TechNews
From the news archive.....
Bypass a $200 Biometric Lock with a Paperclip
Several different expensive, modern locks with advanced design concepts proved ineffective against the efforts of Marc Weber Tobias, Toby Bluzmanis, and Matt Fiddler, who have been exposing the poor security design of physical locks at DefCon for years.
The most egregious example appears to be the $200 Biolock Model 333. It provides a fingerprint reader as its main selling point, but also features a remote for locking and unlocking and a physical key in case the fingerprint reader fails to unlock the door for its user.
IT Administrator Gets a Year in Jail for Stealing, Damaging Data
A former senior database administrator for GEXA Energy in Houston was sentenced today to 12 months in prison for hacking into his former employer's computer network.
Six messy Database Breaches So Far in 2010
SWhether it be insecure Web applications, poor password management, or a lack of database policies and monitoring, the average database today is at risk of exposure through a host of different threat vectors that manay organizations are not ever aware of --- let alone are addressing.
Hackers find a new place to hide rootkits
Security researchers have developed a new type of malicious rootkit
software that hides itself in an obscure part of a computer's
microprocessor, hidden from current antivirus products. Called an SSM
(System Management Mode) rootkit, the software runs in a protected part of a
computer's memory that can be locked and rendered invisible to the operating
system but which can give attackers a picture of what's happening in a
computer's memory.
Microsoft
Unveils PC Health Panacea
Microsoft announced earlier this month it will be launching an
internal test of an all-in-one PC “health” service aimed at providing
automated protection, maintenance and performance tuning for Windows-based
PCs. The paid subscription-based service, called Windows OneCare, is a
comprehensive PC health solution that gives users a simplified way to deal
with cyber threats and other conditions that can affect a computer’s
performance.
Wireless
NET Covers Downtown Seattle
A high-speed wireless network that
covers most of downtown Seattle is being rolled out by Internet service
provider Speakeasy. The company chose Seattle as its
first test market, citing the geographic challenges along with the demand
for high-speed Internet in the downtown area. Speakeasy will roll out
similar WiMax networks in other cities if the test in Seattle is successful.
Magazine finds new ways to say "Microsoft"
A new magazine called Redmond makes its debut in October, but
don't look for any stories about Derby Days or the new city hall. Redmond
magazine is a makeover of Microsoft Certified Professional magazine, a
10-year-old trade publication for tech administrators certified to use Microsoft
products, with about 114,000 readers. It's published by Chatsworth, Calif.-based
101 Communications.
IEEE approves 802.11i
security spec
The IEEE has approved yet another specification in the 802.11 family of wireless
Ethernet. This time it's a new Wi-Fi security standard, dubbed 802.11i. The new
specification works by using AES encryption in the transceiver itself,
encrypting data directly at the level just above the actual radio pulses
themselves. That makes it transparent for applications sending data through the
radio, so legacy programs running on new 802.11i-compliant hardware will
automatically get the benefits of the new protocol without the need for
modification.
Tech
training tax credit bill
The "Technology Retraining And Investment Now Act of 2004" ("TRAIN ACT,"
HR 4392) would allow individuals and companies to receive a tax credit for up to
50 percent of technical training costs up to $10,000. Expenses can include
training classes (private or public), certification exams and other expenses
"essential to assessing skill acquisition."
Microsoft creating Windows for supercomputers
Microsoft has launched an effort to produce a version of Windows for
high-performance computing, a move seen as a direct attack on a Linux
stronghold. Microsoft is forming its
High Performance Computing team and planning a new OS version called Windows
Server HPC Edition. Kyril Faenov is director of the effort, and Microsoft is
hiring new managers, programmers, testers and others. Note: This is a
separate product, not to be confused with
HPC for
Windows Server 2003.
Open-source app seeks to run Mac programs on PCs
PearPC, an open-source program in development, aims to
allow users to run Mac-based software on Wintel-based PCs. A duo of
enthusiasts is attempting to launch an open-source program called PearPC that lets PCs built around chips from
Intel and Advanced Micro Devices emulate a machine running the Mac's PowerPC
chip.
Microsoft to Linux: 'Bring
it on'
Bradley Tipp, Microsoft's national system engineer, told the
LinuxUser & Developer Expo in London that competition is good for the whole
software industry and will lead to better products emerging from Redmond,
Wash.-based Microsoft. "The thing I like is that Microsoft does its best work
and is most innovative when it has competition, so bring it on," Tipp said.
Washington Post lets domain registration lapse
The Washington Post Co. neglected to pay the $19 annual registration fee for its
corporate domain name, an oversight that caused the company's internal e-mail
system to crash for part of the day, a company official said Thursday.
IE bug provides phishing tool
A flaw in Internet Explorer makes it easy
for scammers to create dummy sites that look like legitimate ones, and try to
steal information from Web users.
A
newly discovered bug in Microsoft's Internet Explorer Web browser may help
fraudsters trick Internet users into divulging sensitive information and
executing malicious code, according to a security researcher.
'Master' and 'slave' computer labels unacceptable, officials say
Los Angeles officials have asked that
manufacturers, suppliers and contractors stop using the terms "master" and
"slave" on computer equipment, saying such terms are unacceptable and offensive,
according to a memo sent to county vendors. Faced with an avalanche of
complaints from vendors and the general public, Sandoval told Reuters in an
interview that his memo was intended as "nothing more than a request" and not an
ultimatum or policy change.
Go back to top
College
hacking course kindles fiery debate
The University of Calgary in
Canada is opening registration next week on a course, slated to start in the
fall term, that will teach students how to write viruses and worms.
Passport flaw threatens users' account
A serious flaw in Microsoft's Passport service puts users' account, including their personal information and credit card numbers, at risk of being hijacked.
Microsoft: Wear the Web on your wrist
Microsoft, along with watchmakers Citizen Watch, Fossil and Finland's Suunto, on Thursday will show off their latest innovation, Internet wrist-watches! The watches are based on a technology dubbed "Smart Personal Objects Technology" (SPOT), a name given to any consumer electronics devices that can receive and display information from the Internet beamed over a nationwide FM radio network.
Microsoft sidelines
Longhorn database caper
Microsoft has scaled back its 'Big Bang', and its Future Storage initiative will
build on, rather than supersede the NTFS file system, when the next version of
Windows 'Longhorn' appears in 2005. Earlier news reports indicated that
Microsoft was poised to
switch Windows
file system with Blackcomb.
China sees
DSL explosion, U.S. soon to lead
Point Topic this week released their latest
global DSL figures, which not only indicate that the worldwide DSL total has
surpassed 30 million, but that the rate of DSL adoption in China is exploding.
With roughly two million DSL lines, China is now the fifth largest DSL adopter
behind South Korea, the US, Japan and Germany. While South Korea leads all
nations in DSL line totals, the U.S. is expected to become the leader by year's
end.
FBI seeks to trace massive Net attack
As investigators continued tracking the source of
a bid to topple the heart of the Internet this week, experts said the attack was
neither the most efficient nor likely way to inflict pain on the average Web
surfer.
Cheet-Sheets.com owner pleads guilty; may face jail time
Oregon resident Robert R. Keppel, owner of the now-defunct braindump Web sites
Cheet-Sheets.com and CheetSheets.com, pleaded guilty in federal court Friday to
a charge of theft of trade secrets. The charge resulted from allegations made by
Microsoft that Keppel was selling questions and answers to Microsoft
certification exams. When he's sentenced on November 1, Keppel faces up to 10
years in prison and $250,000 in fines. He also forfeited a Lexus RX300, a 1997
Ferrari Spider and $56,000 in cash as part of a plea agreement.
US congress
approves life terms for crackers
The US House of Representatives has approved a bill which raises the penalty for
computer crime to a maximum of life imprisonment. Crackers who put lives at
risk, either knowingly or through "reckless" behavior, could be sent to jail for
life under measures in the Cyber Security Enhancement Act, which the house
yesterday passed an overwhelming majority by 385 votes to three.
Security flaw afflicts popular technology for encrypting e-mail
The world's most popular software for scrambling
sensitive e-mails, Pretty Good Privacy (PGP), suffers from a programming flaw
that could allow hackers to attack a user's computer and, in some circumstances,
unscramble messages.
Bugs puts Unix
servers in a BIND
Security watchers are warning that a security flaw affecting DNS servers running
Unix could prove difficult to fix. A buffer overflow vulnerability in DNS
Resolver Library represents a serious risk to many Unix system using the BIND or
BSD resolver libraries, CERT warned last week.
Why we can't trust Microsoft's 'Trustworthy' OS?
Stung by criticism of its current offerings, Microsoft seems to
be pinning its hopes for a truly "trustworthy" operating system on a future
version of Windows, code-named Palladium. Here's one author's opinion about
what the future might hold for Microsoft and Palladium.
Klez: The
virus that won't die
Virus alert centers are bracing themselves for a new wave of Klez worm
attacks this week: One annoying variant of the persistent pest is expected to
resurrect itself July 6 to send infected e-mail. And, experts warn, it's likely
to continue plaguing us unless we all clean up our acts. The Klez worm is
approaching its seventh month of wriggling across the Web, making it one of the
most persistent viruses of all time. It maintains a dangerous energy and
produces offspring that arise with perilous regularity.
Go back to top
