×
Security

Israel Faces Escalating Cyberwar 200

Posted by Soulskill from the i'm-sure-it'll-be-over-soon dept.
New submitter 9re9 writes "The NY Times describes what may be the beginning of an actual cyberwar between a pro-Palestinian group and Israeli companies, specifically El Al and the Tel Aviv stock exchange. From the article: 'A hacker identifying himself as oxOmar, already notorious for posting the details of more than 20,000 Israeli credit cards, sent an overnight warning to Israel's Ynet news outlet that a group of pro-Palestinian cyberattackers called Nightmare planned to bring down the sites in the morning.' Though the article is skimpy on technical details, the group appears to have engaged merely in a DDOS attack. Hamas praised the attack as opening 'a new resistance front against Israel.' Is this the first acknowledged cyberwar?"
Bug

Serious Oracle Flaw Revealed; Patch Coming 100

Posted by timothy from the now-how-much-would-you-pay? dept.
GMGruman writes "A bug in Oracle Database that could take down large databases — or let a hacker do so — has been found, and Oracle promises a patch later today. When InfoWorld first heard of the bug two months ago, its investigation revealed how dangerous this bug could be, and after convincing Oracle to address the issue, InfoWorld held the news until a patch was available, so hackers could not exploit the bug in the meantime. Paul Venezia details just how this bug exposes companies to the possibility of databases going offline, and Eric Knorr asks Oracle users to help test the patch in their complex environments. (InfoWorld's tests in simpler environments show the patch works there.)"
Botnet

Koobface Malware Traced To 5 Russians 64

Posted by timothy from the but-that's-right-near-tampa dept.
New submitter theonlyholle writes "Naked Security, the Sophos IT security blog, has published an article about the authors of the Koobface malware that plagued Facebook users in 2008 and the investigation that led to their identification. Apparently the botnet was created by five Russians from St. Petersburg."
Firefox

Notes On Reducing Firefox's Memory Consumption 297

Posted by timothy from the we-gave-it-post-it-notes dept.
Skuto writes "At yesterdays linux.conf.au Browser miniconference in Ballarat, Australia, Mozilla engineer Nicholas Nethercote gave a detailed presentation about the history of Firefox's memory consumption. The 37 slides-with-notes explain in gritty detail what caused Firefox 4's memory usage to be higher than expected, how many leaks and accidental memory use bugs were tracked down with Valgrind plugins, as well as the pitfalls of common memory allocation strategies. Current work is now focused on reducing the memory usage of popular add-ons such as AdBlock, GreaseMonkey and Firebug. Required reading for people working on large software projects, or those who missed that Firefox is now one of the most memory-efficient browsers in heavy usage."
Security

RSA Chief: Last Year's Breach Has Silver Lining 49

Posted by Soulskill from the learn-the-lesson-in-advance-next-time dept.
alphadogg writes "Last year's industry-shaking RSA Security breach has resulted in customers' CEOs and CIOs engaging much more closely with the vendor to improve their organizations' security, according to the head of RSA. Discussing the details of the attack that compromised its SecurID tokens has made RSA sought after by companies that want to prevent something similar from happening to them, Executive Chairman Art Coviello said in an interview with Network World. 'If there's a silver lining to the cloud that was over us from April through over the summer it is the fact that we've been engaged with customers at a strategic level as never before,' Coviello says, 'and they want to know in detail what happened to us, how we responded, what tools we used, what was effective and what was not.'"
Java

Oracle and the Java Ecosystem 157

Posted by samzenpus from the a-different-approach dept.
First time accepted submitter twofishy writes "After an undeniably rocky start, which saw high profile resignations from the JCP, including Doug Lea (who remains active in the OpenJDK), and the Apache Software Foundation, Oracle is making significant efforts to re-engage with the wider Java ecosystem, a theme which it talked up at the most recent JavaOne conference. The company is working hard to engage with the Java User Group leaders and Java Champions, membership of the OpenJDK project is growing, and the company is making efforts to reform the Java Community Process to improve transparency. The firm has also published a clear, well-defined Java roadmap toward Java 8 and Java 9."
Security

Zappos Hacked: Internal Systems Breached 122

Posted by samzenpus from the under-the-wire dept.
wiredmikey writes "Zappos appears to be the latest victim of a cyber attack resulting in a data breach. In an email to Zappos employees on Sunday, CEO Tony Hsieh asked employees to set aside 20 minutes of their time to read about the breach and what communications would be sent to its over 24 million customers. While Hsieh said that credit card data was not compromised, he did say that 'one or more' of the following pieces of personal information has been accessed by the attacker(s): customer names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers. User passwords were 'cryptographically scrambled,' he said."
Crime

New Cable Designed To Deter Copper Thieves 668

Posted by samzenpus from the nothing-in-it-for-you dept.
Hugh Pickens writes "Pervasive thefts of copper wire from under the streets of Fresno, California have prompted the city to seal thousands of its manhole covers with concrete. In Picher, Oklahoma, someone felled the town's utility poles with chain saws, allowing thieves to abscond with 3,000 feet of wire while causing a blackout. The theft of copper cables costs U.S. companies $60 million a year and the FBI says it considers theft of copper wire to be a threat to the nation's baseline ability to function. But now PC World reports that a U.S. company has developed a new cable design that removes almost all the copper from cables in a bid to deter metal thieves. Unlike conventional cables made from solid copper, the GroundSmart Copper Clad Steel Cable consists of a steel core bonded to a copper outer casing, forming an equally effective but far less valuable cable by exploiting the corrosion-resistance of copper with the conductive properties of steel. 'Companies trying to protect their copper infrastructure have been going to extreme measures to deter theft, many of which are neither successful nor cost effective,' says CommScope vice president, Doug Wells. 'Despite efforts like these, thieves continue to steal copper because of its rising value. The result is costly damage to networks and growing service disruptions.' The GroundSmart Copper Clad Steel cable is the latest technical solution to the problem of copper theft, which has included alternatives like cable etching to aid tracing of stolen metal and using chemicals that leave stains detectable under ultra-violet light. However the Copper Clad Steel strikes at the root of the problem by making the cable less susceptible to theft by both increasing the resistance to cutting and drastically decreasing the scrap value."
Security

DHS X-ray Car Scanners Now At Border Crossings 295

Posted by samzenpus from the scanning-what-you-have-to-declare dept.
OverTheGeicoE writes "CNET has a story on DHS' whole car X-ray scanners and their potential cancer risks. The story focuses on the Z Portal scanner, which appears to be a stationary version of the older Z Backscatter Vans. The story provides interesting pictures of the device and the images it produces, but it also raises important questions about the devices' cancer risks. The average energy of the X-ray beam used is three times that used in a CT scan, which could be big trouble for vehicle passengers and drivers should a vehicle stop in mid-scan. Some studies show the risk for cancer from CT scans can be quite high. Worse still, the DHS estimates of the Z Portal's radiation dosage are likely to be several orders of magnitude too low. 'Society will pay a huge price in cancer because of this,' according to one scientist."
Security

DHS Monitors Social Media For 'Political Dissent' 385

Posted by Soulskill from the howdy-boys dept.
OverTheGeicoE writes "Recently, TSA's 'Blogger Bob' Burns posted a rant against a cupcake on the TSA blog. Perhaps it made you wonder if TSA and its parent agency, the Department of Homeland Security, really understand what we're saying about them, especially online. Well, thanks to a Freedom of Information Act lawsuit from the Electronic Privacy Information Center, we now know a lot more about how they monitor online comments aside from 'Blogger Bob.' EPIC has received hundreds of pages of documents regarding DHS's online surveillance program. These documents reveal that DHS has contracts with General Dynamics for '24/7 media and social network monitoring.' Perhaps it will warm your heart to know that DHS is particularly interested in tracking media stories that 'reflect adversely' on the U.S. government generally and DHS specifically. The documents include a report summary that might be representative of General Dynamics' work. The example includes summaries of comments on blogs and social networking sites, including quotes. Then again, you might remember J. Edgar Hoover's monitoring of antiwar activists during the Vietnam War, which certainly wasn't for the protesters' benefit."
Security

Viruses Stole City College of S.F. Data For Years 93

Posted by Soulskill from the measuring-failure-in-decades dept.
An anonymous reader sends this quote from an article at the San Francisco Chronicle: "Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called 'an infestation' of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned. At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college's data security monitoring service detected an unusual pattern of computer traffic, flagging trouble."
Android

IPv6-Only Is Becoming Viable 209

Posted by timothy from the ok-but-what's-your-64-bit-phone-number? dept.
An anonymous reader writes "With the success of world IPv6 day in 2011, there is a lot of speculation about IPv6 in 2012. But simply turning on IPv6 does not make the problems of IPv4 exhaustion go away. It is only when services are usable with IPv6-only that the internet can clip the ties to the IPv4 boat anchor. That said, FreeBSD, Windows, and Android are working on IPv6-only capabilities. There are multiple accounts of IPv6-only network deployments. From those, we we now know that IPv6-only is viable in mobile, where over 80% (of a sampling of the top 200 apps) work well with IPv6-only. Mobile especially needs IPv6, since their are only 4 billion IPv4 address and approaching 50 billion mobile devices in the next 8 years. Ironically, the Android test data shows that the apps most likely to fail are peer-to-peer, like Skype. Traversing NAT and relying on broken IPv4 is built into their method of operating. P2P communications was supposed to be one of the key improvements in IPv6."
Security

Sykipot Trojan Variant Stealing DoD Smartcard Credentials 44

Posted by Soulskill from the tax-money-well-spent dept.
Trailrunner7 writes "A new research report says variants of the Sykipot Trojan have been found that can steal Dept. of Defense smartcard credentials. The research, published in a blog post Thursday, is the latest by Alien Vault to look at Sykipot, a Trojan horse program known to be used in targeted attacks against the defense industry. The new variants, which Alien Vault believes have been circulating since March, 2011, have been used in 'dozens of attacks' and contain features that would allow remote attackers to steal smart card credentials and access sensitive information."
Microsoft

Microsoft 'Trustworthy Computing' Turns 10 185

Posted by Soulskill from the eat-your-cake-at-your-desk dept.
gManZboy writes "Bill Gates fired off his famous Trustworthy Computing memo to Microsoft employees on Jan. 15, 2002, amid a series of high-profile attacks on Windows computers and browsers in the form of worms and viruses like Code Red and 'Anna Kournikova.' The onslaught forced Gates to declare a security emergency within Microsoft, and halt production while the company's 8,500 software engineers sifted through millions of lines of source code to identify and fix vulnerabilities. The hiatus cost Microsoft $100 million. Today, the stakes are much higher. 'TWC Next' will include a focus on cloud services such as Azure, the company says."
Microsoft

Passwords Not Going Away Any Time Soon 232

Posted by Soulskill from the 12345-letmein dept.
New submitter isoloisti writes "Hot on the heels of IBM's 'no more passwords' prediction, Wired has an article about provocative research saying that passwords are here to stay. Researchers from Microsoft and Carleton U. take a harsh view of research on authentication (PDF), saying, 'no progress has been made in the last twenty years.' They dismiss biometrics, PKI, OpenID, and single-signon: 'Not only have proposed alternatives failed, but we have learnt little from the failures.' Because the computer industry so thoroughly wrote off passwords about a decade ago, not enough serious research has gone into improving passwords and understanding how they get compromised in the real world. 'It is time to admit that passwords will be with us for some time, and moreover, that in many instances they are the best-fit among currently known solutions.'"
Crime

TSA Makes $400K Annually In Loose Change 289

Posted by Soulskill from the nickel-and-dime dept.
Hugh Pickens writes "NBC reports that airport travelers left behind $409,085.56 in loose change at security checkpoints in 2010, providing an additional source of funding for the Transportation Security Administration. 'TSA puts (the leftover money) in a jar at the security checkpoint, at the end of each shift they take it, count it, put it in an envelope and send it to the finance office,' says TSA spokesperson Nico Melendez. 'It is amazing. All that change, it all adds up.' Melendez adds that the money goes into the general operating budget for TSA that is typically used for technology, light bulbs or just overall general expenses. Rep. Jeff Miller (R-Fla.) has introduced legislation that would direct the TSA to transfer unclaimed money recovered at airport security checkpoints to the United Service Organizations (USO), a private nonprofit that operates centers for the military at 41 U.S. airports. The recovered change is not to be confused with the theft that occurs when TSA agents augment their salary by helping themselves to the contents of passengers' luggage as it passes through security checkpoints. For example in 2009, a half dozen TSA agents at Miami International Airport were charged with grand theft after boosting an iPod, bottles of perfume, cameras, a GPS system, a Coach purse, and a Hewlett Packard Mini Notebook from passengers' luggage as travelers at just this one airport reported as many as 1,500 items stolen, the majority of which were never recovered."
IT

How To Get Developers To Document Code 545

Posted by samzenpus from the use-your-words dept.
snydeq writes "Poorly documented code? Chances are the problem lies not in your programmers, but in your process, writes Fatal Exception's Neil McAllister. 'Unfortunately, too few developers seem to do a good job of documenting their code. Encouraging them to start can be a difficult challenge — but not an impossible one,' McAllister writes, adding that to establish a culture of documentation managers should favor the carrot before the stick. 'Like most people, programmers respond better to incentives than to mandates. Simple praise can go a long way, but managers may find other ways to reward developers. Are your developers occasionally on-call for weekend support duties or late-night update deployments? Consider giving them a break if they volunteer to pick up some extra documentation burden. Of course, financial incentives work, too.'"
Graphics

Researcher's Tool Maps Malware In Elegant 3D Model 36

Posted by samzenpus from the making-bad-pretty dept.
Sparrowvsrevolution writes "At the Shmoocon security conference later this month, Danny Quist plans to demo a new three-dimensional version of a tool he's created called Visualization of Executables for Reversing and Analysis, or VERA, that maps viruses' and worms' code into intuitively visible models. Quist, who teaches government and corporate students the art of reverse engineering at Los Alamos National Labs, says he hopes VERA will make the process of taking apart and understanding malware's functionality far easier. VERA observes malware running in a virtual sandbox and identifies the basic blocks of commands it executes. Then those chunks of instructions are color-coded by their function and linked by the order of the malware's operations, like a giant, 3D flow chart. Quist provides a sample video showing a model of a section of the Koobface worm."

Slashdot Top Deals