Tech News Weekly: Edition 23-09

[Ehtyar]

The Weekly Tech News

Hi all. As you have likely already noticed, I am a day late yet again. My apologies. My godmother is in town for the first time since I was too young to remember her visit and it's been quite a blast. As the Aussies will know, it is also the Queen's Birthday long weekend, thus I've been busy having fun for the past 3 days Being a citizen of a nation full of monarchists does have the occasional advantage As usual, you can find last week's news here.

1. EndNote Maker's Lawsuit Over Open-source Zotero Dismissed

Spoiler

http://arstechnica.com/web/news/2009/06/thomson-reuters-suit-against-zotero-software-dismissed.ars
Some of you might remember the outrage expressed by users of the forum when EndNote filed suit against Zotero, a FOSS competing product, because it was able to open EndNote's proprietary file format (EndNote alleged support of the format was in contravention to a license held by Zotero's primary contributor, George Mason University). Those of us that were outragedcan now rest easy (for the time being, at least), as the lawsuit has been thrown out.

An open source software project got some good news this week, as a judge dismissed a suit brought by the maker of a commercial alternative. Thomson Reuters, which makes EndNote, an academic reference management product, had filed suit against George Mason University, claiming that its support of the open source Zotero project, which imports EndNote files, was in contravention of the university's license to EndNote. The suit, which requested an injunction against the distribution of Zotero, has now been dismissed. Depending on whether Thomson Reuters appeals or refiles the suit, this may leave Zotero in the clear.

Academic reference managers, which allow their users to keep track of the publications that they cite when writing up their own research, are a fairly specialized market. EndNote has a number of features that make it a compelling option, including a series of filters for online search queries and tight integration with document preparation software, notably Microsoft Word. It also offers one of the few cross-platform options on the market, and has a large library of reference styles to match the formats used by different journals. But there is also a degree of product lock-in, as many researchers have built up libraries of thousands of references over the years.

2. First Ever Government-sponsored TED Talks Given Yesterday

Spoiler

http://arstechnica.com/tech-policy/news/2009/06/first-ever-government-sponsored-ted-talks-given-last-night.ars
And whoever said the Government never does anything sensible? In a move that I must admit left me utterly stunned by practicality of it all, the US State Department has funded its first ever TED talk under the department's Global Partnership Initiative.

Secretary of State Hillary Clinton announced a new program at the State Department, the Global Partnership Initiative, earlier this year. The initiative seeks to increase partnerships between the public and private sectors to help solve a number of pressing global issues. One of the first fruits of the Global Partnership Initiative was a series of TED Talks, dubbed TED@State, held yesterday afternoon at the State Department's Dean Acheson Auditorium.

Those in tech circles are likely familiar with TED Talks. They're short (up to 18 minute) presentations, often filled with a variety of insights and prognostications, which primarily happen at the annual TED Conference. TED, which stands for technology, entertainment, and design, began 25 years ago to bring together people from these three fields to discuss "ideas worth spreading." Since its relatively humble beginnings in 1984, however, TED has expanded its scope considerably, adding TED Global and TED India to the conference schedule and sponsoring an annual TED Prize that awards $100,000 grants to three "exceptional" recipients to help grant their "one wish to change the world."

3. Windows 7 Arrives On October 22

Spoiler

http://arstechnica.com/microsoft/news/2009/06/windows-7-arrives-on-october-22.ars
Microsoft has announced that Windows 7 will be made Generally Available on the 22nd of October. This release will, of course, succeed an earlier RTM release, which is expected to occur in late July.

Those waiting anxiously for the next version of Windows now have a date to anticipate. Microsoft has confirmed that Windows 7 will be launched on October 22, 2009. This date, which is referred to as General Availability (GA), is in line with Microsoft's previous statement saying that it would have Windows 7 and Windows Server 2008 R2 ready by the holidays. After the software giant unleashed the official Release Candidate on May 5, it became apparent that development on the follow-up to Vista was close to wrapping up.

Microsoft senior VP Bill Veghte revealed the company's launch plans in an interview Tuesday morning. "The feedback from the release candidate has been good," Veghte told CNET. Furthermore, the RTM (Release to Manufacturing) build is expected to be made available to Microsoft partners in the last two weeks of July, according to Channel 10.

4. Data-sniffing Trojans Burrow Into Eastern European ATMs

Spoiler

http://www.theregister.co.uk/2009/06/03/atm_trojans/
In yet another example of why you don't run Windows in environments that call for a high level of information security, a trojan-horse application has been discovered infecting ATMs across Europe, storing the data read from magnetic swipe cards along with the PINs that accompany them, then printing them out via the receipt printer when issued the necessary instructions.

Security experts have discovered a family of data-stealing trojans that have burrowed into automatic teller machines in Eastern Europe over the past 18 months.

The malware logs the magnetic-stripe data and personal identification number of cards used at an infected machine and provides an intuitive interface for retrieving the information using the ATM's receipt printer, according to analysts from SpiderLabs, the research arm of security firm Trustwave. Since late 2007 or so, there have been at least 16 updates to the software, an indication that the authors are working hard to perfect their tool.

"They're following more of a rapid development lifecycle," Nicholas Percoco, vice president and head of SpiderLabs, told The Register. "They're seeing what works and putting out new versions."

5. At Long Last, Internet's Root Zone to Be Secured

Spoiler

http://www.theregister.co.uk/2009/06/04/dnssec_coming/
The US Government has finally agreed to secure the root DNS zone, and has released some preliminary details that would see DNSSEC deployed by the end of the year with participation from ICANN and VeriSign.

The US government said Wednesday it plans to digitally sign the internet's root zone by the end of the year, a move that would end years of inaction securing the internet's most important asset.

The US Department of Commerce's National Telecommunications and Information Administration (NTIA) said it was turning to ICANN, or the Internet Corporation for Assigned Names and Numbers, and VeriSign to implement the measure, which is known as DNSSEC. In October, the two organizations submitted separate proposals that offered sharply contrasting visions for putting the complicated framework in place.

6. Microsoft Unveils New Controller

Spoiler

http://news.bbc.co.uk/2/hi/technology/8077369.stm
Microsoft has unveiled a new technology at this year's E3 that will facilitate player control of gameplay by tracking the player's entire body.

Microsoft has unveiled its new control system for the Xbox 360 console, at E3 in Los Angeles.

Project Natal is a fully hands-free control system that will use face recognition and motion sensors to allow users to play games.

Film director Steven Spielberg, attending the launch, said it was "a window into what the future holds".

Although still in the early stages, Microsoft has sent prototypes to all the main game developers.

7. Intel Strikes Back at ARM, Buys Embedded OS Maker Wind River

Spoiler

http://arstechnica.com/gadgets/news/2009/06/intel-strikes-back-at-arm-buys-embedded-os-maker-wind-river.ars
In the strongest indication yet that it fully intends to domainate the embedded market, Intel has shelled out to buy embedded OS maker Wind River, who make the popular VxWorks embedded operating system.

Yesterday evening, after writing the previous two articles on the battle between Intel and ARM + NVIDIA for the ultramobile space, I was telling our Linux editor why I think Intel pours so many resources into Moblin and other parts of the Linux ecosystem: they want to keep x86-based Linux well ahead of ARM, because the software stack is critical to making inroads in low-power mobile and embedded applications. But while Moblin might be fine for web tablets and the like, real embedded customers of the sort that Intel would ultimately like to poach from ARM run the VxWorks real-time OS by Wind River. So this morning, Intel has announced that it is going to do with VxWorks what it cannot do with Linux—it's just buying the whole thing.

Intel plans to buy Wind River for a cool $884 million in cash, and it seems likely that it plans to extend their Linux strategy to this new OS. Intel's announcement on the deal emphasizes that Wind River will be run as a subsidiary of Intel, and that "Wind River will continue to develop innovative, commercial-grade software platforms that support multiple hardware architectures that are optimized for the needs of its many embedded and mobile customers." But Intel isn't shy about trumpeting the fact that Wind River will now turn considerable attention to the x86 port of VxWorks.

8. Judge Backs Halifax in Chip and PIN Clone Case

Spoiler

http://www.theregister.co.uk/2009/06/05/atm_phantom_withdrawal/
In a closely watched case involving the chip-and-pin authentication scheme employed by all modern credit cards the court has ruled in favor of the Halifax Bank who were taken to court by a customer who claimed his card was cloned and the details used to make fraudulent withdrawals. Halifax convinced the Judge that the physical card itself was used to authorize the withdrawals.

Halifax, the UK retail bank, has scored a victory in a closely-watched 'phantom withdrawal' case that put the security of Chip and PIN on trial.

Halifax customer Alain Job sued the bank after he was held liable for making eight disputed cash machine withdrawals from his account. Job was left £2,100 out of pocket from the series of withdrawals in February 2006 and launched a lawsuit after failing to obtain a refund from the bank, or through arbitration.

Cases over "phantom withdrawals", where money is withdrawn from bank ATMs without the card holder's permission and where card details have not being divulged to third parties, are commonplace, even in the UK.

9. Hacking Tool Lets A VM Break Out And Attack Its Host

Spoiler

http://www.darkreading.com/securityservices/security/app-security/showArticle.jhtml?articleID=217701908
Immunity Inc. have made available in the latest release of their flagship product, Canvas, an exploit against a memory corruption bug found and patched in VMWare Workstation in April that could allow an attacker to break out of the virtual machine and effect changes to the host operating system.

Researchers for some time have demonstrated the possibility of one of virtualization's worst nightmares -- a guest virtual machine (VM) infiltrating and hacking its host system. Now another commercial tool is offering an exploit that does exactly that.

The newest version of Immunity's Canvas commercial penetration testing tool, v6.47, includes the so-called Cloudburst attack module, which was developed by Immunity researcher Kostya Kortchinsky to exploit a VMWare vulnerability (CVE-2009-1244) in VMware Workstation that lets a user or attacker in a "guest" VM break into the actual host operating environment. VMware issued a patch for the bug in April.

10. Anti-sec Group Destroys ASTALAVISTA

Spoiler

http://marcoramilli.blogspot.com/2009/06/anti-sec-group-destroyed-astalavista.html
Infamous "security" site ASTALAVISTA has been brought down, permanantly, by hacking group anti-sec.

Yes man, the historical security group ASTALAVISTA has been destroyed by anti-sec group. I really didn't know who anti-sec group was, but they're truly amazing. I started my personal security carrier in sites such as ASTALAVISTA where security lovers meet each others sharing information and experiences, but sincerely I don't miss the ASTALAVISTA community. According to anti-sec group :


    Why has Astalavista been targeted?

    Other than the fact that they are not doing any of this for the "community" but
    for the money, they spread exploits for kids, claim to be a security community
    (with no real sense of security on their own servers), and they charge you $6.66
    per months to access a dead forum with a directory filled with public releases
    and outdated / broken services.

11. NSFW - The Website Is Down (Thanks Joshua)

Spoiler

http://www.thewebsiteisdown.com/salesguy.html
Many of you have likely already seen this video, another of The Website Is Down videos won a Webby earlier this year for their viral video #3, but I hadn't until this week, and I couldn't stop myself from laughing. Enjoy.

Ehtyar.

[tomos]

#4 & #8 - we'll have to go back to cash one of these days . .

#4

Job's barrister, Stephen Mason, told IDG that Halifax had junked evidence that might have ascertained if a cloned card was used. The original ATM card and the Authorisation Request Cryptogram were destroyed by Halifax.

possibly just a mistake by Halifax. but odd

[Lutz_]

1. EndNote Maker's Lawsuit Over Open-source Zotero Dismissed

I guess the next Endnote version will introduce an encrypted file-format?

[Ehtyar]

I guess the next Endnote version will introduce an encrypted file-format?

-Lutz_ (June 08, 2009, 02:28 PM)

See the problem is I think what EndNote was trying to do with that case was to set a precedent that would prevent anyone from reverse-enginerring their format in the future. Introducing an encrypted format would just start a war between EndNote and the Open community, which most people would bet the community would win due to their vast resources, particularly given that EndNote is such a popular product with few FOSS alternatives.

#4 & #8 - we'll have to go back to cash one of these days . .

-tomos (June 08, 2009, 09:13 AM)

Heh, if only "progress" hadn't backed us into such a corner. In all fairness, the chip and pin thing was just security by obscurity. Anyone with enough money to burn these days can get their hands on an active RFID reader, then there's just the question of getting the PIN, for where there are already a scrillion methods to choose from...

#4

Job's barrister, Stephen Mason, told IDG that Halifax had junked evidence that might have ascertained if a cloned card was used. The original ATM card and the Authorisation Request Cryptogram were destroyed by Halifax.

possibly just a mistake by Halifax. but odd

-tomos (June 08, 2009, 09:13 AM)

I'd call it "suspicious", to say the least. Halifax, and indeed any bank in all of Europe (soon to be just about every Western nation) had a lot riding on this case. It was definitely in their best interests to win it.

Ehtyar.