×
Android

IPv6-Only Is Becoming Viable 209

Posted by timothy from the ok-but-what's-your-64-bit-phone-number? dept.
An anonymous reader writes "With the success of world IPv6 day in 2011, there is a lot of speculation about IPv6 in 2012. But simply turning on IPv6 does not make the problems of IPv4 exhaustion go away. It is only when services are usable with IPv6-only that the internet can clip the ties to the IPv4 boat anchor. That said, FreeBSD, Windows, and Android are working on IPv6-only capabilities. There are multiple accounts of IPv6-only network deployments. From those, we we now know that IPv6-only is viable in mobile, where over 80% (of a sampling of the top 200 apps) work well with IPv6-only. Mobile especially needs IPv6, since their are only 4 billion IPv4 address and approaching 50 billion mobile devices in the next 8 years. Ironically, the Android test data shows that the apps most likely to fail are peer-to-peer, like Skype. Traversing NAT and relying on broken IPv4 is built into their method of operating. P2P communications was supposed to be one of the key improvements in IPv6."
Security

Sykipot Trojan Variant Stealing DoD Smartcard Credentials 44

Posted by Soulskill from the tax-money-well-spent dept.
Trailrunner7 writes "A new research report says variants of the Sykipot Trojan have been found that can steal Dept. of Defense smartcard credentials. The research, published in a blog post Thursday, is the latest by Alien Vault to look at Sykipot, a Trojan horse program known to be used in targeted attacks against the defense industry. The new variants, which Alien Vault believes have been circulating since March, 2011, have been used in 'dozens of attacks' and contain features that would allow remote attackers to steal smart card credentials and access sensitive information."
Microsoft

Microsoft 'Trustworthy Computing' Turns 10 185

Posted by Soulskill from the eat-your-cake-at-your-desk dept.
gManZboy writes "Bill Gates fired off his famous Trustworthy Computing memo to Microsoft employees on Jan. 15, 2002, amid a series of high-profile attacks on Windows computers and browsers in the form of worms and viruses like Code Red and 'Anna Kournikova.' The onslaught forced Gates to declare a security emergency within Microsoft, and halt production while the company's 8,500 software engineers sifted through millions of lines of source code to identify and fix vulnerabilities. The hiatus cost Microsoft $100 million. Today, the stakes are much higher. 'TWC Next' will include a focus on cloud services such as Azure, the company says."
Microsoft

Passwords Not Going Away Any Time Soon 232

Posted by Soulskill from the 12345-letmein dept.
New submitter isoloisti writes "Hot on the heels of IBM's 'no more passwords' prediction, Wired has an article about provocative research saying that passwords are here to stay. Researchers from Microsoft and Carleton U. take a harsh view of research on authentication (PDF), saying, 'no progress has been made in the last twenty years.' They dismiss biometrics, PKI, OpenID, and single-signon: 'Not only have proposed alternatives failed, but we have learnt little from the failures.' Because the computer industry so thoroughly wrote off passwords about a decade ago, not enough serious research has gone into improving passwords and understanding how they get compromised in the real world. 'It is time to admit that passwords will be with us for some time, and moreover, that in many instances they are the best-fit among currently known solutions.'"
Crime

TSA Makes $400K Annually In Loose Change 289

Posted by Soulskill from the nickel-and-dime dept.
Hugh Pickens writes "NBC reports that airport travelers left behind $409,085.56 in loose change at security checkpoints in 2010, providing an additional source of funding for the Transportation Security Administration. 'TSA puts (the leftover money) in a jar at the security checkpoint, at the end of each shift they take it, count it, put it in an envelope and send it to the finance office,' says TSA spokesperson Nico Melendez. 'It is amazing. All that change, it all adds up.' Melendez adds that the money goes into the general operating budget for TSA that is typically used for technology, light bulbs or just overall general expenses. Rep. Jeff Miller (R-Fla.) has introduced legislation that would direct the TSA to transfer unclaimed money recovered at airport security checkpoints to the United Service Organizations (USO), a private nonprofit that operates centers for the military at 41 U.S. airports. The recovered change is not to be confused with the theft that occurs when TSA agents augment their salary by helping themselves to the contents of passengers' luggage as it passes through security checkpoints. For example in 2009, a half dozen TSA agents at Miami International Airport were charged with grand theft after boosting an iPod, bottles of perfume, cameras, a GPS system, a Coach purse, and a Hewlett Packard Mini Notebook from passengers' luggage as travelers at just this one airport reported as many as 1,500 items stolen, the majority of which were never recovered."
IT

How To Get Developers To Document Code 545

Posted by samzenpus from the use-your-words dept.
snydeq writes "Poorly documented code? Chances are the problem lies not in your programmers, but in your process, writes Fatal Exception's Neil McAllister. 'Unfortunately, too few developers seem to do a good job of documenting their code. Encouraging them to start can be a difficult challenge — but not an impossible one,' McAllister writes, adding that to establish a culture of documentation managers should favor the carrot before the stick. 'Like most people, programmers respond better to incentives than to mandates. Simple praise can go a long way, but managers may find other ways to reward developers. Are your developers occasionally on-call for weekend support duties or late-night update deployments? Consider giving them a break if they volunteer to pick up some extra documentation burden. Of course, financial incentives work, too.'"
Graphics

Researcher's Tool Maps Malware In Elegant 3D Model 36

Posted by samzenpus from the making-bad-pretty dept.
Sparrowvsrevolution writes "At the Shmoocon security conference later this month, Danny Quist plans to demo a new three-dimensional version of a tool he's created called Visualization of Executables for Reversing and Analysis, or VERA, that maps viruses' and worms' code into intuitively visible models. Quist, who teaches government and corporate students the art of reverse engineering at Los Alamos National Labs, says he hopes VERA will make the process of taking apart and understanding malware's functionality far easier. VERA observes malware running in a virtual sandbox and identifies the basic blocks of commands it executes. Then those chunks of instructions are color-coded by their function and linked by the order of the malware's operations, like a giant, 3D flow chart. Quist provides a sample video showing a model of a section of the Koobface worm."
Security

7000 e-Voting Machines Now Deemed Worthless By Irish Government 241

Posted by samzenpus from the nice-doorstop dept.
First time accepted submitter lampsie writes "Despite spending at least 51 million euro over the last decade buying and storing 7000 e-voting machines from Dutch firm Nedap, the Irish Finance minister has announced that they are now 'worthless'. The machines were originally trialled in 2002 on three regional elections, but a nationwide rollout in 2004 was put on hold after a confidential report expressed serious concern over the security of the voting machines. According to the report, the integrity of the ballot could not be guaranteed with the equipment and controls used. Several years on, and tens of millions later, it looks like the pen and paper ballot will remain for now."
Crime

The Future of Hi-Tech Auto Theft 272

Posted by samzenpus from the stealing-the-car-of-the-future dept.
NicknamesAreStupid writes "Over the past twenty years, car theft has declined as new models incorporated electronic security methods that thwarted simple hot-wiring. The tide may now be turning, as cars become the next Windows PC. The Center for Automobile Embedded Systems Security has posted an interesting paper from UCSD and UW that describes how modern cars can be cracked (PDF). Unlike the old days of window jimmies, these exploits range from attacks through the CD or iPod port to cellular attacks that take inventory of thousands of cars and offer roaming thieves Yelp-like choices ('our favorite is mint green with leather') with unlocked doors and running engines."
Crime

Major Financial Groups Share Data To Fight Online Theft 40

Posted by Soulskill from the dogs-and-cats-living-together dept.
smitty777 writes "The Wall Street Journal is reporting on some unprecedented steps being taken by major financial institutions to combat online theft. The initiatives include a new type of data center that would be used to analyze bank data for potential security threats. Additionally, a quarterly round-table between the rivals to attack security issues was proposed. The article notes that 'security threats are pushing the big banks to do something that doesn't come naturally for these secrecy-steeped institutions: share information with one another.' A video at MarketWatch digs into it a little bit more, and points out that the banks will spend an estimated $1 billion on protection this year, which represents a 12% increase. Technologically, there has been much discussion of two-factor authentication to improve security. In fact, security officials in Singapore are even hinting at biometric solutions."
Security

Symantec Sued For Running Fake "Scareware" Scans 391

Posted by samzenpus from the selling-fear dept.
Sparrowvsrevolution writes "James Gross, a resident of Washington State, filed what he intends to be a class action lawsuit against Symantec in a Northern District California court Tuesday, claiming that Symantec defrauds consumers by running fake scans on their machines, with results designed to bully users into upgrading to a paid version of the company's software. 'The scareware does not conduct any actual diagnostic testing on the computer,' the complaint reads. 'Instead, Symantec intentionally designed its scareware to invariably report, in an extremely ominous manner, that harmful errors, privacy risks, and other computer problems exist on the user's PC, regardless of the real condition of the consumer's computer.' Symantec denies those claims, but it has a history of using fear mongering tactics to bump up its sales. A notice it showed in 2010 to users whose subscriptions were ending in 2010 warned that 'cyber-criminals are about to clean out your bank account...Protect yourself now, or beg for mercy.'"
Microsoft

Microsoft Readying Massive Real Time Threat Intelligence Feed 89

Posted by samzenpus from the dangers-of-the-day dept.
chicksdaddy wrote in with a link to a story about a Microsoft project that will share security information in real time with customers and law enforcement. The article reads "Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec. Now the company is ready to start making the data it acquires in those busts available to governments, law enforcement and customers as a real time threat intelligence feed. Representatives from the Redmond, Washington software maker told an audience at the International Conference on Cyber Security (ICCS) here that it was testing a new service to distribute threat data from captured botnets and other sources to partners, including foreign governments, Computer Emergency Response Teams (CERTs) and private corporations."
Medicine

Doctor Warns of the Hidden Danger of Touchscreens 242

Posted by samzenpus from the touch-too-much dept.
snydeq writes "Dr. Franklin Tessler discusses the hidden stress-related injuries of touchscreen use, and how best to use smartphones, tablets, and touch PCs to avoid them. 'Touchscreen-oriented health hazards are even more insidious because most people aren't even aware that they exist. The potential for injury from using touchscreens will only go up ... as the rise of the touchscreen means both new kinds of health hazards and more usage in risky scenarios,' Tessler writes, providing tips for properly positioning touchscreens and ways to avoid repetitive stress injuries and eyestrain."
Firefox

Mozilla Announces Long Term Support Version of Firefox 249

Posted by Unknown Lamer from the can't-stop-until-version-73 dept.
mvar writes "After a meeting held last Monday regarding Mozilla Firefox Extended Support Release, the new version was announced yesterday in a post on Mozilla's official blog: 'We are pleased to announce that the proposal for an Extended Support Release (ESR) of Firefox is now a plan of action. The ESR version of Firefox is for use by enterprises, public institutions, universities, and other organizations that centrally manage their Firefox deployments. Releases of the ESR will occur once a year, providing these organizations with a version of Firefox that receives security updates but does not make changes to the Web or Firefox Add-ons platform.'"
Programming

The Bosses Do Everything Better (or So They Think) 469

Posted by Soulskill from the make-a-button-that-does-everything dept.
theodp writes "Some people, writes Dave Winer, make the mistake of thinking that if the result of someone's work is easy to use, the work itself must be easy. Like the boss — or boss's boss's boss — who asks for your code so he can show you how to implement the features he wants instead of having to bother to explain things. Give the code to him, advises Winer. If he pulls it off, even poorly, at least you'll know what he was asking for. And if he fails, well, he might be more patient about explaining what exactly he wants, and perhaps even appreciate how hard your work is. Or — more likely — you may simply never hear from him again. Win-win-win. So, how do you handle an anything-you-can-do-I-can-do-better boss?"
Networking

Comcast DNSSEC Goes Live 165

Posted by Soulskill from the ahead-of-expectations dept.
An anonymous reader writes "In a blog post, Comcast's Jason Livingood has announced that Comcast has signed all of its (5000+) domains in addition to having all of its customers using DNSSEC-validating resolvers. He adds, 'Now that nearly 20 million households in the U.S. are able to use DNSSEC, we feel it is an important time to urge major domain owners, especially commerce and banking-related sites, to begin signing their domain names.'"
United States

FBI's Troubled Sentinel Project Delayed Again 96

Posted by Unknown Lamer from the project-delays-cost-american-lives dept.
gManZboy writes "The FBI's Sentinel project, a digital case-management system meant to replace outdated, paper-based processes, has been delayed again. The FBI's CIO and CTO bet big on using agile development to hasten the project's completion. But now performance issues have arisen in testing and deployment has been pushed out to May. It's the latest in a series of delays to build a replacement for the FBI's 17-year-old Automated Case Support system. In 2006, the FBI awarded Lockheed Martin a $305 million contract to lead development of Sentinel, but it took back control of the project in September 2010 amid delays and cost overruns. At the time, the FBI said it would finish Sentinel within 12 months, using agile development strategies."
China

Inside the Great Firewall of China's Tor Blocking 160

Posted by Unknown Lamer from the onions-against-the-revolution dept.
Trailrunner7 writes with an article at Threat Post about China's ability to block Tor. From the article: "The much-discussed Great Firewall of China is meant to prevent Chinese citizens from getting to Web sites and content that the country's government doesn't approve of, and it's been endowed with some near-mythical powers by observers over the years. But it's somewhat rare to get a look at the way that the system actually works in practice. Researchers at Team Cymru got just that recently when they were asked by the folks at the Tor Project to help investigate why a user in China was having his connections to a bridge relay outside of China terminated so quickly. Not only is China able to identify Tor sessions, it can do so in near real-time and then probe the Tor bridge relay and terminate the session within a couple of minutes."
The Courts

Employee-Owned Devices Muddy Data Privacy Rights 165

Posted by timothy from the ownership-is-theft dept.
snydeq writes "As companies increasingly enable employees to bring their own devices into business environments, significant legal questions remain regarding the data consumed and created on these employee-owned technologies. 'Strictly speaking, employees have no privacy rights for what's transmitted on company equipment, but employers don't necessarily have access rights to what's transmitted on employees' own devices, such as smartphones, tablets, and home PCs. Also unclear are the rights for information that moves between personal and corporate devices, such as between one employee who uses her own Android and an employee who uses the corporate-issued iPhone. ... This confusion extends to trade secrets and other confidential data, as well as to e-discovery. When employees store company data on their personal devices, that could invalidate the trade secrets, as they've left the employer's control. Given that email clients such as Outlook and Apple Mail store local copies (again, on smartphones, tablets, and home PCs) of server-based email, theoretically many companies' trade secrets are no longer secret.'"

Slashdot Top Deals