×
Businesses

Why Your IT Spending Is About To Hit the Wall 301

Posted by Soulskill from the supply-constantly-battling-demand dept.
CowboyRobot writes "For decades, rapid increases in storage, processor speed, and bandwidth have kept up with the enormous increases in computer usage. That could change however, as consumption finally outpaces the supply of these resources. It is instructive to review the 19th-century Economics theory known as Jevons Paradox. Common sense suggests that as efficiencies rise in the use of a resource, the consumption goes down. Jevons Paradox posits that efficiencies actually drive up usage, and we're already seeing examples of this: our computers are faster than ever and we have more bandwidth than ever, yet our machines are often slow and have trouble connecting. The more we have, the even more we use."
AT&T

iPhone Users Sue AT&T For Letting Thieves Re-Activate Their Stolen Devices 197

Posted by Soulskill from the your-phone-is-not-very-loyal dept.
An anonymous reader writes "Following on the heels of the FCC and U.S. mobile carriers finally announcing plans to create a national database for stolen phones, a group of iPhone users filed a class action lawsuit against AT&T on Tuesday claiming that it has aided and abetted cell phone thieves by refusing to brick stolen cell phones. AT&T has '[made] millions of dollars in improper profits, by forcing legitimate customers, such as these Plaintiffs, to buy new cell phones, and buy new cell phone plans, while the criminals who stole the phone are able to simply walk into AT&T stories and 're-activate' the devices, using different, cheap, readily-available 'SIM' cards,' states their complaint. AT&T, of course, says the suit is 'meritless.'"
Firefox

Mozilla Testing Click-to-Play Option For Plugin Content 124

Posted by Soulskill from the but-who-doesn't-like-autoplaying-videos dept.
Trailrunner7 writes "Mozilla is developing a feature in Firefox that would require some user interaction in order for Flash ads, Java scripts and other content that uses plugins to play. In addition to easing system slowdowns, the opt-in for Web plugins is expected to reduce threats posed by exploiting security vulnerabilities in plugins, including zero-day attacks. 'Whether you hate them or love them, content accessed through plugins is still a sizable chunk of the web. So much so, that over 99% of internet users have Flash installed on their browser,' writes Mozilla's Jared Wein, the lead software engineer on the project, in a blog post."
Government

FBI Wants To "Advance the Science of Interrogation" 252

Posted by samzenpus from the tell-me-everything dept.
coondoggie writes "From deep in the Department of Creepy today I give this item: The FBI this week put out a call for new research 'to advance the science and practice of intelligence interviewing and interrogation.' The part of the FBI that is requesting the new research isn't out in the public light very often: the High Value Detainee Interrogation Group, which according to the FBI was chartered in 2009 by the National Security Council and includes members of the CIA and Department of Defense, to 'deploy the nation's best available interrogation resources against detainees identified as having information regarding terrorist attacks against the United States and its allies.'"
Botnet

Apple Updates Java To Include Flashback Removal 121

Posted by samzenpus from the protect-ya-neck dept.
Fluffeh writes "In the third update to Java that Apple has released this week, the update now identifies and removes the most common variants of the Flashback malware that has infected over half a million Apple machines. 'This Java security update removes the most common variants of the Flashback malware,' Apple wrote in the support document for the update. 'This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.'"
Botnet

Stuxnet Allegedly Loaded By Iranian Double Agents 167

Posted by samzenpus from the who's-to-blame dept.
First time accepted submitter rainbo writes "According to a report from ISSSource, a saboteur who was likely a member of an Iranian dissident group loaded the Stuxnet virus on to a flash drive and infected machines at the Natanz nuclear facility. Iran's intelligence minister, Heydar Moslehi, said that an unspecified amount of 'nuclear spies' were arrested on ties to this attack. Some officials believe these spies belonged to Mujahedeen-e-Khalq (MEK), which is used as the assassination arm of the Israeli Mossad."
Crime

University of Pittsburgh Deluged With Internet Bomb Threats 238

Posted by timothy from the other-than-that-how-was-your-valentine's-mr-moran? dept.
An anonymous reader writes "The University of Pittsburgh has been plagued with 78 bomb threats (and counting) since February 14. It started low-tech, with handwritten notes, but has progressed to anonymous emails. Nearly every campus building has been a target. The program suspected is anonymous mailer Mixmaster. The university has been evacuating each building when threats come in (day or night), and police departments from around Allegheny County have offered assistance with clearing each building floor by floor with bomb sniffing dogs. There is a popular tracking blog set up by a student as well as a growing Reddit community. Is there any foreseeable defense (forensic or socially engineered) to a situation like this?"
The Internet

ICANN's Brand-Named Internet Suffix Application Deadline Looms 197

Posted by timothy from the aesthetics-out-the-window dept.
AIFEX writes with a snippet from the BBC: "'Organisations wishing to buy web addresses ending in their brand names have until the end of Thursday to submit applications. For example, drinks giant Pepsi can apply for .pepsi, .gatorade or .tropicana as an alternative to existing suffixes such as .org or .com.'" Asks AIFEX: "Does anyone else think this is absolutely ridiculous and defeats the logical hierarchy of current URLs?"
IT

Data Center Staff Will Sleep Among the Racks For London Olympics 210

Posted by samzenpus from the best-room-in-the-house dept.
1sockchuck writes "Staff at Interxion's London data center are ready to hunker down during the Olympic Games this summer, nestled in snug sleeping pods adjacent to the racks. The arrangement will ensure that the facility will be fully-staffed if London's transit system is taxed by the huge crowds expected for the Games. While staff in many industries might object to a plan that expects them to sleep in their office, data center firms have a primary calling of keeping their facilities operational at all times. Is this too much readiness, or just enough?"
Microsoft

End of Windows XP Support Era Signals Beginning of Security Nightmare 646

Posted by samzenpus from the no-more-patches dept.
colinneagle writes "Microsoft's recent announcement that it will end support for the Windows XP operating system in two years signals the end of an era for the company, and potentially the beginning of a nightmare for everyone else. When Microsoft cuts the cord on XP in two years it will effectively leave millions of existing Windows-based computers vulnerable to continued and undeterred cyberattacks, many of which hold the potential to find their way into consumer, enterprise and even industrial systems running the latest software. Although most of the subsequent security issues appear to be at the consumer level, it may not be long until they find a way into corporate networks or industrial systems, says VMWare's Jason Miller. Even scarier, Qualsys's Amol Sarwate says many SCADA systems for industrial networks still run a modified version of XP, and are not in a position to upgrade. Because much of the software running on SCADA systems is not compatible with traditional Microsoft OS capabilities, an OS upgrade would entail much more work than it would for a home or corporate system."
Security

Critical Flaw Found In Backtrack Linux 84

Posted by samzenpus from the protect-ya-neck dept.
chicksdaddy writes "Threatpost is reporting on a critical security flaw in the latest version of Backtrack Linux, a popular distribution that is used by security professionals for penetration testing. The previously undiscovered privilege escalation hole was discovered by a student taking part in an InfoSec Institute Ethical Hacking class, according to the post on the group's Web site. 'The student in our ethical hacking class that found the 0day was using backtrack and decided to fuzz the program, as well as look through the source code,' wrote Jack Koziol, the Security Program Manager at the InfoSec Institute. 'He found that he could overwrite config settings and gain a root shell.' An unofficial patch is available from InfoSec Institute. Koziol said that an official patch is being tested now and is expected shortly."
Encryption

Super-Privacy-Protecting ISP In the Planning 184

Posted by samzenpus from the secret-surfing dept.
h00manist writes "Nicholas Merrill ran a New York based ISP and got tired of federal 'information requests.' He is now planning an ISP which would be built from the ground up for privacy. Everything encrypted, maximum technical and legal resistance to information requests. Merrill has formed an advisory board with members including Sascha Meinrath from the New America Foundation; former NSA technical director Brian Snow; and Jacob Appelbaum from the Tor Project. Kickstarter-like IndieGoGo has a project page."
HP

HP Ships Switches With Malware Infected Flash Cards 50

Posted by samzenpus from the bad-switches dept.
wiredmikey writes "HP has warned of a security vulnerability associated with its ProCurve 5400 zl switches that contain compact flash cards that the company says may be infected with malware. The company warned that using one of the infected compact flash cards in a computer could result in the system being compromised. According to HP, the potential threat exists on HP 5400 zl series switches purchased after April 30, 2011 with certain serial numbers listed in the security advisory. This issue once again brings attention to the security of the electronics supply chain, which has been a hot topic as of late."
Security

Apple Developing Tool To Remove Flashback 212

Posted by Unknown Lamer from the macs-can't-get-viruses dept.
Trailrunner7 writes, quoting Threatpost: "Apple is planning to release a software fix that will find and remove the Flashback malware that has been haunting Mac users for several months now. ... Apple said on Tuesday that it was in the process of developing a tool that would detect and remove Flashback, but the company did not specify when the fix would be available. Security researchers and customers have been questioning why Apple hasn't yet provided a fix for the malware even though Flashback has been around in one form or another for more than six months now."
Transportation

Interview With TSA Screener Reveals 'Fatal Flaws' 582

Posted by Soulskill from the my-toothpaste-is-not-a-deadly-weapon-you-jerks dept.
OverTheGeicoE writes "Jonathan Corbett, creator of the video showing that TSA's body scanners can't see metal objects on our sides, has a new video out. This time he's interviewing an experienced TSA screener identified only as 'Jennifer,' and her allegations point to 'fatal flaws' in TSA and its procedures. Worse, TSA's screeners are well aware of these flaws. According to Jennifer, body scanners frequently fail to detect objects on passengers, and this flaw is well known to the screeners on the job. People with visible items in their pockets can pass through scanners without detection, even when the items are simulated weapons or explosives. Jennifer also alleges that training for screeners is severely lacking. Screeners are directed to operate body scanners, even the X-ray scanners, without any training whatsoever. The manual of standard operating procedures often can't be found at the checkpoints, let alone read. Jennifer was so alarmed by what she experienced that she wrote her congressional representative to complain. She was ultimately fired as a result, effective yesterday."
Medicine

McAfee Claims Successful Insulin Pump Attack 196

Posted by Soulskill from the as-if-we-needed-more-biological-vulnerabilities dept.
judgecorp writes "Intel security subsidiary McAfee has claimed a successful wireless attack on insulin pumps that diabetics rely on to control blood sugar. While previous attempts to attack insulin pumps have met with mixed success, McAfee's Barnaby Jack says he has persuaded an insulin pump to deliver 45 days worth of insulin in one go, without triggering the pump's vibrating alert safety feature. All security experts still say that surgical implants are a benefit overall."
Botnet

Apple Snubs Security Firm That Spotted Mac Botnet 409

Posted by Soulskill from the doesn't-play-well-with-others dept.
Sparrowvsrevolution writes "Now that it's being increasingly targeted by botnet herders, Apple has a thing or two to learn about cooperating with friendly security researchers. Boris Sharov, the CEO of Dr. Web, the Russian security company that first reported more than half a million Macs were infected with Flashback malware last week, says when his company alerted Apple to the botnet, it never responded to him. Worse yet, on Monday Apple asked a Russian registrar to take down a domain it said was being used to host a command and control server for Flashback, but in fact was a 'sinkhole' that Dr. Web had set up to observe and analyze the botnet. Sharov describes the lack of communication and cooperation as a symptom of a company that has never before had to work closely with the security industry. 'For Microsoft, we have all the security response team's addresses,' he says. 'We don't know the antivirus group inside Apple.'"
Media

MythTV 0.25 Released, New HW Acceleration and Audio Standards Support 144

Posted by timothy from the now-that's-some-conservative-numbering dept.
unts writes "The highly configurable Linux PVR, MythTV, has reached the 0.25 release, over 500 days after the previous full release. New features include VAAPI support, E-AC3, TrueHD, and DTS-HD audio, the ability to control other home entertainment devices via HDMI CEC and additions to the API to allow HTTP live streaming. The release notes for 0.25 don't reflect the release status at the time of writing, but should contain most of the relevant changes. MythTV can be used as a backend (recorder) and frontend (viewer), but can also feed other frontends such as appropriate versions of XBMC. Hopefully the new HTTP streaming API will lead to even more ways to get your video fix."
Security

Medicaid Hack Update: 500,000 Records and 280,000 SSNs Stolen 64

Posted by timothy from the needs-more-government-regulation dept.
An anonymous reader writes "Utah's Medicaid hack estimate has grown a second time. This time we have gone from over 180,000 Medicaid and Children's Health Insurance Plan (CHIP) recipients having their personal information stolen to a grand total of 780,000. More specifically, the state now says approximately 500,000 victims had sensitive personal information stolen and 280,000 victims had their Social Security numbers (SSNs) compromised."
Security

Heartland Security Breach Class Action: Victims $1925, Lawyers $600,000 163

Posted by Unknown Lamer from the not-sure-why-timothy-came-back-to-slashdot dept.
Fluffeh writes "Back in 2007, Heartland had a security breach that resulted in a 130 million credit card details being lifted. A class action suit followed and many thought it would send a direct message to business to ensure proper security measures protecting their clients and customers. With the Heartland case now over and settlements paid out and divided up, the final breakdown is as follows: Class members: $1925 (11 cases out of 290 filed were 'valid'). Lawyers for the plaintiff class action: $606,192. Non-Profits: around $1,000,000 (The Court ruled a minimum of $1 million in payouts). Heartland also paid its own lawyers around $2 million. Eric Goldman (Law Professor) has additional commentary on his Law Blog: 'The opinion indicates Heartland spent $1.5M to advertise the settlement. Thus, it appears they spent over $130,000 to generate each legitimate claim. Surprisingly, the court blithely treats the $1.5M expenditure as a cost of doing business, but I can't wrap my head around it. What an obscene waste of money! Add in the $270k spent on claims administration, and it appears that the parties spent $160k per legitimate claimant. The court isn't bothered by the $270k expenses either, even though that cost about $1k per tendered claim (remember, there were 290 total claims).'"

Slashdot Top Deals