Archive for November 2006

Store 256GB on Paper or Plastic

Techworld.com – Storage News – Store 256GB on an A4 sheet

With new “rainbow technology”, devised by Sainul Abideen who has just completed an MCA degree in Kerala, data can be encoded into coloured geometric shapes and stored in dense patterns on paper.

Files such as text, images, sounds and video clips are encoded in “rainbow format” as coloured circles, triangles, squares and so on, and printed as dense graphics on paper at a density of 2.7GB per square inch. The paper can then be read through a specially developed scanner and the contents decoded into their original digital format and viewed or played. The encoding and decoding processes have not been revealed.

Using this technology an A4 sheet of paper could store 256GB of data. In comparison, a DVD can store 4.7GB of data. The Rainbow technology is feasible because printed text, readable by the human eye is a very wasteful use of the potential capacity of paper to store data. By printing the data encoded in a denser way much higher capacities can be achieved.

Paper is, of course, bio-degradable, unlike CDs or DVDs. And sheets of paper also cost a fraction of the cost of a CD or DVD.
[Full Article]

Phone vs. Cable: Turf Wars Escalate

Phone vs. Cable: Turf Wars Escalate – New York Times

PHOENIX — Bees swarmed around Dennis Pappas as he pried open the door to a telephone equipment box belonging to Qwest Communications at an apartment building here recently. Inside, the insects had built a small but seemingly busy hive.

The bees called the box home because workers from Cox Communications, a local cable provider, did not properly plug a hole in it when they switched customers in the building over to Cox’s phone service, said Mr. Pappas, a public policy chief at Qwest, the local phone company. As a result, Qwest had to bring in a contractor to undertake the risky task of removing the hive.

It may sound like a small thing, but Qwest says the infested box is just one of many pieces of equipment that Cox has damaged or misused. It says Cox has left wires exposed and improperly grounded cables, hazards that could disrupt phone service or hurt customers and workers. Qwest even argues that the damage is part of a plan to make it harder to sign up customers it lost to Cox.

Technicians who came to Qwest from Cox said “that their instructions were to make it as tough for Qwest to win back the customer as possible,” Mr. Pappas said.

Cox says Qwest is exaggerating the scope of the damage, and it says there are many explanations for the problems — including improper maintenance by Qwest’s own workers. Cox also insists it fixes any damage brought to its attention.

There has been an outbreak of this kind of finger-pointing across the country lately, a product of the increasingly bitter turf war between phone and cable companies. After decades of relative peace and separation, friction is growing as cable providers sell more phone lines and phone companies get into the video business.

For the most part, the sparring has been limited to advertising campaigns and promotional offers. But here in Phoenix, where Cox has stolen nearly a third of the residential phone business from Qwest, the rancor has escalated. In January, Qwest filed complaints with state regulators over the equipment problems, leading to a protracted legal standoff and public backbiting.

Given the disputes over who did what, and the lack of any central records, it is hard to say how much these incidents are actually hurting the cable and phone industries, or their customers. But complaints by the companies are clearly on the rise. [Read on]

Cheap Clean Fusion

From Slashdot; Baldrson writes “One of the founders of the US Tokamak fusion program, Dr. Robert W. Bussard, gave a lecture at Google recently now appearing as a Google video titled ‘Should Google Go Nuclear?’. In it, he presents his recent reakthrough electrostatic confinement fusion device which, he claims, produced several orders of magnitude higher fusion
power than earlier electrostatic confinement devices. According to Bussard, it did so repeatably during several runs until it blew up due to mechanical stress degradation. He’s looking for $200M funding, the first million or so of which goes to rebuilding a more robust demonstrator within the first year. He claims the scaling laws are so favorable that the initial full scale reactor would burn boron-11 — the cleanest fusion reaction otherwise unattainable. He has some fairly disturbing things to say in this video, as well as elsewhere, about the US fusion program which he co-founded.”

Sources:

Post to JREF forum
Google TechTalk (video) – Should Google go Nuclear?
Robert W. Bussard -wikipedia

PCI cards the next haven for rootkits?

PCI cards the next haven for rootkits?

Security researcher John Heasman released a paper this week describing a way to hide malicious code on graphics and network cards in such a way as to avoid detection and survive a full re-installation of the operating system.

The paper (PDF), published on Wednesday, builds on the work presented by Heasman earlier this year, describing ways to use the Advanced Configuration and Power Interface (ACPI) functions available on almost all motherboards to store and run a rootkit that could survive a reboot. The current paper outlines ways to use the expansion memory available on Peripheral Component Interconnect (PCI) cards, such as graphics cards and network cards. [read + links]

Man used MP3 player to hack ATMs

Man used MP3 player to hack ATMs | The Register

A man in Manchester, England has been convicted of using an MP3 player to hack cash machines. Maxwell Parsons, 41, spent £200,000 of other people’s money after using the machine to read card details.

Parsons plugged his MP3 player into the back of free standing cash machines and was able to use it to read data about customers’ cards. That data could then be used to ‘clone’ cards and use them for bogus purchases.

Free-standing machines are typically found in shops and bars, and they allowed Parsons to plug his machine into the back of them in a way that would be impossible in wall mounted dispensers.

The MP3 player recorded customer details as they were transmitted over phone lines to the bank. Tones were read as they were transmitted and used to clone cards.

The case was heard at Minshull Street Crown Court in Manchester. Parsons was sentenced to 32 months in prison for the scam. [source]

Hubble Finds Evidence for Dark Energy

HubbleSite – Hubble Finds Evidence for Dark Energy in the Young Universe

Scientists using NASA’s Hubble Space Telescope have discovered that dark energy is not a new constituent of space, but rather has been present for most of the universe’s history. Dark energy is a mysterious repulsive force that causes the universe to expand at an increasing rate. Investigators used Hubble to find that dark energy was already boosting the expansion rate of the universe as long as nine billion years ago. This picture of dark energy is consistent with Albert Einstein’s prediction of nearly a century ago that a repulsive form of gravity emanates from empty space. Data from Hubble provides supporting evidence to help astrophysicists to understand the nature of dark energy. This will allow them to begin ruling out some competing explanations that predict that the strength of dark energy changes over time.

Researchers also have found that the class of ancient exploding stars, or supernovae, used to measure the expansion of space today look remarkably similar to those that exploded nine billion years ago and are just now being seen by Hubble. This important finding gives additional credibility to the use of these supernovae for tracking the cosmic expansion over most of the universe’s lifetime. Supernovae provide reliable measurements because their intrinsic brightness is well understood. They are therefore reliable distance markers, allowing astronomers to determine how far away they are from Earth. These snapshots, taken by Hubble reveal five supernovae and their host galaxies. The arrows in the top row of images point to the supernovae. The bottom row shows the host galaxies before or after the stars exploded. The supernovae exploded between 3.5 and 10 billion years ago. [Read full story + image]

Build a Web spider on Linux

IBM: Build a Web spider on Linux

Web spiders are software agents that traverse the Internet gathering, filtering, and potentially aggregating information for a user. Using common scripting languages and their collection of Web modules, you can easily develop Web spiders. This article shows you how to build spiders and scrapers for Linux® to crawl a Web site and gather information, stock data, in this case

A spider is a program that crawls the Internet in a specific way for a specific purpose. The purpose could be to gather information or to understand the structure and validity of a Web site. Spiders are the basis for modern search engines, such as Google and AltaVista. These spiders automatically retrieve data from the Web and pass it on to other applications that index the contents of the Web site for the best set of search terms.

Similar to a spider, but with more interesting legal questions, is the Web scraper. A scraper is a type of spider that targets specific content from the Web, such as the cost of products or services. One use of the scraper is for competitive pricing, to identify the price of a given product to tailor your price or advertise it accordingly. A scraper can also aggregate data from a number of Web sources and provide that information to a user. [Read more]

Inside the Mind of a Kernel Hacker

Security Watch.eWeek – Exploits and Attacks – Interview: Inside the Mind of a Kernel Hacker

You might be surprised to learn that the mysterious hacker behind the MoKB (Month of Kernel Bugs) project actually believes in responsible disclosure. For the entire month of November, the man known simply as “LMH” is releasing a daily proof-of-concept exploit for unpatched kernel-level flaws in operating systems — including Windows, Linux, Mac OS X and FreeBSD. I caught up with LMH over IM and found him willing to explain the motivation for the project, share thoughts on disclosure ethics and argue that some OS vendors are more dangerous than hackers…

RN: Can you introduce yourself? Who is LMH? Is there a real name?

LMH: Well, I have a name as we all do. LMH is in fact a reference to my real name. The reason for ‘hiding’ behind it is that while I don’t mind appearing on public mailing lists, news media, etc., I want to be recognized by the work I do. A name is pretty much like a trademark, and I’m not into trading with my name, thus I prefer to use a rather simple nickname such as ‘LMH’. That way people focus on the work and not who has done it. It’s also good to keep a low profile sometimes. I’m based in Europe.

How did you get involved in security research?

I got involved at a young age, obviously not in the best manner. Like most people in the ‘scene’ I started as the rather annoying script kiddie, or high school prankster. Fortunately I got through that and started doing more useful work ;). I’ve been doing kernel-related development for some time now around some projects. I found Metasploit to be a serious, yet extremely fun playground where I met skillful individuals such as HD (Moore) and Matt Miller (skape). I’ve been contributing to Metasploit for some time now. I could say it’s my professional career but I try to get involved in other related activities in areas like physical security.

What prompted you to do the MoKB project? Any particular reason for focusing on kernel bugs?

One of the reasons was to have fun and find interesting issues. The original intent was to get a general overview of the current state of kernel-land code but I was also pushed by the fact that some bugs apparently were being patched silently (even if they were known for months). The ‘better-safe-than-sorry’ saying applied fairly well to the situation, so that also motivated me to release these bugs into the public domain.

What’s wrong with silent fixes? Microsoft says that anything they find themselves will be fixed silently because releasing information only serves to help attackers…

It’s wrong when developers and vendors are dishonest. It’s also contradictory to the apparent policy/motivations of a company if their business model focuses on security or open source software. Actually, silent fixing aids attackers. Someone who thinks that no one can notice a silent fix by either reverse engineering or simple mining of change-logs and development discussions is definitely someone harmful to himself, his company and the userbase of the product itself. [Full interview]

Ex-HP Chairman Pleads Not Guilty in Board Spy Case

Ex-HP Chairman Pleads Not Guilty in Board Spy Case

SAN JOSE, Calif. (Reuters)—Former Hewlett-Packard Co. Chairman Patricia Dunn Wednesday pleaded not guilty to felony charges for spying on reporters and directors in a scandal that sullied the reputation of one of Silicon Valley’s most venerable and respected companies.

Dunn’s appearance at the San Jose, California, courthouse was the latest development in the boardroom-leak scandal that tarnished the reputation of a company that had long championed privacy and aspired to a code of conduct toward employees and customers called the “HP Way.”

In HP’s probes, investigators impersonated company board members, employees and journalists to get their private telephone records.

After pleading not guilty, Dunn and her attorneys walked out of the courthouse and past reporters, declining to answer questions. About half a dozen television trucks and more than a dozen reporters had gathered outside.

Dunn, who resigned in September and appeared before U.S. Congress the same month to testify about the investigation, has said she regretted the way the probe was handled, but did not accept personal responsibility for any deceptive tactics used.

California Attorney General Bill Lockyer filed charges last month against Dunn and four other defendants because of tactics used in HP’s effort in 2005 and 2006 to find the source of leaks to the media.

Dunn’s attorney, Jim Brosnahan, has said that California’s accusations were false. [Read more]

Hacker’s Profiling Project

NewsForge | Inside the Hacker’s Profiling Project

Imagine being able to preview an attacker’s next move based on the traces left on compromised machines. That’s the aim of the Hacker’s Profiling Project (HPP), an open methodology that hopes to enable analysts to work on the data (logs, rootkits, and any code) left by intruders from a different point of view, providing them with a profiling methodology that will identify the kind of attacker and therefore his modus operandi and potential targets. [Read]

HPP
www.isecom.org – PROJECTS & RESEARCH

Windows XP Firewall Hack Released

Sci-Tech Today – Windows XP Firewall Hack Released

Security researchers say hackers have published code that could let an attacker disable the built-in firewall on computers running Microsoft’s Windows XP operating system.

The code, which has been available on the Internet since Sunday, could be used to disable the firewall on completely up-to-date Windows XP computers running Microsoft’s Internet Connection Service (ICS), allowing malicious code to be planted on those machines.

The exploit details ways to send specially formed malicious data packets to force ICS to fail. Because ICS is connected to the Windows XP firewall, the packets could also cause the firewall to fail. [Read on]

Salt-Water Fish Extinction Seen By 2048

Salt-Water Fish Extinction Seen By 2048, Study By Ecologists, Economists Predicts Collapse of World Ocean Ecology – CBS News

The study by Boris Worm, PhD, of Dalhousie University in Halifax, Nova Scotia, — with colleagues in the U.K., U.S., Sweden, and Panama — was an effort to understand what this loss of ocean species might mean to the world.

The researchers analyzed several different kinds of data. Even to these ecology-minded scientists, the results were an unpleasant surprise.

“I was shocked and disturbed by how consistent these trends are — beyond anything we suspected,” Worm says in a news release.

“This isn’t predicted to happen. This is happening now,” study researcher Nicola Beaumont, PhD, of the Plymouth Marine Laboratory, U.K., says in a news release.

“If biodiversity continues to decline, the marine environment will not be able to sustain our way of life. Indeed, it may not be able to sustain our lives at all,” Beaumont adds.

Already, 29% of edible fish and seafood species have declined by 90% — a drop that means the collapse of these fisheries.

But the issue isn’t just having seafood on our plates. Ocean species filter toxins from the water. They protect shorelines. And they reduce the risks of algae blooms such as the red tide.

“A large and increasing proportion of our population lives close to the coast; thus the loss of services such as flood control and waste detoxification can have disastrous consequences,” Worm and colleagues say.

The researchers analyzed data from 32 experiments on different marine environments. [More]

NVIDIA “G80” GeForce 8800GTX Performance Explored

DailyTech – NVIDIA “G80” GeForce 8800GTX Performance Explored

NVIDIA is set to launch its upcoming G80 GeForce 8800GTX and 8800GTS graphics cards next week, however, DailyTech snagged a GeForce 8800GTX board to run a couple quick benchmarks on. The GeForce 8800GTX used for testing is equipped with 768MB of GDDR3 video memory on a 384-bit memory bus as previously reported. Core and memory clocks are set at 575 MHz and 900 MHz respectively. Other GeForce 8800 series features include 128-bit HDR with 16x anti-aliasing and NVIDIA’s Quantum Physics Engine.

Previous NVIDIA graphics cards in single card configurations were limited to lower levels of anti-aliasing. With the GeForce 8800 series, users can experience 16x anti-aliasing with only a single card. DailyTech has verified the option is available in the NVIDIA control panel.

The physical card itself is quite large and approximately an inch and a half longer than an AMD ATI Radeon X1950 XTX based card. It requires two PCI Express power connectors and occupies two expansion slots. An interesting tidbit of the GeForce 8800GTX are the two SLI bridge connectors towards the edge of the card. This is a first for a GeForce product as SLI compatible graphics cards typically have one SLI bridge connector. [Read on]

See article for pics also.