IE8, Safari 4, Firefox 3, iPhone fall on day 1 of Pwn2Own
The first day of the annual Pwn2Own contest in which security researchers can win cash and hardware if they successfully compromise machines using zero-day exploits is finished. Internet Explorer 8 on Windows 7, Firefox 3 on Windows 7, Safari 4 on Mac OS X 10.6, and iPhone OS 3 were all compromised during the competition. Google's Chrome was the only browser left standing—and in fact, was completely untested. None of the researchers at the competition even tried to attack Chrome.
So far, little is known about the successful exploits. Until vendors have been informed of the flaws and those flaws have been patched, details will not be made public.
Read the comments on this post
Read More ...
As much as one percent of the Internet is now using IPv6
This week, the IETF is holding its 77th meeting in Anaheim, California. Last year around this time, the IETF met in San Francisco, and the Internet Society took advantage of this large gathering of Internet engineers to promote IPv6 and tell us that that it's high time to trade in the dusty 1980s Internet Protocol for the shiny 1995 version. Tuesday, the news was that people are actually starting to heed the advice.
Geoff Huston of APNIC, the registry that gives out IP addresses in the Asia-Pacific region, looked at various numbers that could tell us how much traction IPv6 is gaining. One metric that's easy to observe is the global routing table. After all, if you want people to reach your IP addresses, you'll have to tell them what those addresses are so packets can be routed in the right direction. This is done with the BGP routing protocol.
Read the comments on this post
Read More ...
CBS lets the cat out of the bag on HTML5 video iPad tests
The iPad launch is a little more than a week out and unsurprisingly, Flash support is still nowhere to be seen. Content providers understand that Apple means business with this no Flash stuff, too. While no one else is openly talking about alternate plans just yet, it looks like CBS.com has begun testing HTML5 video playback, no doubt thanks to the iPad.
As first noted by The Other Mac Blog, CBS is apparently doing its testing out in the open, with links to "iPad - test" videos right on the public-facing website. As noted by MacRumors, however, clicking those links in a normal browser will bring you to the Flash versions of the videos in question. When navigating to those links through the iPad SDK simulator, however, they go to HTML5 versions of the videos. This can also be done by mucking with your desktop browser's User-Agent.
The videos don't play yet, but fullscreen mode works. Clearly, this is still in testing mode and CBS has a ways to go if it wants this functionality to be ready by iPad launch day on April 3. However, it definitely shows that some major TV networks are taking Apple's boycott of Flash seriously—they want people to be able to stream their TV shows no matter what technology is being used. Now if only other networks and Hulu would follow the example of CBS... Though we do suspect Hulu is open to trying out HTML5 if there's enough demand for it.
Read the comments on this post
Read More ...
US may give countries the drug war treatment on cybercrime
The US government disburses a significant amount of foreign aid to many countries and, in recent decades, that money has been used as a carrot to induce more acceptable behavior from its recipients. In a variety of laws, Congress has required that the executive branch certify that a nation has made progress in areas like human rights or narcotics control before different forms of aid to that country can be approved, including continuation of "most favored nation" trading status. Now, there's a move afoot to extend this protocol to another area of concern: cybercrime.
A bill, going by the title "International Cybercrime Reporting and Cooperation Act," has been introduced by a bipartisan group of Senators that includes Utah's Orrin Hatch (R) and New York's Kirsten Gillibrand (D). In its current form, it would require the president to evaluate the state of a given country's efforts to keep cybercrime under control. That evaluation could lead to the identification of "Countries of Cyber Concern," those which aren't doing enough to limit the impact of online crime.
Read the comments on this post
Read More ...
Putting a computer science spin on genetic diagnostics
Collections of genetic profiles have continued to grow steadily, but scientists have struggled a bit with finding the most effective way to use them. In a paper published in PNAS this week, a group of researchers took one of the larger gene expression data repositories and sought to parse its disease-related data with a few computational techniques. They were able to use the resulting database in conjunction with a diagnostic program to accurately diagnose a given gene expression profile up to 95 percent of the time.
Gene expression data can be used to identify what differences in expression are likely to be connected to the presence of a certain disease. The formal association of a gene with a disease is known as an "annotation." However, getting the expression data and annotations into a usable form has been a challenge, and previous approaches have been limited to straightforward queries, asking the database to match a given profile or a phenotype. This approach leaves a lot of information untapped.
Read the comments on this post
Read More ...
China censorship leaks outside Great Firewall via root server
On Wednesday, someone from the Chilean domain registry .cl noticed that one of the DNS root servers was responding in a very strange way to queries for domain names like facebook.com, youtube.com, and twitter.com. Normally, root servers only provide a pointer to the correct set of Top Level Domain servers—in this case, the .com servers operated by Verisign. But here, the "I" root server responded with (apparently fake) addresses.
It turns out that these queries were answered by a root server residing in China, and China has been applying this type of creativity to DNS queries since at least 2002. So this is just your basic Internet censoring, nothing to see here, move along. (Can we interest you in some DNS security?)
In this case, however, the ways in which the network of root servers is operated and the DNS protocol works interact in a way that can create problems outside China. The problem with the root servers is that they're "anycasted." The number of root servers is limited to not much more than the current 13 (A through M) because more wouldn't fit into a single DNS packet without additional measures. So rather than add more root servers with their own addresses, most root server addresses are actually used by multiple servers around the world. The routing system delivers queries to the nearest server so answers come back quickly, and attackers only get to send packets to root servers in their own region, limiting the scope of any attacks. This means that if the routing system considers an instance of a root server in China close by, routers will send the request to China. Regular users have very little control over these routing decisions.
To add insult to injury, the queries to root servers contain the full DNS name that the user is looking for, even though root servers by their nature only respond to the .com, .net, .fr, or .cl part of a DNS name. It's a bit like putting your income on the outside of the envelope containing your tax return and trusting the postal service to ignore it.
Very likely, ISPs will soon start blocking routing updates announcing reachability to anycasted root servers coming from China, so DNS requests will be forwarded to non-Chinese instances of root servers. Note however, that these spoofed results are unlikely to create much trouble, even for users who consistently receive them. And this is unlikely for anyone outside China, because only a few root server instances are deployed in the People's Republic. In any event, normally, the pointers to the .com servers will already be cached by a local DNS server, so the query is sent directly to a .com server rather than to a root server first.
Read the comments on this post
Read More ...
Just Cause 2 on the PC is beautiful stupidity
The first twenty minutes or so of Just Cause 2 are laughably bad. The voice acting is cringe inducing, the story doesn't exactly seem inspired, and the action is stilted as you try to get a feel for the controls. It's one of the worst openings for a good game in recent memory. The good news is that Just Cause 2 gets good. It gets really good.
The game plays like every bad impulse Michael Bay ever had. You can ride on the top of cars, hijack motorcycles, fly every helicopter and plane you find. You have an endless supply of parachutes, so you can deploy your 'chute, fall for a second, disengage, and then open another one. You have a grappling hook that you use to fly from place to place in a good approximation of a surly Mexican Spider-Man. The island you're fighting across is quite the environment, with mountains, desert, snow, city, and jungle all in one place.
Read the comments on this post
Read More ...
feature: Secrets of the Nexus One's screen: science, color, and hacks
In two recent comparisons of the Nexus One's famed AMOLED screen to the iPhone's LCD screen, one done by a display testing company and another done by a blogger, the Google phone's display actually came out the loser. Most of the online debate that followed the two articles was centered around color accuracy, color quantization artifacts, viewing angle, etc., with Google's defenders arguing that the numbers don't tell the full story because you have to take human perception and the human visual system into account, among other factors. But a related, and potentially even bigger issue, hasn't been investigated as thoroughly as the others. Specifically, despite the fact that both Google and HTC have repeatedly claimed that the Nexus One's display is 480x800 pixels in size (252 pixels per inch), the actual effective screen resolution may be substantially less than that, depending on how you count the pixels.
Sorting out the real resolution of the Nexus One's screen is much more than a minor technical exercise, because a lot of Nexus One buyers (myself included) based their purchasing decision at least in part on the amazing-sounding screen resolution, and many of us were disappointed in the lack of crispness of text. It's also worth noting that the next-generation iPhone is rumored to use the same AMOLED technology as the Nexus One, and AMOLED will become the standard on many or most high-end Android phones in the near future—will all of these upcoming AMOLEDs take this same shortcut with their resolution?
In this article, I'll explore the issue of the Nexus One's screen resolution in some detail. I'll also talk a bit about the science behind how the screen works, and I'll show you some cool image hacks that let you turn greyscale images into color, just by using pinch-and-zoom in the Nexus One's gallery application.
Read the comments on this post
Read More ...
UK regulators officially mock US over ISP "competition"
Here's how US regulators do a broadband plan: talk about competition even while admitting there isn't enough, then tinker around the edges with running fiber to "anchor institutions" and start collecting real data on US broadband use.
Here's how they do it in the UK: order incumbent telco BT to share its fiber lines with any ISP who is willing to pay. In places where BT hasn't yet run fiber, order the company to share its ducts and poles with anyone who wants to run said fiber. In the 14 percent of the UK without meaningful broadband competition, slap price controls on Internet access to keep people from getting gouged.
Read the comments on this post
Read More ...
Google's new Gmail geolocation feature aims to prevent scams
Google has added an additional security measure to Gmail that can help alert you to hackers potentially hijacking your e-mail account and using it for nefarious ends.
Augmenting a previous enhancement that allows you to track your logins from various IP addresses, Gmail will attempt to resolve the IP address to a geographic location. If recent logins happen from disparate areas within a short timeframe, a prominent red banner will be displayed in Gmail's Web interface. You can then check the details of the login attempts to either verify them as accurate—say, in the event of travel—or to catch them as a legitimate hack. Google then offers a link to change your password on the spot.
Pavni Diwanji, engineering director at Google, detailed a common scam that hackers use after breaking in to a Gmail account. He said that he had recently gotten an e-mail from a friend traveling in London, saying that he lost his wallet and needed some emergency cash. Turns out someone had hijacked his account and tried to use it to score a quick buck. "By reading his email, the scammer had figured out my friend's whereabouts and was emailing all of his contacts," Diwanji said.
The alert isn't meant to be a replacement for standard security practices, but it can alert you to someone else accessing your account without your knowledge (and perhaps trying to grift money from your unsuspecting friends). The service now works for individual Gmail users, but will be rolled out to Google Apps customers in the near future.
Read the comments on this post
Read More ...
Wireless survey: 91% of Americans use cell phones
As the CTIA kicked off its annual conference in Las Vegas yesterday, it also released the results of its semiannual US wireless industry survey for the last half of 2009. Even in the face of the largest economic recession since the Great Depression, results show that the wireless industry continues to grow as a vast majority of the US population is using a mobile phone.
The survey of wireless carriers revealed that over 285 million Americans are mobile subscribers, about 91 percent of the total population. That's up 15 million over the same time last year, and growth has slowed somewhat due to market saturation. Those 285 million callers used 1.12 trillion minutes of talk time in the last half of 2009, up 3.4 percent of the same period in 2008. That breaks down to an average of 6.1 billion minutes used per day, or about 21 minutes per person per day.
Read the comments on this post
Read More ...
Slow death of split-screen, why ModNation Racers loves it
Split-screen gaming is having a hard go of things these days. At GDC the co-op play of Transformers: War for Cybertron was talked up... but you'll have to be online. Hunted: the Demon's Forge was likewise a co-op heavy game, but we were told that you can only play with a friend online. Developers are simply not willing to give up the graphical fidelity to split the screen in two. One game that is excited about split-screen? Sony's ModNation Racers.
"We wanted to make sure we delivered two-player split-screen. From the start, we wanted our two-player split-screen to work online. ModNation Racers enables you and a friend to go online and play the game together," Mat Thomas, game designer for United Front Games said. "Finally, we decided to deliver the four-player couch experience. This was a lot of work, but we have managed to create a great experience where four friends can settle down for some great kart racing. What we have delivered is a fantastic local multiplayer experience reminiscent of some of our best local multiplayer play sessions from years gone by."
Racing games are made for split-screen, and it's great to see the game is really embracing the couch experience. We're looking forward to racing some friends when the game is released for the PlayStation 3 on May 25.
Read the comments on this post
Read More ...
Army officials get VIP tour of Apple, talk mobile tech
The US Army's top tech heads met at Apple's Cupertino headquarters earlier this month to discuss the use of Apple technologies in military applications. The meeting is part of a larger initiative from RDECOM to leverage existing consumer technology for use in a "tactical environment."
Major General Nick Justice (his real name), head of the Army's Research, Development and Engineering Command, and several key staff members got to tour Apple's development labs, and discussed its evaluation of Apple's mobile products—including iPhones, iPads, and MacBooks—for military use.
"The Army is moving away from big-green-box solutions and toward those that will adapt along with our warfighters on the battlefield," Justice said. He explained that existing consumer tech already represents the investment of billions in research and development costs, an investment that shouldn't be ignored. "Our job, as stewards of the taxpayer's dollar, is to adopt and adapt appropriate commercial technology and offer the best possible solution to the warfighter."
The Communications-Electronics Research and Development Center, part of RDECOM, is already developing two iPhone applications—one for collecting "counter-insurgency information," and another for a secure military-only social networking environment called "MilSpace." The official Army sci-tech blog, Army Technology Live, has its own iPhone application as well.
Apple doesn't design its products for military use in particular, but the ease of use makes them handy in a variety of environments. For instance, armed forces in Iraq have already been using iPod touches for translation and for calculating firing ranges, and applications are being developed to stream video from UAVs or remote control bomb disposal robots.
"Apple technologies offer unique and proven solutions with intuitive designs that allow users to learn quickly without a training manual," said Ron Szymanski, a lead computer scientist at CERDEC. "The Army would like to leverage Apple's experience when designing military applications."
Read the comments on this post
Read More ...
Exploits of unpatched IE6, IE7 flaw on the rise
An unpatched flaw in Internet Explorer versions 6 and 7 is increasingly being exploited. The flaw, first reported two weeks ago, was initially used in limited, targeted attacks. It is now evolving into something more widespread and indiscriminate.
Security researchers for antivirus company AVG are now reporting tens of thousands of attacks per day, and this number is likely to grow further. Rival firm Trend Micro has reported similar growth. It appears that there are now two main attacks being used by two separate gangs of hackers; one installs fake antivirus software, the other installs a trojan.
Redmond is yet to release (or even announce) a patch, though an automated workaround is now available. The next Patch Tuesday is not until April 13, so if the growth in exploitation continues, the company will be under increasing pressure to publish a update sooner. There is, however, one robust fix already available: upgrade to Internet Explorer 8. The newest browser version doesn't contain the flaw at all.
Read the comments on this post
Read More ...
EFF seeks students to code for liberty
As summer approaches, so once more does Google's Summer of Code, a scheme set up by the company in 2005 to pay student programmers $5,000 to work on open source software. The Electronic Frontier Foundation is now looking for student programmers to work on a selection of projects, with the funding coming from Google.
EFF has three projects: TOSBack, a site that tracks terms of service of sites around the world and notifies users when they're changed; Our Vote Live, a project to track voting problems in the US; and Switzerland, a system to test network neutrality.
In addition to these three, there is also an opportunity to work on TOR (The Onion Router), a system to bypass and evade Internet censorship. If none of these strike your fancy, there are 146 other projects accepted for this summer, so everyone should find something of interest.
Prospective developers should discuss their ideas with the sponsored projects over the next few days, prior to making an application for funding. The application period opens on March 29th, running to April 9th. The Summer of Code is a great opportunity to earn some cash and contribute to important open source projects.
Read the comments on this post
Read More ...
Legal music "trustmark" a nice idea, not much more
When most people download music, they're usually pretty well aware of whether they are acquiring it legally or not. The usual legal methods—iTunes, Amazon MP3, eMusic, Amie Street, even Wal-Mart—are not only easy to use, they can be found practically everywhere you look. With this in mind, is there really much of a reason to have an official "trustmark" for music retailers to display, indicating that you are, in fact, not pirating when you buy from them?
Music Matters thinks so. The organization, launched this week, is a collection of music industry players trying to educate the public about consuming music the "ethical way." That is, paying for it rather than downloading it from your favorite P2P client. According to the Music Matters website, the goal of the trustmark is to help music fans differentiate legal sources of music from illegal ones. Current supporting partners include iTunes, Amazon.co.uk, MTV, Napster 2.0, MySpace, and more.
Read the comments on this post
Read More ...
Messenger for Mac finally gains A/V chat in latest beta
Messenger for Mac lives! Well, sort of. The next version of the software, which has been on hiatus for some time, has been released as a beta by Microsoft's Mac BU. The final version is expected to ship alongside Office 2011 for Mac later this year, but for now, users who have Live IDs can log in and test out some of the features.
What exactly are the new features? The two most important are audio and video calls, which have been a long time coming to Microsoft's Mac client. According to a blog post on Mac Mojo, the team got the features working a year ago, but was forced to postpone the release "because of significant protocol changes we needed to support in order to stay compatible with the latest version of our Windows Live desktop client."
As such, Messenger for Mac 8 is, in fact, the only desktop client for the Mac that can do calls with Windows Live Messenger 2009. While many of you may not be Messenger aficionados, you may have friends, family, or colleagues who use the corresponding Windows client. And who wouldn't want to video chat with their colleagues all the time? Eh?
Because the software's currently in beta, there are to be some expected (and unexpected) issues. Microsoft noted that file sharing between contacts doesn't yet work and that some custom emoticons may not work. For those of you who correspond with friends over MSN and don't need A/V chat, though, Adium probably already fills most of your daily needs.
Read the comments on this post
Read More ...
Anesthetizing irrational phobias away
According to the National Institute of Mental Health, somewhere around 10 to 20 percent of Americans suffer from some form of a phobia. When the sufferer is exposed to the object they fear, problems can range from mild anxiety to full-fledged panic attacks. New research from Hiroshima University suggests that that irrational fears may be blocked with the help of a common anesthetic. The article that describes the results is published in the open access journal Behavioral and Brain Functions.
The experimenters trained commercially available goldfish (Carassius auratus) to be afraid of light flashed in their eyes by having a flash of light followed by a low-voltage electric shock. After a conditioning period, the researchers could monitor the fish's heart rate and see it drop in response to the stimuli—in a manner analogous to a human's heart rate rising during a fear response—even in cases where there were no negative consequences.
The researchers were able to show that, after an injection of a small amount of lidocaine directly into the corpus cerebelli, the fish were unable to learn to be afraid. That is, once the lidocaine took effect, the conditioning of the fish to associate the flash and electric shock no longer took. Future flashes didn't slow the heart rate although, once the lidocaine wore off, the fish were still able to learn to be scared of the conditioned trigger.
Now, any connection to humans may seem tenuous, but the vermal part of a mammal's cerebellum has been suggested to be homologous to the corpus cerebelli in fish. This may make the fish a useful model for studying ways of limiting the impact of phobias.
Behavioral and Brain Functions, 2010. DOI:10.1186/1744-9081-6-20 (About DOIs).
Read the comments on this post
Read More ...
Neither Neanderthal nor sapiens: new human relative IDed
At a press conference yesterday, researchers announced the completely unexpected: a Siberian cave has yielded evidence of an entirely unknown human relative that appears to have shared Asia with both modern humans and Neanderthals less than 50,000 years ago. The find comes courtesy of a single bone from individual's hand. Lest you think that paleontologists are overinterpreting a tiny fragment, it wasn't the shape of the bone that indicates the presence of a new species—it was the DNA that it contained.
The paper that describes the finding comes courtesy of the Max Planck Institute's Svante Pääbo, who has been actively pursuing the sequencing of the Neanderthal genome. It seems likely that this particular bone fragment was targeted due to suspicions that it might also provide an additional Neanderthal sequence. The site, called Denisova, is in the Altai Mountains of southern Siberia, an area that has had hominins present as early as 125,000 years ago. The sample itself came from a layer of material that dates from between 30,000 and 50,000 years ago. Neanderthal DNA was found in a sample from the same time period less than 100km away, while artifacts indicate that modern humans were also present in the region by 40,000 years ago.
So, there was no apparent reason to suspect that the bone would yield anything more than a familiar sequence. And in fact, most of the first half of the paper simply describes the methods used to construct a complete sequence of the mitochondrial DNA, including over 150-fold coverage of the genome, and an alignment program designed to account for the errors typical of ancient DNA sequences. About the only surprise here is that Pääbo's group has switched from using 454 sequencing machines to those made by Illumina.
Read the comments on this post
Read More ...
No comments:
Post a Comment