Comment english version of the heise story (Score 1) 116
is available on thier UK site:
25C3: Serious security vulnerabilities in DECT wireless telephony
Saturn's Rings May Be Very Old 125
Kristina from Science News writes "Combining computer simulations with data about the way starlight shines through Saturn's rings suggests the individual grains are big and thus could have been around a good 4 billion years, not the mere 10 million to 100 million previously suspected. What may have thrown earlier observations off is the chance that the grains aren't evenly distributed, but clump here and spread out there."
Google Unveils First Android Phone 546
danieltdp writes "Google finally officially launched the first Android-enabled mobile device to hit the market. As expected, the first Android phone will be the HTC Dream (also known as the T-Mobile G1), a device with a large touchscreen and a slide-out physical keypad that will run Google's new mobile platform." You might also not be at all surprised to know that Google is working on an Android competitor to the Apple App store.
IBM Threatens To Leave ISO Over OOXML Brouhaha 200
barnackle writes "In addition to threatening to leave certain standards organizations over the OOXML shenanigans, IBM created new guidelines for its own participation in those organizations in an attempt to pressure the ISO and ECMA to be more fair in their approval procedures."
US Responsible For the Majority of Cyber Attacks 205
Amber G5 writes "SecureWorks published the locations of the computers from which the greatest number of cyber attacks were attempted against its clients in 2008. The United States topped the list with 20.6 million attempted attacks originating from computers within the country, and China ran second with 7.7 million attempted attacks emanating from computers within its borders. This was followed by Brazil with over 166,987 attempted attacks, South Korea with 162,289, Poland with 153,205, Japan with 142,346, Russia with 130,572, Taiwan with 124,997, Germany with 110,493, and Canada with 107,483."
Submission + - Pron for Google captchas (heise.de)
juct writes: "Apparantly Spammers are re-using an old trick to defeat Google captchas. As heise reports they are now offering free porn, to find humans who do the work for them and enter the distorted characters. If you type the right characters you are awarded with a new picture — and the next captcha. In the background the characters you typed are used to fill out a Google registration form."
Submission + - Protection against weak SSL certificates (heise-online.co.uk)
juct writes: "Literally thousands of sites still use weak certificates to protect sensitive data like credit card numbers or passwords. heise found that even payment services like ppay or the german T-Pay are affected (german only). Even if they do replace and revoke the weak certificates, they could still be used to spoof an apparently secure site. This is due to the fact that neither Internet Explorer on Windows XP nor Firefox 2 check the revocation status of a certificate by default. To secure online transactions you can use the heise SSL Guardian with Internet Explorer or Márton Anka's Firefox extension SSL Blacklist. Both detect weak certificates and warn the user, that they are not secure."
Submission + - Online backup services with severe security holes (heise-online.co.uk)
juct writes: "Online Backup is cheap, easy and because of strong encryption even secure. But hold on — even though service providers for online backup do encrypt data locally and secure the communication with the backup server via SSL there might be something missing. In a test heise Security found that four out of six tested backup clients did not do strong authentication. Because they did not check the certificate of the server, the heisec testers were able to mount a man in the middle attack. In two cases that gave them access to all the stored data, in the other two they were at least able to delete all backups."
Submission + - Build a Wi-Fi antenna using household materials (heise-online.co.uk)
Comment Re:Encrypt everything. (Score 1) 309
Underscores are not allowed in hostnames (RFC 952). Besides, it's an ugly solution and the URLs look like those used by phishers.
The subjectAltName option is nicer but some browser have problems with it.
Submission + - Secure USB sticks cracked (heise-online.co.uk) 1
juct writes: "Manufacturers of USB sticks and cards with fingerprint readers promise us that their data safes can only be opened with the right fingerprint. In their tests, heise Security found that it is easy to bypass the authentication and get access to the protected data. This works by sending
a single USB command — Command Descriptor Block — that changed the accessible partition. They found the vulnerability in the MyFlash FP1 from A-Data (USB-ID 1307:1169) and the 1GB Secure Card (USB-ID 7009:1765) sold by 9pay. The JetFlash 210 and 220 fingerprint sticks from Transcend use the chips in question and also provide access to the protected partition after transmission of a single USB command. The UT176 made by CySecure could also suffer from the same flaw, though they have not tested it yet."
Submission + - German Constitutional Court rejects spying on PCs (heise-online.co.uk)
juct writes: "Germany's Federal Constitutional Court has rejected provisions adopted by the State of North Rhine-Westphalia that allowed investigators to covertly search PCs online. This raises the bar significantly for plans of the German government for secret online seaches of PCs. In its ruling, the court creates a new right to confidentiality and integrity of personal data stored on IT systems; the ruling expands the current protection provided by the country's constitutional rights for telecommunications privacy and the personal right to control private information under the German constitution."
Submission + - Stealing PINs with a needle (heise-online.co.uk)
juct writes: "Serious flaws have been found in two widely used point of sale (EPOS) PIN entry devices examined by the University of Cambridge Computer Laboratory. The researchers found they could readily bypass the supposed tamper-proofing of both terminals and read transaction data using a paper clip and a needle. In their analysis heise Security at least partly blames "the continuing shift in liability for fradulent transactions from the card issuer to the merchant" which is likely to reduce the incentive to produce secure systems."
Submission + - Cult of the Dead Cow returns with Google hacking (heise-online.co.uk)
juct writes: "Google hacking is not really new — and neither were backdoors ten years ago, when cDc released Back Orifice. But like the latter Goolag Scan rubs salt into an open wound: "Private individuals, firms, and even governments are putting more and more stuff on the web, and nobody cares what it means for security", explained cDc member Oxblood Ruffin to heise Security. The tool makes it a matter of mouse clicks to find sensitive information, hidden backdoors or vulnerable servers. Its use might be illegal in some countries though."
Comment Re:Bad link (Score 1) 4
Ok -- I resubmitted with working links. I hope the editors don't mind.
thanks, ju
