topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Saturday December 14, 2024, 2:08 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Tech News Weekly: 40  (Read 22799 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Tech News Weekly: 40
« on: October 03, 2008, 07:37 PM »
The Weekly Tech News
Hi all. Just a few quick messages:
First, this is the new layout in response to feedback from last week's news. As always, any constructive feedback is appreciated.
Second, two of the articles in this week's news were submitted by forum members. If anyone would like to contribute a story that I may have missed in a previous week, or simply would like to ensure that I do include a story for a following week, please leave me a PM on the forum or on irc.
Thanks, Ehtyar.

1. TCP Flaws Put Websites At Risk
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1332898,00.html
http://news.cnet.com/8301-1009_3-10056759-83.html
Researches have found several fundamental flaws in TCP that, if exploited, may be capable of bringing down internet heavyweights like Google or Microsoft.

Screenshot - 4_10_2008 , 9_37_21 AM_thumb.png

A pair of security experts are now discussing several fundamental issues with the TCP protocol that can be exploited to cause denials of service and resource consumption on virtually any remote machine that has a TCP service listening for remote connections.

The problems, which were identified as far back as 2005, are not simply vulnerabilities in products from one or two vendors, but are issues with the ways in which routers, PCs and other machines handle TCP connection requests from unknown, remote machines. The attacks can be carried out with very little bandwidth, such as that available on a cable modem, and there don't appear to be any workarounds or fixes for the problems at this point.


2. How To Clone and Modify E-Passports
http://www.schneier.com/blog/archives/2008/09/how_to_clone_an.html
A group of hackers have released a tool allowing people to clone and modify electronic passports by exploiting a weakness that is apparently the result of using self-signed certificates...but who do you make the CA of the entire globes' passports?

So what's the solution? We know that humans are good at Border Control. In the end they protected us well for the last 120 years. We also know that humans are good at pattern matching and image recognition. Humans also do an excellent job 'assessing' the person and not just the passport. Take the human part away and passport security falls apart.


3. Top Secret MI6 Camera Sold On e-Bay
http://www.techcrunch.com/2008/09/30/top-secret-mi6-camera-sold-to-the-highest-bidder-on-ebay/
A camera containing top secret information, including credentials for logging into their network, was sold by an MI6 agent on e-Bay.

A 28-year-old delivery man from the UK who bought a Nikon Coolpix camera for about $31 on eBay got more than he bargained for when the camera arrived with top secret information from the UK’s MI6 organization.

Allegedly sold by one of the clandestine organization’s agents, the camera contained named al-Qaeda cells, names, images of suspected terrorists and weapons, fingerprint information, and log-in details for the Secret Service’s computer network, containing a “Top Secret” marking.


4. Microsoft, Washington State Sue Scareware Purveyors
http://voices.washingtonpost.com/securityfix/2008/09/microsoft_washington_state_tar.html
Microsoft and the state of Washington gave stepped up to take on groups that use false and/or misleading security alerts to trick concerned customers into purchasing software.

Microsoft Corp. and the state of Washington this week filed lawsuits against a slew of "scareware" purveyors, scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software.

The case filed by the Washington attorney general's office names Texas-based Branch Software and its owner James Reed McCreary IV, alleging that McCreary's company caused targeted PCs to pop up misleading security alerts about security threats on the victims' computers. The alerts warned users that their systems were "damaged and corrupted" and instructed them to visit a Web site to purchase a copy of Registry Cleaner XP for $39.95.


5. Nasty web bug descends on world's most popular sites
http://www.theregister.co.uk/2008/09/30/web_bug_bites_sites/
http://news.cnet.com/8301-1009_3-10056854-83.html

Princeton University researchers have uncovered a series of cross-site request forgeries in some of the worlds most popular websites, one of which would have permitted fund transferal from a victims bank account. Internet Explorer and Firefox users are known to have been vulnerable.

Underscoring the severity of of an exotic form of website bug, security researchers from Princeton University have cataloged four cross-site request forgeries in some of the world's most popular sites.

The most serious vulnerability by far was in the website of global financial services company ING Direct. The flaw could have allowed an attacker to transfer funds out of a user's account, or to create additional accounts of behalf of a victim, according to this post from Freedom to Tinker blogger Bill Zeller.


6. Cybersecurity holes exposed in Los Alamos nuke lab
http://www.theregister.co.uk/2008/09/29/los_alamos_cyber_insecurity/
The Los Alamos National Laboratory has been found to be severely under-secured by a US Government Accountability Office audit.

The Los Alamos National Laboratory - easily the world's most sensitive and sophisticated research institution - is marred by cybersecurity weaknesses that compromise the way information on its unclassified network is protected.

According to an audit by the US Government Accountability Office (GAO), the New Mexico-based LANL recently began implementing measures to shore up information security. But vulnerabilities remain on its unclassified network, which contains sensitive information involving controlled nukes, export control, and personal details of lab employees. Physical security was also found to be lacking at the facility, one of only three US National Nuclear Security Administration (NNSA) labs.


7. Time To Look For A Skype Alternative (Thanks 40hz)
http://www.ghacks.net/2008/10/02/time-to-look-for-a-skype-alternative/
http://news.cnet.com/8301-1009_3-10056127-83.html
http://news.cnet.com/8301-1009_3-10057580-83.html


The voice over IP client Skype never got off the radar of privacy activists. There were always rumors about backdoors in the voice communication software and that several organizations were able to record calls made by Skype users although Skype claimed otherwise.

Skype messages were in the focus of privacy groups since first news about text filtering messages in China became known to the public. Back then Skype released an official statement that the text filter applied by the Chinese Skype partner Tom Online would not affect security and encryption mechanisms of Skype, that people’s privacy would not be compromised and calls, chats and other forms of communication on Skype would continue to be encrypted and secure.

Researchers and privacy activists of the University of Toronto discovered files on unprotected Chinese computers that contained filtered Skype messages that were recorded in China.


8. Adware supplies one third of all malware
http://news.cnet.com/8301-1009_3-10056912-83.html
A report released by Panda security has alleged that one third of all new malware is generated by adware, particularly fake antivirus products.

On Thursday, Panda Security released its report for the third quarter stating that adware is responsible for one third of all new malicious software. In particular, the security company cited increased use of fake antivirus scanners.

The fake scanners typically report a computer infection and suggest downloading an application to remove the malware. Once downloaded, the scanners then ask computer users to purchase the application before it can remove an infection that never really exists. The goal of these attacks is financial gain.


9. New phishing attempt targets bank customers
http://news.cnet.com/8301-1009_3-10057180-83.html
A bracket of the acquisitions (Thanks housetier)
Phishers appear to be capitalising on the downfall of the global economy.

Many people are wondering what to do now that their bank has been acquired in the wake of the lending crisis. Well, whatever you do, don't click on links in e-mails purportedly sent by your bank.

Security firm SonicWall said Thursday that it has been seeing e-mails that attempt to lure people to fake bank Web sites, where they are asked to re-verify their personal and bank information as part of a merger.


10. Verizon gets industry-specific in breach report
http://news.cnet.com/8301-1009_3-10056490-83.html
An interesting report from Verizon detailing industry-specific vulnerability rends.

Risks factors for data breaches vary industry to industry and defy a "cookie cutter" approach to security, according to a report released Thursday by Verizon Communications.

The new report (PDF) builds on data released in June. The initial report spanned four years and included more than 500 forensic investigations involving 230 million compromised records.


11. Plant Tweak Could Let Toxic Soil Feed Millions
http://blog.wired.com/wiredscience/2008/10/plant-tweak-cou.html
A single genetic switch could allow crops to grow in aluminum-poisoned soil.

Thanks to a genetic breakthrough, a large portion of Earth's now-inhospitable soil could be used to grow crops -- potentially alleviating one of the most pressing problems facing the planet's rapidly growing population.

Scientists at the University of California, Riverside made plants tolerant of poisonous aluminum by tweaking a single gene. This may allow crops to thrive in the 40 to 50 percent of Earth's soils currently rendered toxic by the metal.


12. Google, Hotmail CAPTCHA Cracked
http://arstechnica.com/news.ars/post/20081002-right-back-at-ya-captcha-bad-guys-crack-gmail-hotmail.html
http://www.itsecurity.com/blog/20081003/xrumer-spambot-cracks-captchas/
A previously well-known software XRumer has received a substantial upgrade, allowing it to break almost every form of CAPTCHA currently in use.

The decline in CAPTCHA efficacy has been an ongoing story in 2008, as hackers and malware authors have steadily found ways to chip away at the protection these security practices were once thought to offer. Now, new findings indicate that both Gmail and Windows Live Hotmail have been compromised again, this time via a more-streamlined attack process. With two of the largest webmail providers once again vulnerable, CAPTCHAs clearly aren't meeting the security needs of either company, and it may be time to reevaluate the use of them altogether.


13. RapidShare must remove infringing content proactively
http://arstechnica.com/news.ars/post/20081001-german-court-says-rapidshare-must-get-proactive-on-copyrighted-content.html
If a German court ruling is upheld, Rapidshare may no longer be able to plead ignorance of infringing content hosted on their servers.

File sharing service RapidShare may find itself without a viable business model if a German court ruling stands. After getting sued by a German copyright holder, the company argued that it was doing all it could to screen out copyrighted material. The court, however, has ruled that its efforts were insufficient, raising questions about whether doing anything that was legally sufficient could be done without incurring enough costs to sink the company.

RapidShare is one of a large number of companies that will host large files for users who need to exchange them with friends and family. Like many of these companies, it offers a free service with limited features in the hopes of enticing users to spring for the cost of a premium service, which offers some significant perks, such as hosting larger files, unlimited download speeds, and permanent storage. All of this occurs through a simple web interface, and doesn't involve the P2P transfers that have attracted the ire of ISPs and the copyright industry. As a result, their popularity is growing rapidly; RapidShare accounts for five percent of all IP traffic in some regions.


14. Blizzard awarded $6 million in damages from WoW bot maker
http://arstechnica.com/news.ars/post/20081001-blizzard-awarded-6-million-in-damages-from-wow-bot-maker.html
World of Warcraft creator Blizzard have been awarded $6 million in a court case against Glider, a company that produced software to automate gameplay, thse of which was against Blizzard's Terms of Service.

The case Blizzard brought against bot-maker MDY Industries has been going on since 2006, and while a judge ruled in July that MMOGlider infringed on Blizzard's copyrights, the question of whether the bot violates the DMCA is still open. That has not stopped the judge from awarding $6 million in damages in the case.

It's unknown how much money MDY Industries has made from its product MMOGlider, which allows users to automate the boring parts of World of WarCraft and essentially grind forever with no user involvement, but the $25 program had sold around 100,000 copies as of last year. In other words, the product was big business. Unfortunately, it also violated the game's terms of service.



Ehtyar.
« Last Edit: October 10, 2008, 06:53 PM by Ehtyar »

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #1 on: October 03, 2008, 08:47 PM »
very nice! thank you again Ehtyar :) :)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #2 on: October 03, 2008, 09:57 PM »
I love the new format, big thumbs up  :up:

zridling

  • Friend of the Site
  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 3,299
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #3 on: October 03, 2008, 10:57 PM »
Yea, this is like a newsletter in between newsletters. Cool.
___________________________
7. Time To Look For A Skype Alternative (Thanks 40hz)
check out the FSF's  http://www.fsf.org/c...paigns/priority.html

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,778
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #4 on: October 03, 2008, 11:03 PM »
Thanks Ehtyar for the Tech News Roundup. But why do they have to affect me this time? :-(

5. Nasty web bug descends on world's most popular sites
I use ING Direct. :-(

7. Time To Look For A Skype Alternative (Thanks 40hz)
Don't tell me that! I just paid for a year subscription to Skype! :-((

But I'm not sure I understand it. I don't think I use TOM-Skype. Is that a China-only product?

11. Plant Tweak Could Let Toxic Soil Feed Millions
Awesome. Lets use that soil to grow the crops used in Ethanol until it's proven safe for human consumption. :) In the meantime, let's get back to using our known good land to feed people instead of vehicles.
« Last Edit: October 03, 2008, 11:05 PM by Deozaan »

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #5 on: October 04, 2008, 07:59 AM »
The scary thing about no 7 is not the actual monitoring itself (because it only affects the Chinese), but the fact that e-bay entered into this agreement voluntarily. Makes you wonder what they're doing with your Skype conversations.

Ehtyar.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #6 on: October 04, 2008, 01:14 PM »
The scary thing about no 7 is not the actual monitoring itself (because it only affects the Chinese), but the fact that e-bay entered into this agreement voluntarily. Makes you wonder what they're doing with your Skype conversations.

Ehtyar.

"Where financial interest lies, find too the place where Justice dies."

BTW:

If Tech News is really going to be a regular weekly, would it make more sense to give it it's own child board? Call it something like The Pub

OldRatPub.jpg

(Sorry, I always wanted to open a Pub with that name. Very piratical sounding! ;D)

(It should also probably read "hot off the Web" - but whadda ya want for 5 minutes in NETPaint?)



- or even just "This Week in the Tech News" to appease the search engines?

That would leave the Living Room for the stuff that really doesn't fit anywhere else.



« Last Edit: October 04, 2008, 02:24 PM by 40hz »

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #7 on: October 04, 2008, 03:16 PM »
The scary thing about no 7 is not the actual monitoring itself (because it only affects the Chinese), but the fact that e-bay entered into this agreement voluntarily. Makes you wonder what they're doing with your Skype conversations.

Ehtyar.

"Where financial interest lies, find too the place where Justice dies."
Very nice quote, I'll save that one.
If Tech News is really going to be a regular weekly, would it make more sense to give it it's own child board?
Mouse man and I discussed our possibilities after zridling suggested the same last week. We've decided against it for the time being, at least until there's a few more releases under my hat.

Ehtyar.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #8 on: October 04, 2008, 04:39 PM »
hahahhaha 40hz that's a great sign for Ehtyar -- i think he should use it  :up:

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #9 on: October 04, 2008, 04:51 PM »
Hmm, perhaps we can replace the screen shot of the first article with the sign? I was having a lot of difficulty choosing the "most important" article anyway.

Ehtyar.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #10 on: October 04, 2008, 05:07 PM »
i think thats a good idea going forward.

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #11 on: October 04, 2008, 05:27 PM »
Excellent :) Mouse man, I'm afraid my threads are microspeak free zones :P

Ehtyar.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #12 on: October 04, 2008, 07:20 PM »
The scary thing about no 7 is not the actual monitoring itself (because it only affects the Chinese), but the fact that e-bay entered into this agreement voluntarily. Makes you wonder what they're doing with your Skype conversations.

Given eBay's recent "F*** YOU!"1 attitude here to their customers, (you know - the people who pay them), why should you be surprised at all ?

Thankfully, this deranged attempt to grab even more money was put down, however the advertising on eBay is still unfairly skewed towards PayPal for payment.

1 - Disclaimer: If the *** offends, then please replace them with the ROT13 encoded letters: H, P & X.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #13 on: October 06, 2008, 10:15 AM »
hahahhaha 40hz that's a great sign for Ehtyar -- i think he should use it  :up:

He's welcome to use it if he likes. But I think this might be a little bit better for what you're doing:

TechNewzWeekly.gif


This is another 5-minute creation. If you want to use it, I should clean it up a bit, since the line spacing and text kerning leave a lot to be desired.

Here's an idea: why not ask the DC crowd to join in and come up with some sort of logo or banner? I'm sure there are a lot of "artsy types" here that could do it better than me. Maybe even put it up for a user vote if you think it would be fun... (Just a thought ;))

(BTW: That's Captain Nemo getting a sextant reading; from an illustration in the original 20,000 Leagues Under the Sea in case anybody's interested. :))
« Last Edit: October 06, 2008, 02:53 PM by 40hz »

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #14 on: October 07, 2008, 06:05 AM »
I've tried to avoid putting my name to the news, but this is just too cool to pass up. This one will be the cap for my next news 40hz, some cody currency coming your way. Thanks  :Thmbsup:

Ehtyar.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #15 on: October 07, 2008, 11:00 AM »
OK I fixed the type. Here's your GIF:

TNWeekly01.gif

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #16 on: October 07, 2008, 11:01 AM »
And here's a few more  if you want to try some alternatives...

TNWeekly02-1.gif

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,964
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #17 on: October 07, 2008, 01:44 PM »
like the first version (of the three) the best :up:
Tom

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,914
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #18 on: October 07, 2008, 02:28 PM »
the aspect ratio of last one is not ideal.. better that it be wider rather than taller.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #19 on: October 07, 2008, 03:35 PM »
the aspect ratio of last one is not ideal.. better that it be wider rather than taller.

Couldn't agree more. It would probably work better as a bookmarker. ;)

like the first version (of the three) the best :up:

Me too.  ;D


f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #20 on: October 07, 2008, 06:14 PM »
Again, nice work - I already get a whole bunch of these news from various RSS feeds, but occasionally I miss a few. Besides, your posts can serve as a historical resource in the future :)

A small request: when an item has to do with an exploit, it would be nice if the particular exploit could be mentioned in your summary. For instance, the summary for #1 is veeeery vague and sensationalist-sounding, would've been nice if it included "defeats syncookie protection" (that way I would know, rather than guess, it was a new items I had already read :)).
- carpe noctem

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #21 on: October 07, 2008, 07:07 PM »
A small request: when an item has to do with an exploit, it would be nice if the particular exploit could be mentioned in your summary. For instance, the summary for #1 is veeeery vague and sensationalist-sounding, would've been nice if it included "defeats syncookie protection" (that way I would know, rather than guess, it was a new items I had already read :)).
Thanks f0dder, good advice as usual.
And here's a few more  if you want to try some alternatives...
 (see attachment in previous post)
Thanks again 40hz :Thmbsup: I'm not sure if it's doable, but if they can each be made with the same ratio, I would rotate them week by week, but the sextant one is my favorite :)

Ehtyar.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #22 on: October 08, 2008, 09:30 AM »
Actually, I think you'd be better off just using one. Builds "brand recognition" and makes your post easier to identify.

And yeah, I much prefer the sextant thing too. Seems to be closer to what your post is all about. :)

(Of course the Minions of Cthullu are going to be disappointed that the octopus didn't make it. Maybe someday when the stars are right... ;D)

my_little_cthulhu_victims.jpg
« Last Edit: October 08, 2008, 09:35 AM by 40hz »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #23 on: October 08, 2008, 10:07 AM »
Aaaaaaaaaaaw, that's got to be the cutest depiction of Cthulhu I've ever seen :-*
- carpe noctem

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
Re: Tech News Weekly: 41
« Reply #24 on: October 08, 2008, 10:37 AM »
Aaaaaaaaaaaw, that's got to be the cutest depiction of Cthulhu I've ever seen :-*

Ain't he the cutest little elder horror you've ever seen? I'm gonna buy him a snuggly little pet Shoggoth for his 1E6th birthday.

BTW: you can get one here. http://paizo.com/sto...ures/myLittleCthulhu
At $29.95 it's a little expensive IMHO.  :)