Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • September 04, 2015, 04:08:27 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Tech News Weekly: Edition 07-09  (Read 4936 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Read more about this member.
    • Donate to Member
Tech News Weekly: Edition 07-09
« on: February 13, 2009, 05:31:32 PM »
The Weekly Tech News
TNWeekly01.gifHi all.
Hope you're all partying hard for 1234567890 ;)
As usual, you can find last week's news here.


1. Hacker Site Claims Breach of Third Security Firm Web Site in a Week
Spoiler
http://news.cnet.com/8301-1009_3-10161874-83.html
HackersBlog claims the websites of security firms Kaspersky, BitDefender and F-Secure have been breached via various SQL injection and cross-site scripting attacks.

Quote
HackersBlog publicized on its site that it had breached the U.S. Web site of Moscow-based firm Kaspersky on Saturday and the Portugal site of BitDefender on Monday using the same attack techniques.

Kaspersky said on Monday that no sensitive or customer data had been exposed in the breach and that it would ask a database expert to audit its systems. BitDefender said the site that had been breached belonged to an unnamed partner and no customer data was stolen.


2. HP Printer Hack Risk Prompts Update
Spoiler
http://www.theregister.co.uk/2009/02/09/hp_printer_firmware_update/
Several HP printer series have vulnerabilities in their firmware that could allow an attacker to gain access to documents sent to the printer via the web administration panel.

Quote
Users of HP LaserJet printers need to apply a firmware update following the discovery of a potentially troublesome vulnerability.

The security bug creates a means for hackers to gain access to files sent to printers via the web administration console on vulnerable machines. A security advisory from HP explains various versions of its HP Digital Senders as well as HP LaserJet printers and HP Color LaserJet printers are all potentially vulnerable.

Users of HP LaserJet 2410, 2420, 2430, 4250, 4350, 9040, and 9050 series all need to upgrade their printer's firmware software to a secure version. HP Color LaserJet 4730mfp, HP Color LaserJet 9500mfp and HP 9200C Digital Sender users also need to update.


3. Houston Justice System Laid Low by Conficker Worm
Spoiler
http://www.theregister.co.uk/2009/02/09/houston_malware_infection/
Yet another corporate network falls prey to Conflicker/Downadup.

Quote
The justice system in Houston was thrown into disarray late last week after the infamous Conficker (Downadup) worm infected key systems.

The infection forced municipal courts in the Texan city to shut down on Friday, and police had to temporarily stop making arrests for minor offences, such as those for outstanding traffic warrants or minor drug possession. "The people we pull over with outstanding traffic warrants will be issued a citation rather than being taken to jail," explained Houston Police Department spokesman John Cannon. "Anyone suspected of a violent crime will be taken to jail. We’re not cutting back on that."

Meanwhile, bail bonds agencies report that the process of releasing prisoners and handling bond payments has slowed to a crawl.


4. Win 7 and Smartphones Targeted in Pwn2own Challenge
Spoiler
http://www.theregister.co.uk/2009/02/12/pwn2own_preview/
The next Pwn2Own contest on the 16th of March will feature Windows 7 and Smartphones.

Quote
An annual hacking challenge has put the security of browsers and smartphones in the firing line.

The latest Pwn2own contest at CanSecWest next month will reportedly include challenges involving hacking into browser packages running on Windows 7 PCs and a separate contest involving breaking into next-generation smartphones. 3Com's TippingPoint security division is to sponsor both contests, due to take place at the Vancouver conference from 16 March.


5. A Promising New Key Management Standards Effort
Spoiler
http://news.cnet.com/8301-1009_3-10163186-83.html
Several of the big guns in IT have banded together to produce a new standard for encryption key management. Unfortunately, technical details are sketchy.

Quote
At ESG, we have this concept called ubiquitous encryption. As more and more encryption technologies are baked into products and enter the enterprise, data will likely be encrypted everywhere--on hard drives, networks, database columns, file systems, tape drives, portable media, etc.

Good news for data confidentiality and integrity but all of this encryption means tons of new encryption keys to create, protect, and manage. This situation has scared me for a while. If encryption keys are stolen, they can easily unlock secret data. If encryption keys are lost, critical data can turn into useless 1s and 0s.


6. Personal Data Of 45,000 Exposed In FAA Data Breach
Spoiler
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=213402894
The US Federal Aviation Administration has suffered a data breach that has exposed that details of some 45,000 staff. It is not known how the data was exposed.

Quote
The Federal Aviation Administration (FAA) is warning some 45,000 employees that their personal data may have been compromised in a hack of one of its computer systems.

A notice about the FAA breach says that "an agency computer was illegally accessed and employee personal identity information was stolen electronically." Affected employees will receive individual letters to notify them about the breach, the notice says.


7. Security Websites Hit By Big DDoS Attack
Spoiler
http://darkreading.com/security/attacks/showArticle.jhtml?articleID=213402595
Security site Metasploit has been subjected DDoS attacks comprised of up to 80,000 hits per second.

Quote
Several renowned white-hat hacker security sites have been hit during the past few days with a distributed denial-of-service attack (DDoS). Immunity, Milw0rm, and Packet Storm were in the clear as of this posting, but attackers were still hammering away at Metasploit.

The attackers behind the DDoS -- which began on Feb. 6 and continued through the weekend on most of the sites -- deployed a massive botnet of some 80,000 zombies to flood the sites' domains with HTTP requests, according to Cisco researchers.


8. Cracking Down On Conficker: Kaspersky, OpenDNS Join Forces
Spoiler
http://arstechnica.com/business/news/2009/02/cracking-down-on-conficker-kaspersky-opendns-join-forces.ars
Kaspersky and OpenDNS will be working together to try to stop Conflicker from spreading.

Quote
The Conficker botnet is proving to be a feisty bit of malware. It may never become a problem of Storm-sized proportions, but Conficker's authors seem determined to keep their system in play. Team White Hat, however, isn't giving up—OpenDNS and Kaspersky Lab announced on Monday, February 9 that they'd be working together to prevent Conficker from spreading once it's infected a network. There are two components to the new approach. First, Kaspersky Labs is capable of predicting what domains Conficker will attempt to contact, while OpenDNS' Botnet Protection feature prevents those domains from resolving internally. The result—at least in theory—is a cooped-up Conficker.

The problem the two companies are trying to address dates back to a new version of Conficker we first covered three weeks ago. Dubbed Conficker.B, the newer model is capable of spreading via USB stick and attempts to crack the passwords of other local systems. Once it has found additional systems to sink its hooks into, Conficker fires up and begins spreading itself across the network; only one system need remain unpatched for an entire network of systems to become infected.


9.  Mozilla Call for EU Intervention in Browser War is Troubling
Spoiler
http://arstechnica.com/open-source/news/2009/02/mozilla-call-for-eu-intervention-in-browser-war-is-troubling.ars
Mozilla is backing calls from Opera for the EU to impose sanctions on Microsoft for including Internet Explorer in their operating system.

Quote
Mozilla Foundation chairperson Mitchell Baker contends that the inclusion of Microsoft's Internet Explorer web browser in the Windows operating system represents an ongoing threat to competition and innovation on the Internet. She supports the European Commission's investigation of Microsoft's bundling tactics and believes that remedies are needed to address Microsoft's alleged abuses. To that end, Mozilla intends to assist the commission by offering expertise about the browser market.

The European Commission (EC) issued a finding last month declaring that Microsoft has abused its dominant position as an operating system vendor by tying its web browser to the Windows platform. The commission has sent a Statement of Objections to Microsoft which outlines the basis for the accusation. Microsoft will be given the opportunity to respond in formal hearings before the EU evaluates the possibility of imposing fines or other remedies.


10. A Farewell to Palm(O)s: Company Stakes Future On WebOS
Spoiler
http://arstechnica.com/gadgets/news/2009/02/a-farewell-to-palm-os-company-stakes-future-on-webos.ars
PalmOS will be laid to rest as Palm's new WebOS takes over.

Quote
Palm's Pre debuted with a bang at CES this past January and was arguably the star of the show. Palm has struggled to remain a relevant, profitable player in the smartphone market for years; the company's last major smartphone (the Centro, released in the fall of 2007) was reasonably well-received, but it couldn't entirely negate the barrage of negative criticism that hit Palm following the cancellation of the ill-fated Foleo.

In a meeting with investors today, Palm President and CEO Ed Colligan confirmed that the company intends to leave its past behind and to devote itself entirely to its new webOS—after twelve-plus years, Palm OS is finally headed for retirement.


11. Moonlight 1.0 Brings Silverlight to Linux
Spoiler
http://arstechnica.com/open-source/news/2009/02/moonlight-10-brings-silverlight-to-linux.ars
Moonlight has officially gone gold, bringing Silverlight 1.0 compatibility to the Linux platform.

Quote
Novell has announced the official 1.0 release of Moonlight, an open source implementation of Microsoft's Silverlight rich Internet application framework. This release will make it possible for users of the Linux operating system to view content that is compatible with Silverlight 1.0.

The Moonlight project emerged in 2007, shortly after Microsoft unveiled Silverlight at the MIX conference. When Microsoft officially released Silverlight 1.0, the company announced plans to provide specifications and test suites to Novell in order to facilitate development of a Linux-compatible version. Moonlight has evolved significantly over the past year and is now ready for widespread use.


12. Russian and US Satellites Collide
Spoiler
http://news.bbc.co.uk/2/hi/science/nature/7885051.stm
Two communications satellites, one Russian, and one US, have collided in orbit.

Quote
The US commercial Iridium spacecraft hit a defunct Russian satellite at an altitude of about 800km (500 miles) over Siberia on Tuesday, Nasa said.

The risk to the International Space Station and a shuttle launch planned for later this month is said to be low.

The impact produced a cloud of debris, which will be tracked into the future.


13. Unix Lovers to Party Like It's 1234567890
Spoiler
http://blog.wired.com/gadgets/2009/02/unix-lovers-to.html
On Friday the 13th, 2009 at 11:31:30pm UTC (here in Aussie land that will be Saturday the 14th at 10:31:30am) the UNIX timestamp will reach 1234567890. This article was posted as close to that time as I could manage. To find out when it happened for you, try executing perl -e "print scalar localtime(1234567890);".

Quote
Unix weenies everywhere will be partying like it's 1234567890 this Friday.

That's because, at precisely 3:31:30 p.m. Pacific time on February 13, 2009, the 10-digit "epoch time" clock used by most Unix computers will display all ten decimal digits in sequence. (That's 6:31:30 Eastern, or 23:31:30 UTC.)


14. [NSFW] Sony Releases New Stupid Piece Of S**t That Doesn't F**king Work
Spoiler
http://www.theonion.com/content/video/sony_releases_new_stupid_piece_of
Discussion started by justice: http://www.donationcoder.com/forum/index.php?topic=16990.0
The Onion News Network reports on Sony's new "retarded hunk of garbage" which hit the shelves this week.

onion.png



Ehtyar.
« Last Edit: February 16, 2009, 04:43:27 AM by Ehtyar »

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 06-09
« Reply #1 on: February 13, 2009, 11:12:58 PM »
yeah! nice selection this time: security is always important imho ("safety first - safety always"), and also it is important to note you can't buy security...


ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • default avatar
  • Posts: 2,718
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 06-09
« Reply #2 on: February 14, 2009, 03:19:31 AM »
From the article related to 12:

Quote
Since the Soviets launched Sputnik in 1957, it is estimated about 6,000 satellites have been put in orbit.

Satellite operators are all too aware that the chances of a collision are increasing.

Perhaps people will start betting on collisions in the not-so-distant future...

Quote
Nicholas Johnson, an orbital debris expert at the Johnson Space Center in Houston, was quoted by the Associated Press as saying that the Hubble Space Telescope and Earth-observing satellites at higher orbits and closer to the collision site were at greater risk of damage.

Wow, I guess I should have expected it, but there are "orbital debris experts"?

Thanks -- and it's nice to see space-related things again  :Thmbsup:

bgd77

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 203
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 06-09
« Reply #3 on: February 15, 2009, 07:49:31 AM »
On point 9, I have a question for the European Commission. If Windows will come without Internet Explorer, how will the people download another browser from the web?

Thanks for the news, Ehtyar!

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 06-09
« Reply #4 on: February 15, 2009, 01:02:03 PM »
On point 9, I have a question for the European Commission. If Windows will come without Internet Explorer, how will the people download another browser from the web?

Easy. Including a simple app which lists the available browsers for Windows, and fetches the selected one from the developer's site. Or providing them via Windows Update. Or developing a replacement for Windows Update mimicking the functionality of Linux package managers, that is, providing and updating all the software available for the OS, including libraries and the like.

Another thing is how convenient that would be, or even if it is desirable.
« Last Edit: February 17, 2009, 02:48:14 PM by Lashiec »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 35,013
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Donate to Member
Re: Tech News Weekly: Edition 06-09
« Reply #5 on: February 16, 2009, 12:18:42 AM »
shouldnt this be 07-09 edition?

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: Edition 07-09
« Reply #6 on: February 16, 2009, 04:43:46 AM »
Crap.

Ehtyar.

P.S. Ty Mouse Man.