BBMF News around the web - Page 21 - VRForums - SITEX 2009

bbmf · Aug 12th, 06, 08:14 PM

A security researcher at the Black Hat security conference has demonstrated several ways to circumvent security features that are built into Microsoft's forthcoming Windows Vista operating system.
According to media reports, researcher Joanna Rutkowska with Coseinc demonstrated two ways to attack a Windows Vista system during a session at the conference. The exposed flaws would potentially allow an attacker to execute arbitrary code.
Windows Vista requires that all device drivers are 'signed' to prevent malicious code from posing as a legitimate driver. The researcher however demonstrated a way to load unsigned drivers.
The researcher in the second case used the virtualisation technology in a system's AMD processor to inject code into the Vista kernel. The technology would allow an attacker to create a new hypervisor that could control the operating sytem. It would remain undetected from the user and would be at the attacker's disposal.
Although she only demonstrated the attack on an AMD processor, Rutkowska said that it would also work on PCs running Intel chips.
Both attacks relied on documented features in Windows Vista and should not be considered bugs, she added.
"The fact that this mechanism was bypassed doesn't mean Vista is insecure. It just means it's just not as secure as advertised," said Rutkowska, according to Internet News.
Earlier at the annual Las Vegas security event, Microsoft had challenged hackers to test the operating system's security features. It has distributed copies of the software's latest beta to about 3,000 security researchers.
Rutkowska is not the first security researcher to hack into a Windows Vista system, but is the first do so in a live demonstration at a public event.
As reported last week, security vendor Symantec has demonstrated several ways to circumvent the operating system's user account protections. Although Microsoft has since repaired the bugs Symantec had identified, it illustrates that the software still has weaknesses and that additional bugs are likely in the future.

sa: http://www.vnunet.com/vnunet/news/21...vista-security

bbmf · Aug 12th, 06, 08:21 PM

In this interview Joanna Rutkowska, and independent security researcher, discusses malware stealth techniques and its security ramifications. Joanna is focusing on discovering new infection techniques, as well as methods to protect against them.

Can you tell us a little bit about your background and your work?
I'm a security researcher working on IT security related projects for various companies around the world. I mainly focus on stealth malware technology, researching both new offensive techniques, as well as methods to protect against them. Several years ago, before I got involved in stealth technology research, I was focusing on exploit development (but not bug finding) for both Linux and Windows.
Base on researches you conducted, please explain us what are malware stealth techniques.
It's all about pretending that 'everything is alright', while in fact it is not. To achieve this goal malware can either decide to subvert various operating system's mechanisms, so that the information accessible to other system monitoring tools or users is falsified (we usually talk about 'hiding' various objects, like processes, kernel modules, files, registry keys, etc...). This is how most of the malware works today.
The other option to achieve stealth is... not to create any suspicious objects in the system, like extra processes, thus being "Stealth by Design". Writing such malware is however significantly more difficult then writing a classic malware, thus SbD malware is still not very popular.
It's also worth mentioning that stealth techniques are not only used for malicious purposes, but also very similar ideas are exploited by e.g. some honeypot systems.
What are the security threats posed by stealth malware?
Not knowing that your network and systems are compromised is much worse, in my opinion, then just a traditional, 'noisy' attack, like DDoS or website subversion.
What does stealth malware mean to the end user?
For the end user it doesn't really matter if the computer was infected by stealth malware or just any other type malware, like classic virus or worm. All the end user is aware of is that it's a 'bad thing' and all the he or she is really interested in doing is to get rid of it as soon as possible.
End users always relay on some AV, all-in-one, solutions where the whole user interaction and awareness is limited to pressing the 'Scan' button. And this is, in fact, very right approach in my opinion.
The problem however, which we face today, is that every public detector can always be cheated, provided that malware already gained super-user privileges (which today means to be able to act at the same privilege level as the trusted operating system code does) and knows how the detector's program exactly looks like. It should be obvious it's always possible for the malware to e.g. patch a specific instruction in such program, e.g. the branching 'IF' instruction in such a way that, although the detector detects the intruder, the action it takes will always be the same as if it didn't detect anything. Using various executable morphing/encryption methods is only making things harder for the attacker, but it is still *always* possible to bypass such protection.
That is not good news for end user and this is currently one of the most important problems which all AV companies are facing today. It's worth noting that this kind of attacks became very popular about 1-2 years ago and was popularized by infamous hacker defender project, offering commercial versions of a rootkit, which was armored with a set of implementation-specific attacks against many popular rootkit detectors on the market. 'Hacker Defender Shop' seems to be closed since a few weeks, but it really doesn't change anything.
What is the future for malware?
Malware has, in general, two goals - to do something bad or funny or useful for it's author and, the second goal is, to remain undetected as long as possible...
It's very hard to predict what malware authors would like to achieve with their malware in the future... Years ago, in the era of file infectors, people were just happy if their virus were able to spread, usually without doing any harm and without installing any backdoors.
Today we observe that malware writing became quite commercialized, so now those programs are interested in stealing our on-line banks passwords or helping sending out spam... Predicting what they might be interested in doing tomorrow is probably more of an interest for sociologists...
As to the other goal, well... it's just an endless arm race between bad and good guys (and gals) and both sides are very interdependent. Too interdependent, in my opinion, as what we usually see on the defending side is just a temporary workarounds for what is seen from the offending front... In my opinion, and this specifically apply to AV companies, people are too much focused on the malware that exists in the wild and on addressing only those threats, rather then thinking about the future and trying to come up with more generic approaches. Of course, similar things happen on the offending side, as many of the malware we see is not innovative at all - it's again just a temporary workaround against the latest AV programs... Of course, exceptions do exist and I would say it's more common to see very innovative approaches on the 'bad' front rather then on the good side.
I personally think, that the holly grail for those few people interested in creating this more interesting malware is to achieve such level of stealth-ness, that even though the algorithm of the infection was know it wouldn't be possible to detect such malware... It would be something similar to what we have in cryptography today - we know the algorithms, but cannot decrypt the cipher without knowing the secret key... I'm not saying that creating such malware is possible... I'm not denying either.
In your opinion, what is the biggest security threat for business at moment?
If I was responsible for the safety of some company's network I would definitely be most afraid of a silent penetration, which could exploit sophisticated stealth techniques to remain undetected by anybody for months... Maybe I'm paranoid (in fact I probably am), but knowing the defensive technology which is on the market these days and also knowing *some* of the state of the art stealth technology we have today, I believe that such scenario is quite likely to be happening in the wild.

sa: http://www.it-observer.com/articles/...nna_rutkowska/

bbmf · Aug 13th, 06, 01:39 PM

Consumer Electronics Association President and CEO Gary Shapiro is frustrated with the music industry. While the consumer electronics industry works to find a middle ground between the interests of electronics manufacturers and rights holders, the RIAA has failed to participate.
To make matters worse, despite their lack of participation, the RIAA is currently lobbying members of Congress to push through the controversial audio broadcast flag; its passage would trump the efforts of the Copy Protection Technical Working Group.
The RIAA is a late-comer to the "flag"-method of content control, which can be generically described as follows: mandate all broadcasters to use technology to embed mandated "flags" that are then "respected" by hardware designed under mandate to obey the mandatory behavior. That's a lot of mandates, but that's what the broadcast flag is all about: using the law to first re-define and then enforce a new copyright regime under the guise of digital rights management.
Shapiro and others in both the Consumer Electronics industry and the world of broadcast radio are frustrated by the RIAA's tardy participation. As I reported in January of this year, the RIAA's demands for an audio broadcast flag came relatively late in the digital radio game. Many stations have already purchased and implemented new technologies to support digital radio, not to mention the launch of satellite radio, but these investments could be made worthless if the RIAA successfully lobbies for the audio flag in the 11th hour.
Now it would appear that this last-minute effort to boost the audio flag also comes without any real plan for implementation. According to a statement from Mr. Shapiro's office earlier this week, the RIAA revealed in a letter to Congressman Rick Boucher (D-VA) that they have "no technical specification for an audio flag," and that the "RIAA has stayed away from the Copy Protection Technical Working Group in part because it has nothing to propose." In other words, while they insist on an audio flag solution, they have none to offer, nor have they worked with the Copy Protection Technical Working Group to find a solution or middle ground.
According to that same statement, Shapiro is again accusing the RIAA of looking for special rights above and beyond that proposed for other entertainment mediums. "Although the RIAA continues to try to muddy the waters, this much remains clear: the music industry no longer agrees that a consumer's right to make a first generation copy of a song includes the right to play it back when and how the consumer wishes," he said. Shapiro here refers to the fact that the RIAA would like to block the ability to record unencumbered digital music from either digital radio stations or satellite services such as XM or Sirius. Current law allows for personal recordings of both video and music, and even the television broadcast flag under discussion in Congress allows for private recording on a basic level.
"As we have repeatedly said, we are prepared to discuss ways to limit the mass indiscriminate redistribution of music over the Internet," the statement continued. "Instead, the RIAA wants to ban 'disaggregation,' which it now calls 'cherry picking' in the hope that it can give legitimacy to its policy ideas by using a sweeter name. In short, the RIAA wants to stop consumers from doing what they've been doing since a tape recorder was first used to capture a song played over the air for private use. The recording industry's campaign over disaggregation is nothing but a thinly veiled attack on lawful, private, noncommercial, in-home consumer recording practices."
Shapiro's statement reflects a growing awareness among many technology advocates, and a long-held position at Ars Technica, that digital rights management schemes can be abused to create new revenue models at the expense of fair use, and the truth. The latter comes in with regards to how inflated and misrepresentative piracy "studies" are used to justify ever-oppressive copyright regimes.
Shapiro and the Consumer Electronics Association are not enemies of DRM, however. While generally approving of its use, they are routinely critical of its effects on innovation. In April of this year, Shapiro complained that the RIAA's shifting demands were unjustly hurting the industry. "The game of crying wolf [over piracy] is not only tiresome; it's harmful to consumers and innovation," he said.

sa: http://arstechnica.com/news.ars/post/20060810-7472.html

bbmf · Aug 13th, 06, 01:52 PM

Surely some of the advertisers whose products appear as adware-delivered popups must be aware of what's going on. The question is, how many? A new report (PDF) from the Center for Democracy & Technology (CDT) claims that many advertisers work directly with adware companies, and those that don't often work through only a single intermediary. The bottom line is that these companies should know exactly what they're jumping into.
The study was done by setting up two computers in the CDT office in Washington. One computer used the Zango Search Assistant (from Zango, formerly 180solutions) to display pop-up ads, while the other had the Best Offers Network (from DirectRevenue). Scripts on each computer visited several hundred popular web pages over the course of 10 days and recorded all pop-up ads. The setup generated 380 ads—ads appeared 73 percent of the time. The computers recorded the re-direction path for each one, which produced a series of URLs that showed which advertising and affiliate networks the ad was passed through.
The results were surprising. 55 percent of the displayed ads had no intermediaries at all, implying that the marketing department of a company had signed a direct contract with an adware firm. Another 25 percent of the ads had only a single intermediary, while 16 percent had two.
When corporations are faced with evidence that their products are being advertised by adware vendors, most claim that they are simply unaware of the practice—multiple layers of affiliates and intermediaries mean that advertisements for legitimate firms could appear just about anywhere. The CDT study calls this common defense into question. It found that the average number of intermediaries between an advertiser and an adware vendor was only 0.7, which indicates that companies should be able to keep an eye on their ad campaigns without too much effort.
A couple of caveats: the study authors admit that they lack the resources to do a large-scale study of the issue that could prove more authoritative. They also note that "the data we collected reveals only the intermediary steps that are physically traceable on the computer of the adware user." That is, this sort of a study does not pick up any intermediaries unless they rely on URL redirection. The study also did not focus on major brands, most of which are more careful about controlling where their advertisements ultimately appear.
Still, for those interested in how adware vendors make money or those who want to follow "an advertisement's journey" through the system, the report makes for excellent reading, and it provides some common-sense recommendations that both advertisers and intermediaries can take to keep themselves adware-free.

sa: http://arstechnica.com/news.ars/post/20060809-7461.html

bbmf · Aug 13th, 06, 03:52 PM

Akasa AK-960
Alphacool Cool Answer III
Alphacool Passiv
Asetek Vapochill Micro Xtreme
Cooltek Auras 775
Arctic Cooling Freezer 7 Pro
Thermaltake Big Typhoon
Thermaltake Mini Typhoon
Zalman CNPS8000
Testing Rig & Results...

sa: http://www.bit-tech.net/hardware/200...up_test/1.html

bbmf · 04:21 PM

Dell is recalling 4.1 million notebook computer batteries because they could erupt in flames, the company said today. This will be the largest safety recall in the history of the consumer electronics industry, the Consumer Product Safety Commission said.
Dell, the world’s largest PC maker, said the lithium-ion batteries were made by Sony and were installed in notebooks sold between April 2004 and July 18 of this year.
The recall raises broader questions about lithium-ion batteries, which are used in a host of devices like cellphones, portable power tools, camcorders, digital cameras and MP3 players. The potential for such batteries to catch fire has been acknowledged for years and has prompted more limited recalls in the past. But a number of recent fires involving notebook computers, some aboard planes, have brought renewed scrutiny.
Dell has reported to the safety agency that it documented six instances since December in which notebooks overheated or caught on fire. None of the incidents caused injuries or death. Dell said the problems were a result of a manufacturing defect in batteries made by Sony. The safety agency said the batteries were not unique to Dell, meaning that other companies using Sony batteries may also have to issue recalls. Sony has sold its batteries to most of the major computer makers.
The recalled batteries were used in 2.7 million computers sold in the United States and 1.4 million sold overseas. The total is about 18 percent of Dell’s notebook production during the period in question.
Depending on how many of the batteries are still in use, the cost of the recall could exceed $300 million. Dell refused to estimate the cost, but said the recall would not materially affect its profits. Sony, which affirmed today that its batteries were responsible, said it was “financially supporting” Dell in the recall.
Dell said it would notify affected customers by mail and online, advising them to remove their current laptop batteries immediately and arranging to send replacements.
The largest previous safety recall of a consumer electronics product, in October 2004, involved one million Kyocera cellphone batteries.
Dell has been bedeviled by reports of burning laptops in recent months. In June, a Dell notebook burst into flames during a conference in a hotel in Osaka, Japan. In July,

firefighters in Vernon Hills, Ill., were called to the office of Tetra Pak, the food processing and packaging company, to extinguish a notebook fire hot enough to burn the desk beneath it.
That same month, a Dell notebook in the cab of a pickup parked alongside Lake Mead in Nevada caught fire, igniting ammunition in the glove box and then the gas tanks. The truck exploded. “A few minutes later and we’d have been coming up out of the canyon when the notebook blew up,” said Thomas Forqueran, owner of the laptop and truck. “Somebody is going to wind up getting killed.”
The battery problem is the latest setback for Dell, long a high-flier on Wall Street. Faced with stiffer competition that has forced price cuts, it has reported lower-than-expected sales and earnings over the last year, sending its stock down more than 40 percent. It is also spending $100 million to improve its customer service, which it found had alienated consumers.
Dell executives hope the recall, while vast, will prevent further damage to its image. “We’re getting ahead of the issue,” said Alex Gruzen, senior vice president and general manager of Dell’s products group. “I don’t want any further incidents to take place.”
Other computer makers that use Sony batteries were taking stock today of their possible exposure to similar problems.
An Apple spokeswoman, Lynn Fox, said today, “We are currently investigating whether batteries that have been supplied to Apple for our current and previous notebook lines meet our high standards for battery safety and performance.”
A Hewlett-Packard spokesman said the company’s notebooks would not be affected by the recall since its batteries are designed specifically for its products.
Lithium-ion batteries pack more energy in a smaller space than other types of batteries and are the cheapest form of battery chemistry. So more powerful batteries are increasingly being used in more types of consumer products.
What that means, said Richard Stern, associate director of fuel, electrical and recreational products at the product safety commission, is “more batteries, more likelihood for quality control problems and for design problems and so we’d expect more incidents and more recalls of these batteries.” The federal safety agency has negotiated 10 recalls of lithium-ion batteries used in notebook computers since 2000 and another 12 battery recalls for other electronic products, including a Disney-brand children’s DVD player.
Federal regulations require that lithium-ion batteries be clearly marked with warnings when they are shipped in bulk on airplanes, and various agencies are considering more stringent regulations following a fire that was detected as a United Parcel Service cargo plane began its descent into Philadelphia in February. Though a cause of that fire, which consumed and destroyed the plane after it landed, has not been determined, lithium-ion batteries are suspected. No one was hurt.
A single battery also caught fire in the overhead luggage bin of a Lufthansa passenger jet about to depart from O’Hare International Airport in Chicago in May. A flight engineer tossed it to the tarmac, where the fire was extinguished. (Neither of the incidents resulted in injuries, nor are they said to involve Dell computers or Sony batteries.) The Federal Aviation Administration lists three other incidents involving smoking or flaming lithium-ion batteries on cargo and passenger planes since 2004.
The portable battery industry has said there is not a broad problem with lithium-ion battery fires. But makers have known of the lithium-ion battery’s ability to catch fire since its first commercialization in 1991. Indeed, in 1995, a Sony lithium-ion battery factory in Koriyama, Japan, was partly destroyed when a battery being tested for quality caught fire.
The current recall also leaves many questioned unanswered on how Dell, as well as the product safety commission, deals with information about fire-damaged notebooks. Although Dell told the agency that only six incidents had occurred, a reporter viewed almost 100 photos of melted notebooks that were returned to the company from 2002 to 2004. The photos, from a Dell database, were supplied by a former Dell technician, Robert Day, who said such damage “was more of a common thing than they are letting on.” As many as several hundred a year were returned. Mr. Day said, “I did see so many pallets of stuff coming in that they had to use my lab for overflow storage.”
Dell officials refused to say how many computers had been returned because of heat or fire damage, but said the company acted on the problem as soon as it realized there might be a pattern. Mr. Gruzen said that the publicity surrounding the Osaka notebook fire did not prompt Dell to look into the problem. It was already having conversations with Sony, he said.

But the Osaka incident focused the company’s attention on the possibility that the fires might be a more widespread problem than originally thought. “It’s not that six was the magic number; we just didn’t have enough material,” said David Lear, Dell’s director of environmental affairs and product safety. Given the number of computers that Dell sells, even several hundred incidents a year is statistically minuscule, about one in several hundred thousand computers. “We are talking about triangulating on very sparse data,” Mr. Gruzen said.
A member of Mr. Lear’s staff, who happened to be in Japan at the time of the notebook fire, retrieved the remains. It was taken to a Los Angeles area lab of Exponent, a failure analysis firm, for examination.

The unit worked when it was plugged in to the power cord, despite the fire, which told the investigators that the problem was not with any circuitry or microchips. An X-ray of the battery pack told them the fire was not caused by an overcharged battery because a safety device was still intact.
Rather, Dell said the cause of the fire was a short circuit in one of the fuel cells. It was caused by microscopic metal particles that contaminated the electrolyte, a porous insulator. Dell thinks that the particles were released when the case of the cell was crimped near the end of Sony’s manufacturing process. It was the same problem associated with the 22,000 notebooks that Dell recalled in December.
Sony technicians, who took part in the examination at the Exponent lab, provided additional data on all its batteries, not just those sold to Dell, that suggested that a broader problem in the manufacturing process. “As events trickled in, they seemed to reinforce a conclusion that these Sony cells had an issue,” Mr. Gruzen said. “They don’t show a predictable pattern, which is why we wanted to get them out of the marketplace.”
Sony is the second largest maker of lithium-ion batteries for notebooks, after Sanyo.
The new Dell batteries, which the company hopes to distribute over the next four weeks, will be made by Sony and other vendors. Dell said it was confident that Sony had solved the problem by changing part of its manufacturing methods.
“We are absolutely confident that when we replace the batteries that we are getting the at-risk batteries out consumers’ hands and that there will be no more incidents,” Mr. Gruzen said.

sa: http://www.nytimes.com/2006/08/14/te...ge&oref=slogin

bbmf · Aug 15th, 06, 04:28 PM

M-Audio's Session software can be easily described as Garageband for the PC. Up until now, you could only get a copy of it by buying a Fast Trak USB device from M-Audio. But starting today, August 15th, Session is available as a standalone purchase for $49.
Session ships with 3.5GB of loops and instrument content, and comes with an M-Audio Micro USB device that "gives users an ASIO (audio streaming in/out) driver (the industry standard for music-creation drivers)". Plus, it's pretty much guaranteed to work well with M-Audio's wide array of musical peripherals, making your PC recording that much easier. – Jason Chen

bbmf · Aug 15th, 06, 05:00 PM

Belkin has unveiled three new surge protectors that will be able to make any cable management whore—like myself—jump with joy. They will be releasing the Concealed Surge Protector, Compact Surge Protector and Clamp-On Surge Protector this October.
The Clamp-On Surge Protector is the one we're looking forward to the most. No more piles upon piles of cables on the floor. Finally cables will be able to be run without touching the ground, and staying out of sight. Clamp it anywhere—computer desk, home theatre stand, bathroom, work bench, etc. It will be available for $69 $35 and include six outlets and a 10-foot power cord.

The Concealed Surge Protector is built for organization. It will power your gadgets via 11 outlets while organizing and hiding cables away. Safety and organization is key—the Concealed Surge Protector is great for kid-proofing a house. $49.

The Compact Surge Protector is a small surge protector that provides organization in a nice white bundle. There are a total of eight outlets—four regular and four for block-sized AC adapters. It also includes phone cable protection and will retail for $39.

sa: http://gizmodo.com/gadgets/periphera...nds-194096.php

bbmf · Aug 15th, 06, 05:24 PM

Microsoft is introducing its free PC-scanning service outside the U.S., part of an international push for its security tools.
The Windows Live OneCare safety scanner is now available around the world, Microsoft said in a statement Monday. The online scanner removes viruses and spyware, rids a hard drive of clutter, and runs defragmentation.
The service is similar to Trend Micro's House Call and McAfee's FreeScan, though those only remove malicious software.
The international launch is a precursor to a broader release of Windows Live OneCare. Beta versions of the consumer security software are scheduled to be available by year's end in Australia, Austria, Belgium, Canada, France, Germany, Ireland, Italy, Japan, Korea, Mexico, Netherlands, New Zealand, Singapore, Spain, Switzerland, and the U.K., Microsoft said.
OneCare was launched in the U.S. late May and landed the No. 2 spot in retail sales in June. The product combines antivirus, anti-spyware and firewall software with backup features and several tune-up tools for Windows PCs. Symantec and McAfee have both announced new products to compete with OneCare.
Microsoft has brought more than a dozen new products into its burgeoning Windows Live program, which it plans to continuously expand and update. Through the services, Microsoft hopes to understand better who uses its online services and how they use them, as it faces rising competition from Web-based rivals such as Google.

sa: http://news.com.com/2100-7355_3-6105...5538&subj=news

bbmf · Aug 15th, 06, 06:53 PM

A California computer security specialist released software to show that hackers can attack networks through widely popular BlackBerry handheld devices.
Jesse D'Aguanno of Praetorian Global made a "BlackBerry Attack Toolkit" demonstration available for download at the company's website along with "BBProxy" software that exploits the vulnerability.
"The premise is the BlackBerry device that everyone carries around in their holsters is actually a computer constantly connected to your network," D'Aguanno told AFP.
"So, someone can take over the device, or load a virus on it covertly."
D'Aguanno hid attacker software code in a tic-tac-toe game that, if downloaded and played on a BlackBerry, secretly invaded the network linked to the handled device.
An "attack vector" described by D'Aguanno during a presentation at a recent DefCon hackers conference in Las Vegas was to e-mail BlackBerry users a link and trick them into downloading the malicious software cloaked in the game.
The devices, made by Research In Motion in Canada, would then act as doorways that let hackers slip behind fire walls and seek out unprotected computers in a company's network, according to D'Aguanno.
"One of the biggest hurdles for an actual attacker is to get themselves on the internal network," D'Aguanno said. "Going head-on is usually not the smart way to go because of beefy fire walls and all that.
"But, if you get yourself inside the network, there are vulnerable machines, the defenses aren't as formidable because they rely on the outer walls."
D'Aguanno said that the potential for the BBProxy version released on Monday to be used maliciously was "nil" and that it was intended to show network administrators that the threat of attack via BlackBerry devices was real.
"The general thinking around the BlackBerry and handheld devices as a whole needs to be reformed," D'Aguanno said. "You need to secure the rest of your network from malicious attacks from that medium."
Another possible form of attack was "blackjacking," or hijacking legitimate users' BlackBerry devices and replacing them on the network with rogue devices, D'Aguanno said.
The components of business enterprise computer servers that support mobile data devices should be isolated instead of being linked in ways that allow unfettered access to entire networks, he advised.
Downloading of third-party applications to BlackBerry or similar devices should be prevented, according to D'Aguanno.
"It is kind of a new playground, as far as a way into a network," D'Aguanno said, adding he knew of no successful hacker attacks via BlackBerry.
"I have a BlackBerry. I think they are great things, but you have to treat them like any untrusted computer with access to your network."

sa: http://news.yahoo.com/s/afp/20060814...usittechnology

bbmf · Aug 15th, 06, 07:03 PM

All too familiar with hackers looking to exploit security flaws in its software, Microsoft Corp. warned video game developers on Monday that their PC games are now a target for criminals.

Using malware or software designed to infiltrate a computer system, hackers steal account information for users of MMO games and then sell off virtual gold, weapons and other items for real money.
"Those of you who are working on massively multiplayer online games, organized crime is already looking at you," said Dave Weinstein, a Microsoft security development engineer at the company's Gamefest video game development conference.
In multiplayer online role-playing games, players assume a fictional character and take control of the character's actions and interact with other players in a virtual world. For World of Warcraft, a user buys the game software and then pays a monthly subscription rate to access the online world.
Online game accounts are already on sale in the black market next to stolen credit card accounts, fraudulent passports, fake work papers and other illegal items gathered by identity theft.
In fact, some game accounts can be worth up to $10,000.
"For a lot of the customers out there, there is more store value on their MMO characters than there is on the credit card with which they pay for the account," said Weinstein.
"The police are really good at understanding someone stole my credit card and ran up a lot of money. It's a lot harder to get them to buy into 'someone stole my magic sword."'

sa: http://news.yahoo.com/s/nm/20060815/...osoft_games_dc

bbmf · Aug 20th, 06, 06:22 PM

An Irish company has thrown down the gauntlet to the worldwide scientific community to test a technology it has developed that it claims produces free energy.
The company, Steorn, says its discovery is based on the interaction of magnetic fields and allows the production of clean, free and constant energy -- a concept that challenges one of the basic rules of physics.
It claims the technology can be used to supply energy for virtually all devices, from mobile phones to cars.
Steorn issued its challenge through an advertisement in the Economist magazine this week quoting Ireland's Nobel prize-winning author George Bernard Shaw who said that "all great truths begin as blasphemies".
Sean McCarthy, Steorn's chief executive officer, said they had issued the challenge for 12 physicists to rigorously test the technology so it can be developed.
"What we have developed is a way to construct magnetic fields so that when you travel round the magnetic fields, starting and stopping at the same position, you have gained energy," McCarthy said.
"The energy isn't being converted from any other source such as the energy within the magnet. It's literally created. Once the technology operates it provides a constant stream of clean energy," he told Ireland's RTE radio.
McCarthy said Steorn had not set out to develop the technology, but "it actually fell out of another project we were working on".
One of the basic principles of physics is that energy can neither be created nor destroyed, it can only change form.
McCarthy said a big obstacle to overcome was the disbelief that what they had developed was even possible.
"For the first six months that we looked at it we literally didn't believe it ourselves. Over the last three years it had been rigorously tested in our own laboratories, in independent laboratories and so on," he said.
"But we have been unable to get significant scientific interest in it. We have had scientists come in, test it and, off the record, they are quite happy to admit that it works.
"But for us to be able to commercialise this and put this into peoples' lives we need credible, academic validation in the public domain and hence the challenge," McCarthy said

bbmf · Aug 20th, 06, 06:24 PM

An Irish company has thrown down the gauntlet to the worldwide scientific community to test a technology it has developed that it claims produces free energy.
The company, Steorn, says its discovery is based on the interaction of magnetic fields and allows the production of clean, free and constant energy -- a concept that challenges one of the basic rules of physics.
It claims the technology can be used to supply energy for virtually all devices, from mobile phones to cars.
Steorn issued its challenge through an advertisement in the Economist magazine this week quoting Ireland's Nobel prize-winning author George Bernard Shaw who said that "all great truths begin as blasphemies".
Sean McCarthy, Steorn's chief executive officer, said they had issued the challenge for 12 physicists to rigorously test the technology so it can be developed.
"What we have developed is a way to construct magnetic fields so that when you travel round the magnetic fields, starting and stopping at the same position, you have gained energy," McCarthy said.
"The energy isn't being converted from any other source such as the energy within the magnet. It's literally created. Once the technology operates it provides a constant stream of clean energy," he told Ireland's RTE radio.
McCarthy said Steorn had not set out to develop the technology, but "it actually fell out of another project we were working on".
One of the basic principles of physics is that energy can neither be created nor destroyed, it can only change form.
McCarthy said a big obstacle to overcome was the disbelief that what they had developed was even possible.
"For the first six months that we looked at it we literally didn't believe it ourselves. Over the last three years it had been rigorously tested in our own laboratories, in independent laboratories and so on," he said.
"But we have been unable to get significant scientific interest in it. We have had scientists come in, test it and, off the record, they are quite happy to admit that it works.
"But for us to be able to commercialise this and put this into peoples' lives we need credible, academic validation in the public domain and hence the challenge," McCarthy said

sa: http://news.yahoo.com/s/afp/20060818...dscienceenergy

bbmf · Aug 20th, 06, 06:39 PM

Washington State Attorney General Rob McKenna this week announced that he had sued four California companies for violating Washington's 2005 anti-spyware law. According to the complaint, the defendants install difficult-to-remove software on victims' computers that barrages them with payment demands for a movie download service. The lawsuit is the second filed under Washington's Computer Spyware Act. Enforcement is a key prong in the war against spyware and unwanted adware. A recent CDT report detailed enforcement efforts at the federal and state levels.
Commplaint Details .pdf
If you want to learn about which law(s) attempt protect you...

sa: http://www.cdt.org/

bbmf · Aug 21st, 06, 03:00 PM

Microsoft turns photo albums into navigable 3D worlds...

Representatives from Microsoft Live Labs and a University of Washington work group on Wednesday discussed the Photosynth browser during a speech at the Siggraph show about the university's Photo Tourism system. Live Labs is developing Photosynth from the Photo Tourism technology as part of Microsoft's push into Internet-based personal services.
"Photosynth will be released as a Web client that people can use to explore large collections of photos," said Richard Szeliski, who leads the Interactive Visual Media Group at Microsoft. Photosynth has the potential to create a complete virtual world made up of the world's photos, Szeliski said.
Photosynth lets people import photos, either from their own collection or via a search of a photo-sharing site like Yahoo's Flickr. Drawing from the imported shots, Photosynth organizes the photos into a virtual 3D collage, using an algorithm that measures location information, identifiable features and subsequent 3D points for similarities, differences and viewpoints.
"Unlike (other groups) who have worked on this before, Photosynth combines image-based rendering with search controls. Our scene reconstruction automatically estimates the position, orientation and focal length of the cameras that took the photo. Once the scene is reconstructed, the user can explore using the photo browser features," said Noah Snavely, a member of University of Washington's Charles Simonyi Graphics and Imaging Laboratory, which developed the Photo Tourism technology.
Viewers can choose to see a detail of the constructed photo scene by clicking on an object or dragging a box around a group of objects. The highest-scoring photo for that particular object or view is blown up on the screen. Photos are scored based on the best resolution, lighting and view. Head-on views score higher, as do daytime shots.
Once in detail, viewers can move around and "step back," and they have the option of seeing other images of the same view within the collection. Thumbnails of these alternates run along the bottom of the screen.
The program also renders transitional views from one photo to the next within the 3D space, giving the illusion that viewers are panning the scene with a video camera. Users can also annotate a particular photo, or portion of the scene. Annotations are shared among images based on the level of detail the image covers. For example, a tag describing the Rome's statue of Neptune at the Trevi Fountain would carry over to other views of Neptune but not necessarily panoramic views of the entire Trevi Fountain.
Eventually, the Photosynth team plans to include a time dimension that would let viewers specify the time of day, season or even year they'd like to see with a specific view. The sample shown at Siggraph was a contemporary photo of Yosemite National Park, with an Ansel Adams alternative available for the same vantage point.
Because the tool measures the focal length of each image, Photosynth can determine the exact location the photographer was standing in when she took the photo. 3D overview mode offers a 3D photo scene with these vantage points plotted throughout. Clicking on a vantage point on the rotunda of St. Peter's Basilica brings the viewer to a panoramic view of St. Peter's Square looking out from the rotunda.
According to the Photosynth project blog from Live Labs, there's no set date for a public beta release. Snavely said there are limitations in the program that the work group would like to improve.
For one, the program cannot reliably match photos if they are too dark or of too low a resolution. The program currently lacks the power to create extremely large-scale renderings of the sort the team would like to achieve. For example, a 3D rendering of New York's Times Square is possible, but not one for all of Manhattan.

sa: http://news.com.com/Microsoft+turns+...e.gall.related