MacBook Hacked in 2 Minutes...

From arstechnica.com

MacBook Air compromised in 2 minutes for $10,000 (Updated)

By Jacqui Cheng Published: March 28, 2008 - 09:54AM CT

Many of you remember last year's CanSecWest conference, where a MacBook Pro was compromised for a $10,000 prize. Well... take that, replace the MacBook Pro with a MacBook Air, and repeat it again for 2008. We learned in February that this year's CanSecWest would still involve a Mac, but also a laptop running Vista and some flavor of Linux.

That's exactly how it played out this week in Vancouver when security teams were presented with the three machines for the PWN2OWN contest. Unfortunately for Mac fanboys, the MacBook Air was the first to go down, thanks to security researcher Charlie Miller.

Miller is now the proud owner of $10,000 in cold, hard cash. Charlie Miller's name might sounds familiar to you, and that's because he was among the first to discover an exploit in mobile Safari on the iPhone.

According to IDG News Service, Miller took less than two minutes to compromise the MacBook Air. "Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on," wrote IDG.

Part of the rules for the contest were that hackers could only use software that was preinstalled on the machines. DVLabs says that it is privvy to the exploit, and that it was through Safari. The exploit itself, however, is not being revealed for now in order to give Apple time to patch it (DVLabs says that the vulnerability has been "responsibly disclosed" to the company and that Apple is already working on it). The contest ends sometime today. It's expected that the Vista and Linux (Ubuntu) laptops are expected to go down today, but no news has come down yet about how they fared.

Update: As many of our commenters have pointed out, the MacBook Air was, in fact, hacked after the first day of the conference passed. None of the machines had been hacked on the first day, which prompted the PWN2OWN organizers to relax the rules on the second day. Regardless, the Safari exploit is still serious enough to allow someone to compromise the machine, whereas the other two machines (under the same, new set of rules) have yet to be compromised.

Comcast Adjusts Way It Manages Internet Traffic

Comcast Adjusts Way It Manages Internet Traffic

By BRAD STONE
Published: March 28, 2008

SAN FRANCISCO — Comcast, the country’s largest residential Internet provider, said on Thursday that it would take a more equitable approach toward managing the ever-expanding flow of Web traffic on its network.

The cable company, based in Philadelphia, has been under relentless pressure from the Federal Communications Commission and public interest groups after media reports last year that it was blocking some Internet traffic of customers who used online software based on the popular peer-to-peer BitTorrent protocol.

Entire article.

Attacks on Save Darfur I.T. Systems

Take a look at Save Darfur's press release about the hack on their IT systems. They are working with the FBI related to their system hack. Looks like only names, email addresses, basic info take from the website. At least that's for now.

---- a portion of the press release----

China-Based I.T. Attacks Reported to FBI, Save Darfur Denounces Efforts to Disrupt Coalition Advocacy

Fowler: Someone in Beijing is clearly trying to send us a message, but they’re mistaken if they think these attacks will end efforts to bring peace to Darfur.

WASHINGTON – The Save Darfur Coalition met this week with special agents from the U.S. Federal Bureau of Investigations to report increasing I.T. attacks on coalition systems – attacks which appear to originate in China and primarily target and probe the coalition’s aggressive China advocacy efforts to bring peace and security to Darfur. As the coalition’s China advocacy campaign has intensified, officials have noticed increasingly sophisticated and subversive attempts to intercept emails and infect computers with malicious programs. During the meeting with FBI officials, the coalition provided technical information and offered a detailed account of the recent attacks.

Bringing Outlook and Gmail Together

Bringing Outlook and Gmail Closer Together
By Miguel Helft
From nytimes.com Bits

UPDATED
For months, Google has sought to make inroads against Microsoft’s dominance in office applications. Now, it’s getting a little help from others.

Cemaphore Systems, a company that specializes in e-mail backup services, is expected to announce onannounced Wednesday a new product that allows people to automatically synchronize their e-mail, calendar and address books between Microsoft’s Outlook and Google’s Gmail. The service, called MailShadow for Google Apps, is being pitched as a “email continuity and disaster recovery solution.” In other words, it is intended to provide users of Outlook and Exchange, Microsoft’s mail server, with a secure backup. As such, it represents an interesting use of the Google computing “cloud” to provide a service for Microsoft users.

But the technology also would allow businesses to rip out their Exchange servers and run Outlook, which millions of users are familiar with, directly from the Google servers.

“If you are an I.T. guy (or gal) and you can change the back end from Exchange to Google, and keep Outlook for your users, that’s a really interesting proposition,” said Matt Cain, an analyst with Gartner. “We’ll have to see if it works.”

Entire article.

XP Service Pack 3, Microsoft release possibly 3rd week in April

Just a guess from reading various posts... possibly a release of XP SP3 in late April. This release does seem to be an acknowledgement that Vista is not taking off as well as anticipated... but will be good for end users, for sure. The time it takes to install all the security updates, on a new machine, released since SP2 takes a LONG time. This release is good news.

Microsoft Working On Updates To Prevent Further Word Attacks

Microsoft Working On Updates To Prevent Further Word Attacks
By Dee Chisamera 15:22, March 24th 2008
From efluxmedia.com

Microsoft admitted to vulnerability in its Jet Database Engine after a series of attacks on Word files have been reported. The issue doesn’t affect customers using Windows Server 2003 Service Pack 2, Windows Vista and Windows Vista Service Pack 1, whose Microsoft Jet Database Engine is not confronted with this problem.

On the other hand, those using Microsoft Word 2000 Service Pack 3, Microsoft word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP or Windows Server 2003 Service Pack 1 are vulnerable to these attacks, the company said.

“Do not open or save Word files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Word file,” the company said in an advisory, suggesting customers to use Protect Your PC, enable a firewall and install updated antivirus software.

How this vulnerability expresses itself in reality is not complicated: the attack uses Word files to import external data. Microsoft already announced that the threat is real for PCs with older versions than Msjet40.dll 4.0.9505.0 and that they are already working on an update to prevent such malicious attacks from happening.

Bill Sisk said in a blog on MSRC (the Microsoft Security Response Center): “We’ve activated our Software Security Incident Response Process (SSIRP) to investigate the vulnerability (…) As part of our SSIRP process, we currently have teams working to develop an update of appropriate quality for release (…) In the meantime, we encourage customers to view the advisory and implement the workarounds.”

Entire article.

Sad Day to be an American

Not a technical note here but just a moment to honor the 4000 Americans that have died because of the US Invasion and war in Iraq that is now over 5 years old. The dead are honored but the Bush Administration should live be filled with utter disgrace. This is a sad day to be an American.

And, is the US ever leaving Iraq? Watch Cheney on Good Morning America with his statement when asked about the fact that 2/3 of the American public is not in support of the war.
-------------------
From the washingtonpost.com posting.

Associated Press: U.S. Military Deaths in Iraq at 4,000
Associated PressSunday, March 23, 2008; 10:43 PM

As of Sunday, March 23, 2008, at least 4,000 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,253 died as a result of hostile action, according to the military's numbers.

iPhone and Microsoft Exchange

You've probably heard the news but Steve Jobs announced that in early Summer (June), there will be enterprise support for the iPhone for conectivity with Microsoft Exchange Email Server. (It was already rumored but it's official now!)

This is gonna get interesting! Blackberry vs iPhone... round one.

More information on that news and the other announcement from Steve Jobs about easing rules for development tools for iPhone from a ComputerWorld.com article.

Samsung First to Ship 500GB Laptop Hard Drive

Samsung First to Ship 500GB Laptop Hard Drive
Hard disk drive will enable up to 1TB of storage in portable computers.

PC World Wednesday, March 5, 2008; 12:19 AM

Samsung Electronics is the first hard drive manufacturer to ship a 500GB 2.5-inch drive. Samsung announced its drive was shipping in volume to OEMs and PC makers today.
The 500GB drive marks a significant milestone in portable storage: On notebooks that support dual-hard drive configurations, a 500GB drive means you can have a whopping 1TB of storage in a laptop computer.

Hitachiwas the first company to announce a 500GB 2.5-inch hard drive, before the start of the 2008 International Consumer Electronics Show. Samsung was the second to announce, also at the show;Fujitsu also recently announcedits intention to offer a 500GB drive.

However, both Hitachi and Fujitsu are taking a different approach to 500GB than Samsung. All three drive makers use three disk platters, but Hitachi and Fujitsu reach 500GB by expanding the height of the drive from 9.5mm--the common standard for most notebooks--to 12.5mm, a height that's increasingly accommodated on larger, desktop-replacement laptop designs, but not necessarily on more general-use laptops.

From washingtonpost.com complete article.