Although it took eBay itself an absolute age to disclose that a serious breach had taken place, and then [completely screwed up the process of ensuring users change their passwords](http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/479152/more-ebay-security-stupidity-exposed), this should come as no real surprise. Happygeeks' Law states: the larger the corporate, the longer it takes to admit anything and the bigger the chance it will handle it badly. What is surprising is that it has taken so long for the stolen database of user credentials to go up for sale on the dark market. If you consider that the breach itself happened a couple of months ago, …

Member Avatar
Member Avatar
+1 forum 4

Last week, the NoSQL database host MongoHQ suffered a breach which exposed customer files, email addresses and password data to the attackers. The ripples from that breach are still being felt, as users of the Sunrise calendar app on the iPhone found out this morning. Luckily that password data was not only encrypted, but hashed using bcrypt. As security expert [Paul Ducklin](http://nakedsecurity.sophos.com/2013/10/31/lessons-to-learn-from-the-mongohq-database-breach/) from Sophos explains: "bcrypt is a so-called keystretching function that ramps up the time it takes for a supplied password to be checked against its stored hash, by requiring various parts of the hash calculation to be repeated …

Member Avatar
Member Avatar
+0 forum 1

First we had the news that [URL="http://www.daniweb.com/news/story276878.html"]IBM was helping clean up crime[/URL] in the US and UK, now it seems that Sweden is getting a touch of the Big Blue Brother effect. The city of Stockholm is launching a project using IBM's streaming analytics technology in order to gather real-time information on, well, pretty much everything that moves. Working in collaboration with the [URL="http://www.kth.se/?l=en_UK"]KTH Royal Institute of Technology[/URL] the project is already gathering real-time data from the GPS devices installed in some 1500 taxi cabs and will soon add delivery trucks, traffic cameras, traffic light sensors, rail systems and weather …

Member Avatar
Member Avatar
+0 forum 1

Following on from the news earlier this month that [LinkedIn had suffered a major security breach](http://www.daniweb.com/internet-marketing/social-media-and-web-communities/news/425019/linkedin-confirms-six-million-password-hack-check-if-yours-is-one-of-them) involving the compromise of at least six million user passwords, and then dating site [eHarmony apparently falling victim to the same password hacking compromise](http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/news/425118/dating-disaster-eharmony-confirms-passwords-exposed-by-linkedin-hacker), the latest to be hit would appear to be the UK-based consumer technology news and magazine site TechRadar. ![dweb-techradar](/attachments/small/0/dweb-techradar.jpg "align-right") Late last night the site, owned by magazine giants Future Publishing and which gets in excess of seven million visitors from around the world each month, made the announcement on Twitter and the website forums were closed while an investigation …

Member Avatar
Member Avatar
+0 forum 1

Many of the biggest forum-based online communities, including DaniWeb, are powered by vBulletin software. So it came as something of a shock when the BBC reported that a [URL="http://www.bbc.co.uk/news/technology-10714192"]vBulletin security flaw means that any hacker could "easily access the main administrator username and password for a site"[/URL]. But is the security flaw really both that simple and that serious, and are DaniWeb users at risk? [attach]16094[/attach]Let's answer the most important question first: No, DaniWeb users are not and have never been at risk from this security flaw as it only impacted upon a specific new version of vBulletin that was …

Member Avatar
Member Avatar
+1 forum 1

Despite having recently been [URL="http://www.daniweb.com/news/story273853.html"]cast as the villain of the piece[/URL] by some high profile members of the Free and Open Source Software community, IBM has just revealed itself as actually being something of a crime-fighting superhero. The Florida State Department of Juvenile Justice is following in the footsteps of the Ministry of Justice, one of the largest UK government departments with in excess of 95,000 employees and a budget of some £9 billion, by employing IBM predictive analytics tech to assess prisoner re-offending risk and ultimately protect the public at large from the dangers that repeat offenders pose. With …

Member Avatar
+0 forum 0

Over the weekend, software development and collaboration tools specialist Atlassian suffered a security breach to an internal system, potentially exposing customer passwords. The reason? It forgot about an old legacy database which had not been taken offline. According to Atlassian spokesperson [URL="http://blogs.atlassian.com/news/2010/04/oh_man_what_a_day_an_update_on_our_security_breach.html"]Mike Cannon-Brookes[/URL] the company had migrated its customer database into a new one, where all customer password were encrypted, during July 2008. "However, the old database table was not taken offline or deleted" Cannon-Brookes says "and it is this database table that we believe could have been exposed during the breach". He agrees that this was "a big error" …

Member Avatar
+1 forum 0

It all kicked off last night with a [URL="http://hackersblog.org/2009/02/07/usakasperskycom-hacked-full-database-acces-sql-injection/"]posting to hacker board[/URL] claiming to have carried out a relatively simple SQL Injection attack on one the world's biggest and best known IT security companies: Kaspersky. The hacker, currently only know as 'unu' claims that the SQL Injection attack on usa.kaspersky.com has exposed activation codes, user details, bug lists and so on. "Kaspersky is one of the leading companies in the security and antivirus market. It seems as though they are not able to secure their own data bases. Seems incredible but unfortunately, its true. Alter one of the parameters and …

Member Avatar
Member Avatar
+0 forum 1

In an [URL="http://www.guardian.co.uk/technology/2010/jan/24/computer-security-crime-anonymous-datasets"]interview[/URL] with The Observer newspaper, Dr Ian Brown from the Oxford Internet Institute who is writing a report on anonymous datasets for the European Commission warns that "criminals could identify individuals through mobile phone data and use the information to track people's movements and find out when they are away from home". His concerns have been peaked, it would seem, by the problem of statistical de-anonymisation. Statistical what? Well, there have been great advances (although that's not perhaps the right word) in the last couple of years when it comes to the re-identification of individuals whose anonymity is …

Member Avatar
Member Avatar
+2 forum 1

At the risk of coming off like TV's "[url=http://www.amctv.com/originals/madmen/]Mad Men[/url]," Amazon Web Services really are New and Improved. The company today announced the addition of [url=http://aws.amazon.com/rds/]Amazon Relational Database Service[/url], giving users of Amazon's Elastic Compute Cloud (EC2) access to a virtual instance of MySQL. That's the New part. Improvements include a family of high-memory instances and a price reduction of Linux-based EC2 compute time to 8.5 cents per hour from 10 cents. The 15 percent price drop takes effect Nov. 1. "Many customers have told us that their applications require a relational database," said Adam Selipsky, vice president of [url=http://aws.amazon.com/what-is-aws/]Amazon …

Member Avatar
+1 forum 0

With the release of [url=http://esd.ingres.com/] Ingres Database 9.3[/url] today, the company says it's now easier for developers to migrate their application to the open source system from MySQL, Oracle,SQL Server and Sybase. It does so, the company said, through "improved accessibility of table procedures from within the query" and support for positional parameter notations, making database procedure invocation more flexible. “As the fate of MySQL is currently in the hands of the European Commission, open source community developers and our global business customers and partners are seeking a more stable, reliable open source database,” said Deb Woods, vice president of …

Member Avatar
+0 forum 0

It's probably a little early to be looking for implications of Oracle buying Sun (no, it's official, here's the [URL="http://www.oracle.com/us/corporate/press/018363"]press release[/URL]). They've only just confirmed it's happening, and as one of the journalists who covered Novell buying Lotus many years ago I can confirm things aren't done until they're done, frankly. A few things spring to mind, though. First there will be much talk of useful synergies between the two. Second, there will be a strong company coming out of this. That aside, however, there will be more. First it's almost certainly going to be seen as a blow to …

Member Avatar
+0 forum 0

According to the [URL="http://www.timesonline.co.uk/tol/news/politics/article4969312.ece"]Sunday Times[/URL] today, anyone in the UK who wants to buy a mobile phone will need to produce a valid passport as a form of ID soon. The story is wrapped around the planned introduction of a national database to help combat crime and terrorism. The proposed database [URL="http://www.daniweb.com/blogs/entry2479.html"]would contain details of every telephone call and every email sent in the UK[/URL] along with information coverage individual Internet access usage. Now it seems that in order to push ahead with this state surveillance scheme, the government is considering a compulsory national register for every owner of every …

Member Avatar
Member Avatar
+0 forum 2

According to the UK government, new proposals within the [URL="http://www.commonsleader.gov.uk/output/page2461.asp"]Communications Data Bill[/URL] are being put forward in order to prevent and detect crime as well as protect national security. The government argues that unless legislation is amended to reflect changes in technology, the ability of public authorities to counter criminal and terrorist activity will be undermined. According to Jonathan Bamford, the Assistant Information Commissioner in the UK, the proposed Bill sees us once again "sleepwalking into a surveillance society." Bamford is not alone in this view, unsurprisingly so when you consider that the changes to the law would, in effect, …

Member Avatar
Member Avatar
+0 forum 6

According to HP an incredible 92% of top IT decision makers in Europe do not feel that their organisation is exploiting the competitive advantages offered by information management. In fact, respondents who took part in the 2008 Pressure Point Index survey were pretty dissatisfied overall with both the quality and delivery of information across the board: 67% admitted it was 'poor and inconsistent' while 69% felt they did not get the 'right amount of information to make business decisions.' Only 7% claimed they had the access to all the information they required. The findings were published at the Gartner Business …

Member Avatar
+0 forum 0

Back in May, I [URL="http://www.daniweb.com/blogs/entry1466.html"]broke the story[/URL] on DaniWeb in this very blog of how the online application facility for UK visas was not only insecure, but that it had potentially been so for years. The company concerned, VFS Global, which operated the visa online application form filing service on behalf of the UK government in India and other countries, had such Mickey Mouse security in place that anyone could easily get hold of the full application form information of anyone who had made such an application. That's anyone as is terrorist, identity thief, innocent applicant stumbling across the information …

Member Avatar
Member Avatar
+1 forum 1

[URL="http://www.ibm.com"]IBM[/URL] researchers have [URL="http://www.zurich.ibm.com/news/07/asme.html"]unveiled[/URL] prototype 3D visualisation software that will enable doctors to interact with their medical data in pretty much the same way they interact with their patients. The technology, known as the Anatomic and Symbolic Mapper Engine (ASME), uses an avatar representation of the human body which the doctor can click on to trigger a medical records search relevant to that body part. "It's like Google Earth for the body," said IBM Researcher Andre Elisseeff, who leads the healthcare projects at IBM's Zurich Research Lab. "In hopes of speeding the move toward electronic healthcare records, we've tried to …

Member Avatar
+0 forum 0

According to Oxford, UK based database security specialists [URL="http://www.secerno.com/"]Secerno [/URL]databases are open to attack from growing insider threats that give employees carte blanche to access confidential data. Naturally, the company has a product to plug, a database assurance platform called Secerno.SQL, but to be honest I am more interested in the results of an independent survey published as part of the publicity push. This revealed that over 60 percent of UK employees have access to computer records at their place of work, 56 percent have no restrictions whatsoever placed upon the information they have privileges to access, 41 percent have …

Member Avatar
Member Avatar
+0 forum 2

The reports that are popping up all over the web that [URL="http://www.ibm.com"]IBM[/URL], along with [URL="http://www.gatech.edu"]Georgia Tech[/URL], has [URL="http://www.gatech.edu/news-room/release.php?id=1019"]demonstrated [/URL]the world’s fastest ever chip are, sadly, not quite as exciting as you might at first think. Not least because this wasn’t a chip at all, but rather a transistor, and even the least technical minded of people will realize there’s something of a difference between the two. Looking beyond that basic misunderstanding of the facts, the news still fails to excite me as much as it seems to have excited everyone else and here’s for why: Yes, it did run at …

Member Avatar
Member Avatar
+0 forum 2

Well, I just got myself through a major disaster. A couple of days ago, vBulletin, the forum system which powers the core of DaniWeb, released a shiny new version, vB 3.6. Every day since, they've been announcing new features - many of which look just awesome! This afternoon, they finally released public beta. My first instinct was to naturally wait until stable. However, when 7pm rolled around, my anxiousness got the better of me. I dutifully backed up the database and the filesystem, and away I went. Only to find that the upgrade wasn't trivial by any means, but rather …

Member Avatar
Member Avatar
+0 forum 9

Nigel Page, strategist for Microsoft Australia, has clarified the hardware needs for effectively running the upcoming Windows Vista. Speaking at Microsoft’s [url=http://apcstart.com/teched/pivot/entry.php?id=6]TechEd[/url] conference, he indicated the following in response to questions asked. Vista, we are told, is much more graphics focused. There is a fundamental shift from bitmap images to vector graphics, much more focus on shifting workload from the CPU to the GPU, and will require a serious display card to be included in the machine. A 128 megabyte display card will be good, and a 256 megabyte or better display card will be ideal. The graphics capability will …

Member Avatar
Member Avatar
+0 forum 6

The End.