Cody Taylor

coondoggie writes “The US Department of Homeland Security’s Science & Technology Directorate recently awarded almost 0,000 to a Kentucky company to further develop a contactless finger print/biometric system. The goal is a machine that can snap 10 fingerprints in high resolution in less than 10 seconds, without human intervention. This goal is beginning to lok feasible. FlashScan3D is working with the University of Kentucky’s Center for Visualization and Virtual Environments, and has developed a technique called ‘structured light illumination’ (WIPO patent description), where a pattern of dots or stripes is projected onto a curved or irregular surface.”

Read more of this story at Slashdot.

CWmike writes “The fallout from Thursday’s arrests of a District of Columbia IT security official and contractor quickly raised questions about the fate of Vivek Kundra, the new federal CIO who until recently ran the office now mired in bribery allegations. Appointed by President Barack Obama as CIO less than two weeks ago, Kundra was CTO for the District of Columbia. But yesterday, Kundra’s former office in a downtown government building was a crime scene. A White House official, speaking on background, confirmed today that Kundra took a leave of absence from his new CIO job shortly after federal investigators arrested two men in the DC government office on bribery charges. The official would not elaborate on the reasons for the leave; there were no indications yesterday that Kundra was involved in any wrongdoing. Kundra’s decision could slow his plan to create a ‘revolution’ in the federal government’s use of technology.”

Read more of this story at Slashdot.

Penguinisto writes “According to CNET, Knowledge Ecology International’s FOIA request for information about ACTA was denied. ACTA is the pending copyright treaty believed to have been authored by lobbyists for the content cartels. Even stranger, the denial cited ‘national security reasons (PDF). While it is not unusual for the White House of any administration to block FOIA requests for national security reasons, one would think that a treaty affecting civil interests alone wouldn’t qualify for such secrecy. Not exactly sure what involvement the former RIAA mouthpiece Donald Verelli (a recent Obama pick for the DOJ) may have in this.” KEI is not alone; the European Parliament wants to see the ACTA documents too.

Read more of this story at Slashdot.

An anonymous reader writes “Cyber Warfare is a hot topic these days. A major reorganization may be looming, but a critical component is a culture where technologists can thrive. Two recent articles address this subject. Lieutenant Colonel Greg Conti and Colonel Buck Surdu recently published an article in the latest DoD IA Newsletter stating that ‘The Army, Navy, and Air Force all maintain cyberwarfare components, but these organizations exist as ill-fitting appendages (PDF, pg. 14) that attempt to operate in inhospitable cultures where technical expertise is not recognized, cultivated, or completely understood.’ In his TaoSecurity Blog Richard Bejtlich added ‘When I left the Air Force in early 2001, I was the 31st of the last 32 eligible company grade officers in the Air Force Information Warfare Center to separate from the Air Force rather than take a new nontechnical assignment.’ So, Slashdot, how has the military treated you and your technical friends? What changes are needed?”

Read more of this story at Slashdot.

krou writes “The National Security Archive at George Washington University has awarded its 2009 Rosemary Award to the FBI for worst freedom of information performance (PDF of the award). Previous winners have been the CIA and the Treasury. The NSA notes that ‘The FBI’s reports to Congress show that the Bureau is unable to find any records in response to two-thirds of its incoming FOIA requests on average over the past four years, when the other major government agencies averaged only a 13% “no records” response to public requests.’ The FBI’s explanation, according to the NSA, is that ‘files are indexed only by reference terms that have to be manually applied by individual agents,’ and even then, ‘agents don’t always index all relevant terms.’ Furthermore, ‘unless a requester specifically asks for a broader search, the FBI will only look in a central database of electronic file names at FBI headquarters in Washington.’ Any search will therefore ‘miss any internal or cross-references to people who are not the subject of an investigation, any records stored at other FBI offices around the country, and any records created before 1970.'”

Read more of this story at Slashdot.

angry tapir writes “One of the discussions at the Source Boston Security Showcase has been the militarization of the Internet. Governments looking to silence critics and stymie opposition have added DDOS attacks to their censoring methods, according to Jose Nazario, senior security researcher at Arbor Networks, with international political situations spawning DDOS attacks.”

Read more of this story at Slashdot.

mask.of.sanity writes “BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months. The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting. The Romanian security vendor said its removal tool will delete all versions of Downadup and will not be detected by the virus.”

Read more of this story at Slashdot.

pnorth writes “Malware writers that sell toolkits online for as little as 0 will now configure and host the attacks as a service for another , according to email offers cited by security experts. A technical account manager at authentication firm Vasco said that cyber crime is becoming so business-like that online offerings of malicious code often include support and maintenance services. He said ‘it was inevitable that services would be sold to people who bought the malware toolkits but didn’t know how to configure them. Not only can you buy configuration as a service now, you can have the malware operated for you, too.'”

Read more of this story at Slashdot.

pnorth writes “Malware writers that sell toolkits online for as little as 0 will now configure and host the attacks as a service for another , according to email offers cited by security experts. A technical account manager at authentication firm Vasco said that cyber crime is becoming so business-like that online offerings of malicious code often include support and maintenance services. He said ‘it was inevitable that services would be sold to people who bought the malware toolkits but didn’t know how to configure them. Not only can you buy configuration as a service now, you can have the malware operated for you, too.'”

Read more of this story at Slashdot.

eggegick writes “My wife has taken a number of college courses over the last three years and many of the classes used on-line materials rather than books. The problem was these required IE along with Java, Active X and/or various plug-ins (the names of which escapes me), and occasionally I’d have to tweak our firewall to allow these apps to run. I don’t think any of these training apps would work with Firefox. All of this made me cringe from a security point of view. Myself, I use just use Firefox, No-Script, our external firewall and common sense when using the web. I have a very old windows 2000 machine that I keep up to date. To my knowledge I’ve never had a virus or malware problem. Her computer is a relatively new XP machine, and this point she feels here computer has something wrong. But now she prefers to use my old machine instead of hers since it seems to be more responsive. We plan to run the recovery disk on hers. Assuming the college course work applications were part of the cause, what recommendations do any of you have when having to run this kind of software? Is there a VMware solution that would work — that is have a Windows image that is used temporarily for the course work and then discarded at the end of the semester (and how do you create such an image, and what does it cost?).”

Read more of this story at Slashdot.