Sparrowvsrevolution writes with this story from Forbes: "Over the weekend at the ToorCon hacker conference in San Diego, Michael Ossmann of Great Scott Gadgets revealed a beta version of the HackRF Jawbreaker, the latest model of the wireless Swiss-army knife tools known as 'software-defined radios.' Like any software-defined radio, the HackRF can shift between different frequencies as easily as a computer switches between applications–It can both read and transmit signals from 100 megahertz to 6 gigahertz, intercepting or reproducing frequencies used by everything from FM radios to police communications to garage door openers to WiFi and GSM to next-generation air traffic control system messages. At Ossmann's target price of $300, the versatile, open-source devices would cost less than half as much as currently existing software-defined radios with the same capabilities. And to fund the beta testing phase of HackRF, the Department of Defense research arm known as the Defense Advanced Research Projects Agency (DARPA) pitched in $200,000 last February as part of its Cyber Fast Track program."

mask.of.sanity writes "Shoddy customised cryptography by a state rail outfit has been busted by a group of Australian researchers who were able to replicate cards to get free rides. The flaws in the decades-old custom cryptographic scheme were busted using a few hundred dollars' worth of equipment. The unnamed transport outfit will hold its breath until a scheduled upgrade to see the holes fixed."

New submitter cellurl writes "I run wikispeedia, a database of speed limit signs. People approach us to mirror our data, but I am quite certain it will become a one-way street. So my question is: How can I give consumers peace of mind in using our data and not give up the ship? We want to be the clearing house for this information, at the same time following our charter of providing safety. Some thoughts that come to mind are creating a 'Service Level Agreement' which they will no doubt reject, or MySQL-clustering, or rsync. Any thoughts, (technically, logistically, legally) appreciated."

Google's new ARM-powered Chromebook isn't a lot of things: it isn't a full-fledged laptop, it's not a tablet (doesn't even have a touch screen); and by design it's not very good as a stand-alone device. Eric Lai at ZDNet, though, thinks Chromebooks are (with the price drop that accompanies the newest version) a good fit for business customers, at least "for white-collar employees and other workers who rarely stray away from their corporate campus and its Wi-Fi network." Lai lists some interesting large-scale rollouts with Chromebooks, including 19,000 of them in a South Carolina school district. Schools probably especially like the control that ChromeOS means for the laptops they administer. For those who'd like to have a more conventional but still lightweight ARM laptop, I wonder how quickly the ARM variant of Ubuntu will land on the new version. (Looks like I'm not the only one to leap to that thought.)

mikejuk writes "After six years in the making, the Arduino Due is finally becoming available and, with a price tag of $49, is bound to give a boost to the platform. The Due, which means 2 in Italian and is pronounced 'doo-eh', replaces the 8-bit, 16MHz Uno by a 32-bit, 84MHz processor board that also has a range of new features — more memory, a USB port that allows it to pretend to be a mouse or a keyboard say, 54 I/O pins and so on — but what lets you do more with it is its speed and power. The heart of the new Arduino Due is the Atmel SAM3X8E, an ARM Cortex-M3-based processor, which gives it a huge boost in ADC performance, opening up possibilities for designers. The theoretical sampling rate has gone from the 15 ksps (kilosamples per second) of the existing boards, the Arduino Uno, Leonardo, and Mega 2560, to a whopping 1,000 ksps. What this all means is that the Due can be used for much more sophisticated applications. It can even play back WAV files without any help. Look out for the Due in projects that once would have needed something more like a desktop machine."

hypnosec writes "Cyber-scammers have started using '1.usa.gov' links in their spam campaigns in a bid to fool gullible users into thinking that the links they see on a website or have received in their mail or newsletter are legitimate U.S. Government websites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a 'trustworthy' 1.usa.gov URL. Further, according to an explanation provided by HowTo.gov, creating these usa.gov short URLs does not require a login." Which might not be a big deal, except that the service lets through URLs with embedded redirects, and it is to these redirected addresses that scammers are luring their victims.

A reader writes with this snippet from gizmodo: "The Associated Press reports that smartphone robberies now account for nearly half of all robberies in San Francisco, as well as an impressive 40 percent here in New York City. And the numbers aren't just high, they're getting higher fast. In Los Angeles, smartphone robberies are up 27 percent from last year, with no signs of slowing down. The thefts come in all varieties as well. Victims have reported having their phones—iPhones in particular (surprise!)—yanked out of their hands while talking, snatched just as public transit reaches a stop, or even taken at gunpoint." When I was relieved at gunpoint of my (very, very dumb) phone a few years ago in Philadelphia (very, very dumb), it made for a lousy evening. Have you been robbed (or accosted) like this? If so, where?

e065c8515d206cb0e190 writes "Several websites have announced the launch of Silent Circle, PGP's founder Phil Zimmermann's new suite of tools for the paranoid. After a first day glitch with a late approval of their iOS app, the website seems to now accept subscriptions. Have any slashdotters subscribed? What does SilentCircle provide that previous applications didn't have?"

madsdyd writes "I am a long-time user of Linux (since 1997) and have not been using Windows since 1998. All PCs at home (mine, wife's, kids') run Linux. I work professionally as a software developer with Linux, but the Windows installs at my workplace are quite limited, so my current/working knowledge of Windows is almost nil. At home we have all been happy with this arrangement, and the kids have been using their Nintendos, PS2/3's and mobile phones up until now. However, my oldest kid (12) now wants to play World of Warcraft and League of Legends with his friends. I have spent more hours than I like to admit getting this to work with Wine, with limited success — seems to always fail at the last moment. I considered an Apple machine, but they seem to be quite expensive. So, I am going to bite the bullet, and install Windows 7 on a spare Lenovo T400 laptop, which I estimate will be able to run both Windows 7 and the games in question." Read on for more about the questions this raises, for someone who wants to ensure that a game-focused machine stays secure.

dcblogs writes "Iran recently held a security trade show and conference, attended by high-ranking police and military officials. A video by an Iranian news outlet shows some of the products, from crossbows to unidentified systems, and includes an interview with Iran's police chief, Brig. Gen. Esmail Ahmadi-Moqadam: 'It's true that the U.S. made Stuxnet virus did some damage to our facilities but we were able to get them all up and running in no time. However, those who attack should expect retaliation and we haven't gone there just yet.'"

Trailrunner7 writes "There are thousands of apps in the Google Play mobile market that contain serious mistakes in the way that SSL/TLS is implemented, leaving them vulnerable to man-in-the-middle attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information. Researchers from a pair of German universities conducted a detailed analysis of thousands of Android apps and found that better than 15 percent of those apps had weak or bad SSL implementations. The researchers conducted a detailed study of 13,500 of the more popular free apps on Google Play, the official Android app store, looking at the SSL/TLS implementations in them and trying to determine how complete and effective those implementations are. What they found is that more than 1,000 of the apps have serious problems with their SSL implementations that make them vulnerable to MITM attacks, a common technique used by attackers to intercept wireless data traffic. In its research, the team was able to intercept sensitive user data from these apps, including credit card numbers, bank account information, PayPal credentials and social network credentials."

First time accepted submitter anavictoriasaavedra writes "In October, two German computer security researchers created a map that allows you to see a picture of online cyber-attacks as they happen. The map isn't out of a techno-thriller, tracking the location of some hacker in a basement trying to steal government secrets. Instead, it's built around a worldwide project designed to study online intruders. The data comes from honeypots. When the bots go after a honeypot, however, they're really hacking into a virtual machine inside a secure computer. The attack is broadcast on the map—and the researchers behind the project have a picture of how a virus works that they can use to prevent similar attacks or prepare new defenses."

CWmike writes "Eugene Kaspersky, the $800-million Russian cybersecurity tycoon, is, by his own account, out to 'save the world' with an exploit-proof operating system. Given the recent declarations from U.S. Secretary of Defense Leon Panetta and others that the nation is facing a 'digital Pearl Harbor' or 'digital 9/11' from hostile nation states like Iran, this sounds like the impossible dream come true — the cyber version of a Star Wars force field. But on this side of that world in need of saving, the enthusiasm is somewhat tempered. One big worry: source. 'The real question is, do you trust the people who built your system? The answer had better be yes,' said Gary McGraw, CTO of Cigital. Kaspersky's products are among the top ranked worldwide, are used by an estimated 300 million people and are embraced by U.S. companies like Microsoft, Cisco and Juniper Networks. But while he considers himself at some level a citizen of the world, he has close ties to Russian intelligence and Vladimir Putin. Part of his education and training was sponsored by the KGB, he is a past Soviet intelligence officer (some suspect he has not completely retired from that role) and he is said have a 'deep and ongoing relationship with Russia's Federal Security Service, or FSB,' the successor to the KGB and the agency that operates the Russian government's electronic surveillance network."

OverTheGeicoE writes "If you're concerned about possible health effects from TSA's X-ray body scanners, you might be pleased to learn that TSA is making changes. TSA is removing X-ray body scanners from major airports including Los Angeles International, Boston's Logan, Chicago's O'Hare, and New York City's JFK. Then again, these changes might not please you at all, because they are not mothballing the offending devices. No, they are instead moving them to smaller airports like the one in Mesa, AZ. Is this progress, or is TSA just moving potentially dangerous scanners from 'Blue' areas to 'Red' ones right before a presidential election?"

coondoggie writes "It's not clear if the Federal Trade Commission is throwing up its hands at the problem or just wants some new ideas about how to combat it, but the agency is now offering $50,000 to anyone who can create what it calls an innovative way to block illegal commercial robocalls on landlines and mobile phones."

Nerval's Lobster writes "Google is whipping the proverbial curtain back from its new Chromebook, which will retail for $249 and up. The Samsung-built device weighs 2.5 pounds and features an 11.6-inch screen (with 1366 x 768 resolution), backed by a 1.75GHz Samsung Exynos 5 Dual Processor. Google claims it will boot up in under 10 seconds and, depending on usage, last for 6.5 hours on one battery charge. From a product perspective, Chrome OS and its associated hardware found itself fighting a two-front battle: the first against Windows PCs and Macs, both of which could claim more robust hardware for a similar cost to the old Chromebooks (which started at $449), and the second against tablets, which offered the same degree of flexibility and connectivity for a cheaper sticker-price. By setting the cost of the new Chromebook at $249, Google continues that pricing skirmish on more favorable terms." CNET got a bit of hands-on time with the new kid, and gives it a lukewarm but positive reception.

An anonymous reader writes "The six month cycle that Canonical adheres to for Ubuntu releases has come around again today. Ubuntu 12.10 'Quantal Quetzal' has been released. There's a whole range of new features and updates, but here are the most important: WebApps — treats online services as if they are desktop apps (Gmail, Twitter, Facebook); Online Services — control logins to all your services from a single window and get them integrated into search results (e.g. GDocs for file searches); Dash Preview — right click any icon, get a detailed preview of what it is; Linux kernel 3.5.4; GNOME 3.6; Nautilus 3.4; latest Unity; No more Unity 2D, fallback is the Gallium llvmpipe software rasterizer; Default apps updated (Firefox 16.01, Thunderbird 16.01, LibreOffice 3.6.2, Totem, Shotwell, Rythmbox); Full disc encryption available during install; Single, 800MB distribution for all architectures." It's now available for download. The next version, due in six months' time, will be called Raring Ringtail.

An anonymous reader writes "During the 12th Annual Global LambdaGrid Workshop in Chicago, researchers have demonstrated interactive multi-point streaming of 8K/UHDTV (i.e., 16x Full HD resolution) using commodity PC hardware running Linux and open-source UltraGrid software. The transmissions featured GPU-accelerated JPEG and DXT compressions implemented using the NVIDIA CUDA platform, which are also available as open-source software. The streams were distributed from the source to one location in the USA and to another location in the Czech Republic over 10Gbps GLIF network infrastructure."

coondoggie writes "NASA today said it wants to gauge industry interest in the agency holding one of its patented Centennial Challenges to build the next cool unmanned aircraft. NASA said it is planning this Challenge in collaboration with the Federal Aviation Administration and the Air Force Research Lab, with NASA providing the prize purse of up to $1.5 million."

First time accepted submitter titan1070 writes "French scientist Dr. Spitzer and his colleagues have been working on a device that can sense faint traces of TNT and other explosives being smuggled into airports and other transportation methods. the hope for this device is that it will surpass the best bomb finder in the business, the sniffer dog. From the article: ' While researchers like Dr. Spitzer are making progress — and there are some vapor detectors on the market — when it comes to sensitivity and selectivity, dogs still reign supreme. “Dogs are awesome,” said Aimee Rose, a product sales director at the sensor manufacturer Flir Systems, which markets a line of explosives detectors called Fido. “They have by far the most developed ability to detect concealed threats,” she said. But dogs get distracted, cannot work around the clock and require expensive training and handling, Dr. Rose said, so there is a need for instruments.'"