Rumours of financial schemes surrounding the botnet aside, PC World has an article that should lower the blood pressure of some SysAdmins. The Storm Worm botnet is apparently shrinking. A researcher out of UC San Diego who has been tracking the network has published a report indicating it is now only 10% of its former size. "Some estimates have put Storm at 50 million computers, a number that would give its controllers access to more processing power than the world's most powerful supercomputer. But Enright said that the real story is significantly less terrifying. In July, for example, he said that Storm appeared to have infected about 1.5 million PCs, about 200,000 of which were accessible at any given time. Enright guessed that a total of about 15 million PCs have been infected by Storm in the nine months it has been around, although the vast majority of those have been cleaned up and are no longer part of the Storm network."Read more of this storyat Slashdot.

  ancientribe writes "Researchers at Purdue University have found proof that criminals are making use of steganography in the field. Steganography is the stealth technique of hiding text or images within image files. Experts say that the wide availability of free point-and-click steganography tools is making the method of hiding illicit images and text easier to use. Not everyone is convinced; some security experts such as Bruce Schneier have dismissed steganography as too complex and conspicuous for the bad guys to bother using, especially for inside corporate espionage: 'It doesn't make sense that someone selling out the company can't just leave with a USB.'"Read more of this storyat Slashdot.

  prostoalex writes "MSNBC has a special report on discovering online cheats at AbsolutePoker.com. A Costa Rican company belonging to a Canadian tribe at first denied all the accusations of any cheating going on, but after Serge Ravitch made a scrupulous analysis of the games' events, the reputation of AbsolutePoker.com was at stake. A detailed log file provided investigators with necessary details: an employee and partial owner of the site was one of the players involved, and having direct access to other players' cards allowed him to improve his game substantially."Read more of this storyat Slashdot.

  UtahSaint writes "The Electronic Design site has nabbed a short interview with the Woz, where he waxes poetically about his time growing up as an Engineer and founding Apple. Even to this day, he says, he still misses the Homebrew Computer Club and his days running around Apple leading the technical teams. 'I miss the technical camaraderie ... The whole feeling of being on a revolution, on the edge. I miss the intuitive philosophies.'"Read more of this storyat Slashdot.

  openOption writes "ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."Read more of this storyat Slashdot.

  Andrew Donoghue writes "ZDNet UK is reporting that although WiMax and 3G have been battling it out as rival broadband wireless technologies, WiMax has effectively been folded into 3G's future development, after the International Telecommunication Union decided to include it in the IMT-2000 set of standards. 'An auction is to be held next year in which spectrum around the 2.6GHz band -- which is usable for both 3G and mobile WiMax -- will be sold off on a technology-neutral basis. It remains to be seen what the implications of Friday's announcement are for that auction but, as the investments already made in 3G infrastructure had been a major detrimental factor for WiMax, its inclusion in IMT-2000 has the potential to shake up the entire argument.'"Read more of this storyat Slashdot.

  ttttt writes "MadPenguin.org tackles the idea of Trusted Computing in its latest column. According to author Matt Hartley, the idea of TC is quite reasonable; offering a locked-down environment offers several advantages to system administrators with possibly troublesome users. 'With the absence of proprietary code in the mix users will find themselves more inclined to trust their own administrators to make the best choices ... And so long as any controlled environment is left with checks and balances [like] the option for withdrawal should a school or business wish to opt out, then more power to those who want a closed off TC in an open source world." LWN.net has an older but slightly more balanced look at the TC approach.Read more of this storyat Slashdot.

  An anonymous reader writes "An essay by a developer of recommendation systems makes a case for why so many people have trouble grasping Darwin's theory of evolution. Downplaying its conflict with religion, the essay suggests that evolution is in a specific class of "equilibrium seeking" concepts that tend to be extremely counterintuitive to most people. The hypothesis is supported by the observation that so many people reject the notion that evolution-like systems such as Wikipedia, prediction markets, and recommendation systems can actually be effective. Particularly fascinating is the description of his surprisingly simple algorithm for competing in the Netflix prize contest."Read more of this storyat Slashdot.

  s31523 writes "A while back it was reported that cell phone use was given the OK on Emirate airlines. The BBC is now reporting European agencies back the use of cell phones in air. Plans have been developed to introduce technology that allow cell phone use on planes without any risk of interference. A spokesman for the UK regulator Ofcom said there were still many stages to pass through before final approval was given to the roll out of the plans, but the regulator said that the technology could be implemented next year."Read more of this storyat Slashdot.

  An anonymous reader writes "Spammers are back with a new trick, this time round sending messages with MP3 attachments that contain the latest pump-and-dump stock scams. One sample identified by Sophos was a heavily distorted 30-second MP3 file. A synthetic female voice was used to promote a particular stock. Says Graham Cluley, senior technology consultant at Sophos: 'Although the spammers seem to have a fair bit to learn about machine-generated sales patter, some companies might consider blocking all MP3s in email as a matter of course. So many music files infringe copyright, and it can be hard for a company to establish which ones are legal and which are not after they have arrived. Blocking MP3s, or at least quarantining until requested by the user, can be a good way for a company to take a proactive stance against the use of email for illegal file sharing. It also has the benefit of neutralizing this sort of spam at the same time.'"Read more of this storyat Slashdot.

  dg2fer writes "For more than two months, the vulnerability of parsing URIs has been known for a number of Windows programs, including Outlook, Adobe Reader, IRC clients, and many more. Microsoft admitted the vulnerability only last week. The latest Microsoft patches published on October's Patch Tuesday did not include a solution, so hackers have taken on the problem themselves. One, KJK::Hyperion, has published (as open source) an unofficial patch that cleans up the critical parameters of URI system calls before calling the vulnerable Windows system function."Read more of this storyat Slashdot.

  .mack notes a ZDNet blog outlining some of the security features added to OSX Leopard (10.5). Here's Apple's brief description of all 11 new security features. "Apple has announced plans to add code-scrambling diversity to Mac OS X Leopard, a move aimed at making the operating system more resilient to virus and worm attacks. The security technology, known as ASLR (address space layout randomization), randomly arranges the positions of key data areas to prevent malware authors from predicting target addresses. Another new feature coming in Leopard is Sandboxing (systrace), which limits an application's access to the system by enforcing access policies for system calls."Read more of this storyat Slashdot.

  hhavensteincw writes "Less than two weeks after Microsoft announced plans to offer personal health records, Google announced today that it plans to offer online personal health records to help patients tote and store their own x-rays and other health data. Google made the announcement Wednesday at the Web 2.0 Summit in San Francisco."Read more of this storyat Slashdot.

  An anonymous reader writes "The Orange County Register reports that a 19 year old from Washington state broke into the Orange County California 911 emergency system. He randomly selected the name and address of a Lake Forest, California couple and electronically transferred false information into the 911 system. The Orange County California Sheriff's Department's Special Weapons and Tactics Team was immediately sent to the home of a couple with two sleeping toddlers. The SWAT team handcuffed the husband and wife before deciding it was a prank. Says the article, 'Other law enforcement agencies have seen similar breaches into their 911 systems as part of a trend picked up by computer hackers in the nation called "SWATting"'"Read more of this storyat Slashdot.