×
Security

Apple Planning To Build Private Restaurant 234

Posted by samzenpus from the i-lunch-break dept.
First time accepted submitter a90Tj2P7 writes "Apple is building a 21,468 square foot private restaurant in Cupertino so employees can talk shop over lunch without being overheard. Apple's director of real estate facilities, Dan Wisenhunt, stated that: 'We like to provide a level of security so that people and employees can feel comfortable talking about their business, their research and whatever project they're engineering without fear of competition sort of overhearing their conversations.'"
Government

Study Finds 1 in 10 Used Hard Drives Contains Old Personal Data 111

Posted by samzenpus from the sharing-secrets dept.
Lucas123 writes "A newly published study by Britain's data protection regulatory agency found that more than one in 10 second-hand hard drives being sold online contain recoverable personal information from the original owner. "Many people will presume that pressing the delete button on a computer file means that it is gone forever. However this information can easily be recovered," Britain's Information Commissioner, Christopher Graham, said in a statement. In all, the research found 34,000 files containing personal or corporate information were recovered from the devices. Along with the study, a survey revealed that 65% of people hand down their old PC, laptop and cell phones to others. One in ten of those people who disposed of their old devices, left all their data on them. The British government also offered new guidelines for ensuring devices are properly wiped of data."
Crime

Terminal Mixup Implicates TSA Agents In LAX Smuggling Plot 255

Posted by timothy from the and-your-knees-go-on-these-yellow-dots dept.
First time accepted submitter ian_po writes "The U.S. Attorney's office has filed indictments against 7 people, including two Transportation Security Administration Screeners and two former TSA employees, after federal agents set up several smuggling sting operations. The alleged smuggling scheme was revealed after a suspected drug courier went to Terminal 5, where his flight was departing, instead of going through the Terminal 6 checkpoint his written instructions directed him to. Court documents indicate the plan was to return to Terminal 5 through a secure tunnel after being allowed through security by the accused Screener. The courier was caught with 10 pounds of cocaine at the other checkpoint by a different TSA agent. If convicted, the four TSA employees face a minimum of 10 years in Federal prison." If ten pounds of anything can get onto a plane by the simple expedient of bribery, please explain again why adult travelers, but not children, must remove their shoes as they stand massed in an unsecured part of a typical U.S. airport.
Security

Opus Dei To Hunt Down Vatican Whistle-Blowers 286

Posted by timothy from the dan-brown-hangs-his-head-dejectedly dept.
First time accepted submitter Aguazul2 writes "In a familiar story relocated into the bizarre world of the Vatican, a whistle-blower who brought to light excessive overpayments on contracts to friendly suppliers was sent to the USA as punishment, and further sources of leaks are now being hunted down by a crack team headed by an 82-year old Opus Dei cardinal. It's just like Wikileaks, only with parchment and quills — probably."
Ubuntu

Ubuntu 12.04 LTS Out; Unity Gets a Second Chance 543

Posted by timothy from the will-reserve-judgment-until-I-try-it dept.
An anonymous reader writes with this enthusiastic review of the latest from Canonical: "So how does Ubuntu Precise Pangolin (12.04) fare? I will say exceptionally well. Unity is not the same ugly duckling it was made out to be. In Ubuntu 12.04, it has transformed into a beautiful swan. As Ubuntu 12.04 is a long term release, the Ubuntu team has pulled all stops to make sure the user experience is positive. Ubuntu 12.04 aka Precise Pangolin is definitely worthy of running on your machine."
Android

Cybercriminals Exploit Björk's Biophilia App To Compromise Androids 75

Posted by timothy from the click-here-for-free-bjork dept.
An anonymous reader writes "The Russians who put out fake versions of Angry Bird Space and Instagram for Android last week have competition. Biophilia, a musical experiment by Bjork into the world of apps, has been ported to Android as a Trojan." Maybe not totally surprising; as the submitter reader continues, "last year at the launch of the app, Bjork was quoted in an interview inviting pirates/hackers to attempt to port her code over from iPhone to other platforms."
Security

Backdoor Found In Arcadyan-based Wi-Fi Routers 59

Posted by timothy from the no-auth-cat dept.
Mojo66 writes "A recently reported flaw that allowed an attacker to drastically reduce the number of attempts needed to guess the WPS PIN of a wireless router isn't necessary for some Arcadyan based routers anymore. According to German computer publisher Heise, some 100,000 routers of type Speedport W921V, W504V and W723V are affected in Germany alone. (Google translation, original here.) What makes things worse is the fact that in order to exploit the backdoor, no button has to be pushed on the device itself and on some of the affected routers, the backdoor PIN ("12345670") is still working even after WPS has been disabled by the user. The only currently known remedy for those models is to disable Wi-Fi altogether. Since all Arcadyan routers share the same software platform, more models might be affected."
Crime

German Court Rules That Clients Responsible For Phishing Losses 245

Posted by samzenpus from the be-more-careful dept.
benfrog writes "A German court has ruled that clients, not banks, are responsible for losses in phishing scams. The German Federal Court of Justice (the country's highest civil court) ruled in the case of a German retiree who lost €5,000 ($6,608) in a bank transfer fraudulently sent to Greece. According to The Local, a German news site, the man entered 10 transaction codes into a site designed to look like his bank's web site and his bank is not liable as it specifically warned against such phishing attacks."
Security

VMware Confirms Source Code Leak 109

Posted by samzenpus from the like-a-sieve dept.
Gunkerty Jeb writes "Purloined data and documents, including source code belonging to the U.S. software firm VMWare, continue to bubble up from the networks of a variety of compromised Chinese firms, according to 'Hardcore Charlie,' an anonymous hacker who has claimed responsibility for the hacks. In a statement on the VMWare Web site, Ian Mulholland, Director of VMWare's Security Response Center, said the company acknowledged that a source code file for its ESX product had been leaked online. In a phone interview, Mulholland told Threatpost the company was monitoring the situation and conducting an investigation into the incident."
Google

Bug Bounty Hunters Weigh In On Google's Vulnerability Reporting Program 24

Posted by samzenpus from the professional-swatter dept.
An anonymous reader writes "InfoWorld reached out to three security researchers who participate in Google's vulnerability reporting program, through which the company now offers as much as $20,000 for bug reports. They provided some insightful perspectives on what Google (and other companies, such as Mozilla) are doing right in paying bounties on bugs, as well as where there's some room for improvement."
Microsoft

Microsoft Says Two Basic Security Steps Might Have Stopped Conficker 245

Posted by samzenpus from the protect-ya-neck dept.
coondoggie writes "If businesses and consumers stuck to security basics, they could have avoided all cases of Conficker worm infection detected on 1.7 million systems by Microsoft researchers in the last half of 2011. According to the latest Microsoft Security Intelligence report, all cases of Conficker infection stemmed from just two attack methods: weak or stolen passwords and exploiting software vulnerabilities for which updates existed."
Canada

Backdoor In RuggedOS Systems: Infrastructure, Military Systems Vulnerable 154

Posted by Unknown Lamer from the steal-me-up-some-electricity dept.
FhnuZoag writes "A backdoor has been found in Canadian based RuggedCom's 'Rugged Operating System', providing easy access to anyone with the devices's MAC address — something often publically displayed. Rugged OS is being used in a wide range of applications, including traffic control, power generation, and even U.S. Navy bases. The backdoor was first found over a year ago, and RuggedCom have so far refused to patch out the exploit." The exploit is trivial: each device has a permanent "factory" user, and an automatically generated password derived from the MAC.
Government

Should the FDA Assess Medical Device Defenses Against Hackers? 138

Posted by Soulskill from the or-maybe-somebody-who-knows-things-about-computers dept.
gManZboy writes "The vulnerability of wireless medical devices to hacking has now attracted attention in Washington. Although there has not yet been a high-profile case of such an attack, a proposal has surfaced that the Food and Drug Administration or another federal agency assess the security of medical devices before they're sold. A Department of Veterans Affairs study showed that between January 2009 and spring 2011, there were 173 incidents of medical devices being infected with malware. The VA has taken the threat seriously enough to use virtual local area networks to isolate some 50,000 devices. Recently, researchers from Purdue and Princeton Universities announced that they had built a prototype firewall known as MedMon to protect wireless medical devices from outside interference."
Security

Samsung TVs Can Be Hacked Into Endless Restart Loop 187

Posted by timothy from the you-were-warned dept.
Gunkerty Jeb writes "Italian security researcher Luigi Auriemma was trying to play a trick on his brother when he accidentally discovered two vulnerabilities in all current versions of Samsung TVs and Blu-Ray systems that could allow an attacker to gain remote access to those devices. Auriemma claims that the vulnerabilities will affect all Samsung devices with support for remote controllers, and that the vulnerable protocol is on both TVs and Blu-Ray enabled devices. One of the bugs leads to a loop of endless restarts while the other could cause a potential buffer overflow."
Security

One In Five Macs Holds Malware — For Windows 285

Posted by timothy from the time-to-update-parental-advice dept.
judgecorp writes "One in five Apple Macs is infected with malware, according to Sophos. But most of that is harmless to the Mac... it is Windows malware ready to be transmitted to the Windows population. Only one in 36 Macs has OS X specific infections."
Security

Iran's Oil Industry Hit By Cyber Attacks 115

Posted by Unknown Lamer from the causing-industrial-accidents-for-fun-and-profit dept.
wiredmikey writes "Iran disconnected computer systems at a number of its oil facilities in response to a cyber attack that hit multiple industry targets during the weekend. A source at the National Iranian Oil Company (NIOC) reportedly told Reuters that a virus was detected inside the control systems of Kharg Island oil terminal, which handles the majority of Iran's crude oil exports. In addition, computer systems at Iran's Oil Ministry and its national oil company were hit. There has been no word on the details of the malware found, but computer systems controlling several of Iran's oil facilities were disconnected from the Internet as a precaution. Oil Ministry spokesman Ali Reza Nikzad-Rahbar told Mehr News Agency on Monday that the attack had not caused significant damage and the worm had been detected before it could infect systems."
Google

Google Ups Bug Bounty To $20,000 53

Posted by Unknown Lamer from the security-through-cash dept.
Trailrunner7 writes, quoting Threatpost: "Search giant Google said it is quintupling the top bounty it will pay for information on security holes in its products to $20,000. Google said it was updating its rewards and rules for the bounty program, which is celebrating its first anniversary. In addition to a top prize of $20,000 for vulnerabilities that allow code to be executed on product systems, Google said it would pay $10,000 for SQL injection and equivalent vulnerabilities in its services and for certain vulnerabilities that leak information or allow attackers to bypass authentication or authorization features."
Android

Proof-of-Concept Android Trojan Uses Motion Sensors To Steal Passwords 105

Posted by Soulskill from the for-when-normal-keylogging-is-just-too-precise dept.
judgecorp writes "TapLogger, a proof-of-concept Trojan for Android developed by resarchers at Pennsylvania State University and IBM, uses information from the phone's motion sensor to deduce what keys the user has tapped (PDF), thus revealing otherwise-hidden information such as passwords and PINs."
Desktops (Apple)

Mac Flashback Attack Began With Wordpress Blogs 103

Posted by timothy from the slashcode-was-lower-on-their-target-list dept.
With more on the Flashback malware plaguing many Macs, beaverdownunder writes with some explanation of how the infection grew so quickly: "Alexander Gostev, head of the global research and analysis team at Kaspersky, says that 'tens of thousands of sites powered by WordPress were compromised. How this happened is unclear. The main theories are that bloggers were using a vulnerable version of WordPress or they had installed the ToolsPack plug-in.'"

Slashdot Top Deals