Apparently if you use the Citibank ATMs at the local 7-Elevens in New York, you may want to change your Personal Identification Number. A security hole was exploited by 3 individuals who took over 2 Million dollars in a 5 month period.They are now facing federal charges for the crime.

dstates points out a recent article from guardian.co.uk which discusses a new method by which to recover fingerprints from metal. The method relies on corrosion caused by sweat and other biological residues on the metal's surface. Quoting: "The patterns of corrosion remain even after the surface has been cleaned, heated to 600C or even painted over. This means that traces of fingerprints stay on the metal long after the residue from a person's finger has gone. The chemical basis of the change is not yet clear, but [Dr. John Bond] believes it is corrosion by chloride ions from the salt in sweat. These produce lines of corrosion along the ridges of the fingerprint residue. When the metal is heated, for example in a bomb blast or when a gun is fired, the chemical reaction actually speeds up and makes the corrosion more pronounced."

Wired reports that the Pentagon is asking for submissions on a "non-lethal" method to stop a plane on the ground or divert it from a particular location. This does not sound like a good idea to me.

carusoj writes "Former black-hat hacker Noah Schiffman details why DARPA's National Cyber Range project is bound to fail. The NCR is proposed as a simulation of the Internet, including replicating 'human behavior and frailties.' Schiffman argues that if the Defense Department is really building something of this scope, it might as well use the actual Internet."

An anonymous reader writes "Mozilla has opened comments for an new experimental browser security policy, dubbed Site Security Policy (SSP), designed to protect against XSS, CSRF, and malware-laced IFRAME attacks which infected over 1.5 million pages Web earlier this year. Security experts and developers are excited because SSP extends control over Web 2.0 applications that allow users to upload/include potentially harmful HTML/JavaScript such as on iGoogle, eBay Auction Listings, Roxer Pages, Windows Live, MySpace / Facebook Widgets, and so on. Banner ads from CDNs have had similar problems with JavaScript malware on social networks. The prototype Firefox SSP add-on aims to provide website owners with granular control over what the third-party content they include is allowed to do and where its supposed to originate. No word if Internet Explorer or Opera will support the initiative."

CWRUisTakingMyMoney writes "Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released Wednesday by antivirus software vendor McAfee Inc. McAfee found the most dangerous domains to navigate to are .hk, .cn, and .info. Of all .hk sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of .cn sites and 11.7 percent of .info sites that way. A little more than 5 percent of the sites under the .com domain — the world's most popular — were identified as dangerous."

holy_calamity writes "Two Polish researchers say they have developed a system to hide secret steganographic messages in the packets of a VOIP connection. It exploits the fact VOIP uses UDP, not TCP; it is designed to tolerate some packets going missing so hijacking a few to transmit a hidden message is not a problem." You may also be interested in reading the original paper.

D. J. Keenan notes that the cover story of the current issue of National Journal reports in depth on China's cyber-aggression against US targets in the government, military, and business. We have discussed China's actions on numerous occasions over the years. The news in this report is the suggestion that Chinese cyber-attackers may have been involved in major power outages in the US. "Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of US companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to US government officials and computer-security experts..."

Sandman1971 writes "Over the long Memorial Day weekend, Revision3 was the target of a malicious Denial Of Service Attack which brought R3 to its knees. After investigating the matter, it was discovered that the source of the attacks came from MediaDefender, the famed company hired by the MPAA and RIAA to try and stop the spread of illegal file sharing. The kicker? Revision3 was taken down for running a bittorent tracker to distribute its own legal content."

swillden writes "Everyone who pays any attention at all to security, both computer security and 'meatspace' security, has heard the phrase Security Theater. For years I've paid close attention to security setups that I come in contact with, and tried to evaluate their real effectiveness vs their theatrical aspects. In the process I've found many examples of pure theater, but even more cases where the security was really a cover for another motive." swillden would like to know what you've encountered along these lines; read on for the rest of his question below.