Gmail Vulnerability Reported:
"A vulnerability in Google's Gmail may give remote users access to Gmail user information. The culprit is the Gmail CheckAvailability script. Remote users can apply the '/accounts/CheckAvailability' script repeatedly until the system returns another user's information.
The only information that seems to be revealed are the user's first and last name and desired Gmail account. Also, in order to access this information, the remote user must have a valid Gmail invite. While this may not be as much of a security caution as, say, revealing credit card information, it still causes a worry for users wishing to remain anonymous.… "
http://www.webpronews.com/news/ebusinessnews/wpn-45-20040720GmailVulnerabilityReported.html
Friday, July 23, 2004
Thursday, July 22, 2004
What's Next: For Doctored Photos, a New Flavor of Digital Truth Serum
The New York Times > Technology > Circuits > What's Next: For Doctored Photos, a New Flavor of Digital Truth Serum:
"'It used to be that you had a photograph, and that was the end of it - that was truth,' said Hany Farid, an associate professor of computer science at Dartmouth College who is a leader in the field. 'We're trying to bring some of that back. To put some measure of guarantee back in photography.'
At stake is more than the fate of possible child pornographers. The United States military has become increasingly reliant on digital images from drones and satellites to give soldiers a sense of the battlefield. Law enforcement officers routinely use digital cameras to photograph crime scenes. Newspapers and magazines are now dependent on digital photographs that can be easily doctored.
Over the last three years, Professor Farid and his students have become experts at forgery, making hundreds of images that look authentic but have in fact been digitally tweaked. License plate numbers are changed. A single stool standing on a checkerboard floor is suddenly a pair of stools. Dents on a car are wiped away with a few mouse clicks.
The skillful tampering disturbed the images in ways that the human eye could not detect. But Professor Farid says his algorithms can spot them and sound the alarm."
For example, when two images are spliced together - like the picture of a shark attacking a helicopter that has circulated around the Internet in the past few years - one or both of the original pictures usually has to be shrunk, enlarged or rotated to make the pieces fit together. And those changes, no matter how artful, leave clues behind.
Take a picture that is 10 pixels by 10 pixels, for a total of 100. Stretch it to 10 by 20 pixels, and image-editing software like Adobe Photoshop will assign the picture's original pixels to every other slot in the new picture. That leaves 100 pixels "blank," or without values. Image-editing software fills in the gaps by examining what their neighbors look like, and then applying an average. To oversimplify, if pixel A is blue, and pixel C is red, the blank pixel B will become purple.
This kind of averaging becomes "pretty obvious" after some analysis of the image, Professor Farid said.
In tests on several hundred doctored photos, this technique for detecting changes proved to be virtually foolproof if the picture quality was high enough. Uncompressed TIFF image files, which contain enormous amounts of data, were like an open book to Professor Farid's team.
But Professor Farid said that for now the technique does not work as well with files created in JPEG, the compressed picture format most commonly used online.…
http://www.nytimes.com/2004/07/22/technology/circuits/22next.html
"'It used to be that you had a photograph, and that was the end of it - that was truth,' said Hany Farid, an associate professor of computer science at Dartmouth College who is a leader in the field. 'We're trying to bring some of that back. To put some measure of guarantee back in photography.'
At stake is more than the fate of possible child pornographers. The United States military has become increasingly reliant on digital images from drones and satellites to give soldiers a sense of the battlefield. Law enforcement officers routinely use digital cameras to photograph crime scenes. Newspapers and magazines are now dependent on digital photographs that can be easily doctored.
Over the last three years, Professor Farid and his students have become experts at forgery, making hundreds of images that look authentic but have in fact been digitally tweaked. License plate numbers are changed. A single stool standing on a checkerboard floor is suddenly a pair of stools. Dents on a car are wiped away with a few mouse clicks.
The skillful tampering disturbed the images in ways that the human eye could not detect. But Professor Farid says his algorithms can spot them and sound the alarm."
For example, when two images are spliced together - like the picture of a shark attacking a helicopter that has circulated around the Internet in the past few years - one or both of the original pictures usually has to be shrunk, enlarged or rotated to make the pieces fit together. And those changes, no matter how artful, leave clues behind.
Take a picture that is 10 pixels by 10 pixels, for a total of 100. Stretch it to 10 by 20 pixels, and image-editing software like Adobe Photoshop will assign the picture's original pixels to every other slot in the new picture. That leaves 100 pixels "blank," or without values. Image-editing software fills in the gaps by examining what their neighbors look like, and then applying an average. To oversimplify, if pixel A is blue, and pixel C is red, the blank pixel B will become purple.
This kind of averaging becomes "pretty obvious" after some analysis of the image, Professor Farid said.
In tests on several hundred doctored photos, this technique for detecting changes proved to be virtually foolproof if the picture quality was high enough. Uncompressed TIFF image files, which contain enormous amounts of data, were like an open book to Professor Farid's team.
But Professor Farid said that for now the technique does not work as well with files created in JPEG, the compressed picture format most commonly used online.…
http://www.nytimes.com/2004/07/22/technology/circuits/22next.html
ASP.NET Web Matrix Guided Tour
ASP.NET Web Matrix Guided Tour:
"What Level of Expertise Is Assumed in the Guided Tour?
You should be fluent in HTML and general Web development terminology. You do not need previous ASP.NET experience for most of the walkthroughs, although you should be familiar with the general web concepts behind interactive Web pages, including forms, XML, and data access.
For a walkthrough of ASP.NET itself, please review the ASP.NET QuickStart Tutorial at: http://www.asp.net/Tutorials/quickstart.aspx"
http://www.asp.net/webmatrix/tour/getstarted/intro.aspx
"What Level of Expertise Is Assumed in the Guided Tour?
You should be fluent in HTML and general Web development terminology. You do not need previous ASP.NET experience for most of the walkthroughs, although you should be familiar with the general web concepts behind interactive Web pages, including forms, XML, and data access.
For a walkthrough of ASP.NET itself, please review the ASP.NET QuickStart Tutorial at: http://www.asp.net/Tutorials/quickstart.aspx"
http://www.asp.net/webmatrix/tour/getstarted/intro.aspx
Bagle.ag and Bagle.ai - ZDNet: Reviews
Double trouble as these latest versions of Bagle spread quickly:
"The most recent variations of the Bagle worm family appear to be based on code similar to the Bagle.af variation. Bagle.ag (w32.bagle.ag@mm, also known as Beagle.ac and Bagle.ah) and Bagle.ai (w32.bagle.ai@mm, also known as Bagle.ae, Beagle.ag, and Bagle.ah) are mass-mailing worms that vary in length and are packed with the UPX file compressor. They use various subject lines and attached files to spread via e-mail. They also attempt to spread via shared network files. They both try to terminate security apps that may be running on the infected machine and install a backdoor Trojan horse. Additionally, Bagle.ai will attempt to terminate any Netsky virus that may be running on the infected machine. This worm does not affect Linux, Unix, or Mac OS systems. Because Bagle.ag and Bagle.ai spread via e-mail and open a backdoor Trojan, they rate a 6 on the CNET/ZDNet Virus Meter. "
How it works
Both versions of Bagle use a different set of subject and body texts, contain their own SMTP engine to send copies of themselves. They also harvest e-mail addresses from infected machines, spoof the e-mail sender's address, and password-protect the attached file. These worms contain a remote access Trojan horse, copy themselves to folders that use the string "shar" in the name, and will attempt to terminate security programs and other computer viruses and worms.
Additionally, Bagle.ai will use mutex names already used by the Netsky in order to prevent further Netsky infections. Bagle.ai will also delete the registry entries for security apps and other viruses such as Netsky.
Bagle.ag creates the following in the Win/System32 folder
sys_xp.exe
sys_xp.exeopen
sys_xp.exeopenopen
Bagle.ai creates the following in the Win/System32 folder:
WinXP.exe
WinXP.exeopen
WinXP.exeopenopen
WinXP.exeopenopenopen
WinXP.exeopenopenopenopen
Bagle.ag opens TCP port 1080 while Bagle.ai opens ports 1080 (TCP) and 1040 (UDP).…
http://reviews-zdnet.com.com/4520-6600_16-5144521.html
"The most recent variations of the Bagle worm family appear to be based on code similar to the Bagle.af variation. Bagle.ag (w32.bagle.ag@mm, also known as Beagle.ac and Bagle.ah) and Bagle.ai (w32.bagle.ai@mm, also known as Bagle.ae, Beagle.ag, and Bagle.ah) are mass-mailing worms that vary in length and are packed with the UPX file compressor. They use various subject lines and attached files to spread via e-mail. They also attempt to spread via shared network files. They both try to terminate security apps that may be running on the infected machine and install a backdoor Trojan horse. Additionally, Bagle.ai will attempt to terminate any Netsky virus that may be running on the infected machine. This worm does not affect Linux, Unix, or Mac OS systems. Because Bagle.ag and Bagle.ai spread via e-mail and open a backdoor Trojan, they rate a 6 on the CNET/ZDNet Virus Meter. "
How it works
Both versions of Bagle use a different set of subject and body texts, contain their own SMTP engine to send copies of themselves. They also harvest e-mail addresses from infected machines, spoof the e-mail sender's address, and password-protect the attached file. These worms contain a remote access Trojan horse, copy themselves to folders that use the string "shar" in the name, and will attempt to terminate security programs and other computer viruses and worms.
Additionally, Bagle.ai will use mutex names already used by the Netsky in order to prevent further Netsky infections. Bagle.ai will also delete the registry entries for security apps and other viruses such as Netsky.
Bagle.ag creates the following in the Win/System32 folder
sys_xp.exe
sys_xp.exeopen
sys_xp.exeopenopen
Bagle.ai creates the following in the Win/System32 folder:
WinXP.exe
WinXP.exeopen
WinXP.exeopenopen
WinXP.exeopenopenopen
WinXP.exeopenopenopenopen
Bagle.ag opens TCP port 1080 while Bagle.ai opens ports 1080 (TCP) and 1040 (UDP).…
http://reviews-zdnet.com.com/4520-6600_16-5144521.html
Wednesday, July 21, 2004
eMachine Shop, a bridge between the real world and computers.
No Second Acts?:
"At eMachineShop, you can download a powerful yet straightforward CAD program to design objects. You then specify the material and submit your design to the site, and eMachineShop will price it according to the materials and machining or forming difficulty, along with the number of steps involved in manufacturing and finishing. The available materials range from every imaginable kind of plastic to metals such as aluminum, brass, and steel. You can specify bending, drilling, milling, turning, and various other operations. You can also specify finishes, including plating and powder coating.
The eMachineShop software prices your job on the spot, while the 3D rendering is on your screen. You find out what your part or run of parts will cost you in minutes, not days. When you give the okay, eMachineShop makes your parts and ships them to you. It's a full-capability fabrication facility that you pay for on an as-needed basis. Customers have created both simple and complex parts; you can see some photos on the site."
Lewis wasn't content to stop at mechanical fabrication. His goal is to be a one-stop product development facility. "As Amazon is to books I want to be to manufacturing," he says. Since more and more devices contain electronics, it made sense to offer circuit board fabrication too. You can go to sites like www.pcbexpress.com and order up a run of single-layer or multilayer circuit boards, but you have to be sufficiently knowledgeable to generate files that will control their drilling and routing equipment.
So Lewis created the Web site Pad2Pad, where you can design your board with simple downloadable software, place parts, run traces, spot holes, and connect layers. Like eMachineShop, Pad2Pad prices your work in advance and actually assembles the boards from a large inventory of parts instead of delivering solder-ready boards.
Of course, Pad2Pad can't stock all of the millions of electronic components, especially the more esoteric integrated circuits, but it can leave holes or surface-mount pads on the board for you to stuff or solder to. Pad2Pad is still in launch mode, and Lewis is expanding the parts inventory. He plans to connect with a major parts distributor, thus gaining access to just about anything you can put on a circuit board.…
http://www.pcmag.com/article2/0,1759,1619713,00.asp
"At eMachineShop, you can download a powerful yet straightforward CAD program to design objects. You then specify the material and submit your design to the site, and eMachineShop will price it according to the materials and machining or forming difficulty, along with the number of steps involved in manufacturing and finishing. The available materials range from every imaginable kind of plastic to metals such as aluminum, brass, and steel. You can specify bending, drilling, milling, turning, and various other operations. You can also specify finishes, including plating and powder coating.
The eMachineShop software prices your job on the spot, while the 3D rendering is on your screen. You find out what your part or run of parts will cost you in minutes, not days. When you give the okay, eMachineShop makes your parts and ships them to you. It's a full-capability fabrication facility that you pay for on an as-needed basis. Customers have created both simple and complex parts; you can see some photos on the site."
Lewis wasn't content to stop at mechanical fabrication. His goal is to be a one-stop product development facility. "As Amazon is to books I want to be to manufacturing," he says. Since more and more devices contain electronics, it made sense to offer circuit board fabrication too. You can go to sites like www.pcbexpress.com and order up a run of single-layer or multilayer circuit boards, but you have to be sufficiently knowledgeable to generate files that will control their drilling and routing equipment.
So Lewis created the Web site Pad2Pad, where you can design your board with simple downloadable software, place parts, run traces, spot holes, and connect layers. Like eMachineShop, Pad2Pad prices your work in advance and actually assembles the boards from a large inventory of parts instead of delivering solder-ready boards.
Of course, Pad2Pad can't stock all of the millions of electronic components, especially the more esoteric integrated circuits, but it can leave holes or surface-mount pads on the board for you to stuff or solder to. Pad2Pad is still in launch mode, and Lewis is expanding the parts inventory. He plans to connect with a major parts distributor, thus gaining access to just about anything you can put on a circuit board.…
http://www.pcmag.com/article2/0,1759,1619713,00.asp
Keep Your Kids Safe
Keep Your Kids Safe:
"In September 2003, 53-year-old John Zuccarini was arrested at a Florida hotel and, after admitting to his crimes in a plea bargain, became the first person convicted under the national Truth in Domain Names Act. The crime: According to the United States Attorney's office for the Southern District of New York, Zuccarini registered and used more than 3,000 misleading domain names, many of which directed children to hard-core porn sites and graphic depictions of young people engaged in sex acts. The domains included www .teltubbies.com and www.bobthebiulder.com—both misspellings of the addresses for popular children's TV shows.
Porn is just one of many issues parents should be concerned about when their kids go online. Problems could be as dangerous as encountering a predator in a chat room, as common as sharing music and software illegally via peer-to-peer file-sharing services, or as simple as spending far too much time playing games and chatting with friends.
Recent market research suggests that many parents consider online chatting more dangerous than Web surfing. Last year, Microsoft's MSN service shut down its chat rooms in 28 countries partly because of concerns about sexual predators preying on minors. And in a study published by Harris Interactive in November 2003, 24 percent of 550 U.S. teens surveyed said they had been contacted online by a stranger who tried to arrange an off-line meeting.
Meanwhile, the amount of time kids spend online is just as important an issue. A November study performed by the Pew Internet & American Life Project found that almost 70 percent of young users say they would find it "very hard to give up" the Internet, compared with only 48 percent who said the same about television. Computers have become a hub for social activity. And for the most part, it is an unsupervised environment. Many parents go to sleep every night convinced that their kids are sleeping too, while some of the kids are actually chatting online with friends and strangers. And not surprisingly, some kids are also chatting when they should be doing homework.
The Internet has so much good to offer, however, that you can't just take your kids' access away permanently. It's a great educational resource and an essential form of communication today. And the more your kids learn about using the Internet now, the better prepared they'll be for using it in the future.
Parents need to protect their kids online. Just as they want some control over where their kids go and whom they talk to in real life, parents need to establish some rules on where they go and whom they talk to online. Which strategy is best for your needs is your decision. The good news is that the products on the market offer a variety of approaches, so finding the right solution shouldn't be too difficult.…"
http://www.pcmag.com/article2/0,1759,1620643,00.asp
"In September 2003, 53-year-old John Zuccarini was arrested at a Florida hotel and, after admitting to his crimes in a plea bargain, became the first person convicted under the national Truth in Domain Names Act. The crime: According to the United States Attorney's office for the Southern District of New York, Zuccarini registered and used more than 3,000 misleading domain names, many of which directed children to hard-core porn sites and graphic depictions of young people engaged in sex acts. The domains included www .teltubbies.com and www.bobthebiulder.com—both misspellings of the addresses for popular children's TV shows.
Porn is just one of many issues parents should be concerned about when their kids go online. Problems could be as dangerous as encountering a predator in a chat room, as common as sharing music and software illegally via peer-to-peer file-sharing services, or as simple as spending far too much time playing games and chatting with friends.
Recent market research suggests that many parents consider online chatting more dangerous than Web surfing. Last year, Microsoft's MSN service shut down its chat rooms in 28 countries partly because of concerns about sexual predators preying on minors. And in a study published by Harris Interactive in November 2003, 24 percent of 550 U.S. teens surveyed said they had been contacted online by a stranger who tried to arrange an off-line meeting.
Meanwhile, the amount of time kids spend online is just as important an issue. A November study performed by the Pew Internet & American Life Project found that almost 70 percent of young users say they would find it "very hard to give up" the Internet, compared with only 48 percent who said the same about television. Computers have become a hub for social activity. And for the most part, it is an unsupervised environment. Many parents go to sleep every night convinced that their kids are sleeping too, while some of the kids are actually chatting online with friends and strangers. And not surprisingly, some kids are also chatting when they should be doing homework.
The Internet has so much good to offer, however, that you can't just take your kids' access away permanently. It's a great educational resource and an essential form of communication today. And the more your kids learn about using the Internet now, the better prepared they'll be for using it in the future.
Parents need to protect their kids online. Just as they want some control over where their kids go and whom they talk to in real life, parents need to establish some rules on where they go and whom they talk to online. Which strategy is best for your needs is your decision. The good news is that the products on the market offer a variety of approaches, so finding the right solution shouldn't be too difficult.…"
http://www.pcmag.com/article2/0,1759,1620643,00.asp
Tuesday, July 20, 2004
Picasa: Automated Digital Photo Organizer software: Download
Picasa: Automated Digital Photo Organizer software, instant photo albums, sharing & printing: Download:
"Picasa is now part of Google. Download version 1.6 for Free!
Picasa works with the digital photo files on your PC to create a better, more organized viewing and editing experience. Picasa will not delete or move the location of pictures saved on your PC. "
http://www.picasa.com/google/
"Picasa is now part of Google. Download version 1.6 for Free!
Picasa works with the digital photo files on your PC to create a better, more organized viewing and editing experience. Picasa will not delete or move the location of pictures saved on your PC. "
http://www.picasa.com/google/
Zend Updates PHP Scripting Language
Zend Updates PHP Scripting Language:
"Zend 5 includes a new version of the Zend engine, known as Zend Engine II. It also features object orientation, enhanced XML processing and Web services support.
Gutmans said the previous release, PHP 4, came out four years ago and the installed base of users has grown from 1.5 million then to 16 million now.
'The Zend II engine is a complete rewrite of all the object-oriented capabilities in the language,' Gutmans said. The new version features exception handling."
"The reason why object-oriented development gets such a big focus is that the more critical the application becomes the more structured the development becomes," Gutmans said. And as PHP becomes more a part of the enterprise, interoperability becomes important, he said.
The XML extensions in PHP 5 were rewritten to use the GNOME Project's XML and Extensible Stylesheet Language Transformations libraries. The new version includes a new module, MySQLi, for database support, as well as SQLite, an embedded database.…
http://www.eweek.com/article2/0,1759,1624753,00.asp
"Zend 5 includes a new version of the Zend engine, known as Zend Engine II. It also features object orientation, enhanced XML processing and Web services support.
Gutmans said the previous release, PHP 4, came out four years ago and the installed base of users has grown from 1.5 million then to 16 million now.
'The Zend II engine is a complete rewrite of all the object-oriented capabilities in the language,' Gutmans said. The new version features exception handling."
"The reason why object-oriented development gets such a big focus is that the more critical the application becomes the more structured the development becomes," Gutmans said. And as PHP becomes more a part of the enterprise, interoperability becomes important, he said.
The XML extensions in PHP 5 were rewritten to use the GNOME Project's XML and Extensible Stylesheet Language Transformations libraries. The new version includes a new module, MySQLi, for database support, as well as SQLite, an embedded database.…
http://www.eweek.com/article2/0,1759,1624753,00.asp
Monday, July 19, 2004
ZDNet AnchorDesk: Is another MSBlast attack on its way?
ZDNet AnchorDesk: Is another MSBlast attack on its way?:
"The Eschelbeck Theory, named after Gerhard Eschelbeck, a security researcher at Qualys.
The theory states that only half of the vulnerable systems in the world are patched within the first 30 days of a patch's existence, and that within that same 30-day period, someone invariably releases a virus or a worm to take advantage of the still-vulnerable systems. Given that, the clock is already ticking on these new Microsoft vulnerabilities. Of course, several of the newly announced flaws also involve Internet Explorer in some way.… "
http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5144057.html?tag=ns
"The Eschelbeck Theory, named after Gerhard Eschelbeck, a security researcher at Qualys.
The theory states that only half of the vulnerable systems in the world are patched within the first 30 days of a patch's existence, and that within that same 30-day period, someone invariably releases a virus or a worm to take advantage of the still-vulnerable systems. Given that, the clock is already ticking on these new Microsoft vulnerabilities. Of course, several of the newly announced flaws also involve Internet Explorer in some way.… "
http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5144057.html?tag=ns
Subscribe to:
Posts (Atom)
Posts
