You complained; we heard you. We're making some adjustments to our ongoing experiment with video on Slashdot, and are trying to get it right. Some of the videos just haven't gelled, to put it lightly, and we know it. We're feeling out just what kinds of videos make sense here: it's a steep learning curve. So far, though, besides a few videos that nearly everyone hated, we've also seen some wacky, impressive, fun technology, and we're going to keep bringing more of it, but in what we intend to be smarter doses, here on the Slashdot home page. (A larger selection will be available on tv.slashdot.org.) We're also planning to start finding and documenting some creative means of destruction for naughty hardware; suggestions welcome. We have also heard you when it comes to improving the core Slashdot site experience and fixing bugs on site. We're working on these items, too. As always, suggestions are welcome, too, for other things worth getting on camera or publishing on Slashdot.

An anonymous reader writes with this excerpt from ZDNet: "Security researchers from two universities say they found how hackers can retrieve credit card data and other personal information from used Microsoft Xbox 360s, even if the console is restored back to factory settings and its hard drive is wiped. Microsoft is now looking into their story of buying a refurbished Xbox 360 from a Microsoft-authorized retailer, downloading a basic modding tool, gaining access to the console's files and folders, and eventually extracting the original owner's credit card information. Redmond is still investigating, but it's already calling the claims 'unlikely.'"

twoheadedboy writes "A Flashback variant dubbed Backdoor.Flashback.39 has infected over 600,000 Macs, according to Russian security firm Dr Web. The virulent Flashback trojan infecting Apple machines sparked interest earlier this week after it was seen exploiting a Java vulnerability, although it was actually first discovered back in September last year. The Trojan has a global reach after Dr Web found infected Macs in most countries. More than half of the Macs infected are in the US (56.6 percent), while another 19.8 percent are in Canada. The UK has 12.8 percent of infected Macs."

zzzreyes writes "I got an email from my cloud server to reset the admin password, first dismissed it as phishing, but a few emails later I found one from an admin telling me that they had given a person full access to my server and revoked it, but not before 2 domains were moved from my account. I logged into my account to review the activity and found the form the perpetrator had submitted for appointment of new primary contact and it infuriated me, given the grave omissions. I wrote a letter to the company hoping for them to rectify the harm and they offered me half month of hosting, in a sign of good faith. For weeks I've been struggling with this and figure that the best thing to do is to ask my community for advice and help, so my dear slashdotters please share with me if you have any experience with this or know of anyone that has gone through this. What can I do?"

This isn't about your place in society, but about user privileges on your computers and computer networks. The more privileges, the more risk of getting hacked and having Bad People do Bad Things to your company's computers, right? So Leonid Shtilman's company, Viewfinity, offers SaaS that helps you grant system privileges in a more granular manner than just allowing "root" and "user" accounts with nothing in between.

Hkibtimes writes, quoting the International Business Times: "The Anonymous hacking collective has landed in China, home of some of the most tightly controlled Internet access in the world, and defaced hundreds of government websites in what appears to be a massive online operation against Beijing. Anonymous listed its intended institutional targets on Pastebin and has now attacked them."

CharlyFoxtrot writes "The geeks over on the fail0verflow blog took apart an AT&T Microcell device which is 'essentially a small cell-tower in a box, which shuttles your calls and data back to the AT&T mothership over your home broadband connection.' They soon uncovered some real security issues including a backdoor : 'We believe that this backdoor is NOT meant to be globally accessible. It is probably only intended to be used over the IPSEC tunnel which the picoChip SoC creates. [...] Unfortunately, they set up the wizard to bind on 0.0.0.0, so the backdoor is accessible over the WAN interface.'"

An anonymous reader writes "You probably don't remember the RockYou fiasco as it happened in late 2009. In case you don't, social game developer RockYou suffered a serious SQL injection flaw on its flagship website. Worse, the company was storing user details in plain text. As a result, tens of millions of login details, including those belonging to minors, were stolen and published online. Now, RockYou has finally settled with the Federal Trade Commission."

OverTheGeicoE writes "A group of students and a professor were detained by TSA at Dallas' Love Field. Several of them were led away in handcuffs. What did they do wrong? One of them left a robotic science experiment behind on an aircraft, which panicked a boarding flight crew. The experiment 'looked like a cell phone attached to a remote control car with some exposed wires protruding.' Of course, the false alarm inconvenienced more than the traveling academics. The airport was temporarily shut down and multiple gates were evacuated, causing flight delays and diversions."

An anonymous reader writes "A pair of researchers at Karlstad University have been able to establish how the Great Firewall of China sets about blocking unpublished Tor bridges. The GFC inspects web traffic looking for potential bridges and then attempts 'to speak Tor' to the hosts. If they reply, they're deemed to be Tor bridges and blocked. While this looks like another example of the cat and mouse game between those wishing to surf the net anonymously and a government intent on curtailing online freedoms, the researchers suggest ways that the latest blocking techniques may be defeated."

Trailrunner7 writes with this excerpt from Threatpost: "Mozilla has made a change in Firefox that will block all of the older versions of Java that contain a critical vulnerability that's being actively exploited. The decision to add these vulnerable versions of Java to the browser's blocklist is designed to protect users who may not be aware of the flaw and attacks. 'This vulnerability — present in the older versions of the JDK and JRE — is actively being exploited, and is a potential risk to users. To mitigate this risk, we have added affected versions of the Java plugin for Windows (Version 6 Update 30 and below as well as Version 7 Update 2 and below) to Firefox's blocklist. A blocklist entry for the Java plugin on OS X may be added at a future date. Mozilla strongly encourages anyone who requires the JDK and JRE to update to the current version as soon as possible on all platforms,' Mozilla's Kev Needham said."

A company that has been going since 2001 is not exactly a startup, but Blue Gecko co-founder Sarah Novotny says that maintaining a startup mindset has helped her company keep going this long, with no end in sight. If you are thinking about starting an IT business (either now or in the future), especially one you hope will have remote clients and possibly a far-flung workforce, you should listen carefully to what Sarah has to say.

An anonymous reader writes "In response to a plans to introduce real time monitoring of all UK Internet communications, a petition has been set up in opposition." Previously covered here, El Reg chimes in with a bit of conspiracy theorizing and further analysis: "It would appear that the story is being managed: the government is looking to make sure that CCDP is an old news story well ahead of the Queen's Speech to Parliament on 9 May. Sundays — especially Sunday April the 1st — are good days to have potentially unpopular news reach the population at large."

An anonymous reader writes "Global Payments, the U.S.-based credit card processor company that experienced a security breach affecting Visa and MasterCard, confirmed that the breached portion of its processing system was confined to North America. The company also finally revealed how many credit card numbers were stolen: around 1,500,000."

'GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks,' says the GreenSQL.net website, which also says, 'GreenSQL works as a proxy and has built-in support for MySQL and PostgreSQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc).' The company also maintains a commercial version as a separate entity. GreenSQL CTO/CoFounder David Maman gives more details about both the company and open source GreenSQL in this video interview.

alphadogg writes "The cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert. Security experts from Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, announced that they took control of the 110,000 PC-strong Kelihos botnet on Wednesday using a method called sinkholing. That worm has compromised over 70,000 Facebook accounts so far and is currently distributing a new version of the Kelihos Trojan."

gManZboy writes "Six years and $450 million into the project, the FBI's Sentinel case-management system appears to be almost ready for deployment. Sentinel aims to replace a hodge-podge of digital and paper processes with purely digital workflows, helping FBI agents collaborate and "connect the dots" on investigations. The question now is how well the problem-plagued system will live up to those expectations. FBI CIO Chad Fulgham demonstrated Sentinel for InformationWeek on March 28, the first time the agency has shown its new case-management system to an outsider. 'This isn't just a case-management system. It's a great platform to grow on,' Fulgham said during the demo at FBI headquarters. The agency's IT team plans to move other apps over to Sentinel, giving them a similar look and feel on the same underlying hardware."

MrSeb writes "Today is World Backup Day! The premise is that you back up your computers on March 31, so that you're not an April Fool if your hard drive crashes tomorrow. How do Slashdot users back up? RAID? Multiple RAIDs? If you're in LA, on a fault line, do you keep a redundant copy of your data in another geographic region?"

zacharye writes "Using nothing more than a few common tools, hackers can reportedly recover credit card numbers and other personal information from used Xbox 360 consoles even after they have been restored to factory settings. Researchers at Drexel University say they have successfully recovered sensitive personal data from a used Xbox console, and they claim Microsoft is doing a disservice to users by not taking precautions to secure their data. 'Microsoft does a great job of protecting their proprietary information,' researcher Ashley Podhradsky said."

Fluffeh writes "A nice summary at TechDirt brings word that Bruce Schneier has been debating Kip Hawley, former boss of the TSA, over at the Economist. Bruce has been providing facts, analysis and some amazing statistics throughout the debate, and it makes for very educational reading. Because of the format, the former TSA administrator is compelled to respond. Quoting: 'He wants us to trust that a 400-ml bottle of liquid is dangerous, but transferring it to four 100-ml bottles magically makes it safe. He wants us to trust that the butter knives given to first-class passengers are nevertheless too dangerous to be taken through a security checkpoint. He wants us to trust that there's a reason to confiscate a cupcake (Las Vegas), a 3-inch plastic toy gun (London Gatwick), a purse with an embroidered gun on it (Norfolk, VA), a T-shirt with a picture of a gun on it (London Heathrow) and a plastic lightsaber that's really a flashlight with a long cone on top (Dallas/Fort Worth).""