Tech News Weekly: Edition 04-09

http://www.itworldcanada.com//Pages/Docbase/ViewArticle.aspx?ID=idgml-80c6f4f0-b11e-461c-bb03-6fd5712d3d16&RSS=1&UID=B82BC1BD-28FF-4AEE-9A3A-B2C4D89EE233
Of course any organisation using a proper certificate-based authentication system isn't gonna care, but it's still cool...right?

IT managers should start familiarising themselves with a new security tool, the paint brush, as Japanese researchers have come up with a paint that they say will block high-speed wireless signals, giving businesses a cheap option to protect their wireless networks.

The problem of securing wireless networks has been an issue for a while now. Wi-Fi LANs with no encryption or running the obsolete WEP system, run the risk of having hackers outside the building eavesdrop on wireless LAN traffic, or simply stealing bandwidth. However, there are a number of solutions, besides encryption, for companies wishing to secure their networks.

http://www.theregister.co.uk/2009/01/22/mac_trojan_attack/
Be careful Mac users, downloading a pirated copy of iWork could see you with a copy of OSX.Trojan.iServices.A bouncing around your machine with root privileges.

Malware masquerading as part of Apple's iWork 09 productivity suite is targeting unsuspecting Mac users foolish enough to install pirated software downloaded on warez sites.

Once installed, iServices.A has unfettered root access, which it promptly uses to connect to a remote server over the internet, according to Intego, which sells anti-virus software for Macs. A secondary download installs malware that makes victims part of a botnet that's attacking undisclosed websites.

http://arstechnica.com/journals/apple.ars/2009/01/22/newly-discovered-mac-exploit-to-be-detailed-at-black-hat
Seemingly unrelated to post No. 2, researchers have discovered a memory injection vulnerability in standard Apple hardware that could allow an attacker to run code on an Apple box without any indication to the user whatsoever. The exploit will be presented at the next Black Hat scheduled to begin in mid-February.

A student who researches malware and intrusion detection systems at the University Politecnico di Milano in Italy will be making a presentation next month at the upcoming Black Hat conference in Washington D.C. The briefing, as Black Hat refers to it as, will deal with a memory injection technique specific to Apple hardware, which subsequently allows a piece of code to be run from memory.

While it may sound like the RAM Disk feature from the days of OS 9 and before, the technique is nowhere near as benign. What makes the memory injection technique particularly attractive to would-be hackers is that no traces are left on the hard drive and a new process is not created, making it what the experts call an "anti-forensic technique." What is run in memory is up to the attacker; it can range from code snippets to complete applications.

http://www.theregister.co.uk/2009/01/16/9m_downadup_infections/
The Conficker/Downadup worm has reached staggering number of infections, almost 9 million according to security firm F-Secure. The massive spike has been attributed to the worm's ability to propagate across an entire network via a single infection.

Downadup, the superworm that attacks a patched vulnerability in Microsoft Windows, is making exponential gains if estimates from researchers at F-Secure are accurate. They show 6.5 million new infections in the past four days, bringing the total number of machines it has compromised to almost 9 million.

The astronomical growth stunned some researchers, although others cautioned the numbers could be inflated since the counting of infected computers is by no means an exact science. Most agreed F-Secure's estimate was certainly plausible and if it proved to be correct, represented a major development in the world of cyberthreats.

http://arstechnica.com/news.ars/post/20090119-judge-17000-illegal-downloads-dont-equal-17000-lost-sales.html
A US district court judge (finally, one with some form of logic) has ruled that each illegal download in a piracy case is not equivalent to a lost sale.

Record companies cannot collect restitution for every time a song has been illegally downloaded, a US District judge has decided. Judge James P. Jones gave his opinion on United States of America v. Dove, a criminal copyright case, ruling that each illegal download does not necessarily equate to a lost sale, and that the companies affected by P2P piracy cannot make their restitution claims based on this assumption.

Daniel Dove was originally found guilty of criminal copyright infringement for running a torrent group called "Elite Torrents" between 2004 and 2005. The jury in the case had found Dove guilty of reproduction and distribution of copyrighted works, as well as conspiracy to commit criminal copyright infringement. At the time, Judge Jones sentenced Dove to 18 months in prison for each count, plus a special assessment of $200 and a $20,000 fine ($10,000 per count).

http://arstechnica.com/journals/linux.ars/2009/01/23/microsoft-contributes-code-to-apache-interoperability-effort
Microsoft have contributed source code to Apache's Stonehence project aimed at interoperation of projects built on different programming platforms.

Microsoft has contributed source code to Apache's Stonehenge project, an open source effort that collects sample implementations of applications that are built with Service Oriented Architecture (SOA). The aim of the project is to test and demonstrate interoperability between application implementations that are built on different underlying technology.

The project was launched in November under the aegis of the Apache Incubator, a pool of nascent community-driven projects that are working their way into the Apache ecosystem. According to Stonehenge participant Paul Fremantle, this is the first Incubator podling that has received direct involvement from Microsoft.

http://www.wired.com/techbiz/it/magazine/17-02/ff_killgoogle
As anyone who knows me well will likely expect, I'm not a fan of the headline, though this article is an excellent read if you're interested in the gory details of how the Yahoo/Google deal went south.

When Google's lawyers entered the smooth marble hallways of the Department of Justice on the morning of October 17, they had reason to feel confident. Sure, they were about to face the antitrust division—an experience most companies dread—to defend a proposed deal with Yahoo. But they had to like their chances. In the previous seven years, only one of the mergers that had been brought here had been opposed. And Google wasn't even requesting a full merger. It just wanted the go-ahead to pursue a small deal that it was convinced would benefit consumers, the two companies, and the search-advertising market as a whole. Settling around a large oval table in the conference room, the attorneys from Google and Yahoo prepared to make their arguments. Google wanted to serve its ads for certain search terms on Yahoo's pages in exchange for a share of the revenue those ads generated. It already had similar arrangements with AOL, Ask.com, and countless other Web sites. And the deal wasn't exclusive or permanent.

Tom Barnett, assistant attorney general for antitrust, took his seat at the table and called the meeting to order. The Yahoo lawyers kicked things off by describing their negotiations with DOJ staff; they had already suggested limiting the length of the deal and capping the amount of money in play. Barnett seemed unimpressed. "Staff," he proclaimed, "is irrelevant." He made the decisions around there.

http://www.theonion.com/content/video/youtube_contest_challenges_users
Youtube has challenged users to create a video that "is actually worth watching".