coondoggie writes "Forty-nine percent of U.S. companies are having a hard time filling what workforce management firm ManpowerGroup calls mission-critical positions within their organizations. IT staff, engineers and 'skilled trades' are among the toughest spots to fill. The group surveyed some 1,300 employers and noted that U.S. companies are struggling to find talent, despite continued high unemployment, over their global counterparts, where 34% of employers worldwide are having difficulty filling positions."

ekimd writes "Fedora 17 aka "Beefy Miracle" is released. Some of the major features include: ext4 with >16TB filesystems, dynamic firewall configuration, automatic multi-seat, and more. Major software updates include Gnome 3.4, GIMP 2.8, and GCC 4.7. The full feature list can be found here. Personally, I still find Gnome 3 to be an 'unholy mess' so I'm loving XFCE with Openbox."

An anonymous reader writes "Wired is reporting on a massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation. Kaspersky Lab, the company that discovered the malware, has a FAQ with more details."

Hugh Pickens writes "Information Age reports that the Cambridge University researchers have discovered that a microprocessor used by the US military but made in China contains secret remote access capability, a secret 'backdoor' that means it can be shut off or reprogrammed without the user knowing. The 'bug' is in the actual chip itself, rather than the firmware installed on the devices that use it. This means there is no way to fix it than to replace the chip altogether. 'The discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry,' writes Cambridge University researcher Sergei Skorobogatov. 'It also raises some searching questions about the integrity of manufacturers making claims about [the] security of their products without independent testing.' The unnamed chip, which the researchers claim is widely used in military and industrial applications, is 'wide open to intellectual property theft, fraud and reverse engineering of the design to allow the introduction of a backdoor or Trojan', Does this mean that the Chinese have control of our military information infrastructure asks Rupert Goodwins? 'No: it means that one particular chip has an undocumented feature. An unfortunate feature, to be sure, to find in a secure system — but secret ways in have been built into security systems for as long as such systems have existed.'" Even though this story has been blowing-up on Twitter, there are a few caveats. The backdoor doesn't seem to have been confirmed by anyone else, Skorobogatov is a little short on details, and he is trying to sell the scanning technology used to uncover the vulnerability.

CIStud writes "The IT industry is hurting for women. Currently only 11% of IT companies are owned by women. The Women-Owned Small Business (WOSB) Federal Contract program requires 5% of all IT jobs to go to female-owned integration companies, but there must be at least 2 female bidders. There are so few female bidders that women-owned IT firms are ineligible for the contracts. From the article: 'Wendy Frank, founder of Accell Security Inc. in Birdsboro, Pa., wishes she had more competitors. It's not often you hear any integrator say that, but in Frank's case, she has good reason. The current Women-Owned Small Business (WOSB) Federal Contract program authorizes five percent of Federal prime and subcontracts to be set aside for WOSBs. While that might sound fair on the surface, in order to invoke the money set aside for this program, the contracting officer at an agency has to have a reasonable expectation that two or more WOSBs will submit offers for the job. “We could not participate in the government’s Women-Owned Small Business program unless there was another female competitor,” says Frank. “Procurement officers required that at least two women-owned small businesses compete for the contracts, even in the IT field, where women-owned businesses are underrepresented.”'"

mikejuk writes "Following the successful defense of the Internet against SOPA, website owners are being invited to sign up to a project that will enable them to participate in future protest campaign, the Internet Defense League. The banner logo for the 'bat-signal' site is a cat, a reference to Ethan Zuckerman's cute cat theory of digital activism. The idea is that sites would respond to the call to "defend the Internet" by joining a group blackout or getting users to sign petitions. From the article: 'Website owners can sign up on the IDL website to add a bit of code to their sites (or receive code by email at the time of a campaign) that can be triggered in the case of a crisis like SOPA. This would add an "activist call-to-action" to all participating sites - such as a banner asking users to sign petitions, or in extreme cases blackout the site, as proved effective in the SOPA/PIPA protest of January 2012.'"

An anonymous reader writes "A fortnight ago the Bitcoin financial website Bitcoinica was hacked and the hacker stole $87,000 worth of Bitcoins. At the time the owner promised that all users would have their Bitcoins and US dollars returned in full, but one of the site developers has just confirmed that they have no database backups and are having difficulty figuring out what everyone's account balance should actually be. A failure of epic proportions for a site holding such large amounts of money."

scibri writes "The iris scanners that are used to police immigration in some countries, like the UK, are based on the premise that your irises don't change over your lifetime. But it seems that assumption is wrong. Researchers from the University of Notre Dame have found that irises do indeed change over time, enough so that the failure rate jumps by 153% over three years. While that means a rise from just 1 in 2 million to 2.5 in two million, imagine how that will affect a system like India's — which already has 200 million people enrolled — over 10 years."

New submitter wirelessduck writes "After some recent complaints from a Labor MP about price markups on software and technology devices in Australia, Federal Government agencies decided to look in to the matter and an official parliamentary inquiry into the issue was started. 'The Federal Parliament's inquiry into local price markups on technology goods and services has gotten under way, with the committee overseeing the initiative issuing its terms of reference and calling for submissions from the general public on the issue.'"

An anonymous reader writes "In Friday's story about IBM's ban on Cloud storage there was much agreement, such as: 'My company deals with financial services. We are not allowed to access Dropbox either.' So why isn't Linux the first choice for all financial services? I don't know any lawyers, financial advisers, banks, etc., that don't use Windows. I switched to Linux in 2005 — I'm well aware that it's not perfect. But the compromises have been so trivial compared to the complete relief from dealing with Windows security failings. Even if we set aside responsibility and liability, business already do spend a lot of money and time on trying to secure Windows, and cleaning up after it. Linux/Unix should already be a first choice for the business world, yet it's barely even known of. It doesn't make sense. Please discuss; this could use some real insight. And let's at least try to make the flames +5 funny."

IBM has forbidden its employees from using cloud-based services such as Siri, Dropbox and iCloud, according to reports. These products (along with many others) are presenting a challenge to IT administrators who want to keep their organizations secure, as well as to consumer-software developers who suddenly need to build features with both consumers and businesses in mind.

1sockchuck writes "Cloud provider Rackspace is looking to the emerging open source hardware ecosystem to transform its data centers. The cloud provider spends $200 million a year on servers and storage, and sees the Open Compute Project as the key to reducing its costs on hardware design and operations. Rackspace is keen on the potential of the new Open Rack program, and its buying power is motivating HP and Dell to develop for the new standard — partly because Rackspace has also been talking with original design manufacturers like Quantra and Wistron. It's an early look at how open source hardware could have a virtuous impact on the server economy. 'I think the OEMs were not very interested (in Open Compute) initially,' said Rackspace COO Mark Roenigk. 'But in the last six months they have become really focused.'"

ancientribe writes "Phony AV scammers posing as Microsoft dialed the wrong number when they inadvertently phoned a security researcher at home. He lured them into a honeypot to study their actions, and posted the video online here. His main takeaway: they were 'Stone Age' when it came to their tech know-how."

phaedrus5001 writes "The mayor of West New York, New Jersey was arrested by the FBI after he and his son illegally took down a website that was calling for the recall of mayor Felix Roque (the site is currently down). From the article: 'According to the account of FBI Special Agent Ignace Ertilus, Felix and Joseph Roque took a keen interest in the recall site as early as February. In an attempt to learn the identity of the person behind the site, the younger Roque set up an e-mail account under a fictitious name and contacted an address listed on the website. He offered some "very good leads" if the person would agree to meet him. When the requests were repeatedly rebuffed, Joseph Rogue allegedly tried another route. He pointed his browser to Google and typed the search strings "hacking a Go Daddy Site," "recallroque log-in," and "html hacking tutorial."'"

Trailrunner7 writes "Yahoo on Wednesday launched a new browser called Axis and researchers immediately discovered that the company had mistakenly included its private signing key in the source file, a serious error that would allow an attacker to create a malicious, signed extension for a browser that the browser will then treat as authentic. The mistake was discovered on Wednesday, soon after Yahoo had launched Axis, which is both a standalone browser for mobile devices as well as an extension for Firefox, Chrome, Safari and Internet Explorer. ... Within hours of the Axis launch, a writer and hacker named Nik Cubrilovic had noticed that the source file for the Axis Chrome extension included the private PGP key that Yahoo used to sign the file. That key is what the Chrome browser would look for in order to ensure that the extension is legitimate and authentic, and so it should never be disclosed publicly."

shuttah writes "In the growing Al-Qaeda activity in Yemen, Secretary of State Hillary Clinton revealed today that 'cyber experts' had recently hacked into web sites being used by an Al-Qaeda affiliate, substituting the group's anti-American rhetoric with information about civilians killed in terrorist strikes. Also this week, a statement from the Senate Committee on Homeland Security and Governmental Affairs revealed the presence an Al-Qaeda video calling for 'Electronic Jihad.'"

Trailrunner7 writes "Two independent researchers are proposing an extension for TLS to provide greater trust in certificate authorities, which have become a weak link in the entire public key infrastructure after some big breaches involving fraudulent SSL certificates. TACK, short for Trust Assertions for Certificate Keys, is a dynamically activated public key framework that enables a TLS server to assert the authenticity of its public key. According to an IETF draft submitted by researchers Moxie Marlinspike and Trevor Perrin, a TACK key is used to sign the public key from the TLS server's certificate. Clients can 'pin' a hostname to the TACK key, based on a user's visitation habits, without requiring sites modify their existing certificate chains or limiting a site's ability to deploy or change certificate chains at any time. If the user later encounters a fraudulent certificate on a "pinned" site, the browser will reject the session and send a warning to the user. 'Since TACK pins are based on TACK keys (instead of CA keys), trust in CAs is not required. Additionally, the TACK key may be used to revoke previous TACK signatures (or even itself) in order to handle the compromise of TLS or TACK private keys,' according to the draft."

angry tapir writes "The creator of the Bredolab malware has received a four-year prison sentence in Armenia for using his botnet to launch DDoS attacks that damaged multiple computer systems owned by private individuals and organizations. G. Avanesov was sentenced by the Court of First Instance of Armenia's Arabkir and Kanaker-Zeytun administrative districts for offenses under Part 3 of the Article 253 of the country's Criminal Code — intentionally causing damage to a computer system with severe consequences."

A user writes "CNN reports that IBM CEO Jeanette Horan has banned Siri, the iPhone voice recognition system. Why? According to Horan '(IBM) worries that the spoken queries might be stored somewhere.' Siri's backend is a set of Apple-owned servers in North Carolina, and all spoken queries are sent to those servers to be converted to text, parsed, and interpreted. While Siri wouldn't work unless that processing was done, the centralization and cloud based nature of Siri makes it an obvious security hole."

An anonymous reader writes "I recently joined a startup, we have about 10 people altogether in various roles / responsibilities, and I handle most of the system / IT responsibilities (when I'm not in my primary role, which is software development). When trying to price licenses, I'm finding Microsoft offerings require quite a bit of upfront cost, so I'm trying the alternative solutions. LibreOffice and Google Docs work fine for the most part (we also have some MS Office users); however I'm having trouble getting a good / cheap / free solution to email, contacts, calendaring and user management in general. We have some Mac users, Windows users, need desktop clients for most of these uses as well — and there doesn't seem to be a solution that satisfies these myriad combinations." (Read more, below.)