226
General Software Discussion / Re: 2 Speed tips for FF-gHacks
« on: July 28, 2009, 07:01 PM »
f0dder, how do we defragment our sqlite files?
Ehtyar.
Ehtyar.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Her magesty, miss Jet (notice the paws) | Jet after Christmas dinner |
Jet eying the Christmas turkey | Jet at New Years |
I just thought the rule was that no major new version was to be offered through auto-update just like one couldn't auto-update to v3 from v2, but v2.x upgrades were still offered to v2.x users.Nope. See here.-Innuendo (July 27, 2009, 03:55 PM)
Hi all. Enjoy As usual, you can find last week's news here. |
In a disclosure that has implications for the security of e-commerce and Web 2.0 sites everywhere, a researcher has perfected a technique for stealing unique identifiers used to prevent unauthorized access to email accounts and other private resources.
Websites typically append a random sequence of characters to URLs after a user has entered a correct password. The token is designed to prevent CSRF (cross-site request forgery) attacks, which trick websites into executing unauthorized commands by exploiting the trust they have for a given user's browser. The token is generally unique for each user, preventing an attacker from using CSRF attacks to rifle through a victim's account simply by sending a generic URL to a website.
A breach at Network Solutions has exposed details for more than 500,000 credit and debit cards after hackers penetrated a system it used to deliver e-commerce services and planted software that diverted transactions to a rogue server, the hosting company said late Friday.
The unauthorized software was in place from March 12 to June 8 and affected transactions Network Solutions processed on behalf of 4,343 merchant websites that mostly belonged to small businesses, spokeswoman Susan Wade said. While the company discovered the software in early June, it waited until the close of business Friday to disclose the breach. Wade said it took until July 13 for forensics investigators to crack the code and understand how it worked.
Palm passive-aggressively fired back at Apple in its 1.1.0 update to the Pre's webOS Thursday night. Among the handful of changes that came with the point update, the software restores syncing functionality with iTunes after Apple unceremoniously "fixed" the "problem" last week. The move is the latest in this high-profile cat-and-mouse game between Apple and Palm, and Palm seems to be willing to keep poking the fate bear—but to what end?
webOS 1.1.0 isn't all about iTunes compatibility. Among other things, it contains a number of useful updates to the Pre, including better timezone support in the Clock application, improved syncing with Google when you edit a Google contact, and the addition of emoticons in text, multimedia, and instant messages. The software also gained some enterprise features in the form of Exchange ActiveSync (EAS) support that allows for remote wipe, PIN/passwords, inactivity timeouts, and improved certificate handling.
The technique exploits simple physics and can be used to charge a range of electronic devices over many metres.
Eric Giler, chief executive of US firm Witricity, showed mobile phones and televisions charging wirelessly at the TED Global conference in Oxford.
He said the system could replace the miles of expensive power cables and billions of disposable batteries.
"There is something like 40 billion disposable batteries built every year for power that, generally speaking, is used within a few inches or feet of where there is very inexpensive power," he said.
Although Intel may have been hit with a bigger fine, the multi-year saga of Microsoft's fight with the European Union's Competition Commission may have run up larger legal bills, given its longevity. The most recent point of contention between Redmond and Europe has been the browser; Microsoft bundles its own with its operating systems, but the EU views that as using monopoly power to the detriment of potential competitors.
Earlier this month, word came out that Microsoft was looking to make this matter go away, and it may have succeeded; the European Commission has just announced that Microsoft has agreed to proposed EU remedies and is willing to offer a "browser ballot" to new users.
Microsoft is contributing approximately 20,000 lines of source code to the Linux kernel with the aim of improving support for running the Linux operating system in virtualized environments on Windows servers. The move is part of a broader trend at Microsoft towards collaboration with the open source software community.
Prominent Linux kernel developer Greg Kroah-Hartman announced the code submission today in a message posted to the Linux kernel mailing list. He says that the new drivers contributed by Microsoft will soon land in the staging tree where they will undergo some refinement before they are merged directly into the mainline kernel. Microsoft is making the code available under the terms of GNU's General Public License (GPL), the open source software license that is used by the Linux kernel.
Intel has announced two new solid state disk drives made on its leading-edge 34nm process. The two new SSDs are X25M SATA parts weighing in at 80GB and 160GB, and they're meant to replace Intel's existing X25M drives in those capacities, but at 60 percent less cost and with better performance. The 80GB X25-M is $225 in lots of 1,000 (down from $595), and the 160GB is $440 (from $945). That's some serious discounting, and it may well drive even more SSD uptake in the coming quarters despite the ongoing IT spending crunch.
So what do you get for 60 percent less? In a word, speed. The new drives boast a 25 percent reduction in read latency, which was already about 60x the speed of an average hard disk; write performance has also doubled with this new generation.
The government could be building a giant map of social networks using Facebook and Twitter, scraping MySpace pages, or mining the metadata associated with cellular phone calls in order to look for communication patterns. On the other hand, all of that computer power that the NSA is aggregating at the datacenters that are coming online could just be for the limited purpose of snooping voice calls and e-mail coming into and out of the US, but such narrow use is unlikely.
What the NSA is doing with its massive and growing capabilities is still a secret, but it's probably an extension of DoD efforts at mapping social networks that extend back to the early part of the decade. A new EFF lawsuit filed this week could finally shed at least a little more light on the nature of these classified activities, so that we can know for sure whether some descendent of John Poindexter's Total Information Awareness program lives on at the NSA.
There were other features taking higher billing in the iPhone 3GS' announcement than its hardware-level encryption -- hell, even the magnetic compass was getting more play -- but it's there, and Apple's actively marketing the bit-scrambling capability to enterprise clients. Problem is, hackers are apparently having a field day with it, rendering it useless in all but name.
C++ | ||
C | ||
HTML | ||
JavaScript | ||
Perl | ||
PHP |
Hi all. Enjoy As usual, you can find last week's news here. |
Police in the Australian state of Queensland are to go on the hunt for unsecured wireless networks.
Claiming that "the crooks are out there driving around trying to identify these [open] networks", Queensland Police Detective Superintendent Brian Hay told local site ITnews that the Boys in Blue will now do the same.
Folk found to be in possession of an un-WEPed WLAN will be warned of the dangers they face, as will wireless router owners who enabled security but retained the default password.
A recently published attack exploiting newer versions of the Linux kernel is getting plenty of notice because it works even when security enhancements are running and the bug is virtually impossible to detect in source code reviews.
The exploit code was released Friday by Brad Spengler of grsecurity, a developer of applications that enhance the security of the open-source OS. While it targets Linux versions that have yet to be adopted by most vendors, the bug has captured the attention of security researchers, who say it exposes overlooked weaknesses.
An investigation by Canada's privacy commission found the US-based website also gave "confusing or incomplete" information to subscribers.
Facebook says it is aiming to safeguard users' privacy without compromising their experience of the site.
More than 200 million people actively use Facebook.
They include about 12 million in Canada, more than one in three of the population.
Amazon.com shocked customers yesterday when it reached out to hundreds, if not thousands of Kindles and simply deleted texts that users had not only purchased, but had started to read. A literary coitus interruptus, Amazon spoiled the readers' descent into Orwellian masochism with nary a warning or apology.
Sometime on Thursday, users had an eerie feeling that they were being watched, receiving emails stating that their purchases were being refunded. When they connected to the Kindle's WhisperNet, the purchases in question were automatically deleted. Some could only wonder: how often could this happen? Perhaps theThought PoliceAmazon Customer Service team could cut off your books whenever they wanted to.
Earlier this year, Mozilla's design gurus began exploring the possibility of improving on the principle of tabbed browsing. They launched a discussion about various ways to transcend the limitations imposed by the current tab system.
To encourage broader community participation in this discussion, Mozilla Labs launched a competition and called for designers to submit mockups and concept art that depicted new ideas and interfaces for tabbed browsing. The results of the Summer Design Challenge were announced this week and Mozilla has published the best entries.
If you think you're safe from man-in-the-middle (MITM) attacks as long as you're visiting an Extended Validation SSL (EV SSL) site, then think again: Researchers will release a new tool at Black Hat USA later this month that lets an attacker hack into a user's session on an EV SSL-secured site.
Mike Zusman and Alex Sotirov -- who in March first demonstrated possible MITM attacks on EV SSL at CanSecWest -- will release for the first time their proxy tool at the Las Vegas conference, as well as demonstrate variations on the attacks they have discovered. The Python-based tool can launch an attack even with the secure green badge displaying on the screen: "It doesn't alert the user that anything fishy is going on," says Zusman, principal consultant at Intrepidus.
An update pushed out to BlackBerry users on the Etisalat network in the United Arab Emirates appears to contain remotely-triggered spyware that allows the interception of messages and emails, as well as crippling battery life.
Sent out as a WAP Push message, the update installs a Java file that one curious customer decided to take a closer look at, only to discover an application intended to intercept both email and text messages, sending a copy to an Etisalat server without the user being aware of anything beyond a slightly excessive battery drain.
A technical snafu left some Visa prepaid cardholders stunned and horrified Monday to see a $23,148,855,308,184,500 charge on their statements.
Josh Muszynski noticed the 17-digit charge while making a routine balance inquiry.
That's about 2,007 times the size of the national debt.
Josh Muszynski, 22, of Manchester, New Hampshire, was one Visa customer aghast to find the 17-digit charge on his bill. Adding insult to injury, he had also been hit with a $15 overdraft fee.
An unidentified hacker has exposed confidential corporate and personal information belonging to microblogging site Twitter and its employees after breaching electronic accounts belonging to several people close to the company.
The episode is the latest reminder that the convenience of cloud-based services that store spreadsheets and other information online cut both ways. While they make it easy to access personal notes from anywhere in the world, they also open up the information to theft - especially when the owners are highly public individuals who didn't take due care to safeguard the data in the first place.
If they sold something that wasn't theirs to sell, then I'm not sure that anyone can say that it is wrong for the items to be 'returned' and the money paid back to them.Utterly disgusting behavior from Amazon.-Dormouse (July 18, 2009, 06:42 AM)
CompuServe isn't exactly gone. It's changed into another Webmail system, i.e. supply your own ISP instead of using CompuServe itself. There's no option for POP3 that I can see, which is a pity as most of the alternatives I've tried do have POP3.That's gone if you ask me, they're just letting everyone keep their email addresses (assuming someone somewhere still holds one).-rjbull (July 13, 2009, 09:45 AM)
Hi all. Enjoy As usual, you can find last week's news here. |
Predicting a person's social security number is a lot easier than previously thought, according to new scientific research that has important implications for identity theft.
Armed with publicly available information about where and when an individual was born, researchers from Carnegie Mellon University were able to guess the first five digits of a SSN on the first try for 44 percent of people born after 1989. The success rate balloons to as high as 90 percent for individuals born after 1989 in less populous states such as Vermont. Success rates also rise when the researchers got more guesses. The first five digits for six of 10 SSNs can be identified with just two attempts.
The slow loris is an exotic animal of southeast Asia that is best known for its slow, deliberate movements. This characterizes the technique used by a new Denial of Service (DoS) tool that has been named after the animal. Slowloris was released to the public by security researcher "RSnake" on June 17. Unlike previously utilized DoS methods, slowloris works silently. Still, it results in a quick and complete halt of the victim's Apache web server.
A North Carolina teenager has been arrested and accused of phoning in bomb threats to schools and universities so he could charge admission for people to watch in real time over webcams as police responded.
Ashton C. Lundeby, 16, of Oxford, North Carolina took part in a group that used VoIP, or voice over IP, software and online gaming services to pull off the public stunts, which attracted hundreds of spectators, according to documents filed in federal court in Indiana Wednesday. Lundeby made bomb threats against 13 colleges or schools from the middle of 2008 through early March, prosecutors allege.
Websites belonging to the federal government, regulatory agencies and private companies have been struggling against sustained online attacks that began on the Independence Day holiday, according to multiple published reports.
At time of writing, most of the targets appeared to be afloat. Nonetheless, several targets have buckled under the DDoS, or distributed denial of service, attacks, which try to bring down a website by bombarding it with more traffic than it can handle. FTC.gov was experiencing "technical issues" on Monday and Tuesday that prevented many people from reaching the site, spokesman Peter Kaplan said.
Thousands (Millions?) of sites img src'ing from imageshack are now displaying this hacked image. Certainly one of the largest pwnages I've seen in a long time. This is also the same group which recently hacked Astalvista.
Hoping to protect its top-secret operations by decentralizing its massive computer hubs, the National Security Agency will build a 1-million-square-foot data center at Utah's Camp Williams.
The years-in-the-making project, which may cost billions over time, got a $181 million start last week when President Obama signed a war spending bill in which Congress agreed to pay for primary construction, power access and security infrastructure. The enormous building, which will have a footprint about three times the size of the Utah State Capitol building, will be constructed on a 20
A little piece of Internet history has now been laid to rest, as CompuServe was shut down for good just before this Fourth of July weekend. After some 30 years of service, CompuServe's new owner has finally pulled the plug, leaving us to reminisce about the days when the Internet was young and we were still using modems whose speed was measured in baud.
Most of us remember CompuServe fondly as one of the main Internet services from the 80s and 90s, and associate it with some of our first dabblings in the online world. Along with Prodigy, CompuServe offered a data connection to people across the globe, a connection that few had previously had at home. It set an early example for companies like AOL and even Apple's eWorld that launched in the early-to-mid 90s.
A Russian programmer named Sergey Aleynikov was picked up this past Friday by the FBI for allegedly stealing and passing along code that, if circulating out in the wild, could expose US markets to manipulation and cost Aleynikov's former employer, Goldman Sachs, millions. Bloomberg quotes assistant US Attorney Facciponti saying that "there is a danger that somebody who knew how to use this program could use it to manipulate markets in unfair ways. The copy in Germany is still out there, and we at this time do not know who else has access to it."
So how could a 32MB compressed source code archive pose a threat to markets and to America's most powerful investment bank? The story is actually less complex than it may sound.
Google is building its own operating system aimed at eliminating malware problems at the consumer's desktop.
The company late yesterday announced its work on the new Google Chrome OS, a lightweight OS that sits atop a Linux kernel and will run on X86 and ARM chips.
"We are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware," blogged Google's Sundar Pichai, vice president for product management, and Linus Upson, engineering director. "Most of the user experience takes place on the Web."
Hi all. Not sure if anyone was caught by the bug in which only 3 stories were visible last week, but this should be fixed from now on. Pleeeeease let me know if it happens again, thanks guys. Sorry for being late people, had a (sober mind you) 21st yesterday. Laser tag is fuuuuuun!! As usual, you can find last week's news here. |
Quantum computing has the potential to easily crack current cryptography systems, simulate chemical and nanochemical quantum systems, and speed up the search for solutions of certain types of math problems called NP Complete problems. Many have raced to create the world's first quantum processor.
In 2007 D-Wave, a Canadian firm, claimed to have created the world's first quantum computing chip. Debate about whether the chip is a true quantum computer has raged, while the company has continued to release claims of improved "quantum chips" -- with the latest being a 128 qubit chip. Researchers, though, are skeptical of these claims.
Now, researchers at Yale University claim that they have created the world's first solid state quantum processor. The new chip, at the very least is the first processor to be officially reported in a peer-reviewed journal. The research appears in the journal Nature's June 28 advanced publication listing.
A talk demonstrating security weaknesses in a widely used automatic teller machine has been pulled from next month's Black Hat conference after the machine vendor placed pressure on the speaker's employer.
Juniper Networks, a provider of network devices and security services, said it delayed the talk by its employee Barnaby Jack at the request of the ATM vendor. The talk promised to "explore both local and remote attack vectors, and finish with a live demonstration of an attack on an unmodified, stock ATM," according to a description of the talk pulled from the Black Hat website in the past 24 hours.
"Juniper believes that Jack's research is important to be presented in a public forum in order to advance the state of security," the company said in a statement. "However, the affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected. Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack's presentation until all affected vendors have sufficiently addressed the issues found his research."
Cryptographic researchers have uncovered a chink in the armour of the widely used AES algorithm.
The attacks pose no immediate threat to the security of AES, but they do illustrate a technique for extracting keys that is better than simply trying every possible key combination.
Instead of such a brute force approach, the researchers have derived a technique based on "finding local collisions in block ciphers and enhanced with the boomerang switching techniques to gain free rounds in the middle". Collisions in cryptographic happen when two different inputs produce the same output.
The US Supreme Court this morning refused to hear a final appeal in the Cablevision remote DVR case, thereby bringing the years-long litigation to a close. Despite the continued objections of broadcasters, video providers like Cablevision will be allowed to offer "box less" DVR service to customers.
The central question in the case might seem an arcane one: does it matter where a hard drive lives? Cablevision said no, and prepared to launch a service in which all of the digital video recorder's hardware lived in the cable company's central office. Subscribers would still have to choose which shows to record, how long to keep them for, and when to view them, using their television sets and cable boxes as a front-end to the system. Cable companies would no longer need to service and distribute hundreds of thousands of DVRs to customer homes.
To broadcasters, though, this was an unacceptable blurring of the line between a cable company and a rights holder. In their view, Cablevision had no right to archive and retransmit Their programming at its discretion. They sued.
The Pirate Bay has been sold—and the new owners plan to make it a legal service that allows "content providers and copyright owners [to] get paid for content that is downloaded via the site."
Global Gaming Factory X AB, a Swedish firm that runs Internet cafes and game centers, plans to buy The Pirate Bay for 60 million kronor, twice the fine that was slapped on The Pirate Bay defendants by a Stockholm court earlier this year.
Some black holes are too big. Some black holes are too small. A letter appearing in this week's edition of Nature describes how astronomers may have found one that is just right.
The letter, written by a team of British and French astronomers, does not state that they have found an intermediate mass black hole—one that could be termed just right—but that they have found an object where most other explanations fail to explain its behavior.
The object, 2XMM J011028.1-460421 or (more conveniently) HLX-1, is a source of ultraluminous X-rays near the spiral galaxy ESO 243-49. These X-rays have been postulated to be the product of an intermediate mass black hole, one between 100 and 10,000 solar masses, but to date no candidate object has been widely accepted.
Microsoft's recent lawsuit against TomTom, alleging infringement of filesystem patents, has left many questions unanswered about the legal implications of distributing open source implementations of Microsoft's FAT filesystem. A new Linux kernel patch that was published last week offers a workaround that might make it possible to continue including FAT in Linux without using methods that are covered by Microsoft's patents.
The patent dispute erupted in February when Microsoft sued portable navigation device maker TomTom. Microsoft claimed that TomTom's Linux-based GPS products infringe on several of its patents, including two that cover specific characteristics of FAT, a filesystem devised by Microsoft that is widely used on removable storage devices such as USB thumb drives and memory cards. The dispute escalated when TomTom retaliated with a counter-suit, but it was eventually settled in March when TomTom agreed to remove the relevant functionality.
The Chinese government has decided to delay the implementation of its controversial client-side filtering software, Green Dam Youth Escort. The deadline for PC makers to preinstall or package the software was originally set for July 1, but it has now been pushed back to an unspecified date.
A representative from the Ministry of Industry and Information Technology (MIIT) confirmed to Xinhua that the deadline had been moved at the request of some computer makers. As a result, the deadline of July 1 won't be enforced for PC makers, though the ministry still plans to provide free downloads of Green Dam for schools and Internet cafes as of that date. "The ministry would also keep on soliciting opinions to perfect the preinstallation plan," wrote Xinhua.