Search

Rss Posts

Rss Comments

Login

 

Posts from July, 2009

Null Character Hack Allows SSL Spoofing

Jul 31

eldavojohn writes “Two researchers, Dan Kaminsky and Moxie Marlinspike, came up with exact same way to fake being a popular website with authentication from a certificate authority. Wired has the details: ‘When an attacker who owns his own domain — badguy.com — requests a certificate from the CA, the CA, using contact information from Whois records, sends him an email asking to confirm his ownership of the site. But an attacker can also request a certificate for a subdomain of his site, such as Paypal.com.badguy.com, using the null character in the URL. The CA will issue the certificate for a domain like PayPal.com.badguy.com because the hacker legitimately owns the root domain badguy.com. Then, due to a flaw found in the way SSL is implemented in many browsers, Firefox and others theoretically can be fooled into reading his certificate as if it were one that came from the authentic PayPal site. Basically when these vulnerable browsers check the domain name contained in the attacker’s certificate, they stop reading any characters that follow the ” in the name.'”

Read more of this story at Slashdot.


View source

RIAA Says "Don’t Expect DRMed Music To Work Forever"

Jul 31

Oracle Goddess writes “Buying DRMed content, then having that content stop working later, is fair, writes Steven Metalitz, the lawyer who represents the MPAA, RIAA in a letter to the top legal advisor at the Copyright Office. ‘We reject the view that copyright owners and their licensees are required to provide consumers with perpetual access to creative works.’ In other words, if it stops working, too bad. Not surprisingly, Metalitz also strongly opposes any exemption that would allow users to legally strip DRM from content if a store goes dark and takes down its authentication servers.”

Read more of this story at Slashdot.


View source

The Pirate Bay Ordered To Block Dutch Users

Jul 31

secmartin writes “In a totally unexpected ruling, a Dutch court has decided that The Pirate Bay should block visitors from the Netherlands within 10 days or face a fine of €30,000 per defendant per day. Peter Sunde has already announced that he will appeal the ruling. Even though the defendants sent a letter explaining that they were unable to come to the hearing and provided arguments in their favor, these were ignored by the judge because they failed to appear in his court. The full text of the ruling was just published (in Dutch, PDF) by Peter Sunde, and further coverage is available at Forbes.”

Read more of this story at Slashdot.


View source

Games That Design Themselves

Jul 31

destinyland writes “MIT’s Media Lab is building ‘a game that designs its own AI agents by observing the behavior of humans.’ Their ultimate goal? ‘Collective AI-driven agents that can interact and converse with humans without requiring programming or specialists to hand-craft behavior and dialogue.’ With a similar project underway by a University of California professor, we may soon see radically different games that can ‘react with human-like adaptability to whatever situation they’re thrust into.'”

Read more of this story at Slashdot.


View source

Inside the Rise of the Domain Name System

Jul 31

Greg Huang writes “Looking back, it’s almost impossible to believe that for most of the 1990s, a single company, Network Solutions, had a government-issued monopoly on registering domain names on the Internet. And considering how central the company was to the growth of the Web, it’s surprising how little of the company’s back story — how it got into the domain name business, or who owned it — has been told. Xconomy has an in-depth interview with two former executives from SAIC, the secretive San Diego defense contractor that bought Network Solutions in 1995 for $5 million and sold off the domain registration business in 2000 for billions of dollars.”

Read more of this story at Slashdot.


View source

Google Warns About Search-Spammer Site Hacking

Jul 31

Al writes “The head of Google’s Web-spam-fighting team, Matt Cutts, warned last week that spammers are hacking more and more poorly secured websites in order to ‘game’ search-engine results. At a conference on information retrieval, held in Boston, Cutts also discussed how Google deals with the growing problem of search spam. ‘I’ve talked to some spammers who have large databases of websites with security holes,’ Cutts said. ‘You definitely see more Web pages getting linked from hacked sites these days. The trend has been going on for at least a year or so, and I do believe we’ll see more of this […] As operating systems become more secure and users become savvier in protecting their home machines, I would expect the hacking to shift to poorly secured Web servers.’ Garth Bruen, creator of the Knujon software that keeps track of reported search spam, added that some campaigns involve creating up to 10,000 unique domain names.”

Read more of this story at Slashdot.


View source

SMS Hack Could Make iPhones Vulnerable

Jul 31

mhx writes “A single character sent by text message could allegedly compromise every iPhone released to date. The technique involves sending only one unusual text character or else a series of ‘invisible’ messages that confuse the phone and open the door to attack. Apple has not released any updates yet, so little can be done, except to power off your iPhone to avoid being hacked.”

Read more of this story at Slashdot.


View source

CentOS Project Administrator Goes AWOL

Jul 31

An anonymous reader writes “Lance Davis, the main project administrator for CentOS, a popular free ‘rebuild’ of Red Hat’s Enterprise Linux, appears to have gone AWOL. In an open letter from his fellow CentOS developers, they describe the precarious situation the project has been put in. There have been attempts to contact him for some time now, as he’s the sole administrator for the centos.org domain, the IRC channels, and apparently, CentOS funds. One can only hope that Lance gets in contact with them and gets things sorted out.”

Read more of this story at Slashdot.


View source

Windows 7 vs. Windows XP On a Netbook

Jul 30

Justin writes “Many in the industry are counting on Windows 7 to bring the netbook market to the next level. Having netbook manufacturers ship netbooks with 7+ year old Windows XP pre-installed surely deterred some from joining the ranks of households with the small, light and portable netbooks. It seems Microsoft has addressed most of the pitfalls of Windows Vista on a netbook by increasing battery life and performance to be very close to that of the lighter-weight Windows XP. Legit Reviews has the full scoop of battery life and performance tests pitting Windows 7 against Windows XP on the ASUS Eee PC 1005HA Netbook.” I’d like to see a follow-up with a few different Netbook-friendly Linux distros, too.

Read more of this story at Slashdot.


View source

Tetraktys

Jul 30

brothke writes “Imagine for a moment what his novels would read like if Dan Brown got his facts correct. The challenge Brown and similar authors face is to write a novel that is both compelling and faithful to the facts. In Tetraktys, author Ari Juels is able to weave an interesting and readable story, and stay faithful to the facts. While Brown seemingly lacks the scientific and academic background needed to write such fiction, Juels has a Ph.D. in computer science from Berkeley and is currently the Chief Scientist and director at RSA Laboratories, the research division of RSA Security.” Read below for the rest of Ben’s review.

Read more of this story at Slashdot.


View source