Articles about Security

British hacker will be extradited to US for trial

A British hacker who broke into 97 military and NASA computer systems -- looking, he claims, for evidence about UFOs -- will be tried in America, where if convicted he may face a sentence of up to 70 years. Gary McKinnon has been appealing in the British judicial system to avoid extradition to these shores.

Mr. McKinnon doesn't deny that he hacked into the computers in 2001-02, but has stated that he wasn't attempting to compromise US security but to find secret information on unidentified flying objects -- a particular obsession for the 43-year-old man, who has been diagnosed with Asperger's syndrome. He asked instead for trial in the UK, stating that trial and incarceration in the US could be highly debilitating due to his condition.

Continue reading

Joel Tenenbaum admits downloading music, found guilty of copyright infringement

Thursday was a far more lively day in the Joel Tenenbaum copyright infringement case, as the defendant admitted that he had downloaded -- and that he had not been forthright in his written discovery responses about having done so. Mr. Tenenbaum also took responsibility for uploading and downloading from multiple peer-to-peer services, confirmed that he'd listened to all 30 now-no-longer-contested songs (nuking his own legal team's earlier assertion that some of the 30 might have been spoofed files), and suggested that his mom -- a lawyer -- might have given him some shaky advice on how to answer RIAA fact-finding efforts.

It was, in other words, defeat-- defeat to such a degree that the Joel Fights Back group blog run by the defense team is currently headed by a post titled "Joel FOUGHT back." In that post, Debbie Rosenbaum, one of the students who stuck with the case to its bitter end, writes that "Although we could not win this case, we are proud to have highlighted the abuses and the inefficiency with which the music industry burdens the court system."

Continue reading

Study indicates that vulnerability management's getting no better

In the festivity and fun that is the annual Black Hat gathering (confidential to D. Tangent: okay, I give up, how did you manage to get it as warm in Seattle this week as it in in Vegas?), it's easy to miss some of the small but telling talks that frame the discussion. I'm the first to admit that I'm all atwitter waiting for Thursday's pwn-any-iPhone vulnerability reveal, but on Wednesday I'm sitting with Qualys's report on the state of vulnerabilites out in the world, enjoying it much as one enjoys the Up series of movies.

The Up documentary series, for those who haven't Netflixed it, is following 14 British kids through their lives, interviewing them at 7, 14, 21, 28, 35, 42, and 49 so far. (The series started in 1964.) The concept is based on the old Jesuit saying, "Give me a child until he is seven and I will give you the man," and the filmmakers are watching to see if that's true -- if the rich kids stay rich, if the kids in unsettled homes grew up to have unsettled homes of their own, and so forth. If potentials are pronouncements, in other words.

Continue reading

Microsoft warns about activation crack, but 'pleased' people want to install Windows 7

As to be expected, Microsoft responded to news today that Windows 7 activation had already been cracked by telling Betanews that customers should not pirate the operating system. But the company also said it was happy to hear that people wanted to install Windows 7.

Following the publication of an activation crack for Windows 7 mere days after it was released to manufacturing, we contacted Microsoft to hear its take on the issue, which appears to be a repeat of the Windows Vista crack from 2006. Windows XP activation was also cracked not long after its launch.

Continue reading

Day 2 of Tenenbaum trial sees industry folk, family on the stand

Opening arguments Tuesday in Joel Tenenbaum's file-sharing trial covered both the you-don't-know-he-did and the so-what-if-he-did angles the defense advanced in pre-trial discussions, with various witnesses testifying that they hadn't used the "sublimeguy14@KaZaA" account on Mr. Tenenbaum's machine even as defense lead Charles Neeson told the jury that "Everyone could download [songs] for free. And millions and millions did. Joel was one of those millions."

Writing for Recording Industry vs The People, Mark Bourgeois supplied detailed information on the five witnesses and two items of deposition testimony presented on Tuesday. The depositions were given by Mr. Tenenbaum's sisters, who spoke about their brother's music tastes and said they'd never downloaded from his machine.

Continue reading

Once more into the courtroom with The Pirate Bay

It seems as if the high-profile trial of The Pirate Bay's operators hasn't really changed much at all in the eyes of Hollywood, as thirteen studios have banded together to sue the site into closing down.

The case was filed in Stockholm District Court on Monday and requests that the site cease and desist from pointing to copyrighted material. According to a Swedish news site given access to the documentation, about 100 movies and TV shows are listed in the complaint. The complaint asks for an injunction to keep the site from operating and mentions compensation for court costs.

Continue reading

Microsoft issues emergency patches for Visual Studio vulnerability

Microsoft today issued security updates for the Active Template Library (ATL) which address a vulnerability that could allow remote code execution.

Libraries are collections of codes upon which software is built, and Microsoft's ATL is used by developers to create controls or components (such as Automation and ActiveX) in Windows. But any components or controls created with the vulnerable version of ATL may now become vulnerable due to how ATL is used or due to issues in the ATL code itself.

Continue reading

Tenenbaum trial kicks off in Boston, sans fair use

A pre-trial ruling by the judge hearing the RIAA's case against Joel Tenenbaum -- only just pre-trial -- threw the defense's strategy in the copyright-infringement case into serious disarray just seven and a half hours before proceedings kicked off Monday morning.

The defense in Joel Tenenbaum's case, which is led by Charles Neeson of Harvard, has made it clear that they'd be arguing that Mr. Tenenbaum engaged in fair use when he shared on KaZaA the 30 songs at the heart of the trial. The RIAA moved to disallow that line of defense, and Judge Nancy Gertner agreed to think it over... which she did until early Monday morning. Concerned parties received an e-mail with her ruling at 1:37am.

Continue reading

Associated Press takes heat for article-tagging plan

A week in the blogosphere without a teapot-sized tempest is a week without... well, probably electrical power if not gravity. Last week's target for tumult was the Associated Press, which announced Thursday that it would implement a new system to detect unlicensed use of its content and promptly fell into a swamp of blogger fury, with all parties eventually screaming "fair use!" -- to the amusement and edification of absolutely no one.

The AP's news registry project, which is slated to roll out in November, will add an "informational wrapper" to its material, designed to alert the service to wholesale grabs by other web sites. Text content will be wrapped first, followed by photos and video.

Continue reading

After 9-year cookie ban, US Government wants to start tracking you online again

Nine years ago, the Office of Management and Budget issued a directive banning Federal agencies from dropping cookies on visitors' computers. On Friday, the White House called for public discussion about whether that policy should continue. Whether you see that as a nod to improved privacy protections and a smarter userbase, or sigh at the encroachments tracking tech has made in a decade, is perhaps a matter of perspective.

The announcement, blogged on the White House site by federal CIO Vivek Kundra and OMB associate administrator for information and regulatory affairs Michael Fitzpatrick and reproduced nearly verbatim in the proposal's listing in the Federal Register (PDF available), says that the point of the policy review is "to develop a new policy that allows the Federal Government to continue to protect the privacy of people who visit Federal websites while, at the same time, making these websites more user-friendly, providing better customer service, and allowing for enhanced web analytics."

Continue reading

Live long, Prosper...and crunch those numbers

This episode of Recovery is brought to you -- literally -- by the free Wi-Fi at the Sacramento Amtrak station. Isn't it funny how the train station can offer it but most airports don't. Funny. Ha.

I spent some time this week bopping around Prosper, the peer-to-peer lending site. I'd signed up with them several years back, intending to test the system for a write-up at Another Publication. I liked what I saw so much so that I stuck with it until economic events last year caused the service to go temporarily dormant. They're back now and I thought I'd see how my people were doing.

Continue reading

US DHS advises users to turn off Flash pending Adobe security fix

In the wake of reports that malicious users have found a way to trick Adobe Reader 9 into triggering an exploitable crash in Adobe Flash 9 and 10, the US Dept. of Homeland Security's CERT cybersecurity team is asking users and administrators everywhere to turn off Flash video in their Web browsers.

This prompted Adobe, which has recently been seeing perhaps the onset of a deluge of security issues, to update its security advisory, now rating the exploitable issue as "critical." Adobe is not advising users to take such drastic measures as disengaging Flash in their browsers (which would make it very hard to watch YouTube). What it's suggesting instead is that users manually delete the file %ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll, which is a library that Adobe Reader and Acrobat use to trigger embedded Flash and Shockwave videos.

Continue reading

Security jujitsu, or, How to improve your odds despite your users

A friend and I were talking the other day about how people are by and large not just oblivious to, but downright hostile about, the simplest security practices -- in fact, the simpler the request, the greater the level of grumbling. What to do, besides don a bandolier of tasers and a t-shirt that says "GO AHEAD, ASK ME AGAIN WHY YOU CAN'T MAKE YOUR PASSWORD THE SAME AS YOUR USERNAME?"

To cheer me up (yes, I have been troubleshooting a family member's computer; how did you guess?), my friend told me about a corporate-cultural tradition at a firm at which he recently consulted. The rules around that office require that anyone leaving their desk log out of the system. And if they don't? Their machine is fair game for co-workers, who by tradition go into the culprit's e-mail and send out a "cc:all" message announcing that they're going out for tacos, and would anybody else like some?

Continue reading

RIAA spokesperson denies proclaiming DRM 'dead'

The principal spokesperson for the Recording Industry Association of America -- whose name, for all who are interested, is correctly spelled Jonathan Lamy, not "Larry" -- denied telling an SC Magazine reporter, even off the cuff, that "DRM is dead," calling it a "blatantly inaccurate quote."

Lamy provided Betanews with an excerpt of his actual e-mail with the reporter, Deb Radcliff. As part of a discussion about consumers' continued willingness to bypass digital rights management schemes for digital music, for a story Radcliff was writing for SC, Lamy said, "There is virtually no DRM on music anymore, at least on download services, including iTunes." He went on to state that MP3s today tend to be sold without any DRM included anyway, with the interest of consumers being able to play tracks on any device.

Continue reading

Mozilla challenges security researchers, says Firefox exploit reports are false

If a bug in a program makes it possible for that program to crash, is that a vulnerability? Mozilla is saying "no" to that this morning, claiming that recent warnings, including one issued Friday by the US Dept. of Homeland Security, are exaggerations.

"While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug," reads a blog post yesterday from Mozilla Vice President of Engineering Mike Shaver. "Our analysis indicates that it is not, and we have seen no example of exploitability."

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.