Sunday, December 7, 2008

New trojan in mass DNS hijack

By Dan Goodin in San Francisco

Researchers have identified a new trojan that can tamper with a wide array of devices on a local network, an exploit that sends them to impostor websites even if they are hardened machines that are fully patched or run non-Windows operating systems.

The malware is a new variant of the DNSChanger, a trojan that has long been known to change the domain name system settings of PCs and Macs alike. According to researchers with anti-virus provider McAfee's Avert Labs, the update allows a single infected machine to pollute the DNS settings of potentially hundreds of other devices running on the same local area network by undermining its dynamic host configuration protocol, or DHCP, which dynamically allocates IP addresses.

"Systems that are not infected with the malware can still have the payload of communicating with the rogue DNS servers delivered to them," McAfee's Craig Schmugar writes here of the new variant. "This is achieved without exploiting any security vulnerability."

The scenario plays out something like this:

  • Jill connects a PC infected by the new DNSChanger variant to a coffee shop's WiFi hotspot or her employer's local network.
  • Steve connects to the same network using a fully-patched Linux box, which requests an IP address.
  • Jill's PC injects a DHCP offer command to instruct Steve's computer to rout all DNS requests through a booby-trapped DNS server.
  • Steve's Linux box can no longer be trusted to visit authoritative websites. Although the address bar on his browser may show he is accessing, he may in fact be at an impostor website.

The only way a user might know the attack is underway is by manually checking the DNS server his computer is using (e.g. by typing "ipconfig /all" at a Windows command prompt). There are several countermeasures users can take, Schmugar said, the easiest being hard-coding a DNS server in a machine's configuration settings.

(In Windows, this can be done by going to Start > Control Panel > Network Connections and right clicking on Local Area Connection and choosing properties. Scroll down to Internet Protocol (TCP/IP) and click the Properties button. Then type in the primary and secondary for your DNS service. We're partial to OpenDNS, whose settings are and

In an interview, Schmugar said the DHCP attack doesn't exploit a vulnerability in either user machines or network hardware, allowing it to work with a wide variety of home and enterprise routers. It involves a ndisprot.sys driver that is installed on the infected box. Once there, it monitors network traffic for DHCP requests and responds with bogus offers that contain the IP address to the rogue DNS server.

DNSChanger has already been viewed exploiting router weaknesses to change DNS settings, but the ability to poison other machine's DHCP connections appears to be new, said Eric Sites, VP of research at Sunbelt Software. For the moment, the new variant doesn't appear to be widely circulated, but the prospect of a trojan that can poison other machines' DHCP connections suggests this one is worth watching.

Original here

Microsoft signs major deal with Dell for Live Search

Posted by Mary Jo Foley

Microsoft and Dell have signed a deal via which Dell will be shipping new PCs with the Live Search toolbar preinstalled, according to sources familiar with the arrangement between the two companies.

Microsoft officials declined to comment on the alleged deal, as did Dell officials. Officials with both companies said they would not comment on “rumors and speculation.”

I wouldn’t put this in the speculation category, myself. My sources say that Microsoft has offered Dell sweet enough terms to entice the PC maker to replace its search-preload deal with Google with a comparable offering from Microsoft.

The Dell-Google deal, cemented in 2006, called for Dell to preload the Google search toolbar on “millions” of consumer and business PCs. The Dell-Google deal also included a co-branded Dell-Google home page. It’s not clear whether the alleged Microsoft-Dell deal also includes a new home page.

Microsoft has been seeking to land new OEM search deals with various PC makers as a way to grow more quickly its lagging search market share.

In March 2007, Microsoft signed a search-preload deal with Lenovo. Under terms of that relationship, Lenovo agreed to preload Live Search and Windows Live services — delivered via the integrated MSn toolbar — on new Lenovo consumer laptops.

Word of Microsoft’s latest search-preload deal comes a day after Microsoft announced it had hired former Yahoo search expert Qi Lu as the new head of its Online Services business.

OEM deals are just one way Microsoft is looking to grow its search share. The company also is considering rebranding Live Search with a more verb-like term. The leading candidate is thought to be Kumo.Com.

Mary Jo has covered the tech industry for more than 20 years. Don't miss a single post. Subscribe via Email or RSS. Got a tip? Send Mary Jo your rants, rumors, tips and tattles. For disclosure on Mary Jo's industry affiliations, click here.

Original here

BitTorrent Shuts Down Video Store, Brings Back Search

Written by Ernesto

bittorrentWhile spending on online video content is increasing, BitTorrent Inc’s Torrent Entertainment Network wasn’t as successful as the company had hoped. Converting the millions of BitTorrent users into paying customers didn’t go as easily as they had hoped, and the DRM restrictions that were enforced by Hollywood were no help either.

In the tough economic climate, which already caused several layoffs at the company, BitTorrent Inc. decided that it was best to close their video store completely. Simon Morris, BitTorrent’s VP of Product Management told TorrentFreak: “After a great deal of soul searching we decided to close down the Torrent Entertainment Network content store.”

“Its about focus and economics,” Morris added. “We want to focus on core technology rather than merchandising and given the harsh economic environment, we can’t afford to continue to invest in endeavors that don’t come close to break-even.”

Together with the closure of their entertainment network, the company reintroduced its search portal for BitTorrent users. Unlike before, there are no torrents indexed or tracked by the companies servers. Instead, it uses a branded version of the search engine, where BitTorrent sites are prioritized in the search results.

When BitTorrent Inc. had its own search engine, the company had an agreement with the MPAA to filter search results. According to Morris this is no longer needed now. “We agreed to filter search results when we were in the business of torrent search, but that work is also discontinued. This is Ask’s search engine, not ours.”

“The decision to work with Ask is simply an effort to provide people who come to download the client with a place to go next,” Morris added. While the search engine will generate some income, most future revenue is expected to come from content publishers that use BitTorrent’s DNA, and deals with device manufacturers.

Original here

5 Life Lessons Taught to Me By a Dying Computer

By Bonnie Ruberg

sad-mac.jpgThere's nothing fun about your computer dying, especially when you're a writer and you haven't backed up files in... well, never. That, as you may have guessed, is exactly what happened to me last weekend. First things started to move sluggishly. Then my laptop wouldn't shut down. When it finally did, it wouldn't turn back on. Even my Apple engineer roommate couldn't fix it. That's how I found myself curled on in a ball on the floor, frantically playing through my mind a list of all the files I'd doubtless lost. It was, in short, no fun.

However, once I'd calmed down, my roomy recovered most of my files, and I realized life was in fact not over, it occurred to me I did learn a few things from this gut-wrenching experience. Here then are the life lessons taught to me by a dying computer, shared with you in the hopes that you never have to experience the horrible feeling of laptop loss for yourselves:

5. Always, always, always back up.
It can happen to you. Seriously. And chances are, it will. I've heard the "back up" mantra countless times before, and yet somehow I was blissfully strolling through computer land believing that, for some mysterious reason, my files would always be safe. Save yourself the sheer terror of losing everything you've ever worked on and get your ass an external hard drive. Like, now.

image001.gif4. Living with computer dorks is awesome.
There are lots of reasons to love tech-savvy people: they can set stuff up, they geek out adorably, they crack jokes that make you feel cooler by comparison. The greatest thing about living with two such dorks is that, when your computer is going down like the Titanic, you can curl up in a ball in the corner while they take care of everything. Then you can buy them dinner to say, "Thanks for your help, and please don't hesitate to fix everything again when this happens the next time."

3. People are sympathetic -- to a point.
Tell your friends, family, and employers that you can't do all the things you were supposed to -- send out that "thank you" card to Nana, plan someone's birthday party, actually do your work -- because your computer just up and died on you, and they'll feel bad. They might even cut you 24 hours of slack. But sooner rather than later they're going to get that instant-gratification internet itch and wonder why the heck you're not back up to speed. Just watch.


photo_sanfrancisco.jpg2. Sometimes it's nice to just start over.
It may sound bizarre, but after the initial panic of watching your laptop suffer the equivalent of a life-threatening stroke, there's something strangely peaceful about the idea of having lost it all. Gone are the emails you were supposed to respond to but never did. Gone are the articles you were working on and now we'll surely be assigned to someone else. Heck, you could start over. You have no more ties. Why not go farm beets?

1. Apple store employees aren't as handy as they seem.
When I took my laptop in for repair the morning after the horrible death scene described above -- it turns out it needed a new hard drive -- I was impressed at how quickly the guy at the Genius Bar took care of my problem. He whipped out the drive, tested it, and stuck a new one back in. I even said, "Wow, you make that look so easy." Silly me. No one is ever that competent. When I got my laptop home and started it up, it began to vibrate. It hasn't stopped since. Guess where I'm headed Friday morning bright and early? Back to the Apple Store...

Original here

Pay-As-You-Go iPhone in the UK

by John Pitko

moneyiphoneApple UK announced today its first Pay as you Go iPhone 3G with prices ranging from £342.50 ($500) for the 8GB model and £391.45 ($570) for the 16GB.

Apple, and exclusive iPhone UK carrier, O2 started laying out plans earlier this year to bring this much demanded product to the UK in a Pay-As-You-Go version.

Now a reality, the plans will include unlimited browsing and Wi-Fi for the first 12 months after you activate your iPhone, but limited to only the UK area. After the first 12 months, the data plan changes to £10 per month.

Customers in the market for one of these must complete the following steps:

- Purchase an iPhone 3G from the Apple Online Store.
- Connect iPhone 3G to your computer, which opens iTunes. Follow the on screen instructions to set up your iPhone 3G.
- On your iPhone 3G, change the data settings (see Activation), then top up by a minimum of £10 to activate your iPhone.

Seems simple enough. Now if we could only get that deal here in the United States.

Original here

More big names downsizing, pulling out of Macworld Expo [Ux2]

By Aidan Malley and Kasper Jade

Those familiar with show organizer IDG's troubles note that the Adobe pullout has now been accompanied by Belkin and Seagate -- a fact quickly verified by a casual inspection of the Macworld Expo exhibitor list, which shows neither of the hardware makers.

The move is deemed especially surprising for Belkin, which has not only been one of Macworld Expo's largest exhibitors in the past but is believed to have already paid for its booth space this year, people aware of the situation say.

Additionally, Google is known to be scaling back the size of its booth and will be joined by two companies -- both of whose names are closely guarded -- that will either follow in Google's footsteps or else withdraw their booths altogether. IDG is said by sources to be frantically negotiating to keep these exhibitors on the show floor.

Creative Labs has withdrawn while iPod accessory maker Marware has also scaled down, AppleInsider has also discovered through its access to old floor plans (PDF) of the South Hall from September in contrast to the November maps that notably show multiple blank spaces.

All the same, the reshuffling is having a positive side-effect for smaller firms: some exhibitors relegated to the less-trafficked areas in previous years like Elgato are now moving closer to the central Apple booths. Others like FastMac are also reportedly using the opportunity to upgrade the size of their presence.

And while these by themselves aren't necessarily dangerous to the show's health, people familiar with situation also claim that attendee registration is down by 20 percent versus the same period last year, providing the main reason for IDG's last-minute extension of the Early Bird discount for registration until December 8th.

While a struggling US economy is the likely reasoning behind the sudden caution from the exhibitors, insiders say the sudden rash of cancellations isn't entirely explainable as a cost-cutting measure.

Belkin booth at Macworld Expo 2008
Belkin's large booth at Macworld Expo 2008.

Google's booth at Macworld Expo 2008
Google's footprint at Macworld Expo 2008.

With the 2009 event just one month away, Adobe and other firms will likely have already paid for much of their originally intended presentation -- leaving them little reason to withdraw so late. Moreover, rough estimates put the typical cost of renting even a large space like those for Adobe or Belkin is said to be less than $100,000, or a relatively trivial price for multinational firms exhibiting at an important event. Many of these companies, including Adobe, are also located in the Bay Area and so have little in terms of travel expenses.

Whatever the motivations behind the exits, their combined effect will ultimately produce a smaller show than Macworld 2008, which was regarded as one of IDG's best Apple-related shows to date.

Update 2: The folks at VTC just dropped us a line to say they're now under contract to take over the space that was vacated by Belkin (booth number 1926).

"We were previously booked in to a different booth, but saw the opening of 1926 as a great opportunity to work within a larger space at the show," the company said. "VTC has been exhibiting at MacWorld San Francisco for more than a decade."

Update 2: The Wall Street Journal's D | All Things Digital blog further confirms Belkin's pull-out, saying the accessory maker will instead hold private meetings with its partners.

Insisting the move was strategic and not financially-driven, a spokesperson for Belkin said "we’re reallocating show floor funds to hold private product meetings."

Original here