wiredmikey writes "Security researchers have discovered new Android malware controlled via SMS that can do a number of things on the compromised device including recording calls and surrounding noise. Called TigerBot, the recently discovered malware was found circulating in the wild via non-official Android channels. Based on the code examination, the researchers from NQ Mobile, alongside researchers at North Carolina State University said that TigerBot can record sounds in the immediate area of the device, as well as calls themselves. It also has the ability to alter network settings, report its current GPS coordinates, capture and upload images, kill other processes, and reboot the phone. TigerBot will hide itself on a compromised device by forgoing an icon on the home screen, and by masking itself with a legit application name such as Flash or System. Once installed and active, it will register a receiver with a high priority to listen to the intent with action 'android.provider.Telephony.SMS_RECEIVED.'"

Taco Cowboy writes "Here comes a chip that can pinpoint you in-door and out, it can even tell others on which floor of a building you are located. It's the Broadcom 4752 chip. It takes signals from global navigation satellites, cell phone towers, and Wi-Fi hot spots, coupled with input from gyroscopes, accelerometers, step counters, and altimeters The company calls abilities like this 'ubiquitous navigation,' and the idea is that it will enable a new kind of e-commerce predicated on the fact that shopkeepers will know the moment you walk by their front door, or when you are looking at a particular product, and can offer you coupons at that instant."

MatthewVD writes "Our cars run millions of lines of code that need constant and, often, critical updates. Jim Motavalli writes that Mercedes-Benz's new mbrace2 'cloud infotainment system' has a secret capability: it can update software automatically and wirelessly. In a process called 'reflashing,' the Mercedes system turns on the car operating system (CU), downloads the new application, then cuts itself off. With companies like Fisker paying dearly for constant recalls for software problems, automakers will likely rush to embrace this technology. No more USBs in the dashboard!"

An anonymous reader writes "The Utah Department of Health has been hacked. 181,604 Medicaid and CHIP recipients have had their personal information stolen. 25,096 had their Social Security numbers (SSNs) compromised. The agency is cooperating with law enforcement in a criminal investigation. The hackers, who are believed to be located in Eastern Europe, breached the server in question on March 30, 2012."

yuhong writes "On April 10, the second Tuesday of April, Windows Vista will exit Mainstream Support and enter Extended Support. This means that no-charge (free) support will end, no further service packs will be created, nor will future IE versions (such as IE10) be available for Vista. Also, no new non-security hotfixes will be created or be available without an Extended Hotfix Support Agreement (EHSA). This will last for 5 years before support for Vista completely ends in 2017."

An anonymous reader writes "The U.S. Navy is paying a company six figures to hack into used video game consoles and extract sensitive information. The tasks to be completed are for both offline and online data. The organization says it will only use the technology on consoles belonging to nations overseas, because the law doesn't allow it to be used on any 'U.S. persons.'" Should be a doddle.

Trailrunner7 writes "Project Basecamp, a volunteer effort to expose security holes in industrial control system software, unveiled new modules on Thursday to exploit holes in common programmable logic controllers (PLCs). The new exploits, which are being submitted to the Metasploit open platform, include one that carries out a Stuxnet-type attack on PLCs made by the firm Schneider Electric, according to information provided to Threatpost by Digital Bond, a private consulting firm that has sponsored the effort. It was the third major release from researchers working for Project Basecamp and included three new modules for the Metasploit platform that can exploit vulnerable PLCs used in critical infrastructure deployments. The exploits rely on a mix of software vulnerabilities and insecure 'features' of common PLCs, which serve a variety of purposes in industries as varied as power generation, water treatment, manufacturing and others."

Krystalo writes "The hacktivist group Anonymous today hacked multiple UK government websites over the country's 'draconian surveillance proposals' and 'derogation of civil rights.' At the time of writing, the following websites were taken down: homeoffice.gov.uk, number10.gov.uk, and justice.gov.uk. The group is not pleased with the UK government's plans to monitor Internet users."

An anonymous reader writes "Last year Slashdot ran a story on scientists from the Max-Planck-Institute for Physics of Complex Systems in Dresden, Germany developing a novel method to improve password security. A strong long password is split in two parts; the first part is memorized by a human, and the second part is stored as a CAPTCHA-like image of a chaotic lattice system. Today, after a year of work, the same group at Max Planck Institute released a working prototype online, where everybody can try this technology to encrypt files (Java plugin required)."

Lucas123 writes "Paper products maker Kimberly-Clark drove the morale of its IT infrastructure group into the ground after massive firings and outsourcing. When they hired a new VP of Infrastructure four years later to turn things around, he implemented a program to spur innovation. The VP took a venture capitalist approach where any employee could submit an idea and if accepted, make a pitch in 30 minutes or less. If the idea had merit, it received first, then second rounds of funding. If not, the employee's idea still got lauded on the company's internal Sharepoint site. As he puts it, 'Failure is simply the opportunity to begin again, this time more intelligently. It's about what we learn from the failure. Not the failure itself. We celebrate that learning.'"

CowboyRobot writes "The National Weather Service has begun testing the way it labels natural disasters. It's hoping that the new warnings, which include words like 'catastrophic,' 'complete devastation likely,' and 'unsurvivable,' will make people more likely to take action to save their lives. But what about their digital lives? Recommendations include: Keep all electronics out of basements and off the floor; Unplug your hardware; Buy a surge protector; Enclose anything valuable in plastic. If the National Weather Service issued a 'complete devastation' warning today, would your data be ready?"

New submitter SolKeshNaranek writes "After Anonymous hacked hundreds of Chinese government, company, and other general websites, China has acknowledged the attacks. Meanwhile, Anonymous China has not stopped its onslaught. 'A few targets have had their administrator accounts, phone numbers, and e-mail addresses posted publicly. Last but not least, on many of the hacked sites, the group even posted tips for how to circumvent the Great Firewall of China. While Anonymous was not specifically mentioned, it's obvious what China's Ministry of Foreign Affairs was referring to during a briefing on Thursday, given the events during the last week.'"

An anonymous reader writes, quoting Network World: "As with any platform that sees a meteoric rise in popularity, it's only a matter of time before spammers throw their hats in the ring and try and exploit the masses for financial gain and other sinister purposes. As the relatively new kid on the block, Twitter is still busying itself trying to tackle and ultimately prevent spammers from destroying the user experience. While Twitter's previous efforts centered exclusively on engineering-based solutions, the company today announced that they are also pursuing legal avenues to fend off spammers." From the Twitter blog: "With this suit, we’re going straight to the source. By shutting down tool providers, we will prevent other spammers from having these services at their disposal. Further, we hope the suit acts as a deterrent to other spammers, demonstrating the strength of our commitment to keep them off Twitter."

badger.foo writes "Remember the glacially slow Hail Mary Cloud SSH bruteforcers? They're doing speedup tweaks and are preparing a comeback, some preliminary data reported by Peter Hansteen appear to indicate. The optimum rate of connections seems to be 1 per ten seconds, smack in the middle of the 'probably human' interval."

wiredmikey writes "A former CIA officer was indicted on Thursday for allegedly disclosing classified information to journalists. The restricted disclosure included the name of a covert officer and information related to the role a CIA employee played in classified operations. The indictment charges John Kiriakou with one count of violating the Intelligence Identities Protection Act for allegedly illegally disclosing the identity of a covert officer and with three counts of violating the Espionage Act for allegedly illegally disclosing national defense information to individuals not authorized to receive it. The count charging violation of the Intelligence Identities Protection Act, as well as each count of violating the Espionage Act, carries a maximum penalty of 10 years in prison, and making false statements carries a maximum prison term of five years. Each count carries a maximum fine of $250,000."

CowboyRobot writes, quoting Information Week: "Eighteen months after its diplomatic cables were exposed in the WikiLeaks breach, the State Department continues to lock down its confidential information, while increasing its use of using social media. The agency is deploying new security technology, including auditing and monitoring tools that detect anomalous activity on the State Department's classified networks and systems. State has also begun tagging information with metadata to enable role-based access to those who need it, and is planning to implement public key infrastructure on its classified systems by the summer of 2014. This is all taking place despite the recent announcement that the IT budget will be cut by nearly 5%."

Orome1 writes "Industry and government efforts have dealt a significant blow to spam, according to a Commtouch report that is compiled based on an analysis of more than 10 billion transactions handled on a daily basis. The sustained decrease in spam over the last year can be attributed to many factors, including: Botnet takedowns, increased prosecution of spammers and the source industries such as fake pharmaceuticals and replicas. However, spam is still four times the level of legitimate email and cybercriminals are increasing their revenues from other avenues, such as banking fraud malware."

You complained; we heard you. We're making some adjustments to our ongoing experiment with video on Slashdot, and are trying to get it right. Some of the videos just haven't gelled, to put it lightly, and we know it. We're feeling out just what kinds of videos make sense here: it's a steep learning curve. So far, though, besides a few videos that nearly everyone hated, we've also seen some wacky, impressive, fun technology, and we're going to keep bringing more of it, but in what we intend to be smarter doses, here on the Slashdot home page. (A larger selection will be available on tv.slashdot.org.) We're also planning to start finding and documenting some creative means of destruction for naughty hardware; suggestions welcome. We have also heard you when it comes to improving the core Slashdot site experience and fixing bugs on site. We're working on these items, too. As always, suggestions are welcome, too, for other things worth getting on camera or publishing on Slashdot.

An anonymous reader writes with this excerpt from ZDNet: "Security researchers from two universities say they found how hackers can retrieve credit card data and other personal information from used Microsoft Xbox 360s, even if the console is restored back to factory settings and its hard drive is wiped. Microsoft is now looking into their story of buying a refurbished Xbox 360 from a Microsoft-authorized retailer, downloading a basic modding tool, gaining access to the console's files and folders, and eventually extracting the original owner's credit card information. Redmond is still investigating, but it's already calling the claims 'unlikely.'"

twoheadedboy writes "A Flashback variant dubbed Backdoor.Flashback.39 has infected over 600,000 Macs, according to Russian security firm Dr Web. The virulent Flashback trojan infecting Apple machines sparked interest earlier this week after it was seen exploiting a Java vulnerability, although it was actually first discovered back in September last year. The Trojan has a global reach after Dr Web found infected Macs in most countries. More than half of the Macs infected are in the US (56.6 percent), while another 19.8 percent are in Canada. The UK has 12.8 percent of infected Macs."