July 2008
95 posts
Is Anti-Virus Dead? →
Users will click anything
Some studies show that the success rate of a well-formatted phishing attempt can garner about a 10% click-through rate. However, with targeting techniques, such as using what would be expected to be legitimate content in a phishing attempt this can go upwards of 80%. An example, if you got a random PDF file from someone named “fbtgsertgrwetgfe” with the...
Time spent involving Microsoft Zune →
IE8 Beta 2 getting heavy performance,... →
More details about Microsoft’s next version of its ailing browser have been released, in the build-up to the second beta release due next month. The first beta, released in March, was aimed at web developers. It brought much-needed improvements to standards compliance, along with negligible reliability and inconsistent performance.
Cautionary →
Patent Office finds voice, calls for software... →
The US Patent and Trademark Office is a convenient whipping boy for problems with the patent system. The USPTO famously approved the junk patents at the heart of the legal battle between Research in Motion and a patent-trolling firm called NTP. The USPTO belatedly recognized its mistake and began invalidating the patents, but didn’t finish the job in time to save RIM from being forced to pay...
When the 'wisdom of crowds' turns on itself: IMDB... →
The concept of the “wisdom of crowds” is a fundamental building block of a lot of the Web 2.0 services that we see today. While not all of them are built on this core concept, major sites like Digg, Wikipedia, and Mahalo rely heavily on crowds being wise. There have been several instances of this system breaking down in the past, one notable occurrence being the infamous Digg HD-DVD...
30 Days of DNS Attack Activity →
When analyzing single packet DNS version queries (i.e., in order to generate lists of vulnerable or immune servers) targeting ATLAS sensor IPs (millions of unique IPv4 addresses distributed globally) we saw a 49.8% increase in the past 30 days over the prior 30 days. While UDP/53 traffic doesn’t represent a considerable amount of the total activity observed by our darknet sensors, the version...
Can Congress tweet? Should bloggers care? →
A political spat erupted in Washington, D.C., earlier this month over rules governing how members of Congress may use the Internet. House Republicans argued that proposed changes to the rules amounted to “new government censorship of the Internet,” while Democrats said the charges were exaggerated. Whichever side is right or wrong, the fact remains that current rules governing official...
Why trying to Out-Google Google is a search for... →
When there’s an 800 pound gorilla in your space, trying to steal bananas isn’t exactly the smartest approach. You figure out what he’s not eating, and you start nibbling. Before you know it, you’re eating just as much as he is and wouldn’t you know it, one bad banana crop and he’s toast. So when I hear that someone wants to build a better search engine than...
42.zip →
The file contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped files, which again contains 16 zipped, which again contains 16 zipped files, which contain 1 file, with the size of 4.3GB. So, if you extract all files, you will most likely run out of space :-)
Facebook Hires Mozilla Exec Mike Schroepfer As... →
Mike Schroepfer, the extremely well regarded VP Engineering at Mozilla, is now Facebook’s Director of Engineering. He’ll be heading up Facebook Platform and the main product front end, he said by telephone this morning, although his exact scope of responsibility hasn’t been nailed down yet. He will report directly to CEO Mark Zuckerberg starting in September.
New DNS exploit now in the wild and having a blast →
About two weeks ago, we covered the release of a DNS security fix meant to patch a vulnerability in the system that matches domain names with IP addresses. The flaw had been discovered by security researcher Dan Kaminsky some months earlier but, at the time, details on the exploit were being kept secret. That information has since leaked thanks to an accidental blog post by someone at Matasano...
Hammer drops at last: FCC opposes Comcast P2P... →
Once FCC Chair Kevin Martin announced his support for sanctions against Comcast, penalties looked inevitable. The two Democrats on the Commission, long supportive of network neutrality, seemed set to vote along with Martin and punish Comcast for its P2P “delaying” techniques; late this afternoon at FCC headquarters, they did, and a majority has now spoken.
Senator fuses controversial IP bills into big, bad... →
Intellectual property legislation introduced in the Senate on Thursday would combine elements of two controversial IP enforcement bills: The PRO-IP Act, which passed the House by a wide margin in May, and the PIRATE Act, which has won Senate approval several times since its first introduction in 2004. The law would increase penalties for counterfeiting, empower federal prosecutors to bring civil...
Microsoft Updates Open Specification Promise to... →
Microsoft has updated its Open Specification Promise page as of July 25, and it now says in the FAQ that the GPL is covered, including commercial:
Fugitive spam king dead in apparent murder-suicide →
Convicted penny-stock spammer Eddie Davidson has died of a self-inflicted gunshot wound, apparently after killing his wife and three year-old daughter in his home town of Bennet, Colorado, the U.S. Department of Justice said Thursday. Davidson had been a fugitive from the law since walking away from a federal minimum-security prison camp in Florence, Colorado on Sunday. He had been serving a 21...
Microsoft looks to 'Mojave' to revive Vista's... →
After months of searching for ways to defend its oft-maligned Windows operating system, Microsoft may just have found its best weapon: Vista’s skeptics. Spurred by an e-mail from someone deep in the marketing ranks, Microsoft last week traveled to San Francisco, rounding up Windows XP users who had negative impressions of Vista. The subjects were put on video, asked about their Vista...
Yahoo Music going dark, taking keys with it →
The bad dream of DRM continues. Yahoo e-mailed its Yahoo! Music Store customers yesterday, telling them it will be closing for good—and the company will take its DRM license key servers offline on September 30, 2008. Sure, it’s bad news and yet another example of the sheer lobotomized brain-deadness that has characterized music DRM, but the reaction of most music fans will be: “Yahoo...
Idiosyncratic Routine - c|net Coverage of Johnny... →
My postmortem of the Hackers on Planet Earth conference The Last Hope continues, thanks to an inane c|net article making the rounds this week.
All the cool kids know the difference between a hacker and a cracker. On the off chance you’re not a cool kid, leave this page and wipe your cache. Ah, I crack myself up. Ok, you can stay; I’ll offer a super-brief and simplified de-obfuscation,...
The time to patch those unpatched DNS servers is... →
So what happened? Matasano had an article ready with some more details on the DNS vulnerability for after Blackhat and posted it in error. They removed it as soon as they noticed it. But it seems, the cat is out of the bag. I won’t post the details here out of respect for Dan and Thomas. But I’m sure within a day, it will be all over the place.
Report: OSS projects need tighter focus on... →
Enterprises should think carefully before adopting open source solutions due to persistent security issues, according to a report by the security firm Fortify. The report arose from Fortify’s efforts in the Java Open Review Project, in which it subjected open source Java projects to a full security audit. Fortify’s concerns arise not so much from the bugs it identified as from the fact...
FCC hearing: disagreement over the "broadband of... →
American artists are “the world’s storytellers,” said FCC Commissioner Deborah Taylor Tate at today’s third FCC en banc hearing of the year; while this might sound a bit patronizing to the rest of the world, it goes down well during discussions about file-sharing and broadband. These storytellers are currently watching “the art of this country vanish into thin...
2008 Pwnie Award Nominees Announced →
We received 134 submissions for the Pwnie Awards, of which we’ve selected 37 nominees. Please select an award category from the list above to see the nominees.
The winners of the Pwnie Awards will be announced on August 6, 2008 at a ceremony at the BlackHat USA conference in Las Vegas.
Impostor →
Social Engineering 101: Mitnick and other hackers... →
Kevin Mitnick knows that the weakest link in any security system is the person holding the information. As a young fugitive hacker, he went to jail for breaking into computer networks, mostly by using his cunning and persuasion than his tech skills. He was an early master of the science of social engineering—manipulating people into doing what you want, such as giving out passwords and other...
Cold Boot Attack Utilities Released At HOPE... →
Jacob Appelbaum, one of the security researchers who worked on the cold boot attacks to recover encryption keys from memory even after reboot, has announced the release of the complete source code for the utilities at The Last HOPE in New York City. The hope (obligatory pun) is that the release of these tools will help to improve awareness of this attack vector and enable the development of...
The Wiki-Hacker Strikes Again →
Wikipedia white-washers beware: Virgil Griffith is watching you. Last August, Griffith, a graduate student at the California Institute of Technology, released a simple piece of software code that tore the lid of secrecy off the anonymous community of volunteers who edit the nonprofit encyclopedia.
The Twelve People You Meet On Twitter →
If you’ve been around Twitter long enough, certain patterns start to emerge. People start to develop tweeting habits, and for better or worse, those patterns tend to stay fairly stable, at least in my experience. Some people are composite creatures; others are definitely single-tracking.
Court rules smartcard hackers can publish exploit... →
London Transport’s Oyster Card system was hacked earlier this summer by Dutch researchers who managed to turn a laptop into a mobile card lab to score a day’s worth of free rides. Now, a Dutch court has ruled that Radboud University Nijmegen can publish details of the attack later this year, despite protests from the chipmaker involved.
Google Gmail And Calendar Will Soon Run Offline →
Within six weeks, Google (NSDQ: GOOG) Gmail and Google Calendar will be Google Gears-enabled, meaning that they’ll run offline.
Logged in or out, Facebook is watching you →
Researchers at software vendor CA have discovered that social networking site Facebook is able to track the buying habits of its users on affiliated third-party sites even when they are logged out of their account or have opted out of its controversial “Beacon” tracking service.
What's the diff? McCain attacks Obama with... →
Every four years, citizens of the United States are treated to one of the most celebrated traditions of American democracy: watching egomaniacal politicians fling dung at each other to convince the general population that they are less wretched than their competitors. Although campaigning tactics have changed little over the years, the process has evolved as new technologies make it possible for...
Ruling: SCO owes Novell $2.54 million from SCO-Sun... →
The intellectual property dispute between Novell and SCO over UNIX ownership reached an important milestone yesterday when Judge Kimball ruled that SCO was unjustly enriched by its 2003 licensing agreement with Sun and owes Novell $2,547,817.
Google's Android platform: not so open after all →
Google vowed that its Linux-based Android mobile platform would empower enthusiasts and amateur developers, but today we have seen compelling evidence that this is an empty promise. Third-party Android application developers, who have grown increasingly frustrated with the lack of SDK updates, were shocked to discover that Google has been secretly making new versions of the Android SDK available...
Researcher to demonstrate attack code for Intel... →
Security researcher and author Kris Kaspersky plans to demonstrate how an attacker can target flaws in Intel’s microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of what operating system the computer is running.
Kaspersky will demonstrate how such an attack can be made in a presentation at the upcoming Hack In The Box (HITB) Security Conference in...
The Software Behind the Mars Phoenix Lander →
The Mars Phoenix Lander Mission is a short-term mission to Mars to search for signs of water and a potential habitable site for an eventual manned mission to the Red Planet. This mission is a collaboration between NASA and the University of Arizona Lunar and Planetary Laboratory. Sending hundreds of pounds of equipment millions of miles through space to land and operate independently from direct...
Official Google Blog: Our Googley advice to... →
Management guru Peter Drucker noted that companies attracting the best knowledge workers will “secure the single biggest factor for competitive advantage.” We and other forward-looking companies put a lot of effort into hiring such people. What are we looking for? At the highest level, we are looking for non-routine problem-solving skills. We expect applicants to be able to solve...
Google wins agreement to anonymise YouTube logs →
Google and Viacom have reached a deal to protect the privacy of millions of YouTube watchers.
Earlier this month, a New York federal judge ordered Google to turn over YouTube user data to Viacom and other plaintiffs to help them prepare a confidential study of what they argue are vast piracy violations on the video-sharing site.
Disgruntled Engineer Hijacks San Francisco's... →
A disgruntled city computer engineer has virtually commandeered San Francisco’s new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.
Cross-industry vendor alliance plugs DNS... →
Last week, an alliance of software companies and network hardware vendors announced a series of updates designed to fix a DNS flaw first discovered by security analyst Dan Kaminsky. The flaw, which has not yet been described in detail, could have been used to poison domain name system (DNS) servers, including those of specific ISPs. For those of you who aren’t aware, DNS servers translate a...
Fossil finds suggest an early origin for human... →
It may be time to rethink the stereotype of grunting, wordless Neandertals. The prehistoric humans may have been quite chatty — at least if the ear canals of their ancestors are any indication.
The findings suggest human speech may have originated earlier than some researchers contend. Anthropologists disagree about whether language sprang up rapidly around 50,000 years ago or emerged more...
Yahoo spurns Microsoft again as blood boils →
Yahoo Inc. has rejected Microsoft’s latest attempt to buy its online search operations in a “take or leave it” proposal that Yahoo said would have dismantled its Internet franchise.
As described by Yahoo in a statement released late Saturday, Microsoft packaged its latest offer with activist investor Carl Icahn, a billionaire who is seeking to overthrow Yahoo’s board of directors in a shareholder...
Will It Blend? iPhone 3G edition →
Superconducting Power Grid Launches In New York →
Last Wednesday, American Superconductor officially commissioned the world’s first high-temperature superconductor power-transmission cable system to be used in a commercial power grid. Superconductors can supply lots of energy quickly, efficiently, and unobtrusively. They conduct 150 times the electricity of similarly sized copper wires. However, because of technological difficulties, the...
Is Google Heading Down the Yahoo! Path? →
This week Google made the fourth announcement in the past 12 months that has made me question whether the company is beginning to lose focus. Google built itself to be the 33rd biggest company in the world (by market value) — the 10th largest in the US — based almost exclusively on one thing: its dominance of the online advertising market, specifically the search advertising market. But recent...
‘How Many of You Expect to Die?’ →
Not long ago Dr. Joanne Lynn, a geriatrician who pulls no punches in her frequent critiques of America’s sorry system of end-of-life care, looked out from the dais of a Washington, D.C., ballroom at a sea of middle-aged faces: health policymakers, legislative staff, advocates for the aged and for family caregivers — an audience of experts.
Open-source microblogging site may become Twitter... →
A new open-source social web service called identi.ca challenges the conventional approach to microblogging and offers some potentially significant advantages for end users. The identi.ca web site and its underlying Laconica software platform, which were created by WikiTravel founder Evan Prodromou and his company Control Yourself, could be the alternative that many disillusioned Twitter users...
Comcast loses: FCC head slams company's P2P... →
Remember how Comcast this week told us that 1) the FCC’s “Internet policy statement” (PDF) had no legal force and 2) that the agency might not have the authority to enact such rules even if it wanted to? Those theories will soon be put to the test, as Republican FCC Chairman Kevin Martin now says he wants to rule against Comcast in the dispute over the company’s P2P upload...
Amazon Kindle is a Hit: 12% of Book Sales on... →
Amidst all of the discussion about the iPhone 3G that hits stores tomorrow, another industry changing gadget is getting overlooked. According to Time Magazine:
“On a title-by-title basis, of the 130,000 titles available on Kindle and in physical form, Kindle sales now make up over 12% of sales for those titles…. At a technology trade conference in May, CEO Jeff Bezos said that Kindle sales...
Seagate Unveils 1.5 Terabyte Desktop Hard Drive →
eagate (NYSE: STX) Technology on Thursday introduced a 1.5 terabyte hard drive for the desktop, and two half-terabyte notebook drives.
The Barracuda 7200.11, the 11th generation of Seagate’s flagship drive for desktop PCs, is targeted at mainstream computers, workstations, and gaming and high-end PCs. Seagate said it achieves the high capacity through the use of what it calls...