Main Area and Open Discussion > Living Room

Tech News Weekly: Edition 32-09

(1/1)

Ehtyar:
The Weekly Tech NewsHi all.
Sorry for late again guys, weekend ended up a little hectic. Forgive me?
As usual, you can find last week's news here.
1. Hacking, Lock-Picking, Booze and Bacon: DefCon 17 In Review
Spoilerhttp://www.wired.com/threatlevel/2009/08/defcon-review/
Right off the tail of last week's BlackHat, this week saw DEFCON 17 in Las Vegas. The good stuff is yet to be published, but you can be sure it will come, and in droves.

Braving triple-digit heat, mean hangovers and an incredibly hostile network, roughly 10,000 hackers, security experts, feds, spies and various other “computer enthusiasts” took over the Riviera last weekend for the world’s largest hacking convention, DefCon.

This year there was no shortage of interesting developments, including a hacked ATM, hacked badges, hacked parking meters, hacked locks, hacked feds, hacked video cameras and more.

--- End quote ---

2. XML Flaws Threaten 'enormous' Array of Apps
Spoilerhttp://www.theregister.co.uk/2009/08/06/xml_flaws/
I dare say most of us knew it, but none of us wished to speak of it. Someone has finally put together a fun collection of all the issues/bugs/vulnerabilities in the various popular XML parsers, noting that those written in C came out the dirtiest (well duh).

Security researchers have uncovered critical flaws in open-source software that implements the Extensible Markup Language in a staggering array of applications used by banks, e-commerce websites, and consumers.

The bugs uncovered by researchers at Finland-based Codenomicon were contained in virtually every open-source XML library available, Ari Takanen, CTO of Finland-based security testing firm Codenomicon, told The Register. Many of them could allow attackers to crash machines running applications that use the libraries or even remotely execute malicious code. The Python and Java programming languages and Apache Xerces are already known to be affected, and Takanen said many more could be as well.

--- End quote ---

3. Homegrown CBHD Discs Outsell Blu-ray by 3-1 Margin in China
Spoilerhttp://arstechnica.com/business/news/2009/08/homegrown-cbhd-discs-outsell-blu-ray-by-3-1-margin-in-china.ars
A new Chinese HD video disk format, built from the ashes of HD-DVD, is outselling Blu-Ray 3 to 1 one in China.

A Japanese TV station broke a major piece of news on the progress of China Blue High Definition (a China-grown competitor to Blu-ray) in the China market last week, but the English-language technology press, through a translation mistake, misreported the news. It turns out that CBHD penetration in China appears to have hit a staggering 30 percent, in only a few months on the market.

--- End quote ---

4. Accused Domain Thief Faces Jail Time for "stealing" P2P.com (Thanks 40hz)
Spoilerhttp://arstechnica.com/web/news/2009/08/accused-domain-thief-faces-jail-time-for-stealing-p2pcom.ars
As Hertz Man so succinctly put it; FINALLY!! Finally, a domain thief may actually be brought to justice after being arrested in his home state of New Jersey.

Domain name investing has been around almost as long as domain names were open for purchase by the general public, and the practice has picked up since the mid-90s, as companies stake out their spot on the digital frontier. Domain names can be so valuable, in fact, that people actually steal them to sell to unsuspecting companies or other domain name investors. The legal process to combat a domain name thief is complicated at best, but there is hope, as police have arrested a man accused of stealing the domain P2P.com.

An initial investigation by Florida police, where the victims reside, was dropped for lack of evidence. The rightful owners of P2P.com then filed a civil suit as they believed it was their only recourse. However, Detective Sergeant John Gorman of the New Jersey State Police Cyber-Crimes Unit later reviewed the case, and asked the victims if they wanted to pursue the case in New Jersey, where the alleged thief lived. Based on evidence gathered for the civil suit, the NJ District Attorney approved an indictment. On July 30, Daniel Goncalves, a 25-year-old computer technician for a NJ law firm, was arrested at his home and his computers were seized.

--- End quote ---

5. Microsoft Confirms Windows 7 E is Dead
Spoilerhttp://arstechnica.com/microsoft/news/2009/08/microsoft-confirms-windows-7-e-is-dead.ars
Windows 7 E is no more, and Microsoft awat the EU's decision on their browser ballot proposal.

Microsoft has confirmed that Windows 7 E, a version that was meant to ship without Internet Explorer 8 installed, would never see the light of day. The announcement comes even though the replacement solution, a browser ballot screen, has not yet been approved by the EU. With talk of this alternative, many were expecting that Windows 7 E was going to be pronounced dead before release, but Redmond has made it official via the Microsoft on the Issues blog.

--- End quote ---

6. Network Neutrality in Congress, Round 3: Fight!
Spoilerhttp://arstechnica.com/tech-policy/news/2009/08/the-war-over-network-neutrality.ars
Legislated 'Net neutrality is again being proposed in congress...for the third time! It's heartening to know the pollies (at least the US ones) aren't giving up as quickly as the people are losing hope.

The war over network neutrality has been fought in the last two Congresses, and last week's introduction of the "Internet Freedom Preservation Act of 2009" (PDF) means that legislators will duke it out a third time. Should the bill pass, Internet service providers will not be able to "block, interfere with, discriminate against, impair, or degrade" access to any lawful content from any lawful application or device.

ISPs would also be forbidden to "impose a charge" on content providers that goes "beyond the end-user charges associated with providing the service to such a provider." In other words, AT&T doesn't have to let Google "use its pipes for free," but it can only collect the money is owed through customary peering and transit arrangements.

--- End quote ---

7. The Smoking Gun Exposes PrankNet As Internet Badboys Cower (Thanks again 40hz)
Spoilerhttp://arstechnica.com/security/news/2009/08/the-smoking-gun-exposes-pranknet-as-internet-badboys-cower.ars
The full story: http://www.thesmokinggun.com/archive/years/2009/0803091pranknet1.html
Honestly, I hadn't heard of PrankNet until I read this article (I'd heard of the exploits of individual members, but not of the group itself), but after reading it I felt it was well worth posting. This scumbag lead an online group dedicated to screwing with people, by using social engineering to put people in incredibly humiliating and costly predicaments, all in the name of "entertainment".

The Smoking Gun this week released the results of its lengthy investigation into PrankNet, an online community specializing in disturbing phone pranks. The operators operated under a veil of anonymity, covering their tracks and using Skype to place non-traceable phone calls. When TSG eventually exposed the ringleader as a young man living in Canada, however, the results were predictably pathetic.

--- End quote ---

8. Modder Arrest a Reminder That Most Console Hacks Are Illegal
Spoilerhttp://arstechnica.com/gaming/news/2009/08/modder-arrest-a-reminder-that-most-console-hacks-are-illegal.ars
Haven't heard of one of these for a while. Watch out guys, modding that console for your friend, for a modest fee, could see you in cuffs...apparently...

For anyone with a little bit of technical know-how, modifying video game systems for various purposes is easy... and can even make you a little bit of money. The problem? Modifying the firmware in video game systems to play pirated games or even your own backups is illegal. Twenty-seven-year-old Matthew Lloyd Crippen learned the hard way that Immigration and Customs Enforcement doesn't have a sense of humor about modding systems for profit: the student was arrested after being indicted on two charges of violating the Digital Millennium Copyright Act for selling modded systems. The question some gamers are now asking themselves: am I breaking the law? The answer is not comforting.

For Crippen, each charge carries a maximum penalty of five years in jail, so there is a possibility that Crippen could be staring down the barrel of ten years imprisonment. Crippen was charging a around $30 per job, and the authorities seized around a dozen hacked consoles. "This if for your legally made backups," he claimed when talking to Threat Level. "If you're talking about piracy, I'm not helping you out." The law doesn't agree, especially since he was aware of the ability to play pirated games on his hacked systems, and profited—even in such a limited way—from his work.

--- End quote ---

9. DDoS Attacks On Twitter, Facebook Result Of Massive Attack On One Person
Spoilerhttp://www.darkreading.com/security/client/showArticle.jhtml?articleID=219100459
Normally I wouldn't report this kind of story, but when was the last time you heard of a DoS attack on the likes of Twitter or Facebook in an attempt to harm a single user?

It turns out yesterday's major distributed denial-of-service (DDoS) attacks that shut down Twitter for hours and disrupted Facebook and LiveJournal came out of a targeted attack waged against one individual with accounts on all of the sites.

A pro-Georgian blogger called "Cyxymu" was apparently the intended target of the massive DDoS that knocked down Twitter and caused major slowdowns on Facebook and LiveJournal when a botnet apparently blasted waves of traffic at his accounts on the sites simultaneously in an effort to shut down his communiques.

--- End quote ---

10. Big Deck
Spoilerhttp://www.youtube.com/watch?v=nz82fjXqFQ4
Hey guys, check out my big...deck...



Ehtyar.

housetier:
I really like the stories about the bad guys getting caught.

J-Mac:
I really like the stories about the bad guys getting caught.
-housetier (August 10, 2009, 09:09 AM)
--- End quote ---

Yeah, but somehow they usually end up walking away unscathed in the end. I'm losing faith.....

Jim

tomos:
#5: Zaine posted this: Deciphering Win7 Upgrades: The Official Chart but it doesnt cover the EU options . . .

now,
i cant remember,
was that E in Windows 7 E for Europe or EU or Eejit(s) :-\

Ehtyar:
WIndows 7 E was to be for the European market, and did not include IE in the hopes of deterring the EU from forcing Microsoft to give users a choice of browser. Looks as though the ploy didn't work though.

Ehtyar.

Navigation

[0] Message Index