jason8 writes with news that two programmers who worked at Bernie Madoff's investment firm have now been indicted on charges of 'conspiracy, falsifying records of a broker-dealer and falsifying records of an investment adviser,' for their role in hiding the firm's activities (PDF) from the SEC and external accountants. Quoting Reuters: "O'Hara and Perez, employed at the firm from 1990 and 1991, respectively, were primarily responsible for developing and maintaining computer programs in the investment advisory unit at the center of the fraud. Many of the programs were run on an IBM server known as 'House 17,' according to court documents. Prosecutors said the men took hush money to help keep the fraud going and designed codes to make up fake trade blotters and phantom records. US prosecutors said the two men worked under the supervision of Madoff and his top aide, Frank DiPascali, to deceive the US Securities and Exchange Commission and a European accounting firm. DiPascali is cooperating with prosecutors, who said his information led to the arrests of the programmers and the now defunct firm's outside accountant."

An anonymous reader writes "Wondering where all that bloat comes from, causing even the classic 'Hello world' to weigh in at 11 KB? An MIT programmer decided to make a Linux C program so simple, she could explain every byte of the assembly. She found that gcc was including libc even when you don't ask for it. The blog shows how to compile a much simpler 'Hello world,' using no libraries at all. This takes me back to the days of programming bare-metal on DOS!"

Trailrunner7 writes "Robert Hansen, a security researcher and CEO of SecTheory, has been gleaning intelligence from professional attackers in recent months, having a series of off-the-record conversations with spammers and malicious hackers in an effort to gain insight into their tactics, mindset and motivation. 'He's not the type to hack randomly, he's only interested in targeted attacks with big payouts. Well, the more I thought about it the more I thought that this is a very solvable problem for bad guys. There are already other types of bad guys who do things like spam, steal credentials and DDoS. For that to work they need a botnet with thousands or millions of machines. The chances of a million machine botnet having compromised at least one machine within a target of interest is relatively high.' Hansen's solution to the hacker's problem provides a glimpse into a business model we might see in the not-too-distant future. It's an evolutionary version of the botnet-for-hire or malware-as-a-service model that's taken off in recent years. In Hansen's model, an attacker looking to infiltrate a specific network would not spend weeks throwing resources against machines in that network, looking for a weak spot and potentially raising the suspicion of the company's security team. Instead, he would contact a botmaster and give him a laundry list of the machines or IP addresses he's interested in compromising. If the botmaster already has his hooks into the network, the customer could then buy access directly into the network rather than spending his own time and resources trying to get in."