Security expert says iPhone better off without Intel chip

A security researcher has already derided Intel’s Moorestown chip package, saying that Apple’s iPhone would be less secure if it was equipped with an x86 processor such as Moorestown, according to reports. “The iPhone uses the ARM processor and most people are not familiar with it,” Dino Dai Zovi said at the Hack in the Box security conference in Malaysia last week. “If you’re doing exploits and vulnerability research, you need to know the specifics of the processor that’s running.” Apple has not said it will use Moorestown, which was developed for use in smart phones, but Intel is believed to be targeting the iPhone for its product. (InfoWorld)

Internet traffic vendor steers away from deep packet inspection

Bandwidth-shaping vendor APconnections announced Thursday that it has stopped using deep packet inspection (DPI). In its statement, APconnections said it phased out DPI two years ago, but made an official announcement in the wake of increased debate over privacy concerns and an industry-shaking fine against Comcast by the US Federal Communications Commission. Ars Technica reported that many other vendors continue to use DPI, although the technology might no longer be used to control P2P traffic, which is how APconnections and Comcast used it. Other vendors combine the technique with behavioral analysis and say that DPI can still be useful for tasks such as weeding out viruses. (Ars Technica)

Toolkit for asynchronous programming debuts

Microsoft’s robotics division showed what it could do for enterprise software by introducing a toolkit for asynchronous programming at this week’s Professional Developers Conference in Los Angeles. The toolkit has two components: concurrency and coordination runtime (CCR) and decentralized software services (DSS). Developers can use the toolkit to build applications that handle large business tasks, such as transactions, without step-by-step processes. (BetaNews)

Morris worm turns 20

Sunday marks the 20th anniversary of the first appearance of a malicious Internet worm, an event that rattled computer science professionals and demonstrated the need for Internet security. The Morris worm, created by Cornell University student Robert Tappan Morris – purportedly to measure the size of the Internet – infected computers multiple times and  made them unusable by slowing them down. The attack reportedly affected 10 percent of connected computers and got mainstream attention by publications such as The New York Times, although some experts say the worm’s impact was limited – its successors were more disruptive during the Internet boom in the mid 1990s. (Network World)

Sharing music could become legitimate

Economists from three sectors of the Internet music market – ISPs, service providers such as iTunes, and rights providers such as the American Society of Composers, Authors and Publishers – have formed a framework for a new business model to solve some of the problems created by file sharing, according to a Register report. The economists’ group considered several ways to deal with the growing volume of unlicensed music, ultimately deciding that the best approach would be licensing P2P networks such as BitTorrent through voluntary subscriptions. (The Register)

Firefox add-on shows Chinese perspective

With the help of a Firefox add-on, Internet users outside of China can now experience the censored view of the Web provided by the Chinese government to its residents. Replicating China’s Golden Shield Project, the China Channel add-on uses the SwitchProxy Tool to connect users to Internet proxies inside China and gives them Chinese IP addresses. The software creators have posted a video to demonstrate their new tool. (Information Week)

Fibre Channel over Ethernet draws criticism

Fibre Channel over Ethernet (FCoE), a draft specification for carrying Fibre Channel frames over 10 Gbit-per-second Ethernet networks, elicited skeptical reactions from storage administrators at the Storage Networking World Europe show this month, according to reports. Storage area network vendors tout the specification because it needs only a single network card instead of two. But critics say that FCoE is likely to appeal only to existing Fibre Channel customers, its cost is prohibitive, and many organizations would need new network cabling. (InfoWorld)

Hash functions fall under Fourth Amendment search law, court says

A US District Court has ruled that hash functions constitute a search under the Fourth Amendment, possibly making it illegal for authorities to use hash analysis on hard drives without a warrant, according to an Ars Technica report. The case, USA v. Robert Ellsworth Crist, involves a Pennsylvania man who was discovered to have child pornography on his computer by authorities after they ran an MD5 hash algorithm on his imaged hard drive, despite the fact that he had reported the computer stolen. The decision is likely to be appealed, partly because it might have left some questions unanswered – one law professor noted that the court did specify what part of the investigation was a search. “Is the creation of the hash a search?” George Washington University professor Orin Kerr wrote on his blog. “Is running a query that matches the hashes to known hashes and produces a positive hit a search? It might also break down based on how much the government saw of the machine while the hashes were being made: Perhaps the search occurred when the file structure was revealed to the officers.” (Ars Technica)

Researchers run exploit using good code

Malware isn’t necessary to exploit vulnerabilities in applications. Instead, attackers can use “return-oriented programming” to make good code automatically do malicious things, according to research by two graduate students from the University of California,-San Diego. Erik Buchanan and Ryan Roemer, who presented their findings at ACM’s Conference on Communications and Computer Security this week, discovered that they could extract instructions from regular code and group them into “gadgets” that carry out attacks. “You can create any kind of malicious program you can imagine — Turing complete functionality,” said UC San Diego computer science professor Stefan Shacham, who co-authored the report. Because many security measures are based on identifying good or bad code, the findings could force changes in how flaws are handled. (Dark Reading)

Yahoo goes open source

Yahoo introduced its Open Strategy on Wednesday, exposing its data and tools in an effort to let developers build Yahoo applications. The company envisions developers tapping into its social networks via an authentication service, then building applications that make use of those connections. “Basically, we’re letting developers centralize anything you do on the Web as an update on our platform – with your explicit permission, of course,” Yahoo senior vice president Jay Rossiter said. “Publishers love this because they get exposed to more visitors whose friends implicitly recommend their content.” (Computerworld)

Showing 3,691 - 3,700 of 4,575 results.
Items per Page 10
of 458