WrongSizeGlass writes "Exploit code for the DLL loading issue that reportedly affects hundreds of Windows applications made its appearance on Monday. HD Moore, the creator of the Metasploit open-source hacking toolkit, released the exploit code along with an auditing tool that records which applications are vulnerable. 'Once it makes it into Metasploit, it doesn't take much more to execute an attack,' said Andrew Storms, director of security operations for nCircle Security. 'The hard part has already been done for [hackers].'"

Several readers have written with word that George Lucas has announced a 2011 release date for the Star Wars series — all six films — on Blu-Ray. Engadget (linked) has an explanation of what to expect, and includes a video of a deleted scene that the Blu-Ray version will include. They warn that this might be a disappointment to anyone who (correctly) believes that Han shot first.

supersloshy writes "VideoLAN, makers of the well-known media player VLC, have just announced a new project called libaacs. The libaacs library's intention is to provide a free software library to implement the AACS specification, the copy-protection found on things such as Blu-ray discs. Note that this isn't meant to actually be a decoding library. It includes no AACS keys and is solely developed for research purposes."

suraj.sun writes with this news from CNET: "A security researcher involved with the Wikileaks Web site — Jacob Appelbaum, a Seattle-based programmer for the online privacy protection project called Tor — was detained by US agents at the border for three hours and questioned about the controversial whistleblower project as he entered the country on Thursday to attend a hacker conference. He was also approached by two FBI agents at the Defcon conference after his presentation on Saturday afternoon about the Tor Project. Appelbaum, a US citizen, arrived at the Newark, New Jersey, airport from Holland Thursday morning, was taken into a room, frisked and his bag was searched. Officials from the Immigration and Customs Enforcement and the US Army then told him he was not under arrest but was being detained. They asked questions about Wikileaks, asked for his opinions about the wars in Iraq and Afghanistan, and asked where Wikileaks founder Julian Assange is, but he declined to comment without a lawyer present, according to the sources. He was not permitted to make a phone call, they said." Appelbaum told me that he just spoke at length with The New York Times, and quipped that his Defcon talk about Tor was "just fine, until the FBI showed up"; this post will likely be updated with more details. Update: 08/02 03:59 GMT by T : Here's the NYT's coverage.

ultranerdz writes "Fedora 13 has just been released. It includes major features such as automatic print driver installation, automatic language pack installation, redesigned user account tool, color management to calibrate monitors and scanners, experimental 3-D support for NVIDIA video cards, and more."

ISoldat53 writes "The Consumerist has awarded Comcast the Golden Poo award for the worst company in America. From the article: 'After four rounds of bloody battle against some of the most publicly reviled businesses in America, Comcast can now run up the steps of the Philadelphia Museum of Art and hold its hands high in victory — it has bested everyone else to earn the title of Worst Company In America for 2010.'"

ZuchinniOne writes "With Ubisoft's fantastically awful new DRM you must be online and logged in to their servers to play the games you buy. Not only was this DRM broken the very first day it was released, but now their authentication servers have failed so absolutely that no-one who legally bought their games can play them. 'At around 8am GMT, people began to complain in the Assassin's Creed 2 forum that they couldn't access the Ubisoft servers and were unable to play their games.' One can only hope that this utter failure will help to stem the tide of bad DRM."

eldavojohn writes "Do you have branch offices in China? iSec has published a new report (PDF) outlining the severity of the attacks on Google.cn, allegedly by the Chinese government, dubbed 'Aurora' attacks. Up to 100 companies were victims, and some are speculating that resistance to such attacks is futile. The report lays out the shape of the attacks — which were customized per-company based on installed vulnerable software and antivirus protection: '1. The attacker socially engineers a victim, often in an overseas office, to visit a malicious website. 2. This website uses a browser vulnerability to load custom malware on the initial victim's machine. 3. The malware calls out to a control server, likely identified by a dynamic DNS address. 4. The attacker escalates his privilege on the corporate Windows network, using cached or local administrator credentials. 5. The attacker attempts to access an Active Directory server to obtain the password database, which can be cracked onsite or offsite. 6. The attacker uses cracked credentials to obtain VPN access, or creates a fake user in the VPN access server. 7. At this point, the attack varies based upon the victim. The attacker may steal administrator credentials to access production systems, obtain source code from a source repository, access data hosted at the victim, or explore Intranet sites for valuable intellectual property.' The report also has pages of recommendations as well as lessons learned, which any systems administrator — even those inside the US — should read and take note of."

garg0yle writes to tell us that Cryptome appears to have stepped in it again with a recent leaked document concerning Microsoft's "Global Criminal Compliance Handbook." "Microsoft has demanded that Cryptome take down the guide — on the grounds that it constitutes a 'copyrighted [work] published by Microsoft.' Yesterday, at 5pm, Cryptome editor John Young received a notice from his site’s host, Network Solutions, bearing a stiff ultimatum: citing the Digital Millennium Copyright Act (DMCA), Network Solutions told him that unless he takes the 'copyrighted material' down, they will 'disable [his] website' on Thursday, February 25, 2010. So far, Young refuses to budge." In a gesture of goodwill, Wikileaks has offered to host Cryptome via their twitter feed.

The Linux Terminal Server Project has for years been simplifying the task of time-sharing a Linux system by means of X terminals (including repurposed low-end PCs). Now, stgraber writes "After almost two years or work and 994 commits later made by only 14 contributors, the LTSP team is proud to announce that the Linux Terminal Server Project released LTSP 5.2 on Wednesday the 17th of February. As the LTSP team wanted this release to be some kind of a reference point in LTSP's history, LDM (LTSP Display Manager) 2.1 and LTSPfs 0.6 were released on the same day. Packages for LTSP 5.2, LDM 2.1 and LTSPfs 0.6 are already in Ubuntu Lucid and a backport for Karmic is available. For other distributions, packages should be available very soon. And the upstream code is, as always, available on Launchpad."

Barence writes "More than eight out of ten Mac owners also own a PC, according to a new piece of research. The NPD survey found that 12% of US computer-owning households have a Mac. However, 85% of those also own a Windows PC, suggesting that the Mac/PC divide is nowhere near as clear cut as both Apple and Microsoft suggest. Mac owners are also far more likely to have multiple computers in the house. Two thirds of Mac owners have three or more computers in the home, while only 29% of PC owners have two or more PCs."

alphadogg writes "Facebook has agreed to shut down its much-maligned Beacon advertising system in order to settle a class-action lawsuit. The lawsuit, filed in August of last year, alleged that Facebook and its Beacon affiliates like Blockbuster and Overstock.com violated a series of laws, including the Electronic Communications Privacy Act, the Video Privacy Protection Act, the California Consumer Legal Remedies Act and the California Computer Crime Law. The proposed settlement, announced late on Friday, calls not only for Facebook to discontinue Beacon, but also back the creation of an independent foundation devoted to promoting online privacy, safety and security. The money for the foundation will come from a US$9.5 million settlement fund."

Earlier this year, at the behest of an anti-piracy group consisting of the usual suspects from the recording industry, a Brazilian court ruled that a company named Cadare Information Technology must implement a filter on the P2P software they distributed on their website to weed out copyrighted content. Cadare was unable comply with the order because they didn't develop the software; they merely offered it for download. The case went back to court, and a Brazilian judge has now decided to ban distribution of the software because it can be used to assist copyright infringement. "He went on to suggest that any website offering the software alongside advertising (i.e, trying to profit from offering it) would be committing a crime, punishable by between two and four years in jail."

darthcamaro writes "A lot of people in the US have not seen a use case for the use of IPv6 yet, since we've got plenty of IPv4 addresses. But what happens when the entire electrical grid gets smart? The so-called Smart Grid will need a networking transport mechanism that will connect potentially hundreds of millions of people and devices. Networking giant Cisco sees IP (internet protocol) as the right transport and IPv6 as the logical choice for addressing. 'Pv6 is an interesting discussion and one that occupies a lot of bandwidth at Cisco,' Marie Hattar, Cisco's vice president of network systems and security solutions marketing said. 'Some people say that for smaller deployments, we could get away with IPv4, but the smart grid has a number of parts. The point is that if you're looking to build this [smart grid] out, why not build it out on the scalable protocol from the get-go?'"

thefickler writes "HDMI Licensing LLC, the company that determines the specifications of the HDMI standard, is set to release the HDMI 1.4 spec on 30 June. Unfortunately it could very well be the most confusing thing to ever happen to setting up a home theater. When the new cables are released, you're going to need to read the packaging very carefully because effectively there are now going to be five different versions of HDMI to choose from — HDMI Ethernet Channel, Audio Return Channel, 3D Over HDMI, 4K x2K Resolution Support and a new Automotive HDMI. At least we can't complain about consumer choice."