cstacy writes "Tatu Yionen, inventor of SSH, says he feels 'a moral responsibility' to come out of retirement and warn that a 'little-noticed problem' could jeopardize the security of much of the world's confidential data. He is referring to the management (or lack thereof) of SSH keys (i.e. 'authorized_keys') files. He suggests that most organizations simply allow the SSH key files to be created, copied, accumulated, and abandoned, all over their network, making easy pickings for intruders to gain access. Do you think this is a widespread problem? How does your company manage SSH keys?" cstacy's summary here is accurate, but as charlesTheLurker notes, the article is a bit over the top: "The Washington Times claims that there's a huge vulnerability in ssh. It turns out that some reporter there has discovered that you can do passwordless login with the software, and has spun this into a story of a dangerous vulnerability. Sigh."

Almost 12 years after the launch of its predecessor, Diablo III has now been released. The game went live last night with over 8,000 midnight launch parties across the world. 2,000,000 players showed up for the beta test prior to launch, including 300,000 concurrently during an open beta weekend, but even so, the login servers struggled for the first few hours after launch. Diablo III had been in the works for quite some time — another example of Blizzard's notoriously long development cycle — and game director Jay Wilson said it was in "polish mode" for the past two years. "One of our sayings internally is 'polish as you go.' We have a belief that when you put a feature in, you should prototype, but then after you prototype you should do the real thing, and you should polish it to shipping quality." For those of you who are familiar with this type of game, there's an official game guide in which you can browse class skills, items, and other game information. There are also YouTube videos showing how each of the classes work.

An anonymous reader writes "Despite all the hype that a lowly priest had approved the new confessional app hitting the app store, the truth has now revealed itself. According to today's Daily Mail, a spokesman for the Vatican, Federico Lombardi said: 'It is essential to understand that the rites of penance require a personal dialogue between penitents and their confessor. It cannot be replaced by a computer application. I must stress to avoid all ambiguity, under no circumstance is it possible to confess by iPhone."

An anonymous reader writes "Infinity Ward may be suing Activision under allegations of low payment and no royalties, but it seems some developers are still happy to work with the publisher — it has just signed a 10-year deal with Bungie, the studio behind the popular Halo series of FPS games. Activision will publish all of Bungie's games in the next decade — although Bungie will own the IP. The terms of the deal are similar to those brokered by former Infinity Ward chiefs Jason West and Vince Zampella when they signed with EA after being fired in March."

Anonymouse writes "Sonic the Hedgehog is going back to his roots, but with a fresh coat of HD paint. 'An all-new 2D side-scrolling High Definition Sonic game is coming with a 2010 release date, according to a new teaser trailer from Sega.' Sega's Ken Ballough had this to say: 'Old-school Sonic fans have long asked to see Sonic return to a more 2D style of gameplay. Many liked the daytime stages in Unleashed but wanted to see a game that plays purely similar to the early games of the Genesis. Project Needlemouse is that critical first step that brings Sonic back to his 2D roots.'"

An anonymous reader writes "Nintendo has released an update for the Wii Internet Channel (a version of the Opera browser). It is now a free download (if you already paid for it, you get a free NES game), and finally supports Flash 9 content after being limited to Flash 7 ever since it was launched in late 2006."

alphadogg writes "The recession appears to have finally caught up with the video game market. Sales of video game hardware and software were down by around one-third in June compared to the same month last year. After initially showing positive growth as the US slid into recession, the latest figures mark the fourth month of declines and the largest year-on-year decline in almost 9 years. 'The first half of the year has been tough largely due to comparisons against a stellar first half performance last year, but still, this level of decline is certainly going to cause some pain and reflection in the industry,' said Anita Frazier, a games analyst with NPD Group. She added, 'The size of the decline could also point to consumers deferring limited discretionary spending until a big event (must-have new title, hardware price cut) compels them to spend.' The entire video game market in the US was worth $1.2 billion in June, down 31 percent from the same period last year, according to NPD Group."

Signum Ignitum writes "Safari 4 comes with a slew of cool new features, but extensive data generation combined with poor cleanup make for a data trail that's a privacy nightmare. Hidden files with screenshots of your history, files that point back to Web pages you've visited and cleared from your history, and thousands of XML files that track the changes in the pages in your Top Sites can add up to gigabytes of information you didn't know was kept about you." Some of Safari's bloat is kept in quite obscure locations; it takes a fairly knowledgeable user to find it and clean it up. You can avoid some of the worst of it by disabling Top Sites.

Joe MacDonald writes "The earliest UNIX shell I encountered was the Bourne shell on a SPARCStation 2 at my university. As with many students of my generation, prior to that nearly all of my exposure to command line interfaces was some variant of DOS. I was quite proficient with the primitive scripting language that was available on such platforms but I immediately felt far out of my depth in this new environment. The commands seemed arcane, possibly dangerous, and almost immediately I regretted stepping into this unfamiliar wilderness without some sort of guide." Read below for the rest of Joe's thoughts.

remove office writes "After I wrote about how Belkin's Amazon.com sales rep Mike Bayard had been paying for fake reviews of his company's products using Mechanical Turk, hundreds of readers across the Web expressed their outrage. As a result of the online outcry, Belkin's president Mark Reynoso has issued a statement apologizing and saying that 'this is an isolated incident' and that 'Belkin does not participate in, nor does it endorse, unethical practices like this.' Amazon moved swiftly to remove several reviews on Belkin products it believed were fraudulent. But now fresh evidence of astroturfing has surfaced, by the same Belkin executive."

Someone noted that there are more macbook case leaks which look to all but confirm a new MacBook and possibly a MacBook Pro expected to be announced for later this week. There seem to be fewer ports, and no leaks of a 17" aircraft carrier laptop.

Death Metal notes a Wired piece on the US government beginning the process of securing the root zone file. This is in service of implementing DNSSEC, without which the DNS security hole found by Dan Kaminsky can't be definitively closed. On Thursday morning, a comment period will open on the various proposals on who should hold the keys and sign the root — ICANN, Verisign, or the US government's NTIA.

An anonymous reader writes "The Internet Storm Center notes that emails that look like subpoenas are being sent out to the CEOs of major US corporations. The email tries to entice the victim to click on a link for 'more information.' According to the ISC's John Bambenek: 'We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via email ordering their testimony in a case. It then asks them to click a link and download the case history and associated information. One problem, it's [totally] bogus. It's a "click-the-link-for-malware" typical spammer stunt. So, first and foremost, don't click on such links. An interesting component of this scam was that it did properly identify the CEO and send it to his email directly. It's very highly targeted that way.'"