angry tapir writes "Symantec researchers have identified a new premium-rate SMS Android Trojan that modifies its code every time it gets downloaded in order to bypass antivirus detection. This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it."

Read more of this story at Slashdot.

itwbennett writes "Just a few hours after a fake CNN news report appeared on Facebook Friday, more than 60,000 users had gone to the spoofed, malware bearing page according to Sophos Senior Security Advisor Chester Wisniewski. Facebook didn't respond to IDG News Service's request for information on 'how widespread the problem was or whether its own security had been breached, but Wisniewski said that there are a number of ways that status updates could appear without users' knowledge.'"

Read more of this story at Slashdot.

wiredmikey writes "A hacker who tried to land an IT job at Marriott by hacking into the company's computer systems, and then unwisely extorting the company into hiring him, has been sentenced to 30 months in prison. The hacker started his malicious quest to land a job at Marriott by sending an email to Marriott containing documents taken after hacking into Marriott servers to prove his claim. He then threatened to reveal confidential information he obtained if Marriott did not give him a job in the company's IT department. He was granted a job interview, but little did he know, Marriott worked with the U.S. Secret Service to create a fictitious Marriott employee for use by the Secret Service in an undercover operation to communicate with the hacker. He then was flown in for a face-to-face 'interview' where he admitted more and shared details of how he hacked in. He was then arrested and he pleaded guilty back in November 2011. Marriott claims the incident cost the company between $400,000 and $1 million in salaries, consultant expenses and other costs."

Read more of this story at Slashdot.

tsu doh nimh writes "Two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies. Internet Identity, a Tacoma, Wash. company that sells security services, found evidence of at least one DNSChanger infection in computers at half of all Fortune 500 firms, and 27 out of 55 major government entities. Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan's DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web. The FBI is currently debating whether to extend the deadline or let it expire."

Read more of this story at Slashdot.

New submitter beta2 writes "Several articles are noting that the German IT security agency BSI is endorsing Google Chrome browser: 'BSI ticked off Chrome's anti-exploit sandbox technology, which isolates the browser from the operating system and the rest of the computer; its silent update mechanism and Chrome's habit of bundling Adobe Flash, as its reasons for the recommendation. ... BSI also recommended Adobe Reader X — the version of the popular PDF reader that, like Chrome, relies on a sandbox to protect users from exploits — and urged citizens to use Windows' Auto Update feature to keep their PCs abreast of all OS security fixes. To update applications, BSI gave a nod to Secunia's Personal Software Inspector, a free utility that scan a computer for outdated software and point users to appropriate downloads.'"

Read more of this story at Slashdot.

New submitter The Mister Purple writes "A team of German researchers appears to have cracked the GMR-1 and GMR-2 encryption algorithms used by many (though not all) satellite phones. Anyone fancy putting a cluster together for a listening party? 'Mr. Driessen told The Telegraph that the equipment and software needed to intercept and decrypt satellite phone calls from hundreds of thousands of users would cost as little as $2,000. His demonstration system takes up to half an hour to decipher a call, but a more powerful computer would allow eavesdropping in real time, he said.'"

Read more of this story at Slashdot.

DrDevil writes "A member of the computer hacking group Anonymous has hacked into a telephone conference between the FBI and Scotland Yard (London Police) and posted it on the internet. The Daily Telegraph has a comprehensive article on the hack. The audio of the call can be heard here." Reader eldavojohn snips as well from the AP's story as carried by Google: "Those on the call talk about what legal strategy to pursue in the cases of Ryan Cleary and Jake Davis — two British suspects linked to Anonymous — and discuss details of the evidence gathered against other suspects."

Read more of this story at Slashdot.

hypnosec writes "Several of Ubisoft's biggest titles won't be playable as of next week thanks to a server move by the publisher and the restrictive DRM that was used in their development. This isn't just multiplayer either. Because Ubisoft thought it would be a smart plan to use always on DRM for even the single player portion of games like Assassin's Creed, even the single player portion of that title won't be playable during the server move. Some of the other games affected by this move will be Tom Clancy's HAWX 2, Might & Magic: Heroes 6 and The Settlers 7. The Mac games that will be broken during this period are Assassin's Creed, Splinter Cell Conviction and The Settlers. This move was announced this week as part of a community letter, with Ubisoft describing how the data servers for many of the publisher's online services would be migrated from third party facilities to a new location starting on the 7th February. The publisher didn't reveal how long the transfer would take."

Read more of this story at Slashdot.

New submitter Qedward writes with a snippet from ComputerWorld UK: "Two traders at Credit Suisse have pleaded guilty to wire fraud and falsifying data after authorities said they had manipulated the bank's record systems, as the credit crunch approached, in order to help conceal over half a billion dollars' worth of losses. The traders admitted to circumventing a mandatory real time reporting system introduced by Credit Suisse, manually entering false profit and loss (P&L) figures as the products they handled collapsed in value. They did so, according to the accusations, under heavy pressure from their manager, who has also been charged."

Read more of this story at Slashdot.

eldavojohn writes "A recent blog post has Android developers talking about Google finally scanning third party applications for malware. Oddly enough, Google claims this service (codenamed 'Bouncer') has been active for some time: 'The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, we saw a 40% decrease in the number of potentially-malicious downloads from Android Market. This drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise.' So it appears that they allow the software to be sold even before it is scanned and it also appears that no one has been bitten by a false positive from this software. Apparently Bouncer is not as oppressive as Apple's solution although given recent news its effectiveness must be questioned. Have any readers had their apps flagged or pulled by Bouncer?"

Read more of this story at Slashdot.

snydeq writes "Overall employment in tech is improving, but the certs you could once count on for a job or extra pay are losing their value, InfoWorld reports. 'Businesses no longer value what are increasingly considered standard skills, and instead are putting their money both into a new set of emerging specialties and into hybrid technology/business roles.'"

Read more of this story at Slashdot.

First time accepted submitter Cara_Latham writes "Hoping to spur innovation and collaboration, Bloomberg LP is opening its market data interfaces to anyone, without cost or restriction. The market data provider's application programming interface (API), known as BLPAPI (Bloomberg LP API), is already used by Bloomberg, its clients and other technology providers to build connections between financial firms' applications and Bloomberg's market data and applications. Today any technology professional, or even students at a university, can access BLPAPI to quickly build connections to market data feeds. The BLPAPI interface works with a number of programming languages and operating systems, including Java, C, C++, .NET, COM and Perl."

Read more of this story at Slashdot.

angry tapir writes "A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it. The Kelihos botnet only infected 45,000 or so computers but managed to send out nearly 4 billion spam messages a day, promoting, among other things, pornography, illegal pharmaceuticals and stock scams. But it was temporarily corralled last September after researchers used various technical means to get the 45,000 or so infected computers to communicate with a "sinkhole," or a computer they controlled."

Read more of this story at Slashdot.

coondoggie writes "Speaking at a National Football League press conference ahead of this weekend's Super Bowl, the U.S. Immigration and Customs Enforcement agency said special agents this week seized a total of 307 websites and snatched up 42,692 items of phony Super Bowl-related memorabilia along with other counterfeit items for a total take of more than $4.8 million – up from $3.72 million last year."

Read more of this story at Slashdot.

itwbennett writes "The debate over enforcement of the GPL flared up again this week when Red Hat kernel developer Matthew Garrett wrote in a blog post that Sony is looking to rewrite BusyBox to sidestep the GPL. Which is a perfectly legal undertaking. But it raises the question: 'Is there social pressure within the Linux kernel community to not undertake GPL compliance action?' writes blogger Brian Proffitt. 'This may not be nefarious: maybe people just would rather not bother with enforcing compliance. Better, they may argue, to just let the violation go and get on with developing better code.'"

Read more of this story at Slashdot.

schwit1 passes on this snippet from Public Intelligence: "A flyer designed by the FBI and the Department of Justice to promote suspicious activity reporting in internet cafes lists basic tools used for online privacy as potential signs of terrorist activity. The document, part of a program called 'Communities Against Terrorism,' lists the use of 'anonymizers, portals, or other means to shield IP address' as a sign that a person could be engaged in or supporting terrorist activity. The use of encryption is also listed as a suspicious activity along with steganography, the practice of using 'software to hide encrypted data in digital photos' or other media. In fact, the flyer recommends that anyone 'overly concerned about privacy' or attempting to 'shield the screen from view of others' should be considered suspicious and potentially engaged in terrorist activities. ... The use of PGP, VPNs, Tor or any of the many other technologies for anonymity and privacy online are directly targeted by the flyer, which is distributed to businesses in an effort to promote the reporting of these activities."

Read more of this story at Slashdot.

mask.of.sanity writes "Verisign admitted it was hacked repeatedly last year and cannot pin down what data was stolen. It says it doesn't believe the Domain Name System servers were hacked but it cannot rule it out. Symantec, which bought its certificate business in 2010, says also that there was no evidence that system was affected. Verisign further admitted in an SEC filing that its security team failed to tell management about the attacks until 2011, despite moving to address the hacks."

Read more of this story at Slashdot.

tsu doh nimh writes "A Wikileaks-style war of attrition between two competing rogue Internet pharmacy gangs has exposed some of the biggest spammers on the planet. Brian Krebs uncovers fascinating information about a hacker named 'GeRa' who is supposedly behind the Grum botnet, which is currently sending about one out of every three spam emails worldwide. The story also points to several possible real-identities behind the Internet's largest spam machine."

Read more of this story at Slashdot.

Hugh Pickens writes "As millions of fans sit glued to their sets next Sunday, one part of the game they will not see is the massive deployment of federal and local law enforcement resources to achieve what is being called the most technologically secure Super Bowl in history, an event that has been officially designated as a National Security Special Event (PDF). At the top of the list are gamma-ray cargo and vehicles scanners that can reportedly see through six inches of steel to reveal the contents of large vehicles. 'We can detect people, handguns and rifles,' says Customs and Border Protection Officer Brian Bell. 'You'd be a fool to bring something into that stadium that you shouldn't. We're going to catch it. Our goal is to look at every vehicle that makes a delivery inside the stadium and inside the secure perimeter.' Next is the 51-foot Featherlite mobile command center for disaster response that will support the newly constructed $18 million Regional Operations Center (ROC) for the Marion County Department of Homeland Security that will serve as a fusion center for coordinating the various federal agencies involved in providing security for the Super Bowl. One interesting security measure are the 'Swiveloc' explosion-proof manhole covers (video) that Indianapolis has spent $150,000 installing that are locked down during the Super Bowl. In case of an underground explosion, the covers lift a couple of inches off the ground — enough to vent gas out without feeding in oxygen to make an explosion bigger — before falling back into place. Finally the Department of Homeland Security and the FBI has installed a network of cameras that will be just a click away for government officials. 'If you had the right (Internet) address, you could set up a laptop anywhere and you could watch the camera from there,' says Brigadier General Stewart Goodwin."

Read more of this story at Slashdot.

Taco Cowboy writes "It's time to upgrade again. Firefox 10 is out and here's a list of bugs fixed in the new version."

Read more of this story at Slashdot.