×
Security

Alan Turing Papers On Code Breaking Released By GCHQ 78

Posted by samzenpus from the check-it-out dept.
peetm writes "Two 70-year-old papers by Alan Turing on the theory of code breaking have been released by the government's communications headquarters, GCHQ. It is believed Turing wrote the papers while at Bletchley Park working on breaking German Enigma codes. A GCHQ mathematician said the fact that the contents had been restricted 'shows what a tremendous importance it has in the foundations of our subject.'"
Government

Ask Slashdot: How To Share a SharePoint Site? 151

Posted by timothy from the how-much-wood-would-a-woodchuck-chuck dept.
New submitter grzzld writes "I am a systems analyst for a County in New York. Last year I made a SharePoint site that manages grants and it was well received. So much so that it won a NACo award. Since then, there have been several requests from other municipalities from around the country who would like to get this SharePoint site. The county is trying to figure out how to protect ourselves from people making money from it and having people hold us liable if it they use it and something goes awry. I am afraid that ultimately nothing will be done and the site will not be shared since at the end of the day it is much easier to not do anything and just say no. I proposed that we license it under an Open Source agreement but I am not versed enough in the differences between all of them. It is also unclear to me if I could do this since the nature of the 'program' is a SharePoint site. It seemed like CodePlex would be a good place to put this since it is Microsoft centric and it an open source initiative. I just want to contribute my work to others who may find it useful. The county just wants to make sure they can't be held liable and have somebody turn my work around and make a buck. How can I release this to the world and make sure the county's concerns are addressed?"
Security

ICO Warns Toshiba Over Data Breach 27

Posted by samzenpus from the do-better-next-time dept.
hypnosec writes "Toshiba Information Systems has been given a slap on the wrist by the Information Commissioner's Office (ICO), following a data spillage. This happened during an on-line competition that Toshiba organized last year. Back in September 2011, a concerned member of the public contacted the ICO and informed the body that some data pertaining to those registered for the competition was accessible. In fact, the personal details of 20 entrants were compromised in a security flaw on the site. Those details included names, addresses and dates of birth, along with other contact information. The ICO investigated and found that Toshiba's security measures weren't thorough enough, and hence, didn't detect the vulnerability — from a mistake, made by a third-party web designer. A fine hasn't been levied, but Toshiba has signed an undertaking to ensure this doesn't happen again."
Books

Book Review: The CERT Guide To Insider Threats 27

Posted by samzenpus from the protect-ya-neck dept.
benrothke writes "While Julius Caesar likely never said 'Et tu, Brute?' the saying associated with his final minutes has come to symbolize the ultimate insider betrayal. In The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes, authors Dawn Cappelli, Andrew Moore and Randall Trzeciak of the CERT Insider Threat Center provide incontrovertible data and an abundance of empirical evidence, which creates an important resource on the topic of insider threats. There are thousands of companies that have uttered modern day versions of Et tu, Brute due to insidious insider attacks and the book documents many of them." Read on for the rest of Ben's review.
Crime

15-Year-Old Arrested For Hacking 259 Companies 153

Posted by samzenpus from the needs-more-homework dept.
An anonymous reader writes "Austrian police have arrested a 15-year-old student suspected of hacking into 259 companies across the span of three months. Authorities allege the suspect scanned the Internet for vulnerabilities and bugs in websites and databases that he could then exploit. As soon as he was questioned, the young boy confessed to the attacks, according to Austria's Federal Criminal Police Office (BMI)."
Businesses

CIOs Dismissed As Techies Without Business Savvy By CEOs 269

Posted by samzenpus from the no-respect dept.
Qedward writes in with a link about the gap between the tech side of business and the bean counters. "CIOs are being dismissed by CEOs as too techie and not aligned with business activities. According to recent Gartner survey of 220 CEOs across the world, business leaders expect spending on IT to rise, but without a corresponding rise in the importance of the role of the CIO within the organization. CIOs appear to be failing in the eyes of CEOs in terms of alignment with the rest of the business. The research showed the stereotype of the head of IT being too preoccupied with technical issues to be effective business leaders persists. He said they were perceived as unable to bring a breadth of business perspective to the table."
Biotech

Avian Flu Researcher Plans to Defy Dutch Ban On Publishing Paper 118

Posted by Unknown Lamer from the coming-to-a-news-stand-near-year dept.
scibri writes "Ron Fouchier, one of the researchers involved in the controversy over whether to publish research on mutant versions of H5N1 bird flu, has said he plans to submit his paper to Science without applying for an export control license as demanded by the Dutch government. Failing to get the license means he could face penalties including up to six years in prison. Whether the paper falls under export-control laws is unclear. The Netherlands implements European Union (EU) legislation on export controls, which require an export permit for 'dual-use' materials and information — those that could have both legitimate and malicious uses — including those relating to dangerous pathogens. But the EU law allows an exception for 'basic scientific research' that is 'not primarily directed towards a specific practical aim or objective,' which Fouchier says should cover his work."
Security

Spoiler Alert: Your TV Will Be Hacked 211

Posted by Soulskill from the let's-hope-so dept.
snydeq writes "With rising popularity of Internet-enabled TVs, the usual array of attacks and exploits will soon be coming to a screen near you. 'Will Internet TVs will be hacked as successfully as previous generations of digital devices? Of course they will. Nothing in a computer built into a TV makes it less attackable than a PC. ... Can we make Internet TVs more secure than regular computers? Yes. Will we? Probably not. We never do the right things proactively. Instead, we as a global society appear inclined to accept half-baked security solutions that are more like Band-Aids than real protection.'"
IBM

IBM Sells Point-Of-Sale Business To Toshiba 120

Posted by Soulskill from the big-blue-gets-smaller dept.
ErichTheRed writes "Yet another move by IBM out of end-user hardware, Toshiba will be buying IBM's retail point-of-sale systems business for $850M. Is it really a good idea for a company defined by good (and in this case, high-margin) hardware to sell it off in favor of nebulous consulting stuff? 'Like IBM's spin-offs of its PC, high-end printer, and disk drive manufacturing businesses to Lenovo, Ricoh, and Hitachi respectively in the past decade, IBM is not just selling off the RSS division but creating a holding company where it will have a stake initially but which it will eventually sell.' Is there really no money in hardware anymore? "
China

US and China Held Secret Cyber Wargames 71

Posted by samzenpus from the now-you-hit-me dept.
judgecorp writes "Despite the accusations that have flown both ways between the countries, the US and China have co-operated in wargames, held in secret in Beijing and Washington, designed to head off escalations in hostilities. From the article: 'During the first exercise, both sides had to describe what they would do if they were attacked by a sophisticated computer virus, such as Stuxnet, which disabled centrifuges in Iran's nuclear program. In the second, they had to describe their reaction if the attack was known to have been launched from the other side.'"
Upgrades

The Three Flavors of Windows 8 500

Posted by samzenpus from the time-to-choose dept.
First time accepted submitter Kelerei writes "Windows 8 has been confirmed as the official name for the next x86/x64 version of Windows, which will be released in two editions: a home edition (simply named 'Windows 8') featuring an updated Windows Explorer, Task Manager, improved multi-monitor support and 'the ability to switch languages on the fly,' while a professional edition ('Windows 8 Pro') adds features for businesses and technical professionals such as encryption, virtualization and domain connectivity. Windows Media Center will not be included in the Pro edition and will be available separately as part of a 'media pack' add-on. A third edition, branded as 'Windows RT,' will be available for ARM-based systems."
Crime

The Cybercrime Wave That Wasn't 85

Posted by samzenpus from the online-boogeyman dept.
retroworks writes "Dinei Florencio and Cormac Herley write that cybercrime depleted gullible and unprotected users, producing diminishing returns (over-phishing). They argue that the statistics on the extent of losses from cybercrime are flawed because there is never an under-estimation reported. Do they underestimate the number of suckers gaining internet access born every minute? Or has cybercrime become the 'shark attack' that gets reported more often than it occurs?"
Businesses

When Big Brother Watches IT 234

Posted by samzenpus from the cc-me dept.
bdking writes "In an effort to protect sensitive data from internal security threats, some organizations are 'using new technology to look at the language of their IT staff's emails to determine whether their behavior or mind-set has changed,' the Wall Street Journal reports. Is secretly spying on and linguistically interpreting employee emails going too far in the name of security? From the article: 'I understand the need to be aware of the attitudes of workers with high-level access to data and networks, but this strikes me as creepy. What if an IT employee suddenly has relationship problems or family issues? Will they then be flagged by HR as potentially troublesome or even a data security risk? And all without them even knowing there's a dossier being created of them and their "suspect" behavior?'"
Security

Boeing Preparing an Ultra-Secure Smartphone 101

Posted by samzenpus from the secret-security-phone dept.
bobwrit writes in with a story about Boeing's new secure government phones project. "Earlier this week, it was revealed that aerospace firm Boeing was working on a high security mobile device for the various intelligence departments. This device will most likely be released later this year, and at a lower price point than other mobile phones targeted at the same communities. Typically, phones in this range cost about 15,000-20,000 per phone, and use custom hardware and software to get the job done. This phone will most likely use Android as it's main operating system of choice, which lowers the cost per phone, since Boeing's developers don't have to write their own operating system from scratch."
Bug

Documentation As a Bug-Finding Tool 188

Posted by Soulskill from the //-this-is-where-i-forgot-a-parenthesis dept.
New submitter Sekrimo writes "This article discusses an interesting advantage to writing documentation. While the author acknowledges that developers often write documentation so that others may better understand their code, he claims documenting can also be a useful way to find bugs before they ever become an issue. Taking the time to write this documentation helps to ensure that you've thought through every aspect of your program fully, and cleared up any issues that may arise."
Desktops (Apple)

New Targeted Mac OS X Trojan Requires No User Interaction 322

Posted by Soulskill from the cursed-by-popularity dept.
An anonymous reader writes "Another Mac OS X Trojan has been spotted in the wild; this one exploits Java vulnerabilities just like the Flashback Trojan. Also just like Flashback, this new Trojan requires no user interaction to infect your Apple Mac. Kaspersky refers to it as 'Backdoor.OSX.SabPub.a' while Sophos calls it at 'SX/Sabpab-A.'"
Android

More Malicious Apps Found On Google Play 143

Posted by Soulskill from the if-you-built-it-they-will-come dept.
suraj.sun writes "We've seen quite a few Android malware discoveries in the recent past, mostly on unofficial Android markets. There was a premium-rate SMS Trojan that not only sent costly SMS messages automatically, but also prevented users' carriers from notifying them of the new charges, a massive Android malware campaign that may be responsible for duping as many as 5 million users, and an malware controlled via SMS. Ars Technica is now reporting another Android malware discovery made by McAfee researcher Carlos Castillo, this time on Google's official app market, Google Play, even after Google announced back in early February that it has started scanning Android apps for malware. Two weeks ago, a separate set of researchers found malicious extensions in the Google Chrome Web Store that could gain complete control of users' Facebook profiles. Quoting the article: 'The repeated discoveries of malware hosted on Google servers underscore the darker side of a market that allows anyone to submit apps with few questions asked. Whatever critics may say about Apple's App Store, which is significantly more selective about the titles it hosts, complaints about malware aren't one of them.'"
Transportation

Former TSA Administrator Speaks 196

Posted by Soulskill from the sees-the-writing-on-the-wall dept.
phantomfive writes "Former TSA head Kip Hawley talks about how the agency is broken and how it can be fixed: 'The crux of the problem, as I learned in my years at the helm, is our wrongheaded approach to risk. In attempting to eliminate all risk from flying, we have made air travel an unending nightmare for U.S. passengers and visitors from overseas, while at the same time creating a security system that is brittle where it needs to be supple. ... the TSA's mission is to prevent a catastrophic attack on the transportation system, not to ensure that every single passenger can avoid harm while traveling. Much of the friction in the system today results from rules that are direct responses to how we were attacked on 9/11. But it's simply no longer the case that killing a few people on board a plane could lead to a hijacking. ...The public wants the airport experience to be predictable, hassle-free and airtight and for it to keep us 100% safe. But 100% safety is unattainable. Embracing a bit of risk could reduce the hassle of today's airport experience while making us safer at the same time."
The Internet

Banned From Kickstarter For Being Cyberstalked 382

Posted by Soulskill from the you-are-responsible-for-the-actions-of-everybody dept.
An anonymous reader writes "Rachel Marone has been a victim of cyberstalking for over 10 years. In 2011, she had a project on Kickstarter shut down because of the high volume of spam posted by the stalker in the comment section of the project. Recently, Marone's manager spoke to Kickstarter again to see how she could avoid having a new project banned if the cyberstalker showed up again. They replied, 'If there is any chance that Rachel will receive spam from a stalker on her project, she should not create one. We simply cannot allow a project to become a forum for rampant spam, as her past project became. If this happens again, we will need to discard the project and permanently suspend Rachel's account.' On her website, Marone sums up the situation thus: 'I am being told that I cannot crowdfund because I am a stalking victim. ... With so many women being stalking targets this does not seem reasonable to me.'"

Slashdot Top Deals