An anonymous reader writes "According to a thread on the bind-users mailing list, there is nothing inherent in the DNS protocol that would cause the massive vulnerability discussed at length here and elsewhere. As it turns out, it appears to be a simple off-by-one error in BIND, which favors new NS records over cached ones (even if the cached TTL is not yet expired). The patch changes this in favor of still-valid cached records, removing the attacker's ability to successfully poison the cache outside the small window of opportunity afforded by an expiring TTL, which is the way things used to be before the Kaminsky debacle. Source port randomization is nice, but removing the root cause of the attack's effectiveness is better."
Update: 08/29 20:11 GMT by KD : Dan Kaminsky sent this note: "What Gabriel suggests is interesting and was considered, but a) doesn't work and b) creates fatal reliability issues. I've responded in a post here."

coondoggie writes "The online Hitman scammer, who threatens to kill recipients if they do not pay thousands of dollars to the sender, is still sending out thousands of emails and the FBI is again today warning users to ignore the spam and report any incidents to the Internet Crime Complaint Center. Two new versions of the scheme began appearing in July 2008, the FBI said. One instructed the recipient to contact a telephone number contained in the e-mail and the other claimed the recipient or a 'loved one' was going to be kidnapped unless a ransom was paid."

kgagne writes "While solid state disk drives can vastly improve random read performance and are perfectly suited to most mobile devices, many operations are sequential in laptops and desktops and involve writes where SSDs most often lose to magnetic hard disk drives in performance. While introducing multi-channel flash memory controllers and interleaving the NAND flash chips increases performance, it will still be about two years before the cost versus benefit ratio will make sense to install SSD in your laptop or desktop PC, according to a Computerworld story. '"I think you need to get to 128GB for around $200, and that's going to happen around 2010. Also, the industry needs to effectively communicate why consumers or enterprise users should pay more for less storage," says Joseph Unsworth, an analyst at Gartner Inc.'"

cce writes "The MicroID standard, despite getting thrashed soundly by Ben Laurie two years ago, has since been recommended by the DataPortability Project and published on the user profiles of millions of users at Digg and Last.fm. MicroID is basically a hash calculated using a user's profile page URL and registered email address, producing a token that makes the email address vulnerable to dictionary attacks. To see how easy it was to crack these tokens, I conducted a small study, choosing 56,775 random Digg users, and cracking the email addresses of 14,294 of them (25%) using just their MicroID, username, and a list of popular email domains. Digg has more than 2 million users, and that means half a million of them — mostly people who had never heard of MicroID, and had probably not logged in for a long time — had their email addresses exposed to this trivial attack. I also applied this attack to Last.fm (19%) and ClaimID (34%). Digg and Last.fm have since removed support for MicroID, but the lesson is clear: don't publish a hash of my email address online, guys!"

n2hightech writes "Harvard University scientists figured out how to activate a trio of dormant genes that commanded non-insulin producing pancreas cells to switch to the Beta type insulin producing cells. The method uses an engineered virus to infect the cells and deliver special proteins that activate the dormant genes. This technology has the potential to make all stem cell based methods obsolete because it does not pose the risk of rejection and cancer associated with stem cells. A simple injection into the area where cells need to be reprogrammed is all that is required." Gospodin adds a link to coverage at the Washington Post.

An anonymous reader writes with this snippet from Wired: "After six Nobel Prizes, the invention of the transistor, laser and countless contributions to computer science and technology, it is the end of the road for Bell Labs' fundamental physics research lab. Alcatel-Lucent, the parent company of Bell Labs, is pulling out of basic science, material physics and semiconductor research and will instead be focusing on more immediately marketable areas such as networking, high-speed electronics, wireless, nanotechnology and software." Jamie points out this list of Bell Labs' accomplishments at Wikipedia, including little things like the UNIX operating system.

dotne writes "Microsoft has submitted Embedded OpenType (EOT) to W3C and a slimy campaign for EOT has been launched. EOT is a DRM layer on top of normal TrueType/Opentype files; EOT ties a font file to a certain web page or site and prevents reuse by other pages/sites. Microsoft's IE has supported EOT for years, but it has largely been ignored due to the clumsiness of having to regenerate font files when a page changes. Now that other browsers are moving to support normal TrueType and OpenType on the web (Safari, Opera, Mozilla, Prince), W3C is faced with a question: should they bless Microsoft's EOT for use on the web? Or, should they encourage normal font files on the web and help break Microsoft's forgotten monopoly?"

tykev writes "A customer wanted to return the license for preinstalled Windows Vista Business that came with his Lenovo laptop. After some lengthy negotiations with representatives of Lenovo's technical support and management, he was offered financial compensation for returning the license in the amount of CZK 1950 (USD 130, EUR 78), pending his acceptance of a non-disclosure agreement that would cover the entire negotiations with the company and its results. He declined and published his experiences on a Czech Linux website. The website editors decided to reward the customer for publishing the article by paying him an author's royalty in the same amount as was the offered compensation for returning the license."

ekesis tips a story up at NewScientist about the development of a new surveillance system by German engineering conglomerate Siemens. The system is notable for its integration of many different types of automated data-gathering. It can scan "telephone calls, email and internet activity, bank transactions and insurance records." It uses advanced pattern-recognition software to pick out unusual activities and important pieces of data. So far, the system has been sold to 60 countries. "According to a document obtained by New Scientist, the system integrates tasks typically done by separate surveillance teams or machines... This software is trained on a large number of sample documents to pick out items such as names, phone numbers and places from generic text. This means it can spot names or numbers that crop up alongside anyone already of interest to the authorities, and then catalogue any documents that contain such associates."

Aviran brings us an analysis of Democratic Vice Presidential candidate Joe Biden's voting record on technology issues. CNet breaks down the issues by category and provides details on the tech-related legislation he's introduced in the past several years. Biden received a score of 37.5% on CNet's 2006 technology voter guide. We've discussed the technology stances of McCain and Obama in the past.

Barence sends this excerpt from PC Pro: "Nvidia has delivered a scathing criticism of Intel's Larrabee, dismissing the multi-core CPU/GPU as wishful thinking — while admitting it needs to catch up with AMD's current Radeon graphics cards. 'Intel is not a stupid company,' conceded John Mottram, chief architect for the company's GT200 core. 'They've put a lot of people behind this, so clearly they believe it's viable. But the products on our roadmap are competitive to this thing as they've painted it. And the reality is going to fall short of the optimistic way they've painted it. As [blogger and CPU architect] Peter Glaskowsky said, the "large" Larrabee in 2010 will have roughly the same performance as a 2006 GPU from Nvidia or ATI.' Speaking ahead of the opening of the annual NVISION expo on Monday, he also admitted Nvidia 'underestimated ATI with respect to their product.'"

Albanach writes "Scotland's Sunday Herald newspaper has an exclusive report that the Best Western hotel chain has lost the personal details of each and every guest who has stayed at any of its 1300 hotels in the past 12 months. This amounts to details on 8 million customers and includes information such as name, address, credit card details and employment details. The data even includes future booking details, causing speculation that homes could be targeted for burglary when it's anticipated they will be unoccupied. A Best Western spokesperson is quoted as saying 'Best Western took immediate action to disable the compromised log-in account in question. We are currently in the process of working with our credit card partners to ensure that all relevant procedural standards are met, and that the interests of our guests are protected.'"

An anonymous reader writes "Think it's impossible to see four-dimensional objects? These videos will show you otherwise. Some mathematicians work with four-dimensional objects all the time, and they've developed some clever tricks to get a feeling for what they're like. The techniques begin by imagining how two-dimensional creatures, like those in Edwin Abbot's 'Flatland,' could get a feeling for three-dimensional objects. When those techniques are transferred up a dimension, the results are gorgeous."