Main Area and Open Discussion > Living Room
Tech News Weekly: Edition 45
Ehtyar:
The Weekly Tech NewsHi all.
As most of you who frequent the IRC channel will know, this week has been my first as the Junior IT Administrator at Amnesia Razorfish. The reason I mention this is that from next week onward I will no longer be able to post the news at the usual time. It will likely be posted a day or two later than usual (though no less regularly). Hopefully I be able to determine a set time within the next fortnight.
Also, thanks to Mouse Man and Darwin for their kind words about the weekly tech news in this months newsletter.
As usual, you can find last week's news here.
1. Microsoft and Google to Offer OpenID
Spoilerhttp://dev.live.com/blogs/devlive/archive/2008/10/27/421.aspx
http://google-code-updates.blogspot.com/2008/10/google-moves-towards-single-sign-on.html
Google and Microsoft plan to offer OpenID services from their current sign-on mechanisms.
Currently users are required to create individual passwords for many websites they visit, but users would prefer to avoid this step so they could visits websites more easily. Similarly, many websites on the Internet have asked for a way to enable users to log into their sites without forcing them to create another password. If users could log into sites without needing another password, it would allow websites to provide a more personalized experience to their users.
--- End quote ---
2. Programming Tools for Cracking Mifare Published
Spoilerhttp://www.heise-online.co.uk/security/Programming-tools-for-cracking-Mifare-published--/news/111807
Practical tools for cracking the Mifare RFID chip have been released onto the internet.
A hacker using the pseudonym Bla has published an open source tool called Crapto1 for cracking the encryption of the Mifare Classic RFID chip, as used in the Oyster Card. Besides an implementation in C of the vulnerable Crypto1 algorithm, the archive also contains the C source code for an attack that has been described in a paper by Dutch security researchers at Radboud University.
Using the tool it is said to be possible to calculate the access code of a Mifare Classic card within around two seconds. All an attacker requires is a live recording of an encrypted radio communication between the card and a legitimate reader, as well as a little programming knowledge. The access code then allows him not only to decode the encrypted data, but also to manipulate the card's content virtually without limit and to clone it to obtain services fraudulently.
--- End quote ---
3. Adobe Acrobat 8 Critically Vulnerable
Spoilerhttp://www.net-security.org/secworld.php?id=6715
Acrobat 8 has a vulnerability allowing a maliciously crafted PDF file to gain unauthorized access to the systems it's running on and assume the rights of the user running it via javascript.
Core Security Technologies issued an advisory disclosing a vulnerability that could affect millions of individuals and businesses using Adobe’s Reader PDF file viewing software. Engineers from CoreLabs determined that Adobe Reader could be exploited to gain access to vulnerable systems via the use of a specially crafted PDF file with malicious JavaScript content. Upon making the discovery, CoreLabs immediately alerted Adobe to the vulnerability and the two companies have since coordinated efforts to ensure that a patch could be created and made available to protect users of the program.
--- End quote ---
4. AT&T Imposes Monthly Bandwidth Caps
Spoilerhttp://www.datastronghold.com/index.php/tech-news/1480-atat-imposes-monthly-bandwidth-caps
AT&T is trialing new monthly bandwidth caps in certain areas with the monthly limit based on the speed of a user's connection (read: based on the amount of money they're paying).
Bad news off the wire for AT&T broadband customers, as AT&T has announced the fact that they are now imposing bandwidth limits in certain test areas. Currently this market trial was started November 1 in Reno and users will get between 20 GB and 150 GB a month depending on their speed tier. Unlike the bandwidth limitations that were imposed by companies like Time Warner and Comcast, there were only applied to new users this bandwidth cap will be applied to all users including current ones.
It seems like the long feared bandwidth caps are going to be the norm and no longer the exception to the rule when it comes to Broadband providers and home users. My personal opinion is that bandwidth caps are not an attempt for broadband companies to provide greater service to their customers, it is an attempt for them to start charging either broadband content providers or customers for accessing broadband content. The cable companies have seen the writing on the wall and they know that the future is TV and video being sent over Internet lines to customers houses and they want a piece of the pie.
--- End quote ---
5. Virtual Heist Nets 500,000+ Bank, Credit Accounts
Spoilerhttp://voices.washingtonpost.com/securityfix/2008/10/virtual_bank_heist_nets_500000.html
http://www.theregister.co.uk/2008/10/31/sinowal_trojan_heist/
RSA's FraudAction Research Lab has uncovered a massive cache of stolen banking details accrued since 2006 via the Sinowal/Torpig/Mebroot trojan.
A single cyber crime group has stolen more than a half million bank, credit and debit card accounts over the past two-and-a-half years using one of the most advanced strains of computer spyware in existence, according to research to be published today. The discovery is among the largest stolen data caches ever recovered.
Researchers at RSA's FraudAction Research Lab unearthed the massive trove of purloined data while tracking the activities of a family of spyware known as the "Sinowal" Trojan, designed to steal data from Microsoft Windows PCs.
--- End quote ---
6. Man Gets 21 Months for Recording Movies in Theatre With Camcorder
Spoilerhttp://www.piracyisacrime.org/In-The-Courtroom/man-gets-21-years-for-recording-movies-in-theatre-with-camcorder.html
A man has been found guilty of filming up to 100 movies in movie theatres in Washington DC and sentenced to 21 months in prison. He was caught via the use of "A Covert Anti-Camcording System" installed by the MPAA.
Michael Logan, 31, of Maryland was sentenced today in federal court in the District of Columbia for filming with a camcorder in theatres, "28 Weeks Later", “Enchanted” and maybe up 100 more movies over the last few years according to the MPAA.
Prosecutors wrote that Logan's voice could be heard on a pirated version of the film "28 Weeks Later," which MPAA investigators purchased on the streets of New York on May 11 and May 15 of last year. Investigators believe that Logan recorded that film May 11 at the Regal Cinemas, prosecutors wrote.
--- End quote ---
7. Google Abandons Deal With Yahoo
Spoilerhttp://news.bbc.co.uk/2/hi/business/7711429.stm
Google has abandoned their advertising deal with Yahoo to avoid the legal rammifications.
The deal involved Google providing some of the advertising around Yahoo's search results and would have been worth $800m (£494m) a year to Yahoo.
It was originally announced in June but has faced anti-trust objections.
Yahoo said in a statement it was disappointed that Google had decided not to fight for the deal in court.
--- End quote ---
8. Yahoo Tells Microsoft: 'Buy Us'
Spoilerhttp://news.bbc.co.uk/2/hi/technology/7712298.stm
Yahoo's CEO Jerry Yang has commented that Microsoft would still benefit from acquiring the company. His comments come on the tail of Google pulling out of the ad deal with them.
The internet portal's co-founder and CEO Jerry Yang made the comment despite the fact Yahoo rejected a $33 (£21) a share offer from Microsoft back in May.
Mr Yang's suggestion also came hours after Google pulled out of an internet advertising partnership with Yahoo.
"To this day the best thing for Microsoft to do is buy Yahoo," said Mr Yang.
--- End quote ---
9. French Pirates Face Net Cut-off
Spoilerhttp://news.bbc.co.uk/2/hi/technology/7706014.stm
Anyone caught sharing pirated digital media in France will receive warnings before having their internet connection terminated under new legislation.
The French Senate voted overwhelmingly in favour of the law, which aims to tackle ongoing piracy of music, movies, and games online.
Those caught illegally sharing digital media will get warnings e-mailed and posted to them before having their net connection terminated.
--- End quote ---
10. Fire Fear Sparks Battery Recall
Spoilerhttp://news.bbc.co.uk/2/hi/business/7701348.stm
Discussion by app103: https://www.donationcoder.com/forum/index.php?topic=15546
Devices containing batteries manufactured by Sony over a period of almost a year will be recalled by the likes of HP, Toshiba and DELL due to overheating fears.
Sony said the recall came after 40 instances of overheating, including four cases where users had minor burns.
The recall affects around 74,000 HP laptops, 14,400 from Toshiba, and small numbers from Dell, Acer and Lenovo.
Sony said the affected batteries were caused by a production line problem between October 2004 and June 2005.
--- End quote ---
11. British Tax Website Shut Down After Data Breach
Spoilerhttp://www.dailymail.co.uk/news/article-1082402/Tax-website-shut-memory-stick-secret-personal-data-12million-pub-car-park.html
http://news.cnet.com/8301-1009_3-10081737-83.html
A memory stick found in a pub car park contating the tax details of 12 million people has forced the british goverment to shut down a taxation-related website.
Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details.
The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets.
An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost.
--- End quote ---
12. WPA Wi-Fi Encryption is Cracked
Spoilerhttp://www.itworld.com/security/57285/once-thought-safe-wpa-wi-fi-encryption-cracked
http://news.cnet.com/8301-10789_3-10083861-57.html
WPA has taken a huge security hit as attackers use a protocol weakness and a mathematical breakthrough to break TKIP keys in order to read and/or forge data being sent from an access point to a client machine.
Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.
The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.
--- End quote ---
13. Porn Breath Tests for PCs Heralds 'stop and Scan'
Spoilerhttp://www.theregister.co.uk/2008/11/05/smut_tests_for_pcs/
New software developed by an Australian University will allow officials to quickly identify illicit images on PCs.
Technology that claims to pick up traces of illicit images on PCs has attracted the interest of Australian cops. The software, developed in an Australian University, might eventually be used to screen PCs for pr0n during border inspections.
Compared to breath test tools used by the police in a different context, the software - developed at Perth's Edith Cowan University in association with local police from Western Australia - is undergoing beta testing.
--- End quote ---
14. Hackers Jailbreak T-Mobile's Googlephone
Spoilerhttp://www.theregister.co.uk/2008/11/05/google_android_jailbreak/
The Googlephone has already been broken by a hacker who determined you can acquire root privileges in Android by telneting to the device.
Hackers have managed to jailbreak T-Mobile's new G1 phone by exploiting a gaping loophole in Android, the open source operating system supplied by Google.
The hack, which was posted to this XDA-Developers forum, is a straight-forward process that allows Linux geeks to gain root access in about one minute. It involves using the widely available PTerminal application to telnet to the device's IP address. Presto, you now have root.
--- End quote ---
15. Fake Site Punts Trojanised WordPress
Spoilerhttp://www.theregister.co.uk/2008/11/06/trojanised_wordpress/
Wordpress hacker are at it again with a website offering an upgrade to the software which includes a Trojan. The website has spread via a vulnerability in older Wordpress versions which allows an attacker to redirect visitors to another website.
Fraudsters have set up a fake site featuring a backdoored version of the WordPress blogging application as part of a sophisticated malware-based attack.
The fake Wordpresz.org site offered up what purports to be version 2.6.4 of the open source blogging tool. In reality all but one of the files are identical to the latest pukka (2.6.3) version of WordPress.
--- End quote ---
16. National ID Cards Compulsory for U.K. Airport Staff
Spoilerhttp://news.cnet.com/8301-1009_3-10083732-83.html
Airport staff in the U.K. will be required to carry one of the new National Identity cards at two airports trialing the new system.
A pilot program of the U.K.'s national identity card plan will be compulsory at one of the two participating airports.
Workers will be required to enroll in the program at London city airport, the Home Office said Thursday. The move comes despite repeated assurances from the Home Office that U.K. citizens will not be compelled to have an ID card or enter their biometric details onto the National Identity Register.
Also on Thursday, the government said that retailers, post offices, and banks can apply to become biometrics enrollment sites for the cards.
--- End quote ---
17. Remote Buffer Overflow Bug Bites Linux Kernel
Spoilerhttp://blogs.zdnet.com/security/?p=2121
A buffer overflow vulnerability in a common Linux Kernel wireless driver could permit an attacker to remotely execute code with Kernel privileges, or cause a denial of service condition.
A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.
The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges. This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks.
--- End quote ---
18. EndNote Reverse-engineering Case Looks Headed to Courtroom
Spoilerhttp://arstechnica.com/news.ars/post/20081104-endnote-reverse-engineering-case-looks-headed-to-courtroom.html
EndNote has accused the open source Firefox extension Zotero of illegally reverse engineering their proprietary .ens file format.
As anyone who works in academia knows, writing and publishing papers involves frequently citing the existing literature. When you're working on a paper with 30 or more references, keeping track of them all can be a downright pain, which is where reference-managing software like Thomson Reuters' EndNote comes in. EndNote is the market leader in this field, but recently it has been facing competition from the open source Zotero, which is a Firefox plugin that lets you manage your bibliographic library and insert references into papers. Right now though, EndNote and Zotero are locked in a legal battle over claims by Thomson Reuters that the developers of Zotero have illegally reverse-engineered aspects of EndNote.
--- End quote ---
19. FCC White Spaces Decision Kicks Off the Next Wireless Revolution
Spoilerhttp://blog.wired.com/gadgets/2008/11/fccs-decision-t.html
The FCC will permit transmissions over unused "white space" spectrum which will allow cheaper wireless.
The Federal Communications Commission's decision to open up the 'white spaces' spectrum to unlicensed devices could usher in a new telecom revolution, say analysts.
Like WiFi, the availability of free, unregulated spectrum could create new technologies and new markets, bringing superfast wireless connectivity to the masses. Unlike WiFi, it could also put pressure on wireless carriers.
"All the PR spin and FUD (fear, uncertainty and doubt) failed in the face of physics and the ground reality of engineering," says Sascha Meinrath, research director of the wireless future program at the New America Foundation, a non-partisan public policy think-tank.
--- End quote ---
20. Firefox Hits 20% Browser Share Worldwide (yay!)
Spoilerhttp://www.webmonkey.com/blog/Firefox_Hits_20PERC_Browser_Share_Worldwide
Adoption of Mozilla's Firefox browser has hit 20% across the globe.
Mozilla is reporting that Firefox topped 20% of the worldwide market share for web browsers for the first time ever in October, 2008. Firefox broke the 20% mark twice last month, once during the week of October 5, and once again during the week of October 26. During the other two weeks, its share was around 19.8%, putting the average for the month just above below the 20% mark at 19.9%
--- End quote ---
Ehtyar.
ewemoa:
Thanks again for this week's edition! Good luck w/ the new job :)
mouser:
GREAT GREAT news this week -- best one yet.
The #18 Endnote case infuriates me.. This company, Thomson Reuters, has worked hard to create a monopoly in the academic world of bibliography stuff. They have bought out and killed off competitors, priced things out of the hands of students, and now this. Disgusting.
Darwin:
priced things out of the hands of students
-mouser (November 06, 2008, 06:22 PM)
--- End quote ---
That's an understatement... About the only ray of light WRT their pricing scheme is that many (but certainly not all) universities have deals with Thomson enabling the univ to provide very cheap or even free licences for Endnote to their students. Sadly, my university was not one of them and I bought my own licence.
Anyway, great newsletter, ehtyar :Thmbsup: Case in point: I never would have heard about the silly Endnote litigation if I hadn't clicked on the link to your roundup :o
housetier:
This just made me donate to Ehtyar :Thmbsup:
Navigation
[0] Message Index
[#] Next page
Go to full version