Braving triple-digit heat, mean hangovers and an incredibly hostile network, roughly 10,000 hackers, security experts, feds, spies and various other “computer enthusiasts” took over the Riviera last weekend for the world’s largest hacking convention, DefCon.This year there was no shortage of interesting developments, including a hacked ATM, hacked badges, hacked parking meters, hacked locks, hacked feds, hacked video cameras and more.
Security researchers have uncovered critical flaws in open-source software that implements the Extensible Markup Language in a staggering array of applications used by banks, e-commerce websites, and consumers.The bugs uncovered by researchers at Finland-based Codenomicon were contained in virtually every open-source XML library available, Ari Takanen, CTO of Finland-based security testing firm Codenomicon, told The Register. Many of them could allow attackers to crash machines running applications that use the libraries or even remotely execute malicious code. The Python and Java programming languages and Apache Xerces are already known to be affected, and Takanen said many more could be as well.
A Japanese TV station broke a major piece of news on the progress of China Blue High Definition (a China-grown competitor to Blu-ray) in the China market last week, but the English-language technology press, through a translation mistake, misreported the news. It turns out that CBHD penetration in China appears to have hit a staggering 30 percent, in only a few months on the market.
Domain name investing has been around almost as long as domain names were open for purchase by the general public, and the practice has picked up since the mid-90s, as companies stake out their spot on the digital frontier. Domain names can be so valuable, in fact, that people actually steal them to sell to unsuspecting companies or other domain name investors. The legal process to combat a domain name thief is complicated at best, but there is hope, as police have arrested a man accused of stealing the domain P2P.com.An initial investigation by Florida police, where the victims reside, was dropped for lack of evidence. The rightful owners of P2P.com then filed a civil suit as they believed it was their only recourse. However, Detective Sergeant John Gorman of the New Jersey State Police Cyber-Crimes Unit later reviewed the case, and asked the victims if they wanted to pursue the case in New Jersey, where the alleged thief lived. Based on evidence gathered for the civil suit, the NJ District Attorney approved an indictment. On July 30, Daniel Goncalves, a 25-year-old computer technician for a NJ law firm, was arrested at his home and his computers were seized.
Microsoft has confirmed that Windows 7 E, a version that was meant to ship without Internet Explorer 8 installed, would never see the light of day. The announcement comes even though the replacement solution, a browser ballot screen, has not yet been approved by the EU. With talk of this alternative, many were expecting that Windows 7 E was going to be pronounced dead before release, but Redmond has made it official via the Microsoft on the Issues blog.
The war over network neutrality has been fought in the last two Congresses, and last week's introduction of the "Internet Freedom Preservation Act of 2009" (PDF) means that legislators will duke it out a third time. Should the bill pass, Internet service providers will not be able to "block, interfere with, discriminate against, impair, or degrade" access to any lawful content from any lawful application or device.ISPs would also be forbidden to "impose a charge" on content providers that goes "beyond the end-user charges associated with providing the service to such a provider." In other words, AT&T doesn't have to let Google "use its pipes for free," but it can only collect the money is owed through customary peering and transit arrangements.
The Smoking Gun this week released the results of its lengthy investigation into PrankNet, an online community specializing in disturbing phone pranks. The operators operated under a veil of anonymity, covering their tracks and using Skype to place non-traceable phone calls. When TSG eventually exposed the ringleader as a young man living in Canada, however, the results were predictably pathetic.
For anyone with a little bit of technical know-how, modifying video game systems for various purposes is easy... and can even make you a little bit of money. The problem? Modifying the firmware in video game systems to play pirated games or even your own backups is illegal. Twenty-seven-year-old Matthew Lloyd Crippen learned the hard way that Immigration and Customs Enforcement doesn't have a sense of humor about modding systems for profit: the student was arrested after being indicted on two charges of violating the Digital Millennium Copyright Act for selling modded systems. The question some gamers are now asking themselves: am I breaking the law? The answer is not comforting.For Crippen, each charge carries a maximum penalty of five years in jail, so there is a possibility that Crippen could be staring down the barrel of ten years imprisonment. Crippen was charging a around $30 per job, and the authorities seized around a dozen hacked consoles. "This if for your legally made backups," he claimed when talking to Threat Level. "If you're talking about piracy, I'm not helping you out." The law doesn't agree, especially since he was aware of the ability to play pirated games on his hacked systems, and profited—even in such a limited way—from his work.
It turns out yesterday's major distributed denial-of-service (DDoS) attacks that shut down Twitter for hours and disrupted Facebook and LiveJournal came out of a targeted attack waged against one individual with accounts on all of the sites.A pro-Georgian blogger called "Cyxymu" was apparently the intended target of the massive DDoS that knocked down Twitter and caused major slowdowns on Facebook and LiveJournal when a botnet apparently blasted waves of traffic at his accounts on the sites simultaneously in an effort to shut down his communiques.
I really like the stories about the bad guys getting caught.-housetier (August 10, 2009, 09:09 AM)
