Some people don’t ever learn.

Sony came under fire in November 2005 when it was found to be using rootkit for its CD DRMs. Sony was mercilessly skewered by antivirus companies for such a stunt, and Sony had to issue an update to remove the rootkit.

Almost two years later, Sony is once again caught employing a questionable technology in one of its products, this time, a USB flash drive.

From F-Secure Weblog:

The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under “c:windows”. So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place.

In addition to the software that was packaged with the USB stick, we also tested the latest software version available from Sony at www.sony.net/Products/Media/Microvault/ and this version also contains the same hiding functionality.

It is our belief that the MicroVault software hides this folder to somehow protect the fingerprint authentication from tampering and bypass. It is obvious that user fingerprints cannot be in a world writable file on the disk when we are talking about secure authentication. However, we feel that rootkit-like cloaking techniques are not the right way to go here.

Sony was contacted, but no reply was given at the time the blog post was published.

Why is rootkit dangerous? Rootkit technology enables a software to hide its files from ordinary Window view. It is possible to view these hidden files via command prompt, but you have to know the exact location and the exact file names. Several malware employ this technology to hide their files, to prevent primitive antivirus products and non-technical users from ever finding and deleting malware files.

The gaming phone has arrived. People, meet the Sony PSP.

Wait a minute. A PSP phone?

In what could a sign of things to come (and to play catchup with Nintendo), Sony and BT have unveiled software for the PSP that will allow video and voice calls and send instant messages. Called Go!Messenger, the software will use the built-in WiFI to connect to home and outside WiFi networks, and use VoIP to route calls.

Will this software finally dislodge the Nintendo DS from the top of the handheld gaming market? Hmm. The US telco market is firmly in the hands of the carriers, and they are doing everything to stamp VoIP out of the earth. Same thing with some Middle Eastern countries. Japan hearts the DS. In the Philippines? Nah.

Best of luck, Sony.

Well, it seems that Adobe doesn’t heart open source.

In a blog post, a senior Adobe executive has hinted on most Adobe products staying proprietary and at the same time hitting on open-source alternatives on the company’s products.

Money quote:

And obviously, I have thought about whether open source has a place in Adobe’s creative products strategy. But what designers need is tightly-integrated workflows and high reliability right out of the box so the really important question to ask is what’s the impact to the user. Yes, clearly it’s cheaper, but does it really save money in the end?
xxx
Don’t get me wrong, open source software can be a perfect solution. It’s just not right for everything. Or for everyone – like many creative professionals who are on deadline and prefer to innovate vs. integrate.

And yes, the blog post smacks of marketing, using a customer as case study.

So open-source and free software users should stick with Gimp. But don’t tell the Adobe executive he has not warned you.

(Via CNet)

A mistake in a challenge to high-level players in a popular massive, multiplayer, online role-playing game (MMORPG) has led to new insights on how a new epidemic may spread.

Reuters reports about how the “Corrupted Blood” challenge led to an accidental virtual plague in World of Warcraft.

Here is the variable that researchers will have to factor in soon – the stupid factor:

“Someone thinks, ‘I’ll just get close and get a quick look and it won’t affect me,'” she said.

“Now that it has been pointed out to us, it is clear that it is going to be happening. There have been a lot of studies that looked at compliance with public health measures. But they have always been along the lines of what would happen if we put people into a quarantine zone — will they stay?” Fefferman added.

“No one have ever looked at what would happen when people who are not in a quarantine zone get in and then leave.”

(Curiousity might have killed a cat, but stupidity could kill millions of them.)

Anyway, this virtual accident can hopefully help us in predicting and preventing an epidemic. BTW, the Reuters report ended in an ominous tone – we are ripe for another epidemic. Scary.

SpeedTest.net result: PALTRY.

Smart, there’s a lot of room for improvement.

Heads up for Yahoo! Messenger users. McAfee Avert Labs Blog reports about a potential zero-day vulnerability for your favorite instant messenger. While no exploit is known or is in the wild, it always pays to be extra careful.

No details are available as of this time.

(Yes, I know, it is hard to be careful against something you do not know. There are ways in keeping yourself safe. Try using Web-based YM in the meantime. Or don’t click on links being sent via YM.)

UPDATE:

McAfee Avert Labs Blog has posted an update and has confirmed the existence of the vulnerability, which involves YM Web cam. They have posted the following mitigating measures:

1. Don’t accept webcam invites from untrusted sources until a patch for this is released.
2. It’s advisable to block outgoing traffic on TCP port 5100 until the vendor patches this vulnerability. (If unsure about port blocking, just follow number 1, above.)

Two related security issues for Apple products Mac OS X (Leopard) and iPhone were raised recently.

In this year’s Black Hat Briefings conference, a security researcher claims that Mac OS X is easy to hack. The researcher highlighted three options in hacking into OS X:

1. Elevation of user privilege using suid: OS X has more than 50 suid root applications. That means 50-plus vectors of attack.

2. Safari: When opened, the browser also opens several programs, and any flaw in any of the said apps can be exploited over the Web.

3. Open source components: it seems that OS X 10.4.10 contains open source components that are out of date, and as such, are candidates for bug exploitation.

And iPhone being a Mac machine in the micro level, vectors number two and three mentioned earlier are also present on the iPhone. Apple had released patch 1.0.1 for the iPhone July 31, and a vulnerability was included in the said patch, courtesy of an outdated open source component (PCRE).

Security experts always tell users to patch systems and apps when patches are released. I guess it is time they tell Apple to do the same.

Well, it’s about time someone shows them that they don’t have monopoly on the law.

We are used to movie and/or music companies suing audio and video content sharing sites. Google’s having headaches with YouTube, for example. But one of them is fighting back.

Video startup Veoh sues Universal Music, according to this TechCrunch report. Universal has threatened Veoh with lawsuits, and Veoh took the first shot by filing suit, citing the safe harbor provision of the Digital Millenium Copyright Act (DMCA).

From the press release:

In the face of unreasonable threats by Universal Music Group (UMG), Veoh has filed an action in Federal court to reinforce its rights as a copyright compliant company under the safe harbor provisions of the Digital Millennium Copyright Act (DMCA).

Veoh is making use of widely available Internet technology to enable viewers and content holders to come together in a new market for the consumption of online video. In this market, Veoh is actively taking steps to create a copyright friendly environment.

“It is unfortunate that UMG prefers to take actions that are designed to stifle innovation, shut down new markets and maintain the status quo instead of working to change and evolve models for today and the future” said Steve Mitgang, CEO of Veoh Networks.

Veoh’s court action seeks a declaration that it has not infringed UMG’s copyrights, and that because Veoh complies with the copyright laws, it is entitled to safe harbor under the DMCA from any claims brought by UMG. The action does not seek payment from UMG for damages.

Veoh is showing good faith by not seeking damages. I would have done the opposite; I’d milk them for millions.

I’m for Veoh on this one. Someone should teach these giants that their money-grubbing ways are over. It is time to end the music companies’ world domination.

Runawaycat (aka Neko chan) will love this 2.1 cat speakers:

(via Engadget)

Thanks to Sir Wilson Chua for this tip.

To find out what pages Google has already indexed in your site, type the following on the Google search box (whether via Google toolbar or Google.com):

site:*.yourdomain.com www

Of course, replace yourdomain.com with your URL. For example:

site:*.awbholdings.com www

For sub-domained sites like Blogger blogs, replace * with your blog URL. For example:

site:geekyguide.blogspot.com www