A software emulator is being developed by computer historians and researchers at Portsmouth University, which will recognise and run all data files from the 1970s through to the present day.
Experts are building the world's first "general purpose emulator", which they hope will be able to read all types of computer file, from Space Invaders and Pacman arcade machines to the floppy discs and minidiscs of more recent years.
The emulator is part of an EU €4 million (£3.6 million) project called KEEP (Keeping Emulation Environments Portable), which is designed to preserve digital files which may otherwise have been lost.
The researchers also hope to "future-proof" the software so every single piece of data and software created can be coded to be read by newer and faster computers in the future.
"People don't think twice about saving files digitally - from snapshots taken on a camera phone to national or regional archives," said computer historian Dr Janet Delve.
"But every digital file risks being either lost by degrading or by the technology used to 'read' it disappearing altogether. Former generations have left a rich supply of books, letters and documents which tell us who they were, how they lived and what they discovered. There's a very real risk that we could bequeath a blank spot in history."
A vast amount of digital information is created each year. By 2010 the amount of digital information created worldwide "will be equivalent to 18 million times the information contained in all the books ever written." The rate of growth shows no signs of slowing.
Fellow historian Dr David Anderson said: "We are facing a massive threat of the loss of digital information. It's a very real and worrying problem. Things that were created in the 1970s, 80s and 90s are vanishing fast and every year new technologies mean we face greater risk of losing material."
Anderson said future generations could face a "cultural catastrophe" with the loss of software from early games consoles and computers.
"Games particularly tend not to be archived because they are seen as disposable, pulp cultural artefacts, but they represent a really important part of our recent cultural history," adds researcher and computer games expert Dan Pinchbeck. "Games are one of the biggest media formats on the planet and we must preserve them for future generations."
Back in November, a Sydney computer society donated an ancient IBM tape drive so that valuable mission data gathered by NASA's Apollo missions to the moon forty years ago could be recovered.
By Siobhan Chapman, Computerworld UK
Friday, February 13, 2009
Microsoft puts bounty on Conficker creator
Microsoft has upped the ante in the attack on the Conficker worm by offering a US$250,000 reward for information leading to the arrest and conviction of Conficker's creators.
The software vendor said it was also working with security researchers, domain name registrars and the Internet Corporation for Assigned Names and Numbers (ICANN) to try to take down the servers that have been launching the Conficker attacks. ICANN is the non-profit corporation that oversees Internet addresses.
"The best way to defeat potential botnets like Conficker/Downadup is by the security and domain name system communities working together," said Greg Rattray, ICANN chief Internet security adviser. "ICANN represents a community that's all about coordinating those kinds of efforts to keep the Internet globally secure and stable."
Conficker, also known as the Downadup worm, takes advantage of a critical bug in Windows, which was patched last October. Since late December the worm has emerged as one of the worst computer threats in years, infecting more than 10 million computer systems worldwide, including PCs within the British and French militaries.
If Conficker's author lives in a part of the world that's known to be soft on cybercrime - Russia, the Ukraine or Romania, for example - it may be hard to get a conviction, said the editor of the Hostexploit cybercrime research site, who goes by the pseudonym Jart Armin.
On the other hand, the $250,000 reward may be an incentive to hackers who may know who's responsible. Typically, hackers get paid about $10,000 by organised crime groups for writing an attack that reliably works on a significant number of computers, Armin said.
This isn't the first time Microsoft has offered such a bounty. In 2005, it paid $250,000 to two people for identifying Sven Jaschan, the teenager who wrote the Sasser worm.
By Robert McMillan, IDG News Service
The software vendor said it was also working with security researchers, domain name registrars and the Internet Corporation for Assigned Names and Numbers (ICANN) to try to take down the servers that have been launching the Conficker attacks. ICANN is the non-profit corporation that oversees Internet addresses.
"The best way to defeat potential botnets like Conficker/Downadup is by the security and domain name system communities working together," said Greg Rattray, ICANN chief Internet security adviser. "ICANN represents a community that's all about coordinating those kinds of efforts to keep the Internet globally secure and stable."
Conficker, also known as the Downadup worm, takes advantage of a critical bug in Windows, which was patched last October. Since late December the worm has emerged as one of the worst computer threats in years, infecting more than 10 million computer systems worldwide, including PCs within the British and French militaries.
If Conficker's author lives in a part of the world that's known to be soft on cybercrime - Russia, the Ukraine or Romania, for example - it may be hard to get a conviction, said the editor of the Hostexploit cybercrime research site, who goes by the pseudonym Jart Armin.
On the other hand, the $250,000 reward may be an incentive to hackers who may know who's responsible. Typically, hackers get paid about $10,000 by organised crime groups for writing an attack that reliably works on a significant number of computers, Armin said.
This isn't the first time Microsoft has offered such a bounty. In 2005, it paid $250,000 to two people for identifying Sven Jaschan, the teenager who wrote the Sasser worm.
By Robert McMillan, IDG News Service
VMware Fusion now supports Parallels desktop
VMware has announced Fusion 2.0.2, an update to its virtualisation software for Mac OS X.
VMware Fusion, offered as a free update for registered users, enables Intel-based Macs to run other operating systems and their application software as "virtual machines," rather than having to reboot, as you do with Boot Camp. This way you can run Mac OS X and Mac apps alongside Windows, Linux and other operating systems that work on Intel hardware. It also operates on Apple's Xserve systems as an enterprise server virtualisation product.
The new 2.0.2 update features the ability to import virtual machines created using a competitive product - Parallels Desktop 4. The update supports Parallels Server as well.
Also new is the ability to mount a .DMG (disk image) from a virtual machine, as Leopard Server can also be virtualised. An issue with running Mac OS X 10.5.6-based virtual machines has been fixed, and problems associated with installing the Leopard Server virtual machine on new MacBooks, MacBook Pros and MacBook Air have also been fixed.
Fusion 2.0.2 improves performance when you browse a Windows shared folder or mirrored folder, and support has been added for Ubuntu's 8.10 "Intrepid Ibex" build.
By Peter Cohen, Macworld.com
VMware Fusion, offered as a free update for registered users, enables Intel-based Macs to run other operating systems and their application software as "virtual machines," rather than having to reboot, as you do with Boot Camp. This way you can run Mac OS X and Mac apps alongside Windows, Linux and other operating systems that work on Intel hardware. It also operates on Apple's Xserve systems as an enterprise server virtualisation product.
The new 2.0.2 update features the ability to import virtual machines created using a competitive product - Parallels Desktop 4. The update supports Parallels Server as well.
Also new is the ability to mount a .DMG (disk image) from a virtual machine, as Leopard Server can also be virtualised. An issue with running Mac OS X 10.5.6-based virtual machines has been fixed, and problems associated with installing the Leopard Server virtual machine on new MacBooks, MacBook Pros and MacBook Air have also been fixed.
Fusion 2.0.2 improves performance when you browse a Windows shared folder or mirrored folder, and support has been added for Ubuntu's 8.10 "Intrepid Ibex" build.
By Peter Cohen, Macworld.com
Thursday, February 12, 2009
Unhitch IE from Windows, says expert
Microsoft would better protect users by severing Internet Explorer's connections to Windows, then patching the browser invisibly in the background - daily if necessary, a security expert has argued.
"The browser is the heaviest-used application that interacts with the Internet, and the most likely source of malicious content. IE vulnerabilities should be given the highest priority and patched first," said Wolfgang Kandek, CTO at security company Qualys.
But that's not what happens in the real world, he said. "Unfortunately, the vulnerability data that we collect shows that companies treat browser patches just like all other patches. IE's patch deployment cycle correlates very closely with other critical patches."
According to data Qualys collected from scans of several hundred thousand Windows PCs owned by its customers, the patching pace for IE vulnerabilities was essentially the same as the rate at which users fixed other non-IE critical flaws.
To pick up that pace, Kandek suggested that Microsoft sever Windows' links to IE completely, then boost IE's update frequency and take some, or all, of the control out of users' hands. "There's just too much user interaction required by Microsoft for IE," he said, referring to the way Microsoft updates its software, IE included, using services such as Windows Update.
"If Microsoft removed IE from Windows and made it independently updatable, I think you'd get improved update performance," said Kandek.
Although pulling IE from Windows would mean that Microsoft would have to come up with a different mechanism for Windows Update - currently the service relies on IE - Kandek believes the benefit to users would be significant. "Taking IE out of the [monthly] patch cycle would give us better protection," he said.
Rather than patching IE only once a month, as it does now, Kandek would like to see Microsoft pick up the pace by rolling out fixes as soon as they're ready, in effect mimicking the update process that Mozilla uses for Firefox, or the even less intrusive approach that Google applies to its Chrome browser.
Firefox users receive a notice when security updates are available, and can click through to download and install the patches. Chrome users, meanwhile, do nothing: Google pushes patches to its browser automatically, and they're installed with no user action required. Either method would be preferable to Microsoft's current update strategy for IE, Kandek said.
That applies for all IE users, including those working for companies where IE is mandatory, and patch deployment can be delayed by testing, or for fear of disrupting workflow. "I think that you should just determine for the corporation to trust Microsoft and their quality control" on the patches, Kandek said.
"Browser patches are heavily tested by Microsoft, and unlikely to break any existing functionality on the desktop."
Microsoft could conceivably split IE from Windows with its newest browser, Internet Explorer 8, which reached "release candidate" status late last month. "IE8 would be a good opportunity," said Kandek.
Ironically, he may get his wish if the European Union has its way. The Competition Commission, the EU's antitrust agency, recently hit Microsoft with a new set of charges , this time concerning IE. On January 15 the Commission said that by tying IE to Windows, Microsoft "distorts competition" in browsers and gives IE "an artificial distribution advantage" over rivals like Firefox, Apple's Safari and Opera Software ASA's Opera.
"If the [Commission's] preliminary views were confirmed, the Commission would consider ordering Microsoft to give users an objective opportunity to choose which competing web browser(s) instead of, or in addition to, Internet Explorer they wanted to install in Windows, and which one they wanted to have as default," said EU spokesman Jonathan Todd in an email.
"Microsoft could also be ordered to technically allow the user to disable Internet Explorer code should the user choose to install a competing browser."
Although IE's market share has been steadily shrinking - under assault from Firefox, first of all, Safari second - it accounted for about 68 percent of all browsers used last month, according to Internet metrics vendor Net Applications Inc.
By Gregg Keizer, Computerworld (US)
"The browser is the heaviest-used application that interacts with the Internet, and the most likely source of malicious content. IE vulnerabilities should be given the highest priority and patched first," said Wolfgang Kandek, CTO at security company Qualys.
But that's not what happens in the real world, he said. "Unfortunately, the vulnerability data that we collect shows that companies treat browser patches just like all other patches. IE's patch deployment cycle correlates very closely with other critical patches."
According to data Qualys collected from scans of several hundred thousand Windows PCs owned by its customers, the patching pace for IE vulnerabilities was essentially the same as the rate at which users fixed other non-IE critical flaws.
To pick up that pace, Kandek suggested that Microsoft sever Windows' links to IE completely, then boost IE's update frequency and take some, or all, of the control out of users' hands. "There's just too much user interaction required by Microsoft for IE," he said, referring to the way Microsoft updates its software, IE included, using services such as Windows Update.
"If Microsoft removed IE from Windows and made it independently updatable, I think you'd get improved update performance," said Kandek.
Although pulling IE from Windows would mean that Microsoft would have to come up with a different mechanism for Windows Update - currently the service relies on IE - Kandek believes the benefit to users would be significant. "Taking IE out of the [monthly] patch cycle would give us better protection," he said.
Rather than patching IE only once a month, as it does now, Kandek would like to see Microsoft pick up the pace by rolling out fixes as soon as they're ready, in effect mimicking the update process that Mozilla uses for Firefox, or the even less intrusive approach that Google applies to its Chrome browser.
Firefox users receive a notice when security updates are available, and can click through to download and install the patches. Chrome users, meanwhile, do nothing: Google pushes patches to its browser automatically, and they're installed with no user action required. Either method would be preferable to Microsoft's current update strategy for IE, Kandek said.
That applies for all IE users, including those working for companies where IE is mandatory, and patch deployment can be delayed by testing, or for fear of disrupting workflow. "I think that you should just determine for the corporation to trust Microsoft and their quality control" on the patches, Kandek said.
"Browser patches are heavily tested by Microsoft, and unlikely to break any existing functionality on the desktop."
Microsoft could conceivably split IE from Windows with its newest browser, Internet Explorer 8, which reached "release candidate" status late last month. "IE8 would be a good opportunity," said Kandek.
Ironically, he may get his wish if the European Union has its way. The Competition Commission, the EU's antitrust agency, recently hit Microsoft with a new set of charges , this time concerning IE. On January 15 the Commission said that by tying IE to Windows, Microsoft "distorts competition" in browsers and gives IE "an artificial distribution advantage" over rivals like Firefox, Apple's Safari and Opera Software ASA's Opera.
"If the [Commission's] preliminary views were confirmed, the Commission would consider ordering Microsoft to give users an objective opportunity to choose which competing web browser(s) instead of, or in addition to, Internet Explorer they wanted to install in Windows, and which one they wanted to have as default," said EU spokesman Jonathan Todd in an email.
"Microsoft could also be ordered to technically allow the user to disable Internet Explorer code should the user choose to install a competing browser."
Although IE's market share has been steadily shrinking - under assault from Firefox, first of all, Safari second - it accounted for about 68 percent of all browsers used last month, according to Internet metrics vendor Net Applications Inc.
By Gregg Keizer, Computerworld (US)
Hacker challenge to take aim at browsers and smartphones
Computer & Internet Security News
A high profile hacking contest is set to return next month with hackers being offered a cash prize in order to crack browsers and smartphones, according to the security company that sponsors the "PWN2OWN" challenge.
"We're still in the planning stages for how the competition will be structured," said Terri Forslof, the manager of security response for 3Com's TippingPoint, regarding discussions she's had with organisers of CanSecWest, the security conference slated to begin 16 March in Vancouver, British Columbia.
While the details have yet to be sorted out - including the dollar amounts for prizes and the contest rules - Forslof confirmed that PWN2OWN will actually consist of two separate hacker challenges this year.
The first will be a contest to break into one of several browsers, including Microsoft's Internet Explorer 8 (IE8), which recently reached "release candidate"; Mozilla's Firefox; and Apple's Safari.
That contest will play out on a Sony notebook equipped with Windows 7, the still-under-construction successor to Windows Vista.
The second challenge will pit hackers against a variety of smartphone operating systems, including Google's Android, Microsoft's Windows Mobile and Apple's iPhone operating system, which is a scaled-down version of Mac OS X.
Cash prizes will be awarded, Forslof said today, but the number of prizes and their amounts remains to be decided. As with the past two years, TippingPoint will be the sole sponsor of the PWN2OWN contest.
Last year at CanSecWest, noted Apple vulnerability researcher Charlie Miller broke into a MacBook Air laptop in under two minutes to win $10,000 (£7,070). The next day, security consultant Shane Macaulay claimed a $5,000 prize for breaching a Fujitsu notebook running Windows Vista Service Pack 1 (SP1).
For his part, Miller was frustrated that PWN2OWN would not have a Mac OS X component this year.
"I'm really disappointed that there looks to be no Mac OS X target, as I'm really up to speed on that OS," said Miller, who will be at CanSecWest as a speaker. Although he was confident that he could hack Apple's operating system again, he also said he was up to snuff on both browser and smartphones. "I could theoretically do either contest or both," he said in an email.
Like others, he's waiting for more information - including the prize amounts - before deciding whether to participate.
As in previous PWN2OWN contests, winners will assign the rights to their exploits, and the vulnerabilities they triggered, to TippingPoint, which is known for its Zero Day Initiative bug-bounty program that pays researchers for finding flaws. "We'll use the same process," said Forslof, "where the winner will sign the standard ZDI agreement, and information will be turned over to the vendor."
TippingPoint does not publicly release details of the vulnerabilities it buys, but instead reports them to the appropriate vendor, and uses the information in its own security technology to pre-emptively block attacks.
Forslof said she and organisers of the conference are also in talks with several vendors about the companies having representatives on site during the contests. Last year, researchers from Microsoft, Apple and McAfee were at CanSecWest for consultation.
"I know Dragos [Ruiu] is trying to come up with a different spin on the contest," said Forslof, "but we're still sorting it all out."
Ruiu, one of the CanSecWest organisers, was not immediately available for comment.
By Gregg Keizer, Computerworld (US)
A high profile hacking contest is set to return next month with hackers being offered a cash prize in order to crack browsers and smartphones, according to the security company that sponsors the "PWN2OWN" challenge.
"We're still in the planning stages for how the competition will be structured," said Terri Forslof, the manager of security response for 3Com's TippingPoint, regarding discussions she's had with organisers of CanSecWest, the security conference slated to begin 16 March in Vancouver, British Columbia.
While the details have yet to be sorted out - including the dollar amounts for prizes and the contest rules - Forslof confirmed that PWN2OWN will actually consist of two separate hacker challenges this year.
The first will be a contest to break into one of several browsers, including Microsoft's Internet Explorer 8 (IE8), which recently reached "release candidate"; Mozilla's Firefox; and Apple's Safari.
That contest will play out on a Sony notebook equipped with Windows 7, the still-under-construction successor to Windows Vista.
The second challenge will pit hackers against a variety of smartphone operating systems, including Google's Android, Microsoft's Windows Mobile and Apple's iPhone operating system, which is a scaled-down version of Mac OS X.
Cash prizes will be awarded, Forslof said today, but the number of prizes and their amounts remains to be decided. As with the past two years, TippingPoint will be the sole sponsor of the PWN2OWN contest.
Last year at CanSecWest, noted Apple vulnerability researcher Charlie Miller broke into a MacBook Air laptop in under two minutes to win $10,000 (£7,070). The next day, security consultant Shane Macaulay claimed a $5,000 prize for breaching a Fujitsu notebook running Windows Vista Service Pack 1 (SP1).
For his part, Miller was frustrated that PWN2OWN would not have a Mac OS X component this year.
"I'm really disappointed that there looks to be no Mac OS X target, as I'm really up to speed on that OS," said Miller, who will be at CanSecWest as a speaker. Although he was confident that he could hack Apple's operating system again, he also said he was up to snuff on both browser and smartphones. "I could theoretically do either contest or both," he said in an email.
Like others, he's waiting for more information - including the prize amounts - before deciding whether to participate.
As in previous PWN2OWN contests, winners will assign the rights to their exploits, and the vulnerabilities they triggered, to TippingPoint, which is known for its Zero Day Initiative bug-bounty program that pays researchers for finding flaws. "We'll use the same process," said Forslof, "where the winner will sign the standard ZDI agreement, and information will be turned over to the vendor."
TippingPoint does not publicly release details of the vulnerabilities it buys, but instead reports them to the appropriate vendor, and uses the information in its own security technology to pre-emptively block attacks.
Forslof said she and organisers of the conference are also in talks with several vendors about the companies having representatives on site during the contests. Last year, researchers from Microsoft, Apple and McAfee were at CanSecWest for consultation.
"I know Dragos [Ruiu] is trying to come up with a different spin on the contest," said Forslof, "but we're still sorting it all out."
Ruiu, one of the CanSecWest organisers, was not immediately available for comment.
By Gregg Keizer, Computerworld (US)
Subscribe to:
Posts (Atom)