An anonymous reader writes "Windows 8 was released late last week, and already this week French security firm VUPEN says it has broken Microsoft's latest and greatest security features. The company claims it has developed a 0-day exploit for Windows 8 and IE10, by chaining multiple undisclosed flaws together."

Nerval's Lobster writes "Who knew that the most critical element of operating a data center in New York City was ensuring a steady supply of diesel fuel? In the wake of Hurricane Sandy, the challenges facing data center operators in the affected zones include pumping water from basements, waiting for utility power to be restored, and managing fuel-truck deliveries. And it's become increasingly clear which companies had the resources and foresight to plan for a disaster like Sandy, and which are simply reacting. Here's the latest on providers around the New York area." And remember, having fuel for machines sometimes only means it's time to start the manual labor.

coondoggie writes "Just two weeks after it challenged the public to come up with a better technological way to stop incessant robocalling, the Federal Trade Commission pulled the plug on five mass calling companies it said were allegedly responsible for millions of illegal pre-recorded calls from 'Rachel' and others from 'Cardholder Services.' 'At the FTC, Rachel from Cardholder Services is public enemy number one,' said FTC Chairman Jon Leibowitz at the announcement of the cases."

chicksdaddy writes "The steady drumbeat of disturbing news about vulnerable, IP enabled medical devices continues this week, after medical device maker Hospira said it has issued a voluntary recall of its Symbiq-brand drug infusion pumps after discovering a software error that may cause touch interfaces on the pumps to not respond to user touches or to display dosage information that is inaccurate. The problem was detected in around 1.5% of Symbiq One Channel and Two Channel Infusers (model numbers 16026 and 16027), but could potentially affect 'all Symbiq infusion systems currently in the field.' The software bug could result in 'a delayed response and or the screen registering a different value from the value selected by the user,' the company said in a statement."

First time accepted submitter Andy Prough writes "A Kansas judge has ordered a Topeka newspaper to release the name of a commenter on one of its stories about the trial of Anceo D. Stovall for the murder of Natalie Gibson. Using the name 'BePrepared,' the commenter posted the following in response to a story about the ongoing trial on July 21 at 1:45pm: 'Trust me that's all they got in their little world, as you know, I have been there. Remember the pukes names they will do it for ever.' The problem? The court is convinced that 'BePrepared' was a juror, and was not supposed to be accessing news about the trial before it ended on July 24th. The court wants BePrepared's name, address and IP address. The jury was ultimately unable to find Stovall guilty of 10 of the 11 charges against him — including murder. Both defense and prosecution lawyers appear to want a new trial, and if it turns out that BePrepared was a juror, they are more likely to get their wish."

ChristW writes "The final report that was handed to the Dutch government today indicates that all 8 certificate servers of the Dutch company DigiNotar were fully hacked. (Report PDF in English.) Because the access log files were stored on the same servers, they cannot be used to find any evidence for or against intrusion. In fact, blatant falsification has been found in those log files. A series of so-far unused certificates has also been found. It is unknown if and where these certificates have been used."

Dupple writes with a quote from the BBC about more testing of Predator drones in U.S. air space: "Tests have been carried out to see whether military drones can mix safely in the air with passenger planes. The tests involved a Predator B drone fitted with radio location systems found on domestic aircraft that help them spot and avoid other planes. The tests will help to pave the way for greater use of drones in America's domestic airspace."

OverTheGeicoE writes "TSA has had a preferred traveler program, PreCheck, for a while now. Frequent fliers and other individuals with prior approval from DHS can avoid some minor annoyances of airport security, like removing shoes and light jackets, but not all of the time. TSA likes to be random and unpredictable, so PreCheck participants don't always get the full benefits of PreCheck. Apparently the decision about PreCheck is made when the boarding pass is printed, and a traveler's PreCheck authorization is encoded, unencrypted, on the boarding pass barcode. In theory, one could use a barcode-reading Web site (like this one, perhaps) to translate a barcode into text to determine your screening level before a flight. One might even be able to modify the boarding pass using PhotoShop or the GIMP to, for example, get the screening level of your choice. I haven't been able to verify this information, but I bet Slashdot can. Is TSA's PreCheck system really that easy to game? If you have an old boarding pass lying around, can you read the barcode and verify that the information in TFA is correct?"

coondoggie writes "In one of the photos, the dark-haired, bearded hacker is peering into his computer's screen, perhaps puzzled at what's happening. Minutes later, he cuts his computer's connection, realizing he has been discovered. In an unprecedented move, the country of Georgia — irritated by persistent cyber-spying attacks — has published two photos of a Russia-based hacker who, the Georgians allege, waged a persistent, months-long campaign that stole confidential information from Georgian government ministries, parliament, banks and NGOs."

crookedvulture writes "The next generation of NAND has arrived. Intel's latest 335 Series SSD sports 20-nm flash chips that are 29% smaller than the previous, 25-nm generation. The NAND features a new planar cell structure with a floating, high-k/metal gate stack, a first for the flash industry. This cell structure purportedly helps the 20-nm NAND overcome cell-to-cell interference, allowing it to offer the same performance and reliability characteristics of the 25-nm stuff. The performance numbers back up that assertion, with the 335 Series matching other drives based on the same SandForce controller silicon. The 335 Series may end up costing less than the competition, though; Intel has set the suggested retail price at an aggressive $184 for the 240GB drive, which works out to just 77 cents per gigabyte."

coondoggie writes "While complaints can be heard far and wide that it's hard to find the right IT security experts to defend the nation's cyberspace, the real problem in hiring security professionals is the roadblocks put up by lawyers and human resources personnel and a complete lack of understanding of geek culture, says security consultant Winn Schwartau. Take Janet Napolitano, U.S. secretary of the Department of Homeland Security, who has said the country can't find the right people for network defense. The real problem is a misunderstanding of computer geeks, their personalities, habits and their backgrounds, said Schwartau today during his talk at the Hacker Halted information security conference."

An anonymous reader writes "The Federal Bureau of Investigation (FBI) is finally stepping up its game when it comes to hackers. Maybe it was Anonymous that did it or maybe it was statements from the US Secretary of Defense two weeks ago, but either way, the FBI is now hunting hackers 24/7." I'm happy that the FBI no longer has an investigation schedule when it comes to online crime, but I have to think that I'm not the only one who assumed they were doing this before.

wiredmikey writes "When delegates gather in Dubai in December for an obscure UN agency meeting, the mother of all cyber diplomatic battles is expected, with an intense debate over proposals to rewrite global telecom rules to effectively give the United Nations control over the Internet. Russia, China and other countries back a move to place the Internet under the authority of the International Telecommunications Union (ITU), a UN agency that sets technical standards for global phone calls. While US officials have said placing the Internet under UN control would undermine the freewheeling nature of cyberspace, some have said there is a perception that the US owns and manages the Internet. The head of the ITU, Hamadoun Toure, claims his agency has 'the depth of experience that comes from being the world's longest established intergovernmental organization.' But Harold Feld of the US-based non-government group Public Knowledge said any new rules could have devastating consequences. Some are concerned over a proposal by European telecom operators seeking to shift the cost of communication from the receiving party to the sender. This could mean huge costs for US Internet giants like Facebook and Google."

wiredmikey writes "Canada and the United States announced Friday they were launching a joint cybsersecurity plan that aims to better protect critical digital infrastructure and improve the response to cyber incidents. Under the action plan, the US Department of Homeland Security and Public Safety Canada will cooperate to protect vital cyber systems and respond to and recover from any cyber disruptions, by improving collaboration on managing cyber incidents between their respective cyber security operation centers, enhancing information sharing and engagement with the private sector and pursuing US-Canadian collaboration to promote cyber security awareness to the public."

CowboyRobot writes "As budgets are pinched by reduced tax collection, many U.S. states are facing a possibility of not being able to handle the ever-increasing number of data breaches. 70% of state chief information security officers (CISOs) reported a data breach this year, each of which can cost up to $5M in some states. 'Cybersecurity accounts for about 1 to 2 percent of the overall IT budget in state agencies. ... 82 percent of the state CISOs point to phishing and pharming as the top threats to their agencies, a threat they say will continue in 2013, followed by social engineering, increasingly sophisticated malware threats, and mobile devices.' The full 2012 Deloitte-National Association of State Chief Information Officers (NASCIO) Cybersecurity Study is available online (PDF)."

jfruh writes "CoDeSys, a piece of software running on industrial control systems from hundreds of vendors, has been revealed to be easily hackable by security researchers, giving rise to a scenario where computer hacking could cross the line into the physical world. Worse, many of these systems are unneccessarily connected to the Internet, which is a terrible, terrible idea."

An anonymous reader writes "A few months ago I stumbled across an interesting security hole with my webhost. I was able to access any file on the server, including those of other users. When I called the company, they immediately contacted the server team and said they would fix the problem that day. Since all you need when calling them is your username, and I was able to list out all 500 usernames on the server, this was rather a large security breach. To their credit, they did patch the server. It wasn't a perfect fix, but close enough that moving to a new web host was moved down on my list of priorities. Jump a head to this week: they experienced server issues, and I asked to be moved to a different server. Once it was done, the first thing I did was run my test script, and I was able to list out everyone's files again. The hosting company only applied the patch to old server. I'm now moving off this web host all together. However, I do fear for the thousands of customers that have no clue about this security issue. With about 10 minutes of coding, someone could search for the SQL connection string and grab the username/password required to access their hosting account. What's the best way to handle this type of situation?"

hackingbear writes "China Unicom, the country's second largest telecom operator, has replaced Cisco Systems routers in one of the country's most important backbone networks, citing security reasons [due to bugs and vulnerability.) The move came after a congressional report branded Huawei Technologies Co. Ltd. and ZTE Corp. security threats in the United States, citing bugs and vulnerability (rather than actual evidence of spying.) Surprising to us, up to now, Cisco occupies a large market share in China. It accounts for over a 70 percent share of China Telecom's 163 backbone network and over an 80 percent share of China Unicom's 169 backbone network. Let's wait to see who's the winner in this trade war disguised as national security."

Forecasters are tossing around words like "unprecedented" and "bizarre" (see this Washington Post blog entry) for the intensity and timing of Hurricane Sandy, which is threatening to hit the east coast of the U.S. early next week. Several people I know in the mid-Atlantic region have been ordering generators and stocking up on flashlight batteries and easy-to-prepare foods. Are you in the projected path of the storm? If so, have you taken any steps to prepare for it? (Are you doing off-site backup? Taking yourself off-site?)

Nerval's Lobster writes "The Green Grid, a nonprofit organization dedicated to making IT infrastructures and data centers more energy-efficient, is making the case that data center operators are operating their facilities in too conservative a fashion. Rather than rely on mechanical chillers, it argues in a new white paper (PDF), data centers can reduce power consumption via a higher inlet temperature of 20 degrees C. Green Grid originally recommended that data center operators build to the ASHRAE A2 specifications: 10 to 35 degrees C (dry-bulb temperature) and between 20 to 80 percent humidity. But the paper also presented data that a range of between 20 and 35 degrees C was acceptable. Data centers have traditionally included chillers, mechanical cooling devices designed to lower the inlet temperature. Cooling the air, according to what the paper originally called anecdotal evidence, lowered the number of server failures that a data center experienced each year. But chilling the air also added additional costs, and PUE numbers would go up as a result."