Greetings,

Happy Reading for today.

<Karen>

1)
Open source security bugs uncovered
A US Department of Homeland Security (DHS) bug-fixing scheme has
uncovered an average of one security glitch per 1,000 lines of code in
180 widely used open source software projects.
The programme, called the Open Source Hardening Project, is sponsored by
the DHS and carried out by Coverity and Stanford University. Launched in
March 2006, the $300,000 project was initially launched to review the
code of 180 open source software projects frequently used by developers
of government websites and application developers.
All the software scrutinised was found to have significant numbers of
security flaws, Coverity said on Wednesday. Since 2006 the project has
helped fix 7,826 open source flaws in 250 projects, out of 50 million
lines of code scanned, the company said.

2)
 If Your Hard Drive Could Testify ...
Electronic storage devices function as an extension of our own memory,
Judge Pregerson wrote, in explaining why the government should not be
allowed to inspect them without cause. They are capable of storing our
thoughts, ranging from the most whimsical to the most profound.
Computer hard drives can include, Judge Pregerson continued, diaries,
letters, medical information, financial records, trade secrets,
attorney-client materials and the clincher, of course information about
reporters confidential sources and story leads.

3)
Zombie Computer Army Targets Bank Account Passwords
Every security geek's favorite zombie computer army from 2007 -- the
Storm Worm botnet -- has a new trick for 2008, using its huge collection
of infected computers to send out phishing emails directing people to
fake banking sites that it cleverly also hosts on the computers it
remotely controls. The phishing campaign caught the attention of both
F-Secure and Trend Micro, who say Storm has never been involved in
phishing up to this point. The new campaign may indicate, according to
F-Secure, that Storm's controllers have figured out how to divide the
massive army into clusters which it is now renting out to others.
The Storm Worm botnet got its start last January with a spam email
purporting to have information about the storms that were battering
Europe at the time. Users with unpatched Windows machines who clicked on
the link in the email were infected with a Trojan that joined the
machine to the zombie army.

4)
Hacker breaches UGA system
ATHENS, Ga. - University of Georgia officials are scrambling to contact
more than 4,000 current, former and prospective residents of the
university's graduate family housing complex after an overseas hacker
tried to access a server containing Social Security numbers.
The hacker breached the security system sometime between Dec. 29 and
Dec. 31, according to a statement UGA released Tuesday.
During that time, a computer with an overseas Internet Protocol address
was able to access the personal information, including Social Security
numbers, names and addresses, of 540 current graduate students living in
graduate family housing and 3,710 former students and applicants.

5)
A group of Stanford computer scientists has designed a program that could help users create a more realistic virtual environment in which to interact. The Stanford Virtual Worlds group announced this week that they have created Dryad, a program in which users can easily "construct" trees in a virtual space. Using the wealth of information about trees already collect by botanists, Dryad populates the virtual space with trees created from 100 different variables. Users navigate the space and pick their desired tree from thousands of possibilities. A social-networking component refines the software by "nudging" users to trees with popular characteristics. This, in effect, allows users to pick an item they want without having to go through a complicated creation process, or being able to shape a realistic-looking object manually. The purpose, apparently, is to eventually allow people to interact in virtual worlds more effectively by proliferating realistic-looking 3-D objects. This has positive implications for the future of online interaction and uplifting discourse, since users could be engaged in a more realistic virtual space. And, like most things in the online world, there's always the potential for more prurient uses. --Hurley Goodall

6)

BiomedExperts.com, a social-networking Web site for health-care and life-science experts, was unveiled today at the American Library Association’s midwinter meeting, in Philadelphia. The site includes profiles of more than 1.4 million biomedical experts in 120 countries. Researchers can gain access to the site for free and search for colleagues based on their areas of expertise, where they live, or other variables. The site also allows scientists to share data and analyses, and view summaries of their colleagues' research papers. The site is a collaboration between Collexis Holdings Inc., a Dutch software company, and Dell, a computer manufacturer. --Andrea L. Foster

7)
New rootkit uses old trick to hide itself
Over the past month, a new type of malicious software has emerged, using a decades-old technique to hide itself from anti-virus software.
The malware, called Trojan.Mebroot by Symantec, installs itself on the first part of the computer's hard drive to be read on startup,
then makes changes to the Windows kernel, making it hard for security software to detect it. Criminals have been installing Trojan.
Mebroot, known as an MBR (master boot record) rootkit, since mid-December, and were able to infect nearly 5,000 users in two
separate attacks, staged on Dec. 12 and Dec. 19, according to Verisign's iDefense Intelligence Team. In order to install the
software on a victim's computer, attackers first lure them to a compromised Web site, which then launches a variety of attacks
against the victim's computer in hopes of finding a way to run the rootkit code on the PC.
Once installed, the malware gives attackers control over the victim's machine.

8)
Local banks beef up security
University Bank's new computer security hardware is only the size of a typical DVD player.
But the bank announced last month that it's betting the Promia Raven 1100 security system
will help improve its defense against potential hackers with technology previously used only by the U.S. Navy.
Within the system's first day of use, the bank was alerted that hackers were trying to enter the system from
North Korea, China and Oman, said Stephen Ranzini, company president and chairman.

9)
Joining a commercial gym: ADVICE
- 10 Things Your Fitness Club Won’t Tell You (SmartMoney.com)
- 10 Things Your Personal Trainer Won’t Tell You (SmartMoney.com)
- Health clubs: Which to join and what to look out for (Consumer Reports; subscription required, but it’s very current — February 2008 issue)
- FTC Facts for Consumers — Health Spas: Exercise Your Rights (Federal Trade Commission)
- Your state’s consumer affairs website will likely have useful information about health clubs and health club contracts,
consumer rights and applicable state laws. For example, the Florida Department of Consumer Services offers a
“Health Studios” brochure that includes a toll-free number you can call to check if complaints have filed about a particular facility.
- Check the Better Business Bureau website as well; input your zip code on the home page and you’ll be taken to
“the BBB nearest you,” where you can check the track record of a gym before you sign on the dotted line.
- And the Better Business Bureau offers some advice for potential health club members:
Joining a Gym? Complaints to BBB reveal how to get fit while avoiding the pitfalls