IT-Code-News: IT News HeadLines (Ars Technica) 15/05/2010

Saturday, May 15, 2010

IT News HeadLines (Ars Technica) 15/05/2010

Facebook ups login security, outs hacker with 1.5M accounts

Facebook says it has discovered the identity of "Kirllos," the hacker who claimed to be selling 1.5 million Facebook logins on the black market last month. It turns out that Kirlios didn't quite have as many accounts as he originally claimed, though he did manage to sell a number of credentials to third parties. Facebook has also updated its login system to make it more secure for users who want to make sure they maintain control of their accounts.

Facebook has not published Kirllos' identity, but says that he is based in Russia and the company has alerted local law enforcement to his activities. "We have determined Kirllos' identity through IP addresses, online accounts, and other information and believe that he's very likely a low-level actor," Facebook Spokesman Simon Axten told ComputerWorld.

Read the comments on this post

Appeals court gives DISH straw to clutch at in TiVo patent case

EchoStar's DISH Network has a temporary $200 million reprieve, as a federal appeals court has granted the company a rehearing in its long-running DVR patent dispute with TiVo.

DISH has been under an injunction for several years against using items covered by TiVo's patents, and a March 2010 appeals court decision left in place a $200 million fine against DISH for violating that injunction.

DISH requested that the entire Court of Appeals for the Federal Circuit hear the case (what's called an "en banc" hearing), rather than the smaller panel of judges who heard the earlier appeal. After polling its judges, the Court of Appeals today agreed to rehear the case (PDF)—a relatively rare decision.

TiVo, which has litigated this issue for years, issued a statement: "We are disappointed that we do not yet have finality in this case despite years of litigation but we remain confident that the Federal Circuit's ruling in our favor will be reaffirmed after all of the judges on the Federal Circuit have had the opportunity to review the merits of this case."

For now, though, DISH keeps its $200 million, and the lawyers get another day in court.

How did the markets take the news? The chart below makes it abundantly clear—TiVo got hammered.

Read the comments on this post

Car hacks could turn commutes into a scene from Speed

Researchers at the University of Washington and University of California-San Diego have examined the multitudinous computer systems that run modern cars, discovering that they're easily broken into with alarming results. Hackers can disable the brakes of moving vehicles, lock the key in the ignition to prevent the engine from being turned off, jam all the door locks, and make the engine run faster. Less dangerously, they can control the radio, heating, and air conditioning, or just endlessly honk the horn.

Their attacks used physical access to the federally mandated On-Board Diagnostics (OBD-II) port, typically located under the dashboard. This provided access to another piece of federally mandated equipment, the Controller Area Network (CAN) bus. With this access, they could control the various Electronic Control Units (ECUs) located throughout the vehicle, with scant few restrictions.

Read the comments on this post

ModNation Racers loading problem will be fixed soon

ModNation Racers is a great game. We've played the beta, we've played the PSP game, and we gave the game a "Buy" rating. The problem—and it's a big one—is the loading times. They're long enough that it was worth pointing them out in a separate post to show just how bad they could get.

Thankfully, all the negative buzz about this aspect of the game has reached United Front Games. "It's something we're working on.... The way that our technology was built we were able to keep file sizes really, really small for transfer times of less than a second or a second and a half," Dan Sochan of UFG told IGN. "We didn't want it to be so that you and I go online and you want to try a track I've built that's 50MB and then have you have wait five minutes to download it."

The problem is that keeping the file sizes small means the game's models and environments must be built on the fly... and that takes time. "The challenge with that is we're building an entire world, an entire character, an entire kart, and 12 characters online, all on the fly. There's a lot of compositing that happens with the stickers and all the different parts. Because of that, there are longer load times, but that's something we're working on for one of our first patches, to improve that and get that down significantly."

Let's hope this issue is fixed very close to launch. With the loading times under control, a great game is going to become nearly perfect. We'll be keeping an eye out.

Read the comments on this post

Can we have fair use without fair use technology?

Back in February of 2007, the Ars team was a bit miffed at what it saw as the half-hearted efforts of Rep. Rick Boucher (D-VA) to bolster fair use protections for consumers. Boucher had just introduced his Fair Use Act to the House, a bill that would provide additional protection for consumers following the Supreme Court's 2005 pile drive of the Grokster file-sharing service.

Boucher's legislation, cosponsored by John Doolittle (R-CA), offered a variety of new fair use exemptions to the Digital Millennium Copyright Act. These included making "a compilation of audiovisual works" for classroom use, transmitting files over a home network, and accessing various works "of substantial public interest solely for purposes of criticism, comment, news, reporting, scholarship, or research."

Read the comments on this post

Phishing servers being killed off faster than ever

A report from the Anti-Phishing Working Group (APWG) examining phishing behavior in the second half of 2009 suggested that ISPs and domain registrars are becoming more effective at taking down phishing domains. Most phishing attacks appear to originate from Eastern Europe, with one organization responsible for about two thirds of all attacks.

The period in question saw a large increase in phishing activity. Attacks appeared to hold fairly steady between the first half of 2008 and first half of 2009, but in the most recent monitored period, phishing attacks have more than doubled, from 55,000 to just under 127,000.

Around 84,000 of these attacks were believed to be due to the Eastern European Avalanche gang. The criminal organization has developed robust and effective phishing software, allowing it to rapidly register new domains and propagate its phishing software, targeting over 40 major financial institutions and online services. As an added bonus, the group also distributes the Zeus botnet software to enable yet more data theft.

The large increase in attacks is substantially attributable to Avalanche's work. The group is believed to also be responsible for a phishing operation known as Rock Phish, which ran between 2006 and 2008, but which is now largely defunct.

The good news is that ISPs and registrars are detecting the suspicious activity of phishing servers more rapidly than before, and corporations are working together more effectively to act to combat the problem by deregistering domain names and refusing to route packets of network providers known to be friendly to malware.

The result is that average takedown time for a phishing site has dropped from 49.5 hours in 2008 to 31 hours, 38 minutes. Avalanche sites, because of their heavy traffic and high profile, are brought offline even quicker—on average in just 15 hours, 35 minutes. This improvement is tempered somewhat by the fact that non-Avalanche sites actually took longer on average to take down; 63.5 hours.

On top of the rapid response to Avalanche domains, an unknown group of researchers managed to take the entire system offline for about a week.

It's clear that the spammers, botnets, and phishers still have the upper hand at the moment; spam, used by all three kinds of criminal, still makes up the majority of e-mails, and the attackers are using increasingly sophisticated software to escape being brought offline.

Nonetheless, there are real indications that the fight back is becoming more effective. Greater corporate cooperation, increased awareness among ISPs and domain registrars, and more effective law enforcement are all making it easier to make malicious servers inaccessible, and researchers are even proving able to use the criminals' own systems against them, using peer-to-peer communication to disrupt or disable infected machines.

Read the comments on this post

How Activision wiped out on the Tony Hawk: Ride reviews

Tony Hawk: Ride had major challenges at retail; the high price, the large box, and the drastic change from past games in the series meant the game had an uphill fight to win the affections of skating game fans. Josh Tsui, the president of Robomodo, talked about some of these issues with GameSmith and brought up yet another challenge: the game reviews. Were they rushed? It's very possible, but sadly, that's a situation that Activision itself went out of its way to create.

Read the comments on this post

Rampant seaweed can be damaging to coral reefs

Seaweed may be contributing to the decline of coral in the ocean, according to a paper published in PNAS this week. A new field study that examined the effects of rampant seaweed growth near coral reefs found that between 40 and 70 percent of common seaweeds can contribute to the bleaching and death of coral. The damage often originates from chemicals that seaweed can emit, but researchers found that coral damage could be curtailed when there were herbivores like fish around to eat the seaweed and temper its influence.

Coral reefs are known for their diverse and often delicate ecosystems, and marine biologists have conducted many studies to find out what factors can cause reefs to break down. Studies that looked at the negative effects of seaweed's metabolic products have produced mixed results in the past: one study done in a lab showed that sugars and carbohydrates released by seaweed can mediate coral mortality, while another field study suggested that seaweed didn't affect coral health one way or another.

A new field study in the Caribbean and tropical Pacific placed certain varieties of common seaweed next to coral to observe any effects. They found that there were some varieties of seaweed that did negatively affect the coral, but didn't do it through shading it and hampering its photosynthetic efficiency or through physical abrasion.

Instead, the damage came from the production of lipid-soluble metabolites that originated both within and on the surface of the seaweed. The metabolites caused the coral to lose some of the symbiotic protozoan inhabitants that give the coral its color, a process called "bleaching" that often leads to death.

Fish and other herbivores can easily keep the situation in check by eating seaweed—one area in Fiji sees the weeds kept at bay by a single species of fish—meaning that this negative impact on coral can be yet another consequence of overfishing. To help preserve the coral reefs, the authors note that more information is needed on which species of seaweed are the most dangerous, and which herbivore species can contain them.

Science, 2010. DOI: 10.1073/pnas.0912095107 (About DOIs).

Read the comments on this post

Curated computing: what's next for devices in a post-iPad world

In this guest opinion piece, Forrester analyst Sarah Rotman Epps argues that the introduction of the iPad ushers in a whole new era in personal computing, one with less choice, but more relevance.

There is something very significant about the iPad beyond how many units it will sell: it's changing how we think about the PC. The iPad creates a use case for a device that doesn't do everything your laptop does, targeted at a consumer that uses devices more for consumption than production. The iPad ushers in a new era of personal computing that we call "Curated Computing"—a mode of computing where choice is constrained to deliver less complex, more relevant experiences. Let me repeat that, because it's the essence of the Curated Computing experience: less choice; more relevance.

Consider this: consumers can do a wide variety of things with a Windows PC or Mac, like run commands, install robust software, connect easily to external devices, and save files locally. But the iPad does things differently. Its operating system runs more like a jukebox than a desktop, asking consumers to choose (and often pay for) applications from a predetermined set list. Each of these applications is in itself also curated, since the publisher selects content and functionality that's appropriate to the form factor, just as a museum curator selects artwork from a larger collection to exhibit in a particular gallery space.

Read the comments on this post

Ravens show that consoling one another is also for the birds

Over the past few decades, researchers have started finding behaviors that were once considered uniquely human, like tool use and empathy, in a number of other species. Many of these findings have come from our fellow primates, who presumably share a lot of our evolutionary legacy. But a surprising number of sophisticated behaviors have been showing up in birds, which haven't shared a common ancestor with any mammals for a very long time. The latest behaviors to add to birds' growing list are empathy and consolation, according to a paper released on Wednesday by PLoS one. As the list of complex behavior in birds grows, it seems our expectations for the evolution of behavior may have to evolve, as well.

The finding comes from a study of ravens which spend up to a decade in socially complex flocks before settling down into a pair-bonded relationship. A previous study using other corvids (rooks) indicates that pair-bonded mates will perform what are termed "affiliation behaviors" following conflicts, suggesting that there may be some degree of consolation at play. So, the questions the authors tried to address here was whether, in the absence of pair bonding, the same sort of affiliation would occur within a larger social group where pair bonding hasn't occurred.

Read the comments on this post

Intel's big strategy shift and AMD's opportunity

At the Intel Investor Conference on Tuesday, Intel's Paul Otellini opened his remarks by saying this would be a different kind of talk than he normally gives at the annual meeting. Instead of talking about specific products, technologies, or business improvements, Otellini took a step back to survey the results of the major restructuring that Intel has been implementing since 2006. This change has turned Intel from a company that makes chips into a company that sells platforms, software, and services—the whole stack.

Read the comments on this post

DS tumbles, PS3 gains, US sales down in April

The gaming industry suffered quite the slide year over year in the United States, as sales are down 26 percent from 2009. The highest selling game of the month moved less than a half-million units, and it's only downhill from there.

A large part of the lackluster April comes from the loss of Easter sales. "In April '09, consumers attributed $55 million of industry sales to Easter as a purchase occasion, which would account for about 21 percent of the decline from last year since Easter purchasing happened in March this year," NPD Analyst Anita Frazier explained. Let's take a look at how everyone performed.

Read the comments on this post

Facebook integration rumored for iPhone OS 4

Apple is expected to announce Facebook integration as part of iPhone OS 4 at next month's World Wide Developer Conference, at least according to sources speaking to Silicon Alley Insider. Despite ongoing privacy concerns with the social networking juggernaut, the site's “plugged-in source in the mobile industry” has confirmed that the integration is coming.

At the very least, Facebook contact syncing may be added to the OS. This would be new to Apple, but would be a move towards feature parity since other mobile operating systems have offered this for some time.

The other piece of integration would be the inclusion of Facebook Connect in parts of the OS. The idea is that it would be much easier for developers to connect to Facebook from inside their iPhone applications to post photos, messages, and statuses to a user's account. This would give developers an official API to use instead of the third-party choices available now.

One reason we're skeptical about this rumor is that Apple has been consistently rolling out new iPhone OS 4 beta builds. Why would Apple wait until WWDC to announce enhanced Facebook integration? One would think Apple would want to give developers a chance to work with the API before the new OS hits. Also, if Apple takes the spotlight away from iAd, Game Center, or a new phone, we would be surprised, but then again, keynotes can be long. A brief mention wouldn’t be too shocking either.

Read the comments on this post

Pirate Bay ISP bashes Hollywood's "clueless idiots"

Sven Olaf Kamphuis runs CB3ROB, the German ISP that helps host The Pirate Bay and has just been hit with an injunction by a Hamburg court. Unless CB3ROB stops hosting the site, it faces massive financial penalties, and Kamphuis even risks jail time.

The Motion Picture Association is already issuing press releases about the news, but Kamphuis tells Ars that he hasn't even been notified about the injunction—and he says "it's questionable if they even obtained it legally" without having a full court hearing.

Regardless of the injunction's legality, Kamphuis' views on it remain the same: it's ridiculous.

"The Pirate Bay is a search engine for the BitTorrent protocol," he tells Ars, "and therefore fully legit, and if its users don't have a distribution license for any content that would require such, guess who's to blame for not selling it to them in the first place, but preferring old distribution channels instead, which pollute the environment and constitute unfair competition."

Big media companies like Disney, which is run by "clueless idiots," might be able to make more money by distributing encrypted content through sites like The Pirate Bay, Kamphuis believes.

By going after a hosting service, Kamphuis also argues that Hollywood is shooting itself in the foot. "They may be unaware of this, but the provider protection, which requires carriers to relay traffic from and to any connected party, is the only thing that keeps Disney and Paramount on the Internet in the first place.

"We do most certainly know how to deal with hostile entities. Undermining the provider immunity, therefore, may not be the best choice of their management, as nobody in the internet industry actually still likes them. (Goodbye, Disney investor portal.)"

His solution to the whole problem is for Europeans to start voting for the various national Pirate Parties, in order to "help put those dinosaurs out of their misery, and stop them from harassing all kinds of new business models and the general population because of their 'all important movies,' which nobody asked them to make in the first place."

Read the comments on this post

New bill demands "neutral net neutrality," hamstrings FCC

In an effort to make network neutrality impossible for the FCC temperament, Congressman Cliff Stearns (R-FL) yesterday introduced a new bill (PDF) that would require "neutral network neutrality." And no, that's not a typo.

The bill would make it difficult for the FCC to proceed with its preferred approach to network neutrality, "reclassifying" Internet access as a telecommunications service over which the FCC has "common carrier" authority.

Read the comments on this post

Pirate Bay ISP hit with German injunction; must stop hosting

Major movie studios have won yet another round against The Pirate Bay, this time cutting off one of the site's chief ISPs, Cyberbunker.

The district court in Hamburg, Germany has issued an injunction against Cyberbunker and its owner, Sven Olaf Kamphuis, demanding that he cut off service to The Pirate Bay. Failure to do so will result in massive fines of â‚¬250,000 per act of online infringement, or up to two years in prison.

The Motion Picture Association, the international version of the MPAA, requested the injunction and a judge concluded that Cyberbunker did not qualify for the "safe harbors" found in EU law, given that the hosting service had been notified about copyrighted movies listed on The Pirate Bay.

Cyberbunker is run by CB3ROB Data Services, a Berlin company. The company's website hosts prominent links to the Dutch and German Pirate Parties, along with "untraceable transit" and "privacy and diplomacy guaranteed."

"We go forward to defend freedom and all that is good and just in the world," reads the site. "The total solution provider in a hostile world!"

The Pirate Bay has proved elusive, shuffling its servers, ownership, and ISPs around the world in an effort to avoid the studios. Pirate Bay admin Fredrik Neij works for DCP Networks, a Swedish company that provides "a wide range of proxy services, tunneling services, DNS hosting and colocation," according to Neij. DCP has hosted numerous BitTorrent sites over the years and has tremendous experience at keeping them going.

Over the last couple of years, however, the studios have managed to secure the conviction of four key Pirate Bay defendants in a Swedish court, convinced several European judges to censor the site, and obtained injunctions against Pirate Bay hosts.

Despite it all, the site remains accessible, though the MPA promises that "litigation is continuing against other facilitators in Sweden who are hosting trackers."

Read the comments on this post

Business school ditches Kindle DX after trial run

The Kindle isn't doing as well in academic environments as Amazon—and educators—had originally hoped. The Darden Business School at the University of Virginia is near the end of its Kindle "experiment," already concluding that students are not into the Kindle when it comes to classroom learning. They are, however, fans of the Kindle when it comes to using it as a personal reading device.

Darden is one of a handful of schools that decided to give the larger-screened Kindle DX a trial run in select classes to see how well it fared in the academic environment. And, it's not the first to conclude that the Kindle isn't quite right for its students. Arizona State University recently completed its own pilot program for the Kindle DX and wasn't particularly impressed—the university also settled a lawsuit with the American Council for the Blind, agreeing to use devices that were more accessible to the blind in the future. Princeton was also underwhelmed by its Kindle test; one student described the device as a "poor excuse of an academic tool" in an interview with the Daily Princetonian.

Read the comments on this post

MobileMe Mail beta gets updated, iPad-inspired UI

Apple has launched a beta version of its MobileMe mail client that introduces a number of changes to the Web-based service. Though the company added new features and performance improvements, the most visible change is a new iPad-inspired user interface.

A new "widescreen" view breaks up the interface into three columns or panes. At the left is the source pane, which lists your Inbox and various folders. At the right is the message pane for reading e-mails. In between, Apple has sandwiched a preview list of e-mails, similar to the list shown in Mail on the iPhone or iPad. "Compact view" collapses the source column, similar to Mail's UI on the iPad in landscape orientation. "Classic view" shows the source pane on the left, message list on top right, and message view on right bottom just as it does now.

In addition to changing up the interface, Apple also added a few new features. You'll be able to define and apply rules using MobileMe's Web interface, just as you can on the desktop. You can also file away any message to an archive folder with a single click, and rich text formatting is also coming to the Web interface. Along with these features, Apple says it is improving performance and adding SSL encryption for improved security. In all, it looks to be a useful and welcome update.

To take advantage of the new features during the beta, you have to request to be added to the beta program. When you log into MobileMe and open Mail, you should see a link to request to participate in the lower left corner.

Read the comments on this post

Citrix shows off new XenClient desktop hypervisor

Citrix has announced the first public release of its XenClient virtualization platform, formerly known as Project Independence. Built on top of the Xen hypervisor, the new product offers high-performance virtualization for corporate desktops and mobile users.

Hypervisor-based virtualization is commonplace in the server room, but thus far the technology has not made it to the desktop; desktop-based virtualization products like Microsoft's Virtual PC and VMware Workstation run virtual machines on top of a full OS. This makes virtualization a heavyweight solution for those wanting to use desktop virtualization to provide a consistent, easy-to-manage environment, which has limited its acceptance.

Citrix is also promoting the use of the product as a way for organizations to allow users to run securely locked-down VMs alongside less secure—but more user-friendly—environments, even to the extent of giving a "corporate desktop" on a privately-owned PC. The corporate VM can have all the security policies, virus protection, VPN software, and other corporate tools, safely protected from any damage by software that the user might run in the unrestricted VM.

XenClient also enables mobile users to take their corporate desktop PC (with all its applications, data, and configuration) everywhere they go, just by having the system image copied to their laptop. For management of the machine images, Synchronizer for XenClient will provide centralized deployment and backup.

A test version of the software is available to download today. General availability should occur within a few months. The software is also set to be available as a preinstall from major OEMs.

Read the comments on this post

No comments:

Subscribe to: Post Comments (Atom)