avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Saturday March 6, 2021, 12:12 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Tech News Weekly: Edition 43-09  (Read 3192 times)


  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Tech News Weekly: Edition 43-09
« on: October 25, 2009, 05:04 AM »
The Weekly Tech News
TNWeekly01.gifHi all.
Well, either this week was a really sucky news week or I suck at finding it. Either way, I've got two funny videos this week in the hopes you'll all forgive me :-[
As usual, you can find last week's news here.

1. Mozilla Disables Vulnerable Microsoft Plugin for Firefox
We all knew it was going to happen, sneaking extensions into users' Firefox installations can't be a good thing. Mozilla has had to disable Microsoft's .NET Framework Assistant Firefox extension due to the possibility it would assist users in getting hacked after a vulnerability was disclosed that effected it.

Mozilla has temporarily disabled Microsoft's WPF plugin for Firefox in order to protect users from a security vulnerability that was recently uncovered in the component. The vulnerability can be exploited when users visit malicious Web pages that contain specially crafted XAML content.

Microsoft issued an Internet Explorer patch to fix the vulnerability through its Windows Update mechanism on Tuesday. The IE patch is said to fully resolve the vulnerability for Firefox users in addition to users of Microsoft's own browser. Mozilla is concerned, however, that not all users have performed the Windows update yet. In order to protect users who are not yet patched, Mozilla has added Microsoft's plugin to its add-on blocklist, causing it to be automatically disabled by the browser.

2. Prepare for Disconnection! French "3 Strikes" Law Now Legal
The French authorities now have the least forgiving three-strikes policy in the world at their full disposal.

France's Création et Internet law didn't pass muster the first time around, as the country's Conseil Constitutionnel ruled that major portions of the scheme violated the 1789 Rights of Man. The first draft of the bill tended too much toward "guilty until proven innocent," and it threatened a major sanction (Internet disconnection and a national blacklist on access) without judicial oversight.

The French government, bent on passing the law, retooled it and rammed it through the legislature a second time. It was promptly reported to the Conseil by the Socialists, but the Conseil today ruled (PDF, French) that the bill largely addresses its earlier concerns.

3. PSA: Voyeurs, Encrypt Your Spy Videos!
Ridiculous headline I know, but it's so fun! So...yay Aussies? An Australian man has skipped out on going to prison for surreptitiously recording his flatmates through holes in the wall, because he had full disk encryption on the laptop he was using to make the recordings and refused to give up his password.

Rohan James Wyllie of Australia doesn't sound much different than your average voyeur intent on capturing a little secret video of his female roommate unawares. He drilled holes in the walls and ceilings, installed cameras, and created an elaborate network of surveillance equipment so he could keep tabs on the girl from the comfort of his bedroom.

After his roommates noticed suspicious lights and buzzing in August 2007, Wyllie was arrested. Eventually he pleaded guilty to charges of attempting to visually record the woman in question in a private place without her consent. Open and shut case, right? Not quite: Wyllie is now going free without a jail sentence.

4. Gaping Security Hole Turned 64,000 Time Warner Cable Modems Into Hacker Prey
Yay for ISP standard-issue equipment. 64,000 Time Warner subscribers's cable modems were open to full remote administrative access, no password required, until earlier this week.

Time Warner says that within the past week it has patched the problem until the manufacturer can provide a permanent fix, but before that it had allowed administrative access to the routers. Attackers could then run a variety of programs against these routers, says David Chen in his blog Chenosaurus.

Because the vulnerability let anyone anywhere on the Internet take over control of the router, they could launch attacks from within Time Warner customers' homes.

5. Metasploit Project Sold To Rapid7
Massively popular, open source penetration testing toolkit Metasploit has been sold to Rapid7, an information security company. They will employ the project's founder and primary maintainer, HD Moore, and 5 others to work on the project full time.

Vulnerability management vendor Rapid7 has purchased the popular open-source Metasploit penetration testing tool project and named Metasploit founder HD Moore chief security officer of the company.

Moore, who is synonymous with the Metasploit Project , will continue as chief architect of Metasploit in his new role at Rapid7. He'll have an initial team of five Rapid7 researchers dedicated to the open-source project, some of whom already have been regular contributors to Metasploit. Financial terms of the deal were not disclosed.

6. Random Users Google Voice Mail is Searchable by Anyone?
Earlier this week it was discovered that Google itself was actually indexing non-private Google Voice voicemails. The issue has since been dealt with, but a few of the funnier ones are still linked to from TechCrunch here.

Holy crap. It seems that Google is going to have some pretty serious explaining to do this morning, as one of our readers has sent us in a tip that reveals a major security flaw involving Google Voice. After entering “site:* ” into Google, our reader was shocked and discouraged to be greeted by 31 voice mail messages belonging to random Google Voice accounts. Clicking on each revealed not only the audio file and transcript of the call, but it also listed the callers name and phone number as it would if you were checking your own Google Voice voice mail.  We’re not too sure if this flaw is something new or if it has been around since Google Voice started, and could just be test messages, but needless to say the matter has to be fixed if it’s legit.

7. U.S. Spies Buy Stake in Firm That Monitors Blogs, Tweets
Looks like the authories in the US like to have someone else doing the dirty work when it comes to poking around public message archives, sinking investment dollars into a firm that monitors all manner of social media websites including blogs and Twitter.

America’s spy agencies want to read your blog posts, keep track of your Twitter updates — even check out your book reviews on Amazon.

In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ”open source intelligence” — information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day.

8. There Goes the TV...

9. Peter Russell Clarke - Swearing Aussie Chef [NSFW]
Ever wonder what an Aussie TV chef might say if he f**ked up a line ya p**ck?