Tech News Weekly: Edition 11-09

[Ehtyar]

The Weekly Tech News

Hi all. No meta-news this week. Enjoy As usual, you can find last week's news here.

1. Russian Youth Organization Cops to 2007 Estonian Cyberattacks (Thanks 40hz)

Spoiler

http://arstechnica.com/security/news/2009/03/russian-youth-organization-cops-to-2007-estonian-cyberattacks.ars
Another: http://www.theregister.co.uk/2009/03/11/russian_admits_estonian_ddos/
A group of young Russian's have claimed responsibility for the cyber attack against Estonia almost two years ago. If the claims are verified, then the question becomes whether or not they were acting autonomously.

In May 2007, the websites of a number of prominent Estonian politicians were attacked and crippled for several weeks. The attacks came at a time when Estonian/Russian relations were already chilly, thanks in part to the Estonian government's plan to move a Russian war memorial statue from the city center and into a cemetery. Ars has covered the issue since the attacks began, including the arrest of an Estonian student last year in connection with the prolonged DDoS siege. The arrest of 20-year-old Dmitri Galushkevich in January, 2008 raised doubts as to whether he was solely responsible for weeks of disruptions. On Wednesday, January 11, the doubters were victorious; comments from Konstantin Goloskokov, a commissar with the Russian youth movement Nashe, has admitted that the group organized and masterminded the Estonian barrage.

The Baltic Business News quotes Goloskokov defending the group's actions as necessary in order to defend Russian interests. "I wouldn't have called it a cyber attack; it was cyber defense," Goloskokov said. "We taught the Estonian regime the lesson that if they act illegally, we will respond in an adequate way." Note that the commissar does not characterize his own group's actions as illegal—on the contrary, it was actually Estonia's fault that it couldn't handle the impact of the DDoS assault. "We just visited the various Internet sites, over and over, and they stopped working... We didn't block them: they were blocked by themselves because of their own technical limitations in handling the traffic they encountered."

2. Obama Administration Declares Proposed IP Treaty a 'National Security' Secret

Spoiler

http://blog.wired.com/27bstroke6/2009/03/obama-declares.html
Another: http://arstechnica.com/tech-policy/news/2009/03/were-not-releasing-acta-docs-says-us-again.ars
The Obama Administration is keeping the details of the so-called 'Anti-Counterfeiting Trade Agreement' a secret under the guise of 'National Security'.

The White House this week declared the text of the proposed treaty a "properly classified" national security secret, in rejecting a Freedom of Information Act request by  Knowledge Ecology International.

"Please be advised the documents you seek are being withheld in full," wrote  Carmen Suro-Bredie, chief FOIA officer in the White House's Office of the U.S. Trade Representative.

The national security claim is stunning, given that the treaty negotiations have included the 27 member states of the European Union, Japan, South Korea, Canada, Mexico, Australia, Switzerland and New Zealand, all of whom presumably have access to the "classified" information.

3. EBay Scammers Work Unpatched Weaknesses in Firefox, IE

Spoiler

http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
Hackers are using the XBL implementation of Firefox and IE to defraud users of eBay and hide their work.

The evil genius behind the eBay scheme managed to pull off what amounts to an XSS, or cross-site scripting, attack that injected forbidden javascript elements stored on third-party websites. That allowed the eBay pages to contain outside email links and other unauthorized code while still evading toolbars designed to detect fraudulent listings.

In addition to injecting a link that automatically prompts users to email the seller at an aol.com address, the scam used a random number generator to change the item number each time the page was loaded. Item numbers are supposed to be unique and are used to report fraudulent listings. Changing the number made it harder for eBay's fraud busters to remove bogus auctions.

4. BBC Botnet Investigation Turns Hacks Into Hackers

Spoiler

http://www.theregister.co.uk/2009/03/12/bbc_botnet_probe/
The BBC has been accused of breaking British cybercrime law after it purchased and used a botnet of ~22,000 nodes to spam its own Hotmail and Gmail addresses, and flood a server of a consenting their party.

BBC Click got its hands on a botnet of 22,000 compromised PCs from an underground forum. It used these machines to send spam to two accounts it had established with Gmail and Hotmail. The programme also used these zombie machines to show how they might be used in a denial of service attack.

After getting permission from security firm Prevx, which commented on camera but did not otherwise participate in the investigation, BBC Click used the compromised machines to flood a backup site run by the security firm with junk traffic.

5. Norway's Public Broadcaster Launches BitTorrent Tracker

Spoiler

http://arstechnica.com/tech-policy/news/2009/03/norways-public-broadcaster-nrk-receives.ars
Norwegian national broadcaster NRK has launched a BitTorrent tracker of its very own to provide its audience with DRM-free television via p2p.

Norway's public broadcaster NRK receives 94 percent of its revenue from a license fee paid by TV-owning households in the country, and it's charged not with making money, but with getting its content in front of as many people as possible. To do that, NRK has just launched its own BitTorrent tracker to distribute its TV shows—DRM-free, of course. NRK takes its distribution mission so seriously that it's even providing subtitle files so that non-Norwegians can translate the shows easily.

Given what the Norwegians have been up to recently, this isn't surprising. NRK started distributing shows via BitTorrent in early 2008 and said that the experiment was a great success. (Canada's CBC did a similar but smaller-scale BitTorrent trial.)

6. SSDs Likely to Help 6.0Gbps SATA3 to Reach Speed Potential

Spoiler

http://arstechnica.com/hardware/news/2009/03/ssds-likely-to-help-60gbps-sata3-to-reach-speed-potential.ars
Solid State Drives may yet help 6 Gbps SATA 3.0 become a reality.

AMD and Seagate have jointly demonstrated the first SATA3 hard drive in public, and are promising compatible chipsets and shipping hard drives by the end of 2009. SATA3 will maintain full compatibility with SATA and SATA2—all current motherboards and drive cables should flawlessly support SATA3 drives, though you'll need a SATA3-compatible chipset in order to take advantage of the new standard's 6Gbps throughput.

In the past, the raw throughput gained by moving from one hard drive standard to another has been relatively unimportant. An announcement that theoretical drive bandwidth had doubled from 1.5Gbps (SATA) to 3Gbps (SATA2) makes for great copy, but anyone familiar with the mechanics of a hard drive knows that standard HDD throughput typically couldn't saturate SATA, much less SATA2. The real benefit of new drive standards has typically come from those features that take second billing—thinner cables, smaller connectors, hot swappability, Native Command Queuing (NCQ), and improved power management.

7. Hypocrisy Or Necessity? RIAA Continues Filing Lawsuits

Spoiler

http://arstechnica.com/tech-policy/news/2009/03/hypocrisy-or-necessity-riaa-continues-filing-lawsuits.ars
Despite an earlier promise to discontinue the practice of filing suit against individual file sharers, the RIAA is continuing to do just that.

When the music labels unearth a file-sharer to prosecute, they apply the thumbscrews gently at first. The accused infringer receives a letter asking him or her to settle, usually for $3,000 to $4,000. That's a lot, but those who don't settle face much worse.

Now, exposing oneself to certain kinds of new music might actually be worth that outrageous fee, but the people that the RIAA fingers generally turn out to have truly execrable taste in music—or perhaps the lawyers simply pluck out horrible songs on purpose to make the legal process as embarrassing as possible.

8. Google's New Behavioral Ads Already Raising Privacy Worries

Spoiler

http://arstechnica.com/web/news/2009/03/googles-interest-based-ads-try-to-address-privacy-worries.ars
Another: http://news.bbc.co.uk/2/hi/technology/7937201.stm
The second half of this headline is a given really with any new Google service. Anyway, it seems Google will now be using all that data it holds on your browsing habbits to deliver targeted advertisements.

Google's newest advertising strategy, behavioral targeting, has finally arrived. The strategy, referred to as "interest-based" advertising, will go beyond current targeted advertising practices and track your Internet usage habits in order to serve an ad that the search giant hopes is better suited for you. This means that, instead of visiting a music site and simply getting music-related ads, you might visit a music site and getting ads for the newest "Cats Meowing Christmas Carols" album—because Google knows you spend 95 percent of your Internet time at Catster.

The company announced today that it's launching a beta test of the interest-based system today on its partner sites and YouTube, eventually allowing other advertisers to join the program in April. Advertisers have long been asking for a way to behaviorally target ads, the company said, but Google also says that it will benefit end-users by showing them ads they're genuinely interested in. "We believe there is real value to seeing ads about the things that interest you," Google's VP of Product Management Susan Wojcicki wrote on the Official Google Blog.

9. Latest Conficker Worm Gets Nastier

Spoiler

http://news.cnet.com/8301-1009_3-10196122-83.html
Another: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=215900041
Conflicker.C has hit the shelves folks. It sports a significantly improved domain generation algorithm and better self-protection mechanisms.

Conficker.C shuts down security services, blocks computers from connecting to security Web sites, and downloads a Trojan. It also is programmed to begin connecting to 50,000 different domains on April 1 to receive updated copies or other malware, as opposed to connecting to 250 domains a day as previous versions are doing, Ben Greenbaum, senior research manager for Symantec Security Response, said on Friday.

The authors of the code are "strengthening their hold on their collection of infected machines at the same time they are attempting to strengthen their ability to control those machines by moving to 50,000 domains," he said.

10. Experts Agree: Giant, Razor-Clawed Bioengineered Crabs Pose No Threat

Spoiler

http://www.theonion.com/content/video/experts_agree_giant_razor_clawed
The Onion is reporting that a fleet of giant crabs could solve a good portion of societies ills.

Ehtyar.

[mouser]

hahahaah that last crab video is full of great gems.

[Ehtyar]

I think it's made even funnier by the fact that the scenario it presents is vaguely familiar to most of us in one way or another.

Ehtyar.

[ewemoa]

Thanks as usual, Ehtyar 

Re: 8 - I keep wondering whether some feedback loop will form w.r.t. ads and you might end up seeing only one ad wherever you go (at least for a while -- then at some point may be you'll start to see another ad, but it'll just be that one for another while...)

[Deozaan]

Ehtyar it appears you have a giant crab problem.

#4: The BBC has been accused of breaking British cybercrime law after it purchased and used a botnet of ~22,000 nodes to spam its own Hotmail and Gmail addresses, and flood a server of a consenting their party.

In a way I'm glad that the media is being held to the same standards as a normal citizen. Unless they asked Hotmail and Gmail for permission to use their servers that way then they should be held liable for breaking the law. But I hope they're not being charged for  flooding the consenting third party's servers with spam.

[nosh]

#4
I found the special mostly voyeuristic. It showed how easy it was to operate a bot network once you managed to procure one (the relatively difficult part), the presenter was definitely in awe of the control panel software that came along with the zombie army. It ended with the usual Windows update, firewall, anti-malware advice and with the infected goobers getting their machines back (along with a brand new BBC wallpaper). I don't think they deserve to be sued, though they almost certainly encouraged some potential spammers!  It was a gutsy exercise for a mainstream organization like the BBC to carry out, not something I'd expect of them. 

[Deozaan]

I don't think they deserve to be sued

-nosh (March 17, 2009, 12:02 AM)

I disagree. If you break the law, you pay the penalty. Justice is blind and nobody is above the law.

If I did the same thing that the BBC did, you can bet your DonationCredits I'd be getting sued. No more double-standards!

[nosh]

Technically, they did break the law, though I don't see any harm done. If I owned one of those infected machines I'd send them (or you, if you'd done the same thing) a thank you card. 

[Ehtyar]

Unless they asked Hotmail and Gmail for permission to use their servers that way then they should be held liable for breaking the law.

-Deozaan (March 16, 2009, 06:26 PM)

Agreed, perhaps one might ask them why they didn't spam their own mail servers?

Ehtyar.

[40hz]

If you break the law, you pay the penalty. Justice is blind and nobody is above the law.

-Deozaan (March 17, 2009, 12:41 AM)

Well...in a perfect world that may be true. But in the real world, Justice is neither blind nor unbiased; and a great many people and institutions are, in fact, very much above the law.

And that's pretty much the way it's always been throughout the history of human civilization.

 

[Ehtyar]

Well...in a perfect world that may be true. But in the real world, Justice is neither blind nor unbiased; and a great many people and institutions are, in fact, very much above the law.

And that's pretty much the way it's always been throughout the history of human civilization.

 

-40hz (March 17, 2009, 03:03 PM)

+1

Ehtyar.

[Deozaan]

If you break the law, you pay the penalty. Justice is blind and nobody is above the law.

-Deozaan (March 17, 2009, 12:41 AM)

Well...in a perfect world that may be true. But in the real world, Justice is neither blind nor unbiased; and a great many people and institutions are, in fact, very much above the law.

And that's pretty much the way it's always been throughout the history of human civilization.

-40hz (March 17, 2009, 03:03 PM)

Maybe if we as citizens demanded otherwise it wouldn't be like that anymore.