Security flaw found in Adobe’s PDF software

Adobe has patched eight vulnerabilites in older versions of its Acrobat and Reader software, including one that could let attackers take control of users’ systems. Researchers at Core Security Technologies found the flaw in version 8.1.2 of the programs, but said earlier versions could also be affected. Acrobat and Reader 9 aren’t affected by the problem. According to reports, the flaw is in the way Reader handles the JavaScript util.printf() function, and attackers can exploit systems by using a PDF containing malicious JavaScript. Users can avoid the problem by disabling JavaScript, but that workaround is likely to be disruptive for many users. (Computerworld)

Radical changes sought for cybersecurity

US government and military agencies are fed up with security holes in cyberspace and hope to do something about it. The Department of Defense and the Air Force are independently seeking ideas from the public to alter the cyberspace landscape, preventing attacks by changing the way the Internet works. The first initiative, dubbed “Cyber Leap Year” to show the need for leap-ahead technologies, is sponsored by the National Coordination Office for Networking Information Technology Research and Development. Its backers hope to avoid slow and progressive research in favor of “game-changing ideas” that can have a revolutionary impact. “We believe very strongly that the answers are out there in the community,” said Susan Alexander, the agency’s chief technology officer. “If we ask the right questions in the right way, the community would give us some answers.” Submissions are due by 15 December. The Air Force is sponsoring a separate initiative, which aims to prevent cyberattacks by rewriting the laws of cyberspace. The Air Force Research Laboratory (AFRL) is soliciting white papers to locate and identify attackers, operate systemless architectures, and let networks hop frequencies, among other ideas. “Can we create a cyberspace with different rules?” Paul Ratazzi, an AFRL technical advisor, asked Wired. “Let’s challenge those fundamental assumptions on how these things work, and see if there’s a better way.” The Air Force’s first deadline is 1 December, with additional deadlines on 1 January of every year. (FCW, Wired)

Piracy making money for original owners

Advertising on pirated videos posted online instead of blocking them is becoming a trend. According to the Hollywood Reporter, MySpace and MTV Networks are testing a video-fingerprinting system that identifies MTV-copyrighted material such as “Punk’d” and adds advertising to offending videos uploaded to MySpace. A third party, Auditude, provides the technology for the ads, which show up as an “attribution overlay,” a semitransparent strip on the lower third of the video player. Similar to YouTube’s Video ID technology, MTV has the option to take down the video. YouTube parent Google reported in August that most of its content owners opt for advertising. (Hollywood Reporter)

France close to passing “three strikes” law against file sharers

The French Senate overwhelmingly approved “three strikes” legislation for P2P file-sharing pirates, leaving only approval by the National Assembly for the proposal to become law, according to reports. Called a “graduated response,” offenders would first get a warning e-mail from their ISP. A second offense would elicit a written notice by mail, and a third offense would result in the user’s Internet access being cut off for a year. (Ars Technica)

Researchers crack McEliece cryptosystem

Researchers at the Eindhoven University of Technology in The Netherlands say they have cracked the McEliece encryption system, a scarcely used algorithm that could be more useful in the future with quantum computing. Professor Tanja Lange announced last week that her team discovered a way to speed up attacks against the system using a cluster of over 100 computers, and developed software that cracked the code in 14 days. The researchers also said that the McEliece system can be scaled to larger key sizes and would still be useful in a post-quantum era. (Science Daily)

Security expert says iPhone better off without Intel chip

A security researcher has already derided Intel’s Moorestown chip package, saying that Apple’s iPhone would be less secure if it was equipped with an x86 processor such as Moorestown, according to reports. “The iPhone uses the ARM processor and most people are not familiar with it,” Dino Dai Zovi said at the Hack in the Box security conference in Malaysia last week. “If you’re doing exploits and vulnerability research, you need to know the specifics of the processor that’s running.” Apple has not said it will use Moorestown, which was developed for use in smart phones, but Intel is believed to be targeting the iPhone for its product. (InfoWorld)

Internet traffic vendor steers away from deep packet inspection

Bandwidth-shaping vendor APconnections announced Thursday that it has stopped using deep packet inspection (DPI). In its statement, APconnections said it phased out DPI two years ago, but made an official announcement in the wake of increased debate over privacy concerns and an industry-shaking fine against Comcast by the US Federal Communications Commission. Ars Technica reported that many other vendors continue to use DPI, although the technology might no longer be used to control P2P traffic, which is how APconnections and Comcast used it. Other vendors combine the technique with behavioral analysis and say that DPI can still be useful for tasks such as weeding out viruses. (Ars Technica)

Toolkit for asynchronous programming debuts

Microsoft’s robotics division showed what it could do for enterprise software by introducing a toolkit for asynchronous programming at this week’s Professional Developers Conference in Los Angeles. The toolkit has two components: concurrency and coordination runtime (CCR) and decentralized software services (DSS). Developers can use the toolkit to build applications that handle large business tasks, such as transactions, without step-by-step processes. (BetaNews)

Morris worm turns 20

Sunday marks the 20th anniversary of the first appearance of a malicious Internet worm, an event that rattled computer science professionals and demonstrated the need for Internet security. The Morris worm, created by Cornell University student Robert Tappan Morris – purportedly to measure the size of the Internet – infected computers multiple times and  made them unusable by slowing them down. The attack reportedly affected 10 percent of connected computers and got mainstream attention by publications such as The New York Times, although some experts say the worm’s impact was limited – its successors were more disruptive during the Internet boom in the mid 1990s. (Network World)

Sharing music could become legitimate

Economists from three sectors of the Internet music market – ISPs, service providers such as iTunes, and rights providers such as the American Society of Composers, Authors and Publishers – have formed a framework for a new business model to solve some of the problems created by file sharing, according to a Register report. The economists’ group considered several ways to deal with the growing volume of unlicensed music, ultimately deciding that the best approach would be licensing P2P networks such as BitTorrent through voluntary subscriptions. (The Register)

Showing 3,641 - 3,650 of 4,530 results.
Items per Page 10
of 453