4/30/2008

Hackers hit French magazine website over China poll

Filed under: — Aviran Mordo

Hackers attacked the website of a French magazine this month, attempting to sway an opinion poll on the Beijing Olympics and change the site’s content, its publisher said on Wednesday.

Jean-Joel Gurviez said the website of business magazine Capital was first hit in March, when it opened a poll on whether France should boycott the Games’ opening ceremony in China.

“On the first day, we had about 300 responses, which was normal for this type of poll, and they were 80 percent in favour of a boycott. The next day there were 20,000 responses, with 80 percent opposing a boycott,” he said.

Almost all of the responses arrived via Chinese servers, Gurviez said, leading technicians to initially think the influx was driven by Chinese sites directing patriotic fans to vote.

“But a few days later we had hackers operating off servers in China try to change our content, and there were 2.5 million attempts to access protected files. We had to shut down the site temporarily,” he said.

Microsoft Helps Law Enforcement Get Around Encryption

Filed under: — Aviran Mordo

The growing use of encryption software– like Microsoft’s own BitLocker– by cyber criminals has led Microsoft to develop a set of tools that law enforcement agents can use to get around the software, executives at the company said.

Microsoft first released the toolset, called the Computer Online Forensic Evidence Extractor (COFEE), to law enforcement last June and it’s now being used by about 2,000 agents around the world, said Anthony Fung, senior regional manager for Asia Pacific in Microsoft’s Internet Safety and Anti-Counterfeiting group. Microsoft gives the software to agents for free.

While Microsoft can point to wide usage of COFEE, some experts are skeptical about using that type of tool to recover data, and even the developer of the product at Microsoft acknowledges that it’s not accepted by some users.

Fung, who initiated the creation of COFEE, spent 12 years as a police officer in Hong Kong, with the final seven dedicated to fighting cybercrime. When he joined Microsoft, he sought to devise a way that agents could do better at finding valuable information on computers used by cyber criminals.

While COFEE doesn’t break BitLocker or open a back door, it captures live data on the computer, which is why it’s important for agents not to shut down the computer first, he said.

COFEE is a set of software tools that can be loaded onto a USB drive. Brad Smith, general counsel at Microsoft, called it a “Swiss Army knife for law enforcement officers,” because it includes 150 tools. A law enforcement agent connects the USB drive to a computer at the scene of a crime and it takes a snapshot of important information on the computer. It can save information such as what user was logged on and for how long and what files were running at that time, Fung said. It can be used on a computer using any type of encryption software, not just BitLocker.

MS Delays Windows XP Service Pack 3

Filed under: — Aviran Mordo

Although the final upgrade to the Windows XP operating system was supposed to be made available this week on Microsoft’s Download Center, Microsoft has apparently decided to delay its release. Service Pack 3 was originally released to manufacturing on April 21 and plans were set for May 2 to make the upgrade available via MSDN and Technet download.

The issue cited by Microsoft relates to compatibility problems between SP3 and the Microsoft Dynamics RMS for small and midsize businesses. The glitch also affects Windows Vista Service Pack 1, which Microsoft began pushing out for automatic updates last week.

The SP3 upgrade includes a variety of bug fixes and other minor enhancements to the Windows XP operating system. Several Windows Vista features are also included, such as Network Access Protection, “black hole” router detection, and the Microsoft Kernel Cryptographic Module. The SP3 service pack also incorporates all fixes made in prior versions.

The laundry list of operating systems covered by the service pack includes Windows XP, Windows XP Home Edition, Windows XP Home Edition N, Windows XP Media Center Edition, Windows XP Professional Edition, Windows XP Professional N, Windows XP Service Pack 1, Windows XP Service Pack 2, Windows XP Starter Edition, and Windows XP Tablet PC Edition. The download size is between 428KB and one megabyte, depending on which components are selected.

Nvidia to make all your PC games 3D (if you so choose)

Filed under: — Aviran Mordo

Thanks to a new software driver Nvidia is cooking up, any PC game can be played in 3D, with no extra work on the part of game developers.

Beginning this summer, any PC with an Nvidia graphics processor will have the ability to run a game in normal mode, or in 3D, with the aid of 3D glasses.

The software driver will enable the ability to have two views–left eye and right eye–which, at the push of a button, appear blurry and pixelated to the naked eye. When viewed through 3D lenses though, the game pops into three-dimensional mode.

The important part is that game developers won’t have to do anything differently. They just continue to make their games the way they want, and Nvidia will take care of the rest. It’s just an option for gamers though–it doesn’t mean all games have to be three-dimensional.

Radiohead says no more music freebies

Filed under: — Aviran Mordo

Radiohead won’t be repeating its initiative to let fans pay what they want for their downloads, The English rock band’s frontman said Tuesday.

“I think it was a one-off response to a particular situation,” Thom Yorke said of the band’s decision last October to let viewers pay what they wanted for digital downloads of the new album “In Rainbows.”

“Yes. It was a one-off in terms of a story. It was one of those things where we were in the position of everyone asking us what we were going to do. I don’t think it would have the same significance now anyway, if we chose to give something away again. It was a moment in time,” Yorke told the Hollywood Reporter.

Radiohead’s decision to allow fans to pay into the online equivalent of an honesty box for the album came shortly after it walked away from troubled record label EMI, sparking acres of comment about the future direction of the music industry and the dwindling revenue pot from CD sales.

The band has remained quiet about whether the experiment was a success, with many fans thought to have downloaded the album without paying anything at all. “In Rainbows” was later released conventionally as a CD, and topped the U.S. and U.K. charts.

Electronics makers to create home networking standard

Filed under: — Aviran Mordo

Several electronics manufacturers said Tuesday they are working to create a worldwide standard for how their devices will talk with each other in people’s homes.

The effort, launched by Infineon Technologies AG, Intel Corp., Panasonic and Texas Instruments Inc., is aimed at making sure everyone is on the same page when it comes to home wiring for digital entertainment such as movies, music and pictures.

The HomeGrid Forum would create standards for coaxial cable, power lines and phone lines, and certify products that meet those standards.

As more people connect computers, gaming consoles, and TVs in their homes to enjoy digital entertainment, the industry hopes to create a seamless standard so that content can be more easily used.

4/29/2008

Malware authors turn to EULAs to protect their work

Filed under: — Aviran Mordo

Selling botnets for particular attacks, black markets for stolen identities, and malware construction kits are all now par for the course for the increasingly commercial malware industry. Discovering that malware authors have actually turned to End-User License Agreements (EULAs) in an attempt to protect their own intellectual property, however, most definitely qualifies as something new, different, and beautifully ironic.

Symantec security researcher Liam OMurchu has details on this latest development. The help section of the latest version of the Zeus malware states that the client has no right to distribute Zeus in any business or commercial purpose not connected to the initial sale, cannot examine the source code of the product, has no right to use the product to control other botnets, and cannot send the product to anti-virus companies. The client does agree to “give the seller a fee for any update to the product that is not connected with errors in the work, as well as for adding additional functionality.” Modern license agreements take a great deal of (deserved) fire for being absurdly draconian, but even the likes of Adobe and Microsoft don’t claim that purchasing a version of their respective products locks the user into buying future editions.

It’s obviously difficult for the manufacturers of an illegal product to threaten legal sanctions against an infringer, but the Zeus authors give it their best shot. According to the EULA, “In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies.” Frankly, “We’ll blow your kneecaps off and feed them to you,” might be a bit more effective as a threat, but I suppose it’s a bit hard to carry out that threat over the Internet.

A Google Prototype for a Precision Image Search

Filed under: — Aviran Mordo

Google researchers say they have a software technology intended to do for digital images on the Web what the company’s original PageRank software did for searches of Web pages.

On Thursday at the International World Wide Web Conference in Beijing, two Google scientists presented a paper describing what the researchers call VisualRank, an algorithm for blending image-recognition software methods with techniques for weighting and ranking images that look most similar.

Although image search has become popular on commercial search engines, results are usually generated today by using cues from the text that is associated with each image.

Despite decades of effort, image analysis remains a largely unsolved problem in computer science, the researchers said. For example, while progress has been made in automatic face detection in images, finding other objects such as mountains or tea pots, which are instantly recognizable to humans, has lagged.

CinemaNow to offer movie orders via cell phone

Filed under: — Aviran Mordo

Privately held digital entertainment provider CinemaNow said on Tuesday that U.S. consumers would be able to use their cell phones to view movie trailers and order full-length movies to watch on their home television or computer through its mobile website.

The service, offered on Web-capable phones at mobile.cinemanow.com, would let U.S. consumers immediately buy or rent a movie when they hear about a new offering while they are out with friends.

4/28/2008

Microsoft denies fault in hacks

Filed under: — Aviran Mordo

Microsoft is denying that a recent rash of Web server attacks are the company’s fault.

In a blog posted late Friday night, Bill Sisk, of the Microsoft Security Response Center, wrote that the attacks are not due to any new or unknown security flaws in Internet Information Services or Microsoft SQL Server. Rather, he says, the attacks are made possible by SQL injection exploits and points Web developers to the company’s list of best practices to prevent such attacks.

Ongoing attacks have affected half a million Web pages, compromising them so they serve up malware, according to several reports. The hacked sites include government sites in the U.K. and sites belonging to the United Nations.

All it takes for a user’s computer to become infected is a visit to a compromised site. While viewing that site, the injected Javascript loads a file named 1,js. The file is located on a malicious server, which then attempts to execute eight different exploits targeting Microsoft applications.

Searching for ways to improve Office

Filed under: — Aviran Mordo

For those who have trouble finding their old commands in Office’s new Ribbon interface, Microsoft has a new option: search for it.

On Monday, the company is releasing an Office add-on called search commands that lets users type the function they are looking to do. After months of testing it internally, Microsoft is ready to give the public a chance to try it out. But the new tool won’t be found on Microsoft’s main Web site.

Rather, it will be available via a new effort, dubbed Office Labs. Spearheaded by Microsoft veteran Chris Pratley, Office Labs is Microsoft’s attempt to test out productivity ideas that may–or may not–be ready for prime time.

In an interview, Pratley said Office Labs is designed to try out anything from just a feature to an entire new product concept. The goal is to get feedback early on, before deciding where to put the big development dollars.

“It’s kind of expensive to make an entire product and then put it out there and see if it’s any good,” he said. Pratley knows firsthand. He was among those who helped create the Office OneNote application earlier this decade after spending the 1990s working on Word and Excel.

Black Duck Buying Koders for Code Search

Filed under: — Aviran Mordo

Black Duck Software plans to announce Monday that it has purchased the assets of Koders, maker of a code search engine and other tools, for an undisclosed sum.

Black Duck sells products and services based around the use of open-source and third-party code in software development projects.

“We believe that by doing this acquisition, we expand our reach into the developer community,” said Black Duck CEO Douglas Levin.

Koders competes with Krugle, which recently launched the 2.0 version of its code search appliance. While Black Duck considered purchasing other companies, Levin declined to provide any details of those discussions or name the vendors.

Powered by WordPress