hypnosec writes with news that two security consultants have found vulnerabilities in Call of Duty: Modern Warfare 3 and the CryEngine 3 graphics engine that could harm game makers and players alike. Presenting at the Power of Community (POC2012) security conference, the researchers demonstrated how a denial-of-service attack could affect Modern Warfare 3, and how a server-level attack on CryEngine 3 allowed them to "create a remote shell on a game-player's computer." "'Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server,' Ferrante said. In general, game companies don't seem to be very focused on security but rather on performance of the game itself, Ferrante said. Adding security checks can slow down games, and if the companies don't deem the problem a very critical issue, it will usually be ignored. 'These are games that have a very large market,' Auriemma said."
An anonymous reader writes "A man has initiated a class-action suit against Blizzard over a product used to shore up Battle.net security. Benjamin Bell alleges that Blizzard's sale of Authenticators — devices that enable basic two-tier authentication — represents deceptive and unfair additional costs to their basic games. (Blizzard sells the key fob versions for $6.50, and provides a free mobile app as an alternative. Neither are mandatory.) The complaint accuses Blizzard of making $26 million in Authenticator sales. In response, Blizzard made a statement refuting some of the complaint's claims and voicing their intention to 'vigorously defend' themselves."
Penurious Penguin writes "The Wall Street Journal, in correspondence with Chevron representatives, reveals that back in 2010, Stuxnet reached Chevron, where it managed to infect — but not significantly affect — the oil giant's network. According to a Chevron representative speaking to CNET, the issue was 'immediately addressed ... without incident.' The Stuxnet worm is believed to be the work of the U.S. and Israel, and this report is confirmation that it struck well wide of its intended targets. Chevron's general manager of the earth sciences department, Mark Koelmel, said to CIO Journal, 'I don't think the U.S. government even realized how far it had spread ... I think the downside of what they did is going to be far worse than what they actually accomplished.'"
An anonymous reader writes "Now that Windows 8 is on sale and has already been purchased by millions, expect very close scrutiny of Microsoft's latest and greatest security features. 0-day vulnerabilities are already being claimed, but what about the malware that's already out there? When tested against the top threats, Windows 8 is immune to 85 percent of them, and gets infected by 15 percent, according to tests run by BitDefender."
An anonymous reader writes "I am getting ready to start learning the use of virtual machines. What VM software would you recommend? This is for personal use. It would be good to run both Windows VMs and Linux VMs. Early use would be maintaining multiple Windows installs using only one desktop computer with plenty of cores and memory. I would be starting with a Windows host, but probably later switching to a Linux host after I learn more about it. Free is good, but reliability and ease of use are better. What is your preferred choice for a VM beginner? VMware? Xen? VirtualBox? Something else?" It may also be helpful if you can recommend particular VM software for particular uses, or provide some insight on different hosting options.
cheesecake23 writes "Many talking heads have attributed Obama's success to an unmatched 'ground game.' Now, inside reports from campaign volunteers suggest that Project Orca, a Republican, tech-based voter monitoring effort with 37,000 volunteers in swing states, turned out to be an epic failure due to dismal IT. Problems ranged from state-wide incorrect PINs, to misleading and delayed information packets delivered to volunteers, to a server outage and missing redirection of secure URLs."
Qedward writes "A high court judge has ruled that companies do not have a general claim of ownership of the content contained in staff emails. The decision creates a potential legal minefield for the terms of staff contracts and an administrative nightmare for IT teams running email servers, back up and storage. The judge ruled businesses do not have an 'enforceable proprietary claim' to staff email content unless that content can be considered to be confidential information belonging to a business, unless business copyright applies to the content, or unless the business has a contractual right of ownership over the content. Justice Edwards-Stuart added it was 'quite impractical and unrealistic' to determine that ownership of the content of emails either belongs exclusively to the creator or the recipient of an email."
Esther Schindler writes "The job of dealing with an under-performing employee doesn't end when the culprit is shown the door. Everyone focuses on security tasks, after you fire the idiot, such as changing passwords, but that's just one part of the To Do list. More important, in the long run, is the cleanup job that needs to be done after you fire the turkey, looking for the hidden messes and security flaws the ex-employee may have left behind. Otherwise, you'll still be cleaning up the problems six months later."
littlekorea writes "Australia's telcos have declared that SMS technology should not be used by banks to verify identities for online banking transactions, in a bid to wash their hands of culpability for phone porting hacks. But three of Australia's largest four banks insist they will continue to use SMS messages to carry authentication codes for transactions."
coondoggie writes "NASA said today it had teamed with the European Space Agency to successfully test an experimental version of an 'interplanetary Internet' to control a robot on the ground in Germany from a laptop onboard the International Space Station."
An anonymous reader writes "The Apache Foundation revealed in Sinsheim, Germany their plans for a cloud version of OpenOffice.org based on HTML5. Chinese and German engineers use OpenOffice in 'headless' mode as a base."
tsu doh nimh writes with this excerpt from Krebs on Security: "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they've discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X — Adobe introduced a 'sandbox' feature aimed at blocking the exploitation of previously unidentified security holes in its software, and until now that protection has held its ground. Adobe, meanwhile, says it has not yet been able to verify the zero-day claims."
concealment writes "During a pre-trial hearing in military court today, [alleged Wikileaks source Bradley] Manning's attorney, David Coombs, proposed a partial guilty plea covering a subset of the slew of criminal charges that the U.S. Army has lodged against him. "Manning is attempting to accept responsibility for offenses that are encapsulated within, or are a subset of, the charged offenses," Coombs wrote on his blog this evening. "The court will consider whether this is a permissible plea.""
An anonymous reader writes "In Britain, where it is custom and practice to charge around £10 for a copy of your medical results, a patient has discovered that his copy will cost him £2,000 because the records are stored on an obsolete system that the current IT systems cannot access. Can this be good for patient care if no-one can access records dating back from a previous filing system? Perhaps we need to require all current systems to store data in a way that is vendor independent, and DRM-free, too?"