alphadogg writes with this excerpt from Network World: "Many mobile apps include ads that can threaten users' privacy and network security, according to North Carolina State University researchers. The National Science Foundation-funded researchers studied 100,000 apps in Google Play (formerly Android Market) and found that more than half contained ad libraries, nearly 300 of which were enabled to grab code from remote servers that could give malware and hackers a way into your smartphone or tablet. 'Running code downloaded from the Internet is problematic because the code could be anything,' says Xuxian Jiang, an assistant professor of computer science at NC State."

zrbyte writes "A growing number of complexity theorists are beginning to recognize some potential problems with cloud computing. The growing consensus is that bizarre and unpredictable behavior often emerges in systems made up of 'networks of networks,' such as a business using the computational resources of a cloud provider. Bryan Ford at Yale University in New Haven says the full risks of the migration to the cloud have yet to be properly explored. He points out that complex systems can fail in many unexpected ways, and he outlines various simple scenarios in which a cloud could come unstuck."

snydeq writes "A hard-to-detect piece of malware that doesn't create any files on the affected systems was dropped onto the computers of visitors to popular news sites in Russia in a drive-by download attack, according to Kaspersky Lab. 'What's interesting about this particular attack is the type of malware that was installed in cases of successful exploitation: one that only lives in the computer's memory. ... It's ideal to stop the infection in its early stages, because once this type of "fileless" malware gets loaded into memory and attaches itself to a trusted process, it's much harder to detect by antivirus programs.'"

wiredmikey writes "Earlier this month, researchers from Kaspersky Lab reached out to the security and programming community in an effort to help solve a mystery related to 'Duqu,' the Trojan often referred to as 'Son of Stuxnet,' which surfaced in October 2010. The mystery rested in a section of code written an unknown programming language and used in the Duqu Framework, a portion of the Payload DLL used by the Trojan to interact with Command & Control (C&C) servers after the malware infected system. Less than two weeks later, Kaspersky Lab experts now say with a high degree of certainty that the Duqu framework was written using a custom object-oriented extension to C, generally called 'OO C' and compiled with Microsoft Visual Studio Compiler 2008 (MSVC 2008) with special options for optimizing code size and inline expansion."

This is a 15 minute video conversation with Andy Marken of Marken Communications, who has been working in technology public relations long enough to know what's what -- and then some. We had a pleasant conversation via Skype, and afterwords he sent along some excellent additional advice about how to handle do-it-yourself tech industry PR.

judgecorp writes "Google is cooling its data center in Douglas County, Georgia, using 'recycled' water that has been through the bathtubs and toilets of the surrounding community. So called 'grey' water is perfectly adequate for the data center's cooling system which relies on evaporation (the wet T-shirt effect), says Google."

angry tapir writes "Luigi Auriemma, the researcher who discovered a recently patched critical vulnerability in Microsoft's Remote Desktop Protocol (RDP), published a proof-of-concept exploit for it after a separate working exploit, which he said possibly originated from Microsoft, was leaked online on Friday. Identified as CVE-2012-0002 and patched by Microsoft on Tuesday, the critical vulnerability can be exploited remotely to execute arbitrary code on systems that accept RDP connections."

diegocg writes "Linux 3.3 has been released. The changes include the merge of kernel code from the Android project. There is also support for a new architecture (TI C6X), much improved balancing and the ability to restripe between different RAID profiles in Btrfs, and several network improvements: a virtual switch implementation (Open vSwitch) designed for virtualization scenarios, a faster and more scalable alternative to the 'bonding' driver, a configurable limit to the transmission queue of the network devices to fight bufferbloat, a network priority control group and per-cgroup TCP buffer limits. There are also many small features and new drivers and fixes. Here's the full changelog."

An anonymous reader writes "Contrary to what many individuals think, not everybody on Slashdot went to college for a computer-related degree. Graduating in May of this year, my undergraduate degree will be in psychology. Like many undergraduate psychology students, I applied to a multitude of graduate programs but, unfortunately, was not given admission into a single one. Many are aware that a bachelor's degree in psychology is quite limiting, so I undoubtedly have been forced into a complicated situation. Despite my degree being in psychology, I have an immense interest in computers and the typical 'hard science' fields. How can one with a degree that is not related to computers acquire a job that is centered around computers? At the moment, I am self-taught and can easily keep up in a conversation of computer science majors. I also do a decent amount of programming in C, Perl, and Python and have contributed to small open source projects. Would Slashdot users recommend receiving a formal computer science education (only about two years, since the nonsensical general education requirements are already completed) before attempting to get such a job? Anybody else in a similar situation?"

An anonymous reader writes "Just hours after the new Apple iPad was released, it was jailbroken in three (how appropriate!) separate ways. This means that hackers have already found and exploited security holes to run custom code on the new iPad with iOS 5.1. The tools for jailbreaking your new iPad aren't yet available, but this first step means the software will be developed sooner rather than later."

jm223 writes "I'm currently a student at a major university, where I do IT work for a fairly large student group. Most of my job involves programming, and so far everyone has been happy with my work. Since we're students, though, no one really has the experience to offer major advice or critiques, and I'm curious about how my coding measures up — and, of course, how I can make it better. CS professors can offer feedback about class projects, but my schoolwork often bears little resemblance to my other work. So, when you're programming without an experienced manager above you, how do you go about improving?"

dsinc writes "A Polish security researcher, Krzysztof Kotowicz, makes an worrisome entry in his blog: with a few lines of Javascript, any web site could list the extensions installed in Chrome (and the other browsers of the Chromium family). Proof of concept is provided here. As there are addons which deal with very personal things like pregnancy or religion, the easiness of access to those very private elements of your life is really troubling." Note: the proof of concept works, so don't click that link if the concept bothers you.

An anonymous reader writes "Security firm Elcomsoft analyzed 17 iOS and BlackBerry password-keeping apps and found their actual security levels well below their claimed level of protection. With additional digging, however, Glenn Fleishman at TidBITS found that Elcomsoft's criticisms rely on physical access to the apps' data stores, and, for some of the more common apps, on the user employing a short (6 characters or fewer) or numeric password. In other words, there really isn't much risk here."

Dmitri Baughman writes "I'm the IT guy at a small software development company of about 100 employees. Everyone is technically inclined, with disciplines in development, QA, and PM areas. As part of a monthly knowledge-sharing meeting, I've been asked to give a 30-minute presentation about our computing and networking infrastructure. I manage a pretty typical environment, so I'm not sure how to present the information in a fun and engaging way. I think network diagrams and bandwidth usage charts would make anyone's eyes glaze over! Any ideas for holding everyone's interest?"

An anonymous reader writes "Antivirus maker Avast is suspending its relationship with iYogi, a company it has relied upon for the past two years to provide live customer support for its products. The move comes just one day after an investigation into iYogi showed the company was using the relationship to push expensive and unnecessary support contracts onto Avast users. In a blog post, Avast's CEO wrote, 'We had initial reports of this behavior a few weeks ago and met with iYogi's senior executives to ensure the behavior was being corrected. Thus, we were shocked to find out about Mr. Krebs' experience. As a consequence, we have removed the iYogi support service from our website and shortly it will be removed from our products.'"

New submitter AstroPhilosopher writes "The National Security Agency is building a complex to monitor and store 'all' communications in a million-square-foot facility. One of its secret roles? Code-breaking your private, personal information. Everybody's a target. Quoting Wired: 'Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages. "We questioned it one time," says another source, a senior intelligence manager who was also involved with the planning. "Why were we building this NSA facility? And, boy, they rolled out all the old guys—the crypto guys." According to the official, these experts told then-director of national intelligence Dennis Blair, "You’ve got to build this thing because we just don’t have the capability of doing the code-breaking." It was a candid admission.'"

mask.of.sanity writes "A working proof of concept has been developed for a dangerous vulnerability in Microsoft's Remote Desktop Protocol (RDP). The hole stands out because many organizations use RDP to work from home or access cloud computing services. Only days after a patch was released, a bounty was offered for devising an exploit, and later a working proof of concept emerged. Chinese researchers were the first to reveal it, and security professionals have found it causes a blue screen of death in Microsoft Windows XP and Windows Server 2003 machines. Many organizations won't apply the patch and many suspect researchers are only days away from weaponizing the code."

An anonymous reader writes "Catching a flight in the U.S. isn't a great experience anymore due to the security checks involved. You have to remove your shoes, your belt, get your laptop out, be scanned and subjected to radiation in the process. Hundreds of other people are doing the same thing, meaning it takes 40 minutes instead of four. Now, the TSA has come up with a clever, money-making alternative. Instead of scaling back security or speeding it up, you can instead pay $100 and bypass it completely!"

kierny writes "'The Internet needs crime,' said renowned cryptographer Whitfield Diffie, kicking off the Black Hat Europe conference in Amsterdam. His analysis — that there can't be good guys without bad guys — helps explain not just the rise of black hat hackers and, more recently, hacktivism, but signals that the information security profession will continue to not just be relevant, but demanded, especially as the number of data-spewing devices increases exponentially."

chicksdaddy writes "Threatpost is reporting today on the findings of an ENISA study that looked at whether consumers would pay more for goods in exchange for more privacy. The answer — 'Sure...just not much more.' The report (PDF): 'Study on Monetizing Privacy: An Economic Model for Pricing Personal Information' presents the findings of a laboratory study in which consumers were asked to buy identical goods from two online vendors: one that collected minimal customer information and another that required the customer to surrender more of their personal information to purchase the item, including phone number and a government ID number. The laboratory experiment showed that the majority of consumers value privacy protections. When the prices of the goods offered by both the privacy protecting and the privacy violating online retailers were equal, shoppers much preferred the privacy protecting vendor. But the preference for more privacy wasn't very strong, and didn't come close to equaling consumers' preference for lower prices. In fact, consumers readily switched to a more privacy-invasive provider if that provider charged a lower price for the same goods. How much lower? Not much, researchers discovered. A discount of just E0.50 ($0.65) was enough to sway consumers away from a vendor who would protect the privacy of their personal data."