An anonymous reader writes: A new malware family called ProxyBack infects PCs and transforms them into a Web proxy. ProxyBack malware works by infecting a PC, establishing a connection with a proxy server controlled by the attackers, from where it receives instructions, and later the traffic it needs to route to actual Web servers. Each machine infected with ProxyBack works as a bot inside a larger network controlled by the attackers, who send commands and update instructions via simple HTTP requests. Some of the people infected with this malware, mysteriously found their IP listed on the buyproxy.ru Web proxy service.A technical write-up of the infection steps and various malware commands is available on the Palo Alto Networks blog.

Nerval's Lobster writes: It's no secret that tech pros with extensive IT security backgrounds are in high demand, especially in the wake of last year's high-profile hacks of major companies such as Sony and Home Depot. Which security-related job pays the most? According to a new analysis of Dice salary data, a lead software security engineer can expect to earn an average of $233,333 in 2015, followed by a director of security, who can expect to earn $200,000. Nor are those outliers: Chief information security officers, directors of information security, and IT security consultants can all expect to earn close to $200,000, if not more. While many subfields of IT security prove quite lucrative, there are also other jobs that earn below the average for tech pros. Security analysts will make an average of $59,880 this year, for instance, while security installation technicians—because somebody needs to install the cameras and sensors—can expect to earn $31,680. Compare that to the average tech-pro salary of $89,450 in 2014, which is only expected to rise this year. According to a 2014 report from Global Knowledge and Penton, those armed with certifications such as CRISC, CISM, and CISA can expect to earn a healthy six figures a year.

Nerval's Lobster writes: Despite legislation making it overtly illegal, ageism persists in the IT industry. If you're 40 or older, you've probably seen cases where younger developers were picked over older ones. At times we're told there's a staffing crisis, that companies need to import more developers via H-1B, but the truth is that outsourcing and downsizing eliminated a subset of viable developers from the market. Those developers, in turn, had to figure out if they wanted to land another job, freelance, or leave the technology industry entirely. But older developers still have a lot to offer, developer David Bolton writes in a new column: They have decades of experience (and specialist knowledge), they have a healthy disregard for office politics (but can still manage, when necessary), they're available, and they're (generally) stable.

HughPickens.com writes: The NYT reports that President Obama has offered an emotional apology for the accidental killing of two hostages held by Al Qaeda, one of them American, in a United States government counterterrorism operation in January, saying he takes "full responsibility" for their deaths. "As president and as commander in chief, I take full responsibility for all our counterterrorism operations," including the one that inadvertently took the lives of the two captives, a grim-faced Obama said in a statement to reporters in the White House briefing room. The White House earlier released an extraordinary statement revealing that intelligence officials had confirmed that Warren Weinstein, an American held by Al Qaeda since 2011, and Giovanni Lo Porto, an Italian held since 2012, died during the operation. Gunmen abducted Warren Weinstein in 2011 from his home in Lahore, Pakistan. They posed as neighbors, offered food and then pistol-whipped the American aid worker and tied up his guards, according to his daughter Alisa Weinstein.

The White House did not explain why it has taken three months to disclose the episode. Obama said that the operation was conducted after hundreds of hours of surveillance had convinced American officials that they were targeting an Al Qaeda compound where no civilians were present, and that "capturing these terrorists was not possible." The White House said the operation that killed the two hostages "was lawful and conducted consistent with our counterterrorism policies" but nonetheless the government is conducting a "thorough independent review" to determine what happened and how such casualties could be avoided in the future.

reifman writes The CDC reports that 69% of adult Americans are overweight or obese. Techies like us are at increased risk because of our sedentary lifestyles. Perhaps you even scoffed at Neilsen's recent finding that some Americans spend only 11 hours daily of screen time. Over the last nine months, I've lost 30 pounds and learned a lot about hacking weight loss and I did it without fad diets, step trackers, running or going paleo. No such discussion is complete without a link to the Hacker Diet.

ckwu writes From bread bags to beverage bottles, many plastics now contain additives designed to make the materials biodegradable. But a new study shows that plastics made with such additives do not biodegrade in the environment significantly faster than those without the compounds. Researchers prepared films of commercial plastics with three different types of additives supplied by their manufacturers. The researchers then treated the film samples to mimic disposal of such plastics in a compost pile, a landfill, and soil. After about six months of composting, a year and a half of landfill-like conditions, and three years of soil burial, the plastics with additives did not show any more evidence of biodegradation than plastics without them.

Bennett Haselton writes: Vimeo and Youtube are pressured to remove a dark, fan-made "Power Rangers" short film; Vimeo capitulated, while Youtube has so far left it up. I'm generally against the overreach of copyright law, but in this case, how could anyone argue the short film doesn't violate the rights of the franchise creator? And should Vimeo and Youtube clarify their policies on the unauthorized use of copyrighted characters? Read on for the rest.

the_insult_dog writes Despite a lack of dev tools, samples, tutorials, documentation or even a blog post or press release, Facebook's announcement that it's bringing the popular React.js JavaScript library to iOS and Android native mobile development stirred up comments like "groundbreaking" and "game changing." In a series of videos from the recent React.js Conference 2015, Facebook engineers said they're rejecting the "write-once, run-anywhere pipe dream" in favor of a "learn-once, write-anywhere" paradigm. All efforts to duplicate native performance and look-and-feel actually feel like "s__t", an engineer said in explaining the company's new approach to native development in a conference keynote video. Yet to be proven, with tools in the works, it's supposedly a huge success internally at Facebook and experts said the new approach could shake up the whole mobile dev industry.

Bennett Haselton writes: They would never admit it, but your high school admins would probably breathe a sigh of relief if all of their sexting-mad students would go ahead and install Snapchat so that evidence of (sometimes) illegal sexting would disappear into the ether. They can't recommend that you do this, because it would sound like an implicit endorsement, just like they can't recommend designated drivers for teen drinking parties -- but it's a good bet they would be grateful. Read on for the rest.

"The United States Postal Service "Click-N-Ship" site suffered no outages or slowdowns during Christmas rush," writes Bennett Haselton. "It just has bugs that make the process more annoying than just standing in line at the post office, which defeats the purpose. The most frustrating part is that most of these bugs could have been fixed, just by having some testers run through the ordering process and make a note of anything that seems confusing or wrong. (Although I've included notes on how to work around all the bugs, so you really can print your own labels and skip the line.)" Read on for the rest; what other gripes do you have about the current package delivery regime, and how would you resolve them?

With the holidays coming up, Bennett Haselton has updated his geek-oriented gift guide for 2014. He says: Some of my favorite gifts to give are still the ones that were listed in several different previously written posts, while a few new cool gift ideas emerged in 2014. Here are all my current best recommendations, listed in one place. Read on for the list, or to share any suggestions of your own.

mi writes The U.S. Navy has declared an experimental laser weapon on its Afloat Forward Staging Base (AFSB) in the Persian Gulf an operational asset and U.S. Central Command has given permission for the commander of the ship to defend itself with the weapon. The 30 kilowatt Laser Weapon System (LaWS) was installed aboard USS Ponce this summer as part of a $40 million research and development effort from ONR and Naval Sea Systems Command (NAVSEA) to test the viability of directed energy weapons in an operational environment. No word yet on a smaller, shark-mounted version.

Bennett Haselton writes The corruption of the #Ferguson and #Gamergate hashtags demonstrates how vulnerable the hashtag system is to being swamped by an "angry mob". An alternative algorithm could be created that would allow users to post tweets and browse the ones that had been rated "thoughtful" by other users participating in the same discussion. This would still allow anyone to contribute, even average users lacking a large follower base, while keeping the most stupid and offensive tweets out of most people's feeds. Keep reading to see what Bennett has to say.

Bennett Haselton writes: Twitter has announced new protocols for filing and handling abuse reports, making it easier to flag specific types of content (e.g. violence or suicide threats). But with the volume of abusive tweets being reported to the company every day, the internal review process will always be a bottleneck. The company could handle more abuse reports properly by recruiting public volunteers. Read what Bennett thinks below.

jenwike writes: With the success of open source software today, we are seeing organizations undertake more egregious marketing and promotion schemes that exaggerate their participation in, contributions to, and/or licensing of open source software. Their hope is to capitalize on the label of 'open source' and the success that goes along with it. The reality is that the responsibility is on the end-users to review the software and accompanying license to ensure it meets your expectations.