Contents

211 Articles
20 Comments

Search

18 years Ago

Stop using IE Redux

Published by marco on

Slashdot is reporting a newly discovered security hole in Internet Explorer in Another Gaping Microsoft Security Hole Goes Unpatched.

Basically, it’s possible to create a link that will cause explorer to issue a download dialog asking whether you want to save the file or open it. The link would claim that the file was a text file or a PDF file, for example, leading you to possibly click to open it. However, once you tell IE to open it, it uses a different set of standards that would notice... [More]

FBI’s Magic Lantern

Published by marco on

This news is somewhat old, but several people I’ve talked to recently had never heard of it, so I’ve collected the unfolding(ed) story. On November 20, 2001, MSNBC reported that FBI software cracks encryption wall. The title is misleading, since the FBI hasn’t cracked any encryption schemes. The article deals with the ‘Magic Lantern’, which is the FBI’s cutesy name for a computer virus they wrote that installs key-logging software onto a suspect’s computer.

Key-logging software runs in the... [More]

Stop Using IE

Published by marco on

There are two announcements from the last couple of days that nicely dovetail. The first is form Microsoft:

Microsoft has admitted (though not very publicly) that IE has another easily-exploitable hole in its cookie security that allows:

<q>A malicious web site with a malformed URL could read the contents of a user’s cookie which might contain personal information. In addition, it is possible to alter the contents of the cookie. This URL could be hosted on a web page or contained in an HTML... [More]

MS Passport holes

Published by marco on

Wired reports that there’s a relatively gaping hole in the Microsoft’s Passport service. This service holds all of a user’s personal information and can also hold credit card and financial information. It’s being touted as a keyring for the Internet, kept secure by Microsoft. If you have a HotMail account, you have a PassPort (it may or may not have your credit card information, though). However:

<q>In a demonstration of the exploit earlier this week, Slemko sent Wired News a specially crafted... [More]

Rumor-squashing service announcement

Published by marco on

There are a lot of rumors floating around. Attorney General John Ashcroft and the FBI tell us that they use high-encryption programs, so the government needs access to all of those. Others claim that they are using steganography (information embedded in images) and are communicating through web porn. Phil Zimmermann, the inventor of PGP (an encryption package) was quoted by the Washington Post as expressing “regret” for inventing PGP.

All not true. Most of it deliberately misinterpreted to... [More]

Athlon 1.4GHz == P4 2.0 GHz

Published by marco on

There’s a lot of people who just look at the speed of a chip; even people who should know better. Higher equals faster. If I’ve got an Athlon 1.4GHz, then how much faster could I be going with a P4 2.0 GHz. I mean, 2.0 GHz! Intel broke the 2 GHz barrier! Wow!

Settle down.

Here’s some good benchmarks from HardOCP showing that the Athlon 1.4 chip is faster in some tests and slower in some tests (about 50/50) on this page, but only by small margins either way. Statistically, they’re... [More]

RIAA Wants CPRM2, tougher DMCA

Published by marco on

In an acronym-filled room in Washington, filled with CEOs from TW-AOL, IBM, EMI, MPAA and a host of others that use real names, the large media companies of the U.S. started in again on their battle against file-sharing. The Register has a quick article with some of the minutes from the meeting. What are they doing? Bringing back CPRM (a copyright-protection mechanism built into storage media) is on the list, for sound-cards now as well as hard drives.

<q>we are working with sound card... [More]

Rebuttal to MS rebuttal to Gartner

Published by marco on

When Gartner issued their recommendation that companies stop using IIS (see forum posting), Microsoft responded that other vendors, notably Apache, also had security problems. To whit:

<q>It doesn’t matter what system you are running, if you don’t keep up to date you will be hit. </q>

The Register published replies to Microsoft’s response.

<q>…That’s not very smart. It’s like saying that it doesn’t matter whether you buy a Toyota Camry or a Russian Lada, because you will eventually have to... [More]

FTC shuts down pop-ad king

Published by marco on

An article on Slashdot reports that the FTC is shutting down a number of sites that trap you into an endless cycle of pop-up windows. Many of these cycles involve porn and gambling site advertisements. One stumbles into them by mistyping popular web addresses.

Once again, the government shouldn’t be getting involved here. This guy is just using ingenuity to manipulate the functions of popular browsers. It’s not a virus. It doesn’t do any damage. The problem lies in the browsers. Here’s a... [More]

Think DMCA was bad? Here comes SSSCA!

Published by marco on

An article at EE Times details a bill coming to Congress soon. This new bill pushed onto the floor of Congress by big players (MPAA with Disney and Fox in the lead), will force any company making a digital device to install hardware-level copyright protection. Let me clarify. That means any American company. In an already struggling economy, this is not a good idea. Who’s going to buy these devices? Probably a lot of people. Will they know that they’ve been crippled? Not until it’s too late.... [More]

W3C looks to promote patented standards

Published by marco on

Ars Technica reports on a new proposal by the W3C which would allow them to promote standards which are not open. That is, standards that are copyrighted and/or patented by companies. This opens up future problems like the GIF one, in which Unisys laid in wait until the format was accepted as an open standard, then came forward with its patent. The article points out that the W3C seems to be in a remarkable hurry to pass this recommendation:

<q>As we[W3C] have begun to use portions of the... [More]

A Look at XP Licensing Policy

Published by marco on

Believe it or not, ZDNet (albeit the British version) has weighed in with a scathing critique of Microsoft(There’s a great little analogy comparing Microsoft to a blue whale and its users to krill.), its licensing policies and its treatment of customers.

<q>…XP Home Edition says that your computing experience will be made less pleasant because the operating system will turn itself off if you change your computer too much, at which point you’ll have to go begging to Microsoft to be allowed to... [More]

DoCoMo, Telecom the Japanese way

Published by marco on

There’s a good article on Wired about the largest telecom company in Japan. It covers a lot of how the Japanese are using cell phones and the approach a successful (as so many in Europe and the States are not) telecom company should take.

Stop Using IIS

Published by marco on

Slashdot writes that the Gartner Group has come out with a statement recommending that businesses not use Microsoft’s web server.

Slashdot misreports the severity, though:

<q>Gartner remains concerned that viruses and worms will continue to attack IIS until Microsoft has released a completely rewritten, thoroughly and publicly tested, new release of IIS,‘ which they say has an 80% chance of happening by the end of next year.</q>

Note that the Slashdot quotes extend into the portion that is... [More]

How did Microsoft get off the hook?

Published by marco on

The justice department just kind of let them walk. They definitely abused their monopoly (see this thread). It seems the prosecution lost their witnesses. All of the companies pushing the U.S. Government to release Microsoft’s yoke suddenly have much more important things to worry about…like bankruptcy.

DMCA strikes again.

Published by marco on

The well-known Dutch cryptographer claims to have broken Intel’s DVI (Digital Video Interface) encryption, but won’t publish for fear of being prosecuted under the DMCA as soon as he sets foot on American soil.

http://www.securityfocus.com/templates/article.html?id=236

Peakabooty from the Cult of the Dead Cow

Published by marco on

More hacktivism from the Cult. This time their software aims to provide private, closed networks untouchable by prying eyes.

The last section ‘Some Truth about Peekabooty’ is the most interesting, I think.

http://www.theregister.co.uk/content/6/19067.html
 

 

Windows 98 vs. Windows 2000

Published by marco on

This is a comparison of Windows 98 and Windows 2000 with the GeForce2 GTS (slowest one) and Radeon (both 64MB cards). They tested 8 different games with different engines, including Unreal Tournament, Quake 3 and Serious Sam. Surprise, surprise, Quake and Serious Sam showed 0% change between platforms.
Looks like you can move safely over if you like….

Here’s the main chart:

http://www.anandtech.com/showdoc.html?i=1422&p=12

and the whole review:

http://www.anandtech.com/showdoc.html?i=1422&p=1... [More]

DMCA takes over the world

Published by marco on

A (biased) description of a recent meeting of the Hague Convention on Jurisdiction and
Foreign Judgments, discussing globalizing copyright laws.

http://slashdot.org/article.pl?sid=01/05/15/2138208&mode=nocomment

SDMI − copyrighted music

Published by marco on

SDMI is the secure digital music initiative. They issued a challenge last year to any comers to crack their protection. Anyone who agreed to enter the contest was bound to secrecy, though and not allowed to reveal any details of how they cracked it, if indeed they could. Once group from Princeton declined because of this proviso and cracked it anyway. Turns out they can now be prosecuted under the DMCA (Digital Millenium Copyright Act) which purports to disallow reverse-engineering of software... [More]

Badass Hacker

Published by marco on

This guy forged identities of most of the richest people on the Forbes 400. He almost got away with it too…

read on…

http://www.nypost.com/news/regionalnews/26868.htm

More on Windows XP Product Activation

Published by marco on

Apparently, the Beta testers are somewhat upset about it already. There’s a good alternative suggestion culled from the newsgroups, and an all-too-real and all-too-expected reason why it probably won’t get done.

http://www.theregister.co.uk/content/4/17742.html

GeForce3 in more depth than you can imagine

Published by marco on

This site is by one of the leading hardware guys on the web…he’s from Germany. His writeup is huge, but if you’re interested in the feature set:

http://www.tomshardware.com/graphic/01q1/010227/index.html

My take is that the GeForce3 introduces some amazing new techonologies and the card kicks ass. However, the next card will take some of the rough edges off of those technologies and kick even more ass.

CPRM

Published by marco on

A couple of more articles on the insidous approach of a dumbed-down era of computing:

http://www.theregister.co.uk/content/2/15718.html

http://www.theregister.co.uk/content/2/17419.html

Descrambling DVDs with Perl

Published by marco on

Here you’ll find a 526 byte Perl script that can descramble DVDs in real time.

http://slashdot.org/article/.pl?sid=01/03/06/1954213&mode=nocomment

Latest buzz is they’re going to get away with it

Published by marco on

One day the court hates MS:

http://www.theregister.co.uk/content/4/17192.html

Another, they seem to have no problem with MS:

http://www.theregister.co.uk/content/4/17192.html

Latest patent issued

Published by marco on

This ones for software patches, issued to Symantec. It was actually issued in April of 2000.

Read it, the description is so general that any and all patching technologies fall under it.

http://www.delphion.com/details?pn=US06052531__

19 years Ago

Damn funny piece about Napster

Published by marco on

http://www.oldmanmurray.com/realnews.wcs

Read the one from 08/08/2000.