Tuesday, March 31, 2009


Google Earth 5.0 is a fun and free way to waste time, and now it’s even better with the updated Mars in Google Earth, a 3D mapping tool that lets astronomy buffs and armchair astronauts roam the Red Planet.
You now can view antique maps of Mars from over a century ago, as well as the latest images from today’s Mars spacecraft. In addition, you can go on virtual flybys with NASA’s Mars Odyssey and Mars Reconnaissance Orbiter, and get guided tours of the planet from Public Radio’s Ira Flatow and Bill Nye, the Science Guy.
For a quick tutorial of the new Mars in Google Earth features, check out this Google overview.
Below is a brief summary of the highlights:
To travel to the Red Planet, go to the top toolbar and click “Mars.”

This flies you to the Mars, where you can explore current maps or travel back in time to see antique maps by astronomers Giovanni Schiaparelli, Percival Lowell, and others:

For a present-day look at Mars, select images from a variety of modern spacecraft, including the Phoenix and Beagle2 landers and the Opportunity and Spirit rovers:

Conspiracy buffs will want to try the zoom tool. It’s great for exploring mysterious imagery like the Face on Mars:

A guided audio tour helps you find your way around the planet. You can pause the tour to explore areas of interest like the Valles Marineris, a vast system of canyons that’s 1860 miles long:

You can even see satellite images being taken by the NASA THEMIS camera onboard the Mars Odyssey spacecraft.

Mars in Google Earth is a lot of fun! (Sorry, no GPS navigation yet for the Red Planet.)

Stumble Upon Toolbar

Monday, March 30, 2009


With Hollywood actor Mark Wahlberg failing to impress as the big screen iteration of videogame anti-hero Max Payne, ever-controversial software developer Rockstar Games has this week announced it’s preparing its hard-hitting franchise for yet another all-action outing.
Presently in production at Rockstar’s Vancouver-based studio in Canada, Max Payne 3 has been issued with a scheduled release of “Winter 2009” and will be available on the PlayStation 3, Xbox 360 and Games for Windows, according to an official statement.
“We’re starting a new chapter of Max’s life with this game,” enthused Sam Houser, founder of Rockstar Games. “This is Max as we’ve never seen him before, a few years older, more world-weary and cynical than ever.”
While little is presently known about Max Payne 3’s narrative or gameplay structure, an early poster image suggests adult themes typical of the series thanks to a heavily scarred Max sporting a greying beard and blood spattered liberally across his face and neck.
The only nuggets of information dropped by Rockstar see Max emroiled in a world of corruption, turmoil and intense violence as he leaves New York behind and drifts “from bad to worse” on a search for truth that involves being double crossed and trapped in a city filled with violence and bloodshed – staples of the first two series offerings.
“We experience the downward spiral of his life after the events of Max Payne 2 and witness his last chance for salvation,” added Houser.
Developer Rockstar Games is best known for its often controversial but critically acclaimed Grand Theft Auto games, along with similarly highlighted offerings such as Manhunt, Manhunt 2, and Bully (a.k.a. Canis Canem Edit).

Stumble Upon Toolbar

Sunday, March 29, 2009


Expanding the on-the-go reach of its hugely popular video-sharing Web site YouTube, search giant Google Inc. has this week introduced a mobile application specifically for Windows Mobile and Nokia Symbian Series 60 (S60) handset devices.
Beyond expanding the user base of the YouTube application, an official announcement posted to the Google Mobile blog promises “up to 90%” faster start-up times, searches and video loads, while improved access is likely via the addition of a specific YouTube icon to the host phone’s home screen.
“Our goal is to provide you with a great YouTube experience wherever you want to watch videos – whether it’s on your computers, on your television, or on your mobile phone,” outlined Dave Stewart of YouTube’s product marketing team.
“While YouTube has been available for many mobile phones for over a year, today we’re taking a big step forward with a new version of our mobile YouTube application,” he added.
In terms of mobile video performance, the application automatically detects the user’s assigned network capabilities and selects the highest available streaming quality, which Google claims will provide videos that “will look sharper,” and sound that’s “clearer than ever.”
Other enhancements include improved optimised streaming over Wi-Fi and 3G to support an even wider range of networks, while buffering is similarly pushed in order to ensure video playback is possible even in areas where coverage is weakened.
With Google trumpeting that it has “worked really hard to make video playback ‘just work,’” the YouTube application requires no configuration beyond its initial installation and alerts its users whenever updates or improvements become available for the mobile platform.

Stumble Upon Toolbar

Friday, March 27, 2009


President Barack Obama plans to answer questions on that were submitted to the White House through Google Moderator.
On Monday, Obama posted a message on YouTube, which has received more than 10,000 hits to date, telling Americans that "we're going to take advantage of the Internet to bring all of you to the White House to talk about the economy."
The White House is using Google Moderator, an application that allows users to pose questions
and vote on ones that they like. There are 11 categories on the site including small business, veterans and health-care reform. Nearly 12,000 people had submitted questions and cast more than 420,000 votes by Wednesday.
"We're going to compile those questions and votes and then on Thursday I'll be giving you some answers myself," Obama said in his YouTube address. The administration will have a lot of work, though, as nearly 14,000 questions have been submitted so far.
Under the home ownership category the question with the most votes is: "What benefits from the stimulus plan are there to those of us who are paying our mortgages, but living paycheck to paycheck?"
A younger user from Washington, D.C., posed a question in the retirement security forum, "I'm 19 years old and just beginning to see my earnings deducted for Social Security. Though retirement is a long while away, how can you guarantee that this program remains solvent?"
Calling the project an "experiment" Obama said that "it's also an exciting opportunity for me to look at a computer and get a snapshot of what Americans across the country care about."

For custom essays and solution to your essay making problems...visit New Wave Essays

Stumble Upon Toolbar

Tuesday, March 24, 2009


Microsoft Corp. may be talking up the performance boost it gave to the just-launched Internet Explorer 8 (IE8), but the new browser remains the slowest of the top five on the market, benchmark tests show.
According to JavaScript rendering tests run by Computerworld, the final version of IE8 is only slightly faster than the browser's Release Candidate 1 (RC1), which Microsoft delivered in January.
Computerworld ran the SunSpider benchmark tests in Windows XP three times for each browser, then averaged the scores.
Google Inc.'s Chrome led all browsers with a score of just 1382 -- in SunSpider, lower scores are better -- making it more than four times faster than IE8. Coming in second was Mozilla Corp.'s Firefox 3.0.7, followed by Apple Inc.'s Safari 3.2.2 for Windows and Opera Software's Opera 9.63.
Firefox proved to be 59% faster than IE8, while Safari was 47 faster faster. Opera, the slowest non-Microsoft production browser, was still 38 percent faster than IE8.
Microsoft, however, has continued to downplay benchmarks such as SunSpider, and instead has promoted page-load time trials that pit browsers against each other in rendering the Web's top 25 destinations. Last week, Microsoft claimed that IE8 loaded more sites faster than either Chrome or Firefox.
At the time, however, James Pratt, a senior program manager for IE, acknowledged that the differences were slight. That's another angle the company has taken when it's talked about IE8's performance. In an interview yesterday, for example, Pratt called IE8 "highly competitive" with other browsers, and dubbed it "the fastest version of IE that we have ever released."
But he also acknowledged that speed is important to users. "We know that speed is critical to people who are using browsers today," Pratt said, "and we recognize that users have a choice when it comes to browser."

Stumble Upon Toolbar

Sunday, March 22, 2009


Google has upped the ante in the browser speed wars and added a handful of features with a new 2.0 beta version of its Chrome Web browser (you can download the browser here)
. Though Chrome version 1.0 emerged from beta in December, Google decided to move it back into beta testing and tinker. For those who aren't interested in playing with a beta edition, Google still offers the stable version for everyday Chrome users, as well as a developer version.
According to the official Google Chrome blog, the new beta version processes Javascript 25 percent faster on its V8 (the engine on which Chrome is built) benchmark, 35 percent faster on the Sunspider benchmark, and twice as fast as its original beta. Chrome beta also includes features such as form autofill; a full-page zoom that captures not only text but images; autoscroll when you click your mouse's scroll button; and dragging tabs -- a neat feature that puts your tabs in side-by-side symmetrically-sized windows when you drag a tab outside of the original browser window.
Browsing with the Chrome beta and you will find that its speed boost and add-ons made the browser function like a quicker, cleaner version of Firefox. Downloaders should beware, though: Some reports caution that Chrome 2.0 beta is buggy and users have experienced problems with password management.
Last month Apple introduced a souped-up version of its Safari browser, claiming it was faster than its competitors Internet Explorer, Chrome, and Firefox. If Google's claim that this latest beta version of its browser is twice as fast as the original, It would be interesting to see where this leaves Apple and Google in the faster-is-better browser wars.

Stumble Upon Toolbar

Friday, March 20, 2009


The third Conficker malware variant in infected machines is set to activate April 1, says the director of threat research at CA where the malware sample first discovered last week by Symantec is being examined.
"It's set to go off April 1, 2009 and Conficker will generate 50,000 URLS daily," says Don DeBolt, CA's director of threat research.
Generating that many URLs is a way to hide where it may be calling to download instructions from those who designed it to infected machines. It's not known exactly what those instructions might be but it could involve downloading more malicious code or destroying files.
Antivirus vendor Symantec has also warned of a third wave of Conficker attacks.
CA says it has some ideas about where Conficker originated but isn't discussing that at present.

Stumble Upon Toolbar

Wednesday, March 18, 2009


Microsoft Corp. says that its own speed tests prove Internet Explorer 8 (IE8) is faster than either Firefox or Chrome.
In a report released last week, Microsoft spelled out how it tests browsers in-house, and again stressed that it doesn't buy the idea that benchmarks -- such as those that score JavaScript performance -- accurately compare the players.
"These benchmarks necessarily characterize only a narrow set of the browser functions in a very constrained way," Microsoft's report said. "End users, however, do not operate in a controlled environment."
Microsoft's tests pitted IE8 Release Candidate 1 (RC1), which launched in late January, against Google Inc.'s Chrome 1.0 and Mozilla Corp.'s Firefox 3.0.5, a version from mid-December. The company timed how long it took each browser to completely render the 25 most-popular destinations on the Web, as ranked by the Web metrics firm comScore Inc., which included google.com, facebook.com, amazon.com, and others.
IE8 was fastest in rendering 12 of the 25 sites, said Microsoft, while Chrome took second by beating the others on nine sites. Firefox, meanwhile, was a distant third, coming in first on just four of the 25 domains.
Microsoft did not test other browsers, such as Apple Inc.'s Safari or Opera Software ASA's Opera, said James Pratt, a senior product manager on the IE development team, because it wanted to focus on rivals that "had a good share on the Windows platform."
Both Opera and Safari for Windows have shares of less than 1%, according to the most recent data from Net Applications Inc., with the former, on all platforms, accounting for 0.7% and the latter just 0.3%.
Nor did Microsoft put IE8 in the ring with later versions of Chrome and Firefox. Chrome, for instance, is currently at as a developer-only build, while Firefox just rolled out 3.1 Beta 2. Both browsers boast better performance, specifically faster JavaScript rendering. "IE8 RC1 is a release candidate, and was very close to being done," explained Pratt when asked why newer versions of Chrome and Firefox had not been used. "But Google and Mozilla were still actively working on [those newer browsers], and they weren't super stable."
JavaScript benchmarks have become a point of dispute between Microsoft and its rivals. While Mozilla, Google, Apple and Opera have all updated their JavaScript engines in the last eight months, and have then trumpeted scores in JavaScript test suites like SunSpider, Microsoft executives have dismissed the bragging as so much noise.
Dean Hachamovitch, IE's general manager, has called claims of competitors a "drag race" that Microsoft isn't interested in joining, while Pratt has downplayed comparisons of any kind. "We're at the point, with what people do in the browser, that users can't really tell the difference between browser [performance]," he said in a January interview.
Pratt said that the just-released report backed that up. "As you can see from the scores, the differences between the browsers are actually very small," he said.
When Computerworld last tested the major browsers' JavaScript performance, immediately after the release of the public beta of Safari 4, IE8 ranked last.
Although Google did not respond to a request for comment on Microsoft's benchmarks, Mozilla's Mike Shaver, who heads all development at the company, applauded any attempt to boost IE's performance. "I don't think anyone here has had a chance to really look at their methodology yet or tried to reproduce their results, but to whatever extent Microsoft is working to improve the performance of IE it's a good thing for the Web," said Shaver in an e-mail late Thursday.

Stumble Upon Toolbar

Monday, March 16, 2009


Google knows who you are. It knows what you search for. It knows what you had for dinner last night and exactly where you like your back to be scratched. And, starting Wednesday, it will deliver ads tailored directly to you.
In a blog post titled "Making ads more interesting," VP of Product Management Susan Wojcicki describes Google's decision to move into behavioral advertising. To wit:
We think we can make online advertising even more relevant and useful by using additional information about the websites people visit. Today we are launching "interest-based" advertising as a beta test on our partner sites and on YouTube. These ads will associate categories of interest -- say sports, gardening, cars, pets -- with your browser, based on the types of sites you visit and the pages you view. We may then use those interest categories to show you more relevant text and display ads.
In other words, the ads Google displays won't just pull from the search terms you're using. Google will also look at all the sites you've visited lately. So if you're searching for, say, "baby wipes" and all you see are ads for porn, Google knows you've been a naughty little monkey.
[Note: Porn is not one of Google's officially sanctioned "categories of interest," but you get the idea.]
The concept isn't new; behavioral ad companies were all the rage a few years ago, which is why AOL, Microsoft, and Yahoo all bought one of their very own. But Google is the proverbial 8,000-pound gorilla -- when it does something, there's usually a boatload of banana peels to slip on.
There are limits, of course. Google associates the ads to a cookie in your browser, not your identity; so it will know about the naughtiness, but won't know which monkey is responsible. If you don't like the idea of Google delivering ads based on your surfing habits -- or you want it to know some of your interests, but not all of them -- you can change the settings in Google's Ads Preferences Manager. You can also opt out entirely, and install a plug-in for IE or Firefox that maintains your opt-out choice even when you nuke all your other cookies.

Stumble Upon Toolbar

Sunday, March 15, 2009


Is Nokia looking to play ASUS and Acer at their own hardware game?

Technology companies intent on increasing their product reach by implementing manufacturing crossovers seems to be a habit that’s gathering momentum.
Moreover, while Netbook heavyweights ASUS and Acer have recently expanded into the world of smartphones, mobile phone titan Nokia has announced a shift of focus towards computer hardware.
Speaking in a recent Finnish television interview with YLE, Nokia CEO Olli-Pekka Kallasvuo has said the Espoo-based market leader is considering plans to begin production of its own line of mobile computer systems, describing the new devices as capable of merging the features and functions of a PC along with those of a mobile handset.
“We don’t have to look even for five years from now to see that what we know as a mobile phone and what we know as a PC are in many ways converging,” said Kallasvuo regarding a move towards portable computing. “We are looking very actively also at this opportunity.”
According to tech publication ITProPortal, a related report offered up by the “well-connected” folks at Unwiredview claims Nokia has already progressed its plans to the point of creating a functional mobile computing device built on an open-source Linux operating system.
The report also suggests the platform could ultimately function on Nokia's own Symbian operating system and physically resembles the Nokia N800 touch-screen Tablet (pictured), which, if true, would eliminate a fully-fledged move into the ultra-portable Netbook or traditional notebook computer category.
Other features apparently crammed into the diminutive device, which is supposed to be on schedule for a 2011 arrival, includes ARM’s multi-core Cortex A9 Sparrow processor and a somewhat unusual button-equipped keyboard with diamond-shaped keys.

Stumble Upon Toolbar

Saturday, March 14, 2009


It's not possible to emphasise enough the importance of using sensible passwords on your network.
Not just on the areas of your network that you don't want your users to traipse through, but also on the default network shares that are present on installations of commonly used operating systems like Windows NT/2000/XP/2003.
One of the ways in which the Conficker worm (also known as Confick or Downadup) uses to spread is to try and batter its way into ADMIN$ shares using a long list of different passwords.
As you can see in the list below, it relies upon computers using poorly chosen passwords such as dictionary words, "password", "qwerty" or sequences of letters or repeated numbers:

click on the image for a larger view or save the image for your own guide:

One way to make it harder for password-cracking malware like Conficker from spreading across your network is to ensure that no-one is using a poorly-chosen password.
And, of course, please don't delay installing the critical security patch that Microsoft issued late last year.

Stumble Upon Toolbar

Friday, March 13, 2009


A report by Secunia finds the vulnerabilities in Mozilla Firefox greatly outnumbered those in Internet Explorer, Apple Safari and other browsers in 2008. However, Mozilla was quicker to react than Microsoft when dealing with vulnerabilities disclosed publicly without prior vendor notification, Secunia says.
Mozilla's Firefox Web browser has been gaining market share against Microsoft Internet Explorer for years now. However, in 2008 it surpassed IE in a far less glorious category: number of bugs.
According to browser vulnerability research by Secunia(PDF) 115 security vulnerabilities in Firefox were reported in 2008—nearly twice as many as IE and Apple Safari combined. However, the news is not all bad, as the same report showed that Mozilla was much quicker to respond than Microsoft when flaws were publicly disclosed either prior to or without vendor notification.
Three Firefox vulnerabilities were publicized last year under those conditions. All three were patched, with the longest patch taking 86 days to arrive, according to Secunia. For IE, however, only three of the six such vulnerabilities were patched as of Dec. 31. One of the IE vulnerabilities remained open for 294 days in 2008, according to the report.
The report noted that not all vulnerabilities are created equal. The three aforementioned Firefox flaws were rated "less critical," while the Microsoft vulnerabilities were more of a mixed bag. The three unpatched IE flaws were rated either "not critical" or "less critical." Two of the patched bugs were classified as "moderate" and "high," while the third patched bug was considered "less critical."
On March 4, Mozilla released an update plugging eight security holes in Firefox 3.07, of which six were rated critical. The vulnerabilities affect the browser's garbage collection, PNG libraries, layout and JavaScript engines.
The critical vulnerabilities could enable hackers to run arbitrary code. But there is also a vulnerability rated "high" that could allow a Web site to use nsIRDFService and a cross-domain redirect to steal private data from users authenticated to the redirected Web site.
The update came a day after Opera Software issued a security update for its browser, and roughly a week after Apple released a beta version of Safari 4.

Stumble Upon Toolbar

Thursday, March 12, 2009


Computer games are good for children, according to a Microsoft-commissioned survey in the U.K. that seeks to pacify parents concerned by violence, sex and swearing in games such as Grand Theft Auto IV.
The Play Smart, Play Safe study, which surveyed 2500 parents, found that games are a "great social experience". Sixty-one percent of parents allowed their children to play games labeled with a higher age rating, although 42 percent were worried about their sons and daughters communicating with older users online.
More than fifty percent said games bring families closer together. However, the Microsoft-backed report also surveyed 1000 children, and found 69 percent of them wanted their parents to keep a closer eye on the age certificates of the games they played.
Eight-one percent of British children play computer games at least once a week, according to the research, with more than 75 percent playing against other gamers online.
Mike Rawlinson, director-general of the Entertainment and Leisure Software Publishers Association (ELPSA), told The Telegraph that the fact that so many children are playing games online "reinforces the need for a single age ratings system that protects British children, both on- and off-line, now and in the future".
"This is why the games industry is totally committed to PEGI, the independently regulated Pan-European Game Information System, which we're asking the government to enforce through UK law," he said.

Stumble Upon Toolbar

Tuesday, March 10, 2009


click on the image for a bigger view . . .

Google Earth is once again making news after reports last week that previously blurred images of a British Naval base and images of what are clearly two nuclear subs appeared in the clear. While the images are sensitive, this type of exposure is a fact of life when you consider the nature of the Internet and the availability of satellite imagery.

UK tabloid newspaper, The Sun broke the story of the base located Faslane, Scotland, which had been blurred in the past on Google Earth. However, a recent update kept the images clean and that has caused some to worry, including FUD that terrorists will use images like this to launch attacks. It’s happened before true, but more often than not, the images available from Google and other sources are used as a secondary level of intelligence.

Yet, speaking to The Sun, an MOD spokesman said, “We do everything to protect bases but it’s impossible to control all websites providing satellite imagery. If people are really determined to target these sites they can find these images and there is nothing we can do to stop them.”
It is important to note, the location of the base is well-established. That is not the issue; the problem is the detailed location of the buildings. Google said that they work with governments to blur images if asked, but would not comment on any discussions or why they images are still visible.

Stumble Upon Toolbar

Friday, March 6, 2009


Opera today released an update to its Web browser that closes a number of security holes, including one the company rates "Extremely Severe."
The flaw would allow a specially crafted jpeg image to crash Opera and run any command on your PC, which is about as bad as it gets: If you browsed a site with one poisoned image, you could end up with malware.
The new version, 9.64 (release notes), also adds support for two Windows security mechanisms, Data Execution Prevention (DEP) in Windows XP and Address Space Layout Randomization (ASLR) in Windows Vista. So if you use Opera, get this must-have fix by clicking Help | Check for Updates. Opera still annoys with a lack of an auto-update feature, so you'll have to download and run the 5.4 MB installation file to upgrade.
Meanwhile, Secunia warned today of a security flaw in the Winamp media player that can also allow an attacker to have his way with your PC if you open a malicious CAF audio file. Secunia reports that the flaw exists in the latest downloadable version, 5.55, as well as 5.541 and possibly other versions as well. And there's no word yet of a fix, so be extra careful with CAF files.

Stumble Upon Toolbar

Thursday, March 5, 2009


If the videogame blogosphere is to be believed, the once mighty PlayStation brand is on the verge of flopping thanks to the pennywise dominance of Nintendo and Microsoft hardware and a consumer demographic unwilling to invest greater sums of money in Sony’s Blu-ray-equipped PlayStation 3.
However, Sony Computer Entertainment would beg to differ. Having this week rebuffed analyst claims of an imminent price cut to its PS3 console, and highlighting fiscal performance that’s on track for 10 million unit sales, Sony has also moved to draw attention to the successful spread of its PlayStation Network (PSN).
Sony has today announced it has taken the PlayStation Network just 27 months to amass more the 20 million registered users, a substantial figure that outstrips the 17 million users presently active on Microsoft’s Xbox Live network, which is in its seventh year of service.
While both PSN and Xbox Live offer largely similar platforms, including online multiplayer access, demo and trailer downloads, exclusive add-on content, and global gamer socialising, the two differ massively insofar as Xbox Live costs $50 USD per year for full access, while usage on the PlayStation Network is completely free.
Available around the world in 55 countries, the PlayStation Network currently offers some 14,500 downloadable media items (including game content, movies and TV shows) and has already delivered more than 380 million digital downloads with an accompanying value of $180 million USD.

Stumble Upon Toolbar


There haven't been many brand-new camera announcements thus far at PMA 2009, the big camera trade show, but Kodak jumped into the fray today by unveiling the Kodak EasyShare Z915.
The Z915 is a pocketable, AA-battery-powered, 10x optical zoom camera (35mm wide-angle to 350mm telephoto) for the recession-friendly price of $200. A 10-megapixel sensor, optical image stabilization, automatic scene optimization, and a 2.5-inch LCD screen are also in the mix.
The Kodak EasyShare Z915 is due in April in a variety of color options: black, gray, blue, and red.

Stumble Upon Toolbar

Wednesday, March 4, 2009


Survey reveals kids spend 87 hours per year surfing porn.
If you’re a concerned but trusting parent striving to avoid staring over your child’s shoulder while they’re surfing the Web, the results of a new study into the online habits of teenagers suggests more stringent monitoring would be well worth considering.
More pointedly, a recent survey carried out by software solutions outfit Cyber Sentinel has revealed that teenage Web users in the UK are spending an average of 1hr and 40mins a week looking at online pornography – which equates to some 87 hours per year.
Beyond the draw and easy access of illicit adult material, the survey of 1,000 teens aged between 13 and 19 also discovered that many are keen on perusing diet and weight-loss Web sites for around 1hr and 35mins per week, while investing a further 1hr and 8mins per week into cosmetic surgery sites.
According to Ellie Puddle, marketing director for Cyber Sentinel, the survey results show that UK teens are using easy online access as a way to avoid asking their parents about a range contentious topics brought to their attention “as a result of modern-day pressures.”
When quizzed as to their online habits, most of the teenage survey respondents admitted they were often left alone with Web access for as much as two hours per day, while around a third said they did actively attempt to hide their online activity from their parents.

Stumble Upon Toolbar

Tuesday, March 3, 2009


A researcher has found a convincing way to hack the Secure Sockets Layer (SSL) protocol used to secure logins to a range of Websites, including e-commerce and banking sites.
Using a specially-created app, 'SSLstrip', a researcher calling himself Moxie Marlinspike demonstrated to Black Hat Arlington, Va attendees at last weekend's conference how vulnerable many SSL connections were to an involved but clever man-in-the-middle (MitM) attack where a hacker could proxy traffic from users accessing genuine secure https:// website logins.
To prove the usefulness of the attack to a hypothetical criminal, he claimed the hack had given him access to 117 e-mail accounts, 16 credit card numbers, 7 PayPal log-ins and over 300 other "miscellaneous secure logins" in a 24-hour period. Sites involved included Ticketmaster, Paypal, LinkedIn, Hotmail, and Gmail.
The clever bit is that the attack didn't need to touch the encrypted SSL traffic at all, simply exploit the fact that users almost never call https directly, instead accessing that by calling a conventional http web page first. That fact makes it possible to monitor and map the traffic between the browser and website before the SSL is set up securely, putting itself between the two so that neither site is aware that anything is amiss.
According to Marlinspike, the hack is also able to overcome the possibility that the browser will generate invalid certificate warnings from the fake proxy site, even passing back convincing if bogus favicons such as the traditional https padlock. The only signal that something is wrong would be the lack of the https:// address in the toolbar, something few users would likely notice, he said.

"Lots of times the security of HTTPS comes down to the security of HTTP, and HTTP is not secure," says Marlinspike in his presentation summary . "If we want to avoid the dialogs of death, start with HTTP not HTTPS."
Importantly, the visual indicators that help ordinary users detect such attacks should once again be emphasised, overturning some years in which developers, including browser developers, had downplayed such reinforcement.
"Once we've got control of that, we can do all kinds of stuff to re-introduce the positive indicators people might miss," he says.
An indirect hack on the secure web infrastructure was reported some weeks ago, whereby a flaw in the MD5 encryption algorithm was used to fool certificate authorities into accepting a bogus certificate as the real thing.

Stumble Upon Toolbar

Search Engine Spider Simulator

Enter URL to Spider