Tech News Weekly: Edition 45

Currently users are required to create individual passwords for many websites they visit, but users would prefer to avoid this step so they could visits websites more easily. Similarly, many websites on the Internet have asked for a way to enable users to log into their sites without forcing them to create another password. If users could log into sites without needing another password, it would allow websites to provide a more personalized experience to their users.

A hacker using the pseudonym Bla has published an open source tool called Crapto1 for cracking the encryption of the Mifare Classic RFID chip, as used in the Oyster Card. Besides an implementation in C of the vulnerable Crypto1 algorithm, the archive also contains the C source code for an attack that has been described in a paper by Dutch security researchers at Radboud University.

Using the tool it is said to be possible to calculate the access code of a Mifare Classic card within around two seconds. All an attacker requires is a live recording of an encrypted radio communication between the card and a legitimate reader, as well as a little programming knowledge. The access code then allows him not only to decode the encrypted data, but also to manipulate the card's content virtually without limit and to clone it to obtain services fraudulently.

Core Security Technologies issued an advisory disclosing a vulnerability that could affect millions of individuals and businesses using Adobe’s Reader PDF file viewing software. Engineers from CoreLabs determined that Adobe Reader could be exploited to gain access to vulnerable systems via the use of a specially crafted PDF file with malicious JavaScript content. Upon making the discovery, CoreLabs immediately alerted Adobe to the vulnerability and the two companies have since coordinated efforts to ensure that a patch could be created and made available to protect users of the program.

Bad news off the wire for AT&T broadband customers, as AT&T has announced the fact that they are now imposing bandwidth limits in certain test areas.  Currently this market trial was started November 1 in Reno and users will get between 20 GB and 150 GB a month depending on their speed tier.  Unlike the bandwidth limitations that were imposed by companies like Time Warner and Comcast, there were only applied to new users this bandwidth cap will be applied to all users including current ones.

It seems like the long feared bandwidth caps are going to be the norm and no longer the exception to the rule when it comes to Broadband providers and home users.  My personal opinion is that bandwidth caps are not an attempt for broadband companies to provide greater service to their customers, it is an attempt for them to start charging either broadband content providers or customers for accessing broadband content.  The cable companies have seen the writing on the wall and they know that the future is TV and video being sent over Internet lines to customers houses and they want a piece of the pie.

A single cyber crime group has stolen more than a half million bank, credit and debit card accounts over the past two-and-a-half years using one of the most advanced strains of computer spyware in existence, according to research to be published today. The discovery is among the largest stolen data caches ever recovered.

Researchers at RSA's FraudAction Research Lab unearthed the massive trove of purloined data while tracking the activities of a family of spyware known as the "Sinowal" Trojan, designed to steal data from Microsoft Windows PCs.

Michael Logan, 31, of Maryland was sentenced today in federal court in the District of Columbia for filming with a camcorder in theatres, "28 Weeks Later", “Enchanted” and maybe up 100 more movies over the last few years according to the MPAA.

Prosecutors wrote that Logan's voice could be heard on a pirated version of the film "28 Weeks Later," which MPAA investigators purchased on the streets of New York on May 11 and May 15 of last year. Investigators believe that Logan recorded that film May 11 at the Regal Cinemas, prosecutors wrote.

The deal involved Google providing some of the advertising around Yahoo's search results and would have been worth $800m (£494m) a year to Yahoo.

It was originally announced in June but has faced anti-trust objections.

Yahoo said in a statement it was disappointed that Google had decided not to fight for the deal in court.

The internet portal's co-founder and CEO Jerry Yang made the comment despite the fact Yahoo rejected a $33 (£21) a share offer from Microsoft back in May.

Mr Yang's suggestion also came hours after Google pulled out of an internet advertising partnership with Yahoo.

"To this day the best thing for Microsoft to do is buy Yahoo," said Mr Yang.

The French Senate voted overwhelmingly in favour of the law, which aims to tackle ongoing piracy of music, movies, and games online.

Those caught illegally sharing digital media will get warnings e-mailed and posted to them before having their net connection terminated.

Sony said the recall came after 40 instances of overheating, including four cases where users had minor burns.

The recall affects around 74,000 HP laptops, 14,400 from Toshiba, and small numbers from Dell, Acer and Lenovo.

Sony said the affected batteries were caused by a production line problem between October 2004 and June 2005.

Ministers have been forced to order an emergency shutdown of a key Government computer system to protect millions of people's private details.

The action was taken after a memory stick was found in a pub car park containing confidential passcodes to the online Government Gateway system, which covers everything from tax returns to parking tickets.

An urgent investigation is now under way into how the stick, belonging to the company which runs the flagship system, came to be lost.

Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

Technology that claims to pick up traces of illicit images on PCs has attracted the interest of Australian cops. The software, developed in an Australian University, might eventually be used to screen PCs for pr0n during border inspections.

Compared to breath test tools used by the police in a different context, the software - developed at Perth's Edith Cowan University in association with local police from Western Australia - is undergoing beta testing.

Hackers have managed to jailbreak T-Mobile's new G1 phone by exploiting a gaping loophole in Android, the open source operating system supplied by Google.

The hack, which was posted to this XDA-Developers forum, is a straight-forward process that allows Linux geeks to gain root access in about one minute. It involves using the widely available PTerminal application to telnet to the device's IP address. Presto, you now have root.

Fraudsters have set up a fake site featuring a backdoored version of the WordPress blogging application as part of a sophisticated malware-based attack.

The fake Wordpresz.org site offered up what purports to be version 2.6.4 of the open source blogging tool. In reality all but one of the files are identical to the latest pukka (2.6.3) version of WordPress.

A pilot program of the U.K.'s national identity card plan will be compulsory at one of the two participating airports.

Workers will be required to enroll in the program at London city airport, the Home Office said Thursday. The move comes despite repeated assurances from the Home Office that U.K. citizens will not be compelled to have an ID card or enter their biometric details onto the National Identity Register.

Also on Thursday, the government said that retailers, post offices, and banks can apply to become biometrics enrollment sites for the cards.

A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public.

The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges.  This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks.

As anyone who works in academia knows, writing and publishing papers involves frequently citing the existing literature. When you're working on a paper with 30 or more references, keeping track of them all can be a downright pain, which is where reference-managing software like Thomson Reuters' EndNote comes in. EndNote is the market leader in this field, but recently it has been facing competition from the open source Zotero, which is a Firefox plugin that lets you manage your bibliographic library and insert references into papers. Right now though, EndNote and Zotero are locked in a legal battle over claims by Thomson Reuters that the developers of Zotero have illegally reverse-engineered aspects of EndNote.

The Federal Communications Commission's decision to open up the 'white spaces' spectrum to unlicensed devices could usher in a new telecom revolution, say analysts.

Like WiFi, the availability of free, unregulated spectrum could create new technologies and new markets, bringing superfast wireless connectivity to the masses. Unlike WiFi, it could also put pressure on wireless carriers.

"All the PR spin and FUD (fear, uncertainty and doubt) failed in the face of physics and the ground reality of engineering," says Sascha Meinrath, research director of the wireless future program at the New America Foundation, a non-partisan public policy think-tank.

Mozilla is reporting that Firefox topped 20% of the worldwide market share for web browsers for the first time ever in October, 2008. Firefox broke the 20% mark twice last month, once during the week of October 5, and once again during the week of October 26. During the other two weeks, its share was around 19.8%, putting the average for the month just above below the 20% mark at 19.9%