An anonymous reader writes "In Britain, where it is custom and practice to charge around £10 for a copy of your medical results, a patient has discovered that his copy will cost him £2,000 because the records are stored on an obsolete system that the current IT systems cannot access. Can this be good for patient care if no-one can access records dating back from a previous filing system? Perhaps we need to require all current systems to store data in a way that is vendor independent, and DRM-free, too?"

CowboyRobot writes "Jeremiah Grossman of Whitehat Security has an article at the ACM in which he outlines the current state of browser security, specifically drive-by downloads. 'These attacks are primarily written with HTML, CSS, and JavaScript, so they are not identifiable as malware by antivirus software in the classic sense. They take advantage of the flawed way in which the Internet was designed to work.' Grossman's proposed solution is to make the desktop browser more like its mobile cousins. 'By adopting a similar application model on the desktop using custom-configured Web browsers (let's call them DesktopApps), we could address the Internet's inherent security flaws. These DesktopApps could be branded appropriately and designed to launch automatically to Bank of America's or Facebook's Web site, for example, and go no further. Like their mobile application cousins, these DesktopApps would not present an URL bar or anything else making them look like the Web browsers they are on the surface, and of course they would be isolated from one another.'"

angry tapir writes "Google security engineer Tavis Ormandy discovered several flaws in Sophos antivirus and says the product should be kept away from high value information systems unless the company can avoid easy mistakes and issue patches faster. Ormandy has released a scathing 30-page analysis (PDF) 'Sophail: Applied attacks against Sophos Antivirus,' in which he details several flaws 'caused by poor development practices and coding standards,' topped off by the company's sluggishly response to the warning he had working exploits for those flaws. One of the exploits Ormandy details is for a flaw in Sophos' on-access scanner, which could be used to unleash a worm on a network simply by targeting a company receiving an attack email via Outlook. Although the example he provided was on a Mac, the 'wormable, pre-authentication, zero-interaction, remote root' affected all platforms running Sophos. (Ormandy released the paper as an independent researcher, not in his role as a Google employee.)"

Several readers have submitted news of the inevitable problems involved with trying to securely collect information from tens of millions of people on the same day. A video is making the rounds of a touchscreen voting machine registering a vote for Mitt Romney when Barack Obama was selected. A North Carolina newspaper is reporting that votes for Romney are being switched to Obama. Voters are being encouraged to check and double-check that their votes are recorded accurately. In Ohio, some recently-installed election software got a pass from a District Court Judge. In Galveston County, Texas, poll workers didn't start their computer systems early enough to be ready for the opening of the polls, which led to a court order requiring the stations to be open for an extra two hours at night. Yesterday we discussed how people in New Jersey who were displaced by the storm would be allowed to vote via email; not only are some of the emails bouncing, but voters are being directed to request ballots from a county clerk's personal Hotmail account. If only vote machines were as secure as slot machines. Of course, there's still the good, old fashioned analog problems; workers tampering with ballots, voters being told they can vote tomorrow, and people leaving after excessively long wait times.

Riskable writes "Version 1.1 of Gate One (HTML5 terminal emulator/SSH client) was just released (download). New features include security enhancements, major performance improvements, mobile browser support, improved terminal emulation, automatic syntax highlighting of syslog messages, PDFs can now be captured/displayed just like images, Python 3 support, Internet Explorer (10) support, and quite a lot more (full release notes). There's also a new demo where you can try out vim in your browser, play terminal games (nethack, vitetris, adventure, zangband, battlestar, greed, robotfindskitten, and hangman), surf the web in lynx, and a useful suite of IPv6-enabled network tools (ping, traceroute, nmap, dig, and a domain name checker)." Gate One is dual licensed (AGPLv3/Commercial Licensing); for individuals, it's pay-as-you-please.

Mark.JUK writes "Scientists working under an EU funded (3 Million Euros) project out of Bangor University in Wales (United Kingdom) have developed a commercially-exploitable way of boosting broadband speeds over end-user fibre optic lines by using Optical Orthogonal Frequency Division Multiplexing (OOFDM) technology, which splits a laser down to multiple different optical frequencies (each of which can be used to carry data), and low-cost off-the-shelf components. The scientists claim that their solution has the ability to 'increase broadband transmission by up to two thousand times the current speed and capacity' (most UK Fibre-to-the-Home or similar services currently offer less than 100 Megabits per second) and it can do this alongside a 'significant reduction in electrical power consumption.'"

dstates writes "Want a good job in IT? Detroit of all places may be the place to be. GM is bringing IT development back in house to speed innovation. Among other initiatives, a self driving Cadillac is planned by mid decade. Ford is also actively developing driver assist technology and is betting big on voice recognition. Ann Arbor has thousands of smart cars wirelessly connected on the road. Think about all those aging baby boomers with houses in the burbs and no desire to move as their vision and reflexes decline. The smart car is a huge market. Seriously, Detroit and SE Michigan have good jobs, great universities, cheap housing and easy access to great sports and outdoors activities."

Gunkerty Jeb writes "Side-channel attacks against cryptography keys have, until now, been limited to physical machines. Researchers have long made accurate determinations about crypto keys by studying anything from variations in power consumption to measuring how long it takes for a computation to complete. A team of researchers from the University of North Carolina, University of Wisconsin, and RSA Security has ramped up the stakes, having proved in controlled conditions (PDF) that it's possible to steal a crypto key from a virtual machine. The implications for sensitive transactions carried out on public cloud infrastructures could be severe should an attacker land his malicious virtual machine on the same physical host as the victim. Research has already been conducted on how to map a cloud infrastructure and identify where a target virtual machine is likely to be."

Esther Schindler writes "Why is it that young developers imagine that older programmers can't program in a modern environment? Too many of us of a 'certain age' are facing an IT work environment that is hostile to older workers. Lately, Steven Vaughan-Nichols has been been noticing that the old meme about how grandpa can't understand iPhones, Linux, or the cloud is showing up more often even as it's becoming increasingly irrelevant. The truth is: Many older developers are every bit as good as young programmers, and he cites plenty of example of still-relevant geeks to prove it. And he writes, 'Sadly, while that should have put an end to the idea that long hours are a fact of IT life, this remnant of our factory-line past lingers both in high tech and in other industries. But what really matters is who's productive and who's not.'"

derekmead writes "By law, US companies don't have to say a word about hacker attacks, regardless of how much it might've cost their bottom line. Comment, the group of Chinese hackers suspected in the recent-reported Coke breach, also broke into the computers of the world's largest steel company, ArcelorMittal. ArcelorMittal doesn't know exactly how much was stolen and didn't think it was relevant to share news of the attack with its shareholders. Same goes for Lockheed Martin who fended off a 'significant and tenacious' attack last May but failed to disclose the details to investors and the Securities Exchange Commission. Dupont got hit twice by Chinese hackers in 2009 and 2010 and didn't say a word. Former U.S. counterintelligence chief Joel Brenner recently said that over 2,000 companies, ISPs and research centers had been hit by Chinese hackers in the past decade and few of them told their shareholders about it. This is even after the SEC has made multiple requests for companies to come clean about cyber security breaches in their quarterly or annual earnings reports. Because the potential losses, do hacked companies have a responsibility to report security breaches to investors?"

New submitter Journe writes "Anonymous claims to have begun a hacking spree for the 5th of November. In their spree, they've laid waste to several Australian Government sites, and, for some reason, the site of Saturday Night Live. They also claim to have leaked VMware source code, along with user and employee info from Paypal and Symantec. There's some argument however that Anonymous is falsely taking claim for Symantec."

MojoKid writes "AMD's new Piledriver-based Opterons are launching today, completing a product refresh that the company began last spring with its Trinity APUs. The new 12 & 16-core Piledriver parts are debuting as the Opteron 6300 series. AMD predicts performance increases of about 8% in integer and floating-point operations. With this round of CPUs, AMD has split its clock speed Turbo range into 'Max' and 'Max All Cores.' The AMD Opteron 6380, for example, is a 2.5GHz CPU with a Max Turbo speed of 3.4GHz and a 2.8GHz Max All Cores Turbo speed."

First time accepted submitter BluPhenix316 writes "I'm currently in school for Network Administration. I was discussing Linux with my instructor and he said the problem he has with Linux is he doesn't know of a good alternative to Active Directory. I did some research and from what I've read Samba4 seems very promising. What are your thoughts?"

First time accepted submitter danbuter writes "In probably the most poorly thought-out reaction to allowing people displaced by Hurricane Sandy in New Jersey [to take part in the 2012 presidential election], residents will be allowed to vote by email. Of course, this will be completely secure and work perfectly!" Writes user Beryllium Sphere: "There's no mention of any protocol that might possibly make this acceptable. Perhaps the worst thing that could happen would be if it appears to work OK and gains acceptance." I know someone they should consult first.

An anonymous reader writes "Dragonfly BSD recently announced the release of version 3.2 of their operating system. Improvements include: USB4BSD, a second-generation USB stack; merging of a GSoC project to provide CPU topology awareness to the scheduler, giving a nice boost for hyperthreading Intel CPUs; and last but not least, a new largely rewritten scheduler. Some background is in order for the last one. PostgreSQL 9.3 will move from SysV shared memory to mmap for its shared memory needs. It turned out that the switch much hurts its performance on the BSDs. Matthew Dillon was fast to respond with a search for bottlenecks and got the performance up to par with Linux."

snydeq writes "Facebook has said that it will soon open source Prism, an internal project that supports geographically distributed Hadoop data stores, thereby removing the limits on Hadoop's capacity to crunch data. 'The problem is that Hadoop must confine data to one physical data center location. Although Hadoop is a batch processing system, it's tightly coupled, and it will not tolerate more than a few milliseconds delay among servers in a Hadoop cluster. With Prism, a logical abstraction layer is added so that a Hadoop cluster can run across multiple data centers, effectively removing limits on capacity.'"

hessian writes "Scholars who study the role of media in society say no long-term studies have been done that adequately show how and if student attention span has changed because of the use of digital technology. But there is mounting indirect evidence that constant use of technology can affect behavior, particularly in developing brains, because of heavy stimulation and rapid shifts in attention."

First time accepted submitter TheUnFounded writes "A site that I administer was recently 'held hostage' for the vast sum of $800. We were contacted by a guy (who was, it turns out, in Lebanon), who told us that he had been asked to perform a DDoS on our site by a competitor, and that they were paying him $600. He then said for $800, he would basically go away. Not a vast sum, but we weren't going to pay just because he said he 'could' do something. Within 5 minutes, our site was down. The owner of the company negotiated with the guy, and he stopped his attack after receiving $400. A small price to pay to get the site online in our case. But obviously we want to come up with a solution that'll allow us to deal with these kinds of attacks in the future. While the site was down, I contacted our hosting company, Rackspace. They proceeded to tell me that they have 'DDoS mitigation services,' but they cost $6,000 if your site is under attack at the time you use the service. Once the attack was over, the price dropped to $1500. (Nice touch there Rackspace, so much for Fanatical support; price gouging at its worst). So, obviously, I'm looking for alternative solutions for DDoS mitigation. I'm considering CloudFlare as an option; does anyone have any other suggestions or thoughts on the matter?"

An anonymous reader writes "Security firm Kaspersky has released its latest IT Threat Evolution report. There were some interesting findings in the report, as always, but the most interesting thing that stuck out was all the way at the bottom: 'Microsoft products no longer feature among the Top 10 products with vulnerabilities. This is because the automatic updates mechanism has now been well developed in recent versions of Windows OS.'"

Hugh Pickens writes "Candace Jackson writes that an increasing number of home builders and buyers are looking for a new kind of security: homes equipped to handle everything from hurricanes, tornadoes and hybrid superstorms like this week's Sandy, to man-made threats ranging from home invasion to nuclear war. Fueling the rise of these often-fortresslike homes are new technologies and building materials—which builders say will ultimately be used on a more widespread basis in storm- and earthquake-threatened areas. For example, Alys Beach, a 158-acre luxury seaside community on Florida's Gulf Coast, has earned the designation of Fortified...for safer living® homes and is designed to withstand strong winds. The roofs have two coats of limestone and exterior walls have 8 inches of concrete, reinforced every 32 inches for 'bunkerlike' safety, according to marketing materials. Other builders are producing highly hurricane-proof residences that are circular in shape with 'radial engineering' wherein roof and floor trusses link back to the home's center like spokes on a wheel, helping to dissipate gale forces around the structure. Deltec, a North Carolina–based builder, says it has never lost a circular home to hurricanes in over 40 years of construction. But Doug Buck says some 'extreme' building techniques don't make financial sense. 'You get to a point of diminishing returns,' says Buck. 'You're going to spend so much that honestly, it would make more sense to let it blow down and rebuild it.''