chicksdaddy writes "We hear a lot about vulnerabilities in industrial control system (ICS) software. But what about real evidence of compromised SCADA and industrial control systems? According to security researcher Michael Toecker, a consultant at the firm Digital Bond, the evidence for infected systems with links to industrial automation and control systems is right under our eyes: buried in public support forums. Toecker audited support sites like bleepingcomputer.com, picking through data dumps from free malware scanning tools like HijackThis and DDS. He found scans of infected systems that were running specialized ICS software like Schweitzer Engineering Labs (SEL) AcSELerator Software and GE Power's EnerVista Software (used to configure GE electric power protection products). The infected end user systems could be the pathway to compromising critical infrastructure, including electrical infrastructure. 'With access to a protection relay through a laptop, a malicious program could alter settings in the configuration file, inject bad data designed to halt the relay, or even send commands directly to the relay when a connection was made,' Toecker wrote."
KermMartian writes "It has been nearly two decades since Texas Instruments released the TI-82 graphing calculator, and as the TI-83, TI-83+, and TI-84+ were created in the intervening years, these 6MHz machines have only become more absurdly retro, complete with 96x64-pixel monochome LCDs and a $120 price tag. However, a student member of a popular graphing calculator hacking site has leaked pictures and details about a new color-screen TI-84+ calculator, verified to be coming soon from Texas Instruments. With the lukewarm reception to TI's Nspire line, it seems to be an attempt to compete with Casio's popular color-screen Prizm calculator. Imagine the graphs (and games!) on this new 320x240 canvas."
MojoKid writes "Nike+ FuelBand is a $149 wristband with LED display that tracks your daily activity, tells you how many calories you've burned, lets you know how much fuel you have left in the tank, and basically keeps track of 'every move you make.' If you think that sounds like a privacy nightmare waiting to happen, it pretty much is. A source directly connected to Nike reported an amusing, albeit startling anecdote about a guy who got caught cheating on his girlfriend because of the Nike+ FuelBand. 'They shared their activity between each other and she noticed he was active at 1-2AM, when he was supposed to be home.' That's just one scenario. What if the wristband gets lost or stolen? How much data is actually stored on these sorts of devices? And remember, you're syncing it to the cloud with an iOS or Android app."
hypnosec writes with news that two security consultants have found vulnerabilities in Call of Duty: Modern Warfare 3 and the CryEngine 3 graphics engine that could harm game makers and players alike. Presenting at the Power of Community (POC2012) security conference, the researchers demonstrated how a denial-of-service attack could affect Modern Warfare 3, and how a server-level attack on CryEngine 3 allowed them to "create a remote shell on a game-player's computer." "'Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server,' Ferrante said. In general, game companies don't seem to be very focused on security but rather on performance of the game itself, Ferrante said. Adding security checks can slow down games, and if the companies don't deem the problem a very critical issue, it will usually be ignored. 'These are games that have a very large market,' Auriemma said."
An anonymous reader writes "A man has initiated a class-action suit against Blizzard over a product used to shore up Battle.net security. Benjamin Bell alleges that Blizzard's sale of Authenticators — devices that enable basic two-tier authentication — represents deceptive and unfair additional costs to their basic games. (Blizzard sells the key fob versions for $6.50, and provides a free mobile app as an alternative. Neither are mandatory.) The complaint accuses Blizzard of making $26 million in Authenticator sales. In response, Blizzard made a statement refuting some of the complaint's claims and voicing their intention to 'vigorously defend' themselves."
Penurious Penguin writes "The Wall Street Journal, in correspondence with Chevron representatives, reveals that back in 2010, Stuxnet reached Chevron, where it managed to infect — but not significantly affect — the oil giant's network. According to a Chevron representative speaking to CNET, the issue was 'immediately addressed ... without incident.' The Stuxnet worm is believed to be the work of the U.S. and Israel, and this report is confirmation that it struck well wide of its intended targets. Chevron's general manager of the earth sciences department, Mark Koelmel, said to CIO Journal, 'I don't think the U.S. government even realized how far it had spread ... I think the downside of what they did is going to be far worse than what they actually accomplished.'"
An anonymous reader writes "Now that Windows 8 is on sale and has already been purchased by millions, expect very close scrutiny of Microsoft's latest and greatest security features. 0-day vulnerabilities are already being claimed, but what about the malware that's already out there? When tested against the top threats, Windows 8 is immune to 85 percent of them, and gets infected by 15 percent, according to tests run by BitDefender."
An anonymous reader writes "I am getting ready to start learning the use of virtual machines. What VM software would you recommend? This is for personal use. It would be good to run both Windows VMs and Linux VMs. Early use would be maintaining multiple Windows installs using only one desktop computer with plenty of cores and memory. I would be starting with a Windows host, but probably later switching to a Linux host after I learn more about it. Free is good, but reliability and ease of use are better. What is your preferred choice for a VM beginner? VMware? Xen? VirtualBox? Something else?" It may also be helpful if you can recommend particular VM software for particular uses, or provide some insight on different hosting options.
cheesecake23 writes "Many talking heads have attributed Obama's success to an unmatched 'ground game.' Now, inside reports from campaign volunteers suggest that Project Orca, a Republican, tech-based voter monitoring effort with 37,000 volunteers in swing states, turned out to be an epic failure due to dismal IT. Problems ranged from state-wide incorrect PINs, to misleading and delayed information packets delivered to volunteers, to a server outage and missing redirection of secure URLs."
Qedward writes "A high court judge has ruled that companies do not have a general claim of ownership of the content contained in staff emails. The decision creates a potential legal minefield for the terms of staff contracts and an administrative nightmare for IT teams running email servers, back up and storage. The judge ruled businesses do not have an 'enforceable proprietary claim' to staff email content unless that content can be considered to be confidential information belonging to a business, unless business copyright applies to the content, or unless the business has a contractual right of ownership over the content. Justice Edwards-Stuart added it was 'quite impractical and unrealistic' to determine that ownership of the content of emails either belongs exclusively to the creator or the recipient of an email."
Esther Schindler writes "The job of dealing with an under-performing employee doesn't end when the culprit is shown the door. Everyone focuses on security tasks, after you fire the idiot, such as changing passwords, but that's just one part of the To Do list. More important, in the long run, is the cleanup job that needs to be done after you fire the turkey, looking for the hidden messes and security flaws the ex-employee may have left behind. Otherwise, you'll still be cleaning up the problems six months later."
littlekorea writes "Australia's telcos have declared that SMS technology should not be used by banks to verify identities for online banking transactions, in a bid to wash their hands of culpability for phone porting hacks. But three of Australia's largest four banks insist they will continue to use SMS messages to carry authentication codes for transactions."
coondoggie writes "NASA said today it had teamed with the European Space Agency to successfully test an experimental version of an 'interplanetary Internet' to control a robot on the ground in Germany from a laptop onboard the International Space Station."
An anonymous reader writes "The Apache Foundation revealed in Sinsheim, Germany their plans for a cloud version of OpenOffice.org based on HTML5. Chinese and German engineers use OpenOffice in 'headless' mode as a base."
tsu doh nimh writes with this excerpt from Krebs on Security: "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they've discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X — Adobe introduced a 'sandbox' feature aimed at blocking the exploitation of previously unidentified security holes in its software, and until now that protection has held its ground. Adobe, meanwhile, says it has not yet been able to verify the zero-day claims."