Wed, 07 Jan 2009 01:15:34 +0000 http://challenge.hitb.org/ Hack In The Box Backend en-us http://challenge.hitb.org/images/hitb.gif http://challenge.hitb.org/ dhillon.kannabhiran@hackinthebox.org http://challenge.hitb.org/index.php?name=News&file=article&sid=29425 The oversize white envelope bore the blue logo of the Department of Homeland Security. Inside, I found 20 photocopies of the government's records on my international travels. Every overseas trip I've taken since 2001 was noted. I had requested the files after I had heard that the government tracks "passenger activity." Starting in the mid-1990s, many airlines handed over passenger records. Since 2002, the government has mandated that the commercial airlines deliver this information routinely and electronically. A passenger record typically includes the name of the person traveling, the name of the person who submitted the information while arranging the trip, and details about how the ticket was bought, according to documents published by the Department of Homeland Security. Records are made for citizens and non-citizens who cross our borders. An agent from U.S. Customs and Border Protection can generate a travel history for any traveler with a few keystrokes on a computer. Officials use the information to prevent terrorism, acts of organized crime, and other illegal activity. I had been curious about what's in my travel dossier, so I made a Freedom of Information Act (FOIA) request for a copy. I'm posting here a few sample pages of what officials sent me. Wed, 07 Jan 2009 01:15:34 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29424 A security researcher has discovered fake profiles for celebrities on LinkedIn that have links to malicious code, according to a blog posting on Trend Micro's site. The celebrity profiles that are not to be trusted include ones created using the names: Beyonce Knowles, Victoria Beckham, Christina Ricci, Kirsten Dunst, Salma Hayek, and Kate Hudson. They were uncovered by Trend Micro Advanced Threats Researcher Ivan Macalintal. In its blog posting late on Monday, Trend Micro said it was continuing its investigation. The links on the professional networking site attempt to lure viewers by purporting to be nude shots of the celebrities. McAfee's Avert Labs Blog has more details and screenshots. Wed, 07 Jan 2009 01:06:28 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29423 Just in time for Macworld, those ridiculously talented Estonian engineers have come out with the latest version of everyone's favorite Internet phone and video calling software the Skype 2.8 beta. Among other extras, this new version includes two all-new features: The first lets you use your Skype credit to pay for Boingo Wi-Fi hotspots on a minute-by-minute basis. So, forget having to fork over $10 just to send a quick message off to your loved one or business partner. Now you can do it for actual small change--just US$0.19/minute. You can also now do screen sharing with other Skype users. Of course, iChat has had this feature for awhile now, but iChat can't do cross-platform screen sharing so you can help out your Windows/Linux friends. There are some limitations at the moment, though: for example, while you can share your screen with your buddies on Windows and Linux, you can't yet see their screens. But really: who wants to look at a Windows or Linux screen when you've got your Mac in front of you? Wed, 07 Jan 2009 01:05:45 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29422 Still think that today's computer viruses and other malware come from some maladjusted teen out to vandalize your PC to make a name for himself? Think again. The persistent myth is a holdover from days long gone, and it's important to dispel it if you want to know what you're up against - and how to protect yourself. The splashy worms and malicious viruses that clogged entire networks and indiscriminately wiped hard drives are essentially gone. Today, it's all about cash - and lots of it. If there's a way to use evil software to make money, whether it means taking over a PC to send pharmacy-advertising spam, or stealing financial logins and credit card info, or even hacking game accounts, it's out there in some form. There's even a thriving online black market that sells everything from software kits to roll-your-own malware to spam services using infected PCs to reams and reams of credit card data stolen by keylogger malware. Wed, 07 Jan 2009 01:05:01 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29421 Apple on Tuesday said every song in its iTunes library will be available without anti-piracy software by April. The announcement came at a Macworld Expo keynote presentation at which Apple marketing vice president Phil Schiller unveiled a new top-end MacBook Pro laptop computer model and snazzy upgrades to Macintosh computer software. "We worked with all major music companies and, starting today, iTunes will offer eight million songs DRM free and by the end of this quarter all 10 million will be DRM free," Schiller said. "All songs will be DRM free in iTunes at iTunes Plus." Recording studios have long insisted on digital rights management (DRM) software that prevents music from being copied. Wed, 07 Jan 2009 01:04:29 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29420 The most power-hungry flat screen LCD and plasma TVs could effectively be banned across California from 2011 under new regulations proposed yesterday. The California Energy Commission, which manages the state's energy policy, said it was working on new standards for TV sets designed to cut energy consumption across the state by the equivalent of the energy use of 86,400 homes. The commission is likely to target the most power-hungry widescreen plasma sets, which can consume up to three times more energy than traditional cathode ray machines. It said that a second wave of more demanding standards would then be introduced from 2013, which could target Liquid Crystal Display (LCD) TVs that use 43 per cent more electricity than traditional models. Wed, 07 Jan 2009 01:02:54 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29419 Leading Chinese Internet portals said Tuesday they would do what they could to stamp out pornography in line with a new government crackdown, but said it would be hard to carry out in practice. The nature of the Internet makes it difficult to stop obscene material from showing up in their search engine results, they said, a day after officials threatened to close down sites that failed to wipe out online vice. "We cannot block this material automatically," said Li Mei, an official at the popular Internet portal Sohu. "It's actually quite difficult to immediately spot and delete anything that is vulgar or pornographic when netizens post them, but we will definitely step up our efforts," she told AFP. Wed, 07 Jan 2009 01:02:11 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29418 Motorola Inc unveiled a cell phone made of recycled water bottles on Tuesday, hoping to cash in on the trend for environmentally friendly products. The company, which dropped to No. 4 in the global handset market in the most recently reported quarter due to a weak product line-up, said the W233 Renew eco-friendly phone would be sold by Deutsche Telekom's T-Mobile USA in the current quarter. It did not disclose pricing for the phone, which will be showcased at this week's Consumer Electronics Show (CES) in Las Vegas. Motorola said it was the world's first carbon neutral phone. As well as using recycled materials for the plastic casing, the company also pledged to offset the carbon dioxide used in manufacturing, distribution and operation of the phone through investments in renewable energy sources and reforestation. Wed, 07 Jan 2009 01:01:35 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29417 Exposing the dark side of cloud computing, Salesforce.com suffered an outage that locked more than 900,000 subscribers out of crucial applications and data needed to transact business with customers. Salesforce, the 800-pound gorilla in the software-as-a-service jungle, was unreachable for the better part of an hour, beginning around noon California time. Customers who tried to access their accounts alternately were unable to reach the site at all or received an error message when trying to log in. Even the company's highly touted public health dashboard was also out of commission. That prompted a flurry of tweets on Twitter from customers wondering if they were the only ones unable to reach the site. Wed, 07 Jan 2009 01:00:54 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29416 It’s not much of a secret at this point, but CEO Steve Ballmer is expected to announce official availability of the closed Windows 7 Beta 1 release during his Consumer Electronics Show keynote address on January 7. The official (non-Torrented) Beta 1 bits should be available to pre-approved Windows 7 Beta 1 testers later Wednesday night or early on January 8. Ditto with Windows 7 Server, a k a Windows Server 2008 R2. The private Beta 1 release of that product is scheduled for late January 7/early January 8, I’m hearing. I’ve gotten a number of questions from readers this year already about the expected public betas of these products. I’ve made some discreet inquiries. The public (the one and only) beta of Windows 7 client and server could be released simultaneously with the private Beta 1 builds this week, according to some of my sources. What’s the point of a simultaneous public and private beta? The private testers’ feedback will get top priority; the public beta will be more of a milestone marker than anything else. Wed, 07 Jan 2009 00:56:12 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29415 A year ago when I wrote that former Microsoft manager — and current VMware CEO – Paul Maritz was getting the old band back together, I had no idea how many members would end up reuniting. Maritz is now CEO of VMware. Another former Softie, Charles Fitzgerald, is now Vice President of Product Management with Decho, a startup that encompasses Maritz’s former Pi Corp. And on January 6, VMware announced yet another former member of the old Microsoft gang — Tod Neilsen — is now Chief Operating Officer with VMware. Nielsen’s been around. Most recently he was President and CEO of Borland Software. Before that, he did stints with Oracle and BEA Systems. (BEA bought his company Crossgain — a company which put him in Microsoft’s non-compete crosshairs for a bit.) At Microsoft, where he worked for 12 years, Neilsen held a number of positions, including, according to the VMWare press release, general manager of database and developer tools, vice president of developer tools, and, vice president of Microsoft’s platform group. Wed, 07 Jan 2009 00:54:35 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29414 Sanyo Electric Co. plans to cut up to 1,000 jobs in the lead up to its purchase by Panasonic. Panasonic stated last month it would acquire Sanyo Electric for up to $9 billion. The Nikkei Newspaper Daily reports that out of 20,000 regular employees in Japan, Sanyo is planning to cut 500 individuals primarily from the semiconductor division. Several hundred people from the semiconductor division will be cut under an early retirement program. Total layoffs including temporary workers, is expected to reach about 1,000 people. Sanyo Electric has seven semiconductor plants overseas in countries such as China, Vietnam, and the Philippines. The company plans to reduce the number to two. A company spokeswoman vaguely stated changes are coming but did not elaborate with specific details, "As we have announced with Panasonic, we must pursue structural reform. But at this point in time, no firm decision has been made." Wed, 07 Jan 2009 00:54:06 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29413 Comcast says that, as of December 31, it has turned over a new leaf, network management practices-wise. The new-and-hopefully-improved "protocol agnostic" system the company unveiled to the Federal Communications Commission in September is now in effect. "We have deployed the new technique throughout our network and turned off the P2P-specific technique everywhere in the network," Comcast spokesperson Sena Fitzmaurice told Ars. The company informed the FCC of the changes in a statement filed on Monday. "Comcast will continue to refine and optimize these congestion management practices to deliver the best possible broadband experience for our customers," company Vice President for Regulatory Affairs Kathryn A. Zachem promised the Commission. The announcement also discloses updated acceptable use rules for Comcast customers. Wed, 07 Jan 2009 00:53:25 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29412 A vulnerability in a widespread digital certificate technology has lit a fire under major Internet stakeholders, prompting moves by Microsoft, the Mozilla Foundation and others to prevent attackers from using the hack to endanger secure Web sites. Researchers yesterday announced they had found a flaw in MD5, or Message-Digest algorithm 5, a cryptographic technique used in a variety of security applications, including secure Web site certificates. Digital certificate vouch for the safety of numerous types of secure online communications, like e-commerce transactions. In response, Microsoft and Mozilla each said they are working with affected certification authorities, or CAs, to ensure they update their issuing processes to prevent this threat from harming users of the Internet Explorer and Firefox browsers. CAs act as trusted third parties to issue online certificates guaranteeing that the certificate's owner, an e-commerce site, for example, is who it claims to be. Wed, 07 Jan 2009 00:46:43 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29411 You may never have heard of Daemon author Leinad Zeraus, but get ready to hear a lot about Daemon author Daniel Suarez. A computer systems consultant and fan of computer games, Suarez self-published his debut techno thriller in 2006 using a pseudonym he created by reversing the spellings of his first and last names. Thanks to Daemon's growing underground popularity with techies and bloggers, followed by an April 2008 Wired magazine article about Daemon's snowballing fan base, Suarez got a two-book contract with a major New York publishing house. Dutton will publish Daemon on Thursday. Wed, 07 Jan 2009 00:44:53 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29410 Piergiorgio Zambrini, aka Zibri, the creator of popular ZiPhone jailbreak/unlock hack for the iPhone (whom iPhone World got to interview a while ago), has decided to call it quits. In a message posted on his website Zibri states that due to a recent addition to his family he will no longer maintain ZiPhone. And to prove that he is serious, he is even selling the ziphone.org domain that served as official website for ZiPhone for a long time. Wed, 07 Jan 2009 00:44:10 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29409 A security software firm has warned against downloading the pirated copies of the Windows 7 beta which are available through torrent sites. It says there’s a serious risk of copies being infected with malware. Fortify’s Rob Rachwald (pictured) says “The problem with this version is that there’s absolutely no way of authenticating that the early build hasn’t been tampered with by a hacker. They may have coded all sorts of malware into the 2.44 gigabytes file.” The firm also points out that it’s particularly difficult to check a pirated operating system for viruses when it isn’t yet on the market. It’s not the same as downloading a program and running it in XP or Vista. By definition there’s no guarantee that your usual virus scanner will actually work when you come to run the pirated Windows 7. And if anyone has tampered with this copy of the operating system, chances are they’ve also disabled the security measures built into Windows itself. Wed, 07 Jan 2009 00:43:25 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29408 Some nasty pranksters, likely associated with Web forum 4Chan, have hacked into Apple gossip mainstay MacRumors' live-blog coverage of Tuesday's Macworld keynote. Hosted on a separate domain, MacRumorsLive.com, the site was plagued by offensive messages about Apple CEO Steve Jobs' health and general inanity (i.e. "SEX ME") before finally succumbing to "technical difficulties." It remains uncertain whether the pranksters actually brought down the site, or whether MacRumors voluntarily took it down to keep things under control. It's pretty clear, however, that this was the work of 4Chan, which has gained both respect and notoriety (depending on who you ask) over the past year for its persistent protests against the controversial Scientology sect in the form of an offshoot group called "Anonymous." Over on 4Chan's labyrinthine forums, a couple of threads (warning: contains explicit language) hint at members' collusion to take down MacRumors Live, and the hacked live blog was peppered with declarations of "4CHAN FTW" (that's "for the win," for those who stepped in late). Wed, 07 Jan 2009 00:41:41 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29407 Hackers hijacked the Twitter accounts of more than 30 celebrities and organizations, including President-elect Barack Obama, Britney Spears and Fox News, early on Monday, the company confirmed today. "This morning we discovered 33 Twitter accounts had been 'hacked,' including prominent Twitter-ers like Rick Sanchez and Barack Obama," Twitter co-founder Biz Stone said in post to the company blog. "We immediately locked down the accounts and investigated the issue. Rick, Barack and others are now back in control of their accounts." Earlier in the day, the hacked accounts had been used to send malicious messages, many of them offensive. CNN correspondent Rick Sanchez's account, for example, tweeted a message claiming that "i am high on crack right now might not be coming to work today," while Fox News' Twitter update reported "Breaking: Bill O Riley [sic] is gay," referring to the network's conservative talk show host. Wed, 07 Jan 2009 00:39:24 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29406 Apple Vice President Philip Schiller took the stage here Tuesday for the keynote address at the Macworld Conference & Expo to unveil software upgrades, introduce an ultralight notebook and announce iTunes pricing changes. The company's iLife '09 will include a feature called Faces that finds and organizes a gallery of a user's friends in his or her photos, thanks to face-recognition software, Schiller said. A feature called Places will organize pictures around where they were taken, he added. This would be accomplished through an interactive world map with GPS geotagging that will pinpoint the location of every photo users take, as long as they have a GPS chip in their camera or iPhone. Wed, 07 Jan 2009 00:38:31 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29405 Chinese computer manufacturer, Lenovo is planning to cut 200 jobs at the company's headquarters in Beijing, Reuters reports. Lenovo is only one of the growing number of companies slashing their work force due to the poor economic state. Lenovo plans to announce restructuring changes on January 8, 2009, which it hopes will get it out of debt, since acquiring IBM's PC unit back in 2005 for $1.25 Billion. Recently, IBM has been moving back from the Lenovo series after it had a number of sell-offs over the past year, where customers are not adopting the brand as expected in North America. IBM, which currently still has shares in Lenovo, has a sales agreement to continue selling desktops and laptops until 2010, where both companies could see a departure if sales continue to decline. Mon, 05 Jan 2009 01:14:35 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29404 The economy is in trouble -- everywhere. Even outsourced providers are nervous. Already under stress, IT staffers see their jobs getting more and more difficult as they must do more with less, all while wondering if they'll keep their jobs at all. That's why you need a plan for your tech career. The worst thing you can do is give up or panic. Although tech jobs are under increasing pressure, the reality is that the technology jobs market overall is still doing better than the market for other types of jobs. That doesn't mean you're immune from layoffs, stagnant salaries, or increasing workloads, but it does mean you have more options than many other workers -- if you're willing to be flexible. Mon, 05 Jan 2009 01:13:30 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29403 The statutory auditor for Satyam Computer Services, PricewaterhouseCoopers (PwC), may review its “continuance” with the troubled software firm. The company’s image has been tarnished after its scuppered bid to buy two firms linked to its promoter B Ramalinga Raju. “We do re-visit the process acceptance and continuance, whenever there are any major developments. We have been statutory auditors for the company for at least six years now. But we need to assess whether our judgement (on the company) continues to hold good. A re-evaluation is in sync with international norms on auditing,” said a source privy to the developments at PwC, who wished not to be named. However, when contacted PwC’s spokesperson said: “As auditors, we are not allowed to comment on audit clients due to client confidentiality.” The source quoted earlier did not categorically say that the relationship would be reviewed, but said such a review was a possibility given what had happened. Mon, 05 Jan 2009 01:12:53 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29402 ONLINE encyclopedia Wikipedia said last week that it had attained its fundraising goal of $US6 million, enough to cover operating expenses for the current fiscal year. Wikipedia founder Jimmy Wales said more than 125,000 people had donated a total of $US4 million since he made an appeal for funds on July 1. "In addition, we've received major gifts and foundation support totalling $US2 million," Mr Wales said in a thank you letter on the website of his non-profit Wikimedia Foundation. "This combined revenue will cover our operating expenses for the current fiscal year, ending June 30, 2009." Mr Wales said the money would pay for "day-to-day operations: servers, hosting, bandwidth, our staff of just 23 people" and "continued development and improvements of open source software that powers all Wikimedia projects." Mon, 05 Jan 2009 01:12:13 +0000 http://challenge.hitb.org/index.php?name=News&file=article&sid=29401 Eleven counterfeiters have been given jail sentences of between one and a half and six and a half years by a Chinese court after being found guilty of producing fake Microsoft software. The "ringleaders of the world's largest software-counterfeiting syndicate", as Microsoft described them in a statement last week, were sentenced on New Year's Eve. According to Microsoft, theirs were the longest sentences given for this type of crime in China's history. The syndicate was charged with making and distributing more than US$2 billion worth of fake Microsoft software, which had ended up all over the world. Nineteen Microsoft products were counterfeited, in 11 languages. A Microsoft spokesperson told ZDNet.com.au sister site ZDNet UK on Friday that the products had included Windows Vista and XP, as well as Office 2007 and 2003, and Windows Server. Mon, 05 Jan 2009 01:10:09 +0000