Recent Posts
| Hi all. Happy New Year everyone  Enjoy the news.As usual, you can find last week's news here. |
Using computing power from a cluster of 200 PS3 game consoles and about $700 in test digital certificates, a group of hackers in the U.S. and Europe have found a way to target a known weakness in the MD5 algorithm to create a rogue Certification Authority (CA), a breakthrough that allows the forging of certificates that are fully trusted by all modern Web browsers.
The research, which will be presented today by Alex Sotirov (top left) and Jacob Appelbaum (bottom left) at the 25C3 conference in Germany, effectively defeats the way modern Web browsers trust secure Web sites and provides a way for attackers to conduct phishing attacks that are virtually undetectable.
Lockheed Martin and Boeing, the world's biggest defense companies, are deploying forces and resources to a new battlefield: cyberspace.
The military contractors, eager to capture a share of a market that may reach $11 billion in 2013, have formed business units to tap increased spending to protect U.S. government computers from attack.
Boeing set up its Cyber Solutions division in August "because of a realization by the company that it's a very serious threat," said Barbara Fast, vice president of the unit.
Security researchers have uncovered weaknesses in low-assurance digital certificates that create a means for miscreants to mount more convincing man-in-the-middle (MITM) attacks.
MITMs involve a hacker planting himself between two parties in a dialogue, relaying messages between them and effectively controlling the conversation. The approach might be used, for example, to trick a user into handing over online banking login credentials in the mistaken belief that they are talking directly to a financial institution.
Normally untrusted certificates from an unknown issuer are used by fraudster sites in these kind of scenarios. This would generate error messages or warnings that flag up possible problems, at least to the more internet-savvy.
Conversations relayed through cordless household phones might be far easier to snoop upon than previously suspected.
A new attack against phones based on DECT (Digital Enhanced Cordless Telecommunication) technology - demonstrated during the Chaos Communication Congress in Berlin earlier this week - might be carried out cheaply using off-the-shelf kit, together with a little know-how. A modified $30 VoIP laptop card running on a Linux portable were used to demonstrate the attack, which relies on using specially outfitted equipment to impersonate legitimate wireless base stations.
Researchers reckon a security bug in Windows Media Player creates a means for hackers to inject hostile code onto vulnerable systems. However Microsoft has denied this, saying that the bug only creates a means to crash the software without posing a more damaging security risk.
The WMP integer overflow bug reportedly kicks in when the media player attempts to process maliciously constructed WAV, SND, or MIDI files. Security researchers have created proof of concept code demonstrating the vulnerability, the SANS Institute's Internet Storm Centre reports.
The FBI today challenged anyone in the online community to break a cipher code on its site. The code was created by FBI cryptanalysts. The bureau invited hackers to a similar code-cracking challenge last year and got tens of thousands of responses it said.
A contentious proposal to create a massive database of communications metadata in the United Kingdom has just become even more controversial. According to reports in the British press, a "consultation paper" laying out the plan, slated for release in January, contemplates outsourcing the maintenance of the database to private-sector firms. The proposal has already come under fire from civil liberties groups, the European human rights commissioner, and former public officials.
Initially included in Britain's Communications Data Bill as part of a sweeping Interception Modernisation Programme, the surveillance proposal was dropped from the legislation in September, but it was not abandoned. The database is projected to cost some £12 billion ($17.5 billion US), and would contain metadata about every phone call placed, every e-mail or text message sent, and every Web site visited in the UK, reports say. Such "metadata" would include routing information, such as the sender and recipient of an e-mail, as well as times and dates.
On the night before Christmas, the Federal Communications Commission proposed rules that would let some full-power TV stations continue streaming a bare-bones analog signal for 30 days after the DTV transition. The "Analog Nightlight" program will allow those stations to keep their analog broadcast going "for the limited purpose of providing public safety and digital transition information," the FCC says. Meanwhile a key member of the House of Representatives is warning Congress that it may need to rush more money to the government's analog converter set top box program.
The analog nightlight rule means that couch potatoes who, as of February 17, still haven't figured out that their old analog sets can't receive digital broadcasts won't be left completely in the dark. After that day, all full-power stations must go digital. The nightlight system will permit eligible full-power license holders to continue to broadcast emergency news and information in analog using both English and Spanish. They can also transmit information about the transition and where to get help—at for roughly a month after DTV Day.
The internet is awash with reports that the 30GB Zune is committing suicide across the planet. Not just one of them, either. It seems that some weird bug is simultaneously causing the music players to kill themselves, like lemmings leaping from a cliff.
While the Zune is a distant also-ran in the MP3 market, which is dominated by Apple's, the Microsoft-made device has gained critical approbation with its most recent, version 3.0 models, whose features are quite competitive with the iPod line. Many users appreciate the player's built-in FM radio and "Zune Social" features, which facilitate the communal sharing and discovery of new music.
Remember the days when VHS tapes were so ubiquitous that every video store you knew had the slogan, "Be kind, rewind?" We bring you this bit of pressing nostalgia not because VHS has suddenly slowed its long decline, but because the last distribution holdout for VHS tapes this week announced it's finally cutting the format from its inventory.
According to the Los Angeles Times, Distribution Video Audio in Burbank, Calif., shipped its final truckload of VHS tapes in October -- the last time it plans to make VHS shipments, and the last major VHS distributor in the country to do so.
I think Kartal should be President actually, he's way too paranoid to be an Honorary MemberWTF? I'm easily equally paranoid, shutup-4wd (January 01, 2009, 09:55 PM)
If you're going to deal with Google then at least deal with them on your terms and use Customize Google.I tried it and wasn't too impressed. Which features do you find most valuable?-4wd (January 01, 2009, 09:55 PM)
And tbh, if I have to watch ads, I'd rather have ads that might actually interest me - so yay google analytics.You're confusing adsense with the service Google provides to webmasters to analyze their traffic. That should be scary enough.-f0dder (August 22, 2008, 08:09 AM)
).You are so 11 minutes ago!Try 16 hours...He's so fired!HAPPY NEW YEARS DC!!!
« on: Today at 12:11:48 AM »
Just kidding. Happy new years!-Josh (December 31, 2008, 11:17 PM)
Fixed now, ty 9. Windows XP Allowed to Live AgainYou skipped the end of that quote tomos. Windows XP can be installed on netbooks and low cost machines until 2010, presumably because MS didn't want to loose that space to Linux as vista is far too resource hungry to be used on those types of machines.But now Microsoft has put in place a scheme that will allow the hardware firms to get hold of XP licences until 30 May 2009.-
Previously Microsoft extended XP's life until 2010
I presume the 2010 date was for support of xp - otherwise article contradicts self (I think)
-tomos (December 28, 2008, 09:21 AM)
| Hi all. Well guys, it's the end of another year. I hope you all had a wonderful Christmas (Giftmas for those in the know ) and will have a most enjoyable new year As usual, you can find last week's news here. |
You have arrived at the CastleCops website, which is currently offline. It has been our pleasure to investigate online crime and volunteer with our virtual family to assist with your computer needs and make the Internet a safer place. Unfortunately, all things come to an end. Keep up the good fight folks, for the spirit of this community lies within each of us. We are empowered to improve the safety and security of the Internet in our own way. Let us feel blessed for the impact we made and the relationships created.
With respect to the server marathon, by March 17 2009 CastleCops will refund contributions made through PayPal that were specifically designated for servers. Unfortunately, server donations made via check cannot be returned because we do not have the addresses for the donating entity. Unless instructed otherwise, CastleCops will re-allocate these funds as a donation to the Internet Systems Consortium (ISC.org). This organization sponsored our hosting environment for approximately the past 2 years. Please contact us [cc at laudanski dot com] before March 17, 2009, if you would like a return of your server marathon donation. Otherwise, we would like to thank the ISC for their unfettered support.
A trio of Massachusetts Institute of Technology students who found a way to hack into the Boston subway system's payment cards have agreed to partner with transit officials there to make the system more secure. The Electronic Frontier Foundation announced the agreement Monday, two months after the Massachusetts Bay Transportation Authority dropped a lawsuit against the students, who were represented for free by the EFF, a civil-liberties group that frequently takes up cases involving security researchers and computer hackers.
The transit agency had sued to stop the students from presenting findings at a computer-security conference.
The students - Zack Anderson, R.J. Ryan and Alessandro Chiesa - have argued all along they were trying to help the MBTA by giving it advance notice of their planned talk last summer and keeping specific details of their hack secret.
Microsoft came clean and admitted its SQL Server database software is vulnerable to code injection attacks. It's not a new flaw but the same bug in the database software that emerged around the time of Microsoft's monthly Patch Tuesday update earlier this month.
In an advisory, Redmond's security gnomes confirmed that code has been produced that exploits a security bug affecting Microsoft SQL Server 2000, Microsoft SQL Server 2005 and Windows Internal Database, in certain configurations.
URL redirect notifications are often meant to serve as security measures, but at least one malware blackhat is exploiting these services and redirecting site visitors from the website they think they are about to visit to a spyware-infested haven. That's bad enough on its own, but the as-yet-unknown assailant has also used search engine optimizations to push the polluted redirectors higher in Google's search rankings.
Part of the problem—a significant part—is that many companies/websites use open redirects that will cheerfully redirect incoming traffic to whatever URL they're asked to send it to, even if that traffic didn't originate within the host site. When MySpace or Microsoft inform you that you're about to be redirected off their site, they don't perform any sort of check to see if that's a good place for you to be going.
Mozilla has told Firefox users that it will no longer be updating version 2 of the browser and they should upgrade to version 3 right away. The warning came alongside a security update patching ten problems, four of them critical.
The critical problems involve cross-site scripting. That’s a serious concern as it allows the unauthorized transfer of data that a user sends to one site (such as a legitimate online bank) to another site (such as one used by hackers to harvest information).
In a stunning turn of events, the US music industry has ceased its long-time litigation strategy of suing individual P2P file-swappers. Instead, with New York Attorney General Andrew Cuomo acting as a broker, the RIAA has signed voluntary "graduated response" agreements with major Internet service providers. Those currently on the receiving end of an RIAA lawsuit, though, will have to see it through to the (very) bitter end.
When you think of Wikileaks, things like government secrets and Sarah Palin's private e-mail come to mind. However, there's a decent amount of technology-related information on the site as well. The fact that it's nearly impossible to get content removed from Wikileaks could lead to its use as a haven for controversial technology projects, too. It turns out that the code related to the iPodhash project was posted to Wikileaks shortly after the project's BluWiki page was taken down in response to a legal notice from Apple's lawyers.
The project received a DMCA anticircumvention notice in the middle of November, and operator of BluWiki removed the content that Apple didn't like until the legal notice could be scrutinized. Since then, the Electronic Frontier Foundation has agreed to represent iPodhash, and the project's owner has come forward with a few comments, but the original project information is still unavailable, as the various legal machinations continue. Just a few days after the takedown notice was received, however, the code generated by iPodhash thus far was posted to Wikileaks, once again making the information publicly available.
Australia's Minister of Broadband, Communications, and the Digital Economy (BCDE), Stephen Conroy, appears to have recognized that his country's plan to install mandatory content filters at the ISP level is causing a public backlash. Conroy has set up several FAQs that describe the program in detail, and has even started defending the program on the departmental blog. But neither the backlash nor an apparent lack of preparation will stop him from putting the system in operation, as live tests on Internet traffic are set to begin any day now—even though the ISPs that want to participate aren't sure what's happening.
First, the practicalities. Initial lab tests of web filtering equipment suggested that the current generation of hardware had appreciable rates of false positives (filtering legal content) and false negatives (allowing illegal content through), and several models caused severe degradation of the network's performance. This isn't much of a surprise; as we described in detail, filtering content is a difficult challenge. The Australian government's own FAQ also recognizes that anyone with sufficient technical expertise can also evade the filters.
The cut off date for PC makers to obtain licenses for the software was 31 January 2009.
But now Microsoft has put in place a scheme that will allow the hardware firms to get hold of XP licences until 30 May 2009.
Previously Microsoft extended XP's life until 2010 - provided it was installed on netbooks and low-cost laptops.
The European Union's huge digital library Europeana, which crashed last month just hours after its launch, is back online.
The website's server capacity has been quadrupled to cope with demand, European Commission spokesman Martin Selmayr told reporters.
But the homepage - at www.europeana.eu - warns that "the user experience may not be optimal in this test phase".
The site gives multilingual access to cultural collections across the EU.
The world's smallest snake, a prehistoric ant and microbes that may be 120,000 years old: These are just a few of the species revealed to the world in the last 12 months.
With animals going extinct at rates unseen since the dinosaurs disappeared, it's nice to be reminded that some species haven't even been discovered.
As Smithsonian Institute ornithologist Brian Schmidt said after finding the olive-backed forest robin: "It is definitely a reminder that the world still holds surprises for us."
In 2008, scientists turned on the Large Hadron Collider without ending the world as some had feared, but they did not come up with a cure for foot-in-mouth disease.
In fact, the disease led quite a healthy existence this year, thanks in part to the never-ending presidential campaign.
But Yahoo CEO Jerry Yang topped all political gaffes to become this year's winner (or biggest loser) for his comments defending his decision to turn down Microsoft's $44 billion offer for the perpetually lost-in-the-woods troubled internet venture....
Very interesting, you're right. I wonder how that's supposed to work :S3690 hits to Mouse Man's 77000. I've got some catching up to do
Ehtyar.-Ehtyar (December 26, 2008, 07:28 PM)
This is what I get
Results 1 - 10 of about 73,300 from donationcoder.com for mouser, and
Results 1 - 10 of about 3,730 from donationcoder.com for Ehtyar
Did you search through google.com.au maybe? I get slightly different results when doing the search from google.com.hk page.-PhilB66 (December 26, 2008, 08:25 PM)
, f0dder.jslibs - zlib, SQLite, NSPR, ode, libpng, libjpeg, libffi, (...) libraries for SpiderMonkey-ewemoa (December 23, 2008, 02:00 PM)
TriXUL - XML-based GUI toolkit embeds SpiderMonkey, using JavaScript to implement logic behind its GUI, supporting calls from JavaScript to C++ objects.-ewemoa (December 23, 2008, 02:00 PM)
