Archived Industry Notes: Technology
Published in 2010
apps: half have security problems
More than half of software used in enterprises has security problems, according to a new report to be released September 22 from Veracode, an application security company. Veracode looked at more than 2,900 applications over an 18-month period that were used by its cloud-based customers and found that 57 percent of all the apps were found to have unacceptable application security quality. Eight out of 10 Web apps failed to meet the OWASP (Open Web Application Security Project ) Top 10 requirement that is necessary to achieve PCI (payment card industry) compliance for use in financial and e-commerce sites, Veracode said. The report finds that third-party code, which is growing in use by enterprises, is often insecure. Third-party suppliers failed to achieve acceptable security standards 81 percent of the time, the report said. Meanwhile, cross-site scripting remains the most common of all application vulnerabilities, and .NET applications showed “abnormally high” numbers of flaws, Veracode said.
Details Here
first published week of: 09/27/2010
AT&T settles suit over improper DSL speed caps
If you have subscribed to AT&T DSL service at any point from 1994 until today, you may be eligible for a cash payout from the company over allegations that it improperly rate-limited some DSL lines, making it impossible for subscribers to achieve maximum speeds.
AT&T has agreed to settle an Ohio class-action lawsuit over the issue of Internet speeds, one that reaches all the way back into the dark ages of DSL and includes all of AT&T's predecessor companies (BellSouth, SBC, Ameritech—even Prodigy).
Class members who want to take part in the settlement need to apply online. If the settlement is approved by a judge at a June 1 hearing, AT&T will run every class member through its databases to determine if they ever had DSL service that was “limited to a rate below the maximum rate for the plan you purchased.” In such cases, AT&T will pay the class member $2.90 for every month that such a limit was in effect.
Details Here
first published week of: 05/03/2010
Back Door Found in Energizer DUO USB Battery Charger Software
According to Gary Warner, director of research in compujter forensics at The University of Alabama at Birmingham, The Energizer DUO, a USB-powered battery recharger, was confirmed on Friday by Energizer Holdings to contain malicious code. The DUO allows you to charge two AA batteries by plugging the charger into your USB port.
When you first plug it in, it installs software to show the battery-charging status. Â Unfortunately, the software includes a file "arucer.dll" which opens a port 7777 and begins listening for commands. Gary suggests reading Symantec's Liam Murchu detailed article.
Details Here
first published week of: 03/08/2010
Biggest Tech Industry Apologies of 2010 (So Far)
While apologies from BP to the world regarding its environmental disaster and even from a U.S. Congressman to BP have stolen headlines of late, the tech industry has not been without its fair share of apologies during the first half of 2010 either.
Details Here
first published week of: 07/12/2010
Blind refs & baby kissers: senators brawl over neutral net
The Senate Commerce Committee hearing on the National Broadband Plan turned into a plains states grudge match over network neutrality.
In the blue corner: Sen. Byron Dorgan (D-ND), co-sponsor of net neutrality legislation, and serial emitter of colorful metaphors. Dorgan used his time questioning FCC Chair Julius Genachowski to trash Republican calls for “light touch” Internet regulation.
“I’m not a big fan of the light touch; I don’t want overregulation, for sure, but... 6, 8, 10 years of willful blindness by referees is no way to deal with the free marketplace,” he thundered.
Details Here
first published week of: 04/12/2010
CAPTCHA tech aims to fox spambots
Replacing text puzzles featuring distorted letters with videos as a roadblock against the automated creation of Web accounts can reduce user frustration while offering improved security, according to a Canadian start-up. CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) have been used for some years to prevent the automated sign-ups to Web-mail accounts. Users typically have to identify distorted letters depicted in an image. Over the years, miscreants have devised techniques to break the process in order to create ready-to-spam accounts from reputable providers that are far less likely to be automatically blocked. The sign-up for new accounts is automated, but solving the CAPTCHA puzzles themselves is tasked to the human cogs in 21st century sweatshops, often based in India, where workers are paid as little as $4 per day to defeat security checks. Canadian firm NuCaptcha aims to rewrite the rules of account-validation checks with a new video-based CAPTCHA system. Users are asked to identify moving text on a video background. The firm also offers a voiceover audio option for the partially sighted or color-blind. The technology is designed to work on a range of computing devices including hardware that does not support Flash, such as iPads, ReadWrite Web reports
Details Here
first published week of: 07/05/2010
![](\"http://ws-na.amazon-adsystem.com/s/noscript?tag=theharlowrepo-20\")