Recent Posts
A transferor that receives money or a right to payment of a monetary obligation in exchange for the software warrants to any party in the normal chain of distribution that the software contains no material hidden defects of which the transferor was aware at the time of the transfer. This warranty may not be excluded.
| Hi all. Sorry for the late posting this week, I got a last minute call from friends last night inviting me out for a second Star Trek viewing, and I just couldn't resist. I hope you don't mind  As usual, you can find last week's news here. |
A Trojan buried within counterfeit copies of Windows 7 RC was used to build a botnet of compromised PCs.
The tactic emerged after researchers from security firm Damballa shut down the command and control servers used to control the system, reckoned to have drafted thousands of Windows PCs into its compromised ranks. Damballa reckons malicious hackers distributed the malware by hiding it within counterfeit copies of pre-release versions of Microsoft's next operating system on offer through BitTorrent.
A popular website for users of flight simulation gear has been felled, most likely fatally, after malicious hackers attacked both of the servers housing more than 12 years worth of content supplied by its 60,000 members.
Tom Allensworth, the founder of Avsim.com, said in a statement that that an attack on Tuesday left the site "effectively destroyed." He added: "The method of the hack makes recovery difficult, if not impossible, to recover from. We are not able to predict when we will be back online, if we can come back at all."
Warnings just aren't good enough. That was the message delivered at a London conference today by a group of UK creative industries, which are demanding that ISPs start disconnecting users accused of repeated online copyright infringement. But the response from ISPs was clear: the creative industries can just shut their collective pie-hole until they do a better job of licensing legal content.
Although the Obama administration is indicating that it will be more aggressive about enforcing antitrust regulations, the European Union has been pursuing high-profile cases for years, having levied a large fine against Microsoft back in 2004, and hitting the software giant again last year. The latest target of the EU's Competition group is the chipmaker Intel and, this morning, the EU announced that it too would face a hefty fine: slightly over €1 billion, which comes in just shy of $1.5 billion. Intel is already promising to appeal but, in the meantime, it's going to have to drop over half a year of its current profits into a bank account in case its appeal fails.
The full decision, which is over 500 pages long, hasn't yet been released to the public, but a summary of the EU's case is available. It focuses primarily on the company's pricing practices during the years 2002-2005, when Intel was facing growing competition from AMD in the desktop and server space. The EU authorities also cite an instance of similar practices in the notebook space in 2007, a time when that market was rising in prominence.
The "cable-free living room" exists in the same futuristic space that holds the "paperless office" and the "coherent tax code"—and we'll believe in all of them just as soon as we see them. But a new consortium called the Wireless Gigabit Alliance says that it can help make the cable-free household a reality within the next few years by providing a wireless gigabit spec with enough bandwidth to transmit HD video.
The plan is like WiFi on steroids, and, just as with steroids, wireless gigabit comes with some serious drawbacks. These (fortunately) do not affect the gonads or cause 'roid rage, but they do mean that you won't likely be using wireless gigabit to transmit through walls. This is an in-room tech only, and therefore not a full replacement for the various WiFi specifications.
The legislation, backed by President Nicolas Sarkozy, was surprisingly voted down by the Assembly last month.
The bill sets a tough global precedent in cracking down on internet piracy, and is being closely watched by other governments as a potential deterrent.
The global music industry has been calling for tougher anti-piracy laws.
Sony reported a loss of 98.9bn yen ($1.04bn; £685m) for the year to the end of March, compared with a profit of 369.4bn yen the previous year.
The company blamed the global downturn and the strong yen for the loss. Worldwide sales were down 12.9%.
It had previously announced it would be cutting 8,000 of its 185,000 workforce and closing 10% of its factories.
Gmail and Google's news site were also reported as "sluggish" or unavailable to millions of users for about an hour.
This is not the first time the company has faced such problems.
"An error in one of our systems caused us to direct some of our traffic through Asia," said Urs Hoelzle, a spokesman for the company.
IDC's first quarter numbers are out for PC processors, and the picture is not a pretty one for Intel. There is typically a seasonal sequential decline in processor sales in the first quarter of any given year, and 2009 was no exception. The sequential decline this year was slightly worse than normal, but not catastrophically so, reflecting a slowing in the pace of the PC market's collapse. As Intel pointed out on its recent earnings call, the total free-fall in sales appears to be over, but things are still on a downslope.
The impact of this decline on the Intel vs. AMD dynamic was predictable—whenever money is tight, the budget vendor isn't hit quite as hard as the premium vendor, and that held true this time. While revenues and shipments declined at both companies, Intel was hurt worse and the result was that the company gave up about 4.6 percent of unit market share to rival AMD.
If the government can do this, aren't they morally bound to enforce liability against themselves?Awesome post CWuestefeld!!
If I elect a politician based on a promise that he breaks, can I hold him liable?
If he fails to vote against a bill that later has negative consequences, can I hold him liable?
If either answer is "yes", then why do politicians get held to looser standards when the amount of power they wield -- and thus the damage they can do -- is so great?-CWuestefeld (May 14, 2009, 01:52 PM)
However, I am going to play devil's advocate and say that Ehtyar's assertion that open source and free software must be held to a different standard is something that can't last forever, just putting a text file saying this software is "as is" is not just ok. Don't expect that kind of a thing to be workable/acceptable in 10 or 20 years time.I'm not really sure how you'd go about stopping someone from releasing software for which there is no cost if they refuse to take responsibility for it. Not to mention the international hurdles you'd have to get across. Seems ridiculous to hold someone responsible for something they freely give away which you are under no obligation to use. There's nothing that makes the "as is" agreement any less legally binding, or appropriate for that matter (in some cases it's more-so), than any other EULA.-rgdot (May 13, 2009, 09:53 PM)
That is just insane.Fortunately, I'm sure they're actually in change of anything specifically related to tech. The impression I get is that they were a part of some review into EU consumer protection regulations, and when they found that software makers weren't a part of it, they got all hoity toity about it because they have no clue as to how it works.
Who lets these people be in charge of things they know nothing about? How did the world get this way?-Deozaan (May 13, 2009, 09:27 PM)
it says something about VLC that despite the shortcomings, it still commands a respectable following..Very true, I can't argue that.-lanux128 (May 13, 2009, 08:21 PM)
They were supposedly implemented in a nightly but I have yet to see it. That and remembering what BLOODY FOLDER I WAS LAST BROWSING USING THE OPEN FILE DIALOG!!!!!!!!!!!!!!+1
-Josh (May 13, 2009, 07:13 PM)
I've decided to stop posting articles about data leaks and breaches except in exceptional cases from now onward as there are just too many of them.
I'm with you, though I do think the recent hacking of the Virginia health database (& subsequent ransom demands!) is especially reprehensible and worth a mention.-nosh (May 10, 2009, 07:48 AM)
| Hi all. I've decided to stop posting articles about data leaks and breaches except in exceptional cases from now onward as there are just too many of them. Please leave a comment if you have thoughts on this. As usual, you can find last week's news here. |
Smith announced that, instead of one giant £1 billion database, the government would put £2 billion towards helping ISPs and telcos retain customer data in separate databases. But what she didn't mention was that the £1 billion had already been allocated, and it would be used to link the individual databases together.
Both The Register and the Sunday Times cite sources that describe a large computing infrastructure build-out, with deep packet inspection capabilities and backbone traffic monitoring stations reminiscent of the ones that came to light in the US in 2006.
Researchers at the University of California Santa Barbara have published a paper (PDF) detailing their findings after hijacking a botnet for ten days earlier this year. Among other things, the researchers were able to collect 70GB of data that the bots stole from users, including 56,000 passwords gathered within a single hour. The information not only gave them a look at the inner workings of the botnet, they also got to see how secure users really are when it comes to online activities. (Hint: they aren't.)
The botnet in question is controlled by Torpig (also known as Sinowal), a malware program that aims to gather personal and financial information from Windows users. The researchers gained control of the Torpig botnet by exploiting a weakness in the way the bots try to locate their commands and control servers—the bots would generate a list of domains that they planned to contact next, but not all of those domains were registered yet. The researchers then registered the domains that the bots would resolve, and then set up servers where the bots could connect to find their commands. This method lasted for a full ten days before the botnet's controllers updated the system and cut the observation short.
The Internet Corporation for Assigned Names and Numbers (ICANN) should cut all remaining ties to the US government and become an independent entity, according to EU Information Society Commissioner Viviane Reding. Reading addressed the future of ICANN during her weekly video message on Monday, arguing that ICANN should seize the opportunity to become fully privatized later this year and that President Obama should support those efforts.
ICANN was started in 1998 out of a proposal from the National Telecommunications and Information Administration (NTIA), which is part of the US Department of Commerce (DOC). ICANN was meant to be a privatized, nonprofit organization that would help oversee the use of Internet domains. Throughout its history, however, ICANN has worked with the DOC on numerous issues, and the organization signed its most recent Memorandum of Understanding with the DOC in September of 2006.
As expected, the Windows 7 Release Candidate (build 7100) is now available to the public for download. The beta keys Microsoft gave out during the public beta will work just fine with this build. The RC is available in 32-bit and 64-bit flavors in English, French, German, Japanese, and Spanish.
This is different from the beta, which was available in English (32-bit and 64-bit), German (32-bit and 64-bit), Japanese (32-bit and 64-bit), Arabic (32-bit and 64-bit), and Hindi (32-bit). If you are already on the beta, Microsoft recommends a clean install of the RC build: the upgrade path is not supported. There are ways to get around this limit, but I also recommend that you backup all your data and do a clean install. Build 7100 will expire on June 1, 2010. However, starting on March 1, 2010, Windows 7 will begin shutting down every two hours.
Botnets aren't just dangerous because they can steal massive amounts of personal data and launch denial-of-service attacks—they can also self-destruct, leaving the owners of affected machines in the dust. The controllers of one such botnet recently hit the kill switch for one reason or another, taking down some 100,000 infected computers with it.
The Washington Post recently profiled the case of Zeus/Zbot—a software kit that sprung up in March that harvests financial and personal data from PCs through the use of a Trojan. Zeus, unlike many other malware programs, managed to make each installation appear different to virus trackers so that it would be more difficult to remove. But Zeus had another interesting feature—one that isn't terribly uncommon among botnet software, it turns out. A command was built into the software to kos—or "kill operating system"—and it was apparently executed some time last month.
Originally developed by the US Air Force in cooperation with Microsoft, the special XP set-up uses hardened Group Policy Objects (a technology in Microsoft's Active Directory) and images, which the Air Force used as the standard OS image for its desktop Windows machines.
The project evolved into the Federal Desktop Core Configuration (fdcc) recommendations maintained by US standards organisation NIST. Sys admins can download the configuration along with group policy objects.
University of California, Berkeley, officials said Friday that hackers infiltrated restricted computer databases, putting at risk health and other personal information on 160,000 students, alumni and others.
The university said data include Social Security numbers, birth dates, health insurance information and some medical records dating back to 1999. Personal medical records -- such as patient diagnoses, treatments and therapies -- were not compromised, officials said.
For the fourth straight year, researchers at the University of Glamorgan in Scotland have turned up surprisingly sensitive data -- including details of test-launch procedures for a U.S. defense missile -- by buying secondhand PCs.
Although the official data from this year's study has not yet been released, the research team, which included Edith Cowan University of Australia and BT, revealed some early results yesterday in news reports by the BBC and British television affiliates.
With all the hopes many in the FOSS community have pinned to the increasingly popular netbook, it's no great surprise that the topic is a contentious one. So, when the first Android netbook was spotted recently, excitement on the blogs went through the proverbial roof.
Computerworld's Seth Weintraub seems to have been the first to shine a spotlight on the Skytone Alpha 680, which was apparently announced a few weeks ago in Hong Kong.
One of the greatest strengths of the Firefox Web browser is its powerful extension system, which gives third-party developers the ability to expand the browser's capabilities. Although this extensibility delivers a lot of value to Firefox users, it also creates some thorny problems. The darker side of Firefox add-ons was exposed last week when a conflict between the developers of the two popular extensions got out of hand. The situation has compelled Mozilla to propose a policy change aimed at curbing bad behavior in add-ons.
Firefox's extension system is really just an officially supported mechanism for monkey-patching the browser. Extensions are not isolated or sandboxed. They are broadly permitted to manipulate the browser's behavior and user interface at will and can easily tamper with the functionality of other extensions. This approach to extensibility is a double-edged sword. Although it allows developers to create extremely useful extensions that can deeply integrate with virtually any aspect of Firefox, it simultaneously opens the door for troubling security problems and compatibility issues.
I'm confused by #6 - you talk about the UK "assisting" ISPs to protect data and then the article is about bills in the US "to protect federal networks and electric power grids" ?Crap, I used the right heading with the wrong quote and link, sorry. Real article here.-tomos (May 03, 2009, 12:05 PM)
5. Am I missing the point here?You're correct. However, this defense was made in response to the prosecutions assertion that TPB provided a convenient way to search for torrents. This argument as used only to counter that specific claim.
Surely the difference is that TPB actually provides the torrent files that enable the downloading of the copyrighted material, (although from what I remember reading of all this, the torrent files themselves aren't illegal since they're only hash values and pointers not actually copyrighted data).
Whereas Google doesn't host anything, they merely point to a site that does.-4wd (May 03, 2009, 07:24 PM)
Those links don't seem to work here. Perhaps the "&key=blabla" part is bound to cookies, session, ip or something?I block cookies, so it can't be that... I'll work on it when i get to work.-f0dder (May 03, 2009, 04:02 PM)
