×
Networking

Comcast DNSSEC Goes Live 165

Posted by Soulskill from the ahead-of-expectations dept.
An anonymous reader writes "In a blog post, Comcast's Jason Livingood has announced that Comcast has signed all of its (5000+) domains in addition to having all of its customers using DNSSEC-validating resolvers. He adds, 'Now that nearly 20 million households in the U.S. are able to use DNSSEC, we feel it is an important time to urge major domain owners, especially commerce and banking-related sites, to begin signing their domain names.'"
United States

FBI's Troubled Sentinel Project Delayed Again 96

Posted by Unknown Lamer from the project-delays-cost-american-lives dept.
gManZboy writes "The FBI's Sentinel project, a digital case-management system meant to replace outdated, paper-based processes, has been delayed again. The FBI's CIO and CTO bet big on using agile development to hasten the project's completion. But now performance issues have arisen in testing and deployment has been pushed out to May. It's the latest in a series of delays to build a replacement for the FBI's 17-year-old Automated Case Support system. In 2006, the FBI awarded Lockheed Martin a $305 million contract to lead development of Sentinel, but it took back control of the project in September 2010 amid delays and cost overruns. At the time, the FBI said it would finish Sentinel within 12 months, using agile development strategies."
China

Inside the Great Firewall of China's Tor Blocking 160

Posted by Unknown Lamer from the onions-against-the-revolution dept.
Trailrunner7 writes with an article at Threat Post about China's ability to block Tor. From the article: "The much-discussed Great Firewall of China is meant to prevent Chinese citizens from getting to Web sites and content that the country's government doesn't approve of, and it's been endowed with some near-mythical powers by observers over the years. But it's somewhat rare to get a look at the way that the system actually works in practice. Researchers at Team Cymru got just that recently when they were asked by the folks at the Tor Project to help investigate why a user in China was having his connections to a bridge relay outside of China terminated so quickly. Not only is China able to identify Tor sessions, it can do so in near real-time and then probe the Tor bridge relay and terminate the session within a couple of minutes."
The Courts

Employee-Owned Devices Muddy Data Privacy Rights 165

Posted by timothy from the ownership-is-theft dept.
snydeq writes "As companies increasingly enable employees to bring their own devices into business environments, significant legal questions remain regarding the data consumed and created on these employee-owned technologies. 'Strictly speaking, employees have no privacy rights for what's transmitted on company equipment, but employers don't necessarily have access rights to what's transmitted on employees' own devices, such as smartphones, tablets, and home PCs. Also unclear are the rights for information that moves between personal and corporate devices, such as between one employee who uses her own Android and an employee who uses the corporate-issued iPhone. ... This confusion extends to trade secrets and other confidential data, as well as to e-discovery. When employees store company data on their personal devices, that could invalidate the trade secrets, as they've left the employer's control. Given that email clients such as Outlook and Apple Mail store local copies (again, on smartphones, tablets, and home PCs) of server-based email, theoretically many companies' trade secrets are no longer secret.'"
Businesses

Ask Slashdot: Documenting Scattered Sites and Systems? 114

Posted by timothy from the you'll-need-a-lot-of-gasoline-but-only-1-match dept.
First time accepted submitter capriguy84 writes "Six months ago I joined a small firm(~30) where I am pretty much the IT systems guy. I was immediately asked to work on couple of projects without much going through the documentation on what currently exists. So I created new wiki topics everywhere and whenever needed. I am now in a situation where information is scattered across multiple pages and there is lot of overlapping. So I have decided to start a project of re-organizing the wiki so that it makes sense to me and easily accessible for others. I am dealing with 2 disjoint sites, 4 data centers, managing all flavors of Unix, windows, networking, storage, VMware etc. Along with that I have HOWTO guides, cheatsheets, contracts, licensing, projects, proposals and other things that typically exist in a enterprise. Any tips with how to approach? Dos & Don'ts? Recommended reading?"
Microsoft

Microsoft Scraps 'Where's My Phone Update?' Site 162

Posted by timothy from the just-when-you-least-expect-it dept.
An anonymous reader writes "Microsoft disappointed some Windows Phone users on Friday by saying it would stop providing specifics about who will get software updates and when, and announcing vaguely that a new update is 'available to all carriers that request it.' The update fixes a few issues, including one that caused the on-screen keyboard to disappear and another that caused problems with synching Gmail. Eric Hautala, general manager of customer experience engineering for Windows Phone, said Microsoft will no longer say when people will get updates based on their country, phone model and carrier."
Security

TSA Interested In Purchasing Dosimeters 117

Posted by timothy from the for-the-doers-not-the-doees dept.
OverTheGeicoE writes "TSA recently announced that it is looking for vendors of 'radiation measurement devices'. According to the agency's Request for Information, these devices 'will assist the TSA in determining if the Transportation Security Officers (TSO) at selected federalized airports are exposed to ionizing radiation above minimum detectable levels, and whether any measured radiation doses approach or exceed the threshold where personnel dosimetry monitoring is required by DHS/TSA policy.' A TSA spokeman claims that their RFI 'did not reflect any heightened concern by the agency about radiation levels that might be excessive or pose a risk to either TSA screeners or members of the traveling public.' Concern outside the agency, however, has always been high. TSA has long been criticized for its apparent lack of understanding of radiological safety, even for its own employees. There has been speculation of a cancer cluster, possibly caused by poor safety practices in baggage screening."
Businesses

IT Salaries Edge Up Back To 2008 Levels 266

Posted by timothy from the is-that-your-experience? dept.
tsamsoniw writes "A soon-to-be released salary survey finds that the average salary for IT professionals in the U.S. is $78,299, putting overall compensation back at January 2008 levels. More heartening: Midsize and large companies are both aiming to hire more IT pros. The midsize are seeking IT executives (such as VPs of information services and technical services), as well as programmers, database specialists, systems analysts, and voice/wireless communication pros. Enterprises are moving IT and data center operations back in-house, which means greater demand for data center managers and supervisors."
Crime

Apple Patents Power Adapter That Recovers Lost Passwords 210

Posted by Soulskill from the charging-for-security dept.
Sparrowvsrevolution writes "Apple has patented a power charger that also serves as a password recovery backup. If a user forgets his Macbook's password, for instance, he simply plugs in the cord, and it would provide a unique ID number stored in a memory chip in the adapter that acts as a decryption key, unscrambling an encrypted copy of the password stored on the machine. The technique, according to the patent, incentivizes better password use by avoiding traditional password recovery techniques that annoy users and lead to disabled or easily-guessed passwords. The new technique is only secure, the patent admits, in cases where the user leaves a mobile device's charger at home. So the idea may make the most sense for long-battery-life devices like iPods, iPads and iPhones rather than laptops, at least until laptop batteries last long enough that users don't take their power adapters with them and expose them to theft."
Security

Symantec Looks Into Claims of Stolen Source Code 116

Posted by samzenpus from the all-your-code-are-belong-to-us dept.
wiredmikey writes "A group of hackers claim to have stolen source code for Symantec's Norton Antivirus software. The group is operating under the name Dharmaraja, and claims it found the data after compromising Indian military intelligence servers. So far it's unclear if the claims are a significant threat, as the information posted thus far by the hackers includes a document dated April 28, 1999, that Symantec describes as defining the application programming interface (API) for the virus Definition Generation Service. However, a second post entitled 'Norton AV source code file list' includes a list of file names reputedly contained within Norton AntiVirus source code package. Symantec said it is still in the process of analyzing the data in the second post." Update: 01/06 07:05 GMT by S : In a post to their Facebook page, Symantec has now said some of their source code was indeed accessed, but it was four or five years old.
Firefox

Firefox 3.6 Support Ends April 2012 187

Posted by timothy from the slow-motion-shutdown dept.
An anonymous reader writes "Mozilla for some time after switching to the rapid release process talked about releasing Extended Support Releases that would give companies and organizations some breathing space in the race to test and deploy new browser versions. With the first ESR release (which will be Firefox 10), comes the Firefox 3.6 end of life announcement. Firefox 3.6 users will receive update notifications in April to update the browser to the latest stable version by then."
Microsoft

Windows 8 To Include Built-in Reset, Refresh 441

Posted by timothy from the control-z dept.
MrSeb writes "Microsoft, in its infinite wisdom, will provide push-button Reset and Refresh in Windows 8. Reset will restore a Windows 8 PC to its stock, fresh-from-the-factory state; Refresh will reinstall Windows 8, but keep your documents and installed Metro apps in tact. For the power users, Windows 8 will include a new tool called recimg.exe, which allows you to create a hard drive image that Refresh will use (you can install all of your Desktop apps, tweak all your settings, run recimg.exe... and then, when you Refresh, you'll be handed a clean, ready-to-go computer). Reset and Refresh are obviously tablety features that Windows 8 will need to compete against iOS and Android — but considering Windows' malware magnetism and the number of times I've had to schlep over to my mother's house with a Windows CD... these features should be very welcome on the desktop, too."
Open Source

Linux 3.2 Has Been Released 271

Posted by samzenpus from the check-it-out dept.
diegocg writes "Linux 3.2 has been released. New features include support for Ext4 block size bigger than 4KB and up to 1MB, btrfs has added faster scrubbing, automatic backup of critical metadata and tools for manual inspection; the process scheduler has added support to set upper limits of CPU time; the desktop responsiveness in presence of heavy writes has been improved, TCP has been updated to include an algorithm which speeds up the recovery of connection after lost packets; the profiling tool 'perf top' has added support for live inspection of tasks and libraries. The Device Mapper has added support for 'thin provisioning' of storage, and a support for a new architecture has been added: Hexagon DSP processor from Qualcomm. New drivers and small improvements and fixes are also available in this release. Here's the full list of changes."
Security

Linux Foundation Sites Restored 141

Posted by samzenpus from the welcome-back dept.
LinuxScribe writes "The Linux Foundation has quietly restored all of the websites it took down following the September 2011 breach that affected Linux.com and all other Foundation websites--an attack that was linked to the August 2011 breach of kernel.org. But one website won't be coming back: the Linux Developer Network, launched in 2008. Content from the site will now be hosted across all of the Linux Foundation's web properties."
Security

Diebold Marries VMs with ATMs to Secure Banking Data 151

Posted by timothy from the do-you-machine-take-this-data dept.
gManZboy writes "Automatic teller machine maker Diebold has taken a novel approach to protecting bank customer data: virtualization. Virtualized ATMs store all customer data on central servers, rather than the ATM itself, making it difficult for criminals to steal data from the machines. In places including Brazil, customer data has been at risk when thieves pulled or dynamited ATMs out of their settings and drove off with them. With threats increasing worldwide at many retail points of sale, such as supermarket checkout counters and service station gas pumps, Diebold needed to guarantee the security of customer data entered at the 50,000 ATMs that it manages. Diebold last year partnered with VMware to produce a zero-client ATM. No customer data is captured and stored on the ATM itself." Perhaps Diebold should take the same approach to vote-tabulating machines.
Security

One Million Web Pages Attacked By Lilupophilupop 120

Posted by Unknown Lamer from the lilliputian-record-label-marketing-gone-wrong dept.
hankwang writes "The Internet Storm Center reported that one million web pages have been attacked by the Lilupophilupop SQL injection and contain a malicious Javascript link. Affected sites can be found using a Google search query. See also the technical details of the SQL injection. The attack is directed to sites running ASP or ColdFusion with an MSSQL backend. The payload of the Javascript leads, via redirects and obfuscated Javascript, to a fake download page for Adobe Flash and antivirus software."
Security

Cleaning Up the Mess After a Major Hack Attack 100

Posted by Soulskill from the cut-the-lines dept.
Hugh Pickens writes "Kevin Mandia has spent his entire career cleaning up problems much like the recent breach at Stratfor where Anonymous defaced Stratfor's Web site, published over 50,000 of its customers' credit card numbers online and have threatened to release a trove of 3.3 million e-mails, putting Stratfor is in the position of trying to recover from a potentially devastating attack without knowing whether the worst is over. Mandia, who has responded to breaches, extortion attacks and economic espionage campaigns at 22 companies in the Fortune 100 in the last two years and has told Congress that if an advanced attacker targets your company then a breach is inevitable (PDF), calls the first hour he spends with companies 'upchuck hour' as he asks for firewall logs, web logs, and emails to quickly determine the 'fingerprint' of the intrusion and its scope. The first thing a forensics team will do is try to get the hackers off the company's network, which entails simultaneously plugging any security holes, removing any back doors into the company's network that the intruders might have installed, and changing all the company's passwords. 'This is something most people fail at. It's like removing cancer. You have to remove it all at once. If you only remove the cancer in your leg, but you have it in your arm, you might as well have not had the operation on your leg.' In the case of Stratfor, hackers have taken to Twitter to announce that they plan to release more Stratfor data over the next several days, offering a ray of hope — experts say the most dangerous breaches are the quiet ones that leave no trace."
Android

Securing Android For the Enterprise 136

Posted by Soulskill from the lcars-cream-sandwich dept.
Orome1 writes "While many companies use IPsec for secure remote access to their networks, no integrated IPsec VPN client is available on Android. Apple has already fixed this shortcoming in iOS, in part, because it wanted make the iPhone attractive for businesses. The Android operating system doesn't just lack an integrated IPsec VPN client, it also makes installing and configuring third-party VPN software quite complicated. IPsec VPN clients have to be integrated into the kernel of each device, and the client software has to be installed specifically for a memory area. This means that the firmware of each Android smartphone or tablet has to be modified accordingly. Until a 'real' IPsec VPN client is available, Android users can use their devices' integrated VPN clients based on PPTP or L2TP, which is deployed over IPsec. A 'real' IPsec VPN connection, however, is more secure because it encrypts data prior to authentication."
Japan

Fujitsu To Develop Vigilante Computer Virus For Japan 129

Posted by Soulskill from the which-will-lead-to-anti-anti-virus-viruses dept.
wiedzmin writes "Japanese Defense Ministry has awarded Fujitsu a contract to develop a vigilante computer virus, which will track down and eliminate other viruses, or rather — their sources of origin. Are 'good' viruses a bad idea? Sophos seems to think so, saying, 'When you're trying to gather digital forensic evidence as to what has broken into your network, and what data it may have stolen, it's probably not wise to let loose a program that starts to trample over your hard drives, making changes.'"
Image

Chaos Communication Congress Releases Talks Screenshot-sm 15

Posted by Unknown Lamer from the all-hail-the-chaos dept.
First time accepted submitter jehan60188 writes with this excerpt from an article from Hack a Day: "The 28th Annual Chaos Communication Congress just wrapped things up on December 31st and they've already published recordings of all the talks at the event. These talks were live-streamed, but if you didn't find time in your schedule to see all that you wanted, you'll be happy to find your way to the YouTube collection of the event. The topics span a surprising range. We were surprised to see a panel discussion on depression and suicide among geeks ... which joins another panel called Queer Geeks, to address some social issues rather than just hardcore security tech. But there's plenty of that as well with topics on cryptography, security within web applications, and also a segment on electronic currencies like Bitcoins.'" The CCC wiki has a list of mirrors with downloads in multiple formats (including WebM).

Slashdot Top Deals