another random user writes "A researcher by the name of Suriya Prakash has claimed that the majority of phone numbers on Facebook are not safe. It's not clear where he got his numbers from (he says 98 percent, while another time he says 500 million out of Facebook's 600 million mobile users), but his demonstration certainly showed he could collect countless phone numbers and their corresponding Facebook names with very little effort. Facebook has confirmed that it limited Prakash's activity but it's unclear how long it took to do so. Prakash disagrees with when Facebook says his activity was curtailed." Update: 10/11 17:47 GMT by T : Fred Wolens of Facebook says this isn't an exploit at all, writing "The ability to search for a person by phone number is intentional behavior and not a bug in Facebook. By default, your privacy settings allow everyone to find you with search and friend finder using the contact info you have provided, such as your email address and phone number. You can modify these settings at any time from the Privacy Settings page. Facebook has developed an extensive system for preventing the malicious usage of our search functionality and the scenario described by the researcher was indeed rate-limited and eventually blocked." Update: 10/11 20:25 GMT by T : Suriya Prakash writes with one more note: "Yes, it is a feature of FB and not a bug.but FB never managed to block me; the vul was in m.facebook.com. Read my original post. Many other security researchers also confirmed the existence of this bug; FB did not fix it until all the media coverage." Some of the issue is no doubt semantic; if you have a Facebook account that shows your number, though, you can decide how much you care about the degree to which the data is visible or findable.

Shortly after the release of the newest major version of Firefox, an anonymous reader writes with word that "Mozilla has removed Firefox 16 from its installer page due to security vulnerabilities that, if exploited, could allow 'a malicious site to potentially determine which websites users have visited' ... one temporary work-around, until a fix is released, is to downgrade to 15.0.1"

An anonymous reader writes "Last night, Google held its Pwnium 2 competition at Hack in the Box 2012, offering up a total of $2 million for security holes found in Chrome. Only one was discovered; a young hacker who goes by the alias 'Pinkie Pie' netted the highest reward level: a $60,000 cash prize and a free Chromebook (the second time he pulled it off). Google today patched the flaw and announced a new version of Chrome for Windows, Mac, and Linux."

wiredmikey writes "The U.S. Supreme Court said this week it will let stand an immunity law on wiretapping viewed by government as a useful anti-terror tool but criticized by privacy advocates. The top U.S. court declined to review a December 2011 appeals court decision that rejected a lawsuit against AT&T for helping the NSA monitor its customers' phone calls and Internet traffic. Plaintiffs argue that the law allows the executive branch to conduct 'warrantless and suspicionless domestic surveillance' without fear of review by the courts and at the sole discretion of the attorney general. The Obama administration has argued to keep the immunity law in place, saying it would imperil national security to end such cooperation between the intelligence agencies and telecom companies. The Supreme Court is set to hear a separate case later this month in which civil liberties' group are suing NSA officials for authorizing unconstitutional wiretapping."

judgecorp writes "RSA boss Art Covielo trod on the toes of privacy proponents' toes at London's RSA 2012 show, by accusing them of faulty reasoning and over-stating their fears of Big Brother. By trying to limit what legitimate companies can do with our data, privacy groups are tying the hands of people who might protect us, he says. 'Where is it written that cyber criminals can steal our identities but any industry action to protect us invites cries of Big Brother.' Ever-outspoken, he also complained that governments and cyber-crooks are collaborating to breach organisations with sophisticated techniques. In that world, it is just as well vendors are whiter than white, eh?"

concealment sends this excerpt from CNBC: "A single mysterious computer program that placed orders — and then subsequently canceled them — made up 4 percent of all quote traffic in the U.S. stock market last week, according to the top tracker of high-frequency trading activity. The motive of the algorithm is still unclear. The program placed orders in 25-millisecond bursts involving about 500 stocks, according to Nanex, a market data firm. The algorithm never executed a single trade, and it abruptly ended at about 10:30 a.m. ET Friday."

Hugh Pickens writes "Neal Ungerleider notes that cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmermann has launched a new startup that provides industrial-strength encryption for Android and iOS where users will have access to encrypted phone calls, emails, VoIP videoconferencing, SMS, and MMS. Text and multimedia messages are wiped from a phone's registry after a pre-determined amount of time, and communications within the network are allegedly completely secure. An 'off-shore' company with employees from many countries, Silent Circle's target market includes troops serving abroad, foreign businesspeople in countries known for surveillance of electronic communications, government employees, human rights activists, and foreign activists. For encryption tools, which are frequently used by dissidents living under repressive regimes and others with legitimate reasons to avoid government surveillance, the consequences of failed encryption can be deadly. 'Everyone has a solution [for security] inside your building and inside your network, but the big concern of the large multinational companies coming to us is when the employees are coming home from work, they're on their iPhone, Android, or iPad emailing and texting,' says Zimmermann. 'They're in a hotel in the Middle East. They're not using secure email. They're using Gmail to send PDFs.' Another high-profile encryption tool, Cryptocat, was at the center of controversy earlier this year after charges that Cryptocat had far too many structural flaws for safe use in a repressive environment."

JamieKitson writes "The latest Webconverger 15 release is the first Linux distribution to be automagically updatable from a Github repository. The chroot of the OS is kept natively in git's format and fuse mounted with git-fs. Webconverger fulfills the Web kiosk use case, using Firefox and competes indirectly with Google Chrome OS. Chrome OS also has an autoupdate feature, however not as powerful, unified & transparent as when simply using git."

tsu doh nimh writes "Brian Krebs follows up on a recent Slashdot discussion about a cybercrime gang that is recruiting botmasters to help with concerted heists against U.S. financial institutions. The story looks at the underground's skeptical response to this campaign, which is being led by a criminal hacker named vorVzakone ('thief in law'), who has released a series of videos about himself. vorVzakone also is offering a service called 'insurance from criminal prosecution,' in which miscreants can purchase protection from goons who specialize in bribing or intimidating Russian/Eastern European police into scuttling cybercrime investigations. For $100,000, the service also claims to have people willing to go to jail in place of the insured. Many in the criminal underground view the entire scheme as an elaborate police sting operation."

An anonymous reader writes "I have a cottage at the end of a long dirt road, no electricity nor internet, and recently some (insert expletive here) wads are using the area as a trash dump: countertops, sofas, metal scraps, tvs — all the stuff they don't want to pay to dump at the landfill. I can't block the road because it's a fire access. But I would really like to have a way to catch who is doing this. Are there any a) waterproof, b) self-contained, c) self-powered, and (ideally) d) inexpensive video-recording units out there? Are there any other creative ways to get the guys? I was thinking of something like a device that will cycle, so that the last week of video is recorded. It could take photos or video, and as long as it's small enough that I could camouflage it well, I suspect I'd be able to figure this out soon. And any idea of what my legal rights are to videotape or record?" Hunters have been doing this for years (with film, and now digital) to figure out prey patterns with cameras that are built for concealment; what else would you recommend?

mask.of.sanity writes "New privacy threats have been uncovered by security researchers that could allow every device operating on 3G networks to be tracked. The vulnerabilities could be exploited with cheap commercial off-the-shelf technology to reveal the location of phones and other 3G-capable devices operating on all 3G compliant networks. It was similar, but different, to previous research that demonstrated how attackers could redirect a victim's outgoing traffic to different networks."

CowboyRobot writes "The story begins when GunnAllen, a financial company, outsourced all of its IT to The Revere Group. Before long, it was discovered that 'A senior network engineer had disabled the company's WatchGuard firewalls and routed all of the broker-dealer's IP traffic--including trades and VoIP calls--through his home cable modem.' In addition to the obvious security concerns of sending information such as bank routing information and driver's license numbers, the act violated SEC rules because the routed information was not being logged. Regardless of whether the cause was negligence, incompetence, or sabotage, the matter was swept under the rug for a time until unpaid SQL Server licenses meant threatening calls from Microsoft as well. The rest of the story is one of greed, mismanagement, and neglect, and ends with the SEC's first-ever fine for failure to protect customer data."

concealment writes "Luckily, the Fire's low price and popularity relative to other Android tablets has made it a common target for Android's bustling open-source community, which has automated most of the sometimes-messy process of rooting and flashing your tablet. The Kindle Fire Utility boils the whole rooting process down to a couple of steps, and from there it's pretty easy to find pretty-stable Jelly Bean ROMs. A CyanogenMod-based version is actively maintained, but I prefer the older Hashcode ROM, which is very similar to the interface on the Nexus 7."

dgharmon writes with the lead from a story in the Brisbane Time: "Chinese telecom company Huawei poses a security threat to the United States and should be barred from US contracts and acquisitions, a yearlong congressional investigation has concluded. A draft of a report by the House Intelligence Committee said Huawei and another Chinese telecom, ZTE, 'cannot be trusted' to be free of influence from Beijing and could be used to undermine U.S. security."

New submitter philip.levis writes "Nick McKeown and I are offering a free, online class on computer networking. We're professors of computer science and electrical engineering at Stanford and are also co-teaching Stanford's networking course this quarter. The free, online class will run about six weeks and is intended to be accessible to people who don't program: the prerequisites are an understanding of probability, bits and bytes, and how computers lay out memory. Given how important the Internet is, we think a more accessible course on the principles and practice of computer networks could be a very valuable educational resource. I'm sure many Slashdot readers will already know much of what we'll cover, but for those who don't, here's an opportunity to learn!"

An anonymous reader writes "Mozilla today announced it will soon start prompting Firefox users to upgrade select old plugins. This will only affect Windows users, and three plugins: Adobe Reader, Adobe Flash, and Microsoft Silverlight. Mozilla says Firefox users will 'soon see a notification urging them to update' when they visit a web page that uses the plugins."

lpress writes "A Harvard Business School study sponsored by the Interactive Advertising Bureau shows that the ad-supported Internet is responsible for 5.1 million jobs in the U.S. — two million direct and 3.1 million indirect. They report that the Internet accounted for 3.7% of 2011 GDP. The research, development and procurement that launched the Internet back in the 1970s and 1980s cost the US taxpayers $124.5 million at the time — not a bad investment!" Your calculations may vary.

First time accepted submitter Bruce66423 writes "As a sometime computer programmer who was always very sniffy about the quality of the stuff being knocked up by amateurs aka power users, the current claim that it was a messed up spreadsheet that caused a multi-million pound fiasco is very satisfying. 'The key mechanism... mixed up real and inflated financial figures and contained elements of double counting.'"

Trailrunner7 writes "RSA's FraudAction research team has been monitoring underground chatter and has put together various clues to deduce that a cybercrime gang is actively recruiting up to 100 botmasters to participate in a complicated man-in-the-middle hijacking scam using a variant of the proprietary Gozi Trojan. This is the first time a private cybercrime organization has recruited outsiders to participate in a financially motivated attack, said Mor Ahuvia, cybercrime communications specialist for RSA FraudAction. The attackers are promising their recruits a cut of the profits, and are requiring an initial investment in hardware and training in how to deploy the Gozi Prinimalka Trojan, Ahuvia added. Also, the gang will only share executable files with their partners, and will not give up the Trojan's compilers, keeping the recruits dependent on the gang for updates."

An anonymous reader writes "Like any popular platform, Android has malware. Google's mobile operating system is relatively new, however, so the problem is still taking form. In fact, it turns out that the larger majority of threats on Android come from a single malware family: Android.FakeInstaller, also known as OpFake, which generates revenue by silently sending expensive text messages in the background. McAfee says that the malware family makes up more than 60 percent of Android samples the company processes."