390263
submission
Arashtamere writes:
Microsoft admitted late Tuesday that the recently discovered encryption flaw that Israeli researchers discovered in Windows 2000 exists in XP, its most popular product.
According to the report "as recently as last Friday, Microsoft hedged in answering questions about whether XP and Vista could be attacked in the same way, saying only that later versions of Windows "contain various changes and enhancements to the random number generator." Yesterday, however, Microsoft responded to further questions and acknowledged that Windows XP is vulnerable to the complex attack that Pinkas, Gutterman and Dorrendorf (the Israeli researchers) laid out in their paper, which was published earlier this month.
Apparently Microsoft and Pinkas have argued over whether the flaw was a security vulnerability, with the former denying the bug met the definition and the latter claiming it is a serious problem that — while it needs to piggyback on another, more common kind of exploit — is far from just a theoretical threat. Tuesday, even as it conceded that XP also had a weak PRNG, Microsoft continued to downplay the possibility of an attack. "If an attacker has already compromised a victim machine, a theoretical attack could occur on Windows XP," a company spokeswoman said in an e-mail. To exploit the PRNG's flaws, an attacker must have administrative rights to the PC, something that's easily obtained by most run-of-the-mill attacks, Pinkas noted."
375697
submission
Arashtamere writes:
The shadowy hacker and malware hosting network that only recently fled Russia to set up operations in China has now pulled the plug there and vanished yet again, researchers said.
An analyst at VeriSign's iDefense Labs unit who wanted to remain anonymous, leery of retribution from the gang, said IDefense had tracked RBN's migration earlier in the week from servers based in Russia to ones running in China. On Tuesday, RBN's Russian servers went dark as the group relinquished control of its assigned IP addresses, effectively severing its connection to the Internet. By Wednesday, however, RBN had relocated to China and Taiwan after obtaining at least seven net blocks of Chinese IP addresses, said iDefense. According to the security intelligence firm, as of Wednesday, RBN controlled 5,120 IP addresses assigned to Chinese service providers; known RBN clients were even seen using those addresses that day.
But with its China move putting media and security community spotlights on the organization, RBN suddenly went offline on Thursday, said the analyst. "They severed connections to six of the seven net blocks on November 8," the analyst said.
According to iDefense, RBN as a single organization may be dead and gone....RBN may even now be breaking up into smaller pieces farmed out to multiple countries' Internet infrastructures.
366169
submission
Arashtamere writes:
Yahoo aided the Chinese government in the arrest of a Chinese journalist, then its general counsel deliberately or negligently mislead the U.S. Congress about the company's role during a 2006 testimony, a senior lawmaker accused the company this week.
Shi Tao, arrested in November 2004, had used his e-mail account to forward information about a Chinese government ban on reporting about the Tiananmen Square crackdown on the 15th anniversary of the protests. He is serving a 10-year prison sentence.
Representative Tom Lantos, a California Democrat and chairman of the House of Representatives Foreign Affairs Committee, ripped into Yahoo and General Counsel Michael Callahan for failing to notify the committee when the company discovered his February 2006 testimony about Yahoo's role in the arrest of Shi. And he questioned why a company with Yahoo's resources has not come to the aid of Shi's family.
Callahan, in February 2006, testified that he did not know the nature of the investigation when Chinese authorities demanded Yahoo China turn over the IP (Internet Protocol) address for the person who turned out to be Shi.
362611
submission
Arashtamere writes:
A study on consumer perceptions about online privacy undertaken by the Samuelson Clinic at the University of California and the Annenberg Public Policy Center, found that the average American consumer is largely unaware that every move they make online can be, and often is, tracked by online marketers and advertising networks.
Those surveyed showed little knowledge on the extent to which online tracking is happening or how the information obtained can be used.
More than half — about 55 percent — of those surveyed falsely assumed that a company's privacy polices prohibited it from sharing their addresses and purchases with affiliated companies. Nearly four out of 10 online shoppers falsely believed that a company's privacy policy prohibits it from using information to analyze an individuals' activities online; and a similar number also assumed that an online privacy policy meant that a company they're doing business with wouldn't collect data on their online activities and combine it with other information to create a behavioral profile.
