Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 10, 2016, 08:48:35 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Tech News Weekly: Edition 41 [NEW]  (Read 6449 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Tech News Weekly: Edition 41 [NEW]
« on: October 10, 2008, 06:18:53 PM »
The Weekly Tech News
TNWeekly01.gifHi all.
I apologize for the name of this post, but no this is not a repeat of last week's news. It seems the script I use to create the post templates (or as Mouse Man refers to it, the "time space continuum template") had me predicting the news for the coming week as opposed to reporting it for the week past. From now on this will be fixed. See last week's news here.
Next, I'd like to thank 40hz for his excellent banner, which I will be using from now on.  :Thmbsup: :Thmbsup:
Finally, it has been apparent that not being able to link to a specific article makes referencing and replying to the weekly news rather difficult, so I've taken the liberty of adding anchors to the title of each article. From now on, the title of each article will be a hyperlink to that specific article. Try it out by clicking here.
Well that's about it, hope you like this week's news :)


1. Clickjacking FAQ
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9115818&source=NLT_SEC&nlid=38
Another link: http://ha.ckers.org/blog/20081007/clickjacking-details/
And another: http://www.darkreading.com/document.asp?doc_id=165073
Aaand again: http://www.darkreading.com/document.asp?doc_id=165431
Index finger getting tired yet? http://www.webmonkey.com/blog/Hackers_are_Watching_You%3A_Flash_Clickjacking_Vulnerability_Exposes_Webcams_and_Mics
A very educational FAQ from ComputerWorld regarding the increasingly common "clickjacking" attack vector. Like we needed another reason to disable flash.

Quote
Last week, a pair of security researchers spread the news that a new class of vulnerabilities, called "clickjacking," puts users of every major browser at risk from possible attack.

Robert Hansen, founder and chief executive of SecTheory LLC, and Jeremiah Grossman, chief technology officer at WhiteHat Security Inc., spilled some beans last week after they gave a semi-closed presentation at OWASP AppSec 2008 in New York.


2. New Hack Trashes London's Oyster Card
http://www.techworld.com/security/news/index.cfm?newsID=105337&pagtype=all
Another link: http://arstechnica.com/news.ars/post/20081008-charlie-and-the-broken-rfid-mass-transit-authentication-system.html
Researchers have published source code that will allow tech-savvy people to duplicate smart cards used by Boston's rail network and the London Oyster, among others.

Quote
Researchers have published a cryptographic algorithm and source code that could be used to duplicate smart cards used by several major transit systems, including Boston's Charlie Card and the London Oyster card.

Scientists from the Dutch Radboud University Nijmegen presented their findings during the Esorics security conference on Monday in Malaga, Spain. They also published an article with cryptographic details.


3. Symantec Buys Message Labs
http://www.securitypronews.com/insiderreports/insider/spn-49-20081008SymantecBuysMessageLabs.html
Security firm Symantec has agreed to buy online messaging security firm MessageLabs for $US695 million, thereby securing its position in the SOftware-as-a-Service market..

Quote
Symantec, the largest maker of computer security and data backup software, said it will pay 310 million pounds sterling and $154 million in US dollars.

The company says its purchase of MessageLabs will give it a stronger position in the rapidly growing Software-as-a-Service (Saas) market and strengthen its lead in the messaging security industry.

MessageLabs is the top provider of online messaging security globally with more than eight million end users at more than 19,000 clients ranging from small business to Fortune 500.


4. Cyberscammers Taking Advantage Of Poor Economy
http://www.wubbfm.com/cc-common/news/sections/lifestylearticle.html?article=4379223
Another link: http://www.darkreading.com/document.asp?doc_id=165537
As one might expect, it appears the online nasties are already using people suffering from the economic downturn to benefit themselves. The attacks appear to be focusing on SPAM and phishing tactics.

Quote
Fear surrounding the growing economic calamity is feeding online criminals' efforts to steal consumers' personal information, computer-security experts say.

The number of fake Web sites, spam e-mail and phishing attacks has mushroomed as cybercrooks seek to take advantage of the sudden widespread alarm, the experts say.

Most scams center on spam and phishing against the backdrop of bank failures, mergers and takeovers, the experts tell USA Today.


5. U.S. Gov't Proposes Digital Signing of DNS Root Zone File
http://www.itworld.com/networking/55952/us-govt-proposes-digital-signing-dns-root-zone-file
The United States is finally accepting advice on how to protect the DNS root zone file from attacks. Naturally VeriSign is playing a mine-is-bigger-than-yours game with ICANN over who should hold the keys.

Quote
The U.S. government is soliciting input on a way to make the Internet's addressing system less susceptible to tampering by hackers.

Under the idea, records in the DNS (Domain Name System) root zone would be cryptographically signed using DNSSEC (Domain Name and Addressing System Security Extensions), a set of protocols that allows DNS records to carry a digital signature.


6. UCSniff - VoIP Eavesdropping Made Easy
http://www.theregister.co.uk/2008/09/30/voip_eavesdropping_tool/
A new tool has been released to demonstrate just how easy it is to eavesdrop on VoIP conversations.

Quote
A security consultant with expertise in protecting phone conversations as they travel over the internet has unveiled a new tool that demonstrates just how vulnerable voice over internet protocol, or VoIP, calls are to interception.

UCSniff bundles a hodgepodge of previously available open-source applications into a single software package that helps penetration testers assess the security of VoIP calls carried over a client's network. It also introduces several new features that make eavesdropping on specific targets a point-and-click undertaking.

UCSniff runs on a laptop that can be plugged in to the ethernet port of the organization being probed. From there, a VLAN hopper automatically traverses the virtual local area network until it accesses the part that carries VoIP calls. Once the tool has gained unauthorized access, UCSniff automatically injects spoofed ARP, or address resolution protocol, packets into the network, allowing all voice traffic to be routed to the laptop.


7. Elvis Has Left the Country
http://freeworld.thc.org/thc-epassport/
As a followup to story number 2 in last week's news, Hacker's Choice have released a video of an e-Passport self-scanner at Amsterdam airport accepting a modified passport purporting to belong to Elvis Presley.

Quote
The government plans to use ePassports at Immigration and Border
Control. The information is electronically read from the Passport
and displayed to a Border Control Officer or used by an automated
setup. THC has discovered weaknesses in the system to (by)pass the
security checks. The detection of fake passport chips does not
work. Test setups do not raise alerts when a modified chip
is used. This enables an attacker to create a Passport with an
altered Picture, Name, DoB, Nationality and other credentials.



8. Ransomware Author Tracked Down, But Not Nicked
http://www.theregister.co.uk/2008/10/01/gpcode_author_hunt/
A Russian national, allegedly the creator to the infamous Gpcode Trojan has been identified, but is unlikely to be charged due to Russia's lack of action against cybercrime.

Quote
The Russian VXer who created the infamous Gpcode ransomware Trojan has been identified - but an early arrest isn't likely.

With cybercrime way down the priority list in Russia, the malware author - known to the police after security firm Kaspersky Labs winkled out a likely IP number for him - is liable to remain at large for some time.


9. Hackers Penetrate South Korean Missile Manufacturer
http://www.theregister.co.uk/2008/10/01/missile_manufacturer_hacked/
Hackers have broken into a South Korean arms manufacturer's computer system, and may have stolen blueprints.

Quote
Black hat hackers were able to steal information from a South Korean missile manufacturer after planting malicious code on the company's computer system, according to news reports.

According to the country's National Security Research Institute, the code was installed on the computer network of LIGNex1 Hyundai Heavy Industries, a manufacturer of guided missiles, ground-to-air weapons, war ships, and submarines.


10. Ecommerce Standard Tightens Up Wireless Security
http://www.theregister.co.uk/2008/10/02/pci_dss_update/
In this latest revision, the Payment Card Industry Data Security Standard will disallow use of WEP from mid-2010 and will ban it in new establishments from April 2009. What a joke.

Quote
A revised version of an important security standard for ecommerce merchants was published on Wednesday.

Version 1.2 of the Payment Card Industry Data Security Standard (PCI DSS) mostly tweaks and clarifies the existing framework for the secure processing of credit card data. The 12 existing requirements - covering areas such as the need to used a firewall, store cardholder data securely and encrypt transmission of cardholder data - remain unchanged.


11. RealNetworks Sued Over DVD Copying Software
http://seattletimes.nwsource.com/html/businesstechnology/2008217705_realnetworks010.html
Another link: http://arstechnica.com/news.ars/post/20081005-judge-temporarily-halts-sale-of-realdvd-in-wake-of-lawsuit.html
Half of corporate Hollywood is suing RealNetworks to prevent them from selling their RealDVD DVD copying software.

Quote
Hollywood's six major movie studios Tuesday sued Seattle-based RealNetworks to prevent it from distributing DVD-copying software they said would allow consumers to "rent, rip and return" movies or even copy friends' DVD collections outright.

The studios stand to lose key revenue from DVD sales, estimated by Adams Media Research at $14 billion this year, if consumers stop buying DVDs and copy rental discs from outlets like Netflix and Blockbuster instead.


12. T-Mobile Confirm Theft of Personal Data On 17M Customers
http://www.darkreading.com/document.asp?doc_id=165280
T-Mobile, and its parent company Deutsche Telekom have admitted that a USB storage device was misplaced in 2006, and the incident not revealed to customers. Reports indicate the data may be in use by cyber-criminals.

Quote
Deutsche Telekom, owner of the T-Mobile wireless network, admitted this weekend that the mobile service suffered a data theft in 2006 that may have exposed the personal information of some 17 million customers.

Deutsche Telekom made a statement about the T-Mobile data theft on Saturday, anticipating the release of a story about the breach by the German magazine Der Spiegel on Sunday.


13. Free Tool Hacks Banking, Webmail, and Social Networking Sessions
http://www.darkreading.com/document.asp?doc_id=165303
A new tool will allow an attacker to hijack online sessions that use secure login.

Quote
A researcher will demonstrate a free, plug-and-play hacking tool this week that automatically generates man-in-the middle attacks on online banking, Gmail, Facebook , LiveJournal, and LinkedIn sessions -- even though they secure the login process.

Jay Beale, who recently released the so-called “Middler” open-source tool, will show it off at the SecTor conference in Toronto. Aside from the unnerving capability of hacking into sites that perform secure logins and then use clear-text HTTP, Middler is also designed for use by an attacker with no Web-hacking skills or experience. “The Middler allows an attacker with no Web application-hacking experience to launch attacks that previously required substantial time and skill,” according to Beale.


14. Metasploit Hacking Tool Now Open for Licensing
http://www.darkreading.com/document.asp?doc_id=165636
Metaspoit is now completely open source and openly licensed.

Quote
The wildly popular Metasploit hacking tool for the first time is now officially open source, open-license technology that can be incorporated into commercial tools.

The free research and penetration testing tool historically has had restricted, non-commercial licensing so that it could only be used by researchers or in-house penetration testers -- not repackaged, redistributed, or sold. But in the new version 3.2 -- due later this month in its final version -- Metasploit project lead HD Moore and his team have transformed Metasploit into an official open source project, complete with a BSD 3-Clause license arrangement that allows others to sell, rename, or “fork” the code in another direction.


15. Asus Install DVD Woes Continue With Worm On Eee Box
http://arstechnica.com/journals/hardware.ars/2008/10/09/asus-install-dvd-woes-continue-with-worm-on-eee-box
Discussion by Carol Haynes here: http://www.donationcoder.com/forum/index.php?topic=15272.0

Quote
This post should probably be cross-posted over at jobs.ars, because Asus may soon be looking for a new preloaded software department. For a second time this year, preloaded software on Asus's popular Eee line of PCs has show itself to have some unintended content. This time, the Windows versions of Asus' Eee box nettop have been loaded with an infectious computer worm.

Last month, recovery DVDs shipped with Eee netbooks were found to contain a software crack for WinRAR, along with secret Microsoft documents meant to be read only by PC OEMs. The DVD also contained MS software with application keys, and source code for a number of Asus applications. The scandal spread, with users finding the same files on recovery DVDs of other Asus computers, and even more bizarre files, including resumes and personal files of Asus employees. At the time, Asus told PCPro "We will be investigating this at quite a high level. Once the investigation is complete, we will ensure it doesn't happen again."


16. Antitrust Suit Against Apple and AT&T Will Proceed
http://arstechnica.com/journals/apple.ars/2008/10/07/judge-antitrust-suit-against-apple-and-att-can-proceed
A class action lawsuit against Apple and AT&T for bricking unlocked iPhones has been allowed to continue.

Quote
A federal judge has denied Apple's and AT&T's motions to dismiss a class-action lawsuit filed last year alleging various violations of antitrust and consumer protections laws. The judge agreed to Apple's motion, however, to limit the claims to laws of New York, California, and Washington, where the plaintiffs in the case reside.

The original lawsuit was filed last year after Apple released a contentious 1.1.1 update to iPhone's OS, which "bricked," or rendered inoperable, iPhones that had been modified to work on other carriers and/or run third-party software. When the phones became inoperable, Apple refused to honor the warranty on the grounds that the phones had unauthorized modifications.


17. Mono 2.0 Spreads .Net to Linux and Mac
http://www.linuxinsider.com/story/64746.html
Mono 2.0 is released. Not sure if .NET on Linux and Mac is a good thing or a bad thing myself :S

Quote
For developers who have fallen in love with .Net/C#, but aren't married to running their applications on Windows, the Mono Project aims to let Microsoft .Net-based apps run on Linux and Mac OS X, among several other platforms. Sponsored by Novell, the Mono Project has released Mono 2.0 of its cross-platform, open source .Net development framework.

Basically, Mono 2.0 lets users run both client and server applications on Linux, and helps developers figure out which changes they may need to make to their applications for .Net-to-Linux migrations.


18. Sony, Microsoft Virtual Communities to Start
http://news.wired.com/dynamic/stories/A/AS_TEC_JAPAN_SONY_MICROSOFT?SITE=WIRE&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2008-10-09-08-34-28
Just to tick off the Playstation/X-Box zealots, I thought I better post this article about the two companies blatantly ripping off Nintendo's Mii ;)

Quote
Video game rivals Sony and Microsoft are going head-to-head in virtual worlds for their home consoles later this year.

Both companies announced their services, which use graphic images that represent players called "avatars," Thursday at the Tokyo Game Show.

Sony Corp.'s twice delayed online "Home" virtual world for the PlayStation 3 console will be available sometime later this year, while U.S. software maker Microsoft Corp., which competes with its Xbox 360, is starting "New Xbox Experience" worldwide Nov. 19.


19.  Apple Hears Developers, Nixes IPhone NDA
http://www.webmonkey.com/blog/Apple_Hears_Developers__Nixes_iPhone_NDA
Apple has removed the non-disclosure agreement associated with the iPhone's Software Development Kit.

Quote
iPhone developers are free at last to talk about their applications. Apple has officially dropped the nondisclosure agreement that prohibited developers from discussing the iPhone’s operating system, application code and development kit, according to an announcement made on Apple’s website Wednesday morning.

Meanwhile, across the internet, Ewoks pound drums and sing songs. Or, rather, developers are finally venting their frustration and enjoying the freedom to talk about all their hard work over the last few months without fear of Apple’s retribution.


20.  Gmail Helps Stop Your Drunken E-mail Rants
http://www.webmonkey.com/blog/Gmail_Helps_Stop_Your_Drunken_E-mail_Rants
*cough*

Quote
Is your Saturday morning inbox filled with regret and self-loathing for the drunken e-mails you fired off the night before? If so, Gmail might have a solution for you. Google’s Gmail Labs has a new experimental featured dubbed “Mail Goggles” which will attempt to prevent you from sending out those ill-advised late night e-mails.

Gmail developer Jon Perlow created Mail Goggles as a kind of e-mail sobriety test. It works by stopping your message when you hit send and then presents a series of simple math problems you need to solve before you really send the e-mail.

Ehtyar.
« Last Edit: October 10, 2008, 06:51:23 PM by Ehtyar »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: 41 [NEW]
« Reply #1 on: October 10, 2008, 06:35:19 PM »
Looks pretty decent :)

Might be nice to have an index with links to the article summaries? You've already made the anchors, so you might as well put them to use :P
- carpe noctem

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #2 on: October 10, 2008, 06:41:09 PM »
The anchors are primarily for cross linking. A TOC would be, to put it simply, just too much extra work. Since the titles are now bold as per your request in the week before last's news, skimming shouldn't be a problem :P

Ehtyar.

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #3 on: October 10, 2008, 06:44:03 PM »
Fantastic, ehtyar  :Thmbsup: Thank you for doing this. DC credits coming your way  :-*
"Some people have a way with words, other people,... oh... have not way" - Steve Martin

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #4 on: October 10, 2008, 06:47:17 PM »
A TOC would be, to put it simply, just too much extra work.
Script it? :P
- carpe noctem

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #5 on: October 10, 2008, 06:50:24 PM »
Wow, thanks Darwin, very kind of you  8)

Ehtyar.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,434
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #6 on: October 10, 2008, 06:52:20 PM »
Great stuff  :up:

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #7 on: October 10, 2008, 06:57:20 PM »
A TOC would be, to put it simply, just too much extra work.
Script it? :P

Fine fine fine :P

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,434
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #8 on: October 11, 2008, 12:35:57 AM »
I love the summaries, very useful.

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #9 on: October 11, 2008, 01:06:05 AM »
Oh my this must have taken a long time to compile the news and display it so nicely   8) :Thmbsup:

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #10 on: October 11, 2008, 05:42:18 AM »
The formatting is scripted House Man, it's the sifting through the actual news that takes so long :P

Ehtyar.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 10,341
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #11 on: October 11, 2008, 03:04:59 PM »
yes, great work Ethyar

especially liked the gmail sobriety test tucked in there at the end :Thmbsup:
Tom

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #12 on: October 11, 2008, 03:10:34 PM »
I'm glad there's at least someone who appreciates my sense of humour  :-[ Thanks tomos :)

Ehtyar.

Gothi[c]

  • DC Server Admin
  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 858
    • View Profile
    • linkerror
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #13 on: October 11, 2008, 10:32:44 PM »
s/hacked/cracked/g

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #14 on: October 11, 2008, 10:39:42 PM »
Anyway...

Ehtyar.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #15 on: October 12, 2008, 04:08:02 AM »
s/hacked/cracked/g
Hacking: breaking into computer systems.
Cracking: removing software protection.

Clinging on to old definitions is silly. Does anybody use the original meaning of 'gay' these days?
- carpe noctem

Gothi[c]

  • DC Server Admin
  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 858
    • View Profile
    • linkerror
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #16 on: October 12, 2008, 10:31:23 PM »
Quote
Clinging on to old definitions is silly. Does anybody use the original meaning of 'gay' these days?

It's not because anyone you know doesn't, doesn't mean that anyone isn't.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 41 [NEW]
« Reply #17 on: October 13, 2008, 10:53:53 AM »
Does anybody use the original meaning of 'gay' these days?

Umm...me?
When somebody says 'gay' the very first thing that comes into my mind is 'happy.' But I'm sure there are many 'gay people' who are also gay, along with just being gay.

Must be a "generational thing." ;D


   
Quote
"When I use a word," Humpty Dumpty said in rather a scornful tone. "It means just what I choose it to mean - neither more or less."
    "The question is," said Alice, "whether you can make words mean so many different things."
    "The question is," said Humpty Dumpty, "which is to be master - that's all."
       
Lewis Carroll - English author & recreational mathematician (1832 - 1898)