topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday November 11, 2025, 6:22 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Recent Posts

Pages: prev1 ... 22 23 24 25 26 [27] 28 29 30 31 32 ... 50next
651
Living Room / Tech News Weekly: Edition 49
« Last post by Ehtyar on December 05, 2008, 05:48 PM »
The Weekly Tech News
TNWeekly01.gifHi all.
Well I've had the new button ready for a week now, but since Mouse Man has 'bigger fish to fry', it's not ready :( Sorry folks, I assure you I'll have beaten him into submission by next week ;)
As usual, you can find last week's news here.

1. New Windows Worm Builds Massive Botnet
Spoiler
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9121958
In followup to this story last week, it appears that Conficker.a/Downadup is being used by hackers to hijack themselves a fresh, new botnet.

The worm exploiting a critical Windows bug that Microsoft Corp. patched with an emergency fix in late October is being used to build a new botnet, a security researcher said today.

Ivan Macalintal, a senior research engineer with Trend Micro Inc., said that the worm, which his company has dubbed "Downad.a" -- it's called "Conficker.a" by Microsoft and "Downadup" by Symantec Corp. -- is a key component in a new botnet that criminals are creating.

"We think 500,000 is a ball park figure," said Macalintal when asked the size of the new botnet. "That's not as large as some, such as [the] Kraken [botnet], or Storm earlier, but it's still starting to grow."

2. Destructive Koobface Virus Turns Up On Facebook
Spoiler
http://www.reuters.com/article/newsOne/idUSTRE4B37LV20081204
It appears Koobface is still doing the rounds on Facebook, despite many-an-attempt to squish it.

Facebook's 120 million users are being targeted by a virus dubbed "Koobface" that uses the social network's messaging system to infect PCs, then tries to gather sensitive information such as credit card numbers.

It is the latest attack by hackers increasingly looking to prey on users of social networking sites.

"A few other viruses have tried to use Facebook in similar ways to propagate themselves," Facebook spokesman Barry Schnitt said in an e-mail. He said a "very small percentage of users" had been affected by these viruses.

3. U.K.'s DNA Database Violates Rights, Court Rules
Spoiler
http://news.cnet.com/8301-1009_3-10114304-83.html
Up till now, the UK has been keeping the DNA of suspected criminals on file. The European Court of Human Rights has ruled that this behavior breaches the human rights of those who's DNA is stored is stored as a suspect.

The DNA records of about 850,000 people could be wiped from the U.K.'s national database after the European Union ruled it breached human rights.

The European Court of Human Rights decision on Thursday means that the DNA details and possibly fingerprints of people suspected of a crime, but later cleared, could be removed.

The court found that in keeping the DNA details of people suspected of a crime the "state had overstepped any acceptable margin of appreciation."

4. New Trojan Targets Firefox, Masquerades As Greasemonkey
Spoiler
http://arstechnica.com/news.ars/post/20081205-new-trojan-targets-firefox-masquerades-as-greasemonkey.html
A Trojan targeting Firefox masquerades as Greasemonkey and will steal your login details for various websites and online services.

Firefox's broad support for plug-ins and extensions has always been a major feature of the browser, particularly back in the days of IE6. The the browser's enduring popularity has finally caught the eye of malware authors, as a trojan is now targeting Firefox specifically

BitDefender has identified this new bit of holiday cheer as Trojan.PWS.ChromeInject.A." The ChromeInject suffix is a bit puzzling, since this attack is supposedly Firefox-only, but we weren't able to find clarification on what it refers to. The trojan installs itself into Firefox's add-on directory, registers itself as Greasemonkey, and begins searching your hard drive for passwords, login details, your World of WarCraft account information, and your library card number.

5. EU: Judges Not Required for P2P Disconnections
Spoiler
http://arstechnica.com/journals/law.ars/2008/12/02/eu-judges-not-required-for-p2p-disconnections
The French have managed to convince the EU's Council of Ministers to strip the 138th amendment from its Telecom Packet, effectively permitting ISPs to cut users off without any judicial oversight or solid evidence.

With the French revving up their "graduated response" plan and the UK government leaning on rightsholders and ISPs to hash something out before 10 Downing Street gets involved, it's important to remember that the European Parliament has some strong opinions on the issue as well. Unfortunately for consumers, no one wants to hear them.

The EU is in the midst of major overhaul of telecom law. The so-called Telecom Packet passed Parliament a few months back, complete with amendments that tried to rein in some of the graduated response proposals. The big concern is that rightsholders and ISPs could become judge, jury, and executioner over someone's 'Net connection without proper avenues for appeal or solid standards of evidence. That concern led to the introduction of amendment 138, which required judicial oversight of the process.

6. Australia's Internet Filtering Too Ambitious, Doomed to Fail
Spoiler
http://arstechnica.com/news.ars/post/20081205-australias-internet-filtering-too-ambitious-doomed-to-fail.html
A succinct list of reasons why the Australian government will not be capable of managing their proposed Internet filter.

It's tough being a government these days; who has the energy to clean up the Internet after a hard day's work bailing out the financial sector? Not the Australian government, it seems. Rather than actually doing something about illegal content, they just make a list of it and tell ISPs to filter everything that's on the list. Sidestepping the murky political details and—for the moment—the civil liberties problems inherent in this approach, let's take a closer look at the technical aspects of such a plan.

In the Internet Service Provider Content Filtering Pilot Technical Testing Framework document, the Australian Government Department of Broadband Communications and the Digital Economy provides some details about what it wants ISPs to do in a pilot project. The main part is that ISPs who are interested in participating in the pilot will test solutions for filtering a list of at most 10,000 URLs on a blacklist maintained by the Australian Communications and Media Authority, a regulator not unlike the FCC. "Prohibited online content" includes what you would imagine, but also your garden variety porn (yes, the stuff they broadcast over the air on public TV in the Netherlands), and under special circumstances even R-rated movies. Filtering URLs on the ACMA blacklist is a mandatory part of the pilot, though additional filters that aren't clearly specified are optional.

7. Hackers Boot Linux On IPhone
Spoiler
http://news.cnet.com/8301-13579_3-10110018-37.html
Hackers have managed to get a copy of Linux running on the iPhone.This is an impressive step forward, though it's far from suitable for users.

A new front has opened in the ongoing arms race between Apple and iPhone hackers, with one hacker group making the iPhone boot with a Linux 2.6 kernel.

The announcement of the successful kernel porting was made on the Linux on the iPhone blog, complete with instructions and source code.

8. AT&T Starts Metered Billing Trial In Reno
Spoiler
http://www.dslreports.com/shownews/ATT-Starts-Metered-Billing-Trial-In-Reno-98856
AT&T have commenced trials of limiting their customers' monthly download capacity in Reno, Nevada.

Earlier this year, AT&T began laying the political and public relations groundwork for a shift toward metered billing, throwing comments to the press about how such a shift was "inevitable," while company lobbyists began dropping vague hints that a billing shift was coming. Last summer, executives at the company announced that the telco would be conducting a metered billing trial this fall. The time for that trial has arrived, and Broadband Reports has learned that Reno, Nevada will be the lucky first market. Last Friday, AT&T filed [a] ... notice with the FCC that confirms the nation's largest ISP will be conducting a metered billing trial in Reno.

9. New Domain to Be Web's Phone Book
Spoiler
http://news.bbc.co.uk/2/hi/technology/7761395.stm
The new .tel top level domain is to be used as a universal online phone book of sorts to enable a universal contact point for online corporations.

Called .tel, the domain is intended to act as a universal contact point rather than as a hook on which to hang websites.

Owners of .tel domains will be encouraged to populate it with details about how they can be contacted.

The domain is designed to work on the web and with mobile phones such as the Apple iPhone and Blackberry.

10. Biz Travelers Howl Over US Gov RFIDs
Spoiler
http://www.theregister.co.uk/2008/12/01/rfid_scanning_under_fire/
In followup to this story from last week's news, several organizations have spoken out against the US government's use of long range RFID scanners at border crossings.

A travel industry group has called on the US government to halt its use of new machinery that remotely reads government issued identification cards at border crossings until the safety of the new system can be better understood.

Monday's call by the Association of Corporate Travel Executives (ACTE) follows similar requests by a chorus of civil liberties and computer researchers. They warn that use of the new long-range radio frequency identification (RFID) scanners could jeopardize the privacy and security of people who pass through US borders.

11. Online Payment Site Hijacked by Notorious Crime Gang
Spoiler
http://www.theregister.co.uk/2008/12/03/checkfree_hijacked/
A popular online payment website, checkfree.com, had two of their domains temporarily hijacked by malware distributers for an unknown period of time.

Online payment service CheckFree lost control of at least two of its domains on Tuesday in an attack that sent customers to servers run by a notorious crime gang believed to be based in Eastern Europe.

Reg reader Richard D. reported receiving a bogus secure sockets layer certificate when attempting to log in to his Mycheckfree.com account early Tuesday morning. On further examination, he discovered the site was mapping to 91.203.92.63. To confirm the redirection was an internet-wide problem, he checked the site using a server in another part of the US and got the same result.

12. Nasa Delays Its Next Mars Mission
Spoiler
http://news.bbc.co.uk/2/hi/science/nature/7765818.stm
NASA has been forced to delay its next mission to Mars due to testing and hardware issues surrounding new technology to be used on its next mission.

MSL was scheduled to fly next year, but the mission has been dogged by testing and hardware problems.

The rover's launch would now be postponed until late 2011, agency officials said.

The mission is using innovative technologies to explore whether microbial life could ever have existed on the Red Planet.

13. Sony Emulates Nintendo's Wii With New Controller
Spoiler
http://www.infopackets.com/news/gaming/ps3/2008/20081114_sony_emulates_nintendos_wii_with_new_controller.htm
Sony is developing a new controller for its Playstation platform that is similar in operation to Nintendo's 'Wiimote'.

It's a topic that has long been debated by video game aficionados all over the world: which features make for a better system: the pristine graphics of the Sony PlayStation 3 or the motion-sensitive game play of the Nintendo Wii? If Sony is successful in patenting their new controller concept, they just may be able to sway undecided consumers towards the PS3.

If you can't beat them, join them!

The idea will be to stray away from the traditional "Dual Shock" solid controller, opting instead to introduce a controller that resembles two ice-cream cones attached side-by-side. The controllers would be able to break-apart to maximize the look and feel of what is quickly becoming the next generation of game play control.


Ehtyar.
652
General Software Discussion / Re: What's on your flash drive?
« Last post by Ehtyar on December 05, 2008, 05:52 AM »
Haha ewemoa, I could almost copy your list verbatim. Here are a few of mine missing from your list:
  • InfraRecorder (instead of ImgBurn)
  • Perl
  • Notepad++
  • XMPlay/Winamp
  • Process Explorer
  • PeaZip
  • Sunbird
  • SIW
  • Autoruns
  • FileZilla
  • FDM
  • KiTTY/Putty
  • wget
  • Windows Privacy Tray
  • SumatraPDF
  • Code::Blocks
  • PellesC
  • SharpDevelop
  • OllyDbg
  • HxD
  • SVN
  • MinGW
  • ChatZilla
  • Thunderbird w/ Lightning
  • Apache/MySQL
OK so i got a little carried away, so sue me :P

Ehtyar.
653
N.A.N.Y. 2009 / Re: NANY 2009 Release: Tree List
« Last post by Ehtyar on December 05, 2008, 05:19 AM »
Terrific. The hierarchical functionality is what's missing from JustDoIt IMO.

Ehtyar.
654
General Software Discussion / Re: Opera 10.0 Alpha 1
« Last post by Ehtyar on December 05, 2008, 05:16 AM »
A closed source browser...nuff said.

Ehtyar.
655
Site/Forum Features / Re: Longtime DC Member JoTo is in hospital again -- address for sending postcards
« Last post by Ehtyar on December 04, 2008, 11:49 PM »
Got some Aussie post-cards on my lunch break. Will send one over the w/end. Hope he's doing OK.

Ehtyar.
656
Older Newsletters / Re: --> Newsletter for December 1 - Codename "Winter Wondercode"
« Last post by Ehtyar on December 04, 2008, 01:41 PM »
Ugh, bring on the winter. White Christmases are so much better :(

Ehtyar.
657
General Software Discussion / Re: Best App to save whole webpage AND its linked pages?
« Last post by Ehtyar on December 02, 2008, 11:10 PM »
I'm surprised no one has mentioned wget (windows only link)*cough*gui fanbois*cough* :P
It is capable of recursive retrival.
Though for the GUI fanbois, I would definately recommend HTTrack. Very impressive for FOSS.

Ehtyar.
658
Living Room / Re: Tech News Weekly: Edition 48
« Last post by Ehtyar on December 01, 2008, 12:15 AM »
On a lighter note:
but if all else fails, try this ;)
-Ehtyar (November 29, 2008, 10:38 PM)
;D
I didn't know that site existed
-city_zen (November 30, 2008, 09:33 PM)
Got it from a co-worker last week, been dying to use it :P

Ehtyar.
659
Living Room / Re: Tech News Weekly: Edition 48
« Last post by Ehtyar on November 30, 2008, 04:40 AM »
#6: Great until the bad guys can fake the messages to kill computers. 8)
-Deozaan (November 29, 2008, 10:07 PM)
Haha, that I didn't think of  :Thmbsup:
-Ehtyar (November 29, 2008, 10:38 PM)

first thing I thought too - are we especially paranoid Deo or just realistic ... :-\

thanks as ever Ethyar, nice new avatar too!
-tomos (November 30, 2008, 04:05 AM)
Oh no, I hope this isn't grounds to kick me out of the tin-foil-hat brigade :o Please, at least I mentioned the possibility of it being hacked, have mercy  ;)

Thanks for the compliment tomos, I think I might start a thread about favorite fractals or something, because these are REALLY worth seeing.

Ehtyar.
660
Living Room / Re: Tech News Weekly: Edition 48
« Last post by Ehtyar on November 29, 2008, 10:38 PM »
#4: What is MS08-067? :huh:
-Deozaan (November 29, 2008, 10:07 PM)
I post links to previous stories for a reason Deo , but if all else fails, try this ;)
#6: Great until the bad guys can fake the messages to kill computers. 8)
-Deozaan (November 29, 2008, 10:07 PM)
Haha, that I didn't think of  :Thmbsup:
#7: Awesome! I want to have to pay 5 cents for text messages every time I want to log in to PayPal! :down:
-Deozaan (November 29, 2008, 10:07 PM)
Well they can't seem to organise proper security on their commission.. :P

Ehtyar.
661
Living Room / Tech News Weekly: Edition 48
« Last post by Ehtyar on November 29, 2008, 05:48 AM »
The Weekly Tech News
TNWeekly01.gifHi all.
My apologies for getting a little carried away last week folks, this week should be more of a 'summary' as these things are intended to be. Perhaps if people have an opinion on what the minimum and maximum number of articles included should be they could let me know in a reply.
I'm afraid I haven't gotten around to getting code out to Mouse Man for the 'Expand All' button. If I get it done before next week's news and we can actually implement it I'll add it here.
As usual, you can find last week's news here.

1. Facebook Wins Record $873m Fine Against Smut Spammer
Spoiler
http://www.theregister.co.uk/2008/11/25/facebook_spam_lawsuit/
Facebook have won a lawsuit worth $837 million against a Canadian accused of hacking into users' accounts and spamming from them.

Facebook has won a $873m judgment against a Canadian sued for spamming users of the social networking site with "sexually explicit" messages after hacking into the profiles of its members.

Adam Guerbuez, of Montreal, who runs Atlantis Blue Capital and Ballervision.com, was ordered to pay exemplary damages by US District Judge Jeremy Fogel last Friday. Guerbuez did not contest the case, which also resulted in an injunction against him that effectively prevents him from accessing Facebook for any reason ever again.

2. Security Breach Gives PayPal Phish the Personal Touch
Spoiler
http://www.theregister.co.uk/2008/11/24/pamela_security_breach/
A breach of user information held by Pamela Systems has given rise to a personalized phishing scam against users of the Pamela Skype addon.

Skype users who use a piece of software dubbed Pamela to manage their online phone accounts should be on the lookout for customized phishing attacks following revelations that one or more user databases containing names and email addresses have been breached.

The attack, which took place last week, has already led to one phishing campaign that calls recipients by their real names and then tries to trick them into turning over personal information. That added personal touch could throw some users off guard because most phishing emails address their marks by generic terms such as "Dear PayPal User."

3. Unofficial Fix Issued for Vista Networking Flaw
Spoiler
http://www.securityfocus.com/archive/1/498471
For the more technically inclined: http://www.securityfocus.com/archive/1/498471
Calls to a user mode API in Vista Ultimate and Enterprise can lead to kernel mode memory corruption, potentially causing a blue screen or remote code execution in kernel mode. Microsoft has not issued at time of writing, though the researchers that made the discovery have released a modified version of the vulnerable library that fixes the issue.

A system-crashing bug with potential malware implications has been uncovered in Vista. But a fix for the vulnerability, which revolves around flaws in the operating system's network stack, may have to wait until the next service pack.

The TCP/IP stack buffer overflow was discovered by security researchers at Austrian firewall firm Phion in October. Details of the flaw, which also creates a potential mechanism to inject hostile code into vulnerable systems, were disclosed in a posting to BugTraq on Friday.

4. More MS08-067 Exploits
Spoiler
http://blogs.technet.com/mmpc/archive/2008/11/25/more-ms08-067-exploits.aspx
In followup to: https://www.donationcoder.com/forum/index.php?topic=15476.0#post_Microsoft_Issue_OutOfBand_Security_Patch
For the more technically inclined: http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99&tabid=2
An exploit for MS08-067 is running rampant over the internet according to Microsoft itself.

As expected, we are seeing another wave of attacks exploiting the vulnerability detailed in security bulletin MS08-067.

Early last week we blogged about MS08-067 exploits. At that time, the number of exploits in the wild was still low and they were mostly targeted attacks. However, during the weekend we started receiving customer reports for new malware that exploits this vulnerability. During the last two days that malware gained momentum and as a result we see an increased support call volume. The SHA1 hash of the malware is 0x5815B13044FC9248BF7C2DBA771F0E6496D9E536 and we detect it as Worm:Win32/Conficker.A.

5. Judge Says BU Can't Turn Over Infringers' IPs in P2P Case
Spoiler
http://arstechnica.com/news.ars/post/20081126-judge-says-bu-cant-turn-over-infringers-ips-in-p2p-case.html
A sane judge on on a copyright infringement case? Who knew...

The music industry's requests for more personal information regarding the identity of several accused file-sharers have been shot down by a federal judge. Judge Nancy Gertner quashed a subpoena this week in the infamous London-Sire v. Does 1-4 case, saying that the IP addresses of three anonymous Boston University students could not be handed over because the university had "adequately demonstrated that it is not able to identify the alleged infringers with a reasonable degree of technical certainty."

The legal system has been chipping away at the London-Sire case all year, starting this spring when Judge Gertner said that making files available on a P2P network does not equal copyright infringement. At that time, she also noted that IP addresses can't always be traced to a particular individual and that, if Boston University were compelled to turn over a list of possible infringers, it could give a green light to RIAA fishing expeditions.

6. Key Molecule for Life Found in Habitable Region of the Galaxy
Spoiler
http://blog.wired.com/wiredscience/2008/11/sugar-molecule.html
An important molecule linked to the origin of life has been discovered in a region of The Milky Way.

A sugar molecule linked to the origin of life was discovered in a potentially habitable region of our galaxy.

The molecule, called glycolaldehyde, was spotted in a large star-forming area of space around 26,000 light-years from Earth in the less-chaotic outer regions of the Milky Way. This suggests the sugar could be common across the universe, which is good news for extraterrestrial-life seekers.

7. Lenovo Kills Notebooks With a Text Message
Spoiler
http://www.tgdaily.com/html_tmp/content-view-40351-108.html
Lenovo's next generation of Thinkpad notebooks will permit its owner to disable the 3G-enabled unit via text message. I wonder how long until this gets cracked...

As notebook theft is becoming an increasingly important topic in the IT world, we are now seeing innovative solution to protect users and corporations from data theft almost on a weekly basis. One of the most interesting and potentially most effective solutions was announced by Lenovo this morning.

A new feature that is expected to become available in Q1 2009 for select Thinkpad laptops will allow notebook owners to disable a notebook with a text message that is sent to a 3G-enabled system via a cellular network. The lockdown will happen immediately if a notebook is turned on or, when it is turned off, the next time the system signs on to a cellular network. To reactivate the disabled PC, a user needs to enter a pre-set passcode created during notebook startup.

8. Another Layer of Security for PayPal Accounts
Spoiler
http://www.net-security.org/secworld.php?id=6768
Paypal users now have access to another layer of security with the option of receiving a security code as a text message prior to logging in.

PayPal announced a new way for members to add even more security to their PayPal accounts using their mobile phones. Customers can now choose to receive a unique six-digit security code via text message to their mobile phones prior to logging in to their accounts.

The PayPal SMS Security Key adds another layer of protection to PayPal accounts and uses the same security infrastructure as the PayPal Security Key, which generates a unique security code approximately every 30 seconds on a small electronic token. Members receive this code to their phones or tokens, and use the codes along with their usernames and passwords to sign in to their accounts.

9. New Machines Scan IDs at Border Crossings
Spoiler
http://www.usatoday.com/tech/news/computersecurity/2008-11-23-passport-chips_N.htm?csp=34
Machines are in use at several US border crossing stations that permit border security agents to read information stored in RFID-enabled government documentation.

Agents along the Canada and Mexico borders are using a controversial new machine that can "read" the personal information contained in some government-issued ID cards — such as passports and driver's licenses — as travelers approach a checkpoint.

The Homeland Security Department says the new practice will tighten security and speed the flow of traffic. Privacy advocates say the technology could make Americans less secure because terrorists or other criminals may be able to steal the personal information off the ID cards remotely.


Ehtyar.
662
Living Room / Re: A fork in the road - dangers of web services
« Last post by Ehtyar on November 25, 2008, 02:04 PM »
It isn't just free web-services either - what is to stop paid for services being sold and shut down? It has happened a lot to software titles - but at least you keep the version you have paid for - with a web service you get to keep nothing.
-Carol Haynes (November 25, 2008, 05:57 AM)
I was going to say just the same thing after reading Mouse Man's post.
I'm too paranoid to have my data held on someone else's server, anyway...
-Darwin (November 25, 2008, 12:11 PM)
More power to the tin-foil-hat brigade!!

Ehtyar.
663
Living Room / Re: Tech News Weekly: Edition 47
« Last post by Ehtyar on November 25, 2008, 03:06 AM »
mouser: the links can make sense if people use them in posts like this:

On 22: Now that's what I call latency :)
-jgpaiva (November 22, 2008, 03:58 PM)
Well thank god SOMEONE finally figured out what they're for. They're scripted, so it's more work to remove them than to keep adding them; if you don't like them don't use them.
I'd like to add a button at the top to expand all the news articles in one go to cater for those who prefer the full layout. Mouse Man, I'll try to get some code to you prior to next week's news.
On 22: Too bad they can't implement it on product support personnel, maybe then you'd be guaranteed of a reply.
-4wd (November 24, 2008, 01:30 AM)
ROFL, <3 4wd.

Ehtyar.
664
N.A.N.Y. 2009 / Re: NANY 2009 Intro
« Last post by Ehtyar on November 23, 2008, 04:57 AM »
 :(

Ehtyar.
665
Living Room / Tech News Weekly: Edition 47
« Last post by Ehtyar on November 21, 2008, 10:23 PM »
The Weekly Tech News
TNWeekly01.gifHi all.
No meta-news this week.
As usual, you can find last week's news here.

1. E-mails Show How Intel Benefited from Vista Capable Changes (Thanks 40hz)
Spoiler
http://arstechnica.com/news.ars/post/20081117-e-mails-show-how-intel-benefited-from-vista-capable-changes.html
It seems Wintel is still truly alive and kicking. Documents have been produced in the "Vista Capable" lawsuit against Microsoft showing that Intel was the sole beneficiary in some of the decisions made about the campaign.

A federal court judge recently unsealed a fresh batch of documents pertaining to the ongoing Vista Capable lawsuit, including two recent filings by both the plaintiff (Diane L. Kelley, et al) and defendant (Microsoft). The first filing, on behalf of Diane L. Kelley, begins by stepping through what we learned from the bevy of internal emails Microsoft was forced to release earlier this year. Plaintiffs allege that Microsoft's behavior as it regards the use of the "Vista Capable" designation constitutes an unfair and deceptive practice, and request summary judgment on this point. Microsoft's filing addresses a somewhat different matter, and requests a protective order from the court that would relieve the company of the obligation to produce CEO Steve Ballmer for deposition.

2. Big Guns Come Out In Effort To Show RIAA's Lawsuits Are Unconstitutional
Spoiler
http://techdirt.com/articles/20081030/0203582685.shtml
Some VERY interesting material on how the legal heavyweights are finally getting involved in RIAA lawsuits...and may actually succeed in proving that much of the RIAA's backing is in fact unconstitutional.

People have been submitting this story nonstop, but I wanted to take some time to read the details before commenting on it. It's not the first time that folks have argued that the damages sought by the RIAA in various lawsuits against file sharers are unconstitutional. However, the few times it's been brought up in court, the arguments haven't been persuasive. However, this time around, it looks like the big legal guns are getting involved, and the argument seems a lot more comprehensive and compelling.

In the past, it's been noted that the RIAA has curiously avoided suing any Harvard students, with one of the theories being that Harvard had made it quite clear to the RIAA that it would fight back hard. And, with Harvard law school at its disposal, and various professors there indicating that they had serious legal problems with the RIAA's strategy, the RIAA simply decided to ignore any file sharing going on at that prestigious university.

3. Secret German IP Addresses Leaked
Spoiler
http://wikileaks.org/wiki/German_Secret_Intelligence_Service_(BND)_T-Systems_network_assignments,_13_Nov_2008
Via: http://www.schneier.com/blog/archives/2008/11/secret_german_i.html
A document has been fed to Wikileaks detailing several IP address ranges allegedly held by German intelligence agency Bundesnachrichtendienst (BND). There is some proof it is legitimate.

The PDF document holds a single paged scan of an internally distributed mail from German telecommunications company T-Systems (Deutsche Telekom), revealing over two dozen secret IP address ranges in use by the German intelligence service Bundesnachrichtendienst (BND). Independent evidence shows that the claim is almost certainly true and the document itself has been verified by a demand letter from T-systems to Wikileaks.

4. Online Age Verification for Children Brings Privacy Worries
Spoiler
http://www.nytimes.com/2008/11/16/business/16ping.html?_r=1&oref=slogin
An interesting essay on one potential avenue for misuse of online age verification technology.

Child-safety activists charge that some of the age-verification firms want to help Internet companies tailor ads for children. They say these firms are substituting one exaggerated threat — the menace of online sex predators — with a far more pervasive danger from online marketers like junk food and toy companies that will rush to advertise to children if they are told revealing details about the users.

“It’s particularly upsetting,” said Nancy Willard, an expert on Internet safety who has raised concerns about age verification on her Web site over the last month. “Age verification companies are selling parents on the premise that they can protect the safety of children online, and then they are using this information for market profiling and targeted advertising.”

5. Lego Safe is Ultra Secure
Spoiler
http://www.slipperybrick.com/2008/11/legos-safe/
Video: http://au.youtube.com/watch?v=XjWt4O4bSjQ
An awfully fun way to spend ones cody-currency.

You might think that a Lego safe would be easy to open. Maybe just remove a few bricks and you’re in. But that’s not the case with this thing, the cutting edge of Lego safe technology. The safe weighs 14 pounds and has a motion detecting alarm so it can’t be moved without creating a huge ruckus.

The lock takes five double digit codes to open it. That translates into over 305 billion different combinations. It even boasts an electronic status display showing the numbers as you turn the combination dials. When you enter the combination, the door electronically opens itself. It’s a great place to store all of your valuable geek stuff.

6. Microsoft Kills OneCare, Replaces It With Freebie 'Morro'
Spoiler
http://blogs.zdnet.com/security/?p=2190&tag=nl.e589
Discussion started by Carol Haynes: https://www.donationcoder.com/forum/index.php?topic=15803.0
Microsoft have decided to drop their Microsoft OneCare subscript in mid-2009 and replace it with a free anti-virus suite.

Microsoft today announced plans to kill its Windows Live OneCare PC care and security suite and replace it with a free anti-malware utility.

The new product, code-named “Morro,” will be designed for a smaller footprint that will use fewer computing resources, making it ideal for low-bandwidth scenarios or less powerful PCs, Microsoft said its surprise announcement.

7. Under Worm Assault, Military Bans Disks, USB Drives
Spoiler
http://blog.wired.com/defense/2008/11/army-bans-usb-d.html
The US Military has banned the use of removable storage on it's classied and unclassified networks in an attempt to stop the spread of a worm that has infected their computer systems.

The Defense Department's geeks are spooked by a rapidly spreading worm crawling across their networks. So they've suspended the use of so-called thumb drives, CDs, flash media cards, and all other removable data storage devices from their nets, to try to keep the worm from multiplying any further.

The ban comes from the commander of U.S. Strategic Command, according to an internal Army e-mail. It applies to both the secret SIPR and unclassified NIPR nets. The suspension, which includes everything from external hard drives to "floppy disks," is supposed to take effect "immediately." Similar notices went out to the other military services.

8. Dead Network Provider Arms Rustock Botnet from the Hereafter
Spoiler
http://www.theregister.co.uk/2008/11/18/short_mccolo_resurrection/
http://www.networkworld.com/news/2008/111708-dodgy-isp-briefly-comes-online.html
In followup from this story in last week's news, ISP McColo briefly returned from the dead thanks to a backup arrangement with another ISP in order to allow its client to transfer control of botnets and such to new ISPs.

McColo, a network provider that was yanked offline following reports it enabled more than half the world's spam, briefly returned from the dead over the weekend so it could hand-off command and control channels to a new source, security researchers said.

The rogue network provider regained connectivity for about 12 hours on Saturday by making use of a backup arrangement it had with Swedish internet service provider TeliaSonera. During that time, McColo was observed pushing as much as 15MB of data per second to servers located in Russia, according to Paul Ferguson, a security researcher for anti-virus software maker Trend Micro.

9. E-gold Directors Avoid Jail
Spoiler
http://www.theregister.co.uk/2008/11/21/e_gold_sentencing/
The top-knobs of notorious online money transfer firm E-Gold have escaped jail after a District Court Judge took leniency on them when she found they had not intentionally serviced criminals.

Three directors of digital currency firm e-gold avoided a spell behind bars on Thursday after earlier pleading guilty to offences for money laundering and running an unlicensed money transfer business.

The three directors, along with the e-gold company itself and parent firm Gold & Silver Reserve, were charged in April 2007 with becoming a clearing house for child pornography payments and investment scams. Prosecutors charged that slack-shod verification meant the service had become a banker to cybercrooks. After initially disputing the charges the defendants pleaded guilty in July 2008.

10. Phisher-besieged PayPal Sends Users Faux Log-in Page
Spoiler
http://www.theregister.co.uk/2008/11/20/paypay_hyperlink_snafu/
PayPal have been sending customers emails directing them to an incorrect login URL possibly for as long as two months.

PayPal, the online payment service that is a major target of phishers, has been caught sending customer emails that confuse its own login page with a third-party landing site that offers spyware protection and a bevy of other products.

The faux hyperlink to secure.uninitialized.real.error.com was included in official emails PayPal sent to customers to confirm recent payments. PayPal advertised it as the official address to log in to the service. Recipients who configured their systems to read email as HTML wouldn't notice the link was incorrect unless they were paying close attention.

11. PC Virus Forces Three London Hospitals Into Computer Shutdown
Spoiler
http://www.theregister.co.uk/2008/11/18/london_hospital_malware_shutdown/
Three London hosptals had their computer system shutdown when it became apparent they were infected with malware. The systems have since returned and there is no indication any information on them was exposed.

Three London Hospitals shut down their computer systems on Tuesday in response to a computer virus infection.

Infection by the Mytob worm sparked the emergency response, involving St Bartholomew's (Barts) the Royal London Hospital in Whitechapel and The London Chest Hospital in Bethnal Green. The three hospitals are members of the Barts and The London NHS Trust.

12. Lame Mac Trojan Limps Into View
Spoiler
http://www.theregister.co.uk/2008/11/19/mac_trojan/
Look out folks, believe it or not MACs might actually be becoming popular enough to have their own trojans, however ineffectual.

Security researchers have uncovered a rare example of a Trojan that affects Mac PCs.

Lamzev-A creates a backdoor on compromised Mac OS-X systems. The malware typically disguises itself as video codec on dodgy websites. Mac users hoping to watch a clip from a grumble flick get infected instead, a trick carried out by the earlier RSPlug Mac Trojan.

13. British National Party Membership List Leaks Online
Spoiler
http://www.theregister.co.uk/2008/11/18/bnp_loses_list/
The membership list of Britain's right-wing-nutjob political party has been leaked online. Included are names, phone numbers and email addresses along with various other personal details. Serves them right.

The British National Party has lost its membership list - the whole thing has been published online.

The list includes names, addresses, phone numbers and email addresses of all members up to September 2008. It also includes some people's ages, especially those under 18 - the BNP offers family membership for £40. Many entries also contain more personal comments about jobs or hobbies. That's how we know that that BNP members include receptionists, district nurses, amateur historians, pagans, line dancers and a male witch.

14. SSH Sniffer Attack Poses Minor Risk
Spoiler
http://www.theregister.co.uk/2008/11/18/ssh_sniffer_attack/
A vulnerability that has the potential to reveal the plaintext of an SSH session has been discovered and is confirmed to affect OpenSSH and various commercial SSH clients and servers. The vulnerability is not considered to be particularly harmful, though users are urged to update their software or switch from CBC to stream mode.

UK security researchers have discovered hard-to-exploit cryptographic weaknesses in the Secure Shell (SSH) remote administration protocol.

The shortcoming creates a potential means to recover the plain text of encrypted sessions, depending on remote access configurations. Potential attacks - which would take ninja-like hacking skills to pull off - would involve inducing and observing error conditions. It's much more likely that a potential attack would crash a conversation than yield useful results.

15. Obama's Cell Records Improperly Accessed
Spoiler
http://news.cnet.com/8301-1009_3-10104997-83.html
Verizon staff have illegitimately accessed the mobile phone records of US president-elect Barack Obama. The phone in question is no longer being used.

President-elect Barack Obama's cell phone billing records were improperly accessed by employees of Verizon Wireless, CNN reported late on Thursday.

Obama's transition team was informed of the breach by Verizon Wireless representatives on Wednesday, team spokesman Robert Gibbs told the news agency. The Secret Service has been informed, Gibbs said.

The phone, a voice flip-phone with no e-mail access, is no longer active or being used by Obama, the report said. Lists of phone numbers and calls made by Obama could have been accessed, but "nobody was monitoring voicemail," Gibbs is quoted as saying.

16. Researchers Find Flaws In Microsoft VoIP Apps
Spoiler
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212100043
Flaws have been found in Microsoft Office Communications Server 2007, Office Communicator, and Windows Live Messenger that could allow an attacker to cause a denial-of-service condition in the software.

Security researchers say they have discovered several vulnerabilities in Microsoft applications that work with voice over IP (VoIP).

VoIPshield Laboratories, a new research division at VoIPshield Systems, says the new vulnerabilities affect applications that use media stream protocols like Real-time Transport Protocol (RTP), a popular standardized packet format for delivering audio and instant messaging over the Internet. The vulnerabilities could allow attackers to launch denial-of-service (DoS) attacks -- not only against the Microsoft applications, but against the entire desktop environment, the researchers say.

17. FOIA Docs Show Feds Can Lojack Mobiles Without Telco Help
Spoiler
http://arstechnica.com/news.ars/post/20081116-foia-docs-show-feds-can-lojack-mobiles-without-telco-help.html
According to documents obtained through Freedom of Information (and a lawsuit, naturally) by the ACLU and the EFF, US federal law enforcement is capable of tracking the location of cellphones without the assistance of cell providers as previously believed.

Courts in recent years have been raising the evidentiary bar law enforcement agents must meet in order to obtain historical cell phone records that reveal information about a target's location. But documents obtained by civil liberties groups under a Freedom of Information Act request suggest that "triggerfish" technology can be used to pinpoint cell phones without involving cell phone providers at all.

Triggerfish, also known as cell-site simulators or digital analyzers, are nothing new: the technology was used in the 1990s to hunt down renowned hacker Kevin Mitnick. By posing as a cell tower, triggerfish trick nearby cell phones into transmitting their serial numbers, phone numbers, and other data to law enforcement. Most previous descriptions of the technology, however, suggested that because of range limitations, triggerfish were only useful for zeroing in on a phone's precise location once cooperative cell providers had given a general location.

18. Duke's New P2P Policy Won't Stop RIAA Lawsuits
Spoiler
http://arstechnica.com/news.ars/post/20081116-analysis-dukes-new-p2p-policy-wont-stop-riaa-lawsuits.html
If nothing else, an interesting insight into the way the RIAA conducts their lawsuits.

Since the RIAA decided to go after on-campus P2P use in a big way back in February 2007, one of the major questions facing university IT departments was how to respond to the RIAA's prelitigation settlement letters. Duke University has decided that it will now require concrete evidence that copyright infringement actually occurred before forwarding those letters to students.

As an incentive to get students to settle sooner rather than later, the RIAA has instituted a tiered settlement system. Basically, the faster the student forks over the cash to the record labels, the less it will cost him or her. If a school receives a prelitigation settlement letter from the RIAA and immediately forwards it on to the target, it will cost the student $3,000. If the RIAA needs to file a Doe lawsuit to learn the identity of the student, the cost goes up to $4,000. And should the student seek to block the subpoena or otherwise block the RIAA's attempts to discover the name behind the IP address, the price doubles to $8,000.

19. Tennessee Anti-P2P Law to Cost Colleges Over $13 Million
Spoiler
http://arstechnica.com/news.ars/post/20081118-tennessee-anti-p2p-law-to-cost-colleges-over-13-million.html
New legislation in the state of Tennessee requiring public and private colleges to to prevent copyright infringement on campus networks is likely to cost $13 million.

With the RIAA's long-running legal war against file-sharing not having the desired effects, the music industry has turned its sights on legislation aimed at getting others to do the dirty work of copyright enforcement. Last week, they scored a victory when the state of Tennessee passed a law that would require colleges and universities to work to prevent copyright infringement over campus networks. It's great news for the RIAA, but bad news for Tennessee students and taxpayers who will have to foot the $13 million bill.

SB 3974 was introduced this past February into the state legislature. Championed by the RIAA, who pointed to the University of Tennessee's no. 4 position on the list of top music piracy schools, and the MPAA, which noted the school's no. 19 spot on its infringement list, the law will force both public and private schools in the state to implement policies to prevent and prohibit copyright infringement on campus computers and networks.

20. Apple Lawyers Hand IPod Hash Cracking Site a DMCA Notice
Spoiler
http://arstechnica.com/journals/apple.ars/2008/11/21/apple-lawyers-hand-ipod-hash-cracking-site-a-dmca-notice
As one might expect, Apple isn't taking kindly to attempts to reverse engineer a file system protection mechanism on its iPods.

Although not a widely-publicized addition, one of the newer "features" Apple has added to its iPods and iPhones is a hash that protects the iTunesDB file, which stores information about what music you have on your iPod and where it's located on the iPod's hard drive. As it turns out, Apple doesn't seem to like people meddling with the iPhone and iPod touch hash, and according to Slashdot, Apple lawyers recently sent a DMCA violation notice to a project that was attempting to reverse-engineer the current version of the iTunesDB protection.

Without the ability to access the iTunesDB file, it's harder (or impossible) for iTunes alternatives like Songbird to work fully with iPods. The hash used on things like the iPod classic was cracked fairly quickly, but Apple changed the iTunesDB hash when it released the iPhone and iPod touch 2.0 firmware. According to the notice, Apple is claiming that attempts to reverse-engineer the iPhone 2.0 hash count as circumvention of its FairPlay DRM, possibly because the new hash is more closely related to Apple's DRM technology. Apple really doesn't want people trying to hack FairPlay, and appears to be nipping the iPod hash project in the bud before too much progress is made.

21. Inaction On Disconnect Pleas at Root of Aussie ISP Lawsuit
Spoiler
http://arstechnica.com/news.ars/post/20081121-inaction-on-disconnect-pleas-at-root-of-aussie-isp-lawsuit.html
Several Hollywood studios are taking Australian ISP iiNet to court in response to their failure to act on infringement notices.

Seven major film studios and affiliates have filed suit in Australia against one of the country's large ISPs, iiNet, charging the company with a failure to act on detailed reports of illegal file-sharing across its network.

In their quest to police illegal online video sharing, film and television rightsholders have long wanted to deputize ISPs. Going directly after consumers is slow, expensive, and capable of generating substantial bad press (see: RIAA litigation campaign), and it has the added downside of requiring huge amounts of work. Such attempts have been sometimes successful, as in various "graduated response" agreements in Europe, but most often have been sharply resisted by ISPs unwilling and unable to play traffic cop.

22. First Test for Interplanetary Net
Spoiler
http://news.bbc.co.uk/2/hi/technology/7741184.stm
NASA has made its first successful test of the new Disruption-Tolerant Networking (DTN) technology it hopes will be the standard for communication through space in the future.

Nasa has successfully transmitted images to and from a spacecraft 20 million miles away with a communications system based on the net.

The Disruption-Tolerant Networking (DTN) technology is designed to work across vast distances where response times can be measured in days.

Further tests of DTN are due to take place on the International Space Station (ISS) in 2009.

23. Huge Buried Water Glaciers Discovered On Mars
Spoiler
http://blog.wired.com/wiredscience/2008/11/huge-buried-wat.html
Huge subterranean glaciers have been discovered on Mars.

Giant glaciers buried under the surface of Mars at much lower latitudes than any previously known ice are a potential source of drinking water for future astronauts.

The discovery, made using ground-penetrating radar on NASA's Mars Reconnaissance Orbiter, offers new possibilities in the search for life on the red planet.


Ehtyar.
666
N.A.N.Y. 2009 / Re: NANY 2009 Intro
« Last post by Ehtyar on November 20, 2008, 10:39 PM »
Additionally, it wouldn't count if it was in Ruby.  ;) Python progams get extra credit!
-tinjaw (November 14, 2008, 09:09 AM)
Terrific idea :)

I'm going to tentatively pledge (I will make it a certainty before the pledge deadline if it will be done in time), though my app will be of extremely little use to anyone for anything practical. I'm really only submitting it to NANY 'coz I know Mouse Man will cry me a river if I don't at least try to participate this year :P

Ehtyar.
667
Living Room / Re: Introduction To Public Key Cryptography
« Last post by Ehtyar on November 15, 2008, 02:14 PM »
Hardly. RSA is still the most common PKE algorithm.

Ehtyar.
668
Living Room / Re: Tech News Weekly: Edition 46
« Last post by Ehtyar on November 15, 2008, 02:02 PM »
Sorry house man, fixed now. Link is here.

Ehtyar.
669
Living Room / Re: Tech News Weekly: Edition 46
« Last post by Ehtyar on November 14, 2008, 08:01 PM »
I know, it's inevitable. I guess it was just a bit of wishful thinking on my part ...

But eventually it's all about raising the costs for spammers, to make their business less profitable and therefore less attractive. If they're forced to other, and more expensive, hosts, a reduction of spam may be feasible.
-city_zen (November 14, 2008, 07:51 PM)
I like that way of thinking :)

Ehtyar.
670
Living Room / Re: Tech News Weekly: Edition 46
« Last post by Ehtyar on November 14, 2008, 07:20 PM »
Excellent job, Ehtyar  :Thmbsup:

And great news about that spammer company being taken down. I did notice a reduction in spam in the last few days. Let's hope it lasts ...

-city_zen (November 14, 2008, 07:18 PM)
Thanks :)
Highly unlikely it will last. spammers are used to this sort of thing, they'll be setup elsewhere in no time.

Ehtyar.
671
Living Room / Tech News Weekly: Edition 46
« Last post by Ehtyar on November 14, 2008, 06:12 PM »
The Weekly Tech News
TNWeekly01.gifHi all.
No metanews this week ladies and gents.
As usual, you can find last week's news here.

1. Valve Tried to Trick Half Life 2 Hacker Into Fake Job Interview
Spoiler
http://blog.wired.com/27bstroke6/2008/11/valve-tricked-h.html
Well known game making firm Valve attempted to lure a suspected German hacker to the United States (to be arrested) by offering him a job.

After the secret source code for its then-unreleased shooter Half Life 2 showed up on file sharing services in 2003, game-maker Valve Software cooked up an elaborate ruse with the FBI targeting the German hacker suspected in the leak, even setting up a fake job interview in an effort to lure him to the United States for arrest.

The gambit ultimately failed, and Axel "Ago" Gembe remained safely in Germany. He was indicted last month in Los Angeles on new charges of creating the Agobot malware, and sharing it with a crew of U.S. hackers who used it to stage denial-of-service attacks in 2003.

2. Security Experts Reveal Details of WPA Hack
Spoiler
http://www.heise-online.co.uk/security/Security-experts-reveal-details-of-WPA-hack--/news/111922
Followup from: https://www.donationcoder.com/forum/index.php?topic=15629.0#post_WPA_WiFi_Encryption_is_Cracked
For the more technically inclined: http://arstechnica.com/articles/paedia/wpa-cracked.ars
Also, WPA2 is not next on the chopping block: http://erratasec.blogspot.com/2008/11/wpa2-is-not-next-on-chopping-block.html
The researchers who last week claimed to have broken WEP encryption have revealed their technique; it's a variant of the chopchop attack used against WEP. IMO the attack probably isn't worthy of all the hype.

In their paper, Practical attacks against WEP and WPAPDF, Martin Beck and Erik Tews have published details about their attacks on WPA secured networks. The attack is essentially a variant of the chopchop attack used against WEP secured networks, which surfaced in early 2005. The name "chopchop attack" is a nod to the KoreK-developed chopchop tool, which allows the user to decrypt an arbitrary encrypted data packet without having to know the WEP key.

The program slices off the last byte of a WEP packet. Under the assumption that the final byte was the zero byte, it attempts to reconstruct a valid checksum with an XOR link from the last four bytes to a specific value. Then it sends the packet to an access point and observes whether it is accepted. If not, it assumes that the sliced off byte was a 1 – in the worst case it continues this process all the way to 256. This process is then repeated for every other byte in the packet. Once finished, the attacker has the packet in plain text.

3. Google Encourages Profile Verification
Spoiler
http://www.datastronghold.com/index.php/tech-news/1481-who-are-you-google-profiles-knows
Google are encourages users with profiles to have the information on them 'verified' by a third party.

Google also added an additional feature that lets people verify their actual information by checking the data against phone records or credit card records.  Here's what Google had to say about the verify procedure.

"Profiles will display a 'verified name' badge, if the user has verified their name through Knol. Any user can go through Knol's interface to obtain the verified badge," Google said in a statement.

4. IT Security 'Myth Or Truism'
Spoiler
http://edge.networkworld.com/news/2008/110608-security-myths.html
If nothing else, and interesting insight into the opinions of some of IT's best known security gurus. Shame about some of the awful questions.

They are etched into the conventional wisdom of IT security, but are these 12 articles of faith (to some) actually wise, or are they essentially myths? We've assembled a panel of experts to offer their judgments.

5. Firefox 3.0.4 Closes Nine Security Holes
Spoiler
http://www.heise.de/english/newsticker/news/118852
http://news.cnet.com/8301-1009_3-10096399-83.html
Mozilla's most recent Firefox fixes 9 security vulnerabilities, 4 critical. They involve crash bugs, a privilege escalation vulnerability, and a remote code execution vulnerability.

The Mozilla Foundation has released Firefox version 3.0.4 to close nine security holes. The developers rated four of the holes as critical because they allow attackers to execute arbitrary code on the victim's system. One of the critical holes is a classical buffer overflow that can be triggered via specially crafted server responses.

A flaw in the way the browser restores a session after a program crash can cause Firefox to violate the same-origin policy when executing JavaScript code, which could be exploited to execute the code in the context of a different website. Attackers could remotely trigger a crash and subsequent restart to steal a user's access data to other web pages, for example.

6. Spam Declines After Hosting Company Shut-down
Spoiler
http://news.cnet.com/8301-1009_3-10095730-83.html
A significant drop in eMail SPAM has been seen across the globe as a direct result of the closure of a notorious ISP.

Internet hosting site McColo disappeared on Tuesday. Along with it went thousands of pieces of spam, thanks, in part, to investigative work by Washington Post reporter Brian Krebs.

For about four months, security experts have been collecting data about McColo Corp., a San Jose, Calif.-based Web hosting service that may have been used by by the cyber underground, according to the The Washington Post. Krebs said that the McColo hosting company had been responsible for up to 75 percent of all spam spent.

7. Equifax Offers Its First I-card
Spoiler
http://news.cnet.com/8301-1009_3-10096835-83.html
As one might have expected: Equifax's new age-verification tool cumbersome, limited
The first 'online over-18 cards' have been dispensed by Equifax. Governments and corporate identities hope it will soon become the norm to posses an 'online wallet' in order to verify ones identity online. As a member of the tin-foil-hat-brigade, I'm far from impressed.

Equifax on Thursday introduced it's first information card or I-card, Equifax Over 18 card. I-cards are envisioned to be the online equivalent of a driver's license, passport, or similar ID. The basic idea is that customers would have an electronic wallet with various information cards that would allow customers to bypass typing in user names and passwords.

In this case, the Equifax card proves--via a trusted third party--that you are over 18 when accessing specially marked Web sites. "With fraud and identity theft on the rise, companies need better, more secure ways to conduct transactions online and take their identity management practices to the next level," said Steve Ely, president of Equifax Personal Information Solutions, in a statement.

8. IE Supports HTTPOnly Cookies
Spoiler
http://ha.ckers.org/blog/20081111/httponly-fix-in-msxml/
With the release of MS08-069 cookies marked as HTTPOnly will no longer be accessible to javascript in IE.

I’m happy to announce that Microsoft has released MS08-069 today. It’s got a lot of changes in it, but one in particular that I’ve been tracking for about a year now. MSXML has made a change so that HTTPOnly cookies cannot be read by XMLHTTPRequest within IE. Why is that good? It makes it so that JavaScript can no longer steal cookies that try to protect themselves. That’s a good thing.

It might seem like a big thing that that was even possible, but really it’s not as bad as it sounds, making this issue a lower priority in my mind. Cookies are rarely sent from the server to the client on every request and typically do require some information to be sent (like a username and password) before the Set-Cookie header is sent. So XMLHTTPRequest was really only useful for stealing cookies if the Set-Cookie header was sent on every request. Maybe there are some sites out there that do that, but it’s not that common. Either way, I’m glad MS got around to fixing it.

9. Visa Tests Credit Card With Random Number Generator
Spoiler
http://www.darkreading.com/security/privacy/showArticle.jhtml?articleID=212001898
Visa is now testing a credit card with a built in random number generator to replace the existing 'CCV' verification system in the hopes it will better protect against card-not-present fraud.

Visa is testing a new credit card that can generate a random-number passcode to help ensure it won't be used by unauthorized individuals.

In trials starting this week at four banks -- Bank of America UK, Corner Bank in Switzerland, Cal in Israel, and IW Bank in Italy -- Visa and EMUE Technologies are testing a Visa PIN card, an alternative to the "CCV" code currently printed on the back of most cards to help ensure that the individual is actually in possession of the card. The technology was first introduced in June.

10. AVG Incorrectly Flags User32.dll in Windows XP SP2/SP3
Spoiler
http://arstechnica.com/journals/microsoft.ars/2008/11/11/avg-incorrectly-flags-user32-dll-in-windows-xp-sp2sp3
A routine signature database update for AVG antivirus last week saw users of Windows XP SP2/SP3 warned that user32.dll was actually a virus, and upon removal could not boot their systems.

After a Sunday virus definition update, AVG's antivirus software began to mistakenly warn users that their system had a virus entitled PSW. banker4.APSA and suggested it had to be removed. The file that was being flagged was actually "user32.dll," a key Windows file. Many users chose to delete the file, which resulted in their Windows systems going into an endless reboot cycle, or stopped them from booting at all. Only users of Windows XP Service Pack 2 and Service Pack 3 seem to have been affected (users who have moved to Vista can apparently breathe a sigh of relief). Both AVG 7.5 or 8.0 was affected by the flawed definition file.

11. 26th Year of Asteroids Record
Spoiler
http://www.wired.com/science/discoveries/news/2008/11/dayintech_1113
The record for the highest score in the arcade game 'Asteroids' has been standing (and still is) for twenty-six years.

1982: Fifteen-year-old Scott Safran of Cherry Hill, New Jersey, sets the world record score in the arcade game Asteroids — the longest-standing videogame high score in history.1

Safran, who had been practicing nonstop at the game for the previous two years, agreed to play a marathon session of Atari's popular outer-space shooting game as part of a charity event in Pennsylvania. His mother drove him to the event and lent him a quarter, which he dropped into the machine Nov. 13.

12. Pentagon Clears Flying-Car Project for Takeoff
Spoiler
http://blog.wired.com/defense/2008/11/darpas-flying-c.html
The Pentagon has commissioned work on "Personal Air Vehicle Technology" which it hopes will lead to the development of a helicopter/car hybrid or something similar. Sorry guys, this is for military application only at the moment :(

Pentagon mad-science division Darpa is helping build thought-controlled robotic limbs, artificial pack mules, real-life laser guns and "kill-proof" soldiers. So it comes as no surprise, really, that the agency is now getting into the flying-car business, too.

Darpa hopes its "Personal Air Vehicle Technology" project, announced yesterday, will ultimately lead to a working prototype of a military-suitable flying car -- a two- or four-passenger vehicle that can "drive on roads" one minute and take off like a helicopter the next. The hybrid machine would be perfect for "urban scouting," casualty evacuation and commando-delivery missions, the agency believes.

13. First Direct Image of Multiple Exoplanets Orbiting a Star
Spoiler
http://blog.wired.com/wiredscience/2008/11/first-direct-im.html
Firstly...COOL!! In the past, planets were detected by the disturbances their field of gravity caused their star. Now, we can see them directly.

For the first time, astronomers have taken a visual image of a multiple-planet solar system beyond our own.

Using the Gemini North telescope and the W. M. Keck Observatory on Hawaii's Mauna Kea, researchers observed in infrared light three planets orbiting around a star about 130 light-years away from Earth, called HR 8799. The discovery, published today in Science Express, is a step forward in the hunt for planets, and life, beyond Earth.

14. Net Spying Firm and ISPs Sued Over Ad System
Spoiler
http://blog.wired.com/27bstroke6/2008/11/net-spying-firm.html
A class action lawsuit has been filed against advertising firm NebuAd and its partner ISPs for illegally spying on their customers in order to deliver targeted advertisements. Tin-foil-hat-brigade: 1, ISPs/NebuAd: 0.

Net eavesdropping firm NebuAd and its partner ISPs violated hacking and wiretapping laws when they tested advertising technology that spied on ISP customers web searches and surfing, according to a lawsuit filed in federal court Monday.

The lawsuit seeks damages on behalf of thousands of subscribers to the five ISPs that are known to have worked with NebuAd. If successful, the suit could be the final blow to the company, which abandoned its eavesdropping plans this summer after powerful lawmakers began asking if the companies and ISPs violated federal privacy law by monitoring customers to deliver targeted ads.

15. Google Fixes Embarrassing Android Bug
Spoiler
http://blog.wired.com/gadgets/2008/11/google-fixes-an.html
Google has fixed a rather odd flaw in Android that caused any text typed in any application to be passed to the phone's command shell, then executed with root privileges.

Google has fixed an a potentially devastating bug in its newly released Android operating system.

Some users of T-Mobile's G1 phone found that typing any word on the phone's keyboard — in any application — sent whatever they typed to the phone's command line shell.

Those commands were then executed with root user privileges, meaning there were no limitations on what the commands could do to the phone. For instance, texting the word 'reboot' would actually cause the phone to do so.

16. Obama Administration To Keep Fewer Secrets?
Spoiler
http://arstechnica.com/journals/law.ars/2008/11/07/setec-astronomy
An interesting collection of potential indications of a more open information policy from the soon-to-be Obama administration. Yay tin-foil-hat-brigade! For those of you that don't get the 'Setec Astronomy' reference, it's an anagram of 'Too Many Secrets', and you'd better get your arse down to the local rental place and get yourself a copy of Sneakers RIGHT NOW!!

Steven Aftergood of Secrecy News dangles this tantalizing (if vague) tidbit about classification policy under the Obama administration:

    “I know things are going to change,” one executive branch official with national security classification responsibility said this morning.  “The folks that are inbound have a keen appreciation for the kind of things that need to occur,” the official said.

Aftergood notes that Center for American Progress honcho John Podesta, the Clinton White House alumnus who's heading up Obama's transition team, delivered a broadside against overclassification in testimony before Congress just a few months ago:

    Excessive secrecy conceals our vulnerabilities until it is too late to correct them. It slows the development of the scientific and technical knowledge we need to understand threats to oursecurity and respond to them effectively. It short-circuits public debate, eroding confidence in the actions of the government. It undermines the credibility of the information security system itself, encouraging leaks and causing people to second-guess legitimate restrictions.


Ehtyar.
672
General Software Discussion / Re: Use this modified version of Chrome for more privacy
« Last post by Ehtyar on November 11, 2008, 01:25 PM »
It is cpp, though they're using the .cc extension.

Ehtyar.
673
Living Room / Re: Tech News Weekly: Edition 45
« Last post by Ehtyar on November 09, 2008, 01:50 PM »
Uh-oh - another software junkie! (And how often do you reinstall Windows?  ;D)

Jim
-J-Mac (November 09, 2008, 01:36 PM)
Every 6 months if i can manage it. I have as much portable software as possible to ease the transition. I currently have 53 addons installed in my Firefox (probably use about 75% of them) though it's about time for another clean out methinks.
If you wanna know how many you have without counting, download Extension List Dumper.

Ehtyar.
674
Living Room / Re: Tech News Weekly: Edition 45
« Last post by Ehtyar on November 09, 2008, 01:26 PM »
Unfortunately I don’t think I perform enough true research to justify using it.  :( I have a feeling that it would be a case of using a sledgehammer to swat at a mosquito.

I will probably give it a try anyway, but I think it may be serious overkill for me.
-J-Mac (November 09, 2008, 01:10 PM)
Ditto, but I just installed it anyway :P

Ehtyar.
675
Living Room / Re: Tech News Weekly: Edition 45
« Last post by Ehtyar on November 07, 2008, 02:06 PM »
Thanks everyone :)
Thanks Ehtyar, and congrats on the new position as Jr. IT Admin!

Amnesia Razorfish wouldn't happen to be the Australian internet censoring company would it? ;) :P
-Deozaan (November 06, 2008, 09:46 PM)
Ahahaha, would you believe Amnesia don't even filter their own internet traffic?  :tellme:
"Remote Buffer Overflow Bug Bites Linux Kernel"
- actually fixed back in early October when it was found (Ubuntu patched it within 24 hours). Another reason to open source drivers, so many eyes can see the problem.
-zridling (November 06, 2008, 11:18 PM)
Thanks for the info zridling. I forgot to mention in the metanews as I should have that a few of the stories are older than a week as I forgot to check my read-it-later-list last week.

Once I get my browser back (backup in progress) I intend to try Zotero myself. Though I'll have little use for it I'll let everyone know how things go.

Ehtyar.
Pages: prev1 ... 22 23 24 25 26 [27] 28 29 30 31 32 ... 50next