Tech News Weekly: Edition 3-10

http://arstechnica.com/tech-policy/news/2010/01/judge-slashes-monstrous-jammie-thomas-p2p-award-by-35x.ars
Looks like this whole Judges with sense thing is catching on. Jammie Thomas-Rasset has had her outrageous $1.92 million damages charge, brought by big media, dropped to $54,000. A little more reasonable for 24 songs wouldn't you say?

Judge Michael Davis is the senior federal jurist in Minnesota. He presides over the gleaming 15th floor courtroom where, earlier this year, P2P user Jammie Thomas-Rasset was slapped with $1.92 million in damages for sharing 24 songs. Davis made no comment on the amount of the award and showed no emotion as it was read out.

But now we know how he rely feels about the jury's work in that case: it led to a "monstrous and shocking" damage award that veered into "the realm of gross injustice."

http://www.theregister.co.uk/2010/01/22/tor_security_update/
Oops. Doesn't look like their VCS was compromised - seems the hackers had no idea what they were onto.

Privacy-conscious users of the Tor anonymiser network have been urged to upgrade their software, following the discovery of a security breach.

Two of seven directory authorities and a metrics data server were compromised in a hack discovered earlier this month, Tor developer Roger Dingledine explains. The three servers were taken offline and refurbished following the hack.

http://arstechnica.com/open-source/news/2010/01/bumps-ahead-as-vimeo-youtube-respond-to-html5-video-demand.ars
Vimeo and YouTube have both deployed opt-in (*sigh*) HTML-5 media players on their site. Unfortunately, both are using the H.264 codec instead of the open Ogg Vorbis alternative. They're also about half a year behind DailyMotion, but still, yay!

When Google began soliciting feedback from users about what features they would most like to see in the next version of YouTube, the response was an overwhelmingly enthusiastic request for standards-based open video: users called for Google to support the HTML5 video element.

Google responded by rolling out an experimental HTML5-based player on YouTube that allows users to watch videos without having to depend on Adobe's Flash plugin. Vimeo, another leading video hosting website, followed suit this afternoon and rolled out an HTML5 beta test of its own. Of course, both of them are lagging behind DailyMotion, which launched its HTML5 beta last year.

http://www.net-security.org/secworld.php?id=8742
Hrm...Bahahahaha!

Imperva released a study analyzing 32 million passwords exposed in the Rockyou.com breach. The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism.

In the past, password studies have focused mostly on surveys. Never before has there been such a high volume of real-world passwords to examine.

http://www.theregister.co.uk/2010/01/21/carpal_tunnel_syndrome/
THink you've got carpal tunnel? Picking a new position apparently helps...

A US researcher has suggested a possible link between dodgy wrists caused by carpal tunnel syndrome and sex, "when the hands become repeatedly extended while under pressure from the weight of the upper body".

The syndrome occurs when "the median nerve, which runs from the forearm into the hand, becomes pressed or squeezed at the wrist", as this handy guide explains. Symptoms range from "frequent burning, tingling, or itching numbness in the palm of the hand and the fingers" to "decreased grip strength" and the inability to tell hot from cold by touch.

http://www.theregister.co.uk/2010/01/21/virgin_begins_cview_trials/
The headline should probably be "Virgin to trial P2P deep packet snooping", but whatever. Looks like major UK ISP Virgin Media will start using deep packet inspection to see just how much file sharing is taking place on their network. Though, of course, they won't be retaining any identifying aspects of the data...

The trial will see Virgin monitor about 40 per cent of its customers — none of whom will be informed of their participation. Virgin insists that the system seeks only to determine the amount of file-sharing traffic that infringes on copyright and that it will disregard data that can finger individual users.

The software, called CView, is provided by Detica, a BAE Systems subsidiary that specializes in high volume data collection. The ISP is using Deep Packet Inspection (DPI) to detect peer-to-peer traffic over its customers' broadband connections. P2P files are then matched against a third-party database of songs to determine if they violate copyright.

http://www.wired.com/threatlevel/2010/01/operation-aurora/
I imagine everyone has heard about this. It's being called "Aurora", a vulnerability in IE6/XP that allowed suspected Chinese attackers to gain access to over 30 large corporations. The vulnerability was known only to Microsoft prior to the attack, and has since been taken care of with an out-of-band patch. The attackers were apparently very well prepared, and managed to steal a very significant quantity (and quality) of data, including source code from those they breached.

Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by the anti-virus firm McAfee.

“We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack,” says Dmitri Alperovitch, vice president of threat research for McAfee. “It’s totally changing the threat model.”

http://www.nasa.gov/home/hqnews/2010/jan/HQ_M10-011_Hawaii221169.html
Took long enough, but it looks like astronauts will be enjoying live Internet from now on

Astronauts aboard the International Space Station received a special software upgrade this week - personal access to the Internet and the World Wide Web via the ultimate wireless connection.

Expedition 22 Flight Engineer T.J. Creamer made first use of the new system Friday, when he posted the first unassisted update to his Twitter account, @Astro_TJ, from the space station. Previous tweets from space had to be e-mailed to the ground where support personnel posted them to the astronaut's Twitter account.

http://www.youtube.com/watch?v=odBDAcOEKuI
Your friends think your farm is lame...