Visit our regular forum for more in-depth conversations on more varied subjects.
Subscribe Now
Sign Up for our Free Newsletter
Whether you are a casual reader or a daily visitor, please do sign up at our forum so that you can receive our twice-monthly newsletter and leave comments on these entries
Read the latest newsletter..
Software and More
Blogging is the least of what we do at DonationCoder.com.
If you love getting the most out of your computer, make sure you check out our Donationware Software Collection.
Looking for a specific kind of tool? Check out our comprehensive Shootout Reviews and Featured Articles.
Or read more about the Special Events on our site, including programming contests, shareware giveaways and discounts, and much more.
Ethics Statement
We do not receive compensation in any form for the content on our site and we never will. We do not trade links. We are funded by donations from normal users like you. Whenever we post information we learned about on another site, we credit that site.
 |
|
|
|
|
The Silent Majority
M.R. says:  |
|
|
|
|
|
|
Translate
|
| view older items |
Monday October 13, 2008
 |
|
|
||
|
Monday Silliness: "He's a Cat Flushing the Toilet" Music VideoMonday Silliness: "He's a Cat Flushing the Toilet" Music Video It's exactly what it sounds like.. http://www.boingboing.net...hes-a-cat-flushing-t.html
|
|
||
|
|
|
||
Friday October 10, 2008
|
|
|
||
|
RegBench - Registry Benchmarker UtilityLooks like DC friend Jeremy Collake (maker of PECompact) released a cool little utility recently that benchmarks registry speed. As Martin on ghacks points out, this will finally make it much easier to answer the questions about the effects of registry defragging and cleaning. I can't wait to see the benchmark scores on before and after registry defragging so we can see what the real speedup is. http://www.bitsum.com/regbench.php
|
|
||
|
|
|
||
|
|
|
|||
|
Tech News Weekly: Edition 41The Weekly Tech News
1. Clickjacking FAQ http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9115818&source=NLT_SEC&nlid=38 Another link: http://ha.ckers.org/blog/20081007/clickjacking-details/ And another: http://www.darkreading.com/document.asp?doc_id=165073 Aaand again: http://www.darkreading.com/document.asp?doc_id=165431 Index finger getting tired yet? http://www.webmonkey.com/blog/Hackers_are_Watching_You%3A_Flash_Clickjacking_Vulnerability_Exposes_Webcams_and_Mics A very educational FAQ from ComputerWorld regarding the increasingly common "clickjacking" attack vector. Like we needed another reason to disable flash. Quote Last week, a pair of security researchers spread the news that a new class of vulnerabilities, called "clickjacking," puts users of every major browser at risk from possible attack. Robert Hansen, founder and chief executive of SecTheory LLC, and Jeremiah Grossman, chief technology officer at WhiteHat Security Inc., spilled some beans last week after they gave a semi-closed presentation at OWASP AppSec 2008 in New York. 2. New Hack Trashes London's Oyster Card http://www.techworld.com/security/news/index.cfm?newsID=105337&pagtype=all Another link: http://arstechnica.com/news.ars/post/20081008-charlie-and-the-broken-rfid-mass-transit-authentication-system.html Researchers have published source code that will allow tech-savvy people to duplicate smart cards used by Boston's rail network and the London Oyster, among others. Quote Researchers have published a cryptographic algorithm and source code that could be used to duplicate smart cards used by several major transit systems, including Boston's Charlie Card and the London Oyster card. Scientists from the Dutch Radboud University Nijmegen presented their findings during the Esorics security conference on Monday in Malaga, Spain. They also published an article with cryptographic details. 3. Symantec Buys Message Labs http://www.securitypronews.com/insiderreports/insider/spn-49-20081008SymantecBuysMessageLabs.html Security firm Symantec has agreed to buy online messaging security firm MessageLabs for $US695 million, thereby securing its position in the SOftware-as-a-Service market.. Quote Symantec, the largest maker of computer security and data backup software, said it will pay 310 million pounds sterling and $154 million in US dollars. The company says its purchase of MessageLabs will give it a stronger position in the rapidly growing Software-as-a-Service (Saas) market and strengthen its lead in the messaging security industry. MessageLabs is the top provider of online messaging security globally with more than eight million end users at more than 19,000 clients ranging from small business to Fortune 500. 4. Cyberscammers Taking Advantage Of Poor Economy http://www.wubbfm.com/cc-common/news/sections/lifestylearticle.html?article=4379223 Another link: http://www.darkreading.com/document.asp?doc_id=165537 As one might expect, it appears the online nasties are already using people suffering from the economic downturn to benefit themselves. The attacks appear to be focusing on SPAM and phishing tactics. Quote Fear surrounding the growing economic calamity is feeding online criminals' efforts to steal consumers' personal information, computer-security experts say. The number of fake Web sites, spam e-mail and phishing attacks has mushroomed as cybercrooks seek to take advantage of the sudden widespread alarm, the experts say. Most scams center on spam and phishing against the backdrop of bank failures, mergers and takeovers, the experts tell USA Today. 5. U.S. Gov't Proposes Digital Signing of DNS Root Zone File http://www.itworld.com/networking/55952/us-govt-proposes-digital-signing-dns-root-zone-file The United States is finally accepting advice on how to protect the DNS root zone file from attacks. Naturally VeriSign is playing a mine-is-bigger-than-yours game with ICANN over who should hold the keys. Quote The U.S. government is soliciting input on a way to make the Internet's addressing system less susceptible to tampering by hackers. Under the idea, records in the DNS (Domain Name System) root zone would be cryptographically signed using DNSSEC (Domain Name and Addressing System Security Extensions), a set of protocols that allows DNS records to carry a digital signature. 6. UCSniff - VoIP Eavesdropping Made Easy http://www.theregister.co.uk/2008/09/30/voip_eavesdropping_tool/ A new tool has been released to demonstrate just how easy it is to eavesdrop on VoIP conversations. Quote A security consultant with expertise in protecting phone conversations as they travel over the internet has unveiled a new tool that demonstrates just how vulnerable voice over internet protocol, or VoIP, calls are to interception. UCSniff bundles a hodgepodge of previously available open-source applications into a single software package that helps penetration testers assess the security of VoIP calls carried over a client's network. It also introduces several new features that make eavesdropping on specific targets a point-and-click undertaking. UCSniff runs on a laptop that can be plugged in to the ethernet port of the organization being probed. From there, a VLAN hopper automatically traverses the virtual local area network until it accesses the part that carries VoIP calls. Once the tool has gained unauthorized access, UCSniff automatically injects spoofed ARP, or address resolution protocol, packets into the network, allowing all voice traffic to be routed to the laptop. 7. Elvis Has Left the Country http://freeworld.thc.org/thc-epassport/ As a followup to story number 2 in last week's news, Hacker's Choice have released a video of an e-Passport self-scanner at Amsterdam airport accepting a modified passport purporting to belong to Elvis Presley. Quote The government plans to use ePassports at Immigration and Border Control. The information is electronically read from the Passport and displayed to a Border Control Officer or used by an automated setup. THC has discovered weaknesses in the system to (by)pass the security checks. The detection of fake passport chips does not work. Test setups do not raise alerts when a modified chip is used. This enables an attacker to create a Passport with an altered Picture, Name, DoB, Nationality and other credentials. 8. Ransomware Author Tracked Down, But Not Nicked http://www.theregister.co.uk/2008/10/01/gpcode_author_hunt/ A Russian national, allegedly the creator to the infamous Gpcode Trojan has been identified, but is unlikely to be charged due to Russia's lack of action against cybercrime. Quote The Russian VXer who created the infamous Gpcode ransomware Trojan has been identified - but an early arrest isn't likely. With cybercrime way down the priority list in Russia, the malware author - known to the police after security firm Kaspersky Labs winkled out a likely IP number for him - is liable to remain at large for some time. 9. Hackers Penetrate South Korean Missile Manufacturer http://www.theregister.co.uk/2008/10/01/missile_manufacturer_hacked/ Hackers have broken into a South Korean arms manufacturer's computer system, and may have stolen blueprints. Quote Black hat hackers were able to steal information from a South Korean missile manufacturer after planting malicious code on the company's computer system, according to news reports. According to the country's National Security Research Institute, the code was installed on the computer network of LIGNex1 Hyundai Heavy Industries, a manufacturer of guided missiles, ground-to-air weapons, war ships, and submarines. 10. Ecommerce Standard Tightens Up Wireless Security http://www.theregister.co.uk/2008/10/02/pci_dss_update/ In this latest revision, the Payment Card Industry Data Security Standard will disallow use of WEP from mid-2010 and will ban it in new establishments from April 2009. What a joke. Quote A revised version of an important security standard for ecommerce merchants was published on Wednesday. Version 1.2 of the Payment Card Industry Data Security Standard (PCI DSS) mostly tweaks and clarifies the existing framework for the secure processing of credit card data. The 12 existing requirements - covering areas such as the need to used a firewall, store cardholder data securely and encrypt transmission of cardholder data - remain unchanged. 11. RealNetworks Sued Over DVD Copying Software http://seattletimes.nwsource.com/html/businesstechnology/2008217705_realnetworks010.html Another link: http://arstechnica.com/news.ars/post/20081005-judge-temporarily-halts-sale-of-realdvd-in-wake-of-lawsuit.html Half of corporate Hollywood is suing RealNetworks to prevent them from selling their RealDVD DVD copying software. Quote Hollywood's six major movie studios Tuesday sued Seattle-based RealNetworks to prevent it from distributing DVD-copying software they said would allow consumers to "rent, rip and return" movies or even copy friends' DVD collections outright. The studios stand to lose key revenue from DVD sales, estimated by Adams Media Research at $14 billion this year, if consumers stop buying DVDs and copy rental discs from outlets like Netflix and Blockbuster instead. 12. T-Mobile Confirm Theft of Personal Data On 17M Customers http://www.darkreading.com/document.asp?doc_id=165280 T-Mobile, and its parent company Deutsche Telekom have admitted that a USB storage device was misplaced in 2006, and the incident not revealed to customers. Reports indicate the data may be in use by cyber-criminals. Quote Deutsche Telekom, owner of the T-Mobile wireless network, admitted this weekend that the mobile service suffered a data theft in 2006 that may have exposed the personal information of some 17 million customers. Deutsche Telekom made a statement about the T-Mobile data theft on Saturday, anticipating the release of a story about the breach by the German magazine Der Spiegel on Sunday. 13. Free Tool Hacks Banking, Webmail, and Social Networking Sessions http://www.darkreading.com/document.asp?doc_id=165303 A new tool will allow an attacker to hijack online sessions that use secure login. Quote A researcher will demonstrate a free, plug-and-play hacking tool this week that automatically generates man-in-the middle attacks on online banking, Gmail, Facebook , LiveJournal, and LinkedIn sessions -- even though they secure the login process. Jay Beale, who recently released the so-called “Middler” open-source tool, will show it off at the SecTor conference in Toronto. Aside from the unnerving capability of hacking into sites that perform secure logins and then use clear-text HTTP, Middler is also designed for use by an attacker with no Web-hacking skills or experience. “The Middler allows an attacker with no Web application-hacking experience to launch attacks that previously required substantial time and skill,” according to Beale. 14. Metasploit Hacking Tool Now Open for Licensing http://www.darkreading.com/document.asp?doc_id=165636 Metaspoit is now completely open source and openly licensed. Quote The wildly popular Metasploit hacking tool for the first time is now officially open source, open-license technology that can be incorporated into commercial tools. The free research and penetration testing tool historically has had restricted, non-commercial licensing so that it could only be used by researchers or in-house penetration testers -- not repackaged, redistributed, or sold. But in the new version 3.2 -- due later this month in its final version -- Metasploit project lead HD Moore and his team have transformed Metasploit into an official open source project, complete with a BSD 3-Clause license arrangement that allows others to sell, rename, or “fork” the code in another direction. 15. Asus Install DVD Woes Continue With Worm On Eee Box http://arstechnica.com/journals/hardware.ars/2008/10/09/asus-install-dvd-woes-continue-with-worm-on-eee-box Discussion by Carol Haynes here: http://www.donationcoder.com/Forums/bb/index.php?topic=15272.0 Quote This post should probably be cross-posted over at jobs.ars, because Asus may soon be looking for a new preloaded software department. For a second time this year, preloaded software on Asus's popular Eee line of PCs has show itself to have some unintended content. This time, the Windows versions of Asus' Eee box nettop have been loaded with an infectious computer worm. Last month, recovery DVDs shipped with Eee netbooks were found to contain a software crack for WinRAR, along with secret Microsoft documents meant to be read only by PC OEMs. The DVD also contained MS software with application keys, and source code for a number of Asus applications. The scandal spread, with users finding the same files on recovery DVDs of other Asus computers, and even more bizarre files, including resumes and personal files of Asus employees. At the time, Asus told PCPro "We will be investigating this at quite a high level. Once the investigation is complete, we will ensure it doesn't happen again." 16. Antitrust Suit Against Apple and AT&T Will Proceed http://arstechnica.com/journals/apple.ars/2008/10/07/judge-antitrust-suit-against-apple-and-att-can-proceed A class action lawsuit against Apple and AT&T for bricking unlocked iPhones has been allowed to continue. Quote A federal judge has denied Apple's and AT&T's motions to dismiss a class-action lawsuit filed last year alleging various violations of antitrust and consumer protections laws. The judge agreed to Apple's motion, however, to limit the claims to laws of New York, California, and Washington, where the plaintiffs in the case reside. The original lawsuit was filed last year after Apple released a contentious 1.1.1 update to iPhone's OS, which "bricked," or rendered inoperable, iPhones that had been modified to work on other carriers and/or run third-party software. When the phones became inoperable, Apple refused to honor the warranty on the grounds that the phones had unauthorized modifications. 17. Mono 2.0 Spreads .Net to Linux and Mac http://www.linuxinsider.com/story/64746.html Mono 2.0 is released. Not sure if .NET on Linux and Mac is a good thing or a bad thing myself :S Quote For developers who have fallen in love with .Net/C#, but aren't married to running their applications on Windows, the Mono Project aims to let Microsoft .Net-based apps run on Linux and Mac OS X, among several other platforms. Sponsored by Novell, the Mono Project has released Mono 2.0 of its cross-platform, open source .Net development framework. Basically, Mono 2.0 lets users run both client and server applications on Linux, and helps developers figure out which changes they may need to make to their applications for .Net-to-Linux migrations. 18. Sony, Microsoft Virtual Communities to Start http://news.wired.com/dynamic/stories/A/AS_TEC_JAPAN_SONY_MICROSOFT?SITE=WIRE&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2008-10-09-08-34-28 Just to tick off the Playstation/X-Box zealots, I thought I better post this article about the two companies blatantly ripping off Nintendo's Mii  Quote Video game rivals Sony and Microsoft are going head-to-head in virtual worlds for their home consoles later this year. Both companies announced their services, which use graphic images that represent players called "avatars," Thursday at the Tokyo Game Show. Sony Corp.'s twice delayed online "Home" virtual world for the PlayStation 3 console will be available sometime later this year, while U.S. software maker Microsoft Corp., which competes with its Xbox 360, is starting "New Xbox Experience" worldwide Nov. 19. 19. Apple Hears Developers, Nixes IPhone NDA http://www.webmonkey.com/blog/Apple_Hears_Developers__Nixes_iPhone_NDA Apple has removed the non-disclosure agreement associated with the iPhone's Software Development Kit. Quote iPhone developers are free at last to talk about their applications. Apple has officially dropped the nondisclosure agreement that prohibited developers from discussing the iPhone’s operating system, application code and development kit, according to an announcement made on Apple’s website Wednesday morning. Meanwhile, across the internet, Ewoks pound drums and sing songs. Or, rather, developers are finally venting their frustration and enjoying the freedom to talk about all their hard work over the last few months without fear of Apple’s retribution. 20. Gmail Helps Stop Your Drunken E-mail Rants http://www.webmonkey.com/blog/Gmail_Helps_Stop_Your_Drunken_E-mail_Rants *cough* Quote Is your Saturday morning inbox filled with regret and self-loathing for the drunken e-mails you fired off the night before? If so, Gmail might have a solution for you. Google’s Gmail Labs has a new experimental featured dubbed “Mail Goggles” which will attempt to prevent you from sending out those ill-advised late night e-mails. Gmail developer Jon Perlow created Mail Goggles as a kind of e-mail sobriety test. It works by stopping your message when you hit send and then presents a series of simple math problems you need to solve before you really send the e-mail. Ehtyar.
|
|
|||
|
|
|
|||
|
|
|
||
|
NortonUACIt appears that norton has done it this time. This tool is insanely useful. This tool is not to be confused for Tweak-UAC which lets you disable UAC, but instead this offers you the ability to whitelist (and submit results to norton for inclusion in the whitelist) programs so you do not receive UAC prompts. It replaces the UAC prompt with it's own, see below, and allows you to choose "Don't ask me again" which supresses all prompts in the future for said program. Very useful and freeware! Good job symantec http://www.nortonlabs.com/inthelab/uac.php
|
|
||
|
|
|
||
Tuesday October 07, 2008
|
|
|
||
|
 Newsletter For October 7th, 2008 - Codename "Tech News Weekly"1. Newsletter Editorial Greetings! We hope that this (tardy) newsletter finds you well. We'd like to start by reprising our reminder from the last newsletter about the new "Member Map". Follow the link below to take a look at it and, if you haven't already done so, add yourself! This is a fun way to see where everyone is - putting places to names, so to speak. A month or so ago, mouser and veign awarded an MSDN Visual Studio Bundle to longtime DC member Eoin O'Callaghan. It was a very tight race, though, and they almost awarded it to new DC member VideoInPicture. Another bundle became available and they have recognized the contributions that VideoInPicture has already made in such a short time by awarding it to him. See the link below to read mouser's announcement and join us in congratulating VideoInPicture (Eric Wong). We'd also like to highlight DC member Ehtyar's Tech News Weekly threads, posted in the Living Room section of the forum. He highlights interesting technology and software stories and is seeking input on refinements that he has made to the layout. While you're reading the thread, check out 40hz' cool graphic and weigh in on the suggestion that a dedicated child board be started! Click here to continue reading the full newsletter now..
|
|
||
|
|
|
||
|
|
|
||
|
Techcult.com: The 150 Best Online Flash GamesTech Cult has compiled a list of the 150 best Flash games. As a testament to the quality of this list, many of these have already been mentioned on DonationCoder! Quote It was a long and exhausting task: playing hundreds of online games for hours in a row, day after day. It was hard, but someone had to do it. The result is the list that you will find below. Enjoy! http://www.techcult.com/t...0-best-online-flash-games Yes, they even have a Commander Keen port.
|
|
||
|
|
|
||
Monday October 06, 2008
|
|
|
||
|
Hedgewars: Excellent Free Clone of the Classic Game "Worms"Today on freewaregenius.com, Samer introduces us to Hedgewars, an extremely faithful and polished clone of the terrific Worms game series. WEBSITE: http://www.hedgewars.org/ Hard to say it better than Samer did: Quote Description: Hedgewars is multiplatform, a free turn-based blast-em-up in the vein of Worms. It features a wide range of weapons, multiple maps, and excellent graphics and audio. Offers single player, multiplayer, and (in theory) multiplayer over the internet modes. If you’ve ever wondered why there are so many Worm clones and offshoots here’s the reason: Worms is an extremely playable, fun game. Although there are many freeware Worms clones but many of these are DOS games that lag behind in their production qualities (and/or do not readily run on XP/Vista), which is why Hedgewars was such a fantastic find for me personally: it offers excellent graphics and sound and excellent playability and physics. In contrast to Worms variations such as the brilliant Soldat (which abandoned the turn-based model in favor of real-time gameplay), Hedgewars is a very faithful adaptation that sticks to the turn-based model and recreates most of the original elements, from the wacky range of weaponry to the destructible environment, and even the cartoonish look and feel all the way down the little one-liners that the characters utter at the end of each turn.
|
|
||
|
|
|
||
|
|
|
||
|
TIGSource Demake Competition ResultsThe good folks over at The Independent Gaming Source have announced the results of their recent Demake Competition. If you're like me, you may be wondering what a "demake" is. Well, the word comes from the idea of reversing the process of "a remake" by taking a newer game and "demaking" it into a retro, ~8-bit style game. http://tigsource.com/arti...0/05/demake-compo-results The top 3 games are:
|
|
||
|
|
|
||
Sunday October 05, 2008
|
|
|
||
|
Coding Snack: Toggle Fullscreen of Control (or Zoom control to fullscreen)I would like to have a small program that will allow a user to stretch a given region of the screen (a window and/or control) to fill the entire screen and then "unstretch" it back to its original size and position. Click here to read about and download the utility written by DC members to do this..
|
|
||
|
|
|
||
Friday October 03, 2008
|
|
|
||
|
Tech News Weekly: 41The Weekly Tech News Hi all. Just a few quick messages:First, this is the new layout in response to feedback from last week's news. As always, any constructive feedback is appreciated. Second, two of the articles in this week's news were submitted by forum members. If anyone would like to contribute a story that I may have missed in a previous week, or simply would like to ensure that I do include a story for a following week, please leave me a PM on the forum or on irc. Thanks, Ehtyar. 1. TCP Flaws Put Websites At Risk http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1332898,00.html http://news.cnet.com/8301-1009_3-10056759-83.html Researches have found several fundamental flaws in TCP that, if exploited, may be capable of bringing down internet heavyweights like Google or Microsoft. Quote A pair of security experts are now discussing several fundamental issues with the TCP protocol that can be exploited to cause denials of service and resource consumption on virtually any remote machine that has a TCP service listening for remote connections. The problems, which were identified as far back as 2005, are not simply vulnerabilities in products from one or two vendors, but are issues with the ways in which routers, PCs and other machines handle TCP connection requests from unknown, remote machines. The attacks can be carried out with very little bandwidth, such as that available on a cable modem, and there don't appear to be any workarounds or fixes for the problems at this point. 2. How To Clone and Modify E-Passports http://www.schneier.com/blog/archives/2008/09/how_to_clone_an.html A group of hackers have released a tool allowing people to clone and modify electronic passports by exploiting a weakness that is apparently the result of using self-signed certificates...but who do you make the CA of the entire globes' passports? Quote So what's the solution? We know that humans are good at Border Control. In the end they protected us well for the last 120 years. We also know that humans are good at pattern matching and image recognition. Humans also do an excellent job 'assessing' the person and not just the passport. Take the human part away and passport security falls apart. 3. Top Secret MI6 Camera Sold On e-Bay http://www.techcrunch.com/2008/09/30/top-secret-mi6-camera-sold-to-the-highest-bidder-on-ebay/ A camera containing top secret information, including credentials for logging into their network, was sold by an MI6 agent on e-Bay. Quote A 28-year-old delivery man from the UK who bought a Nikon Coolpix camera for about $31 on eBay got more than he bargained for when the camera arrived with top secret information from the UK’s MI6 organization. Allegedly sold by one of the clandestine organization’s agents, the camera contained named al-Qaeda cells, names, images of suspected terrorists and weapons, fingerprint information, and log-in details for the Secret Service’s computer network, containing a “Top Secret” marking. 4. Microsoft, Washington State Sue Scareware Purveyors http://voices.washingtonpost.com/securityfix/2008/09/microsoft_washington_state_tar.html Microsoft and the state of Washington gave stepped up to take on groups that use false and/or misleading security alerts to trick concerned customers into purchasing software. Quote Microsoft Corp. and the state of Washington this week filed lawsuits against a slew of "scareware" purveyors, scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software. The case filed by the Washington attorney general's office names Texas-based Branch Software and its owner James Reed McCreary IV, alleging that McCreary's company caused targeted PCs to pop up misleading security alerts about security threats on the victims' computers. The alerts warned users that their systems were "damaged and corrupted" and instructed them to visit a Web site to purchase a copy of Registry Cleaner XP for $39.95. 5. Nasty web bug descends on world's most popular sites http://www.theregister.co.uk/2008/09/30/web_bug_bites_sites/ http://news.cnet.com/8301-1009_3-10056854-83.html Princeton University researchers have uncovered a series of cross-site request forgeries in some of the worlds most popular websites, one of which would have permitted fund transferal from a victims bank account. Internet Explorer and Firefox users are known to have been vulnerable. Quote Underscoring the severity of of an exotic form of website bug, security researchers from Princeton University have cataloged four cross-site request forgeries in some of the world's most popular sites. The most serious vulnerability by far was in the website of global financial services company ING Direct. The flaw could have allowed an attacker to transfer funds out of a user's account, or to create additional accounts of behalf of a victim, according to this post from Freedom to Tinker blogger Bill Zeller. 6. Cybersecurity holes exposed in Los Alamos nuke lab http://www.theregister.co.uk/2008/09/29/los_alamos_cyber_insecurity/ The Los Alamos National Laboratory has been found to be severely under-secured by a US Government Accountability Office audit. Quote The Los Alamos National Laboratory - easily the world's most sensitive and sophisticated research institution - is marred by cybersecurity weaknesses that compromise the way information on its unclassified network is protected. According to an audit by the US Government Accountability Office (GAO), the New Mexico-based LANL recently began implementing measures to shore up information security. But vulnerabilities remain on its unclassified network, which contains sensitive information involving controlled nukes, export control, and personal details of lab employees. Physical security was also found to be lacking at the facility, one of only three US National Nuclear Security Administration (NNSA) labs. 7. Time To Look For A Skype Alternative (Thanks 40hz) http://www.ghacks.net/2008/10/02/time-to-look-for-a-skype-alternative/ http://news.cnet.com/8301-1009_3-10056127-83.html http://news.cnet.com/8301-1009_3-10057580-83.html Quote The voice over IP client Skype never got off the radar of privacy activists. There were always rumors about backdoors in the voice communication software and that several organizations were able to record calls made by Skype users although Skype claimed otherwise. Skype messages were in the focus of privacy groups since first news about text filtering messages in China became known to the public. Back then Skype released an official statement that the text filter applied by the Chinese Skype partner Tom Online would not affect security and encryption mechanisms of Skype, that people’s privacy would not be compromised and calls, chats and other forms of communication on Skype would continue to be encrypted and secure. Researchers and privacy activists of the University of Toronto discovered files on unprotected Chinese computers that contained filtered Skype messages that were recorded in China. 8. Adware supplies one third of all malware http://news.cnet.com/8301-1009_3-10056912-83.html A report released by Panda security has alleged that one third of all new malware is generated by adware, particularly fake antivirus products. Quote On Thursday, Panda Security released its report for the third quarter stating that adware is responsible for one third of all new malicious software. In particular, the security company cited increased use of fake antivirus scanners. The fake scanners typically report a computer infection and suggest downloading an application to remove the malware. Once downloaded, the scanners then ask computer users to purchase the application before it can remove an infection that never really exists. The goal of these attacks is financial gain. 9. New phishing attempt targets bank customers http://news.cnet.com/8301-1009_3-10057180-83.html A bracket of the acquisitions (Thanks housetier) Phishers appear to be capitalising on the downfall of the global economy. Quote Many people are wondering what to do now that their bank has been acquired in the wake of the lending crisis. Well, whatever you do, don't click on links in e-mails purportedly sent by your bank. Security firm SonicWall said Thursday that it has been seeing e-mails that attempt to lure people to fake bank Web sites, where they are asked to re-verify their personal and bank information as part of a merger. 10. Verizon gets industry-specific in breach report http://news.cnet.com/8301-1009_3-10056490-83.html An interesting report from Verizon detailing industry-specific vulnerability rends. Quote Risks factors for data breaches vary industry to industry and defy a "cookie cutter" approach to security, according to a report released Thursday by Verizon Communications. The new report (PDF) builds on data released in June. The initial report spanned four years and included more than 500 forensic investigations involving 230 million compromised records. 11. Plant Tweak Could Let Toxic Soil Feed Millions http://blog.wired.com/wiredscience/2008/10/plant-tweak-cou.html A single genetic switch could allow crops to grow in aluminum-poisoned soil. Quote Thanks to a genetic breakthrough, a large portion of Earth's now-inhospitable soil could be used to grow crops -- potentially alleviating one of the most pressing problems facing the planet's rapidly growing population. Scientists at the University of California, Riverside made plants tolerant of poisonous aluminum by tweaking a single gene. This may allow crops to thrive in the 40 to 50 percent of Earth's soils currently rendered toxic by the metal. 12. Google, Hotmail CAPTCHA Cracked http://arstechnica.com/news.ars/post/20081002-right-back-at-ya-captcha-bad-guys-crack-gmail-hotmail.html http://www.itsecurity.com/blog/20081003/xrumer-spambot-cracks-captchas/ A previously well-known software XRumer has received a substantial upgrade, allowing it to break almost every form of CAPTCHA currently in use. Quote The decline in CAPTCHA efficacy has been an ongoing story in 2008, as hackers and malware authors have steadily found ways to chip away at the protection these security practices were once thought to offer. Now, new findings indicate that both Gmail and Windows Live Hotmail have been compromised again, this time via a more-streamlined attack process. With two of the largest webmail providers once again vulnerable, CAPTCHAs clearly aren't meeting the security needs of either company, and it may be time to reevaluate the use of them altogether. 13. RapidShare must remove infringing content proactively http://arstechnica.com/news.ars/post/20081001-german-court-says-rapidshare-must-get-proactive-on-copyrighted-content.html If a German court ruling is upheld, Rapidshare may no longer be able to plead ignorance of infringing content hosted on their servers. Quote File sharing service RapidShare may find itself without a viable business model if a German court ruling stands. After getting sued by a German copyright holder, the company argued that it was doing all it could to screen out copyrighted material. The court, however, has ruled that its efforts were insufficient, raising questions about whether doing anything that was legally sufficient could be done without incurring enough costs to sink the company. RapidShare is one of a large number of companies that will host large files for users who need to exchange them with friends and family. Like many of these companies, it offers a free service with limited features in the hopes of enticing users to spring for the cost of a premium service, which offers some significant perks, such as hosting larger files, unlimited download speeds, and permanent storage. All of this occurs through a simple web interface, and doesn't involve the P2P transfers that have attracted the ire of ISPs and the copyright industry. As a result, their popularity is growing rapidly; RapidShare accounts for five percent of all IP traffic in some regions. 14. Blizzard awarded $6 million in damages from WoW bot maker http://arstechnica.com/news.ars/post/20081001-blizzard-awarded-6-million-in-damages-from-wow-bot-maker.html World of Warcraft creator Blizzard have been awarded $6 million in a court case against Glider, a company that produced software to automate gameplay, thse of which was against Blizzard's Terms of Service. Quote The case Blizzard brought against bot-maker MDY Industries has been going on since 2006, and while a judge ruled in July that MMOGlider infringed on Blizzard's copyrights, the question of whether the bot violates the DMCA is still open. That has not stopped the judge from awarding $6 million in damages in the case. It's unknown how much money MDY Industries has made from its product MMOGlider, which allows users to automate the boring parts of World of WarCraft and essentially grind forever with no user involvement, but the $25 program had sold around 100,000 copies as of last year. In other words, the product was big business. Unfortunately, it also violated the game's terms of service. Ehtyar.
|
|
||
|
|
|
||
|
|
|
||
|
FinePrint vs. priPrinterpatteo wrote a fantastic mini-review of FinePrint, but was wondering if anyone is using Pelikan Software's priPrinter and what their thoughts are? http://www.priprinter.com Continue reading the rest of the entry and discuss..
|
|
||
|
|
|
||
Thursday October 02, 2008
|
|
|
||
|
Stephen King's "N." - 25 Short VideosThese are quite cool.. mysterious and ominous story and a beautifully drawn and animated comic. All online (ad supported) for viewing. Quote Master storyteller Stephen King presents a revolutionary new form of entertainment: his short story “N.” brought to vibrant life through a series of 25 graphic video episodes. The original series tells the story of a psychiatrist who falls victim to the same deadly obsession as his patient—an obsession that just might save the world! Drawn by award-wining comic book artist Alex Maleev, and colored by famed comic book colorist José Villarrubia, the episodes were adapted by Marc Guggenheim, co-creator of the ABC-TV series “Eli Stone” with creative oversight from Stephen King. http://www.simonsays.com/...als/stephen-king-nishere/
|
|
||
|
|
|
||
Friday September 26, 2008
|
|
|
||
|
 Fan-Editing of Movies? Links and OpinionsI just did a search on DC about fan-edits, where normal people re-edit movies and produce new versions of the movies, but didn't find anything, so I was wondering what this board's opinions on it are. Read the full thread for links to related sites..
|
|
||
|
|
|
||
| view older items |