topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 6:55 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Tech News Weekly: Edition 02-09  (Read 12889 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Tech News Weekly: Edition 02-09
« on: January 10, 2009, 03:41 PM »
The Weekly Tech News
TNWeekly01.gifHi all.
To add a little humour the what is usually just a list of bad events taking place in the IT realm, the final article for each week will now be my favorite video or article from The Onion News Network for the week. I hope you like it :)
As usual, you can find last week's news here.


1. Password Guessing Attack Exposed in Twitter Pwn
Spoiler
http://www.theregister.co.uk/2009/01/07/twitter_hack_explained/
The account of a Twitter admin was compromised recently via a dictionary attack, and was used to deface the accounts of several prominent tweeters.

Miscreants broke into Twitter's admin system on Sunday night using a simple password guessing hack, it has emerged.

A teenage hacker, known in the digital underground as GMZ, claims he obtained access to the micro-blogging site’s admin controls using a brute force dictionary attack. After guessing the login identity of an administrator, in part based on the large number of people she followed, GMZ ran an automated password guessing program overnight to reveal that 'Crystal' used the eminently guessable password of "happiness". The 18-year-old student then used these details to offer up access to Twitter accounts on request through Digital Gangster, an underground hacker forum, Wired reports.

The move enabled griefers to break into the Twitter feeds of the likes of Britney Spears, Fox News and US President-Elect Barack Obama on Monday to push out bogus messages. GMZ sat on the sidelines during this attack because he had failed to use a proxy during his password cracking attack, making him more at risk of identification.


2. Boffin Brings 'Write Once, Run Anywhere' to Cisco Hijacks
Spoiler
http://www.theregister.co.uk/2009/01/05/cisco_router_hijacking/
http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=212700896
Felix Lindner of Recurity Labs has finally answered the age-old question of how to target multiple IOS versions with a single exploit. Admins, start your engines... I hope word man was sitting on a plastic-covered chair for this one ;)

A researcher has discovered a way to reliably exploit a known security vulnerability in a wide class of Cisco System routers, a finding that for the first time allows attackers to hijack millions of devices with a single piece of code.

The discovery by Felix "FX" Lindner of Recurity Labs in Berlin brings the write-once-run-anywhere approach of software development to the dark art of compromising routers that form the core of the internet. Previously, reliable exploit code had to be specifically fashioned to one of more than 15,000 different supported builds of IOS, or Internet Operating System, which run various Cisco devices.


3. Researchers Poke Holes in Intel's Anti-tampering Tech
Spoiler
http://www.theregister.co.uk/2009/01/07/intel_vpro_hack/
Details regarding bypass of Intel's Trusted Execution Technology (TXT) are due to be unveiled at the next Black Hat Conference.

A practical attack on Intel's trusted execution technology (TXT) is due to be demonstrated at a hacking conference next month.

Security researchers from Invisible Things Lab have created a technique for compromising the integrity of software loaded via TXT, a key component in Intel's Safer Computing Initiative and part of the chip giant's vPro brand. Intel's TXT technology - which aims to protect systems against tampering - hooks into CPUs and chipsets as well as featuring use of Trusted Platform Module 1.2 (TPM) technology.

For example, the technology ensures programs running on a virtual machine are free to go about their business without interference from other (potentially malicious) packages loaded onto the same system. It also has applications in Digital Rights Management.


4. VeriSign Remedies Massive SSL Blunder (kinda, Sorta)
Spoiler
http://www.theregister.co.uk/2009/01/09/verisign_ssl_remedy/
In response to a story published last week Verisgn claim to have fixed the vulnerability discovered in SSL certificates.

After being publicly outed issuing web credentials that were vulnerable to attacks that could allow criminals to spoof the encryption certificates of any website on the internet, VeriSign has issued assurances it has neutralized any real-world threat.

Tim Callan, vice president of VeriSign's product marketing, has said that within hours of last week's news that researchers had uncovered a devastating weakness in secure sockets layer certificates issued by VeriSign subsidiary RapidSSL, the company made changes to ensure all its SSL products were immune to the attacks.

As usual, the truth is a little more complicated.


5. 'Curse of Silence' Smartphone Flaw Disclosed
Spoiler
http://news.cnet.com/8301-1009_3-10130499-83.html
Certain older versions of Nokia's Symbian OS for mobile phones has been found to be susceptible to a buffer overflow vulnerability triggered by a speciall crafted SMS that in certain cases prevents the user from receiving further SMS messages.

A denial-of-service attack that limits the number of SMS messages that can be received by Nokia smartphones has been disclosed and demonstrated.

Dubbed the "curse of silence" by German security researcher Tobias Engel, the attack occurs when Nokia Series 60 phones are sent a malformed e-mail message via SMS (Short Message Service). Engel demonstrated the attack on Tuesday at the Chaos Communication Congress in Berlin, according to a blog post by security vendor F-Secure.


6. Interface Controlled by Hand Gestures
Spoiler
http://www.wired.com/video/latest-videos/latest/1815816633/conceptual-interface-is-controlled-by-hand-gestures/6750621001
Toshiba has shown off concept hardware at CES capable of reading hand gestures for input.

At CES 2009, Toshiba showed off a conceptual computer interface that uses hand gestures for control. With simple motion sensing technology and a software interface, Toshiba hopes to open up applications for video games and other interactive media.


7. Microsoft Begins Windows 7 Push
Spoiler
http://news.bbc.co.uk/2/hi/technology/7817190.stm
Windows 7 Thread: https://www.donationcoder.com/forum/index.php?topic=15107
Windows BETA Thread: https://www.donationcoder.com/forum/index.php?topic=16482
Microsoft were set to make Windows 7 BETA available to the public on Jan 9, but it appears you'll have to torrent this one too as they were unable to meet demand.

Microsoft boss Steve Ballmer used his keynote speech at CES to announce that software developers would get at the trial version on 7 January.

On 9 January members of the public will get the chance to download the successor to Windows for themselves.

Mr Ballmer said Windows 7 would be the pivot of a broader Microsoft push to improve the way its separate software and service families work together.


8. Another DNS Flaw
Spoiler
http://www.internetnews.com/security/article.php/3795311/Another+DNS+flaw.htm
Another DNS flaw has been discovered in the implemntaton of DNSSEC in BIND. The flaw has already been patched, and there don't appear to be any exploits in the wild.

Security researcher Dan Kaminsky made headlines last year when he discovered a critical DNS flaw. If left unpatched it could have crippled vast parts of the Internet.

As 2009 starts up, a new DNS flaw has emerged, but the severity of the threat is less pronounced.

ISC (Internet Systems Consortium) the group leading development of the open source BIND DNS server that dominates the Internet, quietly issued a patch to multiple versions of BIND this week.


9. DOCSIS 3.0 Laggard Charter Files Patent Suit Against Verizon
Spoiler
http://arstechnica.com/news.ars/post/20090108-docsis-3-0-laggard-charter-files-patent-suit-against-verizon.html
Charter has filed suit against Verizon for patent infringement after Verizon offered video on demand services that blew Charter's offering out of the water.

If you're an incumbent cable operator who has had the TV market to yourself for several years only to be challenged by an upstart that offers a better service, you've got two options: ratchet up your own offerings or sue the upstart. Faced with an incursion by Verizon's FiOS TV and Internet service into some of its territories, Charter is apparently going with door number two, filing a patent infringement lawsuit against Verizon on the last day of 2008.

At issue are four patents owned by Charter covering video-on-demand services, dynamic pricing for subscription-on-demand services, and a pair of patents covering data transmission. The most interesting appear to be the three patents which relate to video transmission. One patent, 6826197, seems rather generic, describing a data packet with a header, routing information field, data field, data payload, and error correction field. It does have the capability of "efficiently propagating a payload through a multi-user, digital video distribution system," however.


10. Kiwis Rally Opposition to NZ Copyright Bill
Spoiler
http://arstechnica.com/news.ars/post/20090106-kiwis-rally-opposition-to-nz-copyright-bill.html
It appears New Zealand is following Australia's lead in tyranny of the internet, proposing a new law that would see "suspected copyright infringers" cut off from the internet.

Borrowing the "Not in My Name" slogan popularized by anti-war and pro-Palestinian activists, New Zealand's newborn Creative Freedom Foundation is leading a petition drive to block implementation of copyright legislation slated to take effect at the end of February. Critics charge that Section 92 of the Copyright (New Technologies) Amendment Act, enacted this past April, requires ISPs to act on a principle of "guilt upon accusation," cutting off the Internet connections of users merely alleged to be violating copyright.

Section 92 has also drawn the ire of New Zealand's ISPs, under the umbrella of the Telecommunications Carriers' Forum, which has blasted the reform as "a deeply flawed law that undermines fundamental rights and simply will not work.” Jamie Baddeley, who heads the country's ISP trade association, argues that the legislation, which makes providers legally liable for failing to delete infringing material and disconnect infringers, "has the potential to put some of our smaller innovative members out of business."


11. Apple Introduces Revolutionary New Laptop With No Keyboard
Spoiler
http://www.theonion.com/content/node/92328
Discussion thread by CodeByter: https://www.donationcoder.com/forum/index.php?topic=16449.0
Apple has unveiled a revolutionary new laptop that has completely replaced the keyboard with something very...Apple.

wheel.png




Ehtyar.
« Last Edit: January 10, 2009, 03:58 PM by Ehtyar »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,958
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 02-09
« Reply #1 on: January 10, 2009, 05:30 PM »
thanks as ever Ethyar :)

this headline has to win "laugh of the evening" (in spite of the onions presence)

4. VeriSign Remedies Massive SSL Blunder (kinda, Sorta)
Tom

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 02-09
« Reply #2 on: January 10, 2009, 06:16 PM »
interesting collection again

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 02-09
« Reply #3 on: January 10, 2009, 06:40 PM »
Thanks guys :)

Pretty pathetic that VeriSign can get away with a claim like that when it clearly won't fix any attack that potentially took place before the fix came into effect.

Ehtyar.

P.S. tomos, it's Ehtyar not Ethyar ;)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,746
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: Edition 02-09
« Reply #4 on: January 11, 2009, 12:01 AM »
Thanks again Ehtyar! I don't really have anything to say about the news articles that I didn't already say in their respective threads, but thanks for compiling the list and all that. :)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 02-09
« Reply #5 on: January 11, 2009, 12:11 AM »
Most welcome Deo :)

Ehtyar.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: Edition 02-09
« Reply #6 on: January 11, 2009, 12:44 AM »
great stuff as always  :up:

Codebyte

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 160
  • "Premature Optimization is the root of all evil."
    • View Profile
    • CodeByter.com
    • Donate to Member
Re: Tech News Weekly: Edition 02-09
« Reply #7 on: January 11, 2009, 01:10 AM »
Thanks much Ehtyar :)
CodeByter.com - http://www.codebyter.com

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 02-09
« Reply #8 on: January 11, 2009, 01:21 AM »
Ty guys :)
Er...at what point do the participance icons wrap to a second line? :P

Ehtyar.

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 02-09
« Reply #9 on: January 11, 2009, 02:35 AM »

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 02-09
« Reply #10 on: January 11, 2009, 08:07 AM »
it's a good thing our multi-touch console at the c-base looks like a table: its users won't suffer from a gorilla arm. It's also easy to clean, the surface is quite scratch-resistant.