inglishmayjer was one of several readers to send in the news of a major bug in Apple's new OS, 10.6 Snow Leopard, that can wipe out all user data for the administrator account. It is said to be triggered — not every time — by logging in to the Guest account and then back in to the admin account. Some users are reporting that all settings have been reset and most data is gone. The article links to a number of Apple forum threads up to a month old bemoaning the problem. MacFixIt suggests disabling login on the Guest account and, if you need that functionality, creating a non-administrative account named something like Visitor. (The Guest account is special in that its settings are wiped clean after logout.) CNet reports that Apple has acknowledged the bug and is working on a fix.Read more of this storyat Slashdot.

  An anonymous reader writes "People still don't understand SSL. This isn't much of a surprise... no one expects that grandma and grandpa know what SSL is and what it does. What is surprising and downright scary is that most IT professionals don't understand SSL, and many consider it to be the be-all, end-all of security in their organization. With all the tools out there to manipulate SSL connections, and the browser vendors unable to settle on a single method of showing if a site is secured by SSL or not, is it any wonder that no one gets it?"Read more of this storyat Slashdot.

  Expanding on the T-Mobile data loss mentioned in an update to an earlier story, reader stigmato writes "T-Mobile's popular Sidekick brand of devices and their users are facing a data loss crisis. According to the T-Mobile community forums, Microsoft/Danger has suffered a catastrophic server failure that has resulted in the loss of all personal data not stored on the phones. They are advising users not to turn off their phones, reset them or let the batteries die in them for fear of losing what data remains on the devices. Microsoft/Danger has stated that they cannot recover the data but are still trying. Already people are clamoring for a lawsuit. Should we continue to trust cloud computing content providers with our personal information? Perhaps they should have used ZFS or btrfs for their servers."Read more of this storyat Slashdot.

  storagedude points to this article at Enterprise Storage Forum which argues that cloud-based storage options have fatal limitations for both businesses and individuals: "The article makes the argument that high volumes of data and bandwidth limitations make external cloud storage all but useless for enterprises because it could take months to restore the data in a disaster. It also appears to be a consumer problem — the author spent three months replicating 1TB of home data via cable modem to an online backup service." Seems like those off-site incremental storage firms could dispatch a station wagon full of tapes, for enough money. Update: Here's another reason, for Sidekick users: reader 1ini was one of several to point out an alert from T-Mobile that "...personal information stored on your device — such as contacts, calendar entries, to-do lists or photos — that is no longer on your Sidekick almost certainly has been lost as a result of a server failure at Microsoft/Danger."Read more of this storyat Slashdot.

  Darren Ginter writes "A group of Samba v4 developers recently spent a week in Redmond to work with Microsoft on Active Directory interoperability(?!). The result? Windows Server will now join, trust and replicate a Samba-based Active Directory using Microsoft-native protocols. Although Samba v4 is still in the alpha stages, this is a huge step for open source. Or it could be a trap."Read more of this storyat Slashdot.

  Captain Sarcastic writes "I have been a contract programmer for a few years (with some time off when a contract-for-hire paid off and made me a full-time employee). Currently, I'm between projects, but I'm a little worried about one of the contracting companies who's helping me. First off, a little history. "Zeke" (not his real name) was with ABC Contractors (not their real name) when I first met him, and he took my resume and started processing me through the jobs that ABC had available. A bit later, Zeke left, and his replacement Yvonne (standard disclaimer) submitted me to a company (call them "Acme") for a contract-for-hire. Everything looked like a good fit, and she E-mailed me a copy of the resume they submitted to Acme. Came the interview, I realized that Zeke had left out part of my history and had mis-dated other aspects, to keep me from appearing unemployed. Like an idiot, I tried to correct this at the interview, to find out that Acme had decided that I had fabricated all of my experience, and chewed out the rep for ABC for sending an unqualified applicant. Fine, learning experience for me — double-check what the contracting company says about you, and don't try to correct things in the middle of the interview." Read below for the rest of the story. What other difficulties have others gone through with headhunters and when is it time to leave one behind?Read more of this storyat Slashdot.

  itwbennett writes "'As part of its design, the Bahama botnet not only turns ordinary, legitimate PCs into click-fraud perpetrators that dilute the effectiveness of ad campaigns. It also modifies the way these PCs locate certain Web sites through DNS poisoning,' explains Juan Carlos Perez in an ITworld article. 'In the case of Google.com, compromised machines take their users to a fake page hosted in Canada that looks just like the real Google page and even returns results for queries entered into its search box. It's not clear where the Canadian server gets these results. What is evident is that the results aren't 'organic' direct links to their destinations, but are instead masked cost-per-click (CPC) ads that get routed through other ad networks or parked domains, some of which are in on the scam and some of which aren't.' 'Regardless, CPC fees are generated, advertisers pay, and click fraud has occurred,' Click Forensics reported on Thursday in a blog posting." Related: Techcrunch reports on a massive Chinese click-fraud ring controlling 200,000 IP addresses.Read more of this storyat Slashdot.

  CWmike writes "Microsoft said it will deliver its largest-ever number of security updates on Tuesday to fix 13 flaws in every version of Windows, as well as Internet Explorer (IE), Office, SQL Server, important developer tools and Forefront Security client software. Among the updates will be the first for the final, or release to manufacturing, code of Windows 7, Microsoft's newest operating system. The 13 updates slated for next week, eight of them pegged 'critical,' beat the previous record of 12 updates shipped in February 2007 and again in October 2008." Update Reader Kurt Seifried writes to correct the math a bit, pointing to Microsoft's Advance Notification page for the release, which says that rather than 13 flaws, this Patch Tuesday involves "13 bulletins (eight critical and five important), addressing 34 vulnerabilities ... Most of these updates require a restart so please factor that into your deployment planning."Read more of this storyat Slashdot.

  thadmiller writes "Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections if the computers are behaving as if they have been compromised by malware. For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus, taking control of the system and using it to send spam as part of a botnet." Update: Jason Livingood of Comcast's Internet Systems Engineering group sent to Dave Farber's "Interesting People" mailing list a more detailed explanation of what this trial will involve.Read more of this storyat Slashdot.

  darthcamaro writes "Windows isn't the only piece of Microsoft technology that hackers are attacking anymore. During a presentation at the SecTor security conference in Toronto, a Facetime security researcher revealed numerous methods by which Xbox users are being hacked today. 'Though the Xbox doesn't have the number one market share, it is the top target for hackers,' Boyd said. 'Xbox Live has 17 million plus subscribers, and that service requires payment.'"Read more of this storyat Slashdot.

  alphadogg writes "Researchers at the University of Washington think it's finally time to start paying some serious attention to the question of robot security. Not because they think robots are about to go all Terminator on us, but because the robots can already be used to spy on us and vandalize our homes. In a paper published Thursday the researchers took a close look at three test robots: the Erector Spykee, and WowWee's RoboSapien and Rovio. They found that security is pretty much an afterthought in the current crop of robotic devices. 'We were shocked at how easy it was to actually compromise some of these robots,' said Tadayoshi Kohno, a University of Washington assistant professor, who co-authored the paper."Read more of this storyat Slashdot.

  nk497 writes "The FBI and Egyptian authorities have arrested 100 people in what they're calling 'the largest international phishing case ever conducted' as part of a wide-scale investigation called Operation Phish Phry. The criminals used phishing to get access to hundreds of bank accounts, stealing $1.5 million. 'This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands of bank customers,' said Acting US Attorney George S. Cardona."Read more of this storyat Slashdot.

  angry tapir writes "The head of the US Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came 'just a few clicks away from falling into a classic Internet phishing scam' after receiving an e-mail that appeared to be from his bank."Read more of this storyat Slashdot.

  An anonymous reader writes "Help Net Security is running an interview with Rafal Rohozinski, a founder and principal investigator of the OpenNet Initiative, which investigates, exposes and analyzes Internet filtering and surveillance practices all over the world. Rafal provides insight on the process of assessing the state of surveillance and filtering in a particular country and discusses differences related to these issues in several regions, touching especially the United States and Europe. In the US, censorship is more difficult to implement if for no other reason than the court systems offer greater protections for freedom of speech. However, in both places surveillance is on the rise particularly as law-enforcement agencies become more adept at working in the cyber domain."Read more of this storyat Slashdot.