Major software and hardware makers worked in secret for months to create a software "patch" released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses.
"It's a very fundamental issue with how the entire addressing scheme of the Internet works," Securosis analyst Rich Mogul said in a media conference call.
"You'd have the Internet, but it wouldn't be the Internet you expect. (Hackers) would control everything."
The flaw would be a boon for "phishing" cons that involve leading people to imitation web pages of businesses such as bank or credit card companies to trick them into disclosing account numbers, passwords and other information.
Attackers could use the vulnerability to route Internet users wherever they wanted no matter what website address is typed into a web browser.
Security researcher Dan Kaminsky of IOActive stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants including Microsoft, Sun and Cisco to collaborate on a solution.
DNS is used by every computer that links to the Internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites.
On Tuesday the US Computer Emergency Readiness Team (CERT), a joint government-private sector security partnership, issued a warning to underscore the serious of so-called DNS "cache poisoning attacks" the vulnerability could allow.
"An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services," CERT said.
"Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control."
The full article can be found at afp.google.com."
Ok people, stop freaking out. You're really starting to piss me off with this one.
I think that Bert Hubert, author of the DNS Software powerdns has said it best. This has been around for 9 years. It just happens that someone has taken the time to find out that there is an exploit for it and people better get off their asses and fix their shit.
There are more than 17 million of the transit cards, called Oyster Cards, in circulation. Transport for London says the breach poses no threat to passengers and "the most anyone could gain from a rogue card is one day's travel." But this is about more than stealing a free fare or even cribbing any personal information that might be on the cards.
Oyster Cards feature the same Mifare chip used in security cards that provide access to thousands of secure locations. Security experts say the breach poses a threat to public safety and the cards should be replaced.
High_oyster_card_held "The cryptography is simply not fit for purpose," security consultant Adam Laurie told the Telegraph. "It's very vulnerable and we can expect the bad guys to hack into it soon if they haven't already."
The Dutch government has taken the breach seriously and says it is upgrading the smartcard system that secures its buildings. "It's a national security issue," a spokesman for the Dutch Interior Ministry told reporters. "We're in the process of replacing the cards of all 120,000 civil servants at central government level."
The full article can be found at blog.wired.com."
I'm guessing these are RFID cards that are being spoofed. I'm not surprised that they were cloned. The technique for gathering the data is REALLY easy to do.
Ready for the scary part...the credit card companies want to move to RFID credit cards. In fact, many are already shipping cards that allow you to simply wave your card next to a reader to make a payment. This will happen to credit cards. Maybe not today, maybe not next week, but it WILL happen.
As if Grand Central weren’t enough bad news for Microsoft, now they have ZFS to contend with. Building a reliable, high-performance file system takes years and Microsoft doesn’t have years to respond.
The formal announcement is for Snow Leopard server, which is how Apple introduces new file systems. HFS+ first arrived on a server version as well.
Anyone who stores data should.
Microsoft’s NTFS is 20 year old technology borrowed from DEC. Fine for small disks and puny CPUs. Not so great for today’s data intensive systems and applications.
Silent data corruption is common - only you don’t know it - because the corruption shows up as other problems, like missing DLLs.
ZFS: open source from Sun
ZFS is the first desktop file system with true end-to-end data integrity. Thanks to sophisticated tree-based checksums it detects and corrects silent data corruption anywhere in the data path: disks, cables, interfaces and more.
The checksums are stored with the parent block, so the file system always knows that the child block is both uncorrupted and the correct block. That’s just one of the errors that NTFS and most other commodity file systems - including the Mac’s HFS+ - are prone too.
Sun’s ZFS engineering team started working on ZFS 7 years ago as a clean-sheet design. It combines file system and volume management functionality. Instead of managing individual disks, you manage a pool of blocks. ZFS takes care of the details.
The full article can be found at blogs.zdnet.com."
This is cool. I was hoping it would be in Leopard (10.5), but I can wait for the next version.
Now, scientists will be able to tackle the main question they hope to answer: Did the ice ever melt and turn Mars into a habitable place?
In a photograph released Thursday evening of a trench that the Phoenix Mars lander has dug into the Martian soil, some white patches that were seen earlier in the week have shrunk, and eight small chunks have disappeared. Until now, scientists were not sure if the white material was ice or some kind of salt.
When exposed to air, water ice can change into water vapor, a process known as sublimation. Salt, on the other hand, is not capable of such a vanishing act.
"It must be ice," said Peter H. Smith of the University of Arizona, the mission's principal investigator. "The whole science team thinks this. I think we feel this is definite proof that these are little chunks of icy material."
Water ice on the surface of Mars is not a new discovery. Scientists have known that the permanent ice cap at Mars's north pole is made of ice. In 2002, measurements by the orbiting Mars Odyssey spacecraft found evidence for vastly larger quantities of ice not far beneath the surface.
The full article can be found at news.cnet.com."
The 52-year-old, who was suffering from advanced skin cancer, was free from tumours within eight weeks of undergoing the procedure.
After two years he is still free from the disease which had spread to his lymph nodes and one of his lungs.
Doctors took cells from the man's own defence system that were found to attack the cancer cells best, cloned them and injected back into his body, in a process known as "immunotherapy".
Experts said that the case could mark a landmark in the treatment of cancer.
It raises hopes of a possible new way of fighting the disease, which claims 150,000 lives in Britain every year.
Ed Yong, health information manager at Cancer Research UK, said: "It's very exciting to see a cancer patient being successfully treated using immune cells cloned from his own body. While it's always good news when anyone with cancer gets the all clear, this treatment will need to be tested in large clinical trials to work out how widely it could be used."
However, the treatment could prove extremely expensive and scientists say that more research is needed to prove its effectiveness.
The full article can be found at www.telegraph.co.uk."