Tech News Weekly: Edition 48

Facebook has won a $873m judgment against a Canadian sued for spamming users of the social networking site with "sexually explicit" messages after hacking into the profiles of its members.

Adam Guerbuez, of Montreal, who runs Atlantis Blue Capital and Ballervision.com, was ordered to pay exemplary damages by US District Judge Jeremy Fogel last Friday. Guerbuez did not contest the case, which also resulted in an injunction against him that effectively prevents him from accessing Facebook for any reason ever again.

Skype users who use a piece of software dubbed Pamela to manage their online phone accounts should be on the lookout for customized phishing attacks following revelations that one or more user databases containing names and email addresses have been breached.

The attack, which took place last week, has already led to one phishing campaign that calls recipients by their real names and then tries to trick them into turning over personal information. That added personal touch could throw some users off guard because most phishing emails address their marks by generic terms such as "Dear PayPal User."

A system-crashing bug with potential malware implications has been uncovered in Vista. But a fix for the vulnerability, which revolves around flaws in the operating system's network stack, may have to wait until the next service pack.

The TCP/IP stack buffer overflow was discovered by security researchers at Austrian firewall firm Phion in October. Details of the flaw, which also creates a potential mechanism to inject hostile code into vulnerable systems, were disclosed in a posting to BugTraq on Friday.

As expected, we are seeing another wave of attacks exploiting the vulnerability detailed in security bulletin MS08-067.

Early last week we blogged about MS08-067 exploits. At that time, the number of exploits in the wild was still low and they were mostly targeted attacks. However, during the weekend we started receiving customer reports for new malware that exploits this vulnerability. During the last two days that malware gained momentum and as a result we see an increased support call volume. The SHA1 hash of the malware is 0x5815B13044FC9248BF7C2DBA771F0E6496D9E536 and we detect it as Worm:Win32/Conficker.A.

The music industry's requests for more personal information regarding the identity of several accused file-sharers have been shot down by a federal judge. Judge Nancy Gertner quashed a subpoena this week in the infamous London-Sire v. Does 1-4 case, saying that the IP addresses of three anonymous Boston University students could not be handed over because the university had "adequately demonstrated that it is not able to identify the alleged infringers with a reasonable degree of technical certainty."

The legal system has been chipping away at the London-Sire case all year, starting this spring when Judge Gertner said that making files available on a P2P network does not equal copyright infringement. At that time, she also noted that IP addresses can't always be traced to a particular individual and that, if Boston University were compelled to turn over a list of possible infringers, it could give a green light to RIAA fishing expeditions.

A sugar molecule linked to the origin of life was discovered in a potentially habitable region of our galaxy.

The molecule, called glycolaldehyde, was spotted in a large star-forming area of space around 26,000 light-years from Earth in the less-chaotic outer regions of the Milky Way. This suggests the sugar could be common across the universe, which is good news for extraterrestrial-life seekers.

As notebook theft is becoming an increasingly important topic in the IT world, we are now seeing innovative solution to protect users and corporations from data theft almost on a weekly basis. One of the most interesting and potentially most effective solutions was announced by Lenovo this morning.

A new feature that is expected to become available in Q1 2009 for select Thinkpad laptops will allow notebook owners to disable a notebook with a text message that is sent to a 3G-enabled system via a cellular network. The lockdown will happen immediately if a notebook is turned on or, when it is turned off, the next time the system signs on to a cellular network. To reactivate the disabled PC, a user needs to enter a pre-set passcode created during notebook startup.

PayPal announced a new way for members to add even more security to their PayPal accounts using their mobile phones. Customers can now choose to receive a unique six-digit security code via text message to their mobile phones prior to logging in to their accounts.

The PayPal SMS Security Key adds another layer of protection to PayPal accounts and uses the same security infrastructure as the PayPal Security Key, which generates a unique security code approximately every 30 seconds on a small electronic token. Members receive this code to their phones or tokens, and use the codes along with their usernames and passwords to sign in to their accounts.

Agents along the Canada and Mexico borders are using a controversial new machine that can "read" the personal information contained in some government-issued ID cards — such as passports and driver's licenses — as travelers approach a checkpoint.

The Homeland Security Department says the new practice will tighten security and speed the flow of traffic. Privacy advocates say the technology could make Americans less secure because terrorists or other criminals may be able to steal the personal information off the ID cards remotely.