This weeks links (2007-12-31)

Have a look at;
TWINE http://www.twine.com/
aideRSS http://blog.aiderss.com/
Google Chart API http://code.google.com/apis/chart/

What’s Next on the Web: a ReadWriteWeb Toolkit for 2008
… For each of the 5 big topical trends described below, I’ve assembled some resources I think will be useful for anyone who wants to keep up with cutting edge developments in these fields in the next year. … — [ readwriteweb ]

Leading surveillance societies in the EU and the World 2007
The 2007 International Privacy Ranking
State of Privacy Map
Australia ranks higher than Slovakia but lower than South Africa and New Zealand.
– [ (2007-DEC-28) Privacy International]

Ten things that will change your future
So Google and Wikipedia took you by surprise? Nick Galvin looks into his crystal ball and explains what you need to know to survive the next decade. — [ (2008-JAN-01) SMH]

A Year In Review – A Look Back at 2007
Here we are, closing in on the end of another year. The year 2007 has been a rather interesting year in the land of bits and bytes and the land of the Internet/Cyberspace. I was contemplating the past 12 months and trying to determine what the highlights would be. I decided to turn to the Internet itself and see what my fellow computer security folks were saying. — [SANS]

A Look Back at the Security Trends of 2007
It’s the time of year when we begin to look back and take stock of the events of the last twelve months. Newspapers and magazines will soon be publishing their list of top movies, records, and books. Symantec is publishing a top 10 list, too. — [Symantec]

http://www.forumspile.com/

Google Street View in Melbourne

Google-branded cars with roof-mounted cameras have just begun traversing our streets, taking highly detailed panoramic street-level photos for a new Maps feature called Street View. — SMH (2007-Nov-23)

And so it was to be, at 16:00 hours 28-Dec-2007 we spotted the Google Car on Victoria Parade in Melbourne

Mounted on the roof on top of the pole and in the red casing is the camera, the GPS is mounted below and to the rear. The driver has a LCD monitor mounted in the passenger seat; and quite a bit of junk in the back seats

Cameras mounted on top of “Google labelled” cars, will travel around Australian cities and towns, pausing to take a 360 degree photo, record the location of the image using a GPS, and then move to the next location.
The images will be collected throughout summer and are likely to appear online in the second half of next year. — Cnet (2007-Nov-26)

[Also see Google Street View avaliable for .au (2008-Aug-05)]

Following the Sydney-Hobart Yacht Race (2007)

The Rolex Sydney Hobart Yacht Race 2007 will start on 26 December and will be conducted on the waters of Sydney Harbour, the Tasman Sea, Storm Bay and the Derwent River. … About the race

Yacht Tracker:
The Rolex Sydney Hobart Yacht Race 2007 Yacht Tracker (Flash)

Google Earth Feed:
Watch the Rolex Sydney Hobart in Google Earth, with yacht positions and standings updated every ten minutes. Now sea surface temperatures and current information may also be viewed.

Happy Hogswatch

They walked in silence for a moment.
“Ah,” said Susan dully. “Trickery with words. I would have thought you’d have been more literal-minded than that.”I AM NOTHING IF NOT LITERAL-MINDED. TRICKERY WITH WORDS IS WHERE HUMANS LIVE.

“All right,” sad Susan. “I’m not stupid. You’re saying humans need … fantasies to make life bearable.”

REALLY? AS IF IT WAS SOME KIND OF PINK PILL? NO. HUMANS NEED FANTASY TO BE HUMAN. TO BE THE PLACE WHERE THE FALLING ANGEL MEETS THE RISING APE.

“Tooth fairies? Hogfathers? Little–”

YES. AS PRACTICE. YOU HAVE TO START OUT LEARNING TO BELIEVE THE LITTLE LIES.

“So we can believe the big ones?”

YES. JUSTICE. MERCY. DUTY. THAT SORT OF THING.

“They’re not the same at all!”

YOU THINK SO? THEN TAKE THE UNIVERSE AND GRIND IT DOWN TO THE FINEST POWDER AND SIEVE IT THROUGH THE FINEST SIEVE AND THEN SHOW ME ONE ATOM OF JUSTICE, ONE MOLECULE OF MERCY. AND YET – Death waved a hand – AND YET YOU CAN ACT AS IF THERE IS SOME IDEAL ORDER IN THE WORLD, AS IF THERE IS SOME… SOME RIGHTNESS IN THE UNIVERSE BY WHICH IT MAY BE JUDGED.

“Yes, but people have got to believe that, or what’s the point-”

MY POINT EXACTLY.

discussion between Susan and Death (Terry Pratchett’s “Hogfather“)

HP Laptop vulnerability :: Round 2

After yesterdays post regarding the HP Quick Launch Button Update and the analysis and patching that followed, are you prepared for Round 2?

‘Bricking’ bug threatens most HP, Compaq laptops [1]
Second bundled bug in nine days can leave laptops unbootable
…
In a post to the milw0rm.com Web site Wednesday, a Polish security researcher who used the alias “porkythepig” spelled out a pair of vulnerabilities in an ActiveX control used by HP’s Software Update, the patch management program bundled with virtually every HP- and Compaq-branded laptop.
According to porkythepig’s post, the Software Update bugs let an attacker corrupt Windows’ kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection. In either case, a drive-by attack could be conducted by feeding users an e-mail message with a link to a malicious Web site.
…

Now this isn’t going to ‘brick‘ the machine as a repair to the kernel brings the box back, but it is pretty nasty.

But we can get a quick fix like last time, right? Not so;

Noticing a specific vulnerability location (vendor’s software update system), simple disabling of the vulnerable control by the vendor’s patch (like in the other HP software vulnerbility case – HPInfo) would result in the machine software update system compromise in this case and would leave the user vulnerable to the future security issues.
Therefore reimplemetation of the update system and/or vulnerable control local data area implementation is strongly recommended.
– porkythepig [2]

Aaaaarrrrggggh!! Merry Christmas

[1] ‘Bricking’ bug threatens most HP, Compaq laptops (2007-DEC-20) [ComputerWorld]
[2] HP Software Update client 3.0.8.4 Multiple Remote Vulnerabilities (2007-DEC-19) [milw0rm]

Ho Ho Ho!

MERRY CHRISTMAS!

HP Quick Launch Button Update (2007-Dec)

The HP Quick Launch Button (QLB) has a nice Remote Execution of Arbitrary Code, Gain Privileged Access vulnerability.
HP Compaq business notebook PCs and HP Pavilion and Compaq Presario consumer notebook PCs all ship with Quick Launch Button (QLB) software preinstalled.

A potential security vulnerability has been identified with the HP Quick Launch Button (QLB) software running on Windows. The vulnerability could be exploited remotely to execute arbitrary code or to gain privileged access. [1]

Grab the patch from HP SoftPaq SP38166

This package provides a critical security update for HP Quick Launch Buttons on the supported notebook models and operating systems. This patch removes a security vulnerability by disabling HP Info Center. [2]

And you will need to apply the patch because: Removing or un-installing Quick Launch Button software does not eliminate the vulnerability. [1]

[1] ESB-2007.1018 — [Win] — HP Quick Launch Button (QLB) Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access (2007-DEC-17) [AUSCERT]
[2] HP Quick Launch Buttons Critical Security Update 1.00 REV: A (2007-DEC-12) [HP]
[3] Got a HP laptop and running windows? Time to patch! (2007-DEC-19) [SANS]

That’s not a rat, this is a rat …

Tim Cox this morning on ABC 774 was getting callers to ring in to support him having a ‘Giant Rat’ story on the Morning Show. After calling in to vote for the rat, I remembered that this was a topic I was going to put into the blog earlier in the week. For all your ‘giant rat’ needs;

A tiny possum and a giant rat were recorded by scientists as probable new species on a recent expedition to Indonesia’s remote and virtually unknown “Lost World” in the pristine wilderness of western New Guinea’s Foja Mountains. [1]

The Foja wilderness is part of the great Mamberamo Basin located in Indonesia’s Papua province and is one of the least disturbed regions in the Asia-Pacific region.

Mammalogist Martua Sinaga holds this 1.4 kg giant rat that is probably a species new to science.
Foja Mts, western New Guinea, Indonesia.
[Copyright: Bruce M Beehler/Conservation International]

During the June expedition, the team documented two mammals, a Cercartetus pygmy possum, one of the world’s smallest marsupials, and a Mallomys giant rat, both currently under study and apparently new to science. They also recorded the mating displays of several rare and little-known birds for the first time.

“The giant rat is about five times the size of a typical city rat,” said Kristofer Helgen, a scientist with the Smithsonian Institution in Washington, D.C. “With no fear of humans, it apparently came into the camp several times during the trip.”

The film crew obtained the first film documentation of several spectacular birds found in Foja, capturing on tape the full courtship displays of the golden-fronted bowerbird (Amblyornis flavifrons) and of the black sicklebill bird of paradise (Epimachus fastuosus).

They also recorded the “lost” Bird of Paradise – Parotia berlepschi (known as Berlepsch’s six-wired bird of paradise), and the newly described wattled smoky honeyeater (Melipotes carolae), both known only from the Foja Mountains. [1]

[1] Indonesia’s “Lost World” Reveals More Surprises (2007-DEC-17) [Conservation International]
[2] Giant rat found in ‘lost world’ (2007-DEC-17) [CNN.com/Asia]
[3] Huge rat discovered in Indonesia (2007-DEC-18) [BoingBoing]

Flash Player update (2007-DEC-18)

Get thee to a patchery;

Flash Player update available to address security vulnerabilities [1]
Release date: December 18, 2007
Vulnerability identifier: APSB07-20
CVE number: CVE-2007-6242, CVE-2007- 4768, CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6244, CVE-2007- 6245, CVE-2007-4324, CVE-2007- 6246, CVE-2007-5476
Platform: All platforms
Affected software versions: Adobe Flash Player 9.0.48.0 and earlier, 8.0.35.0 and earlier, and 7.0.70.0 and earlier.

Upgrade to the newest version 9.0.115.0 (Win, Mac, Linux), by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.

You can check your version via the About Flash page.

[1] Flash Player update available to address security vulnerabilities (2007-DEC-18) [Adobe]
[2] Adobe Flash Player and GoLive security updates (2007-DEC-19) [SANS]

This weeks links: 2007-12-19

Dakar 2008 – January 5th to 20th
Planning the 2008 Dakar began, rather appropriately, with a challenge; that of mapping out the route. The stages we have in mind will give competitors a path across Africa that is just as diverse but with even more of a sporty edge. This year’s planned itinerary includes longer specials than in prior years; the meter was blocked at 4,300 km in 2007 due to some changes, but exceeded 4,800 km for the timed segments in 2006. Next January, competitors will embark on an almost 6,000 km road and off-road adventure. As a result, the road sections will be shorter.
http://www.dakar.com/indexus.html

Passive social networking — where others harm you
The privacy of those who shun social networking is still at risk from such sites — from family and friends who indulge in the popular information sharing pastime, according to advice issued by the Privacy Commissioner’s Office.
When users post a friend’s photo or information about them on a social networking site, they are inadvertently taking the risk that the friend may “lose control over their personal information” posted on the social network. …
– ZDNet

PETER JACKSON AND NEW LINE CINEMA JOIN WITH MGM TO PRODUCE “THE HOBBIT”
Los Angeles, CA (Tuesday, December 18, 2007) Academy Award-winning filmmaker Peter Jackson; Harry Sloan, Chairman and CEO, Metro-Goldwyn-Mayer Studios Inc. (MGM); Bob Shaye and Michael Lynne, Co-Chairmen and Co-CEOs of New Line Cinema have jointly announced today that they have entered into the following series of agreements:
* MGM and New Line will co-finance and co-distribute two films, “The Hobbit” and a sequel to “The Hobbit.” New Line will distribute in North America and MGM will distribute internationally.
* Peter Jackson and Fran Walsh will serve as Executive Producers of two films based on “The Hobbit.” New Line will manage the production of the films, which will be shot simultaneously.
* Peter Jackson and New Line have settled all litigation relating to the “Lord of the Rings” (LOTR) Trilogy.
– TheOne Ring.net

The Hobbit: The Official Movie Blog
– http://www.thehobbitblog.com/

Get creative ahead of the holidays with Office Online’s templates and clip art!
With the festive season just around the corner, it’s a great time to start getting creative with your holiday greeting cards, memos, stationery and email templates. Check out the huge selection of holiday templates and clipart on Office Online.
Office Online

Flock 1.0.3
Flock ‘the social browser’ has updated to v1.0.3.
http://www.flock.com/versions

New Services
Flock has added People services for Facebook and Twitter
New Mozilla Updates
Flock 1.0.2 has all Mozilla enhancements and security patches up to 2.0.0.11
Flock 1.0.3 fixes a code signing issue with the Windows installer

This weeks links: Late again