Matt

THE EUROPEAN COMMISSION (EC) is backing German calls for stronger data protection, in the wake of the revelation that we have no data protection. The EC has warmed to statements made by Germany's chancellor, Angela Merkel. Earlier this week Merkel called for a better understanding of what data internet firms are handing over to intelligence agencies. EU justice commissioner Viviane Reding has agreed with Merkel, having spoken out against data surveillance such as the PRISM programme in the past. In a series of Twitter comments the commissioner said that Europeans do not want to sit in the palm of the US, and would not, if not given the choice, choose to share their communications with it. "Citizens don't want public authorities to listen to every phone call they make or read every e-mail they write," she said. "For us Europeans national security and data protection go hand in hand. They are two sides of the same coin." Separately, in a speech at the Digital Life Design event, Reding suggested that governments were acting like cowboys and are just grabbing whatever data they want from everyone. "I will not be silent about the recent revelations on programmes such as PRISM in the United States or TEMPORA in the UK or any other spying programme in any other country. Why? Because, in Europe, data protection is a fundamental right.," she said. "Citizens do not want the secret service to listen to every phone call they make or read every e-mail they write. And rightly so. For us Europeans, national security and data protection go hand in hand. They are two sides of the same coin. National security is important, but it does not mean that anything goes and that fundamental rights no longer apply. National security and data protection are not enemies. "They belong together, it is all about finding the right balance." Sursa TheInquirer.net

Fake and gay.

http://www.youtube.com/watch?v=XJro5jGCnoA "Sa moara pula mea" )))))))

Nu se vad pozele.Urca pozele pe shareimage.ro

GENEVA - The international community must wake up to the reality of cyberwar and strive to find ways to stem it, the head of the UN's telecommunications agency said Monday. "There is a cyberwar going on," Hamadoun Toure, secretary general of the International Telecommunication Union, said during a cybersecurity debate at the Geneva Press Club. "Just like a conventional war, there are no winners, only destruction," he warned an audience of reporters, diplomats and technology experts. While Toure declined to pin the blame on individual countries, such attacks have become common currency. Russia was widely blamed for what has been dubbed the world's first cyberwar, in 2007, when state and bank websites were blocked for days in Estonia, one of the world's most wired nations and a member of NATO and the European Union. Since then, attention has focussed on China for alleged state-run cyber attacks on targets in the United States and elsewhere. In recent weeks, pro-regime Syrian hackers and North and South Korean online warriors have also made headlines. In an increasingly connected and Internet-dependent world, cyber attacks by governments and criminal gangs alike have the potential to wreak havoc on everything from the financial sector to key public services, Toure said. That raises the spectre of huge economic losses and social chaos, and Toure said governments and business worldwide must think collectively about how to head that off. "No one single entity can do it alone. We have to change the mindset. Are we mentally prepared to work with one another?" he asked. "In this arena, there's no such thing as a superpower anymore," he said, given that is it cheap to create viruses and launch attacks. "It's the human brain that's driving this. So we're all equal in this, and we need to come together. That's the new order. It's not one country. It's not like a nuclear power, where the technology, the knowledge base and the infrastructure and the funding are required for that. "We have to treat cyberspace like we treat the real world," he added. "What's true in the real world is true in cyberspace. Some people say we're in a new environment where the rules are completely different. We're not. Because humans are at the centre of this." Sursa Securityweek.com

As concerns mount about the possibility of a cyber-attack against critical infrastructure, countries are focusing on boosting their security spending to include cyber-defenses. President Barack Obama signed the executive order in February requiring the National Institute of Standards and Technology (NIST) to create a framework for "reducing cyber-risks to critical infrastructure." NIST, in collaboration with the General Services Administration, Department of Defense, and Department of Homeland Security, has been holding a series of workshops to identify priority elements and released an initial draft on July 1. The draft will be expanded and refined over the next few weeks to identify the "voluntary" guidelines organizations will have to meet in order to protect their critical networks from cyber-attacks. The increased focus on cyber-security is translating directly to increased spending. Just last month, a cyber-security budget from the DoD called for spending almost $23 billion through fiscal year 2018. The budget included initiatives to protect computer networks and to develop offensive capabilities. The budget requested $4.72 billion in fiscal 2015, $4.61 billion in 2016, $4.45 billion in 2017, and $4.53 billion in 2018, according to Bloomberg News, who obtained a copy of the budget document. In comparison, the White House asked for $4.65 billion for the 2014 fiscal year in the budget proposal sent to Congress back in April. The 2014 figure is an 18 percent increase over this year's budget. The Pentagon plans to spend $9.3 billion through 2018 for information-assurance systems that would block attackers and prevent disruptions on DoD's networks. Another $8.9 billion will be spent on cyber-operations, which would include both defensive and offensive capabilities. The U.S. Cyber Command’s headquarters is projected to receive as much as $1.28 billion through 2018. The president's budget proposal requested more than $13 billion for cyber-programs, or about 16 percent of the federal IT budget. Under the proposal, DHS would also receive $300 million to better monitor federal networks, $85 million to the Commerce Department for cyber-network support, and $79 million to help the departments of Homeland Security, Justice and Defense to identify and respond to cyber incidents. While there is some disagreement on how to approach information-sharing and how to protect government and private networks, there appears to be some consensus that the federal government needs to boost cyber-spending, according to a survey commissioned by Tenable Network Security earlier this year. In the survey, about 92 percent of Americans said public utilities such as power grids, transportation systems, and communications, were vulnerable to state-sponsored cyber-attacks. About 60 percent of respondents said they would be in favor of increasing government spending to train "cyber-warriors," according to the survey. The focus on cyber-security spending is not just on this side of the Atlantic. Late last month, George Osborne, the United Kingdom's chancellor, outlined spending increases as part of an effort to protect UK interests in cyber-space. The Chancellor said £210 million ($312.9 million) would be invested in the Cabinet Office's National Cyber Security Programme (NCSP). Cyber security spending will be "ring-fenced," or separated out as its own category instead of being lumped in with other financial items, Osborne said. He called cyber-security “the new frontier of defense.” During a cybersecurity debate at the Geneva Press Club on July 15, Hamadoun Toure, secretary general of the International Telecommunication Union (ITU), said the international community must wake up to the reality of cyberwar and strive to find ways to stem it. "Just like a conventional war, there are no winners, only destruction," Hamadoun warned. Ring-fencing the country's cyber defense spending is "clear evidence" the government considers defending from cyber-threats a priority on, Rob Cotton, CEO at NCC Group told SecurityWeek. The fact that cyber-defense is on the government's agenda is "a big positive for consumers, businesses and the security industry," Cotton added. "What we need now is a clear and long-term strategy for spending, to ensure that we're investing in skills and security infrastructure that will sustain the country in the years to come," Cotton said. Sursa Securityweek.com

Ruling will allow the Internet company to publicly reveal it challenged a U.S. government order to participate in the National Security Agency's controversial data collection program. Yahoo has won a motion from a secretive court that allows it to publicly reveal its efforts to avoid becoming part of PRISM, the National Security Agency's controversial data collection program. The U.S. Foreign Intelligence Surveillance Court ruled Monday that the Justice Department must unseal documents from a classified 2008 case that Yahoo has said will demonstrate the Internet company "objected strenuously" to providing the government with customer data. "The Government shall conduct a declassification review of this Court's Memorandum Opinion of [Yahoo's case] and the legal briefs submitted by the parties to this Court," the ruling read. "After such review, the Court anticipates publishing that Memorandum Opinion in a form that redacts any properly classified information." The ruling, first noted by the Daily Dot, gives the Justice Department two weeks to provide estimates on how long it expects the review process to take. A Yahoo spokesperson said the company was "very pleased" with the court's decision. "Once those documents are made public, we believe they will contribute constructively to the ongoing public discussion around online privacy," the representative said in a statement. Because the 2008 case was conducted in a court under the Foreign Intelligence Surveillance Act (FISA), details of the dispute were never made public beyond a heavily redacted court order and Yahoo was not even allowed to reveal that it was involved in the case. Monday's order was made by the same court that Yahoo originally petitioned five years ago to review the government's order over concerns it violated its users' Fourth Amendment rights against unreasonable searches and seizures. The court responded at the time that the company's concerns were "overblown" and that "incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment." Google, Apple, Yahoo, Microsoft, Facebook, and other Internet companies were left reeling after a pair of articles last month alleged that they provided the NSA with "direct access" to their servers through a so-called PRISM program. Subsequent reporting by CNET revealed that this was not the case, and the Washington Post backtracked from its original story on PRISM. Yahoo has previously denied the allegations regarding participation in the program, calling them "categorically false." Legally barred from discussing their participation in the program, Google and Microsoft have petitioned the Foreign Intelligence Surveillance Court to lift a gag order prohibiting them from disclosing more information about government requests they receive for customer data. To date, the companies have released only totals that combine legal requests made under FISA with others related to criminal investigations involving fraud, homicide, and kidnapping, making it impossible to determine how many FISA requests they have received. Sursa News.cnet.com

F-Secure is reporting that some new malware attempts in OS X are using a spoofing technique to disguise malicious installations as standard files. The technique involves using a special Unicode character in file names that will make an application appear to be a standard document file. While applications can be renamed with ".doc" or ".pdf" extensions in the OS X Finder, the system will append the ".app" extension to show only the name has been altered and the file is still recognized as a program. This will happen even if you have the Finder set to hide file extensions. Of course, you can use the Terminal and some other services to change the name from ".app" to ".doc" or something else; however, doing so will break the functionality of the application package and make it appear as a standard folder. To get around this, if you wanted to disguise a file, you could use the Unicode character "U+202e" to override the system's automatic compensation for the name change, and keep the .app extension hidden while showing only the fake one. For example, copy an application such as TextEdit to your Desktop, and then edit its name to append ".pdf" to the end of it. When you do so, the system will append ".app" to the name as expected. Now remove the change so the name appears only as "TextEdit" with no extensions. Following reverting the name, enable the OS X Character Viewer and activate the panel from the input menu. With the panel open, search for "U+202e" to find the "Right-to-left" character. This will not show up as a symbol, but can be selected and input at the point of the cursor as a character. With this character ready, you would follow these steps: The U+202e Unicode character invokes right-to-left behavior, and overrides the Finder's ability to reveal disguised application names. (Credit: Screenshot by Topher Kessler/CNET) Select TextEdit and press Enter to edit its name. Move your cursor to the end and type a period to begin the suffix. Double-click the hidden "U+202e" character in the Character Viewer panel to enter it. Type "fdp" or "cod" ("pdf" and "doc" backward). Press Enter again to apply the name change. When you do this, the TextEdit application will assume the ".pdf" extension, but still maintain its status as a valid application bundle with the .app extension hidden. This results in a file that appears to be a PDF by extension, but which will still have a hidden .app extension and will run as an application when opened. Overall, this way of disguising programs does not constitute much of a threat, especially if you have Apple's Gatekeeper feature set to allow only programs from the App Store or an approved developer ID to run; however, F-Secure outlines that this spoofing technique has been found in recent malware that is signed with a valid Apple developer ID. F-Secure has given the new malware the name Backdoor:Python/Janicab.A. Using the technique described above, it tries to disguise itself as a file other than an application bundle. When run, the malware will open a decoy PDF document, and then create a "cron" entry to automatically launch Python scripts that attempt connections to remote command-and-control servers. The malware then attempts to upload screenshots and audio recordings to these servers. As with prior malware signed with Apple developer IDs, Apple simply needs to revoke the ID and Gatekeeper will flag it as a potentially problematic program. Alternatively, if you wish to take more active measures to avoid interacting with rogue programs, you can go to the Security & Privacy system preferences and set Gatekeeper to allow only programs from the Mac App Store to run without explicit authorization. This setting will ensure that all programs except those vetted by Apple's App Store team will be prevented from running the first time if you open them in the Finder. To open them, you will have to right-click them and choose "Open," followed by confirming you want to do this, and then authenticating to add an exception for this program to the Gatekeeper rules. Alternatively, you can set up custom Gatekeeper rules manually to accommodate other applications. Sursa News.cnet.com

nalysis Security researchers in China claim to have uncovered a second Android vulnerability that might be abused to modify smartphone apps without breaking their digital signatures. The flaw, discovered by the "Android Security Squad", stems from a Java-based issue The vulnerability is similar to the so-called master key vulnerability recently announced by researchers from mobile security start-up Bluebox Security and due to be explained in more depth in a upcoming presentation at Black Hat in Las Vegas at the start of next month. Bluebox first notified Google about a potential problem back in February, months prior to going public on the issue. The practical effect of both flaws is the same: miscreants could upload Trojan-laden versions of Android application packages (.APK files) onto online marketplaces. These backdoored apps would carry the same digital signature as undoctored copies of the APKs. The Chinese discovery is a "different approach to achieve the same goal as with the previous exploit," Pau Oliva Fora, a mobile security engineer at ViaForensics, told Computerworld. Oliva Fora put together a (harmless) proof-of-concept exploit based on the Bluebox vulnerability last week. Pack RAT Bluebox Security has avoided going into details prior to its upcoming Black Hat presentation on 1 August but the work of Oliva Fora and other security researchers has revealed that the current Android app security shenanigans stem from duplicate filename trickery in Android application installer files rather than something more esoteric, such as a hash collision. Android installation packages are compressed in containers that work like ZIP archive files. Regular ZIP utilities generally prevent you from having two files with the name in one archive but the ZIP format itself doesn't preclude duplicated filenames - so with a bit of hacking and tweaking, you can fairly easily create a utility to build an archive with repeated filenames. It's this behaviour that spawns the vulnerability discovered by Bluebox Security, explains anti-virus veteran Paul Ducklin in a post on Sophos' Naked Security blog. "Android's cryptographic verifier validates the first version of any repeated file in an APK archive, but the installer extracts and deploys the last version," Ducklin explains. "In other words, the APK passes its cryptographic tests at install time, even though what gets installed is bogus." Chinese whispers The Chinese vulnerability creates a means for miscreants to inject code into the headers of APKs without screwing with digital signatures. However the potential of the attack is limited because targeted files (of the type classes.dex) need to be smaller than 64K in size. Google has already released a security fix to smartphone manufacturers covering both the Bluebox master key vulnerability and the flaw uncovered by the Chinese researchers, according to a statement from Jeff Forristal, CTO of Bluebox, received in response to our inquiries into the issue. Google has yet to respond to The Register's request for a comment on the vuln, so it remains unconfirmed whether or not Mountain View scans for modified applications that exploit either of the two vulnerabilities in its official Google Play store. Effective scanning would be little more complex than looking for duplicate filenames in APK files. Stay away from those third-party apps Google recently banned Google Play Store apps from updating outside the Play update mechanisms, as tech analysis blog GigaOM was among the first to note, so at least some protection is already in place. Filters on Google Play don't do much to help users who install Android apps from third-party stores, of course. Consumers and business users of Android devices won't really be protected until manufacturers roll out the Android software updates. Samsung is already pushing out a patch but other OEMs might be slower to react - and the whole process might take weeks, if not months. Bluebox reckons 99 per cent of Android devices are vulnerable to the master key flaw. And that's without even considering devices out there that are still in use but no longer supported. Almost all Android devices are vulnerable, since the vulnerability has existed since Android 1.6 (Donut), and only the Samsung Galaxy S4 has been patched to protect against it, Trend Micro warns. A blog post by Trend providing an additional perspective on the problem, and taking issue with Bluebox's description of it as a master key vulnerability, can be found here. "This vulnerability can be used to replace legitimate apps on an Android device with malicious versions," explains Jonathan Leopando, a member of Trend's technical communications team. "Apps with many permissions – like those from the phone’s manufacturer or the user’s service provider – are at particular risk. "Once on the device, they can behave in the way that any malicious app would, except the user would think they were a completely legitimate app. For example, a modified/Trojanised app for a bank would continue to work for the user, but the credentials would have been sent to an attacker," he adds. ® Sursa TheRegister.co.uk

Oracle has updated its Exalytics in-memory database platform. The company said that the Exalytics X3-4 appliances would sport improvements to both hardware and software features including increased flash and hard disk storage as well as new business intelligence and analysis tools. Designed for enterprise business analytics and big data applications, the Exalytics platform has been designed to work alongside Oracle's Exalogic and Exadata appliance lines, the Exaltyics systems allow firms to quickly analyse and react to business trends and patterns by managing and analysing unstructured data. The new X3-4 appliance will look to increase the processing capacity of the platform by offering 2.4TB of flash memory and 5.4TB of solid state storage capacity. In addition to improving analysis operations, Oracle said that the Exalytics X3-4 appliance will look to increase compatibility with mobile devices by adding support for the Oracle BO Mobile HD platform and bringing integration for the Oracle Business Intelligence Foundation Suite, Endeca Information Discovery, Essabase and Times-Ten In-memory Databse platform. “Unlocking data in a quick, easy and timely manner can be a strong competitive advantage,” said Oracle vice president of product management Paul Rodwick. “Oracle Exalytics X3-4 delivers powerful business analytics reinforcing our commitment to innovating and delivering maximum value through analytics by allowing our customers to spend less time on complicated integrations and more time providing real-time answers to strategic business questions.” Sursa V3.co.uk

Security researchers have demonstrated a flaw in femtocells that allows them to be used for eavesdropping on cellphone, email, and internet traffic. The hack was demonstrated on Verizon hardware, and the telco giant has issued an update to patch the vulnerability, but up to 30 other network carriers use systems with software that can be hacked in the same way. Femtocells are used to boost Wi-Fi and mobile signals within a household, but a common form of software that many devices use has a major security flaw that allows all traffic to be recorded and analyzed. Tom Ritter and Doug DePerry from iSEC Partners demonstrated the snooping hack to Reuters using a Verizon Wireless Network Extender ahead of a lecture at the Black Hat hacking conference to be held later this month. The researchers bought the Verizon femtocell for $250, and used open source software to test out the bugging attack. They also managed to boost the range of the femtocell to enable a much wider radius of data-slurping beyond the advertised 40 meter radius. As many as 30 carriers could have hardware at risk, iSEC said, and the attack was simplicity itself – attack code can be pushed to vulnerable devices with no further user interaction needed. Since the firmware of femtocells is seldom updated, an attacker could eavesdrop for some time before being detected, and it's not a hard hack. "This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people," said Ritter. A hacked device could be placed in locales such as a restaurant frequented by high-value targets, and used to monitor data traffic that comes through the femtocell. The information can be stored and relayed back to the attacker using the adapted device, and used for further infiltration later. Verizon's update fixes the problem (otherwise, as at past Black Hats, the lawyers would almost certainly have stopped the briefings), but users of their Wireless Network Extender have to be aware of and apply the patch to lock down their femtocells. More worrisome is that the software is used widely in a variety of hardware femtocell systems – all users of all such hardware are advised to seek out their latest firmware upgrade. "The Verizon Wireless Network Extender remains a very secure and effective solution for our customers," said Verizon spokesman David Samberg in a statement. True – but only if those customers upgrade their firmware. ® Sursa TheRegister.co.uk

The first release candidate of version 3.11 of the Linux kernel has arrived, and to commemorate the occasion, Linux creator Linus Torvalds has given the kernel a new codename and a new, Microsoft-inspired boot logo to match. As of Sunday, Linux kernel 3.11 is officially named "Linux for Workgroups," borrowing the moniker Microsoft gave to Windows 3.11, way back in 1993. To accompany the name change, the graphical logo that appears when some Linux systems boot has been updated so that Tux the Penguin is now holding a flag reminiscent of the old Windows logo. The last time Linus changed the boot logo was in 2009, when he briefly swapped out Tux for a Tasmanian Devil mascot to raise awareness of efforts to fight a disease plaguing that animal's endangered population. Silly codenames, on the other hand, are a tradition for the Linux kernel. The most recent kernels 3.8-rc6 through 3.10 went by the name "Unicycling Gorilla," while some entries in the 2.6.x line bore such names as "Pink Farting Weasel," "Holy Dancing Manatees, Batman," and "Jeff Thinks I Should Change This, But To What?" Tux gets a makeover for 3.11 The latest name change is a nod to Windows for Workgroups 3.11, the version that Microsoft shipped 20 years ago this November. WFW 3.11 was Redmond's first fully 32-bit OS, meaning it could only run on machines with 80386 processors or better. It was also the OS for which Microsoft shipped its first rudimentary TCP/IP stack. Linux today is of course considerably more advanced than WFW 3.11 was, and as usual, the latest kernel brings a number of improvements. Most notably, AMD has contributed more than 150 patches that improve support for Radeon graphics cards, including support for new hardware and for dynamic power management in the open source driver. Zswap, a tool that tries to improve performance by compressing memory rather than swapping it to disk, has been added to the mainline kernel for the first time. Also included is a client for the Lustre distributed file system. Various improvements have been made for the PowerPC and ARM processor architectures. Xen and KVM virtualization now work on 64-bit ARM, and Wine/ARM can now run some Windows RT applications. As usual, a wide variety of minor improvements have been made and bugs have been squashed, as well. The full list is too long to go into detail here, but you can see a list of merged patches in Linus' original release note. Now that kernel 3.11 has reached release candidate status, its feature set has been frozen and future development will exclusively involve fixing bugs. If all goes smoothly, the final version will likely ship sometime in September. ® Sursa TheRegister.co.uk

Cred ca te ajuta si : Win32 Sality Remover

Ati dat-o in altele si imi pare rau ca m-am amestecat in topicul asta. Stiu ca ISEcity sunt niste terminati.Daca cineva din echipa lor de buguiti dezerteaza si ajunge aici asta nu inseamna ca i se iarta toate pacatele. Ca sa iti dai seama tu ca persoana ca esti ratat si ca pierzi vremea cu asemenea lucru gen isecenter trebuie totusi sa ai si putina minte.

Nu mi se pare a pupincurism insa e doar parerea mea.

Sa stii ca probabil a mai crescut cu un grad in ochii nostri pentru faptul ca a plecat de pe IST si a recunoscut ca a gresit. Acum insa trebuie sa creasca mai departe.

Salut si bine ai venit.Inainte sa te apuci sa rascolesti forumul arunca o privire asupra urmatoarelor posturi.E spre binele tau. https://rstforums.com/forum/59818-regulamentul-forumului-ro.rst https://rstforums.com/forum/16747-cum-se-pun-ntreb-ri-n-mod-inteligent.rst https://rstforums.com/forum/7197-hackerul-de-romania.rst https://rstforums.com/forum/16359-sfaturi-de-om-batran-pentru-ai-nostri-hackeri-tineri.rst

Nu v-ati plictisit sa trollati topicul asta ? Puteti face +1 si in topicurile urmatoare : https://rstforums.com/forum/programare.rst https://rstforums.com/forum/tutoriale.rst https://rstforums.com/forum/sisteme-de-operare-discutii-hardware.rst Inteleg e mai frumos aici.

Auzi .. vrei sa pornesc armata?

Cititi o carte. "Secolul 21 - New York : O metropola contemporana"

A nasty new phishing campaign that aims to harvest Twitter login credentials is doing the rounds. The scam typically appears in the shape of direct messages to prospective marks from one of their contacts. Attackers are using messages such as "This person is threatening to expose something bad about you" with a link. The link takes prospective victims (who may be concerned they are about to be slandered or worse) to a dodgy site (twitller.com), which poses as a login to Twitter. Victims are encouraged to hand over their login credentials which are then used to take over compromised accounts and send more intimidating messages. "This is a nasty trick especially when the sender is someone you know and trust. If you receive a suspicious DM or email from a person you know and trust, just warn him/her – the account is most likely hijacked and controlled by the attackers," security blogger Janne Ahlberg warns. A quick Twitter search on a key phrase suggests that the scam might have flared up around Thursday and run into the weekend. No more than a handful of people reported seeing it, so we appear to be talking about a low level or unsuccessful scam. Any typo-squatting site associated with the attack is likely to get squashed but this won't stop the ruse re-appearing under a slightly different guise or featuring a different site. Let's be careful out there. The motives, much less the perpetrators of the Twitter phishing campaign, are unknown. Possible motivations might be the use of compromised accounts to send messages advertising dodgy diet sites (earning marketing affiliate revenue in the process), or the use of compromised Twitter account login credentials to break into other services (email, Facebook etc). This latter trick is only possible thanks to the widespread but hopelessly insecure practice of using the same password on multiple websites. ® Sursa TheRegister.co.uk

VMware has offloaded Zimbra less than four years after buying the email-cum-collabware business unit from Yahoo! Terms are undisclosed. The buyer is Telligent, a developer of enterprise social software. It will merge its software into Zimbra, and the goal is to deliver a unified social collaboration suite designed for the" post-PC era". This may be a concatenation of buzzwords, but the pitch has worked - Telligent / Zimbra Mk 4 is backed by Intel Capital, NXT Capital Venture Finance, BDCA, Hall Financial Group and VMware. Telligent's boss Patrick Brandt will run the combined business. He says the acquisition presents an opportunity to "return Zimbra to its roots as an independent collaboration software leader with a vibrant open source community". Certainly, Zimbra (Mk1) has seemed a little unloved since it was bought by Yahoo! for an astounding $350m (Mk2) in 2007. VMware snapped up Zimbra (Mk3) in January 2010 for "considerably less" money. At the time VMware hailed Zimbra as a "great example of the type of scalable "cloud era" solutions that can span smaller, on-premise implementations to the cloud". The company envisaged Zimbra as a component for an "expanding portfolio of solutions that can be offered as a virtual appliance or by a cloud service provider". The idea was to simplify IT especially for smaller businesses. Oh well. ® Sursa TheRegister.co.uk

At least one group of researchers is pulling out of DEF CON in protest at the decision to tell federal agents to stay away from the annual hacking convention. Jeff Moss, the US government security advisor who founded the DEF CON and BlackHat, urged federal agents to stay away from DEF CON in Vegas next month. G-Men were unwelcome because of the recent revelations about wholesale surveillance on US citizens by the NSA, Moss (AKA @TheDarkTangent) said in a post on the official DEF CON website. "When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship," Moss said. "Therefore, I think it would be best for everyone involved if the feds call a 'time-out' and not attend DEF CON this year." It's unclear how effective the request will be. Several people in the security community have questioned Moss's stance, given he's served on the US government's Homeland Security Advisory Council since 2009 and is chief security officer for internet overlord ICANN. Others dismiss the G-men exclusion request as showboating. "Of course I think the whole ban the Feds at Defcon thing is just controversy to get media attention and more mainstream exposure ," said convicted hacker turned security consultant Kevin Mitnick, in a Twitter update. Federal agents have been welcomed at DEF CON from the genesis of the long-running conference, with the main conditions being that they be open about their status and willing to put up with a certain amount of mickey taking from other attendees. Some security researchers such as Robert Graham of Errata Security, reckon the stay-away request is a sensible move towards defusing potential antagonism at this year's show. However other security researchers argue that dialogue between hackers, security and representatives of federal agencies has become even more important in the wake of PRISM-gate. Turning DEFCON into a closed shop that excludes federal agents, or at least forces them to operate in stealth mode, is counterproductive - according to Secure Ideas. The security consultancy was due to present research into attacking SharePoint at DEF CON but has cancelled its own plans to appear at the show in response to the exclusion-of-federales request, as a blog post by Secure Ideas explains. Instead of unveiling its research at DEF CON Secure Idea will present an updated version of its SharePoint talk (and release tools) at another as-yet-unconfirmed conference. ® Bootnote DEF CON organisers have posted a clarification update to its original post saying they're not banning anyone from attending, criticising the press for suggesting otherwise. Federal agents can still come to DEF CON on condition that this is to satisfy their personal interest in computer security, the post states. "There is a lot of tension in the community right now and he was asking politely for feds to consider not attending this year," the post explains. "If you are on your own dime pursuing your own personal interests in hacking and not assigned to be there working your federal Intel job, then don't consider yourself a Fed! We want motivated people to attend!" Sursa TheRegister.co.uk

A self-confessed porn addict is sueing Apple after he claims he became so hooked on watching rude videos that his wife left him. Tennessee man Chris Sevier, 36, has filed a 50-page complaint with the state's supreme court in which he slams the fruity firm for failing to install a blue movie filter on new devices. He wants Apple to make sure customers aren't automatically allowed to watch pornography, which he brands a "silent poisoner" and blames for everything from sex trafficking to the exploding number of late night commercials for Viagra. He is seeking damages from the company. Sevier claimed his problem began when he opened the Safari browser and made a few mistakes when typing Facebook into the URL bar. Sadly, he ended up at a site called Fuckbook which blatantly "appealed to his biological sensibilities as a male", the complaint read. The filing said: "The Plaintiff began to prefer the cyber beauties over his wife, which caused his marriage to fail. His wife [left him], which was a subsequent consequence of Apple's decision to to sell its computers not on 'safe mode'." He is also seeking damages because of becoming so "depressed and despondent" that he was unable to work. Worse yet, Apple is putting "brick and mortar or 'mom and pop' porn shops" out of business, claimed the plaintiff, although it is unrelated to his complaint and he does not seem to be seeking damages for this infraction. Worst of all, the filing reads, none of the shiny happy fanbois and fangurlz at the Apple store warned him what arousing evils were lurking out there on the internet. The filing added: "No one at the Apple Store warned him that looking at pornographic images and videos could cause addictions, to include arousal addiction, or that the device could be the gateway to accessing content that could cause a rewiring of his brain, which led to the demise of his family, unemployment and unwanted changes in lifestyle. "Just because porn is legal does not mean Apple is not aware it is harmful." We would continue to pick out the many vivid descriptions in the legal filing, but this article would be several thousands of words longer. Click here to read exactly why Sevier blames the fruity firm for his addiction to sexy streaming videos. The plaintiff said he had first bought a Macbook Pro so he could make electronic music in a band called Ghost Wars. In order to illustrate the plight of the smut-lover, Sevier appended a link to a music video to his legal complaint which he thinks will "summarise the issues in the lawsuit". Sursa TheRegister.co.uk

Description : Disk Encryption For Your Laptop - LinuxFest 2013 Presentation by Seth Schoen, a representative of the Electronic Frontier Foundation, on April 28, 2013. Disk encryption is an important precaution to protect data on your device if it's ever lost or stolen—something that unfortunately happens more often than laptop users expect. The goal of disk encryption is to make sure that the contents of your device can only be read by authorized users. In this presentation, I'll address topics like what are the most popular disk encryption options and tools for Linux systems? How do you enable them? What's the difference between full-disk encryption and per-user encryption? What's the difference between disk encryption and GPG? How should you create an encryption passphrase? How can you reduce the risk of losing or forgetting your passphrase? How has the law recently treated the use of disk encryption? What are the limitations of disk encryption? How could it be bypassed or broken? How can we use disk encryption to prevent on-line or cloud backups? I hope to show that disk encryption is a valuable precaution, now pretty well-integrated on modern Linux systems, and one that may not unduly complicate your computing experience.