An anonymous reader writes "An EXT4 file-system data corruption issue has reached the stable Linux kernel. The latest Linux 3.4, 3.5, 3.6 stable kernels have an EXT4 file-system bug described as an apparent serious progressive ext4 data corruption bug. Kernel developers have found and bisected the kernel issue but are still working on a proper fix for the stable Linux kernel. The EXT4 file-system can experience data loss if the file-system is remounted (or the system rebooted) too often."

Hugh Pickens writes "In 2007 businessman Russell Thornton lost his 3-year-old son at an amusement park. After a frantic 45-minute search, Thornton found the boy hiding in a play structure, but he was traumatized by the incident. It spurred him to build a device that would help other parents avoid that fate. Even though most statistics show that rates of violent crime against children have declined significantly over the last few decades, and that abductions are extremely rare, KJ Dell'Antonia writes that with the array of new gadgetry like Amber Alert and the Securus eZoom our children need never experience the fears that come with momentary separations, or the satisfaction of weathering them. 'You could argue that those of us who survived our childhoods of being occasionally lost, then found, are in the position of those who think car seats are overkill because they suffered no injury while bouncing around in the back of their uncle's pickup,' writes Dell'Antonia. 'Wouldn't a more powerful sense of security come from knowing your children were capable, and trusting in their ability to reach out for help at the moment when they realize they're not?'"

concealment writes with a tale of how an email sent to a mathematician led to him discovering that dozens of high profile companies were using easily crackable keys to authenticate mail sent from their domains. From the article: "The problem lay with the DKIM key (DomainKeys Identified Mail) Google used for its google.com e-mails. DKIM involves a cryptographic key that domains use to sign e-mail originating from them – or passing through them – to validate to a recipient that the header information on an e-mail is correct and that the correspondence indeed came from the stated domain. When e-mail arrives at its destination, the receiving server can look up the public key through the sender's DNS records and verify the validity of the signature. Harris wasn't interested in the job at Google, but he decided to crack the key and send an e-mail to Google founders Brin and Page, as each other, just to show them that he was onto their game."

An anonymous reader writes "Windows 7 was expected to have Service Pack 2 issued roughly 3 years from its introduction (late 2009). People, including myself, have been asking 'Where is it?' and the answer apparently is, 'It isn't, and will never be' which lends itself to the giant pain of installing Windows 7, then Service Pack 1, and hundreds of smaller hotfix patches. Why Microsoft? No go to Service Pack 2 for Windows 7!"

helix2301 writes with an excerpt from CNet "Hackers broke into keypads at more than 60 Barnes & Noble bookstores and made off with the credit card information for customers who shopped at the stores in the last month. At least one point-of-sale terminal in 63 different stores was compromised recording card details. Since discovering the breach, the company has uninstalled all 7,000 point-of-sale terminals from its hundreds of stores for examination."

tlhIngan writes "Heads up CyanogenMod users — you will want to update to the latest nightly build as it turns out that your unlock patterns were accidentally logged. The fix has been committed and is in the latest build. While not easy to access (it requires access to a backup image or the device), it was a potential security hole. It was added back in August when Cyanogen added the ability to customize the screen lock size.`"

An anonymous reader writes "PS3 security has been compromised again. The holy grail of the PS3 security encryption keys — LV0 keys — have been found and leaked into the wild. For the homebrew community, this means deeper access into the PS3: the possibility of custom (or modified) firmware up to the most recent version, the possibility of bypassing PS3 hypervisor for installing GNU/Linux with full hardware access, dual firmware booting, homebrew advanced recovery (on the molds of Bootmii on Wii), and more. It might lead to more rampant piracy too, because the LV0 keys could facilitate the discovering of the newer games' encryption keys, ones that require newer firmware."

Trailrunner7 writes "A security researcher has submitted to Oracle a patch he said took him 30 minutes to produce that would repair a zero-day vulnerability currently exposed in Java SE. He hopes his actions will spur Oracle to issue an out-of-band patch for the sandbox-escape vulnerability, rather than wait for the February 2013 Critical Patch Update as Oracle earlier said it would. Adam Gowdiak of Polish security consultancy Security Explorations reported the vulnerability to Oracle on Sept. 25, as well as proof-of-concept exploit code his team produced. The vulnerability is present in Java versions 5, 6 and 7 and would allow an attacker to remotely control an infected machine once a user landed on a malicious website hosting the exploit. Gowdiak said his proof-of-concept exploit was successfully used against a fully patched Windows 7 machine using Firefox 15.0.1, Chrome 21, IE 9, Opera 12, and Safari 5.1.7."

snydeq writes "You don't need to be a programmer, but you'll solve harder problems faster if you can write your own code, writes Paul Venezia. 'The fact is, while we may know several programming languages to varying degrees, most IT ninjas aren't developers, per se. I've put in weeks and months of work on various large coding projects, but that's certainly not how I spend most of my time. Frankly, I don't think I could just write code day in and day out, but when I need to develop a tool to deal with a random problem, I dive right in. ... It's not a vocation, and it's not a clear focus of the job, but it's a substantial weapon when tackling many problems. I'm fairly certain that if all I did was write Perl, I'd go insane.'"

A reader writes "My Android phone (an unrooted OptimusV running 2.2.2) and my Android tablet (Arnova 7g3 running 4.1) have been subjected to hacking via either 'forced Bluetooth attack' or through the Wi-Fi signals in the home where I currently rent a room. I got an Android phone at the start of this year after my 'feature phone' was force Bluetooth hacked hoping for better security, yet I still have major security issues. For instance, my Optimus's Wi-Fi again shows an error, although I am sure that a hack is causing this since when I reset the device when it's out of range from this home's signal the Wi-Fi works fine. And now the tablet (as of recently) can't access this home's open Wi-Fi, though it works fine when at other outside hot-spots. So, my question is: Are there any good (free?) security apps out there that would actually prevent this from occurring? It's not like I'm doing nefarious things on the internet, I just want to keep it private."

An anonymous reader writes "It's approximately 11 years since Windows XP was unveiled, and this week Microsoft was still at it trying to convince users that it's time to upgrade. A post on the Windows For Your Business Blog calls on businesses to start XP migrations now. Microsoft cites the main reason as being that support for XP ends in April 2014, and 'most new hardware options will likely not support the Windows XP operating system.' If you run Windows Vista, Microsoft argues that it's time to 'start planning' the move to Windows 8. As this article points out, it's not uncommon to hear about people still running XP at work."

Sparrowvsrevolution writes with this story from Forbes: "Over the weekend at the ToorCon hacker conference in San Diego, Michael Ossmann of Great Scott Gadgets revealed a beta version of the HackRF Jawbreaker, the latest model of the wireless Swiss-army knife tools known as 'software-defined radios.' Like any software-defined radio, the HackRF can shift between different frequencies as easily as a computer switches between applications–It can both read and transmit signals from 100 megahertz to 6 gigahertz, intercepting or reproducing frequencies used by everything from FM radios to police communications to garage door openers to WiFi and GSM to next-generation air traffic control system messages. At Ossmann's target price of $300, the versatile, open-source devices would cost less than half as much as currently existing software-defined radios with the same capabilities. And to fund the beta testing phase of HackRF, the Department of Defense research arm known as the Defense Advanced Research Projects Agency (DARPA) pitched in $200,000 last February as part of its Cyber Fast Track program."

mask.of.sanity writes "Shoddy customised cryptography by a state rail outfit has been busted by a group of Australian researchers who were able to replicate cards to get free rides. The flaws in the decades-old custom cryptographic scheme were busted using a few hundred dollars' worth of equipment. The unnamed transport outfit will hold its breath until a scheduled upgrade to see the holes fixed."

New submitter cellurl writes "I run wikispeedia, a database of speed limit signs. People approach us to mirror our data, but I am quite certain it will become a one-way street. So my question is: How can I give consumers peace of mind in using our data and not give up the ship? We want to be the clearing house for this information, at the same time following our charter of providing safety. Some thoughts that come to mind are creating a 'Service Level Agreement' which they will no doubt reject, or MySQL-clustering, or rsync. Any thoughts, (technically, logistically, legally) appreciated."

Google's new ARM-powered Chromebook isn't a lot of things: it isn't a full-fledged laptop, it's not a tablet (doesn't even have a touch screen); and by design it's not very good as a stand-alone device. Eric Lai at ZDNet, though, thinks Chromebooks are (with the price drop that accompanies the newest version) a good fit for business customers, at least "for white-collar employees and other workers who rarely stray away from their corporate campus and its Wi-Fi network." Lai lists some interesting large-scale rollouts with Chromebooks, including 19,000 of them in a South Carolina school district. Schools probably especially like the control that ChromeOS means for the laptops they administer. For those who'd like to have a more conventional but still lightweight ARM laptop, I wonder how quickly the ARM variant of Ubuntu will land on the new version. (Looks like I'm not the only one to leap to that thought.)

mikejuk writes "After six years in the making, the Arduino Due is finally becoming available and, with a price tag of $49, is bound to give a boost to the platform. The Due, which means 2 in Italian and is pronounced 'doo-eh', replaces the 8-bit, 16MHz Uno by a 32-bit, 84MHz processor board that also has a range of new features — more memory, a USB port that allows it to pretend to be a mouse or a keyboard say, 54 I/O pins and so on — but what lets you do more with it is its speed and power. The heart of the new Arduino Due is the Atmel SAM3X8E, an ARM Cortex-M3-based processor, which gives it a huge boost in ADC performance, opening up possibilities for designers. The theoretical sampling rate has gone from the 15 ksps (kilosamples per second) of the existing boards, the Arduino Uno, Leonardo, and Mega 2560, to a whopping 1,000 ksps. What this all means is that the Due can be used for much more sophisticated applications. It can even play back WAV files without any help. Look out for the Due in projects that once would have needed something more like a desktop machine."

hypnosec writes "Cyber-scammers have started using '1.usa.gov' links in their spam campaigns in a bid to fool gullible users into thinking that the links they see on a website or have received in their mail or newsletter are legitimate U.S. Government websites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a 'trustworthy' 1.usa.gov URL. Further, according to an explanation provided by HowTo.gov, creating these usa.gov short URLs does not require a login." Which might not be a big deal, except that the service lets through URLs with embedded redirects, and it is to these redirected addresses that scammers are luring their victims.

A reader writes with this snippet from gizmodo: "The Associated Press reports that smartphone robberies now account for nearly half of all robberies in San Francisco, as well as an impressive 40 percent here in New York City. And the numbers aren't just high, they're getting higher fast. In Los Angeles, smartphone robberies are up 27 percent from last year, with no signs of slowing down. The thefts come in all varieties as well. Victims have reported having their phones—iPhones in particular (surprise!)—yanked out of their hands while talking, snatched just as public transit reaches a stop, or even taken at gunpoint." When I was relieved at gunpoint of my (very, very dumb) phone a few years ago in Philadelphia (very, very dumb), it made for a lousy evening. Have you been robbed (or accosted) like this? If so, where?

e065c8515d206cb0e190 writes "Several websites have announced the launch of Silent Circle, PGP's founder Phil Zimmermann's new suite of tools for the paranoid. After a first day glitch with a late approval of their iOS app, the website seems to now accept subscriptions. Have any slashdotters subscribed? What does SilentCircle provide that previous applications didn't have?"

madsdyd writes "I am a long-time user of Linux (since 1997) and have not been using Windows since 1998. All PCs at home (mine, wife's, kids') run Linux. I work professionally as a software developer with Linux, but the Windows installs at my workplace are quite limited, so my current/working knowledge of Windows is almost nil. At home we have all been happy with this arrangement, and the kids have been using their Nintendos, PS2/3's and mobile phones up until now. However, my oldest kid (12) now wants to play World of Warcraft and League of Legends with his friends. I have spent more hours than I like to admit getting this to work with Wine, with limited success — seems to always fail at the last moment. I considered an Apple machine, but they seem to be quite expensive. So, I am going to bite the bullet, and install Windows 7 on a spare Lenovo T400 laptop, which I estimate will be able to run both Windows 7 and the games in question." Read on for more about the questions this raises, for someone who wants to ensure that a game-focused machine stays secure.