snydeq writes "You don't need to be a programmer, but you'll solve harder problems faster if you can write your own code, writes Paul Venezia. 'The fact is, while we may know several programming languages to varying degrees, most IT ninjas aren't developers, per se. I've put in weeks and months of work on various large coding projects, but that's certainly not how I spend most of my time. Frankly, I don't think I could just write code day in and day out, but when I need to develop a tool to deal with a random problem, I dive right in. ... It's not a vocation, and it's not a clear focus of the job, but it's a substantial weapon when tackling many problems. I'm fairly certain that if all I did was write Perl, I'd go insane.'"

A reader writes "My Android phone (an unrooted OptimusV running 2.2.2) and my Android tablet (Arnova 7g3 running 4.1) have been subjected to hacking via either 'forced Bluetooth attack' or through the Wi-Fi signals in the home where I currently rent a room. I got an Android phone at the start of this year after my 'feature phone' was force Bluetooth hacked hoping for better security, yet I still have major security issues. For instance, my Optimus's Wi-Fi again shows an error, although I am sure that a hack is causing this since when I reset the device when it's out of range from this home's signal the Wi-Fi works fine. And now the tablet (as of recently) can't access this home's open Wi-Fi, though it works fine when at other outside hot-spots. So, my question is: Are there any good (free?) security apps out there that would actually prevent this from occurring? It's not like I'm doing nefarious things on the internet, I just want to keep it private."

An anonymous reader writes "It's approximately 11 years since Windows XP was unveiled, and this week Microsoft was still at it trying to convince users that it's time to upgrade. A post on the Windows For Your Business Blog calls on businesses to start XP migrations now. Microsoft cites the main reason as being that support for XP ends in April 2014, and 'most new hardware options will likely not support the Windows XP operating system.' If you run Windows Vista, Microsoft argues that it's time to 'start planning' the move to Windows 8. As this article points out, it's not uncommon to hear about people still running XP at work."

Sparrowvsrevolution writes with this story from Forbes: "Over the weekend at the ToorCon hacker conference in San Diego, Michael Ossmann of Great Scott Gadgets revealed a beta version of the HackRF Jawbreaker, the latest model of the wireless Swiss-army knife tools known as 'software-defined radios.' Like any software-defined radio, the HackRF can shift between different frequencies as easily as a computer switches between applications–It can both read and transmit signals from 100 megahertz to 6 gigahertz, intercepting or reproducing frequencies used by everything from FM radios to police communications to garage door openers to WiFi and GSM to next-generation air traffic control system messages. At Ossmann's target price of $300, the versatile, open-source devices would cost less than half as much as currently existing software-defined radios with the same capabilities. And to fund the beta testing phase of HackRF, the Department of Defense research arm known as the Defense Advanced Research Projects Agency (DARPA) pitched in $200,000 last February as part of its Cyber Fast Track program."

mask.of.sanity writes "Shoddy customised cryptography by a state rail outfit has been busted by a group of Australian researchers who were able to replicate cards to get free rides. The flaws in the decades-old custom cryptographic scheme were busted using a few hundred dollars' worth of equipment. The unnamed transport outfit will hold its breath until a scheduled upgrade to see the holes fixed."

New submitter cellurl writes "I run wikispeedia, a database of speed limit signs. People approach us to mirror our data, but I am quite certain it will become a one-way street. So my question is: How can I give consumers peace of mind in using our data and not give up the ship? We want to be the clearing house for this information, at the same time following our charter of providing safety. Some thoughts that come to mind are creating a 'Service Level Agreement' which they will no doubt reject, or MySQL-clustering, or rsync. Any thoughts, (technically, logistically, legally) appreciated."

Google's new ARM-powered Chromebook isn't a lot of things: it isn't a full-fledged laptop, it's not a tablet (doesn't even have a touch screen); and by design it's not very good as a stand-alone device. Eric Lai at ZDNet, though, thinks Chromebooks are (with the price drop that accompanies the newest version) a good fit for business customers, at least "for white-collar employees and other workers who rarely stray away from their corporate campus and its Wi-Fi network." Lai lists some interesting large-scale rollouts with Chromebooks, including 19,000 of them in a South Carolina school district. Schools probably especially like the control that ChromeOS means for the laptops they administer. For those who'd like to have a more conventional but still lightweight ARM laptop, I wonder how quickly the ARM variant of Ubuntu will land on the new version. (Looks like I'm not the only one to leap to that thought.)

mikejuk writes "After six years in the making, the Arduino Due is finally becoming available and, with a price tag of $49, is bound to give a boost to the platform. The Due, which means 2 in Italian and is pronounced 'doo-eh', replaces the 8-bit, 16MHz Uno by a 32-bit, 84MHz processor board that also has a range of new features — more memory, a USB port that allows it to pretend to be a mouse or a keyboard say, 54 I/O pins and so on — but what lets you do more with it is its speed and power. The heart of the new Arduino Due is the Atmel SAM3X8E, an ARM Cortex-M3-based processor, which gives it a huge boost in ADC performance, opening up possibilities for designers. The theoretical sampling rate has gone from the 15 ksps (kilosamples per second) of the existing boards, the Arduino Uno, Leonardo, and Mega 2560, to a whopping 1,000 ksps. What this all means is that the Due can be used for much more sophisticated applications. It can even play back WAV files without any help. Look out for the Due in projects that once would have needed something more like a desktop machine."

hypnosec writes "Cyber-scammers have started using '1.usa.gov' links in their spam campaigns in a bid to fool gullible users into thinking that the links they see on a website or have received in their mail or newsletter are legitimate U.S. Government websites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a 'trustworthy' 1.usa.gov URL. Further, according to an explanation provided by HowTo.gov, creating these usa.gov short URLs does not require a login." Which might not be a big deal, except that the service lets through URLs with embedded redirects, and it is to these redirected addresses that scammers are luring their victims.

A reader writes with this snippet from gizmodo: "The Associated Press reports that smartphone robberies now account for nearly half of all robberies in San Francisco, as well as an impressive 40 percent here in New York City. And the numbers aren't just high, they're getting higher fast. In Los Angeles, smartphone robberies are up 27 percent from last year, with no signs of slowing down. The thefts come in all varieties as well. Victims have reported having their phones—iPhones in particular (surprise!)—yanked out of their hands while talking, snatched just as public transit reaches a stop, or even taken at gunpoint." When I was relieved at gunpoint of my (very, very dumb) phone a few years ago in Philadelphia (very, very dumb), it made for a lousy evening. Have you been robbed (or accosted) like this? If so, where?

e065c8515d206cb0e190 writes "Several websites have announced the launch of Silent Circle, PGP's founder Phil Zimmermann's new suite of tools for the paranoid. After a first day glitch with a late approval of their iOS app, the website seems to now accept subscriptions. Have any slashdotters subscribed? What does SilentCircle provide that previous applications didn't have?"

madsdyd writes "I am a long-time user of Linux (since 1997) and have not been using Windows since 1998. All PCs at home (mine, wife's, kids') run Linux. I work professionally as a software developer with Linux, but the Windows installs at my workplace are quite limited, so my current/working knowledge of Windows is almost nil. At home we have all been happy with this arrangement, and the kids have been using their Nintendos, PS2/3's and mobile phones up until now. However, my oldest kid (12) now wants to play World of Warcraft and League of Legends with his friends. I have spent more hours than I like to admit getting this to work with Wine, with limited success — seems to always fail at the last moment. I considered an Apple machine, but they seem to be quite expensive. So, I am going to bite the bullet, and install Windows 7 on a spare Lenovo T400 laptop, which I estimate will be able to run both Windows 7 and the games in question." Read on for more about the questions this raises, for someone who wants to ensure that a game-focused machine stays secure.

dcblogs writes "Iran recently held a security trade show and conference, attended by high-ranking police and military officials. A video by an Iranian news outlet shows some of the products, from crossbows to unidentified systems, and includes an interview with Iran's police chief, Brig. Gen. Esmail Ahmadi-Moqadam: 'It's true that the U.S. made Stuxnet virus did some damage to our facilities but we were able to get them all up and running in no time. However, those who attack should expect retaliation and we haven't gone there just yet.'"

Trailrunner7 writes "There are thousands of apps in the Google Play mobile market that contain serious mistakes in the way that SSL/TLS is implemented, leaving them vulnerable to man-in-the-middle attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information. Researchers from a pair of German universities conducted a detailed analysis of thousands of Android apps and found that better than 15 percent of those apps had weak or bad SSL implementations. The researchers conducted a detailed study of 13,500 of the more popular free apps on Google Play, the official Android app store, looking at the SSL/TLS implementations in them and trying to determine how complete and effective those implementations are. What they found is that more than 1,000 of the apps have serious problems with their SSL implementations that make them vulnerable to MITM attacks, a common technique used by attackers to intercept wireless data traffic. In its research, the team was able to intercept sensitive user data from these apps, including credit card numbers, bank account information, PayPal credentials and social network credentials."

First time accepted submitter anavictoriasaavedra writes "In October, two German computer security researchers created a map that allows you to see a picture of online cyber-attacks as they happen. The map isn't out of a techno-thriller, tracking the location of some hacker in a basement trying to steal government secrets. Instead, it's built around a worldwide project designed to study online intruders. The data comes from honeypots. When the bots go after a honeypot, however, they're really hacking into a virtual machine inside a secure computer. The attack is broadcast on the map—and the researchers behind the project have a picture of how a virus works that they can use to prevent similar attacks or prepare new defenses."

CWmike writes "Eugene Kaspersky, the $800-million Russian cybersecurity tycoon, is, by his own account, out to 'save the world' with an exploit-proof operating system. Given the recent declarations from U.S. Secretary of Defense Leon Panetta and others that the nation is facing a 'digital Pearl Harbor' or 'digital 9/11' from hostile nation states like Iran, this sounds like the impossible dream come true — the cyber version of a Star Wars force field. But on this side of that world in need of saving, the enthusiasm is somewhat tempered. One big worry: source. 'The real question is, do you trust the people who built your system? The answer had better be yes,' said Gary McGraw, CTO of Cigital. Kaspersky's products are among the top ranked worldwide, are used by an estimated 300 million people and are embraced by U.S. companies like Microsoft, Cisco and Juniper Networks. But while he considers himself at some level a citizen of the world, he has close ties to Russian intelligence and Vladimir Putin. Part of his education and training was sponsored by the KGB, he is a past Soviet intelligence officer (some suspect he has not completely retired from that role) and he is said have a 'deep and ongoing relationship with Russia's Federal Security Service, or FSB,' the successor to the KGB and the agency that operates the Russian government's electronic surveillance network."

OverTheGeicoE writes "If you're concerned about possible health effects from TSA's X-ray body scanners, you might be pleased to learn that TSA is making changes. TSA is removing X-ray body scanners from major airports including Los Angeles International, Boston's Logan, Chicago's O'Hare, and New York City's JFK. Then again, these changes might not please you at all, because they are not mothballing the offending devices. No, they are instead moving them to smaller airports like the one in Mesa, AZ. Is this progress, or is TSA just moving potentially dangerous scanners from 'Blue' areas to 'Red' ones right before a presidential election?"

coondoggie writes "It's not clear if the Federal Trade Commission is throwing up its hands at the problem or just wants some new ideas about how to combat it, but the agency is now offering $50,000 to anyone who can create what it calls an innovative way to block illegal commercial robocalls on landlines and mobile phones."

Nerval's Lobster writes "Google is whipping the proverbial curtain back from its new Chromebook, which will retail for $249 and up. The Samsung-built device weighs 2.5 pounds and features an 11.6-inch screen (with 1366 x 768 resolution), backed by a 1.75GHz Samsung Exynos 5 Dual Processor. Google claims it will boot up in under 10 seconds and, depending on usage, last for 6.5 hours on one battery charge. From a product perspective, Chrome OS and its associated hardware found itself fighting a two-front battle: the first against Windows PCs and Macs, both of which could claim more robust hardware for a similar cost to the old Chromebooks (which started at $449), and the second against tablets, which offered the same degree of flexibility and connectivity for a cheaper sticker-price. By setting the cost of the new Chromebook at $249, Google continues that pricing skirmish on more favorable terms." CNET got a bit of hands-on time with the new kid, and gives it a lukewarm but positive reception.

An anonymous reader writes "The six month cycle that Canonical adheres to for Ubuntu releases has come around again today. Ubuntu 12.10 'Quantal Quetzal' has been released. There's a whole range of new features and updates, but here are the most important: WebApps — treats online services as if they are desktop apps (Gmail, Twitter, Facebook); Online Services — control logins to all your services from a single window and get them integrated into search results (e.g. GDocs for file searches); Dash Preview — right click any icon, get a detailed preview of what it is; Linux kernel 3.5.4; GNOME 3.6; Nautilus 3.4; latest Unity; No more Unity 2D, fallback is the Gallium llvmpipe software rasterizer; Default apps updated (Firefox 16.01, Thunderbird 16.01, LibreOffice 3.6.2, Totem, Shotwell, Rythmbox); Full disc encryption available during install; Single, 800MB distribution for all architectures." It's now available for download. The next version, due in six months' time, will be called Raring Ringtail.