Blacklaw writes "A team of security researchers has created a proof-of-concept Trojan for Android handsets that is capable of listening out for credit card numbers — typed or spoken — and relaying them back to the application's creator. Once installed, Soundminder sits in the background and waits for a call to be placed — hence the access to the 'Phone calls' category. When triggered by a call, the application listens out for the user entering credit card information or a PIN and silently records the information, performing the necessary analysis to turn it from a sound recording into a number."

itwbennett writes "The FBI issued a warning Wednesday about a new twist on a long-running computer fraud technique, known as Automated Clearing House fraud. With ACH fraud, criminals install malware on a small business' computer and use it to log into the company's online bank account. In this latest twist on the scam, the criminals are apparently looking for companies that are hiring online and then sending malicious software programs that are doctored to look like job applications. One unnamed company recently lost $150,000 in this way, according to the FBI's Internet Crime Complaint Center. 'The malware was embedded in an e-mail response to a job posting the business placed on an employment website,' the FBI said in a press release. The malware, a variant of the Bredolab Trojan, 'allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company.'"

crabel writes with this quote from the H Online: "At the 27th Chaos Communication Congress in Berlin security researcher Julia Wolf pointed out numerous, previously hardly known security problems in connection with Adobe's PDF standard. For instance, a PDF can reportedly contain a database scanner that becomes active and scans a network when the document is printed on a network printer. Wolf said that the document format is also full of other surprises. For example, it is reportedly possible to write PDFs which display different content in different operating systems, browsers or PDF readers — or even depending on a computer's language settings."

krou writes "In an effort to investigate the impact of the leaked diplomatic cables, the CIA have launched the Wikileaks Task Force, commonly referred to at CIA headquarters as 'WTF.' 'The Washington Post said the panel was being led by the CIA's counter-intelligence centre, although it has drawn in two dozen members from departments across the agency.' Although the agency has not seen much of its own information leaked in the cables, some revelations (such as spying at the UN) originated from direct requests by the CIA. The Guardian notes that, 'WTF is more commonly associated with the Facebook and Twitter profiles of teenagers than secret agency committees. Given that its expanded version is usually an expression of extreme disbelief, perhaps the term is apt for the CIA's investigation.'"

Trailrunner7 writes "Two major online ad networks — DoubleClick and MSN — were serving malware via drive-by download exploits over the last week, experts say, after a group of attackers was able to trick the networks into displaying their ads by impersonating an online advertising provider. The scheme involved a group of attackers who registered a domain that was one letter away from that of ADShuffle.com, an online advertising technology firm. The attackers then used the fake domain — ADShufffle.com — to dupe the advertising networks into serving their malicious banner ads. The ads used various exploits to install malware on victims' PCs through drive-by downloads, according to information compiled by security vendor Armorize."

alphadogg writes "Policymakers disagree about whether the recent Chinese hijacking of Internet traffic was malicious or accidental, but there's no question about the underlying cause of this incident: the lack of built-in security in the Internet's main routing protocol. Network engineers have been talking about this weakness in the Internet infrastructure for a decade. Now a fix is finally on the way."

eldavojohn writes "About a year ago, legislation was introduced to control the volume of TV commercials. It passed the Senate in September and has now been passed in the House as well. This problem has dated back to the 1960s, but after the president signs the bill, broadcasters will be subject to regulations of the Advanced Television Systems Committee on what is 'too loud.' Of the last 25 quarterly reports from the FCC, this has been the number one consumer complaint in 21 of them. Within a year, you should start to notice a difference, with commercials no longer forcing you to turn down the TV volume during breaks in your regular programming."

wiredmikey sends along a security story that looks like it could be one to watch. Lin Mun Poo was arrested shortly after arriving at New York's John F. Kennedy International Airport in late October, traveling to the US on business. The 32-year-old resident of Malaysia was observed by an undercover Secret Service agent selling stolen credit card data in a diner. After arresting him and seizing his laptop (which was "heavily encrypted"), authorities discovered evidence of far more serious security breaches. According to documents from the Department of Justice, Lin Mun Poo had hacked into the Federal Reserve Bank of Cleveland and stolen over 400,000 credit and debit card numbers. Also, according to authorities, Mr. Poo managed to hack into FedComp, a data processor for federal credit unions, enabling him to access the data of various federal credit unions. He also hacked into the computer system of a Department of Defense contractor that provides systems management for military transport and other military operations, potentially compromising highly sensitive military logistics information.

An anonymous reader writes "A hidden (and hardware password protected, by means of required special values in processor registers) debug mode has been found in AMD processors, and documented by a reverse engineer called Czernobyl on the RCE Forums community today. It enables powerful hardware debugging features long longed for by reverse engineers, such as hardware data-aware conditional breakpoints, and direct hardware 'page guard'-style breakpoints. And the best part is, it's sitting right there in your processor already, just read the details and off you go with the debugging ninja powers!"

Trailrunner7 writes "A Google malware researcher gave a rare peek inside the company's massive anti-malware and anti-phishing efforts at the SecTor conference here, and the data the company has gathered shows that the attackers who make it their business to infect sites and exploit users are adapting their tactics very quickly and creatively to combat the efforts of Google and others. While Google is still a relative newcomer to the public security scene, the company has deployed a number of services and technologies recently that are designed to identify phishing sites, as well as sites serving malware, and prevent users from finding them. The tools include the Google SafeBrowsing API and a handful of services that are available to help site owners and network administrators find and eliminate malware and the attendant bugs from their sites. Fabrice Jaubert, of Google's anti-malware team, said the company has had good luck identifying and weeding out malicious sites of late. Still, as much as 1.5 percent of all search result pages on Google include links to at least one malware-distribution site, he said."

Many of you have submitted a story about Irish filmmaker George Clarke, who claims to have found a person using a cellphone in the "unused footage" section of the DVD The Circus, a Charlie Chaplin movie filmed in 1928. To me the bigger mystery is how someone who appears to be the offspring of Ram-Man and The Penguin got into a movie in the first place, especially if they were talking to a little metal box on set. Watch the video and decide for yourself.

An anonymous reader writes "It's official: Ubuntu has, with its ironically named 'Unity' interface, chosen to move away from GNOME for Ubuntu Natty Narwhal. Or at least move away from GNOME Shell. Mark Shuttleworth says that Ubuntu will still be 'GNOME,' even if it's not using GNOME Shell. Do you agree?"