It’s not unusual for hackers and script kiddies to crash their Windows systems while trying to write a malicious code. It’s apparently also not unusual for them to send that malicious code right along to Microsoft when prompted.
According to Microsoft senior security architect Rocky Heckman, when a “hacker’s system crashes in Windows, as with all typical Windows crashes, the user would be prompted to send the error details – including the malicious code – to Microsoft. The funny thing is that many say yes.”
He explains further:
People have sent us their virus code when they’re trying to develop their virus and they keep crashing their systems. It’s amazing how much stuff we get.
More information [ZDNet]
Has this ever happened to you? You’re writing an email online and you try to copy some text from a webpage. But when you paste it in, you get all the original fonts, colors, and spacing. “Wait!” you say, “I just wanted the text!”
This happened to us so many times while building Google Chrome that we added a special shortcut to do just that. Alongside the common Ctrl-V keyboard shortcut for “paste”, Google Chrome supports a similar shortcut, Ctrl-Shift-V, for “paste as plain text”. (And it’s Command-Shift-Option-V on a Mac.)
You can use this shortcut in any rich text editor (like Gmail’s compose window, or when writing in Google Docs) to strip out all the presentation from the original source and just paste in a block of text.
More information [chrome.blogspot.com]
We’ve featured a few ways to make your own iPad or tablet stylus, but they’re either kludgy or require some harder-to-find items. Technology “journalist” Walt Mosspuppet shows us how to make one out of just a candy bar wrapper and a pen.
This method is remarkably clever (you know, for a drunk puppet), and is cheap and simple: you just need a capacitive candy wrapper and a pen. Most candy wrappers should work; I’d guess that you can tell which ones are capacitive by whether the inside is silver—if it just looks like white glossy paper, it probably won’t work.
We actually experimented with a few modifications to this trick, and here’s our version of the stylus. It’s a bit more sturdy, and the only extra thing you need is a bit of tissue paper (or anything else that can act as a buffer between the pen tip and wrapper). First, cut the candy wrapper as shown, with two strips coming out of the top, right next to each other:
Roll the pen over and fold the second strip down onto the pen, so it’s perpendicular to the first strip.
Then, just roll on the rest of the wrapper and tape it all together. You’ll have a quick, easy stylus that’s fairly durable and will work on your touch screen device.
Got any of your own methods for creating easy, at-home styli? Share them in the comments.
More information [mosspuppet]
Cisco and company, you’ve got approximately seven days before a security researcher rains down exploits on your web-based home router parade. Seismic’s Craig Heffner claims he’s got a tool that can hack “millions” of gateways using a new spin on the age-old DNS rebinding vulnerability, and plans to release it into the wild at the Black Hat 2010 conference next week. He’s already tested his hack on thirty different models, of which more than half were vulnerable, including two versions of the ubiquitous Linksys WRT54G (pictured above) and devices running certain DD-WRT and OpenWRT Linux-based firmware.
To combat the hack, the usual precautions apply — for the love of Mitnick, change your default password! — but Heffner believes the only real fix will come by prodding manufacturers into action.
More information [engadget]
In 2009, Chris Paget showed the world the vulnerabilities of RFID by downloading the contents of US passports from the safety of his automobile. This year, he’s doing the same for mobile phones. Demonstrating at DefCon 2010, the white hat hacker fooled 17 nearby GSM phones into believing his $1,500 kit (including a laptop and two RF antennas) was a legitimate cell phone base station, and proceeded to intercept and record audience calls. “As far as your cell phones are concerned, I’m now indistinguishable from AT&T,” he told the crowd. The purpose of the demonstration was highlight a major flaw in the 2G GSM system, which directs phones to connect to the tower with the strongest signal regardless of origin — in this case, Paget’s phony tower.
The hacker did caveat that his system could only intercept outbound calls, and that caller ID could tip off the owner of a handset to what’s what, but he says professional IMSI catchers used by law enforcement don’t suffer from such flaws and amateur parity would only be a matter of time. “GSM is broken,” Paget said, “The primary solution is to turn it off altogether.” That’s a tall order for a world still very dependent on the technology for mobile connectivity, but we suppose AT&T and T-Mobile could show the way. Then again, we imagine much of that same world is still using WEP and WPA1 to “secure” their WiFi.
More information [engadget]
Google is adding support for multiple account sign-ins so anyone with more than one Google account can just log into one, but quickly switch between accounts without special add-ons or other tricks.
We mentioned it might happen yesterday, but it looks like the new feature is rolling out for real, starting today. The feature won’t be enabled for everyone just yet, but when it is, you should be able to set it up here. Alternately, Google Operating System points out that you may also see a link to multiple sign-in setup on your Google Accounts page. (It’s starting to roll out today, and if it’s like most Google rollouts, you should see it within at least a few days.) What you need to know:
- You can sign into a maximum of three accounts at once.
- The first account you sign in with when you’re setting up multiple sign-in will be set to your default account.
- You can’t use Offline Gmail or Calendar with the multiple sign-in feature.
- Multiple sign-ins only work with these Google apps—that is, Google App Engine, Code, Calendar, Gmail, Reader, Sites, and Voice support the multiple sign-in feature. Most notably, Google Docs isn’t yet supported, but it’s marked as coming soon.
More information [lifehacker]
Una de las principales características del iPhone es el catálogo de aplicaciones que permiten convertir al celular de Apple en una versión digital de un cortaplumas suizo. Juegos, guía de recetas, noticias son tan sólo una parte de la oferta que ponen a disposición los programadores independientes de la plataforma. Sin embargo, no todos los desarrollos son aceptados: la compañía liderada por Steve Jobs es quien decide qué contenidos son apropiados y cuáles no.
Para evitar este mecanismo impuesto por Apple desde los inicios del iPhone, extensivo a los dispositivos móviles que utilizan el sistema operativo iOS4 como el iPod Touch o la iPad, en la Red aparecieron diversas alternativas para desbloquear los equipos y saltear esta restricción. En la jerga técnica, esta modalidad se denominó jailbreaking.
Más información [lanacion.com]
