Nerval's Lobster writes "The use of a Red Team and penetration testing can strengthen an organization's security posture. But how does a Red Team member actually think like an attacker, and use that mindset to exploit security vulnerabilities? Gillis Jones works for WhiteHat Security, where his job rests within the TRC (Threat Research Center). It's here that he performs hands-on site assessments, which involve manually confirming all the issues reported by an automatic scan of a particular Website or application. His job includes checking the application's POST and GET requests for reflection of any inputs. He also checks for Cross-Site Scripting (XSS), which includes stored, reflected, and DOM XSS vulnerabilities. Those checks let him determine the Website’s basic security posture. If user input isn’t encoded or sanitized, that’s a good indicator of other problems. And if that’s the case, then Jones (or someone like him) will move on to checking for SQL Injection (SQLi) vulnerabilities and other issues."
Migrate from GitHub to SourceForge quickly and easily with this tool. Check out all of SourceForge’s recent improvements.×
hypnosec writes "Kim Dotcom has revealed that Megaupload's successor, Mega, which is reportedly launching on January 20, 2013, will be operating through a new domain name: Mega.co.nz. Through a tweet Dotcom announced that Mega has found a new home and that the new domain name is protected by the law. Dotcom also revealed that lobbyists won't be able to do anything about this, as 'judges are not influenced by politics in New Zealand.' Recent announcements about Mega's domain — Me.ga — didn't go as planned following a decision by the Government of Gabon to suspend the domain name. Dotcom had announced at the time that despite the blockage, Mega would launch as planned."
EthanV2 writes "The Wall Street Journal cites a report which quotes a 'person familiar with negotiations between the two tech giants,' apparently confirming this special price hike for Apple. The source said: 'Samsung Electronics recently asked Apple for a significant price raise in (the mobile processor known as) application processor. Apple first disapproved it, but finding no replacement supplier, it accepted the [increase].'"
Hugh Pickens writes "The WSJ reports that widespread disruptions to Google in China over the weekend, halting use of everything from Google's search engine to its Gmail email service to its Google Play mobile-applications store, underscore the uncertainty surrounding Beijing's effort to control the flow of information into the country, as well as the risks that effort poses to the government's efforts to draw global businesses. The source of the disruptions couldn't be determined, but Internet experts pointed to China's Internet censorship efforts, which have been ratcheted up ahead of the 18th Party Congress. 'There appears to be a throttling under way of Web access,' says David Wolf, citing recent articles in foreign media about corruption and wealth in China spurred by the party congress and the fall of former party star Bo Xilai, 'that's their primary concern, people getting news either through Google or through its services.' Beijing risks a backlash if it were to block Google outright on a long-term basis, says Wolf and such a move could put Beijing in violation of its free-trade commitment under the World Trade Organization and make China a less-attractive place to do business. 'If China insists in the medium and long term of creating another Great Firewall between the China cloud and the rest of the world, China will be an increasingly untenable place to do business.'"
The screenwriter of Toy Story 3, and Little Miss Sunshine, Michael Arndt is writing the script for Star Wars: Episode VII according to Lucasfilm. From the article: "...The new movie has just entered pre-production and is slated to be released in 2015. It was announced just last month as Disney acquired Lucasfilm, but there’s still no word on what the major plot points of the new chapter will entail. However, Vulture reports that 'the studio’s brass want to bring back the three central characters of the original Star Wars: a much older Luke Skywalker, Princess Leia, and Han Solo. No deals are in place with any of the original actors, though our source did say it had high ambition to sign up Mark Hamill, and EW recently reported that Harrison Ford was open to the idea of returning.'"
Barence writes "A British man has been arrested for posting a picture of a burning poppy on Facebook. The poppy is a symbol of remembrance for those who died in war, and the arrest was made on Remembrance Sunday. 'A man from Aylesham has tonight been arrested on suspicion of malicious telecommunications,' Kent police said in a statement after the arrest. 'This follows a posting on a social network site of a burning poppy. He is currently in police custody awaiting interview.' The arrest has been criticized by legal experts. 'What was the point of winning either World War if, in 2012, someone can be casually arrested by @Kent_police for burning a poppy?' tweeted David Allen Green, who helped clear the British man who was prosecuted for a joke tweet threatening to blow up an airport."
MrSeb writes "Scientists at Duke University have created the first invisibility cloak that perfectly hides centimeter-scale objects. While invisibility cloaks have been created before, they have all reflected some of the incident light, ruining the illusion. In this case, the incident light is perfectly channeled around the object, creating perfect invisibility. There are some caveats, of course. For now, the Duke invisibility cloak only works with microwave radiation — and perhaps more importantly, the cloak is unidirectional (it only provides invisibility from one very specific direction). The big news here, though, is that it is even possible to create an invisibility cloak of any description. It is now just a matter of time before visible-light, omnidirectional invisibility cloaks are created."
Sparrowvsrevolution writes "Since 2008, Dallas, Texas attorney Erich Spangenberg and his company TQP have been launching suits against hundreds of firms, claiming that merely by using SSL, they've violated a patent TQP acquired in 2006. Nevermind that the patent was actually filed in 1989, long before the World Wide Web was even invented. So far Spangenberg's targets have included Apple, Google, Intel, Dell, Hewlett-Packard, every major bank and credit card company, and scores of web startups and online retailers, practically anyone who encrypts pages of a web sites to protect users' privacy. And while most of those lawsuits are ongoing, many companies have already settled with TQP rather than take the case to trial, including Apple, Amazon, Dell, and Exxon Mobil. The patent has expired now, but Spangenberg can continue to sue users of SSL for six more years and seems determined to do so as much as possible. 'When the government grants you the right to a patent, they grant you the right to exclude others from using it,' says Spangenberg. 'I don't understand why just because [SSL is] prevalent, it should be free.'"
jjp9999 writes "Nextgov reports, 'The Homeland Security Department has commissioned Accenture to test technology that mines open social networks for indications of pandemics, according to the vendor.' This will kick off a year-long biosurveillance program, costing $3 million, that will log trends in public health by looking through public posts. This ties back to White House guidelines released in July that ask federal agencies to 'Consider social media as a force multiplier that can empower individuals and communities to provide early warning and global situational awareness.'"
An anonymous reader writes in with a story about another side effect of increased carbon dioxide in the atmosphere. "Rising carbon dioxide levels at the edge of space are apparently reducing the pull that Earth's atmosphere has on satellites and space junk, researchers say. The findings suggest that man made increases in carbon dioxide might be having effects on the Earth that are larger than expected, scientists added... in the highest reaches of the atmosphere, carbon dioxide can actually have a cooling effect. The main effects of carbon dioxide up there come from its collisions with oxygen atoms. These impacts excite carbon dioxide molecules, making them radiate heat. The density of carbon dioxide is too thin above altitudes of about 30 miles (50 kilometers) for the molecules to recapture this heat. Cooling the upper atmosphere causes it to contract, exerting less drag on satellites."
William Robinson writes "Scientists have found way to use X-Ray Lasers to create supercharged particles. The specific tuning of the laser's properties can cause atoms and molecules to resonate. The resonance excites the atoms and causes them to shake off electrons at a rate that otherwise would require higher energies. This could be used to create highly charged plasma."
cstacy writes "The Inamori Foundation has awarded the Kyoto Prize to graphics pioneer Ivan Sutherland, for developing Sketchpad in 1963. The award recognizes significant technical, scientific and artistic contributions to the 'betterment of mankind, and honors Sutherland him for nearly 50 years of demonstrating that computer graphics could be used "for both technical and artistic purposes.'"
Lasrick writes "Blake Clayton has an excellent piece on the cyber threat to the global oil supply. His description of the August attack on Saudi Aramco, which rendered thirty thousand of its computers useless, helps make his point. From the article: 'The future of energy insecurity has arrived. In August, a devastating cyber attack rocked one of the world’s most powerful oil companies, Saudi Aramco, Riyadh’s state-owned giant, rendering thirty thousand of its computers useless. This was no garden-variety breach. In the eyes of U.S. defense secretary Leon Panetta, it was “probably the most destructive attack that the private sector has seen to date.”'"
An anonymous reader writes "A new neural interface delicate enough not to damage nerve tissue, but resilient enough to last decades has been made. Made from a single carbon fiber and coated with chemicals, the technology is believed to be fully resistant to proteins in the brain. From the article: 'The new microthread electrode, designed to pick up signals from a single neuron as it fires, is only about 7 micrometers in diameter. That is the thinnest yet developed, and about 100 times as thin as the conventional metal electrodes widely used to study animal brains. “We wanted to see if we could radically change implant technology,” says Takashi Kozai, a researcher at the University of Pittsburgh and the lead author on the paper, published today in the journal Nature Materials. “We want to see an electrode that lasts 70 years.”'"
Hugh Pickens writes "With the 'fiscal cliff' just weeks away, Chris O'Brien writes that venture capital fundraising in silicon valley is down, the amount invested is down, the number of folks investing in venture capital is down, and the number of VC firms and partners are down. 'The people I talked to in the industry sounded grim even as they tried to make the case for optimism,' writes O'Brien. 'Still, it remains difficult to identify a clear path for turning things around for the battered venture capitalists who make Silicon Valley hum.' So what's wrong with the VC industry? The problems are many and complex but they can be boiled down to one thing: Not enough exits. For the size of venture capital being raised and invested, there simply aren't enough initial public offerings of stock or mergers and acquisitions to generate the returns that funds need. Venture insiders blame the global economic uncertainty. They believe that is part of the reason that giant corporations, which have amassed huge piles of cash, are just sitting on it, rather then using it to acquire startups. 'The numbers are way down,' said Ray Rothrock, a partner at Venrock. 'All these companies with these fantastic balance sheets, and nobody is really buying anything. With all the uncertainty they're facing with the economy and taxes, buying little companies is way down on their list.'"