Archive for August, 2010

Stupid Criminal Stories #15

Sunday, August 29th, 2010

ThiefA man in New Westminster, British Columbia walked into a Starbucks and allegedly attempted to rob it—while two uniformed police officers were waiting in line.

Link: http://www.ctvbc.ctv.ca/…
(via Neatorama)

Windows DLL Exploit

Friday, August 27th, 2010

Computer SecurityA far-reaching Windows application exploit has been making the news recently, and I’m here to tell you that it’s no big deal if you’re careful.

The core issue is this: when opening an application, Windows has a list of locations that it searches for the various executable library files needed to run the program. For versions of Windows prior to XP SP2, the very first location it searches is the “current” working directory. For XP SP2 and later, the current directory is searched last.

The exploit is simple: a hacker provides a document and, in the same directory as the document, places a malicious library with the same name as a library used by the application that will open the file. When the user double-clicks on the document, Windows will load and execute the malicious library instead of the correct one—because it comes first in the search list. Thus the hacker gets you to run malicious code of his choosing, which is the holy grail of hacking. Obviously this is more difficult in post-XP SP2 versions of Windows, because the current directory is searched last, but the exploit is still possible.

An example of how this could occur would be if you found a flash drive on the ground and plugged it into your computer. Another would be if you downloaded a directory with some movies from the Internet and double-clicked on one to watch it. A third possibility is opening a document over a network, where the other computer has already been hacked. With knowledge of this issue, however, and if you are careful about what files you download and open, this vulnerability becomes manageable.

Unfortunately this is not a Windows bug that can be fixed. It’s a design decision from the early days of PC operating systems, and it’s so deeply embedded in the architecture that it won’t be changed. Doing so would break a great many applications. Microsoft has done what it can to make things safer. They modified the search order, so that the current directory is searched last instead of first. Applications can specify that the current directory not be searched at all. There are hundreds of popular programs that don’t do this, and it’s up to each individual program to enable that setting.

That being said, Microsoft has released a patch that enables you to change how code libraries are loaded on your computer.

Link #1: http://www.infoworld.com/…
(via Kim Komando)

Link #2: http://arstechnica.com/…

Cell Phone Privacy Doesn’t Exist – Get Used To It

Thursday, August 26th, 2010

Wireless TowerHere at Chad’s News, we’ve previously written about the lack of internet privacy and wireless security. Now we can extend that realm to include cell phones, especially ones that use GSM. At last month’s DEF CON convention, security researcher Chris Paget demonstrated a home-brewed cell phone tower setup that was able to easily intercept calls from members of the audience. The total cost of the hardware was about $1500.

This type of equipment, known as an IMSI catcher, has been available to law enforcement for years, but at the cost of hundreds of thousands of dollars.

Link: http://www.wired.com/…
(via engadget)

The “God Number” for a Rubik’s Cube is Exactly 20

Tuesday, August 24th, 2010

Rubik's CubeResearchers have proven, using mathematical techniques and a heavy amount of computing power, that 20 is the maximum number of moves necessary to solve any Rubik’s Cube configuration by the shortest method. This value is known as God’s number. They were able to mathematically reduce the number of unique patterns from 43,252,003,274,489,856,000 to a mere 1,090,175,792,696,524,800 (one quintillion). Then they used something on the order of 35 CPU years of processing to verify that each of the remaining combinations could be solved in 20 moves or less.

Thanks to Josh for this link.

Link: http://www.cube20.org/

High Technology in Modern Navy Vessels

Tuesday, August 24th, 2010

Navy ShipCNET News has a trio of articles on the cutting-edge technology being used on the latest generation of US Navy ships. There’s the DDG 1000 destroyer (slated for deployment in 2015), the upcoming CVN-78 aircraft carrier (USS Gerald R. Ford, to be completed in 2013 and deployed in 2015), and the Virginia class submarine (USS North Carolina, already in service). Each article has an associated photo gallery that’s interesting in its own right.

(via The Daily Caller)

Beware! This Game May Crash Your Video Card

Monday, August 23rd, 2010

Game ControllerPC gamers are having problems with StarCraft II, because it’s causing their graphics cards to overheat and shut down. The linked article essentially says this shouldn’t happen unless your PC’s cooling system isn’t working properly, and then explains how to restore it back to normal by removing accumulated dust and organizing your cables.

Link: http://www.pcauthority.com.au/…
(via Slashdot)

Is It a Puzzle or a Gun?

Saturday, August 21st, 2010

The IntimidatorThe “Intimidator” is a 125-piece metal puzzle by GarE Maxton, made from brass, stainless steel, aluminum, bronze, magnesium, and steel. As an extra bonus, some of the parts can be assembled into a functioning .45 caliber handgun. Of course, weighing in at over 40 pounds, this probably isn’t something you’d carry on an airplane in the hopes of smuggling a firearm aboard. And there’s always the possibility that the security guards would make you disassemble it, in which case you’d have to know how to put it back together again. The linked article has several pages of detailed information and pictures. Pricing is not available on the website, but I’m guessing it’s in the $15,000 to $20,000 range based on his other stuff.

Link: http://www.maxton.com/…
(via Neatorama)

Happy Birthday, Chad’s News!

Friday, August 20th, 2010

Birthday CakeToday marks the 5-year anniversary of the very first Chad’s News post. We made 1217 posts over those 1826 days.

Top 10 Most Expensive Domain Names

Friday, August 20th, 2010

InternetIf you’d had a spare $16 million sitting around, you could have purchased insure.com back in 2009. The linked article has the top 10 most expensive domain name sales. And surprisingly, only two of them are related to pornography. The lowest spot goes to toys.com at $5.1 million.

Link: http://most-expensive.net/…

Say Hello to Gorilla Glass

Thursday, August 19th, 2010

Broken iPhoneBack in 1962, researchers at Corning developed a very strong glass that’s hard to break, scratch, or dent. The product didn’t gain acceptance, and Corning gave up trying to sell it—until recently, that is. “Gorilla Glass” is now being used for consumer electronics such as smartphones and netbooks, and is poised to enter the television market. Corning is making some serious money from this invention that couldn’t find a buyer 50 years ago.

Link #1: http://www.google.com/…
(via engadget)

Link #2: http://www.corning.com/…

Trading a Cell Phone For a Porsche on Craigslist

Tuesday, August 17th, 2010

Red PaperclipLong-time Chad’s News readers will recall how Kyle MacDonald made a series of trades to go from a single red paperclip to a house. Well now, a teenager named Steven Ortiz started with an old cell phone and made deals on craigslist to trade up to a working Porsche Boxster. Admittedly, it took him 14 swaps over two years, but that’s still pretty impressive.

Link: http://www.whittierdailynews.com/…
(via Neatorama)

The Magic of Hollywood Accounting

Tuesday, August 17th, 2010

Movie CameraI’ve heard that you should never strike a deal to get part of the net proceeds of a movie because most films never make a profit (always ask for a percentage of the gross). Now I finally understand why that’s the case. The linked article explains how Harry Potter and the Order of the Phoenix grossed $938 million yet still had a $167 million “loss”.

Link: http://www.techdirt.com/…
(via Slashdot)