Technically Speaking

Firefox 1.0.5 security update has been released. About a dozen security exploits have been addressed including issues relating to remote code execution through shared function objects, node spoofing, javascript prompt origin spoofing, a “same origin” violation, code execution using the “Set as Wallpaper” function, and frame-injection spoofing. So as you can see this is a pretty serious patch. You get it here — Firefox 1.05

But it is a time for many to patch their products;
“It’s been a hectic day on the security patching front. Microsoft’s bulletins for July include patches for three critical vulnerabilities on the same day that Mozilla releases new security updates for Firefox and Thunderbird. Not to be left behind, Apple fixed two Tiger flaws while Oracle issued a critical database server update.”

I found this letter written to the developer of DVD decrypter and was deeply saddened by its content. It appears that the copy protection law passed in October of 2003 applies to the use of this application. So our options for copying DVDs are quickly disappearing.

Hello world,

I’ve got some good news and some bad news. Let’s start with the good…. (tumble weed passes by) Ok, and now onto the bad: DVD Decrypter 3.5.4.0 is the last version you’ll ever see. We hoped this day would never come, but it has, and I can promise you, nobody is more gutted about it than I am.

What started as a bit of fun, putting a GUI around some existing code, turned into something that I can only describe as “part of me” – yes, I know that’s sad As I’ve recently been made aware (by a letter, hand delivered to my door, last Tuesday), due to some law that was changed back in October 2003, circumventing copy protection isn’t allowed.

Ok so it has taken a while (almost 2 years), but eventually “a certain company” has decided they don’t like what I’m doing (circumventing their protection) and have come at me like a pack of wolves. I’ve no choice but to cease everything to do with DVD Decrypter. I realize this is going to be one of those “that sucks - fight them!” kinda things, but at the end of the day, it”s my life and I”m not about to throw it all away (before it has even really started) attempting to fight a battle I can”t possibly win.

If 321 Studios can’t do it with millions, what chance do I have with £50?! As I’m sure most of you have already noticed, the site has been down for a few days. That surprised me as much as the next person (slight breakdown in communication), or I would have issued this statement on it directly.

So anyway, from this point forward, I’m no longer permitted to provide any sort of assistance with anything that helps people infringe the rights of “a certain company.” That means, no more emails, no more forum posts, no PM’s, no nothing! END OF STORY. The domain name will be transferred over to the company by the end of the week (9th June, according to the undertakings I have to sign) so don’t email it thinking “Oh, I’ll just ask LIGHTNING UK! for support on this.” You’ll not be getting the intended recipient and could be landing yourself in sh1t!

With 3.5.4.0 being the last version, it makes sense for everyone to disable the “check for new versions” feature, as obviously there won’t be any. Of course what I really mean is that you should all stop using the program out of respect for the company’s rights.

Anyone hosting DVD Decrypter is advised to cease doing so immediately. I’ve the feeling they won’t stop with just me. I’m having to contact anyone I know of that is (at the very least, the “mirror” sites), and tell them to stop. Copies of those emails must also be sent to the solicitors so they can check I’m doing everything I’m supposed to. If I don’t, I die.

It is of course down to the owners of those sites to react how they want to. It’s not my job to force you to do anything you don’t want to, I’m just giving you some friendly advice. Maybe it’s just me, but I see this as a bit of an “end of an era.” I realize there are other tools, but there’s no telling how much longer they’ll last, and not only that, mine was the oldest! I’ve met loads of great people over the years and I want to take this opportunity to wish them every success for the future - yes DDBT peeps, that includes you lot! : “( I hope you’ve all enjoyed my contribution to the DVD scene and maybe I’ll see ya around sometime.

LIGHTNING UK!
(Author of the once “Ultimate DVD Ripper,” DVD Decrypter)

Quote Source

DVD Shrink and DVD43 might be one of the last great programs out there that can do the job for you. I suggest you get them now before they to are pulled.

The FBI’s controversial email wiretap system formerly known as Carnivore is reported to be no longer in use. Carnivore, also known as DCS-1000, was designed in 1998 to read online communications between suspected spies, criminals, and terrorists. The suspected price of the system was between US$6 million and $15 million, the actual cost have never been disclosed..

According to the reports, the FBI used commercially available software to conduct court-ordered Internet surveillance in criminal investigations 13 times during that time period.

An FBI spokesman was not immediately available for comment.

The FBI is required by American law to provide detailed reports on how it uses Carnivore, the monitoring system now known as DCS 1000.

FBI agents, after receiving a court warrant, install the system on the suspect’s Internet service provider and filter out his email messages, Web browsing activities and other online communications.

It has come under fire from civil-liberties groups who say it is too invasive and ripe for abuse.

US law enforcers have argued they need Carnivore to keep up with criminals who use online communications to plan and carry out terrorism, spying, fraud, child pornography and other crimes.

Quote Source

Earlier this week, the MPAA started its legal attack against the BitTorrent server operators. The results of the attack are swift, for not even a week has past and Slashdot reports that people have been writing in: “Without providing a reason, both of these sites have shut down: SuprNova.org and TorrentBits.org.”

Suprnova’s demise as a BitTorrent clearing house coincides with increasing legal pressure in America and Europe against P2P-enabled piracy. In the last week the Movie Picture Ass. of America signalled its intention to pursue the P2P server operators in a new front in its war internet movie pirates. Also, a popular BitTorrent site in Finland was raided by police, and an eDonkey site in the Netherlands was raided and shut down.

Quote Source

It is said that the game plan for the MPAA was to go after the illegal users of BitTorrent other than the BitTorrent technology itself. So any guesses where we will be next using BitTorrent? Will BitTorrent survive?

A newly discovered bug in the implementation of Javascript allows attackers to utilize the “Infinite Array Sort Denial Of Service Vulnerability”. The exploit can target not only Internet Explorer, but virtually all known browsers that read Javascript; Mozilla Browser, Mozilla Firefox, Opera and Apple Safari.

The bug has been called the Infinite Array Sort Denial Of Service Vulnerability and causes the affected browsers to execute an infinite JavaScript array sort. That operation in turn effectively causes a DoS on the browser in question and causes it to crash by exhausting stack memory.

At present there are no confirmed exploits in the wild that expand the vulnerability to execute malicious code, though that may only be a matter of time.

Quote Source

The bug has been reported to the various browser distributors but as of yet, there are no patches for the flaw.

That is if your system is an unpatched Windows XP SP1 system. A study by USA Today and Avantgarde shows just how easily and quickly your machine can by hijacked if left on the net unprotected.

Simply connecting to the Internet — and doing nothing else — exposes your PC to non-stop, automated break-in attempts by intruders looking to take control of your machine surreptitiously.

While most break-in tries fail, an unprotected PC can get hijacked within minutes of accessing the Internet. Once hijacked, it is likely to get grouped with other compromised PCs to dispense spam, conduct denial-of-service attacks or carry out identity-theft scams.

…

The test did not measure Web attacks that require user participation, namely spyware, which gets spread by visiting contagious Web sites, or e-mail viruses, which proliferate via e-mail attachments.

However, the results vividly illustrate how automated cyberattacks have come to saturate the Internet with malicious programs designed to take the quickest route to break into your PC: through security weaknesses in the PC operating system.

Quote Source

“Avantgarde has the statistics in their abstract. Stats of note: Although Macs and PC’s got hit with equal opportunity, the XP SP1 machine was hit with 5 LSASS and 4 DCOM exploits while the Mac remained clean. The Linux desktop also was impenetrable, but only was only targeted by 0.26% of all attacks.”

Source: Slashdot

Their is a newly released Windows version of Skype’s VOIP software, 1.0.0.100, and in it Skype addressed the “highly critical” bug that allows a remote attacker to take control of the Skype user’s computer. Be sure to update to the latest version, it can be found on the Skype website.

An advisory from Secunia based on the bug report from Skype calls the bug “highly critical.” It states that the bug is caused by an error in the handling of command-line arguments. The problem may be induced by a browser link utilizing the “callto:” URI handler, installed by Skype.

Such a link would only function for Skype users, and the problem only affects versions 1.0.*.95 through 1.0.*.98, but successful exploitation could allow an attacker to execute arbitrary code on a user’s system.

Quote Source

An Israeli Hacker reported to the Israeli newsite Nana his finding of an exploit in Google’s Gmail. The exploit will allow prying eyes to see your acoount’s contents without authentication. And perhaps the worst part of this exploit is that a password isn’t needed, so if you change your password it will be for naught.

So you’ve got a Gmail mail account? Or maybe you’ve just received an invitation? Well, we have some bad news for you: Your mail box is exposed. A major security hole in Google’s mail service, allows full access to user accounts, without the need of a password.

“Everything could get publicly exposed – your received mails might be readable, as well as all of your sent mail, and furthermore – anyone could send and receive mail under your name”, thus reveals Nir Goldshlagger, an Israeli hacker, on an exclusive interview with Nana NetLife Magazine. “Even more alarming”, he explains, “is the fact that the hack itself is quite simple. All that is needed of the malicious hacker, beside knowledge of the specific technique, is quite basic computer knowledge, the victim’s username – and that’s it, he’s inside”.

When approached, Google admitted to the security flaw. Google also assured us that this matter is being resolved, and that “the company will go to any length to protect its users”.

The flaw which was discovered by Goldshlagger and was tested many times by Nana’s editorial board had shown an alarming success rate. In order not to further jeopardize mail boxes’ owners, we will only disclose that the process is based upon a security breach in the service’s identity authentication. It allows the hacker to “snatch” the victims cookie file (a file planted in the victim’s computer used to identify him) using a seemingly innocent link (which directs to Gmail’s site itself). Once stolen, this cookie file allows the hacker to identify himself as the victim, without the need of a password. Even if the victim does change his password afterwards, it will be to no avail. “The system authenticates the hacker as the victim, using the stolen cookie file. Thus no password is involved in the authentication process. The victim can change his password as many times as he pleases, and it still won’t stop the hacker from using his box”, explains Goldshlagger.

Quote Source

A security researcher, known as http-equiv and operator of the malware.com Web site, has found a vulnerability through the use of the HTML Help control, which allows security restrictions in the zone to be bypassed. Through this weakness and in conjunction of a separate drag-and-drop vulnerability, malicious executable code can be placed on a users system.

The drag-and-drop component of the example is surprising in light of Microsoft’s recent patching of a related vulnerability. Thor Larholm, senior security researcher for PivX Solutions, said the Microsoft patch, designated MS04-038, “does not patch the drag-and-drop problem directly—instead it tries to prevent its use by limiting the types of files that can be used in DYNSRC.”

DYNSRC specifies the address of a media object used in a Web page. “As http-equiv demonstrates in his original post, this restriction could be circumvented,” Larholm said.

The problem is relatively minor and can be patched by Microsoft without too much bother, Larholm said. In the meantime, it can be circumvented by disabling a particular shell object, Shell.Explorer, by setting its “kill bit” in the registry. PivX Inc. is providing a registry fix for doing this on their Web site.

Quote Source

The article goes on to say that this is a small issue and isn’t expected to impact many people, especially if you have your security settings set to high. This finding and others that have came out quickly after the release of SP2 just reaffirms my belief that whatever someone does in the name of security someone can find a way around it.

I’m a pretty big poker player but I just couldn’t see myself playing online because there isn’t really any real way you can tell if it is an honest game or not. Playing poker online also takes away the human element of the game. Player “tells” are almost non-existent and most will argue that the “tells” are what makes poker … poker. Conversations in chat rooms and news groups are increasing about the possibility of bots playing poker. If this is the case, you could be throwing your money away even faster, in games that could be, in essence, rigged.

Concern is growing in online chat rooms and news groups devoted to poker that sophisticated card-playing robots – known as “bots” in the nomenclature of the Web – are being used on commercial gambling sites to fleece newcomers, the strategy-impaired and maybe even above-average players.

“It is pretty much a certainty that bots are playing online,” said Gautam Rao, a 43-year-old Canadian poker pro who regularly plays three high-stakes Internet games simultaneously. “… What we don’t know is how strong they are.”

Widespread use of bots capable of beating your average player would pose a significant problem for the red-hot online poker sector, which has grown exponentially in recent years and is expected to top the $1 billion revenue mark this year. Without some way of verifying the identity – and humanity – of players, the business could be significantly undercut.

Quote Source

Experts believe that the technology to pull off such a feat is in a prepubescent stage. The bot would have to be able to read opponents’ cards using screen scanning techniques and respond in real time. The technology is supposedly years away. But a bot capable of playing against the best humans already exists.

The University of Alberta’s Computer Poker Research Group has developed an artificially intelligent automaton known as “Vex Bot,” capable of playing poker at the master level, though as yet it can only apply its gambling genius to two-player games. Vex Bot has been used by researchers to test the frontiers of artificial intelligence – and as the basis for a commercial poker tutorial program, Poki’s Poker Academy — but some fear it may become a blueprint for programmers with more sinister motives.

Quote Source

The evidence makes it clear that there are bot out there but that they most likely aren’t that sophisticated yet. Either way, I’d be careful playing online if I were you.

I enjoy listening to the radio while I’m driving to work. Listening to the radio is a rare occurrence for I greatly prefer CDs to the repetitive mix of music provided by radio stations. But when I do listen to the radio, I always feel that something is missing and I have discovered what the missing something is once I joined the ranks of the TiVo users. Radio needs to have the capabilities of TiVo. Many times I have feigned for the radio when I wanted to replay something I just heard only to be rudely awakened to the cold reality that I am listening to the radio,…I missed what they said and I can’t get it back. Well, XM has also felt that something is missing with their satellite radio service and they’re looking to make their service a lot like TiVo. But there is a problem.

A computer programmer in Canada wrote an application, called TimeTrax, that will record music off of XM radio, stored them as individual MP3s on his computer, labeled with the song title and author. Needless to say that XM and the RIAA are not to happy about this news and are actively trying to determine if the software is breaking any laws.

A spokesman for the Recording Industry Association of America said his organization had not reviewed the software, but said that in principle it was disturbed by the idea. “We remain concerned about any devices or software that permit listeners to transform a broadcast into a music library,” RIAA spokesman Jonathan Lamy said.

The RIAA and XM are both busy figuring out if any copyright laws and user agreements have been broken.

MacLean’s software essentially marries the song information with an analog recording of the broadcasts, then stores this in MP3 files. The user can leave the software running unattended for hours and amass a vast library of songs.

That feature has been a central concern in the music industry as it lobbies regulators to place restrictions on free copying of digital broadcasts before many more radio stations add digital broadcasts. About 300 stations already offer digital broadcasts.

Music labels fear that the convenience of MacLean’s software will lead millions more to copy and distribute songs over file-sharing networks such as KaZaA, a music industry source said.

Quote Source

TimeTrax has been downloaded by roughly 2400 XM subscribers and MacLean has recently raised the price of it, because it’s selling so well. XM and their lawyers have demanded MacLean discontinue his sales and provide the company with a list of purchasers. MacLean has no intention of complying and so the fight is on. Unfortunately, this may impact XM’s plans of upgrading their service.

The software could conflict with XM’s plans to improve its service. XM has said it plans to launch in October a new car and home radio receiver that lets users pause and rewind live broadcasts. XM also has a deal to stream its broadcasts over next-generation TiVo recorders.

Quote Source

Although I am not a subscriber of XM Radio, I hope that their plans for TiVo like XM Radio do move forward for this functionality may start to trickle into regular radio. If you are a TiVo user you will understand why TiVo and Radio would be a great mix.

Now peeping toms don’t have to leave their houses to look through your window. They have moved with technology and to that vein, they don’t care for catching you disrobe, they’re looking for your computer secrets. The new peeping toms are using Trojan horse programs to do their dirty work. The latest worm to hit the Net, Rbot-GR, another Microsoft security risk, comes with built in webcam and microphone functions that allow it to record video and audio of you while you use your computer.

“If your computer is infected and you have a webcam plugged in, then everything you do in front of the computer can be seen, and everything you say can be recorded,” said Graham Cluley, senior technology consultant for Sophos. “It would be like having a regular web cam conversation except you wouldn’t know you’re taking part in it.”

Aside from its voyeuristic behaviour, the Trojan component of the worm will attempt to steal registration information for games and PayPal passwords from infected machines. It’s a thoroughly nasty piece of code so it comes as some relief that Rbot-GR hasn’t particularly widespread. Sophos has received only as handful of reports about the worm and most vendors rate it as a medium-risk threat. As usual, Rbot-GR is a Windows-only menace.

Quote Source

There is no surprise there, heh? Microsoft needs to stop hunting the virus writers and putting them in jail and instead hire them to help protect their systems. Well, I suppose that is an unrealistic dream but something needs to be done.

12 computer experts participated in Singapore’s best hacker contest. The 12 were divided into six two-man teams in which they had to defend their network and attack other networks at the same time. The contest lasted 7 hours and the top hacker’s prize is a DVD burner and some computer classes. (As if they really need computer classes.)

“It’s a very realistic scenario,” said Julian Ho, the organizer of the government-backed contest. “Most security professionals engage in some kind of ‘dark art’ … Computer espionage is a very big thing.”

The contestants hailed from Brunei, China, Myanmar and Singapore, but their identities couldn’t be revealed because they all work in the computer security business, organizers said. All entrants had to pass a preliminary competition.

Teams were not allowed to use the Internet as a hacking tool, only computers and modems.

By Friday afternoon, the Brunei team — dubbed “Frozen Throne” — was leading.

Quote Source

Asia has a pretty bad record of hack attacks in recent years. Penalties for hacking are relatively mild, being jailed for up to three years or fined up to $5,852 under Singapore’s Computer Misuse Act. Organizers of the challenge are hopeful that techniques used by the experts can help in developing means for protecting networks.

Austin, Texas-based WholeSecurity Inc. along with eBay has teamed up to try out a new solution in catching phishing scams. eBay Inc.’s online toolbar is being used to house the WholeSecurity Inc.’s anti-phishing package, which will automatically determine offending sites, notify the user that they are being scammed and notify the phisher’s ISP of the illegal activity.

The Web CallerID tool works to identify the true owner of a Web address, in much the same way Caller ID identifies the person on the other end of the line. The software cross-checks its own database of corporate customers against tricks that phishers typically use, such as numerical IP addresses instead of domain names and hosting on free Web sites.

In some sense, the software acts like a heuristic filter for phishers, much like a heuristic spam filter detects previously undiscovered spam, said J.T. Keating, vice president of corporate marketing at WholeSecurity.

When the site detects a bad address, the software phones the WholeSecurity home server, adds the site to a blacklist of bad sites and notifies the user with a pop-up screen. A browser-based management interface then reports the phishing site to the customer’s internal security team, which can send off notices to the phisher’s ISP to shut the site down.

Even though the software automatically reports the phishing site to the user, that customer also has the option of re-reporting the bad site, just to feel like he or she hooked the phisher, Keating added.

According to Dan Hubbard, director of technology and security research at San Diego-based Websense Inc., the blacklist’s utility is of limited use, however, because phishing sites remain online for an average of 2.25 days.

Quote Source

With phishers running their scam and changing up their sites so frequently it is very hard to catch them. This CallerID approach will highlight the sources of the scams and not so much the ever changing pages that are used. The technique needs to be verified that it works, but in the meantime, don’t click provided links to fill in personal info. Always enter in the URL of the main site and navigate to your desired page. A lot of times you will find that you were being scammed when you don’t find the page that you were ’supposed’ to fill out.

Here we go again! Another two holes have been found, by a Dutch researcher, in IE. The exploits take advantage of the help file system to install code into the help file window.

The discovery stems from Dutch researcher Jelmer who was sent an Internet link which he was warned used unknown Explorer vulnerabilities to install adware on his computer. He found it did and embarked on a detailed analysis of the link, which demonstrates an extremely sophisticated use of encrypted code to bypass the Web browser’s security.

In simple terms, the link uses an unknown vulnerability to open up a local Explorer help file — ms-its:C:WINDOWSHelpiexplore.chm::/iegetsrt.htm. It delays executing anything immediately but instead uses another unknown vulnerability to run another file which in turn runs some script. This script is then used to run more script. And finally that script is used to run an exploit that Microsoft Corp. has been aware of since August 2003 but hasn’t patched.

That exploit — Adodb.stream — has not been viewed as particularly dangerous, since it only works when the file containing the code is present on the user’s hard disk. The problem comes in the fact that the Help file initially opened is assumed to be safe since it is a local file and so has minimal security restrictions.

By using the unknown exploits, code is installed within the help file window, all security efforts are bypassed, and the Adodb.stream exploit is then used to download files on the Internet direct to the hard disk.

Quote Source

These vulnerabilities have been rated as “extremely critical”, by Secunia, as they will allow your system to be compromised very quickly by a simple click of a link. The normal course of action is to disable Active Scripting for any non-”Trusted” sites. A better course would be to switch browsers. Mozilla and Opera are both immune to the exploits.

Source: Slashdot

InternetNews reports that a security vulnerability was found in the Linksys WRT54G Wireless-G Broadband Router. The Remote Administrative Function can be accessed through this flaw even when the service is turned off.

Independent technology consultant Alan W. Rateliff discovered the flaw during a client installation of a Linksys WRT54G Wireless-G Broadband Router. After reporting the vulnerability to Linksys, Rateliff posted a warning on a public mailing list that even if the remote administration function is turned off, the router provides the administration Web page to ports 80 and 443 on the WAN.

“The implications are obvious: out of the box the unit gives full access to its administration from the WAN using the default or, if the user even bothered to change it, an easily guessed password,” he said.

Security consultants Secunia rates the flaw as “moderately critical” and urged users to configure a strong password for the administrative Web interface or restrict access to the interface altogether.

As a workaround until a firmware upgrade is issued, Rateliff recommends the use of port forwarding send ports 80 and 443 to non-existent hosts. “Note that forwarding the ports to any hosts — including listening ones if you are actually running servers — will override the default behavior,” he explained.

Quote Source

If you have this router, I’d suggest you look into using the workaround. This router is quite popular and I’m sure that the news of the security flaw is already making its rounds. This router is also the only router that is hackable by Linksys. I haven’t seen if the vulnerability exists in the hacked firmware, so to be on the safe side, use the workaround.

Symantec Corp. has isolated W64.Rugrat.3344, a proof-of-concept virus that has been found able to infect 64-bit executable files on Windows 64-Bit Edition running on Itanium processors. The coding of the virus is quite crafty in that it doesn’t care if the 64-bit machine is real or a 32-bit machine emulating 64-bits, it likes them both.

Symantec has rated Rugrat as a Level 1 threat, Level 5 being the worst. The main reason for such a low rating is that 64-bit computing is not as widespread as 32-bit computing, less damage can be made. Unfortunately, many businesses don’t bother to protect their 64-bit Windows installations because they do not believe the systems are vulnerable to viruses. This virus should definitely stand as proof to the contrary. One bit of good news is that the new Rugrat may not be easily duplicated for it was crafted with Intel Corp’s 64-bit assembly language. The creator is believed to be very technically savvy. The average script kiddie just won’t be able to whip this up.

Rugrat is a direct-action infector, exiting memory after execution; it infects any file in the same folder as the virus�including all subfolders�and affects all Windows 64-bit executables apart from .DLL files.

The virus has two unusual characteristics, Symantec said. For one, it is written in IA64 assembly code, which requires advanced technical knowledge and makes it unlikely there will be copycat viruses. It also executes using the Thread Local Storage structures.

“This is an unusual method of executing code,” Symantec’s Peter Ferrie and Peter Szor wrote in the company’s bulletin on the virus.

The Rugrat author also has written several other proof-of-concept viruses, according to the company. Symantec recommends that Windows 64-bit users update their virus definitions to protect against the virus.

Quote Source

The virus is described as a proof-of-concept virus because it has no real payload. The virus was written just to prove that it could be done.

What do you all think, should I buy in on this one? It would be strictly for scientific purposes.

From: Barrister Bernard Akume
Akume Inneh Law Firm
Legal Practitioners
10, Adelabu Street
Surulere, Lagos
Nigeria

Contact: Barrister Bernard Akume
Tel: +234-80-23222528
Fax: 1 309 423 4393<

Email: bakume@1stcounsel.com

Confidential Proposal/Investment Assistance for Cold Fusion Energy Device.

Greetings to you in the name of the most high God, from my beloved country Nigeria. I am sorry and I solicit your permission into your privacy. I am Barrister Bernard Akume, lawyer to the late Dr. Koffi Abacha, a brilliant Nigerian physicist.

My former client, late Dr. Koffi Abacha, died in a mysterious plane crash in the year 1994 on the way to a scientific conference to make an announcement of the utmost importance to mankind. He was planning to present a paper regarding his extensive work on cold fusion. It is said the cold fusion device he had developed, produced 10-times more energy than the energy source that fed into it. The device was about the size of a steamer trunk.

Dr. Stanley Pons and Professor Martin Fleischman of Southampton University in the UK consulted the late Dr. Abacha regarding their ongoing cold fusion experiments. While enroute to the Paris scientific conference, the plane carrying Dr. Koffi Abacha mysteriously exploded over the ocean. Without the wise Dr. Abachas guidance, Dr. Pons and Professor Fleischman made no further progress in their cold fusion research.

Upon the death of my former client and unknown to his colleagues, two trunk boxes came into my possession. One trunk box contains some type of energy producing device. The late Doctor called it his cold fusion fuel cell. The second trunk box contains thousands of pages of scientific papers and notes. The trunk boxes had been placed in storage, for safe keeping, at a Lagos security storage firm in 1994 just before the late Dr. Abacha left on his ill fated flight to Paris.

The security storage firm does not know the actual content of the trunk boxes. My client and I told them that the boxes contain old African artifacts to be delivered to a client outside the country via Air Courier Services. For now it is only you and I that is having knowledge of this wonderful invention.

The only assistance I require from you is to help me send these trunks out of Nigeria and receive these trunk boxes in either Sydney, London or New York, depending on your country of agreement. Once these trunk boxes are out of Nigeria, I shall seek your advice in obtaining a local patent in your name and licensing the device to investors.

I need $ 10,000 U.S. dollars to pay past due storage fees, freight charges, and possible bribes to local customs officers.

Once this device is licensed, the resulting funds shall be disbursed accordingly as follows: 25-percent for the recipient (you) from the total sum. 2-percent for the courier officer in the country where you shall receive the trunk boxes. 5-percent set aside from the entire sum for expenses incurred by both parties in due course of executing this transaction (home and abroad). 68-percent for me. If you are not satisfied with the percentage sharing of the fund feel free to let me know. In compliance with this you are to immediately forward to me by mail the following: Your full names and address Confidential telephone and fax numbers.

With this information I will immediately commence all necessary documentation for a successful shipment of the first trunk box to your country of choice as all the modalities have already been worked out by me. I will also give you full details of this whole transaction which I have already perfected in due course.

Please note that you are to treat this with utmost confidentiality willing or not willing to assist me in this transaction as nobody knows about this invention and I am still an active lawyer in this country.

THE CHOICE IS YOURS, IF I WERE YOU I WOULD, BECAUSE IT WILL COST YOU LITTLE OR NOTHING TO ACHIEVE THIS AND THE BENEFIT WILL CHANGE YOUR LIFE FOREVER.

Remain blessed in the name of GOD.

Yours faithfully, Barrister Bernard Akume

Email: bakume@1stcounsel.com

Quote Source

Nah, smells like a scam to me.

Shortly after Apple released its latest version of iTunes, version 4.5, someone has found a way to circumvent it. In the same vain, people are starting to write tools for you to take advantage of the new features within iTunes 4.5, keeping the open-source option alive. Below is an excerpt of the step-by-step instructions to make it work on a GNU/Linux platform. I’m sure that more such ideas will be coming out the woodworks really soon.



Enjoy, and read the complete details here.

Be aware that you do this on your own risk. If the steps below
set your cat on fire and melt your iPod, you are the one to blame!

1. Go to http://www.apple.com/ipod/download and download the Windows updater application (setup.exe).
2. Go to any Windows XP or Windows 2000 box and install the application (I know this sucks, blame Apple not me
3. If you can connect your iPod to this box, run the updater and be happy.
4. If you only have a firewire card in your Linux box, copy the updater.exe file from the target installation path (default is c:\Program Files\iPod\…) to your Linux box.
5. Open the updater.exe file in a hex editor, e.g. khexedit
6. Search for Copyright
7. Delete everything before these lines:
   

   
   0000:0000 7b 7b 7e 7e 20 20 2f 2d 2d 2d 2d 2d 5c 20 20 20 {{~~  /—–\
   0000:0010 7b 7b 7e 7e 20 2f 20 20 20 20 20 20 20 5c 20 20 {{~~ /       \
   0000:0020 7b 7b 7e 7e 7c 20 20 20 20 20 20 20 20 20 7c 20 {{~~|         |
   
   0000:0030 7b 7b 7e 7e 7c 20 53 20 54 20 4f 20 50 20 7c 20 {{~~| S T O P |
   0000:0040 7b 7b 7e 7e 7c 20 20 20 20 20 20 20 20 20 7c 20 {{~~|         |
   0000:0050 7b 7b 7e 7e 20 5c 20 20 20 20 20 20 20 2f 20 20 {{~~ \       /
   0000:0060 7b 7b 7e 7e 20 20 5c 2d 2d 2d 2d 2d 2f 20 20 20 {{~~  \—–/
   0000:0070 43 6f 70 79 72 69 67 68 74 28 43 29 20 32 30 30 Copyright(C) 200
   

8. Save the file under a new name, e.g. firmware_new.bin
9. Connect your iPod to the Linux box and backup your old
   firmware (just in case so if anything goes horribly wrong you can use
   this file to restore your iPod):

   # dd if=/dev/sda1 of=firmware_backup.bin

10. Upload your new firmware:

    # dd if=firmware_new.bin of=/dev/sda1

11. Disconnect your iPod
12. When the Plug-in image appears on the display, plug the iPod
    back in (you need a powered firewire cable or the AC outlet for this
    step!)
13. Wait for the iPod the extract the new firmware (watch the progress bar)

done…
”

Quote Source

Sometime this week, Palisade Systems will launch a song-filtering software that will block the trade of copyrighted material. The software, PacketHound, was created by Audible Magic and it utilizes Palisade’s network-monitoring technology. PacketHound is strongly backed by the RIAA and has gain much interest in Washington, DC. The software will most likely be installed on university networks as a sort of “right of passage”.

“It’s the kind of thing we hear from universities or customers that act more as an ISP,” said Doug Jacobson, Palisade’s founder and chief technology officer. “They want to take the position of not filtering out all peer-to-peer [traffic], stopping copyrighted works but not the other content.”

Audible Magic’s technology, which will be released as an option in the newest version of Palisade’s PacketHound network-management services, has formed the centrepiece of an ongoing debate over the future viability of peer-to-peer networks. As the filtering technology begins to appear this year inside university and other networks, the intensity of that debate is likely to grow.

For much of the early months of the year, RIAA executives helped guide Audible Magic chief executive Vance Ikezoye around Washington, D.C., offices, advocating the song-blocking technology as a tool for stopping copyright infringement on file-swapping networks. If built into file-trading programs such as Kazaa or Morpheus, it could help block large numbers of illegal trades, the record industry group said.

File-swapping companies — some of which have contended that filtering their networks is impractical or even impossible — said they were sceptical of the claims, noting that neither RIAA nor Audible Magic had given them a demonstration of the filtering tools. Industry trade group P2P United says it has repeatedly contacted the company asking to see the filters in action.

Ikezoye said he still has not demonstrated the technology for the peer-to-peer companies.

“What we’re looking for is a real serious business discussion,” Ikezoye said. “At this point, it doesn’t look like anybody’s interested in real business.”

Palisade’s version of the technology sits inside a network, rather than inside a file-swapping program. If installed in a university, for example, it could look inside students’ emails, instant messages and peer-to-peer transfers, seeking audio “fingerprints” that could be compared with information in Audible Magic’s database.

If a match is found, it would block the transfer of the song midstream. Jacobson said the identification process would not work on an encrypted network, such as is used in several newer file-swapping programs. However, the Palisade software could also act to block those applications from using the network altogether, instead of blocking individual song transfers, he said.

Quote Source

As said above, the technology hasn’t been truly demonstrated and I believe that this leads to a bit a of strong skepticism in the peer-to-peer world and among some students and universities. I, for one, am curious as to seeing how long it will take for someone to circumvent this new technology. We shall see!

Palisade System press release

Audible Magic application info