topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday November 1, 2024, 6:49 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Tech News Weekly: Edition 32-09  (Read 7238 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Tech News Weekly: Edition 32-09
« on: August 10, 2009, 06:50 AM »
The Weekly Tech News
TNWeekly01.gifHi all.
Sorry for late again guys, weekend ended up a little hectic. Forgive me?
As usual, you can find last week's news here.


1. Hacking, Lock-Picking, Booze and Bacon: DefCon 17 In Review
Spoiler
http://www.wired.com/threatlevel/2009/08/defcon-review/
Right off the tail of last week's BlackHat, this week saw DEFCON 17 in Las Vegas. The good stuff is yet to be published, but you can be sure it will come, and in droves.

Braving triple-digit heat, mean hangovers and an incredibly hostile network, roughly 10,000 hackers, security experts, feds, spies and various other “computer enthusiasts” took over the Riviera last weekend for the world’s largest hacking convention, DefCon.

This year there was no shortage of interesting developments, including a hacked ATM, hacked badges, hacked parking meters, hacked locks, hacked feds, hacked video cameras and more.


2. XML Flaws Threaten 'enormous' Array of Apps
Spoiler
http://www.theregister.co.uk/2009/08/06/xml_flaws/
I dare say most of us knew it, but none of us wished to speak of it. Someone has finally put together a fun collection of all the issues/bugs/vulnerabilities in the various popular XML parsers, noting that those written in C came out the dirtiest (well duh).

Security researchers have uncovered critical flaws in open-source software that implements the Extensible Markup Language in a staggering array of applications used by banks, e-commerce websites, and consumers.

The bugs uncovered by researchers at Finland-based Codenomicon were contained in virtually every open-source XML library available, Ari Takanen, CTO of Finland-based security testing firm Codenomicon, told The Register. Many of them could allow attackers to crash machines running applications that use the libraries or even remotely execute malicious code. The Python and Java programming languages and Apache Xerces are already known to be affected, and Takanen said many more could be as well.


3. Homegrown CBHD Discs Outsell Blu-ray by 3-1 Margin in China
Spoiler
http://arstechnica.com/business/news/2009/08/homegrown-cbhd-discs-outsell-blu-ray-by-3-1-margin-in-china.ars
A new Chinese HD video disk format, built from the ashes of HD-DVD, is outselling Blu-Ray 3 to 1 one in China.

A Japanese TV station broke a major piece of news on the progress of China Blue High Definition (a China-grown competitor to Blu-ray) in the China market last week, but the English-language technology press, through a translation mistake, misreported the news. It turns out that CBHD penetration in China appears to have hit a staggering 30 percent, in only a few months on the market.


4. Accused Domain Thief Faces Jail Time for "stealing" P2P.com (Thanks 40hz)
Spoiler
http://arstechnica.com/web/news/2009/08/accused-domain-thief-faces-jail-time-for-stealing-p2pcom.ars
As Hertz Man so succinctly put it; FINALLY!! Finally, a domain thief may actually be brought to justice after being arrested in his home state of New Jersey.

Domain name investing has been around almost as long as domain names were open for purchase by the general public, and the practice has picked up since the mid-90s, as companies stake out their spot on the digital frontier. Domain names can be so valuable, in fact, that people actually steal them to sell to unsuspecting companies or other domain name investors. The legal process to combat a domain name thief is complicated at best, but there is hope, as police have arrested a man accused of stealing the domain P2P.com.

An initial investigation by Florida police, where the victims reside, was dropped for lack of evidence. The rightful owners of P2P.com then filed a civil suit as they believed it was their only recourse. However, Detective Sergeant John Gorman of the New Jersey State Police Cyber-Crimes Unit later reviewed the case, and asked the victims if they wanted to pursue the case in New Jersey, where the alleged thief lived. Based on evidence gathered for the civil suit, the NJ District Attorney approved an indictment. On July 30, Daniel Goncalves, a 25-year-old computer technician for a NJ law firm, was arrested at his home and his computers were seized.


5. Microsoft Confirms Windows 7 E is Dead
Spoiler
http://arstechnica.com/microsoft/news/2009/08/microsoft-confirms-windows-7-e-is-dead.ars
Windows 7 E is no more, and Microsoft awat the EU's decision on their browser ballot proposal.

Microsoft has confirmed that Windows 7 E, a version that was meant to ship without Internet Explorer 8 installed, would never see the light of day. The announcement comes even though the replacement solution, a browser ballot screen, has not yet been approved by the EU. With talk of this alternative, many were expecting that Windows 7 E was going to be pronounced dead before release, but Redmond has made it official via the Microsoft on the Issues blog.


6. Network Neutrality in Congress, Round 3: Fight!
Spoiler
http://arstechnica.com/tech-policy/news/2009/08/the-war-over-network-neutrality.ars
Legislated 'Net neutrality is again being proposed in congress...for the third time! It's heartening to know the pollies (at least the US ones) aren't giving up as quickly as the people are losing hope.

The war over network neutrality has been fought in the last two Congresses, and last week's introduction of the "Internet Freedom Preservation Act of 2009" (PDF) means that legislators will duke it out a third time. Should the bill pass, Internet service providers will not be able to "block, interfere with, discriminate against, impair, or degrade" access to any lawful content from any lawful application or device.

ISPs would also be forbidden to "impose a charge" on content providers that goes "beyond the end-user charges associated with providing the service to such a provider." In other words, AT&T doesn't have to let Google "use its pipes for free," but it can only collect the money is owed through customary peering and transit arrangements.


7. The Smoking Gun Exposes PrankNet As Internet Badboys Cower (Thanks again 40hz)
Spoiler
http://arstechnica.com/security/news/2009/08/the-smoking-gun-exposes-pranknet-as-internet-badboys-cower.ars
The full story: http://www.thesmokinggun.com/archive/years/2009/0803091pranknet1.html
Honestly, I hadn't heard of PrankNet until I read this article (I'd heard of the exploits of individual members, but not of the group itself), but after reading it I felt it was well worth posting. This scumbag lead an online group dedicated to screwing with people, by using social engineering to put people in incredibly humiliating and costly predicaments, all in the name of "entertainment".

The Smoking Gun this week released the results of its lengthy investigation into PrankNet, an online community specializing in disturbing phone pranks. The operators operated under a veil of anonymity, covering their tracks and using Skype to place non-traceable phone calls. When TSG eventually exposed the ringleader as a young man living in Canada, however, the results were predictably pathetic.


8. Modder Arrest a Reminder That Most Console Hacks Are Illegal
Spoiler
http://arstechnica.com/gaming/news/2009/08/modder-arrest-a-reminder-that-most-console-hacks-are-illegal.ars
Haven't heard of one of these for a while. Watch out guys, modding that console for your friend, for a modest fee, could see you in cuffs...apparently...

For anyone with a little bit of technical know-how, modifying video game systems for various purposes is easy... and can even make you a little bit of money. The problem? Modifying the firmware in video game systems to play pirated games or even your own backups is illegal. Twenty-seven-year-old Matthew Lloyd Crippen learned the hard way that Immigration and Customs Enforcement doesn't have a sense of humor about modding systems for profit: the student was arrested after being indicted on two charges of violating the Digital Millennium Copyright Act for selling modded systems. The question some gamers are now asking themselves: am I breaking the law? The answer is not comforting.

For Crippen, each charge carries a maximum penalty of five years in jail, so there is a possibility that Crippen could be staring down the barrel of ten years imprisonment. Crippen was charging a around $30 per job, and the authorities seized around a dozen hacked consoles. "This if for your legally made backups," he claimed when talking to Threat Level. "If you're talking about piracy, I'm not helping you out." The law doesn't agree, especially since he was aware of the ability to play pirated games on his hacked systems, and profited—even in such a limited way—from his work.


9. DDoS Attacks On Twitter, Facebook Result Of Massive Attack On One Person
Spoiler
http://www.darkreading.com/security/client/showArticle.jhtml?articleID=219100459
Normally I wouldn't report this kind of story, but when was the last time you heard of a DoS attack on the likes of Twitter or Facebook in an attempt to harm a single user?

It turns out yesterday's major distributed denial-of-service (DDoS) attacks that shut down Twitter for hours and disrupted Facebook and LiveJournal came out of a targeted attack waged against one individual with accounts on all of the sites.

A pro-Georgian blogger called "Cyxymu" was apparently the intended target of the massive DDoS that knocked down Twitter and caused major slowdowns on Facebook and LiveJournal when a botnet apparently blasted waves of traffic at his accounts on the sites simultaneously in an effort to shut down his communiques.


10. Big Deck
Spoiler
http://www.youtube.com/watch?v=nz82fjXqFQ4
Hey guys, check out my big...deck...

onion.jpg



Ehtyar.
« Last Edit: August 10, 2009, 06:52 AM by Ehtyar »

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 32-09
« Reply #1 on: August 10, 2009, 09:09 AM »
I really like the stories about the bad guys getting caught.

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 32-09
« Reply #2 on: August 14, 2009, 01:20 AM »
I really like the stories about the bad guys getting caught.

Yeah, but somehow they usually end up walking away unscathed in the end. I'm losing faith.....

Jim

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,964
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 32-09
« Reply #3 on: August 14, 2009, 03:59 AM »
#5: Zaine posted this: Deciphering Win7 Upgrades: The Official Chart but it doesnt cover the EU options . . .

now,
i cant remember,
was that E in Windows 7 E for Europe or EU or Eejit(s) :-\
Tom

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 32-09
« Reply #4 on: August 14, 2009, 06:10 AM »
WIndows 7 E was to be for the European market, and did not include IE in the hopes of deterring the EU from forcing Microsoft to give users a choice of browser. Looks as though the ploy didn't work though.

Ehtyar.