Tech News Weekly: Edition 39-09

[Ehtyar]

The Weekly Tech News

Hi all. Sorry about all the data breach stories, hopefully some of them will induce a LOL As usual, you can find last week's news here.

1. Demon Splurges Details of 3,600 Customers in Billing Email

Spoiler

http://www.theregister.co.uk/2009/09/23/demon_password_giveaway/
Normally I don't post about data leaks, but I think such gross incompetence is worthy of an exception. Basically, British ISP Demon Internet sent out an email talking up their new electronic billing system, and attached a document containing the private details, including passwords, for their some 3600 customers.

Demon Internet sent thousands of business and government subscribers an email this morning telling them all about a new e-billing system, and tacked on details, including passwords, for 3,600 customers.

The email - supposedly from Simon Blackburn Demon's director of customer service - has been sent to customers opting for e-billing. It includes a guide to the new service along with user names and passwords.

But the email also has a .csv attachment with 3,681 customer records on it. Entries include names, emails, telephone numbers and what looks very like a user name and password.

2. Bank Sues Google for Identity of Gmail User

Spoiler

http://www.theregister.co.uk/2009/09/23/google_sued_for_gmail_user_identity/
This one's even funnier, though on a more serious note this case a lot of potential to create some very nasty case law. A bank clerk has sent loan details of 1300 customers to a Gmail address, and the bank is now suing Gmail for the identity of the account holder.

A US bank is suing Google for the identity of a Gmail user after a bank employee accidentally sent the user a file that included the names, addresses, tax IDs, and loan info for more than 1,300 of the bank's customers.

In mid-August, according to court documents filed in a California federal court, the Wyoming-based Rocky Mountain Bank was asked by a customer to send certain loan documents to a Gmail account belonging to a third party. A bank employee attempted to do so. But a day later, he realized he had sent the documents to the wrong address - along with a file containing confidential information for 1,325 other customers.

3. WebGL in Firefox Nightly Builds, Demoed With 3D Spore Model

Spoiler

http://arstechnica.com/open-source/news/2009/09/webgl-in-firefox-nightly-builds-demoed-with-3d-spore-model.ars
Mozilla, along with Apple, will soon have a 3D graphics framework available in their browsers called WebGL.

The latest Firefox nightly builds now include Mozilla's implementation of WebGL, an emerging standard that aims to bring 3D graphics to the Web. Although the standard is still at a relatively early stage in the draft process, it is rapidly gaining momentum and has strong backing from a growing number of browser vendors. It's yet another sign that standards adoption is accelerating as the need to bring richer content to the Web drives forward browser evolution.

The WebGL working group was formed earlier this year when Mozilla teamed up with the Khronos Group, the organization behind the OpenGL standard, to define an open standard for native browser 3D. The goal is to develop low-level JavaScript APIs that will provide comprehensive support for OpenGL ES 2.0. High-level third-party libraries, such as C3DL, will be built on top to give Web application developers a more expressive and convenient way to leverage WebGL's 3D capabilities. Mozilla believes that the flexibility inherent in this layered approach will be advantageous in the long term and that the trend towards faster JavaScript engines will make it practical for real-world usage.

4. Big GPL Copyright Enforcement Win in Paris Court of Appeals

Spoiler

http://arstechnica.com/open-source/news/2009/09/big-gpl-copyright-enforcement-win-in-paris-court-of-appeals.ars
An interesting bit of case law has just shot up in France, making it possible for GPL enforcement lawsuits to be won by those receiving the software, not just those developing it.

The Free Software Foundation France (FSF France) is jubilant about a recent court ruling that has affirmed the validity of the open source GNU General Public License (GPL) under French copyright law. This successful GPL enforcement effort will send a strong message about the importance of open source license compliance to the French software industry.

The GPL is a copyleft license that mandates reciprocal disclosure of source code. When a company incorporates code that is licensed under the GPL into their software product, they are obligated to make their own code available under the terms of the GPL, which stipulates that source code must be made available for third parties to study, modify, and redistribute. Companies that ship GPL-based products must provide notice to end users and promise to furnish source code upon request.

5. Oracle Won't Unload MySQL, Sun Losing $100 Million Per Month

Spoiler

http://arstechnica.com/open-source/news/2009/09/oracle-wont-unload-mysql-sun-losing-100-million-per-month.ars
Oracle has officially announced that it will be holding on to MySQL when it aquires Sun Microsystems, despite antitrust concerns from the EU.

Oracle's pending acquisition of Sun recently hit a snag when EU regulators decided that Oracle's assimilation of MySQL warranted closer scrutiny. Oracle CEO Larry Ellison responded publicly in a recent address, saying that Oracle will not unload MySQL in order to appease EU regulators.

Sun acquired MySQL last year in a move that aimed to position the company's Solaris operating system as a more appealing choice for Web servers. The honeymoon was short, however, and key people from MySQL fled in the aftermath of the acquisition. MySQL cofounder Monty Widenius left in February after expressing frustration with the 5.1 release. He founded his own company and formed an alliance with other independent companies in the MySQL ecosystem with the intention of providing an alternate path forward for MySQL in the event that Oracle takes steps that are disadvantageous to the community.

6. FCC to Take a Stand On Net Neutrality

Spoiler

http://www.pcworld.com/article/172290/fcc_to_take_a_stand_on_net_neutrality.html
The FCC has announced it intends to legislate a form of Net Neutrality, which would, perhaps most importantly, prevent ISPs from giving preference to, or discriminating against, certain types of traffic on their networks.

Federal Communications Commission (FCC) chairman Julius Genachowski is expected to announce a plan on Monday to formalize the idea of net neutrality. The move, which supports a campaign promise made by President Barack Obama, will prevent the information superhighway from becoming a toll road giving preferential treatment to those who pay for it.

The move would formalize rules the FCC has already been imposing on a case by case basis. Last Fall, under the previous administration and previous FCC chairman, Kevin Martin, the FCC ruled that Comcast could not throttle (or limit) bandwidth for peer-to-peer (P2P) networking traffic. Comcast is challenging that ruling, but formalizing the guidelines being imposed would help support the FCC decision.

7. Facebook Enables Apps to Peek at Mail

Spoiler

http://www.theregister.co.uk/2009/09/23/facebook_mailbox_api_privacy/
Facebook app developers will soon be able to raid a users' message inbox, after the user has provided explicit permission.

Facebook plans to open up members' inboxes and notifications to developers have drawn fire from security experts as an unacceptable privacy risk.

The social network site published plans to release a notification and Mailbox API in a post on a developers' forum last month. The development has received little attention since, despite marking a huge shift in how much confidential data software applications on the social networking might be able to access.

Users who sign up to applications that make use of the feature give the green-light for software to scan the contents of messages sent through the social networking website.

8. Texas Instruments Signing Keys Broken

Spoiler

http://www.schneier.com/blog/archives/2009/09/texas_instrumen.html
A cute cryptography story for the budding cryptologists among us; Texas Instruments' 512-bit code signing keys have been factored, laying bare their firmware update mechanism.

Texas Instruments' calculators use RSA digital signatures to authenticate any updates to their operating system. Unfortunately, their signing keys are too short: 512-bits. Earlier this month, a collaborative effort factored the moduli and published the private keys. Texas Instruments responded by threatening websites that published the keys with the DMCA, but it's too late.

So far, we have the operating-system signing keys for the TI-92+, TI-73, TI-89, TI-83+/TI-83+ Silver Edition, Voyage 200, TI-89 Titanium, and the TI-84+/TI-84 Silver Edition, and the date-stamp signing key for the TI-73, Explorer, TI-83 Plus, TI-83 Silver Edition, TI-84 Plus, TI-84 Silver Edition, TI-89, TI-89 Titanium, TI-92 Plus, and the Voyage 200.

9. Quantum Chip Helps Crack Code

Spoiler

http://www.spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm
It seems I'm a bit late on this one, but no matter. Researchers have used a quantum integrated circuit to etermine the prime factors of the number 15. THis is a long way from cracking DSA or RSA, but is an incredible breakthrough for Quantum computing nonetheless.

Modern cryptography relies on the extreme difficulty computers have in factoring huge numbers, but an algorithm that works only on a quantum computer finds factors easily. Today in Science, researchers at the University of Bristol, in England, report the first factoring using this method—called Shor’s algorithm—on a chip-scale quantum computer, bringing the field a tiny step closer to realizing practical quantum computation and code cracking.

Quantum computers are based on the quantum bit, or qubit. A bit in an ordinary computer can be either a 1 or a 0, but a qubit can be 1, 0, or a ”superposition” of both at the same time. That makes solving certain problems—like factoring—exponentially faster, because it lets the computer try many more solutions at once. The race is on to find the ideal quantum computer architecture, with qubit contenders that include ions, electrons, superconducting circuits, and in the University of Bristol’s case, photons.

10. Astronaut Mess

Spoiler

http://www.youtube.com/watch?v=gugmvumKU6s
Ha-larious!!

Ehtyar.

[housetier]

Thank you very much for this collection!

You know, these weekly postings are an important news source for me: They are filtered, so there is not much crap, but they are filtered by someone with different interests, so there is always something fresh. 

[Ehtyar]

My pleasure House Man, glad you enjoy it

Ehtyar.

[f0dder]

#7 - kinda nasty. Could be useful for archiving your facebook mails, but it's probably going to be abused a helluva lot more than it's used for good.

#8 - nice