1. Newsletter Editorial

Greetings! We hope that this (tardy) newsletter finds you well. We'd like to start by reprising our reminder from the last newsletter about the new "Member Map". Follow the link below to take a look at it and, if you haven't already done so, add yourself! This is a fun way to see where everyone is - putting places to names, so to speak.

A month or so ago, mouser and veign awarded an MSDN Visual Studio Bundle to longtime DC member Eoin O'Callaghan. It was a very tight race, though, and they almost awarded it to new DC member VideoInPicture. Another bundle became available and they have recognized the contributions that VideoInPicture has already made in such a short time by awarding it to him. See the link below to read mouser's announcement and join us in congratulating VideoInPicture (Eric Wong).

We'd also like to highlight DC member Ehtyar's Tech News Weekly threads, posted in the Living Room section of the forum. He highlights interesting technology and software stories and is seeking input on refinements that he has made to the layout. While you're reading the thread, check out 40hz' cool graphic and weigh in on the suggestion that a dedicated child board be started!

Tech Cult has compiled a list of the 150 best Flash games. As a testament to the quality of this list, many of these have already been mentioned on DonationCoder!

It was a long and exhausting task: playing hundreds of online games for hours in a row, day after day. It was hard, but someone had to do it. The result is the list that you will find below. Enjoy!

http://www.techcult....t-online-flash-games

Yes, they even have a Commander Keen port.

Today on freewaregenius.com, Samer introduces us to Hedgewars, an extremely faithful and polished clone of the terrific Worms game series.

WEBSITE: http://www.hedgewars.org/

Hard to say it better than Samer did:

Description: Hedgewars is multiplatform, a free turn-based blast-em-up in the vein of Worms. It features a wide range of weapons, multiple maps, and excellent graphics and audio. Offers single player, multiplayer, and (in theory) multiplayer over the internet modes.

If you’ve ever wondered why there are so many Worm clones and offshoots here’s the reason: Worms is an extremely playable, fun game. Although there are many freeware Worms clones but many of these are DOS games that lag behind in their production qualities (and/or do not readily run on XP/Vista), which is why Hedgewars was such a fantastic find for me personally: it offers excellent graphics and sound and excellent playability and physics.

In contrast to Worms variations such as the brilliant Soldat (which abandoned the turn-based model in favor of real-time gameplay), Hedgewars is a very faithful adaptation that sticks to the turn-based model and recreates most of the original elements, from the wacky range of weaponry to the destructible environment, and even the cartoonish look and feel all the way down the little one-liners that the characters utter at the end of each turn.

The good folks over at The Independent Gaming Source have announced the results of their recent Demake Competition.

If you're like me, you may be wondering what a "demake" is. Well, the word comes from the idea of reversing the process of "a remake" by taking a newer game and "demaking" it into a retro, ~8-bit style game.

http://tigsource.com...demake-compo-results

The top 3 games are:

• Soundless Mountain II - (demake of Silent Hill 2)
• Gang Garrison II - (demake of Team Fortress 2)
• Aquarium - (demake of Aquaria)

I would like to have a small program that will allow a user to stretch a given region of the screen (a window and/or control) to fill the entire screen and then "unstretch" it back to its original size and position.

Hi all. Just a few quick messages:
First, this is the new layout in response to feedback from last week's news. As always, any constructive feedback is appreciated.
Second, two of the articles in this week's news were submitted by forum members. If anyone would like to contribute a story that I may have missed in a previous week, or simply would like to ensure that I do include a story for a following week, please leave me a PM on the forum or on irc.
Thanks, Ehtyar.

---

1. TCP Flaws Put Websites At Risk
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1332898,00.html
http://news.cnet.com/8301-1009_3-10056759-83.html
Researches have found several fundamental flaws in TCP that, if exploited, may be capable of bringing down internet heavyweights like Google or Microsoft.

A pair of security experts are now discussing several fundamental issues with the TCP protocol that can be exploited to cause denials of service and resource consumption on virtually any remote machine that has a TCP service listening for remote connections.

The problems, which were identified as far back as 2005, are not simply vulnerabilities in products from one or two vendors, but are issues with the ways in which routers, PCs and other machines handle TCP connection requests from unknown, remote machines. The attacks can be carried out with very little bandwidth, such as that available on a cable modem, and there don't appear to be any workarounds or fixes for the problems at this point.

---

2. How To Clone and Modify E-Passports
http://www.schneier.com/blog/archives/2008/09/how_to_clone_an.html
A group of hackers have released a tool allowing people to clone and modify electronic passports by exploiting a weakness that is apparently the result of using self-signed certificates...but who do you make the CA of the entire globes' passports?

So what's the solution? We know that humans are good at Border Control. In the end they protected us well for the last 120 years. We also know that humans are good at pattern matching and image recognition. Humans also do an excellent job 'assessing' the person and not just the passport. Take the human part away and passport security falls apart.

---

3. Top Secret MI6 Camera Sold On e-Bay
http://www.techcrunch.com/2008/09/30/top-secret-mi6-camera-sold-to-the-highest-bidder-on-ebay/
A camera containing top secret information, including credentials for logging into their network, was sold by an MI6 agent on e-Bay.

A 28-year-old delivery man from the UK who bought a Nikon Coolpix camera for about $31 on eBay got more than he bargained for when the camera arrived with top secret information from the UK’s MI6 organization.

Allegedly sold by one of the clandestine organization’s agents, the camera contained named al-Qaeda cells, names, images of suspected terrorists and weapons, fingerprint information, and log-in details for the Secret Service’s computer network, containing a “Top Secret” marking.

---

4. Microsoft, Washington State Sue Scareware Purveyors
http://voices.washingtonpost.com/securityfix/2008/09/microsoft_washington_state_tar.html
Microsoft and the state of Washington gave stepped up to take on groups that use false and/or misleading security alerts to trick concerned customers into purchasing software.

Microsoft Corp. and the state of Washington this week filed lawsuits against a slew of "scareware" purveyors, scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software.

The case filed by the Washington attorney general's office names Texas-based Branch Software and its owner James Reed McCreary IV, alleging that McCreary's company caused targeted PCs to pop up misleading security alerts about security threats on the victims' computers. The alerts warned users that their systems were "damaged and corrupted" and instructed them to visit a Web site to purchase a copy of Registry Cleaner XP for $39.95.

---

5. Nasty web bug descends on world's most popular sites
http://www.theregister.co.uk/2008/09/30/web_bug_bites_sites/
http://news.cnet.com/8301-1009_3-10056854-83.html

Princeton University researchers have uncovered a series of cross-site request forgeries in some of the worlds most popular websites, one of which would have permitted fund transferal from a victims bank account. Internet Explorer and Firefox users are known to have been vulnerable.

Underscoring the severity of of an exotic form of website bug, security researchers from Princeton University have cataloged four cross-site request forgeries in some of the world's most popular sites.

The most serious vulnerability by far was in the website of global financial services company ING Direct. The flaw could have allowed an attacker to transfer funds out of a user's account, or to create additional accounts of behalf of a victim, according to this post from Freedom to Tinker blogger Bill Zeller.

---

6. Cybersecurity holes exposed in Los Alamos nuke lab
http://www.theregister.co.uk/2008/09/29/los_alamos_cyber_insecurity/
The Los Alamos National Laboratory has been found to be severely under-secured by a US Government Accountability Office audit.

The Los Alamos National Laboratory - easily the world's most sensitive and sophisticated research institution - is marred by cybersecurity weaknesses that compromise the way information on its unclassified network is protected.

According to an audit by the US Government Accountability Office (GAO), the New Mexico-based LANL recently began implementing measures to shore up information security. But vulnerabilities remain on its unclassified network, which contains sensitive information involving controlled nukes, export control, and personal details of lab employees. Physical security was also found to be lacking at the facility, one of only three US National Nuclear Security Administration (NNSA) labs.

---

7. Time To Look For A Skype Alternative (Thanks 40hz)
http://www.ghacks.net/2008/10/02/time-to-look-for-a-skype-alternative/
http://news.cnet.com/8301-1009_3-10056127-83.html
http://news.cnet.com/8301-1009_3-10057580-83.html

The voice over IP client Skype never got off the radar of privacy activists. There were always rumors about backdoors in the voice communication software and that several organizations were able to record calls made by Skype users although Skype claimed otherwise.

Skype messages were in the focus of privacy groups since first news about text filtering messages in China became known to the public. Back then Skype released an official statement that the text filter applied by the Chinese Skype partner Tom Online would not affect security and encryption mechanisms of Skype, that people’s privacy would not be compromised and calls, chats and other forms of communication on Skype would continue to be encrypted and secure.

Researchers and privacy activists of the University of Toronto discovered files on unprotected Chinese computers that contained filtered Skype messages that were recorded in China.

---

8. Adware supplies one third of all malware
http://news.cnet.com/8301-1009_3-10056912-83.html
A report released by Panda security has alleged that one third of all new malware is generated by adware, particularly fake antivirus products.

On Thursday, Panda Security released its report for the third quarter stating that adware is responsible for one third of all new malicious software. In particular, the security company cited increased use of fake antivirus scanners.

The fake scanners typically report a computer infection and suggest downloading an application to remove the malware. Once downloaded, the scanners then ask computer users to purchase the application before it can remove an infection that never really exists. The goal of these attacks is financial gain.

---

9. New phishing attempt targets bank customers
http://news.cnet.com/8301-1009_3-10057180-83.html
A bracket of the acquisitions (Thanks housetier)
Phishers appear to be capitalising on the downfall of the global economy.

Many people are wondering what to do now that their bank has been acquired in the wake of the lending crisis. Well, whatever you do, don't click on links in e-mails purportedly sent by your bank.

Security firm SonicWall said Thursday that it has been seeing e-mails that attempt to lure people to fake bank Web sites, where they are asked to re-verify their personal and bank information as part of a merger.

---

10. Verizon gets industry-specific in breach report
http://news.cnet.com/8301-1009_3-10056490-83.html
An interesting report from Verizon detailing industry-specific vulnerability rends.

Risks factors for data breaches vary industry to industry and defy a "cookie cutter" approach to security, according to a report released Thursday by Verizon Communications.

The new report (PDF) builds on data released in June. The initial report spanned four years and included more than 500 forensic investigations involving 230 million compromised records.

---

11. Plant Tweak Could Let Toxic Soil Feed Millions
http://blog.wired.com/wiredscience/2008/10/plant-tweak-cou.html
A single genetic switch could allow crops to grow in aluminum-poisoned soil.

Thanks to a genetic breakthrough, a large portion of Earth's now-inhospitable soil could be used to grow crops -- potentially alleviating one of the most pressing problems facing the planet's rapidly growing population.

Scientists at the University of California, Riverside made plants tolerant of poisonous aluminum by tweaking a single gene. This may allow crops to thrive in the 40 to 50 percent of Earth's soils currently rendered toxic by the metal.

---

12. Google, Hotmail CAPTCHA Cracked
http://arstechnica.com/news.ars/post/20081002-right-back-at-ya-captcha-bad-guys-crack-gmail-hotmail.html
http://www.itsecurity.com/blog/20081003/xrumer-spambot-cracks-captchas/
A previously well-known software XRumer has received a substantial upgrade, allowing it to break almost every form of CAPTCHA currently in use.

The decline in CAPTCHA efficacy has been an ongoing story in 2008, as hackers and malware authors have steadily found ways to chip away at the protection these security practices were once thought to offer. Now, new findings indicate that both Gmail and Windows Live Hotmail have been compromised again, this time via a more-streamlined attack process. With two of the largest webmail providers once again vulnerable, CAPTCHAs clearly aren't meeting the security needs of either company, and it may be time to reevaluate the use of them altogether.

---

13. RapidShare must remove infringing content proactively
http://arstechnica.com/news.ars/post/20081001-german-court-says-rapidshare-must-get-proactive-on-copyrighted-content.html
If a German court ruling is upheld, Rapidshare may no longer be able to plead ignorance of infringing content hosted on their servers.

File sharing service RapidShare may find itself without a viable business model if a German court ruling stands. After getting sued by a German copyright holder, the company argued that it was doing all it could to screen out copyrighted material. The court, however, has ruled that its efforts were insufficient, raising questions about whether doing anything that was legally sufficient could be done without incurring enough costs to sink the company.

RapidShare is one of a large number of companies that will host large files for users who need to exchange them with friends and family. Like many of these companies, it offers a free service with limited features in the hopes of enticing users to spring for the cost of a premium service, which offers some significant perks, such as hosting larger files, unlimited download speeds, and permanent storage. All of this occurs through a simple web interface, and doesn't involve the P2P transfers that have attracted the ire of ISPs and the copyright industry. As a result, their popularity is growing rapidly; RapidShare accounts for five percent of all IP traffic in some regions.

---

14. Blizzard awarded $6 million in damages from WoW bot maker
http://arstechnica.com/news.ars/post/20081001-blizzard-awarded-6-million-in-damages-from-wow-bot-maker.html
World of Warcraft creator Blizzard have been awarded $6 million in a court case against Glider, a company that produced software to automate gameplay, thse of which was against Blizzard's Terms of Service.

The case Blizzard brought against bot-maker MDY Industries has been going on since 2006, and while a judge ruled in July that MMOGlider infringed on Blizzard's copyrights, the question of whether the bot violates the DMCA is still open. That has not stopped the judge from awarding $6 million in damages in the case.

It's unknown how much money MDY Industries has made from its product MMOGlider, which allows users to automate the boring parts of World of WarCraft and essentially grind forever with no user involvement, but the $25 program had sold around 100,000 copies as of last year. In other words, the product was big business. Unfortunately, it also violated the game's terms of service.

---

Ehtyar.