An anonymous reader writes "Following recent compromises of the Linux kernel.org and Sourceforge, the FreeBSD Project is now reporting that several machines have been broken into. After a brief outage, ftp.FreeBSD.org and other services appear to be back. The project announcement states that some deprecated services (e.g., cvsup) may be removed rather than restored. Users are advised to check for packages downloaded between certain dates and replace them, although not because known trojans have been found, but rather because the project has not yet been able to confirm that they could not exist. Apparently initial access was via a stolen SSH key, but fortunately the project's clusters were partitioned so that the effects were limited. The announcement contains more detailed information — and we are left wondering, would proprietary companies that get broken into so forthcoming? Should they be?"
BLACK FRIDAY DEAL: Trust the World's Fastest VPN with Your Internet Security & Freedom--A Lifetime Subscription of PureVPN at $48 with coupon code "BFRIDAY20" ×
McGruber writes "The Associated Press is reporting that the U.S. Justice Department is suing eBay for allegedly agreeing with Intuit not to hire each other's employees. According to the article, 'eBay's agreement with Intuit hurt employees by lowering the salaries and benefits they might have received and deprived them of better job opportunities at the other company,' said acting Assistant Attorney General Joseph Wayland, who is in charge of the Justice Department's antitrust division. The division 'has consistently taken the position that these kinds of agreements are per se (on their face) unlawful under antitrust laws.'"
MojoKid writes "iOS 6, by all appearances, has a streaming problem. This is separate from the network issues that led Verizon to state that it wouldn't bill people for overages that were caused by spotty Wi-Fi connectivity. The issue has been detailed at PRX.org with information on how the team saw a huge spike in bandwidth usage after the release of iOS 6, and then carefully tested the behavior of devices and its own app to narrow the possible cause. In one case, the playback of a single 30MB episode caused the transfer of over 100MB of data. It is believed that the issue was solved with the release of iOS 6.0.1, but anecdotal evidence from readers points to continued incidents of high data usage, even after updating. If you own an iPhone 5 or upgraded to iOS 6 on an older device, it is strongly recommend to check your usage over the past two months, update to iOS 6.0.1, and plan for a lengthy discussion with your carrier if it turns out your data use went through the roof."
Hugh Pickens writes "For years lawmakers had heard warnings about holes in corporate and government systems that imperil U.S. economic and national security. Now Ward Carroll writes that in the face of what most experts label as a potential 'Cyber Pearl Harbor' threat, Republicans have stalled the Cybersecurity Act of 2012 with a Senate vote of 51–47 against the legislation. This drew a quick response from the staff of Secretary of Defense Leon Panetta: 'The U.S. defense strategy calls for greater investments in cybersecurity measures, and we will continue to explore ways to defend the nation against cyber threats,' says DoD spokesman George Little. 'If the Congress neglects to address this security problem urgently, the consequences could be devastating.' Many Senate Republicans took their cues from the U.S. Chamber of Commerce and businesses that framed the debate not as a matter of national security, but rather as a battle between free enterprise and an overreaching government. They wanted to let companies determine whether it would be more cost effective — absent liability laws around cyber attacks — to invest in the hardware, software, and manpower required to effectively prevent cyber attacks, or to simply weather attacks and fix what breaks afterwards. 'Until someone can argue both the national security and the economic parts of it, you're going to have these dividing forces,' says Melissa Hathaway, a White House cyber official in the Bush and Obama administrations. 'Most likely, big industry is going to win because at the end of the day our economy is still in trouble.'"
Dupple writes in with a story about the uncertain future of a proposed bio lab in the heart of cattle country. "Plans to build one of the world's most secure laboratories in the heart of rural America have run into difficulties. The National Bio and Agro defense facility (NBAF) would be the first US lab able to research diseases like foot and mouth in large animals. But reviews have raised worries about virus escapes in the middle of cattle country. For over fifty years the United States has carried out research on dangerous animal diseases at Plum Island, just off the coast of New York. However after 9/11 the Department of Homeland Security raised concerns about the suitability of the location and its vulnerability to terrorist attack."
OverTheGeicoE writes "The Homeland Security Subcommittee on Transportation Security held a hearing on TSA's recent decision to move X-ray body scanners from major airports to smaller ones, which the subcommittee refers to as a 'Scanner Shuffle.' John Sanders, TSA's assistant administrator for security capabilities, testified that 91 scanners recently removed from major airports were now in storage due to 'privacy concerns.' Although TSA originally planned to relocate the scanners to smaller airports, those plans have been shelved because smaller airports don't have room for them. The subcommitteee is also investigating allegations that the machines' manufacturer, Rapiscan, 'may have falsified tests of software intended to stop the machines from recording graphic images of travelers' (VIDEO). Coincidentally, shares of Rapiscan's parent company, OSI Systems Inc., dropped in value almost 25% today, its biggest intraday decline in about 12 years. If wrongdoing is proven, Rapiscan could face fines, prison terms and a ban on government contracting, according to a former head of federal procurement."
pev writes "After losing another laptop containing personal information, NASA wants to have all of its laptops encrypted within a month's time with an intermediate ban on laptops containing sensitive information leaving its facilities. Between April 2009 and April 2011 it lost or had stolen 48 'mobile computing devices.' I wonder how long it will be before other large organizations start following suit as a sensible precaution?"
jfruh writes "Nationwide pizza chain Papa John's is finding itself on the receiving end of a $250 million text spam lawsuit. From the article: 'Seattle law firm Heyrich Kalish McGuigan, representing three Papa John's customers, alleged that the pizza delivery service has sent 500,000 unwanted text messages to customers. If the court finds that Papa John's violated the U.S. Telephone Consumer Protection Act, the pizza maker could have to pay damages of $500 per text message, or US$250 million, one of the largest damage awards under the 1991 law, the law firm said. "Many customers complained to Papa John's that they wanted the text messages to stop, and yet thousands of spam text messages were sent week after week," Donald Heyrich, attorney for the plaintiffs said in a statement. "This should be a wake-up call to advertisers. Consumers do not want spam on their cell phones."'
angry tapir writes "The U.S. Air Force has decided to scrap a major ERP (enterprise resource planning) software project after spending $1 billion, concluding that finishing it would cost far too much more money for too little gain. Dubbed the Expeditionary Combat Support System (ECSS), the project has racked up $1.03 billion in costs since 2005, 'and has not yielded any significant military capability,' an Air Force spokesman said in a statement. 'We estimate it would require an additional $1.1B for about a quarter of the original scope to continue and fielding would not be until 2020. The Air Force has concluded the ECSS program is no longer a viable option for meeting the FY17 Financial Improvement and Audit Readiness (FIAR) statutory requirement. Therefore, we are canceling the program and moving forward with other options in order to meet both requirements.'"
CowboyRobot writes "Adobe today confirmed that one of its databases has been breached by a hacker and that it had temporarily taken offline the affected Connectusers.com website. The hacker, who also goes by Adam Hima, told Dark Reading that the server he attacked was the Connectusers.com Web server, and that he exploited a SQL injection flaw to execute the attack. 'It was an SQL Injection vulnerability, somehow I was able to dump the database in less requests than normal people do,' he says. Users passwords for the Adobe Connectusers site were stored and hashed with MD5, he says, which made them 'easy to crack' with freely available tools. And Adobe wasn't using WAFs on the servers, he notes. Tal Beery, a security researcher at Imperva, analyzed the data dump in the Connectusers Pastebin post and found that the list appears to be valid and that the hacked database was relatively old."
DavidGilbert99 writes "With a £400 transmitter, a laptop and a little knowledge you could bring down an entire city's high-speed 4G network. This information comes from research carried out in the U.S. into the possibility of using LTE networks as the basis for a next-generation emergency response communications system. Jeff Reed, director of the wireless research group at Virginia Tech, along with research assistant Marc Lichtman, described the vulnerabilities to the National Telecommunications and Information Administration, which advises the White House on telecom and information policy. 'If LTE technology is to be used for the air interface of the public safety network, then we should consider the types of jamming attacks that could occur five or ten years from now (PDF). It is very possible for radio jamming to accompany a terrorist attack, for the purpose of preventing communications and increasing destruction,' Reed said."
another random user writes with news of a vulnerability in the Skype password reset tool "All you need to do is register a new account using that email address, and even though that address is already used (and the registration process does tell you this) you can still complete the new account process and then sign in using that account Info (original post in Russian)" concealment adds a link to another article with an update that Skype disabled the password reset page as a temporary fix.
Mephistophocles writes "A chilling article by Darkreading's Kelly Jackson Higgins describes how the growing accessibility of hacking tools like RATs (Remote Access Trojans) have made cyber-espionage possible for more than just those financially backed by large nation-states, and speculates on what the implications of this may be: 'Researchers at Norman Security today revealed that they recently analyzed malware used in phishing emails targeting Israeli and Palestinian targets and found that attackers used malware based on the widely available Xtreme RAT crimeware kit. The attacks, which first hit Palestinian targets, this year began going after Israeli targets, including Israeli law enforcement agencies and embassies around the world. Norman says the same attacker is behind the attacks because the attacks use the same command-and-control (C&C) infrastructure, as well as the same phony digital certificates. This attack campaign just scratches the surface of the breadth and spread of these types of attacks around the world as more players have been turning to cyberspying. "We're just seeing the tip of the iceberg," says Einar Oftedal, deputy CTO at Norman.'"
mask.of.sanity writes "Hardcoded usernames and passwords have been discovered in a recent line of Telstra broadband routers that allow attackers access to customer networks. The flaws meant customer unique passwords could be bypassed to access the device administrative console and LAN."
New submitter thn writes "John McAfee, who started the antivirus software giant named after him, has been accused of murder in Belize and is wanted. McAfee had taken to 'posting on a drug-focused Russian message board...about his attempts to purify the psychoactive compounds colloquially known as "bath salts,"' Gizmodo wrote. The scariest aspect of this story may be the fact that an entire lab was constructed for John McAfee's research purposes. Because of his efforts to extract chemicals from natural chemical plans McAfee was able to justify his experiments in a country that is largely unregulated."