August 2008
74 posts
Locked iPhones can be unlocked without a password →
Private information stored in Apple’s iPhone and protected by a lock code can be accessed by anyone with just a few button presses. The iPhone, like most mobile phones, can be locked with a four-digit code, but where other phones in their locked state only permit calls to emergency service numbers such as 911 (in the U.S.), 999 (in the U.K.) and 112 (throughout Europe), a locked iPhone can...
Why Google has lost its mojo -- and why you should... →
Google has gone from innovative upstart to fat-and-happy industry leader in what seems like record time. Put simply, the search giant has lost its mojo. That’s good news for Microsoft, and it could affect how you use Google’s cloud computing services. Google looks as if it’s on top of the world right now, holding an ever-increasing lion’s share of the search market. So why...
Crackers Crack into Red Hat →
Red Hat confirmed Friday that hackers compromised infrastructure servers belonging to the company and the Fedora Project, including systems used to sign Fedora packages. In the Fedora breach, company officials said they had “high confidence” the hackers did not get the “passphrase used to secure the Fedora package signing key.” Regardless, the company has converted to new...
Leaked memo: e-mail recovery will outlast Bush... →
An internal memo suggests that the White House will be unable to recover thousands of missing White House e-mails by the end of George W. Bush’s term in office. According to a document dated June 20 and leaked to the Associated Press, the White House IT shop has been soliciting bids from contractors to perform the recovery project, but the document estimates the work will not be completed...
Email is dead. Long live Email →
According to the Radicati Group, the number of email users worldwide will reach 1.6 billion in 2011 from an estimated 1.2 billion users in 2007 (393MM of these accounts are corporate users). According to Internet World Stats, just under 1.5 billion people use the Internet today. According to Nielsen//NetRatings, the digital media universe was approximately 550MM in May 2008. However you cut the...
Inside the Twisted Mind of the Security... →
Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that you filled in with your address, and the company would mail you some ants. My friend expressed surprise that you could get ants sent to you in the mail.
Full Article
Amazon Confirms Student Version Of Kindle →
Amazon confirmed our speculation that they are planning to target colleges and universities with a new version of the Kindle, reports the Seattle PI. Textbooks are a $5.5 billion annual market, and most publishers now offer electronic versions of their textbooks. McGraw-Hill Education, for example, publishes 95% of their books electronically as well as in print. But there is no compelling device...
Virus Infects Space Station Laptops (Again) |... →
Viruses intended to steal passwords and send them to a remote server infected laptops in the International Space Station in July, NASA confirmed Tuesday.
Full Article
Hands on: singing along with Songbird 0.7 →
A new version of the Songbird music player hatched this week and is available for download. Version 0.7, which is the first beta leading up to the 1.0 release, brings a completely new look to the program and adds a handful of nifty new features and performance improvements.
Full Article
First particles injected into Large Hadron... →
The first particles have been injected into the biggest atom smasher on the planet, marking the start of the countdown to probing the secrets of the universe.
Full Article
Intel demonstrates how to send electrical power... →
SAN FRANCISCO — Imagine juicing up your laptop computer and cell phone without plugging them into an electrical socket. That’s a luxury that could be provided by wireless power transmission, a concept that has been bandied about for decades but is creeping closer to becoming viable. Building off work unveiled last year by Massachusetts Institute of Technology researchers, Intel Corp....
An Easy Way To Retrieve The Entire MobileMe User... →
Creating email spam lists is a multi-billion dollar business. Most webmail providers long ago closed a number of the more obvious methods spammers used to put together their lists in an automated way. One example - you don’t get bounced email messages from webmail services for emails to address that don’t exist. That way spammers can’t verify if an email address is good unless they get a response...
Verizon: we need freedom to delay P2P traffic when... →
There has “always been a requirement for network management,” said Verizon CTO Richard Lynch Tuesday at the Progress & Freedom Foundation’s annual Aspen conference on tech policy, even in the analog age. In the wake of the FCC’s recent Comcast decision, debates over “network management” have escaped the engineers’ offices and now take place even among...
Spy vs. Spy - anti-steganography →
DO YOU WANNA KNOW A SECRET?
: Altered with the proper steganography algorithm, this innocuous picture of a cat could be a carrier for corporate espionage.
Earlier this year, someone at the United States Department of Justice smuggled sensitive financial data out of the agency by embedding the data in several image files. Defeating this exfiltration method, called steganography, has proved...
The Eternal Value of Privacy →
The most common retort against privacy advocates — by those in favor of ID checks, cameras, databases, data mining and other wholesale surveillance measures — is this line: “If you aren’t doing anything wrong, what do you have to hide?” Some clever answers: “If I’m not doing anything wrong, then you have no cause to watch me.” “Because the...
Microsoft: grokking search intent will help close... →
Microsoft believes that focusing on search intent will help it pull ahead in the race of the search engines, or at least give it a little boost. The company discussed some of its ideas for improving Live Search during a panel at the Search Engine Strategies conference in San Jose this week, and revealed that it has been looking at user behavior to see how it can better tune its search engine to...
The Associated Press: States throw out costly... →
The demise of touch-screen voting has produced a graveyard of expensive corpses: Warehouses stacked with thousands of carefully wrapped voting machines that have been shelved because of doubts about vanishing votes and vulnerability to hackers.
Full Article
Judge lifts fare card hack gag order, punts on 1st... →
In court today, Judge George O’Toole refused the Massachussetts Bay Transit Authority’s request to impose an additional five-month gag order against five students the MBTA had accused of violating Computer Fraud and Abuse Act (CFAA). Prior to this point, the students had been subject to a 10-day gag order which prevented them from presenting a paper on the flaws within the MBTA’s...
RIAA confirms it's behind the Muxtape shutdown →
Muxtape, the love-child of the Internet and 80s cassette mix tapes, has had its plug pulled by the RIAA. Currently, visitors to the site are greeted with a brief statement that Muxtape will be “unavailable for a brief period while we sort out a problem with the RIAA.”
Mozilla drags IE into the future with Canvas... →
Most browser implementors are quick to adopt emerging Internet technologies, but Microsoft can’t or won’t make Internet Explorer a modern web browser. Despite some positive steps in the right direction, Internet Explorer still lacks many important features. Its mediocrity has arguably hampered the evolution of the web and forced many site designers to depend on suboptimal proprietary...
"Functionally voluntary" music may lead to blanket... →
Jim Griffin consults for Warner, one of the four major music labels, and he sees a disturbing sight when he looks around at the digital music landscape. Taking music without paying for it may not be “morally voluntary,” Griffin says, but he admits it has become “functionally voluntary.” No civilized society, he adds, can endure “purely voluntary payment for art,...
PC World - Grokking SCO's demise →
The SCO Group ‘s US$5 billion threat against Linux is effectively finished. On Friday, Aug. 10, U.S. District Judge Dale Kimball ruled that SCO doesn’t actually own the copyrights that it was using to threaten — and in some cases, sue — Linux users. Of course, you already got that news, thanks to everyone from The Wall Street Journal to IT news sources. And they all got it...
Nokia helps port Firefox to Qt →
The Firefox web browser has been ported to the Qt widget toolkit through a collaborative development effort by Nokia and Mozilla. This port will facilitate much stronger visual integration between Firefox and KDE-based Linux environments and will also simplify the process of bringing Firefox to mobile platforms that support Qt.
We're running out of IPv4 addresses. Time for... →
A little over a year ago, I wrote an article about the IPv4 address consumption with the subtitle IPv4 Address Space: 2.46 Billion Down, 1.25 Billion to Go. A week ago, we reached the magic number of 2.7 billion IPv4 addresses used. With 3.7 billion possible addresses,¹ this means we now have less than a billion unused IPv4 addresses left. There are 39 blocks of 16.78 million addresses in the IANA...
Voting Machines →
Police nab Shadow creators, force botnet to commit... →
The Dutch High Tech Crime Unit has arrested a 19 year-old man and his 16 year-old brother and charged them with operating (and attempting to sell) the Shadow botnet. Shadow was created by the two brothers, and is currently thought to infect some 100,000 machines, down from a peak of 150,000. Shadow appears to have been mostly confined to the Netherlands, as the messages and phishing hooks were all...
Physicists spooked by faster-than-light... →
Physicists at the University of Geneva achieved the weird result by creating a pair of ‘entangled’ photons, separating them, then sending them down a fibre optic cable to the Swiss villages of Satigny and Jussy, some 18 kilometres apart.
Russians may not be responsible for cyberattacks... →
Earlier this week, we covered a report from the Georgian Foreign Ministry, claiming that the Russian Business Network (RBN) was actively engaged in cyberwarfare against Georgia—with the blessing and backing of the Russian government. There have been no new reports from that source, but several security experts have spoken up, and raised the question of whether or not the Russian government is...
Air Force to suspend all efforts toward cyber... →
The Air Force on Monday suspended all efforts related to development of a program to become the dominant service in cyberspace, according to knowledgeable sources. Top Air Force officials put a halt to all activities related to the establishment of the Cyber Command, a provisional unit that is currently part of the 8th Air Force at Barksdale Air Force Base in Louisiana, sources told Nextgov.
IT Security At The Games →
Given the high profile of the Olympic Games, it’s no surprise that organizers of IT at the Beijing Olympics have made information security one of their highest priorities. IT infrastructure provider Atos Origin is offering a range of security administration services to ensure identification and access management for the networks supporting the many applications in use. For the Beijing Games,...
Microsoft Stages 'Mammoth Patch Tuesday' →
Counting vulnerabilities rather than bulletins, 17 of 26 are critical, the most since August 2006, according to Symantec researchers.
Google Maps →
New data citing parental concern over gaming... →
In April the video game site What They Play reported that parents were more concerned with sexual content in games than violence or profanity, raising a few questions about the priorities of video game ratings and content that may or may not be harmful for children. Now, the site has released a new survey, asking parents what would most worry them when sending a child to sleep over at a friends...
Defcon/Black Hat: Social Network Security = Fail! →
Social networks such as LinkedIn, MySpace, Facebook, and microblogging sites such as Twitter are all fertile grounds for both social engineering and technical attacks. It can get even nastier when you combine the two. Too bad we haven’t learned anything about secure coding practices and proper authentication in the past 20 years or so.
Massive VMware Bug Shuts Systems Down →
Imagine if Red Hat released a version of Linux, and after it was deployed, customers noticed that any processes with a start date of today would refuse to run? Well, that’s what happened to VMware… a company that wants nearly all server applications running in virtual machines within a matter of years.
http://kb.vmware.com/kb/1006716
Google Online Security Blog: Keyczar: Safe and... →
Cryptography is notoriously hard to get right and if improperly used, can create serious security holes. Common mistakes include using the wrong cipher modes or obsolete algorithms, composing primitives in an unsafe manner, hard-coding keys in source code, or failing to anticipate the need for future key rotation. With these risks in mind, we’re pleased to announce the open-source release of...
Users talk the talk, but don't walk the walk on... →
Internet users appear to take the concept of privacy online seriously, but their actions don’t follow their words very well. AOL surveyed a thousand online consumers in the UK in order to get a feel for their understanding of privacy issues on the Internet and found that while 84 percent said that they would remain tight-lipped about personal details, even more ended up forking them over...
The real surprise of the App Store isn’t number of... →
That the iPhone’s App Store has delivered 60 million downloads and generated an average of $1 million a day in revenue since its launch a month ago isn’t all that surprising.
New Tool to Automate Cookie Stealing from Gmail,... →
If you use Gmail and haven’t yet taken advantage of a feature Google
unveiled last week to prevent hackers from hijacking your inbox, now would be an excellent time to do that. A security researcher at the Defcon hacker conference in Las Vegas on Saturday demonstrated a tool he built that allows attackers to break into your inbox even if you are accessing your Gmail over a persistent,...
Don’t do what your users say →
Community is big these days. You’ll hear lots of designers tell you that it’s important to build a strong community and listen to them, because they are your core users. And I agree with that. But in UI design it’s important to understand that what a user says and what a user is telling you can be two different things. It is rare that a user outright lies for no reason. There is almost always a...
The sky isn't falling: a look at a new Vista... →
One of the papers presented at the Black Hat USA 2008 security conference was an analysis a number of the protection mechanisms built into Windows Vista and Windows Server 2008 that are designed to make it harder to convert software bugs into security flaws. How to Impress Girls with Browser Memory Protection Bypasses, authored by security researchers Mark Dowd at IBM and Alexander Sotirov at...
Judge zips MIT students' lips on mass transit fare... →
Back in the day, young hackers used easy exploits to trick phone companies into giving them free long distance calls. These days, they use easy exploits to trick mass transit systems into giving them free rides. Loopholes in fare card RFID chips and magnetic strips employed by many transit systems across the US are not unheard of, but three Massachusetts Institute of Technology students, along...
Evidence of Russian Cyberwarfare Against Georgia →
In what seems to be a repeat of what happened in July, a few news sites have mentioned that there is evidence of a campaign against Georgia. For example, both the government’s and the president’s sites are inaccessible, among other official websites. For some analysis, the RBN Exploit blog demonstrates various traceroutes that have failed to several sites. They also claim that the RBN...
An Illustrated Guide to the Kaminsky DNS... →
This paper covers how DNS works: first at a high level, then by picking apart an individual packet exchange field by field. Next, we’ll use this knowledge to see how weaknesses in common implementations can lead to cache poisoning.
MIT developing super-realistic image system →
By producing “6-D” images, an MIT professor and colleagues are creating unusually realistic pictures that not only have a full three-dimensional appearance, but also respond to their environment, producing natural shadows and highlights depending on the direction and intensity of the illumination around them.
Last HOPE Tracking Meta-Data Released →
Hackers at the last Hackers on Planet Earth (HOPE) conference deployed an RFID tracking system to follow attendees around the conference. The system also allowed users to enter personal interests related to the convention, and served up both talk recommendations and similar people based on these interests. The first results have been posted, and the tracking data and source code have been released...
Of Comcast, the FCC & the Metering Myth →
Last week, a bipartisan majority at the Federal Communications Commission (FCC) voted to punish Comcast Corp. (Nasdaq: CMCSA, CMCSK), the nation’s largest cable company, for secretly blocking legal file-sharing on the Internet. This landmark decision, which closed a nine-month legal, political, and PR battle, is the first time the government has protected our right to access what we want when we...