An anonymous reader writes "Spammers are back with a new trick, this time round sending messages with MP3 attachments that contain the latest pump-and-dump stock scams. One sample identified by Sophos was a heavily distorted 30-second MP3 file. A synthetic female voice was used to promote a particular stock. Says Graham Cluley, senior technology consultant at Sophos: 'Although the spammers seem to have a fair bit to learn about machine-generated sales patter, some companies might consider blocking all MP3s in email as a matter of course. So many music files infringe copyright, and it can be hard for a company to establish which ones are legal and which are not after they have arrived. Blocking MP3s, or at least quarantining until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal file sharing. It also has the benefit of neutralizing this sort of spam at the same time.'"Read more of this storyat Slashdot.

  dg2fer writes "For more than two months, the vulnerability of parsing URIs has been known for a number of Windows programs, including Outlook, Adobe Reader, IRC clients, and many more. Microsoft admitted the vulnerability only last week. The latest Microsoft patches published on October's Patch Tuesday did not include a solution, so hackers have taken on the problem themselves. One, KJK::Hyperion, has published (as open source) an unofficial patch that cleans up the critical parameters of URI system calls before calling the vulnerable Windows system function."Read more of this storyat Slashdot.

  .mack notes a ZDNet blog outlining some of the security features added to OSX Leopard (10.5). Here's Apple's brief description of all 11 new security features. "Apple has announced plans to add code-scrambling diversity to Mac OS X Leopard, a move aimed at making the operating system more resilient to virus and worm attacks. The security technology, known as ASLR (address space layout randomization), randomly arranges the positions of key data areas to prevent malware authors from predicting target addresses. Another new feature coming in Leopard is Sandboxing (systrace), which limits an application's access to the system by enforcing access policies for system calls."Read more of this storyat Slashdot.

  hhavensteincw writes "Less than two weeks after Microsoft announced plans to offer personal health records, Google announced today that it plans to offer online personal health records to help patients tote and store their own x-rays and other health data. Google made the announcement Wednesday at the Web 2.0 Summit in San Francisco."Read more of this storyat Slashdot.

  An anonymous reader writes "The Orange County Register reports that a 19 year old from Washington state broke into the Orange County California 911 emergency system. He randomly selected the name and address of a Lake Forest, California couple and electronically transferred false information into the 911 system. The Orange County California Sheriff's Department's Special Weapons and Tactics Team was immediately sent to the home of a couple with two sleeping toddlers. The SWAT team handcuffed the husband and wife before deciding it was a prank. Says the article, 'Other law enforcement agencies have seen similar breaches into their 911 systems as part of a trend picked up by computer hackers in the nation called "SWATting"'"Read more of this storyat Slashdot.

  eweekhickins writes "After two laptops were lost containing the personal data of 3,900+ truckers who handle HAZMATs, the Transportation Security Administration has ordered its contractors to encrypt any and all data. 'After the second theft or loss, the TSA conducted an IT forensic investigation that ascertained that the (previously) deleted information could be retrieved if a thief had the proper training. "So even though [there's only a] small chance of [the data being misused], we did notify all affected individuals and advised them of what steps to take to protect themselves, and we mandated that contractors need to encrypt any and all data in addition to any deletion procedures that might be in place," Davis said.'"Read more of this storyat Slashdot.

  An anonymous reader writes "It finally happened. Steve Jobs announced an iPhone SDK today. The plan is to release it in February, and the suggestion is that apps will need to be digitally signed (not unlike digital signing in Leopard). Here's hoping that developing for the iPhone/Touch will be cheap (or free) enough to allow the folks who have been writing apps to continue doing so. Says Jobs: 'It will take until February to release an SDK because we're trying to do two diametrically opposed things at once--provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc. This is no easy task.'"Read more of this storyat Slashdot.

  An anonymous reader writes "Commtouch released its Email Threats Trend Report based on the automated analysis of billions of email messages weekly. The report examines the appearance of new kinds of attachment spamsuch as PDF spam and Excel spam together with the decline of image spam, as well as the growing threat of innocent appearing spam containing links to malicious web sites. Image spam declined to a level of less than 5% of all spam, down from 30% in the first quarter of 2007; also, image pump-and-dump spam has all but disappeared, with pornographic images taking its place."Read more of this storyat Slashdot.

  Many readers are writing in about the raids and arrests in Brazil's Cisco operation. At least 40 people were arrested earlier today, and Brazilian authorities asked the US to issue arrest warrants for five more suspects in this country. The allegation is that Cisco brought at least $500M of equipment into Brazil without properly paying import duties, and now owes over $826M in taxes, fines, and interest.Read more of this storyat Slashdot.

  Hugh Pickens writes "Computer Scientists at Carnegie Mellon University are developing techniques to analyze and disrupt black markets on the internet, where criminals sell viruses, stolen data, and attack services estimated to total more than $37 million for the seven-month period they studied. To stem the flow of stolen credit cards and identity data, researchers have proposed two technical approaches to reducing the number of successful market transactions. One approach to disrupting the network is a slander attack where an attacker eliminates the verified status of a buyer or seller through false defamation. Another approach undercuts the cyber-crooks' network by creating a deceptive sales environment. 'Just like you need to verify that individuals are honest on E-bay, online criminals need to verify that they are dealing with "honest" criminals,' says Jason Franklin, one of the researchers."Read more of this storyat Slashdot.

  An anonymous reader writes "Amazon just announced that the beta program for their EC2 (Elastic Compute Cloud) service is now open to all developers. They have also added new instance types. It appears that you can now get the equivalent of an 8-core machine. Is cloud computing for the masses finally here?"Read more of this storyat Slashdot.

  ta bu shi da yu writes "It appears that, incredibly, Vista can run out of memory while copying files. ZDNet is reporting that not only does it run out of memory after copying 16,400+ files, but that 'often there is little indication that file copy operations haven't completed correctly.' Apparently a fix was scheduled for SP1 but didn't make it; there is a hotfix that you must request."Read more of this storyat Slashdot.

  SoyChemist writes "Forty years ago, LOGO, a derivative of LISP, was born. Several years later, it became the cornerstone of educational software that simultaneously taught geometry and how to think like a coder. With a plethora of high-end educational software packages to choose from, each with flashy multimedia and trademarked characters, parents and teachers may find the humble turtle a bit outdated. Thankfully, several LOGO programs are available for free through a variety of websites, but perhaps 3D programming environments like Alice will be the wave of the future."Read more of this storyat Slashdot.

  Bowling for cents writes "There is evidence that the massive Storm Worm botnet is being broken up into smaller networks, and a ZDNet post thinks that's a surefire sign that the CPU power is up for sale to spammers and denial-of-service attackers. The latest variants of Storm are now using a 40-byte key to encrypt their Overnet/eDonkey peer-to-peer traffic, meaning that each node will only be able to communicate with nodes that use the same key. This effectively allows the Storm author to segment the Storm botnet into smaller networks. This could be a precursor to selling Storm to other spammers, as an end-to-end spam botnet system, complete with fast-flux DNS and hosting capabilities."Read more of this storyat Slashdot.