Thursday, September 27, 2007
The Associated Press has obtained a video made for the Department of Homeland Security that shows a simulated hacker attack on a power station that doesn't end well for a turbine. In the video the latter goes spinning out of control and spits out pieces of the turbine as well as smoke before it, presumably, dies a noisy, dramatic death (see photo at right).
The test attack, conducted in March by the Idaho National Laboratory for DHS, exploited a programming vulnerability in SCADA systems (Supervisory Control and Data Acquisition systems), the computer systems that control electric, water and chemical plants throughout the U.S. The test was intended to show how a remote digital attack by hackers could cause real-world damage beyond the computer used to conduct the attack.
The programming flaw has since been fixed, but that doesn't mean other flaws don't exist. SCADA systems were never designed with security in mind and have long been considered vulnerable to attack. Government officials claimed in 2002 that they had uncovered evidence that members of al Qaeda had explored vulnerabilities in SCADA systems in order to conduct such attacks on utilities.
But experts have always disagreed about the degree of damage a remote attacker could do to the power grid or water system via computer or the likelihood that someone would even choose such an attack as opposed to a physical attack with a bomb or other sabotage method that would be far more effective.
Unfortunately, cybarmageddonists are likely to seize this story and spin it wildly out of control to monger fear, ignoring a few comments in the AP story that suggest the demonstration may have exaggerated the risk.
Microsoft Stealth Update and Windows XP repair don’t mix by ZDNet's Adrian Kingsley-Hughes -- Remember that Stealth Update I talked about a couple of weeks ago? The one that Microsoft sent down the pipes to XP and Vista users and installed it irrespective of whether the user had given consent for updates to be installed? Remember too how the apologists claimed that there was nothing wrong with how Microsoft had behaved because there was no harm done? Well, it turns out that this update isn't as benign as we first thought and can indeed cause problems for Windows XP users if they try to repair their installation.
The Ubuntu developers are hurrying to bring you the absolute latest and greatest software that the open source and free software communities have to offer. This is the Ubuntu 7.10 beta release, which brings a host of excellent new features.
Note: This is still a beta release. Do not install it on production machines. The final stable version will be released in October 2007.
Wednesday, September 26, 2007
Jesper Johansson--a former senior program manager for security policy at Microsoft who moved to Amazon in September last year--wrote in his blog on Monday that he may drop Windows Media Center for LinuxMCE, a free open-source add-on to the Kubuntu desktop operating system, because problems caused by Microsoft's digital-rights management (DRM) software have proven so difficult to fix.
After Johansson's 5-year-old child complained that cable network Comcast's On Demand video system was not working with Windows Media Center, Johansson wrote, he attempted to resolve the problem.
"Upon inspecting the problem I found that the video would turn on, the screen would flicker for a second each of black and the video a few times, and then the Blue Screen of DRM came up. It also wouldn't play any premium channels," he wrote.
Johansson said the recommended work-around involved several convoluted steps, including installing Windows Media Player 10, which crashed, and then being advised to troubleshoot the problem with Windows SharePoint Services. A subsequent Microsoft DRM update then caused the Internet Explorer browser to crash.
Johansson said that DRM software is not only ineffective, but a waste of money that is damaging businesses attempting to use it to control the way consumers use copyright material.
"How many billions has the industry spent on DRM schemes that the bad guys break in weeks? How many perfectly legitimate users has the industry annoyed and driven away? How many lost DVD sales has it caused? How many lost sales of Microsoft's Media Center software and Windows Vista has it caused because the DRM subsystem randomly decides that you must be a criminal?" Johansson wrote.
DRM protections have done very little to stop bootleggers from hawking counterfeit software, he wrote, after witnessing a bustling trade in pirated material on a recent trip to Asia. Johansson wrote that he is now contemplating using LinuxMCE to avoid further difficulties.
OpenOffice version 2.0.4 and earlier versions are vulnerable to maliciously crafted TIFF files, which can be delivered in an e-mail attachment, published on a Web site or shared using peer-to-peer software. The next version of OpenOffice (version 2.3) arrived on September 17 and is not affected by the flaw.
The vulnerability was discovered by researchers at iDefense, who claim that the OpenOffice TIFF parsing code is flawed.
"When parsing the TIFF directory entries for certain tags, the parser uses untrusted values from the file to calculate the amount of memory to allocate. By providing specially crafted values, an integer overflow occurs in this calculation. This results in the allocation of a buffer of insufficient size, which in turn leads to a heap overflow," the iDefense team reported last Friday.
TrustDefender co-founder Andreas Baumhof said: "This vulnerability allows someone to execute malicious code on your computer. It's an OpenOffice bug so it doesn't matter what type of operating system you run; it allows you to run malicious software with the same rights as the user who runs OpenOffice."
"At this stage, it's only confirmed on Linux," Baumhof said. "But typically it would affect all operating systems. The only difference with Linux and Windows is that home users typically run Windows as the administrator."
In June, OpenOffice users were warned about a worm called "Badbunny" that was spreading in the wild through multiple operating systems, including Mac OS, Windows and Linux.
At the time, Symantec posted an advisory that said: "A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems. Be cautious when handling OpenOffice files from unknown sources".
Tuesday, September 25, 2007
First look at Windows Vista SP1 (build 6001.16659) by ZDNet's Adrian Kingsley-Hughes -- Earlier today I downloaded the standalone installer for Windows Vista SP1 and installed it on a few systems to see what it was like - and I thought you might like to take a look at it.
Apple to nuke unlocked iPhones with next update by ZDNet's Larry Dignan -- Apple is playing hardball with the unlocked iPhone movement. In a terse statement, Apple said “many of the unauthorized iPhone unlocking programs available on the Internet cause irreparable damage to the iPhone’s software, which will likely result in the modified iPhone becoming permanently inoperable when a future Apple-supplied iPhone software update is installed.” Apple also said [...]
Friday, September 21, 2007
Windows Home Server patch is out by ZDNet's Mary Jo Foley -- Hewlett Packard now has its hands on the Windows Home Server (WHS) update for which it decided to delay its MediaSmart Home Server, according to HardwareGeeks.com. Watch for more information from Microsoft next week on the post-RTM WHS update.
Tuesday, September 18, 2007
Sana Klaric and husband Adnan, who used the names "Sweetie" and "Prince of Joy" in an online chatroom, spent hours telling each other about their marriage troubles, Metro.co.uk reported.
The truth emerged when the two turned up for a date. Now the pair, from Zenica in central Bosnia, are divorcing after accusing each other of being unfaithful.
"I was suddenly in love. It was amazing. We seemed to be stuck in the same kind of miserable marriage. How right that turned out to be," Sana, 27, said.
Adnan, 32, said: "I still find it hard to believe that Sweetie, who wrote such wonderful things, is actually the same woman I married and who has not said a nice word to me for years".
Friday, September 14, 2007
JustLinux member saikee has posted details of his system that boots 145 operating systems. That includes 3 versions of DOS, 5 versions of Windows, and 137 flavors of Linux. He created 152 partitions on 4 hard drives to get his system up and running. And he probably has the longest GRUB menu you've ever seen. We're guessing the slowest part of the boot process on this system is the amount of time it takes to find the operating system you want to use.
There are obviously very few practical reasons anyone would want to load 145 operating systems onto a PC, but we have to say, we're pretty impressed anyway. It's kind of like climbing Mount Everest because it's there. If you had licenses for 8 MS operating systems, the ability to download as many Linux distributions as you'd like and way too much free time on your hands, wouldn't you do the same thing? No? Oh, well, nevermind then.
Long-term storm clouds brewing over AT&T, Verizon Wireless by ZDNet's Larry Dignan -- A series of events is happening, or about to happen, that threaten the business models of big wireless carriers such as Verizon Wireless and AT&T. Keep in mind that these storm clouds are just now building and the story will take years to play out. And don’t expect financial upheaval to appear just yet. But [...]
Thursday, September 13, 2007
Confirmation of stealth Windows Update by ZDNet's Adrian Kingsley-Hughes -- I can now confirm that the stealth Windows Update that I blogged about yesterday actually exists - because I've detected its presence on a machine at the PC Doc HQ.
Wednesday, September 12, 2007
Sensitive government e-mails leak through Tor exit nodes by ZDNet's Ryan Naraine -- The hacker behind the recent public disclosure of 100 sensitive government/embassy e-mail accounts says he aimed packet sniffers at five Tor exit nodes to capture the confidential information.
Critical Microsoft Agent flaw hits Windows 2000 by ZDNet's Ryan Naraine -- The most serious vulnerability covered in Microsoft's September patch batch is a remote code execution issue in the way Microsoft Agent handles certain specially crafted URLs.
Skype for Windows worm reported: here’s what to do by ZDNet's Russell Shaw -- Just in via a Skype blog posting from Skype’s Villu Arak: Skype has learned that a computer virus called “w32/Ramex.A” is affecting users of Skype for Windows. Users whose computers are infected with this virus will send a chat message to other Skype users asking them to click on a web link that can infect the [...]