An anonymous reader writes "It is no secret that SSH binaries can be backdoored. It is nonetheless interesting to see analysis of real cases where a trojanized version of the daemon are found in the wild. In this case, the binary not only lets the attacker log onto the server if he has a hardcoded password, the attacker is also granted access if he/she has the right SSH key. The backdoor also logs all username and passwords to exfiltrate them to a server hosted in Iceland."
chicksdaddy writes "The U.S. Department of Defense has stopped updating its main reference list of vital defense technologies that are banned from export, according to a new report from the Government Accountability Office (GAO), The Security Ledger reports. The Militarily Critical Technologies List (MCTL) is used to identify technologies that are critical to national defense and that require extra protection — including bans on exports and the application of anti-tamper technology. GAO warned six years ago that the Departments of State and Commerce, which are supposed to use the list, found it too broad and outdated to be of much use. The latest report (GAO 13-157) finds that the situation has worsened: budget cuts forced the DOD to largely stop updating and grooming the list in 2011. Sections on emerging technologies are outdated, while other sections haven't been updated since 1999. Without the list to rely on, the DOD has turned to a hodgepodge of other lists, while officials in the Departments of State and Commerce who are responsible for making decisions about whether to allow a particular technology to be exported have turned to ad-hoc networks of subject experts. Other agencies are looking into developing their own MCTL equivalents, potentially wasting government resources duplicating work that has already been done, GAO found."
FunPika writes "Jonathan Coulton, who is known for songs such as "Code Monkey", is claiming that his cover of "Baby Got Back" was used without permission on Glee, a television show aired by Fox Broadcasting Company. When the Glee version appeared on YouTube last week, Coulton suspected that it sounded similar to his cover, and several of his fans confirmed this by analyzing the two tracks. Despite Coulton contacting Fox, they continued with airing the episode and have placed the song on sale in iTunes."
MikeChino writes "Instructables member Patrik has successfully transformed an old HP5150 inkjet printer into a DIY bioprinter. To do this he removed the plastic covers and panels and rewired the paper handling mechanism. Then he prepped ink cartridges to be able to handle biological materials by opening the lid, removing the ink, and washing it out with deionized water. For his first experiment, he printed a simple solution of arabinose onto filter paper."
Yesterday saw the release of a clip from the upcoming movie jOBS, a biopic about the life of Apple co-founder Steve Jobs. The clip shows Jobs, played by Ashton Kutcher, having a conversation with Steve Wozniak, played by Josh Gad, about how influential an operating system for a personal computer would be. The real Steve Wozniak commented on the clip, saying the situation it portrayed was "totally wrong." He said, "Personalities and where the ideas of computers affecting society did not come from Jobs. They inspired me and were widely spoken at the Homebrew Computer Club. Steve came back from Oregon and came to a club meeting and didn't start talking about this great social impact. His idea was to make a $20 PC board and sell it for $40 to help people at the club build the computer I'd given away. Steve came from selling surplus parts at HalTed he always saw a way to make a quick buck off my designs (this was the 5th time). The lofty talk came much further down the line." Wozniak was quick to add that he isn't making any judgment on the quality of the movie based on a single, 1-minute clip, and that the rest of the movie may or may not be more accurate. He also says he hopes it's entertaining.
Matt Steelblade writes "I've been in love with computers since my early teens. I took out books from the library and just started messing around until I had learned QBasic, then Visual Basic 5, and how to take apart a computer. Fast forward 10 years. I'm a very recent college graduate with a BA in philosophy (because of seminary, which I recently left). I want to get into IT work, but am not sure where to start. I have about four years experience working at a grade/high school (about 350 computers) in which I did a lot of desktop maintenance and some work on their AD and website. At college (Loyola University Chicago) I tried to get my hands on whatever computer courses I could. I ended up taking a python course, a C# course, and data structures (with python). I received either perfect scores or higher in these courses. I feel comfortable in what I know about computers, and know all too well what I don't. I think my greatest strength is in troubleshooting. With that being said, do I need more schooling? If so, should I try for an associate degree (I have easy access to a Gateway technical college) or should I go for an undergraduate degree (I think my best bet there would be UW-Madison)? If not, should I try to get certified with CompTIA, or someone else? Or, would the best bet be to try to find a job or an internship?"
hypnosec writes "Microsoft upped its security ante with Address Space Layout Randomization (ASLR) in Windows 7 and Windows 8, but it seems this mechanism to prevent hackers from jumping to a known memory location can be bypassed. A hacker has released a brilliant, yet simple trick to circumvent this protection. KingCope, a hacker who released several exploits targeting MySQL in December, has detailed a mechanism through which the ASLR of Windows 7, Windows 8 and probably other operating systems can be bypassed to load a DLL file with malicious instructions to a known address space."
Jeremiah Cornelius writes "Blogger Adam Howard at Port3000 has a post about Google's exposure of thousands of publicly accessible printers. 'A quick, well crafted Google search returns "About 86,800 results" for publicly accessible HP printers.' He continues, 'There's something interesting about being able to print to a random location around the world, with no idea of the consequence.' He also warns about these printers as a possible beachhead for deeper network intrusion and exploitation. With many of the HP printers in question containing a web listener and a highly vulnerable and unpatched JVM, I agree that this is not an exotic idea. In the meanwhile? I have an important memo for all Starbucks employees."
Trailrunner7 writes "Ten years ago today, on Jan. 25, 2003, a new worm took the Internet by storm, infecting thousands of servers running Microsoft's SQL Server software every minute. The worm, which became known as SQL Slammer, eventually became the fastest-spreading worm ever and helped change the way Microsoft approached security and reshaped the way many researchers handled advisories and exploit code. This is the inside story of SQL Slammer, told by David Litchfield, the researcher who found the bug and wrote the exploit code that was later taken by Slammer's authors and used as part of the worm."
redletterdave writes "On Friday morning, BitTorrent launched the alpha test of a new, free public service called BitTorrent Sync, which allows users to securely back up and sync files over the Web using BitTorrent's platform. Unlike competing services such as Box or Dropbox, BitTorrent Sync doesn't store files on remote servers (which means that no third party has access to one's files), and also has no storage limits other than what your devices can hold."
An anonymous reader writes "WindowsAndroid is a very cool tool from the Beijing-based startup SocketeQ that lets you run Android 4.0 (Ice Cream Sandwich) as a native application on Windows Vista, Windows 7, or Windows 8 machines. The creators tell us they have a deep background in virtualization, operating system, and graphics technologies, and have been working on the project for years. Essentially, WindowsAndroid allows you not only to execute Android apps on your Windows computer, but also use the browser, not to mention every other component of the operating system."
dcblogs writes "A bipartisan group of Senators is planning to introduce a bill that allows the H-1B visa cap to rise automatically with demand to a maximum of 300,000 visas annually. This 20-page bill, called the Immigration Innovation Act of 2013 or the 'I-Squared Act of 2013,' is being developed by Sens. Orrin Hatch (R-Utah), Amy Klobuchar (D-Minn.), Marco Rubio (R-Fla.), and Chris Coons (D-Del.). It may be introduced next week. Presently, the U.S. has an H-1B visa cap of 65,000. There are another 20,000 H-1B visas set aside for advanced degree gradates of U.S. universities, for 85,000 in total. Under the new bill, the base H-1B cap would increase from 65,000 to 115,000. But the cap would be allowed to rise automatically with demand, according to a draft of the legislation."
cylonlover writes "With a few exceptions, such as Volvo's Air Motion Concept, major automotive manufacturers have generally shied away from compressed air technology. PSA Peugeot Citroen is bucking this trend with its 'Hybrid Air' powertrain that addresses the limited range of compressed air energy storage technology by combining it with a gasoline powered internal combustion engine. The company plans to have Hybrid Air powered vehicles on the road by 2016."
theodp writes "Explaining that it believes 'the most important questions are the ones that will come from the MIT community,' MIT announced that it won't be accepting questions from outsiders for its President-ordered 'review' of the events that preceded the suicide of Aaron Swartz. But if you feel the 25 questions asked thus far don't cover all the bases, how about posting additional ones in the comments where MIT'ers can see them and perhaps repost to the MIT site some that they feel deserve answers? Do it soon — MIT President Rafael Reif will be returning any day now from Davos, where he sat on a panel with Bill Gates, who coincidentally once found himself in hot water over unauthorized computer access. 'They weren't sure how mad they should be about it,' Gates explained in a 2010 interview, 'because we hadn't really caused any damage, but it wasn't a good thing. Computer hacking was literally just being invented at the time, and so fortunately we got off with a bit of a warning.'" Related: text has been published of public domain advocate Carl Malamud's remarks at Swartz's memorial. Quoting: "Aaron wasn't a lone wolf, he was part of an army, and I had the honor of serving with him for a decade. Aaron was part of an army of citizens that believes democracy only works when the citizenry are informed, when we know about our rights—and our obligations."
Ch_Omega writes "According to this article over at The Telegraph, Lego has been accused of racism by the Turkish community in Austria over a Star Wars model that supposedly resembles one of Istanbul's most revered mosques. The anger was provoked by 'Jabba's Palace,' a model of the home of Jabba the Hutt from Lego's Star Wars product range based on the blockbusting series of science fiction films. 'The terrorist Jabba the Hutt likes to smoke a hookah and have his victims killed,' said the statement posted on the organization's website. 'It is clear that the ugly figure of Jabba and the whole scene smacks of racial prejudice and vulgar insinuations against Asians and Orientals as people with deceitful and criminal personalities.'"