wiredmikey writes "Microsoft released an advisory today warning users about a new zero-day under attack in targeted campaigns occurring in the Middle East and South Asia. According to Microsoft, the vulnerability resides in the Microsoft Graphics component and impacts certain versions of Windows, Microsoft Office and Lync. The problem exists in the way specially-crafted TIFF images are handled. To exploit the vulnerability, an attacker would have to convince a user to preview or open a specially-crafted email message, open a malicious file or browse malicious Web content. If exploited successfully, the vulnerability can be used to remotely execute code. The vulnerability affects Office 2003, 2007 and 2010 as well as Windows Server 2008 and Windows Vista. Right now, Microsoft Word documents are the current vector for attack."
Attend or create a Slashdot 20th anniversary party! DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Check out the new SourceForge HTML5 Internet speed test. ×
ccguy writes "It seems that while Google could really care less about your site and has no real interest in hacking you, their automated bots can be used to do the heavy lifting for an attacker. In this scenario, the bot was crawling Site A. Site A had a number of links embedded that had the SQLi requests to the target site, Site B. Google Bot then went about its business crawling pages and following links like a good boy, and in the process followed the links on Site A to Site B, and began to inadvertently attack Site B."
rjmarvin writes "The hits keep coming in the massive Adobe breach. It turns out the millions of passwords stolen in the hack reported last month that compromised over 38 million users and source code of many Adobe products were protected using outdated encryption security instead of the best practice of hashing. Adobe admitted the hack targeted a backup system that had not been updated, leaving the hacked passwords more vulnerable to brute-force cracking."
tsu doh nimh writes "A compromise at a U.S. company that brokers reservations for limousine and Town Car services nationwide has exposed the personal and financial information on more than 850,000 well-heeled customers, including Fortune 500 CEOs, lawmakers, and A-list celebrities. Krebsonsecurity.com writes about the break-in, which involved the theft of information on celebrities like Tom Hanks and LeBron James, as well as lawmakers such as the chairman of the U.S. House Judiciary Committee. The story also examines the potential value of this database for spies, drawing a connection between recent personalized malware attacks against Kevin Mandia, the CEO of incident response firm Mandiant. In an interview last month with Foreign Policy magazine, Mandia described receiving spear phishing attacks that spoofed receipts for recent limo rides; according to Krebs, the info for Mandia and two other Mandiant employees was in the stolen limo company database."
New submitter bmurray7 writes "You might think that the country that has the fastest average home internet speeds would be a first adapter of modern browsers. Instead, as the Washington Post reports, a payment processing security standard forces most South Koreans to rely upon Internet Explorer for online shopping. Since the standard uses a unique encryption algorithm, an ActiveX control is required to complete online purchases. As a result, many internet users are in the habit of approving all AtivceX control prompts, potentially exposing them to malware."
ericgoldman writes "Terry Childs was a network engineer in San Francisco, and he was the only employee with passwords to the network. After he was fired, he withheld the passwords from his former employer, preventing his employer from controlling its own network. Recently, a California appeals court upheld his conviction for violating California's computer crime law, including a 4 year jail sentence and $1.5 million of restitution. The ruling (PDF) provides a good cautionary tale for anyone who thinks they can gain leverage over their employer or increase job security by controlling key passwords."
onehitwonder writes "In short, they build it themselves. When Tesla Motors needed to improve the back-end software that runs its business, CEO Elon Musk decided not to upgrade the company's SAP system. Instead, he told his CIO, Jay Vijayan, to have the IT organization build a new back-end system, according to The Wall Street Journal. The company's team of 25 software engineers developed the new system in about four months, and it provided the company with speed and agility at a time when it was experiencing costly delivery delays on its all-electric Model S."
rtoz writes "For handling the future unreliable chips, a research group at MIT's Computer Science and Artificial Intelligence Laboratory has developed a new programming framework that enables software developers to specify when errors may be tolerable. The system then calculates the probability that the software will perform as it's intended. As transistors get smaller, they also become less reliable. This reliability won't be a major issue in some cases. For example, if few pixels in each frame of a high-definition video are improperly decoded, viewers probably won't notice — but relaxing the requirement of perfect decoding could yield gains in speed or energy efficiency."
wjcofkc writes "In the turbulent wake of the international uproar spurred by his leaked documents, Mr. Snowden published a letter over the weekend in Der Spiegel titled, "A Manifesto for the Truth". In the letter, Mr. Snowden reflects on the consequences of the information released so far, and their effect on exposing the extent and obscenity of international and domestic surveillance, while continuing to call out the NSA and GCHQ as the worst offenders. He further discusses how the debate should move forward, the intimidation of journalists, and the criminalization of the truth saying, 'Citizens have to fight suppression of information on matters of vital public importance. To tell the truth is not a crime.'"
An anonymous reader writes "Linus Torvalds announced the Linux 3.12 kernel release with a large number of improvements through many subsystems including new EXT4 file-system features, AMD Berlin APU support, a major CPUfreq governor improvement yielding impressive performance boosts for certain hardware/workloads, new drivers, and continued bug-fixing. Linus also took the opportunity to share possible plans for Linux 4.0. He's thinking of tagging Linux 4.0 following the Linux 3.19 release in about one year and is also considering the idea of Linux 4.0 being a release cycle with nothing but bug-fixes. Does Linux really need an entire two-month release cycle with nothing but bug-fixing? It's still to be decided by the kernel developers."
MojoKid writes "Microsoft has several valid reasons why you should upgrade to Windows 8.1, which is free if you already own Windows 8. However, there's a known issue that might give some gamers pause before clicking through in the Windows Store. There have been complaints of mouse problems after applying the Windows 8.1 update, most of which have been related to lag in video games, though Microsoft confirmed there are other potential quirks. Acknowledging the problem, Microsoft says it's also actively investigating the issues and working on a patch."
An anonymous reader writes "Intel shipped open-source Broadwell graphics driver support for Linux this weekend. While building upon the existing Intel Linux GPU driver, the kernel driver changes are significant in size for Broadwell. Code comments from Intel indicate that these processors shipping in 2014 will have "some of the biggest changes we've seen on the execution and memory management side of the GPU" and "dwarf any other silicon iteration during my tenure, and certainly can compete with the likes of the gen3->gen4 changes." Come next year, Intel may now be able to better take on AMD and NVIDIA discrete graphics solutions."
First time accepted submitter renzema writes "I'm looking for a way to do near-site backups — backups that are not on my physical property, but with a hard drive still accessible should I need to do a restore (let's face it — this is where cloud backup services are really weak — 1 TB at 3-4mb downloads just doesn't cut it). I've tried crashplan, but that requires that someone has a computer on all the time and they don't ship hard drives to Sweden. What I want is to be able to back up my Windows and Mac to both a local disk and to a disk that I own that is not on site. I don't want a computer running 24x7 to support this — just a router or NAS. I would even be happy with a local disk that is somehow mirrored to a remote location. I haven't found anything out there that makes this simple. Any ideas?" What, besides "walk over a disk once in a while," would you advise?
codeusirae writes "RAF pilots were left 'blinded' by a barrage of images while flying at speeds of over 1,000 mph when a number of technical glitches hit their high-tech helmets. The visors were supposed to provide the fighter pilots with complete vision and awareness, but problems with the display produced a blurring known as 'green-glow,' meaning they were unable to see clearly.The green glow occurred when a mass of information was displayed on the helmet-mounted display systems, including radar pictures and images from cameras mounted around the aircraft."
An anonymous reader writes "Despite what we hear about how much the U.S. government is struggling with a website, it is reassuring that most of government entities can update their websites within a day after they are asked to. This conclusion is the result of research done by the Networking Systems Laboratory at the Computer Science Department of the University of Houston. The research team tracked government websites and their update times, and found that 96% of the websites were updated within 24 hours after President Obama signed HR 2775 into law, ending the Government shutdown. Worth noting that two websites took 8 days to update. It is interesting that the team was able to use the shutdown as an opportunity to study the efficiency of the IT departments of various parts of Government."
An anonymous reader writes "Almost three years ago, I started looking for a cloud storage service. Encryption and the "zero-knowledge" concept were not concerns. Frankly, after two weeks testing services, it boiled down to one service I used for almost 2 years. It was perfect — in the technical sense — because it simply works as advertised and is one of the cheapest for 500GB. But this year, I decided changing that service for another one, that would encrypt my files before leaving my machine. Some of these services call themselves 'zero-knowledge' services, because (as they claim) clear text does not leave your host: they only receive encrypted data — keys or passwords are not sent. I did all testing I could, with the free bit of their services, and then, chose one of them. After a while, when the load got higher (more files, more folders, more GB...), my horror story began. I started experiencing sync problems of all sorts. In fact, I have paid for and tested another service and both had the same issues with sync. Worse, one of them could not even handle restoring files correctly. I had to restore from my local backup more than once and I ended up losing files for real. In your experience, which service (or services) are really able to handle more than a hundred files, in sync within 5+ hosts, without messing up (deleting, renaming, duplicating) files and folders?"
New submitter codeusirae writes "An initial round of criticism focused on how many files the browser was being forced to download just to access the site, per an article at Reuters. A thread at Reddit appeared and was filled with analyses of the code. But closer looks by others have teased out deeper, more systematic issues."
jones_supa writes "Edward Snowden papers unmask that the German, French, Spanish and Swedish intelligence services have all developed methods of mass surveillance of internet and phone traffic over the past five years in close partnership with Britain's GCHQ eavesdropping agency. The bulk monitoring is carried out through direct taps into fibre optic cables and the development of covert relationships with telecommunications companies. A loose but growing eavesdropping alliance has allowed intelligence agencies from one country to cultivate ties with corporations from another to facilitate the trawling of the web. The files also make clear that GCHQ played a leading role in advising its European counterparts how to work around national laws intended to restrict the surveillance power of intelligence agencies."
sfcrazy writes "CyanogenMod team has announced the release of version 10.2 M1, just after the release of Android 4.4 aka Kit Kat. In a post the team says, "With all the Android 4.4 hype, we haven't forgotten about CM 10.2. Tonight the buildbots will focus their efforts on building and shipping out CyanogenMod 10.2 M1. Builds are already hitting the servers (please be patient, this will take a while). We are targeting over 70 devices for this initial M-release.""
N8F8 writes "Like many IT professionals, I provide a lot of free help desk-type support to friends and family. I've decided to expand my support work and create a site where veterans can receive free computer help. I'm using OSTicket for the ticket reporting. What I really need is an easy to use desktop-sharing system. In the past I've used TeamViewer because it is easy to use, but it is not really free for non-personal use. Recently I switched to Meraki Systems Manager because it is free — and it uses VNC — but unfortunately it isn't intended for the one-time-use type support I'll be offering. So I'm looking for a reliable, open source, easy to use desktop-sharing solution that I can set up on my site for people to join one-time-use help desk sessions."
An anonymous reader writes "The release of OpenBSD 5.4 has been announced. New and notable advancements include new or extended platforms like octeon and beagle, moving VAX to ELF format, improved hardware support including Kernel Mode Setting (KMS), overhauled inteldrm(4), experimental support for fuse(4), reworked checksum handling for network protocols, OpenSMTPD 5.3.3, OpenSSH 6.3, over 7,800 ports, and many other improvements and additions."
netbuzz writes "On Nov. 2, 1988, mainstream America learned for the first time that computers get viruses, too, as the now notorious "Morris worm" made front-page headlines after first making life miserable for IT professionals. A PBS television news report about the worm offers a telling look at how computer viruses were perceived (or not) at the time. 'Life in the modern world has a new anxiety today,' says the news anchor. 'Just as we've become totally dependent on our computers they're being stalked by saboteurs, saboteurs who create computer viruses.'"
Daniel_Stuckey writes "The group, called UnSystem, are self-proclaimed crypto-anarchists led by Cody Wilson—who you may remember as the creator of the controversial 3D-printed gun. After getting himself in hot water with the government for making the digital files to print an unregulated weapon freely available on the internet, Wilson's now endeavoring to bring Bitcoin back to its anarchist roots. Like other Bitcoin wallets, you'll be able to store, send, and receive coins, and interact with block chain, the Bitcoin public ledger. But Dark Wallet will include extra protections to make sure transactions are secure, anonymous, and hard to trace—including a protocol called "trustless mixing" that combines users' coins together before encoding it into the ledger."
Hugh Pickens DOT Com writes "Dan Goodwin writes at Ars Technica about a rootkit that seems straight out of a science-fiction thriller. According to security consultant Dragos Ruiu one day his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused and he also found that the machine could delete data and undo configuration changes with no prompting. Next a computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting and further investigation showed that multiple variants of Windows and Linux were also affected. But the story gets stranger still. Ruiu began observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with—but was in close proximity to—another badBIOS-infected computer. The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine. Then, when Ruiu removed internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped. With the speakers and mic intact, Ruiu said, the isolated computer seemed to be using the high-frequency connection to maintain the integrity of the badBIOS infection as he worked to dismantle software components the malware relied on. It's too early to say with confidence that what Ruiu has been observing is a USB-transmitted rootkit that can burrow into a computer's lowest levels and use it as a jumping off point to infect a variety of operating systems with malware that can't be detected. It's even harder to know for sure that infected systems are using high-frequency sounds to communicate with isolated machines. But after almost two weeks of online discussion, no one has been able to rule out these troubling scenarios, either. 'It looks like the state of the art in intrusion stuff is a lot more advanced than we assumed it was,' says Ruiu. 'The take-away from this is a lot of our forensic procedures are weak when faced with challenges like this. A lot of companies have to take a lot more care when they use forensic data if they're faced with sophisticated attackers.'"
wjcofkc writes "The United States Government has officially called in the calvary over the problems with Healthcare.gov. Tech titans Oracle, Red Hat and Google have been tapped to join the effort to fix the website that went live a month ago, only to quickly roll over and die. While a tech surge of engineers to fix such a complex problem is arguably not the greatest idea, if you're going to do so, you might as well bring in the big guns. The question is: can they make the end of November deadline?"
szotz writes "Keeping up the pace of Moore's Law is hard, but you wouldn't know it from the way chipmakers name their technology. The semiconductor industry's names for chip generations (Intel's 22nm, TSMC's 28nm, etc) have very little to do with actual physical sizes, says IEEE Spectrum. And the disconnect is only getting bigger. For the first time, the "pay us to make your chip" foundries are offering a new process (with a smaller-sounding name) that will produce chips that are no denser than their forbears. The move is not a popular one."
itwbennett writes "This brings to mind an earlier Slashdot discussion about whether we've hit the limit on screen resolution improvements on handheld devices. But this time, the question revolves around ever-faster graphics processing units (GPUs) and the resolution limits of desktop monitors. ITworld's Andy Patrizio frames the problem like this: 'Desktop monitors (I'm not talking laptops except for the high-end laptops) tend to vary in size from 20 to 24 inches for mainstream/standard monitors, and 27 to 30 inches for the high end. One thing they all have in common is the resolution. They have pretty much standardized on 1920x1080. That's because 1920x1080 is the resolution for HDTV, and it fits 20 to 24-inch monitors well. Here's the thing: at that resolution, these new GPUs are so powerful you get no major, appreciable gain over the older generation.' Or as Chris Angelini, editorial director for Tom's Hardware Guide, put it, 'The current high-end of GPUs gives you as much as you'd need for an enjoyable experience. Beyond that and it's not like you will get nothing, it's just that you will notice less benefit.'"
An anonymous reader writes "Do you think an airgap can protect your computer? Maybe not. According to this story at Ars Technica, security consultant Dragos Ruiu is battling malware that communicates with infected computers using computer microphones and speakers." That sounds nuts, but it is a time-tested method of data transfer, after all.
First time accepted submitter taxtropel was one of many readers to note that Google has officially released its newest version of Android. taxtropel extracts from the announcement: "Today we are announcing Android 4.4 KitKat, a new version of Android that brings great new features for users and developers. The very first device to run Android 4.4 is the new Nexus 5, available today on Google Play, and coming soon to other retail outlets. We'll also be rolling out the Android 4.4 update worldwide in the next few weeks to all Nexus 4, Nexus 7, and Nexus 10 devices, as well as the Samsung Galaxy S4 and HTC One Google Play Edition devices." Reader SmartAboutThings adds: "Almost all of the features that the Nexus 5 comes with are not a surprise, since they were heavily leaked before. Still, for those that have obediently waited this day, here are some of its most important specs: 2.2Ghz quad-core Snapdragon 800 and 2GB of RAM, 4.95-inch 1080p display, Wireless charging, 2,300 mAh battery, LTE, Bluetooth 4.0, 802.11ac WiFi and NFC; Gorilla Glass 3, Front 1.3-megapixel camera and 8-megapixel sensor on the back with optical image stabilization (OIS)."
An anonymous reader writes "Google today announced Chrome is getting an automatic download blocking feature for malware. Google has already added the new functionality to the latest build of Chrome Canary. All versions of Chrome will soon automatically block downloads and let you know in a message at the bottom of your screen. You will be able to "Dismiss" the message, although it's not clear if you will be able to stop or revert the block."
itwbennett writes "Security experts used fake Facebook and LinkedIn profiles to penetrate the defenses of an (unnamed) U.S. government agency with a high level of cybersecurity awareness. The attack was part of a sanctioned penetration test performed in 2012 and its results were presented Wednesday at the RSA Europe security conference in Amsterdam. The testers built a credible online identity for a fictional woman named Emily Williams and used that identity to pose as a new hire at the targeted organization. The attackers managed to launch sophisticated attacks against the agency's employees, including an IT security manager who didn't even have a social media presence. Within the first 15 hours, Emily Williams had 60 Facebook connections and 55 LinkedIn connections with employees from the targeted organization and its contractors. After 24 hours she had 3 job offers from other companies."
Nerval's Lobster writes "Government whistleblower Edward Snowden, exiled in Russia after releasing top-secret documents about the National Security Agency's surveillance activities to the press, has a new job: tech support. Snowden's lawyer, Anatoly Kucherena, told the Associated Press that his client starts work Nov. 1 for a "major" Russian Website, which he declined to name. In June, Snowden—a former CIA employee who worked as a contractor for the NSA—began feeding an enormous pile of classified charts and documents about federal surveillance programs to The Guardian and other newspapers. Many of those documents suggested that the NSA, ordinarily tasked with intercepting communications from terrorists and foreign governments, collects massive amounts of information on ordinary Americans, which in turn ignited a firestorm of controversy. The Snowden revelations have continued into this week, with The Washington Post reporting that the NSA has aggressively targeted Google and Yahoo servers. Snowden's documents suggest that the agency has figured out how to tap the links connecting the two tech giants' datacenters to the broader Web. Google told the Post that it was "troubled" by the report. A Yahoo spokesperson insisted that the company had "strict controls in place to protect the security of our datacenters" and that "we have not given access to our data centers to the NSA or to any other government agency.""
angry tapir writes "Two privacy-focused email providers have launched the Dark Mail Alliance, a project to engineer an email system with robust defenses against spying. Silent Circle and Lavabit abruptly halted their encrypted email services in August, saying they could no longer guarantee email would remain private after court actions against Lavabit, reportedly an email provider for NSA leaker Edward Snowden."
dinscott writes "During Social Engineer Capture the Flag contest, one of the most prominent and popular annual events at DEF CON 21, a pool of 10 men and 10 women, from diverse backgrounds and experience levels, tested their social engineering abilities against 10 of the biggest global corporations, including Apple, Boeing, Exxon, General Dynamics and General Electric. The complete results of the competition are in, and they don't bode well for businesses."
MojoKid writes "Rumors around the what and when of Google's upcoming Nexus 5 smartphone have been plentiful, and ahead of the supposed release date on Halloween, a benchmark score for the handset has slipped out from Rightware, and it's downright impressive. According to Rightware's Power Board, the Nexus 5 delivered the second-highest Benchmark X gaming score among smartphones, behind only the iPhone 5S, making it the most powerful Android-based handset in the land. The LG-made phone shares a GPU (the Adreno 330) with the third-place Sharp Aquos SHL23 but bested the latter handset with a score of 14.27 to 13.10. A leaked user manual revealed that the Nexus 5 will boast a full HD 4.95-inch display, Snapdragon 800 processor (2.3GHz), 2GB of RAM, 16GB or 32GB of onboard storage, and 8MP rear-facing and 1.3MP front-facing cameras."
stry_cat writes "Ed Bot makes the case against Gmail: 'Gmail was a breath of fresh air when it debuted. But this onetime alternative is showing signs that it's past its prime, especially if you want to use the service with a third-party client. That's the way Google wants it, which is why I've given up on Gmail after almost a decade.' Personally, I've always thought it odd that no other email provider ever adopted Gmails "search not sort" mentality. I've been a Gmail user since you needed an invitation to get an account. However Gmail has been steadily moving towards a more traditional email experience. Plus there's the iGoogle disaster that got me looking into alternatives to everything Google."
barlevg writes "The Washington Post reports that, according to documents obtained from Edward Snowden, through their so-called 'MUSCULAR' initiative, the National Security Agency has exploited a weakness in the transfers between data centers, which Google and others pay a premium to send over secure fiber optic cables. The leaked documents include a post-it note as part of an internal NSA Powerpoint presentation showing a diagram of Google network traffic, an arrow pointing to the Google front-end server with text reading, 'SSL Added and Removed Here' with a smiley face. When shown the sketch by The Post and asked for comment, two engineers with close ties to Google responded with strings of profanity." The Washington Post report is also summarized at SlashBI. Also in can't-trust-the-government-not-to-spy news, an anonymous reader writes: "According to recent reports, the National Security Agency collects 'one-end foreign' Internet metadata as it passes through the United States. The notion is that purely domestic communications should receive greater protection, and that ordinary Americans won't send much personal information outside the country. A researcher at Stanford put this hypothesis to the test... and found that popular U.S. websites routinely pass browsing activity to international servers. Even the House of Representatives website was sending traffic to London. When the NSA vacuums up international Internet metadata, then, it's also snooping on domestic web browsing by millions of Americans."
Trailrunner7 writes "If espionage is the world's second-oldest profession, counterfeiting may be in the running to be third on that list. People have been trying to forge currency for just about as long as currency has been circulating, and anti-counterfeiting methods have tried to keep pace with the state of the art. The anti-counterfeiting technology in use today of course relies on computers and software, and like all software, it has bugs, as researchers at IOActive discovered when they reverse-engineered the firmware in a popular Euro currency verifier and found that they could insert their own firmware and force the machine to verify any piece of paper as a valid Euro note. 'The impact is obvious. An attacker with temporary physical access to the device could install customized firmware and cause the device to accept counterfeit money. Taking into account the types of places where these devices are usually deployed (shops, mall, offices, etc.) this scenario is more than feasible.'"
mask.of.sanity writes "Researchers have demonstrated how controller area networks in cars can make vehicles appear to drive slower than their actual speed, manipulate brakes, wind back odometers and set off all kinds of alarms and lights from random fuzzing (video). The network weaknesses stem from a lack of authentication which they say is absent to improve performance. The researchers have also built a $25 open-source fuzzing tool to help others enter the field."
jfruh writes "Most day-to-day programmers have only a general idea of how compilers transform human-readable code into the machine language that actually powers computers. In an attempt to streamline applications, many compilers actually remove code that it perceives to be undefined or unstable — and, as a research group at MIT has found, in doing so can make applications less secure. The good news is the researchers have developed a model and a static checker for identifying unstable code. Their checker is called STACK, and it currently works for checking C/C++ code. The idea is that it will warn programmers about unstable code in their applications, so they can fix it, rather than have the compiler simply leave it out. They also hope it will encourage compiler writers to rethink how they can optimize code in more secure ways. STACK was run against a number of systems written in C/C++ and it found 160 new bugs in the systems tested, including the Linux kernel (32 bugs found), Mozilla (3), Postgres (9) and Python (5). They also found that, of the 8,575 packages in the Debian Wheezy archive that contained C/C++ code, STACK detected at least one instance of unstable code in 3,471 of them, which, as the researchers write (PDF), 'suggests that unstable code is a widespread problem.'"
McGruber writes "The U.S. government fined Infosys $35 million after an investigation by the Department of Homeland Security and the State Department found that the Indian company used inexpensive, easy-to-obtain B-1 visas meant to cover short business visits — instead of harder-to-get H-1B work visas — to bring an unknown number of its employees for long-term stays. The alleged practice enabled Infosys to undercut competitors in bids for programming, accounting and other work performed for clients, according to people close to the investigation. Infosys clients have included Goldman Sachs Group, Wal-Mart Stores Inc. and Cisco Systems Inc. Infosys said in an email that it is talking with the U.S. Attorney's office, 'regarding a civil resolution of the government's investigation into the company's compliance' with employment-record 'I-9 form' requirements and past use of the B-1 visa. A company spokesman, who confirmed a resolution will be announced Wednesday, said Infosys had set aside $35 million to settle the case and cover legal costs. He said the sum was 'a good indication' of the amount involved."
rjmarvin writes "Adobe's investigation into the massive data breach they were hit with this past August has revealed that over 38 million active users, not to mention inactive accounts, had their user IDs and passwords pilfered by hackers. An Adobe spokesperson confirmed the number, along with the theft of Adobe Photoshop source code. The initial report earlier this month put the extent of the breach at only 3 million credit card accounts, plus stolen Adobe Acrobat, Reader and ColdFusion source code."
An anonymous reader writes "Mozilla today officially launched Firefox 25 for Windows, Mac, Linux, and Android. Additions include Web Audio API support, as well as guest browsing and mixed content blocking on Android. Firefox 25 can be downloaded from Firefox.com and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. The release notes are here: desktop, mobile."
A year ago today, Superstorm Sandy struck the northeastern U.S. The storm destroyed homes — in some cases entire neighborhoods — and brought unprecedented disruptions to the New York City area's infrastructure, interrupting transportation, communications, and power delivery. It even damaged a Space Shuttle. In the time since, the U.S. hasn't faced a storm with Sandy's combination of power and placement, but businesses have had some time to rethink how much trust they can put in even seemingly impregnable data centers and other bulwarks of modernity: a big enough storm can knock down nearly anything. Today, parts of western Europe are recovering from a major storm as well: more than a dozen people were killed as the predicted "storm of the century" hit London, Amsterdam, and other cities on Sunday and Monday. In Amsterdam, the city's transportation system took a major hit; some passengers had to shelter in place in stopped subway cars while the storm passed. Are you (or your employer) doing anything different in the post-Sandy era, when it comes to preparedness to keep people, data, and equipment safe?
destinyland writes "A glitch in iOS7 has cost "a significant number" of Apple users their Wi-Fi access, according to ZDNet. But they also report that Apple is now censoring posts in their "Apple Support Communities" forums where users suggest possible responses to their loss of WiFi capabilities (including exercising their product warranty en masse). "We understand the desire to share experiences in your topic, 'Re: wifi greyed out after update to ios7,'" read one warning sent to Lawrence Lessig, "but because these posts are not allowed on our forums, we have removed it." Lessig — who co-founded Creative Commons (and was a board member of the Free Software Foundation) has been documenting the ongoing "comments slaughter" on his Twitter feed, drawing attention to what he says is the Borg-like behavior of Apple as a corporation. Lessig "is now part of an angry mob in Apple's forums who upgraded to iOS 7 and lost Wi-Fi connectivity," ZDNet notes, adding that as of this morning their reporter has been unable to obtain an official response from Apple."
sciencehabit writes "A software company called Vicarious claims to have created a computer algorithm that can solve CAPTCHA with greater than 90% accuracy. If true, the advance would represent a major breakthrough in artificial intelligence. It would also mean that the internet will have to start looking for a new security system. The problem, however, is that Vicarious has provided little evidence for its claims, though some well-known scientists are behind the work."
MarkWhittington writes "Glenn Reynolds, the purveyor of Instapundit, asked the pertinent question, 'If big government can put a man on the moon, why can't it put up a simple website without messing it up?' The answer, as it turns out, is a rather simple one. The Apollo program, that President John F. Kennedy mandated to put a man on the moon and return him to the Earth, was a simple idea well carried out for a number of reasons. The primary one was that Congress did not pass a 1,800 or so page bill backed up by a mind-numbing amount of regulations mandating how NASA would do it. The question of how to conduct the lunar voyages was left up to the engineers at NASA and the aerospace industry at the time. The government simply provided the resources necessary to do the job and a certain degree of oversight. Imagine if President Obama had stated, 'I believe the nation should commit itself to the goal of enabling all Americans to access affordable health insurance' but then left the how to do it to some of the best experts in health care and economics without partisan interference."
noahfecks writes "It seems that the GCC developers are taking steps to roll out significant improvements after CLANG became more competitive. 'Among the highlights to look forward to right now with GCC 4.9 are: The Undefined Behavior Sanitizer has been ported to GCC; Ada and Fortran have seen upgrades; Improved C++14 support; RX100, RX200, and RX600 processor support; and Intel Silvermont hardware support.'"
An anonymous reader writes "Email service FastMail.fm has an blog post about an interesting bug they're dealing with related to the new Mail.app in Mac OS 10.9 Mavericks. After finding a user who had 71 messages in his Junk Mail folder that were somehow responsible for over a million entries in the index file, they decided to investigate. 'This morning I checked again, there were nearly a million messages again, so I enabled telemetry on the account ... [Mail.app] copying all the email from the Junk Folder back into the Junk Folder again!. This is legal IMAP, so our server proceeds to create a new copy of each message in the folder. It then expunges the old copies of the messages, but it's happening so often that the current UID on that folder is up to over 3 million. It was just over 2 million a few days ago when I first emailed the user to alert them to the situation, so it's grown by another million since. The only way I can think this escaped QA was that they used a server which (like gmail) automatically suppresses duplicates for all their testing, because this is a massively bad problem.' The actual emails added up to about 2MB of actual disk usage, but the bug generated an additional 2GB of data on top of that."