Skuto writes "After offering a total prize fund of up to $1M for a successful Chrome hack, it seems Google got what it wanted (or not!). No more than 5 minutes into the Pwn2Own cracking contest team Vupen exploited 2 Chrome bugs to demonstrate a total break of Google's browser. They will win at least 60k USD out of Google's prize fund, as well as taking a strong option on winning the overall Pwn2Own prize. It also illustrates that Chrome's much lauded sandboxing is not a silver bullet for browser security."

An anonymous reader writes "DuQu, the malicious code that followed in the wake of the infamous Stuxnet code, has been analyzed nearly as much as its predecessor. But one part of the code remains a mystery, and researchers are asking programmers for help in solving it. The mystery concerns an essential component of the malware that communicates with command-and-control servers and has the ability to download additional payload modules and execute them on infected machines."

adeelarshad82 writes "As expected, Apple announced the new iPad complete with a Retina Display, quad-core processor, 4G LTE, and an improved camera. The new iPad will run the rumored A5X processor, which according to Apple will provide four times the performance of the Tegra 3. The revamped tablet will also include a 2048-by-1536 display, apparently the most in any mobile device. And finally with 4G LTE, the new iPad will provide up to 73 Mbps download speeds; partners for which include Verizon, Rogers, Bell, Telus, and AT&T."

uigrad_2000 writes "Yesterday, we learned that one of the top members of LulzSec (Sabu) had been an FBI informant for almost 6 months, and that this confidant of the LulzSec leader 'anarchaos' had given the feds what they needed to take him down. More details have come out now, completing a picture of how the sting took place from start to finish. It turns out that even the server space given from Sabu to anarchaos storing the details of 30,000 credit cards (from the Stratfor hack) had been funded by the FBI."

An anonymous reader writes "Surviving members of anonymous and/or lulzsec have hacked Panda Security's systems and defaced their site. Looks like revenge is coming back." El Reg has screenshots of the defacement. Panda Security says the intruders only managed to exploit the web server and did not compromise their internal networks.

alphadogg writes with an excerpt from an article over at Network World: "Almost 30,000 WordPress blogs have been infected in a new wave of attacks orchestrated by a cybercriminal gang whose primary goal is to distribute rogue antivirus software, researchers from security firm Websense say. The attacks have resulted in over 200,000 infected pages that redirect users to websites displaying fake antivirus scans. The latest compromises are part of a rogue antivirus distribution campaign that has been going on for months, the Websense researchers said."

TheNextCorner points out a video that lays bare a glaring flaw in the TSA body scanners used in airports to detect weapons and explosives. In such scans, citizens are depicted in light colors, while metallic objects show as very dark. The problem comes when you consider that the images are taken with a dark background. From the transcript: "Yes that’s right, if you have a metallic object on your side, it will be the same color as the background and therefore completely invisible to both visual and automated inspection. It can’t possibly be that easy to beat the TSA’s billion dollar fleet of nude body scanners, right? The TSA can’t be that stupid, can they? Unfortunately, they can, and they are. To put it to the test, I bought a sewing kit from the dollar store, broke out my 8th grade home ec skills, and sewed a pocket directly on the side of a shirt. Then I took a random metallic object, in this case a heavy metal carrying case that would easily alarm any of the “old” metal detectors, and walked through a backscatter x-ray at Fort Lauderdale-Hollywood International Airport. On video, of course. While I’m not about to win any videography awards for my hidden camera footage, you can watch as I walk through the security line with the metal object in my new side pocket."

Riskable writes "As a follow-up to my previous Slashdot story, Gate One is now out of beta. Packages can be downloaded here. There's also a live demo: press the ESC key on this page to have a terminal running lynx drop into view, Quake-style! I've also posted a video overview and the documentation can be found here. Some pertinent changes since the beta: Added the ability display images inline within terminals, key-based SSH authentication, a WebSockets authentication API (for secure embedding), dramatically improved terminal emulation, an overhauled bookmark manager, support for international keyboard layouts, and a web-based log viewer that lets you export logs to self-contained HTML playback files."

An anonymous reader writes "It's twenty years since the first big virus scare. According to security blogger Graham Cluley, who has written up his memories of the hard disk wiping virus, John McAfee predicted that around 5 million computers would be zapped by the virus on March 6th 1992. Of course, the truth was nothing like as bad — but the antivirus business was plagued forevermore by accusations of fear-mongering."

An anonymous reader writes "Matt Dillon of DragonFly BSD just announced that AMD confirmed a CPU bug he found. Matt quotes part of the mail exchange and it looks like 'consecutive back-to-back pops and (near) return instructions can create a condition where the processor incorrectly updates the stack pointer.' The specific manifestations in DragonFly were random segmentation faults under heavy load."

Esther Schindler writes "Many of us geeks prefer to work at home without distractions, but a lot of bosses still believe that if they don't see you, you must be lolling about, eating bon-bons and playing Angry Birds. 'There may be many reasons a manager is distrustful of telecommuting but the phenomenon of what Albiero calls "presentism"—that is, only trusting and rewarding the folks you see at their computer is a major factor.' So it may be of some use to read through the research compiled by Diann Daniel that says telecommuting creates happier and more productive employees (which naturally include fewer distractions and better work-life balance), and an accompanying infographic showing the environmental benefits from reduced commuting. She follows it up with suggestions on how managers can mentor and support teleworkers. Some of this is general advice, but some of the tips are more specific: 'It may seem like a lot more work—all this up-front addressing of communication issues that happen far more naturally in the office—but the upside is increased efficiency. Albiero sees this especially in the area of meetings. He speaks of one client who has now instituted a meeting format that is structured to allow for the first five minutes of all meetings to be "small-talk minutes." Thus, everyone knows they needn't call in for those minutes unless they want to join."

jfruh writes "Did you hear about the study from Microsoft and IDC (PDF), declaring that adoption of cloud technologies would create 14 million jobs? Well, don't believe the hype. The study posts that, once small and medium business can use cloud products to just eliminate their IT department, they'll use those savings to hire people for their core business. It's a dubious proposition, and one that wouldn't be good news for IT workers even if things do play out that way."

wiredmikey writes "Sony once again has found itself in the news surrounding another hacking-related incident. This time around, the breach doesn't appear to involve any lost user data or customer accounts, but instead, some valuable property owned by the record company. Today, several British news outlets have reported that more than 50,000 music tracks have been illegally accessed and downloaded by hackers, including a large number from the late Michael Jackson. Sony bought the catalog from Jackson's estate for $250 million in 2010, giving the company distribution rights to the unreleased music. The attack reportedly occurred shortly after details of the massive PlayStation Network breach last April, but details were only revealed this past weekend."

MrSeb writes "Over the weekend, developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. GitHub uses the Ruby on Rails application framework, and Rails has been weak to what's known as a mass-assignment vulnerability for years. Basically, Homakov exploited this vulnerability to add his public key to the Rails project on GitHub, which then meant that GitHub identified him as an administrator of the project. From here, he could effectively do anything, including deleting the entire project from the web; instead, he posted a fairly comical commit. GitHub summarily suspended Homakov, fixed the hole, and, after 'reviewing his activity,' he has been reinstated. Homakov could've gained administrative access to the master branch of any project on GitHub and deleted the history, committed junk, or closed or opened tracker tickets."

A new company called NuCaptcha provides animated video captchas it says are much harder for OCR-based programs to crack than static captchas, but lots easier for humans to figure out. While at the 2012 RSA conference, Timothy Lord pointed his camcorder at NuCaptcha CTO Christopher Bailey, and had him explain how video captchas work and how the company makes money. The video includes demos of the video captchas so you can see what they look like (and the company's website has lots more video captcha examples).

An anonymous reader writes "I'm starting a new job soon, and I will be issued a work laptop. For obvious reasons I cannot name any names, but I can state that I do expect my employer to have tracking software on the laptop, and I expect to not be the administrator on the device. That being said, I am not the kind of person who can just 'not browse the internet.' If I ever have to travel with this laptop, I may want to read an ebook or watch a movie or maybe even play a game. I can make an image of the drive, then wipe the machine, and restore it back to its former state if I ever have to return it. I can use portable apps off a usb key and browse in private mode. The machine will be encrypted, but I can also make myself my own little encrypted folder or partition perhaps. Are there any other precautions I could or should take?"

PatPending writes with this excerpt from TorrentFreak: "The RetroShare network allows people to create a private and encrypted file-sharing network. Users add friends by exchanging PGP certificates with people they trust. All the communication is encrypted using OpenSSL and files that are downloaded from strangers always go through a trusted friend. In other words, it's a true Darknet and virtually impossible to monitor by outsiders. RetroShare founder DrBob told us that while the software has been around since 2006, all of a sudden there's been a surge in downloads. 'The interest in RetroShare has massively shot up over the last two months,' he said."

dsinc sends this quote from a Symantec report: "In 2011, dozens of Anonymous members who participated in distributed denial-of-service (DDoS) attacks in support of Anonymous hacktivism causes were arrested. In these DDoS attacks, supporters using the Low Orbit Ion Cannon denial-of-service (DoS) tool would voluntarily include their computer in a botnet for attacks in support of Anonymous. In the wake Anonymous member arrests this week, it is worth highlighting how Anonymous supporters have been deceived into installing Zeus botnet clients purportedly for the purpose of DoS attacks. The Zeus client does perform DoS attacks, but it doesn’t stop there. It also steals the users' online banking credentials, webmail credentials, and cookies. The deception of Anonymous supporters began on January 20, 2012, the day of the FBI Megaupload raid."

Pat Attack writes "I think most of the people who read Slashdot know that if it has circuitry, it can be hacked. Well, the good folks over at CNN have an article about the potential for your car to be hacked. This article lists the potential damage that could be done, proof of concept work, as well as a few scary scenarios. 'With vehicles taking up to three years to develop, [security strategist Brian Contos] says manufacturers will struggle to keep abreast of rapidly-evolving threats unless they organize regular software updates. Instead, he says, any installed technology should be given a so-called "white list" of permissible activities beyond which any procedures are blocked.' My mom reads CNN and is a Luddite. I expect to hear from her today. She'll probably tell me my new car with bluetooth is unsafe."

alphadogg writes "The little cameras in your home are multiplying. There are the ones you bought, perhaps your SLR or digital camera, but also those that just kind of show up in your current phone, your old phone, your laptop, your game console, and soon your TV and set-top box. Varun Arora, founder of startup GotoCamera in Singapore, wants you to turn them all on and let his company's algorithms analyze what they show, then sell the results as marketing data, in a sort of visual version of what Google and other firms do with search results and free email services."