An anonymous reader writes "A new piece of Android malware has been discovered that can intercept your incoming text messages and forward them on to criminals. Once installed, the trojan can be used to steal sensitive messages for blackmailing purposes or more directly, codes which are used to confirm online banking transactions. The malware in question, detected as "Android.Pincer.2.origin" by Russian security firm Doctor Web, is the second iteration of the Android.Pincer family according to the company. Both threats spread as security certificates, meaning they must be deliberately installed onto an Android device by a careless user."

miller60 writes "Servers may soon fill the aisles where shoppers once roamed. Sears Holdings is seeking to convert former Sears and Kmart stores into Internet data hubs. Some stand-alone stores and distribution centers may be repurposed as data centers, while mall-based stores can be converted into disaster recovery sites, the company says, offering access to stores and eateries for displaced workers who may be on site for weeks. Then there's the wireless tower opportunity. Seventy percent of the U.S. population lives within 10 miles of a Sears or Kmart store, and these rooftops can be leased to fill gaps in cell coverage. It's not the first effort to convert stores into IT infrastructure, as Rackspace is headquartered in an old mall, and companies have built data centers in malls in Indiana and Maryland. But Sears, which operates 25 million square feet of real estate, hopes to make this strategy work at scale." Also at Slash DataCenter.

alancronin writes "Four decades ago the Ethernet protocol made its debut as a way to connect machines in close proximity, today it is the networking layer two protocol of choice for local area networks (LANs), wide area networks (WANs) and everything in between. For many people Ethernet is merely the RJ45 jack on the back of a laptop, but its relative ubiquity and simplicity belie what Ethernet has done for the networking industry and in turn for consumers and enterprises. Ethernet has in the space of 40 years gone from a technology that many in the industry viewed as something not fit for high bandwidth, dependable communications to the default data link protocol."

zrbyte writes "One-time pads are the holy grail of cryptography — they are impossible to crack, even in principle. However, the ability to copy electronic code makes one-time pads vulnerable to hackers. Now engineers at the California Institute of Technology in Pasadena, have found a way around this to create a system of cryptography that is invulnerable to electronic attack. Their solution is based on a special kind of one-time pad that generates a random key through the complexity of its physical structure, namely shining a light through a diffusive glass plate."

An anonymous reader writes "Edwin Vargas, a detective with the New York City Police Department, was arrested on Tuesday for computer hacking crimes. According to the complaint unsealed in Manhattan federal court, between March 2011 and October 2012, Vargas, an NYPD detective assigned to a precinct in the Bronx, hired an e-mail hacking service to obtain log-in credentials, such as the password and username, for certain e-mail accounts. In total, he purchased access to at least 43 personal e-mail accounts belonging to 30 different individuals, including at least 19 who are affiliated with the NYPD."

Aguazul2 writes "The German software giant SAP has announced it plans to recruit hundreds of people with autism within the next few years. The project has already started in India and Ireland where a total of 11 people with autism are employed by the company. The program to take on software testers, programmers and data management workers will spread across Germany, Canada and the U.S. this year. People with autism have a neural development disorder that often undermines their ability to communicate and interact socially [...] but in the world of computers the tendencies they often display such as an obsession for detail and an ability to analyze long sets of data very accurately can translate into highly useful and marketable skills."

First time accepted submitter fezzzz writes "Anonymous performed a data dump of hundreds of whistle blowers' private details in an attempt to show their unhappiness with the SAPS (South African Police Service) for the Marikana shooting. In so doing, the identities of nearly 16,000 South Africans who lodged a complaint with police on their website, provided tip-offs, or reported crimes are now publicly available." Reader krunster also submitted a slightly more in depth article on the breach.

An anonymous reader writes "I run a small software consulting company who outsources most of its work to contractors. I market myself as being able to handle any technical project, but only really take the fun ones, then shop it around to developers who are interested. I write excellent product specs, provide bug tracking & source control and in general am a programming project manager with empathy for developers. I don't ask them to work weekends and I provide detailed, reproducible bug reports and I pay on time. The only 'rule' (if you can call it that) is: I do not pay for bugs. Developers can make more work for themselves by causing bugs, and with the specifications I write there is no excuse for not testing their code. Developers are always fine with it until we get toward the end of a project and the customer is complaining about bugs. Then all of a sudden I am asking my contractors to work for 'free' and they can make more money elsewhere. Ugh. Every project ends up being a battle, so, I think the solution is to finally hire someone full-time and pay for everything (bugs or not) and just keep them busy. But how can I make that transition? The guy I'd need to hire would have to know a lot of languages and be proficient in all of them. Plus, I can't afford to pay someone $100k/year right now. Ideas?"

An anonymous reader writes "Despite warnings that a cyberattack could cripple the nation's power supply, a U.S. Congressional report (PDF) finds that power companies' efforts to protect the power grid are insufficient. Attacks are apparently commonplace, with one utility claiming they fight off some 10,000 attempted attacks every month. The report also found that while most power companies are complying with mandatory standards for protection, few do much else above and beyond that to protect the grid. 'For example, NERC has established both mandatory standards and voluntary measures to protect against the computer worm known as Stuxnet. Of those that responded, 91% of IOUs [Investor-Owned Utilities], 83% of municipally- or cooperatively-owned utilities, and 80% of federal entities that own major pieces of the bulk power system reported compliance with the Stuxnet mandatory standards. By contrast, of those that responded to a separate question regarding compliance with voluntary Stuxnet measures, only 21% of IOUs, 44% of municipally- or cooperatively-owned utilities, and 62.5% of federal entities reported compliance.'"

An anonymous reader writes "When in early 2010 Google shared with the public that they had been breached in what became known as the Aurora attacks, they said that the attackers got their hands on some source code and were looking to access Gmail accounts of Tibetan activists. What they didn't make public is that the hackers have also accessed a database containing information about court-issued surveillance orders that enabled law enforcement agencies to monitor email accounts belonging to diplomats, suspected spies and terrorists. Whether this was the primary goal of the attacks as well as how much information was exfiltrated is unknown. current and former U.S. government officials interviewed by the Washington Post say that the database in question was possibly accessed in order to discover which Chinese intelligence operatives located in the U.S. were under surveillance."

dcblogs writes "The Senate's immigration bill may force the large offshore outsourcing firms to reduce their use of H-1B visa-holding staff, forcing them to hire more local workers and raising their costs. But one large Indian firm, Infosys, will try to offset cost increases with software robotics. Infosys recently announced a partnership with IPsoft, a New York-based provider of autonomic IT services. With IPsoft's tools, work that is now done by human beings, mostly Level 1 support, could be done by a software machine. Infosys says that IPsoft tools can 'reduce human intervention.' More colorfully, Chandrashekar Kakal, global head of Infosys's business IT services, told the Times of India, that 'what robotics did for the auto assembly line, we are now doing for the IT engineering line.' James Slaby, a research director of HFS Research who has been following the use of autonomics closely, wrote in a recent report that the IPsoft partnership may help Infosys 'reap fatter margins by augmenting and replacing expensive, human IT support engineers with cheaper, more accurate, efficient automated processes,' and by improving service delivery."

Trailrunner7 writes "The Microsoft Digital Crimes Unit has been spearheading botnet takedowns and other anti-cybercrime operations for many years, and it has had remarkable success. But the cybercrime problem isn't going away anytime soon, so the DCU is in the process of building a new cybercrime center here, and soon will roll out a new threat intelligence service to help ISPs and CERT teams get better data about ongoing attacks. Dennis Fisher sat down with TJ Campana, director of security at the DCU, to discuss the unit's work and what threats could be next on the target list."

DavidGilbert99 writes "LulzSec's star burnt brightly in the short period it was active, but things quickly turned sour when its core members began getting arrested. Last week three of the six core members were sentenced in the UK, but this only served to highlight the fact that one member of the group, known as Avunit, has been able to remain unidentified despite the FBI having turned the group's leader Sabu into an informant. Who is Avunit? And does he hold the purse strings of the group's Bitcoin wallet which could have up to $180,000 in it?" As usual, be warned of the horrendous autoplaying video ads surrounding good content at the primary link.

colinneagle writes "Scripps News reporters discovered 170,000 records online of customers of Lifeline, a government program offering affordable phone service for low-income citizens, that contained everything needed for identity theft . Last year, the FCC 'tightened' the rules for the program by requiring Lifeline phone carriers to document applicants' eligibility, which led to collecting more sensitive information from citizens. A Scripps News investigative team claims it 'Googled' the phone companies TerraCom Inc. and YourTel America Inc. to discover all of the files. A Scripps reporter asked for an on-camera interview with the COO of TerraCom and YourTel after explaining the files were freely available online. That did not happen, but shortly thereafter the customer records disappeared from the internet. Then, the blame-the-messenger hacker accusations and mudslinging began. Although the Scripps reporters videotaped the process showing how they found the documents, attorney Jonathon Lee for both telecoms threatened the 'Scripps Hackers' with violating the Computer Fraud and Abuse Act (CFAA)."

judgecorp writes "Government institutions are among the targets of an attack on Pakistani bodies, which originates in India, according to reports. The campaign is using vulnerabilities in Microsoft software to install the HangOver malware, according to Norwegian security firm Norman Shark (PDF). From the article: 'In the attacks on Pakistani organizations, spear phishing emails were sent out purporting to contain information on "ongoing conflicts in the region, regional culture and religious matters," according to Norman. Norman could not provide direct attribution to the attacks, but its report did note the following: "The continued targeting of Pakistani interests and origins suggested that the attacker was of Indian origin." Snorre Fagerland, principal security researcher in the Malware Detection Team at Norman, told TechWeekEurope it appeared Pakistani government bodies had been attacked.'"

mask.of.sanity writes "Lights, sounds and magnetic fields can be used to activate malware on phones, new research has found. The lab-style attacks defined in a paper (PDF) used pre-defined signals hidden in songs and TV programmes as a trigger to activate embedded malware. Malware once activated would carry out programmed attacks either by itself or as part of a wider botnet of mobile devices."

puddingebola writes with this excerpt from a Bloomberg report: "The Pentagon cleared Apple Inc. (AAPL) devices for use on its networks, setting the stage for the maker of iPhones and iPads to compete with Samsung Electronics Co. and BlackBerry for military sales. The Defense Department said in a statement [Friday] that it has approved the use of Cupertino, California-based Apple's products running a version of the iOS 6 mobile platform. The decision eventually may spur a three-way fight for a market long dominated by Waterloo, Ontario-based BlackBerry.'" Also, Apple devices are best for uploading viruses to alien craft.

First time accepted submitter russotto points out the claim of industry group TechAmerican Foundation (reported by Computerworld) that "wages for the software industry are falling, not rising. Wages fell 2% to $99,000 in 2012." Averages are one thing; the article points out though that wages vary vastly within the industry, and that some jobs are harder to fill (thus, better paid) than others. An excerpt: "Victor Janulaitis, CEO of Janco Associates, a research firm that also analyzes IT wage and employment trends, cited a number of reason for the decline in wages for software professionals. First, technology is becoming easier to implement without having an IT professional, he said. Also, the option of turning to outsourcing creates less pressure to increase wages. As the recession continues, companies continue 'to look at productivity and will often look to hire individuals who are lower cost employees,' said Janulaitis. That could include displaced baby boomer workers who have been out of work for some time and 'will take a lower paying job just to get back into the workforce.'"

Madwand writes "The NetBSD Project is pleased to announce NetBSD 6.1, the first feature update of the NetBSD 6 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. NetBSD is a free, fast, secure, and highly portable Unix-like Open Source operating system. It is available for a wide range of platforms, from large-scale servers and powerful desktop systems to handheld and embedded devices. Its clean design and advanced features make it excellent for use in both production and research environments, and the source code is freely available under a business-friendly license. NetBSD is developed and supported by a large and vibrant international community. Many applications are readily available through pkgsrc, the NetBSD Packages Collection."

An anonymous reader writes "Having entered my personal details (full real name, home address) to websites with an 'https://' prefix in order to purchase goods, I am still being sent emails from companies (or their agents) which include, in plain text, those same details I have entered over a secure connection. These are often companies which are very keen to tell you how much they value your privacy and how they will not pass your details on to third parties. What recourse does one have to tell them to desist from such behaviour whilst still doing business with them if their products are otherwise desirable? I email the relevant IT team as a matter of course to tell them it's not appropriate (mostly to no avail), but is there any legislation — in any territory — which addresses this?"