Domain: netti.fi
Stories and comments across the archive that link to netti.fi.
Stories · 24
-
CCC Hackers Break DECT Telephones' Security
Sub Zero 992 writes "Heise Security (article in German) is reporting that at this year's Chaos Communications Congress (25C3) researchers in Europe's dedected.org group have published an article (PDF) showing, using a PC-Card costing only EUR 23, how to eavesdrop on DECT transmissions. There are hundreds of millions of terminals, ranging from telephones, to electronic payment terminals, to door openers, using the DECT standard." So far, the Heise article's German only, but I suspect will show up soon in English translation. Update: 12/30 21:27 GMT by T : Reader Juha-Matti Laurio writes with the story in English. Thanks! -
Boot Sector Virus Shipped on German Laptops
Juha-Matti Laurio writes "A consignment of laptops from German manufacturer Medion, sold through German and Danish branches of giant retail chain Aldi, have been found to be infected with the boot sector virus 'Stoned.Angelina', first seen as long ago as 1994. The affected notebook models (German language) Medion MD 96290 have been pre-installed with Windows Vista Home Premium and Bullguard anti-virus, which reportedly is unable to remove it. A special removal tool was released to clean the laptops. Aldi has shared the same warning as well. Two years ago several thousands of Creative Zen Neeon MP3 players were shipped with a Windows worm Wullik.B." -
Asus.com Compromised With Exploit Code
Juha-Matti Laurio writes in with news that the Web site of ASUSTeK Computer (asus.com) has been compromised to spread exploit code. The original report from Kaspersky Lab claimed that the compromise lead to code exploiting the recently patched Microsoft Windows Animated Cursor (.ANI) 0-day vulnerability, but sans.org found no evidence of this. Apparently a malicious iframe was added to one of the machines in asus.com's DNS round-robin. -
Microsoft OneCare Last in Antivirus Tests
Juha-Matti Laurio writes "PC World has a story reporting that Microsoft's Windows Live OneCare came in dead last out of a group of 17 antivirus programs tested against hundreds of thousands of pieces of malware. The report of an Austrian antivirus researcher was released at the AV Comparatives Web site this week. Several free AV products were included in the test as well." While the top dog was able to find 99.5% of the malicious code, OneCare clocked in at 82.4%. Of course, there's no metric for the severity of the malware in the 17% gap. -
The Taxman's Web Spider Cometh
Juha-Matti Laurio writes "A five-nation tax enforcement cartel has been quietly cracking down on suspected Internet tax cheats, using a sophisticated Web-crawling program to monitor transactions on auction sites and to track operators of online shops, poker, and porn sites. Austria, Denmark, Great Britain, and Canada have joined The Netherlands in pursuing the 'Xenon' program with the assistance of an Amsterdam-based data mining company. Wired News reports that the Web crawler uses so-called 'slow search' to avoid creating excessive traffic on a site or drawing attention in the sites' server logs." The article notes that the US IRS will neither confirm nor deny using similar technology. -
Google Antiphishing Site Exposed Private User Data
Juha-Matti Laurio writes "Google has removed a few user names and passwords posted inadvertently to a phishing blacklist it compiles and makes publicly available on the Web. This information was submitted to Google by Firefox users with the browser's internal antiphishing toolbar. This feature, developed in cooperation with Google, enables users to report potential phishing sites to Google's blacklist database. Google has reportedly implemented a new mechanism detecting login data in submitted URLs to prevent sensitive information from getting posted to the list." The article notes that news of this minor lapse may obscure the ongoing problem of sensitive data exposed on the Web and findable via Google and other search services. -
Man Used MP3 Player To Hack Cash Machines
Juha-Matti Laurio writes "A man in Manchester, England has been convicted of using an MP3 player to hack cash machines. The MP3 player was plugged into the back of free standing cash machines in bars. Tones being recorded from the phone line were decoded with special software to a readable format. Later this information was used to clone credit cards." -
Demo Virus For Mac OS X Released
Juha-Matti Laurio writes "Heise Security has a report about new Proof of Concept virus for Mac entitled as OSX.Macarena by AV vendor Symantec. Symantec suffered from a slight lapse when it recommended in the first version of the virus description that users clean the system by deactivating the system restoration (Windows ME/XP). It is known that the virus infects other data in the folder in which it is started, regardless of extension, says Heise." -
This Rare Friday the 13th
Juha-Matti Laurio writes to point out a Washington Times story about how special this particular Friday the 13th is. The digits in the numerical notation for the date add up to 13 — whether you write it in the US or the European form. From the article: "The phenomenon hasn't happened in 476 years, said Heinrich Hemme, a physicist at Germany's University of Aachen who crunched the numbers to find that the double-whammy last occurred Jan. 13, 1520." -
French Government Recommends Standardizing on ODF
Juha-Matti Laurio writes "From the InfoWorld article: All French government publications should be made available in OpenDocument Format (ODF), according to a report commissioned by the French prime minister. The new report also suggests that France ask its European partners to do likewise when exchanging documents at a European level. It is recommended that the government will fund a research center dedicated to open-source software security as well, adds the article." -
Bank Accounts of 5,000 UK Terror Suspects Tracked
Juha-Matti Laurio writes to mention an article over at the Guardian, reporting on the surveillance of over 5,000 bank accounts in the interests of terrorist tracking. Accounts at such reputable British banks as HSBC, Barclay, and Lloyds TSB are having their activity tracked for 'suspicious activity'. Financial details from these banks, it turns out, was part of the trail of evidence used to apprehend terrorism suspects in a plot to bomb airplanes last month. From the article: "However, the extent of the banks' involvement in neutering the terrorist threat has sparked a fierce backlash from some British Muslims amid claims of mistaken identities and the persecution of innocent account-holders. Ahmed Salama was stunned when his HSBC account was frozen nine days ago. He received a letter informing him that HSBC wished to end their relationship after 11 years. The decision left Salama unable to pay 12 bills and his mortgage. Despite repeatedly asking for an explanation, HSBC has only told him it detected 'suspicious' payments in his account." -
The Face of One AOL Searcher Exposed
Juha-Matti Laurio writes "No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from "numb fingers" to "60 single men" to "dog that urinates on everything., report NYT journalists Michael Barbaro and Tom Zeller Jr., but with a permission from Mrs. Thelma Arnold, 62. "Those are my searches," she said, after a reporter read part of the list to her, continues the article." -
Spyware Disguises Itself as Firefox Extension
Juha-Matti Laurio writes "The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension. The trojan installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks. It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server. The most dangerous part of the issue is that it records itself directly into the Firefox configuration data, avoiding the regular installation and confirmation process." -
Nuclear Agency Worker Information Hacked
Juha-Matti Laurio writes to mention a Reuters report about a fairly worrying case of identity theft. A determined hacker gained access to the U.S. National Nuclear Safety Administration's records and made off with the information for over 1,500 employees and contractors. From the article: "The incident happened last September but top Energy Department officials were not told about it until this week, prompting the chairman of the House of Representatives Energy and Commerce Committee to demand the resignation of the head of the NNSA. An NNSA spokesman was not available for comment." -
Jobs' Glass Elevator Locks in Group Customers
Juha-Matti Laurio writes "Not eight days after Apple's new New York flagship store was unveiled, Stevie Jobs' fantastical glass elevator began acting a bit wonky, first opening and shutting its doors, then finally sealing in its passengers on the upper level. Apple store employees worked their hardest to release the bunch, but eventually the NYPD had to be called; the elevator's hydraulic system had to be drained. Close-up picture included to the source story as well." -
Spacecraft Crashes Into Satellite
Juha-Matti Laurio writes "A robotic NASA spacecraft designed to rendezvous with an orbiting satellite instead crashed into its target. Unbeknownst to engineers at the time, DART's main sensor mistakenly believed it was flying away from the satellite when it was actually moving 5 feet per second toward it, investigators found." -
Firefox Update Kills Bugs, Adds Mac Support
Juha-Matti Laurio writes "Several vulnerabilities are fixed in version Firefox 1.5.0.2, which was released on Thursday. In addition to security patches Firefox now includes some stability enhancements and, as expected, includes native support for Apple Computer's Macs with Intel processors. Secunia has a detailed advisory about vulnerabilities fixed with this release." -
Mozilla Severs Netscape News Legacy
Juha-Matti Laurio writes "After years of official separation, Mozilla is just now shaking off some of the last vestiges of its parental association with Netscape. From the article: 'Mozilla's Usenet public newsgroups have been moved from netscape.public.mozilla.* to just mozilla.*. The renaming officially ends Mozilla's public Netscape news legacy after more than 8 years of active use. Most of the approximately 63 different newsgroups that began with the old moniker have now been officially abandoned.' Related: Earlier this week Netscape Communications released version 8.1 of its Netscape Browser." -
The Backhoe, The Internet's Natural Enemy
Juha-Matti Laurio writes "Experts say last week's Sprint outage is a reminder that with all the attention paid to computer viruses and the latest Windows security holes, the most vulnerable threads in America's critical infrastructures lie literally beneath our feet. A study issued last month by the Common Ground Alliance, or CGA -- an industry group comprised of utilities and construction companies -- calculated that there were more than 675,000 excavation accidents in 2004 in which underground cables or pipelines were damaged." I estimate that one third of those accidents occured within the 5 block radius surrounding my office. -
Mozilla Thunderbird 1.0.7 Released
Juha-Matti Laurio writes "MozillaZine has a report about new Mozilla Thunderbird 1.0.7 release. Among other changes, this minor release includes fixes for the Linux command line URL parsing security flaw. Thunderbird 1.0.7 can be downloaded from the Thunderbird product page. 'Extremely Critical' Secunia advisory will be updated very soon." -
Firefox Moving On From SSL 2.0
Juha-Matti Laurio writes "Plans are afoot to remove support for SSL version 2.0 in Mozilla Firefox, reports MozillaZine portal. Mozilla Foundation is eager to disable support for SSL 2.0 and have all Firefox installations use only the newer and more secure SSL 3.0 and TLS 1.0 protocols." From the post: "Netscape Communications Corporation introduced SSL 2.0 with the launch of Netscape Navigator 1.0 in 1994. Netscape Navigator 2.0 included support for SSL 3.0 when it was released in 1996. The specification for TLS 1.0, essentially a standardized version of SSL 3.0 with some differences, was published in 1999." -
Internet Security Warnings
Juha-Matti Laurio writes "Internet Storm Center's Diary reported today: Due to a number of very well working Windows exploits for this weeks patch set, and the zero-day Veritas exploit, we decided to turn the Infocon to yellow. The following Internet Threat Level meters are at level 2/4 because of Windows Plug and Play vulnerability's several exploit codes too: Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon." -
Microsoft Releases Eight Security Updates
Juha-Matti Laurio writes "After a very uncommon break in March Microsoft has just published 8 new security updates. Almost all updates that are a part of the monthly release cycle are rated as 'Critical.' New Windows Shell vulnerability, named as MS05-016 is only 'Important,' but Windows XP Service Pack 2 is affected too, however. This is not the first time when there was something to fix at Shell32.dll. Vulnerabilities in TCP/IP that could allow remote code execution and denial of service at cumulative bulletin MS05-019 are affecting SP2 too. Windows Kernel, Exchange, MSN Messenger, Word (Office) and Internet Explorer get their updates as well." -
How Tomcat Works
Petri Aerikkala writes "Don't judge a book by its cover, but by what it covers. How Tomcat Works has a very ordinary cover, but I cannot overemphasize how useful its contents are. This book does what the title says, plus much more. It is useful for not only those using Tomcat or those working with servlets/JSP/J2EE, but also for all Java developers in general." Read on for the rest of Aerikkala's review. How Tomcat Works author Budi Kurniawan and Paul Deck pages 458 publisher BrainySoftware rating 8 reviewer Petri ISBN 097521280X summary Explains how Tomcat works and how to build a servlet container of your ownFirst of all, this is the only book I know of that explains how the complete system works. You can find good documentation on how to use this most popular servlet container on the Tomcat project's Web site, but little is said about how it works. If you want to join this open source project, good luck. You should consider yourself lucky (or very brilliant) if you can understand how the system works in less than 3 months by browsing through its millions of lines of code.
However, why I find this book appealing is because of the approach the authors take in analyzing it: build Tomcat from scratch, line of code by line of code, module by module. Miraculously, in doing so they never fail to make sure their readers can follow the technical discussions. In their hands, Tomcat looks easy that even beginners of Java can understand. There are many complex technologies used in Tomcat, and they are all explained well.
The book starts off by building a dummy Web server that can do no more than sending a static HTML page. The web server is simple and consists of only three classes. The backbone of this application is the java.net.Socket class, and the authors take their time explaining this class at the beginning of the chapter. Basically, this is how the application in this chapter works: for each HTTP request, open a socket connection to the client, read the content of the static file, and send the file to the browser. As simple as that.
Chapter 2 builds on the application in Chapter 1. In this chapter, the web server gets some intelligence. It is now able to invoke a basic servlet by calling the servlet's service method. However, more complex servlets are beyond this simple servlet container, mainly because the container passes a null ServletRequest and a null ServletResponse objects to the service method. Before the authors start coding, they explain the javax.servlet package in general so that those new to servlet programming can understand this chapter.
Chapter 3 explains how to create ServletRequest and ServletResponse objects so that the servlet container in Chapter 2 can do more. The excitement comes in Chapter 4 when the authors explain how to pool ServletRequest and ServletResponse objects to beef up performance. This topic is not only relevant to Tomcat, but also Java programming in general. Object instantiation is expensive, and one way to avoid it is by reusing objects. However, you must be careful when your application will be used by many clients, as you must then think about thread safety. Chapter 4 elegantly explains how Tomcat developers solve this problem, as well as teach you a general solution for object pooling. Interestingly, a servlet is always represented by a single instance, and the same instance services all incoming requests.
The authors are also patient in explaining everything step by step, until the last chapters where they tackle more difficult problems such as Digester, JMX, class loaders and session management.
Not only will you be good at configuring Tomcat after you are finished reading this, you will also be able to tell straight away what's going on whenever your Tomcat installation throws up some error message. In addition, if you are really serious about Tomcat, you can start thinking of writing your own modules or extending the existing ones. For example, as the authors have demonstrated, you can extend Tomcat's application loader to automatically reload a Struts application when the struts-config.xml is modified, making the application development process quicker.
This book is also great in answering many questions that seasoned servlet/JSP programmers might have long been pondering. For example, this book discusses the difference between an OutputStream and a PrintWriter, and why you can only use one of them rather than both. It also tells you why you cannot write to the request parameters or headers.
Now, as much as I liked it, this book is not perfect. The first noticeable flaw is that there are quite a number of disturbing spelling mistakes. Also, the index could have been better, not to mention a cover that is plain and uninspiring. However, I have to admit I am very happy with this book and will recommend it to any Java programmer.
You can purchase How Tomcat Works from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.