I Don't Believe in Imaginary Property writes "Ars Technica has up a nice article on why security consultant Ed Giorgio's statement that 'privacy and security are a zero-sum game' is wrong. The author reasons that, due to Metcalfe's law, the more valuable a government network is to the good guys, the more valuable it is to the bad guys. Given the trend in government to gather all of its eggs into one database, unless more attention is paid to privacy, we'll end up with neither security nor privacy. In other words, privacy and security are a positive-sum game with precarious trade-offs — you can trade a lot of privacy away for absolutely no gain in security, but you don't have to."

gattaca writes "A lack of security controls allowed hackers to "wipe" the Recording Industry Association of America's (RIAA) website on Sunday. The existence of an SQL injection attack on the RIAA's site came to light via social network news site Reddit. Soon after hackers were making merry, turning the site into a blank slate, among other things. The RIAA has restored RIAA.org, although whether it's any more secure than before remains open to question, TorrentFreak reports."

An anonymous reader writes "My Health Sciences Campus has about 8,000 desktop computers, and on any given night about half of them are left on. I know this because I track all the MAC addresses in case there is a virus outbreak. Aside from the current fad of 'being green', has anyone had any success in encouraging users to power-down at night? You could potentially eliminate running bots, protect yourself from the next virus outbreak, keep your data safe, etc. Do security concerns and power consumption issues matter enough to do this?"

BobB passed us a link to a NetworkWorld article, exploring the ongoing realization in business circles of the dangers online criminals pose. The piece raises the possibility that criminal elements are gaining access to US research labs in an effort to ferret out corporate and governmental information. One institute referred to in the article states: "Economic espionage will be increasingly common as nation-states use cyber theft of data to gain economic advantage in multinational deals. The attack of choice involves targeted spear phishing with attachments, using well-researched social engineering methods to make the victim believe that an attachment comes from a trusted source." We just recently discussed possible hacker involvement in several municipal blackouts.

Dotnaught writes to tell us InformationWeek is reporting that the CIA admitted today that recent power outages in multiple cities outside the United States are the result of cyberattacks. "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

cperciva writes "FreeBSD 6.3-RELEASE, the fourth release from the highly successful 6-STABLE branch of FreeBSD development, has been released. In addition to being available from many FTP sites, ISO images can be downloaded via the BitTorrent tracker, or for users of earlier FreeBSD releases, FreeBSD Update can be used to perform a binary upgrade."

towaz writes "It appears David Ritz, the veteran American spam-fighter, has been hit by $60,000 in fines plus lawyers fees after losing a civil suit that accused him of illegal hacking. The complaint alleged that Ritz 'hacked' servers owned by Sierra (which describes itself as a specialist web hosting and internet services firm), obtaining confidential internal network configuration data (using a zone transfer, host -l command) and domain name information (using whois) before publishing that data on the net."