676
Living Room / Re: R.I.P. Michael Crichton
« Last post by Ehtyar on November 07, 2008, 05:29 AM »Read about this yesterday in the newspaper, very sad.
Ehtyar.
Ehtyar.
Recent Posts
| Hi all. As most of you who frequent the IRC channel will know, this week has been my first as the Junior IT Administrator at Amnesia Razorfish. The reason I mention this is that from next week onward I will no longer be able to post the news at the usual time. It will likely be posted a day or two later than usual (though no less regularly). Hopefully I be able to determine a set time within the next fortnight. Also, thanks to Mouse Man and Darwin for their kind words about the weekly tech news in this months newsletter. As usual, you can find last week's news here. |
Currently users are required to create individual passwords for many websites they visit, but users would prefer to avoid this step so they could visits websites more easily. Similarly, many websites on the Internet have asked for a way to enable users to log into their sites without forcing them to create another password. If users could log into sites without needing another password, it would allow websites to provide a more personalized experience to their users.
A hacker using the pseudonym Bla has published an open source tool called Crapto1 for cracking the encryption of the Mifare Classic RFID chip, as used in the Oyster Card. Besides an implementation in C of the vulnerable Crypto1 algorithm, the archive also contains the C source code for an attack that has been described in a paper by Dutch security researchers at Radboud University.
Using the tool it is said to be possible to calculate the access code of a Mifare Classic card within around two seconds. All an attacker requires is a live recording of an encrypted radio communication between the card and a legitimate reader, as well as a little programming knowledge. The access code then allows him not only to decode the encrypted data, but also to manipulate the card's content virtually without limit and to clone it to obtain services fraudulently.
Core Security Technologies issued an advisory disclosing a vulnerability that could affect millions of individuals and businesses using Adobe’s Reader PDF file viewing software. Engineers from CoreLabs determined that Adobe Reader could be exploited to gain access to vulnerable systems via the use of a specially crafted PDF file with malicious JavaScript content. Upon making the discovery, CoreLabs immediately alerted Adobe to the vulnerability and the two companies have since coordinated efforts to ensure that a patch could be created and made available to protect users of the program.
Bad news off the wire for AT&T broadband customers, as AT&T has announced the fact that they are now imposing bandwidth limits in certain test areas. Currently this market trial was started November 1 in Reno and users will get between 20 GB and 150 GB a month depending on their speed tier. Unlike the bandwidth limitations that were imposed by companies like Time Warner and Comcast, there were only applied to new users this bandwidth cap will be applied to all users including current ones.
It seems like the long feared bandwidth caps are going to be the norm and no longer the exception to the rule when it comes to Broadband providers and home users. My personal opinion is that bandwidth caps are not an attempt for broadband companies to provide greater service to their customers, it is an attempt for them to start charging either broadband content providers or customers for accessing broadband content. The cable companies have seen the writing on the wall and they know that the future is TV and video being sent over Internet lines to customers houses and they want a piece of the pie.
A single cyber crime group has stolen more than a half million bank, credit and debit card accounts over the past two-and-a-half years using one of the most advanced strains of computer spyware in existence, according to research to be published today. The discovery is among the largest stolen data caches ever recovered.
Researchers at RSA's FraudAction Research Lab unearthed the massive trove of purloined data while tracking the activities of a family of spyware known as the "Sinowal" Trojan, designed to steal data from Microsoft Windows PCs.
Michael Logan, 31, of Maryland was sentenced today in federal court in the District of Columbia for filming with a camcorder in theatres, "28 Weeks Later", “Enchanted” and maybe up 100 more movies over the last few years according to the MPAA.
Prosecutors wrote that Logan's voice could be heard on a pirated version of the film "28 Weeks Later," which MPAA investigators purchased on the streets of New York on May 11 and May 15 of last year. Investigators believe that Logan recorded that film May 11 at the Regal Cinemas, prosecutors wrote.
The deal involved Google providing some of the advertising around Yahoo's search results and would have been worth $800m (£494m) a year to Yahoo.
It was originally announced in June but has faced anti-trust objections.
Yahoo said in a statement it was disappointed that Google had decided not to fight for the deal in court.
The internet portal's co-founder and CEO Jerry Yang made the comment despite the fact Yahoo rejected a $33 (£21) a share offer from Microsoft back in May.
Mr Yang's suggestion also came hours after Google pulled out of an internet advertising partnership with Yahoo.
"To this day the best thing for Microsoft to do is buy Yahoo," said Mr Yang.
The French Senate voted overwhelmingly in favour of the law, which aims to tackle ongoing piracy of music, movies, and games online.
Those caught illegally sharing digital media will get warnings e-mailed and posted to them before having their net connection terminated.
Sony said the recall came after 40 instances of overheating, including four cases where users had minor burns.
The recall affects around 74,000 HP laptops, 14,400 from Toshiba, and small numbers from Dell, Acer and Lenovo.
Sony said the affected batteries were caused by a production line problem between October 2004 and June 2005.
Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details.
The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets.
An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost.
Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.
The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.
Technology that claims to pick up traces of illicit images on PCs has attracted the interest of Australian cops. The software, developed in an Australian University, might eventually be used to screen PCs for pr0n during border inspections.
Compared to breath test tools used by the police in a different context, the software - developed at Perth's Edith Cowan University in association with local police from Western Australia - is undergoing beta testing.
Hackers have managed to jailbreak T-Mobile's new G1 phone by exploiting a gaping loophole in Android, the open source operating system supplied by Google.
The hack, which was posted to this XDA-Developers forum, is a straight-forward process that allows Linux geeks to gain root access in about one minute. It involves using the widely available PTerminal application to telnet to the device's IP address. Presto, you now have root.
Fraudsters have set up a fake site featuring a backdoored version of the WordPress blogging application as part of a sophisticated malware-based attack.
The fake Wordpresz.org site offered up what purports to be version 2.6.4 of the open source blogging tool. In reality all but one of the files are identical to the latest pukka (2.6.3) version of WordPress.
A pilot program of the U.K.'s national identity card plan will be compulsory at one of the two participating airports.
Workers will be required to enroll in the program at London city airport, the Home Office said Thursday. The move comes despite repeated assurances from the Home Office that U.K. citizens will not be compelled to have an ID card or enter their biometric details onto the National Identity Register.
Also on Thursday, the government said that retailers, post offices, and banks can apply to become biometrics enrollment sites for the cards.
A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.
The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges. This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks.
As anyone who works in academia knows, writing and publishing papers involves frequently citing the existing literature. When you're working on a paper with 30 or more references, keeping track of them all can be a downright pain, which is where reference-managing software like Thomson Reuters' EndNote comes in. EndNote is the market leader in this field, but recently it has been facing competition from the open source Zotero, which is a Firefox plugin that lets you manage your bibliographic library and insert references into papers. Right now though, EndNote and Zotero are locked in a legal battle over claims by Thomson Reuters that the developers of Zotero have illegally reverse-engineered aspects of EndNote.
The Federal Communications Commission's decision to open up the 'white spaces' spectrum to unlicensed devices could usher in a new telecom revolution, say analysts.
Like WiFi, the availability of free, unregulated spectrum could create new technologies and new markets, bringing superfast wireless connectivity to the masses. Unlike WiFi, it could also put pressure on wireless carriers.
"All the PR spin and FUD (fear, uncertainty and doubt) failed in the face of physics and the ground reality of engineering," says Sascha Meinrath, research director of the wireless future program at the New America Foundation, a non-partisan public policy think-tank.
Mozilla is reporting that Firefox topped 20% of the worldwide market share for web browsers for the first time ever in October, 2008. Firefox broke the 20% mark twice last month, once during the week of October 5, and once again during the week of October 26. During the other two weeks, its share was around 19.8%, putting the average for the month just above below the 20% mark at 19.9%
Great job on this weeks news.I've read that most major banks support dongle technology for their corporate customers, but I'm not aware of any that supply the technology to private account holders.I liked the 'Security-on-a-Stick' to Protect Consumers and Banks. But what banks support it?
-Davidtheo (October 31, 2008, 01:25 AM)
Could somebody briefly explain what "Fourth Amendment Search" means? I have a feeling that this could actually be one of the more important newsletter items.For the long winded version, see the wiki article. (tomos and f0d man read in) The short version is that the fourth amendment requires that officers of the law present probable cause and obtain a search warrant for any form of search they wish to undertake. Since the digital age has come upon us with legislation lagging so far behind it, it has been for the judge to decide what constitutes "search" of a digital medium. Until now, taking a hash of a file on someone's PC was not considered a "search" as per the fourth amendment, and thus required there to be no probable cause in order to do so. Until now, the authorities have used (read: abused) this loophole in order to "search" a suspects files by hashing any suspicious files, and comparing the hash to that of content known to them (in this case, kiddy porn pics) and hoping for a match, thus avoiding the requirement of a warrant and probable cause.-f0dder (October 31, 2008, 01:34 AM)
great stuff.Hehe, thanks mouse man
small bug: clicking on the links now serves no purpose.-mouser (October 31, 2008, 03:35 AM)
(assuming I took that comment the right way)Sure, it's data-mined to hell and beyond, but you do choose yourself how much information you wish to expose.You may be able to choose how much information you expose to the public, but you don't gt to choose how much you expose to Facebook.-f0dder (October 31, 2008, 01:38 AM)
I'm not really one who would do such things as Kyle or this woman, but it's reasons like these that I like my anonymity on the internet. :-)Couldn't have said it better myself Deo.-Deozaan (October 31, 2008, 04:32 AM)
Sometimes I do go a little off-track indeed, I just thought it was interesting and worthy of inclusion. Actually, what does everyone think about those slightly off-topic articles?| Hi all. No meta-news this week, enjoy As usual, you can find last week's news here. |
NIST has opened a public competition to develop a new cryptographic hash algorithm, which converts a variable length message into a short “message digest” that can be used for digital signatures, message authentication and other applications. The competition is NIST’s response to recent advances in the cryptanalysis of hash functions. The new hash algorithm will be called “SHA-3” and will augment the hash algorithms currently specified in FIPS 180-2, Secure Hash Standard. Entries for the competition must be received by October 31, 2008.
Just days after the T-Mobile G1 smartphone went on the market, a group of security researchers have found what they call a serious flaw in the Android software from Google that runs it.
One of the researchers, Charles A. Miller, notified Google of the flaw this week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
The volume of malware attacks conducted via e-mail attachments increased about 800 per cent over the past three months as this low-grade hacking method was brought back from the grave, according to a U.K.-based security vendor.
This reverses an earlier trend. Previously, malware trends indicated hackers were moving away from sending infected attachments. Most attacks were carried out by embedding links to viruses or Trojans right into the e-mail.
Hackers initially unleashed Koobface in late July, but Facebook's security team soon slowed its spread by blocking the Web sites that were hosting the malicious Trojan software.
That has prompted the criminals to change tactics, according to Guillaume Lovet, a senior research manager with Fortinet. In this latest attack they have hosted files that appear to be YouTube videos on Picasa and Google Reader and used Facebook to send them to victims.
The links appear safe because they go to Google.com Web sites, but once the victim arrives on the Google Reader or Picasa page, he is invited to click on a video or a Web link. The victim is then told he needs to download special codec decompression software to view the video. That software is actually a malicious Trojan Horse program, which is blocked by most antivirus programs, according to Facebook.
The "security-on-a-stick" solution — a handy USB-sized device with a display, a smart card reader and buttons — protects a user's e-banking transactions from even the most malicious attacks. With the new device, developed by an expert team at IBM's Zurich Research Lab, a user sees exactly what transaction data the banking server receives. Moreover, he or she can approve or cancel each transaction directly with the banking server using the buttons on the device.
Google's Chrome browser has been marred by yet another vulnerability, this one allowing attackers to impersonate websites of groups like the Better Business Bureau, PayPal or, well, Google.
Researcher Liu Die Yu of the TopsecTianRongXin research lab in Beijing says the spoofing vulnerability is the result of faulty code inserted by programmers from the Mountain View, California search behemoth.
Just a few days after Opera Software patched critical vulnerabilities in its browser, researchers have identified another serious bug that allows attackers to remotely execute malicious code on the machines of people running the most recent version of the software. Opera has vowed to fix the flaw soon.
Among the bugs squashed in Opera 9.61 was a stored cross site scripting (XSS) vulnerability that allowed attackers to view victims' browsing history. That attack is no longer possible, but now researchers have discovered an even more serious exploit that's based on the same weakness.
The ATO admitted that the CD was not encrypted and victims were only notified three weeks later.
The disk contained the name, address and super fund tax file numbers for 3122 trustees and was being couriered to the ATO, but failed to reach the department.
The Tax Office was notified about the missing CD on October 3 but only sent out letters to the victims on October 24, offering to re-issue the tax file numbers for their super funds.
A good coder has as many uses for hash functions as George Washington Carver did for peanuts—but law enforcement is fond of these digital fingerprinting techniques as well, because they allow reams of data to be rapidly sifted and identified. Legal scholars, however, have spent a decade puzzling over whether the use of hash value analysis in a criminal investigation counts as a Fourth Amendment "search." A federal court in Pennsylvania last week became the first to rule that it does—but one legal expert says an appeal is very likely.
One feature of Vista that came under more criticism than most was User Access Control. The feature, designed to make Windows more secure by both limiting the rights of Administrators and making it easier for regular Users to gain Administrator rights only when necessary, was deemed to be annoying and intrusive. As a result, some 10-15% of Vista users turn it off.
Vista SP1 smoothed a few of the more annoying UAC wrinkles, but retained the same fundamental mechanics. The two main problems with UAC:the screen going black momentarily whenever a confirmation prompt was displayed, and the need to reaffirm explicit user actions.
With Windows 7, Microsoft has tried to tone down UAC to make it less invasive while still affording the same protection.
Ubuntu 8.10 is available for download today. And because Ubuntu Linux is open source software and we've been following its development for the last 6 months, there aren't a ton of surprises. But that doesn't mean you shouldn't download it if you're running Ubuntu 8.04 or if you're looking for a new Linux distro to try. Because it does include a number of tweaks, bug fixes, and improvements. Here are just a few:
* Improved support for connecting to 3G wireless networks
* A utility for loading a fully working Ubuntu installation on a USB disk
* There's a new System Cleaner utility that will help identify abandoned software packages (which could address one of my biggest pet peeves about most Linux distributions)
* The Nautilus file manager now supports tabs
Four years in the making, the Tivo/Netflix streaming partnership is finally ready for prime time. Tivo began testing software Thursday and expects to have the entire Netflix streaming collection available to subscribers of both services by early December.
The companies originally announced plans to serve Netflix movies-on-demand to Tivo boxes in 2004 but shelved plans due to a lack of available content.
Perhaps the idea is to have a decent music base to select from, rather than hearing the same tracks over and over - or having to transfer new music all the time?Correct.-f0dder (October 29, 2008, 01:43 AM)
don't these eeePCs from Asus(tek?) have a large harddisk? maybe a different subnotebook will do and be cheaper as well...Not a bad idea..not ideal, but I may end having to get one regardless, thanks House Man.-housetier (October 28, 2008, 04:58 PM)
I'm not sure exactly how much you want to spend, but the Zune 120 might be a possibility. It's priced around $240 USD. It has a rated battery life of approximately 30 hours, however your mileage may vary. I have one of the old Zune 30s, and I love it. I also pay for the Zune Pass, so I always have tons of music to access for a single monthly fee.This is PERFECT
C-cthorpe (October 28, 2008, 05:15 PM)
, not quite sure how I missed it, though it may be because it's not released in my country yet. Unfortunately, I completely forgot to take into account the utterly pathetic Australian dollar at the moment. You thought $240 was bad, here that converts to somewhere around the $450 mark, while keeping in mine that two months ago we were 10c away from parity with the US dollar. Still, if the situation improves, this one will be mine. Some cody-currency to you, thanks cthorpe.I'm guessing that the Archos line is guilty of premium pricing for the screen...?'Fraid so Darwin, thanks for the suggestion though.-Darwin (October 28, 2008, 06:28 PM)
the intention isnt to post the newsletter in both formats each time is it? it was just this time you posted both so we could compare.Yeah. I guess that's the part Deo was missing.
in future idea would be to only post the compact version, right?-mouser (October 26, 2008, 11:19 PM)
Neither do I, but since the news is posted for everyone BUT myself, and since you're the only person to express distaste, I guess I don't have much of an option.It was intentional. Have a read of the comments of last week's news.
Ehtyar.-Ehtyar (October 26, 2008, 09:25 PM)
I realize it was intentional. What I'm saying is that I'm one of the people who isn't heaping praises on it. I don't like it and I think it's pointless.
But that's just my opinion. If people really like it then keep it. I'll just continue to ignore it like I did this time.-Deozaan (October 26, 2008, 10:43 PM)
*cough*i'mnotjealous*cough*