Tech News Weekly: 42

The Open Information Security Foundation (OISF, www.openinfosecfoundation.org) is proud to announce its formation, made possible by a grant from the U.S. Department of Homeland Security (DHS). The OISF has been chartered and funded by DHS to build a next-generation intrusion detection and prevention engine. This project will consider every new and existing technology, concept and idea to build a completely open source licensed engine. Development will be funded by DHS, and the end product will be made available to any user or organization.

President Bush yesterday signed a bill that toughens current laws on the theft of intellectual property and establishes a new White House cabinet position to oversee the IP infringement effort.

The Prioritizing Resources and Organization for Intellectual Property Act (Pro-IP), which was passed by the House and Senate earlier this month, establishes the position of intellectual property enforcement coordinator ("IP czar"). It also steepens penalties for IP infringement and increases resources for the Department of Justice to coordinate for federal and state efforts against counterfeiting and piracy.

Russian security company Elcomsoft just posted a press release (original PDF) detailing a new method to crack WPA and WPA2 keys:

    With the latest version of Elcomsoft Distributed Password Recovery, it is now possible to crack WPA and WPA2 protection on Wi-Fi networks up to 100 times quicker with the use of massively parallel computational power of the newest NVIDIA chips. Elcomsoft Distributed Password Recovery only needs a few packets intercepted in order to perform the attack.

Apple has patented the OS X Dock, nearly a decade after the operating system made its public debut with a new slant on the taskbar.

The late arrival isn't due to a lack of initiative, however. Apple applied for the patent December 20, 1999, and it was approved by the US Patent Office only yesterday.

Apple summarizes the Dock as a "user interface for providing consolidation and access." The patent (available here) puts a particular focus on the Dock's ability to magnify icons to a predetermined size when the cursor is near, the user's ability to rearrange icons, and the way it overlaps the desktop and active windows. Other touches such as indicating which applications are running, label tiles appearing on mouse-over, and the ability to drag and drop files into applications on the Dock are also described.

The World Bank has denied reports that hackers penetrated its network on multiple occasions over the last year.

Fox News reports the financial institution has suffered at least six attacks since the middle of 2007. The assault emerged in the course of a separate FBI investigation, prompting the bank to issue a memo (pdf) to warn workers.

An American hacker has been sentenced to two years in federal prison for waging potent attacks that took down two volunteer websites for days at a time.

Gregory C. King of Fairfield, California, was also ordered to pay more than $69,000 in restitution for distributed denial of service (DDoS) attacks on CastleCops and KillaNet Technologies. In June, King admitted he used a bot army to wage a relentless campaign of destruction on the sites in a scheme to punish the operators for behavior he thought was unfair. The attacks were so fierce that his victims sustained as much as $70,000 in damage, according to court documents.

Leaked documents have confirmed that carder forum DarkMarket was actually an FBI sting operation.

For the last two years until its shutdown earlier this month DarkMarket.ws posed as a forum where identity thieves, credit card fraudsters, crackers and other ne'er do wells could hang out and exchange tips as well as trading hacker tools and stolen data. In reality, the site was run by Federal agents based in Pittsburgh.

Security watchers Marshal claim the infamous Storm botnet is no more, after waning spam emails finally dried up altogether last month.

Other security researchers have noted a similar decline, but warn that while the botnet is currently inactive it may yet return, possibly in a more potent form.

After laying low for the better part of a year, the Warezov botnet is back - with some new tricks up its sleeve.

In the past week, trojan horse programs that install the Warezov bot have been spotted on websites offering free MP3 downloads, according to Joe Stewart, director of malware research at security provider SecureWorks. The attacks are a big change for Warezov, which burst on the scene in 2006 with malware attacks spread in email attachments. The new methodology is an acknowledgment of the futility of email attacks given the difficulty of sneaking malicious payloads past today's email filters.

Adobe has published an update to its popular Flash Player software, addressing a much-publicised clickjacking flaw.

Clickjacking affects multiple applications (including browsers and media players) and creates a means for hackers to trick prospective marks into unknowingly clicking on a link or dialogue. Adobe Flash Player - specifically the microphone and camera access dialogue - was among the products affected.

Australians may not be able to opt out of the government's Internet filtering initiative like they were originally led to believe. Details have begun to come out about Australia's Cyber-Safety Plan, which aims to block "illegal" content from being accessed within the country, as well as pornographic material inappropriate for children. Right now, the system is in the testing stages, but network engineers are now saying that there's no way to opt out entirely from content filtering.

When the 12,000 person city of Monticello, Minnesota voted overwhelmingly to put in a city-owned and -operated fiber-optic network that would link up all homes and business to a fast Internet pipe, the local telco sued to stop them. Wednesday, District Court Judge Jonathan Jasper dismissed the suit with prejudice after finding that the city was well within its rights to build the network by issuing municipal bonds. In this case, however, a total loss for the telco might actually turn out to be a perverse sort of victory.

An uproar erupted when iPhone users discovered a so-called remote kill switch on their phones -- will it spur the same reaction in users of the G1, the first Android phone?

In the Android Market terms of service, Google expressly says that it might remotely remove an application from a user's phone. "Google may discover a product that violates the developer distribution agreement ... in such an instance, Google retains the right to remotely remove those applications from your device at its sole discretion," the terms, linked to from the phone, read.

Version 3.1 doesn't seem to have any major improvements, but a large number of potentially noteworthy ones. There is a new version of the Gecko rendering engine that claims improvements in web compatibility, standards compliance, ease of use and performance. There is more support for CSS 2.1 and 3.0 properties.

The Smart Location Bar has support for new characters to restrict searches.

Developers get a lot of new features to use: There are new video and audio elements from HTML 5. There are many additions to the DOM and Canvas and SVG (Scalable Vector Graphics) support.

The final version of OpenOffice 3 is out today, and if you're looking to save yourself plenty of money, download it instead of buying Microsoft Office --- you could save yourself hundreds of dollars, and not lose out on many features.

I put the Windows version through its paces, and am about to download the Linux version as well. The suite has six full-blown applications: the Writer word processor, Calc spreadsheet, Impress presentations program, Base database program, Math equation editor, and Draw graphics program.

Mozilla’s mobile version of Firefox, code-named Fennec, has reached the alpha 1 milestone. As with the previous, pre-alpha releases, Fennec alpha 1 will only work with the Nokia N800/N810 internet tablet. While Mozilla says that it has made great progress on the Windows Mobile version, there’s still no release available. There also won’t be an iPhone version anytime soon; as Mozilla execs have previously stated, Apple’s software requirements for the device are too restrictive.