Tech News Weekly: Edition 48

[Ehtyar]

The Weekly Tech News

Hi all. My apologies for getting a little carried away last week folks, this week should be more of a 'summary' as these things are intended to be. Perhaps if people have an opinion on what the minimum and maximum number of articles included should be they could let me know in a reply. I'm afraid I haven't gotten around to getting code out to Mouse Man for the 'Expand All' button. If I get it done before next week's news and we can actually implement it I'll add it here. As usual, you can find last week's news here.

1. Facebook Wins Record $873m Fine Against Smut Spammer

Spoiler

http://www.theregister.co.uk/2008/11/25/facebook_spam_lawsuit/
Facebook have won a lawsuit worth $837 million against a Canadian accused of hacking into users' accounts and spamming from them.

Facebook has won a $873m judgment against a Canadian sued for spamming users of the social networking site with "sexually explicit" messages after hacking into the profiles of its members.

Adam Guerbuez, of Montreal, who runs Atlantis Blue Capital and Ballervision.com, was ordered to pay exemplary damages by US District Judge Jeremy Fogel last Friday. Guerbuez did not contest the case, which also resulted in an injunction against him that effectively prevents him from accessing Facebook for any reason ever again.

2. Security Breach Gives PayPal Phish the Personal Touch

Spoiler

http://www.theregister.co.uk/2008/11/24/pamela_security_breach/
A breach of user information held by Pamela Systems has given rise to a personalized phishing scam against users of the Pamela Skype addon.

Skype users who use a piece of software dubbed Pamela to manage their online phone accounts should be on the lookout for customized phishing attacks following revelations that one or more user databases containing names and email addresses have been breached.

The attack, which took place last week, has already led to one phishing campaign that calls recipients by their real names and then tries to trick them into turning over personal information. That added personal touch could throw some users off guard because most phishing emails address their marks by generic terms such as "Dear PayPal User."

3. Unofficial Fix Issued for Vista Networking Flaw

Spoiler

http://www.securityfocus.com/archive/1/498471
For the more technically inclined: http://www.securityfocus.com/archive/1/498471
Calls to a user mode API in Vista Ultimate and Enterprise can lead to kernel mode memory corruption, potentially causing a blue screen or remote code execution in kernel mode. Microsoft has not issued at time of writing, though the researchers that made the discovery have released a modified version of the vulnerable library that fixes the issue.

A system-crashing bug with potential malware implications has been uncovered in Vista. But a fix for the vulnerability, which revolves around flaws in the operating system's network stack, may have to wait until the next service pack.

The TCP/IP stack buffer overflow was discovered by security researchers at Austrian firewall firm Phion in October. Details of the flaw, which also creates a potential mechanism to inject hostile code into vulnerable systems, were disclosed in a posting to BugTraq on Friday.

4. More MS08-067 Exploits

Spoiler

http://blogs.technet.com/mmpc/archive/2008/11/25/more-ms08-067-exploits.aspx
In followup to: https://www.donationcoder.com/forum/index.php?topic=15476.0#post_Microsoft_Issue_OutOfBand_Security_Patch
For the more technically inclined: http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99&tabid=2
An exploit for MS08-067 is running rampant over the internet according to Microsoft itself.

As expected, we are seeing another wave of attacks exploiting the vulnerability detailed in security bulletin MS08-067.

Early last week we blogged about MS08-067 exploits. At that time, the number of exploits in the wild was still low and they were mostly targeted attacks. However, during the weekend we started receiving customer reports for new malware that exploits this vulnerability. During the last two days that malware gained momentum and as a result we see an increased support call volume. The SHA1 hash of the malware is 0x5815B13044FC9248BF7C2DBA771F0E6496D9E536 and we detect it as Worm:Win32/Conficker.A.

5. Judge Says BU Can't Turn Over Infringers' IPs in P2P Case

Spoiler

http://arstechnica.com/news.ars/post/20081126-judge-says-bu-cant-turn-over-infringers-ips-in-p2p-case.html
A sane judge on on a copyright infringement case? Who knew...

The music industry's requests for more personal information regarding the identity of several accused file-sharers have been shot down by a federal judge. Judge Nancy Gertner quashed a subpoena this week in the infamous London-Sire v. Does 1-4 case, saying that the IP addresses of three anonymous Boston University students could not be handed over because the university had "adequately demonstrated that it is not able to identify the alleged infringers with a reasonable degree of technical certainty."

The legal system has been chipping away at the London-Sire case all year, starting this spring when Judge Gertner said that making files available on a P2P network does not equal copyright infringement. At that time, she also noted that IP addresses can't always be traced to a particular individual and that, if Boston University were compelled to turn over a list of possible infringers, it could give a green light to RIAA fishing expeditions.

6. Key Molecule for Life Found in Habitable Region of the Galaxy

Spoiler

http://blog.wired.com/wiredscience/2008/11/sugar-molecule.html
An important molecule linked to the origin of life has been discovered in a region of The Milky Way.

A sugar molecule linked to the origin of life was discovered in a potentially habitable region of our galaxy.

The molecule, called glycolaldehyde, was spotted in a large star-forming area of space around 26,000 light-years from Earth in the less-chaotic outer regions of the Milky Way. This suggests the sugar could be common across the universe, which is good news for extraterrestrial-life seekers.

7. Lenovo Kills Notebooks With a Text Message

Spoiler

http://www.tgdaily.com/html_tmp/content-view-40351-108.html
Lenovo's next generation of Thinkpad notebooks will permit its owner to disable the 3G-enabled unit via text message. I wonder how long until this gets cracked...

As notebook theft is becoming an increasingly important topic in the IT world, we are now seeing innovative solution to protect users and corporations from data theft almost on a weekly basis. One of the most interesting and potentially most effective solutions was announced by Lenovo this morning.

A new feature that is expected to become available in Q1 2009 for select Thinkpad laptops will allow notebook owners to disable a notebook with a text message that is sent to a 3G-enabled system via a cellular network. The lockdown will happen immediately if a notebook is turned on or, when it is turned off, the next time the system signs on to a cellular network. To reactivate the disabled PC, a user needs to enter a pre-set passcode created during notebook startup.

8. Another Layer of Security for PayPal Accounts

Spoiler

http://www.net-security.org/secworld.php?id=6768
Paypal users now have access to another layer of security with the option of receiving a security code as a text message prior to logging in.

PayPal announced a new way for members to add even more security to their PayPal accounts using their mobile phones. Customers can now choose to receive a unique six-digit security code via text message to their mobile phones prior to logging in to their accounts.

The PayPal SMS Security Key adds another layer of protection to PayPal accounts and uses the same security infrastructure as the PayPal Security Key, which generates a unique security code approximately every 30 seconds on a small electronic token. Members receive this code to their phones or tokens, and use the codes along with their usernames and passwords to sign in to their accounts.

9. New Machines Scan IDs at Border Crossings

Spoiler

http://www.usatoday.com/tech/news/computersecurity/2008-11-23-passport-chips_N.htm?csp=34
Machines are in use at several US border crossing stations that permit border security agents to read information stored in RFID-enabled government documentation.

Agents along the Canada and Mexico borders are using a controversial new machine that can "read" the personal information contained in some government-issued ID cards — such as passports and driver's licenses — as travelers approach a checkpoint.

The Homeland Security Department says the new practice will tighten security and speed the flow of traffic. Privacy advocates say the technology could make Americans less secure because terrorists or other criminals may be able to steal the personal information off the ID cards remotely.

Ehtyar.

[ewemoa]

Thanks again for this week's issue

Number 6: Cool!  (On a somewhat related note.  There's a pretty interesting-sounding lecture series (expensive) from the Teaching Company named "Origins of Life" -- I haven't seen this series, but I've watched a different series (Joy Of Science) by the same lecturer and thought that was pretty good.)

[nosh]

#1 - Damn, that's a lot of smut!
#7 - Imminent lulz

[Deozaan]

#4: What is MS08-067?

#5: Wow, what is this? A judge who knows a thing or two about technology?

#6: Great until the bad guys can fake the messages to kill computers.

#7: Awesome! I want to have to pay 5 cents for text messages every time I want to log in to PayPal!

Thanks Ehtyar!

[Ehtyar]

#4: What is MS08-067?

-Deozaan (November 29, 2008, 10:07 PM)

I post links to previous stories for a reason Deo , but if all else fails, try this

#6: Great until the bad guys can fake the messages to kill computers.

-Deozaan (November 29, 2008, 10:07 PM)

Haha, that I didn't think of 

#7: Awesome! I want to have to pay 5 cents for text messages every time I want to log in to PayPal!

-Deozaan (November 29, 2008, 10:07 PM)

Well they can't seem to organise proper security on their commission..

Ehtyar.

[tomos]

#6: Great until the bad guys can fake the messages to kill computers.

-Deozaan (November 29, 2008, 10:07 PM)

Haha, that I didn't think of 

-Ehtyar (November 29, 2008, 10:38 PM)

first thing I thought too - are we especially paranoid Deo or just realistic ...

thanks as ever Ethyar, nice new avatar too!

[Ehtyar]

#6: Great until the bad guys can fake the messages to kill computers.

-Deozaan (November 29, 2008, 10:07 PM)

Haha, that I didn't think of 

-Ehtyar (November 29, 2008, 10:38 PM)

first thing I thought too - are we especially paranoid Deo or just realistic ...

thanks as ever Ethyar, nice new avatar too!

-tomos (November 30, 2008, 04:05 AM)

Oh no, I hope this isn't grounds to kick me out of the tin-foil-hat brigade Please, at least I mentioned the possibility of it being hacked, have mercy 

Thanks for the compliment tomos, I think I might start a thread about favorite fractals or something, because these are REALLY worth seeing.

Ehtyar.

[city_zen]

Great issue, Ehtyar 

On a lighter note:

but if all else fails, try this

-Ehtyar (November 29, 2008, 10:38 PM)

I didn't know that site existed

[Ehtyar]

On a lighter note:

but if all else fails, try this

-Ehtyar (November 29, 2008, 10:38 PM)

I didn't know that site existed

-city_zen (November 30, 2008, 09:33 PM)

Got it from a co-worker last week, been dying to use it

Ehtyar.

[mahesh2k]

Great issue ehtyar

#7 was good one

[scancode]

On a lighter note:

but if all else fails, try this

-Ehtyar (November 29, 2008, 10:38 PM)

I didn't know that site existed

-city_zen (November 30, 2008, 09:33 PM)

Got it from a co-worker last week, been dying to use it

Ehtyar.

-Ehtyar (December 01, 2008, 12:15 AM)

It's also multilanguage.
IT PWNZ!