http://it.slashdot.org/ News for nerds, stuff that matters en-us Copyright 1997-2009, Geeknet, Inc. All Rights Reserved. 2009-11-24T19:10:18+00:00 Geeknet, Inc. help@slashdot.org Technology hourly 1 1970-01-01T00:00+00:00 http://a.fsdn.com/sd/topics/topicslashdot.gif http://it.slashdot.org/ http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/Hu29tOHMYHM/Prison-Terms-For-Spammer-Ralsky-Scientology-DoS-Attacker tsu doh nimh writes "Alan Ralsky, the 64 year-old dubbed the 'Godfather of Spam,' was sentenced to 51 months in prison on Monday, The Washington Post's Security Fix reports. According to anti-spam group Spamhaus.org, Ralsky has been spamming since at least 1997, using dozens of aliases and tens of thousands of 'zombies' or hacked PCs to relay junk e-mail. Also sentenced &mdash; to 40 months in jail &mdash; was Ralsky's 48-year-old son-in-law, Scott K. Bradley and two other men named last year in a 41-count indictment for wire fraud, mail fraud, money laundering and violations of the CAN-SPAM Act." And eldavojohn writes "Nineteen year old Dmitriy Guzner, Anonymous member and Scientology DDoS attacker, received one year and one day in jail for his admitted crime. His sentence could have been a maximum ten years. According to the Church of Scientology, Anonymous has harassed and attacked them with '8,139 threatening phone calls, 3.6 million e-mails, 141 million hits on its website, ten acts of vandalism against its property, 22 bomb threats, and eight death threats against Church leaders.'"<p><a href="http://yro.slashdot.org/story/09/11/24/1632228/Prison-Terms-For-Spammer-Ralsky-Scientology-DoS-Attacker?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/24/1632228"></a></p><p><a href="http://yro.slashdot.org/story/09/11/24/1632228/Prison-Terms-For-Spammer-Ralsky-Scientology-DoS-Attacker?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/-vXbE6SUmj3iRTGNknMX1hb8NnY/0/da"><img src="http://feedads.g.doubleclick.net/~at/-vXbE6SUmj3iRTGNknMX1hb8NnY/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/-vXbE6SUmj3iRTGNknMX1hb8NnY/1/da"><img src="http://feedads.g.doubleclick.net/~at/-vXbE6SUmj3iRTGNknMX1hb8NnY/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/Hu29tOHMYHM" height="1" width="1"/> timothy 2009-11-24T17:00:00+00:00 court at-least-ralksy's-is-longer yro 141 141,137,108,84,34,14,8 http://yro.slashdot.org/story/09/11/24/1632228/Prison-Terms-For-Spammer-Ralsky-Scientology-DoS-Attacker?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/-_afi-z7S7o/New-Virginia-IT-Systems-Lack-Network-Backup 1sockchuck writes "Virginia's new state IT system is experiencing downtime in key services because of a mind-boggling oversight: the state apparently neglected to require network backup in a 10-year, $2.3 billion outsourcing deal with Northrop Grumman. The issue is causing serious downtime for state services. This fall the Virginia DMV has suffered 12 system outages spanning a total of more than 100 hours, and downtime hampered the state transportation department when a state of emergency was declared during the Nov. 11 Northeaster."<p><a href="http://it.slashdot.org/story/09/11/24/0634220/New-Virginia-IT-Systems-Lack-Network-Backup?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/24/0634220"></a></p><p><a href="http://it.slashdot.org/story/09/11/24/0634220/New-Virginia-IT-Systems-Lack-Network-Backup?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/Dv2VlMmR2KWUA5VIcUwUCOQmiuE/0/da"><img src="http://feedads.g.doubleclick.net/~at/Dv2VlMmR2KWUA5VIcUwUCOQmiuE/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/Dv2VlMmR2KWUA5VIcUwUCOQmiuE/1/da"><img src="http://feedads.g.doubleclick.net/~at/Dv2VlMmR2KWUA5VIcUwUCOQmiuE/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/-_afi-z7S7o" height="1" width="1"/> timothy 2009-11-24T13:17:00+00:00 communications private-did-not-make-perfect it 162 162,160,124,102,29,21,10 http://it.slashdot.org/story/09/11/24/0634220/New-Virginia-IT-Systems-Lack-Network-Backup?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/S5qxHBFn3v0/English-Shell-Code-Could-Make-Security-Harder An anonymous reader writes to tell us that finding malicious code might have just become a little harder. Last week at the ACM Conference on Computer and Communications Security, security researchers Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus presented a method they developed to generate English shell code [PDF]. Using content from Wikipedia and other public works to train their engine, they convert arbitrary x86 shell code into sentences that read like spam, but are natively executable. "In this paper we revisit the assumption that shell code need be fundamentally different in structure than non-executable data. Specifically, we elucidate how one can use natural language generation techniques to produce shell code that is superficially similar to English prose. We argue that this new development poses significant challenges for in-line payload-based inspection (and emulation) as a defensive measure, and also highlights the need for designing more efficient techniques for preventing shell code injection attacks altogether."<p><a href="http://it.slashdot.org/story/09/11/23/1837238/English-Shell-Code-Could-Make-Security-Harder?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/23/1837238"></a></p><p><a href="http://it.slashdot.org/story/09/11/23/1837238/English-Shell-Code-Could-Make-Security-Harder?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/7ThSJCCwh5aAs9uGfN8v4YfvBuQ/0/da"><img src="http://feedads.g.doubleclick.net/~at/7ThSJCCwh5aAs9uGfN8v4YfvBuQ/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/7ThSJCCwh5aAs9uGfN8v4YfvBuQ/1/da"><img src="http://feedads.g.doubleclick.net/~at/7ThSJCCwh5aAs9uGfN8v4YfvBuQ/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/S5qxHBFn3v0" height="1" width="1"/> ScuttleMonkey 2009-11-24T01:33:00+00:00 security little-bobby-tables-takes-up-writing it 272 272,261,212,156,50,26,17 http://it.slashdot.org/story/09/11/23/1837238/English-Shell-Code-Could-Make-Security-Harder?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/ewlaaFtWsu0/Program-To-Detect-Smuggled-Nuclear-Bombs-Stalls Pickens writes "The NY Times reports that a program to detect plutonium or uranium in shipping containers has stalled because the United States has run out of helium 3, a crucial raw material needed to build the 1,300 to 1,400 machines to be deployed in ports around the world to thwart terrorists who might try to deliver a nuclear bomb to a big city by stashing it in one of the millions of containers that enter the United States every year. Helium 3 is an unusual form of the element that is formed when tritium, an ingredient of hydrogen bombs, decays &mdash; but the government mostly stopped making tritium in 1989 after accumulating a substantial stockpile of Helium 3 as a byproduct of maintaining nuclear weapons. 'I have not heard any explanation of why this was not entirely foreseeable,' says Representative Brad Miller, chairman of a House subcommittee that is investigating the problem. Helium 3 is not hazardous or even chemically reactive, and it is not the only material that can be used for neutron detection. The Homeland Security Department has older equipment that can look for radioactivity, but it does not differentiate well between bomb fuel and innocuous materials that naturally emit radiation like cat litter, ceramic tiles and bananas &mdash; and sounds false alarms more often. In a letter to President Obama, Miller called the shortage 'a national crisis' and said the price had jumped to $2,000 a liter from $100 in the last few years. With continuing concern that Al Qaida or other terrorists will try to smuggle a nuclear weapon into the United States, Congress has mandated that, by 2012, all containers bound for the US be inspected overseas."<p><a href="http://science.slashdot.org/story/09/11/23/1859204/Program-To-Detect-Smuggled-Nuclear-Bombs-Stalls?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/23/1859204"></a></p><p><a href="http://science.slashdot.org/story/09/11/23/1859204/Program-To-Detect-Smuggled-Nuclear-Bombs-Stalls?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/Rnq5bUiDn7klcP9p35hQ2I4QVsY/0/da"><img src="http://feedads.g.doubleclick.net/~at/Rnq5bUiDn7klcP9p35hQ2I4QVsY/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/Rnq5bUiDn7klcP9p35hQ2I4QVsY/1/da"><img src="http://feedads.g.doubleclick.net/~at/Rnq5bUiDn7klcP9p35hQ2I4QVsY/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/ewlaaFtWsu0" height="1" width="1"/> ScuttleMonkey 2009-11-23T23:11:00+00:00 security i-see-a-business-opportunity-here science 208 208,196,154,133,45,20,13 http://science.slashdot.org/story/09/11/23/1859204/Program-To-Detect-Smuggled-Nuclear-Bombs-Stalls?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/ngnRZu9PUCI/Recession-Pushes-More-Workers-To-Steal-Data An anonymous reader writes to share the findings of a recent transatlantic survey which suggests that the recession is pushing workers to be a little bit more accommodating when it comes to sharing, viewing, or stealing sensitive information from the company they work(ed) for. "Pilfering data has become endemic in our culture as 85% of people admit they know it's illegal to download corporate information from their employer but almost half couldn't stop themselves taking it with them with the majority admitting it could be useful in the future! [...] The survey entitled 'the global recession and its effect on work ethics,' carried out for a second year by Cyber-Ark &ndash; found that almost half of the respondents 48% admit that if they were fired tomorrow they would take company information with them and 39% of people would download company/competitive information if they got wind that their job was at risk. Additionally a quarter of workers said that the recession has meant that they feel less loyal towards their employer."<p><a href="http://it.slashdot.org/story/09/11/23/1927248/Recession-Pushes-More-Workers-To-Steal-Data?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/23/1927248"></a></p><p><a href="http://it.slashdot.org/story/09/11/23/1927248/Recession-Pushes-More-Workers-To-Steal-Data?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/s3hUWmacUUkO3BMO3QqvxIUrhqU/0/da"><img src="http://feedads.g.doubleclick.net/~at/s3hUWmacUUkO3BMO3QqvxIUrhqU/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/s3hUWmacUUkO3BMO3QqvxIUrhqU/1/da"><img src="http://feedads.g.doubleclick.net/~at/s3hUWmacUUkO3BMO3QqvxIUrhqU/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/ngnRZu9PUCI" height="1" width="1"/> ScuttleMonkey 2009-11-23T22:26:00+00:00 security flexible-morality it 260 260,254,196,161,38,20,16 http://it.slashdot.org/story/09/11/23/1927248/Recession-Pushes-More-Workers-To-Steal-Data?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/Ltx1dUIvKyA/Hacked-Climate-Emails-Stoke-Debate The Wall Street Journal is reporting that a series of hacked emails and documents that were recently posted on Wikileaks are causing quite a stir in the scientific community. All told, more than 1,000 emails and 2,000 documents were stolen from the Climate Research Unit in East Anglia University in the U.K. "The emails include discussions of apparent efforts to make sure that reports from the Intergovernmental Panel on Climate Change, a United Nations group that monitors climate science, include their own views and exclude others. In addition, emails show that climate scientists declined to make their data available to scientists whose views they disagreed with. [] Phil Jones, the director of the East Anglia climate center, suggested to climate scientist Michael Mann of Penn State University that skeptics' research was unwelcome: We 'will keep them out somehow -- even if we have to redefine what the peer-review literature is!' Neither man could be reached for comment Sunday."<p><a href="http://science.slashdot.org/story/09/11/23/1716235/Hacked-Climate-Emails-Stoke-Debate?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/23/1716235"></a></p><p><a href="http://science.slashdot.org/story/09/11/23/1716235/Hacked-Climate-Emails-Stoke-Debate?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/-_V9G0Cw-FCqjUcHs-ILvzBHd9E/0/da"><img src="http://feedads.g.doubleclick.net/~at/-_V9G0Cw-FCqjUcHs-ILvzBHd9E/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/-_V9G0Cw-FCqjUcHs-ILvzBHd9E/1/da"><img src="http://feedads.g.doubleclick.net/~at/-_V9G0Cw-FCqjUcHs-ILvzBHd9E/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/Ltx1dUIvKyA" height="1" width="1"/> ScuttleMonkey 2009-11-23T18:48:00+00:00 security you-expected-them-to-play-fair? science 0,0,0,0,0,0,0 http://science.slashdot.org/story/09/11/23/1716235/Hacked-Climate-Emails-Stoke-Debate?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/_IvD9Bm6QBs/Simple-Free-Web-Remote-PC-Control MeatballCB writes "Hey folks. Being the 'technical' guy of the family, I often get calls from friends and family members when they're having PC issues. Most of these folks are not technical, so trying to troubleshoot problems over the phone can often be a challenge. Anyone know of a simple-to-use and (preferably) free service that would allow for remote viewing/control of their PCs? I know there's WebEx and GoToMyPC, but I hate to pay for something I'd use once every two months. I also know about VNC, but trying to walk someone through opening up ports on their router that thinks their Internet is broken when their homepage gets changed is not realistic. Anyone know of anything that would be easy to set up and use?"<p><a href="http://ask.slashdot.org/story/09/11/22/2037219/Simple-Free-Web-Remote-PC-Control?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/22/2037219"></a></p><p><a href="http://ask.slashdot.org/story/09/11/22/2037219/Simple-Free-Web-Remote-PC-Control?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/-_vCLzKeO2RziTYH9tI-K7Y8q2M/0/da"><img src="http://feedads.g.doubleclick.net/~at/-_vCLzKeO2RziTYH9tI-K7Y8q2M/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/-_vCLzKeO2RziTYH9tI-K7Y8q2M/1/da"><img src="http://feedads.g.doubleclick.net/~at/-_vCLzKeO2RziTYH9tI-K7Y8q2M/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/_IvD9Bm6QBs" height="1" width="1"/> timothy 2009-11-22T21:42:00+00:00 gui remote-viewing-the-cia-way askslashdot 443 443,436,296,153,39,24,18 http://ask.slashdot.org/story/09/11/22/2037219/Simple-Free-Web-Remote-PC-Control?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/XrKNhDkFT7c/New-Attack-Fells-Internet-Explorer alphadogg writes "Attack code has been identified that could be used to break into a PC running older versions of Microsoft's Internet Explorer browser. The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim's computer."<p><a href="http://tech.slashdot.org/story/09/11/22/1419255/New-Attack-Fells-Internet-Explorer?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/22/1419255"></a></p><p><a href="http://tech.slashdot.org/story/09/11/22/1419255/New-Attack-Fells-Internet-Explorer?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/Fnje7xHmPBjDo5v2IhDNDPXZmhA/0/da"><img src="http://feedads.g.doubleclick.net/~at/Fnje7xHmPBjDo5v2IhDNDPXZmhA/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/Fnje7xHmPBjDo5v2IhDNDPXZmhA/1/da"><img src="http://feedads.g.doubleclick.net/~at/Fnje7xHmPBjDo5v2IhDNDPXZmhA/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/XrKNhDkFT7c" height="1" width="1"/> Soulskill 2009-11-22T15:33:00+00:00 msie tricking-an-old-dog technology 198 198,191,151,114,33,14,10 http://tech.slashdot.org/story/09/11/22/1419255/New-Attack-Fells-Internet-Explorer?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/k8ffRJ0-IRM/Brazilian-Breaks-Secrecy-of-Brazils-E-Voting-Machines-With-Van-Eck-Phreaking After the report last week that Brazil's e-voting machines had withstood the scrutiny of a team of invited hackers, reader ateu writes with news that a hacker has shown that the Linux-based voting machines aren't perfectly safe; he was able to eavesdrop on them (translated from Portuguese) by means of Van Eck phreaking.<p><a href="http://yro.slashdot.org/story/09/11/22/027229/Brazilian-Breaks-Secrecy-of-Brazils-E-Voting-Machines-With-Van-Eck-Phreaking?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/22/027229"></a></p><p><a href="http://yro.slashdot.org/story/09/11/22/027229/Brazilian-Breaks-Secrecy-of-Brazils-E-Voting-Machines-With-Van-Eck-Phreaking?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/3bwKCOBDo5PtPmIcp0ZspuYduiQ/0/da"><img src="http://feedads.g.doubleclick.net/~at/3bwKCOBDo5PtPmIcp0ZspuYduiQ/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/3bwKCOBDo5PtPmIcp0ZspuYduiQ/1/da"><img src="http://feedads.g.doubleclick.net/~at/3bwKCOBDo5PtPmIcp0ZspuYduiQ/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/k8ffRJ0-IRM" height="1" width="1"/> timothy 2009-11-22T03:11:00+00:00 government old-ways-are-best yro 157 157,156,128,95,24,16,7 http://yro.slashdot.org/story/09/11/22/027229/Brazilian-Breaks-Secrecy-of-Brazils-E-Voting-Machines-With-Van-Eck-Phreaking?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/-FbKI1vZgds/Best-Practices-For-Infrastructure-Upgrade An anonymous reader writes "I was put in charge of an aging IT infrastructure that needs a serious overhaul. Current services include the usual suspects, i.e. www, ftp, email, dns, firewall, DHCP &mdash; and some more. In most cases, each service runs on its own hardware, some of them for the last seven years straight. The machines still can (mostly) handle the load that ~150 people in multiple offices put on them, but there's hardly any fallback if any of the services die or an office is disconnected. Now, as the hardware must be replaced, I'd like to buff things up a bit: distributed instances of services (at least one instance per office) and a fallback/load-balancing scheme (either to an instance in another office or a duplicated one within the same). Services running on virtualized servers hosted by a single reasonably-sized machine per office (plus one for testing and a spare) seem to recommend themselves. What's you experience with virtualization of services and implementing fallback/load-balancing schemes? What's Best Practice for an update like this? I'm interested in your success stories and anecdotes, but also pointers and (book) references. Thanks!"<p><a href="http://ask.slashdot.org/story/09/11/21/2234216/Best-Practices-For-Infrastructure-Upgrade?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/21/2234216"></a></p><p><a href="http://ask.slashdot.org/story/09/11/21/2234216/Best-Practices-For-Infrastructure-Upgrade?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/y37PIInC0-Pk88J7JKbIiMfa6KE/0/da"><img src="http://feedads.g.doubleclick.net/~at/y37PIInC0-Pk88J7JKbIiMfa6KE/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/y37PIInC0-Pk88J7JKbIiMfa6KE/1/da"><img src="http://feedads.g.doubleclick.net/~at/y37PIInC0-Pk88J7JKbIiMfa6KE/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/-FbKI1vZgds" height="1" width="1"/> timothy 2009-11-21T22:50:00+00:00 networking thinking-ahead askslashdot 253 253,249,208,153,36,17,12 http://ask.slashdot.org/story/09/11/21/2234216/Best-Practices-For-Infrastructure-Upgrade?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/-ns69NzELM8/First-Malicious-iPhone-Worm-In-the-Wild An anonymous reader writes "After the ikee worm that displayed a picture of Rick Astley on jailbroken iPhones, the first malicious iPhone worm (Google translation; original, in Dutch) has now been discovered in the wild. Internet provider XS4ALL in the Netherlands encountered several of such devices (link in Dutch) on the wireless networks of their customers and put out a warning. After obtaining a copy of the malware it was discovered that the jailbroken phones, which are exploited through openSSH with a default password, scan IP ranges of mobile internet providers for other vulnerable iPhones, phone home to a C&amp;C botnet server, are able to update themselves with additional malware and have the ability to dump the SMS database as well. Owners of a jailbroken iPhone with a default root password are advised to flash to the latest Apple firmware in order to ensure no malware is present."<p><a href="http://it.slashdot.org/story/09/11/21/2023200/First-Malicious-iPhone-Worm-In-the-Wild?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/21/2023200"></a></p><p><a href="http://it.slashdot.org/story/09/11/21/2023200/First-Malicious-iPhone-Worm-In-the-Wild?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/JBx-9gsyRTAyld7TW1mwHAMSAPw/0/da"><img src="http://feedads.g.doubleclick.net/~at/JBx-9gsyRTAyld7TW1mwHAMSAPw/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/JBx-9gsyRTAyld7TW1mwHAMSAPw/1/da"><img src="http://feedads.g.doubleclick.net/~at/JBx-9gsyRTAyld7TW1mwHAMSAPw/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/-ns69NzELM8" height="1" width="1"/> timothy 2009-11-21T20:37:00+00:00 security because-some-jerks-are-clever it 133 133,127,103,83,22,13,7 http://it.slashdot.org/story/09/11/21/2023200/First-Malicious-iPhone-Worm-In-the-Wild?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/z7ppVddn32w/Cyber-Attacks-On-US-Military-Jump-Sharply-In-2009 angry tapir writes "Cyber attacks on the US Department of Defense &mdash; many of them coming from China &mdash; have jumped sharply in 2009, a US congressional committee has reported. Citing data provided by the US Strategic Command, the US-China Economic and Security Review Commission said that there were 43,785 malicious cyber incidents targeting Defense systems in the first half of the year. That's a big jump. In all of 2008, there were 54,640 such incidents. If cyber attacks maintain this pace, the yearly increase will be around 60 percent. The full report (PDF) is available online."<p><a href="http://tech.slashdot.org/story/09/11/21/0238253/Cyber-Attacks-On-US-Military-Jump-Sharply-In-2009?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/21/0238253"></a></p><p><a href="http://tech.slashdot.org/story/09/11/21/0238253/Cyber-Attacks-On-US-Military-Jump-Sharply-In-2009?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/Ne_IAhOF48vdy_NVpmoQwtEYfrI/0/da"><img src="http://feedads.g.doubleclick.net/~at/Ne_IAhOF48vdy_NVpmoQwtEYfrI/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/Ne_IAhOF48vdy_NVpmoQwtEYfrI/1/da"><img src="http://feedads.g.doubleclick.net/~at/Ne_IAhOF48vdy_NVpmoQwtEYfrI/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/z7ppVddn32w" height="1" width="1"/> Soulskill 2009-11-21T07:02:00+00:00 security proportional-with-gold-farming technology 76 76,73,56,42,18,7,2 http://tech.slashdot.org/story/09/11/21/0238253/Cyber-Attacks-On-US-Military-Jump-Sharply-In-2009?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/ls_qtJaN13s/RFID-Fingerprints-To-Fight-Tag-Cloning Bourdain writes with news out of the University of Arkansas, where researchers are looking for ways to combat counterfeit RFID tags. Passive tags typically wait for a reader to transmit a signal of the appropriate strength and frequency before sending their own transmission. The scientists found that the amount of power required to trigger this varies quite a bit from one tag to the next, especially when many different frequencies are sampled. This and other physical characteristics give the tag its own "fingerprint" that is independent of the signal information stored in its memory, which the researchers say will facilitate the detection of cloned tags.<p><a href="http://yro.slashdot.org/story/09/11/21/0354209/RFID-Fingerprints-To-Fight-Tag-Cloning?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/21/0354209"></a></p><p><a href="http://yro.slashdot.org/story/09/11/21/0354209/RFID-Fingerprints-To-Fight-Tag-Cloning?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/-AbO1o9CXVnX5HyEF8rxraBqNBQ/0/da"><img src="http://feedads.g.doubleclick.net/~at/-AbO1o9CXVnX5HyEF8rxraBqNBQ/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/-AbO1o9CXVnX5HyEF8rxraBqNBQ/1/da"><img src="http://feedads.g.doubleclick.net/~at/-AbO1o9CXVnX5HyEF8rxraBqNBQ/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/ls_qtJaN13s" height="1" width="1"/> Soulskill 2009-11-21T05:00:00+00:00 privacy cloning-is-bad-haven't-you-seen-scifi yro 59 59,56,46,34,15,9,4 http://yro.slashdot.org/story/09/11/21/0354209/RFID-Fingerprints-To-Fight-Tag-Cloning?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/SS_8X9G_Yvw/Zero-Day-Vulnerabilities-In-Firefox-Extensions An anonymous reader writes "Researchers have found several security holes in popular Firefox extensions that have an estimated total of 30 million downloads from AMO (the Addons Mozilla community site). Three 0-days were also released. Mozilla doesn't have a security model for extensions and Firefox fully trusts the code of the extensions. There are no security boundaries between extensions and, to make things even worse, an extension can silently modify another extension." The affected extensions are Sage version 1.4.3, InfoRSS 1.1.4.2, and Yoono 6.1.1 (and earlier versions). Clearly the problem is larger than just these three extensions.<p><a href="http://it.slashdot.org/story/09/11/20/1257232/Zero-Day-Vulnerabilities-In-Firefox-Extensions?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/20/1257232"></a></p><p><a href="http://it.slashdot.org/story/09/11/20/1257232/Zero-Day-Vulnerabilities-In-Firefox-Extensions?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/1_53KH_XombBRvGjyBAIzjGHOB0/0/da"><img src="http://feedads.g.doubleclick.net/~at/1_53KH_XombBRvGjyBAIzjGHOB0/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/1_53KH_XombBRvGjyBAIzjGHOB0/1/da"><img src="http://feedads.g.doubleclick.net/~at/1_53KH_XombBRvGjyBAIzjGHOB0/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/SS_8X9G_Yvw" height="1" width="1"/> kdawson 2009-11-20T15:14:00+00:00 security wild-in-the-playground it 208 208,203,172,134,18,3,2 http://it.slashdot.org/story/09/11/20/1257232/Zero-Day-Vulnerabilities-In-Firefox-Extensions?from=rss http://rss.slashdot.org/~r/Slashdot/slashdotIt/~3/NxJHTJGOrII/Fedora-12-Package-Installation-Policy-Tightened AdamWill writes "After the controversy over Fedora 12's controversial package installation authentication policy, including our discussion this week, the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation. Please see the official announcement and the development mailing list post for more details."<p><a href="http://linux.slashdot.org/story/09/11/20/1241231/Fedora-12-Package-Installation-Policy-Tightened?from=rss"><img src="http://it.slashdot.org/slashdot-it.pl?from=rss&amp;op=image&amp;style=h0&amp;sid=09/11/20/1241231"></a></p><p><a href="http://linux.slashdot.org/story/09/11/20/1241231/Fedora-12-Package-Installation-Policy-Tightened?from=rss">Read more of this story</a> at Slashdot.</p> <p><a href="http://feedads.g.doubleclick.net/~at/77KtZh0altNOSGzRt4oJszyN3lY/0/da"><img src="http://feedads.g.doubleclick.net/~at/77KtZh0altNOSGzRt4oJszyN3lY/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~at/77KtZh0altNOSGzRt4oJszyN3lY/1/da"><img src="http://feedads.g.doubleclick.net/~at/77KtZh0altNOSGzRt4oJszyN3lY/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Slashdot/slashdotIt/~4/NxJHTJGOrII" height="1" width="1"/> kdawson 2009-11-20T13:52:00+00:00 redhat tougher-by-default linux 171 171,168,146,123,22,10,6 http://linux.slashdot.org/story/09/11/20/1241231/Fedora-12-Package-Installation-Policy-Tightened?from=rss Search Slashdot stories query http://it.slashdot.org/search.pl