topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 9:43 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Tech News Weekly: Edition 45-09  (Read 8027 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Tech News Weekly: Edition 45-09
« on: November 08, 2009, 04:12 AM »
The Weekly Tech News
TNWeekly01.gifHi all.
Enjoy :)
As usual, you can find last week's news here.


1. Dutch Hacker Holds Jailbroken IPhones "hostage" for €5
Spoiler
http://arstechnica.com/apple/news/2009/11/dutch-hacker-holds-jailbroken-iphones-hostage-for-5.ars
We all knew it was gonna happen at some point; a Dutch gentleman has taken advantage of users with jailbroken iPhones who have no changed their root password but left the SSH service active. He changed the home screen background to an image resembling an iPhone message box demanding €5 in exchange for a fix.

Though jailbreaking an iPhone certainly opens up opportunities to add functionality that Apple doesn't approve of, it can also make an iPhone less secure. Several Dutch iPhone users found that out the hard way after a hacker attacked a number of vulnerable phones on T-mobile Netherlands and tried to extort €5 from them.

It appears one enterprising Dutch hacker used port scanning to identify jailbroken iPhones on T-mobile Netherlands with SSH running. Enabling SSH is a common procedure for jailbroken iPhones, allowing a user to log in via Terminal and run standard UNIX commands. Unfortunately, iPhones all have a default root password that many forget to change after jailbreaking, leaving their phone as vulnerable as a Lamborghini parked on a public street with the windows down, the doors unlocked, and the keys in the ignition.


2. Google Gives You A Privacy Dashboard To Show Just How Much It Knows About You
Spoiler
http://www.techcrunch.com/2009/11/05/google-gives-you-a-privacy-dashboard-to-show-just-how-much-it-knows-about-you/
A bit of a cynical headline even for me, but this story is kind of amusing in that respect. Google have made available a "privacy dashboard" that, in addition to showing you how much Google knows about you, lets you manage your Google info. from a central location.

The more Google products you use, the more data it collects about everything you do online—your search history, your emails, the blogs and news sites you read, which videos you watch on YouTube, your news alerts, tasks ,and even shopping lists. For some of these, you need to explicitly grant Google permission to keep track of data associated with your profile.

But it’s hard to keep up with everything Google is tracking.

So now the company is launching a Google Dashboard, which will give you a high-level summary of everything Google knows about you by virtue of the Google products you use. This might include how many emails are in your inbox, recent subject lines, which YouTube video you’ve watched lately (yes, all of them), appointments on your calendar, and more.


3. Bizarre Legal Defense After EMI Sues Over Beatles MP3 Sales
Spoiler
http://arstechnica.com/tech-policy/news/2009/11/about-those-beatles-songs-its-weirder-than-you-thought.ars
A recent addition to the web, BlueBeats.com, was selling Beatles tracks online for a good chunk of this week, claiming it owned the copyright. It caused a big stir across the net, (the tracks in question have never been made available online) as the tracks were available for just 25 cents each.

When the news broke earlier this week that the so-famous-you've-never-heard-of-it BlueBeat.com was both streaming and selling The Beatles remasters—and for 25¢ a track—we speculated that an entertainingly weird legal theory was at the root of this behavior.

We just had no idea how weird it was.


4. Competition is Gouging Phone Users (For the Aussies - Thanks 4wd)
Spoiler
http://www.theage.com.au/opinion/politics/competition-is-gouging-phone-users-20091101-hrjx.html
Normally I wouldn't post an editorial here, but this is a terrific article from the Aussie paper TheAge, discussing the impact the Australian national fiber network (or FUCK - Future Unilateral Countrywide KevNetTM 4wd) will have on Australian consumers.

WE MUST be mad. Telstra is obliged under the universal service obligation to offer telephone customers a basic telephony service for $30 a month. The Rudd Government wants to replace this with a new service - the national broadband network - which on the most favourable assumptions will cost customers $60 to $70 a month for a basic telephone service.

And to ensure customers will take up the new service, the Telstra copper wires that enable the $30 a month service will be ripped up.

This is called levelling the playing field for fair competition. But this is not the end of the gouging of Australian telephone users.


5. TLS Negotiation Flaw Published
Spoiler
http://www.cgisecurity.com/2009/11/steve-dispensa-and-marsh-ray-have-published-a-paper-describing-a-weakness-in-the-tls-negotiation-process-from-the-whitepaper.html
A flaw in the renegotiation procedure of TLS (the successor to SSL) could allow an attacker to inject a certain amount of chosen plaintext into a GET request as part of a MITM attack. Fortunately, that's where the vulnerability ends, however it is easily significant enough to have prompted a rethink of the entire procedure.

"Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3 and previous) is subject to a number of serious man-in-the-middle (MITM) attacks related to renegotiation. In general, these problems allow an MITM to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, leading to a variety of abuse possibilities. In particular, practical attacks against HTTPS client certificate authentication have been demonstrated against recent versions of both Microsoft IIS and Apache httpd on a variety of platforms and in conjunction with a variety of client applications. Cases not involving client certificates have been demonstrated as well. Although this research has focused on the implications specifically for HTTP as the application protocol, the research is ongoing and many of these attacks are expected to generalize well to other protocols layered on TLS.

There are three general attacks against HTTPS discussed here, each with slightly different characteristics, all of which yield the same result: the attacker is able to execute an HTTP transaction of his choice, authenticated by a legitimate user (the victim of the MITM attack). Some attacks result in the attacker-supplied request generating a response document which is then presented to the client without any certificate warning or other indication to the user. Other techniques allow the attacker to forward or re-purpose client certificate authentication credentials."


6. Web Open Font Format Backed by Mozilla, Type Foundries
Spoiler
http://arstechnica.com/web/news/2009/11/web-open-font-format-backed-by-mozilla-type-foundries.ars
Some news web typography awesomeness is making its way into the next version of Firefox in the form of the Web Open Font Format. The format will enable the use of metadata stored in OpenType fonts to modify their appearance. See the video included in the article for more info.

Efforts to bring advanced typography to the Web have reached an important milestone. Type designers Tal Leming and Erik van Blokland, who had been working to developing the .webfont format, combined forces with Mozilla's Jonathan Kew, who had been working independently on a similar format. The result of the collaboration is called Web Open Font Format (WOFF), and it has the backing of a wide array of type designers and type foundries. Mozilla will also include support for it in Firefox 3.6.

WOFF combines the work of Leming and Blokland had done on embedding a variety of useful font metadata with the font resource compression that Kew had developed. The end result is a format that includes optimized compression that reduces the download time needed to load font resources while incorporating information about the font's origin and licensing. The format doesn't include any encryption or DRM, so it should be universally accepted by browser vendors—this should also qualify it for adoption by the W3C.


7. Complete Genomics Produces a Cheap—well, $5,000—human Genome
Spoiler
http://arstechnica.com/science/news/2009/11/complete-genomics-produces-a-cheapwell-5000human-genome.ars
Very awesome (if utterly terrifying); a company called Complete Genomics has managed to repeat a "reasonably complete" human genome for just under $5000, incredibly cheap when compared to the millions it might have cost a few years ago.

With the newest DNA sequencing technology starting to reach the market, we're seeing a bit of a bifurcation. Some of the methods can do long reads, covering hundreds of bases, and provide data that's appropriate for assembling a genome that's never been sequenced before. Others produce lots of shorter reads, which can only be aligned to a genome that we know the sequence of already. What good is repeating a completed genome? Potentially quite a lot, if that genome happens to be human and, more particularly, yours, since it can provide information on medically relevant issues like disease risks and drug efficacy. The goal here is to make this so cheap that sequencing a person's genome could be routine.

A big step in that direction may have been taken by a company called Complete Genomics, which describes the methods it used to sequence three human genomes in a paper that will be released by Science today. The system described in the paper combines some clever variants of well known molecular biology techniques to read massive amounts of DNA fragments that are, in total, about 65 bases long. But, because the materials used for the reactions are so common, even the enzymes can be purchased cheaply. That allows Complete Genomics to bring an entire human genome in while spending less than $5,000 on materials. All that, plus an error rate of less than one base in 100,000.


8. Secret Knock Detecting Lock
Spoiler
http://www.youtube.com/watch?v=zE5PGeh2K9k
We usually have funny videos at the end of the Tech News, I know, but this week we have a video made of pure awesomeness. Details can be found here

onion.jpg



Ehtyar.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 45-09
« Reply #1 on: November 08, 2009, 04:45 AM »
4. I didn't really mean for you to include my acronym in your post....sheesh, now everyone will think I'm just some uncouth aussie yob...........oh wait......

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 45-09
« Reply #2 on: November 08, 2009, 04:48 AM »
You just beat me, was about to msg you the URL for the news, and to say how much I LOVE that acronym!!!!

Ehtyar.

Lutz_

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 229
    • View Profile
    • Donate to Member
Re: Tech News Weekly: Edition 45-09
« Reply #3 on: November 09, 2009, 07:04 PM »
Thanks for the interesting news!!! Time to start the personal genome projects.