Search
London Lawyers Demand £600 For One Game - Via Slashdot: Your Rights Online:
Barence writes "A PC Pro reader has received a demand for a £600 out-of-court settlement from lawyers claiming to have forensic evidence that he illegally downloaded a PC game on BitTorrent. The law firm, Davenport Lyons, is acting on the behalf of German games distributor Zuxxez, creator of the game in question, Two Worlds. The PC Pro reader was given no prior warning to stop file sharing, unlike the usual 'three strikes and you're out' approach adopted by the music industry. The reader says, 'To add insult to injury it [Davenport Lyons] didn't pay enough postage on the letter and I had to collect it from the sorting office at a cost of £1.30. This also used up most of the two weeks that it allowed for a response.'"
Diebold Admits ATMs Are More Robust Than Voting Machines - Via Slashdot:
An anonymous reader points out a story in the Huffington Post about the status of funding for election voting systems. It contains an interesting section in which Chris Riggall, a spokesman for Premier (formerly Diebold) acknowledged that less money is spent making an electronic voting machine than on a typical ATM. The ironically named Riggall also notes that security could indeed be improved, but at a higher price than most election administrators would care to pay. Also quoted in the article is Ed Felten, who has recently found some inconsistencies in New Jersey voting machines. From the Post: read more »
Do You Own Your Software? WoW Glider Case Not Just About Getting to Level 70. - Via EFF: Deep Links:
Unbeknownst to most software users, a lawsuit now at a critical stage could drastically expand the ability of software vendors to restrict how their customers can use their software.
Blizzard Entertainment, the company that makes the hugely popular massive multi-player online role-playing game World of Warcraft, sued Michael Donnelly, the developer of Glider, a program that helps WoW users raise their character level to 70 by “playing” for the user while the user goes to get a cup of coffee, read the paper, etc. The WoW licensing agreement ostensibly forbids using programs like Glider. Blizzard says that Donnelly illegally interfered with that agreement by selling Glider and, therefore, encouraging users to breach the license agreement by using the program. read more »
Firefox Infects Vietnamese Users With Trojan Code - Via Threat Level:
Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code, the organization reported Wednesday.
Starting in mid-Feburary, Vietnamese users of Mozilla's open source Firefox browser were at risk of infection from malicious Trojan Horse code seemingly accidentally embedded in a language pack available on its Add-ons site.
The virus's signature was unknown at the time, and thus passed Mozilla's testing of add-ons. read more »
The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like national CERTs offer services for their respective countries.
The service aims to help both large infrastructures, like major distributions, and smaller projects that can't afford a full-blown security team and/or security resources. This means aiding coordination between distributions and small project contacts. The goal is to reduce the impact of compromises on small projects with little or no infrastructure security, avoiding the ripple effect of badly communicated or handled compromises, which can currently result in distributions shipping code which has been tampered with.
oCERT also provides security vulnerability mediation for the security community, having reliable security contacts between registered projects and reporters that need to get in touch with a specific project regarding infrastructure security issues.
Last but not least oCERT provides aid with security vulnerability research and assessment.
Google backs open-source CERT group - Via Network World :
Google has thrown its weight behind a fledgling security reporting group for the open-source community.
The search engine giant, long a proponent of open-source software, is now one of three sponsors of oCERT, the Open Source Computer Emergency Response Team.
Launched in late March, oCERT aims to be a clearinghouse for data on security vulnerabilities in open-source products, keeping open-source distributors on top of flaws and helping small software projects ensure that users of their code are aware of any issues. read more »
Google Backs Open-Source CERT Group - Via Slashdot :
alphadogg points to a Network World story, excerpting
"Google has thrown its weight behind a fledgling security reporting group for the open-source community. The search engine giant, long a proponent of open-source software, is now one of three sponsors of oCERT, the Open Source Computer Emergency Response Team. Launched in late March, oCERT aims to be a clearinghouse for data on security vulnerabilities in open-source products.
(Read Original Article - Via Slashdot.)
NZ cops get 'COFEE' to capture PC evidence - New Zealand's source for technology news on - Via Stuff.co.nz :
New Zealand police have been given a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.
The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a prototype of a USB "thumb drive" that Microsoft has quietly distributed to a few law-enforcement agencies around the world.
A spokesman at police national headquarters said today: "Police have been issued with the COFEE tool by Microsoft and the E-Crime Lab's digital forensic analysts have been trained in the use of it".
New Zealand police had an excellent relationship with the software company, which had provided specialist training to digital forensic analysts and investigators, he said. read more »
The Freenet Project - Freenet 0.7.0 release candidate 2 now available:
24th Apr, 2008 - Freenet 0.7.0 release candidate 2 now available
Freenet version 0.7 Release Candidate 2 is now available for public testing. Release Candidate 2 features many bugfixes and a number of usability improvements.
Freenet is a global peer-to-peer network designed to allow users to publish and consume information without fear of censorship. To use it, you must download the Freenet software, available for Windows, Mac, Linux and other operating systems. Once you install and run Freenet, your computer will join a global, decentralized P2P network. You will be able to publish and consume information anonymously, either through your web browser, or through a variety of third party applications. read more »
Slashdot | Freenet Releases 0.7.0rc2 - Via Tech at Slashdot:
evanbd writes
"The Freenet Project has announced Freenet 0.7.0rc2. From the announcement: 'Freenet is a global peer-to-peer network designed to allow users to publish and consume information without fear of censorship. Freenet 0.7 is a ground-up rewrite of Freenet. The key user-facing feature in Freenet 0.7 is the ability to operate Freenet in a "darknet" mode, where your Freenet node will only talk to other Freenet users that you trust. This makes it much more difficult for an adversary to discover that you are using Freenet, let alone what you are doing with it. 0.7 also includes significant improvements to both security and performance.' Of course, for those of us who don't know anyone else running Freenet, or simply prefer it, there's also a non-darknet mode available."
(Read Original Article - Via Tech at Slashdot.)
Digital Deception - Via washingtonpost.com - Technology:
With a test, Web sites let people in and keep out computers set to unleash spam attacks. Now, computers are cracking the code.
Are you a human or a computer?
Over the Internet, it's getting harder and harder to tell.
Some of the common tests used by Web sites to distinguish between legitimate flesh-and-blood visitors and malicious human-mimicking computers recently appear to have been outwitted.
Last month, the human verification tests, which typically require users to identify deformed letters set against a cluttered backdrop, were broken by a computer. The computer then repeatedly created free Hotmail e-mail accounts and sent spam from them, according to Websense, the security firm that detected the hacking. read more »
Workshop: Activism and Education Using Social Networks - Via CFP: Technology Policy '08:
As well as providing ways to stay in touch with friends and make new connections, social networking technologies are increasingly important for activism and education. This interactive workshop will look at social networks and other innovative avenues such as blogs, wikis, mashups, and virtual worlds - as well as the role of more traditional online communication mechanisms like email and discussion forums. It will cover these technologies and their larger implications; techniques for engaging others while dealing with challenges such as trolling, flaming, and privacy invasion; and a nuts-and-bolts introduction to utilizing these tools.
The Computers, Freedom, and Privacy Workshop on Activism and Education Using Social Networks will run in parallel with the concurrent sessions on Thursday, May 22. To accommodate those will be attending -- or presenting at! -- other sessions for different parts of the day, we're organizing the bulk of the workshop as a series of independent modules, covering different skills, and best practices for educators and activists. We'll also cover success stories, brainstorm challenges faced by attendees, and construct groups for CFP attendees to stay in touch as well as profiles and groups for several organizations attending. read more »
Kraken Infiltration Revives "Friendly Worm" Debate - Via Slashdot:
Anonymous Stallion writes "Two security researchers from TippingPoint (sponsor of the recent CanSecWest hacking contest) were able to infiltrate the Kraken botnet, which surpasses its predecessors in size. The researchers have published a pair of blog entries: Owning Kraken Zombies and Kraken Botnet Infiltration. They dissect the botnet and go so far as to suggest that they could cleanse it by sending an update to infected hosts. However, they stopped short of doing so. This raises the old moral dilemma about a hypothetical 'friendly worm' that issues software fixes (except that the researchers' vector is a server that can be turned off, not an autonomous worm that can't be recalled once released). What do you think — is it better to allow the botnet to continue unabated, or perhaps to risk crashing a computer controlling a heart monitor somewhere?"
(Read Original Article - Via Slashdot.)
Microsoft Gives Backdoor to Law Enforcement -- Well, Not Really - Via Threat Level:
Admit it. You always thought Microsoft had put a backdoor into its operating system to allow law enforcement agents to worm their way into your computer.
Now the proof is here. At least that's how some readers are interpreting a story out yesterday about a forensic tool that Microsoft is providing crime-stoppers to help them extract evidence from computers seized at crime scenes.
The Computer Online Forensic Evidence Extractor, or COFEE, is a USB memory stick that was "quietly distributed" to a handful of law-enforcement agencies last June, according to Seattle Times tech reporter Benjamin Romano. Romano says the portable device can "decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer." read more »
Trojan Horses Still Kicking After All These Years - Via Wired News: Security Blanket:
About 3,000 years ago Thursday, some Greeks left the people of Troy a wooden horse at the walled city’s front gate -- a free gift, no cost, no obligation from would-be invaders who wanted their adversaries to think they had left in peace.
Accepting the Trojan horse at face value turned out to be a big mistake.
Some things never change. In the 21st century Trojan horses are made of electronic "1s" and "0s" but are still left for you in all innocence and in plain sight: your e-mail inbox, in IMs and on a web page. But the intent, and the outcome, is pretty much the same: to pillage and steal. read more »
Automatic Patch-Based Exploit Generation - Via cs.cmu.edu:
by David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng
Abstract
The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P', automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P'. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for vulnerable programs based upon patches provided via Windows Update. read more »
Windows Update Can Hurt Security - Via Slashdot >:
An anonymous reader writes
"Researchers at Carnegie Mellon University have shown that given a buggy program with an unknown vulnerability, and a patch, it is possible automatically to create an exploit for unpatched systems. They demonstrate this by showing automatic patch-based exploit generation for several Windows vulnerabilities and patches can be achieved within a few minutes of when a patch is first released. From the article: 'One important security implication is that current patch distribution schemes which stagger patch distribution over long time periods, such as Windows Update... can detract from overall security, and should be redesigned.' The full paper is available as PDF, and will appear at the IEEE Security and Privacy Symposium in May."
(Read Original Article - Via Slashdot.)
ISPs Say P4P Negates Need for Net Neutrality Regs - Via Slashdot:
Donut hole hole writes "AT&T and Comcast are using recent successful P2P trials to argue to the FCC that there's no need for strong traffic management or net neutrality rules. 'Comcast's statement, filed with the FCC on April 9th, hails an announcement by P2P developer Pando Networks that its experiments with P4P technology on a wide variety of U.S. broadband networks have boosted delivery speeds by up to 235 percent. This news, Comcast vice president Kathryn A. Zachem wrote to the Commission, "provides further proof that policymakers have been right to rely on marketplace forces, rather than government regulation, to govern the evolution of Internet services."' Looks like Comcast only likes P2P technology when it can be used to serve its political and regulatory agenda."
(Read Original Article - Via Slashdot.)
Delicious
Digg
Reddit
Google
Yahoo
Technorati