×
Crime

New Cable Designed To Deter Copper Thieves 668

Posted by samzenpus from the nothing-in-it-for-you dept.
Hugh Pickens writes "Pervasive thefts of copper wire from under the streets of Fresno, California have prompted the city to seal thousands of its manhole covers with concrete. In Picher, Oklahoma, someone felled the town's utility poles with chain saws, allowing thieves to abscond with 3,000 feet of wire while causing a blackout. The theft of copper cables costs U.S. companies $60 million a year and the FBI says it considers theft of copper wire to be a threat to the nation's baseline ability to function. But now PC World reports that a U.S. company has developed a new cable design that removes almost all the copper from cables in a bid to deter metal thieves. Unlike conventional cables made from solid copper, the GroundSmart Copper Clad Steel Cable consists of a steel core bonded to a copper outer casing, forming an equally effective but far less valuable cable by exploiting the corrosion-resistance of copper with the conductive properties of steel. 'Companies trying to protect their copper infrastructure have been going to extreme measures to deter theft, many of which are neither successful nor cost effective,' says CommScope vice president, Doug Wells. 'Despite efforts like these, thieves continue to steal copper because of its rising value. The result is costly damage to networks and growing service disruptions.' The GroundSmart Copper Clad Steel cable is the latest technical solution to the problem of copper theft, which has included alternatives like cable etching to aid tracing of stolen metal and using chemicals that leave stains detectable under ultra-violet light. However the Copper Clad Steel strikes at the root of the problem by making the cable less susceptible to theft by both increasing the resistance to cutting and drastically decreasing the scrap value."
Security

DHS X-ray Car Scanners Now At Border Crossings 295

Posted by samzenpus from the scanning-what-you-have-to-declare dept.
OverTheGeicoE writes "CNET has a story on DHS' whole car X-ray scanners and their potential cancer risks. The story focuses on the Z Portal scanner, which appears to be a stationary version of the older Z Backscatter Vans. The story provides interesting pictures of the device and the images it produces, but it also raises important questions about the devices' cancer risks. The average energy of the X-ray beam used is three times that used in a CT scan, which could be big trouble for vehicle passengers and drivers should a vehicle stop in mid-scan. Some studies show the risk for cancer from CT scans can be quite high. Worse still, the DHS estimates of the Z Portal's radiation dosage are likely to be several orders of magnitude too low. 'Society will pay a huge price in cancer because of this,' according to one scientist."
Security

DHS Monitors Social Media For 'Political Dissent' 385

Posted by Soulskill from the howdy-boys dept.
OverTheGeicoE writes "Recently, TSA's 'Blogger Bob' Burns posted a rant against a cupcake on the TSA blog. Perhaps it made you wonder if TSA and its parent agency, the Department of Homeland Security, really understand what we're saying about them, especially online. Well, thanks to a Freedom of Information Act lawsuit from the Electronic Privacy Information Center, we now know a lot more about how they monitor online comments aside from 'Blogger Bob.' EPIC has received hundreds of pages of documents regarding DHS's online surveillance program. These documents reveal that DHS has contracts with General Dynamics for '24/7 media and social network monitoring.' Perhaps it will warm your heart to know that DHS is particularly interested in tracking media stories that 'reflect adversely' on the U.S. government generally and DHS specifically. The documents include a report summary that might be representative of General Dynamics' work. The example includes summaries of comments on blogs and social networking sites, including quotes. Then again, you might remember J. Edgar Hoover's monitoring of antiwar activists during the Vietnam War, which certainly wasn't for the protesters' benefit."
Security

Viruses Stole City College of S.F. Data For Years 93

Posted by Soulskill from the measuring-failure-in-decades dept.
An anonymous reader sends this quote from an article at the San Francisco Chronicle: "Personal banking information and other data from perhaps tens of thousands of students, faculty and administrators at City College of San Francisco have been stolen in what is being called 'an infestation' of computer viruses with origins in criminal networks in Russia, China and other countries, The Chronicle has learned. At work for more than a decade, the viruses were detected a few days after Thanksgiving, when the college's data security monitoring service detected an unusual pattern of computer traffic, flagging trouble."
Android

IPv6-Only Is Becoming Viable 209

Posted by timothy from the ok-but-what's-your-64-bit-phone-number? dept.
An anonymous reader writes "With the success of world IPv6 day in 2011, there is a lot of speculation about IPv6 in 2012. But simply turning on IPv6 does not make the problems of IPv4 exhaustion go away. It is only when services are usable with IPv6-only that the internet can clip the ties to the IPv4 boat anchor. That said, FreeBSD, Windows, and Android are working on IPv6-only capabilities. There are multiple accounts of IPv6-only network deployments. From those, we we now know that IPv6-only is viable in mobile, where over 80% (of a sampling of the top 200 apps) work well with IPv6-only. Mobile especially needs IPv6, since their are only 4 billion IPv4 address and approaching 50 billion mobile devices in the next 8 years. Ironically, the Android test data shows that the apps most likely to fail are peer-to-peer, like Skype. Traversing NAT and relying on broken IPv4 is built into their method of operating. P2P communications was supposed to be one of the key improvements in IPv6."
Security

Sykipot Trojan Variant Stealing DoD Smartcard Credentials 44

Posted by Soulskill from the tax-money-well-spent dept.
Trailrunner7 writes "A new research report says variants of the Sykipot Trojan have been found that can steal Dept. of Defense smartcard credentials. The research, published in a blog post Thursday, is the latest by Alien Vault to look at Sykipot, a Trojan horse program known to be used in targeted attacks against the defense industry. The new variants, which Alien Vault believes have been circulating since March, 2011, have been used in 'dozens of attacks' and contain features that would allow remote attackers to steal smart card credentials and access sensitive information."
Microsoft

Microsoft 'Trustworthy Computing' Turns 10 185

Posted by Soulskill from the eat-your-cake-at-your-desk dept.
gManZboy writes "Bill Gates fired off his famous Trustworthy Computing memo to Microsoft employees on Jan. 15, 2002, amid a series of high-profile attacks on Windows computers and browsers in the form of worms and viruses like Code Red and 'Anna Kournikova.' The onslaught forced Gates to declare a security emergency within Microsoft, and halt production while the company's 8,500 software engineers sifted through millions of lines of source code to identify and fix vulnerabilities. The hiatus cost Microsoft $100 million. Today, the stakes are much higher. 'TWC Next' will include a focus on cloud services such as Azure, the company says."
Microsoft

Passwords Not Going Away Any Time Soon 232

Posted by Soulskill from the 12345-letmein dept.
New submitter isoloisti writes "Hot on the heels of IBM's 'no more passwords' prediction, Wired has an article about provocative research saying that passwords are here to stay. Researchers from Microsoft and Carleton U. take a harsh view of research on authentication (PDF), saying, 'no progress has been made in the last twenty years.' They dismiss biometrics, PKI, OpenID, and single-signon: 'Not only have proposed alternatives failed, but we have learnt little from the failures.' Because the computer industry so thoroughly wrote off passwords about a decade ago, not enough serious research has gone into improving passwords and understanding how they get compromised in the real world. 'It is time to admit that passwords will be with us for some time, and moreover, that in many instances they are the best-fit among currently known solutions.'"
Crime

TSA Makes $400K Annually In Loose Change 289

Posted by Soulskill from the nickel-and-dime dept.
Hugh Pickens writes "NBC reports that airport travelers left behind $409,085.56 in loose change at security checkpoints in 2010, providing an additional source of funding for the Transportation Security Administration. 'TSA puts (the leftover money) in a jar at the security checkpoint, at the end of each shift they take it, count it, put it in an envelope and send it to the finance office,' says TSA spokesperson Nico Melendez. 'It is amazing. All that change, it all adds up.' Melendez adds that the money goes into the general operating budget for TSA that is typically used for technology, light bulbs or just overall general expenses. Rep. Jeff Miller (R-Fla.) has introduced legislation that would direct the TSA to transfer unclaimed money recovered at airport security checkpoints to the United Service Organizations (USO), a private nonprofit that operates centers for the military at 41 U.S. airports. The recovered change is not to be confused with the theft that occurs when TSA agents augment their salary by helping themselves to the contents of passengers' luggage as it passes through security checkpoints. For example in 2009, a half dozen TSA agents at Miami International Airport were charged with grand theft after boosting an iPod, bottles of perfume, cameras, a GPS system, a Coach purse, and a Hewlett Packard Mini Notebook from passengers' luggage as travelers at just this one airport reported as many as 1,500 items stolen, the majority of which were never recovered."
IT

How To Get Developers To Document Code 545

Posted by samzenpus from the use-your-words dept.
snydeq writes "Poorly documented code? Chances are the problem lies not in your programmers, but in your process, writes Fatal Exception's Neil McAllister. 'Unfortunately, too few developers seem to do a good job of documenting their code. Encouraging them to start can be a difficult challenge — but not an impossible one,' McAllister writes, adding that to establish a culture of documentation managers should favor the carrot before the stick. 'Like most people, programmers respond better to incentives than to mandates. Simple praise can go a long way, but managers may find other ways to reward developers. Are your developers occasionally on-call for weekend support duties or late-night update deployments? Consider giving them a break if they volunteer to pick up some extra documentation burden. Of course, financial incentives work, too.'"
Graphics

Researcher's Tool Maps Malware In Elegant 3D Model 36

Posted by samzenpus from the making-bad-pretty dept.
Sparrowvsrevolution writes "At the Shmoocon security conference later this month, Danny Quist plans to demo a new three-dimensional version of a tool he's created called Visualization of Executables for Reversing and Analysis, or VERA, that maps viruses' and worms' code into intuitively visible models. Quist, who teaches government and corporate students the art of reverse engineering at Los Alamos National Labs, says he hopes VERA will make the process of taking apart and understanding malware's functionality far easier. VERA observes malware running in a virtual sandbox and identifies the basic blocks of commands it executes. Then those chunks of instructions are color-coded by their function and linked by the order of the malware's operations, like a giant, 3D flow chart. Quist provides a sample video showing a model of a section of the Koobface worm."
Security

7000 e-Voting Machines Now Deemed Worthless By Irish Government 241

Posted by samzenpus from the nice-doorstop dept.
First time accepted submitter lampsie writes "Despite spending at least 51 million euro over the last decade buying and storing 7000 e-voting machines from Dutch firm Nedap, the Irish Finance minister has announced that they are now 'worthless'. The machines were originally trialled in 2002 on three regional elections, but a nationwide rollout in 2004 was put on hold after a confidential report expressed serious concern over the security of the voting machines. According to the report, the integrity of the ballot could not be guaranteed with the equipment and controls used. Several years on, and tens of millions later, it looks like the pen and paper ballot will remain for now."
Crime

The Future of Hi-Tech Auto Theft 272

Posted by samzenpus from the stealing-the-car-of-the-future dept.
NicknamesAreStupid writes "Over the past twenty years, car theft has declined as new models incorporated electronic security methods that thwarted simple hot-wiring. The tide may now be turning, as cars become the next Windows PC. The Center for Automobile Embedded Systems Security has posted an interesting paper from UCSD and UW that describes how modern cars can be cracked (PDF). Unlike the old days of window jimmies, these exploits range from attacks through the CD or iPod port to cellular attacks that take inventory of thousands of cars and offer roaming thieves Yelp-like choices ('our favorite is mint green with leather') with unlocked doors and running engines."
Crime

Major Financial Groups Share Data To Fight Online Theft 40

Posted by Soulskill from the dogs-and-cats-living-together dept.
smitty777 writes "The Wall Street Journal is reporting on some unprecedented steps being taken by major financial institutions to combat online theft. The initiatives include a new type of data center that would be used to analyze bank data for potential security threats. Additionally, a quarterly round-table between the rivals to attack security issues was proposed. The article notes that 'security threats are pushing the big banks to do something that doesn't come naturally for these secrecy-steeped institutions: share information with one another.' A video at MarketWatch digs into it a little bit more, and points out that the banks will spend an estimated $1 billion on protection this year, which represents a 12% increase. Technologically, there has been much discussion of two-factor authentication to improve security. In fact, security officials in Singapore are even hinting at biometric solutions."
Security

Symantec Sued For Running Fake "Scareware" Scans 391

Posted by samzenpus from the selling-fear dept.
Sparrowvsrevolution writes "James Gross, a resident of Washington State, filed what he intends to be a class action lawsuit against Symantec in a Northern District California court Tuesday, claiming that Symantec defrauds consumers by running fake scans on their machines, with results designed to bully users into upgrading to a paid version of the company's software. 'The scareware does not conduct any actual diagnostic testing on the computer,' the complaint reads. 'Instead, Symantec intentionally designed its scareware to invariably report, in an extremely ominous manner, that harmful errors, privacy risks, and other computer problems exist on the user's PC, regardless of the real condition of the consumer's computer.' Symantec denies those claims, but it has a history of using fear mongering tactics to bump up its sales. A notice it showed in 2010 to users whose subscriptions were ending in 2010 warned that 'cyber-criminals are about to clean out your bank account...Protect yourself now, or beg for mercy.'"
Microsoft

Microsoft Readying Massive Real Time Threat Intelligence Feed 89

Posted by samzenpus from the dangers-of-the-day dept.
chicksdaddy wrote in with a link to a story about a Microsoft project that will share security information in real time with customers and law enforcement. The article reads "Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec. Now the company is ready to start making the data it acquires in those busts available to governments, law enforcement and customers as a real time threat intelligence feed. Representatives from the Redmond, Washington software maker told an audience at the International Conference on Cyber Security (ICCS) here that it was testing a new service to distribute threat data from captured botnets and other sources to partners, including foreign governments, Computer Emergency Response Teams (CERTs) and private corporations."
Medicine

Doctor Warns of the Hidden Danger of Touchscreens 242

Posted by samzenpus from the touch-too-much dept.
snydeq writes "Dr. Franklin Tessler discusses the hidden stress-related injuries of touchscreen use, and how best to use smartphones, tablets, and touch PCs to avoid them. 'Touchscreen-oriented health hazards are even more insidious because most people aren't even aware that they exist. The potential for injury from using touchscreens will only go up ... as the rise of the touchscreen means both new kinds of health hazards and more usage in risky scenarios,' Tessler writes, providing tips for properly positioning touchscreens and ways to avoid repetitive stress injuries and eyestrain."
Firefox

Mozilla Announces Long Term Support Version of Firefox 249

Posted by Unknown Lamer from the can't-stop-until-version-73 dept.
mvar writes "After a meeting held last Monday regarding Mozilla Firefox Extended Support Release, the new version was announced yesterday in a post on Mozilla's official blog: 'We are pleased to announce that the proposal for an Extended Support Release (ESR) of Firefox is now a plan of action. The ESR version of Firefox is for use by enterprises, public institutions, universities, and other organizations that centrally manage their Firefox deployments. Releases of the ESR will occur once a year, providing these organizations with a version of Firefox that receives security updates but does not make changes to the Web or Firefox Add-ons platform.'"
Programming

The Bosses Do Everything Better (or So They Think) 469

Posted by Soulskill from the make-a-button-that-does-everything dept.
theodp writes "Some people, writes Dave Winer, make the mistake of thinking that if the result of someone's work is easy to use, the work itself must be easy. Like the boss — or boss's boss's boss — who asks for your code so he can show you how to implement the features he wants instead of having to bother to explain things. Give the code to him, advises Winer. If he pulls it off, even poorly, at least you'll know what he was asking for. And if he fails, well, he might be more patient about explaining what exactly he wants, and perhaps even appreciate how hard your work is. Or — more likely — you may simply never hear from him again. Win-win-win. So, how do you handle an anything-you-can-do-I-can-do-better boss?"

Slashdot Top Deals