Less than two weeks later, Kaspersky Lab experts now say with a high degree of certainty that the Duqu framework was written using a custom object-oriented extension to C, generally called 'OO C' and compiled with Microsoft Visual Studio Compiler 2008 (MSVC 2008) with special options for optimizing code size and inline expansion."

This is a 15 minute video conversation with Andy Marken of Marken Communications, who has been working in technology public relations long enough to know what's what -- and then some. We had a pleasant conversation via Skype, and afterwords he sent along some excellent additional advice about how to handle do-it-yourself tech industry PR.

judgecorp writes "Google is cooling its data center in Douglas County, Georgia, using 'recycled' water that has been through the bathtubs and toilets of the surrounding community. So called 'grey' water is perfectly adequate for the data center's cooling system which relies on evaporation (the wet T-shirt effect), says Google."

angry tapir writes "Luigi Auriemma, the researcher who discovered a recently patched critical vulnerability in Microsoft's Remote Desktop Protocol (RDP), published a proof-of-concept exploit for it after a separate working exploit, which he said possibly originated from Microsoft, was leaked online on Friday. Identified as CVE-2012-0002 and patched by Microsoft on Tuesday, the critical vulnerability can be exploited remotely to execute arbitrary code on systems that accept RDP connections."

diegocg writes "Linux 3.3 has been released. The changes include the merge of kernel code from the Android project. There is also support for a new architecture (TI C6X), much improved balancing and the ability to restripe between different RAID profiles in Btrfs, and several network improvements: a virtual switch implementation (Open vSwitch) designed for virtualization scenarios, a faster and more scalable alternative to the 'bonding' driver, a configurable limit to the transmission queue of the network devices to fight bufferbloat, a network priority control group and per-cgroup TCP buffer limits. There are also many small features and new drivers and fixes. Here's the full changelog."

An anonymous reader writes "Contrary to what many individuals think, not everybody on Slashdot went to college for a computer-related degree. Graduating in May of this year, my undergraduate degree will be in psychology. Like many undergraduate psychology students, I applied to a multitude of graduate programs but, unfortunately, was not given admission into a single one. Many are aware that a bachelor's degree in psychology is quite limiting, so I undoubtedly have been forced into a complicated situation. Despite my degree being in psychology, I have an immense interest in computers and the typical 'hard science' fields. How can one with a degree that is not related to computers acquire a job that is centered around computers? At the moment, I am self-taught and can easily keep up in a conversation of computer science majors. I also do a decent amount of programming in C, Perl, and Python and have contributed to small open source projects. Would Slashdot users recommend receiving a formal computer science education (only about two years, since the nonsensical general education requirements are already completed) before attempting to get such a job? Anybody else in a similar situation?"

An anonymous reader writes "Just hours after the new Apple iPad was released, it was jailbroken in three (how appropriate!) separate ways. This means that hackers have already found and exploited security holes to run custom code on the new iPad with iOS 5.1. The tools for jailbreaking your new iPad aren't yet available, but this first step means the software will be developed sooner rather than later."

jm223 writes "I'm currently a student at a major university, where I do IT work for a fairly large student group. Most of my job involves programming, and so far everyone has been happy with my work. Since we're students, though, no one really has the experience to offer major advice or critiques, and I'm curious about how my coding measures up — and, of course, how I can make it better. CS professors can offer feedback about class projects, but my schoolwork often bears little resemblance to my other work. So, when you're programming without an experienced manager above you, how do you go about improving?"

dsinc writes "A Polish security researcher, Krzysztof Kotowicz, makes an worrisome entry in his blog: with a few lines of Javascript, any web site could list the extensions installed in Chrome (and the other browsers of the Chromium family). Proof of concept is provided here. As there are addons which deal with very personal things like pregnancy or religion, the easiness of access to those very private elements of your life is really troubling." Note: the proof of concept works, so don't click that link if the concept bothers you.

An anonymous reader writes "Security firm Elcomsoft analyzed 17 iOS and BlackBerry password-keeping apps and found their actual security levels well below their claimed level of protection. With additional digging, however, Glenn Fleishman at TidBITS found that Elcomsoft's criticisms rely on physical access to the apps' data stores, and, for some of the more common apps, on the user employing a short (6 characters or fewer) or numeric password. In other words, there really isn't much risk here."

Dmitri Baughman writes "I'm the IT guy at a small software development company of about 100 employees. Everyone is technically inclined, with disciplines in development, QA, and PM areas. As part of a monthly knowledge-sharing meeting, I've been asked to give a 30-minute presentation about our computing and networking infrastructure. I manage a pretty typical environment, so I'm not sure how to present the information in a fun and engaging way. I think network diagrams and bandwidth usage charts would make anyone's eyes glaze over! Any ideas for holding everyone's interest?"

An anonymous reader writes "Antivirus maker Avast is suspending its relationship with iYogi, a company it has relied upon for the past two years to provide live customer support for its products. The move comes just one day after an investigation into iYogi showed the company was using the relationship to push expensive and unnecessary support contracts onto Avast users. In a blog post, Avast's CEO wrote, 'We had initial reports of this behavior a few weeks ago and met with iYogi's senior executives to ensure the behavior was being corrected. Thus, we were shocked to find out about Mr. Krebs' experience. As a consequence, we have removed the iYogi support service from our website and shortly it will be removed from our products.'"

New submitter AstroPhilosopher writes "The National Security Agency is building a complex to monitor and store 'all' communications in a million-square-foot facility. One of its secret roles? Code-breaking your private, personal information. Everybody's a target. Quoting Wired: 'Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages. "We questioned it one time," says another source, a senior intelligence manager who was also involved with the planning. "Why were we building this NSA facility? And, boy, they rolled out all the old guys—the crypto guys." According to the official, these experts told then-director of national intelligence Dennis Blair, "You’ve got to build this thing because we just don’t have the capability of doing the code-breaking." It was a candid admission.'"

mask.of.sanity writes "A working proof of concept has been developed for a dangerous vulnerability in Microsoft's Remote Desktop Protocol (RDP). The hole stands out because many organizations use RDP to work from home or access cloud computing services. Only days after a patch was released, a bounty was offered for devising an exploit, and later a working proof of concept emerged. Chinese researchers were the first to reveal it, and security professionals have found it causes a blue screen of death in Microsoft Windows XP and Windows Server 2003 machines. Many organizations won't apply the patch and many suspect researchers are only days away from weaponizing the code."