Here are two pieces of news from The Register that dovetail nicely. Three new MS security holes − two nasty describes 3 new bugs in Microsoft’s products.

The first bug affects all recent versions of SQL Server 2000, Windows XP and Internet Explorer 6 and could give access to the local hard drive to an attacker. The attacker would have to know the name of the file and would receive only read privileges. This is a relatively mild attack, but since most people install to default folders, it... [More]

The U.S. Justice Department settled their case with Microsoft, in which they found that while Microsoft is a monopoly and has been for over a decade, the U.S. unfortunately has too much growth and economy riding on their stock (recall that the announcement of the finding of fact against Microsoft in 2000 precipitated the bursting of the dot-com bubble), so they decided to let them keep doing what they’re doing, with nary a nod to the thousands of companies either gobbled up, run out of business... [More]

It seems granting full partner trading status to China isn’t going to be the boon Microsoft expected. As a provision of gaining status, China has agreed to crack down on piracy, and, in particular, to stop using pirated software and operating systems in government agencies. Microsoft saw this as an opening for massive profits from newly-licensed software from a large established user base. The Register published Red Flag Linux beats out Windows in Beijing, pointing out a Gartner Group document, ... [More]

Dmitry Sklyarov has escaped sacrifice on the altar of the DMCA. He is the programmer for the Russian software firm Elcomsoft that cracked the pitiful copy-protection on the Adobe E-Book Reader in order to allow users to make backups of books they bought. After an initial outcry, Adobe dropped the case, but the U.S. Attorney’s office pursued the first case to prosecute for violating the DMCA.

He was eventually released 5 months later and spent the holidays at home, in Russia. However, the O’Reilly... [More]

Cryptome published Coming Soon: Hollywood Versus the Internet recently, detailing the players involved in the Hollings bill (also called the SSSCA), which has been submitted to Congress. The bill basically involves making it a felony to produce an information device that does not have government-approved hardware DRM (Digital Rights Management) built into it.

A few years ago, Napster scared the hell out of the recording industry and Hollywood is moving to ensure that they get a jump on the... [More]

CNN has Gates Orders ‘Trustworthy Computing’ announcing yet another Microsoft initiative that claims to put user’s security concerns first. After the spate of problems reported in Microsoft software (Windows Update, Windows Media Player, numerous IE security holes and the UP&P XP hole), its not surprising to see Gates himself come forward to say he’s going to put a stop to it. But is it more than just lip service this time? Probably not.

Counterpane’s latest Crypto-Gram (January 15, 2002)... [More]

Common Dreams published New Turbine Can Extract Energy from Flowing Water. Alexander Gorlov, who worked on the Aswan Dam in Egypt is currently testing the new design that could provide a cheaper, less invasive form of hydro-power than that provided by dams.

<q> … Gorlov’s turbines have other advantages, proponents say: When they generate electricity, you can’t see them, you can’t hear them, and they’re virtually disruption-free.</q>
 

Have you ever seen those ASCII pictures that look like they took forever to create? There’s a tool called MosASCII that makes it easy to construct them in HTML, in full color.

I made the earthli globe into ASCII art. It’s easy.

In other ASCII art news, The Register reports in Ever wanted to see Star Wars in Telnet? that a “whacked Dutch hardware geek” called Sten has converted Star Wars into 13,935 frames of Telnet action. As the title of the article suggests, you simply must check it out if... [More]

Security Focus ran a longish article called Lamo’s Adventures in WorldCom about a lone 20 year old hacker who finds holes in corporate web sites not by hacking, but just by looking for them. He has no home and often spends all night in a Kinko’s with his old laptop jacked into a free connection. He doesn’t take advantage of the information he finds and, once he’s finished, usually turns it over to the company he ransacked, along with a map of all of the holes in their Net.

Bruce Sterling, a science fiction writer, gave an interesting talk recently about the state of cryptography today. He talks about what we all thought the net would be like today and how it’s ended up where it is. Where did all of that ‘geeks’ will rule the world stuff go? Well, he says:

“So where are these imaginary earthshaking geek outlaws who laugh in derision at mere government? Well, they do exist, and they’re in Redmond. The big time in modern outlaw geekdom is definitely Microsoft. ... [More]”

The most complete history of UseNet, an enormous news archive has been resurrected and indexed at Google Groups. The announcement mentions the historical aspects of this archive:

<q>We are compiling some especially memorable articles and threads in the timeline below. For example, read Tim Berners-Lee’s announcement of what became the World Wide Web or Linus Torvalds’ post about his “pet project”.</q>

Slashdot is reporting a newly discovered security hole in Internet Explorer in Another Gaping Microsoft Security Hole Goes Unpatched.

Basically, it’s possible to create a link that will cause explorer to issue a download dialog asking whether you want to save the file or open it. The link would claim that the file was a text file or a PDF file, for example, leading you to possibly click to open it. However, once you tell IE to open it, it uses a different set of standards that would notice... [More]

This news is somewhat old, but several people I’ve talked to recently had never heard of it, so I’ve collected the unfolding(ed) story. On November 20, 2001, MSNBC reported that FBI software cracks encryption wall. The title is misleading, since the FBI hasn’t cracked any encryption schemes. The article deals with the ‘Magic Lantern’, which is the FBI’s cutesy name for a computer virus they wrote that installs key-logging software onto a suspect’s computer.

Key-logging software runs in the... [More]

There are two announcements from the last couple of days that nicely dovetail. The first is form Microsoft:

Microsoft has admitted (though not very publicly) that IE has another easily-exploitable hole in its cookie security that allows:

<q>A malicious web site with a malformed URL could read the contents of a user’s cookie which might contain personal information. In addition, it is possible to alter the contents of the cookie. This URL could be hosted on a web page or contained in an... [More]

Wired reports that there’s a relatively gaping hole in the Microsoft’s Passport service. This service holds all of a user’s personal information and can also hold credit card and financial information. It’s being touted as a keyring for the Internet, kept secure by Microsoft. If you have a HotMail account, you have a PassPort (it may or may not have your credit card information, though). However:

<q>In a demonstration of the exploit earlier this week, Slemko sent Wired News a specially crafted... [More]

There are a lot of rumors floating around. Attorney General John Ashcroft and the FBI tell us that they use high-encryption programs, so the government needs access to all of those. Others claim that they are using steganography (information embedded in images) and are communicating through web porn. Phil Zimmermann, the inventor of PGP (an encryption package) was quoted by the Washington Post as expressing “regret” for inventing PGP.

All not true. Most of it deliberately misinterpreted to... [More]

There’s a lot of people who just look at the speed of a chip; even people who should know better. Higher equals faster. If I’ve got an Athlon 1.4GHz, then how much faster could I be going with a P4 2.0 GHz. I mean, 2.0 GHz! Intel broke the 2 GHz barrier! Wow!

Settle down.

Here’s some good benchmarks from HardOCP showing that the Athlon 1.4 chip is faster in some tests and slower in some tests (about 50/50) on this page, but only by small margins either way. Statistically, they’re... [More]

In an acronym-filled room in Washington, filled with CEOs from TW-AOL, IBM, EMI, MPAA and a host of others that use real names, the large media companies of the U.S. started in again on their battle against file-sharing. The Register has a quick article with some of the minutes from the meeting. What are they doing? Bringing back CPRM (a copyright-protection mechanism built into storage media) is on the list, for sound-cards now as well as hard drives.

<q>we are working with sound card... [More]

When Gartner issued their recommendation that companies stop using IIS (see forum posting), Microsoft responded that other vendors, notably Apache, also had security problems. To whit:

<q>It doesn’t matter what system you are running, if you don’t keep up to date you will be hit. </q>

The Register published replies to Microsoft’s response.

<q>…That’s not very smart. It’s like saying that it doesn’t matter whether you buy a Toyota Camry or a Russian Lada, because you will eventually have to... [More]

An article on Slashdot reports that the FTC is shutting down a number of sites that trap you into an endless cycle of pop-up windows. Many of these cycles involve porn and gambling site advertisements. One stumbles into them by mistyping popular web addresses.

Once again, the government shouldn’t be getting involved here. This guy is just using ingenuity to manipulate the functions of popular browsers. It’s not a virus. It doesn’t do any damage. The problem lies in the browsers. Here’s a... [More]

An article at EE Times details a bill coming to Congress soon. This new bill pushed onto the floor of Congress by big players (MPAA with Disney and Fox in the lead), will force any company making a digital device to install hardware-level copyright protection. Let me clarify. That means any American company. In an already struggling economy, this is not a good idea. Who’s going to buy these devices? Probably a lot of people. Will they know that they’ve been crippled? Not until it’s too late.... [More]

Ars Technica reports on a new proposal by the W3C which would allow them to promote standards which are not open. That is, standards that are copyrighted and/or patented by companies. This opens up future problems like the GIF one, in which Unisys laid in wait until the format was accepted as an open standard, then came forward with its patent. The article points out that the W3C seems to be in a remarkable hurry to pass this recommendation:

<q>As we[W3C] have begun to use portions of the... [More]

Believe it or not, ZDNet (albeit the British version) has weighed in with a scathing critique of Microsoft(There’s a great little analogy comparing Microsoft to a blue whale and its users to krill.), its licensing policies and its treatment of customers.

<q>…XP Home Edition says that your computing experience will be made less pleasant because the operating system will turn itself off if you change your computer too much, at which point you’ll have to go begging to Microsoft to be allowed to... [More]

There’s a good article on Wired about the largest telecom company in Japan. It covers a lot of how the Japanese are using cell phones and the approach a successful (as so many in Europe and the States are not) telecom company should take.

Slashdot writes that the Gartner Group has come out with a statement recommending that businesses not use Microsoft’s web server.

Slashdot misreports the severity, though:

<q>Gartner remains concerned that viruses and worms will continue to attack IIS until Microsoft has released a completely rewritten, thoroughly and publicly tested, new release of IIS,‘ which they say has an 80% chance of happening by the end of next year.</q>

Note that the Slashdot quotes extend into the portion that is... [More]

The justice department just kind of let them walk. They definitely abused their monopoly (see this thread). It seems the prosecution lost their witnesses. All of the companies pushing the U.S. Government to release Microsoft’s yoke suddenly have much more important things to worry about…like bankruptcy.

The well-known Dutch cryptographer claims to have broken Intel’s DVI (Digital Video Interface) encryption, but won’t publish for fear of being prosecuted under the DMCA as soon as he sets foot on American soil.

http://www.securityfocus.com/templates/article.html?id=236

http://latimes.com/technology/la-000064605aug09.story

More hacktivism from the Cult. This time their software aims to provide private, closed networks untouchable by prying eyes.

The last section ‘Some Truth about Peekabooty’ is the most interesting, I think.

http://www.theregister.co.uk/content/6/19067.html
 

 

This is a comparison of Windows 98 and Windows 2000 with the GeForce2 GTS (slowest one) and Radeon (both 64MB cards). They tested 8 different games with different engines, including Unreal Tournament, Quake 3 and Serious Sam. Surprise, surprise, Quake and Serious Sam showed 0% change between platforms.
Looks like you can move safely over if you like….

Here’s the main chart:

http://www.anandtech.com/showdoc.html?i=1422&p=12

and the whole review:

http://www.anandtech.com/showdoc.html?i=1422&p=1... [More]