Tech News Weekly: Edition 52

http://www.castlecops.com/
Popular online threat fighting website CastleCops is no more. Recently their website began displaying a message on their homepage explaining to users that the site would no longer be available. There are (entirely unsubstantiated as yet) rumors that the sites owner, Paul Laudanski, has closed the site due to pressure from his employer of 7 months, Microsoft, though most suspect it is due to the costs of running a site that was constantly under cyber attack.

You have arrived at the CastleCops website, which is currently offline. It has been our pleasure to investigate online crime and volunteer with our virtual family to assist with your computer needs and make the Internet a safer place. Unfortunately, all things come to an end. Keep up the good fight folks, for the spirit of this community lies within each of us. We are empowered to improve the safety and security of the Internet in our own way. Let us feel blessed for the impact we made and the relationships created.

With respect to the server marathon, by March 17 2009 CastleCops will refund contributions made through PayPal that were specifically designated for servers. Unfortunately, server donations made via check cannot be returned because we do not have the addresses for the donating entity. Unless instructed otherwise, CastleCops will re-allocate these funds as a donation to the Internet Systems Consortium (ISC.org). This organization sponsored our hosting environment for approximately the past 2 years. Please contact us [cc at laudanski dot com] before March 17, 2009, if you would like a return of your server marathon donation. Otherwise, we would like to thank the ISC for their unfettered support.

http://www.wjla.com/news/stories/1208/579813.html
Another link: http://news.cnet.com/8301-1009_3-10128632-83.html
The Massachusetts Bay Transportation Authority has backflipped, and asked the MIT Subway Hackers to work with them to secure their ticketing system from potential fraudsters.

A trio of Massachusetts Institute of Technology students who found a way to hack into the Boston subway system's payment cards have agreed to partner with transit officials there to make the system more secure. The Electronic Frontier Foundation announced the agreement Monday, two months after the Massachusetts Bay Transportation Authority dropped a lawsuit against the students, who were represented for free by the EFF, a civil-liberties group that frequently takes up cases involving security researchers and computer hackers.

The transit agency had sued to stop the students from presenting findings at a computer-security conference.

The students - Zack Anderson, R.J. Ryan and Alessandro Chiesa - have argued all along they were trying to help the MBTA by giving it advance notice of their planned talk last summer and keeping specific details of their hack secret.

http://www.theregister.co.uk/2008/12/23/sql_server_0day_latest/
Microsoft have fessed up that a recently exposed remote code execution in various versions of their SQL Server software is a real threat.

Microsoft came clean and admitted its SQL Server database software is vulnerable to code injection attacks. It's not a new flaw but the same bug in the database software that emerged around the time of Microsoft's monthly Patch Tuesday update earlier this month.

In an advisory, Redmond's security gnomes confirmed that code has been produced that exploits a security bug affecting Microsoft SQL Server 2000, Microsoft SQL Server 2005 and Windows Internal Database, in certain configurations.

http://arstechnica.com/news.ars/post/20081224-url-redirects-open-scareware-loophole.html
A hacker has found that using redirect pages as a jumping point for malware distribution is a worthwhile endeavor.

URL redirect notifications are often meant to serve as security measures, but at least one malware blackhat is exploiting these services and redirecting site visitors from the website they think they are about to visit to a spyware-infested haven. That's bad enough on its own, but the as-yet-unknown assailant has also used search engine optimizations to push the polluted redirectors higher in Google's search rankings.

Part of the problem—a significant part—is that many companies/websites use open redirects that will cheerfully redirect incoming traffic to whatever URL they're asked to send it to, even if that traffic didn't originate within the host site. When MySpace or Microsoft inform you that you're about to be redirected off their site, they don't perform any sort of check to see if that's a good place for you to be going.

http://tech.blorge.com/Structure:%20/2008/12/17/mozillas-security-warning-upgrade-to-firefox-3-today/
Firefox 2 is dead as of now. It is highly recommended anyone still using v2 upgrade to v3 now.

Mozilla has told Firefox users that it will no longer be updating version 2 of the browser and they should upgrade to version 3 right away. The warning came alongside a security update patching ten problems, four of them critical.

The critical problems involve cross-site scripting. That’s a serious concern as it allows the unauthorized transfer of data that a user sends to one site (such as a legitimate online bank) to another site (such as one used by hackers to harvest information).

http://arstechnica.com/news.ars/post/20081219-no-more-lawsuits-isps-to-work-with-riaa-cut-off-p2p-users.html
The RIAA will no longer be pursuing indivuals it believes to have engaged in piracy after signing voluntary agreements with many ISPs aimed at cutting off repeat offenders.

In a stunning turn of events, the US music industry has ceased its long-time litigation strategy of suing individual P2P file-swappers. Instead, with New York Attorney General Andrew Cuomo acting as a broker, the RIAA has signed voluntary "graduated response" agreements with major Internet service providers. Those currently on the receiving end of an RIAA lawsuit, though, will have to see it through to the (very) bitter end.

http://arstechnica.com/journals/apple.ars/2008/12/22/ipodhash-project-moves-to-wikileaks-following-dmca-notice
The code made available by the iPodHash project has been moved to WikiLeaks in response to Apple's DMCA takedown notice.

When you think of Wikileaks, things like government secrets and Sarah Palin's private e-mail come to mind. However, there's a decent amount of technology-related information on the site as well. The fact that it's nearly impossible to get content removed from Wikileaks could lead to its use as a haven for controversial technology projects, too. It turns out that the code related to the iPodhash project was posted to Wikileaks shortly after the project's BluWiki page was taken down in response to a legal notice from Apple's lawyers.

The project received a DMCA anticircumvention notice in the middle of November, and operator of BluWiki removed the content that Apple didn't like until the legal notice could be scrutinized. Since then, the Electronic Frontier Foundation has agreed to represent iPodhash, and the project's owner has come forward with a few comments, but the original project information is still unavailable, as the various legal machinations continue. Just a few days after the takedown notice was received, however, the code generated by iPodhash thus far was posted to Wikileaks, once again making the information publicly available.

http://arstechnica.com/news.ars/post/20081222-australian-net-filter-testing-set-will-include-p2p.html
Another link: http://www.theregister.co.uk/2008/12/18/huawei_optus_ties_nbn_security_concerns/
The Australian government are insisting on rolling out tests of their widely criticized internet "filtering" system, and are defending it to the last in public communication medium. Australian citizens will not be able to view the content of the filter list, and it seems there is some concern regarding relations between a bidder for the contract and a Chinese technology firm.

http://news.bbc.co.uk/2/hi/technology/7795302.stm
Microsoft have yet-again extended the sell life of Windows XP, this time to May 2009.

The cut off date for PC makers to obtain licenses for the software was 31 January 2009.

But now Microsoft has put in place a scheme that will allow the hardware firms to get hold of XP licences until 30 May 2009.

Previously Microsoft extended XP's life until 2010 - provided it was installed on netbooks and low-cost laptops.

http://news.bbc.co.uk/2/hi/entertainment/arts_and_culture/7798789.stm
The EU's online library, Europeana, is back online after having its server capacity quadrupled since it crashed last month just hours after opening due to high demand.

The European Union's huge digital library Europeana, which crashed last month just hours after its launch, is back online.

The website's server capacity has been quadrupled to cope with demand, European Commission spokesman Martin Selmayr told reporters.

But the homepage - at www.europeana.eu - warns that "the user experience may not be optimal in this test phase".

The site gives multilingual access to cultural collections across the EU.

http://www.wired.com/science/planetearth/multimedia/2008/12/YE8_organisms
A interesting look at some newly discovered organisms this year.

The world's smallest snake, a prehistoric ant and microbes that may be 120,000 years old: These are just a few of the species revealed to the world in the last 12 months.

With animals going extinct at rates unseen since the dinosaurs disappeared, it's nice to be reminded that some species haven't even been discovered.

As Smithsonian Institute ornithologist Brian Schmidt said after finding the olive-backed forest robin: "It is definitely a reminder that the world still holds surprises for us."

http://blog.wired.com/business/2008/12/2008-foot-in-mo.html
Have a good laugh at the expense of those who gaffed on technical subject matter this year.

In 2008, scientists turned on the Large Hadron Collider without ending the world as some had feared, but they did not come up with a cure for foot-in-mouth disease.

In fact, the disease led quite a healthy existence this year, thanks in part to the never-ending presidential campaign.

But Yahoo CEO Jerry Yang topped all political gaffes to become this year's winner (or biggest loser) for his comments defending his decision to turn down Microsoft's $44 billion offer for the perpetually lost-in-the-woods troubled internet venture....