Main Area and Open Discussion > Living Room

Tech News Weekly: Edition 28-09

(1/3) > >>

Ehtyar:
The Weekly Tech NewsHi all.
Enjoy :)
As usual, you can find last week's news here.
1. Boffins Guess Social Security Numbers Via Public Data
Spoilerhttp://www.theregister.co.uk/2009/07/07/ssn_guessing_algorithm/
http://arstechnica.com/tech-policy/news/2009/07/social-insecurity-numbers-open-to-hacking.ars
I don't imagine it's quite as easy as it sounds, but it looks like making SSNs the defacto form of identification it is now has come back to bite the US in the backside. Take heed rest of the world.

Predicting a person's social security number is a lot easier than previously thought, according to new scientific research that has important implications for identity theft.

Armed with publicly available information about where and when an individual was born, researchers from Carnegie Mellon University were able to guess the first five digits of a SSN on the first try for 44 percent of people born after 1989. The success rate balloons to as high as 90 percent for individuals born after 1989 in less populous states such as Vermont. Success rates also rise when the researchers got more guesses. The first five digits for six of 10 SSNs can be identified with just two attempts.

--- End quote ---

2. Apache Attacked by a "Slow Loris" (Thanks 40hz)
Spoilerhttp://lwn.net/Articles/338407/
This story has been floating around for a while, and I've been dismissing it, but it's now pretty apparent that Apache aren't interested in doing anything about, and since Hertz Man brought it to my attention I thought it was worth posting. Apache is vulnerable to an attack vector that would allow an attacker to effectively DoS a server with only a single moderate-speed connection.

The slow loris is an exotic animal of southeast Asia that is best known for its slow, deliberate movements. This characterizes the technique used by a new Denial of Service (DoS) tool that has been named after the animal. Slowloris was released to the public by security researcher "RSnake" on June 17. Unlike previously utilized DoS methods, slowloris works silently. Still, it results in a quick and complete halt of the victim's Apache web server.

--- End quote ---

3. Teen Cuffed for Bomb Threat Webcam Pay-per-view
Spoilerhttp://www.theregister.co.uk/2009/07/09/swatting_indictment/
In a story that makes you wonder what they're cutting the hard stuff with these days, a US 16 year old has been arrested for making prank calls to trigger an emergency response, then charging people to observe via live webcam feed.

A North Carolina teenager has been arrested and accused of phoning in bomb threats to schools and universities so he could charge admission for people to watch in real time over webcams as police responded.

Ashton C. Lundeby, 16, of Oxford, North Carolina took part in a group that used VoIP, or voice over IP, software and online gaming services to pull off the public stunts, which attracted hundreds of spectators, according to documents filed in federal court in Indiana Wednesday. Lundeby made bomb threats against 13 colleges or schools from the middle of 2008 through early March, prosecutors allege.

--- End quote ---

4. US [And Korean] Websites Buckle Under Sustained DDoS Attacks
Spoilerhttp://www.theregister.co.uk/2009/07/08/federal_websites_ddosed/
http://news.bbc.co.uk/2/hi/asia-pacific/8142282.stm
I'm not aware of any apparent relation between these two attacks, but it seems the US and Korea are both suffering prolonged DDoS attacks against several high importance sites.

Websites belonging to the federal government, regulatory agencies and private companies have been struggling against sustained online attacks that began on the Independence Day holiday, according to multiple published reports.

At time of writing, most of the targets appeared to be afloat. Nonetheless, several targets have buckled under the DDoS, or distributed denial of service, attacks, which try to bring down a website by bombarding it with more traffic than it can handle. FTC.gov was experiencing "technical issues" on Monday and Tuesday that prevented many people from reaching the site, spokesman Peter Kaplan said.

--- End quote ---

5. Antisec Hackers Replace All Imageshack Images
Spoilerhttp://www.cgisecurity.com/2009/07/antisec-hackers-replace-all-imageshack-images.html
Given that I never made a claim of objectivity when I started this weekly news cycle, I have no compunction in calling these people absolute scum-of-the-earth douche bags. These absolute scum-of-the-earth douche bags took it upon themselves to use a publicly published exploit to replace all the images on ImageShack to one protesting...public publishing of exploit code. Congratulations on revealing yourselves to be absolute scum-of-the-earth douche bags to the world Anti-Sec.

Thousands (Millions?) of sites img src'ing from imageshack are now displaying this hacked image. Certainly one of the largest pwnages I've seen in a long time. This is also the same group which recently hacked Astalvista.

--- End quote ---

6. NSA to Build Huge Facility in Utah
Spoilerhttp://www.sltrib.com/ci_12735293
http://arstechnica.com/tech-policy/news/2009/07/r2e-nsas-power--and-money-sucking-datacenter-buildout-continues.ars
The NSA are propping up their massive computing infrastutre by building a massive branch in Utah.

Hoping to protect its top-secret operations by decentralizing its massive computer hubs, the National Security Agency will build a 1-million-square-foot data center at Utah's Camp Williams.

The years-in-the-making project, which may cost billions over time, got a $181 million start last week when President Obama signed a war spending bill in which Congress agreed to pay for primary construction, power access and security infrastructure. The enormous building, which will have a footprint about three times the size of the Utah State Capitol building, will be constructed on a 20

--- End quote ---

7. Goodbye, CompuServe! (We Thought You Already Died)
Spoilerhttp://arstechnica.com/telecom/news/2009/07/goodbye-compuserve-we-thought-you-had-already-died.ars
In a blast-from-the-past, AOL has announced it is (finally?) killing off CompuServe, a company familiar to those who used the 'net in its infancy, most of whom probably thought it had been dead for some time...

A little piece of Internet history has now been laid to rest, as CompuServe was shut down for good just before this Fourth of July weekend. After some 30 years of service, CompuServe's new owner has finally pulled the plug, leaving us to reminisce about the days when the Internet was young and we were still using modems whose speed was measured in baud.

Most of us remember CompuServe fondly as one of the main Internet services from the 80s and 90s, and associate it with some of our first dabblings in the online world. Along with Prodigy, CompuServe offered a data connection to people across the globe, a connection that few had previously had at home. It set an early example for companies like AOL and even Apple's eWorld that launched in the early-to-mid 90s.

--- End quote ---

8. Goldman's Secret Sauce Could Be Loose Online; Markets Beware
Spoilerhttp://arstechnica.com/tech-policy/news/2009/07/goldmans-secret-sauce-could-be-loose-online-markets-beware.ars
http://www.darkreading.com/insiderthreat/security/cybercrime/showArticle.jhtml?articleID=218400579
Investment bank Goldman Sachs has had data stolen by an ex-employee that could lead to publication of code that runs their automated trading desk, the heart of their business.

A Russian programmer named Sergey Aleynikov was picked up this past Friday by the FBI for allegedly stealing and passing along code that, if circulating out in the wild, could expose US markets to manipulation and cost Aleynikov's former employer, Goldman Sachs, millions. Bloomberg quotes assistant US Attorney Facciponti saying that "there is a danger that somebody who knew how to use this program could use it to manipulate markets in unfair ways. The copy in Germany is still out there, and we at this time do not know who else has access to it."

So how could a 32MB compressed source code archive pose a threat to markets and to America's most powerful investment bank? The story is actually less complex than it may sound.

--- End quote ---

9. Google Discloses Plans For New Malware-Resistant OS
Spoilerhttp://www.darkreading.com/securityservices/security/app-security/showArticle.jhtml?articleID=218401111
Google has announced it is working on "Chrome OS", an operating system based on Linux that will help protect against common Internet-based attack vectors by building tighter operating-system-level security around the browser.

Google is building its own operating system aimed at eliminating malware problems at the consumer's desktop.

The company late yesterday announced its work on the new Google Chrome OS, a lightweight OS that sits atop a Linux kernel and will run on X86 and ARM chips.

"We are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware," blogged Google's Sundar Pichai, vice president for product management, and Linus Upson, engineering director. "Most of the user experience takes place on the Web."

--- End quote ---

10. New Live Poll Allows Pundits To Pander To Viewers In Real Time (Thanks mouser)
Spoilerhttp://www.theonion.com/content/video/new_live_poll_allows_pundits_to
The ONN has installed a new live polling system that allows panelists to see viewer reaction to their discussion in real-time. Keep your eye on the tracker as the conversation goes on ;)



Ehtyar.

mouser:
Great edition -- lot's of interesting stuff.
The Live Poll video is one of the funniest things i've seen all year. Love it.

nosh:
Antisec Hackers Replace All Imageshack Images
--- End quote ---

Arschloches! (I only speak German on special occasions.)

Good thing they aren't lobbying for gun control.
*blam* *blam* "See?"

tomos:

Great edition -- lot's of interesting stuff.
-mouser (July 12, 2009, 05:09 AM)
--- End quote ---
hear hear  :)

Ehtyar:
Thanks guys :)

Ehtyar.

Navigation

[0] Message Index

[#] Next page