At the Black Hat security conference, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption. A bootkit combines a rootkit with the ability to modify a PC’s Master Boot Record, enabling the malware to be activated even before the operating system is started.

Available as source code, Kleissner’s bootkit can infect any currently available 32-bit variety of Windows from Windows 2000 to Windows Vista and the Windows 7 release candidate. Stoned injects itself into the Master Boot Record (MBR), a record which remains unencrypted even if the hard disk itself is fully encrypted. During startup, the BIOS first calls the bootkit, which in turn starts the TrueCrypt boot loader. Kleissner says that he neither modified any hooks, nor the boot loader, itself to bypass the TrueCrypt encryption mechanism. The bootkit rather uses a “double forward” to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt. Kleissner tailored the bootkit for TrueCrypt using the freely available TrueCrypt source code.

The Federal Communications Commission (FCC) asked Apple and AT&T to explain the decision to reject an application developed by Google for the iPhone.

FCC chairman Julius Genachowski said “inquiry letters” were sent on Friday to Apple, AT&T, the exclusive carrier for the iPhone in the United States, and Google.

“The Federal Communications Commission has a mission to foster a competitive wireless marketplace, protect and empower consumers, and promote innovation and investment,” Genachowski said in a statement.

He added that in sending the letters the FCC wanted to get “the facts and data necessary to make the best policy decisions on behalf of the American people.”

The FCC move comes after Google said a Google Voice application for the iPhone was rejected by the iPhone App Store and related applications were removed.

Microsoft is canceling its plan to offer versions of Windows without the Internet Explorer browser in Europe, a move that was supposed to ease antitrust concerns.

The decision to scrap the browserless version of its operating system, dubbed Windows 7 E, was in response to statements made by the European Commission and feedback from manufacturers, according to Dave Heiner, Microsoft’s vice president and deputy general counsel, in a blog statement titled “Windows 7 and Browser Choice in Europe” and posted late Friday.

However, Microsoft still has plans in place to offer a “ballot screen” designed to let Windows 7 users install a competing Web browser and disable Internet Explorer.

EBay Inc. is developing software it might use to continue running the online telecommunications service Skype if it cannot resolve a legal dispute with a separate company run by the service’s founders.

In a filing this week with the Securities and Exchange Commission, eBay said it has started developing an alternative to the technology it currently licenses from Joltid.

The company noted its efforts might not be successful, however, and could lead to a “loss of functionality or customers even if successful.” Regardless, building such software will be costly, eBay said.

“If Skype was to lose the right to use the Joltid software as the result of the litigation, and if alternative software was not available, Skype would be severely and adversely affected and the continued operation of Skype’s business as currently conducted would likely not be possible,” eBay wrote in the filing.

A powerful new type of Internet attack works like a telephone tap, except operates between computers and Web sites they trust.

Hackers at the Black Hat and DefCon security conferences have revealed a serious flaw in the way Web browsers weed out untrustworthy sites and block anybody from seeing them. If a criminal infiltrates a network, he can set up a secret eavesdropping post and capture credit card numbers, passwords and other sensitive data flowing between computers on that network and sites their browsers have deemed safe.

In an even more nefarious plot, an attacker could hijack the auto-update feature on a victim’s computer, and trick it into automatically installing malware pulled in from a hacker’s Web site. The computer would think it’s an update coming from the software manufacturer.

The attack was demonstrated by three hackers. Independent security researcher Moxie Marlinspike presented alone, while Dan Kaminsky, with Seattle-based security consultancy IOActive Inc., and security and privacy researcher Len Sassaman presented together.

They reached essentially the same conclusion: There are major problems in the way browsers interact with Secure Sockets Layer (SSL) certificates, which is a common technology used on banking, e-commerce and other sites handling sensitive data.

Browser makers and the companies that sell SSL certificates are working on a fix.

A 15-YEAR-OLD girl whose family was murdered while she was overseas on a school trip learnt of their deaths on the social networking site Facebook.

A friend of Brenda Lin, who is the only surviving member of her immediate family, posted the horrific news on the schoolgirl’s Facebook page.

Min and Yun Li ‘‘Lilly’’ Lin, their sons Henry, 12, and Terry, 9, and Brenda’s aunt Yun Bin ‘‘Irene’’ Yin, were bludgeoned to death while asleep at the family’s home in North Epping, Sydney, on July 18.

Police are yet to make any arrests.