×
Security

Dreamhost FTP/Shell Password Database Breached 123

Posted by Soulskill from the another-day-another-intrusion dept.
New submitter Ccmods writes "Below is a snippet from an email Dreamhost sent to subscribers early Saturday morning, describing an intrusion into the database storing FTP and SSH usernames and passwords: 'We are writing to let you know that there may have been illegal and unauthorized access to some of your passwords at DreamHost today. Our security systems detected the potential breach this morning and we immediately took the defensive precaution of expiring and resetting all FTP/shell access passwords for all DreamHost customers and their users. ... Only the FTP/shell access passwords appear to have been compromised by the illegal access. Web panel passwords, email passwords and billing information for DreamHost customers were not affected or accessed.'"
Mozilla

Mozilla Offers Alternative To OpenID 105

Posted by timothy from the none-shall-pass dept.
Orome1 writes "Mozilla has been working for a while now on a new browser-based system for identifying and authenticating users it calls BrowserID, but it's only this month that all of its sites have finally been outfitted with the technology. Mozilla aims for BrowserID to become a more secure alternative to OpenID, the decentralized authentication system offered to users of popular sites such as Google, Yahoo!, PayPal, MySpace and others."
Businesses

Former Dell Execs Involved In Massive Insider Trading Probe 149

Posted by Soulskill from the dude-you're-gettin'-a-cell dept.
DMandPenfold writes "Two former Dell employees, including a former investor relations manager, were part of a $62 million record-breaking insider trading scam, involving the company's shares as well as Nvidia stock, according to the FBI. The news comes as the U.S. authorities step up their pursuit of inside traders. Two months ago, Galleon hedge fund founder Raj Rajaratnam was sentenced to 11 years in jail for his role in a scam involving AMD, IBM and 3Com stock. Yesterday, Sandeep Goyal, an employee at Dell's U.S. headquarters between 2006 and 2007 before becoming a financial analyst, was arrested. An unnamed co-conspirator in Dell's investor relations department from 2007 to 2009 is also alleged to have been part of the scam. ... Goyal allegedly made $175,000 by providing inside information about Dell to a hedge fund. He has pleaded guilty to charges of securities fraud."
Medicine

The Problem With Personalized Medicine 216

Posted by Soulskill from the it's-all-so-personal dept.
gManZboy writes "Talk of individually tailored medical treatment isn't pie in the sky. This approach eventually will help us address risk factors even before a disease can invade our cells, and detect preclinical disease before it gets out of hand. What role will medical informatics play in this brave new world? Hint: Little data projects may be as important as big data projects such as gene sequencing. At a recent symposium on personalized medicine, Ezekiel J. Emanuel, MD, chairman of the Department of Medical Ethics and Health at the University of Pennsylvania, questioned whether it would make more sense to target all the lifestyle mistakes that patients make rather than analyze genetic defects. His view: 'Personalized medicine misses the most important fact about modern society--little ill health and premature death is genetic, much more is lifestyle and social.' Is Emanuel a dinosaur or a pragmatist?"
Programming

The Headaches of Cross-Platform Mobile Development 197

Posted by samzenpus from the hard-stuff-is-hard dept.
snydeq writes "Increased emphasis on distinctive smartphone UIs means even more headaches for cross-platform mobile developers, writes Fatal Exception's Neil McAllister, especially as users continue to favor native over Web-based apps on mobile devices. 'Google and Microsoft are both placing renewed emphasis on their platforms' user experience. That means not just increased competition among smartphone and tablet platforms, but also new challenges for mobile application developers. ... The more the leading smartphone platform UIs differ from one another, the more effort is required to write apps that function comparably across all of them. Dialog boxes, screen transitions, and gestures that are appropriate for one platform might be all wrong for another. Coding the same app for three or four different sets of user interface guidelines adds yet another layer of cost and complexity to cross-platform app development."
Government

Post-9/11 DOJ Tech Project Dying After 10 Years? 115

Posted by samzenpus from the time-to-give-up dept.
gManZboy writes "A secure, interoperable radio network that the Department of Justice has been working on for more than a decade and that has cost the agency $356 million may be headed for failure, according to a new report by the agency's inspector general. Called for in the wake of 9/11, the Integrated Wireless Network (IWS) project has already been repeatedly scaled back. Today, the Department of Justice continues to rely on several separate land mobile radio systems, some of which are unreliable, obsolete, and fail to interoperate with one another. Agents often have to swap radios, share channels, or refer to a book of radio frequencies and manually switch between those frequencies to stay online. Radios remain insecure, as much of the current equipment fails to meet encryption requirements. Much of the agency's equipment is more than 15 years old and is no longer even supported by the manufacturer."
Crime

Man Charged With Stealing Code From Federal Reserve Bank 199

Posted by samzenpus from the was-that-wrong? dept.
wiredmikey writes "A Chinese computer programmer was arrested by U.S. authorities in New York on Wednesday, on charges that he stole proprietary source code while working on a project at the Federal Reserve Bank of New York. The man arrested, Bo Zhang of New York, worked as a contract employee developing a specific portion of the GWA's (Government-Wide Accounting and Reporting Program) source code at the Federal Reserve Bank of New York where the code is maintained. The complaint alleges that in the summer of 2011, Zhang stole the GWA code, something he admitted to in July 2011. Zhang said that he used the GWA Code in connection with a private business he ran training individuals in computer programming."
Hardware

Do Data Center Audits Mean Anything? 84

Posted by samzenpus from the who-certifies-the-certifiers? dept.
1sockchuck writes "Data center service providers often tout certifications such as SAS 70, SSAE 16 and SOC 2 as evidence that they meet lofty operational standards. But some of these certifications are based on self-defined standards, and the entire situation is confusing and frustrating to customers, according to one critic, who says data center shoppers are poorly served by the jumble of acronyms and standards. Do these certifications matter when users are seeking data center space? Should they?"
Privacy

Teens Share Passwords As a Form of Intimacy 533

Posted by Soulskill from the generation-share dept.
nonprofiteer writes "The New York Times claims that the hot new trend among teenagers in love is to share passwords to their email and Facebook accounts, as the ultimate form of trust. According to Pew, 33% of teens surveyed say they do this. One expert says the pressure to share passwords is akin to the pressure to have sex. Forbes says don't do it! 'There is something pure and romantic about the idea of sharing everything, and having no secrets from one another. But it's romantic the same way that Romeo and Juliet is romantic, in a tragic, horrible, everyone-is-miserable-and-dies-at-the-end kind of way.' Sam Biddle at Gizmodo writes about which passwords are okay to share (like Netflix), but says to stay away from handing over email or Facebook passwords. 'We all need whatever scraps of privacy we have left, and your email is just that.'"
Security

Symantec Admits Its Networks Were Hacked in 2006 113

Posted by Soulskill from the timely-disclosure dept.
Orome1 writes "After having first claimed that the source code leaked by Indian hacking group Dharmaraja was not stolen through a breach of its networks, but possibly by compromising the networks of a third-party entity, Symantec backpedalled and announced that the code seems to have exfiltrated during a 2006 breach of its systems. Symantec spokesman Cris Paden has confirmed that unknown hackers have managed to get their hands on the source code to the following Symantec solutions: Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere."
Security

Will Secure Boot Cripple Linux Compatibility? 545

Posted by Unknown Lamer from the security-through-totalitarianism dept.
MojoMax writes "The advent of Windows 8 is drawing ever nearer and recently we have learned that ARM devices installed with Windows 8 will not be able to disable the UEFI secure boot feature that many of us are deeply concerned about. However, UEFI is still a very real danger to Linux and the freedom to use whichever OS you chose. Regardless of information for OEMs to enable customers to install their own keys, such as that published by the Linux Foundation, there are still very serious and as yet unresolved issues with using secure boot and Linux. These issues are best summarized quoting Matthew Garrett: 'Signing the kernel isn't enough. Signed Linux kernels must refuse to load any unsigned kernel modules. Virtualbox on Linux? Dead. Nvidia binary driver on Linux? Dead. All out of tree kernel modules? Utterly, utterly dead. Building an updated driver locally? Not going to happen. That's going to make some people fairly unhappy.'"
Crime

Hackers Steal $6.7M In Bank Cyber Heist 91

Posted by Soulskill from the not-nearly-as-dramatic-as-a-regular-heist dept.
Orome1 writes "A perfectly planned and coordinated bank robbery was executed during the first three days of the new year in Johannesburg, and left the targeted South African Postbank — part of the nation's Post Office service — with a loss of some $6.7 million. The cyber gang behind the heist was obviously very well informed about the post office's IT systems, and began preparing the ground for the heist a few months before, by opening accounts in post offices across the country and compromising an employee computer in the Rustenburg Post Office."
Security

Israel Faces Escalating Cyberwar 200

Posted by Soulskill from the i'm-sure-it'll-be-over-soon dept.
New submitter 9re9 writes "The NY Times describes what may be the beginning of an actual cyberwar between a pro-Palestinian group and Israeli companies, specifically El Al and the Tel Aviv stock exchange. From the article: 'A hacker identifying himself as oxOmar, already notorious for posting the details of more than 20,000 Israeli credit cards, sent an overnight warning to Israel's Ynet news outlet that a group of pro-Palestinian cyberattackers called Nightmare planned to bring down the sites in the morning.' Though the article is skimpy on technical details, the group appears to have engaged merely in a DDOS attack. Hamas praised the attack as opening 'a new resistance front against Israel.' Is this the first acknowledged cyberwar?"
Bug

Serious Oracle Flaw Revealed; Patch Coming 100

Posted by timothy from the now-how-much-would-you-pay? dept.
GMGruman writes "A bug in Oracle Database that could take down large databases — or let a hacker do so — has been found, and Oracle promises a patch later today. When InfoWorld first heard of the bug two months ago, its investigation revealed how dangerous this bug could be, and after convincing Oracle to address the issue, InfoWorld held the news until a patch was available, so hackers could not exploit the bug in the meantime. Paul Venezia details just how this bug exposes companies to the possibility of databases going offline, and Eric Knorr asks Oracle users to help test the patch in their complex environments. (InfoWorld's tests in simpler environments show the patch works there.)"
Botnet

Koobface Malware Traced To 5 Russians 64

Posted by timothy from the but-that's-right-near-tampa dept.
New submitter theonlyholle writes "Naked Security, the Sophos IT security blog, has published an article about the authors of the Koobface malware that plagued Facebook users in 2008 and the investigation that led to their identification. Apparently the botnet was created by five Russians from St. Petersburg."
Firefox

Notes On Reducing Firefox's Memory Consumption 297

Posted by timothy from the we-gave-it-post-it-notes dept.
Skuto writes "At yesterdays linux.conf.au Browser miniconference in Ballarat, Australia, Mozilla engineer Nicholas Nethercote gave a detailed presentation about the history of Firefox's memory consumption. The 37 slides-with-notes explain in gritty detail what caused Firefox 4's memory usage to be higher than expected, how many leaks and accidental memory use bugs were tracked down with Valgrind plugins, as well as the pitfalls of common memory allocation strategies. Current work is now focused on reducing the memory usage of popular add-ons such as AdBlock, GreaseMonkey and Firebug. Required reading for people working on large software projects, or those who missed that Firefox is now one of the most memory-efficient browsers in heavy usage."
Security

RSA Chief: Last Year's Breach Has Silver Lining 49

Posted by Soulskill from the learn-the-lesson-in-advance-next-time dept.
alphadogg writes "Last year's industry-shaking RSA Security breach has resulted in customers' CEOs and CIOs engaging much more closely with the vendor to improve their organizations' security, according to the head of RSA. Discussing the details of the attack that compromised its SecurID tokens has made RSA sought after by companies that want to prevent something similar from happening to them, Executive Chairman Art Coviello said in an interview with Network World. 'If there's a silver lining to the cloud that was over us from April through over the summer it is the fact that we've been engaged with customers at a strategic level as never before,' Coviello says, 'and they want to know in detail what happened to us, how we responded, what tools we used, what was effective and what was not.'"
Java

Oracle and the Java Ecosystem 157

Posted by samzenpus from the a-different-approach dept.
First time accepted submitter twofishy writes "After an undeniably rocky start, which saw high profile resignations from the JCP, including Doug Lea (who remains active in the OpenJDK), and the Apache Software Foundation, Oracle is making significant efforts to re-engage with the wider Java ecosystem, a theme which it talked up at the most recent JavaOne conference. The company is working hard to engage with the Java User Group leaders and Java Champions, membership of the OpenJDK project is growing, and the company is making efforts to reform the Java Community Process to improve transparency. The firm has also published a clear, well-defined Java roadmap toward Java 8 and Java 9."
Security

Zappos Hacked: Internal Systems Breached 122

Posted by samzenpus from the under-the-wire dept.
wiredmikey writes "Zappos appears to be the latest victim of a cyber attack resulting in a data breach. In an email to Zappos employees on Sunday, CEO Tony Hsieh asked employees to set aside 20 minutes of their time to read about the breach and what communications would be sent to its over 24 million customers. While Hsieh said that credit card data was not compromised, he did say that 'one or more' of the following pieces of personal information has been accessed by the attacker(s): customer names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers. User passwords were 'cryptographically scrambled,' he said."

Slashdot Top Deals