First time accepted submitter quintessentialk writes "I'm looking for a new engineering job. I'm in my early 30s, and have a degree and some experience. I don't have an online presence. Does it matter? Is a record of tweets, blog posts, articles, etc. expected for prospective employees these days? What if one is completely un-googleable (i.e., nothing comes up, good or bad)? Though I haven't been 'trying' to hide, I only rarely use my full name online and don't even have a consistent pseudonym. I don't have a website, and haven't blogged or tweeted. I'm currently in a field which does not publish. Should I start now, or is an first-time tweeter/blogger in 2013 worse than someone with no presence at all?"
#NetNeutrality is STILL in danger - Click here to help. DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Check out the new SourceForge HTML5 Internet speed test. ×
An anonymous reader writes "With the discovery that the NSA may be gathering extensive amounts of data, and the evidence suggesting makers of some of the most popular browsers may be in on the action, I am more than a little wary of which web browser to use. Thus, I pose a question to the community: is there a 'most secure' browser in terms of avoiding personal data collection? Assuming we all know by know how to 'safely' browse the internet (don't click on that ad offering to free your computer of infections) what can the lay person do have a modicum of protection, or at least peace of mind?"
Daniel_Stuckey writes "At a moment when governments and corporations alike are hellbent on snooping through your personal digital messages, it'd sure be nice if there was a font their dragnets couldn't decipher. So Sang Mun built one. Sang, a recent graduate from the Rhode Island Schoold of Design, has unleashed ZXX — a 'disruptive typeface' that he says is much more difficult to the NSA and friends to decrypt. He's made it free to download on his website, too. 'The project started with a genuine question: How can we conceal our fundamental thoughts from artificial intelligences and those who deploy them?' he writes. 'I decided to create a typeface that would be unreadable by text scanning software (whether used by a government agency or a lone hacker) — misdirecting information or sometimes not giving any at all. It can be applied to huge amounts of data, or to personal correspondence.' He named it after the Library of Congress's labeling code ZXX, which archivists employ when they find a book that contains 'no linguistic content.'"
New submitter fineous fingers writes "U.S. computer security researcher Georgia Weidman has revealed on her blog that a fellow speaker at the Confidence security conference in Krakow, Poland attempted to rape her. The attack occurred in her hotel room in the early morning hours of 28 May. Luckily, Georgia was able to fend her attacker off by clocking him in the head with a coffee mug. I was personally at this conference, but was staying at a different hotel and found out about it after the fact. It was Georgia herself that told me after she gave her fantastic talk on Leveraging Mobile Devices on Pentests. That she was able to give a flawless presentation later that day and had the courage to talk about the attack on her blog shows how awesome she really is."
jamaicaplain sends this quote from the NY Times: "Facebook has inadvertently exposed six million users' phone numbers and e-mail addresses to unauthorized viewers over the last year, the company said late Friday. Facebook blamed the data leaks, which began in 2012, on a technical flaw in its huge archive of contact information collected from its 1.1 billion users worldwide. As a result of the problem, Facebook users who downloaded contact data for their list of friends obtained additional information that they were not supposed to have. Facebook's security team was alerted to the problem last week and fixed it within 24 hours. But Facebook did not publicly acknowledge the flaw until Friday afternoon, when it published a message on its blog explaining the situation."
An anonymous reader writes "We are a large (multi-national) non-profit and currently deal with 503s on a near daily basis. We've worked on this for over a year and the host hasn't been able to figure out how to fix it. We're paying for a managed host and need to evaluate other options. My boss has tasked me with evaluating a new one. I'm the most geeky of the group, so I know the terms, but don't have a sense of what's actually needed to suit our needs. We sometimes have upwards of 1,000 people browsing the site at the same time, so my sense is that we shouldn't need massive amounts of power or bandwidth... but, somehow that's not working on our current host. Can anyone help me get a sense of what types of hosting will best suit the needs of a 'large' non-profit? We're not Facebook, but we're not a mom-and-pop shop. Any help or tips would be fantastic, particularly if you've also selected a new hosting provider in the past year or so. I don't necessarily need actual names (though those would be nice, too) but at least some tips on what makes a huge difference when suddenly a whole bunch of people around the world read an email and want to help out."
An anonymous reader sends this news from Ars Technica: "Using online anonymity services such as Tor or sending encrypted e-mail and instant messages are grounds for U.S.-based communications to be retained by the National Security Agency, even when they're collected inadvertently, according to a secret government document published Thursday. ...The memos outline procedures NSA analysts must follow to ensure they stay within the mandate of minimizing data collected on U.S. citizens and residents. While the documents make clear that data collection and interception must cease immediately once it's determined a target is within the U.S., they still provide analysts with a fair amount of leeway. And that leeway seems to work to the disadvantage of people who take steps to protect their Internet communications from prying eyes. For instance, a person whose physical location is unknown—which more often than not is the case when someone uses anonymity software from the Tor Project—"will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person's communications give rise to a reasonable belief that such person is a United States person," the secret document stated.'"
BioTitan writes "New York City's plans to build its tech sector have turned out like a party gone wrong — someone inviting 100 people expecting 10 to show up, but finding that not only did everyone come, but they also brought their friends. New York City Mayor Michael Bloomberg wants to build NYC into the second Silicon Valley. Dedicated spaces complete with 3-D printers, workshops, and computers with design software are being built — with the Brooklyn Navy Yard leading the way — yet there is far from enough space to meet demand. Tucker Reed, president of the Downtown Brooklyn Partnership, said, 'Despite the presence of a considerable number of commercial buildings in downtown Brooklyn, longer term leases have tied up much of the current space over the next five years.'"
Tmack writes "Not completely unexpected, Java6 has reached EOL. This tidbit shows up in Oracle's Java6 FAQ page, recommending everyone update to Java7: 'Oracle no longer posts updates of Java SE 6 to its public download sites. All Java 6 releases up to and including 6u45 have been moved to the Java Archive on the Oracle Technology Network, where they will remain available but not receive further updates. Oracle recommends that users migrate to Java 7 in order to continue receiving public updates and security enhancements.' Apple just pushed its update 16 which is Java6u51, likely to be one of their last Java6 updates."
knwny writes "The Times of India reports that 'India has launched a wide-ranging surveillance program that will give its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls without oversight by courts or parliament, several sources said.'" Adds an anonymous reader: "What's chilling is the comments from senior officials indicating that parts of the program are already live, without absolutely any discussion in public about it."
recoiledsnake writes "Following up on our previous discussion of Microsoft selling discounted SurfaceRT tablets to schools (which fueled speculation about the future of Surface RT), Bloomberg is now reporting that Microsoft is fast at work on the next Surface RT which will replace the current Tegra 3 with a Qualcomm Snapdragon 800 chip which has stellar benchmarks against the likes of the upcoming Tegra 4, Apple A6X, and Exynos processors, especially in the GPU and graphics department. Since the SoC comes with 3g/LTE, this might be the first Surface to support integrated cellular data. There are also indications that there could be an 8" version, and that the new versions might be revealed alongside the Windows 8.1 preview bits at the upcoming BUILD conference, starting on June 26."
jfruh writes "We've learned many lessons in the fallout from Edward Snowden's whistleblowing and flight to Hong Kong, but here's an important one: Never make your sysadmin mad. Even if your organization isn't running a secret, civil-rights violating surveillance program, you're probably managing to annoy your admins in a number of more pedestrian ways that might still have blowback for you. Learn to stay on their good side by going along with their reasonable requests and being specific with your complaints."
An anonymous reader writes "The LA Times mentions that after visiting well known sites such as ADP, Verizon Wireless, Scottrade, Geico, Equifax, PayPal and Allstate, sensitive data remains in the browser disk cache despite those sites using SSL. This included full credit reports, prescription history, payroll statements, partial SSNs, credit card statements, and canceled checks. Web servers are supposed to send a Cache-Control: no-store header to prevent this, but many of the sites are sending non-standard headers recognized only by Internet Explorer, and others are sending no cache headers at all. While browsers were once cautious about writing content received over SSL to the disk cache, today, most do so by default unless the server specifies otherwise."
itwbennett writes "Speaking at a cloud panel discussion hosted by Reuters on Wednesday, Terry Wise, head of global partner ecosystem for Amazon Web Services, explained how the company handles government requests for data stored on Amazon's cloud: 'If a U.S. entity is serving us with a legally binding subpoena, we contact our customer and work with that customer to fight the subpoena.' But Wise's best advice to customers is to encrypt their data: 'If the data is encrypted, all we'd be handing over would be the cypher text,' he said."
Trailrunner7 writes "After years of saying that the company didn't need a bug bounty program, Microsoft is starting one. The company today will announce the start of a new program that will pay security researchers up to $100,000 for serious vulnerabilities and as much as $50,000 for new defensive techniques that help protect against those flaws. Microsoft security officials say that the program has been a long time in development, and the factor that made this the right time to launch is the recent rise of vulnerability brokers. Up until quite recently, most of the researchers who found bugs in Microsoft products reported them directly to the company. That's no longer the case. The system that Microsoft is kicking off on June 26 will pay researchers $100,000 for a new exploit technique that is capable of bypassing the latest existing mitigations in the newest version of Windows."
msm1267 writes "Business travelers who tether their iPhones as mobile hotspots beware. Researchers at the University of Erlanger-Nuremberg in Germany have discovered a weakness in the way iOS generates default passwords for such connections that can leave a user's device vulnerable to man-in-the-middle attacks, information leakage or abuse of the user's Internet connection. Andreas Kurtz, Felix Freiling and Daniel Metz published a paper (PDF) that describes the inner workings of how an attacker can exploit the PSK (pre-shared key) authentication iOS uses to establish a secure WPA2 connection when using the Apple smartphone as a hotspot. The researchers said that attackers would find the least resistance attacking the PSK setup rather than trying their hand at beating the operating system's complex programming layers."
First time accepted submitter dougkfresh writes "Checkmarx's research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. Furthermore, a concentrated research into e-commerce plugins revealed that 7 out of the 10 most popular e-commerce plugins contain vulnerabilities. This is the first time that such a comprehensive survey was prepared to test the state of security of the leading plugins." It does seem that Wordpress continues to be a particularly perilous piece of software to run. When popularity and unsafe languages collide.
alphadogg writes "Start-up Cumulus Networks this week has emerged with a Linux network operating system designed for programmable data centers like the ones Google and Facebook are building. The company's Cumulus Linux OS operating system includes IPv4 and IPv6 routing, plus data center and network orchestration hooks. Much like OpenFlow for independent, software-defined control of network forwarding, Cumulus Linux is intended to run on commodity network hardware and bring Open Source extensibility to high capacity data centers. The head of the company used to work for Cisco and Google." The distribution is based on Debian and ported to several router platforms. They claim to release most of their code Open Source, but there are at least a few proprietary bits for interfacing to the routing hardware itself.
An anonymous reader writes "As reported earlier on Slashdot it appeared the license covering the MySQL man pages was changed from the GPL to something less good. However, as speculated, this appears to be a bug." The build system was grabbing the wrong files, oops. The fix should be coming shortly: "Once the fixes have been made to the build system, we will rebuild the latest 5.1, 5.5, 5.6 releases plus the latest 5.7 milestone and make those available publicly asap."
Qedward writes with an excerpt at TechWorld about a new project from Jon "Maddog" Hall, which is about to launch in Brazil: "The vision of Project Cauã is to promote more efficient computing following the thin client/server model, while creating up to two million privately-funded high-tech jobs in Brazil, and another three to four million in the rest of Latin America. Hall explained that Sao Paolo in Brazil is the second largest city in the Western Hemisphere and has about twelve times the population density of New York City. As a result, there are a lot of people living and working in very tall buildings. Project Cauã will aim to put a server system in the basement of all of these tall buildings and thin clients throughout the building, so that residents and businesses can run all of their data and applications remotely."
McGruber writes "In an Op-Ed published in The NY Times, Information Technology & Innovation Foundation (ITIF.org) Senior Fellow Richard Bennett claims that 'America's broadband networks lead the world by many measures, and they are improving at a more rapid rate than networks in most developed countries.' Mr. Bennett also says, 'the most critical issue facing American broadband has nothing to do with the quality of our networks; it is our relatively low rates of subscribership.'"
WebGangsta writes "The rumor mill continues to grow closer and closer to reality, as The Verge is reporting the upcoming SERIES 5 TiVo will have 6 tuners, support OTA recording (an old TiVo feature being brought back), storage beyond the 2TB limit, and more. While some would say that TiVo today is nothing more than a Patent Holder (albeit a successful one), there's still a market for a cable box that doubles as a streaming player. Is hardware the future of TiVo, or should they go and just license their software to all? And don't get us started on those 'TiVo Buying Hulu' or 'Apple/Google buying TiVo' rumors... that's a different story for a different day."
mask.of.sanity writes "Hundreds of organizations have been detected running dangerously vulnerable versions of SAP that were more than seven years old and thousands more have placed their critical data at risk by exposing SAP applications to the public Internet. The new research found the SAP services were inadvertently made accessible thanks to a common misconception that SAP systems were not publicly-facing and remotely-accessible. The SAP services contained dangerous vulnerabilities which were since patched by the vendor but had not been applied."
benrothke writes "It's said that truth is stranger than fiction, as fiction has to make sense. Had The Chinese Information War: Espionage, Cyberwar, Communications Control and Related Threats to United States Interests been written as a spy thriller, it would have been a fascinating novel of international intrigue. But the book is far from a novel. It's a dense, well-researched overview of China's cold-war like cyberwar tactics against the US to regain its past historical glory and world dominance." Read below for the rest of Ben's review.
Writing "Wow, this is going to really set the cat amongst the pigeons once this gets around," an anonymous reader links to a story at The Guardian about some good old fashioned friendly interception, and the slide-show version of what went on at recent G20 summits in London: "Foreign politicians' calls and emails intercepted by UK intelligence; Delegates tricked into using fake internet cafes; GCHQ analysts sent logs of phone calls round the clock; Documents are latest revelations from whistleblower Edward Snowden."
Lucas123 writes "Intel this year plans to sell a set-top box and Internet-based streaming media service that will bundle TV channels for subscribers, but cable, satellite and ISPs are likely to use every tool at their disposal to stop another IP-based competitor, according to experts. They may already be pressuring content providers to charge Intel more or not sell to it. Another scenario could be that cable and ISP providers simply favor their own streaming services with pricing models, or limit bandwidth based on where customers get their streamed content. For example, Comcast could charge more for a third-party streaming service than for its own, or it could throttle bandwidth or place caps on it to limit how much content customer receives from streaming media services as it did with BitTorrent. Meanwhile, Verizon is challenging in a D.C. circuit court the FCC's Open Internet rules that are supposed to ensure there's a level playing field."
Nerval's Lobster writes "In case you didn't catch it yesterday, AllThingsD ran a piece endorsing the idea of the software-defined data center. That's a venue where hordes of non-technical mid- and upper-level managers will see it and (because of the credibility of AllThingsD) will believe software-defined data centers are not only possible, but that they exist and that your company is somehow falling behind because you personally have not sketched up a topology on a napkin or brought a package of it to install. If mid-level managers in your datacenter or extended IT department have not been pinged at least once today by business-unit managers offering to tip them off to the benefits of software-defined data centers—or demand that they buy one—then someone should go check the internal phone system because not all the calls are coming through. Why was AllThingD's piece problematic? First, because it's a good enough publication to explain all the relevant technology terms in ways that even a non-technical audience can understand. Second, it's also a credible source, owned by Dow Jones & Co. and spun off by The Wall Street Journal. Third, software-defined data centers are genuinely happening—but it's in the very early stages. The true benefits of the platform won't arrive for quite some time—and there's too much to do in the meantime to talk about potential endpoints. Fortunately, there are a number of resources online to help tell hype from reality."
New submitter RoccamOccam writes "Shortly after the news broke that the Department of Justice had been secretly monitoring the phones and email accounts of Associated Press and Fox News reporters (and the parents of Fox News Correspondent James Rosen), CBS News' Sharyl Attkisson said her computer seemed like it had been compromised. Turns out, it was. 'A cyber security firm hired by CBS News has determined through forensic analysis that Sharyl Attkisson's computer was accessed by an unauthorized, external, unknown party on multiple occasions late in 2012. Evidence suggests this party performed all access remotely using Attkisson's accounts. While no malicious code was found, forensic analysis revealed an intruder had executed commands that appeared to involve search and exfiltration of data.'"
alphadogg writes "Medical device makers should take new steps to protect their products from malware and cyberattacks or face the possibility that U.S. Food and Drug Administration won't approve their devices for use, the FDA said. The FDA issued new cybersecurity recommendations for medical devices on Thursday, following reports that some devices have been compromised. Recent vulnerabilities involving Philips fetal monitors and in Oracle software used in body fluid analysis machines are among the incidents that prompted the FDA to issue the recommendations."
Debian warns on its blog: "The unofficial third party repository Debian Multimedia stopped using the domain debian-multimedia.org some months ago. The domain expired and it is now registered again by someone unknown to Debian. (If we're wrong on this point, please sent us an email so we can take over the domain! This means that the repository is no longer safe to use, and you should remove the related entries from your source.list file.)" Update: 06/14 02:58 GMT by U L : If you're wondering where it went, it moved to deb-multimedia.org, after the DPL (at the time) asked the maintainer to stop using the Debian name.
Nerval's Lobster writes "One year and seven months after beginning construction, Facebook has brought its first datacenter on foreign soil online. That soil is in Lulea, town of 75,000 people on northern Sweden's east coast, just miles south of the boundary separating the Arctic Circle from the somewhat-less-frigid land below it. Lulea (also nicknamed The Node Pole for the number of datacenters in the area) is in the coldest area of Sweden and shares the same latitude as Fairbanks, Alaska, according to a local booster site. The constant, biting wind may have stunted the growth of Lulea's tourism industry, but it has proven a big factor in luring big IT facilities into the area. Datacenters in Lulea are just as difficult to power and cool as any other concentrated mass of IT equipment, but their owners can slash the cost of cooling all those servers and storage units simply by opening a window: the temperature in Lulea hasn't stayed at or above 86 degrees Fahrenheit for 24 hours since 1961, and the average temperature is a bracing 29.6 Fahrenheit. Air cooling might prove a partial substitute for powered environmental control, but Facebook's datacenter still needed 120megawatts of steady power to keep the social servers humming. Sweden has among the lowest electricity costs in Europe, and the Lulea area reportedly has among the lowest power costs in Sweden. Low electricity prices are at least partly due to the area's proximity to the powerful Lulea River and the line of hydroelectric dams that draw power from it."
crookedvulture writes "With its Sandy Bridge and Ivy Bridge processors, Intel allowed standard Core i5 and i7 CPUs to be overclocked by up to 400MHz using Turbo multipliers. Reaching for higher speeds required pricier K-series chips, but everyone got access to a little "free" clock headroom. Haswell isn't quite so accommodating. Intel has disabled limited multiplier control for non-K CPUs, effectively limiting overclocking to the Core i7-4770K and i5-4670K. Those chips cost $20-30 more than their standard counterparts, and surprisingly, they're missing a few features. The K-series parts lack the support for transactional memory extensions and VT-d device virtualization included with standard Haswell CPUs. PC enthusiasts now have to choose between overclocking and support for certain features even when purchasing premium Intel processors. AMD also has overclocking-friendly K-series parts, but it offers more models at lower prices, and it doesn't remove features available on standard CPUs."
First time accepted submitter jarle.aase writes "It's doable today to use a mix of virtual machines, VPN, TOR, encryption (and staying away from certain places; like Google Plus, Facebook, and friends), in order to retain a reasonable degree of privacy. In recent days, even major mainstream on-line magazines have published such information. (Aftenposten, one of the largest newspapers in Norway, had an article yesterday about VPN, Tor and Freenet!) But what about the cell-phone? Technically it's not hard to design a phone that can switch off the GSM transmitter, and use VoIP for calls. VoIP could then go from the device through Wi-Fi and VPN. Some calls may be routed trough PSTN gateways — allowing the agencies to track the other party. But they will not track your location. And they will not track pure, encrypted VoIP calls that traverse trough VPN and use anonymous SIP or XMPP accounts. Android may not be the best software for such a device, as it very eagerly phones home. The same is true for iOS and Windows 8. Actually, I would prefer a non cloud-based mobile OS from a vendor that is not in the PRISM gallery. Does such a device exist yet? Something that runs a relatively safe OS, where GSM can be switched totally off? Something that will only make an outgoing network connection when I ask it to do so?" And in the absence of a perfect solution, what do you do instead? (It's still Android and using the cell network, but Red Phone — open sourced last year — seems like a good start.)
hypnosec writes "OWASP's Top 10, the Open Web Application Security Project's top 10 most critical web application security risks, has been updated and a new list for 2013 published. Last updated back in 2010, the organization has published the new list wherein the importance of cross-site scripting (XSS) and cross-site request forgery (CRSF) has been diluted a little, while risks related to broken session management and authentication have moved up a notch. Code injection, which was the topmost risk in 2010, has retained its position in the updated list. The 2013 Top Ten list (PDF) has been compiled based on half a million vulnerabilities discovered in thousands of applications from hundreds of vendors."
judgecorp writes "Security researchers say that iPhone and other Apple devices are vulnerable to an old attack, using a fake Wi-Fi access point. Attackers can use an SSID which matches one that is stored on the iPhone (say "BTWiF"), which the iPhone will connect to automatically. Other devices are protected thanks to the use of HTTPS, which enforces HTTPS, but iPhones are susceptible to this man in the middle attack, researchers say."
itwbennett writes "You can make a decent living as a software developer, and if you were lucky enough to get hired at a pre-IPO tech phenom, you can even get rich at it. But set your sights above the average and below Scrooge McDuck and you won't find many developers in that salary range. In fact, the number of developers earning $200,000 and above is under 10%, writes blogger Phil Johnson who looked at salary data from Glassdoor, Salary.com and the Bureau of Labor Statistics. How does your salary rate? What's your advice for earning the big bucks?"
An anonymous reader writes "After 25 years of doing IT (started as a PC technician and stayed on technical of IT work through out my career) I've been moved to a position of doing only on call work (but paid as if it is a normal 9-5 job). This leaves me with a lot of free time... As someone who's used to working 12+ hours a day + the odd night/weekend on call, I'm scared I'll lose my mind with all the new free time I'll have. Any suggestions (beyond develop hobbies, spend time with family) on how to deal with all the new free time?"
Trailrunner7 writes "A group of eight senators from both parties have introduced a new bill that would require the attorney general to declassify as many of the rulings of the secret Foreign Intelligence Surveillance Court as possible as a way of bringing into the sunlight much of the law and opinion that guides the government's surveillance efforts. Under the terms of the proposed law, the Justice Department would be required to declassify major FISC opinions as a way to give Americans a view into how the federal government is using the Foreign Intelligence Surveillance Act and Patriot Act. If the attorney general determines that a specific ruling can't be declassified without endangering national security, he can declassify a summary of it. If even that isn't possible, then the AG would need to explain specifically why the opinion needs to be kept secret."
Nerval's Lobster writes "Flash storage is more common on mobile devices than data-center hardware, but that could soon change. The industry has seen increasing sales of solid-state drives (SSDs) as a replacement for traditional hard drives, according to IHS iSuppli Research. Nearly all of these have been sold for ultrabooks, laptops and other mobile devices that can benefit from a combination of low energy use and high-powered performance. Despite that, businesses have lagged the consumer market in adoption of SSDs, largely due to the format's comparatively small size, high cost and the concerns of datacenter managers about long-term stability and comparatively high failure rates. But that's changing quickly, according to market researchers IDC and Gartner: Datacenter- and enterprise-storage managers are buying SSDs in greater numbers for both server-attached storage and mainstream storage infrastructure, according to studies both research firms published in April. That doesn't mean SSDs will oust hard drives and replace them directly in existing systems, but it does raise a question: are SSDs mature enough (and cheap enough) to support business-sized workloads? Or are they still best suited for laptops and mobile devices?"
dinscott writes "If you think of cyberspace as a resource for you and your organization, it makes sense to protect your part of it as best you can. You build your defenses and train employees to recognize attacks, and you accept the fact that your government is the one that will pursue and prosecute those who try to hack you. But the challenge arises when you (possibly rightfully so) perceive that your government is not able do so, and you demand to be allowed to 'hack back.'"
Nerval's Lobster writes "If those newspaper reports are accurate, the NSA's surveillance programs are enormous and sophisticated, and rely on the latest in analytics software. In the face of that, is there any way to keep your communications truly private? Or should you resign yourself to saying or typing, 'Hi, NSA!' every time you make a phone call or send an email? Fortunately there are ways to gain a measure of security: HTTPS, Tor, SCP, SFTP, and the vendors who build software on top of those protocols. But those host-proof solutions offer security in exchange for some measure of inconvenience. If you lose your access credentials, you're likely toast: few highly secure services include a 'Forgot Your Password?' link, which can be easily engineered to reset a password and username without the account owner's knowledge. And while 'big' providers like Google provide some degree of encryption, they may give up user data in response to a court order. Also, all the privacy software in the world also can't prevent the NSA (or other entities) from capturing metadata and other information. What do you think is the best way to keep your data locked down? Or do you think it's all a lost cause?"
An anonymous reader writes "Apple has always been extremely anti jailbreaking, but it might now have a good reason to plug up the exploits. As Hardware 2.0 argues, Apple's new iOS 7 Activation Lock anti-theft mechanism which renders stolen handsets useless (even after wiping) unless the owner's Apple ID is entered relies on having a secure, locked-down OS. Are the days of jailbreaking iOS coming to a close?" I can see a whole new variety of phone-based ransom-ware based on this capability, too.
MojoKid writes with more detailed information on the new hardware Apple announced earlier today at WWDC "On the hardware side, Apple is updating its two MacBook Air devices; both the 11-inch and 13-inch versions will enjoy better battery life (up to 9 hours and 12 hours, respectively), thanks in no small part to having Intel's new Haswell processors inside. They'll also have 802.11ac WiFi on board. Both models have 1.3GHz Intel Core i5 or i7 (Haswell) processors, Intel HD Graphics 5000, 4GB of RAM, and has 128GB or 256GB of flash storage. Arguably the scene stealer on the desktop side of things is a completely redesigned Mac Pro. The 9.9-inch tall cylindrical computer boasts a new 'unified thermal core' which is designed to conduct heat away from the CPU and GPU while distributing it uniformly and using a single bottom-mounted intake fan. It rocks a 12-core Intel Xeon processor, dual AMD FirePro GPUs (standard), 1866MHz DDR3 ECC memory (60GBps), and PCIe flash storage with up to 1.25GBps read speeds. The system promises 7 teraflops of graphics performance, supports 4k displays, and has a host of ports including four USB 3.0, two gigabit Ethernet ports, HDMI 1.4, six Thunderbolt 2 ports that offer super-fast (20Gbps) external connectivity."
chicksdaddy writes "When reports surfaced about 'BadNews,' a new family of mobile malware that affected Google Android devices the news sounded — well — bad. BadNews was described by Lookout Mobile Security as a new kind of mobile malware for the Android platform-one that harness mobile ad networks to push out malicious links, harvest information on compromised devices and more. Now, six weeks later, a senior member of Google's Android security team claims that BadNews wasn't really all that bad, after all. Speaking at an event in Washington D.C. sponsored by the Federal Trade Commission, Google employee and Android team member Adrian Ludwig threw cold water on reports linking BadNews to sites that installed malicious programs. The search giant, he said, had not found any evidence linking BadNews to so-called SMS 'toll fraud' malware."
mvar writes "According to Kotaku, a hacker named SuperDaeE who breached multiple gaming companies (Valve, Sony, MS to name a few) has released a 1.7TB treasure trove file for download. The file which contains source code for older titles plus development kits for the PS4 and Xbox One consoles, is encrypted and SuperDaeE claims that it is his insurance in case he gets arrested."
sweetpea86 writes "Cisco has teamed up with robotics firm iRobot to create their own enterprise version of the 'Sheldonbot' from US comedy series The Big Bang Theory. The robot, known as Ava 500, brings together iRobot's autonomous navigation with Cisco's TelePresence system to enable a remote worker sitting in front of a video collaboration system to meet with colleagues in an office setting or take part in a facility tour."
Taco Cowboy writes "Edward Snowden, the leaker who gave us the evidence of US government spying on its people is under threat of being extradited back to the U.S. to face prosecution. Some people in Congress, including Republican Peter King (R-NY), are calling for his extradition from Hong Kong to face trial. From the article: 'A spokesman for the director of national intelligence, James Clapper, said Snowden's case had been referred to the justice department and US intelligence was assessing the damage caused by the disclosures. "Any person who has a security clearance knows that he or she has an obligation to protect classified information and abide by the law," the spokesman, Shawn Turner, said.'"
An anonymous reader writes "I have been asked by a medium-sized business to help them come to grips with why their IT group is ineffective, loathed by all other departments, and runs at roughly twice the budget of what the CFO has deemed appropriate for the company's size and industry. After just a little scratching, it has become quite clear that the 'head of IT' has no modern technological skills, and has been parroting what his subordinates have told him without question. (This has led to countless projects that are overly complex, don't function as needed, and are incredibly expensive.) How can one objectively illustrate that a person doesn't have the knowledge sufficient to run a department? The head of IT doesn't necessarily need to know how to write code, so a coding test serves no purpose, but should be able to run a project. Are there objective methods for assessing this ability?"
Bruce66423 writes "The government minister in charge of GCHQ, the UK's equivalent of the NSA, has used those immortal words, 'Only terrorists, criminals and spies should fear secret activities of the British and US intelligence agencies.' From the article: '...In an interview on the BBC’s Andrew Marr Show on Sunday, Mr Hague refused to say whether the British government knew of the existence of Prism before it emerged last week. “I can’t confirm or deny in public what Britain knows about and what Britain doesn’t, for obvious reasons,” he said. However, he implied that the revelations had not taken him by surprise.'" While many are concerned about the reach of PRISM overseas, the Finnish Foreign Minister says he plans to continue using Outlook for email.