×
Security

7000 e-Voting Machines Now Deemed Worthless By Irish Government 241

Posted by samzenpus from the nice-doorstop dept.
First time accepted submitter lampsie writes "Despite spending at least 51 million euro over the last decade buying and storing 7000 e-voting machines from Dutch firm Nedap, the Irish Finance minister has announced that they are now 'worthless'. The machines were originally trialled in 2002 on three regional elections, but a nationwide rollout in 2004 was put on hold after a confidential report expressed serious concern over the security of the voting machines. According to the report, the integrity of the ballot could not be guaranteed with the equipment and controls used. Several years on, and tens of millions later, it looks like the pen and paper ballot will remain for now."
Crime

The Future of Hi-Tech Auto Theft 272

Posted by samzenpus from the stealing-the-car-of-the-future dept.
NicknamesAreStupid writes "Over the past twenty years, car theft has declined as new models incorporated electronic security methods that thwarted simple hot-wiring. The tide may now be turning, as cars become the next Windows PC. The Center for Automobile Embedded Systems Security has posted an interesting paper from UCSD and UW that describes how modern cars can be cracked (PDF). Unlike the old days of window jimmies, these exploits range from attacks through the CD or iPod port to cellular attacks that take inventory of thousands of cars and offer roaming thieves Yelp-like choices ('our favorite is mint green with leather') with unlocked doors and running engines."
Crime

Major Financial Groups Share Data To Fight Online Theft 40

Posted by Soulskill from the dogs-and-cats-living-together dept.
smitty777 writes "The Wall Street Journal is reporting on some unprecedented steps being taken by major financial institutions to combat online theft. The initiatives include a new type of data center that would be used to analyze bank data for potential security threats. Additionally, a quarterly round-table between the rivals to attack security issues was proposed. The article notes that 'security threats are pushing the big banks to do something that doesn't come naturally for these secrecy-steeped institutions: share information with one another.' A video at MarketWatch digs into it a little bit more, and points out that the banks will spend an estimated $1 billion on protection this year, which represents a 12% increase. Technologically, there has been much discussion of two-factor authentication to improve security. In fact, security officials in Singapore are even hinting at biometric solutions."
Security

Symantec Sued For Running Fake "Scareware" Scans 391

Posted by samzenpus from the selling-fear dept.
Sparrowvsrevolution writes "James Gross, a resident of Washington State, filed what he intends to be a class action lawsuit against Symantec in a Northern District California court Tuesday, claiming that Symantec defrauds consumers by running fake scans on their machines, with results designed to bully users into upgrading to a paid version of the company's software. 'The scareware does not conduct any actual diagnostic testing on the computer,' the complaint reads. 'Instead, Symantec intentionally designed its scareware to invariably report, in an extremely ominous manner, that harmful errors, privacy risks, and other computer problems exist on the user's PC, regardless of the real condition of the consumer's computer.' Symantec denies those claims, but it has a history of using fear mongering tactics to bump up its sales. A notice it showed in 2010 to users whose subscriptions were ending in 2010 warned that 'cyber-criminals are about to clean out your bank account...Protect yourself now, or beg for mercy.'"
Microsoft

Microsoft Readying Massive Real Time Threat Intelligence Feed 89

Posted by samzenpus from the dangers-of-the-day dept.
chicksdaddy wrote in with a link to a story about a Microsoft project that will share security information in real time with customers and law enforcement. The article reads "Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec. Now the company is ready to start making the data it acquires in those busts available to governments, law enforcement and customers as a real time threat intelligence feed. Representatives from the Redmond, Washington software maker told an audience at the International Conference on Cyber Security (ICCS) here that it was testing a new service to distribute threat data from captured botnets and other sources to partners, including foreign governments, Computer Emergency Response Teams (CERTs) and private corporations."
Medicine

Doctor Warns of the Hidden Danger of Touchscreens 242

Posted by samzenpus from the touch-too-much dept.
snydeq writes "Dr. Franklin Tessler discusses the hidden stress-related injuries of touchscreen use, and how best to use smartphones, tablets, and touch PCs to avoid them. 'Touchscreen-oriented health hazards are even more insidious because most people aren't even aware that they exist. The potential for injury from using touchscreens will only go up ... as the rise of the touchscreen means both new kinds of health hazards and more usage in risky scenarios,' Tessler writes, providing tips for properly positioning touchscreens and ways to avoid repetitive stress injuries and eyestrain."
Firefox

Mozilla Announces Long Term Support Version of Firefox 249

Posted by Unknown Lamer from the can't-stop-until-version-73 dept.
mvar writes "After a meeting held last Monday regarding Mozilla Firefox Extended Support Release, the new version was announced yesterday in a post on Mozilla's official blog: 'We are pleased to announce that the proposal for an Extended Support Release (ESR) of Firefox is now a plan of action. The ESR version of Firefox is for use by enterprises, public institutions, universities, and other organizations that centrally manage their Firefox deployments. Releases of the ESR will occur once a year, providing these organizations with a version of Firefox that receives security updates but does not make changes to the Web or Firefox Add-ons platform.'"
Programming

The Bosses Do Everything Better (or So They Think) 469

Posted by Soulskill from the make-a-button-that-does-everything dept.
theodp writes "Some people, writes Dave Winer, make the mistake of thinking that if the result of someone's work is easy to use, the work itself must be easy. Like the boss — or boss's boss's boss — who asks for your code so he can show you how to implement the features he wants instead of having to bother to explain things. Give the code to him, advises Winer. If he pulls it off, even poorly, at least you'll know what he was asking for. And if he fails, well, he might be more patient about explaining what exactly he wants, and perhaps even appreciate how hard your work is. Or — more likely — you may simply never hear from him again. Win-win-win. So, how do you handle an anything-you-can-do-I-can-do-better boss?"
Networking

Comcast DNSSEC Goes Live 165

Posted by Soulskill from the ahead-of-expectations dept.
An anonymous reader writes "In a blog post, Comcast's Jason Livingood has announced that Comcast has signed all of its (5000+) domains in addition to having all of its customers using DNSSEC-validating resolvers. He adds, 'Now that nearly 20 million households in the U.S. are able to use DNSSEC, we feel it is an important time to urge major domain owners, especially commerce and banking-related sites, to begin signing their domain names.'"
United States

FBI's Troubled Sentinel Project Delayed Again 96

Posted by Unknown Lamer from the project-delays-cost-american-lives dept.
gManZboy writes "The FBI's Sentinel project, a digital case-management system meant to replace outdated, paper-based processes, has been delayed again. The FBI's CIO and CTO bet big on using agile development to hasten the project's completion. But now performance issues have arisen in testing and deployment has been pushed out to May. It's the latest in a series of delays to build a replacement for the FBI's 17-year-old Automated Case Support system. In 2006, the FBI awarded Lockheed Martin a $305 million contract to lead development of Sentinel, but it took back control of the project in September 2010 amid delays and cost overruns. At the time, the FBI said it would finish Sentinel within 12 months, using agile development strategies."
China

Inside the Great Firewall of China's Tor Blocking 160

Posted by Unknown Lamer from the onions-against-the-revolution dept.
Trailrunner7 writes with an article at Threat Post about China's ability to block Tor. From the article: "The much-discussed Great Firewall of China is meant to prevent Chinese citizens from getting to Web sites and content that the country's government doesn't approve of, and it's been endowed with some near-mythical powers by observers over the years. But it's somewhat rare to get a look at the way that the system actually works in practice. Researchers at Team Cymru got just that recently when they were asked by the folks at the Tor Project to help investigate why a user in China was having his connections to a bridge relay outside of China terminated so quickly. Not only is China able to identify Tor sessions, it can do so in near real-time and then probe the Tor bridge relay and terminate the session within a couple of minutes."
The Courts

Employee-Owned Devices Muddy Data Privacy Rights 165

Posted by timothy from the ownership-is-theft dept.
snydeq writes "As companies increasingly enable employees to bring their own devices into business environments, significant legal questions remain regarding the data consumed and created on these employee-owned technologies. 'Strictly speaking, employees have no privacy rights for what's transmitted on company equipment, but employers don't necessarily have access rights to what's transmitted on employees' own devices, such as smartphones, tablets, and home PCs. Also unclear are the rights for information that moves between personal and corporate devices, such as between one employee who uses her own Android and an employee who uses the corporate-issued iPhone. ... This confusion extends to trade secrets and other confidential data, as well as to e-discovery. When employees store company data on their personal devices, that could invalidate the trade secrets, as they've left the employer's control. Given that email clients such as Outlook and Apple Mail store local copies (again, on smartphones, tablets, and home PCs) of server-based email, theoretically many companies' trade secrets are no longer secret.'"
Businesses

Ask Slashdot: Documenting Scattered Sites and Systems? 114

Posted by timothy from the you'll-need-a-lot-of-gasoline-but-only-1-match dept.
First time accepted submitter capriguy84 writes "Six months ago I joined a small firm(~30) where I am pretty much the IT systems guy. I was immediately asked to work on couple of projects without much going through the documentation on what currently exists. So I created new wiki topics everywhere and whenever needed. I am now in a situation where information is scattered across multiple pages and there is lot of overlapping. So I have decided to start a project of re-organizing the wiki so that it makes sense to me and easily accessible for others. I am dealing with 2 disjoint sites, 4 data centers, managing all flavors of Unix, windows, networking, storage, VMware etc. Along with that I have HOWTO guides, cheatsheets, contracts, licensing, projects, proposals and other things that typically exist in a enterprise. Any tips with how to approach? Dos & Don'ts? Recommended reading?"
Microsoft

Microsoft Scraps 'Where's My Phone Update?' Site 162

Posted by timothy from the just-when-you-least-expect-it dept.
An anonymous reader writes "Microsoft disappointed some Windows Phone users on Friday by saying it would stop providing specifics about who will get software updates and when, and announcing vaguely that a new update is 'available to all carriers that request it.' The update fixes a few issues, including one that caused the on-screen keyboard to disappear and another that caused problems with synching Gmail. Eric Hautala, general manager of customer experience engineering for Windows Phone, said Microsoft will no longer say when people will get updates based on their country, phone model and carrier."
Security

TSA Interested In Purchasing Dosimeters 117

Posted by timothy from the for-the-doers-not-the-doees dept.
OverTheGeicoE writes "TSA recently announced that it is looking for vendors of 'radiation measurement devices'. According to the agency's Request for Information, these devices 'will assist the TSA in determining if the Transportation Security Officers (TSO) at selected federalized airports are exposed to ionizing radiation above minimum detectable levels, and whether any measured radiation doses approach or exceed the threshold where personnel dosimetry monitoring is required by DHS/TSA policy.' A TSA spokeman claims that their RFI 'did not reflect any heightened concern by the agency about radiation levels that might be excessive or pose a risk to either TSA screeners or members of the traveling public.' Concern outside the agency, however, has always been high. TSA has long been criticized for its apparent lack of understanding of radiological safety, even for its own employees. There has been speculation of a cancer cluster, possibly caused by poor safety practices in baggage screening."
Businesses

IT Salaries Edge Up Back To 2008 Levels 266

Posted by timothy from the is-that-your-experience? dept.
tsamsoniw writes "A soon-to-be released salary survey finds that the average salary for IT professionals in the U.S. is $78,299, putting overall compensation back at January 2008 levels. More heartening: Midsize and large companies are both aiming to hire more IT pros. The midsize are seeking IT executives (such as VPs of information services and technical services), as well as programmers, database specialists, systems analysts, and voice/wireless communication pros. Enterprises are moving IT and data center operations back in-house, which means greater demand for data center managers and supervisors."
Crime

Apple Patents Power Adapter That Recovers Lost Passwords 210

Posted by Soulskill from the charging-for-security dept.
Sparrowvsrevolution writes "Apple has patented a power charger that also serves as a password recovery backup. If a user forgets his Macbook's password, for instance, he simply plugs in the cord, and it would provide a unique ID number stored in a memory chip in the adapter that acts as a decryption key, unscrambling an encrypted copy of the password stored on the machine. The technique, according to the patent, incentivizes better password use by avoiding traditional password recovery techniques that annoy users and lead to disabled or easily-guessed passwords. The new technique is only secure, the patent admits, in cases where the user leaves a mobile device's charger at home. So the idea may make the most sense for long-battery-life devices like iPods, iPads and iPhones rather than laptops, at least until laptop batteries last long enough that users don't take their power adapters with them and expose them to theft."
Security

Symantec Looks Into Claims of Stolen Source Code 116

Posted by samzenpus from the all-your-code-are-belong-to-us dept.
wiredmikey writes "A group of hackers claim to have stolen source code for Symantec's Norton Antivirus software. The group is operating under the name Dharmaraja, and claims it found the data after compromising Indian military intelligence servers. So far it's unclear if the claims are a significant threat, as the information posted thus far by the hackers includes a document dated April 28, 1999, that Symantec describes as defining the application programming interface (API) for the virus Definition Generation Service. However, a second post entitled 'Norton AV source code file list' includes a list of file names reputedly contained within Norton AntiVirus source code package. Symantec said it is still in the process of analyzing the data in the second post." Update: 01/06 07:05 GMT by S : In a post to their Facebook page, Symantec has now said some of their source code was indeed accessed, but it was four or five years old.
Firefox

Firefox 3.6 Support Ends April 2012 187

Posted by timothy from the slow-motion-shutdown dept.
An anonymous reader writes "Mozilla for some time after switching to the rapid release process talked about releasing Extended Support Releases that would give companies and organizations some breathing space in the race to test and deploy new browser versions. With the first ESR release (which will be Firefox 10), comes the Firefox 3.6 end of life announcement. Firefox 3.6 users will receive update notifications in April to update the browser to the latest stable version by then."
Microsoft

Windows 8 To Include Built-in Reset, Refresh 441

Posted by timothy from the control-z dept.
MrSeb writes "Microsoft, in its infinite wisdom, will provide push-button Reset and Refresh in Windows 8. Reset will restore a Windows 8 PC to its stock, fresh-from-the-factory state; Refresh will reinstall Windows 8, but keep your documents and installed Metro apps in tact. For the power users, Windows 8 will include a new tool called recimg.exe, which allows you to create a hard drive image that Refresh will use (you can install all of your Desktop apps, tweak all your settings, run recimg.exe... and then, when you Refresh, you'll be handed a clean, ready-to-go computer). Reset and Refresh are obviously tablety features that Windows 8 will need to compete against iOS and Android — but considering Windows' malware magnetism and the number of times I've had to schlep over to my mother's house with a Windows CD... these features should be very welcome on the desktop, too."

Slashdot Top Deals