Forgot your password?
typodupeerror
Security

+ - A month with only 10 trusted root CA certificates-> 1

Submitted by krypticmind
krypticmind (1369357) writes "Researcher Nasko Oskov from netsekure.org has spent 30 days trusting only 10 CA root certificates in his browser and details the findings in his blog. "It was an interesting one month and I’ve learned a bunch. The main takeaway from this experiment is that I don’t need 3 digit number of trusted CAs in my browser." This comes after previous concerns on breaking the chain of trust for certificates here (http://yro.slashdot.org/story/10/03/26/1334254/Government-Could-Forge-SSL-Certificates)."
Link to Original Source

+ - Market sell-off caused by trader's fat-finger->

Submitted by s122604
s122604 (1018036) writes "Stock market's extraordinary volatility may have been caused by fat-fingered entry.
Article is reporting that the catalyst for today's extradorinary price swing (at one point the Dow lost almost 9 percent in less than an hour) may have been because a trader entered a 'B' for billions instead of an 'M' for millions on a trade of Procter and Gamble:

"According to multiple sources, a trader entered a "b" for billion instead of an "m" for million in a trade possibly involving Procter & Gamble, a component in the Dow. (CNBC's Jim Cramer noted suspicious price movement in P&G stock on air during the height of the market selloff."
br. Unbelievable there are no safeguards to protect against this."

Link to Original Source
Communications

+ - Spam Causes Microsoft to Kill Newsgroups->

Submitted by eldavojohn
eldavojohn (898314) writes "Some two thousand public and twenty two hundred private newsgroups devoted to and managed by Microsoft support are going to be phased out in favor of forums. The reason being? Newsgroup spam. The Register calls it "killing newsgroups" but Microsoft eloquently calls it "the evolution of communities." Always managing to spin it in a positive light! Let's hope the spam posts and voting bots in their forums remain controllable."
Link to Original Source

+ - Texting Underground Can Save Lives And Caves : NPR->

Submitted by Gulthek
Gulthek (12570) writes "Sixteen-year-old Alexander Kendrick has created a device that allows texting and other data transfer from almost 1000 feet underground. The tech could allow rapid emergency communication with the surface and opens the potential for scientific measurements without the need to continually visit (and disturb) the cave environment."
Link to Original Source
Technology

+ - CompTIA changes their tune about lifetime certs->

Submitted by garg0yle
garg0yle (208225) writes "Recently, it was reported that CompTIA had changed their A+, Network+, and Security+ certifications — rather than being "for life", there would now be a recertification requirement through continuing-education credits (and an accompanying fee). Needless to say, this made a lot of people very unhappy, and today it was announced that CompTIA has reversed their decision. Basically, any certification obtained before 2011 will still be "for life"."
Link to Original Source

+ - MS Learned of IE Zero-Day Flaw Last September->

Submitted by N!NJA
N!NJA (1437175) writes "Microsoft was aware months ago of a critical security vulnerability well before hackers exploited it to breach Google, Adobe and other large U.S. companies but did not patch the hole until Thursday.

The software giant had intended to release a patch for the flaw in February — more than four months after learning about it — but had to speed up that plan and role it out this week in the wake of news that Google and others had been hacked through the flaw, the world’s largest software maker acknowledged Thursday.

Meron Sellen, a security researcher at BugSec, an Israeli firm, quietly reported the vulnerability to Microsoft in September, according to security firm Kaspersky."

Link to Original Source

+ - CompTIA reneges on agreement with cert holders-> 4

Submitted by walterbyrd
walterbyrd (182728) writes "CompTIA deserves a class-action lawsuit.

Just last year CompTIA’s FAQ stated:
Question: Will I ever need to renew my certifications?
Answer: No, CompTIA certifications are lifetime certifications.

To me, this would seem to constitute a unilateral contract. Once consideration has been given to CompTIA, this contract should be binding.

Now, on a whim, CompTIA has decided to renege on their contracts with hundreds of thousands of certification holders.

From CompTIA's website:

> "CompTIA A+, CompTIA Network+ or CompTIA Security+ certifications are now valid for three years from the date the candidate is certified."

> "The new certification renewal policy is applicable to all individuals who hold CompTIA A+, CompTIA Network+ or CompTIA Security+ certifications, regardless of the date they were certified."

Whether or not expiring certifications are good or bad, for cert holders is besides the point. Previous cert holders had an agreement with CompTIA, and it is not fair, and should not be legal, for CompTIA to arbitrarily to break that agreements.

If CompTIA wants to change the agreement with subsequent exam takers, is a different matter. Comptia has not right to renege on agreements that they have already made."

Link to Original Source

+ - WHO Handling Of Swine Flu To Be Investigated

Submitted by krou
krou (1027572) writes "With swine flu fading in the UK (projected winter deaths of 65,000 have been downgraded to 1,000, and new cases are decreasing) the UK government has been left with millions of unused vaccines, and (unlike its contract with Baxter) no clear break-clause to get out of its contract with GlaxoSmithKlein. Although the amount paid for vaccines has not been disclosed, it likely cost the UK government several hundred million pounds. Other governments are also in a similar position: the US ordered 251 million doses of the vaccine, and France and Germany are aiming to cut back on their orders considerably. To say that the case for the pandemic has been over-estimated appears to be an understatement. Now, the WHO has announced that it is to investigate whether or not it bowed to pressure from drugs companies to overplay the threat. The Council of Europe Parliamentary Assembly has also announced an investigation into the matter after a resolution [pdf] from Dr. Wolfgang Wodarg, Chairman of the Subcommittee on Health, was adopted. Dr. Wodarg labelled swine flu as a "false pandemic", and claims in the resolution that '"in order to promote their patented drugs and vaccines against flu, pharmaceutical companies influenced scientists and official agencies responsible for public health standards to alarm governments worldwide and make them squander tight health resources for inefficient vaccine strategies, and needlessly expose millions of healthy people to the risk of an unknown amount of side-effects of insufficiently-tested vaccines."' By some estimates, GSK was expected to net over £1 billion from vaccine sales."

+ - Deforestation Unveils Lost Amazon Civilization->

Submitted by Deathsoldier11
Deathsoldier11 (1657455) writes ""Satellite flyovers of newly cleared land in the Amazon have uncovered a vanished civilization that could rival the Incans or Aztecs in sophistication.

Researchers found mysterious geometric trenches and other earthworks carved into the landscape as early as a decade ago, but satellites have paved the way for the discovery of over 200 giant structures.

Writing in the journal Antiquity, the researchers say the the formations stretch for some 250 kilometers (155 miles) across the upper Amazon basin east of the Andes mountains and appear to be of a similar style throughout, suggesting one vast, united civilization that could have totaled some 60,000 inhabitants.

Researchers also found stone tools, bits of ceramics, and other artifacts buried in mounds along the trenches. So far, the uncovered areas date to between 200 and 1283 A.D., but the team thinks they've seen "no more than a tenth" of the true extent of this archeological wonder.""

Link to Original Source
Security

+ - NetBIOS Design Allows Traffic Redirection-> 1

Submitted by iago-vL
iago-vL (760581) writes "Security researchers at SkullSecurity released research demonstrating how the NetBIOS protocol allows trivial hijacking due to its design; they have demonstrated this attack in a tool called 'nbpoison' (in the package 'nbtool'). If a DNS lookup fails on Windows, the operating system will broadcast a NetBIOS lookup request that anybody can respond to. One vector of attack is against business workstations on an untrusted network, like a hotel; all DNS requests for internal resources can be redirected (Exchange, proxy, WPAD, etc). Other attack vectors are discussed here. Although similar attacks exist against DHCP, ARP, and many other LAN-based protocols, and we all know that untrusted systems on a LAN means game over, NetBIOS poisoning is much quieter and less likely to break other things."
Link to Original Source
Linux

+ - Ubuntu Malware for DDoS Attack Found->

Submitted by
An anonymous reader writes "Digitizor reports that a malware intended to perform a DDoS attack was found in a .deb file claiming to be a screensaver in Gnome-Looks. The said .deb file installs some scripts with elavated privileges and updates itself automatically. The screensaver has been removed from gnome-looks now."
Link to Original Source

Not only is UNIX dead, it's starting to smell really bad. -- Rob Pike

Working...