Slashdot Mirror

BobB-nw writes "Many have been worrying that the Conficker worm will somehow rise up and devastate the Internet on April 1. These fears are misplaced, security experts say. April 1 is what Conficker researchers are calling a trigger date, when the worm will switch the way it looks for software updates. A 60 Minutes episode about the worm on Sunday will stoke concerns. But the worm has already had several such trigger dates, including Jan. 1, none of which had any direct impact on IT operations, according to Phil Porras, a program director with SRI International who has studied the worm. 'Technically, we will see a new capability, but it complements a capability that already exists,' Porras said."

alphadogg writes "Google engineers say it was not expensive and required only a small team of developers to enable all of the company's applications to support IPv6, a long-anticipated upgrade to the Internet's main communications protocol. 'We can provide all Google services over IPv6,' said Google network engineer Lorenzo Colitti during a panel discussion held in San Francisco Tuesday at a meeting of the Internet Engineering Task Force (IETF). Colitti said a 'small, core team' spent 18 months enabling IPv6, from the initial network architecture and software engineering work, through a pilot phase, until Google over IPv6 was made publicly available. Google engineers worked on the IPv6 effort as a 20% project — meaning it was in addition to their regular work — from July 2007 until January 2009."

ruphus13 writes "Sun CEO Jonathan Schwartz continues to promote the use of Open Source, and says the downturn in the economy will only boost the momentum behind FOSS. From his post, 'Free and open source software is sweeping across the vast majority of the Fortune 500. When you see the world's most conservative companies starting to deploy open source, you know momentum is on your side. That's creating massive opportunity for those of us who have pioneered the market, to drive commercial opportunities... We announced just last week that we're building the Sun Cloud, atop open source platforms — from ZFS and Crossbow, to MySQL and Glassfish. By building on open source, we're able to avoid proprietary storage and networking products, alongside proprietary software.'" In related news, the Sun-IBM deal proposed last week has been called "anti-competitive" by a tech industry group, while others are speculating on how it could affect Linux and Java.

alphadogg writes "Business incentives are completely lacking today for upgrading to IPv6, the next generation Internet protocol, according to a survey of network operators conducted by the Internet Society (ISOC). In a new report, ISOC says that ISPs, enterprises and network equipment vendors report that there are 'no concrete business drivers for IPv6.' However, survey respondents said customer demand for IPv6 is on the rise and that they are planning or deploying IPv6 because they feel it is the next major development in the evolution of the Internet."

Eukariote writes "A paper and exploit code detailing a privilege escalation attack on Intel CPUs has just been published. The vulnerability, uncovered by security researchers Joanna Rutkowska (of Blue Pill fame), Rafal Wojtczuk, and, independently, Loic Duflot, makes use of Intel's System Management Mode (SMM). Quote: "The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs. Rafal implemented a working exploit with code execution in SMM." The implications of this exploit are severe."

netbuzz sends along a piece from Network World reporting that the number of computer science majors enrolled at US universities increased for the first time in six years, according to new survey data out this morning. The Taulbee Study found that the number of undergraduates signed up as computer science majors rose 8% last year. The survey was conducted last fall, just as the economic downturn started to bite. The article notes the daunting competition for positions at top universities: Carnegie Mellon University received 2,600 applications for 130 undergrad spots, and 1,400 for 26 PhD slots. "...the popularity of computer science majors among college freshmen and sophomores is because IT has better job prospects than other specialties, especially in light of the global economic downturn. ... The latest unemployment numbers for 2008 for computer software engineers is 1.6%... That's beyond full employment. ... The demand for tech jobs may rise further thanks to the Obama Administration's stimulus package, which could create nearly 1 million new tech jobs."

netbuzz sends along a piece from Network World reporting that the number of computer science majors enrolled at US universities increased for the first time in six years, according to new survey data out this morning. The Taulbee Study found that the number of undergraduates signed up as computer science majors rose 8% last year. The survey was conducted last fall, just as the economic downturn started to bite. The article notes the daunting competition for positions at top universities: Carnegie Mellon University received 2,600 applications for 130 undergrad spots, and 1,400 for 26 PhD slots. "...the popularity of computer science majors among college freshmen and sophomores is because IT has better job prospects than other specialties, especially in light of the global economic downturn. ... The latest unemployment numbers for 2008 for computer software engineers is 1.6%... That's beyond full employment. ... The demand for tech jobs may rise further thanks to the Obama Administration's stimulus package, which could create nearly 1 million new tech jobs."

coondoggie writes "The US Department of Homeland Security's Science & Technology Directorate recently awarded almost $420,000 to a Kentucky company to further develop a contactless finger print/biometric system. The goal is a machine that can snap 10 fingerprints in high resolution in less than 10 seconds, without human intervention. This goal is beginning to look feasible. FlashScan3D is working with the University of Kentucky's Center for Visualization and Virtual Environments, and has developed a technique called 'structured light illumination' (WIPO patent description), where a pattern of dots or stripes is projected onto a curved or irregular surface."

Julie188 writes "When the Android Market began offering paid apps last month, developers with the unlocked version of Google's Android phone quickly learned that they couldn't access them. The policy, which threatened to alienate the small developer base that Google needs to nurture at all costs, didn't make much sense. And now, with the release of Version 1.1 of Android for the developer phone, developers can access paid apps — as long as they aren't copy-protected. But in a weird way, that's good news. Very few developers currently copy-protect their Android apps simply because Android's copy-protection scheme is notoriously weak."

carusoj writes "Researchers at Princeton University and University College London say they can identify unique information, essentially like a fingerprint, from any blank sheet of paper using any reasonably good scanner. The technique could be used to crack down on counterfeiting or even keep track of confidential documents. The researchers' paper on the finding is set to be presented at an IEEE security conference in Oakland, Calif., in May." Update: 03/10 22:43 GMT by T : J. Alex Halderman, Associate Professor of Electrical Engineering and Computer Science at the University of Michigan and one of the authors of the study, writes with more: "My group has just put up a site about the work and a copy of the full paper, and we will probably add a video later tonight."

carusoj writes "Researchers at Princeton University and University College London say they can identify unique information, essentially like a fingerprint, from any blank sheet of paper using any reasonably good scanner. The technique could be used to crack down on counterfeiting or even keep track of confidential documents. The researchers' paper on the finding is set to be presented at an IEEE security conference in Oakland, Calif., in May." Update: 03/10 22:43 GMT by T : J. Alex Halderman, Associate Professor of Electrical Engineering and Computer Science at the University of Michigan and one of the authors of the study, writes with more: "My group has just put up a site about the work and a copy of the full paper, and we will probably add a video later tonight."

coondoggie writes with an excerpt from Network World: "Software that for the first time lets users run native copies of the Windows operating systems on a mainframe will be introduced Friday by data center automation vendor Mantissa. The company's z/VOS software is a CMS application that runs on IBM's z/VM and creates a foundation for Intel-based operating systems. Users only need a desktop appliance running Microsoft's Remote Desktop Connection (RDC) client, which is the same technology used to attach to Windows running on Terminal Server or Citrix-based servers. Users will be able to connect to their virtual and fully functional Windows environments without any knowledge that the operating system and the applications are executing on the mainframe and not the desktop."

coondoggie writes with an excerpt from Network World: "Software that for the first time lets users run native copies of the Windows operating systems on a mainframe will be introduced Friday by data center automation vendor Mantissa. The company's z/VOS software is a CMS application that runs on IBM's z/VM and creates a foundation for Intel-based operating systems. Users only need a desktop appliance running Microsoft's Remote Desktop Connection (RDC) client, which is the same technology used to attach to Windows running on Terminal Server or Citrix-based servers. Users will be able to connect to their virtual and fully functional Windows environments without any knowledge that the operating system and the applications are executing on the mainframe and not the desktop."

carusoj writes "The folks at iRobot apparently have plenty of time on their hands. They created a prototype wireless, robotic vacuum cleaner... powered by a hamster running inside a spinning ball. The rodent's movements with the ball are fed to and analyzed by a complex set of sensors, which then guide the actual vacuum device to mimic the animal's speed and direction. You can see where this is going: it's a clever ploy to then get you to buy a second robot that would automatically feed, water, and clean up after the hamster in the first robot."

carusoj writes "The folks at iRobot apparently have plenty of time on their hands. They created a prototype wireless, robotic vacuum cleaner... powered by a hamster running inside a spinning ball. The rodent's movements with the ball are fed to and analyzed by a complex set of sensors, which then guide the actual vacuum device to mimic the animal's speed and direction. You can see where this is going: it's a clever ploy to then get you to buy a second robot that would automatically feed, water, and clean up after the hamster in the first robot."

darthcamaro and several other readers have noted that the Linux Foundation has bought Linux.com from SourceForge Inc. (Slashdot's corporate parent). The Linux Foundation (employer of Linus Torvalds) will take over the editorial and community stewardship for the site; SourceForge will continue to supply advertising on it. "[Linux Foundation Executive Director Jim] Zemlin says the Linux Foundation wants to build a collaborative forum where Linux users can share ideas and get information on the Linux operating system. A beta of the site will be released in the next few months. ... Linux.com is being redesigned as a central source for Linux software, documentation and answers regardless of platforms, including server, desktop/netbook, mobile and embedded areas." What do you think should be on Linux.com?

alphadogg writes "VeriSign has promised to deploy DNS Security Extensions, known as DNSSEC, across all of its top-level domains within two years. DNSSEC is viewed as the best way to bolster the DNS against vulnerabilities such as the Kaminsky bug discovered last year. (Yesterday we discussed the workarounds coming into place until the US government signs the Internet's root zone.) DNSSEC has been deployed on top-level domains operated by Sweden, Puerto Rico, Bulgaria, Brazil, and the Czech Republic. Two larger domains — .org operated by the Public Interest Registry and .gov operated by the US government — are deploying DNSSEC this year."

alphadogg writes "Last fall, the US government sought comments from industry about how better to secure the Internet by deploying DNSSEC on the root zone. But it hasn't taken action since then. Internet policy experts anticipate further delays because the Obama Administration hasn't appointed a Secretary of Commerce yet, the position that oversees Internet addressing issues. Meanwhile, the Internet engineering community is forging ahead with a stopgap to allow DNSSEC deployment without the DNS root zone being signed. Known as a Trust Anchor Repository, the alternative was announced by ICANN last week and has been in testing since October."

Iddo Genuth writes "Pratt & Whitney Rocketdyne of West Palm Beach, Florida has successfully completed the third round of its Common Extensible Cryogenic Engine (CECE) testing for the National Aeronautics and Space Administration (NASA). CECE is a new deep throttling engine designed to reduce thrust and allow a spacecraft to land gently on the moon, Mars, or some other non-terrestrial surface." NASA is also set to launch a new satellite on Tuesday — the Orbital Carbon Observatory — that will monitor the level of carbon dioxide in the atmosphere. On the research front, NASA has announced this year's Centennial Challenges. $2 million in prizes are available for a major breakthrough in tether strength (one of the major obstacles for developing a space elevator), and another $2 million is being offered to competitors who are able to beam power to a device climbing a cable at a height of up to one kilometer.

BobB-nw writes "Dan Kaminsky, who for years was ambivalent about securing DNS, has become an ardent supporter of DNS Security Extensions. Speaking at the Black Hat DC 2009 conference Thursday, the prominent security researcher told the audience that the lack of DNS security not only makes the Internet vulnerable, but is also crippling the scalability of important security technologies. 'DNS is pretty much our only way to scale systems across organizational boundaries, and because it is insecure it's infecting everything else that uses' DNS, the fundamental Internet protocol that provides an IP address for a given domain name, said Kaminsky, director of penetration testing at IOActive. 'The only group that has actually avoided DNS because it's insecure are security technologies, and therefore those technologies aren't scaling.'"

alphadogg writes "UC Berkeley researchers have outlined their view of cloud computing, which they say has great opportunity to exploit unprecedented IT resources if vendors can overcome a litany of obstacles. 'We argue that the construction and operation of extremely large-scale, commodity-computer data centers at low-cost locations was the key necessary enabler of Cloud Computing,' The paper outlines 10 obstacles to cloud computing [PDF]."

alphadogg writes "The spreading Conficker/Downadup worm is now viewed as such a significant threat that it's inspired the formation of a posse to stop it, with Microsoft leading the charge by offering a $250,000 reward to bring the Conficker malware bad guys to justice. The money will be paid for 'information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet,' Microsoft said today in a statement, adding it is fostering a partnership with Internet registries and DNA providers such as ICANN, ORG, and NeuStar as well as security vendors Symantec and Arbor Networks, among others, to stop the Conficker worm once and for all. Conficker, also called Downadup, is estimated to have infected at least 10 million PCs. It has been slowly but surely spreading since November. Its main trick is to disable anti-malware protection and block access to anti-malware vendors' Web sites."

BobB-nw writes to tell us that Palm has decided to kill their PalmOS operating system and is instead betting their future on a still mostly unknown Palm webOS. Very little is known about the new Palm webOS, but it will supposedly support HTML5 and enable a local data store so that applications can be used both online and off. All of this is rolled into a Linux framework with a message bus based on JSON. Will be interesting to see where they take it.

coondoggie writes "The Federal Aviation Administration has joined the growing list of government agencies that have had their supposedly safe systems hacked. The agency this week notified about 45,000 employees that one of its servers was hacked into and employee personal identity information was stolen. The FAA was quick to say the server that was accessed was not connected to the operation of the air traffic control system or any other FAA operational system. It did say two of the 48 files on the breached computer server contained personal information about more than 45,000 FAA employees and retirees who were on the FAA's rolls as of the first week of February 2006."

Julie188 writes "Even as Microsoft celebrates its 10,000th patent, angry shareholders are starting to speak out against what they say is the squandering of billions of dollars on pointless R&D projects. The 10,000th patent covers a technology that allows a device to associate data with objects placed on its surface, and is likely eventually to become part of the Surface table PC. But shareholders are fed up with the $8 billion annually spent. Said one, 'I believe Bill Gates is a charlatan because what he has said, implied, promised to shareholders and stakeholders and all of these visionary things that he mumbles and jumbles about and doesn't make reality of. MS is spending billions of dollars on R&D. Where is the return on investment?' In contrast, Apple had almost the same revenue gains as Microsoft while spending one-tenth as much."

Julie188 writes "Even as Microsoft celebrates its 10,000th patent, angry shareholders are starting to speak out against what they say is the squandering of billions of dollars on pointless R&D projects. The 10,000th patent covers a technology that allows a device to associate data with objects placed on its surface, and is likely eventually to become part of the Surface table PC. But shareholders are fed up with the $8 billion annually spent. Said one, 'I believe Bill Gates is a charlatan because what he has said, implied, promised to shareholders and stakeholders and all of these visionary things that he mumbles and jumbles about and doesn't make reality of. MS is spending billions of dollars on R&D. Where is the return on investment?' In contrast, Apple had almost the same revenue gains as Microsoft while spending one-tenth as much."

coondoggie writes "The Federal Trade Commission today got a US District Court to stop permanently what it called the illegal operations of an Internet-based check creation and delivery service, and to require the group to give up over half a million dollars in ill-gotten gains. According to the FTC, Qchex.com created and sent checks drawn on any bank account that a Qchex user identified, but did not verify whether the user had authority to draw checks on that account. As a result, fraudsters worldwide used the Qchex service to draw thousands of checks on bank accounts that belonged to unwitting third parties. 'The evidence shows that the launch of Qchex.com was a "dinner bell" for fraudsters and resulted in a high number of accounts frozen for fraud...' said District Court Judge Janis Sammartino."

coondoggie writes "The Federal Trade Commission today got a US District Court to stop permanently what it called the illegal operations of an Internet-based check creation and delivery service, and to require the group to give up over half a million dollars in ill-gotten gains. According to the FTC, Qchex.com created and sent checks drawn on any bank account that a Qchex user identified, but did not verify whether the user had authority to draw checks on that account. As a result, fraudsters worldwide used the Qchex service to draw thousands of checks on bank accounts that belonged to unwitting third parties. 'The evidence shows that the launch of Qchex.com was a "dinner bell" for fraudsters and resulted in a high number of accounts frozen for fraud...' said District Court Judge Janis Sammartino."

BobB-nw writes "Michael 'Monty' Widenius, the original developer of the open-source MySQL database, has left Sun Microsystems and is starting his own company, Monty Program Ab, he said in a blog post Thursday. Widenius and Sun had a slightly rocky relationship since the vendor bought MySQL last year for $1 billion. In a much-discussed November blog post, he trashed Sun's decision to give MySQL 5.1 a 'generally available' designation, saying it was riddled with serious bugs. Meanwhile, Monty Program Ab will be 'a true open-source company,' with only a small number of employees who 'strive to have fun together and share the profit we create.' The company will work on the Maria project, a storage engine Widenius and others developed, he wrote.'"

coondoggie writes "NASA researchers today said they had built and tested a robot that can rappel off cliffs, travel over steep and rocky terrain, and explore deep craters. The prototype rover, called Axel, might help future robotic spacecraft better explore and investigate foreign worlds such as Mars. On Earth, Axel might assist in search-and-rescue operations in locations where people might not be able to reach. Axel can operate upside down and right side up and uses only three motors: one to control each of its two wheels and a third to control a lever. The lever contains a scoop to gather lunar or planetary material for scientists to study, and it also adjusts the robot's two stereo cameras, which can tilt 360 degrees, NASA said."

coondoggie writes "NASA researchers today said they had built and tested a robot that can rappel off cliffs, travel over steep and rocky terrain, and explore deep craters. The prototype rover, called Axel, might help future robotic spacecraft better explore and investigate foreign worlds such as Mars. On Earth, Axel might assist in search-and-rescue operations in locations where people might not be able to reach. Axel can operate upside down and right side up and uses only three motors: one to control each of its two wheels and a third to control a lever. The lever contains a scoop to gather lunar or planetary material for scientists to study, and it also adjusts the robot's two stereo cameras, which can tilt 360 degrees, NASA said."

eldavojohn writes "The Linux Defenders Network is a new organization sponsored by the Open Invention Network, the Software Freedom Law Center, and The Linux Foundation to help the community defend itself against patent trolls. Three models, or 'IP rights management tools,' are offered: Peer to Patent, Post-Issue Peer to Patent, and Defensive Publications. Mich Kabay's article in NetworkWorld cites an all-too-familiar incident from December, when General Patent Corp. announced it was working on behalf of Worlds.com to sue everyone — this probably could have been avoided with a little prior art help from the community. From the organization's about page: 'We encourage contributions from anyone that is interested in ensuring that innovation is not stifled by poor quality patents and is interested in assisting the patent office in its goal of improving the overall quality of patents.' Are these guys saviors arriving in the nick of time, or just another hopeless community effort to rein in the failing patent system?"

BobB-nw writes to tell us that a recent study of 43 companies that suffered from data breaches last year showed the total cost of dealing with the breach to have risen to $6.6 million per incident. The cost is about $202 per record compromised for first timers, while the repeat offenders seem to have their mojo down and only suffer about $192 per record. With 88% of all data loss cases for 2008 being traced back to insider negligence it's a wonder that a little upfront money isn't being directed at prevention; guess as soon as they idiot-proof it someone will build a better idiot.

coondoggie writes to tell us about the latest technique researchers are investigating as a possible means to store data, magnetic tornadoes. "Conventional computer memories store data in "bits" that consist of two magnetic elements that record data in binary form. When these elements are magnetized in the same direction, the computer reads the bit as a '0'; when magnetized in opposite directions, the bit represents a '1,' researchers stated. According to scientists, a vortex forms spontaneously — one vortex per disk — in a small magnetic disk when the disk's diameter falls below a certain limit. Although the vortex does not whirl about like a meteorological tornado, the atoms in the material do orient themselves so that their magnetic states, or 'moments,' point either clockwise or counterclockwise around the disk's surface. At the center of the disk, the density of this rotation causes the polarity of the vortex core to point either up out of the disk or down like a tornado's funnel, researchers stated. Because the vortices that form on the disks contain two independently controllable and accessible magnetic parameters, they could form the basis for quaternary bits that would contain data written as a 0, 1, 2, or 3."

coondoggie writes to tell us about the latest technique researchers are investigating as a possible means to store data, magnetic tornadoes. "Conventional computer memories store data in "bits" that consist of two magnetic elements that record data in binary form. When these elements are magnetized in the same direction, the computer reads the bit as a '0'; when magnetized in opposite directions, the bit represents a '1,' researchers stated. According to scientists, a vortex forms spontaneously — one vortex per disk — in a small magnetic disk when the disk's diameter falls below a certain limit. Although the vortex does not whirl about like a meteorological tornado, the atoms in the material do orient themselves so that their magnetic states, or 'moments,' point either clockwise or counterclockwise around the disk's surface. At the center of the disk, the density of this rotation causes the polarity of the vortex core to point either up out of the disk or down like a tornado's funnel, researchers stated. Because the vortices that form on the disks contain two independently controllable and accessible magnetic parameters, they could form the basis for quaternary bits that would contain data written as a 0, 1, 2, or 3."

BobB-nw writes with this excerpt from NetworkWorld: "NFL IT guru David Port claims he doesn't have a favorite football team, but on Sunday he'll be working his 25th Super Bowl. As the league's vice president of information technology, Port and his IT staff are responsible for building a temporary network to support NFL staff and thousands of journalists during Super Bowl week. Port starts preparing for each Super Bowl two years in advance, working with the city and venues where IT operations and media professionals will be based. More intensive planning starts about 11 months before the big game. Port explained that the NFL essentially built a small data center with IBM blade servers at the temporary headquarters in a local Marriott near the Super Bowl site. 'We built out an infrastructure with approximately 300 computers, PCs and laptops, and wired and wireless networks that are used for NFL core operations, for game production and business operations. Much of it is also for media,' Port said." CNet is running a related story about the technology behind the Super Bowl, focusing on some of the visual effects viewers will see, as well as the hardware that makes everything happen.

Julie188 writes "Microsoft blogger Mitchell Ashley, who has been using Windows 7 full-time, predicts that Windows 7 will fail to lure XP users away from their beloved, aging operating system — after all, Windows 7 is little more than what Vista should have been, when it shipped two years ago. But eventually old PCs must be replaced and then we'll see corporations, desperate to get out of the expense of managing Windows machines, get wise. Instead of buying new Windows 7 PCs, they could deliver virtualized XP desktops to a worker's own PC and/or mobile device. Ashley believes that Citrix's Project Independence has the right idea."

coondoggie writes "Ok, maybe this is getting a little too close to bringing Terminator-like robots to life. For starters, eco-friendly engine builder Cyclone Power this week inked a contract from Robotic Technologies, Inc. (RTI) to develop what it calls a beta biomass engine system that will be the heart of RTI's Energetically Autonomous Tactical Robot (EATR). The purpose of EATR is to develop and demonstrate an autonomous robotic platform able to perform long-range, long-endurance missions without the need for manual or conventional re-fueling — in other words it needs to 'eat.' According to researchers, the EATR system gets its energy by foraging, or what the firms describe as 'engaging in biologically-inspired, organism-like, energy-harvesting behavior which is the equivalent of eating. It can find, ingest, and extract energy from biomass in the environment as well as use conventional and alternative fuels (such as gasoline, heavy fuel, kerosene, diesel, propane, coal, cooking oil, and solar) when suitable.'" We can only hope they don't team up with the Multi-Robot Pursuit System project to "search for and detect a non-cooperative human."

coondoggie writes "A federal court today spanked two telemarketers with some $1.2 million in civil penalties for violating the Federal Trade Commission's Do Not Call Rule. According to the FTC, the companies called consumers whose phone numbers were on the Do Not Call Registry without having obtained their express written agreement or having an 'established business relationship' with them. One group's telemarketers also allegedly abandoned many calls, by failing to connect the calls to a sales representative within two seconds after consumers answered, as required by law, the FTC stated. The cases were filed by the Department of Justice on behalf of the FTC."

coondoggie writes "A federal court today spanked two telemarketers with some $1.2 million in civil penalties for violating the Federal Trade Commission's Do Not Call Rule. According to the FTC, the companies called consumers whose phone numbers were on the Do Not Call Registry without having obtained their express written agreement or having an 'established business relationship' with them. One group's telemarketers also allegedly abandoned many calls, by failing to connect the calls to a sales representative within two seconds after consumers answered, as required by law, the FTC stated. The cases were filed by the Department of Justice on behalf of the FTC."

coondoggie writes with a NetworkWorld piece that begins, "Researchers at Purdue will soon experiment with an unmanned aircraft that pretty much flies itself with little human intervention. The aircraft will use a combination of global-positioning system technology and a guidance system called AttoPilot ... to guide the aerial vehicle to predetermined points. Researchers can be stationed off-site to monitor the aircraft and control its movements remotely. AttoPilot was installed in the aircraft early this year, and testing will begin in the spring, researchers said."

alphadogg writes "The Downadup worm — also called Conflicker — has now infected an estimated 10 million PCs worldwide, and security experts say they expect to see a dangerous second-stage payload dropped soon. 'It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs,' says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes."

coondoggie writes "Researchers say technology they have developed would let boats or small aquatic robots glide through the water without the need for an engine, sails or paddles. A University of Pittsburgh research team has designed a propulsion system that uses the natural surface tension that is present on the water's surface and an electric pulse to move the boat or robot, researchers said. The Pitt system has no moving parts and the low-energy electrode that emits the pulse could be powered by batteries, radio waves, or solar power, researchers said in a statement."

CurtMonash writes "The New York Times reports on President-Elect Obama's continued commitment to electronic health records (EHRs), which on the whole are a great idea. The article cites a number of legislative initiatives to deal with the privacy risks of EHRs. That's where things start to go astray. The proposals seem to focus on simply controlling the flow of information, but from a defense-in-depth standpoint, that's not enough. Medical care is full of information waivers, much like EULAs, only with your health at stake. What's more, any information control regime has to have exceptions for medical emergencies — but where legitimate emergencies are routine, socially-engineered fake emergencies can blast security to smithereens. So medical information privacy will never be adequate unless there are strong usage-control rules as well, in areas such as discrimination, marketing, or tabloid-press publication. I've provided some ideas as to how and why that could work well."

CurtMonash writes "The New York Times reports on President-Elect Obama's continued commitment to electronic health records (EHRs), which on the whole are a great idea. The article cites a number of legislative initiatives to deal with the privacy risks of EHRs. That's where things start to go astray. The proposals seem to focus on simply controlling the flow of information, but from a defense-in-depth standpoint, that's not enough. Medical care is full of information waivers, much like EULAs, only with your health at stake. What's more, any information control regime has to have exceptions for medical emergencies — but where legitimate emergencies are routine, socially-engineered fake emergencies can blast security to smithereens. So medical information privacy will never be adequate unless there are strong usage-control rules as well, in areas such as discrimination, marketing, or tabloid-press publication. I've provided some ideas as to how and why that could work well."

coondoggie sends along a NetworkWorld piece that begins, "The government... wants to motivate you to get rid of your clunker of a car for the good of the country (and the moribund car industry). A 'Cash for Clunkers' measure introduced this week by three US Senators, two Democrats and a Republican, would set up a national voucher program to encourage drivers to voluntarily trade in their older, less fuel-efficient car, truck, or SUV for a car that gets better gas mileage. Should the bill pass, the program would pay out a credit of $2,500 to $4,500 for drivers who turn in fuel-inefficient vehicles to be scrapped and purchase a more fuel-efficient vehicle."

Julie188 writes "Opera Software's year-old antitrust complaint against Microsoft took another step toward being vindicated, and the Oslo-based browser maker can't help crowing over the European Commission's decision. Opera had filed a complaint with the EC in December, 2007, contending that Microsoft's bundling of Internet Explorer with Windows violated antitrust rules. Yesterday, the EC sent a 'Statement of Objections (SO)' to Microsoft with a preliminary finding that bundling IE with Windows does indeed constitute an antitrust abuse. Microsoft has eight weeks to plead its case and change the EC's mind, an unlikely outcome if ever there was one. Opera's CEO said, 'On behalf of all Internet users, we commend the Commission for taking the next step towards restoring competition in a market that Microsoft has strangled for more than a decade.'"

BobB-nw writes "The U.S. federal government is accelerating its efforts to secure the Internet's routing system, with plans this year for the Department of Homeland Security to quadruple its investment in research aimed at adding digital signatures to router communications. DHS says its routing security effort will prevent routing hijack attacks as well as accidental misconfigurations of routing data. The effort is nicknamed BGPSEC because it will secure the Internet's core routing protocol known as the Border Gateway Protocol (BGP). (A separate federal effort is under way to bolster another Internet protocol, DNS, and it is called DNSSEC.) Douglas Maughan, program manager for cybersecurity R&D in the DHS Science and Technology Directorate, says his department's spending on router security will rise from around $600,000 per year during the last three years to approximately $2.5 million per year starting in 2009."

BobB-nw writes "The U.S. federal government is accelerating its efforts to secure the Internet's routing system, with plans this year for the Department of Homeland Security to quadruple its investment in research aimed at adding digital signatures to router communications. DHS says its routing security effort will prevent routing hijack attacks as well as accidental misconfigurations of routing data. The effort is nicknamed BGPSEC because it will secure the Internet's core routing protocol known as the Border Gateway Protocol (BGP). (A separate federal effort is under way to bolster another Internet protocol, DNS, and it is called DNSSEC.) Douglas Maughan, program manager for cybersecurity R&D in the DHS Science and Technology Directorate, says his department's spending on router security will rise from around $600,000 per year during the last three years to approximately $2.5 million per year starting in 2009."

alphadogg writes "Barack Obama's election to US president has already brought a string of firsts, and on Wednesday there came another. The official presidential portrait was shot on a digital camera for the first time. The picture was taken by the White House's new official photographer, Pete Souza, and issued by The Office of the President Elect through its Web site. It was taken on Tuesday evening at 5:38 p.m. using a Canon EOS 5D Mark II, according to the metadata embedded in the image file."