Stony Stevenson writes to tell us that at the recent RSA Conference security expert Bruce Schneier told delegates that human beings are not evolved for security in the modern world, especially when it comes to IT. "He told delegates at the 2007 RSA Conference that there is a gap between the reality of security and the emotional feel of security due to the way our brains have evolved. This leads to people making bad choices. 'As a species we got really good at estimating risk in an East African village 100,000 years ago. But in 2007 London? Modern times are harder.'"Read more of this storyat Slashdot.

  alphadogg writes "The Storm worm, which some say is the world's biggest botnet despite waning in recent months, is now fighting back against security researchers that seek to destroy it and has them running scared, conference attendees in NYC heard this week. The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, says an IBM architect."Read more of this storyat Slashdot.

  inkslinger77 writes to mention that MySQL has published their software roadmap out through 2009 and it includes an injection of code from Google. Google remains relatively secretive about how their systems work but they are one of the largest users of MySQL. Earlier this year Google signed a Contributor License Agreement which provides a framework for them to contribute code to MySQL. "The search company has done a lot of work customizing MySQL to meet its special needs, which include better database replication, and tools to monitor a high volume of database instances, Axmark said in an interview at MySQL's user conference in Paris. MySQL will include some of those capabilities in future versions of its database, probably in point upgrades to MySQL 6.0, which is scheduled for general availability in late 2008, Axmark said."Read more of this storyat Slashdot.

  BlueMerle writes with news that Verizon is offering 20 Mbps symmetrical service for current FiOS customers in NY, CT, and NJ. It will cost $65 a month. Cable companies aren't in a position to match this capability.Read more of this storyat Slashdot.

  alphadogg sends us to Network World, as is his wont, for a summary of a new study of identity theft based on the outcomes of more than 500 Secret Service cases from 2000 to 2006. Here is the study report (PDF). The AP has coverage emphasizing other slants on the findings. Among the surprises: just 51% of convicted ID thieves were sent to prison. Only 20% of the cases involved use of the Internet, and such cases may be on the decline. More perpetrators used good old-fashioned dumpster diving and stealing stuff out of mailboxes.Read more of this storyat Slashdot.

  Last week we discussed some of the security features coming in Leopard. This article goes into more depth on OS X 10.5 security — probably as much technical detail as we're going to get until the folks who know come out from under their NDAs on Friday. The writer argues that Apple's new Time Machine automatic backup should be considered a security feature. "Overall, Mac OS X 10.5 Leopard is perhaps the most significant update in the history of Mac OS X — perhaps in the history of Apple — from a security standpoint. It marks a shift from basing Macintosh security on hard outside walls to building more resiliency and survivability into the core operating system."Read more of this storyat Slashdot.

  BlueMerle writes to mention that the House Committee on Oversight and Government Reform has asked the FTC to take another look into the world of peer-to-peer file sharing. This time around however the inquiry has nothing to do with copyright. "But a USPTO report earlier this year stirred up the issue again by claiming that P2P installs could adversely affect national security when they made confidential government information available. This has already happened several times, as the Oversight Committee learned in July when it held hearings on the USPTO report and its findings. At that hearing, representatives were also shown real-time P2P search data. While most of the searches were for porn, movies, and music, the committee noted a surprisingly number of searches for private financial information."Read more of this storyat Slashdot.

  vlakkies writes "The Colorado Rockies Major League Baseball team decided to only sell tickets for the World Series games at Coors Field online. As a result of overwhelming interest, the ticket vendor Paciolan experienced a system meltdown resulting in a suspension of all ticket sales."Read more of this storyat Slashdot.

  eweekhickins writes "Corvil has unveiled a new tool to help network managers cope with increasing pressure to improve performance. This appliance, from the Dublin-based company (with backing from Cisco), passively monitors traffic across networks in segments below 1 microsecond in length and correlates monitoring data with remote appliances and gives a complete picture of latency, jitter, packet loss and other phenomena that affect network and application performance. Corvil CEO Donal Byrne noted that 'If you can drop a millisecond [of latency] off, you're a hero.'"Read more of this storyat Slashdot.

  BaCa writes to mention that a new hardware/software combination has been created by a company called ElcomSoft that will reportedly allow cryptography professionals to build cheap PCs that work like supercomputers for the specific task of retrieving lost passwords. Utilizing a combination of the CPU and the GPU the task of brute forcing a password may be reduced by as much as a factor of 25. "Until recently, graphic cards' GPUs couldn't be used for applications such as password recovery. Older graphics chips could only perform floating-point calculations, and most cryptography algorithms require fixed-point mathematics. Today's chips can process fixed-point calculations. And with as much as 1.5 Gb of onboard video memory and up to 128 processing units, these powerful GPU chips are much more effective than CPUs in performing many of these calculations."Read more of this storyat Slashdot.

  Lucas123 writes "John Webster over at Computerworld says VMware and Cisco plan to develop a Data Center OS that would consist of a data center cloud populated by servers, storage, and Cisco's 'intelligent' networking gear, all managed by Cisco and its partners — starting with VMware."Read more of this storyat Slashdot.

  Gamasutra is reporting that a serious security breach caused the closure of EVE Online this past weekend. A previously-unnoticed anomaly in a database prompted CCP, makers of the game, to close down the game world and their website while the issue was examined. The flaw was rectified, and service restored the same day. No credit card or billing information was exposed in the breach. "Explained [CCP chief of operations Jón Hörðdal], 'What we discovered was an indication that one of our databases was being accessed through a security breach. Our policy in such cases is to mobilize a taskforce of internal and external experts to evaluate the situation.' Hörðdal said that the taskforce concluded that going completely dark so that an exhaustive scan could be performed was the best course of action. 'While some may feel that such a drastic reaction was not warranted, it is always our approach to err on the side of caution in order to protect the players,' he said."Read more of this storyat Slashdot.

  Wired has up an article with a man named Robert Anderson, who was recruited by the MPAA in 2005 to inform on people in the BitTorrent community. In a tell-all interview with the site, Anderson explains how the powerful media organization encouraged him to obtain the information they were looking for: "According to Anderson, the MPAA told him: 'We would need somebody like you. We would give you a nice paying job, a house, a car, anything you needed.... if you save Hollywood for us you can become rich and powerful.' In 2005, the MPAA paid Anderson $15,000 for inside information about TorrentSpy -- information at the heart of a copyright-infringement lawsuit brought by the MPAA against TorrentSpy of Los Angeles. The material is also the subject of a wiretapping countersuit against the MPAA brought by TorrentSpy's founder, Justin Bunnell, who alleges the information was obtained illegally."Read more of this storyat Slashdot.

  jcatcw writes "In an interview with Computerworld's editor in chief, Don Tennant, Frank Abagnale spoke about his life of crime and crime prevention. Abagnale is a notorious criminal, whose exploits were portrayed in the movie 'Catch Me If You Can.' Abagnale claims: 'It would be 4,000 times easier to do today, what I did 40 years ago, and I probably wouldn't go to prison for it. Technology breeds crime — it always has, it always will ... I really think the more technology there is in the world, the more you have to instill character and ethics. You can build all the security systems in the world; you can build the most sophisticated technology, and all it takes is one weak link — someone who operates that technology — to bring it all down." This would seem to echo commentary in a New York Times article about the rise of Russian hackers in recent years.Read more of this storyat Slashdot.