ZoneAlarm Suite Integrates Kaspersky Antivirus, from PC World.

Zone Labs, a division of Check Point Software Technologies, is planning to release a public beta for ZoneAlarm Internet Security Suite 7.0. This is the upgrade to the 6.0 product, which ranked sixth in our All-in-One Security suite round-up earlier this year.

While we haven’t looked at it yet, version 7.0 looks promising since Zone Labs is integrating the top-performing Kaspersky antivirus engine. The Kaspersky engine replaces a lackluster version of the CA antivirus engine that was integrated into ZoneAlarm 6.0.

Popularity: 21% [?]

Microsoft flags Gmail as a virus, form News.com.

From late last week until Sunday night, the Windows Live OneCare security software incorrectly flagged the Google e-mail service as a threat.

A warning popped up when OneCare users opened the Gmail Web site, telling them that their systems were infected with a virus called “BAT/BWG.A.”

It seems that Microsoft gotta long long way to go due to high false positive rate.

Popularity: 34% [?]

Web 2.0 makes phishing spam obsolete, from ZDNet.

Although this article doesn’t mention why “Web 2.0 makes phishing spam obsolete” is, I think the reason may be XSS. Before Samsung case, PayPal had been found the same flaw which is very hard to prevent in June 2006 as well.

Popularity: 15% [?]

Wi-Fi Fingerprints — the End of MAC Spoofing? from Slashdot.

Wireless devices can be identified by variations in their radio signaling, known as their ‘transceiverprint,’ according to research reported in Techworld. The Canadian researcher, Jeyanthi Hall, related the prints to MAC addresses and got a positive ID for devices connecting to a Wi-Fi network, claiming 95% success with no false positives. Once they work out how to do this without a dedicated signal analyzer and neural network processing, it’s the end of MAC spoofing on wireless networks.

Interesting comments ;-) nweaver:

Cool hack, but who cares. With proper authentication (eg, WPA), you don’t need to worry about MAC spoofing as the packets won’t authenticate right to the access point.

Bender0×7D1:

You are forgetting the insider threat. I might have the WPA key because I am an employee with my own laptop. However, if I spoof your MAC, then it looks like you are the one surfing (or porn sites) all day and not me. Encryption is good, but it doesn’t solve every security problem.

Popularity: 15% [?]

iTunes 6 finally cracked, from Engadget.

昨天才在說 WM DRM 可以被破解後, 今天又看到 Engadget 上說有個軟體 QTFairUse6 可以用來破解 iTunes (6.0.4 - 6.0.5). 沒錯, 看來就是之前 QTFairUse 的衍生版本.

It seems to me that QTFairUse6 is a python program using pydbg to grab the AAC from memory after it has been decrypted but before it has been decrypted.

Popularity: 29% [?]

FairUse4WM strips Windows Media DRM!, from Engadget.

Windows Media DRM 授權保護機制被一套叫做 FairUse4WM 的軟體破解了, 目前可以破解的苦主是 Windows Media DRM 10 和 11 (不包括 WM DRM 9).

今天在 DK blog 上看到這句話: (如果不能這樣引用, DK 長輩記得通知我啊~)

有很多人認為 DRM 是用於「保障著作人的權利」(Digital “Rights” Management)，但實際上 DRM 一定可以被破解，無法保障著作人的權利。DRM 真正的用途如同自由軟體基金會所說的，是「限制使用人的權利」(Digital “Restrictions” Management)，並藉由限制使用人的權利而宣稱可以保障著作人的權利。

突然發現之前雖然聽過, 卻沒啥感覺, 但是看到 FairUse4WM 這個軟體之後, 熊熊發現這句話還真是貼切啊~

Popularity: 79% [?]

Picturing the New Spam, from digg.

The volume of the spam contains images has more than doubled since April, according to analysis by anti-spam vendor IronPort Systems. Image-based spam accounts for 21% of all spam, compared with just 1% in late 2005, IronPort says.

不過這讓我想到之前看到的消息: PWNtcha 來解讀 Blog 或是註冊網頁上常見的 CAPTCHA, 已經有相當高的辨識率. 原因就是簡單的 CAPTCHA 都是固定字型、固定位置、沒有顏色變化這類固定的規則, 所以就比較容易被識破.

而 WordPress 的 Plugin AuthImage, MovableType 的 Plugin SCode, PWNtcha 都有 100% 的偵測率. 雖說 Image Spam (aka Content Spam) 可能情況複雜點, 不過應該還是有一定規則才是.

PS: 所謂的 CAPTCHA 用例子來說最快了! 就是下面的圖片:

如果可以回答的出來是 “smwm”, 那就是通過了這個測試.

CAPTCHA 是 Carnegie Mellon University 註冊的商標, 是在資訊領域中, 用來測試使用者是真正的人, 還是自動化程式的 challenge-response 方法之一. 常見的也就是上面的例子.

Popularity: 27% [?]