Hugh Pickens writes "The Russian Business Network, an ISP and Web hosting provider based in St. Petersburg, whose client list amounts to a laundry list of organized cybercrime operations appears to have closed shop after a number of its main upstream Internet providers severed ties with the group. The disappearance of RBN comes less than a month after Brian Krebs of the Washington Post wrote a series of stories detailing the organization and history of the shadowy ISP. However, experts at anti-spam group Spamhaus say there are strong indications that a huge swath of Internet space recently established in China may soon emerge as the next incarnation of the Russian Business Network. In related news FBI Director Robert S. Mueller, III gave a speech on cybercrime earlier this week where he said that the FBI has 60 Legal Attaché offices around the world working with partners in Russia, Romania,Poland, Hungary, Italy, and Estonia, among others, to investigate international cyber threats."Read more of this storyat Slashdot.

  Invisible Pink Unicorn writes "The National Institute of Standards and Technology has opened a public competition for the development of a new cryptographic hash algorithm, which will be called Secure Hash Algorithm-3 (SHA-3), and will augment the current algorithms specified in the Federal Information Processing Standard (FIPS) 180-2. This is in response to serious attacks reported in recent years against cryptographic hash algorithms, including SHA-1, and because SHA-1 and the SHA-2 family share a similar design. Submissions are being accepted through October 2008, and the competition timeline indicates that a winner will be announced in 2012."Read more of this storyat Slashdot.

  twitter writes "A recently reported Macrovision bug has actually been around for six years, according to Computerworld. 'Flawed antipiracy software now being exploited by attackers has been bundled with Windows for the last six years to protect game publishers, Macrovision Corp. said today. The "secdrv.sys" driver has shipped with all versions of Windows XP, Windows Server 2003 and Windows Vista ... users do not have to play a SafeDisc-protected game to be vulnerable.' The article goes on to play down danger and claim that Vista is safe, but ZDNet notes: 'Malware authors are actively exploiting a zero-day privilege escalation vulnerability ... [which] can be exploited overwrite arbitrary kernel memory and execute arbitrary code with SYSTEM privileges. This facilitates the complete compromise of affected computers.'"Read more of this storyat Slashdot.

  ancientribe writes "There's a new peer-to-peer based botnet emerging that could blow the notorious Storm away in size and sophistication, according to researchers, and it's a direct result of how Storm has changed the botnet game, with more powerful and wily botnets on the horizon. This article provides a peek at the 'new Storm' and reveals the three biggest botnets in the world (including Storm) — and what makes them tick and what they are after."Read more of this storyat Slashdot.

  ZDOne writes "ZDNet UK is reporting that it will not be known until the Android software development kit comes out on Monday whether the Gphone will be strictly Java-based, but security experts claim that the less smart a phone is, the less vulnerable it is. Android developers should stick to a semi-smartphone platform because the Java sandbox can protect against the normal kinds of attacks, experts claim. The article also discusses some of the pros and cons of open vs. closed source security. 'The debate about the relative security merits of open-source as opposed to proprietary software development has been a very long-running one. Open-source software development has the advantage of many pairs of eyes scrutinizing the code, meaning irregularities can be spotted and ironed out, while updates to plug vulnerabilities can be written and pushed out very quickly. However, one of the disadvantages of open-source development is that anyone can scrutinize the source code to find vulnerabilities and write exploits.The source code in proprietary software, on the other hand, can't be directly viewed, meaning vulnerabilities need to be found through reverse engineering.'"Read more of this storyat Slashdot.

  angryphase writes "The British Phonographic Institute (the UK's RIAA) has noticed a significant increase in the amount of encrypted torrents — from 4% of torrent traffic a year ago to 40% today. Whether it follows a trend for hiding suspicious activities or an increased awareness of personal privacy is up for (weak) debate. Either way, this change of attitude is catching the eye of ISPs, music industry officials, and enforcement agencies. Matt Phillips, spokesman for the UK record industry trade association explains, 'Our internet investigations team, internet service providers and the police are well aware of encryption technology: it's been around for a long time and is commonplace in other areas of internet crime. It should come as no surprise that if people think they can hide illegal activity they will attempt to.'"Read more of this storyat Slashdot.

  psyph3r writes "Chilehardware has released what appears to be a confidential image showing the future customer desktop AM3 reference boards for AMD and ATI. Here is an English site talking about this reference design image and the features it enables. 'The biggest improvement for this generation of chipsets is the audio and video capabilities integrated into the motherboard. The new features packed into these chipsets are beginning to look like standalone platforms. The RS780 supports DirectX 10 and has a UVD, which is similar to most High-end cards of today.'"Read more of this storyat Slashdot.

  An anonymous reader writes "Salesforce.com has finally acknowledged what security experts have suspected for weeks: that a Salesforce.com employee had his company credentials stolen in a phishing scam, and criminals have been using names and e-mail addresses from Salesforce's customer list to conduct other highly targeted phishing attacks, including the recent round of fake e-mails apparently from the Federal Trade Commission." In such hightly targeted attacks, the AV companies are at a loss — they have little chance of quickly developing signatures for threats that only reach a few thousand victims.Read more of this storyat Slashdot.

  miller60 writes "Microsoft is planning a huge new data center in the Chicago area, as it continues to expand its Internet infrastructure in an effort to keep pace with Google in web-based services. The new facility in Northlake, Ill. may cost more than $500 million and is expected to span 440,000 square feet. Microsoft opened a 470,000 square foot data center in Quincy, Washington earlier this year, and is building a similar facility in San Antonio. Microsoft has also submitted plans for a $500 million data center campus in Dublin, Ireland."Read more of this storyat Slashdot.

  narramissic writes "Red Hat has signed on to Sun's OpenJDK project and agreed to coordinate its own Java development efforts for Linux with the project. Red Hat will align the work it has done on IcedTea (its own implementation of some parts of the JavaSE JDK) with OpenJDK. As part of its participation in OpenJDK, Red Hat will eventually create a compatible OpenJDK implementation for its Enterprise Linux distribution and will also use OpenJDK to create a runtime for its JBoss Enterprise Middleware that is optimized for a Linux environment."Read more of this storyat Slashdot.

  os2man writes "Qmail is one of the most widely used MTAs on the Net and has a solid reputation for its level of security. In 'Some thoughts on security after ten years of qmail 1.0' (PDF), Daniel J. Bernstein, reviews the history and security-relevant architecture of qmail; articulates partitioning standards that qmail fails to meet; analyzes the engineering that has allowed qmail to survive this failure; and draws various conclusions regarding the future of secure programming. A good read for anyone involved in secure development."Read more of this storyat Slashdot.

  An anonymous reader writes "Leopard's Finder has a glaring bug in its directory-moving code, leading to horrendous data loss if a destination volume disappears while a move operation is in progress. This author first came across it when Samba crashed while he was moving a directory from his desktop over to a Samba mount on his FreeBSD server."Read more of this storyat Slashdot.

  CorinneI writes "Your business's private information may not be as safe as you think — especially when you take into account how many people pass through your office's revolving door on a daily basis. That's why many companies hire TraceSecurity employees to test the security of their systems — operations that usually involve TraceSecurity personnel talking their way into offices in order to gain access to server rooms and sensitive customer information. PC Magazine was invited along to cover a recent TraceSecurity operation."Read more of this storyat Slashdot.

  sea_stuart writes "Like your ADSL connection to go 100 times faster? Despite the grim state of Australian mathematics and science, there is still exciting original work being done Down Under. John Papandriopoulos, a Research Fellow with the ARC Special Research Centre for Ultra-Broadband Information Networks (CUBIN) has developed a method to reduce crosstalk interference in ADSL technologies to bring speeds up the theoretical maxima possible. With an Australian Federal election due in a few weeks, and both parties promising improved broadband speeds and access, this is a welcome development, hopefully enabling higher speeds without huge expenses."Read more of this storyat Slashdot.