topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 12:58 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Tech News Weekly: Edition 19-09  (Read 6423 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Tech News Weekly: Edition 19-09
« on: May 10, 2009, 07:09 AM »
The Weekly Tech News
TNWeekly01.gifHi all.
I've decided to stop posting articles about data leaks and breaches except in exceptional cases from now onward as there are just too many of them. Please leave a comment if you have thoughts on this.
As usual, you can find last week's news here.


1. UK Spy Effort in Trans-Atlantic Surveillance Syndication Row
Spoiler
http://arstechnica.com/tech-policy/news/2009/05/uk-copies-american-surveillance-sit-com-plot.ars
It has been revealed that the £1 billion initially allocated by the British Government to establish a (now defunct) massive nation-wide communication database will now be used to link together the databases which the Government has mandated ISPs to maintain.

Smith announced that, instead of one giant £1 billion database, the government would put £2 billion towards helping ISPs and telcos retain customer data in separate databases. But what she didn't mention was that the £1 billion had already been allocated, and it would be used to link the individual databases together.

Both The Register and the Sunday Times cite sources that describe a large computing infrastructure build-out, with deep packet inspection capabilities and backbone traffic monitoring stations reminiscent of the ones that came to light in the US in 2006.


2. Researchers Hijack Botnet, Score 56,000 Passwords in an Hour
Spoiler
http://arstechnica.com/security/news/2009/05/researchers-hijack-botnet-score-56000-passwords-in-an-hour.ars
http://www.theregister.co.uk/2009/05/04/torpig_hijacked/
Researchers, earlier this year, managed to infiltrate the Torpig botnet for 10 days and observed the flow of 70GB of stolen data into the bot herders' databases.

Researchers at the University of California Santa Barbara have published a paper (PDF) detailing their findings after hijacking a botnet for ten days earlier this year. Among other things, the researchers were able to collect 70GB of data that the bots stole from users, including 56,000 passwords gathered within a single hour. The information not only gave them a look at the inner workings of the botnet, they also got to see how secure users really are when it comes to online activities. (Hint: they aren't.)

The botnet in question is controlled by Torpig (also known as Sinowal), a malware program that aims to gather personal and financial information from Windows users. The researchers gained control of the Torpig botnet by exploiting a weakness in the way the bots try to locate their commands and control servers—the bots would generate a list of domains that they planned to contact next, but not all of those domains were registered yet. The researchers then registered the domains that the bots would resolve, and then set up servers where the bots could connect to find their commands. This method lasted for a full ten days before the botnet's controllers updated the system and cut the observation short.


3. EU to ICANN: Ditch the US Gov Ties and Become More Global
Spoiler
http://arstechnica.com/web/news/2009/05/eu-to-icann-ditch-the-us-gov-ties-and-become-more-global.ars
There is talk that come September, when ICANN's current agreement with the United States expires, it will break its ties with the US to become a global independent entity.

The Internet Corporation for Assigned Names and Numbers (ICANN) should cut all remaining ties to the US government and become an independent entity, according to EU Information Society Commissioner Viviane Reding. Reading addressed the future of ICANN during her weekly video message on Monday, arguing that ICANN should seize the opportunity to become fully privatized later this year and that President Obama should support those efforts.

ICANN was started in 1998 out of a proposal from the National Telecommunications and Information Administration (NTIA), which is part of the US Department of Commerce (DOC). ICANN was meant to be a privatized, nonprofit organization that would help oversee the use of Internet domains. Throughout its history, however, ICANN has worked with the DOC on numerous issues, and the organization signed its most recent Memorandum of Understanding with the DOC in September of 2006.


4. Windows 7 Public RC is Available Now
Spoiler
http://arstechnica.com/microsoft/news/2009/05/windows-7-public-rc-is-available-now.ars
The first (and supposedly only) Windows 7 Release Candidate is now available for public download.

As expected, the Windows 7 Release Candidate (build 7100) is now available to the public for download. The beta keys Microsoft gave out during the public beta will work just fine with this build. The RC is available in 32-bit and 64-bit flavors in English, French, German, Japanese, and Spanish.

This is different from the beta, which was available in English (32-bit and 64-bit), German (32-bit and 64-bit), Japanese (32-bit and 64-bit), Arabic (32-bit and 64-bit), and Hindi (32-bit). If you are already on the beta, Microsoft recommends a clean install of the RC build: the upgrade path is not supported. There are ways to get around this limit, but I also recommend that you backup all your data and do a clean install. Build 7100 will expire on June 1, 2010. However, starting on March 1, 2010, Windows 7 will begin shutting down every two hours.


5. Botnet Master Hits the Kill Switch, Takes Down 100,000 PCs
Spoiler
http://arstechnica.com/security/news/2009/05/zeus-botnet-hits-the-kill-switch-takes-down-100000-pcs.ars
For reasons unknown, the masters of the Zeus/Zbot botnet have completely disabled the 100,000 nodes that comprised the network.

Botnets aren't just dangerous because they can steal massive amounts of personal data and launch denial-of-service attacks—they can also self-destruct, leaving the owners of affected machines in the dust. The controllers of one such botnet recently hit the kill switch for one reason or another, taking down some 100,000 infected computers with it.

The Washington Post recently profiled the case of Zeus/Zbot—a software kit that sprung up in March that harvests financial and personal data from PCs through the use of a Trojan. Zeus, unlike many other malware programs, managed to make each installation appear different to virus trackers so that it would be more difficult to remove. But Zeus had another interesting feature—one that isn't terribly uncommon among botnet software, it turns out. A command was built into the software to kos—or "kill operating system"—and it was apparently executed some time last month.


6. Microsoft Teams Up With US Gov On Double 'ard XP
Spoiler
http://www.theregister.co.uk/2009/05/07/hardened_xp/
The US Government has tasked Microsoft with the development of an ultra-stable version of Windows XP for deployment on systems which require high security standards.

Originally developed by the US Air Force in cooperation with Microsoft, the special XP set-up uses hardened Group Policy Objects (a technology in Microsoft's Active Directory) and images, which the Air Force used as the standard OS image for its desktop Windows machines.

The project evolved into the Federal Desktop Core Configuration (fdcc) recommendations maintained by US standards organisation NIST. Sys admins can download the configuration along with group policy objects.


7. Hackers Breach UC Berkeley Computer Database
Spoiler
http://www.ktvu.com/news/19408747/detail.html
Hackers have hacked their way into a medical database maintained by University of California, Berkeley and stolen information relating to 160,000 current and past students at the school.

University of California, Berkeley, officials said Friday that hackers infiltrated restricted computer databases, putting at risk health and other personal information on 160,000 students, alumni and others.

The university said data include Social Security numbers, birth dates, health insurance information and some medical records dating back to 1999. Personal medical records -- such as patient diagnoses, treatments and therapies -- were not compromised, officials said.


8. Researchers Find Missile Defense Data On Used Hard Drive
Spoiler
http://www.darkreading.com/security/storage/showArticle.jhtml?articleID=217400054
For the fourth year running in a five-year-long study into the implications of poor data disposal practices, researchers at the University of Glamorgan have uncovered sensitive information left on second hard hard disks.

For the fourth straight year, researchers at the University of Glamorgan in Scotland have turned up surprisingly sensitive data -- including details of test-launch procedures for a U.S. defense missile -- by buying secondhand PCs.

Although the official data from this year's study has not yet been released, the research team, which included Edith Cowan University of Australia and BT, revealed some early results yesterday in news reports by the BBC and British television affiliates.


9. The Android Netbooks Cometh
Spoiler
http://www.linuxinsider.com/story/67002.html?wlc=1241943539
It appears the first Android-based netbook has made it into the public spotlight.

With all the hopes many in the FOSS community have pinned to the increasingly popular netbook, it's no great surprise that the topic is a contentious one. So, when the first Android netbook was spotted recently, excitement on the blogs went through the proverbial roof.

Computerworld's Seth Weintraub seems to have been the first to shine a spotlight on the Skytone Alpha 680, which was apparently announced a few weeks ago in Hong Kong.


10. Mozilla Ponders Policy Change After Firefox Extension Battle (Thanks 40hz)
Spoiler
http://arstechnica.com/open-source/news/2009/05/mozilla-ponders-policy-change-after-firefox-extension-battle.ars
An attempt by the makers of the NoScript firefox extension to subvert the functionality of the Adblock Plus extension has been met with fierce criticism.

One of the greatest strengths of the Firefox Web browser is its powerful extension system, which gives third-party developers the ability to expand the browser's capabilities. Although this extensibility delivers a lot of value to Firefox users, it also creates some thorny problems. The darker side of Firefox add-ons was exposed last week when a conflict between the developers of the two popular extensions got out of hand. The situation has compelled Mozilla to propose a policy change aimed at curbing bad behavior in add-ons.

Firefox's extension system is really just an officially supported mechanism for monkey-patching the browser. Extensions are not isolated or sandboxed. They are broadly permitted to manipulate the browser's behavior and user interface at will and can easily tamper with the functionality of other extensions. This approach to extensibility is a double-edged sword. Although it allows developers to create extremely useful extensions that can deeply integrate with virtually any aspect of Firefox, it simultaneously opens the door for troubling security problems and compatibility issues.


11. Trekkies Bash New Star Trek Film As 'Fun, Watchable'
Spoiler
http://www.theonion.com/content/video/trekkies_bash_new_star_trek_film
Star Trek fans have been dissapointed by the newest addition to the saga, claiming the movie's broad appeal makes it unlike other Star Trek films.

onion.png



Ehtyar.

nosh

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,441
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 19-09
« Reply #1 on: May 10, 2009, 07:48 AM »
I've decided to stop posting articles about data leaks and breaches except in exceptional cases from now onward as there are just too many of them.

I'm with you, though I do think the recent hacking of the Virginia health database (& subsequent ransom demands!) is especially reprehensible and worth a mention.

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 19-09
« Reply #2 on: May 10, 2009, 07:54 AM »
If people are interested in incidents of data losses or breaches I can recommend

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 19-09
« Reply #3 on: May 10, 2009, 03:41 PM »
I've decided to stop posting articles about data leaks and breaches except in exceptional cases from now onward as there are just too many of them.

I'm with you, though I do think the recent hacking of the Virginia health database (& subsequent ransom demands!) is especially reprehensible and worth a mention.

Crap, I read that and it was supposed to be in there. I really can't do this thing after 8:00 at night again :(

Ehtyar.