Slashdot

An anonymous reader writes "Paypal has quietly killed the Paypal plugin and the related virtual-card service. The service generated on-the-fly, one-time-use credit card numbers. When I called in and inquired about the service, I was told that the service has been discontinued, but may be relaunching something similar depending on interest. They are treating inquiries as a sort of petition, taking down names and contact info. The forums seem to be a lost cause, as no Paypal reps have replied to the numerous posts regarding virtual cards being discontinued. Does anyone know of a good alternative source of one-time-use credit card numbers?"

An anonymous reader writes with news that security experts from Spider Labs released a kernel level rootkit for Android devices at DefCon on Friday. "As a proof of concept, it is able to send an attacker a reverse TCP over 3G/WIFI shell upon receiving an incoming call from a 'trigger number.' This ultimately results in full root access on the Android device." The rootkit was developed over a period of two weeks, and has been handed out to DefCon attendees on DVD.

TravisTR sends word of research from Bloomberg New Energy Finance which found that direct subsidies for renewable energy from governments worldwide totaled $43-46 billion in 2009, an amount vastly outstripped by the $557 billion in fossil fuel subsidies during 2008. "The BNEF preliminary analysis suggests the US is the top country, as measured in dollars deployed, in providing direct subsidies for clean energy with an estimated $18.2bn spent in total in 2009. Approximately 40% of this went toward supporting the US biofuels sector with the rest going towards renewables. The federal stimulus program played a key role; its Treasury Department grant program alone provided $3.8bn in support for clean energy projects. China, the world leader in new wind installations in 2009 with 14GW, provided approximately $2bn in direct subsidies, according to the preliminary analysis. This figure is deceptive, however, as much crucial support for clean energy in the country comes in form of low-interest loans from state-owned banks. State-run power generators and grid companies have also been strongly encouraged by the government to tap their balance sheets in support of renewables."

Trailrunner7 writes "Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn't identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for several weeks now, most notably with the Stuxnet malware. The advance notification from Microsoft on Friday said that the company is patching a critical vulnerability that is being actively exploited in the wild and affects all supported Windows platforms. The LNK flaw in the Windows shell was first identified earlier this month when researchers discovered the Stuxnet worm spreading from infected USB drives to PCs. Stuxnet has turned out to be a rather interesting piece of malware as it not only uses the LNK zero day vulnerability to spread, but it had components that were signed using a legitimate digital certificate belonging to Realtek, a Taiwanese hardware manufacturer."

pcardno writes "The UK government has responded to a petition encouraging government departments to move away from IE6 that had over 6,000 signatories. Their response seems to be that a fully patched IE6 is perfectly safe as long as firewalls and malware scanning tools are in place, and that mandating an upgrade away from IE6 will be too expensive. The second part is fair enough in this age of austerity (I'd rather have my taxes spent on schools and hospitals than software upgrade testing at the moment), but the whole reaction will be a disappointment to the petitioners." Update: 07/31 11:43 GMT by S : Dan Frydman, the man who launched the petition, has posted a response to the government's decision.

drbutts writes "The Toronto Star has an interesting story on how they are securing DNS: 'It's housed in two high-security facilities separated by the North American landmass. The one authenticated map of the Internet. Were it to be lost — either through a catastrophic physical or cyber attack — it could be recreated by seven individuals spread around the globe. One of them is Ottawa's Norm Ritchie. Ritchie was recently chosen to hold one of seven smartcards that can rebuild the root key that underpins this system' called DNSSEC (Domain Name System Security Extensions). In essence, these seven can rebuild the architecture that allows users to know for certain where they are and where they are going when navigating the Web."

Hugh Pickens writes "The NY Times covers a report released by the National Research Council, which says the ability of the US to identify the source of a nuclear weapon used in a terrorist attack is fragile and eroding. The goals of the highly specialized detective work, known as nuclear attribution, is to clarify options for retaliation and to deter terrorists by letting them know that nuclear devices have fingerprints that atomic specialists can find and trace. 'Although US nuclear forensics capabilities are substantial and can be improved, right now they are fragile, under-resourced and, in some respects, deteriorating,' the report warns. 'Without strong leadership, careful planning and additional funds, these capabilities will decline.' The report calls on the federal government to take steps to strengthen its forensic capabilities and argues for the necessity of better planning, more robust budgets, clearer lines of authority and more realistic exercises."

eagledck tips news that the FCC has "finally approved the first 4G Long Term Evolution (LTE) phone for sale in the US." The Samsung device will use MetroPCS as a carrier, but tech specs, software details and a launch timetable are still uncertain. Meanwhile, Verizon is ramping up testing of their own LTE infrastructure, hoping to launch in 25 to 30 markets by the end of the year. An anonymous reader notes that LTE rollouts could be hampered by a confused and conflicted patent situation. "It is impossible to know where all the patents are but we have identified more than 60 companies holding essential patents. It is a very large landscape and fragmented. If there was one major patent pool and a handful of individual companies to deal with, that would be possible. But signing license deals with 40 plus [entities] is not. A unified patent pool is best," said a representative for one of three patent pool organizations trying to accomplish that.

snydeq writes "A DefCon contest that invites contestants to trick employees at 30 US corporations into revealing not-so-sensitive data has rattled nerves at the FBI. Chris Hadnagy, who is organizing the contest, also noted concerns from the financial industry, which fears hackers will target personal information. The contest will run for three days, with participants attempting to unearth data from an undisclosed list of about 30 US companies. The contest will take place in a room in the Riviera hotel in Las Vegas furnished with a soundproof booth and a speaker, so an audience can hear the contestants call companies and try to weasel out what data they can get from unwitting employees." The group organizing the contest has established a strict set of rules to ensure participants don't violate any laws. Update: 07/31 04:45 GMT by S : PCWorld has coverage of one of the day's more successful attacks.

suraj.sun writes with news that the US Department of Justice has joined a lawsuit alleging Oracle of overcharging the federal government for its software products. Quoting: "In a nutshell, the lawsuit argues that Oracle's government customers — a wide array of agencies, including the State Department, the Energy Department, and the Justice Department itself — got deals 'far inferior' to those the enterprise software giant gave to its commercial clients. The allegations stem from a software deal between Oracle and the federal General Services Administration that the Justice Department says involved 'hundreds of millions of dollars in sales' and that ran from 1998 to 2006. Under the contract, Oracle was required to inform the GSA when commercial discounts improved and to offer those same discounts to government buyers. Oracle misrepresented its true commercial sales practices and thus defrauded the US, the lawsuit contends.