Details of major Internet flaw posted by accident
The flaw was discovered several months ago by IOActive researcher Dan Kaminsky, who worked through the early part of this year with Internet software vendors such as Microsoft, Cisco, and the Internet Systems Consortium to patch the issue.
The companies released a fix for the bug two weeks ago and encouraged corporate users and Internet service providers to patch their DNS systems as soon as possible. Although the problem could affect some home users, it is not considered to be a major issue for consumers, according to Kaminsky.
At the time he announced the flaw, Kaminsky asked members of the security research community to hold off on public speculation about its precise nature in order to give users time to patch their systems. Kaminsky had planned to disclose details of the flaw during a presentation at the Black Hat security conference set for Aug. 6.
Some researchers took the request as a personal challenge to find the flaw before Kaminsky's talk. Others complained at being kept in the dark about the technical details of his finding.
On Monday, Zynamics.com CEO Thomas Dullien (who uses the hacker name Halvar Flake) took a guess at the bug, admitting that he knew very little about DNS.
His findings were quickly confirmed by Matasano Security, a vendor that had been briefed on the issue.
"The cat is out of the bag. Yes, Halvar Flake figured out the flaw Dan Kaminsky will announce at Black Hat," Matasano said in a blog posting that was removed within five minutes of its 1:30 p.m. Eastern publication. Copies of the post were soon circulating on the Internet, one of which was viewed by IDG News Service.
Matasano's post discusses the technical details of the bug, saying that by using a fast Internet connection, an attacker could launch what's known as a DNS cache poisoning attack against a Domain Name Server and succeed, for example, in redirecting traffic to malicious Web sites within about 10 seconds.
Matasano Researcher Thomas Ptacek declined to comment on whether or not Flake had actually figured out the flaw, but in a telephone interview he said the item had been "accidentally posted too soon." Ptacek was one of the few security researchers who had been given a detailed briefing on the bug and had agreed not to comment on it before details were made public.
Matasano's post inadvertently confirmed that Flake had described the flaw correctly, Ptacek admitted.
Late Monday, Ptacek apologized to Kaminsky on his company blog. "We regret that it ran," he wrote. "We removed it from the blog as soon as we saw it. Unfortunately, it takes only seconds for Internet publications to spread."
Kaminsky's attack takes advantage of several known DNS bugs, combining them in a novel way, said Cricket Liu vice president of architecture with DNS appliance vendor Infoblox, after viewing the Matasano post.
The bug has to do with the way DNS clients and servers obtain information from other DNS servers on the Internet. When the DNS software does not know the numerical IP address of a computer, it asks another DNS server for this information. With cache poisoning, the attacker tricks the DNS software into believing that legitimate domains, such as idg.com, map to malicious IP addresses.
In Kaminsky's attack a cache poisoning attempt also includes what is known as "Additional Resource Record" data. By adding this data, the attack becomes much more powerful, security experts say. "The combination of them is pretty bad," Liu said.
An attacker could launch such an attack against an ISP's domain name servers and then redirect them to malicious servers. By poisoning the domain name record for www.citibank.com, for example, the attackers could redirect the ISP's users to a malicious phishing server every time they tried to visit the banking site with their Web browser.
Kaminsky declined to confirm that Flake had discovered his issue, but in a posting to his Web site Monday he wrote "13>0," apparently a comment that the 13 days administrators have had to patch his flaw before its public disclosure is better than nothing.
"Patch. Today. Now. Yes, stay late," he wrote.
He has posted a test on his Web site that anyone can run to find out if their network's DNS software is patched.
Help us find a better way to pronounce www
As noted in Wikipedia, www is the longest possible three-letter string to pronounce in English. Hitchhiker's Guide to the Galaxy author Douglas Adams remarked that "the World Wide Web is the only thing I know of whose shortened form takes three times longer to say than what it's short for."
You might expect a better way to emerge and spread, as new words usually do. But the www has been around for more than 15 years, and we're still waiting. Technically, the web could be made to work fine without www, but I don't think we're about to see the end of it.
Other languages are fortunate that w has only a single syllable. Pronounce an address in Czech and you'll start with "v??, v??, v??".
Alternatives like "dub-ya dub-ya dub-ya", or "tri-dub" might have become locally acceptable. But in my experience much of the English speaking world still labours with "double-u-double-u-double-u". Such a global resource deserves a snappy, and more universal phrase.
Ideally, one of the shorter variations already circulating would rise to become most accepted. But which? And how can we accelerate the process?
Point of View releases GeForce 9800 GTX+
POINT OF VIEW, well known for its range of NVIDIA based Graphics cards, is launching today the GeForce 9800GTX+, an upgraded version of one of the fastest single GPU graphics card on the market, the GeForce 9800 GTX.
The GeForce 9800GTX+ has major improvements compared to its predecessor. The GPU has been down-sized to 55nm, which offering a major improvement to its power consumption efficiency, operating temperature and core speed. Its 512 MB DDR3 memory is running on 2200 MHz whilst the GPU core has a speed of 738 MHz. The speed of the internal processors has been increased with almost 250 MHz to an impressive speed of 1836 MHz.
The GTX+ graphics card also supports three fairly new technologies:
True-to-life Water, cloth, explosions and smoke!
Experience even more realistic visual effects with the Physics accelerating technology!
This technology allows other than graphics software to be run over the GPU. Have 128 sub-processors decode your video many times faster than conventional (CPU-based) software.
NVIDIA Hybrid Power
Not playing any games? Switch to your integrated graphics chip for minimal power consumption. A smart solution for a greener environment. Hardcore performance and perfect frame rates with Microsoft DirectX10 Shader model 4.0! Experience you favorite games in the highest resolutions and detail level with the brute force power of the GeForce 9800 GTX+! And if that
ECS GeForce 9800 GT Photo & specs
The soon to be released GeForce 9800 GT has surfaced on the web, well at least a photo and some information. A while ago we already spotted the XFX version, it seems that once sample from ECS got leaked and this time with some more information on it.
The GeForce 9800 GT seems to be nothing lese than a rebadged 8800 GT, with slightly different specifications. It will be have 112 Shader processor-enabled, still be based on the 65nm G92 GPU and have the same frequencies and specs as the 8800 GT counterpart. The one thing that did change is that Nvidia's board partners can play around with a customized PCB and choose to make something really special.
The card shown below is made by ECS and is cooled by Arctic Cooling's Accelero S1. It features a blue PCB and GPU, shader and memory frequencies of 600, 1500 and 1800 MHz. The card has 512MB of GDDR3 memory, a 256-bit interface and DirectX 10(.0) and SLI support.
It remains to be a very interesting card especially since the new price will be just under $150m and if you look closely at the bundle below, that's including Rainbow Six Vegas 2.
Art Lebedev offers 15-key Optimus Pultius
Art Lebedev Studios on Tuesday unveiled a new addition to its custom-faced keyboards, the Optimus Pultius, offering users 15 user-programmable, LCD-laden keys to sit beside their keyboard. The Optimus products have made waves in the industry due to their customizable LCD screens, making them ideal for Final Cut Studio or gamers who require quick access to hotkey functions. Lebadev did not mention pricing, but noted it would see release late this year or early next.
The Pultius operates in a similar way to the full-sized Maximus keyboard, with the same sized keys, as well as one pass-through USB port.
I dunno man ... that's not something i would buy.
Did XFX and EVGA jump ship ? Dropping NVIDIA exclusivity ?
Considering the source, we're not really sure. But after a recent bout of bad press
OCZ officially Fatal1ty-branded memory kits
Download: Realtek 3D SoundBack Beta 0.1
Realtek 3D SoundBack restores audio effects, including surround sound, reverberation, and spatial effects, for legacy game titles when running on Windows Vista.
This software is basically Realtek's version of Alchemy, it'll enable the use of EAX1/2 (we guess A3D, assuming the realtek chips support the decoding) in Vista for games that should support EAX1/2. We have a discussion thread over here on this driver.
Download - click here.
Download: ATI Catalyst 8.7 Windows XP | Vista
ATI released their July 2008 update of the Catalyst driver suite for radeon graphics cards. We have a thread open on these drivers right here. Please share your experiences.
The following performance gains are noticed with this release of Catalyst
Intel shaves off pricing on CPUs
Intel today lowered it's prices on several processors. Actually, one of the most popular processors dropped the most, that is great news as the Core 2 Duo E8500 dropped from 266 USD towards a fantastic 183 USD which is roughly 30 percent lower than before.
The slightly slower specced Core 2 Duo E8400 dropped 11% towards 163 USD. Furthermore the Core 2 Duo E7200 and Core 2 Quad both dropped 15 & 14% respectively with 113 USD for the E7200 and 193 USD for the Q6600. and that makes the Q6600 absolutely stunning to purchase !
Next to desktop processors Intel also lower some of the server counterparts. The Xeon X3220 and X3210 dropped 12% to 198 USD. The Xeon E3110 dropped towards 167 USD. These prices are obviously market prices purchased per 1000.
Trailer: Postal III - E3 2008: Destruction Gameplay
Postal III is a third-person shooter developed by Running With Scissors. It is the third game in the Postal
Microsoft to Unveil DirectX 11 Features Soon
Microsoft is going to host four sessions dedicated to Direct3D 11 application programming interface (API), according to agenda of XNA conference. The world
Radeon HD 4870 X2 2048 MB preview Guru3D
It was known for a while already that AMD's ATI is developing a new product under codename R700. Guru3D has a nice preview of what AMD is going to launch real soon, the Dual-GPU based Radeon 48x0 X2 series of products.
In very short wording, you take a large PCB (printed circuit board), slap two 4870 processors and a bridge-chip on there and call it a Radeon 4870 X2. It's surely not the most elegant method of getting a graphics card in the high-end segment, it is however as this preview will show you, a very effective one.
You can find this article right here:
R700 - 4870 X2 preview tomorrow
Hey everyone, I just wanted to drop a note that tomorrow (Monday) we'll publish our AMD R700 review, Radeon HD 4870 X2. So check back tomorrow.
Trailer: Borderlands E3
AMD Power Monitor for CPU updated v1.2.3
Monitor the current frequency, voltage, utilization, and power savings of each core of each processor in a system
AMD Power Monitor is used to monitor the current frequency, voltage, utilization, and power savings of each core of each processor in a system.
AMD Power Monitor has a system tray icon that may be used to view or select power schemes on the system.
The system tray icon will show the average utilization of every core on the system
How did BT Retail know?
ISPReview.co.uk has published a copy of some marketing material that BT Retail has been sending out to people
who use Tiscali Broadband or one of its subsidaries such as Pipex and Nildram.
Competition among broadband providers to retain its existing customers or attract customers away from competitors is increasing as the number of people who don't have broadband starts to diminish. The BT letter is perhaps different to most in that it centres around raising doubt about the Tiscali service in relation to the planned sell-off of the provider. The sell-off while widely publicised may still surprise some, particular Nildram and Pipex customers not aware that Tiscali is currently the big name behind their connections.
According to the various quotes that people have obtained from BT already, BT staff are apparently suggesting that the fact that certain people had a Tiscali connection has come from marketing lists purchased in from external sources. Certainly BT Retail would be in a lot of trouble if it has used things like broadband tag information to target rivals customers. The reach of the firms that cull customer information from various sources is very far reaching, and it is all to easy to end up with your details being sold in bulk.
It's been shown that a number of Tiscali customers being offered deals on their broadband service if willing to sign up for a new 12 month contract. So some Tiscali customers may be feeled hemmed in with marketing approaches from several quarters.
AMD confirms 'Atom-smasher' chip
AMD will unfold its plan to take on Intel's Atom in November, newly promoted CEO Dirk Meyer said last night.
AMD's is currently working on a chip codenamed 'Bobcat', a single-core, 64-bit processor designed for low-cost laptops and Small, Cheap Computers.
Past leaks have indicated that Bobcat will debut with a 1GHz clock speed, 128KB of L1 cache, 256KB of L2 cache and an 800MHz HyperTransport link out to the rest of the system. Its on-board memory controller will handle 400MHz DDR 2 chips.
The whole thing is set to consume no more than 8W and sit inside an 812-pin, 27mm