Website Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • August 30, 2015, 10:58:02 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Tech News Weekly: Edition 48  (Read 5169 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Read more about this member.
    • Donate to Member
Tech News Weekly: Edition 48
« on: November 29, 2008, 05:48:28 AM »
The Weekly Tech News
TNWeekly01.gifHi all.
My apologies for getting a little carried away last week folks, this week should be more of a 'summary' as these things are intended to be. Perhaps if people have an opinion on what the minimum and maximum number of articles included should be they could let me know in a reply.
I'm afraid I haven't gotten around to getting code out to Mouse Man for the 'Expand All' button. If I get it done before next week's news and we can actually implement it I'll add it here.
As usual, you can find last week's news here.


1. Facebook Wins Record $873m Fine Against Smut Spammer
Spoiler
http://www.theregister.co.uk/2008/11/25/facebook_spam_lawsuit/
Facebook have won a lawsuit worth $837 million against a Canadian accused of hacking into users' accounts and spamming from them.

Quote
Facebook has won a $873m judgment against a Canadian sued for spamming users of the social networking site with "sexually explicit" messages after hacking into the profiles of its members.

Adam Guerbuez, of Montreal, who runs Atlantis Blue Capital and Ballervision.com, was ordered to pay exemplary damages by US District Judge Jeremy Fogel last Friday. Guerbuez did not contest the case, which also resulted in an injunction against him that effectively prevents him from accessing Facebook for any reason ever again.

2. Security Breach Gives PayPal Phish the Personal Touch
Spoiler
http://www.theregister.co.uk/2008/11/24/pamela_security_breach/
A breach of user information held by Pamela Systems has given rise to a personalized phishing scam against users of the Pamela Skype addon.

Quote
Skype users who use a piece of software dubbed Pamela to manage their online phone accounts should be on the lookout for customized phishing attacks following revelations that one or more user databases containing names and email addresses have been breached.

The attack, which took place last week, has already led to one phishing campaign that calls recipients by their real names and then tries to trick them into turning over personal information. That added personal touch could throw some users off guard because most phishing emails address their marks by generic terms such as "Dear PayPal User."

3. Unofficial Fix Issued for Vista Networking Flaw
Spoiler
http://www.securityfocus.com/archive/1/498471
For the more technically inclined: http://www.securityfocus.com/archive/1/498471
Calls to a user mode API in Vista Ultimate and Enterprise can lead to kernel mode memory corruption, potentially causing a blue screen or remote code execution in kernel mode. Microsoft has not issued at time of writing, though the researchers that made the discovery have released a modified version of the vulnerable library that fixes the issue.

Quote
A system-crashing bug with potential malware implications has been uncovered in Vista. But a fix for the vulnerability, which revolves around flaws in the operating system's network stack, may have to wait until the next service pack.

The TCP/IP stack buffer overflow was discovered by security researchers at Austrian firewall firm Phion in October. Details of the flaw, which also creates a potential mechanism to inject hostile code into vulnerable systems, were disclosed in a posting to BugTraq on Friday.

4. More MS08-067 Exploits
Spoiler
http://blogs.technet.com/mmpc/archive/2008/11/25/more-ms08-067-exploits.aspx
In followup to: http://www.donationcoder.com/forum/index.php?topic=15476.0#post_Microsoft_Issue_OutOfBand_Security_Patch
For the more technically inclined: http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99&tabid=2
An exploit for MS08-067 is running rampant over the internet according to Microsoft itself.

Quote
As expected, we are seeing another wave of attacks exploiting the vulnerability detailed in security bulletin MS08-067.

Early last week we blogged about MS08-067 exploits. At that time, the number of exploits in the wild was still low and they were mostly targeted attacks. However, during the weekend we started receiving customer reports for new malware that exploits this vulnerability. During the last two days that malware gained momentum and as a result we see an increased support call volume. The SHA1 hash of the malware is 0x5815B13044FC9248BF7C2DBA771F0E6496D9E536 and we detect it as Worm:Win32/Conficker.A.

5. Judge Says BU Can't Turn Over Infringers' IPs in P2P Case
Spoiler
http://arstechnica.com/news.ars/post/20081126-judge-says-bu-cant-turn-over-infringers-ips-in-p2p-case.html
A sane judge on on a copyright infringement case? Who knew...

Quote
The music industry's requests for more personal information regarding the identity of several accused file-sharers have been shot down by a federal judge. Judge Nancy Gertner quashed a subpoena this week in the infamous London-Sire v. Does 1-4 case, saying that the IP addresses of three anonymous Boston University students could not be handed over because the university had "adequately demonstrated that it is not able to identify the alleged infringers with a reasonable degree of technical certainty."

The legal system has been chipping away at the London-Sire case all year, starting this spring when Judge Gertner said that making files available on a P2P network does not equal copyright infringement. At that time, she also noted that IP addresses can't always be traced to a particular individual and that, if Boston University were compelled to turn over a list of possible infringers, it could give a green light to RIAA fishing expeditions.

6. Key Molecule for Life Found in Habitable Region of the Galaxy
Spoiler
http://blog.wired.com/wiredscience/2008/11/sugar-molecule.html
An important molecule linked to the origin of life has been discovered in a region of The Milky Way.

Quote
A sugar molecule linked to the origin of life was discovered in a potentially habitable region of our galaxy.

The molecule, called glycolaldehyde, was spotted in a large star-forming area of space around 26,000 light-years from Earth in the less-chaotic outer regions of the Milky Way. This suggests the sugar could be common across the universe, which is good news for extraterrestrial-life seekers.

7. Lenovo Kills Notebooks With a Text Message
Spoiler
http://www.tgdaily.com/html_tmp/content-view-40351-108.html
Lenovo's next generation of Thinkpad notebooks will permit its owner to disable the 3G-enabled unit via text message. I wonder how long until this gets cracked...

Quote
As notebook theft is becoming an increasingly important topic in the IT world, we are now seeing innovative solution to protect users and corporations from data theft almost on a weekly basis. One of the most interesting and potentially most effective solutions was announced by Lenovo this morning.

A new feature that is expected to become available in Q1 2009 for select Thinkpad laptops will allow notebook owners to disable a notebook with a text message that is sent to a 3G-enabled system via a cellular network. The lockdown will happen immediately if a notebook is turned on or, when it is turned off, the next time the system signs on to a cellular network. To reactivate the disabled PC, a user needs to enter a pre-set passcode created during notebook startup.

8. Another Layer of Security for PayPal Accounts
Spoiler
http://www.net-security.org/secworld.php?id=6768
Paypal users now have access to another layer of security with the option of receiving a security code as a text message prior to logging in.

Quote
PayPal announced a new way for members to add even more security to their PayPal accounts using their mobile phones. Customers can now choose to receive a unique six-digit security code via text message to their mobile phones prior to logging in to their accounts.

The PayPal SMS Security Key adds another layer of protection to PayPal accounts and uses the same security infrastructure as the PayPal Security Key, which generates a unique security code approximately every 30 seconds on a small electronic token. Members receive this code to their phones or tokens, and use the codes along with their usernames and passwords to sign in to their accounts.

9. New Machines Scan IDs at Border Crossings
Spoiler
http://www.usatoday.com/tech/news/computersecurity/2008-11-23-passport-chips_N.htm?csp=34
Machines are in use at several US border crossing stations that permit border security agents to read information stored in RFID-enabled government documentation.

Quote
Agents along the Canada and Mexico borders are using a controversial new machine that can "read" the personal information contained in some government-issued ID cards — such as passports and driver's licenses — as travelers approach a checkpoint.

The Homeland Security Department says the new practice will tighten security and speed the flow of traffic. Privacy advocates say the technology could make Americans less secure because terrorists or other criminals may be able to steal the personal information off the ID cards remotely.


Ehtyar.

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,697
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 48
« Reply #1 on: November 29, 2008, 08:57:04 AM »
Thanks again for this week's issue :)

Number 6: Cool!  (On a somewhat related note.  There's a pretty interesting-sounding lecture series (expensive) from the Teaching Company named "Origins of Life" -- I haven't seen this series, but I've watched a different series (Joy Of Science) by the same lecturer and thought that was pretty good.)

nosh

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,407
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 48
« Reply #2 on: November 29, 2008, 02:11:49 PM »
#1 - Damn, that's a lot of smut!
#7 - Imminent lulz

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 7,032
    • View Profile
    • Just for mouser.
    • Donate to Member
Re: Tech News Weekly: Edition 48
« Reply #3 on: November 29, 2008, 10:07:14 PM »
#4: What is MS08-067? :huh:

#5: Wow, what is this? A judge who knows a thing or two about technology? :-\

#6: Great until the bad guys can fake the messages to kill computers. 8)

#7: Awesome! I want to have to pay 5 cents for text messages every time I want to log in to PayPal! :down:

Thanks Ehtyar!


Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: Edition 48
« Reply #4 on: November 29, 2008, 10:38:03 PM »
#4: What is MS08-067? :huh:
I post links to previous stories for a reason Deo , but if all else fails, try this ;)
#6: Great until the bad guys can fake the messages to kill computers. 8)
Haha, that I didn't think of  :Thmbsup:
#7: Awesome! I want to have to pay 5 cents for text messages every time I want to log in to PayPal! :down:
Well they can't seem to organise proper security on their commission.. :P

Ehtyar.
« Last Edit: November 29, 2008, 10:40:57 PM by Ehtyar »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 9,492
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 48
« Reply #5 on: November 30, 2008, 04:05:40 AM »
#6: Great until the bad guys can fake the messages to kill computers. 8)
Haha, that I didn't think of  :Thmbsup:

first thing I thought too - are we especially paranoid Deo or just realistic ... :-\

thanks as ever Ethyar, nice new avatar too!
Tom

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: Edition 48
« Reply #6 on: November 30, 2008, 04:40:56 AM »
#6: Great until the bad guys can fake the messages to kill computers. 8)
Haha, that I didn't think of  :Thmbsup:

first thing I thought too - are we especially paranoid Deo or just realistic ... :-\

thanks as ever Ethyar, nice new avatar too!
Oh no, I hope this isn't grounds to kick me out of the tin-foil-hat brigade :o Please, at least I mentioned the possibility of it being hacked, have mercy  ;)

Thanks for the compliment tomos, I think I might start a thread about favorite fractals or something, because these are REALLY worth seeing.

Ehtyar.

city_zen

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 121
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 48
« Reply #7 on: November 30, 2008, 09:33:30 PM »
Great issue, Ehtyar  :Thmbsup:

On a lighter note:
but if all else fails, try this ;)
;D
I didn't know that site existed


I'll have what she's having

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: Edition 48
« Reply #8 on: December 01, 2008, 12:15:02 AM »
On a lighter note:
but if all else fails, try this ;)
;D
I didn't know that site existed
Got it from a co-worker last week, been dying to use it :P

Ehtyar.

mahesh2k

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,412
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 48
« Reply #9 on: December 01, 2008, 02:32:59 AM »
Great issue ehtyar

#7 was good one

scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 637
  • I will eat Cody someday.
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 48
« Reply #10 on: December 09, 2008, 06:43:39 AM »
On a lighter note:
but if all else fails, try this ;)
;D
I didn't know that site existed
Got it from a co-worker last week, been dying to use it :P

Ehtyar.

It's also multilanguage.
IT PWNZ!