Tech News Weekly: Edition 51

[Ehtyar]

The Weekly Tech News

Hi all. Still no button..*sigh*. As usual, you can find last week's news here.

1. Microsoft Releases Fix for IE

Spoiler

http://www.theregister.co.uk/2008/12/17/emergency_microsoft_patch/
Microsoft have released an out-of-band patch this week for IE to close a vulnerability being exploited by up to 10,000 websites.

Microsoft has issued a rare emergency update for its Internet Explorer browser as miscreants stepped up attacks targeting a vulnerability on hundreds of thousands of webpages.

In many cases, the websites distributing the toxic payload are legitimate destinations that have been commandeered, allowing an attacker to snare victims as they surf to online banks, forums, and other trusted sites. There are at least six distinct versions of attack code circulating in the wild, according to researchers at iDefense, a security lab owned by VeriSign.

2. AT&T, T-Mobile Fined For Voice-Mail Security

Spoiler

http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=212500153
AT&T and T-Mobile have each paid tens of thousands of dollars in fines for advertising secure voice mail that wasn't actually secure.

AT&T and T-Mobile have paid fines and agreed to stop advertising that their voice-mail systems are safe from hackers.

In a permanent injunction filed in a Los Angeles court Thursday, District Attorney Steve Cooley said the wireless operators were overstating how secure their voice mails are. The settlements are the culmination of year-long investigation that was launched after multiple complaints of unauthorized voice-mail access, including some from celebrities Paris Hilton and Lindsay Lohan.

3. American Express Web Bug Exposes Card Holders

Spoiler

http://www.theregister.co.uk/2008/12/16/american_express_website_bug/
Amnericanexpress.com has been vulnerable to a cross-site-scripting explot for more than two weeks, putting card holders at risk of fraud.

A glaring vulnerability on the American Express website has unnecessarily put visitors at risk for more than two weeks and violates industry regulations governing credit card companies, a security researcher says.

Among other things, the cross-site scripting (XSS) error on americanexpress.com allows attackers to steal users' authentication cookies, which are used to validate American Express customers after they enter their login credentials. Depending on how the website is designed, miscreants could use the cookies to access customer account sections, said Russ McRee of the Holistic Security blog.

4. Net Firms Rebuff Filtering Plan

Spoiler

http://news.bbc.co.uk/2/hi/technology/7779547.stm
An interesting interview from a professional: http://www.banthisurl.com/2008/12/exclusive-white-hat-hacker-tears-apart-flaws-in-aussie-net-filtering-scheme/
Australian ISPs have finally all weighed in on the plan to filter the country's internet. Thankfully, neither Optus nor Telstra will support the plans, though as one might have expected, Optus will support a scaled back version.

Telstra, Australia's largest ISP, has said it will not join trials of the filters and others say they will only back a scaled-down system.

The government wants to filter all net traffic and block access to 10,000 sites deemed to hold illegal content.

The initial trials of the filtering technology were due to take place before Christmas.

5. Wikileaks Posts Secret Bomb-Stopper Report — Did It Go Too Far?

Spoiler

http://blog.wired.com/defense/2008/12/warlock-wikilea.html
From ArsTechnica: http://arstechnica.com/journals/law.ars/2008/12/18/et-tu-wikileaks
Wikileaks have published the specifications for a mostly-obsolete remote bomb detonation jammer. Many are questioning the validity of their claim that it should be published as a "leak".

In July, 2005, I asked a member of a Baghdad-based military bomb squad about the radio-frequency jammers his team was using to cut off signals to Iraq's remotely detonated explosives. His response:  "I can't even begin to say the first fucking thing about 'em." A few days later, one of those jammers seemed to save me and him from getting blown up. Months after that, David Axe was thrown out of Iraq by the U.S. military, for a blog post which mentioned the Warlock family of jammers.

So I was more than a little surprised, when I saw that Wikileaks had posted a classified report, outlining how the Warlock Red and Warlock Green jammers work with — and interfere with — military communications systems. The report, dated 2004, gives specific information about how the jammers function, their radiated power and which frequencies they stop. That Baghdad bomb tech would've put his fist through a wall, if he saw it out in public.

6. ICANN Plan for New TLDs Comes Under Barrage of Criticism

Spoiler

http://arstechnica.com/news.ars/post/20081216-icann-plan-for-new-tlds-comes-under-barrage-of-criticism.html
It seems most corporations are not interested in having additional TLDs added to the pool, though one has to wonder how long it will before you can no longer find an acceptable domain name for anything under the current system.

For an organization that describes itself as "a not-for-profit public-benefit corporation with participants from all over the world dedicated to keeping the Internet secure, stable and interoperable." ICANN sure seems willing to make decisions that go against the wishes of the corporations and governments it serves. Yesterday was the last day for anyone to submit comments on the organization's plan to launch 200-800 new domain name extensions next year, yet there's no sign that ICANN has actually paid meaningful attention to the vehemently negative reactions of numerous companies.

Currently, there are just a handful of generic Top Level Domains (gTLDs), including well-known extensions like .com, .net, .org, and .biz. ICANN's new plan would expand the number of potential gTLDs by several orders of magnitude, and would allow for extensions 3-63 characters long. Allowed extensions would include pretty much anything a company might want—Ars Technica, for example, could conceivably register *.ars, *.arstechnica, or *.arstech. ICANN claims that this new system would offer domain name holders vastly improved choices and allow for more diversity in domain names, particularly for non-English-speaking countries. In and of themselves, these are worthy goals, but arbitrarily redefining the meaning of gTLDs seems a poor way to achieve them, particularly when said redefinition wrecks the current system so thoroughly.

7. Facebook Profile Used to Serve Legal Docs in Australian Case

Spoiler

http://arstechnica.com/news.ars/post/20081216-facebook-profile-used-to-serve-legal-docs-in-australian-case.html
Only in Australia.

'Tis the season to be in debt, fa la la la la, la la la la. If you've missed a few payments, however, you might find yourself being hunted down by debt collectors and lawyers looking to serve you court papers. And now—at least if you live in Australia—your Facebook account is fair game. The Australian Capital Territory Supreme Court has approved the use of Facebook to serve legal documents to a couple who was otherwise inaccessible at their home or by e-mail, although the couple has since disappeared from the social networking site as well.

The unnamed Australian couple had defaulted on their home loan for AUS$100,000 (almost US$67,000), which spurred the bank to seek the services of Canberra-based law firm Meyer Vandenberg. Attorney Mark McCormack was assigned to the case and unsuccessfully attempted to contact the couple several times at their home, and then again via e-mail. With nowhere else to turn, McCormack asked the Australian court to allow him to serve the papers electronically to the couple via Facebook.

8. French Regulators Nix Orange IPhone Exclusivity

Spoiler

http://arstechnica.com/journals/apple.ars/2008/12/17/french-regulators-nix-orange-iphone-exclusivity
Finally, a country with some balls (I know, I know, but seriously...).

In many countries, Apple has an exclusive deal with one particular carrier to sell and provide service for the iPhone 3G. However, the Conseil de la concurrence ruled today that any French mobile operator should be allowed to carry the iPhone.

The Conseil de la concurrence, or Competition Council, is France's competition regulator. Its decision comes after a complaint filed by Bouygues Télécom, the number three mobile operator in France. The council has complained of the lack of competition in the mobile communications market before, and says that Apple and Orange's deal further stifles competition.

9. Student Sentenced to 15 Years for YouTube Terror Video

Spoiler

http://blog.wired.com/27bstroke6/2008/12/student-sentenc.html
A 27 year old student has been sentenced to 15 year imprisonment in the United States for posting a video to YouTube detailing how to convert a radio remote control unit into a remote bomb detonator.

An Egyptian engineering student was sentenced in the United States on Thursday to 15 years imprisonment after pleading guilty to uploading a 12-minute video to YouTube that demonstrated how to convert a remote-control toy car into a bomb detonator.

In June, Ahmed Abdellatif Sherif Mohamed, 27, pleaded guilty in a Florida federal court to one count of providing material support to terrorists. He was a student at the University of South Florida. South Carolina authorities said they found various bomb-making materials in the vehicle he was driving when he was pulled over last year.

10. ;-) Trademark Claim Makes Us Go :-o and Then >:-[

Spoiler

http://arstechnica.com/news.ars/post/20081214--trademark-claim-make-us-all--o-and-then.html
A Russian "entrepreneur" has trademarked the winking smilie [;-)].

There are certain things on the Internet that the general public uses with great abandon: acronyms (lol!), txt speak, and emoticons. If you run a business in Russia and you make use of the winky smiley face, however, then you may soon find yourself being asked to pay royalties to Oleg Teterin, an entrepreneur who claims he owns the trademark to the popular emoticon in Russia.

Teterin said in an interview with Russian TV channel NTV this week that Russia's patent agency had granted him the trademark to ;-), and that he wouldn't hesitate to go after companies who have exploited the emoticon without paying up. He noted, according to the BBC, that a license would cost "tens of thousands of dollars," and would be renewed on a yearly basis.

11. Studios (temporarily?) Gain Upper Hand in Blu-ray DRM Battle

Spoiler

http://arstechnica.com/news.ars/post/20081215-studios-temporarily-gain-upper-hand-in-blu-ray-drm-battle.html
It appears the upgradable nature of the BD+ protection algorithm used on blu-ray disks has finally won the major recording studios some time.

Movie studios and software companies fought to maintain (and crack) the efficacy of Blu-ray's BD+ DRM scheme throughout all of 2008, but the content industry has won a round of its own as the year draws to a close. Thanks to an update in late November, there's a growing list of movies Slysoft's AnyDVD HD product can't yet handle; the software company believes it could take three months or more to recrack the algorithm.

The back-and-forth cracking war officially began last March when Slysoft announced that it had cracked the BD+ algorithm and would include Blu-ray backup support in AnyDVD HD 6.4.0.0. At the time, Slysoft poked fun at the notion that BD+ would remain unbroken for any length of time, and noted that it had been just eight months since Richard Doherty of the Envisioneering Group had predicted BD+ would remain unbreached for the next decade. The company's hubris may have been premature, as BD+ is putting up something of a fight.

12. Data Mining Still Going Strong Under New Yahoo Privacy Policy

Spoiler

http://blog.wired.com/27bstroke6/2008/12/data-mining-una.html
While Yahoo have announced it will keep individual user information for only 3 months, it doesn't appear to have hampered their data mining efforts.

On Wednesday, Yahoo was hailed as a privacy leader among the major search engines: It said it would retain individual user data for only three months, down from 13 months. Google keeps individualized search data of its users for nine months and Microsoft for 18 months.

Privacy groups point out that the change is a good thing if Yahoo lives up to its word. Perhaps only three months' worth of one's search queries and web clicks could be exposed under a data breach, or handed over to the authorities with a warrant.

But Yahoo isn't giving up anything under the plan: Individual internet web surfers' browsing habits will continue to be analyzed under a microscope in order to target web users with ads for products they are likely to purchase.

14. Vote for the Sexiest Geeks of 2008

Spoiler

http://blog.wired.com/underwire/2008/12/every-geeks-a-l.html
Wired have started a poll for the sexiest geek of 2008. Somehow, it seems the ladies have much less of a choice this year, with the list primarily consisting of women.

Every geek's a little bit sexy, somehow. Maybe it's the glasses, the hot talk about black holes or the Asperger's-like obsession with sci-fi, science or gadgets.

But which nerds really moved the sexy needle in 2008?

Welcome to the fourth annual Wired.com Sexiest Geeks contest. Each year we seed the list with some of the smartest, sexiest and most "wired" men and women on the scene, then throw open the competition to our readers.

15. Trek Creator's Widow Dies Aged 76

Spoiler

http://news.bbc.co.uk/2/hi/entertainment/7791210.stm
Discussion thread here: https://www.donationcoder.com/forum/index.php?topic=16248
Majel Barrett-Roddenberry has died of leukemia at her home in Los Angeles. May she rest in peace.

Actress Majel Barrett Roddenberry, the widow of Star Trek creator Gene Roddenberry, has died aged 76.

She died of leukaemia on Thursday at her home in Los Angeles, her family said in a statement.

The actress, who featured in nearly every Star Trek TV show and film, nurtured the legacy of the sci-fi series after her husband died in 1991.

Ehtyar.

[ewemoa]

Thanks again for your efforts

Re: 12: happy that they reduced the period they keep records ... but I don't use them very often.

Re: 15: sorry to hear this ... peace.

[f0dder]

#6: I hope there won't be any more TLDs being introduced, I think it's a bad idea, and in reality nothing more than a money-making scheme; if you're a big international company, there's already a lot of TLDs you have to consider registering, in order to avoid squatters.

#10: fscktards. How can a trademark like that be granted? Prior art, anyone?

#11: they can't win. As long as the content is playable and doesn't require a super-sekrit hardware device, it will be broken. And even if it required such a device, chances are it would be broken anyway. The media fscktards should learn that DRM only hurts legitimate users and costs them silly-money to implement.

[zridling]

14. Vote for the Sexiest Geeks of 2008
obama's a geek simply because he uses a blackberry? Wow. I'm amazed at how 'obama' is a brand, not a human being. Tell Steve Jobs he's just been punked by a blackberry user. Just my opinion.

The babes, however, were incredibly hot, even though they used the flimsiest criteria for being a geek. Using a handheld device doth not make a geek.

[Ehtyar]

#6: I hope there won't be any more TLDs being introduced, I think it's a bad idea, and in reality nothing more than a money-making scheme; if you're a big international company, there's already a lot of TLDs you have to consider registering, in order to avoid squatters.

-f0dder (December 22, 2008, 05:19 AM)

I do agree f0d man, but I have to wonder how long it will be before you can't register a sensible name on a decent TLD (for the very reason you mentioned).

#11: they can't win. As long as the content is playable and doesn't require a super-sekrit hardware device, it will be broken. And even if it required such a device, chances are it would be broken anyway. The media fscktards should learn that DRM only hurts legitimate users and costs them silly-money to implement.

-f0dder (December 22, 2008, 05:19 AM)

I really can't imagine anyone sensible calling that a "victory". In 3 months they'll be right back to square 1, with plenty more discs in the carpper.

14. Vote for the Sexiest Geeks of 2008
obama's a geek simply because he uses a blackberry? Wow. I'm amazed at how 'obama' is a brand, not a human being. Tell Steve Jobs he's just been punked by a blackberry user. Just my opinion.

-zridling (December 22, 2008, 06:55 AM)

ROFL. I can't imagine any way that might've been said better

Ehtyar.