SkiifGeek writes: "The Australian Federal Government plan to introduce national-level Internet censorship may already be floundering in the parliament, but now Anonymous have set their sights on the government and will be taking currently-unpublicised actions today to try and get their demands met, namely the resignation of current Communications Minister, Stephen Conroy, and the abolition of the blacklist that forms the basis of the censorship plan. In a country famed for its laid back attitude towards life, are Anonymous' actions going to have a long term result?"
Despite only a very limited amount of data being publicly available, fG! complied and removed the posts, citing "One thing is certain, you can't acomplish security by obscurity ! You can't simply stop knowledge because these days information flows at a bigger rate than ever. Disclosure is the only way to improve products!".
Even though the information is too specialised and focused in attention to have been widely reproduced, it was still online long enough for at least Google to cache the complete list of now-suppressed data and for a number of individuals to privately replicate the data. fG! follows up with the following caution for those trying to reproduce the cached but missing entries "About Pace? I'm in contact with their lawyer and I have been asked to remove all information about this. If you have mirrored the three Pace posts and code (I?m pretty sure I'm not the only one who mirrors important info right away) please do not make it publicly available. Pace will wave you with DMCA and it's not worth the trouble. Keep it for yourself, please".
SkiifGeek writes: "Does anyone really care when a company deletes content from its website or blog without notice and without leaving evidence that it ever existed? What if that company was an Antivirus vendor and the blog is a valuable source of information on developments in the fight against malware, what then?
McAfee recently did just that, pulling an entry at their Avert Labs blog, but not before it appeared briefly in the site's RSS feed. Despite the very short period of time that the content was actually available, it was still captured by some sites. A Google search shows a number of sites that were able to scrape the content before it could be pulled completely, including, ironically, a McAfee site that republishes the Avert Labs blog as part of its content.
Why would McAfee pull the content — what could be controversial enough in it to lead to it being pulled?
Are claims that the reason why there is so much malware is that AV vendors and developers have been so successful at blocking attacks enough to warrant deletion? What about trying to convince developers of legitimate software that packers and protectors are not valid tools anymore (just because malware authors use them)? Or even that use of these tools is going to place legitimate software at greater risk of false positive detection or delay in releasing the software and that it will mean it is viewed with suspicion?
The full deleted posting and deconstruction of the conflicting arguments presented within it can be found here."
Microsoft's single update (MS09-017) addresses fourteen distinct vulnerabilities across all supported versions of PowerPoint, but it isn't how many vulnerabilities that are patched that is causing trouble. Instead, the decision to release the patch for Windows versions while OS X and Works versions remain vulnerable to the same remote code execution risks (including one that is currently being exploited) hasn't gone down well with some people. Microsoft have given various reasons why this is the case, but this mega-update-in-a-patch is still interesting for other reasons.
Apple have updated OS X 10.5 to 10.5.7 as part of the 2009-002 Security Update (available right here), as well as a cumulative update for Safari 3 and the Public Beta for 4. As well as addressing numerous significant security risks, the 10.5.7 update provides a number of stability and capability enhancements and incorporates the Safari 3 update patch. Probably the most surprising element of the Apple update is the overall size of it, 442MB for the point update, and 729MB for the ComboUpdate."
SkiifGeek writes: "It's only early, but a single, uncorroborated source has claimed that 3D Realms has been shut down. The problem with a single source report is that the other information at this time doesn't match up with what Shacknews is claiming. The forums where the claim is apparently corroborated are struggling under traffic at the moment and it leaves the possibility that the whole thing is a hoax, backed up by a possibly hacked forum account.
Other sources of information on the net that are also reporting on the claim all point back to Shacknews as the only source material, so we're all going to have to wait until 3D Realms, Take Two, or 2K Games make a formal announcement that one of the gamer's most favourite publishers of the 1990s is no more."
SkiifGeek writes: "The publishers of the LA Times and the Chicago Tribune, and the Chicago Sun-Times have filed for bankruptcy protection within four months of each other. In addition to the big name newspapers, each also controlled a host of smaller television networks and regional newspapers that are facing an uncertain future. Also in that timeframe, the Rocky Mountain News has completely closed down, and the Seattle Post-Intelligencer has abandoned print editions completely.
With Microsoft's recent move to close down Encarta, and purely online media outlets cutting back on staff (freelancers and contractors being the first to get cut), what do we face in terms of information collation and dissemination in the future? Each of the listed cases happened for a different reason, but the economic crisis was the catalyst that pushed them all over the edge.
Are we headed for a dystopian future, or something better?"
SkiifGeek writes: "Cloud computing may just be another hyped technology, but recent private efforts to coordinate and establish a series of frameworks and methods that would allow for efficient migration of data and resources between clouds were exposed by Microsoft after participants refused to accept Microsoft 'enhancements' into their processes.
Strangely, Microsoft is pushing for a completely open process, using the language and promising the methodology often used in Open Source, but still trying to ensure that "a lot of innovation that we're [Microsoft] dreaming up today" will be included. OOXML vs ODF and a long history of crushing or neutralising non-Microsoft technologies should be sufficient for anyone to regard Microsoft's actions with a dose of suspicion.
It is hard to say just what Microsoft might stand to gain from publicly exposing the actions of a currently shadowy group, but there is enough current confusion that might allow Microsoft the room it needs to subvert the current efforts."
SkiifGeek writes: "Though they may not have had the exposure that the Month of Apple Bugs received at the start of 2007, there have been some significant recent discoveries regarding OS X security. In February, Vincenzo Iozzo presented a new method for injecting malicious code directly into running applications, with no trace being left behind when the host application is terminated.
Dino Dai Zovi has been busy demonstrating heap overflows that can lead to full system compromise, while Charlie Miller again walked away with the MacBook at the CanSecWest conference, after using a pre-prepared Safari exploit to take over the target system in less than 10 seconds. Both Zovi and Miller have also been putting in a lot of work to get MetaSploit for OS X targets up to the same sort of capabilities and features as the versions available for Windows and Linux."
SkiifGeek writes: "With Adobe's patch for the JBIG2Decode vulnerability due in a few days time, new methods to target the vulnerability have been discovered that make it far riskier than previously thought. Didier Stevens recently showed the world how it is possible to exploit the vulnerability without the user actually opening an affected file, now he has discovered a way that allows for completely automated exploitation that results in anything up to a Local System account without any user interaction at all and only relies upon basic Windows components and Acrobat Reader elements.
There are some mitigating factors that limit the overall risk of this new discovery, but it does also highlight that merely uninstalling the Reader will not protect you from exploitation and does raise the possibility that other tools will access the vulnerable components and thus be vectors for attack."
SkiifGeek writes: "With Adobe's patch for the current PDF vulnerability still some time away, news has emerged of more techniques that are available to exploit the vulnerability, this time without needing the victim to actually open a malicious file. Instead, the methods make use of a Windows Explorer Shell Extension that is installed alongside Adobe Reader, and which will trigger the exploitable code when the file is interacted with in Windows Explorer. Methods have been demonstrated of successful exploitation with a single click, with thumbnail view, and with merely hovering the mouse cursor over the affected file.
There are many ways that exploits targeting the JBIG2 vulnerability could be hidden inside a PDF file, and it seems that the reliability of detection for these varying methods is spotty, at best."
SkiifGeek writes: "After being spat on at the DLD Conference in Germany, TechCrunch founder, Michael Arrington has announced that he is going to take the next month off, after first covering the World Economic Forum in Davos.
Arrington, it seems, has a knack for polarising people and so with an enemies list as long as his, we may never know who delivered the saliva that has done more to make him sit back and reassess the what and why of how he does things than the death threat that he had last year and all the electrons of vitriol posted across the Internet over the years.
Being spat in the face may be a form of insult that hasn't really been popular for many years, especially for web pundits, but he's lucky that this guy hasn't finished his invention yet."
SkiifGeek writes: "Baidu's CFO, Shawn Wang, died while swimming while on Christmas holiday with his family on Hainan Island. Although only one trading day was available following news of his death (27th of December), it has seen more than 2% of Baidu's NASDAQ value wiped out.
While Wang's sudden death is not likely to impact the daily operations of the Chinese search engine giant, it is likely to impact the plans to list on the Hong Kong exchange, and China's 'A-Share' market, given Wang's role in getting Baidu listed on NASDAQ.
The loss of any key employee can have a major effect on a company, even if the employee is not an executive. The tragedy being faced by Baidu and the Wang family should serve as a reminder that succession planning and effective disaster management can be tested in many ways and it is important to ensure that there is always a way to continue normal operations in case of such tragedies."
SkiifGeek writes: "Late last week the SquirrelMail team posted information on their site about a compromise to the main download repository for SquirrelMail that resulted in a critical flaw being introduced into two versions of the webmail application (1.4.11 and 1.4.12).
After gaining access to the repository through a release maintainer's compromised account (it is believed), the attackers made a slight modification to the release packages, modifying how a PHP global variable was handled. As a result, it introduced a remote file inclusion bug — leading to an arbitrary code execution risk on systems running the vulnerable versions of SquirrelMail.
The poisoning was identified after it was reported to the SquirrelMail team that there was a difference in MD5 signatures for version 1.4.12.
SkiifGeek writes: "Less than a month after news of active OS X fake codec malware, a major vulnerability in the latest version of QuickTime (7.3, only released two weeks ago) has been discovered and has already gone from proof-of-concept exploit code to two readily available exploit samples.
With the ease by which this exploit can be integrated with media streams, it marks a greater threat for end users than a fake codec. At this stage, about the best mitigation recommended is to disable support for RTSP via the File Type / Advanced -> MIME Settings option in QuickTime's Control Panel / PreferencePane. Even though the exploit is only for Windows systems (including Vista — QuickTime apparently doesn't utilise ASLR), OS X users could be at threat from related problems, given historical RTSP vulnerabilities."
SkiifGeek writes: "When independent security researcher cocoruder found a critical bug with the JET engine, via the.mdb (Access) file format, he reported it to Microsoft, but Microsoft's response came as a surprise to him — it appears that Microsoft are not inclined to fix a critical arbitrary code execution vulnerability with a data technology that is at the heart of a large number of essential business and hobby applications.
Where should vendors be required to draw the line when supporting deprecated file formats and technology? In this case, leaving a serious vulnerability active in a deprecated technology could have serious effects if an exploit were to target it, but it is a matter of finding the right balance of security and usability such that Microsoft's users are not exposed to too great a danger for continuing to use Microsoft products."