Slashdot

StonyCreekBare writes "I am wondering what slashdotters have to offer on the idea of Linux based security systems, especially DVR software. I am aware of Zoneminder, but wonder what else is out there? Are there applications that will not only monitor video cameras, but motion sensors and contact closure alarms? What is state of the art in this area, and how do the various Linux platforms stack up in comparison to dedicated embedded solutions? Will these 'play nice' with other software, such as Asterisk, and Misterhouse? Can one server host three or four services applications of this nature, assuming CPU/memory/disk resources are sufficient?"

itwbennett writes "Monday afternoon, Adobe 'received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,' the company said in a post to the company's Product Security Incident Response Team blog. According to malware tracking group Shadowserver, the vulnerability is due to a bug in the way Reader processes JavaScript code. Several 'tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable,' Shadowserver said in a post on its Web site. The group recommends that concerned users disable JavaScript within Adobe's software as a work-around for this problem. (This can be done by un-checking the 'Enable Acrobat JavaScript' in the Edit -> Preferences -> JavaScript window). 'This is legit and is very bad,' Shadowserver added."

Trailrunner7 writes "It's been about seven months since Obama announced his plan to hire a cybersecurity coordinator, and the job is still vacant. Several prominent security experts have turned the position down, and in an interview on Threatpost, Purdue professor Gene Spafford says that the position is pointless. 'It won't have any statutory authority. It won't have any budgetary authority. That does not give it much authority of any kind. So when I hear that there are supposedly people who have been interviewed for this cyber coordinator job and didn't take it, I'm not surprised. It's not a winning position. I'm not at all surprised by the fact that it's empty. That position is a blame-taking position,' Spafford said."

dasButcher writes "One of the biggest obstacles to fighting hackers and cyber-criminals is that many operate in the safe harbors of their home countries, insulated from prosecution by authorities in foreign countries where their targets reside. As Larry Walsh writes in his blog, several security vendors and a growing number of countries are now beginning to consider the creation of a global police force that would have trans-border jurisdiction to investigate and arrest suspected hackers."

adeelarshad82 writes "Pavel Valkovich of Sherman Oaks, CA has pleaded guilty to solicitation of murder, admitting that he attempted to hire hit-men to kill witnesses working with Federal authorities in their investigation of Valkovich's ID theft activities and subsequent crimes. According to the Justice Department: '...Valkovich and others had stolen personal identifying information and used that information to transfer funds from victims' bank accounts to PayPal accounts.'"

fredboboss sends news about Mozilla's email client Thunderbird 3, whose release we noted last week. "Thunderbird 3 contains code from the French military, which decided the open source product was more secure than Microsoft's rival Outlook. The French government is beginning to move to other open source software, including Linux instead of Windows and OpenOffice instead of Microsoft Office. Thunderbird 3 used some of the code from TrustedBird, a generalized and co-branded version of Thunderbird with security extensions built by the French military."

andy1307 passes on this from the NY Times: "The United States has begun talks with Russia and a United Nations arms control committee about strengthening Internet security and limiting military use of cyberspace. American and Russian officials have different interpretations of the talks so far, but the mere fact that the United States is participating represents a significant policy shift after years of rejecting Russia's overtures. Officials familiar with the talks said the Obama administration realized that more nations were developing cyberweapons and that a new approach was needed to blunt an international arms race ... While the Russians have continued to focus on treaties that may restrict weapons development, the United States is hoping to use the talks to increase international cooperation in opposing Internet crime. Strengthening defenses against Internet criminals would also strengthen defenses against any military-directed cyberattacks, the United States maintains."

adeelarshad82 writes "About two months ago Nokia sued Apple for infringing Nokia patents in its iPhone. The 10 patents in the lawsuit, filed in the US state of Delaware, relate to technologies fundamental for devices using GSM, UMTS and/or local area network (LAN) standards. The patents cover wireless data, speech coding, security and encryption and are infringed by all Apple iPhone models shipped since the iPhone was introduced in 2007. In the latest development to the case, Apple said Friday that it had filed its own suit against Nokia, countering Nokia's claims of patent infringement with its own."

eldavojohn writes "You may recall the TSA demonstrating how tech-savvy it is by releasing a document with redactions intact. Now three Republican lawmakers are asking what's being done to prosecute those hosting the document (e.g. Cryptome and Wikileaks). In a letter to the DHS (PDF), Charles Dent (R-PA), Gus Bilirakis (R-FL), and Peter T. King (R-NY) asked, 'How has [sic] the Department of Homeland Security and the Transportation Security Administration addressed the repeated reposting of this security manual to other websites, and what legal action, if any, can be taken to compel its removal?' And they asked if the DHS is 'considering issuing new regulations pursuant to its authority in Section 114 of Title 49, United States Code, and are criminal penalties necessary or desirable to ensure such information is not reposted in the future?' King is the representative who announcing a probe into Wikileaks after the half million 9/11 pager messages were released."

snydeq writes "Security researchers have spotted the Zeus botnet running an unauthorized command and control center on Amazon's EC2 cloud computing infrastructure. This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity, according to threat researcher Don DeBolt. The hackers got onto Amazon's infrastructure by hacking into a Web site hosted on Amazon's servers and then secretly installing their command and control infrastructure."

An anonymous reader writes "A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits as of December 10, 2009."

dippityfisch writes "The Sydney Morning Herald reports that face recognition is being considered at Westfield's Sydney mall to catch offenders. The identification system matches images captured by surveillance cameras to an existing database of faces. Police said they could not comment on the center's intentions, but would welcome any move to improve security and technology in the area."

AndGodSed writes "OMG! UBUNTU! Reports the following: 'Malware has been found hidden inside an innocuous 'waterfall' screensaver .deb file made available on popular artwork sharing site Gnome-Look.org. The .deb file installs a script with elevated privileges designed to perform a DDoS attack as well as keep itself updated via downloads. The dodgy screensaver in question has since been removed from gnome-look, and this incident was a very basic, if potentially successful, attempt.'" A similar report at Digitizor.com says that similar malware was also found in a theme called Ninja Black. For those affected, both sites also provide instruction on cleansing your system.

alphadogg sends in a Network World piece that begins "Facebook has agreed to shut down a program that sparked a lawsuit alleging privacy violations, and set up a $9.5M fund for a nonprofit foundation that will support online privacy, safety, and security. The lawsuit centers around Facebook's Beacon program, which let third-party Web sites distribute 'stories' about users to Facebook. Beacon was launched in November 2007 and less than a year later plaintiffs filed a class action lawsuit 'alleging that Facebook and its affiliates did not give users adequate notice and choice about Beacon and the collection and use of users' personal information.' ... Facebook never admitted wrongdoing but as part of a proposed settlement the company began sending notices to Facebook users this week. The settlement provides no compensation directly to users who receive the notice. Facebook users can opt out of the settlement, and should do so if they wish to pursue further legal action against Facebook related to the Beacon program. 'If you choose to do nothing and remain in the settlement class, you will be legally bound by the settlement,' a FAQ on the settlement Web site says. "By doing nothing, you will be giving up the right to sue Facebook and the other Defendants over claims related to or arising out of the Beacon program.'" Other defendents included Blockbuster, Fandango, Overstock.com, Zappos.com, and Gamefly. Neither the article nor the settlement site mentions what part, if any, they play in the settlement.

hweimer writes "The German government plans on paying to set up a call center to help Windows users with malware infections. I think this has the effect of being a malware bailout for Microsoft, discouraging them and other software companies from writing better code and giving users little incentive to switch to more secure alternatives. How much government money is needed to run the call center is also not revealed." The call center, running in cooperation with ISPs (but not manufacturers), is envisioned to have a staff of about 40.

A travel blog breaks the story of a poor job of redacting by the TSA: they posted a PDF of airport screening policies, with certain sections blacked out — not realizing that simply laying a black rectangle over the text is hardly sufficient. Cryptome has posted a copy with the redaction removed (ZIP).

squizzar writes in with news of a 27 year old Chinese woman who was discovered to have had her fingerprints surgically swapped between hands in order to fool Japanese immigration. "It is Japan's first case of alleged biometric fraud, but police believe the practice may be widespread. ... The apparent ability of illegal migration networks to break through hi-tech controls suggests that other countries who fingerprint visitors could be equally vulnerable — not least the United States, according to BBC Asia analyst Andre Vornic." Time for some biometric escalation. Could iris scans be subverted as easily?

An anonymous reader writes "Moxie Marlinspike, a security researcher well known for his SSL/TLS attacks, today launched a cloud-based WPA cracking service, where for $34 you can test the security of your WPA password. The WPA Cracker Web site states: 'WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes.'"

brothke writes "While there is a plethora of books such as Public Speaking for Dummies, and many similar titles, Confessions of a Public Speaker is unique in that it takes a holistic approach to the art and science of public speaking. The book doesn't just provide helpful hints, it attempts to make the speaker, and his associated presentation, compelling and necessary. Confessions is Scott Berkun's first-hand account of his many years of public speaking, teaching and television appearances. In the book, he shares his successes, failures, and many frustrating experiences, in the hope that the reader will be a better speaker for it." Keep reading for the rest of Ben's review.

Tarinth writes "Google just announced its new Google DNS platform. Many have viewed this as a move to increase ad revenue, or maybe capture more data. This article explores those questions, as well as the actual benchmarking results for Google DNS — showing that it is faster than many, but not nearly as fast as many others." We also recently discussed security implications of the Google Public DNS.