U.S.-CERT is warning of attacks targeting Linux-based infrastructures using compromised SSH keys. After access is gained to the system, local kernel exploits are used to gain root access. A rootkit is then installed to steal more SSH keys. The attack could be related to a flaw affecting Debian-based encryption keys discovered earlier this year.

Hackers are launching attacks against Linux-based computing infrastructures using compromised SSH [Secure Shell] keys and installing rootkits, according to a warning by the U.S. Computer Emergency Readiness Team (US-CERT).

According to US-CERT, the attack uses stolen SSH keys to access a system, and then local kernel exploits to gain root access. At that point, a rootkit known as phalanx2 is installed.

“Phalanx2 appears to be a derivative of an older rootkit named phalanx,” the US-CERT advisory reads. “Phalanx2 and the support scripts within the rootkit are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them to try to compromise other sites and other systems of interest at the attacked site.”

A computer virus is alive and well on the International Space Station (ISS).

Nasa has confirmed that laptops carried to the ISS in July were infected with a virus known as Gammima.AG.

The worm was first detected on earth in August 2007 and lurks on infected machines waiting to steal login names for popular online games.

Nasa said it was not the first time computer viruses had travelled into space and it was investigating how the machines were infected.

It is thought that the virus might have travelled via a flash or USB drive owned by an astronaut and taken into space.

Scientists in Israel are taking digital photographs of the Dead Sea Scrolls with the aim of making the 2,000-year-old documents available to the public and researchers on the Internet.

Israel Antiquities Authority, the custodian of the scrolls that shed light on the life of Jews and early Christians at the time of Jesus, said on Wednesday it would take more than two years to complete the project.

For many years after Bedouin shepherds first came upon the scrolls in caves near the Dead Sea in 1947, only a small number of scholars were allowed to view the fragments.

But access has since been widened and they were published in their entirety seven years ago.

Using powerful cameras and lights that emit no damaging heat or ultraviolet beams, scientists in Israel have been able to decipher sections and letters in the scrolls invisible to the naked eye.

The scrolls, most of them on parchment, are the oldest copies of the Hebrew Bible and include secular text dating from the third century BC to the first century AD.

A team of specialists has taken 4,000 pictures of some 9,000 fragments that make up the scrolls, which number 900 in total. A few large pieces of scroll are on permanent display at the Israel Museum

Microsoft is to tweak WGA (Windows Genuine Advantage) Notifications on Windows XP to make it behave more like WGA on Vista.

Regular readers of this blog will know that I have written about WGA before, but for those new here, here’s a refresher. WGA is a mechanism used by Microsoft to detect non-genuine installations of Windows (those carried out using stolen or fake product keys, or systems relying on some other mechanism for bypassing product activation). The problem with WGA is while it’s been good at detecting non-genuine installs of Windows, it can sometimes incorrectly flag a genuine install as non-genuine. From having talked to people who have found themselves in this situation, sorting this out can be tedious and time consuming (the most time-consuming part of getting the problem solved seems to be getting Microsoft tech support drones to acknowledge that WGA can sometimes be wrong).

Anyway, here’s what this latest update brings to WGA for Windows XP:

* First off, it improves the detection abilities of WGA and hopes to further reduce the risk of false-positive identifications
* WGA Notifications now looks and behaves more like WGA on Windows Vista in that it’s naggier and annoying but still allows you to use the system even if flagged as non-genuine (here’s what WGA on Windows Vista SP1 looks like).
Microsoft to tweak WGA Notifications on Windows XP
* This update will be offered to the most pirated version of Windows XP - the pro version.

The iPhone Dev Team has posted PwnageTool 2.0.3.1, a revised version of the iPhone hacking utility released yesterday then quickly removed.

The earlier release had mis-set file-access permissions, preventing upgraded iPod Touch - the code works with the music player as well as Apple’s phone - from retaining Wi-Fi passwords and the like.

PwnageTool 2.0.3 was released this week to allow owners of these devices to upgrade to Apple’s latest firmware, iPhone 2.0.2. The utility opens - aka ‘jailbreaks’ - the Touch and all versions of the iPhone to third-party apps released outside Apple’s iTunes Application Store. It’ll also unlock the original iPhone, but not the iPhone 3G.

iPhones protected by a password aren’t actually protected at all, as just by pressing a few keys a miscreant can access all the phone’s functions without needing the password at all.

The trick, reported by MacRumours, is simply a press of the “Emergency Call” key from the passcode entry screen, followed by a double-tap on the home button. That takes the miscreant into favourites, from which they can access the address book, from which they can get into the e-mail client (by tapping a contact’s e-mail address) or the browser (by tapping a URL).

Clearly Apple has missed a trick here, and a fix should be quickly forthcoming, but it bodes badly for a device which is trying to sell itself into the enterprise and is already under fire for lacking important security features.

Mozilla released an experimental browser plug-in Tuesday that aims to connect the Web with language to help users perform common Web tasks more quickly and easily.

Ubiquity, created by Aza Raskin–son of Apple Mac pioneer Jef Raskin–is a command-line interface that allows users to use plain language to manipulate Web tasks, such as mapping, translation, shopping, or retrieving entries from Wikipedia, Yelp, and Twitter. The free Firefox plug-in allows for the creation of “user-generated mashups with existing open Web APIs,” according to a post on Mozilla’s site Tuesday. “In other words, allowing everyone–not just Web developers–to remix the Web so it fits their needs, no matter what page they are on, or what they are doing.”

Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

The tactic exploits the internet routing protocol BGP Border Gateway Protocol to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet s core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness.

It s a huge issue. It s at least as big an issue as the DNS issue, if not bigger, said Peiter Mudge Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. I went around screaming my head about this about ten or twelve years ago…. We described this to intelligence agencies and to the National Security Council, in detail.

The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper s network.

Anyone with a BGP router ISPs, large corporations or anyone with space at a carrier hotel could intercept data headed to a target IP address or group of addresses. The attack intercepts only traffic headed to target addresses, not from them, and it can t always vacuum in traffic within a network — say, from one AT&T customer to another.

The method conceivably could be used for corporate espionage, nation-state spying or even by intelligence agencies looking to mine internet data without needing the cooperation of ISPs.

BGP eavesdropping has long been a theoretical weakness, but no one is known to have publicly demonstrated it until Anton Tony Kapela, data center and network director at 5Nines Data, and Alex Pilosov, CEO of Pilosoft, showed their technique at the recent DefCon hacker conference. The pair successfully intercepted traffic bound for the conference network and redirected it to a system they controlled in New York before routing it back to DefCon in Las Vegas.

The technique, devised by Pilosov, doesn t exploit a bug or flaw in BGP. It simply exploits the natural way BGP works.

Adobe Systems has announced major updates to its Photoshop Elements suite of video- and photo-editing software, including online sharing and mobile-phone options. In beta now, the software is expected to be on retail shelves in early October.

Photoshop Premiere Elements 7 adds significant features to video editing, while Photoshop Elements 7 incorporates major enhancements to the photo-editing program. Mobile features cover only a limited number of phones.

Have too many grumpy-looking locals in the background of your shot of the Eiffel Tower? Elements 7 promises you can “scrub” unwanted elements from pictures with its new Scene Cleaner feature. Quick Fix tools whiten teeth, enhance colors, and soften details, among other things. A powerful new Smart Brush allows users to assign repetitive tasks to the brush tool, then use it on multiple sections of a photo, like removing wrinkles.

The Premiere video suite gained a few IQ points with a new analysis mode that scans video files for picture quality, number of faces and sound levels, and applies Smart Tags as placeholders for what the software believes are the best clips. If you agree, you can just click a button to assemble a finished movie.

InstantMovie is a quick way to assemble a themed video. Dragging and dropping clips into a theme, such as Birthday, will add appropriate music, transitions and graphics. Green-screen technology has a Videomerge feature to superimpose you and the family going for a stroll on the moon, for example. Version 7 now outputs to DVD, Blu-ray and the AVCHD high-definition tapeless file format, and it supports instant uploads to phones and YouTube accounts.

To compete with online sites such as Flickr, Adobe announced an enhanced online service for Photoshop Elements customers called Photoshop.com. A basic subscription with 5GB of storage is available free for storing and sharing photos and videos. The plus package ups the ante to 20GB for $49.95. Both provide online backups of stored files. Plus members also receive additions to the software, such as new themes, tutorials, movie trailers, and special effects.

With Elements 7 cell-phone users can upload pictures directly to Photoshop.com from their phones. The application runs in the background, and Adobe promises it uploads photos while you talk, instant message, or use other phone options. The Palm Treo, Samsung Blackjacks, and Motorola Qs are supported now. The company Web site promises support for the Apple iPhone, BlackBerry Pearl, Motorola Razr, Nokia 5310, and Nokia 6301 in September.

Major U.S. airports were operating normally on Tuesday evening after a glitch in the computer system for filing flight plans delayed hundreds of flights, the Federal Aviation Administration said.

The Department of Homeland Security said there was no link to terrorism and the FAA said the computer glitch did not affect its ability to safely track planes in the air.

FAA spokeswoman Laura Brown said the problem was resolved around 6 p.m. EDT, about 4 1/2 hours after a communications link failed in the system that processes flight plans at a facility south of Atlanta.

The agency’s best guess is that “hundreds” of flights across a wide swath of the United States from Dallas and Chicago to the East Coast had been delayed by the computer breakdown, Brown said, adding that the FAA would not have an exact count until Wednesday.

“There were some airports that were affected more than others,” she said. Airports in Boston, Chicago, Baltimore and Atlanta experienced the most delays as a result of the problem, she said.

The cause of the failure was not known but it was not due to a computer hacking attack, said Hank Krakowski, chief operations officer for the FAA’s air traffic division.

“It appears to be an internal software processing problem. We’re going to have to do some forensics on it,” he told reporters in a conference call.

Flight plans include information like the type of aircraft, destination and number of passengers.

Facebook has hit 100 million active users. No formal press release has been issued, so you’re going to have to believe the guy who built the site.

The news came straight from the source: Facebook founder Mark Zuckerberg and several of his fellow executives put it in their status messages on the social network, and platform manager Dave Morin broadcast it in his Twitter feed. At least one of them referred to the number being “active users,” the statistic that Facebook prefers to use, rather than registered accounts overall.

The growth of shared Wi-Fi and other wireless computer networks has increased the risk of eavesdropping on Internet communications, but researchers at Carnegie Mellon University have devised a low-cost system that can thwart these “Man-in-the-Middle” (MitM) attacks.

The system, called Perspectives, also can protect against attacks related to a recently disclosed software flaw in the Domain Name System (DNS), the Internet phone book used to route messages between computers.

The researchers — David Andersen, assistant professor of computer science, Adrian Perrig, associate professor of electrical and computer engineering and public policy, and Dan Wendlandt, a Ph.D. student in computer science — have incorporated Perspectives into an extension for the popular Mozilla Firefox v3 browser than can be downloaded free of charge.

Perspectives employs a set of friendly sites, or “notaries,” that can aid in authenticating Web sites for financial services, online retailers and other transactions requiring secure communications. By independently querying the desired target site, the notaries can check whether each is receiving the same authentication information (a digital certificate), in response. If one or more notaries report authentication information that is different than that received by the browser or other notaries, a computer user would have reason to suspect that an attacker has compromised the connection.

Certificate authorities, such as VeriSign, Comodo and GoDaddy, already help authenticate Web sites and reduce the risk of MitM attacks. The Perspectives system provides an extra measure of security in those cases but will be especially useful for the growing number of sites that do not use certificate authorities and instead use less expensive “self-signed” certificates.