Main Area and Open Discussion > Living Room
Tech News Weekly: Edition 30-09
Ehtyar:
The Weekly Tech NewsHi all.
Enjoy :)
As usual, you can find last week's news here.
1. Researcher Raids Browser History for Webmail Login Tokens
Spoilerhttp://www.theregister.co.uk/2009/07/20/csrf_token_hijacking/
To see it in action: http://securethoughts.com/2009/07/hacking-csrf-tokens-using-css-history-hack/
The scary bit about this one ('coz CSRF is pretty old hat at this stage...) is that they're finding the token, and with just css :S
In a disclosure that has implications for the security of e-commerce and Web 2.0 sites everywhere, a researcher has perfected a technique for stealing unique identifiers used to prevent unauthorized access to email accounts and other private resources.
Websites typically append a random sequence of characters to URLs after a user has entered a correct password. The token is designed to prevent CSRF (cross-site request forgery) attacks, which trick websites into executing unauthorized commands by exploiting the trust they have for a given user's browser. The token is generally unique for each user, preventing an attacker from using CSRF attacks to rifle through a victim's account simply by sending a generic URL to a website.
--- End quote ---
2. Network Solutions Breach Exposed 500k Card Accounts
Spoilerhttp://www.theregister.co.uk/2009/07/25/network_solutions_ecommerce_breach/
I've been trying to avoid posting data breaches, since they're so common now-a-days, but this one is particularly large, and probably relevant to a lot of DCers. Basically, Network Solutions' CMS was hacked, and the baddies got all your c4rdz0r.
A breach at Network Solutions has exposed details for more than 500,000 credit and debit cards after hackers penetrated a system it used to deliver e-commerce services and planted software that diverted transactions to a rogue server, the hosting company said late Friday.
The unauthorized software was in place from March 12 to June 8 and affected transactions Network Solutions processed on behalf of 4,343 merchant websites that mostly belonged to small businesses, spokeswoman Susan Wade said. While the company discovered the software in early June, it waited until the close of business Friday to disclose the breach. Wade said it took until July 13 for forensics investigators to crack the code and understand how it worked.
--- End quote ---
3. Palm Plays Cat-and-mouse With Apple, Reenables ITunes Sync
Spoilerhttp://arstechnica.com/gadgets/news/2009/07/palm-plays-cat-and-mouse-with-apple-reenables-itunes-sync.ars
Seems like Palm has decided to start a game of cat and mouse with Apple. They've modified the Pre to again work with iTunes, after Apple locked them out in their last update.
Palm passive-aggressively fired back at Apple in its 1.1.0 update to the Pre's webOS Thursday night. Among the handful of changes that came with the point update, the software restores syncing functionality with iTunes after Apple unceremoniously "fixed" the "problem" last week. The move is the latest in this high-profile cat-and-mouse game between Apple and Palm, and Palm seems to be willing to keep poking the fate bear—but to what end?
webOS 1.1.0 isn't all about iTunes compatibility. Among other things, it contains a number of useful updates to the Pre, including better timezone support in the Clock application, improved syncing with Google when you edit a Google contact, and the addition of emoticons in text, multimedia, and instant messages. The software also gained some enterprise features in the form of Exchange ActiveSync (EAS) support that allows for remote wipe, PIN/passwords, inactivity timeouts, and improved certificate handling.
--- End quote ---
4. Wireless Power System Shown Off
Spoilerhttp://news.bbc.co.uk/2/hi/technology/8165928.stm
A wireless power transfer system has been unveiled at the latest TED conference. It exploits resonant frequency between the charging station and appliance to transfer the power in a substantially more efficient manner.
The technique exploits simple physics and can be used to charge a range of electronic devices over many metres.
Eric Giler, chief executive of US firm Witricity, showed mobile phones and televisions charging wirelessly at the TED Global conference in Oxford.
He said the system could replace the miles of expensive power cables and billions of disposable batteries.
"There is something like 40 billion disposable batteries built every year for power that, generally speaking, is used within a few inches or feet of where there is very inexpensive power," he said.
--- End quote ---
5. Microsoft Caves to EU Pressure, Will Offer Browser Ballot
Spoilerhttp://arstechnica.com/microsoft/news/2009/07/microsoft-caves-to-eu-pressure-will-offer-browser-ballot.ars
Sketchy on the details as of yet, but it looks like MS has finally caved, and will ask the user which browser they'd like to use in Windows 7...in the EU at least.
Although Intel may have been hit with a bigger fine, the multi-year saga of Microsoft's fight with the European Union's Competition Commission may have run up larger legal bills, given its longevity. The most recent point of contention between Redmond and Europe has been the browser; Microsoft bundles its own with its operating systems, but the EU views that as using monopoly power to the detriment of potential competitors.
Earlier this month, word came out that Microsoft was looking to make this matter go away, and it may have succeeded; the European Commission has just announced that Microsoft has agreed to proposed EU remedies and is willing to offer a "browser ballot" to new users.
--- End quote ---
6. Microsoft Aims at VM Market With Linux Kernel Code Offering
Spoilerhttp://arstechnica.com/microsoft/news/2009/07/microsoft-aims-at-vm-market-with-linux-kernel-code-offering.ars
Microsoft looks to be seeking dominance in the virtualization market, after it made code available to the Linux Kernel that would improve its performance on Hyper-V.
Microsoft is contributing approximately 20,000 lines of source code to the Linux kernel with the aim of improving support for running the Linux operating system in virtualized environments on Windows servers. The move is part of a broader trend at Microsoft towards collaboration with the open source software community.
Prominent Linux kernel developer Greg Kroah-Hartman announced the code submission today in a message posted to the Linux kernel mailing list. He says that the new drivers contributed by Microsoft will soon land in the staging tree where they will undergo some refinement before they are merged directly into the mainline kernel. Microsoft is making the code available under the terms of GNU's General Public License (GPL), the open source software license that is used by the Linux kernel.
--- End quote ---
7. Intel's New 34nm SSDs Cut Prices by 60 Percent, Boost Speed
Spoilerhttp://arstechnica.com/hardware/news/2009/07/intels-new-34nm-ssds-cut-prices-by-60-percent-boost-speed.ars
Intel's SSDs are getting cheaper people, there may yet be hope they'll be affordable before you buy your next machine.
Intel has announced two new solid state disk drives made on its leading-edge 34nm process. The two new SSDs are X25M SATA parts weighing in at 80GB and 160GB, and they're meant to replace Intel's existing X25M drives in those capacities, but at 60 percent less cost and with better performance. The 80GB X25-M is $225 in lots of 1,000 (down from $595), and the 160GB is $440 (from $945). That's some serious discounting, and it may well drive even more SSD uptake in the coming quarters despite the ongoing IT spending crunch.
So what do you get for 60 percent less? In a word, speed. The new drives boast a 25 percent reduction in read latency, which was already about 60x the speed of an average hard disk; write performance has also doubled with this new generation.
--- End quote ---
8. EFF's New Lawsuit, and How the NSA is Into Social Networking
Spoilerhttp://arstechnica.com/tech-policy/news/2009/07/effs-new-lawsuit-and-how-the-nsa-is-into-social-networking.ars
A sensationalist headline, to be sure, but it's good to know the EFF is watching our backs...
The government could be building a giant map of social networks using Facebook and Twitter, scraping MySpace pages, or mining the metadata associated with cellular phone calls in order to look for communication patterns. On the other hand, all of that computer power that the NSA is aggregating at the datacenters that are coming online could just be for the limited purpose of snooping voice calls and e-mail coming into and out of the US, but such narrow use is unlikely.
What the NSA is doing with its massive and growing capabilities is still a secret, but it's probably an extension of DoD efforts at mapping social networks that extend back to the early part of the decade. A new EFF lawsuit filed this week could finally shed at least a little more light on the nature of these classified activities, so that we can know for sure whether some descendent of John Poindexter's Total Information Awareness program lives on at the NSA.
--- End quote ---
9. Hackers Scoffing at IPhone 3GS' Hardware Encryption
Spoilerhttp://www.engadget.com/2009/07/24/hackers-scoffing-at-iphone-3gs-hardware-encryption/
Looks like the encryption offered in the iPhone 3GS isn't really encryption at all.
There were other features taking higher billing in the iPhone 3GS' announcement than its hardware-level encryption -- hell, even the magnetic compass was getting more play -- but it's there, and Apple's actively marketing the bit-scrambling capability to enterprise clients. Problem is, hackers are apparently having a field day with it, rendering it useless in all but name.
--- End quote ---
10. [NSFW] Saturday Night Live - Cork Soaker
Spoilerhttp://www.143pinoy.com/watch/saturday_night_live_cork_soaker
Don't know how many of you will have seen this -- but oh-my-god so funny.
Ehtyar.
tinjaw:
I'm almost crying after watching that SNL video. Funniest thing I have seen in a while from SNL.
P.S. Please join me in supporting EFF. I donated again recently because of all of the #$(*% that is going on these days. I am hoping they will lead a class action lawsuit against Amazon and the publisher of 1984 some day.
40hz:
#5 - To paraphrase Virgil: Beware of Geeks bearing gifts.
The strategy of "embrace, enhance, extinguish" lives on! >:(
jgpaiva:
"7. Intel's New 34nm SSDs Cut Prices by 60 Percent, Boost Speed" - 25% in read latency? No moving parts and lower power usage? Looks like my next laptop will be carrying one of these :)
Or am I misinformed and there's a giant caveat waiting for me?
Ehtyar:
Intel SSDs had a few fragmentation issues there for a while, but I believe those have mostly been rectified (there was also an encryption screwup, but that was fixed very fast). However, they're still far too expensive IMO, HDDs have been too good to me thus far for me to ditch them for something at three times the price.
Ehtyar.
Navigation
[0] Message Index
[#] Next page
Go to full version