276
Recent Posts
I guess the next Endnote version will introduce an encrypted file-format?See the problem is I think what EndNote was trying to do with that case was to set a precedent that would prevent anyone from reverse-enginerring their format in the future. Introducing an encrypted format would just start a war between EndNote and the Open community, which most people would bet the community would win due to their vast resources, particularly given that EndNote is such a popular product with few FOSS alternatives.-Lutz_ (June 08, 2009, 02:28 PM)
#4 & #8 - we'll have to go back to cash one of these days . .Heh, if only "progress" hadn't backed us into such a corner. In all fairness, the chip and pin thing was just security by obscurity. Anyone with enough money to burn these days can get their hands on an active RFID reader, then there's just the question of getting the PIN, for where there are already a scrillion methods to choose from...-tomos (June 08, 2009, 09:13 AM)
#4I'd call it "suspicious", to say the least. Halifax, and indeed any bank in all of Europe (soon to be just about every Western nation) had a lot riding on this case. It was definitely in their best interests to win it.Job's barrister, Stephen Mason, told IDG that Halifax had junked evidence that might have ascertained if a cloned card was used. The original ATM card and the Authorisation Request Cryptogram were destroyed by Halifax.possibly just a mistake by Halifax. but odd-tomos (June 08, 2009, 09:13 AM)
If someone is a sci-fi fan and wants a far-reaching epic storyline and is willing to make a time investment look no farther than Babylon 5. With a non-static world where if something happens in one episode it is true in all subsequent episodes and story arcs that reach across seasons it's a very well-written space opera with a widely varied cast of characters with plenty of intrigue & cloak and dagger mystery.+1 +1 +1-Innuendo (June 08, 2009, 01:48 PM)
| Hi all. As you have likely already noticed, I am a day late yet again. My apologies. My godmother is in town for the first time since I was too young to remember her visit and it's been quite a blast. As the Aussies will know, it is also the Queen's Birthday long weekend, thus I've been busy having fun for the past 3 days  Being a citizen of a nation full of monarchists does have the occasional advantage  As usual, you can find last week's news here. |
An open source software project got some good news this week, as a judge dismissed a suit brought by the maker of a commercial alternative. Thomson Reuters, which makes EndNote, an academic reference management product, had filed suit against George Mason University, claiming that its support of the open source Zotero project, which imports EndNote files, was in contravention of the university's license to EndNote. The suit, which requested an injunction against the distribution of Zotero, has now been dismissed. Depending on whether Thomson Reuters appeals or refiles the suit, this may leave Zotero in the clear.
Academic reference managers, which allow their users to keep track of the publications that they cite when writing up their own research, are a fairly specialized market. EndNote has a number of features that make it a compelling option, including a series of filters for online search queries and tight integration with document preparation software, notably Microsoft Word. It also offers one of the few cross-platform options on the market, and has a large library of reference styles to match the formats used by different journals. But there is also a degree of product lock-in, as many researchers have built up libraries of thousands of references over the years.
Secretary of State Hillary Clinton announced a new program at the State Department, the Global Partnership Initiative, earlier this year. The initiative seeks to increase partnerships between the public and private sectors to help solve a number of pressing global issues. One of the first fruits of the Global Partnership Initiative was a series of TED Talks, dubbed TED@State, held yesterday afternoon at the State Department's Dean Acheson Auditorium.
Those in tech circles are likely familiar with TED Talks. They're short (up to 18 minute) presentations, often filled with a variety of insights and prognostications, which primarily happen at the annual TED Conference. TED, which stands for technology, entertainment, and design, began 25 years ago to bring together people from these three fields to discuss "ideas worth spreading." Since its relatively humble beginnings in 1984, however, TED has expanded its scope considerably, adding TED Global and TED India to the conference schedule and sponsoring an annual TED Prize that awards $100,000 grants to three "exceptional" recipients to help grant their "one wish to change the world."
Those waiting anxiously for the next version of Windows now have a date to anticipate. Microsoft has confirmed that Windows 7 will be launched on October 22, 2009. This date, which is referred to as General Availability (GA), is in line with Microsoft's previous statement saying that it would have Windows 7 and Windows Server 2008 R2 ready by the holidays. After the software giant unleashed the official Release Candidate on May 5, it became apparent that development on the follow-up to Vista was close to wrapping up.
Microsoft senior VP Bill Veghte revealed the company's launch plans in an interview Tuesday morning. "The feedback from the release candidate has been good," Veghte told CNET. Furthermore, the RTM (Release to Manufacturing) build is expected to be made available to Microsoft partners in the last two weeks of July, according to Channel 10.
Security experts have discovered a family of data-stealing trojans that have burrowed into automatic teller machines in Eastern Europe over the past 18 months.
The malware logs the magnetic-stripe data and personal identification number of cards used at an infected machine and provides an intuitive interface for retrieving the information using the ATM's receipt printer, according to analysts from SpiderLabs, the research arm of security firm Trustwave. Since late 2007 or so, there have been at least 16 updates to the software, an indication that the authors are working hard to perfect their tool.
"They're following more of a rapid development lifecycle," Nicholas Percoco, vice president and head of SpiderLabs, told The Register. "They're seeing what works and putting out new versions."
The US government said Wednesday it plans to digitally sign the internet's root zone by the end of the year, a move that would end years of inaction securing the internet's most important asset.
The US Department of Commerce's National Telecommunications and Information Administration (NTIA) said it was turning to ICANN, or the Internet Corporation for Assigned Names and Numbers, and VeriSign to implement the measure, which is known as DNSSEC. In October, the two organizations submitted separate proposals that offered sharply contrasting visions for putting the complicated framework in place.
Microsoft has unveiled its new control system for the Xbox 360 console, at E3 in Los Angeles.
Project Natal is a fully hands-free control system that will use face recognition and motion sensors to allow users to play games.
Film director Steven Spielberg, attending the launch, said it was "a window into what the future holds".
Although still in the early stages, Microsoft has sent prototypes to all the main game developers.
Yesterday evening, after writing the previous two articles on the battle between Intel and ARM + NVIDIA for the ultramobile space, I was telling our Linux editor why I think Intel pours so many resources into Moblin and other parts of the Linux ecosystem: they want to keep x86-based Linux well ahead of ARM, because the software stack is critical to making inroads in low-power mobile and embedded applications. But while Moblin might be fine for web tablets and the like, real embedded customers of the sort that Intel would ultimately like to poach from ARM run the VxWorks real-time OS by Wind River. So this morning, Intel has announced that it is going to do with VxWorks what it cannot do with Linux—it's just buying the whole thing.
Intel plans to buy Wind River for a cool $884 million in cash, and it seems likely that it plans to extend their Linux strategy to this new OS. Intel's announcement on the deal emphasizes that Wind River will be run as a subsidiary of Intel, and that "Wind River will continue to develop innovative, commercial-grade software platforms that support multiple hardware architectures that are optimized for the needs of its many embedded and mobile customers." But Intel isn't shy about trumpeting the fact that Wind River will now turn considerable attention to the x86 port of VxWorks.
Halifax, the UK retail bank, has scored a victory in a closely-watched 'phantom withdrawal' case that put the security of Chip and PIN on trial.
Halifax customer Alain Job sued the bank after he was held liable for making eight disputed cash machine withdrawals from his account. Job was left £2,100 out of pocket from the series of withdrawals in February 2006 and launched a lawsuit after failing to obtain a refund from the bank, or through arbitration.
Cases over "phantom withdrawals", where money is withdrawn from bank ATMs without the card holder's permission and where card details have not being divulged to third parties, are commonplace, even in the UK.
Researchers for some time have demonstrated the possibility of one of virtualization's worst nightmares -- a guest virtual machine (VM) infiltrating and hacking its host system. Now another commercial tool is offering an exploit that does exactly that.
The newest version of Immunity's Canvas commercial penetration testing tool, v6.47, includes the so-called Cloudburst attack module, which was developed by Immunity researcher Kostya Kortchinsky to exploit a VMWare vulnerability (CVE-2009-1244) in VMware Workstation that lets a user or attacker in a "guest" VM break into the actual host operating environment. VMware issued a patch for the bug in April.
Yes man, the historical security group ASTALAVISTA has been destroyed by anti-sec group. I really didn't know who anti-sec group was, but they're truly amazing. I started my personal security carrier in sites such as ASTALAVISTA where security lovers meet each others sharing information and experiences, but sincerely I don't miss the ASTALAVISTA community. According to anti-sec group :
Why has Astalavista been targeted?
Other than the fact that they are not doing any of this for the "community" but
for the money, they spread exploits for kids, claim to be a security community
(with no real sense of security on their own servers), and they charge you $6.66
per months to access a dead forum with a directory filled with public releases
and outdated / broken services.
On OpenID requirement:While I do understand the point he makes with regard to storing user credentials, you cannot tell me there are not solid and well proven frameworks in just about every language under the sun for storing user credentials securely. Where people become unstuck is when they decide to roll their own and inevitably screw it up. Lazyness.The important thing to take away from this, if you're a programmer working on an application that stores user credentials, is to get the hell out of the business of storing user credentials! As we've seen today, the world is full of stupid users like me who do incredibly stupid things. Are you equipped and willing do everything necessary to protect idiots like me from myself? That's a key part of the promise of OpenID, and one of the reasons we chose it as the authentication system for Stack Overflow.-Lashiec (June 04, 2009, 06:33 PM)
On Gravatar:Spectacular lazyness, and cheapness. He's also having us sign up to yet another service, which is rather irresponsible/hypocritical given his standing on storing user credentials...
Let someone else host the avatars. This collides with the concerns he expressed about depending on external services (Akismet), but whatever.
-Lashiec (June 04, 2009, 06:33 PM)
On BBCode:I'm not sure I followed this one correctly, but it sounds like he's saying BBCode is the only sane alternative to letting your users put html in their posts. That is most definately correct, but it does not explain, nor justify, his development of a completely new syntax for his BBCode. One that makes substantially less sense than the kind we're all familiar with, I might add.With BBCode, if the user enters HTML you blow it away with extreme prejudice -- it's encoded, without exceptions. Easy. No thinking and barely any code required.
Since we use Markdown, we don't have that luxury. Like it or not, we are now in the nasty, brutish business of distinguishing "good" HTML markup from "evil" HTML markup. That's hard. Really hard. Dare and Jon are right to question the competency and maybe even the sanity of any developer who willingly decided to bite off that particular problem.-Lashiec (June 04, 2009, 06:33 PM)
On restrictions and CAPTCHAs:Not sure of your point here Lash Man. CAPTCHAs are fine, but not when you have to fill one out for your first 10 comments and votes. Just silly. If they're having such massive SPAM problems, get more moderators on board.
IIRC, Jeff wasn't a big believer in CAPTCHA, but seeing how he removed the famous "orange" method and opted for reCAPTCHA, I suppose it's done to avoid system abuse.And yup, reinventing bbcode is silly - especially because they (knowing Jeff's technical expertise) probably use regular expressions for parsing it-f0dder (June 03, 2009, 06:53 PM)-Lashiec (June 04, 2009, 06:33 PM)
If more sites supported OpenID and gravatar, it would be a really nifty thing - I'm tired of maintaining passwords for a zillion sites (and damned if I use the same multiple sites, considering how many places use unsafe password storing practices!)And here you are recommending the use of a single site to authenticate you on multiple sites.... I'm not sure being a bit concerned describes how I feel about it.-f0dder (June 03, 2009, 06:53 PM)
I love Star Wars, but I hate MMOs. They are just huge money and time sinks.Very well said. I'm also quite wary of this business model, but if the game is anything like the trailer, I'm going to have to give it a try.
If I wanted to 'grind' I'd go do some yard work.-Innuendo (June 02, 2009, 01:16 PM)
| Hi all. As usual, you can find last week's news here. |
Microsoft has warned of a critical security bug in older versions of its Windows operating system that is already being exploited in the wild to remotely execute malware on vulnerable machines.
The vulnerability in a Windows component known as DirectX is being targeted using booby-trapped QuickTime files, which when parsed can allow attackers to gain complete control of a computer. Because many browsers are designed to automatically play video, people can be compromised simply by visiting a site serving malicious files. Vista, Windows Server 2008 and the beta version of Windows 7 are not affected, and neither is Apple's QuickTime player, Microsoft said.
US media giant Time Warner says its board has approved plans to spin off its AOL internet division as a separate company by the end of this year.
Time Warner will buy the 5% of AOL it does not already own from Google, then offer the firm to its own shareholders.
Canonical is building an Android execution environment that will make it possible for Android applications to run on Ubuntu and potentially other conventional Linux distributions. The effort will open the door for bringing Android's growing ecosystem of third-party software to the desktop.
Google's Linux-based Android platform is attracting a lot of attention. The new version significantly improves the platform's reliability and could make it look a lot more appealing to carriers and handset makers. The availability of an experimental x86 port has caused some people to speculate that Android might have a place in the netbook market.
When Google's Chrome web browser debuted with much fanfare last year, it was Windows-only and not cross-platform compatible. The developers soon began working on Linux and Mac OS X ports of the browser's underlying open source Chromium code base. These ports are beginning to mature and could soon be ready for regular users.
We took a look at the Mac OS X port of Chromium a few months ago, but the Linux port was still barely functional at the time. A lot of progress has been made since then and the Linux version is now in the alpha stage. We tested it on Ubuntu 9.04 to see how it compares with the latest release of Chrome for Windows. There are still missing features and lots of rendering bugs, but it is clearly moving in the right direction.
The SATA International Organization, the industry consortium governing Serial ATA interfaces, yesterday released a finalized version of the SATA 3.0 specification, which features 6.0Gbps data transfers and a number of improved features while remaining completely backwards-compatible with existing drives, controllers, connectors, and cables. While current hard disk drives can't saturate SATA 2.0's 3Gbps data rate, SSDs can, and the new features are moderately compelling.
SATA launched in 2001, and has been through one prior speed bump, from 1.5Gbps to 3.0Gbps. The IDE-SATA transition and prior bump were both timed to give the industry about three years to adopt the new standard, making for a smooth transition, unlike, for instance, the 4GB file limit on FAT32 file systems, the 4GB memory limit on 32-bit x86 operating systems, or the 640k memory limit and extended/expanded memory misery of the 1980s. This new transition is significantly more urgent than the others, because SSDs are already saturating SATA 2.0.
Google is looking to change the way we use the Internet to communicate with a new service that it calls Google Wave. Wave was previewed Thursday during the Google I/O conference as a way to combine e-mail, chat, photos, feeds from around the Web, and more in a collaborative environment. The project is not only cool-sounding, it's also quite ambitious, and Google hopes it will eventually replace some of our uses for e-mail.
In a post to the Official Google Blog, Google Software Engineering Manager Lars Rasmussen discussed the evolution of Wave after he and his brother Jens joined Google. According to Rasmussen, too much of our Internet communication was created out of imitation of a real-life form (e-mail, live chat, document sharing), and as a result, it had become too segmented when it didn't have to be. "What if we tried designing a communications system that took advantage of computers' current abilities, rather than imitating non-electronic forms?"
Mac clone maker Psystar, after having been embroiled in a lawsuit with Apple since last July, has filed for Chapter 11 bankruptcy in the US Bankruptcy Court's Southern District of Florida. The filing gives Psystar a temporary stay in its legal proceedings with Apple, though it certainly calls into question the viability of the company's business plan.
Psystar began selling a Mac clone called "OpenMac," which the company quickly renamed "Open Computer," in April of 2008. After a couple months of nary a peep from Apple legal, a lawsuit was filed against Psystar in July. Since then, Psystar has attempted to countersue Apple for limiting installation of Mac OS X to Apple's own hardware. The filing for bankruptcy protection comes not long after the company was ordered to provide detailed financial information to Apple as part of the evidence discovery process.
The European Commission has moved to sue Sweden after the Nordic state failed to implement the EU's Data Retention Directive in a timely fashion.
The Directive was passed back in 2006 and requires all EU member states to implement some form of data retention legislation, with terms of six month to two years. National laws were to be in place by March of this year, but Sweden still has yet to introduce a bill of its own.
More than three years after Symantec unceremoniously pulled the plug on L0phtcrack, the seminal tool for auditing and cracking passwords is back with a set of new capabilities.
Starting Wednesday, L0phtcrack 6 is available from the same team of hackers who introduced it to the world a decade ago. The program was pulled from the market in late 2005 shortly after it was acquired by Symantec, presumably because its offensive capabilities didn't fit in with the company's portfolio of defensive products and services.
Don't forget AWESOME.And just a pinch of EPIC!-f0dder (May 25, 2009, 04:01 AM)
| Hi all. Check out the pics of my new Tech News mug below, THANKS MOUSE MAN!!! As usual, you can find last week's news here. |
Security researchers are stepping up their warnings about the Gumblar malware exploit as it continues to hijack webpages and manipulate Google results. Gumblar recently got the attention of the United States Computer Emergency Readiness Team (US-CERT), which noted on its website that Gumblar is alive and well and continues to circulate by hijacking vulnerable Web applications, poor configuration settings, or simply by stealing FTP credentials.
Experts who have been tracking Gumblar since March say that the malware directly manipulates files on Web servers after getting access to them. From there, the attack changes the files to inject scripts and distribute more malicious code out of gumblar.cn or from other, varying IP addresses. The code appears to target sites that show up in Google searches, according to the ScanSafe STAT Blog, and although Google began delisting compromised websites months ago, the code keeps changing, keeping Google on its toes.
No one's happy about The Pirate Bay verdict. The site admins, who are now on the hook for a collective 30 million kronor in damages plus one year each in jail, have charged that the judge was biased. But the movie and music businesses have filed an appeal of their own, saying that the 30 million kronor in damages wasn't nearly enough; the amount should be closer to Skr100 million (about US$13 million).
The "spectrial" became even more of a spectacle this week as the Swedish judiciary announced that it would consider The Pirate Bay's claims against the trial judge. That judge, Tomas Norström, belongs to the Swedish Copyright Association along with Henrik Pontén, Peter Danowsky, and Monique Wadsted—all lawyers who represented the recording industry in The Pirate Bay trial.
Google may want to store every bit that you have ever flipped, but it faces the problem that current data storage technology uses a relatively low-density, 2-D approach. Of course, holographic data storage has been touted as the answer to this problem ever since, well, since the first hologram was demonstrated. Despite its potential, holographic data storage has failed to gain market share. This is because the current generation of optical and magnetic storage media are actually simple, robust, and just good enough to hold the competition at bay.
The upshot is that, until magnetic bits can no longer be shrunk and multilayer optical discs reach their limits, any new technology has to have all the good features of current data storage techniques and be better. A bunch of Aussies think they might have hit the sweet spot with a new multilayer optical storage medium that has the potential to store data at around 1.1Tb/cm3. A standard DVD clocks in at 51MB in a square centimeter in each of its layers.
An old candy-bar style Nokia 1100 mobile phone has been used to break into someone's online bank account, affirming why criminals are willing to paying thousands of euros for the device.
Using special software written by hackers, certain models of the 1100 can be reprogrammed to use someone else's phone number and receive their SMS (Short Message Service) messages, said Max Becker, CTO of Ultrascan Knowledge Process Outsourcing, a subsidiary of fraud investigation firm Ultrascan.
The Free Software Foundation (FSF) has settled a GPL compliance lawsuit with network hardware maker Cisco. Under the terms of the settlement, Cisco will make a monetary donation to the FSF and appoint a Free Software Director to conduct continuous reviews of the company's license compliance practices.
The FSF filed a lawsuit against Cisco last year, alleging that Linksys—which is owned by Cisco—routinely failed to adhere to the requirements of GNU's General Public License (GPL), under which Linux and other open source software programs are distributed. The GPL stipulates that recipients of a software program must be permitted to study, modify, and redistribute the underlying source code. According to the FSF, Linksys often declined to provide source code upon request or failed to provide the complete source code of GPL-licensed programs that it integrated into its networking hardware products.
A mystery viral infection forced the FBI and US Marshals Service to pull the plug on parts of their respective computer networks on Thursday, AP reports.
A spokesperson for the US Marshals Service explained that it had disconnected some of its computers from the wider Justice Department systems, as a precaution against spreading the as yet unidentified malware further. Access to internal email and the internet is being restricted at both the FBI and Marshals service while techies try to identify the precise cause of the problem.
Mozilla's call to developers to participate in its Jetpack project on Wednesday is the latest onslaught in the ongoing war of the Web browsers.
Jetpack is an open source application programming interface (API) that will let users create add-ons for Mozilla's Firefox browser using the Web technologies they already know.
Wolfram Alpha is called a computation knowledge engine rather than a search engine and wants to change the way people use online data.
It aims to give people direct answers to queries rather than send them to other sites where they may find what they are seeking.
The material was uploaded under names of famous teenage celebrities such as Hannah Montana and Jonas Brothers.
Many started with footage of children's videos before groups of adults performing graphic sex acts appeared on screen.
YouTube owner Google said it was aware and addressing the problem.
Cryptographers are urging users of a widely employed network protocol to make sure they're running the latest version after discovering a flaw that could allow attackers to read data that's supposed to remain encrypted.
All programs that incorporate the OpenSSH implementation of SSH, short for Secure Shell, should make sure they use version 5.2, which provides several countermeasures to prevent the attacks. Other SSH implementations may be vulnerable as well, the researchers from the Information Security Group at the University of London's Royal Holloway said.
Thousands of Automatic Number Plate Recognition cameras are already operating on Britain's roads.
Police forces across England, Wales and Scotland will soon be able to share the information on one central computer.
Officers say it is a useful tool in fighting crime, but critics say the network is secretive and unregulated.
They walk the warrior's path and they devour horrible-looking bowlfuls of red worms, but hey, Klingons need malware protection too.
To help Worf and his compatriots in their trek for PC security, anti-virus maker Sophos has translated one of their tools into Klingon. Yes, really. It's now available as a free download from http://www.sophos.co.../klingon-anti-virus/.
People are so used to tabs now that if they opened a link in a new browser window it might seem like a revolutionary experience.On this morning's episode of Buzz Out Loud, one of the presenters mentioned exactly that phenomenon. I do think though that Firefox needs a few additional mechanisms to handle Windows more effectively. For example, moving tabs more efficiently between windows, an alt-tab type mechanism for windows perhaps....-MilesAhead (May 19, 2009, 08:17 PM)
