1/16/2005

Linux Kernel To Be Re-Written To Counter Microsoft FUD

Filed under: — Aviran Mordo

IBM, Intel, the Open Source Development Labs, and other industry lights are supposedly planning to announce that a consortium has been created that will rewrite the components in the Linux kernel that, it has been alleged, tread on other people’s IP - or at least the 27 Microsoft patents that Linux supposedly infringes. The aim? To rob Microsoft of the ability to scare customers off of Linux by saying that the operating system is a patent infringer, informed sources say. “Operation Open Gates” as they are calling it is reportedly going to be unveiled on January 25

Source: Linux Business Week

FBI retires Carnivore

Filed under: — Aviran Mordo

FBI surveillance experts have put their once-controversial Carnivore Internet surveillance tool out to pasture, preferring instead to use commercial products to eavesdrop on network traffic, according to documents released Friday.

Two reports to Congress obtained by the Washington-based Electronic Privacy Information Center under the Freedom of Information Act reveal that the FBI didn’t use Carnivore, or its rebranded version “DCS-1000,” at all during the 2002 and 2003 fiscal years. Instead, the bureau turned to unnamed commercially-available products to conduct Internet surveillance thirteen times in criminal investigations in that period.

Developed by a contractor, Carnivore was a customizable packet sniffer that, in conjunction with other FBI tools, could capture email messages, and reconstruct web pages exactly as a surveillance target saw them while surfing the web. FBI agents lugged it with them to ISPs that lacked their own spying capability.

Source: The Register

Update: Serious flaw in Froogle Reveals Gmail Accounts

Filed under: — Aviran Mordo

New security flaw in Google’s price comparison engine, Froogle, was discovered by an Israeli hacker.

By embedding JavaScript in a URL pointing to Froogle, a hacker can gain access to the user’s Gmail account. The JavaScript redirects the browser to a malicious web site, where the hacker can read the user’s cookie, which contains personal information, such as purchase history, user name and password for Google services.

According to Nir Goldshlager, who discovered the flaw, even if the user chooses not to save the cookie, the hacker can still discover the user’s user name and password for other google services such as Google Alerts ,Google Group because google stores a unique number per user that identifies the user is other google services, and the hacker will be able to read this identification number.

Update

In a statement sent to eWEEK.com, the search darling confirmed it was alerted to a “potential security vulnerability affecting Froogle,” but no details were provided.

“We have since fixed this vulnerability, and all current and future Froogle users are protected,” Google said.

Source: Ynet (Hebrew)

Powered by WordPress