Tech News Weekly: Edition 52

[Ehtyar]

The Weekly Tech News

Hi all. Well guys, it's the end of another year. I hope you all had a wonderful Christmas (Giftmas for those in the know ) and will have a most enjoyable new year As usual, you can find last week's news here.

1. CastleCops, No More

Spoiler

http://www.castlecops.com/
Popular online threat fighting website CastleCops is no more. Recently their website began displaying a message on their homepage explaining to users that the site would no longer be available. There are (entirely unsubstantiated as yet) rumors that the sites owner, Paul Laudanski, has closed the site due to pressure from his employer of 7 months, Microsoft, though most suspect it is due to the costs of running a site that was constantly under cyber attack.

You have arrived at the CastleCops website, which is currently offline. It has been our pleasure to investigate online crime and volunteer with our virtual family to assist with your computer needs and make the Internet a safer place. Unfortunately, all things come to an end. Keep up the good fight folks, for the spirit of this community lies within each of us. We are empowered to improve the safety and security of the Internet in our own way. Let us feel blessed for the impact we made and the relationships created.

With respect to the server marathon, by March 17 2009 CastleCops will refund contributions made through PayPal that were specifically designated for servers. Unfortunately, server donations made via check cannot be returned because we do not have the addresses for the donating entity. Unless instructed otherwise, CastleCops will re-allocate these funds as a donation to the Internet Systems Consortium (ISC.org). This organization sponsored our hosting environment for approximately the past 2 years. Please contact us [cc at laudanski dot com] before March 17, 2009, if you would like a return of your server marathon donation. Otherwise, we would like to thank the ISC for their unfettered support.

2. Subway Fare Hackers to Partner With Transit Agency

Spoiler

http://www.wjla.com/news/stories/1208/579813.html
Another link: http://news.cnet.com/8301-1009_3-10128632-83.html
The Massachusetts Bay Transportation Authority has backflipped, and asked the MIT Subway Hackers to work with them to secure their ticketing system from potential fraudsters.

A trio of Massachusetts Institute of Technology students who found a way to hack into the Boston subway system's payment cards have agreed to partner with transit officials there to make the system more secure. The Electronic Frontier Foundation announced the agreement Monday, two months after the Massachusetts Bay Transportation Authority dropped a lawsuit against the students, who were represented for free by the EFF, a civil-liberties group that frequently takes up cases involving security researchers and computer hackers.

The transit agency had sued to stop the students from presenting findings at a computer-security conference.

The students - Zack Anderson, R.J. Ryan and Alessandro Chiesa - have argued all along they were trying to help the MBTA by giving it advance notice of their planned talk last summer and keeping specific details of their hack secret.

3. MS (finally) Confirms Unpatched SQL Server Flaw

Spoiler

http://www.theregister.co.uk/2008/12/23/sql_server_0day_latest/
Microsoft have fessed up that a recently exposed remote code execution in various versions of their SQL Server software is a real threat.

Microsoft came clean and admitted its SQL Server database software is vulnerable to code injection attacks. It's not a new flaw but the same bug in the database software that emerged around the time of Microsoft's monthly Patch Tuesday update earlier this month.

In an advisory, Redmond's security gnomes confirmed that code has been produced that exploits a security bug affecting Microsoft SQL Server 2000, Microsoft SQL Server 2005 and Windows Internal Database, in certain configurations.

4. URL Redirects Open Scareware Loophole at Major Sites

Spoiler

http://arstechnica.com/news.ars/post/20081224-url-redirects-open-scareware-loophole.html
A hacker has found that using redirect pages as a jumping point for malware distribution is a worthwhile endeavor.

URL redirect notifications are often meant to serve as security measures, but at least one malware blackhat is exploiting these services and redirecting site visitors from the website they think they are about to visit to a spyware-infested haven. That's bad enough on its own, but the as-yet-unknown assailant has also used search engine optimizations to push the polluted redirectors higher in Google's search rankings.

Part of the problem—a significant part—is that many companies/websites use open redirects that will cheerfully redirect incoming traffic to whatever URL they're asked to send it to, even if that traffic didn't originate within the host site. When MySpace or Microsoft inform you that you're about to be redirected off their site, they don't perform any sort of check to see if that's a good place for you to be going.

5. Firefox Halting 2.x Security Patching/Support

Spoiler

http://tech.blorge.com/Structure:%20/2008/12/17/mozillas-security-warning-upgrade-to-firefox-3-today/
Firefox 2 is dead as of now. It is highly recommended anyone still using v2 upgrade to v3 now.

Mozilla has told Firefox users that it will no longer be updating version 2 of the browser and they should upgrade to version 3 right away. The warning came alongside a security update patching ten problems, four of them critical.

The critical problems involve cross-site scripting. That’s a serious concern as it allows the unauthorized transfer of data that a user sends to one site (such as a legitimate online bank) to another site (such as one used by hackers to harvest information).

6. No More Lawsuits: ISPs to Work With RIAA, Cut Off P2P Users

Spoiler

http://arstechnica.com/news.ars/post/20081219-no-more-lawsuits-isps-to-work-with-riaa-cut-off-p2p-users.html
The RIAA will no longer be pursuing indivuals it believes to have engaged in piracy after signing voluntary agreements with many ISPs aimed at cutting off repeat offenders.

In a stunning turn of events, the US music industry has ceased its long-time litigation strategy of suing individual P2P file-swappers. Instead, with New York Attorney General Andrew Cuomo acting as a broker, the RIAA has signed voluntary "graduated response" agreements with major Internet service providers. Those currently on the receiving end of an RIAA lawsuit, though, will have to see it through to the (very) bitter end.

7. IPodhash Project Moves to Wikileaks Following DMCA Notice

Spoiler

http://arstechnica.com/journals/apple.ars/2008/12/22/ipodhash-project-moves-to-wikileaks-following-dmca-notice
The code made available by the iPodHash project has been moved to WikiLeaks in response to Apple's DMCA takedown notice.

When you think of Wikileaks, things like government secrets and Sarah Palin's private e-mail come to mind. However, there's a decent amount of technology-related information on the site as well. The fact that it's nearly impossible to get content removed from Wikileaks could lead to its use as a haven for controversial technology projects, too. It turns out that the code related to the iPodhash project was posted to Wikileaks shortly after the project's BluWiki page was taken down in response to a legal notice from Apple's lawyers.

The project received a DMCA anticircumvention notice in the middle of November, and operator of BluWiki removed the content that Apple didn't like until the legal notice could be scrutinized. Since then, the Electronic Frontier Foundation has agreed to represent iPodhash, and the project's owner has come forward with a few comments, but the original project information is still unavailable, as the various legal machinations continue. Just a few days after the takedown notice was received, however, the code generated by iPodhash thus far was posted to Wikileaks, once again making the information publicly available.

8. Australian 'Net Filters - What's Being Blocked?? and Chinese Espionage

Spoiler

http://arstechnica.com/news.ars/post/20081222-australian-net-filter-testing-set-will-include-p2p.html
Another link: http://www.theregister.co.uk/2008/12/18/huawei_optus_ties_nbn_security_concerns/
The Australian government are insisting on rolling out tests of their widely criticized internet "filtering" system, and are defending it to the last in public communication medium. Australian citizens will not be able to view the content of the filter list, and it seems there is some concern regarding relations between a bidder for the contract and a Chinese technology firm.

Australia's Minister of Broadband, Communications, and the Digital Economy (BCDE), Stephen Conroy, appears to have recognized that his country's plan to install mandatory content filters at the ISP level is causing a public backlash. Conroy has set up several FAQs that describe the program in detail, and has even started defending the program on the departmental blog. But neither the backlash nor an apparent lack of preparation will stop him from putting the system in operation, as live tests on Internet traffic are set to begin any day now—even though the ISPs that want to participate aren't sure what's happening.

First, the practicalities. Initial lab tests of web filtering equipment suggested that the current generation of hardware had appreciable rates of false positives (filtering legal content) and false negatives (allowing illegal content through), and several models caused severe degradation of the network's performance. This isn't much of a surprise; as we described in detail, filtering content is a difficult challenge. The Australian government's own FAQ also recognizes that anyone with sufficient technical expertise can also evade the filters.

9. Windows XP Allowed to Live Again

Spoiler

http://news.bbc.co.uk/2/hi/technology/7795302.stm
Microsoft have yet-again extended the sell life of Windows XP, this time to May 2009.

The cut off date for PC makers to obtain licenses for the software was 31 January 2009.

But now Microsoft has put in place a scheme that will allow the hardware firms to get hold of XP licences until 30 May 2009.

Previously Microsoft extended XP's life until 2010 - provided it was installed on netbooks and low-cost laptops.

10. EU's New Online Library Reopens

Spoiler

http://news.bbc.co.uk/2/hi/entertainment/arts_and_culture/7798789.stm
The EU's online library, Europeana, is back online after having its server capacity quadrupled since it crashed last month just hours after opening due to high demand.

The European Union's huge digital library Europeana, which crashed last month just hours after its launch, is back online.

The website's server capacity has been quadrupled to cope with demand, European Commission spokesman Martin Selmayr told reporters.

But the homepage - at www.europeana.eu - warns that "the user experience may not be optimal in this test phase".

The site gives multilingual access to cultural collections across the EU.

Being that this will be last Tech News Weekly for 2008, I just had to throw in a few best-of lists for the year, enjoy
11. Top 10 New Organisms of 2008

Spoiler

http://www.wired.com/science/planetearth/multimedia/2008/12/YE8_organisms
A interesting look at some newly discovered organisms this year.

The world's smallest snake, a prehistoric ant and microbes that may be 120,000 years old: These are just a few of the species revealed to the world in the last 12 months.

With animals going extinct at rates unseen since the dinosaurs disappeared, it's nice to be reminded that some species haven't even been discovered.

As Smithsonian Institute ornithologist Brian Schmidt said after finding the olive-backed forest robin: "It is definitely a reminder that the world still holds surprises for us."

12. 2008 Foot-in-Mouth Awards

Spoiler

http://blog.wired.com/business/2008/12/2008-foot-in-mo.html
Have a good laugh at the expense of those who gaffed on technical subject matter this year.

In 2008, scientists turned on the Large Hadron Collider without ending the world as some had feared, but they did not come up with a cure for foot-in-mouth disease.

In fact, the disease led quite a healthy existence this year, thanks in part to the never-ending presidential campaign.

But Yahoo CEO Jerry Yang topped all political gaffes to become this year's winner (or biggest loser) for his comments defending his decision to turn down Microsoft's $44 billion offer for the perpetually lost-in-the-woods troubled internet venture....

[tomos]

1. sad news about Castle Cops - I've often gotten help there ...

8. Australia continues to entertain

9. Windows XP Allowed to Live Again

But now Microsoft has put in place a scheme that will allow the hardware firms to get hold of XP licences until 30 May 2009.

Previously Microsoft extended XP's life until 2010

-
I presume the 2010 date was for support of xp - otherwise article contradicts self (I think )


thanks as ever Ethyar 

[Ehtyar]

9. Windows XP Allowed to Live Again

But now Microsoft has put in place a scheme that will allow the hardware firms to get hold of XP licences until 30 May 2009.

Previously Microsoft extended XP's life until 2010

-
I presume the 2010 date was for support of xp - otherwise article contradicts self (I think )


thanks as ever Ethyar 

-tomos (December 28, 2008, 09:21 AM)

You skipped the end of that quote tomos. Windows XP can be installed on netbooks and low cost machines until 2010, presumably because MS didn't want to loose that space to Linux as vista is far too resource hungry to be used on those types of machines.

Ehtyar.

[ewemoa]

Thanks as usual

Re: 8. I'm not seeing the quote...is this a reference to the filtering system?

Re: 11. Nice photos at the page!

[Ehtyar]

No that's Ehtyar retarded Fixed now, ty

Ehtyar.

[Lashiec]

Wow, CastleCops closed, that's absolutely awful. I did not hang around the forums, but the wiki was an essential resource for fighting malware. I'm even more astonished to see this did not appear anywhere in my feeds.

* Lashiec subscribes to /.

[tomos]

9. Windows XP Allowed to Live Again

But now Microsoft has put in place a scheme that will allow the hardware firms to get hold of XP licences until 30 May 2009.

Previously Microsoft extended XP's life until 2010

-
I presume the 2010 date was for support of xp - otherwise article contradicts self (I think )


thanks as ever Ethyar 

-tomos (December 28, 2008, 09:21 AM)

You skipped the end of that quote tomos. Windows XP can be installed on netbooks and low cost machines until 2010, presumably because MS didn't want to loose that space to Linux as vista is far too resource hungry to be used on those types of machines

-Ehtyar (December 28, 2008, 01:59 PM)

I managed to miss that in your quote AND in the linked article, ouch!!
thanks for explanation too

[Ehtyar]

Hehe, np man

Ehtyar.

[J-Mac]

I used to spend time at CastleCops. It got tough to stay there, though. For one thing, your starting page was "Your Favorites" and it became tough to find a way to get to the main forum index! Had to go somewhere else and then work your way back up. Next, CastleCops had to be one of the slowest servers on the Internet - and I'm not talking about when under DDOS attack - all the time for the last year or two.

The independent forums were great but a few of the private developer forums were pretty bad - I won't say which.

Thanks for the great news thread, as always, Ehtyar!

Jim