201
Living Room / Re: Firefox 3.5 - A Few Problems Recently...
« on: August 12, 2009, 06:39 AM »
I can select the text regardless...something very fishy going on here.
Ehtyar.
Ehtyar.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Hi all. Sorry for late again guys, weekend ended up a little hectic. Forgive me? As usual, you can find last week's news here. |
Braving triple-digit heat, mean hangovers and an incredibly hostile network, roughly 10,000 hackers, security experts, feds, spies and various other “computer enthusiasts” took over the Riviera last weekend for the world’s largest hacking convention, DefCon.
This year there was no shortage of interesting developments, including a hacked ATM, hacked badges, hacked parking meters, hacked locks, hacked feds, hacked video cameras and more.
Security researchers have uncovered critical flaws in open-source software that implements the Extensible Markup Language in a staggering array of applications used by banks, e-commerce websites, and consumers.
The bugs uncovered by researchers at Finland-based Codenomicon were contained in virtually every open-source XML library available, Ari Takanen, CTO of Finland-based security testing firm Codenomicon, told The Register. Many of them could allow attackers to crash machines running applications that use the libraries or even remotely execute malicious code. The Python and Java programming languages and Apache Xerces are already known to be affected, and Takanen said many more could be as well.
A Japanese TV station broke a major piece of news on the progress of China Blue High Definition (a China-grown competitor to Blu-ray) in the China market last week, but the English-language technology press, through a translation mistake, misreported the news. It turns out that CBHD penetration in China appears to have hit a staggering 30 percent, in only a few months on the market.
Domain name investing has been around almost as long as domain names were open for purchase by the general public, and the practice has picked up since the mid-90s, as companies stake out their spot on the digital frontier. Domain names can be so valuable, in fact, that people actually steal them to sell to unsuspecting companies or other domain name investors. The legal process to combat a domain name thief is complicated at best, but there is hope, as police have arrested a man accused of stealing the domain P2P.com.
An initial investigation by Florida police, where the victims reside, was dropped for lack of evidence. The rightful owners of P2P.com then filed a civil suit as they believed it was their only recourse. However, Detective Sergeant John Gorman of the New Jersey State Police Cyber-Crimes Unit later reviewed the case, and asked the victims if they wanted to pursue the case in New Jersey, where the alleged thief lived. Based on evidence gathered for the civil suit, the NJ District Attorney approved an indictment. On July 30, Daniel Goncalves, a 25-year-old computer technician for a NJ law firm, was arrested at his home and his computers were seized.
Microsoft has confirmed that Windows 7 E, a version that was meant to ship without Internet Explorer 8 installed, would never see the light of day. The announcement comes even though the replacement solution, a browser ballot screen, has not yet been approved by the EU. With talk of this alternative, many were expecting that Windows 7 E was going to be pronounced dead before release, but Redmond has made it official via the Microsoft on the Issues blog.
The war over network neutrality has been fought in the last two Congresses, and last week's introduction of the "Internet Freedom Preservation Act of 2009" (PDF) means that legislators will duke it out a third time. Should the bill pass, Internet service providers will not be able to "block, interfere with, discriminate against, impair, or degrade" access to any lawful content from any lawful application or device.
ISPs would also be forbidden to "impose a charge" on content providers that goes "beyond the end-user charges associated with providing the service to such a provider." In other words, AT&T doesn't have to let Google "use its pipes for free," but it can only collect the money is owed through customary peering and transit arrangements.
The Smoking Gun this week released the results of its lengthy investigation into PrankNet, an online community specializing in disturbing phone pranks. The operators operated under a veil of anonymity, covering their tracks and using Skype to place non-traceable phone calls. When TSG eventually exposed the ringleader as a young man living in Canada, however, the results were predictably pathetic.
For anyone with a little bit of technical know-how, modifying video game systems for various purposes is easy... and can even make you a little bit of money. The problem? Modifying the firmware in video game systems to play pirated games or even your own backups is illegal. Twenty-seven-year-old Matthew Lloyd Crippen learned the hard way that Immigration and Customs Enforcement doesn't have a sense of humor about modding systems for profit: the student was arrested after being indicted on two charges of violating the Digital Millennium Copyright Act for selling modded systems. The question some gamers are now asking themselves: am I breaking the law? The answer is not comforting.
For Crippen, each charge carries a maximum penalty of five years in jail, so there is a possibility that Crippen could be staring down the barrel of ten years imprisonment. Crippen was charging a around $30 per job, and the authorities seized around a dozen hacked consoles. "This if for your legally made backups," he claimed when talking to Threat Level. "If you're talking about piracy, I'm not helping you out." The law doesn't agree, especially since he was aware of the ability to play pirated games on his hacked systems, and profited—even in such a limited way—from his work.
It turns out yesterday's major distributed denial-of-service (DDoS) attacks that shut down Twitter for hours and disrupted Facebook and LiveJournal came out of a targeted attack waged against one individual with accounts on all of the sites.
A pro-Georgian blogger called "Cyxymu" was apparently the intended target of the massive DDoS that knocked down Twitter and caused major slowdowns on Facebook and LiveJournal when a botnet apparently blasted waves of traffic at his accounts on the sites simultaneously in an effort to shut down his communiques.
Hi all. Was Black Hat last week y'all, be sure to check out the first story for all the fun stuff As usual, you can find last week's news here. |
A larger conference means not one but two keynote addresses. One is from Richard Clarke, President Bush's former special adviser on cyberspace security. Clarke, whose 2002 Black Hat keynote speech stated that software vendors and Internet providers must share the blame for malicious software, is now with Good Harbor Security. This year, he will talk about those "who seek truth through science, even when the powerful try to suppress it." The other keynote speaker will be Tony Sager, vulnerability chief of the National Security Agency, who will talk about creating government security standards while working with commercial vendors.
Unlike last year, when Microsoft hosted an entire series of sessions focusing on the yet-to-be released Windows Vista platform, there will be no similar tracks offered this year. Returning tracks include sessions on voice services security, forensics, hardware, zero-day attacks and zero-day defenses. New tracks include operating system kernels, application security, reverse engineering, fuzzing and the testing of application security.
A vulnerability in BIND creates a means for miscreants to crash vulnerable Domain Name System servers, posing a threat to overall internet stability as a result.
Exploits targeted at BIND (Berkeley Internet Name Domain Server) version 9 are already in circulation, warns the Internet Software Consortium, the group which develops the software. ISC urges sys admins to upgrade immediately, to defend against the "high risk" bug.
Sys admins are urged to upgrade BIND servers to versions 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1 of the software, which defend against the flaw.
Microsoft's Bing search engine will power the Yahoo website and Yahoo will in turn become the advertising sales team for Microsoft's online offering.
Yahoo has been struggling to make profits in recent years.
The card will be offered to members of the public in the Greater Manchester area from the end of this year.
Ministers plan to launch the £30 biometric ID card nationwide in 2011 or 2012 - but it will not be compulsory.
Opposition spokesmen said it was a "colossal waste of money" and civil liberty groups said it was "as costly to our pockets as to our privacy".
The Boston University student, Joel Tenenbaum, had admitted in court that he had downloaded and distributed 30 songs at issue in the case.
It is the second such case to go to trial in the US.
In the first case, a woman in Minneapolis was ordered to pay $1.92m for sharing 24 songs.
On Friday, the jury ordered Mr Tenebaum to pay $22,500 for each infringement. The maximum that he could have been fined was $4.5m.
Although not without controversy, the initial testing of the Australian government's Internet filtering system has gone off fairly well, according to reports from some of the participating ISPs. Five of the nine ISPs testing the government's filtering system reported few problems during testing, even though only 15 customers participated at one and a couple of customers at another were unable to access a completely legal porn site. The other four IPs have either yet to comment on the filter's performance or have refused to talk publicly about the results.
Australia's government first announced its intention to add a Great Barrier Reef of sorts around the nation's virtual shores nearly two years ago, in August 2007. Initial testing began in the island state of Tasmania in February 2008, with cost estimates running as high as AUS$189 million (about US$154 million). The filters were originally intended to be on by default, with consumers able to opt out.
The score was Pirates 1, Microsoft 0, but Redmond has tied it up. Microsoft has blacklisted the Lenovo OEM master key that leaked earlier this week, explaining that "Windows 7 already includes an improved ability to detect hacks, also known as activation exploits, and alert customers who are using a pirated copy" and that "Windows Activation Technologies included in Windows 7 are designed to handle situations such as this one, and customers using these tools and methods should expect Windows to detect them." Microsoft and Lenovo worked together to solve the issue, according to the Genuine Windows Blog:
We've worked with that manufacturer so that customers who purchase genuine copies of Windows 7 from this manufacturer will experience no issues validating their copy of Windows 7. At the same time we will seek to alert customers who are using the leaked key that they are running a non-genuine copy of Windows. It's important to note that no PCs will be sold that will use this key.
Gary McKinnon has lost his high court bid in the U.K. to avoid extradition to the U.S. for hacking into military systems.
McKinnon had tried to argue that former home secretary, Jacqui Smith, was legally wrong to push for the extradition despite his diagnosis of Asperger's syndrome and that the director of public prosecutions was also wrong to opt for extradition despite having sufficient evidence to prosecute McKinnon in the U.K.
However, Lord Justice Stanley Burnton and Justice Alan Wilkie dismissed both claims on Friday. McKinnon now has 28 days to launch an appeal at the Royal Courts of Justice. According to his solicitor, Karen Todner, McKinnon and his legal team will also appeal to the Law Lords, and Todner has made a fresh approach to President Obama
An Amsterdam court has ordered The Pirate Bay to block all Dutch visitors to its website, threatening the site administrators with daily fines for noncompliance.
Dutch antipiracy group Stichting BREIN, whose website is still down from an extended denial of service attack, filed a suit against the three Pirate Bay administrators who were found guilty earlier this year of aiding copyright infringement in Sweden—despite the fact that the three claim not to own the site. (They say it is owned by a Seychelles company called Reservella.)
None of the men showed up in the Dutch court, claiming they had heard nothing of the lawsuit (BREIN says that it contacted them through mail, e-mail, Twitter, and Facebook). Peter Sunde, The Pirate Bay's most public face, also announced that he was filing a defamation suit (in Sweden) against Tim Kuik, BREIN's chief.
This weekend did not go well for AT&T. The broadband provider began blocking access to parts of 4chan on Sunday (img.4chan.org, which of course includes /b/) thanks to what AT&T says was a denial of service attack coming from that domain. AT&T was uncommunicative with customers at the onset of the 4chan blockage, leaving many users questioning whether the telecom was trying to censor 4chan. AT&T's official silence on the matter also led some 4chan denizens to launch attacks against the company.
The block began in the early evening Sunday and went on through the night, with numerous users (including some of our own staff members) confirming that they were unable to access 4chan's image servers. Why? According to an Anonymous posting on 4chan itself, it seems as if there were hundreds of thousands of connections being made from the IP address of the image server (888,979 at the time of that posting, to be exact).
A new and very impressive attack against AES has just been announced.
Over the past couple of months, there have been two (the second blogged about here) new cryptanalysis papers on AES. The attacks presented in the paper are not practical -- they're far too complex, they're related-key attacks, and they're against larger-key versions and not the 128-bit version that most implementations use -- but they are impressive pieces of work all the same.
This new attack, by Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir, is much more devastating.
damn - we finally could have gotten the standing ovations we deserveSomehow I find this unlikely...