Hacking and Anonymous surfing

Yale University was set to switch over its campus from using Horde Webmail to Gmail and its complement of services included in the Google Apps for Education package, but officials in the Information Technology Services division have announced they’re putting that move on hold. The gradual transition to Gmail would have been ongoing through the year and completed by next spring.

According to the Yale Daily News, the original decision to switch over to Gmail was met with concerns and reservations from the faculty and administration. Several felt the decision had been made too hastily and without proper University approval.

So far 2010 hasn’t been kind to the Microsoft Internet Explorer web browser. It is only March, and Microsoft is releasing the second emergency out-of-band patch to respond to a zero-day exploit in the wild.

Microsoft released security bulletin MS10-018 today — an update rated as Critical which includes 10 patches affecting all versions of Internet Explorer, including the current zero-day exploit being used to attack IE6 and IE7 browsers. Exploit code for the IE zero-day, dubbed “iepeers”, is circulating on the internet.

Qualys CTO Wolfgang Kandek wrote a blog post stating “Microsoft’s decision to accelerate the release rather than waiting until next Patch Tuesday on April 13th is an indication that attacks against the “iepeers” vulnerability are on the rise.”

Europe’s first on-console show FirstPlay will launch its first weekly episode on Thursday April 8 on the PlayStation, bringing high definition video reviews and previews every week, plus exclusive downloadable content and much more.

Brought about by TechRadar’s publisher Future, FirstPlay will be available to UK gamers through Sony’s PlayStation 3 console from the PlayStation Network for 99p an episode or £8.99 for a 90-day subscription.

Tim Clark, Editor-in-Chief of FirstPlay, said: “We’re tremendously excited to be finally launching FirstPlay, and to be bringing our brand of editorial direct to PS3 owners on their consoles.

The United States has raised concerns with Australia about the impact of a proposed Internet filter that would place restrictions on Web content, an official said Monday.

The concerns of Australia’s most important security ally further undermine plans that would make Australia one of the strictest Internet regulators among the world’s democracies.

“Our main message of course is that we remain committed to advancing the free flow of information which we view as vital to economic prosperity and preserving open societies globally,” a U.S. State Department spokesman Michael Tran told The Associated Press by telephone from Washington. Tran declined to say when or at what level the U.S. State Department raised its concerns with Australia and declined to detail those concerns.

A federal judge on Monday struck down patents on two genes linked to breast and ovarian cancer. The decision, if upheld, could throw into doubt the patents covering thousands of human genes and reshape the law of intellectual property.

United States District Court Judge Robert W. Sweet issued the 152-page decision, which invalidated seven patents related to the genes BRCA1 and BRCA2, whose mutations have been associated with cancer.

The American Civil Liberties Union and the Public Patent Foundation at the Benjamin N. Cardozo School of Law in New York joined with individual patients and medical organizations to challenge the patents last May: they argued that genes, products of nature, fall outside of the realm of things that can be patented. The patents, they argued, stifle research and innovation and limit testing options.

When it needs to act fast, the FBI can do so. When a YouTube video came to its attention on Friday in San Francisco, the FBI had a Philadelphia man in custody the next day. A reminder to Internet nutjobs: your IP address can and will be used to hunt you down, so posting threatening rants to YouTube is only a good idea if you’re looking to get arrested.

The FBI’s affidavit gives us a window into how the investigation unfolded, and into just how quickly the Bureau can turn a YouTube link into a home address when necessary.

Last Friday, March 26, the San Francisco office of the Bureau “received a copy of a video that had been removed from the Internet website YouTube. The video included images of a white male, later identified as NORMAN LEBOON, making threats against United States Congressman Eric Cantor, 7th Congressional District – Virginia. The video appeared to be homemade and was of good quality. The face of the white male can clearly be seen.”

For many years now, I’ve written articles detailing the changes in each minor OS X update that’s released, such as the now-available Mac OS X 10.6.3. In the beginning, writing these articles was both interesting and worthwhile, as Apple rarely went into great detail about what was in a given update.

Times, though, are changing–the notes accompanying the 438MB 10.6.3 update include links to pages that detail both the general changes as well as the security-specific changes in this update. While these notes clearly don’t document every single change in the update, they do cover a lot of them.

One area that wasn’t covered in Apple’s release notes involves graphics–specifically, improvements to the OS X 3D graphics engine. A representative from VMware, which makes Fusion for the Mac, told me that “VMware is excited about the release of Mac OS X 10.6.3, as the improved graphics drivers greatly improve 3D and interactive performance for VMware Fusion customers.”

Microsoft endures a lot of criticism for its Patch Tuesdays, frequent vulnerabilities and security weaknesses, but many times, users bring those problems on themselves by not using the access management tools they have at their disposal, say two people in the access management field.

A study out today from BeyondTrust, of Agoura Hills, Calif., shows that 90 percent of the stated critical vulnerabilities in the Microsoft Windows 7 operating system since it was released to manufacturing in July of last year would be mitigated if IT managers weren’t so permissive in granting administrator rights to employees who should be assigned the more restrictive standard user rights.

BeyondTrust, which also reviewed all 190 Microsoft published vulnerabilities in 2009, also reports that 100 percent of vulnerabilities in Windows Office, 100 percent of Internet Explorer 8 vulnerabilities, 94 percent of vulnerabilities in all IE versions and 64 percent of all Windows vulnerabilities in total would be mitigated with better access management.

The UK’s Security Service has introduced a redundancy programme for staff who lack IT skills, according to the Intelligence and Security Committee’s annual report.

In the report, which was laid before parliament on 18 March, Security Service director general Jonathan Evans is quoted as saying the Service — commonly known as MI5 — was instituting voluntary and compulsory redundancies after a review of its staff profile.

“I think some of the staff perhaps aren’t quite the ones that we will want for the future,” Evans said, according to the report. Compiled by a group of nine MPs and peers, the report said that 610 new staff joined the service between 2008-2009. A further 253 positions are scheduled to be filled by April 2010.

CRIMINALS who hide in the internet’s shadows to launch cyber attacks through legions of compromised computers, or zombies, may be caught by traceback tools being developed locally.

At present, computer crime forensic analysts can only track individual attacks back to the usually vast network of zombies herded together into a botnet for the purpose by an unknown malicious controller.

Wanlei Zhou, head of Deakin University’s School of Information Technology, hopes new work will allow investigators to pinpoint the original source of an attack — the machine controlling a botnet — and provide evidence to support the prosecution of cyber crimes. “Nobody has yet solved the problem of tracking beyond the zombies back to the actual controller and making it stick, legally,” Professor Zhou said.