topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 7:01 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Tech News Weekly: Edition 50  (Read 8509 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Tech News Weekly: Edition 50
« on: December 12, 2008, 03:17 PM »
The Weekly Tech News
TNWeekly01.gifHi all.
I got a "meh" from Mouse Man this morning when I mentioned the expand all button, so I guess we'll be waiting longer for that :( But perhaps some tech news will lift your spirits :P
As usual, you can find last week's news here.


1. Microsoft Fixes 28 Flaws; 6 Are Critical
Spoiler
http://news.cnet.com/8301-1009_3-10119227-83.html
http://www.theregister.co.uk/2008/12/10/ms_patch_tuesday_december/
Microsoft has released its biggest ever patch tuesday update, and includes its new "Exploitability Index" to aid administrators in determining the possibility a vulnerability will be exploited in the wild.

Microsoft on Tuesday released its December 2008 security bulletin. The "critical" bulletins affect Windows GDI, Word, Excel, Internet Explorer and Windows Search. The "important" updates affect SharePoint and Windows Media Components.

Microsoft is including within each bulletin an "exploitability index" to help system administrators prioritize the patches. All Microsoft security patches for both Windows and Office software are available via Microsoft Update.


2. Exploit for Unpatched WordPad, IE Flaws in the Wild
Spoiler
http://arstechnica.com/journals/microsoft.ars/2008/12/10/exploit-for-unpatched-wordpad-ie-flaws-in-the-wild
An exploit is wild for a vulnerability not patched this month, in WordPad. The exploit involves opening a specially crafted word document in WordPad. The exploit is currently spread via email, using a .wri extensions for the document so as to be certain it opens in WordPad and not Word itself.

Yesterday Microsoft released patches for some 28 flaws in Windows, IE, and Office, most of them critical, in the largest ever Patch Tuesday update. The company also issued a bulletin for another critical flaw—but this one didn't receive a patch, and there are exploits in the wild. The flaw is in WordPad; specifically, in WordPad's converter for opening Word 97 documents, which can be made to execute arbitrary code when given a suitably crafted file.

This flaw does not affect all versions of Windows. Windows 2000, XP with Service Pack 2, and Windows Server 2003 (all versions) are affected; however, XP with Service Pack 3 (slightly surprisingly), Vista, and Windows Server 2008 are not. Accordingly, XP SP2 users can therefore protect themselves simply by installing the current Service Pack. Users of other affected systems can disable the flawed component (details are contained within Microsoft's bulletin), or just sit tight to see how the company responds. There is no word yet of an out-of-cycle update, so as things stand it looks like this flaw may not be fixed until the next Patch Tuesday, which will be January 13, 2009.


3. Security Chief Window Snyder Leaving Mozilla
Spoiler
http://security.blogs.techtarget.com/2008/12/10/security-chief-window-snyder-leaving-mozilla/
Head of security at Mozilla, Window Snyder, is leaving Mozilla to help establish a new start-up venture.

Window Snyder, the head of security at Mozilla, is leaving the company to help found a start-up venture unrelated to security. Snyder has been at Mozilla for more than two years and has been the driving force behind the company’s effort to make security a top priority in its popular Firefox browser.

 Snyder’s departure is a blow to Mozilla, a small organization that counts on participation from the open-source community for much of its work. Snyder has helped raise the company’s profile in the security community and made transparency about security issues a key initiative. The company currently is working on a  security metrics project with security analyst Rich Mogull of Securosis that is designed to measure the relative security of Firefox in a number of different ways.


4. Computer Scientists Find Audio CAPTCHAs Easy to Crack
Spoiler
http://arstechnica.com/news.ars/post/20081208-computer-scientists-find-audio-captchas-easy-to-crack.html
Audible CAPTCHAs may be next on the menu for those attemping to automate signing up to online services as they're apparently easier to crack than their well developed image-based cousins.

The Carnegie-Mellon University team behind the reCAPTCHA service is continuing to expand its effort to mix basic security and useful work. CAPTCHAs are the distorted text that helps various online services ensure that the entity opening an account is a human, not a bot bent on using the service to dish out spam. The reCAPTCHA service puts the mental horsepower need to interpret these images to good use, harnessing it to identify text in scanned books where OCR software has failed. Now, the team has turned its attention to the audio CAPTCHAs used by the visually impaired.

Audio CAPTCHAs consist of a string of spoken characters, typically masked and distorted by a form of background noise. To start with, the researchers looked into the security of existing audio CAPTCHAs used by Google and Digg. In a paper that will be presented later this week at the Neural Information Processing Systems Conference, the authors demonstrate that these are relatively easy to crack.


5. More SHA-3 News
Spoiler
http://www.schneier.com/blog/archives/2008/12/more_sha-3_news.html
NIST has officially brought the SHA-3 competition into its first round, publishing all 51 candidates publicly, excluding those already broken.

NIST has published all 51 first-round candidates. (Presumably the other submissions -- we heard they received 64 -- were rejected because they weren't complete.) You can download the submission package from the NIST page. The SHA-3 Zoo is still the best source for up-to-date cryptanalysis information.

Various people have been trying to benchmark the performance of the candidates, but -- of course -- results depend on what metrics you choose.


6. Koobface Worm Targets MySpace, Other Sites
Spoiler
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212400218
Against my better judgment, I'm posting yet another Koobface story. Though this time it appears the newest Koobface variant is attempting to spread to other social networking sites.

The Koobface worm which has plagued the Facebook social networking site during the past week, is now targeting MySpace, Bebo, and other sites as well, security researchers warn.

Researchers at security vendor F-Secure said yesterday in a blog about the Koobface worm that the new infection is designed to spread to other popular social networking sites, including MyYearbook.com, BlackPlanet.com, and Friendster.com.


7. Sony Pays $1M to FTC for Illegally Collecting Data On Kids
Spoiler
http://arstechnica.com/news.ars/post/20081211-sony-pays-1m-to-ftc-for-illegally-collecting-data-on-kids.html
Sony BMG has copped a $1 million fine, among the biggest ever for a case of this kind, to the US Federal Trade Commission for its violation of the Children's Online Privacy Protection Act by collecting information from children under the age of 13 without their parent's consent.

Sony BMG will pay $1 million to the Federal Trade Commission to settle charges that it violated the Children's Online Privacy Protection Act (COPPA) by collecting information on users under the age of 13 without their parents' consent. The FTC says that the civil penalty will match the largest penalty ever paid out in a COPPA case.

The FTC filed a lawsuit against Sony BMG just yesterday in the US District Court in Manhattan. The Commission, suing on behalf of the United States, said that Sony has been operating a number of websites since 2004 in order to promote and advertise its music offerings,. These sites—many of which contain social networking functionality that allow users to create profiles and interact with others—apparently did not restrict users under the age of 13 from registering, despite the fact that the sites claimed that users under 13 would not be able to use the sites.


8. Sun Closes 'future' Pay-per-use Utility Computing Service
Spoiler
http://www.theregister.co.uk/2008/12/10/sun_closes_cloud/
Sun has decided to close its computer processing rental service, Network.com, after determining the business model was not as successful as they'd hoped.

Sun Microsystems has killed its once high-profile utility computing experiment, Network.com, which let customers buy computing power by the hour.

The company revealed it's no longer accepting new customers after four years, saying parts of the business and technology model "were not in the sweet spot". The 13 customers and 48 applications using Network.com are will be offered continued service.


9. FSF Sues Cisco
Spoiler
http://www.fsf.org/blogs/licensing/2008-12-cisco-complaint
The FSF has finally run out of patience, and has marked the 5th year of its battles to have CISCO properly comply with the GPL on GNU code it uses, by filing suit.

The FSF has sued Cisco for damages regarding their continued violations of the GPL and LGPL by not distributing source for FSF code in a long list of products:

Defendant distributed Plaintiff’s Programs in this manner in the Firmware for Linksys’ models EFG120, EFG250, NAS200, SPA400, WAG300N, WAP4400N, WIP300, WMA11B, WRT54GL, WRV200, WRV54G, and WVC54GC, and in the program Quick-VPN.


10. Google Chrome Out of Beta, Official 1.0 Release Available
Spoiler
http://blog.wired.com/business/2008/12/chrome-10.html
Google has brought Chrome out of BETA with an official v1.0 release. Don't suppose that means they'll stop exploiting it to datamine users?

Google has officially released a 1.0 version of its Chrome web browser, dropping the beta status after a mere one hundred days. It might seem an astounding move for a company best known for keeping projects in an indefinite beta status (Gmail is going on five years as a beta), but Google Chrome isn't just another web app, it's desktop software and to compete with Internet Explorer, Chrome needs to be 1.0.

Unfortunately for Chrome fans there isn't much new in the 1.0 release (nor is there any news on the much-anticipated Mac and Linux versions). Google has been fixing bugs and adding some small new features as the beta progressed — like much improved privacy controls. However, Chrome still lacks some basic web browser features such as reliable RSS detection and form auto-filling tools.


11. Don't Be 404, Know the Tech Slang
Spoiler
http://news.bbc.co.uk/2/hi/technology/7775013.stm
And now for this weeks odd article. Apparently, the tech industries penchant for acronyms and numeric error codes has translated in verbal and written slang.

A study of new slang terms entering English finds that technology is driving and perpetuating them.

For instance, "404" - the error message given when a browser cannot find a webpage - has come to mean "clueless".


Ehtyar.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 50
« Reply #1 on: December 12, 2008, 05:50 PM »
I'd forgotten about the Friday night tech read :-) thanks as ever Ethyar :Thmbsup:

#11 especially enjoyed that read - I send text messages abroad a lot so tend to abbreviate a lot (to cut down on costs) - with some confusing results at the other end.
gotta say though, I often havent a clue what youse are on about in the irc world LOL
Tom

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 50
« Reply #2 on: December 12, 2008, 05:55 PM »
LOL, indeed irc can get a bit too abbreviated, though I think it most cases it's just an entire lack of grammar that throws people ;)
#11 I just had to add because...well...(404 = clueless) == ROFL

Ehtyar.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: Edition 50
« Reply #3 on: December 12, 2008, 08:18 PM »
#2 - Good thing for me WordPad is one of the first things I removed from Windows after a fresh install.

#3 - His name is really "Window"?

#7 - Sony just can't seem to do much right for the past few years. Has anyone heard any stories about when Sony has done something right?

#10 - So how many Google applications/services have graduated beta and made it to official 1.0 status (or above)?

#11 - 404 means clueless? That's not even close to what the 404 message means. I think people who use "404" to say "clueless" are the clueless ones. :P

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 50
« Reply #4 on: December 12, 2008, 08:31 PM »
#2 - Good thing for me WordPad is one of the first things I removed from Windows after a fresh install.

#3 - His name is really "Window"?

#7 - Sony just can't seem to do much right for the past few years. Has anyone heard any stories about when Sony has done something right?

#10 - So how many Google applications/services have graduated beta and made it to official 1.0 status (or above)?

#11 - 404 means clueless? That's not even close to what the 404 message means. I think people who use "404" to say "clueless" are the clueless ones. :P
#2 Well one would hope you're bright enough to not be opening unfamiliar attachments in your email :P
#3 Her name is really "Window" yes.
#7 No :P
#10 This is the first? lol
#11 Perhaps like 500 or 408 would have been more appropriate, but really...how often do you see those?

Ehtyar.

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 50
« Reply #5 on: December 17, 2008, 08:44 PM »
Thanks for your continued efforts  :Thmbsup:

Re: 11 -- folks in East Asia wouldn't want to be 404 anyway:

https://secure.wikim.../en/wiki/Tetraphobia

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 50
« Reply #6 on: December 18, 2008, 05:38 AM »
Thanks for your continued efforts  :Thmbsup:

Re: 11 -- folks in East Asia wouldn't want to be 404 anyway:

https://secure.wikim.../en/wiki/Tetraphobia
Haha, your replies are always so amusing/interesting ewemoa, thank you :)

Ehtyar.

zridling

  • Friend of the Site
  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 3,299
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 50
« Reply #7 on: December 18, 2008, 06:19 AM »
9. FSF Sues Cisco

Good for them. The "cost" of using GPL'd code is giving back. Otherwise, you use LGPL code (Lesser GPL). It ain't rocket science, but Cisco thinks they should profit from others' work. Lord knows the RIAA wolves would slice them to pieces.