IT Resource

As reported in the Sydney Morning Herald, the Australian government has admitted that it has not defined ANY criteria to judge the success or failure of it’s limited Net Filtering trial.

Following on from the leaking of the site blacklist, the inclusion of legal sites on the list, and the scaling back of the size of the banned list to be used for the trial, this is another demonstration of the lack of forethought and clear goals for this policy.

The news has been roundly condemned by Coalition and Green party members.

Read the full story here

The Federal Government has scrapped the controversial broadband tender process and has decided instead to form a new public/private company to build a national network as an infrastructure project.

Making the announcement today, Mr Rudd described the $43 billion fibre-to-the-home scheme as the single largest infrastructure project in the country’s history and said it would create 25,000 jobs a year during construction, with 37,000 in the busiest year of construction.

“It is the most ambitious, far-reaching, and long-term nation-building infrastructure project ever undertaken by an Australian government,” said Mr. Rudd.

The network will connect 90 per cent of homes to a network with speeds of up to 100 megabits per second, with the remainder connected at 12 megabits a second.

The Government would hold a majority share in the company, which will also be part-owned by the private sector, and will invest $43 billion into the project over eight years.

The Government will then gradually sell off it’s share of the company five years after the project is completed.

Mr Rudd said the company would inject a “new competitive force” into the telecommunications market.

“Today we draw a line under a decade of policy area and neglect,” he said.

“This solves once and for all the core problem created when the previous prime minister privatised Telstra a decade ago without ever resolving the conflict of a private monopoly owning the network infrastructure and dominating the retail market.”

Mr Rudd said the broadband tender process was being scrapped because none of the submitted bids offered value for money to the taxpayer, but said anyone was open to invest in the new company.

Telstra was dropped from the bidding process last December after the Government rejected its proposal.

Researchers have found a huge electronic spying operation that has infiltrated computers and stolen documents from government and private offices around the world, including those of the Dalai Lama.

In a report provided to the New York Times, a team from the Munk Centre for International Studies in Toronto said at least 1,295 computers in 103 countries had been breached in less than two years by the spy system, which has been dubbed “GhostNet”.

Embassies, foreign ministries, government offices and the Dalai Lama’s Tibetan exile centres in India, Brussels, London and New York were among those infiltrated, said the researchers, who have detected computer espionage in the past.

The researchers came to the conclusion that computers based almost exclusively in China were responsible for the intrusions, although they stopped short of saying the Chinese Government was involved in the system, which they said was still active.

“We’re a bit more careful about it, knowing the nuance of what happens in the subterranean realms,” said Ronald Deibert, a member of the research group – “This could well be the CIA or the Russians. It’s a murky realm that we’re lifting the lid on.”

A spokesman for the Chinese Consulate in New York dismissed the idea China was involved. “These are old stories and they are nonsense,” the spokesman, Wenqi Gao, told the Times. “The Chinese Government is opposed to and strictly forbids any cybercrime.”

The researchers began investigating after a request from the office of the Dalai Lama, the exiled Tibetan spiritual leader, to examine its computers for signs of malicious software, or malware.

The network they found possessed remarkable “Big Brother-style” capabilities, allowing it, among other things, to turn on the camera and audio-recording functions of infected computers for potential in-room monitoring, the report said.

The system was focused on the governments of South Asian and Southeast Asian nations and the Dalai Lama, while computers at the Indian Embassy in Washington were infiltrated and a NATO computer was also being monitored.

The One Laptop Per Child (OLPC) Program aims to provide access to IT equipment to remote and disadvantaged children throughout the world, and an Australian version has just been launched with a view to spreading the goodness to kids in Australian and Pacific Island communities.

The laptops in question are basic but rugged little beasts, designed specifically for the program, and something like 500,000 have been distributed around the world already. Currently just a few thousand will be avaialble for distribution in Australia but the program will be reviewed after this initial launch phase.

OLPC laptops have a basic 433MHz AMD Geode processor, 256MB of memory and 1GB of flash storage (plus an SD port for adding more). They come wireless ready, and run a version of Fedora with a GUI called Sugar, plus a range of open source Apps.

The machine has no moving parts and it is designed to be robust enough for hot and dusty climates and easily repaired in the field. There are three USB ports, audio jacks, stereo speakers and microphone, a VGA camera, a waterproof membrane keyboard and a clever LCD screen that is perfectly readable in bright sunlight.

This excellent scheme is making the laptops available via a donation scheme. Basically, a donation of $399USD will set aside one laptop for use in a remote community PLUS another laptop will be given to you. You can of course, then also opt to donate ‘your’ laptop so that the program benefits from 2 machines.

All in all, this seems like an excellent way to give kids out in the bush or in other remote communities a helping hand and a bit of access to IT equipment and ideas that they may otherwise not get.

OLPC Australia can be found at: http://olpc-australia.org.au/

A COMMONWEALTH Bank computer error has left up to 200,000 customers with money ‘missing’ from their accounts, in some cases leaving accounts overdrawn.

A fix is expected overnight.

It appears that customers who had transactions on their accounts between 22nd and 24th November are most likely to be affected, with funds missing from accounts, even though they showed on earlier statements.

Commonwealth bank has stated that any fees incurred as a result of the error will be refunded, and has asked any affected customers left without cash to visit a local branch.

A lawsuit has been filed against Apple claiming that technology used in the iPhone to surf the web infringes on a patent recently filed by a Los Angeles real estate developer (Elliot Gottfurcht) and two partners.

The lawsuit was filed by EMG Technology LLC on Monday in the US District Court in Tyler, Texas. EMG was founded by Mr Gottfurcht and is based in Los Angeles.

The lawsuit alleges that technology the iPhone uses to navigate and display websites specifically designed for small phone screens infringes on a patent obtained in October which was assigned to EMG.

Apple has declined to comment on the lawsuit.

MySQL have announced a new service known as Query Analyser.

The tool will allow administrators and developers to review SQL for possible errors or problems which could harm query performance, an area of functionality which has been noticeable by it’s absence up until now.

Early tests on the system have reportedly seen considerable performance increases among beta testers,. A MySQL spokesman said “”Internally we have seen a 30 per cent improvement. It helps people find problematic code in minutes, and eliminates [that] code during the development process”.

In order to use the new tool, customers will need to have a Gold or higher level subscription to MySQL, although it will come at no extra cost. Hopefully it will just be a matter of time before service availability drips down to the general user population.

The man accused of plunging the Northern Territory government’s computer network into chaos has been committed to stand trial.

OVer 10,000 thousand public servants were locked out of their computers in May after the NT government’s network was hacked and employee details and passwords deleted. Services affected included Hospitals, Prisons and the Supreme Court.

David Mcintosh has been charged with 13 computer related offences – with a maximum possible jail term of 10 years.

The prosecution alleges that the man was a disgruntled employee of a contract company that conducted IT services for the government computer system. It is alleged he used a colleague’s log-in and password to access the network and cause the widespread disruption.

After a two day committal hearing, Magistrate Sue Oliver today ordered McIntosh stand trial in the Supreme Court.

He has been remanded in custody and the case has been adjourned until December. 

Microsoft has released a new beta test version of IE8, stating that this version comes with new features to enhance privacy, ease-of-use, and security.

Beta 1 of IE 8 was released in March, but that was aimed at letting web developers take a first look at the new browser. This latest version is aimed at a broader consumer audience.

Although there is no official release date for IE8 as of yet, Microsoft has pledged to deliver more regular updates of Internet Explorer, whose lead has been chipped away by Mozilla’s Firefox browser. It released Internet Explorer 7 in October 2006.

The latest version of Internet Explorer boasts features found in Firefox 3, including a “smart” address bar that remembers and redirects user to website addresses they have visited before.

IE 8 will also offer a mode called “InPrivate Browsing,” which ensures that history, temporary internet files and cookies are not recorded on a user’s PC.

A new security feature that allows a user to block content coming from third-parties trying to track and aggregate the user’s online behavior will also be available.

Microsoft has also updated features such as “Activities” which allows a user to use information found on one page (e.g. an address) in conjunction with online services such as mapping, without leaving the original site.

The latest test release of Internet Explorer 8 can be found at www.microsoft.com/ie8

There’s been some wild and panicky stuff in some of the Tech press lately about a potential exploit that could bypass Vista’s security model. It all sounds pretty drastic but please bear in mind that most reports have been pretty sensationalist about it.

A ZDNet blog post contains a bit more ‘measured’ information about it along with responses from one of the guys who reported the exploit.

Sybase has teamed up with Australian Business Intelligence (BI) provider Yellowfin to package up the Sybase IQ Data Warehousing tool with YellowFin’s Presentation layer & User Interface.

Sybase IQ is a database product optimised for fast analytics and reporting (using a column-based architecture), while the Yellowfin products will provide a web-based Reporting and Delivery capability with easy-to-use dashboards and charting tools.

The alliance already has a live customer in New Zealand based Paymark, and is actively looking to promote the packaged solution in Australia, NZ, Japan, India and China.

Yellowfin are at: http://www.yellowfin.com.au

Sybase can be found at: http://www.sybase.com.au

The August upate from Microsoft is likely to contain a number of critical and major fixes.

The update will include seven items rated as ‘critical’, the highest of Microsoft’s security alert levels. All of these will address issues that may allow an attacker to remotely execute code on a targeted system.

Four of the critical fixes relate to Office issues, one addresses critical flaws in Windows 2000, XP and Server 2003, another fixes a critical issue in Windows Media Player while the last addresses a critical vulnerability in Internet Explorer.

Also planned are five fixes rated as ‘important’. The patches include two remote code execution flaws in Windows and one in Office. The other two updates address information disclosure vulnerabilities found in Windows Messenger, Outlook Express and Windows itself.

The company plans to release the update on Tuesday 12th August. The release will also include non-security updates for the Windows Malicious Software Removal Tool and the Windows Update, Microsoft Update and Software Update Services

Intel has announced details of a new generation of chips designed to handle increasingly complex and diverse requirements.

The “multi-core” processor technology, codenamed “Larrabee” will be showcased at an upcoming industry conference in Los Angeles.

By dividing tasks between cores, these multi-core chips will be able to cut energy use and heat while speeding performance, using a type of  parallel processing.

Intel and AMD currently sell chips with two or four “cores,” but the new Intel chips (pencilled for release in 2009 or 2010) will have 16 to 48 cores and will be tailored for handling computer game graphics. The chips will also accomomodate the increasingly complex, ‘multi-tasking’ type approach that see users running many desktop apps at once.

Intel say that the major task for software developers now will be to make full use of the available processing power and multi-threading capabilities. Predicted research breakthroughs include voice recognition software so accurate it could be used to record witness testimony in courtroom proceedings.

Intel expects Larrabee “to kick start an industry-wide effort to create and optimise software for the dozens, hundreds and thousands of cores expected to power future computers.”

Larrabee’s initial foray into the multi-billion dollar computer graphics market will put it in an arena dominated by Nvidia and AMD, which both reportedly plan to market chips with hundreds of cores.

See more at:
http://www.intel.com/pressroom/archive/releases/20080804fact.htm?iid=pr1_releasepri_20080804fact

A quick note to warn you that the first code sample has been released to try and exploit the recently announced DNS cache poisoning vulnerability. While most users will be relying on their ISP etc to ensure they have patched the hole, you should also make sure that you have applied any required OS patches/updates (e.g. Windows MS Security Bulletin  MS08-037).

Also – you should note that while attackers may be able to redirect you to a bogus IP, they will not be able to replicate a digitally trusted security certificate. So if you go to your online banking site and see that you are on an ‘http’ page or if you get the IE7 warning page about untrusted/mismatched certificates then you should be careful. Of course, many sites use Shared certificates so it is quite common to see this warning message but you shouldn’t expect to see it when using online banking or similar.

Research in Motion, makers of the Blackberry, has warned businesses to disable the function which allows a BlackBerry to read PDF files, after a security flaw was found in the software.

A “high” severity flaw affecting how BlackBerry Enterprise Server (BES) opens PDF files may be used to compromise a network. RIM disclosed the flaw last week but is yet to issue a patch, stating that no timeframe for a fix was available.

Until then, customers asre advised to disable the BlackBerry Attachment Service, which allows BES to process PDF attachments for users to view on their BlackBerry devices. The flaw relates to how the service processes PDF files, which can be exploited via a maliciously crafted PDF.

Vulnerable systems include BES software version 4.1 Service Pack 3 (4.1.3) through to 4.1 Service Pack 5 (4.1.5). RIM has given the advisory a “high” severity rating.

“If a BlackBerry smartphone user on a BlackBerry Enterprise Server opens and views the specially crafted PDF file attachment on the BlackBerry smartphone, the arbitrary code execution could compromise the computer,” RIM states on its advisory.

According to Sense of Security’s principal consultant, Jason Edelstein, this means that corporate networks are at risk due to the flaw. Most organisations place the BES within key networks, such as email servers, giving it privileged access to other computers on that network.

“Most organisations put the BES on an internal server on the network, which actually is a conduit between the internal server and RIM’s servers based in Canada,” he said.

“If someone loses their device and it’s not locked in some way, you could browse internally to that company’s Web-based resources,” he said.

“The way the end user can determine if they are vulnerable is to try to open the browser on the BlackBerry and attempt to access your intranet resources — if it comes up on the BlackBerry and you know it’s not published on the internet, that should raise alarm bells.”

Blackberry/RIM Knowledgebase article