A research group finds a way to forge certain digital certificates and create
fake versions of popular e-commerce and banking sites.

By Thomas Claburn,  InformationWeek
Dec. 31, 2008
URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=212700338

Using 200 Sony PlayStation 3s for crypto cracking, a group of security
researchers has found a way to forge certain digital certificates used to
identify secure Web sites, a technique that could be used to create fake
versions of popular e-commerce and banking sites.

http://events.ccc.de/congress/2008/
http://www.win.tue.nl/hashclash/rogue-ca/
http://www.freedom-to-tinker.com/blog/felten/researchers-show-how-forge-site-certificates
https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php
http://www.microsoft.com/technet/security/advisory/961509.mspx

The researchers -- Jake Appelbaum, Arjen Lenstra, David Molnar, Dag Arne
Osvik, Alex Sotirov, Marc Stevens, and Benne de Weger -- presented their work
Tuesday at the Chaos Computing Congress, a four-day computer hacking
conference held annually in Berlin.

The group identified a weakness in the public key infrastructure used on the
Internet to issue digital certificates for Web sites that employ the secure
HTTPS protocol.

[cut]

A spike in data breaches, the threat of malicious hardware, and alarming revelations about the Internet's vulnerabilities from security experts such as Dan Kaminsky all made headlines in 2008.

By Thomas Claburn,  InformationWeek
Jan. 2, 2009
URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=212700286

A municipal network held hostage, the hacking of a public official's private e-mail account, court battles to gag security researchers, and dire warnings about the Internet's Domain Name System were just a few of the highlights of the IT security landscape in 2008.

10. Transit Hackers 2, Gag Orders 0
9. Sarah Palin's Rogue E-mail Account Hacked
8. Involuntary Data Sharing
7. I Locked My Network In San Francisco
6. CAPTCHA Cracker
5. The Internet's Biggest Security Hole
4. Crouching Tiger, Hidden Trojan
3. Hack The Grid
2. The Always War
1. The Trouble With The Domain Name System

By Kathryn Edwards

December 23, 2008 (Computerworld Australia) Computerworld Australia is undertaking a series of investigations into the most widely used programming languages. Previously, we have spoken to Alfred V. Aho of AWK fame, S. Tucker Taft on the Ada 1995 and 2005 revisions, Microsoft Corp. about its server-side script engine ASP, Chet Ramey about his experiences maintaining Bash, Bjarne Stroustrup of C++ fame and to Charles H. Moore about the design and development of Forth. We've also had a chat with the irreverent Don Woods about the development and uses of INTERCAL, as well as Stephen C. Johnson on YACC, Luca Cardelli on Modula-3, Walter Bright on D, Brendan Eich on JavaScript and Guido van Rossum about Python. Most recently, we've spoken with Larry Wall, creator of the Perl programming language.

This time we chat with Don Syme, senior researcher at Microsoft Research Cambridge, who developed F#.

By Darryl K. Taft
2008-12-29

Article Views: 4812
Article Rating: / 4

December 29, 2008 1:31 AM

Microsoft 2008: From Desktop to Data Center

Microsoft had a pretty good year, despite the fourth quarter's global economic crisis.

Sure, Apple made gains in Mac market share and the iPhone 3G is wooing away developers. Google released a Web browser and mobile operating system, while gaining more search share.

GOT A TIP OR RUMOR?

But these nuisances aside, and despite sluggish enterprise Windows Vista adoption, Microsoft stormed the server and data center and continued to post strong quarterly earnings. Clouds may loom over 2009, but this was a year of sunshine. I present to you Microsoft 2008, in chronological order. If there is some important event you think should be on the list, please add it in comments or send to me by e-mail.

In an exclusive interview, IBM CIO Mark Hennessy explains that IBM's Global Services division has as its top priority for 2009 the integration of enterprises' legacy software and hardware with new, virtualized equipment. We also can expect to see more automation of IT processes in hardware, software and networking.

IBM would love to come into your data center and eradicate all forms of IT chaos.

All IT managers face IT chaos at one time or another. Even if you are one of the lucky ones relatively free from it at this time, then you can expect it to show up eventually. If IT chaos can be done away with, IT managers around the globe will be falling to their knees in thanksgiving; naturally, that means profit for IBM and all the other vendors that can solve these issues.

This chaos, as defined here, is usually the result of software, hardware and networking equipment acquired piecemeal, and subpar practices built up in an infrastructure over a number of years. Thanks to different eras and vendors, varying licenses, and changing standards and best practices, much of what goes into a data center simply doesn't work together very harmoniously.

By Darryl K. Taft
2008-12-29

Article Views: 4792
Article Rating: / 4

What will 2009 bring in terms of the cloud computing landscape? Appistry offers a set of predictions as to where cloud computing is going and what companies such as Oracle, IBM and Amazon.com are likely to do.

With 2008 being the year that cloud computing dominated the headlines in the IT arena, some pundits are saying that 2009 will be the year of the cloud for enterprises.

I'll get back to that in a bit, but first I want to give credit to my former colleague Peter Coffee, who gave a multifaceted description of what it means to be in the cloud.

Coffee, who is now director of platform research at Salesforce.com, said, "I'm currently using a simple reference model for what a 'cloud computing' initiative should try to provide. I'm borrowing from the famous Zero-One-Infinity rule, canonically defined in The Jargon File..."

He continued, "It seems to me that a serious effort at delivering cloud benefits pursues the following ideals—perhaps never quite reaching them, but clearly having them as goals within theoretical possibility: Zero—On-premise[s] infrastructure, acquisition cost, adoption cost and support cost. One—Coherent software environment—not a 'stack' of multiple products from different providers. This avoids the chaos of uncoordinated release cycles or deferred upgrades. Infinity—Scalability in response to changing need, integratability/interoperability with legacy assets and other services, and customizability/programmability from data, through logic, up into the user interface without compromising robust multitenancy.

http://government.zdnet.com/?p=4250&tag=nl.e620

December 31st, 2008

Britain may outsource huge surveillance database

Posted by Richard Koman @ December 31, 2008 @ 3:35a

I guess Britain’s Home Office didn’t get the memo about abusive surveillance programs being scaled back in the waning days of the war on terror. Britain is moving forward with a £12 billion plan for a massive database to track every phone call, email and chat conversation in the country. And not only that – the database project would likely be outsourced to private firms, The Telegraph reports.