Slashdot Mirror

ndogg writes "Security experts found that the iPhone 3GS has very little security, even with a PIN set up. They plugged one into Ubuntu 10.04, and it was automounted with almost all of the iPhone's data exposed. This has been reported to Apple, but the company seems to be having difficulty reproducing the problem."

Lipton-Arena writes "In a thought-provoking guest editorial on ZDNet, Google security guru Michal Zalewski laments the IT security industry's broken promises and argues that little has been done over the years to improve the situation. From the article: 'We have in essence completely failed to come up with even the most rudimentary, usable frameworks for understanding and assessing the security of modern software; and spare for several brilliant treatises and limited-scale experiments, we do not even have any real-world success stories to share. The focus is almost exclusively on reactive, secondary security measures: vulnerability management, malware and attack detection, sandboxing, and so forth; and perhaps on selectively pointing out flaws in somebody else's code. The frustrating, jealously guarded secret is that when it comes to actually enabling others to develop secure systems, we deliver far less value than could be expected.'"

An anonymous reader writes "Is vibration killing disk performance? ZDnet reports on research that a carbon fiber anti-vibration rack increased random read performance by 56% to 246% and random write [performance] by 34% to 88%. Vibration is a known disk problem, but this is one of the few attempts to quantify its impact — which looks to be much greater than suspected."

Blue Taxes writes "The cross-site scripting filter that ships with Microsoft's Internet Explorer 8 browser can be abused by attackers to launch cross-site scripting attacks on websites and web pages that would otherwise be immune to this threat. The IE8 filter works by scanning outbound requests for strings that may be malicious. When such a string is detected, IE8 will dynamically generate a regular expression matching the outbound string. The browser then looks for the same pattern in responses from the server. If a match is made anywhere in the server's response, the browser assumes that a reflected XSS attack is being conducted and the browser will automatically alter the response so that the XSS attack cannot succeed. The researchers figured out a way to use IE8's altered response to conduct simple abuses and universal cross-site scripting attacks, which worked against sites that would not otherwise have been vulnerable to XSS." Here is the researchers' backgrounder (PDF) on the attack. Microsoft says that they have issued two patches that address the issue, but the researchers insist that holes remain.
Update: 04/20 14:06 GMT by KD : Microsoft's Security Response Center has issued a statement on the vulnerability.

dp619 writes "Concepts outlined in Microsoft's internal 'Midori' OS documents are materializing in .NET, according to an SD Times report. Midori is a new operating system project that is designed for distributed concurrency. Microsoft has assigned some of its all-star programmers to the project, while recruiting others. It is also working on other projects to replace Windows that make the OS act more like a hypervisor."

Hugh Pickens writes "PC World reports that Victorinox, maker of the legendary Swiss Army Knife, has launched a new super-secure memory stick that sounds like something out of Mission: Impossible. The Secure Pro USB comes in 8GB, 16GB, and 32GB sizes, and provides a variety of security measures including fingerprint identification, a thermal sensor, and even a self-destruct mechanism. Victorinox says the Secure is 'the most secure [device] of its kind available to the public.' The Secure features a fingerprint scanner and a thermal sensor 'so that the finger alone, detached from the body, will still not give access to the memory stick's contents.' While offering no explanation how the self-destruct mechanism works, Victorinox says that if someone tries to forcibly open the memory stick it triggers a self-destruct mechanism that 'irrevocably burns [the Secure's] CPU and memory chip.' At a contest held in London, Victorinox put its money where its mouth was and put the Secure Pro to the test offering a £100,000 cash prize ($149,000) to a team of professional hackers if they could break into the USB drive within two hours. They failed."

ActionDesignStudios writes "The upcoming release of Ubuntu, titled 'Lucid Lynx,' has just entered the beta cycle. Alongside the usual desktop and server versions, a special version has been released that is designed to run on Amazon's EC2 cloud service. This release of Ubuntu does away with the brown 'Human' Gnome theme we've all become accustomed to, replaced by a new version Canonical says is inspired by light. The new release also includes much better integration with social networking services such as Twitter, identi.ca and Facebook, among others."

gollum123 writes "US regulators may dedicate spectrum to free wireless Internet service for some Americans to increase affordable broadband service nationwide, the Federal Communications Commission said on Tuesday. The FCC provided few details about how it would carry out such a plan and who would qualify, but will make a recommendation under the National Broadband Plan set for release next week. The agency will determine details later. One way of making broadband more affordable is to 'consider use of spectrum for a free or a very low-cost wireless broadband service,' the FCC said in a statement." Nobody has more than a couple of paragraphs on this story. None of the press coverage mentions the obvious likelihood that any such free network would be heavily filtered, censored, and monitored.

Hugh Pickens writes "Adam Mills writes in the Examiner that Apple has been cutting off access to the iTunes App Store for iPhone hackers and jailbreakers. Sherif Hashim, the iPhone developer who successfully hacked the iPhone OS 3.1.3 and unlocked the 05.12.01 baseband for iPhone 3GS and 3G devices, discovered he'd been cut off and twittered: '"Your Apple ID was banned for security reasons," that's what i get when i try to go to the app store, they must be really angry.' Another hacker, iH8Sn0w, who is behind the Sn0wbreeze tool, confirms that his account has also been deactivated even though iH8sn0w's exploit had only been revealed to Dev Team, the group responsible for the PwnageTool. 'It is kind of surprising that two people associated with jailbreaking have had this happen to them so soon after one another, but it's too early to say if this is a campaign that Apple is starting up,' writes Mills."

Opera has released its 10.5 beta (for Windows only; Linux and Mac coming). Opera calls 10.5 "the fastest browser on earth," but the jury is out on this claim. WebMonkey says that the new beta feels snappy in their informal testing. Both CNET and ZDNet ran two quick benchmarks that measure JavaScript performance, SunSpider and V8. ZDNet found Opera beating out Chrome in SunSpider but lagging in V8. CNET found Chrome ahead in both tests. What is clear however is that Opera's Carakan JavaScript engine has made up much of the ground in the performance wars; The Reg estimates that 10.5 is seven times faster in the JavaScript stakes than Opera's shipping 10.1 release.

Grotendo writes "Microsoft plans to release an emergency patch for Internet Explorer very soon to counter targeted attacks and the publication of exploit code for a 'browse and you're owned' vulnerability in its flagship Web browser. The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. This could happen as early as this weekend." Microsoft has downplayed the seriousness of the IE zero-day, and insisted that it affects only IE6 even as security researchers close in on exploits for IE7 and IE8. Microsoft has had no comment about the firestorm that Google unleashed by directly accusing the Chinese of cyber espionage. ShadowServer has up a sobering post on the massive extent of the problem of "groups that can be referred to as the Advanced Persistent Threat."

blognoggle writes "Roger Sessions, a noted author and expert on complexity, developed a model for calculating the total global cost of IT failure. Roger describes his approach in a white paper titled The IT Complexity Crisis: Danger and Opportunity. He concludes that IT failure costs the global economy a staggering $6.2 trillion per year."

mark0 writes "Getting a fair-price refund from Amazon or Asus after declining the Windows XP EULA appears to be a thing of the past. In contrast to reports from the US and the UK from earlier in the year, Amazon simply refuses and provides information to contact Microsoft. Asus is offering US$6. Despite being confronted with publicly available information about the real OEM price of Windows XP Home Edition being $US25-US$30, Asus replies, 'The refund price for the decline of the EULA is correct in it being US$6. This price unfortunately is not negotiable. I do apologize for any inconvenience this may have caused. Please be assured that it is not ASUS intentions to steer you away in any which way.'"

yuveraj writes to mention that Pranav Mistry, the brain behind the innovative "SixthSense" application demoed earlier this year, plans to open source the technology in order to get this to the streets faster. "Mistry’s decision has meaning beyond Sixth Sense. The desire of inventors is always to get their work into the market as quickly as possible. Usually this means waiting for it to be turned into a useful, profitable invention. Mistry is bypassing this by going straight to open source. There is no report on which license he will use, but whichever one he does choose he has put paid to the canard that open source and innovation are incompatible, for all time."

An anonymous reader writes "Paul Carr, writing for TechCrunch, has posted his take on some of the flaws inherent to today's fast-paced news ecosystem, where bloggers often get little or no editorial feedback and interesting headlines are passed around faster than ever. His article was inspired by a recent story on ZDNet that accused Yahoo of sharing the names and emails of 200,000 users with the Iranian government; a report that turned out to be false, yet generated a great deal of outrage before it was disproved. Carr writes, 'Trusting the common sense of your writers is all well and good — but when it comes to breaking news, where journalistic adrenaline is at its highest and everyone is paranoid about being scooped by a competitor, that common sense can too easily become the first casualty. Journalists get caught up in the moment; we get excited and we post stupid crap from a foreign language student blog and call it news. And then within half a minute — bloggers being what they are — the news gets repeated and repeated until it becomes fact. Fact that can affect share prices or ruin lives. This is the reality of the blogosphere, where Churchill's remark: that "a lie gets halfway around the world before the truth has a chance to get its pants on" is more true, and more potentially damaging, than at any time in history.'"

alphadogg writes "Microsoft appears to have reached an agreement with the European Commission that concludes an antitrust battle that has lasted a decade, Europe's top competition regulator said today. A proposal the company offered in July to address charges of monopoly abuse were dismissed as insufficient by the Commission, as well as by rivals in the software industry. But the latest iteration appears to have mollified the EC's regulator. 'We believe this is an answer,' said competition commissioner Neelie Kroes in a press conference. 'I think this is a trustful deal we are making. There can't be a misunderstanding because it is the final result of a long discussion between Steve Ballmer and me.' The new settlement offer addresses charges that Microsoft distorted competition in its favor in the market for web browsers, by giving its Internet Explorer browser an unfair advantage over rivals." The Register points out this interesting quote from the materials Microsoft released on the subject: "Microsoft shall ensure that third-party software products can interoperate with Microsoft's Relevant Software Products using the same Interoperability Information on an equal footing as other Microsoft Software Products."

An anonymous reader writes "A Google study of DRAM errors in their data centers found that they are hundreds to thousands of times more common than has been previously believed. Hard errors may be the most common failure type. The DIMMs themselves appear to be of good quality, and bad mobo design may be the biggest problem." Here is the study (PDF), which Google engineers published with a researcher from the University of Toronto.

An anonymous reader writes "The infamous Green Dam censorship software has suffered yet another blow. As ZDNet explains, Dam Burst, a tool released by security researcher Jon Oberheide, allows unprivileged users to disable the censorware by removing the hooks that enable it to monitor and block user activity, effectively restoring running applications to their original uncensored state. While the Dam Burst software is currently available at Oberheide's website, community mirrors will undoubtedly be necessary to avoid blocking by the Great Firewall."

Several sources are reporting that The Data Liberation Front, a new engineering group within Google, is trying make it easier for users to move their data in and out of Google products. They have already "liberated" about half of Google's offerings (including Blogger and Gmail) and have plans to liberate Google Sites and Google Docs in the near future. "In a blog post this morning, Data Liberation engineering manager Brian Fitzpatrick, uses a good analogy to explain why the company sees this is an important step: 'Imagine you want to move out of your apartment. When you ask your landlord about the terms of your previous lease, he says that you are free to leave at any time; however, you cannot take all of your things with you - not your photos, your keepsakes, or your clothing. If you're like most people, a restriction like this may cause you to rethink moving altogether. Not only is this a bad situation for you as the tenant, but it's also detrimental to the housing industry as a whole, which no longer has incentive to build better apartments at all. Although this may seem like a strange analogy, this pretty accurately describes the situation my team, Google's Data Liberation Front, is working hard to combat from an engineering perspective.'"

eldavojohn writes "With authors, scholars, the DoJ and publishers ripping apart the Google book deal, it's Microsoft's turn. They're claiming it's frankly an illegal 'joint venture' and not a settlement. According to ZDNet, Microsoft's four complaints against the deal are: 1) Future infringements are covered by the settlement, affecting the exclusive rights of absent class members for the life of their copyrights. 2) The deal gives away to Google vast rights that were not contested in the underlying litigation. The lawsuits dealt with Google's displaying brief excerpts. Instead of compromising on that infringement, the parties instead agreed to give away the rights to display entire books. 3) The publishers who negotiated this deal each have undisclosed side deals with Google, which will likely give them better terms than the class will get. 4) The publishers plan to exclude their own works from the deal. You might recall over a year ago Microsoft's own scanning effort died."

SphereOfInfluence writes "Dion Hinchcliffe over on ZDNet declared in a new post that the Web OS has finally arrived and that businesses and IT departments must adjust to the fact that everything's starting to move to the cloud. He cites John Hagel's so-called big business shifts of the 21st century and claims cloud computing, crowdsourcing, open APIs, Software-as-a-Service are the future of the workplace. He goes on to present a compelling visual model of the Web OS circa 2009 and examples to back up some of the statements."

SphereOfInfluence writes "Dion Hinchcliffe over on ZDNet declared in a new post that the Web OS has finally arrived and that businesses and IT departments must adjust to the fact that everything's starting to move to the cloud. He cites John Hagel's so-called big business shifts of the 21st century and claims cloud computing, crowdsourcing, open APIs, Software-as-a-Service are the future of the workplace. He goes on to present a compelling visual model of the Web OS circa 2009 and examples to back up some of the statements."

oranghutan writes "A judge in a Texas court has given Microsoft 60 days to comply with an order to stop selling Word products in their existing state as the result of a patent infringement suit filed by i4i. According to the injunction, Microsoft is forbidden from selling Word products that let people create XML documents, which both the 2003 and 2007 versions let you do. Michael Cherry, an analyst quoted in the article, said, 'It's going to take a long time for this kind of thing to get sorted out.' Few believe the injunction will actually stop Word from being sold because there are ways of working around it. In early 2009, a jury in the Texas court ordered Microsoft to pay i4i $200 million for infringing on the patent. ZDNet has a look at the patent itself, saying it 'sounds a bit generic.'"

Keldrin_1 writes "Researchers Alfredo Ortega and Anibal Sacco, from Core Security Technologies, have discovered a vulnerability in the 'Computrace LoJack for Laptops' software. This is a BIOS-level application that calls home for instructions in case the laptop is ever lost or stolen. However, what the application considers 'home' is subject to change. This allows the creation of malware capable of 'infecting the BIOS with persistent code that survive reboots and reflashing attempts.' Computers from Dell, Lenovo, HP, Toshiba, Asus, and others may be affected."

theodp writes "Should Mark Zuckerberg want to identify a snitching Facebook employee, Elon Musk wish to set a trap for loose-lipped Tesla employees, or Steve Jobs want to 'play Asteroid,' they'll be happy to know that a new IBM 'invention' makes it easier than ever to be paranoid. In a newly-disclosed patent application for Embedding a Unique Serial Number into the Content of an Email for Tracking Information Dispersion (phew!), Big Blue describes how it's automated the creation of Canary Traps with patent-pending software that makes ever-so-slight changes to e-mail wording to allow you to spy on the unsuspecting recipients of your e-mail."

CWmike writes "Attacks exploiting the latest Microsoft vulnerability are quickly ramping up in quantity and intensity, several security companies warned today as they rang alarms about the developing threat. Symantec, Sunbelt Software, and SANS' Internet Storm Center bumped up their warnings yesterday after Microsoft announced that attackers were exploiting a bug in an ActiveX control used by IE to display Excel spreadsheets. There is no patch for the vulnerability; Microsoft didn't release one in today's Patch Tuesday. A temporary fix that sets the 'kill bits' of the ActiveX control is available, but experts believe it's likely most users won't take advantage of the protection. Symantec raised its ThreatCon ranking to the second of four steps. "We're seeing it exploited, but currently on a limited scale," said Symantec's Ben Greenbaum. Sunbelt also bumped up its ranking, to high." Firefox users can't be too complacent; Secunia is warning of a 0-day in version 3.5.

fysdt writes to share that IronKey has released a USB flash drive with self-destruct capability. Specializing in "secure flash drives," IronKey has launched the S200 aimed at government and enterprise customers, "featuring hardened physical security, the latest Cryptochip technology, active anti-malware and enhanced management capabilities. It's the 'first and only USB storage device to achieve FIPS 140-2, Level 3 validation' and delivers advanced Cryptochip featuring AES-256, tamper-resistance and self-destruction circuitry."

je ne sais quoi writes "Net Applications normally releases its statistics for browser and operating system usage share on the first of every month. This month, however, the data has not shown up — only a cryptic message stating they are reviewing the data for inexplicable statistical variations and that it will be available soon. Larry Dignan at ZDNet has a blog post that might explain what is happening: Statcounter has released some data that shows a precipitous drop in IE browser use in North America, to the benefit of Firefox, Safari, and Chrome. At the end of May, StatCounter shows IE usage share (for versions 6, 7, and 8 combined) at around 64%; at the beginning of June it is now about 56% — an astounding 8% drop in one month. We should keep in mind the difficulties in estimating browser usage share: this could very well be a change in how browsers report themselves, or some other statistical anomaly. So it will probably be healthy to remain skeptical until trend this is confirmed by other organizations. Have any of you seen drops in IE usage share for Web-sites you administer?"

I Don't Believe in Imaginary Property writes "The Chinese government has asked Google to disable Google Suggest because it has been suggesting that people search for pornography based on its analysis of the most popular search terms in China. This comes on the heels of a fake CCTV interview being used to support the government requirement that all new computers ship with the 'Green Dam' Internet censoring program, which is still in force, despite reports to the contrary." The story on the chinaSMACK site demonstrates that Chinese search engine Baidu features a comparable search-suggestion function, which similarly recommends adult-themed sites, but that the government has not attacked Baidu over the issue of porn.

eldavojohn writes "Groklaw brings us news of Microsoft holding the smoking gun in regards to the death of Linux on netbooks. You see, the question of Linux on netbooks in Taiwan was put forth to the Taiwan Trade Authority director, who replied, 'In our association we operate as a consortium, like the open source consortium. They want to promote open source and Linux. But if you begin from the PC you are afraid of Microsoft. They try to go to the smart phone or PDA to start again.' It's simple; fear will keep them in line. PJ points out, 'So next time you hear Microsoft bragging that people prefer their software to Linux on netbooks, you'll know better. If they really believed that, they'd let the market speak, on a level playing field. If I say my horse is faster than yours, and you says yours is faster, and we let our horses race around the track, that establishes the point. But if you shoot my horse, that leaves questions in the air. Is your horse really faster? If so, why shoot my horse?'"

evw writes "The Wall Street Journal reports that Steve Jobs had a liver transplant two months ago (subscription required, alternative coverage is available based on the WSJ's report). He is on track to return to work at the end of June. 'William Hawkins, a doctor specializing in pancreatic and gastrointestinal surgery at Washington University in St. Louis, Mo., said that the type of slow-growing pancreatic tumor Mr. Jobs had will commonly metastasize in another organ during a patient's lifetime, and that the organ is usually the liver. ... Having the procedure done in Tennessee makes sense because its list of patients waiting for transplants is shorter than in many other states.' There are no residency requirements for transplants."

theodp writes "What do you get when you combine IBM contributors with the Dojo Foundation? A patent for Real-Time Validation of Text Input Fields Using Regular Expression Evaluation During Text Entry, assuming the newly-disclosed Big Blue patent application passes muster with the USPTO. IBM explains that the invention of four IBMers addresses a 'persistent problem that plagues Web form fields' — e.g., 'a social security number can be entered with or without dashes.' A non-legalese description of IBM's patent-pending invention can be found in The Official Dojo Documentation. While IBM has formed a Strategic Partnership With the Dojo Foundation which may protect one from a patent infringement lawsuit over validating phone numbers, concerns have been voiced over an exception clause in IBM's open source pledge."

Vigile writes "News is circulating about Microsoft setting hardware limits for the Windows 7 Starter Edition rather than sticking to a 3-application limit. With just a few simple specifications, Microsoft has set the tech world spinning — not only is Microsoft deciding that a netbook is now defined as having a 10.2-in. or smaller screen, but by setting a 15-watt limit to CPU thermal dissipation they may have inadvertently set the direction of CPU technology for years to come. If Microsoft sticks to that licensing spec, then AMD, Intel, VIA, and maybe even NVIDIA (who might be building an x86 CPU) will no doubt put a new focus on power efficiency in order to cash in on the lucrative netbook market."

alimo20 writes "Researchers at the Royal Holloway, University of London have discovered a flaw in Version 4.7 of OpenSSH on Debian/GNU Linux. According to ISG lead professor Kenny Patterson, an attacker has a 2^{-18} (that is, one in 262,144) chance of success. Patterson tells that this is more significant than past discoveries because 'This is a design flaw in OpenSSH. The other vulnerabilities have been more about coding errors.' The vulnerability is possible by a man-in-the-middle intercepting blocks of encrypted material as it passes. The attacker then re-transmits the data back to the server and counts the number of bytes before the server to throws error messages and disconnects the attacker. Using this information, the attacker can work backwards to figure out the first 4 bytes of data before encryption. 'The attack relies on flaws in the RFC (Request for Comments) internet standards that define SSH, said Patterson. ... Patterson said that he did not believe this flaw had been exploited in the wild, and that to deduce a message of appreciable length could take days.'"

Hugh Pickens writes "Google encourages advertisers to purchase other companies' trademarks as targeted search terms, and they're expanding the practice into 190 countries. When Audrey Spangenberg typed the name of her small software company into Google and saw the ads of competitors that had paid Google to display their marketing messages whenever someone searched for FirePond, a registered trademark, she was furious. This week, her company filed a class-action suit against Google in federal court, saying that Google had infringed on her company's trademark, and challenged Google's policies on behalf of all trademark owners in the state. Legal experts said it was the first class-action suit against Google over the issue. Google's acceptance of such competitive uses of trademarks has irked many other companies, including the likes of American Airlines and Geico, who have filed suits against Google and settled them. Many brand owners say the practice abuses their brands, confuses customers and increases their cost of doing business. 'I know of several companies spending millions of dollars a year in payments to Google to make sure that their company is the very first sponsored link' on searches for their own names, said Terrence Ross, a partner at Gibson Dunn, who represented American Airlines in its suit against Google. 'It certainly smacks of a protection racket,'"

imamac writes "It seems Apple is seeking to beef up security by hiring Ivan Krstic, the one-time director of security architecture at One Laptop per Child. 'Krstic, a well-respected innovator who designed the Bitfrost security specification for the OLPC initiative, joined Cupertino this week and will work on core OS security. His hiring comes at a crucial time for a company that ties security to its marketing campaigns despite public knowledge that it's rather trivial to launch exploits against the Mac.'"

imamac writes "It seems Apple is seeking to beef up security by hiring Ivan Krstic, the one-time director of security architecture at One Laptop per Child. 'Krstic, a well-respected innovator who designed the Bitfrost security specification for the OLPC initiative, joined Cupertino this week and will work on core OS security. His hiring comes at a crucial time for a company that ties security to its marketing campaigns despite public knowledge that it's rather trivial to launch exploits against the Mac.'"

Glyn Moody writes "They might be, if a new European Commission consumer protection proposal, which suggests 'licensing should guarantee consumers the same basic rights as when they purchase a good: the right to get a product that works with fair commercial conditions,' becomes law. The idea of making Microsoft pay for the billions of dollars of damage caused by flaws in its products is certainly attractive, but where would this idea leave free software coders?"

Hugh Pickens writes "The Electronic Frontier Foundation has filed suit against Apple to defend the First Amendment rights of BluWiki, a noncommercial, public Internet 'wiki' site operated by OdioWorks. Last year, BluWiki users began a discussion about making some Apple iPods and iPhones interoperate with software other than Apple's iTunes. Apple lawyers demanded removal of the content (pdf) sending a letter to OdioWorks, alleging that the discussions constituted copyright infringement and a violation of the DMCA's prohibition on circumventing copy protection measures. Fearing legal action by Apple, OdioWorks took down the discussions from the BluWiki site but has now filed a lawsuit to vindicate its right to restore those discussions (pdf) and seeking a declaratory judgment that the discussions do not violate any of the DMCA's anti-circumvention provisions, and do not infringe any copyrights owned by Apple. 'I take the free speech rights of BluWiki users seriously,' said Sam Odio, owner of OdioWorks. 'Companies like Apple should not be able to censor online discussions by making baseless legal threats against services like BluWiki that host the discussions.'" Random BedHead Ed adds ZDNet quotes EFF's Fred von Lohmann, who says that this is an issue of censorship. 'Wikis and other community sites are home to many vibrant discussions among hobbyists and tinkerers. It's legal to engage in reverse engineering in order to create a competing product, it's legal to talk about reverse engineering, and it's legal for a public wiki to host those discussions.'"

Cludge writes "ZDNet has a story (and several related articles) about how Symantec has discovered evidence of an all-Mac based botnet that is actively involved in a DOS attack. Apparently, security on the exploited Macs (call them iBots?) was compromised when unwary users bit-torrented pirated copies of iWork 09 and Photoshop CS4 that contained malware. From the article: 'They describe this as the "first real attempt to create a Mac botnet" and note that the zombie Macs are already being used for nefarious purposes.'"

Richard Koman writes "Warner Music Group is apparently blocking everything YouTube ContentID comes up with as potential infringement. We knew that, but this piece by Jason Perlow shows that they're also spewing out DMCA takedown notices for some pretty clearly fair-use stuff. In my interview with EFF's Fred von Lohmann he talks about how, as bad as the DMCA process is — and it's pretty firmly against fair-use — YouTube's process gives remixers and digital creators even fewer options to assert their right to speak through the fair use of copyright material. While EFF is negotiating with Google and the studios, he suggests that users boycott YouTube if they won't stand up for fair use."

Richard Koman writes "Warner Music Group is apparently blocking everything YouTube ContentID comes up with as potential infringement. We knew that, but this piece by Jason Perlow shows that they're also spewing out DMCA takedown notices for some pretty clearly fair-use stuff. In my interview with EFF's Fred von Lohmann he talks about how, as bad as the DMCA process is — and it's pretty firmly against fair-use — YouTube's process gives remixers and digital creators even fewer options to assert their right to speak through the fair use of copyright material. While EFF is negotiating with Google and the studios, he suggests that users boycott YouTube if they won't stand up for fair use."

Richard Koman writes "Warner Music Group is apparently blocking everything YouTube ContentID comes up with as potential infringement. We knew that, but this piece by Jason Perlow shows that they're also spewing out DMCA takedown notices for some pretty clearly fair-use stuff. In my interview with EFF's Fred von Lohmann he talks about how, as bad as the DMCA process is — and it's pretty firmly against fair-use — YouTube's process gives remixers and digital creators even fewer options to assert their right to speak through the fair use of copyright material. While EFF is negotiating with Google and the studios, he suggests that users boycott YouTube if they won't stand up for fair use."

christian.einfeldt writes "This week, Major League Baseball will open without Microsoft's Silverlight at the plate, according to Bob Bowman, CEO of Major League Baseball Advanced Media, which handles much of the back-end operations for MLB and several other leagues and sporting events. The change was decided on last year but was set to be rolled out this spring. Among the causes of MLB's disillusionment with Silverlight were technical glitches users experienced, including needing administrator privileges to install the plugin (often impossible in workplaces). Baseball's opening day last year was plagued by Silverlight instability, with many users unable to log on and others unable to watch games. Adobe Flash already exists on 99% of user machines, said Bowman, and Adobe is 'committed to the customer experience in video with the Flash Player.' MLBAM's decision to dump Silverlight is particularly problematic for Microsoft's effort to compete with Adobe, due to the fact that MLBAM handles much of the back-end operations for CBS' Webcasts of the NCAA Basketball Tournament and this year will do the encoding for the 2009 Masters golf tournament."

Death Metal writes "Chief Security Engineer Andrea Barisani and hardware hacker Daniele Bianco used handmade laser microphone device and a photo diode to measure the vibrations, software for analyzing the spectrograms of frequencies from different keystrokes, as well as technology to apply the data to a dictionary to try to guess the words. They used a technique called dynamic time warping that's typically used for speech recognition applications, to measure the similarity of signals. Line-of-sight on the laptop is needed, but it works through a glass window, they said. Using an infrared laser would prevent a victim from knowing they were being spied on." (This is the same team that was able to pick up the electromagnetic signals emitted by PS/2 keyboards.)

CWmike writes "Although three of the four browsers that were targets in the PWN2OWN hacking contest quickly fell to a pair of researchers, none of the smartphones were successfully exploited. TippingPoint had offered $10,000 for each exploit on any of the phones, which included the iPhone and the BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems. 'With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work,' said TippingPoint's Terri Forslof. 'Take, for example, [Charlie] Miller's Safari exploit,' referring to Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year. 'People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?' she said. 'The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone.'" Chrome was the only browser at the contest that was not successfully exploited. We previously discussed day one of the contest, and a summary of day two is available as well.

suraj.sun writes "A pair of Argentinian researchers have found a way to perform a BIOS level malware attack capable of surviving even a hard-disk wipe. Alfredo Ortega and Anibal Sacco from Core Security Technologies — used the stage at last week's CanSecWest conference to demonstrate methods (PDF) for infecting the BIOS with persistent code that will survive reboots and re-flashing attempts. The technique includes patching the BIOS with a small bit of code that gave them complete control of the machine. The demo ran smoothly on a Windows machine, a PC running OpenBSD and another running VMware Player."

An anonymous reader notes that a legislator in Texas has introduced a bill to require open document formats in all state government business. The bill is carefully worded such that only ODF could pass its test as "open." The story is covered by the Fort Worth Star Telegram, which is careful to be even-handed, giving Microsoft's spokesman equal time. A ZDNet blogger notes that the bill, introduced by a Democrat in a state whose politics is dominated by Republicans, faces chances that "...fall somewhere east of slim and west of none."

snydeq writes "For the past several months, Microsoft has engaged in an extended public mea culpa about Vista, holding a series of press interviews to explain how the company's Vista mistakes changed the development process of Windows 7. Chief among these changes was the determination to 'define a feature set early on' and only share that feature set with partners and customers when the company is confident they will be incorporated into the final OS. And to solve PC-compatibility issues, Microsoft has said all versions of Windows 7 will run even on low-cost netbooks. Moreover, Microsoft reiterated that the beta of Windows 7 that is now available is already feature-complete, although its final release to business customers isn't expected until November." As a data point for how well this has all worked out in practice, reader The other A.N.Other recommends a ZDNet article describing rough benchmarks for three versions of Windows 7 against Vista and XP. In particular, Win-7 build 7048 (64-bit) vs. Win-7 build 7000 (32-bit and 64-bit) vs. Vista SP1 vs. XP SP3 were tested on both high-end and low-end hardware. The conclusions: Windows 7 is, overall, faster than both Vista and XP. As Windows 7 progresses, it's getting faster (or at least the 64-bit editions are). On a higher-spec system, 64-bit is best. On a lower-spec system, 32-bit is best.

palmsolo writes "The Amazon Kindle 2 just started shipping last week, but Amazon surprised everyone late on March 3rd by placing the Amazon Kindle software for the iPhone in the Apple App Store. With the Whispersync technology you can now keep your Kindle and iPhone ebooks in sync and read everywhere you go. Readers on the iPhone also now get access to over 200,000 ebook titles on the Amazon Kindle storefront. Check out the hands-on image gallery and video of the Amazon Kindle software on the iPhone and Kindle 2."