Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 06, 2016, 04:15:44 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Tech News Weekly: Edition 09-09  (Read 4141 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Tech News Weekly: Edition 09-09
« on: February 28, 2009, 08:45:54 PM »
The Weekly Tech News
TNWeekly01.gifHi all.
Thanks to 40hz for #10, definately worth the watch. Also, the article titles are no longer clickable anymore, but are still blue because the black looked absolutely awful. It is my hope that Mouse Man will finally get me my javascript on the forum and I can make the titles expand the spoilers and get rid of those hideous buttons.
As usual, you can find last week's news here.


1. Attackers Targeting Unpatched Vulnerability in Excel 2007
Spoiler
http://www.infoworld.com/article/09/02/24/Attackers_targeting_unpatched_vulnerability_in_Excel_2007_1.html
A zero-day in various versions of Microsoft Excel are being actively exploited in the wild. According to Symantec, early versions of the exploit are installing Trojan.Mdropper.AC. The next patch-tuesday will not be until March 9.

Quote
Microsoft's Excel spreadsheet program has a zero-day vulnerability that attackers are exploiting on the Internet.

A zero-day vulnerability is one that does not have a patch and is actively being used to attack computers when it is publicly revealed. Microsoft said Tuesday that it plans to patch the issue, but did not say when. The company's next set of security patches are set to be released March 9.

"At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability," wrote Microsoft Spokesman Bill Sisk in a blog posting. "We are developing a security update for Microsoft Office that addresses this vulnerability."


2. Conficker Variant Dispenses With Need to Phone Home
Spoiler
http://www.theregister.co.uk/2009/02/23/conficker_variant/
A very nice technical write-up: http://mtc.sri.com/Conficker/
Yet another Conflicker (Downadup) variant, Conficker B++, has been found in the wild. The new update permits the authors of the worm to distribute updates from any website on the internet as opposed to only those on the pre-programmed update site list.

Quote
Virus authors have released a new variant of the infamous Conficker (Downadup) worm with enhanced auto-update features.

The changes in the new strain of the malware, dubbed Conficker B++, make it possible for malware authors to push out new code without publishing it on pre-programmed sites, as with earlier variants. The earlier approach has been frustrated by the recent formation of an alliance led by Microsoft geared up to block and take down sites associated with the worm.


3. Unofficial Patch Plugs 0-day Adobe Security Vuln.
Spoiler
http://www.theregister.co.uk/2009/02/24/unofficial_adobe_patch/
Thanks to Adobe playing the part of Johnny-come-lately with the latest vulnerability in its Acrobat Reader product, security researchers have come together to publish an unofficial patch which can be applied prior to Adobe releasing an official patch on March 11.

Quote
Security researchers have developed an unofficial patch for a zero-day Adobe Acrobat and Reader vulnerability that's become the subject of hacker attacks.

Adobe acknowledged the vulnerability last week but said an official patch wouldn't be available until 11 March.

This three week window of vulnerability before an update becomes available is all the more serious because hackers have created a exploit, Shadowserver reports. Malicious PDF's in circulation exploit a vulnerability in a function call not related to JavaScript. JavaScript is used in the malicious PDF but only to "fill the heap with shellcode" (ie to crank up the attack), Shadowserver explains.


4. Key Backer's Change of Heart Endangers Aussie 'Net Filtering
Spoiler
http://arstechnica.com/telecom/news/2009/02/key-backers-change-of-heart-endangers-aussie-net-filtering.ars
Finally, (though he is quite the flip-flop when it suits him) someone has had the sense to call the Australian government on their atrociously ill-advised plan to monitor the internet usage of Australian citizens.

Quote
Australia's controversial plan to implement a mandatory ISP filtering system may crash into a big brick wall after a backer effectively changed teams. Senator Nick Xenophon was previously in favor of a system that would run all citizens' Internet connections through a filter for "illegal" content because it might have also blocked access to online gambling sites. As more and more concerns about the workability of the ambitious plan have been raised, however, he has decided that there are too many unanswered questions and now says he will move to block any legislation that comes through.

The Australian government first revealed its filtering initiative in 2007, which was met with widespread public outcry. Despite this, Australia moved forward with its plans and began testing the system in Tasmania in February of 2008. At the time, the Australian Communications and Media Authority (ACMA) said that the filters would be enabled by default and that consumers would have to request unfiltered connectivity if they wished to opt-out of the program.


5. ICANN Report: New GTLD Program Riddled With Problems, Delayed
Spoiler
http://arstechnica.com/tech-policy/news/2009/02/icann-releases-new-gtld-guidelines.ars
ICANN is inching closer to seeing the light, having delayed the implementation of their expanded gTLD program until December.

Quote
You know that $185,000 you've been saving up to register .zomgilovearstechnica as your very own generic Top Level Domain (gTLD)? It looks like you'll have to wait a bit longer. On Thursday, the Internet Corporation for Assigned Names and Numbers released a revised version of its draft guide to expanded gTLD applications, along with a lengthy analysis of the voluminous comments and critiques they received in response to the first draft. To give themselves time to process a second round of comments, ICANN will push off implementation of the plan from September to December of this year.

Last year, ICANN's directors voted unanimously to move forward with an ambitious plan to massively expand the Net's system of generic Top Level Domains (gTLDs). The proposal would allow anyone able to fork over a princely application fee, along with annual maintenance charges of $75,000, to add their very own gTLD—such as .arstechnica or .blog or .riverrunpasteveandadams—to the familiar roster of 21 existing domain extensions, such as .com and .org. But ICANN's first-draft guidelines for new domains generated an avalanche of critical comments—not least from the US government. It has released a second draft that seeks to address some of those criticisms, as well as a 154-page analysis of the comments they've received—but some critics say the central problems with the proposal remain.


6. EU Group Aims to Eavesdrop On Skype Calls
Spoiler
http://arstechnica.com/tech-policy/news/2009/02/eu-group-aims-to-eavesdrop-on-skype-calls.ars
It seems Skype is becoming ever more the thorn in Intelligence Agencies sides, prevent them from eavesdropping on calls with it's proprietary encryption and p2p connection system.

Quote
As high-tech tools expand the ability of intelligence and law enforcement agencies to sweep up and sort vast quantities of communications traffic, European Union officials worry that encrypted Voice over IP technologies like Skype are leaving criminals with a digital hole in the telecom dragnet. In a statement released this weekend, the Italian arm of the European Union's judicial cooperation agency, Eurojust, announced it would lead an international effort to "overcome the technical and judicial obstacles to the interception of internet telephony systems."

The statement singled out Luxembourg-based Skype as presenting particular problems, because "Skype's encryption system is a secret which the company refuses to share with the authorities." Eurojust officials told reporters that the new initiative comes at the request of Italian authorities concerned that organized crime was resorting to encrypted Skype communications to evade eavesdropping.


7. New Zealand P2P Disconnection Plan Delayed After Outcry
Spoiler
http://arstechnica.com/tech-policy/news/2009/02/new-zealand-p2p-disconnection-plan-delayed-after-outcry.ars
New Zelanders have banded together and forced their government to delay the implementation of their P2P internet cutoff plan.

Quote
As an Internet blackout hit blogs across New Zealand today, the government announced that it would postpone the implementation of its hugely controversial "graduated response" law for dealing with (and eventually disconnecting) repeat P2P copyright infringers.

New Zealand's 1984 Copyright Act was last year amended in numerous ways, but the most controversial has certainly been new section 92A. "An Internet service provider must adopt and reasonably implement a policy that provides for termination, in appropriate circumstances, of the account with that Internet service provider of a repeat infringer," it says.


8. Microsoft Suit Over FAT Patents Could Open OSS Pandora's Box
Spoiler
http://arstechnica.com/microsoft/news/2009/02/microsoft-sues-tomtom-over-fat-patents-in-linux-based-device.ars
Discussion thread by Edvard: http://www.donationcoder.com/forum/index.php?topic=17212
Microsoft have, for the first time, enforced their patent on the FAT filesystem against navigation device maker TomTom. Several of the products involved are Linux-based.

Quote
Microsoft has filed a patent infringement lawsuit against navigation device maker TomTom. The suit alleges that several of TomTom's products, including some that are Linux-based, infringe on a handful of Microsoft's patents. Several of the patents in question relate to car computing systems and navigation, but there are also two that cover Microsoft's FAT32 filesystem. If Microsoft begins to systematically enforce its FAT32 patents, it could have broad ramifications for the Linux platform and for mobile device makers.

The lawsuit, which was reported today at Todd Bishop's Microsoft blog, is thought to be the first time that Microsoft has directly targeted Linux with patent litigation. In an interview with Bishop, Microsoft deputy general counsel for intellectual property Horacio Gutierrez claims that this is not the beginning of a broader intellectual property campaign against Linux. Gutierrez characterizes the lawsuit as a last resort option that Microsoft is pursuing after attempting to negotiate a private settlement with TomTom for over a year.


9. Supreme Court Whacks DSL Antitrust Suit Against AT&T
Spoiler
http://arstechnica.com/telecom/news/2009/02/supreme-court-whacks-dsl-antitrust-suit-against-att.ars
US ISP AT&T have been saved from an antitrust lawsuit alleging that the company is engaging in price squeesing by charging higher rates to wholesale buyers than retail customers by a Supreme Courty Judge who threw the case out.

Quote
The Supreme Court has unanimously rejected a lawsuit against AT&T charging that the telco engaged in "price squeezing" against smaller Internet providers. A group of carriers led by Linkline Communications complained that the DSL giant charges high rates for wholesale access and low rates to consumers, effectively pushing competitors out of the market.

But the Supremes ruled on Wednesday that AT&T had "no duty to deal" with these carriers, at least as far as the Sherman Anti-Trust Act is concerned. The key to this logic is that while the Sherman Act forbids a company from monopolizing trade or commerce, it doesn't force the business to sell its services to other firms.


10. A Mermaid's Tale (Thanks 40hz)
Spoiler
http://www.stuff.co.nz/4203291a6442.html
Video: http://tvnz.co.nz/close-up/a-mermaids-tale-4-50-2502188/video
New Zealand physical effects lab Weta Workshop have created a fully functional Mermaid tail for a double amputee that will be used to allow her to swim.

Quote
Ms Vessey approached Weta with the ambition of making a tail that was both practical and beautiful, a task that proved to be a pleasing challenge for our team.

The unique articulated construction of the tail will allow Vessey to propel herself through the water with an undulating movement as if she was a mermaid.


11. The Matrix Runs On Windows (Thanks 40hz)
Spoiler
http://www.dailycupoftech.com/2009/02/27/the-matrix-runs-on-windows/
For those that haven't been watching the silly humour thread (I highly recommend you do), here's one of the best ones so far.

onion.png



Ehtyar.
« Last Edit: March 01, 2009, 11:55:12 PM by Ehtyar »

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,845
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 09-09
« Reply #1 on: March 04, 2009, 06:25:48 AM »
Thanks for this week's!

Re: 4 and 7 -- possibly  :Thmbsup: ?

Re: 6 -- I've been looking for a replacement for some time, but I still haven't succeeded...I wonder if this will help something turn up.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,406
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: Edition 09-09
« Reply #2 on: March 04, 2009, 06:47:26 AM »
Yes, thank you for the security news especially.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 10,325
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 09-09
« Reply #3 on: March 04, 2009, 06:50:32 AM »
yes, thanks Ethyar
especially enjoyed the last two .. (non-techie that I am :P)
Tom

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 09-09
« Reply #4 on: March 04, 2009, 01:18:32 PM »
My pleasure guys :)
Re: 6 -- I've been looking for a replacement for some time, but I still haven't succeeded...I wonder if this will help something turn up.
I've spent more time than I care to admit searching for an alternative. At this point, I'm willing to concede that one doesn't currently exist.

Ehtyar.

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,845
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 09-09
« Reply #5 on: March 05, 2009, 12:30:14 AM »
I've spent more time than I care to admit searching for an alternative. At this point, I'm willing to concede that one doesn't currently exist.

I'm resigned to it being the kind of search I repeat every so often ;)  Some day though I think something appropriate may turn up.