Hacking and Anonymous surfing

In designing Chromium, we’ve been working hard to make the browser as secure as possible. We’ve made strong improvements with the integrated sandboxing and our up-to-date user base. We’re always looking to stay on top of the latest browser security features. We’ve also worked closely with the broader security community to get independent scrutiny and to quickly fix bugs that have been reported.

Some of the most interesting security bugs we’ve fixed have been reported by researchers external to the Chromium project. For example, this same origin policy bypass from Isaac Dawson or this v8 engine bug found by the Mozilla Security Team. Thanks to the collaborative efforts of these people and others, Chromium security is stronger and our users are safer.

Today, we are introducing an experimental new incentive for external researchers to participate. We will be rewarding select interesting and original vulnerabilities reported to us by the security research community. For existing contributors to Chromium security — who would likely continue to contribute regardless — this may be seen as a token of our appreciation. In addition, we are hoping that the introduction of this program will encourage new individuals to participate in Chromium security. The more people involved in scrutinizing Chromium’s code and behavior, the more secure our millions of users will be.

In designing Chromium, we’ve been working hard to make the browser as secure as possible. We’ve made strong improvements with the integrated sandboxing and our up-to-date user base. We’re always looking to stay on top of the latest browser security features. We’ve also worked closely with the broader security community to get independent scrutiny and to quickly fix bugs that have been reported.

Some of the most interesting security bugs we’ve fixed have been reported by researchers external to the Chromium project. For example, this same origin policy bypass from Isaac Dawson or this v8 engine bug found by the Mozilla Security Team. Thanks to the collaborative efforts of these people and others, Chromium security is stronger and our users are safer.

Today, we are introducing an experimental new incentive for external researchers to participate. We will be rewarding select interesting and original vulnerabilities reported to us by the security research community. For existing contributors to Chromium security — who would likely continue to contribute regardless — this may be seen as a token of our appreciation. In addition, we are hoping that the introduction of this program will encourage new individuals to participate in Chromium security. The more people involved in scrutinizing Chromium’s code and behavior, the more secure our millions of users will be.

What’s the best way for job seekers to land a new job in this dismal market? Target specific employers and network your way into them, career experts say. It’s sound job search advice. Unfortunately, most job seekers go about this the wrong way (or they don’t do it at all), says Vicki Brackett, a career coach and president and CEO of Make It Happen Consulting.

Job seekers make many mistakes in their job searches, including over-relying on networking with people who can’t offer much help in this job market, such as recruiters and HR managers, says Brackett. But their biggest misstep is conducting their job search backwards, she says. In other words, they start by updating their résumé, which they then send out to their network, hoping those people will pass it on.

Such a scattershot approach to networking and to the job search doesn’t work when thousands of unemployed professionals are using the same approach and job opportunities are so limited, says Brackett.

We’ve all been told, “Networking is critical,” so often that by now it’s about as interesting as, “You should floss daily.” But the truth of the matter is that CIOs in the know do regularly turn to their personal networks to source effective talent. And paying regular attention to your network does, in fact, pay off.

Craig Cuyar leaned on his personal network soon after being hired as global CIO of Cushman and Wakefield. Additional talent was needed for his team and he successfully hired four direct reports by reaching out to his personal contacts. “It’s clearly a long-term effort,” he says of building his network. “I couldn’t have hired those people unless I had spent some time building those relationships and getting to know them personally.”

The greatest benefit to working your personal network may be the inherent trust. Employing a known entity reduces costs and hiring risk. Cuyar had no doubts about those in his network and they, in turn, had an established trust in him. His hires, he affirms, “knew how I thought, my leadership style and what latitude they’d have in running their organizations.” With no learning curve, his team was immediately effective in initiating the desired cultural changes.

The government will invest more than $42 million in the coming decade to protect sensitive information from an increasing cyber threat.

The move is part of a far-reaching plan to raise the profile of the country’s Internet technology sector, both in manufacturing of hardware and software development. It is also hoped the plan will show its commitment to combating cyberattacks that might originate in Vietnam, a criticism that has dogged the sector over recent years.

A National Center for Network Security Technology will be set up in the capital Hanoi to develop indigenous protection technologies and train up to 1,000 people in Internet security skills. The center will be overseen by the Ministry of Information and Communications, according to a report on the Vietnam Internet news Web site VietNamNet Bridge.

Once again Apple has sold out its users to the greedy telcos with the choice of a non-standard SIM card slot for the iPad’ss mobile broadband access.

Amid all the iPad hype, very little attention was paid to the fact that the 3G versions use the new micro-SIM card format. It’s not even mentioned on Apple’s iPad spec sheet. Jobs only mentioned it in passing, right after bragging about the fact the iPad will be sold unlocked. It’s the ultimate cynical act – boasting about removing an anti-competitive software restriction while simultaneously introducing a far more cunning hardware restriction. Jobs didn’t even attempt to justify the use of micro-SIM whilst on stage within the protection of his Reality Distortion Field, knowing there’s no possible justification for using micro-SIM cards except to hand control over to the telcos. I’m keen to see how the rabid Apple fanboys attempt to justify an action so ruthless that not even Jobs himself tried to defend it.

Security software vendor McAfee and the Center for Strategic and International Studies today released a report at the World Economic Forum that said that 54 percent of security executives interviewed at oil and gas production fields, power plants and other critical installations for a survey admitted they’ve already suffered large scale attacks from organized crime, terrorists or nation states. In all, 600 were interviewed for the survey.

Worse, we’re being guarded by Paul Blart, Mall Cop. 37 percent said that security has become worse in the past year, a casualty of the economy and shrinking corporate budgets. Cuts have been notably steep in the oil and gas sector. Close to 40 percent expect a major security incident in the next year. The average cost estimated for downtime came to $6.3 million a day. 45 percent added that their regional or local authorities are capable of deterring attacks.

Security is one of the top concerns of the National Institute for Standards and Technology, which wants to solidfy standards for the grid in the next few years, a relatively short amount of time.

Even though the government has shelled out around $355 million to secure the nation’s most essential computer systems, a hacker still managed to break into 49 House websites—consisting of both democratic and republican parties—and post obscene messages regarding President Barack Obama and his State of the Union address.

The Associated Press reports that the sites are managed by GovTrends of Alexandria, Virginia, a private vendor. Although most House websites are managed by internal technicians, individual offices are allowed to use third-party outfits to manage updates and new features. However, after the latest hacking attempt, that may change.

Think that turning off cookies and turning on private browsing makes you invisible on the web? Think again.

The Electronic Frontier Foundation (EFF) has launched a new web app dubbed Panopticlick that reveals just how scarily easy it is to identify you out of millions of web users.

The problem is your digital fingerprint. Whenever you visit a site, your browser and any plug-ins you have installed can leak data. Some of it isn’t very personal, like your user agent string. Some of it is more personally revealing, like which fonts you have installed. But the what if you put it all together? Would the results make you identifiable? As the EFF says, “this information can create a kind of fingerprint — a signature that could be used to identify you and your computer.”

While the Apple iPad is dominating tech news left and right, there was another bit of news from the company yesterday that should be noted: Apple has removed restrictions that previously prevented VoIP iPhone applications from working over 3G. This unleashes a world of opportunity for VoIP applications, which have only worked over Wi-Fi thus far.

Currently, several popular VoIP application developers have announced that they’re taking advantage of the new provisions. The first was iCall — which not only lets you make VoIP calls, but also offers a way to switch cellular calls to VoIP. And most recently, web communication aggregator Fring has announced support for VoIP — which is all the more interesting because it means Fring users can now video chat over 3G as well.