Friday, March 16, 2007

Gnome 2.18 Released

GNOME 2.18

GNOME 2.18 is the latest version of the popular, multi-platform free desktop environment, providing all the tools a user needs for everyday work, and a platform for developers to write new software.

GNOME's focus is ease of use, stability, and first class internationalization and accessibility support, so that GNOME and its applications are usable by anyone, anywhere. GNOME runs on a variety of platforms, including GNU/Linux (commonly called Linux), Solaris, HP-UX, BSD and Apple's Darwin. Work has been done in this release to make it easier to port GNOME tools to Windows as well.

GNOME is part of The GNU Project, and is Free Software.

GNOME 2.18 Release Notes

The Release Notes explain the contents of this release, showing what GNOME is, what's new, and how to get it, with links to further information.

The Release Notes are available in other languages: Arabic, Catalan, German, French, Lithuanian, Macedonian, Panjabi, Portuguese (Brazilian), Russian, Serbian, Spanish, Swedish, Thai.

We encourage you to submit screenshots of GNOME 2.18 to our gallery. You can check out the great screenshots submitted by our intrepid community. These shots demonstrate our users' beautiful desktops, as well as some of the new features in this version of GNOME.

Getting GNOME 2.18

LiveCD and Disk Images for Virtual Machines

To download and preview the latest version of GNOME, try our easy LiveCD. Download, burn, and reboot - Without touching your current system, it just shows you the latest and greatest in GNOME and beyond.

You can alternatively download a disk image, and launch GNOME in a virtual machine using your favorite virtualization software. You don't even have to leave your current system to try out GNOME!

The LiveCD and the disk images contain all of our supported languages.

Download the LiveCD or disk images.

GNOME in Distributions

Although Linux distributions and other flavors of UNIX do not immediately integrate new GNOME versions, in the next few months many of the biggest distributions will package and ship GNOME 2.18. To see the latest information about who is shipping GNOME 2.18, visit our Get Footware page.

Building From Source

Of course, our sources are always available so you can build GNOME from scratch. To ease the build, we recommend that you use GARNOME or jhbuild.

GARNOME

jhbuild (2.18.0 modulesets)

Source Tarballs:

Platform Sources

Desktop Sources

Bindings Sources

Admin Sources

Developer Tools Sources

Other Announcements

The Community Announcement is the official email announcing the release to the people who actually did the work.

Users

What is GNOME?

Download

Community News

Software Map

Foundation

Press

Contact

Developers

Developer Site

Mailing Lists

Bugzilla

About GNOME · Download · Support · Community · Developers · Foundation · Contact

GNOME 2.18 (Simply Beautiful)

GNOME 2.18 is out, on time as usual. The top-class free desktop for the masses looks and feels better than ever. This is another progressive release in our road to perfection. It integrates another load of improvements done in the visual design, the performance of the desktop components, and the growing collection of integrated applications. The web browser and the themeable window manager are two good examples to check.

Personal security is now fully integrated into the desktop, allowing digitally signed communications, encryption of emails and local files, and user-friendly management of personal keys. Internationalization records progress in all directions, with support for vertical text layout and a full Arabic localization matching the quality standards. The official release incorporates essential tools for developers, which hopefully will contribute to get more and better software for the GNOME users.

What's more important, for the first time we ship online games, chess with a 3D look, and endless Sudoku entertainment.

The GNOME desktop is distributed through free and commercial operating systems including Debian, Fedora, Mandriva, OpenSolaris, RedHat, SLED and Ubuntu. GNOME is also present inside XO (the One Laptop Per Child device) and an increasing collection of mobile devices. Users can already get their hands on GNOME 2.18 trying our official live demos or the testing versions released by some distributions. Check the Get Footware page and give it a try.

In More Detail

Everyone

Tomboy, the note-taking applet, helps you to keep better track of your most important notes by pinning them, making sure they will always easier to find.

Using Tomboy to create lists is now as simple as adding a * or a -.

Never lose track of your work and pick up where you left off by finding the recently opened files, or just search for new distractions with the new Deskbar applet.

Find out where all your disk space is going with the new ring chart view in GNOME's Disk Usage Analyzer.

Save battery power with GNOME Power Manager's control over your processor.

Whether you have two monitors or not, the GNOME Document Viewer now supports opening multiple instances of a document at the same time.

Use the new history feature to navigate your documents like a web page.

Hand out better printed slide notes and keep your audience engaged with Evince's new presentation mode.

Digitally sign or authenticate your documents using Seahorse, the new front-end to GNU Privacy Guard.

Use Seahorse to manage the security of your desktop and your OpenPGP and SSH keys.

Developers

Create applications faster using the new Glade graphical interface builder.

Display all your reference documentation using the new integrated help system.

Improved bug reporting ensures that GNOME just keeps getting better.

Fun

Encode your audio in more formats including OGG, MP3 or even AAC!

Turn up the volume on your music and movies with the new and improved volume control that now supports advanced sound cards including the Audigy 2.

Take a break and try our two new games: Chess with glChess, where you can play either against a friend; or try to master the computer opponent or try yourself in solving a Sudoku with GNOME Sudoku, the Japanese crossword puzzle.

Challenge a friend to an online game of Nibbles, Iagno, or Four-in-a-Row.

Share Your Desktop

Connect to your desktop from anywhere in the world.

If you rotate your photos in the camera, they stay that way when you view them with the Eye of GNOME Image Viewer.

Show your friends how you customized your desktop from the login screen to the appearance of your favorite GNOME applications.

Universal Access

Added support for vertical text layouts in Chinese and Japanese.

Added New text-to-speech drivers including Loquendo, Cepstral Swift, and eSpeak.

Improved support for Orca.

Improved support for Chinese using the IBMTTS engine.

Improved support for Gnome Magnifier.

Added Thai dictionary to GNOME Dictionary.

Improved results display in GNOME Dictionary.

About GNOME

We produce free software that makes computers friendly, useful, and fun. We provide a graphical environment that is easy to use, a set of integrated programs, and tools to develop and maintain your own applications.

GNOME is available in dozens of languages. It is compatible with multiple operating systems. It works on home computers, laptops, mobile devices, supercomputers, and small embedded appliances. You can find GNOME across the world in homes, schools, offices, and probably also in your neighborhood.

GNOME has won a reputation for its simplicity and ease of use. We love software that just works: logical, clean, intuitive, and full of sense. Attention to detail is always appreciated: we polish interfaces as well as internal processes, in a constant search for beauty and integration.

The coordination of this large project relies on the GNOME Foundation, an open organization formed by volunteers, professionals and companies.

Learn more about GNOME's best assets at www.gnome.org.

Windows Vista Brute-Force Attack Alive and Kicking

Enlarge picture

The Windows Vista brute-force crack is alive and still kicking. While the original Windows Vista Brute Force KeyGen has proved to be nothing more than a hoax, with its author coming up

in the open and not only apologizing for creating the crack but also revealing that it was not functional, the key generator workaround for Vista is not yet history. Not even by far.

In fact, the Windows Vista brute-force crack has survived and even got updated. However, it appears that the Vista Brute-Force Method GUI 0.1 + SourceCode has a new father that identifies himself as “stof91.”

“I strongly suggest that you use SoftMod, if you are looking to illegally activate Windows Vista.
(Which doesn't mean that I'm not against it). I stopped development, and will only continue if everyone stops complaining and if it's needed, I had a look at SoftMod.. and it seems that it's the way to go... The application will stay online, until it is removed... after that, you can pm me if you want it,” stof91 revealed.

However, he does offer not only the Windows Vista brute-force crack with a streamlined interface but also the proof-of-concept for the workaround. The brute-force attack is designed in such a manner that it will randomly search for legitimate product keys for the operating system. The actual functionality is similar to the first version released by ComputerUser. This version brings nothing new to the table in comparison to the original release, and as such it is just as much of a hoax, although the author did provide a screenshot designed to prove that the brute force attack actually works.

MIT provides blueprint for future use of coal

Leading academics from an interdisciplinary MIT panel issued a report today that examines how the world can continue to use coal, an abundant and inexpensive fuel, in a way that mitigates, instead of worsens, the global warming crisis. The study, "The Future of Coal--Options for a Carbon Constrained World," advocates that the United States assume global leadership on this issue through adoption of significant policy actions.

Tuesday, March 13, 2007

Cell Broadband Engine

IBM Cell Processor
Photo: www.ibm.com

'A long way from the console games that processor has come, indeed,’ (Yoda would comment on the subject), and now on to the dark side. Not having much success with the PS3, Sony is in quite a bad spot right now. Not to mention the exploding batteries phase they went through, it looks like they're not going to pull out very soon. The Wii

console had a performance on the market similar to a magic trick, now you see it, now you don't. This little detail didn't help one bit in bringing them back to business. Perhaps this is why they want to reduce costs no matter what.

This is where IBM Microelectronics steps in with the beginning of production of Cell microprocessors on a new 65nm manufacturing process. The processor is developed by IBM, Sony and Toshiba and should reduce manufacturing costs by permitting more processors to be fitted onto a single wafer. Along side the reduced manufacturing costs, other benefits of the processors built on the 65nm manufacturing process include lower power consumption and less dissipated heat. Other uses for this processor have been the introduction into IBM's BladeCenter servers.

Cell is a shorthand for Cell Broadband Engine Architecture and it combines the benefits of Power Architecture with streamlined coprocessing elements which accelerate multimedia and vector processing applications. It's composed of a dual-threaded PowerPC core and eight Synergistic Processing Engines (SPE) which are able to realize floating-point calculations. The core has 32KB L1 cache and 512KB L2 cache, and 2MB of cache are spread evenly between the eight SPEs. It also features a Rambus XDRAM Memory Interface able to sustain data transfers from 3.20GHz to 8GHz, an I/O controller and a Rambus FlexIO processor bus able to run up to 6.40GHz.

Monday, March 05, 2007

MOPB reports old hole in new version of PHP

Report of 04.03.2007 18:25

The initiators of the Month of PHP Bugs (MOPB) have published vulnerabilities in the Zend engine, PHP4, and the current developer version of the script language. Software updates have already been provided for a few of these7 flaws.

One of the flaws reported concerns PHP version 4.4.3 up to the current version 4.4.6. The phpinfo() function provides information about the PHP environment, including the content of variables transmitted during the request. A vulnerability to cross-site scripting (XXS) occurs when these variables are not correctly filtered. The developers already attempted to remedy the flaw in PHP 4.4.1, but they apparently missed something by incompletely backporting the correct functions from PHP5 into PHP4, leaving PHP4 still vulnerable to XSS.

In the developer version (CVS) of PHP, the developers opened up a new hole when they tried to improve insecure function calls, such as by replacing strncpy or sprintf with strlcpy or spprintf. They then made a mistake in the WDDX functions, which are used to share data between web applications. The use of strlcpy instead of strlcat can cause a buffer overflow in the processing of specially prepared WDDX packets.

As a "bonus", two security holes are marked in the Zend platform. Thanks to insecure file rights, attackers can escalate their privileges up to the root level, for instance, when they penetrate the server through a hole in PHP. In addition, another vulnerability allows php.ini to be modified so that attackers can again escalate their rights. The flaws are found in version 2.2.3 of the Zend platform and previous. Updating to version 3 solves the problem.

Also see:

Zend Platform Insecure File Permission Local Root Vulnerability, MOPB project security report

Zend Platform ini_modifier Local Root Vulnerability, MOPB project security report

PHP 4 phpinfo() XSS Vulnerability (Deja-vu), MOPB project security report

PHP wddx_deserialize() String Append Buffer Overflow Vulnerability, MOPB project security report

Download the current version of Zend

Eric Raymond: Yes, "open source" is still meaningful

Mar. 01, 2007

Writing in O'Reilly's Radar, Nat Torkington argues that the term "open source" is becoming meaningless. He points to SugarCRM's badgeware, through which, he claims, only two-thirds of their code is downloadable, and rPath and MontaVista, which "sell software that works on Linux but the software itself isn't actually open source."

Open-source leader Eric S. Raymond replied to Torkington's essay in a letter to O'Reilly and several journalists, in which he asserted that the open source "label is still valid and important. I'm a pragmatist, so I'm not going to wave any flags or sing any anthems to argue this, just point out what has worked and continues to work."

"First of all, let's be clear about what 'open source' means," Raymond writes. "Software is 'open source' when it is issued under a license compliant with the Open Source Definition (OSD). Nothing any clueless or malevolent corporate marketer does can change that, because the term originated in the open-source developer community and only we have the authority to redefine it.

"If this seems excessively prescriptive to some readers, consider what would happen if a marketer tried to redefine the term 'electron' to mean 'proton', or 'big lump of green cheese', or something. This would instantly be recognized as absurd -- physicists own that term, and only they have the authority to redefine it," continues Raymond.

"Many of you know I'm a lexicographer as well as a hacker," Raymond has for many years been the maintainer of The New Hacker's Dictionary, which is available both online and from MIT Press. "I can tell you what people who make dictionaries think about controversies like this -- that technical terms of art belong to the expert communities that define them. Only *we*, the open-source community, get to redefine 'open source'," continued Raymond.

"And, occasionally, we do redefine it. OSI, the Open Source Initiative, added a tenth clause to the OSD a few years back to deal with click-wrap licensing. Right now, OSI is contemplating changes to deal with badgeware licenses of the kind Nat complains about. In doing so, OSI serves our entire community, and anyone get involved in the process through its license-discuss list."

Some companies, such as Alfresco Software, are already moving away from badgeware versions of the MPL (Mozilla Public License). In its case, Alfresco is going to the GPLv2.

"Normal evolution of the term within its defining community is one thing," explained Raymond. "Accidental or deliberate abuse of the term is another, and should be recognized and treated as such through education and persuasion and the occasional smack upside the head. Abuse is not a reason to abandon the term 'open source' any more than some fool babbling about big lumps of green cheese would be a reason to abandon the term 'electron'."

"Rather, abuse is a reason to *defend* and *explain* the term, so that it will continue to have a useful meaning. OSI does that. Nat's post amounts to asking if the community should give up the effort. I say certainly not. The only reason to abandon the term 'open source' would be if it no longer served a useful purpose, and there are at least two very large useful purposes that it does serve," said Raymond.

The OSI, which has been rather quiet lately, is becoming more active in attacking those who misuse the term.

According to Intel's senior director of open-source strategy and the OSI's secretary/treasurer, Danese Cooper, the OSI is aware that "Open Source is a big buzzword again now, and yes there are those (as there have been from the beginning) who are trying to understand how they can embroider over the edges of Open Source to achieve business goals nearly but perhaps not perfectly aligned with the spirit of the Open Source Definition."

Raymond continued: "Do we really need a reminder of why lots of people jumped on it in 1998? We had an image problem with people outside our community, especially businesses and governments. 'Free software' frightened them away; I thought 'open source' might attract them. Those of us who originally took the initiative in pushing it promoted 'open source' as a cold-blooded exercise in rebranding, and that worked; our community has ridden the label to levels of acceptance we barely could have dreamed of nine years ago."

"And guess what -- 'free software' *still* has an image problem, if only because the Free Software Foundation (FSF) has responded to the success of the 'open source' label by taking a position that is more purist, more territorial, *and thus more frightening*. By doing this FSF has ironically ensured that 'open source' would remain a necessary marketing hack in our community's relations with the rest of the world," declared Raymond.

Raymond isn't the only one who sees the FSF in this way. Some of the Linux kernel core developers strongly object to the FSF's proposed GPLv3. Others, such as Linux observer Bill Weinberg, believe that the GPLv3 threatens to fork GNU projects and marginalize the FSF.

Raymond continued, "But I think the more important purpose of the term 'open source' is not as a marketing hack but as a deliberately inclusive term for the entirety of a history and a culture that transcends any of our narrow internecine disputes about licensing and propaganda. Neither the FSF nor the OSI is the axis of that history."

"Our community didn't spring full-blown from Linus Torvalds's head, nor from Richard Stallman's, nor (perish the thought!) from mine," added Raymond. It includes 'free software' developers, but also tribes like those around BSD and X that are not centered on the GPL and rejected the term 'free software' with all its ideological baggage. And it includes many more to whom the GPL/anti-GPL dispute matters only a little if at all."

"'Open source' also properly includes a lot of pre-FSF history like the early IETF [Internet Engineering Task Force] and the Tech Model Railroad Club," continued Raymond. "It's now used retrospectively by people who lived that history. I have gradually come to understand that year zero of our movement wasn't 1985, the year FSF was founded. I now think perhaps it was 1961, the year MIT took delivery of the first PDP-1 and the earliest group of self-described 'hackers' coalesced around it."

Steven Levy's Hackers: Heroes of the Computer Revolution, is the best history of this period. It covers from those early days of the Tech Model Railroad Club to the first hackers, to Stallman, who Levy called the last of the true hackers.

"Adopting a more inclusive term for all this was good magic; it pulled people together, helping them recognize common ground and a common way of thinking and working," Raymond added. "I think this (unanticipated) effect on the hacker community's conception of itself turned out to be as important as the rebranding effects on the rest of the world, if not more so."

Raymond concluded, "The flip side is that if not for 'open source', the community we cherish would be a significantly poorer, smaller, and more fractured place today. That's reason enough to keep it."

-- Steven J. Vaughan-Nichols

Tuesday, February 27, 2007

How Do We Detect Temperature?

We know how light sensation or sound sensation take place, how we smell, how we taste, but till a recent research we did not understand how we feel temperature. "For a long time, we didn’t know how temperature sensing was being carried out in animals," said Jie Zheng, assistant professor in the Department of Physiology and Membrane Biology at the UC Davis School of Medicine.

“Huge progress was made in the last decade, when scientists discovered four ion channels sensitive to heat and two cold-sensitive ones. But, it was still unclear how only six temperature-sensor channels could cover wide ranges of temperature and still discriminate subtle

differences," Zheng said.

Zheng's team employed a new technique to deal with the problem, revealing that the subunits of one channel can come together with subunits from another channel or co-assemble in laboratory cell cultures to make new functioning channels. “Assuming this process also happens in normal cells, it suggests a likely mechanism for the thermosensitivity seen in all animal cells. We found that, by reassembling subunits we potentially have a lot more than six channel types responsible for the sensing of temperature," he said.

Ion channels are tubular proteins from the cell membrane that can open and close, controlling the ions flow and the electrical charge difference between the inside and outside of the living cells. The team investigated the transient receptor potential (TRP) channels, 6 out of 20 being the channels involved in sensing temperature. “Previous studies concluded that different thermosensitive TRP channel subunits did not coassemble”, Zheng said.

The team employed a 2006 technology named spectra FRET (spectroscopy-based fluorescence resonance energy transfer) to observe interactions between different channel subunits under a microscope. "This technique allows us to look at the channel subunit composition in real-time in live cells," Zheng said. "Using spectra FRET, we were able to focus on just the signal from the plasma membrane," Zheng explained.

"What we found was that the subunits of one kind of heat-sensitive channel coassembled with subunits of other heat-sensitive channels to form new channels. This means that instead of four heat-sensitive channels we have a potential of 256 heat-sensitive channels with potentially different temperature sensitivity ranges. Using these single-molecule recordings, we see many different channel types. The next question we are trying to address is whether they really have different temperature sensitivity. We believe the answer is ‘yes,’ but we have to show that." said Zheng. “The cold- and heat-sensing subunits, however, do not seem to coassemble,” he said.

As the thermosensitive cells also detect pain, the research of these channels could prove useful for novel pain remedies. “We have to re-examine everything from how people acclimate to hot climates to how they respond to spicy food based on the understanding that there are many more kinds of channels involved," Zheng said.

Speed Up Network Browsing

Network sharing was way superior to the Internet file sharing available through a modest modem. Therefore, we all enjoyed our local sharing protocol. Time passed, broadband connections became so spread and popular that the old modem found his imminent death.

Nowadays, we share over the Internet. At such high speeds, the local network rather spread itself outside the local enclosure. However, LAN is not dead. We still use the Local Area Network at the office or in the neighborhood. The only problem is that users are not satisfied when browsing the network.

It seems that communication

between network computers under Windows has some lacks slowing down browsing. Excluding hardware problems, which are not the basis of this article, some tweaks can be applied in order to smooth things out.

All the tweaks have to be done by editing the registry, which means you need to be careful when doing that. To keep yourself out of trouble, make sure you backup the registry before you edit it.

Disable Network Task Scheduler

Applying this tweak, you will disable networked computers search for scheduled tasks. When you try to open a network folder, it will take a while which is not pleasant at all.

Go to Start > Run and type Regedit. When the registry editor opens, locate this path:

HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > RemoteComputer > NameSpace

Once you found it, just delete the following key:

{D6277990-4C6A-11CF-8D87-00AA0060F5BF}

It is possible not to find the keys mentioned above. It's OK. Just proceed to the next tweak.

Raise the threshold level for the requested buffer.

When dealing with a high-latency connection you need to modify (increase) the SizReqBuf value. We are talking here about a buffer, which is set by default to value of 4356 decimal. Microsoft states that this value provides acceptable level of performances under normal conditions. Well, as we are not satisfied how network browsing devolves we consider the “conditions” as being not normal and therefore, we need to change the value. It seems that in most LAN conditions, the best value for the SixReqBuf would be 16384. Use this value on computers equipped with more than 256 MB Ram.

To change the value, first open the Registry Editor (as presented at the previous tweak) and locate

HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > LanmanWorkstation > Parameters and then create a DWORD value named SizReqBuf. Edit it and provide a decimal value of 16384.

Tweak the Network Redirector Buffers

By increasing the number of these buffers, you may get a higher transfer rate for the data that travels though the network. Open the Registry Editor navigate to this location:

HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > LanmanWorkstation > Parameters

Using the procedure explained in the previous tweak, add two new DWORD values:

MaxCmds and MaxThreads

Give both the same value between 0 and 255. It is recommended to choose the value of 64.

Eliminate the shares from My Network Places

Windows has an annoying behavior to place a shortcut in My Network Places for each remote folder accessed through the network. This creates an unpleasant delay when accessing the network. There are two ways to teach Windows not to do that anymore.

For Windows XP Home Edition

Locate HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Policies > Explorer with Registry Editor and add a new DWORD value called NoRecentDocsNetHood setting its value to 1. The value 1 will disable the shares to be added in My Network Places.

For Windows XP Profession

Under this version of Windows, the process is easier. There is no need to edit the registry. Just go to Start > Run and type Gpedit.msc. It will open the Group Policy Editor. Using it, just go to User Configuration > Administrative Templates > Desktop and in the right panel, enable the option: “Do not add shares of recently opened documents to My Network Places”.

Deploying Microsoft Office SharePoint Server 2007

Deploying Microsoft Office SharePoint Server 2007 will deliver a positive impact on the workflow inside an institution. Case in point-the Menninger Clinic. Microsoft revealed that the adoption

of Office SharePoint Server 2007 has reduced paperwork up to 25%. According to the Redmond Company, the clinic has adopted a single system with Microsoft Office SharePoint Server 2007 (MOSS) and Microsoft Office InfoPath 2007 at its basis.

“Microsoft SharePoint has been invaluable to us, as the application we were working with was becoming too complicated to maintain with one full-time employee and two consultants dedicated to its maintenance,” said Terry Janis, director of Information Technology at Menninger. “Now we can devote those funds to other projects that contribute to higher-quality patient care — all while fulfilling HIPAA requirements.”

“Office SharePoint Server 2007 offers Menninger the ability to easily store, manage and retrieve patient demographic information and clinical documentation,” said Chris Sullivan, Healthcare Provider Solutions Director of the U.S. Healthcare and Life Sciences Group at Microsoft. “A normalized relational database design for this application might require dozens of tables. The document-centric design of Menninger’s system uses SharePoint Server 2007 to reduce this to a handful of lists and document libraries.”

According to Microsoft, the Menninger Clinic, an international psychiatric hospital in Houston has managed to save $80,000 per year following the deployment of the new system, based on Office SharePoint Server 2007. Microsoft's announcement comes in concert with the Health Information Management and Systems Society’s annual IT conference for 2007.

Monday, February 26, 2007

A Second Google Desktop Vulnerability

"According to InfoWorld, Google's Desktop indexing engine is vulnerable to an exploit (the second such flaw to be found) that could allow crackers to read files or execute code. By exploiting a cross-site scripting vulnerability on google.com, an attacker can grab all the data off a Google Desktop. Google is said to be investigating. A security researcher is quoted: 'The users really have very little ability to protect themselves against these attacks. It's very bad. Even the experts are afraid to click on each other's links anymore.'"

Vulnerability to a little-known Web-based attack could allow an attacker to have access to any data indexed by Google Desktop

Google's PC search software is vulnerable to a variation on a little-known Web-based attack called anti-DNS pinning that could give an attacker access to any data indexed by Google Desktop, security researchers said this week.

Free IT resource

Sponsored by Dell

Free IT resource

Sponsored by Microsoft

Related Stories

Google Apps aims beyond Microsoft Office

Mozilla fixes Firefox bugs

Google patches serious Desktop flaw

Popular Tags
google, googledesktop, security

This is the second security problem reported this week for the software. On Wednesday, researchers at Watchfire said they'd found a flaw that could allow attackers to read files or run unauthorized software on systems running Google Desktop.

As with Watchfire's bug, attackers would first need to exploit a cross-site scripting flaw in the Google.com Web site for this latest attack to work, but the consequences could be serious, according to Robert Hansen, the independent security researcher who first reported the attack. "All of the data on a Google desktop can now be siphoned off to an attacker's machine," he said.

Cross-site scripting flaws are common Web server vulnerabilities that can be exploited to run unauthorized code within the victim's browser.

Hansen, who is CEO of Sectheory.com, did not post proof of concept code for his attack, but he said that he has "tested every component of it, and it works." He has posted some details of how Google Desktop data could be compromised on his blog.

Google said it was investigating Hansen's findings. "In addition, we recently added another layer of security checks to the latest version of Google Desktop to protect users from vulnerabilities related to Web search integration in the future," the company said in a prepared statement.

Anti-DNS pinning is an emerging area of security research, understood by just a handful of researchers, said Jeremiah Grossman, CTO at WhiteHat Security. The variation of this attack described by Hansen manipulates the way the browser works with the Internet's DNS in order to trick the browser into sending information to an attacker's computer.

"Once you can re-point Google to another IP address, instead of Google getting the traffic, the bad guy does," he said.

Because this type of attack is so difficult to pull off and is poorly understood, it is unlikely to be used by the criminals any time soon, Grossman said. But anti-DNS pinning shouldn't be ignored, he added. "We should keep our eyes on it in case the bad guys shift gears."

News of the attack comes as Google is trying to enter the desktop productivity market. On Thursday, Google launched a suite of Web-based collaboration software, called the Google Apps Premier Edition, that analysts say could become a competitor to Microsoft Office.

The troubling thing about the attack Hanson identified, which he calls anti-anti-anti-DNS pinning, is that there is very little that can be done to avoid it short of eliminating cross-site scripting vulnerabilities on the Web.

"This is really just fundamentally about how browsers work," he said. "If you allow a Web site to have access to your drive -- to modify, to change things, to integrate, or whatever -- you're relying on that Web site to be secure."

Hansen and Grossman say that Google is not the only company vulnerable to a growing category of Web-based attacks. For instance, MySpace.com was hit when a fast-moving worm spread through the MySpace community in early December, stealing MySpace log-in credentials and promoting adware Web sites.

"A lot of these new attack techniques are going to require the browsers to improve," Grossman said. "The users really have very little ability to protect themselves against these attacks" he said. "It's very bad. Even the experts are afraid to click on each other's links anymore."

A New Screening Device That Gets You Naked

A new controversial federal screening system has been installed for 90 days on Friday at Sky Harbor International Airport, Phoenix, at the largest terminal.

This is the first test of the device that employs X-rays to “see” through passenger's bodies in the search of hidden explosives and other weapons. The technique is able to watch through clothes and reveals the body's contours with extreme accuracy, just as if the person would stay naked.

There are already critical voices claiming the high-resolution

images are too invasive. In response, the Transportation Security Administration said the device was tuned to make the image look less explicit, like a drawing line, but still tracking down hidden objects.

The new device will be used just as a second screening measure, and the passengers who do not pass by the metal detector could choose between the novel technique and a corporal search. "It's 100 % voluntary, so if the passenger doesn't feel comfortable with it, the passenger doesn't have to go through it," said TSA spokesman Nico Melendez.

The one-minute procedure requires passengers to stand in front of the closet-sized X-ray device with the palms of their hands facing out, from front and behind. "It seems faster. I'm not uncomfortable with it," said one of those tested. "I trust TSA, and I trust that they are definitely trying to make things go quickly and smoothly in the airport.”

Some experts are not so trusty.

"The more obscure they make the image, the more obscure the contraband, weapons and explosives. The graphic image is a strip-search. You shouldn't have to be strip-searched to get on an airplane. Millions of Americans would regard them as pornographic." said Barry Steinhardt, director of the Technology and Liberty Project at the ACLU in Washington, D.C.

TSA would like to install the same technique at the Los Angeles airport and New York's Kennedy Airport by the end of 2007. “The security officer who works with the passenger going through the screening will never see the images the machine produces. The pictures will be viewed by another officer about 50 feet (16 m) away who will not see the passenger. The machine cannot store the images or transmit them and once we're done screening the passenger, the image is gone forever," said Melendez.

Image credit: AS&E

Building A Linux Router

By Janne Nurminen
Expert Author
Article Date: 2003-08-06

Building a reliable, full-featured broadband router can be very easy and cost-efficient. This article is about building one for routing a LAN to the Internet with NAT (Network Address Translation -- Linux users also call it as IP Masquerading) using an old computer and a Linux micro-distribution designed to have very low hardware requirements. We'll end up having a very simple and stable system, yet featuring e.g. iptables based stateful firewalling and remote administration.

My brother had this old IBM Aptiva (which he had found from a trash can nearby his home) which happened to be just a suitable piece of hardware for the purpose:

Pentium 150 Mhz

14 Megs of RAM

1,6 GB Harddrive

Disk Drive

CD-ROM

10 Mbps Network Interface Controller

Soundcard

Keyboard

Mouse

Video Card with 2 MB Memory, integrated to motherboard

IBM G50 14" Monitor

Choosing a suitable Linux Distribution

The basic idea was to build a router which would also provide firewall services to protect the internal network, and which could be administrated remotely. After doing a quick search, I found Coyote Linux which turned out to be just the perfect solution.

Basically, Coyote Linux is a single floppy distribution of Linux that is designed for the sole purpose of sharing an Internet connection. Being a single floppy distribution, it runs off of a single floppy disk and loads itself to RAM. The floppy itself can be created using either a Microsoft Windows wizard (!), or by using a set of Linux shell scripts. I created mine using the latter method.

Since the floppy was all that was needed, I decided to remove all unnecessary parts from the computer. This makes the machine a bit more silent and less heat-productive. I removed the hardrive, cd-rom and souncard, and replaced the old 10 Mbps NIC with two 100 Mbps NICs (the old one did have a Realtek chip on it, so it would've been supported, too). Luckily it had just the two needed PCI slots for the two network cards.

Creating a bootable floppy disk

The next thing to do was to create the boot diskette. I downloaded the Coyote Linux Floppy Creator Scripts (v1.32) and ran them on my laptop which runs Linux (yes, indeed do note that to run scripts on Linux you need a functioning Linux system ;-). The process itself is very straight-forward. But before you go, you need to know what modules need to be loaded in order to use your network cards. I used two identical D-Link cards which use the rtl8139 module. To find out which module you need, CoyoteLinux has provided a very good documentation, available in PDF format. Generally, more information can be found from the Linux Ethernet-Howto and Vendor/Manufacturer/Model Specific Information.

The script asks to make some trivial choices:

Please choose the desired capacity for the created floppy (3 choices)

Please select the processor type in the destination Coyote Linux system (2 choices)

Please select the type of Internet connection that your system uses (1. Standard Ethernet Connection, 2. PPP over Ethernet Connection, 3. PPP Dialup Connection, 4. ISDN Connection)

Does your Internet connection get its IP via DHCP? [y/n]

Install the Road Runner DEC protocol login software) [y/n]

Install the Big Pond login software? [y/n]

Do you want to enable the coyote DHCP server) [y/n]

Would you like to install sshd for secure remote access? [y/n]

Would you like to install Webadmin for system admin via a web interface? [y/n]

Would you like to create another copy of this disk [y/n]?

By default Coyote uses the following settings for the local network interface:

IP Address: 192.168.0.1
Netmask:    255.255.255.0
Broadcast:  192.168.0.255
Network:    192.168.0.0

These don't need to be changed (unless you need a whole lot of internal IPs, or want to to change the router's internal ip address).

Building the network

The next thing to do was to build the network. I attached a cable from the modem to the router's Internet network card, and from the router's local network card to the switch. All other computers were directly connected to the switch. The result is shown in the fine picture on the right. After that I booted the new Linux Router with the newly made boot disk. Then I adjusted the network settings accordingly for all the computers connected (c₁ - c₄).

On Windows: Control Panel -->
Network and Dial-Up Connections
--> Local Area Connection
--> Internet Protocol (TCP/IP):


IP address: 192.168.0.n 
Subnet mask: 255.255.255.0

Default gateway: 192.168.0.1

DNS servers: ...

... where n of course needs to be a unique number for each machine (IP addresses could be obtained also automatically by enabling Coyote Linux DHCP server for internal network, if needed). On Linux netconf is a good tool for changing network settings.

http://koti.mbnet.fi/~keiky/misc/linux/router/imgs/ethernet_lan.png

After that I pinged other computers and - being in Finland - Nokia:


[jn@karelia docs]$ ping nokia.com

PING nokia.com (147.243.3.73) 56(84) bytes of data.

64 bytes from www.nokia.com (147.243.3.73): icmp_seq=1 ttl=246 time=48.7 ms

64 bytes from www.nokia.com (147.243.3.73): icmp_seq=2 ttl=246 time=98.9 ms

64 bytes from www.nokia.com (147.243.3.73): icmp_seq=3 ttl=246 time=19.8 ms

--- nokia.com ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2014ms

rtt min/avg/max/mdev = 19.825/55.839/98.974/32.702 ms

and hua! It worked! Next I unplugged the monitor and keyboard from the router and placed it in its final place.⁽¹

Conclusion

Building a broadband router can be very easy and cost-efficient, and Coyote Linux Router is a very easy solution for the purpose.

Btw, becase the whole file system is just a RAM disk, the machine can be shutdown by just pressing the power switch like in the good(?) old DOS times..

References

¹⁾ Next time when booting the router it hung up because of a keyboard failure (of course I had to remove the router from its Final Place to be able to plug the monitor back and see what was going on). That was resolved by changing the proper BIOS setting.

First appeared at http://koti.mbnet.fi/~keiky/misc/linux/router/lnx_router.html

Why Do Geeks Take the Chicks?

Even the scientific research proves it: girls like to hang around with sexy guys but they will marry a geek.

Those computer rats that overinvest in intelligence but undermine their social skills could be the best choice.

Women only have to figure that out for many reasons:

Geeks are reliable. You may think geeks, through their higher IQ and power of understanding the suffering they can inflict in their beloved partners, would not “go astray”. Thus, they will be loyal to their mates for better and for worse.

Is that right?

No, no, no.

Each male, the ultimate nerd, is programmed to spread sperm.

But the geek’s undeveloped social skills do not help in supporting an affair, and in

fact, he keeps on being puzzled about how they ended up with the lover they have been attracted to.

Dating with a geek is really the beginning of a relationship that can last forever.

Geeks are the best on what they do.

Theye won't sleep during the night cause they're preoccupied by things you have never heard about, from hacking, playing video games, or other issues like that.

If their new hobby is sex, you can imagine what follows: he will pirate your brain, hack your genitalia or whatever using also oral connections and links. Your previous lovers were jerks preoccupied by their person and coexisting with their own conceit. But geeks are not interested in social status; they won't spend the time with prosaic issues like sports and fashion, so they have more time for you, girls. Those activities would mean social contact, and they are extremely reluctant to this. As they are isolated, you could mean for a geek his whole universe, so you will be the only target of his attention, from nurturing to lascivious desire.

The previous guys you had came after years of dating lots of other women; they experienced many failures and deceptions, so they ended up being very aware of the reality and having no intention of letting you find out that in their minds you are “just another girlfriend”.

Don't even try to understand the mind of a girl that has serially dated many men and her opinions about men. But with a geek, for whom you may be his “destroyer”, you will be hit by the zest of a beginner. They are not sexually confident but once they achieved, oh God (!), a sex resource, they will fully use each moment.

One more thing: do not underestimate the geek’s power of concentrating! They are as fierce as predatory beasts (you should see them playing computer games!). Do you wanna see the actual meaning of “all night long”?

And we did not mention their finger dexterity. You think this is achievable by pulling up weights at the gym? No, no, but geeks roll dice, play video games, flip pages in books, type a lot (even those keys that you do not know what are there for). You should know they push buttons and joysticks, so, you can imagine where their imagination could lead them.

‘Cause boredom kills a relationship, but geeks have more information sources than others. Which is the biggest porn source? The Internet, of course, and hundreds of gigabytes on their computers are filled with porn.

So, go and get a geek now!

Most of them are on the net.

But remember: a single geek is not sexy, so watch out!