jfruh writes: Point-of-sale systems aren’t cheap, so it’s not unusual for smaller merchants to buy used terminals second-hand. An HP security researcher bought one such unit on eBay to see what a used POS system will get you, and what he found was disturbing: default passwords, a security flaw, and names, addresses, and social security numbers of employees of the terminal’s previous owner. Read more of this story at Slashdot.
Original post:
Point-of-Sale System Bought On eBay Yields Treasure Trove of Private Data
An anonymous reader writes “On 3 February 2011, the Internet Assigned Numbers Authority (IANA) issued the remaining five /8 address blocks, each containing 16.7 million addresses, in the global free pool equally to the five RIRs, and as such ARIN is no longer able to receive additional IPv4 resources from the IANA. After yesterday’s large allocation (104.64.0.0/10) to Akamai, the address pool remaining to be assigned by ARIN is now down to the last /8. This triggers stricter allocation rules and marks the end of general availability of new IPv4 addresses in North America. ARIN thus follows the RIRs of Asia, Europe and South America into the final phase of IPv4 depletion.” Read more of this story at Slashdot. 
snydeq writes “Andrew Oliver offers further proof that drunk driving and on-site servers don’t mix. Oliver, who had earlier announced a New Year’s resolution to go all-in on cloud services, had that business strategy expedited when a drunk driver, fleeing a hit-and-run, drove his SUV directly into the beauty shop next door to his company’s main offices. ‘Our servers were down for eight hours, and various services were intermittent for at least 12 hours. Had things been worse, we could have lost everything. Like our customers, we needed HA and DR. Moreover, we thought, maybe our critical services like email, our website, and Jira should be in a real data center. This made going all-cloud a top priority for us rather than “when we get to it.”‘ Oliver writes, detailing his company’s resultant hurry-up migration plan to 100 percent cloud services.” Read more of this story at Slashdot. 
Orome1 writes “DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers. They contacted Cisco and shared a detailed vulnerability description along with the PoC exploit for the vulnerability. Cisco claimed that the vulnerability was already fixed in the latest firmware release, which turned out to be incorrect. The latest Linksys firmware (4.30.14) and all previous versions are still vulnerable.” Read more of this story at Slashdot. 
Jeremy Allison – Sam writes “We released Samba 4.0 today, containing the first compatible Free Software implementation of Microsoft’s Active Directory protocols. ‘Samba 4.0 comprises an LDAP directory server, Heimdal Kerberos authentication server, a secure Dynamic DNS server, and implementations of all necessary remote procedure calls for Active Directory. Samba 4.0 provides everything needed to serve as an Active Directory Compatible Domain Controller for all versions of Microsoft Windows clients currently supported by Microsoft, including the recently released Windows 8. The Samba 4.0 Active Directory Compatible Server provides support for features such as Group Policy, Roaming Profiles, Windows Administration tools and integrates with Microsoft Exchange and Free Software compatible services such as OpenChange.'” Full release notes are available, and you grab the files from the download page. Read more of this story at Slashdot.