danomac writes: If you are using systemd you may want to disable resolved. Reported yesterday on seclists, resolved doesn't appear to adhere to rfc5452 and thus is subject to a cache poisoning bug.
At its simplest, an attacker triggers a query to a domain he controls
via SMTP or SSH-login. Upon receipt of the question, he can just add
any answer he wants to have cached to the legit answer he provides
for the query, e.g. providing two anser RR's: One for the question asked
and one for a question that has never been asked — even if the DNS server
is not authoritative for this domain.
danomac writes: It appears the Canadian carriers are seeking to overturn the proposed CRTC code that will take effect in December of this year. This code was previously discussed here at slashdot and had things like caps on contracts, reasonable roaming rates, and mandatory cell unlocking. The major sticking point is that this code is to be retroactive, and the big telcos are worried that this will set a bad precedent if customers can effectively cancel their existing three year contracts. However, it sounds like they're not happy that they are no longer the only ones that can arbitrarily change a contract. Some carriers may even defy this new code as they fight through the courts.
It says right on their website "they all know it's wrong, and they're still doing it" overlaid on top of the image used without permission. There apparently are multiple photos from different authors used, and none gave permission for Canipre to use on their website.
danomac writes: Police agencies in Canada want to have better tools to do online surveillance. Bill C-30 was to include new legislation (specifically Section 34) that would give police access to information without a warrant. This can contain your name, your IP address, and your mobile phone number.
This, of course, creates all sorts of issues with privacy online. The police themselves say they have concerns with Section 34. Apparently the way it is worded it is not just police that can request the information, but any government agent. Would you trust the government with this kind of power?
danomac writes: The litigation against Samsung has now turned up an early prototype of the iPad, from 2002. This prototype is shown against the article against the iPad 2 and Samsung's Tab 10.1, and it dwarfs both in size and thickness. It's almost as thick as a notebook.
Samsung is saying the early design isn't even close to what the Tab 10.1 is now. It does, however, feature the same rounded corners as the current generation iPad.
danomac writes: It appears that Google isn't going to take an attack on the Galaxy Nexus lightly. It has now been confirmed by Samsung that Google has partnered with Samsung to defend the patent lawsuit brought forward by Apple.
danomac writes: In the spring of 2008, Sons of Maxwell were traveling to Nebraska for a one-week tour and witnessed one of their Taylor guitars being thrown by United Airlines baggage handlers in Chicago. It was discovered later that the $3500 guitar was severely damaged. Long story short: United refused to repair the guitar, so the artist promised to write and produce three songs about his experience with United Airlines. The first song has now been released and uploaded to YouTube where it currently has over a half a million views.
danomac writes: Everyone knows the Xbox franchise started out losing a lot of money. Recently, they have started making money, at least for the last two quarters. It looks like Microsoft's gamble is slowly paying off: Possibly by end of June this year the franchise will be in the black.
Xbox Live is credited for distinguishing the console from its competitors.
danomac writes: It appears that mobile phones may be prone to a SMS message attack that can lead to remote software installation or handheld reprogramming. It doesn't help that the GSM Association is being hazy about whether they acknowledge it or not.
From the article: "All operators have been keen to point out however that such an attack would be illegal. The GSMA warning that "if this were demonstrated in the UK it would be a serious criminal offense, which could be prosecuted under the Regulation of Investigatory Powers Act 2000 for over the air interception"." Sure, it may be illegal, but since when has this stopped hackers in the first place?
Who would have thought that devices that are remotely programmable would not authenticate the sender of the request?