Researchers to demonstrate login information hack at Black Hat

 

Security researchers have developed a technique that could let attackers steal usernames and passwords from Web sites. The technique involves a hybrid file—what they call a Gifar (a combination of a GIF file and a Java Archive file)—that looks different to different programs or applications viewing it. Web servers will view the file as a GIF image whereas browsers will open it as a Java Archive file and run it as an applet. Web sites that let users upload their own images, such as Facebook and MySpace, are particularly vulnerable. Attackers could create a phony Facebook account, for example, and upload Gifar images containing malicious code. The browsers of victims lured into viewing the phony profiles would run the Gifar as an Java applet, giving attackers access to login information. However, the attack requires victims to be logged in. The researchers plan to demonstrate the attack at the upcoming Black Hat conference. (Techworld)

IEEE approves faster FireWire specification

 

The IEEE has approved IEEE 1394-2008, a FireWire specification that will allow for bandwidth up to 3.2 Gbps.  The specification will also support the S1600 specification (1.6 Gbps) and will be backwards compatible with the S400 and S800 specifications (400 Mbps and 800 Mbps respectively). The IEEE says the specification will be available in October. In contrast, USB 2.0, a FireWire’s competitor, reaches top speeds of 480 Mbps. The next version of USB (3.0) will have a rate of 4.8 Gbps but is scheduled for release in 2010. (ZDNet UK)

IBM develops tool that scans code as it’s written and flags errors

 

The Rational Software unit of IBM has developed the Rational Software Analyzer, a tool that flags errors as programmers write their code. The tool is similar to Microsoft Word’s spelling and grammar checker. It flags problematic code and lets programmers click on help boxes that include suggestions for fixing the code as well as sample code. Programmers can configure the tool to flag known security weaknesses too. Developer and enterprise editions are available now. (Computerworld)

HP, Intel, and Yahoo team up for cloud computing testbed

 

Hewlett-Packard, Intel, and Yahoo have joined together to form the Cloud Computing Test Bed, a research environment aimed at open source collaboration. The companies will also join forces with US universities, the Karlsruhe Institute of Technology in Germany, and Singapore’s Infocomm Development Authority to set up six data facilities to research cloud computing. The data centers will be equipped with HP hardware using Intel processors. The machines will run open source software including Apache Hadoop and Pig, a programming language that Yahoo’s research unit developed. The group plans to have the centers up by the end of the year, at which time it plans to invite more universities and companies to participate. (Computerworld)

India plans $10 laptop for students

 

At the e-India 2008 digital learning conference in New Delhi, India’s Minister of State for Higher Education, D. Purandeswai, said the country hopes to provide school children with US$10 laptops. The Indian Institute of Sciences in Bangalore and the Indian Institute of Technology are researching the government-sponsored initiative. Along with the laptops, the government plans to provide free bandwidth for education purposes. (PC World)

Oracle issues security alert for WebLogic server

 

A vulnerability in the Apache plug-in for Oracle’s WebLogic Server and Express products has prompted the company to issue a security alert while it works to create a patch. The vulnerability could lead to attackers “compromising the confidentiality, integrity and availability of the target system,” the company wrote in a blog posting. Attackers can launch the exploit over a network without usernames or passwords, the advisory said. The flaw is severe enough to score a 10.0—the most serious rating—on the Common Vulnerability Scoring System. Oracle advises network administrators to use its recommended workaround until a patch is released. (Computerworld)

New computer language models proteins

 

Researchers at Harvard Medical School have developed little b, an open source computer language that describes biological complexities such as proteins as biologists would. The researchers used Lisp to create little b. In a demonstration, the researchers used little b to build models of kinase activity. The modeling language was able to understand the property of kinases and build models of their activity. The researchers plan to develop a simple interface that’s easy to use and will let scientists use the modeling system without having to learn little b. The system gets smarter as more scientists use it and it assimilates the input into its language. The end goal for the researchers is a virtual cell that “lives” in software. (Science Daily)

New search engine looks to unseat Google

 

A former Google employee has launched Cuil, a new search engine, which claims to have indexed roughly 120 billion Web pages to Google’s 40 billion Web pages. Cuil (pronounced “cool”) assigns priority to pages based on content, whereas Google prioritizes content based on inbound links (its PageRank algorithm). Cuil sorts search results into categories and displays the results in different tabs. It also displays images related to search terms. Pages are displayed in two- or three-column format based on user preference. Other features include roll-over definitions, navigation suggestions, and drilldown panels that suggest search refinements. (Computerworld)

DNS attack code released

 

Security researchers released attack code that exploits the Domain Name System (DNS) vulnerability discovered by Dan Kaminsky. HD Moore and a hacker that goes by “l)ruid” released attack code for two exploits. The first exploit poisons a DNS server’s cache with a single malicious entry. The second lets attackers poison several domains in one attack. HD Moore, creator of the Metasploit open source security project, noted that the first exploit gives attackers more anonymity, whereas the second requires attackers to use real DNS servers that host providers could trace back to them. (Computerworld)

Google makes Gmail encryption easier

 

Google announced on its blog that it’s now easier for Gmail users to encrypt their emails. The company has added an option that always uses HTTPS. Previously, Gmail users wanting to encrypt their email would have to type in https://mail.google.com, rather than http://mail.google.com. The new option will automatically add the HTTPS. Google is pushing out the new option to all Gmail and Google Apps users. If users don’t have the option yet available when they login, the company says they can continue to go to https://mail.google.com. Google points out that encryption adds extra security from prying eyes but also might make mail delivery slower. (Google)

Showing 3,761 - 3,770 of 4,562 results.
Items per Page 10
of 457