Archive for July 2006

Cyberwar : the beginning

www.zone-h.org – Cyberwar : the beginning

The war in Lebanon is now showing its consequences in the digital world and a huge number of websites has been attacked and defaced as a protest against the invasion of Lebanon by Israel.

Today two NASA websites were attacked as well. The intrusion was carried out by the Chilean group of crackers known as Byond Hackers Crew through a leak in the SQL Injection they entered the system and subtracted user names, passwords and e-mails from the NASA web server.

After that these information had been stolen, they managed in entering the administrative area by using an administrator user ID and password , and finally they made the defacement replacing the homepage with their message…

This group goes with the others that in last days carried out attacks against governmental and commercial websites both from America and Israel, whereas other blackhat groups attacked Israeli websites provoking a denial of service (DDoS) of that particular webpage.

The messages conveyed by all these defacements focus on the idea that, according to the attackers, the search of terrorist is just a pretext for the war on the south of Lebanon, that actually killed a lot of innocent people .

The list of the websites that have been defaced this week follows, including NASA , Berkeley University, Microsoft and U.S Government web pages. [Original article] – with mirrors of the defacements

Japan Bests IBM in Supercomputer Stakes

Japan Bests IBM in Supercomputer Stakes – NewsFactor Network

In the supercomputer universe, bragging rights go to the machine packed with the most number-crunching speed. And a spirited competition has raged for several years now between the U.S. and Japan for leadership in high-performance computing. For the last two years, IBM’s BlueGene/L at the Lawrence Livermore National Laboratory kept the U.S. in the lead over a meteorological modeling machine developed by NEC called the Earth Simulator.

For those of you keeping score out there, Japan is about to take back the world speed record for computing it held earlier in the decade. The MDGrape-3 at Riken (formerly known as the Institute of Physical & Chemical Research) in Yokohama was clocked at a mind-boggling one quadrillion calculations per second. In industry-speak, that’s one “petaflop” of floating-point calculations per second.

After nearly four years in development and $9 million spent, the Riken machine is the first ever to accomplish the feat. It’s nearly three times swifter than BlueGene/L, the official No. 1 in an industry ranking called the Top 500 Supercomputer Sites. The MDGrape-3 wasn’t ready in time to qualify for the list which was released on June 27. It could top the next one, but the machine may be ineligible because of its specialized hardware. Here we take a look at the Riken machine and the global supercomputer race. [Read on]

Mysterious quasar casts doubt on black holes

New Scientist – Mysterious quasar casts doubt on black holes

A controversial alternative to black hole theory has been bolstered by observations of an object in the distant universe, researchers say. If their interpretation is correct, it might mean black holes do not exist and are in fact bizarre and compact balls of plasma called MECOs.

Rudolph Schild of the Harvard-Smithsonian Center for Astrophysics in Cambridge, Massachusetts, US, led a team that observed a quasar situated 9 billion light years from Earth. A quasar is a very bright, compact object, whose radiation is usually thought to be generated by a giant black hole devouring its surrounding matter.

A rare cosmological coincidence allowed Schild and his colleagues to probe the structure of the quasar in much finer detail than is normally possible. Those details suggest that the central object is not a black hole. “The structure of the quasar is not at all what had been theorised,” Schild told New Scientist.

A black hole, as traditionally understood, is an object with such a powerful gravitational field that even light is not fast enough to escape it. Anything that gets within a certain distance of the black hole’s centre, called the event horizon, will be trapped.

A well accepted property of black holes is that they cannot sustain a magnetic field of their own. But observations of quasar Q0957 561 indicate that the object powering it does have a magnetic field, Schild’s team says. For this reason, they believe that rather than a black hole, this quasar contains something called a magnetospheric eternally collapsing object (MECO). If so, it would be best evidence yet for such an object. [Read on]

BHO and XPCOM: Extensions Gone Wild

Symantec Security Response Weblog: BHO and XPCOM: Extensions Gone Wild

Mozilla’s Firefox browser is quite popular and it is often recommended when it comes to the question: What is a safe browser alternative? Unfortunately, this does not necessarily mean that you are not susceptible to browser attacks.

Microsoft Internet Explorer is often hijacked by malware that drops browser helper objects (BHO), which will then be loaded every time the user starts Microsoft Internet Explorer. The BHOs can then manipulate data that is sent to the Internet and (for example) steal passwords or monitor user habits. With the Cross Platform Component Object Model (XPCOM), something similar to a BHO exists on the Mozilla side. It is a framework for developers to create modules that access features of the Gecko engine. For example, Firefox extensions are written with XPCOM and can therefore integrate seamlessly into Firefox.

Of course, it shouldn’t be a big surprise that this technique can also be used with malicious intent. Unwanted extensions that we already have seen implemented as BHOs are also possible as extensions for Firefox. In March 2006 we found the first in-the-wild case with JS.Ffsniff, which is a JavaScript that uses XPConnect. XPConnect is an interface for JavaScript that allows transparent access to XPCOM objects. The threat is part of a browser extension; once installed, it will add itself as an event listener for all “form submit” events. When an infected user submits a Web form on a Web site, the threat will parse the site and steal all information that is submitted by the Web form, including passwords. The JS.Ffsniff script then sends this information to a predefined email address using XPCOM objects. [More]

Linux Patches..

New patches for Ubuntu:

Firefox
(multiple flaws)

Thunderbird
(multiple flaws)

Mozilla
(multiple flaws)

PHP4
(regression error in previous update)

mysql-dfsg-4.1
(format string, denial of service)

Konqueror
(denial of service)

**********

New patches for Gentoo:

GIMP
(buffer overflow, code execution)

Wireshark
/ Ethereal (multiple flaws)

Samba
(denial of service)

**********

New updates for Debian:

Kernel 2.6.8
source (race condition)

GIMP (buffer
overflow, code execution)

libgd2 (denial
of service)

Firefox
(multiple flaws)

postgrey (format
string)

Net::Server Perl
module (format string)

libdumb (buffer
overflow, code execution)

fbi (filter
bypass)

Newfound blob is biggest thing in the universe

USATODAY.com – Newfound blob is biggest thing in the universe

blobAn enormous amoeba-like structure 200 light-years wide and made up of galaxies and large bubbles of gas is the largest known object in the universe, scientists say.

The galaxies and gas bubbles, called Lyman alpha blobs, are aligned along three curvy filaments that formed about 2 billion years after the universe exploded into existence after the theoretical Big Bang. The filaments were recently seen using the Subaru and Keck telescopes on Mauna Kea.

The galaxies within the newly found structure are packed together four times closer than the universe’s average.

Some of the gas bubbles are up to 400,000 light years across, nearly twice the diameter of our neighboring Andromeda Galaxy. Scientists think they formed when massive stars born early in the history of the universe exploded as supernovas and blew out their surrounding gases. Another theory is that the bubbles are giant gas cocoons that will one day give birth to new galaxies. [more]

3-D Flexible computer chips

Research dishes out flexible computer chips

3d chipNew thin-film semiconductor techniques invented by University of Wisconsin-Madison engineers promise to add sensing, computing and imaging capability to an amazing array of materials.

Historically, the semiconductor industry has relied on flat, two-dimensional chips upon which to grow and etch the thin films of material that become electronic circuits for computers and other electronic devices. But as thin as those chips might seem, they are quite beefy in comparison to the result of a new UW-Madison semiconductor fabrication process detailed in the current issue of the Journal of Applied Physics.

A team led by electrical and computer engineer Zhenqiang (Jack) Ma and materials scientist Max Lagally have developed a process to remove a single-crystal film of semiconductor from the substrate on which it is built. This thin layer (only a couple of hundred nanometers thick) can be transferred to glass, plastic or other flexible materials, opening a wide range of possibilities for flexible electronics. In addition, the semiconductor film can be flipped as it is transferred to its new substrate, making its other side available for more components. This doubles the possible number of devices that can be placed on the film. [Read on]

Exploit Code Published for Windows Worm Hole

Exploit Code Published for Windows Worm Hole

Detailed exploit code for a critical Windows worm hole has been published on the Internet, putting millions of users at risk of PC takeover attacks.

The code, which was posted to the Milw0rm Web site, attempts to exploit a known—and already patched—vulnerability in the DHCP (Dynamic Host Configuration Protocol) Client service.

Microsoft released the MS06-036 bulletin on July 11 to correct the flaw, and warned that a successful exploit could allow remote code execution on Windows 2000 SP4, Windows XP and Windows Server 2003.

Windows uses DHCP to reduce the complexity of administering network addresses. But because of an unchecked buffer, Microsoft said, an attacker could remotely hijack a compromised system to install programs, view, change or delete data, or create new accounts with full user rights. [Read on]

AMD Eyes PC-on-a-Chip with ATI

AMD Eyes PC-on-a-Chip with ATI Buy

All of the efforts focus on packing more technology into PCs and servers that use AMD chips. The company’s Torrenza program, for one, encourages third parties to build accelerator chips that plug into its platforms.

But the ATI acquisition will put a new spin on the recent efforts by offering even tighter integration between AMD processors and their supporting chips.

Ultimately, AMD aims to roll its own processor cores and ATI’s graphics processors into one, creating new a type of PC-on-a-chip processors.

Meanwhile, through the tighter integration of its processors and supporting chips, AMD could offer price breaks and support programs, such as stability and reliability guarantees, that appeal to business PC makers such as Dell, HP and Lenovo, allowing it to compete more closely for corporate business with its larger rival, Intel. [Read on]

Irish Worker Finds Ancient Book of Psalms

AOL News – Irish Worker Finds Ancient Book of Psalms

The approximately 20-page book has been dated to the years 800-1000. Trinity College manuscripts expert Bernard Meehan said it was the first discovery of an Irish early medieval document in two centuries.

“This is really a miracle find,” said Pat Wallace, director of the National Museum of Ireland, which has the book stored in refrigeration and facing years of painstaking analysis before being put on public display.

The book was found open to a page describing, in Latin script, Psalm 83, in which God hears complaints of other nations’ attempts to wipe out the name of Israel.

Wallace said several experts spent Tuesday analyzing only that page — the number of letters on each line, lines on each page, size of page — and the book’s binding and cover, which he described as “leather velum, very thick wallet in appearance.”

It could take months of study, he said, just to identify the safest way to pry open the pages without damaging or destroying them. He ruled out the use of X-rays to investigate without moving the pages. [Full article]

Both cool and odd, that it happened to be open at that particular page with the current Israel situation going on. eye

Write on water

from SCI FI Tech blog —Adam Frucci

If you thought using a skywriter to propose to your girlfriend was a clever way of spelling something out, take a look at this. Researchers at Akishima Laboratories have developed a way to spell out words and draw pictures on the surface of a pool by using 50 wave generators. The generators create “pixels” in the water and combine them to create the letters. Earlier versions of the pool had trouble creating straight lines and took up to 15 minutes to input each letter. This latest version, however, handles Ks and Ls with ease and takes between 15 and 30 seconds to input each letter. I’m not sure if and when this sort of thing will be available to impress the hell out of your neighbors in your backyard pool, but it’s sure to be extremely expensive if it ever does get a commercial release. See [link] for pic.

Slashdot | You OS Web Based Operating System

Slashdot | You OS Web Based Operating System

You OS comes from the MIT Labs and contains an email client, Chat Function, RSS Reader, and Text Editor. YouOS is a web operating system that lets you run diverse applications within a web browser. Small applications like sticky notes or clocks. Large applications like word processing, mp3 players, and instant messaging. Even better, it’s very easy to tweak an existing application or write your own.

AMD to Acquire ATI

eWeek: AMD to Acquire ATI

Advanced Micro Devices will acquire graphics processor maker ATI Technologies in an effort to emerge as a more formidable supplier of chips for business computers.

AMD has traditionally worked with multiple partners whose chips can be used with its processors to build PCs. But the company intends to use the tie-up, announced on July 24, to deliver more tightly integrated processors and supporting chip sets, in an effort to lure more businesses.

AMD has made strides with businesses of late, particularly in the server space. Its Opteron server chip has claimed more than a quarter of server processor shipments, thanks to partnerships with companies such as Hewlett-Packard, IBM and Sun. It has also won major PC deals. However the company—whose goal is to serve at least one third of the PC processor market in the future—says it still needs to do more to gain businesses’ loyalties in corporate PCs, a market where Intel continues to dominate. [Read more]