×
Security

Symantec Tells Customers To Stop Using pcAnywhere 149

Posted by timothy from the but-I-gotta-use-it-somewhere dept.
Orome1 writes "In a perhaps not wholly unexpected move, Symantec has advised the customers of its pcAnywhere remote control application to stop using it until patches for a slew of vulnerabilities are issued. If the attackers place a network sniffer on a customer's internal network and have access to the encryption details, the pcAnywhere traffic — including exchanged user login credentials — could be intercepted and decoded. If the attackers get their hands on the cryptographic key they can launch remote control sessions and, thus, access to systems and sensitive data. If the cryptographic key itself is using Active Directory credentials, they can also carry out other malicious activities on the network."
Chrome

Chromium-Based Spinoffs Worth Trying 185

Posted by samzenpus from the best-of-the-lot dept.
snydeq writes "InfoWorld's Serdar Yegulalp takes an in-depth look at six Chromium-based spinoffs that bring privacy, security, social networking, and other interesting twists to Google's Chrome browser. 'When is it worth ditching Chrome for a Chromium-based remix? Some of the spinoffs are little better than novelties. Some have good ideas implemented in an iffy way. But a few point toward some genuinely new directions for both Chrome and other browsers.'"
Security

Exploits Emerge For Linux Privilege Escalation Flaw 176

Posted by samzenpus from the protect-ya-neck dept.
angry tapir writes "Linux vendors are rushing to patch a privilege escalation vulnerability in the Linux kernel that can be exploited by local attackers to gain root access on the system. The vulnerability, which is identified as CVE-2012-0056, was discovered by Jüri Aedla and is caused by a failure of the Linux kernel to properly restrict access to the '/proc//mem' file."
Privacy

The Web's Worst Privacy Policy 107

Posted by samzenpus from the bottom-of-the-barrel dept.
Sparrowvsrevolution writes "With much of the web upset over about Google's latest privacy policy changes, it's helpful to remember it could be much worse: A search engine called Skipity offers the world's worst privacy policy (undoubtedly tongue-in-cheek), filled with lines like this: 'You may think of using any of our programs or services as the privacy equivalent of living in a webcam fitted glass house under the unblinking eye of Big Brother: you have no privacy with us. If we can use any of your details to legally make a profit, we probably will.' The policy gives the company the right to sell any of your data that it wants to any and all corporate customers, send you limitless spam, track your movements via GPS if possible, watch you through your webcam, and implant a chip in your body that is subject to reinstallation whenever the company chooses."
Cloud

States Using Cloud Based Voting System For Overseas Citizens 125

Posted by Unknown Lamer from the making-diebold-machines-seem-like-a-good-idea dept.
gManZboy writes "If a ballot was lost in the cloud, would anyone know? Several states are using an online balloting website based on Microsoft's Azure cloud-computing platform to allow U.S. voters living overseas to cast their votes via the Web in 2012 primary elections. In addition to a now complete Florida primary, Virginia and California will use the system for their primaries, and Washington state will use it for its caucus. To ensure the ballots are from legitimate voters, people use unique identifying information to access their ballots online, according to Microsoft. Once received, the signature on the ballot is matched with registration records to further verify identity."
KDE

KDE 4.8 Released 165

Posted by Unknown Lamer from the never-ending-progress dept.
jrepin writes "The KDE community has released version 4.8 of their Free and open source software bundle. The new version provides many new features, improved stability, and increased performance. Highlights for Plasma Workspaces include window manager optimizations, the redesign of power management, and integration with Activities. The first Qt Quick-based Plasma widgets have entered the default installation of Plasma Desktop, with more to follow in future releases. KDE applications released today include Dolphin file manager with its new display engine, ..., and KDE Telepathy reaching its first beta milestone. New features for Marble virtual globe keep arriving, among these are: Elevation Profile, satellite tracking, and Krunner integration. The KDE Platform provides the foundation for KDE software. KDE software is more stable than ever before. In addition to stability improvements and bugfixes, Platform 4.8 provides better tools for building fluid and touch-friendly user interfaces, integrates with other systems' password saving mechanisms and lays the base for more powerful interaction with other people using the new KDE Telepathy framework."
Security

Corporate Boardrooms Open To Eavesdropping 120

Posted by Unknown Lamer from the it's-a-feature-i-tell-ya dept.
cweditor writes "One afternoon this month, a hacker toured a dozen corporate conference rooms via equipment that most every company has in those rooms: videoconferencing. Rapid7 says they could 'easily read a six-digit password from a sticky note over 20 feet away from the camera' and 'clearly hear conversations down the hallway from the video conferencing system.' With some systems, they could even capture keystrokes being typed in the room. Teleconferencing vendors defended their security, saying the auto-answer feature that left those system vulnerable was an effort to strike the right balance between security and usability."
Botnet

Microsoft Names Reputed Head of Kelihos Botnet 30

Posted by Unknown Lamer from the framed-by-darpa-created-ai dept.
wiredmikey writes with an update on Microsoft's takedown of the Kelihos botnet. From the article: "Microsoft is not just taking down botnets; it is taking them down and naming names. In an amended complaint [PDF] filed Monday in U.S. District Court for the Eastern District of Virginia, Microsoft named a man from St. Petersburg, Russia, as the alleged head of the notorious Kelihos botnet. Naming names can be a risky business. Previously, Microsoft alleged Dominique Alexander Piatti, dotFREE Group SRO and several unnamed 'John Does' owned a domain cz.cc and used cz.cc to register other subdomains used to operate and control the Kelihos botnet. However, the company later absolved Piatti of responsibility when investigators found neither he nor his business was controlling the subdomains used to host Kelihos. Whether naming Sabelnikov – who, according to Krebs on Security, once worked as a senior system developer and project manager for Russian antivirus vendor Agnitum, will have the same effect as naming the Koobface gang remains to be seen. Though Kelihos has remained defunct since the takedown last year, the malware is still on thousands of computers."
Australia

Fighting Rogue Access Points At linux.conf.au 80

Posted by timothy from the your-boy-zoolander's-on-the-move dept.
An anonymous reader writes "Last week's linux.conf.au saw the return of the rogue access points. These are Wi-Fi access points which bear the same SSID as official conference hotspots. Often it might be a simple mistake, but sometimes it's more nefarious. To combat the attacks this year, conference organisers installed a Linux-based Wi-Fi 'intrusion prevention and detection system' supplied by sponsor Xirrius." At most conferences I've been to, I'd be grateful just to be able to get on any access point.
Security

Pwn2Own 2012 Set To Reveal More Browser Vulnerabilities Than In the Past 57

Posted by Soulskill from the quality-over-quantity-but-quantity-is-good-too dept.
darthcamaro writes "In any given year, Slashdot always has stories about how a researcher hacked a browser in only a few minutes at the Pwn2own hacking challenge. This year the rules are a bit different, and instead of hackers winning for just one vulnerability, the rules allow for multiple vulnerabilities to be presented. The winner isn't the first one to hack a browser, but is the one that can hack the browser the most. 'In the past, due to the way the competition was architected, we had lots of sensationalist headlines, things like "Mac hacked in three seconds,"' said Aaron Portnoy, Manager of the Security Research Team at HP TippingPoint. 'We don't think that type of sensationalism was representative of all the research that was going on.'"
Privacy

US Judge Rules Defendant Can Be Forced To Decrypt Hard Drive 1047

Posted by Soulskill from the it's-not-incriminating-yourself-it's-just-pushing-buttons dept.
A Commentor writes "Perhaps to balance the good news with the Supreme Court ruling on GPS, a judge in Colorado has ordered a defendant to decrypt her hard drive. The government doesn't have the capability to break the PGP encryption, and 'the Fifth Amendment is not implicated by requiring production of the unencrypted contents' of the defendant's computer."
Transportation

Hackers Manipulated Railway Computers, TSA Memo Says 116

Posted by Soulskill from the so-nobody-was-affected dept.
An anonymous reader sends this excerpt from Nextgov: "Hackers, possibly from abroad, executed an attack on a Northwest rail company's computers that disrupted railway signals for two days in December, according to a government memo recapping outreach with the transportation sector during the emergency. ... While government and critical industry sectors have made strides in sharing threat intelligence, less attention has been paid to translating those analyses into usable information for the people in the trenches, who are running the subways, highways and other transit systems, some former federal officials say. The recent TSA outreach was unique in that officials told operators how the breach interrupted the railway's normal activities, said Steve Carver, a retired Federal Aviation Administration information security manager, now an aviation industry consultant, who reviewed the memo."
Image

Tales of IT Idiocy Screenshot-sm 181

Posted by samzenpus from the was-that-wrong? dept.
snydeq writes "IT fight club, dirty dev data, meatball sandwiches — InfoWorld offers nine more tales of brain fail beyond belief. 'You'd think we'd run out of them, but technology simply hasn't advanced enough to take boneheaded users out of the daily equation that is the IT admin's life. Whether it's clueless users, evil admins, or just completely bad luck, Mr. Murphy has the IT department pinned in his sights — and there's no escaping the heartache, headaches, hassles, and hilarity of cluelessness run amok.'"
Hardware

A Data Center That Looks Like a Mansion 101

Posted by samzenpus from the home-of-the-data dept.
1sockchuck writes "A luxury homebuilder in Minnesota wants to build a data center that looks like a mansion, allowing the commercial building to fit into a residential neighborhood. The 'community-based data center' designed for FiberPop features a stone facade and sloped roof with dormers, along with an underground data hall."
Security

Researchers Find Slew of Flaws In SCADA Hardware, Software 110

Posted by Soulskill from the a-slew-i-tell-you-a-slew dept.
Trailrunner7 writes "At the S4 security conference this week, 'Project Basecamp,' a volunteer-led security audit of leading programmable logic controllers (PLCs), performed by a team of top researchers found that decrepit hardware, buggy software and pitiful or nonexistent security features make thousands of PLCs vulnerable to trivial attacks by external hackers that could cause PLC devices to crash or run malicious code. 'We were looking for a Firesheep moment in PLC security,' Peterson told the audience of ICS security experts. They got one. 'It's a blood bath mostly,' said Wightman of Digital Bond. 'Many of these devices lack basic security features.' While the results of analysis of the various PLCs varied, the researchers found significant security issues with every system they tested, with some PLCs too brittle and insecure to even tolerate security scans and probing."
Cloud

'Blind' Quantum Computing Proposed For the Cloud 89

Posted by Soulskill from the no-relation-to-reality dept.
judgecorp writes "Researchers at Vienna's Quantum Science and Technology Center have proposed that 'blind' quantum computing could be carried out securely in the cloud. When (if?) quantum computers are developed, they will be very fast, but not everyone will have them. Blind quantum computing will be useful, because it shows that users can encode 'qubits' and send them to a shared quantum computer to be worked on — without the quantum computer having any knowledge of what the data is (abstract). The data also cannot be decoded form the qubit while it is in transit. It's good to know that quantum computers will be secure when they exist. At the moment, of course, they are even more secure, by virtue of their non-existence."
Security

Dreamhost FTP/Shell Password Database Breached 123

Posted by Soulskill from the another-day-another-intrusion dept.
New submitter Ccmods writes "Below is a snippet from an email Dreamhost sent to subscribers early Saturday morning, describing an intrusion into the database storing FTP and SSH usernames and passwords: 'We are writing to let you know that there may have been illegal and unauthorized access to some of your passwords at DreamHost today. Our security systems detected the potential breach this morning and we immediately took the defensive precaution of expiring and resetting all FTP/shell access passwords for all DreamHost customers and their users. ... Only the FTP/shell access passwords appear to have been compromised by the illegal access. Web panel passwords, email passwords and billing information for DreamHost customers were not affected or accessed.'"
Mozilla

Mozilla Offers Alternative To OpenID 105

Posted by timothy from the none-shall-pass dept.
Orome1 writes "Mozilla has been working for a while now on a new browser-based system for identifying and authenticating users it calls BrowserID, but it's only this month that all of its sites have finally been outfitted with the technology. Mozilla aims for BrowserID to become a more secure alternative to OpenID, the decentralized authentication system offered to users of popular sites such as Google, Yahoo!, PayPal, MySpace and others."
Businesses

Former Dell Execs Involved In Massive Insider Trading Probe 149

Posted by Soulskill from the dude-you're-gettin'-a-cell dept.
DMandPenfold writes "Two former Dell employees, including a former investor relations manager, were part of a $62 million record-breaking insider trading scam, involving the company's shares as well as Nvidia stock, according to the FBI. The news comes as the U.S. authorities step up their pursuit of inside traders. Two months ago, Galleon hedge fund founder Raj Rajaratnam was sentenced to 11 years in jail for his role in a scam involving AMD, IBM and 3Com stock. Yesterday, Sandeep Goyal, an employee at Dell's U.S. headquarters between 2006 and 2007 before becoming a financial analyst, was arrested. An unnamed co-conspirator in Dell's investor relations department from 2007 to 2009 is also alleged to have been part of the scam. ... Goyal allegedly made $175,000 by providing inside information about Dell to a hedge fund. He has pleaded guilty to charges of securities fraud."
Medicine

The Problem With Personalized Medicine 216

Posted by Soulskill from the it's-all-so-personal dept.
gManZboy writes "Talk of individually tailored medical treatment isn't pie in the sky. This approach eventually will help us address risk factors even before a disease can invade our cells, and detect preclinical disease before it gets out of hand. What role will medical informatics play in this brave new world? Hint: Little data projects may be as important as big data projects such as gene sequencing. At a recent symposium on personalized medicine, Ezekiel J. Emanuel, MD, chairman of the Department of Medical Ethics and Health at the University of Pennsylvania, questioned whether it would make more sense to target all the lifestyle mistakes that patients make rather than analyze genetic defects. His view: 'Personalized medicine misses the most important fact about modern society--little ill health and premature death is genetic, much more is lifestyle and social.' Is Emanuel a dinosaur or a pragmatist?"

Slashdot Top Deals