Tech News Weekly: Edition 21-09

[Ehtyar]

The Weekly Tech News

Hi all. Check out the pics of my new Tech News mug below, THANKS MOUSE MAN!!! As usual, you can find last week's news here.

Tech News Weekly: Edition 21-09

Tech News Weekly: Edition 21-09

Tech News Weekly: Edition 21-09

1. Google Result-Manipulating Gumblar Exploit Picking Up Steam

Spoiler

http://arstechnica.com/security/news/2009/05/gumblar-exploit-hijacking-websites-and-picking-up-steam.ars
Also known as JSRedir-R, the Gumblar javascript virus is spreading like wildfire across the net. It spreads via stolen FTP credentials, which it obtains through drive-by downloads facilitated by vulnerabilities in older versions of Adobe Flash and Acrobat.

Security researchers are stepping up their warnings about the Gumblar malware exploit as it continues to hijack webpages and manipulate Google results. Gumblar recently got the attention of the United States Computer Emergency Readiness Team (US-CERT), which noted on its website that Gumblar is alive and well and continues to circulate by hijacking vulnerable Web applications, poor configuration settings, or simply by stealing FTP credentials.

Experts who have been tracking Gumblar since March say that the malware directly manipulates files on Web servers after getting access to them. From there, the attack changes the files to inject scripts and distribute more malicious code out of gumblar.cn or from other, varying IP addresses. The code appears to target sites that show up in Google searches, according to the ScanSafe STAT Blog, and although Google began delisting compromised websites months ago, the code keeps changing, keeping Google on its toes.

2. Big Content Appeals Pirate Bay Case - Damages Were Too Low

Spoiler

http://arstechnica.com/tech-policy/news/2009/05/big-content-appeals-pirate-bay-casedamages-were-too-low.ars
It seems both sides of the Pirate Bay lawsuit are eager for an appeal, as the prosecution has also filed one, claiming that the final sum the Pirate Bay was ordered to pay was insufficient, and that the lesser charge of "assisting copyright infringement" should have remained "copyright infringement".

No one's happy about The Pirate Bay verdict. The site admins, who are now on the hook for a collective 30 million kronor in damages plus one year each in jail, have charged that the judge was biased. But the movie and music businesses have filed an appeal of their own, saying that the 30 million kronor in damages wasn't nearly enough; the amount should be closer to Skr100 million (about US$13 million).

The "spectrial" became even more of a spectacle this week as the Swedish judiciary announced that it would consider The Pirate Bay's claims against the trial judge. That judge, Tomas Norström, belongs to the Swedish Copyright Association along with Henrik Pontén, Peter Danowsky, and Monique Wadsted—all lawyers who represented the recording industry in The Pirate Bay trial.

3. Storage Densities That May Yield a 12TB DVD Demonstrated

Spoiler

http://arstechnica.com/science/news/2009/05/researchers-hope-to-cram-12tb-of-data-on-dvd-sized-disk.ars
I imagine most of you reading this are thinking "But where's the holographic media...?", but I thought it was interesting science if nothing else. Trust the Aussies to assist the rest of the world in clinging to the past.

Google may want to store every bit that you have ever flipped, but it faces the problem that current data storage technology uses a relatively low-density, 2-D approach. Of course, holographic data storage has been touted as the answer to this problem ever since, well, since the first hologram was demonstrated. Despite its potential, holographic data storage has failed to gain market share. This is because the current generation of optical and magnetic storage media are actually simple, robust, and just good enough to hold the competition at bay.

The upshot is that, until magnetic bits can no longer be shrunk and multilayer optical discs reach their limits, any new technology has to have all the good features of current data storage techniques and be better. A bunch of Aussies think they might have hit the sweet spot with a new multilayer optical storage medium that has the potential to store data at around 1.1Tb/cm3. A standard DVD clocks in at 51MB in a square centimeter in each of its layers.

4. Investigators Replicate Nokia 1100 Online Banking Hack

Spoiler

http://www.networkworld.com/news/2009/052109-investigators-replicate-nokia-1100-online.html
Insecure firmware on the ancient Nokia 1100 makes it relatively simple for malcontents to modify the phone to intercept calls and SMS messages destined for numbers they don't own. The hack is being used to break into bank accounts that use mTAN (mobile Transaction Authentication Number) system of SMSing account holders a unique one-time PIN which can be used to access their account online.

An old candy-bar style Nokia 1100 mobile phone has been used to break into someone's online bank account, affirming why criminals are willing to paying thousands of euros for the device.

Using special software written by hackers, certain models of the 1100 can be reprogrammed to use someone else's phone number and receive their SMS (Short Message Service) messages, said Max Becker, CTO of Ultrascan Knowledge Process Outsourcing, a subsidiary of fraud investigation firm Ultrascan.

5. Cisco Settles FSF GPL Lawsuit, Appoints Compliance Officer

Spoiler

http://arstechnica.com/open-source/news/2009/05/cisco-settles-fsf-gpl-lawsuit-appoints-compliance-officer.ars
Cisco has settled out of court with the Free Software Foundation in their lawsuit regarding Cisco's non-compliance with GPL-licensed software it uses in its products. The settlement included a monetary donation to the FSF of an unspecified amount, and Cisco's appointment of a "compliance officer" with their corporate structure.

The Free Software Foundation (FSF) has settled a GPL compliance lawsuit with network hardware maker Cisco. Under the terms of the settlement, Cisco will make a monetary donation to the FSF and appoint a Free Software Director to conduct continuous reviews of the company's license compliance practices.

The FSF filed a lawsuit against Cisco last year, alleging that Linksys—which is owned by Cisco—routinely failed to adhere to the requirements of GNU's General Public License (GPL), under which Linux and other open source software programs are distributed. The GPL stipulates that recipients of a software program must be permitted to study, modify, and redistribute the underlying source code. According to the FSF, Linksys often declined to provide source code upon request or failed to provide the complete source code of GPL-licensed programs that it integrated into its networking hardware products.

6. FBI and US Marshals Laid Low by Mystery Virus

Spoiler

http://www.theregister.co.uk/2009/05/22/fbi_mystery_viral_infection/
The FBI and US Marshall's office have been forced to pull the plug on a portion of their computer systems amid fear that a "mystery virus" that has infected some computer systems may spread further through the Department of Justice.

A mystery viral infection forced the FBI and US Marshals Service to pull the plug on parts of their respective computer networks on Thursday, AP reports.

A spokesperson for the US Marshals Service explained that it had disconnected some of its computers from the wider Justice Department systems, as a precaution against spreading the as yet unidentified malware further. Access to internal email and the internet is being restricted at both the FBI and Marshals service while techies try to identify the precise cause of the problem.

7. Mozilla Straps On Jetpack for Firefox Devs

Spoiler

http://www.linuxinsider.com/story/67139.html
Mozilla Labs is preparing to release a new FIrefox extension that permits users to change the browser's chrome and page content on-the-fly. I'm not normally a Mozilla nay-sayer, but it seems to be like Greasemonkey on somewhat impotent steroids at this stage.

Mozilla's call to developers to participate in its Jetpack project on Wednesday is the latest onslaught in the ongoing war of the Web browsers.

Jetpack is an open source application programming interface (API) that will let users create add-ons for Mozilla's Firefox browser using the Web technologies they already know.

8. Wolfram 'search Engine' Goes Live

Spoiler

http://news.bbc.co.uk/2/hi/technology/8052798.stm
Discussion started by raybeere: https://www.donationcoder.com/forum/index.php?topic=18337
The hotly anticipated Wolfram Alpha "computational knowledge engine" went online this week.

Wolfram Alpha is called a computation knowledge engine rather than a search engine and wants to change the way people use online data.

It aims to give people direct answers to queries rather than send them to other sites where they may find what they are seeking.

9. Pornographic Videos Flood YouTube

Spoiler

http://news.bbc.co.uk/2/hi/uk_news/8061979.stm
As if our opinion of 4chan wasn't low enough already, a group of community members recently banded together to "raid" youtube by uploading as many videos containing pornography as they possible could for what appears to be absolutely no reason whatsoever. Many videos slipped past the censors as the first several seconds of each video contained appropriate content.

The material was uploaded under names of famous teenage celebrities such as Hannah Montana and Jonas Brothers.

Many started with footage of children's videos before groups of adults performing graphic sex acts appeared on screen.

YouTube owner Google said it was aware and addressing the problem.

10. OpenSSH Chink Bares Encrypted Data Packets

Spoiler

http://www.theregister.co.uk/2009/05/19/open_ssh_hack/
A security vulnerability has been discovered in the OpenSSH secure shell implementation whereby an attacker has a one in 262,144 chance of recovering 32 bits of plaintext from an arbitrary chunk of ciphertext. Although the odds are stacked incredibly high against the attacker, certain VPN implementations are made vulnerable by the high frequency of reconnections that occur.

Cryptographers are urging users of a widely employed network protocol to make sure they're running the latest version after discovering a flaw that could allow attackers to read data that's supposed to remain encrypted.

All programs that incorporate the OpenSSH implementation of SSH, short for Secure Shell, should make sure they use version 5.2, which provides several countermeasures to prevent the attacks. Other SSH implementations may be vulnerable as well, the researchers from the Information Security Group at the University of London's Royal Holloway said.

11. Camera Grid to Log Number Plates

Spoiler

http://news.bbc.co.uk/2/hi/programmes/whos_watching_you/8064333.stm
In their relentless pursuit to establish a surveillance society, the UK government will soon be implementing a nation-wide, centralized, network of license plate-identifying cameras.

Thousands of Automatic Number Plate Recognition cameras are already operating on Britain's roads.

Police forces across England, Wales and Scotland will soon be able to share the information on one central computer.

Officers say it is a useful tool in fighting crime, but critics say the network is secretive and unregulated.

12. Klingon Anti-virus Available for Download. Really.

Spoiler

http://www.pcworld.com/article/165192/klingon_antivirus_available_for_download_really.html
Sophos have released an anti-virus scanner with a user interface in Klingon, after learning that "the loss of the Klingon battlecruiser Klothos was not due to Romulan incursion into the Khitomer system, but a result of trying to remove VBS/PeachyPDF-A from the battle computer using M'swoN'kar after Commander Kor opened an attachment from the system S'cam-419".

They walk the warrior's path and they devour horrible-looking bowlfuls of red worms, but hey, Klingons need malware protection too.

To help Worf and his compatriots in their trek for PC security, anti-virus maker Sophos has translated one of their tools into Klingon. Yes, really. It's now available as a free download from http://www.sophos.co.../klingon-anti-virus/.

Ehtyar.