- Apple ranks first in security bug count
- Does Microsoft’s shared source program pose a risk when it includes China, Russia?
- Facebook for hackers shut down in Pakistan
- New version of Zeus malware kit targets banking credentials
- Oracle patches almost 5 dozen security holes
- Confusion clouds real malware threat
- Zero day reported to Microsoft by Googler fixed in 33 days
- Why you should always set a PIN for phone service voice mail
- 25,000 PCs attacked with latest Windows zero day flaw
- Experts warn of new Windows shortcut flaw
- Mozilla refreshes its security bug bounty program
- Windows token kidnapping flaw
- DNS root zone cryptographically signed but just another step along the way to securing DNS
- Intentionally woefully non-secure Linux distro
- Origin of the HTML blink tag
Via Hacker News, I love that this ties back to Lynx, a text based browser I still use from time to time. It is also an excellent example of the odd thought process that often occurs to hackers. It also makes sense that the implementation was original an easter egg, the intent wasn’t to unleash untold eyestrain on the web but have a bit of a laugh. Funny how these unintended consequences arise.
- Senator uses copyright to block opponent’s use of her old web site
I am reading Netanel’s “Copyright’s Paradox” right now which is all about the fraught tension between free speech and copyright. Slashdot is one of many sources picking this story up today. It may be my current reading material speaking, but this seems like a very clear case of using copyright as a form of prior restraint, not having anything to do with its proper role as the “engine of free expression”.
- Near perfect 3D information storage, in the lab
Technology Review describes a system for reading and storing information that really does sound rather science fictional. A single bit encoded on a single molecule would seem to be pretty close to perfect density. Initially it is surprising that several developments here come from biography but then you have to wonder if related techniques operate or are instrumental to information processing in living systems.
- Open data analysis framework in the cloud
- Two Turkeys in conflict over Internet blocking
- Army will press charges against alleged WikiLeaks source
- Working towards a standardized power brick for laptops
- Seizure of DNS names of pirate sites by US fails
This is news cast 207, an episode of The Command Line Podcast.
In the intro, explaining my advertise experiment, a change to the podcast’s license going forward, and OggCamp 10.
In this week’s news a new technique for improve random number generation, circumvention is not enough to foil censorship, trade association wants USTR to equate open source with piracy (I’ve talked about the watch list being abused previously and Jesse Brown at Search Engine has an excellent discussion), and an early computer manual encourage bypassing proto-DRM.
Following up this week the internet chapter of ACTA has leaked.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
Iljitsch van Beijnum at Ars has news of a well substantiated draft memo that would forbid top level domain operators from re-directing to a page of their own when a name server lookup fails. The problem originally garnered much attention when Verisign introduced their Site Finder offering which obscured failed domain name look ups with a helpful error page that also happened to carry ads. Verisign’s motivation was pretty transparently the ad revenue they were able to rake in essentially for free and they ultimately backed down after mass criticism over the practice.
As the article notes, what all the expert input boils down to is that re-directing on a lookup failure breaks DNS, denying machines on the network the ability to legitimately tell when a domain doesn’t exist.
This memo, should it move forward into policy, wouldn’t stop a similar practice by some ISP’s like Verizon. The difference, as the article explains, is that re-direction by an ISP usually carries an opt-out and as long as the top level servers work as expected, a determined user can stand up their own DNS server that bypasses any sort of re-direction or any other sort of tinkering with DNS resolution requests.