Tech News Weekly: Edition 08-09

[Ehtyar]

The Weekly Tech News

Hi all. Nothing funny this week I'm afraid...The Onion seem to have a habbit of producing one awesome video followed some in realy poor taste. Sorry for the screw-up with naming last week's news, you can find it here.

1. SafeNet Demonstrates OMA DRM-compliant Android Smartphone

Spoiler

http://www.earthtimes.org/articles/show/safenet-demonstrates-oma-drm-compliant-android-smartphone,720107.shtml
SafeNet’s DRM Fusion Agent open-standards DRM system has made its way to Android.

SafeNet, Inc., a global leader in information security, today announced the availability of its complete suite of open standards-based Digital Rights Management (DRM) and Mobile TV protection solutions for the Open Handset Alliance’s (OHA) Android platform. A live demonstration of SafeNet’s DRM Fusion Agent, deployed on Android, will be showcased daily at the 2009 Mobile World Congress.

“SafeNet’s DRM Fusion Agent seamlessly integrates with the Android platform and application framework,” said Simon Blake-Wilson, managing director, embedded security solutions, SafeNet. “Pre-integration with today’s leading mobile operating systems, including Android, Windows Mobile, Symbian, and RTOS-based feature phone platforms, as well as with Windows PCs, continues to make SafeNet’s DRM Fusion Agent the ideal solution for reducing cost and time to market for the world’s leading device and handset manufacturers.”

2. Bot Busts Newest Hotmail CAPTCHA

Spoiler

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9128201
Hotmail's newest CAPTCHA will slow hackers down (20% success), but not by enough.

Spammers have cracked Microsoft Corp.'s latest defense against abuse of its Live Hotmail e-mail service using a sophisticated network of hacked computers that receive encrypted instructions from a central server, a security company has reported.

The botnet, or collection of compromised PCs, can decipher Live Hotmail's CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) registration safeguard in about 20 seconds, said Websense Inc. researcher Sumeet Prasad.

3. Satellite-hacking Boffin Sees the Unseeable

Spoiler

http://www.theregister.co.uk/2009/02/17/satellite_tv_hacking/
Confirmation of what most of us would have already known...you can ready anything that's not encrypted sent via satellite with off-the-shelf hardware.

White-hat hacker Adam Laurie knows better than to think email, video-on-demand, and other content from Sky Broadcasting and other satellite TV providers is a private matter between him and the company. That's because he's spent the past decade monitoring satellite feeds and the vast amount of private information they leak to anyone with a dish.

"Looking at what kind of data you can see being broadcast, some of that is quite surprising," he says. "Things you would expect to be secure turn out not to be secure. The most worrying thing is you can just see all this data going by."

4. New In-the-wild Attack Targets Fully-patched Adobe Reader

Spoiler

http://www.theregister.co.uk/2009/02/20/adobe_reader_exploit/
Discission thread by Mouser: https://www.donationcoder.com/forum/index.php?topic=17119
Malicious PDFs are spreading a trojan known as Gh0st RAT through a newly discovered vulnerability in Adobe Acrobat.

Security watchers are warning of a serious unpatched vulnerability in Adobe's Reader program that's actively being exploited to install malware on the PCs of unsuspecting users.

The vulnerability has been confirmed in versions 8.1.3 and 9.0.0 of Adobe Reader running on Windows XP Service Pack 3 and is presumed to work on other versions of Windows as well, according to this advisory from Shadowserver. Adobe for machines running Linux and Apple's OS X were not tested, but may also be vulnerable, Shadowserver's Steven Adair said.

5. State Bill Would Turn RFID Researchers Into Felons

Spoiler

http://www.theregister.co.uk/2009/02/20/nevada_rfid_skimming_bill/
Because...you know...prohibition is bound to fix the RFID problem...

The sponsor of a controversial bill before the Nevada legislature has promised to introduce amendments after security experts and civil libertarians warned it would make felons of people studying privacy threats involving RFID, or radio frequency identification.

In its present form, Senate Bill 125 (PDF) would make it a felony for anyone to possess, read or capture the personally identifying RFID information of others without their consent. Without changes, the legislation would prevent the testing and demonstrating of RFID weaknesses in a state that hosts Defcon and Black Hat, the biggest hacker conference and one of the biggest security conferences respectively.

6. New Attacks On IE7 Go Wild

Spoiler

http://www.theregister.co.uk/2009/02/17/internet_explorer_attacks_go_wild/
For the techies: http://isc.sans.org/diary.html?storyid=5884
An RCE flaw in IE7 is being actively exploited in the wild to steal users data or surreptitiously install software.

Cybercriminals have begun attacking a critical hole that Microsoft patched in its Internet Explorer 7 browser last week, corroborating the company's warning that the vulnerability would be easy to exploit.

The exploit code is spread through a booby trapped Word document that ultimately installs information-stealing malware on unpatched machines, according to researchers. The vulnerability is one of two IE flaws Microsoft patched last week. The company warned at the time that "consistent exploit code" for the remote execution flaws was likely.

7. Wikileaks Forced to Leak Its Own Secret Info

Spoiler

http://blog.wired.com/27bstroke6/2009/02/wikileaks-force.html
Oops, an accidental CC instead of BCC has caused Wikileaks to leak their own donor list to the public.

What's Wikileaks, the net's foremost document leaking site, supposed to do when a whistle-blower submits a list of email addresses belonging to the site's confidential donors as a leaked document?

That's exactly the conundrum Wikileaks faced this week after someone from the controversial whistle-blowing site sent an emergency fund-raising appeal on Saturday to previous donors. But instead of hiding email addresses from the recipients by using the bcc field, the sender put 58 addresses into the cc field, revealing all the addresses to all the recipients.

8. Kiwi "three Strikes" Law Countered With "Internet Blackout"

Spoiler

http://arstechnica.com/tech-policy/news/2009/02/kiwi-three-strikes-law-countered-with-internet-blackout.ars
In protest of the coming "three strikes" law to come into effect February 28, New Zealanders are proposing an "internet blackout" where New Zealand internet users will replace their home pages with a black page.

Perhaps taking a cue from New Zealand rugby team the All Blacks, a group of Kiwi artists and activists are calling for an "Internet Blackout" to protest the country's coming "three strikes" law.

The Creative Freedom Foundation believes that copyright infringement is wrong, but it argues that the proposed penalty (ISP disconnection) doesn't fit the crime, especially since the New Zealand law only relies on evidence and allegations from copyright holders; the law makes no provision for judicial oversight or any other sort of process to contest the evidence of P2P copyright infringement. It goes into effect on February 28.

9. Sun Targets Flash, Brings JavaFX to Mobile Devices

Spoiler

http://arstechnica.com/open-source/news/2009/02/sun-brings-javafx-to-mobile-devices.ars
An interesting move by Sun sees them competing directly with Adobe on the mobile platform.

Sun is bringing its JavaFX development framework to mobile devices. The latest release of the JavaFX SDK, version 1.1, offers full support for mobile JavaFX development and includes an emulator for testing mobile device compatibility. The move could help Java retain its relevance on handhelds as rival Adobe works to boost the popularity of Flash and AIR for mobile development.

JavaFX, which was first announced in 2007 and rolled out to the public in December 2008, is a framework for building rich Internet applications on top of Java. It includes a scene graph library and a unique scripting language that provides a declarative syntax for constructing sophisticated graphical user interfaces. Its graphics capabilities include support for animation, visual effects, gradients, and translucency.

10. Feds Propose Storing Internet User Data for 2 Years

Spoiler

http://blog.wired.com/27bstroke6/2009/02/feds-propose-st.html
In a stunt one might have expected from the English government, the US government is proposing legislation that would require data associated with any dynamically assigned IP address to be retained for a minimum of two years.

In the name of combating child pornography, federal lawmakers are proposing that internet users' online surfing habits be retained for two years.

The so-called "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act of 2009," or SAFETY Act,  was floated in both the House and Senate on Thursday.

Among other things, it demands: "A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user."

11. Pirate Bay Joy at Charge Change

Spoiler

http://news.bbc.co.uk/2/hi/technology/7895026.stm
As many were likely aware, the trial of the administrators of The Pirate Bay began earlier this week. SHortly after the trial began, however, half of the charges have been dropped by the prosecution.

Swedish prosecutors dropped charges relating to "assisting copyright infringement" leaving the lesser charges of "assisting making available copyright material" on trial day two.

Pirate Bay co-founder Frederik Neij said it showed prosecutors had misunderstood the technology.

The music industry played down the changes as "simplifying the charges".

12. How the Feds Shook Hands With an Internet Pedophile

Spoiler

http://www.theregister.co.uk/2009/02/20/rise_and_fall_of_digerati/
A rather disturbing insight into the nastier side of plea bargaining, and how knowing the right information can get you out of almost anything. This is a long one guys, and only tech related on the surface, but it was a very good read and is a good alternative to a video ('coz the last two Onions sucked) I think.

As former moderators for an internet relay channel dedicated to hacking, Francine Campbell and Sterlin Ward have seen some of the net's darker quarters. But nothing prepared them for their group's encounter with an internet pedophile who called himself Digerati.

After the hacker repeatedly propositioned channel members as young as 13 to engage in graphic webcam sex, Campbell and Ward alerted the FBI and officials at the University of Pennsylvania, where Digerati attended classes and got his internet access. Digerati - whose real name is Ryan Goldstein - was eventually prosecuted, but the experience left the channel elders - and some law-enforcement experts - critical of what they characterize as a Faustian deal

Ehtyar.

[tomos]

#12 disturbing

just heading off to bed here - but can anyone explain #1 (or the significance of it) in one sentence or so (!) (or maybe it's completely over my head anyways ?)

as usual, thanks Ethyar

[PhilB66]

@Ehtyar

The link to last week's Tech News is broken.

[ewemoa]

Thanks for this week's

Re: 3: Too bad the approach of producing a lot of "chaff"/"decoy" data probably won't help...M-x spook

[40hz]

Wow. What a week huh?

To summarize this edition:

Trouble here
   Trouble there
      Trouble, trouble everywhere.
Here a trouble
   There a trouble
      Everywhere's got trouble trouble.