Security

Microsoft Plugs "Drive-By" and 14 Other Holes 189

CWmike writes "Microsoft today patched 15 vulnerabilities in Windows, Windows Server, Excel, and Word, including one that will probably be exploited quickly by hackers. None affects Windows 7. Of today's 15 bugs, Microsoft tagged three 'critical' and the remaining 12 'important.' Experts agreed that users should focus on MS09-065 first and foremost. That update, which was ranked critical, affects all still-supported editions of Windows except Windows 7 and its server sibling, Windows Server 2008 R2. 'The Windows kernel vulnerability is going to take the cake,' said Andrew Storms, director of security operations at nCircle Network Security. 'The attack vector can be driven through Internet Explorer, and this is one of those instances where the user won't be notified or prompted. This is absolutely a drive-by attack scenario.' Richie Lai, the director of vulnerability research at security company Qualys, agreed. 'Anyone running IE [Internet Explorer] is at risk here, even though the flaw is not in the browser, but in the Win32k kernel mode driver.'"
GNU is Not Unix

MS Pulls Windows 7 Tool After GPL Violation Claim 186

Sam notes an Ars story on Microsoft pulling the Windows 7 USB/DVD Download Tool from the Microsoft Store website after a report indicating that the tool incorporated open source code in a way that violated the GNU's General Public License. Whether the software giant is actually violating the GPL, a widely used (including by the Linux kernel) free software license, is not confirmed. "We are currently taking down the Windows USB/DVD Tool from the Microsoft Store site until our review of the tool is complete," a Microsoft spokesperson told Ars. The fact the company pulled the tool doesn't bode well, so we'll have to watch closely to see what the company puts back on its servers.
Software

Go, Google's New Open Source Programming Language 831

Many readers are sending in the news about Go, the new programming language Google has released as open source under a BSD license. The official Go site characterizes the language as simple, fast, safe, concurrent, and fun. A video illustrates just how fast compilation is: the entire language, 120K lines, compiles in under 10 sec. on a laptop. Ars Technica's writeup lays the stress on how C-like Go is in its roots, though it has plenty of modern ideas mixed in: "For example, there is a shorthand syntax for variable assignment that supports simple type inference. It also has anonymous function syntax that lets you use real closures. There are some Python-like features too, including array slices and a map type with constructor syntax that looks like Python's dictionary concept. ... One of the distinguishing characteristics of Go is its unusual type system. It eschews some typical object-oriented programming concepts such as inheritance. You can define struct types and then create methods for operating on them. You can also define interfaces, much like you can in Java. In Go, however, you don't manually specify which interface a class implements. ... Parallelism is emphasized in Go's design. The language introduces the concept of 'goroutines' which are executed concurrently. ... The language provides a 'channel' mechanism that can be used to safely pass data in and out of goroutines."
Security

$9 Million ATM Hacking Ring Indicted 86

Trailrunner7 writes "US and international prosecutors have indicted a criminal ring that they allege was responsible for an ATM scam last November that stole about $9 million from RBS WorldPay. The criminals cracked payroll debit cards and withdrew money from ATMs in hundreds of cities around the world. A federal grand jury in Atlanta has indicted eight men in connection with the scheme, including five Estonians, one Russian, one Moldovan, and one unidentified man. Prosecutors allege that the men 'used sophisticated hacking techniques' to defeat the company's encryption system. The scam involved an elaborate plan in which the attackers first bypassed the encryption on the debit cards, which RBS WorldPay issues to customers for employee payroll purposes. They then raised the limits on the accounts attached to the cards, then provided a network of 'cashers' with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours; 130 different ATMs in 49 cities were hit within one 30-minute period."
Security

Best Tool For Remembering Passwords? 1007

StonyCreekBare writes "Lately I've been rethinking my personal security practices. Should my laptop be stolen, having Firefox 'fill in' passwords automatically for me when I go to my bank's site seems sub-optimal. Keeping passwords for all the varied sites on the computer in a plain-text file seems unwise as well. Keeping them in my brain is a prescription for disaster, as my brain is increasingly leaky. A paper notepad likewise has its disadvantages. I have looked at a number of password managers, password 'vaults' and so on. The number of tools out there is a bit overwhelming. Magic Password Generator add-in for Firefox seems competent, but it's tied to Firefox, and I have other places and applications where I want passwords. And I might be accessing my sites from other computers that don't have it installed. The ideal tool in my mind should be something that is independent of any application, browser, or computer; something that is easily carried, but which if lost poses no risk of compromise. What does the Slashdot crowd like in password tools?"
Wireless Networking

Google Gives the Gift of Free Airport Wi-Fi 158

itwbennett writes "Google is giving you something to be thankful for as you travel this holiday season. The company announced today that it is offering free Wi-Fi at 47 airports across the US between now and January 15. If you haven't booked your flights yet, you want to factor this into your plans. Here's a list of the 47 airports, which cover about 35% of all US passengers, according to Google. The Burbank and Seattle airports will continue to offer the free Google Wi-Fi indefinitely." The HuffPo notes another altruistic note in Google's gesture: "As another way to pass on the spirit of the season, once they log on to networks in any of the participating airports, travelers will have the option [of making] a donation to Engineers Without Borders, the One Economy Corporation, or the Climate Savers Computing Initiative. Google will match the donations made across all the networks up to $250,000, and the airport network that generates the highest amount per passenger by January 1, 2010 will receive $15,000 to donate to the local nonprofit of their choice."
Spam

Researchers Take Down a Spam Botnet 207

The Register is reporting on the takedown of a botnet once responsible for 1/3 of the world's spam. The deed was done by researchers from the security firm FireEye, who detailed the action in a series of blog posts. PC World's coverage estimates that lately the botnet has accounted for 4% of spam. From the Register: "After carefully analyzing the machinations of the massive botnet, alternately known as Mega-D and Ozdok, the FireEye employees last week launched a coordinated blitz on dozens of its command and control channels. ... Almost immediately, the spam stopped, according to M86 Security blog. ... The body blow is good news to ISPs that are forced to choke on the torrent of spam sent out by the pesky botnet. But because many email servers already deployed blacklists that filtered emails sent from IP addresses known to be used by Ozdok, end users may not notice much of a change. ... With [the] head chopped off of Ozdok, more than 264,000 IP addresses were found reporting to sinkholes under FireEye's control..."
Books

Intel's New E-Reader For the Visually Impaired 111

serverguy writes "Intel will be releasing a win for all visually impaired members of society, a new device called the Intel Reader. It allows visually impaired people to take a snapshot of a newspaper, book, or magazine and have it read back to them. It's estimated that in the US alone there are as many as 55 million people who could make use of such a device. It comes at hefty price though: the paperback-sized device costs $1,499. The device contains a 5-megapixel camera and is powered by a Linux OCR system that converts text into spoken words. The device can hold up to 2GB of data, which would equate to around 600 snapshots. In addition to reading text, the device can also play back audio books in a number of supported formats such as MP3 and WAV. The Intel Reader is expected to be released next Tuesday." The device won't be speedy: "Intel says it takes about 30 seconds to process each page of text... It took... about 30 minutes to scan in the pages of a 250-page book and then one hour to process them."
Databases

EC Formally Objects To Oracle's Purchase of Sun 334

eldavojohn writes "The EC has presented Oracle and Sun with a statement of objections. Despite the promotion of former MySQL CEO Marten Mickos, the statement seems to focus entirely on what many have feared: MySQL vs. Oracle databases. From Sun's 8-K SEC filing: 'The Statement of Objections sets out the Commission's preliminary assessment regarding, and is limited to, the combination of Sun's open source MySQL database product with Oracle's enterprise database products and its potential negative effects on competition in the market for database products.' The EU and the EC are getting a rep for disagreeing with US counterparts." On Monday afternoon the DoJ reiterated its support for the deal. Matthew Aslett has a helpful timeline of the action from the EC.
Power

Whistleblower Claims IEA Is Downplaying Peak Oil 720

Yesterday the Guardian ran a story based on two anonymous sources inside the International Energy Agency who claimed that the agency had distorted key figures on oil reserves. "The world is much closer to running out of oil than official estimates admit, according to a whistleblower at the [IEA] who claims it has been deliberately underplaying a looming shortage for fear of triggering panic buying. The senior official claims the US has played an influential role in encouraging the watchdog to underplay the rate of decline from existing oil fields while overplaying the chances of finding new reserves." Today the IEA released its annual energy outlook and rejected the whistleblowers' charges. The Guardian has an editorial claiming that the economic establishment is too fearful to come clean on the reality of oil suppplies, and makes an analogy with the (marginalized, demonized) economists who warned of a coming economic collapse in 2007.
Space

Unknown 7m Asteroid Almost Impacted Earth 289

xp65 writes "A previously undiscovered asteroid came within 14,000 km of Earth — just over one Earth diameter, 1/30 the lunar distance — on Friday, and astronomers noticed it only 15 hours before closest approach. On Nov. 6 at around 16:30 EST, a 7-meter asteroid, now called 2009 VA, came only about 2 Earth radii from impacting our planet. This is the third-closest known non-impacting Earth approach on record for a cataloged asteroid. The asteroid was discovered by the Catalina Sky Survey and was quickly identified by the Minor Planet Center in Cambridge MA as an object that would soon pass very close to the Earth. JPL's Near-Earth Object Program Office also computed an orbit solution for this object, and determined that it was not headed for an impact." The article notes, "On average, objects the size of 2009 VA pass this close about twice per year and impact Earth about once every 5 years."
The Courts

Chicago Court Throwing Out LIDAR Speeding Tickets 245

bridgeco writes "Chicago Traffic Court Judges have been throwing out speeding cases in which the driver's speed was measured with a LIDAR. Judges are asking for a special 'Frye Hearing' to determine the accuracy of these devices. Many motorists nabbed for speeding by a laser gun, instead of radar, are seeing their tickets thrown out at Chicago's traffic court because of a legal issue that the city's law department has been unable to overcome. Within the past year judges in Cook County Traffic Court in Chicago determined that speeds captured by lidar were not admissible because the devices had not been proven scientifically reliable in an Illinois court, said Jennifer Hoyle, spokeswoman for the law department, which prosecutes most speeding tickets in the city." (Here's some background on LIDAR from Wikipedia.)
Privacy

Justice Dept. Asked For Broad Swath of IndyMedia's Visitor Records 244

DesScorp writes "In a case that tests whether online and independent journalism has the same protections as mainstream journalism, the Justice Department sent Indymedia a grand jury subpoena. It requires a list of all visitors on a day, and further, a gag order to Indymedia 'not to disclose the existence of this request.' CBS reports that 'Kristina Clair, a 34-year-old Linux administrator living in Philadelphia who provides free server space for Indymedia.us, said she was shocked to receive the Justice Department's subpoena,' and that 'The subpoena from US Attorney Tim Morrison in Indianapolis demanded "all IP traffic to and from www.indymedia.us" on June 25, 2008. It instructed Clair to "include IP addresses, times, and any other identifying information," including e-mail addresses, physical addresses, registered accounts, and Indymedia readers' Social Security Numbers, bank account numbers, credit card numbers, and so on.' Clair is being defended by the Electronic Frontier Foundation."

Slashdot Top Deals