Do you have an account on one of VerticalScope’s domains? You may want to change your passwords.
Another 45M username/passwords leaked from 1000 web forums.
This happened before LinkedIn was breached and before the TeamViewer hack/breach.
From the story, this link to Leaked Source. It asks you to enter your email, usernames or other identifying data into the search field and checks if it is in their database of cracks. If it is, that account has probably been compromised depending on the type of encryption used in the sites database.
Don’t use the same password on different sites, try not to use the same username. Personally, I use Firefox’s browser password manager with the master password feature turned on and I have set Firefox to delete cookies when it shuts down. That way I only have to remember the master password and the rest are encrypted. Chrome and Explorer do not encrypt their remembered passwords, so anyone with access to the filesystem can see them.

The single largest vulnerability in any computer system is between the keyboard and the seat.
This is what happened:
Patient Zero gets an email something along the lines like:
Dear Customer,
Courier was unable to deliver the parcel to you.
You can review complete details of your order in the find attached.
Yours faithfully,
Greg Marks,
Sr. Support Agent.
Which naturally has an attached zip file for you to open and examine this package you didn’t get.
Patient Zero tries to open the zip…except they haven’t upgraded WinZip or WinRar recently and it’s a spoofed name. It isn’t a zip file at all, it’s just named that.
The trojan is now on your system and here it gets more complicated based on the attackers, the variants of the virus, etc. Some will provide a point of entry for crackers to investigate the system/s, others will silently monitor the traffic for a while, the earlier variants will immediately start encrypting your system and any other network share attached to the system for which the user has write permissions. The later variants watch for backup processes to execute so that they can learn how to toast your backups too. (Which takes me on a separate rant on how using Windows/NFS shares for push backups without checking authentication is asking for trouble.)
So, PZ has toasted their system, toasted the company backups, toasted the company wide network share, because s/he was the accountant the Financial share is also toast. IT just ran basic backups to a Windows share instead of things like rsync over ssh to a root only mount and so the last three months of backups are also encrypted. Worst case scenario, the MIS system or production systems get done too.
What does the company do? You can’t ‘unencrypt’ it without the key. You get an email or a pop up telling you to send $20k worth of bit-coins to the attackers.
How to stop this
Lesson one: NEVER OPEN EMAIL ATTACHMENTS FROM YOUR EMAIL PROGRAM.
Obviously ignore them from anyone you don’t personally know, but secondly save them on your system and scan them with your anti-virus before you open them. Usually you right click on the file and can select ‘Scan with xyz anti-virus’.
Lesson two: Turn off your darned shares. If you access ‘Calgary Office Share’ once per week, you don’t need a network share on your desktop to it. Learn how to mount it on demand. Hint: type \\machine\share in the URL bar in your file browser.
Lesson three: Companies need to start firing people over this instead of just the IT people who enabled it.
Lesson four: Start using the ‘Junk’ or ‘Spam’ tag on your email program. ‘Mark as Junk’ in Thunderbird. They are fairly advanced Bayesian filters that learn over time. But you have to teach them. If you don’t mark an email as Junk or Spam, it won’t learn and can’t identify subsequent spam. This must be a habit.
Lesson Five: Never trust the company/internet provider anti-virus on the mail server, if it even has one.

Or maybe not.
Granted, the story is more about directed attacks at opponents rather than the voting infrastructure, but, then, voters are opponents too.

The FBI’s fishing expedition for precedent ends just like tech-minded people thought it would. It did turn out to be an effective lesson in outing the right as much in favour of rights infringement as the left.
The end of this legal standoff also means that no legal precedent gets set for the scope of government’s power to compel an unwilling company to cooperate in an investigation, for instance by writing special new software as in Apple’s case.
The final score? Apple and Google increased their public profile, and Microsoft looked like gov’t hacks. The battle for and against private encryption remains in status quo. Way to go, FBI. /sarc

Microsoft deletes ‘teen girl’ AI after it became a Hitler-loving sex robot within 24 hours.

But, if you’ve enabled SSLv2 in your webserver install, you’re doing administration wrong. Up to date versions of Apache’s mod_ssl don’t even support SSLv2.
If you absolutely have to have the old versions of mod_ssl installed:
SSLProtocol all -SSLv2 -SSLv3
and check just what is in ‘all’ based on your version of OpenSSL and mod_ssl.

It’s important that government knows everything about you and keeps it online and accessible to the internet.

And you can add the evidence chain and forensic science to the defendants.
If the FBI wins this, the ‘cloud’ services are basically screwed. One of the selling points of the ‘cloud’ is that they don’t have or keep copies of the keys that users create to safely upload their data, backup their systems, keep their application data secure, etc.
A ruling against Apple would basically set the precedent that data services would require a tool to break the encryption of whatever they store in case the FBI or another gov’t agency required it.
If you’ve been dealing with computers for any time in the last three years, you know that there has been a mass migration of applications and data from local centralized systems to remote data centres and remote applications. Like everything else in computers, there are now certifications available for too much money to tell people that you can study and pass tests about the cloud and cloud security.
Data integrity is the single biggest reason to use the cloud. With an Apple loss, that integrity is gone.
Google Web Services. Microsoft OneDrive, Apple iCloud, Symantec Backup, Backup4All; everything people do now a days is cloud based.
And the majority don’t live in the US.
Update: Gizmodo was on the conference call with Apple. If true, Oops gov’t employees.

The Regina Leader-Post Editorial Board echos my concerns over giving the Internet access to patient records. However the editorial focuses mainly on the threat from allowing external access.
By far, the largest threat vector is internal in origin and I’m not just talking about a disgruntled employee. Any employee who brings in their own device, checks email or surfs the web at work, plays facebook games or VPN’s in from home are all potential points of vulnerability.
This just happened.

A hospital in Los Angeles has been operating without access to email or electronic health records for more than a week, after hackers took over its computer systems and demanded millions of dollars in ransom to return it.

Based on the article it looks like the hospital was hit with a version of Cryptolocker software. That means that some employee in the hospital, or someone who has an ‘always-on’ VPN connection to the hospital and has mapped a drive to the data at the hospital became the accomplice.
No matter how hard you lock down a network or a computer the single largest point of failure is always between the keyboard and the seat.

I like my prehistoric flip phone better with every passing day. (From August of 2015)

An advancement in desalination techniques.

Instead, the system uses an electrically driven shockwave within a stream of flowing water, which pushes salty water to one side of the flow and fresh water to the other, allowing easy separation of the two streams. The new approach is described in the journal Environmental Science and Technology Letters, in a paper by professor of chemical engineering and mathematics Martin Bazant, graduate student Sven Schlumpberger, undergraduate Nancy Lu, and former postdoc Matthew Suss.

Hmm? No gender studies majors?

Back when I started programming networked applications, the big threat was injection techniques into a CGI program. Back then, it was easy, use strict;, -T (taint check) and check everything that you didn’t write. That’s why you always had the “password can only be alpha-numeric +@#^&)-” style messages. We were checking what you entered to make sure it didn’t have a "SELECT * INTO OUTFILE "~/out.txt" from users; mail -s out.txt -f ~/out.txt bad.address@home.com" in the form.
It’s the same old problem. Except this time, if you accept REST or JSON via a Java based application server you should be concerned.
And before anyone dismisses this, ask yourself how the MLS system shares information.

This is a first, as far as I can tell.

Instead, the author or authors of the malware appear to be using it to actually secure infected devices. Symanetc [sic] believes the malware has infected tens of thousands of routers and other IoT systems around the world. Yet, in the two months that the security vendor has been tracking Linux.Wifatch it has not seen the malware tool being used maliciously even once.

ARIN IPv4 Free Pool Reaches Zero.
Just like it did in 2011.
There is a big difference between IPv6 compatible and moving your infrastructure, applications and services to IPv6.

Months later, the OPM and Department of Defense (DoD) confessed that “Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million.”