Main Area and Open Discussion > Living Room

Tech News Weekly: Edition 46-09

(1/3) > >>

Ehtyar:
The Weekly Tech NewsHi all.
Enjoy :)
As usual, you can find last week's news here.
1. Truly Malicious IPhone Malware Now Out in the Wild
Spoilerhttp://arstechnica.com/apple/news/2009/11/truly-malicious-iphone-malware-now-out-in-the-wild.ars
No doubt the first of many. Earlier this last week an Iphone "virus" was tracked in Australia, targeting jailbroken iPhones with ssh enabled using the default root password. It would change the background to a picture of Rick Astley, then shut down sshd to prevent reinfection. Someone apparently cottoned on, and has launched a variant that sends private data (contacts, emails, SMSs etc) back to the machine running the control app.

If you didn't heed previous warnings to secure your jailbroken iPhone, you may be in for some serious trouble. Computer security firm Intego has identified the first known truly malicious code which targets jailbroken iPhones with default root passwords.

The latest in a string of recent attacks, iPhone/Privacy.A uses a technique similar to previous hacks. The malware scans for phones on a given network with an open SSH port, then attempts to log in using the default root password that is the same on all iPhones. Unlike the previous versions, which merely replaced the wallpaper image to alert users that they have been cracked, the new version silently copies personal data—"e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app." It then sends the data back to the machine running the software.

--- End quote ---

2. SPDY: Google Wants to Speed Up the Web by Ditching HTTP
Spoilerhttp://arstechnica.com/web/news/2009/11/spdy-google-wants-to-speed-up-the-web-by-ditching-http.ars
Some really interesting stuff here from Google. In their never-ending quest for improved web performance and security (so that they, and only they, can harvest your dataz), Google has concocted a replacement for HTTP over TCP called SPDY (read: speedy) which will be built into a future version of Chrome and hopefully other browsers.

On the Chromium blog, Mike Belshe and Roberto Peon write about an early-stage research project called SPDY ("speedy"). Unhappy with the performance of the venerable hypertext transfer protocol (HTTP), researchers at Google think they can do better.

The main problem with HTTP is that today, it's used in a way that it wasn't designed to be used. HTTP is very efficient at transferring an individual file. But it wasn't designed to transfer a large number of small files efficiently, and this is exactly what the protocol is called upon to do with today's websites. Pages with 60 or more images, CSS files, and external JavaScript are not unusual for high-profile Web destinations. Loading all those individual files mostly takes time because of all the overhead of separately requesting them and waiting for the TCP sessions HTTP runs over to probe the network capacity and ramp up their transmission speed. Browsers can either send requests to the same server over one session, in which case small files can get stuck behind big ones, or set up parallel HTTP/TCP sessions where each must ramp up from minimum speed individually. With all the extra features and cookies, an HTTP request is often almost a kilobyte in size, and takes precious dozens of milliseconds to transmit.

--- End quote ---

3. Intel and AMD Bury the Hatchet Under $1.25 Billion in Cash
Spoilerhttp://arstechnica.com/business/news/2009/11/intel-and-amd-bury-the-hatchet-under-125-billion-in-cash.ars
Intel and AMD have called it quits on all legal battlefronts, with Intel paying AMD $1.5 billion in cash and agreeing to change unspecified business practices.

Intel and AMD are fierce competitors in the world of chipmaking, but in recent years they've taken the fight to the courtroom. AMD has sued Intel for antitrust violations (allegations that have been picked up by a number of governments), while Intel fired back by claiming that AMD had violated a licensing agreement for x86 technology. This morning, however, the two companies made a surprise announcement: they've reached an agreement that settles all legal issues between them.

The statement is short on information; both companies will flesh out the details during press/analyst calls later this morning. However, it does have a few eye-popping details, first and foremost among them a cash payment: Intel will be handing $1.25 billion over to AMD. The agreement also includes limits on Intel's business practices; these aren't specified in the statement, but undoubtedly limit the rebates and bulk buying agreements that Intel has used in the past to keep OEMs from jumping ship to AMD.

--- End quote ---

4. Wikipedia Sued for Publishing Convicted Murderer's Name
Spoilerhttp://www.theregister.co.uk/2009/11/12/wikipedia_sued_by_convicted_murderer/
A German man is suing Wikipedia in an attempt to have them remove his name from every article pertaining to his murder of a man in 1999. According to German law, he should no longer be associated with the crime 10 years after it was committed. The question is, does this right apply to the entire Internet? The German wikipedia is already in full compliance with the law.

A man who served 15 years for the gruesome murder of a famous German actor is taking legal action against Wikipedia for reporting the conviction.

Attorneys took the action on behalf of Wolfgang Werlé, one of two men to receive a life sentence for the 1990 murder of Walter Sedlmayr. In a letter sent late last month to Wikipedia officials, they didn't dispute their client was found guilty, but they nonetheless demanded Wikipedia's English language biography of the Bavarian star suppress the convicted murder's name because he is considered a private individual under German law.

--- End quote ---

5. Attackers Conceal Exploit Sites With Twitter API
Spoilerhttp://www.theregister.co.uk/2009/11/12/attackers_use_twitter_command/
I loves me a unique virus design!! Malicious scripts being used to cause drive-by downloads on infected websites are generating their destination domain names from the second character of each of the top-30 trending twitter topics. This ensures that the resulting domains cannot be calculated in advance, making it very difficult to lock out the necessary domains, as was the approach with the well known Conficker virus.

Drive-by exploit writers have been spotted using a popular Twitter command to send web surfers to malicious sites, a technique that helps conceal the devious deed.

The microblogging site makes application programming interfaces (APIs) such as this one available so legitimate websites can easily plug into the top topics being tweeted. As the concerns and opinions of Twitter users change over time, so too will the so-called top 30 trending topics.

--- End quote ---

6. Microsoft Defends Hotmail's Cookie Requirement
Spoilerhttp://www.theregister.co.uk/2009/11/13/hotmail_cookies/
Whoops. Microsoft is now requring Hotmail users to accept 3rd-party cookies in order to log out of their accounts. They're claiming it "improves security", though how that is the case is anyone's guess.

Microsoft has said its new policy of requiring users to accept third party cookies to log out of Hotmail improves security.

Some readers who contacted El Reg said it raises the risk that accounts will be compromised on public machines, while others who do not allow third party cookies simply found the error message when they tried to log out irritating.

--- End quote ---

7. MS Forensics Tool Leaks Onto the Web
Spoilerhttp://www.theregister.co.uk/2009/11/10/ms_forensics_tool_leak/
Another whoops. Microsoft's "Computer Online Forensic Evidence Extractor" has leaked onto the Internet via BitTorrent, letting anyone see the innards of a controversial tool designed to automagically extract evidence from computers seized by police.

Microsoft's point-and-click "computer forensics for cops" tool has leaked onto the web.

COFEE (Computer Online Forensic Evidence Extractor) is designed to allow law enforcement officers to collect digital evidence from a suspect's PC without requiring any particular expertise. Using the technology - which recovers a list of processes running on an active computer at the scene of an investigation - involves inserting a specially adapted USB stick into a computer.

Grabbing data from a PC without interfering with the machine is no substitute for a detailed examination by experts where something amiss is discovered, but still attractive to the computer crime authorities. It allows police to search a computer's internet history, analyse systems and data stored and even decrypt passwords, without having to transport the machine to a lab. It does this in a fraction of the time the process would normally require.

--- End quote ---

8. Using Photosynthesis to Power Hydrogen Production
Spoilerhttp://arstechnica.com/science/news/2009/11/photosynthesis-proves-to-be-a-powerful-source-for-hydrogen.ars
This is just too cool!! Why are there no hydrogen cards available to the public!!!

The processes we use to obtain fuel, from pumping fossil fuels up from beneath the ocean to harvesting crops to turn into ethanol, create many environmental and practical concerns. These types of fuel work fine with the current generation of cars, but hydrogen has sometimes been touted as the fuel of the future. A publication in Nature Nanotechnology describes how researchers have found a way to use the photosynthetic machinery of a bacteria to produce the hydrogen equivalent of up to 79 gallons of gas per-acre, per-day. Their technique involved capturing the electrons produced during photosynthesis and binding them to some strategically placed protons.

The production of fuel has accelerated lately, from waiting millions of years for fossil fuels to waiting a few days or weeks for biomass-derived fuels such as ethanol. However, biomass fuels still present some difficulties: the fuel produced relative to the land area required is pretty small (the equivalent of a little more than a gallon of gas per acre), the conversion to ethanol requires a distilling period, and all the materials for making the fuel must be harvested, handled, and transported, all of which requires a significant energy expenditure.

--- End quote ---

9. Christopher Walken Performs Lady Gaga's Poker Face
Spoilerhttp://www.youtube.com/watch?v=A2guQYivZ6w
You just gotta love Christopher Walken. Be sure to check out the awesome mashup with the real song here.



Ehtyar.

40hz:
#7 - Nice to see Microsoft has developed their very own backdoor exploit for Windows.

I know I'll sleep better at night knowing such a thing exists. Especially since it will only be made available to duly authorized members of the law enforcement community - whom experience has shown we can completely trust to never abuse such technologies.

I'm sure the Chinese government will be among the first in line to buy an unlimited institutional license for this puppy.

Hoo-wah Microsoft!!!  Way to go! :Thmbsup: :P

gexecuter:
love the Walken-GaGa mashup  ;D thanks a lot :D

tomos:
"You just gotta love Christopher Walken."
yes yes ;D that was a great mashup too

I remember seeing Christopher Walken on Johnathon Ross years ago (same show) reading some fairytale (cant remember which). I just remember him being so totally deadpan but at the same time giving it such character - he's just great!

4wd:
2. Given Google's penchant for catching everything, (data-wise), I think the more appropriate interpretation of SPDY should be SPiDeY Web.

Navigation

[0] Message Index

[#] Next page