Kurtz'sKompund writes in with word on the latest annual survey of the state of DNS on the Net. The survey, commissioned by infrastructure appliance vendor Infoblox, found that the use of Windows DNS Server in Internet-facing applications has fallen off dramatically as more users act on concerns about security. BIND 9, the latest version, gained against earlier, less secure versions. But in other dimensions, DNS practices showed little improvement from a security point of view. Hardly anyone is using DNSSEC; and 31% of nameservers allow promiscuous zone transfers, a number little changed from last year. Here's a video of an interview with Infoblox's chief architect Cricket Liu on the state of DNS.Read more of this storyat Slashdot.

  juct writes "The long-standing suspicion that the anonymizing network TOR is abused to catch sensitive data by Chinese, Russian, and American government agencies as well as hacking groups gets new support. Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."Read more of this storyat Slashdot.

  miller60 writes "Intel has become the latest major tech company to express interest in using portable data centers to transform IT infrastructure. Intel says an approach using a "data center in a box" could be 30 to 50 percent cheaper than the current cost of building a data center. "The difference is so great that with this solution, brick-and-mortar data centers may become a thing of the past," an Intel exec writes. Sun and Rackable have introduced portable data centers, while Google has a patent for one and Microsoft has explored the concept. But for all the enthusiasm for data centers in shipping containers, there are few real-world deployments, which raises the question: are portable data centers just fun to speculate about, or can they be a practical solution for the current data center expansion challenges?"Read more of this storyat Slashdot.

  thefickler notes that consumers aren't the only ones carrying "Death to DRM" placards. UK music retailers are telling the recording industry enough is enough — that the industry's obsession with copy protection is hurting, not helping, profit. Kim Bayley, director-general of the UK Entertainment Retailers Association, said that the anti-piracy technologies are not protecting industry revenue but instead "stifling growth and working against the consumer interest." The ERA hopes the industry will drop DRM in time for the holiday season. Good luck with that.Read more of this storyat Slashdot.

  Arashtamere sends in a Computerworld story on a security flaw in the Windows 2000 pseudo-random number generator published by Israeli researchers earlier this month. Microsoft has now admitted that the flaw is present in XP too. Microsoft denies that the bug is a security vulnerability, since an attacker would have to have gained administrative access to a system before exploiting it. (The Israeli researchers point out that many common exploits provide admin access.) This stance apparently lets them off the hook for patching Win2K, which is in "extended support" mode, though it powers about 9% ofUS and EU business computers. Microsoft said that XP SP3, due in the first half of next year, will fix the bug. The company said that Vista, Windows Server 2003 SP2, and the new Windows Server 2008 are not vulnerable.Read more of this storyat Slashdot.

  longacre writes "The FAA has awarded the long-anticipated first contract for development of its NextGen air traffic control system: a $1.8 billion deal with ITT Corporation, beating out bids from aerospace heavyweights such as Raytheon and Lockheed Martin. ITT's design will make use of hundreds of specially modified AT&T cellular phone towers which, in addition to their normal communications duties, will relay an aircraft's position to air traffic controllers and other aircraft in real time. The initial contract is only enough to wire and test the so-called ADS-B system in the Philadelphia area and around the Gulf of Mexico — hooking up the rest of the country will take an estimated 20 years and $20 billion."Read more of this storyat Slashdot.

  TallGuyRacer writes "German police are unable to decipher the encryption used in the internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany's top police officer, Joerg Ziercke, said. "The encryption with Skype telephone software ... creates grave difficulties for us... We can't decipher it. That's why we're talking about source telecommunication surveillance — that is, getting to the source before encryption or after it's been decrypted.""Read more of this storyat Slashdot.

  Kurtz'sKompund passed us a link to a Techworld article on a frightening new vulnerability for VoIP. The UK's Peter Cox has put together a proof-of-concept software package to illustrate the flaw, a program he's calling SIPtap. "The software is able to monitor multiple Voice-over-IP (VoIP) call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need would be to infect a single PC inside the network with a Trojan incorporating these functions, although the hack would work at ISP level as well. The program can index 'IP-tapped' calls by caller - using SIP identity information - and by recipient, and even by date."Read more of this storyat Slashdot.

  An anonymous reader writes "The Motion Picture Association of America last month sent letters to the presidents of 25 major universities (pdf), urging them to download and install a 'university toolkit' to help identify students who were downloading/sharing movie files. The Washington Post's Security Fix blog reports that any university that installs the software could be placing a virtual wiretap on their networks for the MPAA (and the rest of the world) to listen in on all of the school's traffic. From the story: 'The MPAA also claims that using the tool on a university network presents "no privacy issues — the content of traffic is never examined or displayed.' That statement, however, is misleading. Here's why: The toolkit sets up an Apache Web server on the user's machine. It also automatically configures all of the data and graphs gathered about activity on the local network to be displayed on a Web page, complete with ntop-generated graphics showing not only bandwidth usage generated by each user on the network, but also the Internet address of every Web site each user has visited. Unless a school using the tool has firewalls on the borders of its network designed to block unsolicited Internet traffic — and a great many universities do not — that Web server is going to be visible and accessible by anyone with a Web browser."Read more of this storyat Slashdot.

  Stony Stevenson passed us a link indicating that a group of researchers has described Microsoft's upcoming Windows Vista Service Pack 1 as basically a performance dud. Researchers from the Devil Mountain Software group is claiming that a series of in-house benchmark tests showed that users hoping to receive a speed boost from the update will be disappointed. "Devil Mountain ran its DMS Clarity Studio framework on a laptop Barth described as a "barn burner" -- dual-core processor, dedicated graphics, and either 1GB or 2GB of memory -- to compare performance of the SP1 release candidate that Microsoft released last week with the RTM version that hit general distribution last January. The Vista RTM was not updated with any of the bug fixes, patches or performance packs that Microsoft has pushed through Windows Update since the operating system's debut. 'One gigabyte, 2GB [of memory], it didn't make a difference,' said [CTO Craig] Barth. 'SP1 was never more than 1% or 2% faster.'"Read more of this storyat Slashdot.

  holden writes "Ian Goldberg, leading security researcher, professor at the University of Waterloo, and co-creator of the Off-the-Record Messaging (OTR) protocol recently gave a talk on protecting your IM conversations. He discusses OTR and its importance in today's world of warrant-less wire tapping. OTR users benefit from being able to have truly private conversations over IM by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important. An avi of the talk is available by http as well as by bittorrent and a bunch of other formats."Read more of this storyat Slashdot.

  Jamie found a fun story about a 90s Zelda Game Boy ROM that shipped with the source code- not so much on purpose, but more because the linker padded out the last meg of ROM with random memory contents, which happened to include game source code.Read more of this storyat Slashdot.

  eweekhickins writes "A surge of e-commerce traffic on Thanksgiving night and all day Friday apparently caught several retail giants by surprise, with Lowe's, Macys and Victoria's Secret especially hard hit. In fact, almost a third of leading retailers suffered significant slowdowns on Black Friday, according to statistics released this weekend by Keynote Competitive Research, a firm that tracks Web site performance."Read more of this storyat Slashdot.

  An anonymous reader writes "Mark Wilson of Gizmodo.com reports that IBM is applying for a patent for DVDs that contain or download 'on demand' commercials that cannot be skipped. Consumers would be able to purchase these DVDs at a lower price than regular DVDs and pay extra to enjoy their purchase ad-free without having to buy a second DVD. Perhaps this is part of the massive shift in advertising that IBM predicts."Read more of this storyat Slashdot.