Virgin Media To Clamp Down On Extreme Broadband Usage
Posted by Johann, 10 Dec 2010, 10:31 AM
The company said excessive usage can affect the service received by other customers. Virgin Media has blamed some of its subscribers' "extremely heavy" broadband usage for connection issues in Feltham.
Some local customers of the cable broadband provider have seen their speeds running at slower-than-expected levels of late, reports the Hounslow Chronicle.
Responding to the issue, a spokesman for Virgin Media said a "small number" of people in the area have been using "more than their fair share" of data, which is hampering the service received by other consumers. They pledged to resolve the problem by contacting these excessive users, adding: "Relief work has also already been planned ... for mid-December to manage this increased demand."
Torrent-finder Determined To Fight U.s. Domain Seizure
Posted by Johann, 10 Dec 2010, 10:29 AM
n late November, the news that 82 domains had been seized by the Department of Justice (DOJ) and Immigration and Customs Enforcement (ICE) was making headlines across the Internet. In particular, the seizure of the BitTorrent meta-search engine Torrent-Finder was seen as a particularly controversial move.
The site, which doesn¢t host or link to any infringing content, disappeared from the Internet for allegedly infringing copyrights. It was the oddball in a list of dozens of sites that were selling counterfeit goods including fake watches and sports clothing.
Up until that day the owner of Torrent-Finder had never run into legal issues when operating his site, which he founded more than half a decade ago. Waleed – who runs the site from his home country of Egypt – always felt he was running a perfectly legal operation and openly registered the domain in his own name.
Needless to say it came as a shock to him that his domain had been taken over by the U.S. authorities last month, a decision he is now determined to fight fiercely. Waleed has hired a lawyer to assist him in this process, and the first steps have been set into motion to hopefully regain control over the domain.
TorrentFreak got in touch with David Snead, the lawyer who represents Torrent-Finder, to ask him about this peculiar case.
“At base, what ICE did is legal, if, in torrent-finder.com¢s case, a stretch of the law, which is likely what they intended,” Snead told TorrentFreak.
“There is a civil forfeiture law that has been used for many years by the U.S. to enforce its customs laws, and it has been widely, and legally, used to seize items that infringe copyrights. The classic case would be for customs to seize counterfeit DVDs sold at a flea market.”
“In this case, we believe that ICE¢s activities are based on a provision of the statute that allows seizure of items that are facilitating infringement. Because the DNS resided in the U.S., ICE was likely within the law in seizing the DNS, even though the owner of the domain name is not in the U.S. It¢s important to note that the site itself wasn¢t seized, only the domain name,” Snead added.
Paypal Permanently Restricts Wikileaks Account
Posted by Johann, 5 Dec 2010, 12:40 PM
The list of organizations banning WikiLeaks is growing; now PayPal has made it clear that the whistleblower website is no longer welcome through its virtual doors.
The move closes the primary online channel for donations to the controversial organization, which has been facing increased pressure from world governments.
“PayPal has permanently restricted the account used by WikiLeaks due to a violation of the PayPal Acceptable Use Policy, which states that our payment service cannot be used for any activities that encourage, promote, facilitate or instruct others to engage in illegal activity,” the company said in a statement on its blog. “We¢ve notified the account holder of this action.”
WikiLeaks has had recent difficulty keeping the donations channels open. Donations through Moneybookers was blocked in October after the U.S. and Australia put the organization on its watch lists, and earlier this year PayPal suspended the WikiLeaks account temporarily.
WikiLeaks has been attracting a great deal of attention this week after it released 250,000+ sensitive U.S. diplomatic wires. Since then, the company has been under attack from hackers and the U.S. government alike. Amazon recently kicked WikiLeaks off of its servers, as did its DNS service provider.
Whitehat Cracks Notorious Rootkit Wide Open
Posted by Johann, 1 Dec 2010, 03:28 AM
A malware analyst has deconstructed a highly advanced piece of crimeware believed to be the work of the notorious Russian Business Network
The step-by-step instructions for reverse engineering the stealthy ZeroAccess rootkit is a blow to its developers, who took great care to make sure it couldn't be forensically analyzed. The tutorial means other malware researchers may also study the malware to close in on the people behind it and to better design products that can safeguard against it.
The analysis was written by Giuseppe Bonfa, a malware researcher specializing in reverse engineering at InfoSec Institute, an information security services company. It documents a rootkit that's almost impossible to remove without damaging the host operating system and uses low-level programming calls to create hard disk volumes that are virtually impossible to detect using normal forensic techniques.
Windows Applications Making Grub 2 Unbootable
Posted by Johann, 1 Dec 2010, 03:23 AM
This is a bug in which some proprietary Windows-based software overwrites particular sectors in the gap between the master boot record and the first partition, sometimes called the "embedding area". GRUB Legacy and GRUB 2 both normally use this part of the disk to store one of their key components: GRUB Legacy calls this component Stage 1.5, while GRUB 2 calls it the core image (comparison). However, Stage 1.5 is less useful than the core image (for example, the latter provides a rescue shell which can be used to recover from some problems), and is therefore rather smaller: somewhere around 10KB vs. 24KB for the common case of ext[234] on plain block devices. It seems that the Windows-based software writes to a sector which is after the end of Stage 1.5, but before the end of the core image. This is why the problem appears to be new with GRUB 2.
At least some occurrences of this are with software which writes a signature to the embedding area which hangs around even after uninstallation (even with one of those tools that tracks everything the installation process did and reverses it, I gather), so that you cannot uninstall and reinstall the application to defeat a trial period. This seems like a fine example of an antifeature, especially given its destructive consequences for free software, and is in general a poor piece of engineering; what happens if multiple such programs want to use the same sector, I wonder? They clearly aren't doing much checking that the sector is unused, not that that's really possible anyway. While I do not normally think that GRUB should go to any great lengths to accommodate proprietary software, this is a case where we need to defend ourselves against the predatory practices of some companies making us look bad: a relatively small number of people do enough detective work to realise that it's the fault of a particular Windows application, but many more simply blame our operating system because it won't start any more.
I believe that it may be possible to assemble a collection of signatures of such software, and arrange to avoid the disk sectors they have stolen. Indeed, I have a first draft of the necessary code. This is not a particularly pleasant solution, but it seems to be the most practical way around the problem; I'm hoping that several of the programs at fault are using common "licence manager" code or something like that, so that we can address most of the problems with a relatively small number of signatures. In order to do this, I need to hear from as many people as possible who are affected by this problem.
If you suffer from this problem, then please do the following:
* Save the output of fdisk -lu to a file. In this output, take note of the start sector of the first partition (usually 63, but might also be 2048 on recent installations, or occasionally something else). If this is something other than 63, then replace 63 in the following items with your number.
* Save the contents of the embedding area to a file (replace /dev/sda with your disk device if it's something else): dd if=/dev/sda of=sda.1 count=63
* Do whatever you do to make GRUB unbootable (presumably starting Windows), then boot into a recovery environment. Before you reinstall GRUB, save the new contents of the embedding area to a different file: dd if=/dev/sda of=sda.2 count=63
* Follow up to either the Debian or the Ubuntu bug with these three files (the output of fdisk -lu, and the embedding area before and after making GRUB unbootable.
Fedora 14 Linux Boosts Security With Openscap
Posted by Johann, 1 Dec 2010, 03:21 AM
Security is always a primary concern for enterprise IT managers, with a constant need to ensure that systems are kept updated and properly configured to prevent exploits. A new tool debuting in the upcoming Red Hat-sponsored Fedora 14 Linux release could prove a key ingredient in enabling properly secured systems.
Fedora 14 is set to include a technology called OpenSCAP, an open source implementation of the Security Content Automation Protocol (SCAP) framework for creating a standardized approach for maintaining secure systems. The new system builds on numerous other technologies and systems in an effort to enable IT organizations to ensure a standardized approach to security.
"There are lots of people focused on security, particularly in the U.S. government, that are worried about making sure that thousands of their systems are all up to date and aren't vulnerable to the different bugs and exploits that are out in the wild," Jared Smith, leader of the Fedora Project, told InternetNews.com.
The SCAP standards are developed by the Commerce Department's National Institute of Standards and Technology (NIST). With OpenSCAP, the open source community is leveraging a number of different components from the security standards ecosystem to enable the framework.
Smith explained that the Common Vulnerabilities and Exposures (CVE) (define) system is one such component. With CVE, vulnerabilities are assigned a common identifier so multiple vendors and researchers can call the same issue by the same name.
The Common Configuration Enumeration (CCE) is a system through which vendors try to come up with a dictionary and nomenclature of software misconfigurations and how to fix them. Another included component is the Open Vulnerability and Assessment Language (OVAL), an XML language for testing a system to see if it's vulnerable to different problems listed in CVEs.
"OpenSCAP combines those along with an expression language called XCCDF -- the Extensible Checklist Configuration Description Format -- which is basically an XML format for creating checklists," Smith said.
He explained that XCCDF essentially ensures that a system has certain elements, so it might ensure, for instance, that a password is of sufficient length and strength.
What OpenSCAP does is it puts components together so a system can automatically check and download the latest list of CVEs, run the OVAL tool and see if anything is vulnerable, then go through a checklist in the XCCDF language and make sure that everything is taken care of and has been addressed," Smith said.
Smith noted that there have been implementations of SCAP available in the past, though he cited concerns about formats and potential lock-in in those efforts.
He added that with OpenSCAP the goal is to have an open source, open-format approach. Smith said that the OpenSCAP technology inside of Fedora 14 involved both the contributions of Red Hat engineers as well as others in the open source community
Fedora 14 is currently at its beta release milestone, with general availability set for November.
Ubuntu 10.10 Final Ready To Roll
Posted by Johann, 1 Dec 2010, 03:18 AM
Canonical's Ubuntu project announced the release candidate for Ubuntu 10.10 ("Maverick Meerkat"), with the final version ready on 10/10/10. In addition to a revamped Software Centre, a new sound app, and a Netbook Edition overhauled with Canonical's "Unity" UI stack, Meerkat's final will feature new fonts.
The beta version of Ubuntu 10.10 in early September. The final version will be available in desktop and server editions, as well as Ubuntu variants such as Kubuntu, Xubuntu, Edubuntu, Mythbuntu, Ubuntu Studio, and Ubuntu Netbook Edition (UNE).
UNE features a new Unity interface, which includes a global menu bar as part of the default interface on the left side of the screen (see image above). The Unity interface includes new app-launching and file-browsing files functions, as well as semantic search. The UI has also been enhanced with multitouch support, which is also available on the desktop version.
As noted in our previous coverage, the 10.10 version of the Ubuntu Desktop Edition is notable for its improved look and feel, with a major emphasis on the "look" part of the equation. The entire Ubuntu interface has been enhanced with new themes, icons, and wallpaper options.
A new default theme has received an update after the version released with the beta received "negative reactions," according to a Linux Journal write-up by Susan Linton. "It's a precursor to dynamically morphing wallpaper planned for a release or two down the road," she adds.
With the release candidate, Canonical has unveiled a new default Ubuntu font, a Libre font with a larger 11-point default size, writes Linton.
Perhaps the biggest UI overhaul was applied to the Ubuntu Software Center, which includes new "Featured" and "What's New" views, as well as an enhanced package description view. A "For Purchase" software category is now available, as well as new plugin support, and streamlined access to package installation history. Support for direct handling of Debian package format (.deb) has also been recently added, says the Linux Journal story.
The boot process is now said to be "cleaner and faster," says the Ubuntu project. Also notable is Ubuntu 10.10's Sound Indicator, which has been enhanced with upgraded music player controls.
Meerkat is based on the latest Linux 2.6.35 kernel. The default GNOME desktop environment, meanwhile, has moved up to the 2.31 version. (GNOME recently moved up to version 2.32, and is on the way to the major GNOME 3.0 release, which Canonical plans to adopt.)
New GNOME features are said to include a new Dconf and Gsettings API. The Evolution email and calendaring app for the GNOME desktop has been updated to the 2.30 version, and operates much faster, according to the Ubuntu team.
Meanwhile, F-Spot has lost its spot to Shotwell as the default photo manager in Ubuntu 10.10, and the open source Twitter alternative Gwibber has been updated to support the recent change in Twitter's authentication system. Ext4 is said to be the default filesystem.
The Server Edition of Ubuntu 10.10 has an upgraded configurable initialization process for Ubuntu Server cloud images, says the Ubuntu team. This process now includes pluggable hooks, the Ext4 file-system, and EBSmount for Amazon EBS (Elastic Block Storage). We expect to take a closer look at Meerkat's server capabilities in the weeks to come with the help of our enterprise-minded colleagues at eWEEK.
Ubuntu One gets free service, Android-compatible streaming
The Ubuntu One cloud storage service for Ubuntu users, which received some major enhancements in Ubuntu 10.04 earlier this year, has also been updated with some new features. These include a new Windows client according to Katherine Noyes, writing in PCWorld.
With Ubuntu 10.10, the free Ubuntu One Basic service is available with a beta client for Windows that allows users to access files from either platform, writes Noyes. She quotes Canonical's vice president of business development Steve George as saying "What's important for us is that this starts to untie something that keeps users on Windows. It means their files can be stored in a place where they can access them from either machine. This also allows us to help our users migrate to Ubuntu."
Meanwhile, Ubuntu One now lets users buy commercial software directly from within the Ubuntu Software Centre, according to Ben Woods, writing in ZDNet UK. In addition, the Ubuntu One Mobile Service includes a new option for downloading music directly from the service's integrated music store and streaming it directly to an Android phone or iPhone from a desktop PC, writes Woods.
Two New Vulnerabilities Provide Root Access On Linux
Posted by Johann, 1 Dec 2010, 03:18 AM
Two new vulnerabilities affecting Linux were uncovered this week that could potentially be used by malicious hackers to gain root privileges. One vulnerability, which was reported on Tuesday by security firm VSR, arises from a flaw in the implementation of the Reliable Datagram Sockets protocol (RDS) in versions 2.6.30 through 2.6.36-rc8 of the Linux kernel.
Known as CVE-2010-3904, the bug could allow a local attacker to issue specially crafted socket function calls to write arbitrary values into kernel memory and thereby escalate privileges to root, giving the attacker "superuser," administrator status.
The problem exists only in Linux installations in which the CONFIG_RDS kernel configuration option is set, and where there are no restrictions preventing unprivileged users from loading packet family modules, "as is the case on most stock distributions," VSR notes.
Protecting Against Piracy Leaves Gamers Frustrated
Posted by Johann, 1 Dec 2010, 03:12 AM
A new controversy is brewing in the gaming world centered around DRM (“digital rights management”) and the rights of gamers once they make a purchase.
Gamers want free and easy access to games they buy, while gaming companies are working to prevent piracy from hackers. Not to mention, companies would like to limit the sharing of games online to increase profit margins by selling more legitimate games.
This divide seems to have reached a new critical mass with the release by Ubisoft of Assassin¢s Creed 2, a game that required gamers to be online to ensure that company servers could verify that the game was a legitimately purchased copy. Gamers were not happy when (as they predicted), the company¢s servers could not handle the volume of players, and the entire game system shut down.
Blizzard Bans Over 5,000 Starcraft 2 Accounts
Posted by Johann, 1 Dec 2010, 03:11 AM
Blizzard has permanently sentenced over 5,000 StarCraft II hackers¢ accounts to the black list today, and stated that they intend to continue to crack down on cheaters. This follows Blizzard¢s September 14 announcement that they would soon be taking action against hackers and cheaters, and emphasizes their commitment to protecting their millions of valued customers from those who use cheats, exploits or hacks in StarCraft II.
“If a StarCraft II player is found to be cheating or using hacks or modifications in any form, then as outlined in our end user license agreement, that player can be permanently banned from the game. This means that the player will be permanently unable to log in to Battle.net to play StarCraft II with his or her account.”
Blizzard regularly purges hackers and cheaters. On April 20 they banned over 320,000 Battle.net gamers who had used exploits in Warcraft III and Diablo II; however, at the time they were lenient with first time offenders, and only placed a 30 day suspension on those accounts. Blizzard continued on to warn users that these bans would begin soon.
Game Developer Cd Projekt Threatens Pirates With Fines, Lawsuits
Posted by Johann, 1 Dec 2010, 03:09 AM
A single-player role-playing game scheduled for release next year is expected to become a popular item among PC gamers — and pirates are already licking their chops at the chance to pirate CD Projekt¢s The Witcher 2 video game.
The Witcher 2 will be released in May 2011, and the game studio would like at least 1.3 million units sold. Despite the threat towards pirates, The Witcher 2 will not have DRM protecting it against piracy — but game pirates will ultimately face monetary fines and possible legal action if caught pirating the game.
In fact, the company is now working with legal firms and P2P trackers to locate and identify pirates sharing their game. Once an offender has been caught, they are offered an out of court settlement, but the monetary settlement proposal remains unknown.
Using Stolen Ssn Isn't Criminal Impersonation, Court Says
Posted by Johann, 1 Dec 2010, 03:07 AM
This head-scratcher happened a couple of weeks ago but hasn't gotten anywhere near the attention it deserves.
The Colorado Supreme Court by a vote of 4-3 has overturned the conviction of a man who used a woman's Social Security number to apply for a car loan. The action did not constitute criminal impersonation, says the court's majority, because the man provided his real name, address and place of employment, in addition to the purloined Social Security number.
In the decision the court ruled, "The defendant (Felix Montes-Rodriguez ) did not assume a false or fictitious identity or capacity," and that he "did not hold himself out to be another person when he used another person's social security number to obtain an automobile loan." During the trial, representatives from Hajek Chevrolet testified a social security number was required as part of their application process in order to conduct a credit check.
New Malaysian Law To End Illegal Downloading Of Music And Movies?
Posted by Johann, 1 Dec 2010, 03:06 AM
The free-and-easy days of illegal downloading of music and movies may soon be over. A proposed new law will enable Internet Service Providers (ISP) to suspend or terminate the Internet accounts of P2P (peer-to-peer) users.
This new law called the ISP Liability act, will be tabled in Parliament next month, according to Recording Industry Association of Malaysia (RIM) chairman Norman Halim.
RIM has been lobbying the Government for an ISP Liability act for the past 5 years as illegal online downloads have been cannibalising the legitimate sales of music, worldwide. “The act makes the ISPs responsible for curbing online piracy. The ISPs will be fined if they don¢t take action against illegal downloaders.
Microsoft Ditches Drive Extender, Customers Furious
Posted by Johann, 1 Dec 2010, 03:05 AM
Microsoft recently announced the decision to drop the Drive Extender feature found in several of its server products, including Windows Home Server (code-named "Vail"), Small Business Server 2011 Essentials, and Windows Storage Server 2008 R2 Server Essentials.
Drive Extender is a storage technology that enables the of use internal and external hard drives for additional storage on a server. Folder Duplication for specific shared folders on servers is one of the capabilities that allow for the maintaining of two copies of a shared folder on separate hard drives to help protect against the failure of a single hard drive.
Microsoft cites several reasons for the decision. Since SBS 2011 and Storage Server are business offerings, those customers will find storage alternatives in hardware RAID, and application compatibility and data portability solutions.
12 Jun 2025 - 23:56
on Nsa Worried Three Strikes Will Ramp Up Encryption