Forgot your password?
typodupeerror

Submission Summary: 0 pending, 6 declined, 10 accepted (16 total, 62.50% accepted)

+ - LSI sets a new standard in storage density->

Submitted by
secmartin
secmartin writes "Up until yesterday, Sun was the leader in high-density storage systems; they have servers that will hold 48 SATA drives in a 4U chassis, a design that's being copied by many storage firms. But now LSI has one-upped Sun by launching a storage array that supports up to 60 drives in the same 4U of rackspace; that means you can have over a petabyte of raw capacity in a standard rack. There's also new SSD support; they provide more details in a couple of YouTube videos.

The new disk array is meant as an add-on for their Engenio 7900 storage system; but this new design will probably available as a standalone unit soon, since it is already in use at several of their HPC customers. Will this be the last major overhaul for large disk storage systems before flash-based storage takes over?"

Link to Original Source
The Courts

+ - Pirate Bay ordered to block Dutch users->

Submitted by
secmartin
secmartin writes "In a totally unexpected ruling, a Dutch court has decided that The Pirate Bay should block visitors from the Netherlands, or face a fine of up to 3 million euros. Peter Sunde has already announced that he will appeal the ruling.

Even though the defendents sent a letter explaining that they were unable to come to the hearing and provided arguments in their favor, these were ignored by the judge because they failed to appear in his court. The full text of the ruling was just published by Peter Sunde, and TorrentFreak has some more details."

Link to Original Source
Google

+ - Google not losing $1.65M/day on YouTube after all ->

Submitted by
secmartin
secmartin writes "A report by Credit Suisse released earlier this year claimed that Google was losing up to $1.65M per day on YouTube. This was widely considered to be a huge overestimate; now a new report by research firm RampRate provides a better estimate that takes into account that 73% of Google's traffic flows via peering agreements, leading to a more realistic figure of $477k/day.

What both analysts appear to be missing it the fact that Google is working hard to create a completely transit-free IPv6 network; as Google puts it in their IPv6 FAQ:

To qualify for Google over IPv6, your network must have good IPv6 connectivity to Google. Multiple direct interconnections are preferred, but a direct peering with multiple backup routes through transit or multiple reliable transit connections may be acceptable.

What do you think? Do these new figures sound more realistic, and would it be a good or a bad thing if Google didn't have to pay for their internet bandwidth at all?"
Link to Original Source

Security

+ - Apple admits that Mac OS users can get viruses->

Submitted by
secmartin
secmartin writes "Since a couple of days, Apple has been warning users that Mac OS might benefit from using a virus scanner. Their security page now offers this warning: "However, since no system can be 100 percent immune from every threat, antivirus software may offer additional protection."

Microsoft has welcomed Apple to this new reality in a blog post by one of their senior Security Advisors, and antivirus vendors are already taking advantage at the new sales opportunities. So are you already using a virus scanner on your Mac? If not, will this change in Apple's communications change your mind?"

Link to Original Source
Media

+ - Would you pay for YouTube videos?->

Submitted by
secmartin
secmartin writes "A couple of weeks ago, Google's CEO mentioned to investors that they might start charging YouTube's users for viewing content:

With respect to how it will get monetized, our first priority, as you pointed out, is on the advertising side. We do expect over time to see micro payments and other forms of subscription models coming as well. But our initial focus is on advertising. We will be announcing additional things in that area literally very, very soon.

With the recent Disney — Hulu deal, Google is under increasing pressure to generate more revenue and at the same time attract more premium content. That means we might see payment options coming even sooner than expected, with control over the pricing models being handed over to the studio's providing that content, like the way Apple caved in over variable pricing on iTunes. Which raises an important question: would you actually pay for premium content on YouTube and other sites, or will this draw viewers away to other video sites?"
Link to Original Source

Security

+ - Dan Bernstein confirms security issue in djbdns->

Submitted by
secmartin
secmartin writes "Dan Bernstein has just admitted that a security issue has been found in the djbdns software, one of most popular alternatives for the BIND nameserver. As part of the djbdns security guarantee, $1000 will be paid to Matthew Dempsky, the researcher that found the bug.

The bug allows a nameserver running djbdns to be poisoned using just a single packet. Other researchers have found a separate issue that allows dnscache, the DNS cache that is also part of the djbdns package, to be poisoned within just 18 minutes when using the default configuration. Anyone using djbdns is strongly encouraged to patch their servers immediately."

Link to Original Source
Networking

+ - Researchers warn of possible BitTorrent meltdown->

Submitted by
secmartin
secmartin writes "Researchers at Delft University warn that large parts of the BitTorrent network might collapse if The Pirate Bay is forced to shut down. A large part of the avaliable torrents use The Pirate Bay as tracker, and other available trackers will probably be overloaded if all traffic is shifted there. TPB is currently using eight server for their trackers.

According to the researchers, even trackerless torrents using the DHT protocol will face problems: "One bug in a DHT sorting routine ensures that it can only "stumble upon success", meaning torrent downloads will not start in seconds or minutes if Pirate Bay goes down in flames.""

Link to Original Source
Security

+ - Kaspersky customer database exposed->

Submitted by
secmartin
secmartin writes "A hacker has managed to gain access to several databases via a SQL injection vulnerability on Kaspersky's US website. He has posted several screenshots and a list of available tables; judging from the table names, the information available includes data on bugs and user- and reseller accounts.

The hacker has indicated that no confidential information will be posted on the Internet, but since a large part of the URL's used was visible in screenshots, it will only be a matter of time before somebody else manages to duplicate this."

Link to Original Source
Security

+ - Several high-profile Twitter accounts hacked->

Submitted by
secmartin
secmartin writes "Following the big phishing scam yesterday, Twitter has just reported that at least 33 accounts have been hacked using internal tools used by Twitter's support team. Several high-profile accounts were compromised, including those used by Barack Obama and Britney Spears.

The exact vulnerability that was used to gain access to these support tools is currently unknown."

Link to Original Source
Networking

+ - Has HavenCo's Data Haven shut down?->

Submitted by
secmartin
secmartin writes "HavenCo, the self-proclaimed data haven located on the micronation Sealand, appears to be offline. Their website is down, and there have been no announcements from either HavenCo of Sealand. HavenCo has been covered here before; it was mostly know for offering hosting of content that might be illegal in other countries. Does anyone have news about what happend to them?"
Link to Original Source
Windows

+ - AVG virus scanner removes critical Windows file-> 2

Submitted by
secmartin
secmartin writes "The popular virus scanner AVG released an update yesterday that caused their software to mark user32.dll as a virus. Since this is a rather critical file, AVG's suggestion to remove this caused problems for users around the world who are now advised to restore the file through the Windows Recovery Console. So far, AVG has yet to post an update about this on their main website, but their forums are full of complaints."
Link to Original Source
The Internet

+ - Belgian ISP scores victory in landmark P2P case->

Submitted by
secmartin
secmartin writes "Belgian ISP Scarlet scored an important victory in the first major European test of copyright law. The interim decision forcing them to block transfers of copyrighted materials via P2P has been reversed, because the judge agreed with Scarlet that the measures the Belgian RIAA proposed to implement proved to be ineffective. A final decision is expected next year."
Link to Original Source
Microsoft

+ - Microsoft to release critical patch today->

Submitted by
secmartin
secmartin writes "According to this security bulletin, Microsoft will release an important security update later today. It will fix a vulnerability that is rated as "critical" for Windows XP, 2000 and 2003, and Important for Vista and Server 2008. There is a webcast at 1:00pm PST to answer questions about this update. The update comes ahead of the normal "patch tuesday", so this is expected to be a major vulnerability. Early information indicates that it concerns a new issue that can be exploited remotely."
Link to Original Source
Mozilla

+ - Fixing Firefox SSL-certificate warnings->

Submitted by
secmartin
secmartin writes "Richard Bejtlich has tested a new plugin for Firefox that can increase your security, while fixing a major annoyance. The plugin uses the Perspectives notary system that checks HTTPS-sites from different locations to make sure you are not the victim of a man-in-the-middle attack, thus improving security; as an added bonus, it gives you the option to disable those annoying SSL-certificate warnings for sites using self-signed certificates. This was one of the main complaints about Firefox 3.0, and it's good to finally see a solution for this!"
Link to Original Source
Wireless Networking

+ - Russians claim WPA/WPA2 cracking breakthrough->

Submitted by
secmartin
secmartin writes "Russian security firm Elcomsoft has released software that uses Nvidia GPU's to speed up the cracking of WPA and WPA2 keys by a factor of 100. Since the software allows them to network thousands of PC's this anouncement effectively signals the death of wireless networking in business networks; any network handling sensitive data should start using VPN encryption on machines connecting over Wi-Fi networks, or stop using these networks altogether."
Link to Original Source

"Who cares if it doesn't do anything? It was made with our new Triple-Iso-Bifurcated-Krypton-Gate-MOS process ..."

Working...