11/15/2005

Sony Recalls Risky ‘Rootkit’ CDs

Filed under: — Aviran Mordo

Record label Sony BMG Music Entertainment said Tuesday that it will recall millions of CDs that, if played in a consumer’s PC disc drive, will expose the computer to serious security risks.

Anyone who has purchased one of the CDs, which include southern rockers Van Zant, Neil Diamond’s latest album, and more than 18 others, can exchange the purchase, Sony said. The company added that it would release details of its CD exchange program “shortly.”

Sony reported that over the past eight months it shipped more than 4.7 million CDs with the so-called XCP copy protection. More than 2.1 million of those discs have been sold.

Source: News.com

Sony’s ‘Rootkit’ Is on 500,000 Systems, Expert Says

Filed under: — Aviran Mordo

Sony BMG will have a big job ahead of it as it tries to replace all copies of controversial copy protection software, according to a computer security expert, who says that he has evidence there are more than 500,000 versions of the program installed worldwide.

Dan Kaminsky, an independent security researcher, discovered evidence that so-called “rootkit” style stealth programs developed by U.K. firm First 4 Internet Ltd. and used by Sony while conducting an audit of the DNS (Domain Name System) infrastructure. Sony BMG has declined past requests to comment on the number of systems that run the software, known as XCP. However, Kaminsky’s figures, if true, suggest that the software, which shipped on CDs by just 20 Sony BMG artists, has already been distributed and installed widely around the world.

More than 200,000 copies of the program are installed on computers in Japan, with around 130,000 running on computers in the United States. The United Kingdom has about 44,000 copies of the program installed, Kaminsky’s research shows.

Netherlands and Spain both have more than 27,000 copies of the program running, followed by Korea, Peru, France, Australia and Switzerland with between 12,000 and 8,000 installations.

Kaminsky, who is known for his novel security research on core Internet components like the TCP/IP communications protocol, identified systems running the copy protection software from First 4 Internet using a technique called “DNS cache sniffing.” Kaminsky searched through the saved (or “cached”) DNS requests submitted to a large number of the world’s publicly accessible DNS servers and looked for requests for domains associated with the XCP software, such as update.xcp-aurora.com and connected.sonymusic.com.

Kaminsky used a database of around three million DNS name servers he had compiled for unrelated research into security vulnerabilities in the DNS system.

The search turned up almost one million references to the XCP and Sony domains. Kaminsky weeded out duplicate or forwarded requests from that number and narrowed the list down to 568,000 requests from unique IP addresses on the Internet.

He used geolocation software to associate the IP address of the machine running the XCP software to particular countries, he said.

Source: eWeek

A movie projector in a cell phone?

Filed under: — Aviran Mordo

Micro Projector designA few years from now, you might be able to carry a home theater system in your pocket.

Finland’s Upstream Engineering is working on an LED (light-emitting diode) projection system that potentially could, because of its small size and relatively low cost, allow manufacturers to put projectors inside MP3 players, cell phones or other portable electronics for a few dollars.

Instead of passing around a phone to show off a video or a picture, the image (or video) could be blasted onto a wall. The picture brightness won’t be as high as that of standard projectors, but it would let pictures on phones and music players escape the confines of the small screens on those devices.

The current prototype projector optical engine created by the company is about the size of a matchbox. An accompanying projector would be about the size of a cell phone. Currently, some companies make small projectors, but they are larger, about the size of a mini digital-video recorder.

Source: News.com

Sony’s DRM Removal Tool Causes Severe Security Hole

Filed under: — Aviran Mordo

The fallout from a hidden copy-protection program that Sony BMG Music Entertainment put on some CDs is only getting worse. Sony’s suggested method for removing the program actually widens the security hole the original software created, researchers say.

Sony apparently has moved to recall the discs in question, but music fans who have listened to them on their computers or tried to remove the dangerous software they deposited could still be vulnerable.

Stung by the controversy, Sony BMG and the company that developed the antipiracy software, First 4 Internet Ltd. of Oxfordshire, United Kingdom, released a program that uninstalls XCP.

But the uninstaller has created a new set of problems.

To get the uninstall program, users have to request it by filling out online forms. Once submitted, the forms themselves download and install a program designed to ready the PC for the fix. Essentially, it makes the PC open to downloading and installing code from the Internet.

According to the Princeton analysis, the program fails to make the computer confirm that such code should come only from Sony or First 4 Internet.

“The consequences of the flaw are severe,” Felten and Halderman wrote in a blog posting Tuesday. “It allows any Web page you visit to download, install, and run any code it likes on your computer. Any Web page can seize control of your computer; then it can do anything it likes. That’s about as serious as a security flaw can get.”

Source: AP

Intel’s ‘Presler’ 65nm dual-core chip ‘unstable’

Filed under: — Aviran Mordo

Sampling Intel’s 65nm dual-core Presler processors has revealed some stability problems, according to unspecified motherboard makers, adding that the problematic CPUs include the 2.8GHz 920 and 3.0GHz 930 series. Launch of end products based on the Intel Presler core may be pushed back from the January 2006 date originally scheduled by system vendors, the makers noted.

Samples of Intel’s next-generation Yonah processors, on the other hand, also built using the 65nm manufacturing process, have gone through tests smoothly, the makers indicated. Launch of dual-core Yonah-based products is expected to take place in January of next year as originally planned, the makers added.

Source: DigiTimes

Internet2 P2P Network Closes

Filed under: — Aviran Mordo

A file-swapping network that let college students download movies and music at blazing speeds on the Internet2 research network has closed its doors, the latest casualty of entertainment industry legal pressure.

The i2Hub network emerged in early 2004, taking advantage of the supercharged network that connects college campuses to let students trade files at speeds far faster than is possible on the ordinary Internet.

But the service, which had also expanded into less controversial legal territory such as textbook exchange and dating, had increasingly been a target of record labels and movie studios cracking down on piracy. Individuals using the network have already been sued for copyright infringement, and i2Hub itself was one of a handful of networks threatened with potential legal action by the Recording Industry Association of America in September.

I2Hub founder Wayne Chang declined to comment on the network’s closure, citing potential legal concerns. Visitors to the service’s Web site on Monday found a nearly blank page with the terse message: “R.I.P. 11.14.2005″

Source: ZDNet

VPN Flaw Threatens Internet Traffic

Filed under: — Aviran Mordo

A flaw in a key Internet security protocol used by major networking products could open systems up to denial-of-service and other kinds of attacks, experts have warned.

Finnish researchers at the University of Oulu announced Monday that they have found a vulnerability in the Internet Security Association and Key Management Protocol, or ISAKMP. The technology is used in IPsec virtual private network and firewall products from a range of networking companies, including giants Cisco Systems and Juniper Networks.

The severity of the problems varies by software vendor, according to an advisory issued jointly by the British National Infrastructure Security Co-ordination Centre and the Finnish CERT.

“These flaws may expose denial-of-service conditions, format string vulnerabilities, and buffer overflows,” the advisory said. All these could shut down devices and slow transmission of data across the Internet. In some cases, they could also allow hackers to execute code and hijack a device, NISCC warned.

Source: News.com

Yahoo Readies New Shopping Features

Filed under: — Aviran Mordo

Yahoo was set to launch on Tuesday a beta of new Yahoo Shopping features designed to provide online shoppers with more information before making purchases and to allow people to easily share recommendations with each other.

Users can now create lists of their favorite products and share their lists with others. Yahoo also has integrated coupons, rebates and other discounts. Yahoo’s Mobile Shopping beta lets shoppers use their phones to compare product prices while at brick and mortar stores.

You can now visit Shoposphere and Pick Lists beta and enjoy these features yourself.

Source: News.com

Microsoft Creating Supercomputer Software

Filed under: — Aviran Mordo

Microsoft Corp. is developing software for high-performance computers often used in engineering and science research, in a move that puts the company in another head-to-head battle with open-source developers.

Microsoft Chairman Bill Gates plans to announce the release of another test version of the company’s software at a supercomputing industry conference Tuesday in Seattle.

Craig Mundie, one of Microsoft’s chief technical officers, said the company is entering the market as high-powered computers are becoming more affordable, allowing the market to expand to a point where it makes sense for Microsoft to get into it. Such computers are used for computing, storing and sharing data for a wide variety of uses, ranging from creating better medications to engineering automobiles.

While such computers used to easily cost as much as $1 million, Mundie said some are now available for as little as $4,000 or $5,000.

The Microsoft product, called Windows Server 2003 Compute Cluster Edition, is due out in the first few months of 2006. The company has not yet set pricing.

Source: AP

Israel Okays Grant for Intel Chip Plant

Filed under: — Aviran Mordo

Israel ’s government on Monday approved a grant of $525 million for an investment by Intel Corp. to build a new chip plant in Israel , the Ministry of Industry, Trade and Labour said

The ministry said in a statement the grant represents 12.5 percent of the investment in the new plant, which is expected to be around $4.4 billion over four years. It said the investment was the largest ever by an industrial company in Israel.

The ministry said the total investment would reach $5 billion, the bulk of which would go toward Intel’s new plant with the rest going to upgrade its current Fab 18 plant.

A study commissioned by the ministry found that the project would contribute a net $450 million to Israel ’s economy.

Intel, the world’s top chipmaker, was expected to hire 4,400 new workers for the new Fab 28 plant in the southern town of Kiryat Gat, the site of an existing chip plant that employs about 3,500 people, the ministry said.

Intel has yet to officially confirm whether it will build a new plant in Israel.

Source: eWeek

Powered by WordPress