Tech News Weekly: Edition 10-09

[Ehtyar]

The Weekly Tech News

Hi all. No meta-news this week guys. Enjoy As usual, you can find last week's news here.

1. Planet-Hunting Space Telescope Blasts Off

Spoiler

http://blog.wired.com/wiredscience/2009/03/keplercountdown.html
Video of launch: http://www.youtube.com/watch?v=-g44uA8kKwQ
NASA has launched a new space mission with the objective of locating planets similar to Earth.

A new telescope that will be able to detect earth-like planets around other stars launches Friday night from Kennedy Space Center in Cape Canaveral, Florida at 10:49 p.m. Eastern time.

The Kepler Space Telescope is the first human tool that will be able to find planets capable of supporting life as we know it.

"It's not just another science mission. This one has historical significance built into it," Ed Weiler of the Science Mission Directorate at NASA headquarters said at a press conference Thursday.

2. Child Porn Suspect Ordered to Decrypt Own Hard Drive

Spoiler

http://www.theregister.co.uk/2009/03/03/encryption_password_ruling/
A US District Court Judge has ruled that encrypted content on a hard-disk cannot have the fifth-amendment applied to it, thus those involved in a court case are legally required to decrypt the disk's content. The decision is being appealed.

In a move sure to stoke debates over constitutional protections against self-incrimination in the digital age, a federal judge has ordered a child porn suspect to decrypt his hard drive so prosecutors can inspect its contents.

In a ruling issued last month, US District Judge William Sessions in Vermont ruled criminal defendant Sebastien Boucher does not have a constitutional right to keep the files encrypted. The ruling reversed an earlier decision by a federal magistrate that said forcing Boucher to enter his password into his laptop would violate his Fifth-Amendment rights against self incrimination. Boucher's attorney is appealing Sessions's ruling, according to CNET News, which reported the story earlier.

3. Zero-day Adobe PDF Peril Goes Click Free

Spoiler

http://www.theregister.co.uk/2009/03/05/click_free_pdf_peril/
Discussion started by Mouse Man: https://www.donationcoder.com/forum/index.php?topic=17319.0
Adobe's Acrobat Reader is vulnerable to remote code execution without even opening a document.

An unpatched flaw in Adobe Acrobat and Reader might be exploited without even needing to trick a surfer into opening a maliciously constructed file.

Proof of concept demonstrations of this by security blogger Didier Stevens will increase pressure on Adobe to release a fix ahead of schedule.

4. Conficker Gets Upgraded With Defenses

Spoiler

http://www.theregister.co.uk/2009/03/07/conficker_upgrade/
Conflicker is being upgraded with a new module that targets anti-virus software and typical investigatory utilities one might use in the hunt for viruses as well as increasing the number of possible update URLs the bot can contact.

Researchers at Symantec have discovered what could be a significant development in the ongoing Conficker worm saga: a new module that is being pushed out to some infected systems.

In a couple of ways, the new component is designed to harden infected machines against an industry consortium that is actively trying to contain the prolific worm. For one, the update targets antivirus software and security analysis tools to prevent them from removing the malware. Not only does it try to disable anti-malware titles, it also goes after programs such as Wireshare and regmon.

5. Asset Smart Complete: AMD Now Two Separate Companies

Spoiler

http://arstechnica.com/business/news/2009/03/asset-smart-complete-amd-now-two-separate-companies.ars
AMD has now complete its split into two seperate commercial entities. One will deal with R&D, and the other with chip fabrication.

Asset Smart is finished. On Monday, March 2, AMD divested itself of certain manufacturing and corporate assets and formed those assets into a second company. Henceforth, the Fabrication Facilities Formerly Known as AMD will be the property of the imaginatively named Foundry Company.

6. First Look: Qt 4.5 Rocks for Rapid Cross-platform Development

Spoiler

http://arstechnica.com/open-source/news/2009/03/first-look-qt-45-rocks-for-rapid-cross-platform-development.ars
Qt 4.5 has been released, marking the first time Qt is available under an LGPL license, permitting its use in closed source/commercial applications.

Nokia has announced the availability Qt 4.5, a major update of the popular development toolkit. This version is packed with impressive new features and includes significant performance improvements. Nokia has also delivered the first official release of Qt Creator, a lightweight development environment designed to facilitate rapid construction of Qt applications.

Qt is a cross-platform C++ development framework for graphical application development. It is distributed under an open source license and is supported on Windows, Mac OS X, Linux, and several mobile operating systems. It was originally created by Trolltech, a Norwegian software company that was acquired last year by Nokia. The toolkit is popular on the Linux platform where it serves as the foundation for the KDE desktop environment and software ecosystem. It is also used by some commercial software developers, including Google, Skype, and Adobe.

7. Security Admin, Botmaster Sentenced to Four Years in Prison

Spoiler

http://arstechnica.com/security/news/2009/03/security-admin-botmaster-sentenced-to-four-years-in-prison.ars
John Schiefer, security administrator by day, black-hat by night, has been setenced to 4 years in prison for his role in the creation and use of a 250,000-node botnet.

One-time security consultant and significant black hat John Schiefer has been sentenced to four years in federal prison after pleading guilty to multiple counts of fraud last April. Schiefer's case began in 2007 when he was charged with having installed malware on computers without the consent of the owner. The responsibilities and permissions granted to Schiefer as a security consultant during his day job afforded him ample opportunity to play black hat on the side; Schiefer and his associates were charged with creating a botnet of up to 250,000 zombies. Both the case and today's ruling are the first of their kind in the United States; presiding Judge Howard Matz apparently wanted to send a strong message to anyone engaged in similar activities.

Schiefer's transgressions were standard; the Department of Justice (DoJ) reported in April that "Schiefer’s...malware allowed him to intercept communications sent between victims’ computers and financial institutions, such as PayPal. Schiefer sifted through those intercepted communications and mined usernames and passwords to accounts...Schiefer made purchases...transferred funds...[and] also gave the stolen usernames and passwords, as well as the wiretapped communications, to others."

8. The Return of L0phtCrack

Spoiler

http://blogs.zdnet.com/security/?p=2737
L0phtCrack will be returning to active development shortly, with news that a new release is planned for the near future.

More than two years after Symantec pulled the plug on L0phtCrack, the venerable password cracking tool is being prepped for a return to the spotlight.

The original creators of L0phtCrack has reacquired the tool with plans to release a new version at next week’s SOURCE Boston conference.

9. Caching Bugs Exposed in Second Biggest DNS Server

Spoiler

http://www.theregister.co.uk/2009/02/28/djbdns_cache_poisoning_vulns/
Believed to be the second most commonly deployed DNS server in the world, djbdns is suspected of being susceptible to cache-poisoning.

For years, cryptographer Daniel J. Bernstein has touted his djbdns as so secure he promised a $1,000 bounty to anyone who can poke holes in the domain name resolution software.

Now it could be time to pay up, as researchers said they've uncovered several vulnerabilities in the package that could lead end users to fraudulent addresses under the control of attackers.

djbdns is believed to be the second most popular DNS program, behind Bind. The bugs show that even the most secure DNS packages are susceptible to attacks that could visit chaos on those who use them.

10. Ninth Circuit Rejects Gov't Appeal in Wiretap Case

Spoiler

http://arstechnica.com/tech-policy/news/2009/03/ninth-circuit-rejects-govt-appeal-in-wiretap-case.ars
The US Ninth Circuit Court of Appeals has held that the government must turn over a secret document that allegedly details how the government applied warrantless wiretaps to an Islamic organization it claimed was a terrorist group.

The Ninth Circuit Court of Appeals has rejected the government's plea to stay a January ruling allowing an Islamic charity that alleges it was subject to illicit warrantless wiretapping to proceed with its lawsuit. But Obama administration attorneys have signaled that they plan to continue fighting tooth and nail to avoid turning over further information.

The one-paragraph decision by the Ninth Circuit reads, in full:

    We agree with the district court that the January 5, 2009 order is not appropriate for interlocutory appeal. The government’s appeal is DISMISSED for lack of jurisdiction. The government’s motion for a stay is DENIED as moot.

11. Jennifer Love Hewitt Pays Magazine $2.2 Million To Run Photos Of Her Baby

Spoiler

http://www.theonion.com/content/video/jennifer_love_hewitt_pays
This one is for those of you who are sick and tired of hearing about million-dollar sums paid to well known public figures for pictures of their new-borns.

Ehtyar.

[mouser]

Great edition 

[housetier]

WRT the flaw in Adobe's PDF reader I recommend trying an alternive PDF
reader that might even be "better" than the original: no loading of
dubious toolbars and other excessive features (which don't belong into a
document *viewer* anyway).

Yes those free versions might have flaws as well I know I know...

[f0dder]

Interesting items this week. Flaws in djbdns... perhaps fanboys will finally stop thinking the guy is an infallible guru? (no, I'm not anti-dj, but I don't like when people blindly worship something. qmail, anyone?).

Af for PDF readers, other readers might have flaws and exploits as well, but it will still be safer using them than Adobe Reader, since malware authors obviously target the applications that have the largest marketshare.

[ewemoa]

Re: 1: If you don't look, you're not likely to find...

Re: 9: Definitely interesting w.r.t. djbdns.  FWIW, I had years of trouble-free system administration thanks to qmail and djbdns -- I don't worship him, but I am thankful for his existence and efforts

Thanks again, Ehtyar!

[zridling]

RE: #2:
Guess that means that encryption software in the US is totally useless if you can't keep info from the government's eyes, or in this case, censors.

I don't know the specifics of that case, but throughout modern US history whenever the government couldn't make its case otherwise, it always appealed to screaming CHILD PORN or TERRORISM, two universally despised threats to public safety. I recall a case only last year where a suspect successfully wiped his drive clean before the cops burst through the door. He was convicted of possessing child porn based on that act alone. The whole point of the 4th Amendment is an individual's answer to the [government's] question of: If you didn't have anything to hide, you wouldn't have hidden it.

By that logic, even passwords can presume guilt for any charge!

[40hz]

RE: #2

Once again, a district court judge is grandstanding.

I'd wait for the Appeals ruling before I got too upset.

[Ehtyar]

Wow, what did I do wrong in this week's news that last week's is still getting all the attention?

I agree that the judge in No 2 is a dickhead (you may have said it more eloquently...) but I find it disconcerting that he manage to justify that order, whether it is overturned on appeal or not.

Ehtyar.