Category: Technology

MySQL Compromised by SQL Injection

This is comedy gold. MySQL.com’s database was compromised yesterday (at least that’s when the story was published) by somebody who used an SQL injection attack:

MySQL offers database software and services for businesses at an enterprise level as well as services for online retailers, web forums and even governments. The vulnerability for the attack, completed using blind SQL injection and targeted servers including MySQL.com, MySQL.fr, MySQL.de and MySQL.it, was initially found by “TinKode” and “Ne0h” of Slacker.Ro (according to their pastebin.com/BayvYdcP dump of the stolen credentials) but published by “Jackh4x0r”.

Oh delicious irony how I love thee.

New Technology On the Road to Building ‘Mechs

I think the epitome of human science will be when we finally develop giant walking robots with guns, or more commonly known as ‘Mechs. One of the things with a ‘Mech is the massive amount of wires you have to run in order to send data and signals to various parts of the machine. Well it seems a scientist has found a way to simplify ‘Mechs by transmitting data through steel:

Tristan Lawry, doctoral candidate in electrical and computer engineering, has developed equipment which can transmit data at high rates through thick, solid steel or other barriers. Significantly, Lawry’s kit also transmits power. One obvious application here would be transmission through the steel pressure hull of a submarine: at the moment such hulls must have hundreds of penetrations for power and data cables, each one adding expense, weight and maintenance burden.

Obviously this can reduce the amount of wiring needed to construct a ‘Mech and also increase the reliability as the only means of stopping transmissions would be to blow the entire section off. Needless to say this is bad ass. A hat tip to Bruce Schneier for this story.

Happy X Birthday OS X

Today marks the tenth birthday of Mac OS X. It really doesn’t seem that long to tell the truth. I still remember when Apple unveiled OS X to the world and what a piece of shit it initially was (although still better than OS 9). Mac OS 10.0 was so bad that free upgrades to 10.1 were given to early adopters. As the versions increase Mac OS X finally started getting usable (in my opinion) at version 10.3 with it finally being complete enough to use as a primary OS at version 10.4 (when I finally adopted it as my primary OS).

I’d say it will be interesting to see what the next 10 years of OS X will bring but I’m pretty sure Apple will be at OS 11 by then and I’ll no longer be able to swap the 10 for an X to make it sound way cooler.

Firefox 4

Firefox 4 leaked out a bit early so I’ve managed to have a little quality time with it. First I’ll state that I haven’t tested many of the new features and mostly played with the interface and realized several of my most beloved add-ons no longer work. But one key thing did pop into my mind when I used it, Firefox is trying too hard to be Chrome.

Listen Mozilla if I wanted to use Chrome I would be using Chrome. The fact of the matter is I don’t really like Chrome’s interface. Personally I think placing tabs at the top of the window is stupid. I interface with tabs far more often then I interact with the URL bar and having to move my mouse a bit further to get to the more used interface element is really just poor design. Likewise I miss my status bar, and popping up the URL of a link when I hover my mouse over it doesn’t count. There was also no reason to move the home button to the other side of the window. Yeah that last one is nitpicking but seriously if it’s not broken don’t fix it.

I admit nobody is asking me my opinion but that’s why I have a website, so I can express it anyways. Firefox had a good interface that worked well and there was little need to fix it. Mozilla should have spent their time on performance and security related issues. What would be great is if Firefox ran inside of a sandbox as Chrome does. Combining a sandbox with NoScript would make for some pretty heavy armor when browsing online.

Maybe the under the hood features will win me over but the interface changes haven’t. I will give Firefox kudos on one thing, having an actual title bar. Chrome’s biggest problem is the fact there are roughly four pixels above the tab bar that you can click to drag the window. It’s probably one of the most annoying interface elements I’ve seen in modern software since… I don’t know. Firefox has a full title bar that you can click on just like every other application on the planet. Good jobs on that.

High Speed Low Drag RAM

A company named G.Skill is releasing RAM for operators who like to operate in Call of Duty. Supposedly the RAM is supposed to look like a rifle but I only seem a slight resemblance honestly. With that said it does have some neat benefits:

According to G.Skill, the new Sniper series was designed in ultra-low voltage, particularly 1.25V. This feature alone points to a possible power savings of up to 10-percent, allowing PC gamers to push other components without having to worry about overheating issues with the memory. G.Skill said it performed extensive compatibility tests across a wide range of Intel and AMD platforms to “guarantee the best performance, quality and reliability for user’s gaming needs.”

Whenever a component manufacturer can reduce the amount of power a component uses while keeping good performance it’s a good thing. Power consumption means heat which is a pain in the ass. Hell you should see the heat sinks of my Mac Pro’s RAM, damn FB-DIMMs have heat sinks large enough to be mistaken for rectangular processors.

Sprint and Google Voice Integration

The nerd news just keeps rolling in. It seems Sprint has setup a deal with Google that allows customers to have their Sprint number work on Google Voice:

First, Sprint customers will be able to use their existing Sprint mobile number as their Google Voice number and have it ring multiple other phones simultaneously. So now, calls to your Sprint mobile number can easily be answered from your office or your home phone, or even your computer through Gmail. Calls from Gmail and text messages sent from google.com/voice will also display your Sprint number. This basically gives Sprint customers all the benefits of Google Voice without the need to change or port their number.

This is an announcement I’m actually excited about. Although I have an AT&T account I’ve kept my Sprint account active mainly because I like having a 4G phone and everybody has my Sprint number. If I could have my Sprint number ring my AT&T phone without having to pay Sprint’s call forwarding fee I’d practically be in Valhalla. Likewise it would be nice to have my Sprint number contact my Sprint phone when I’m down in Southeastern Minnesota where AT&T has no coverage. Frankly I can’t wait for this feature to be activated.

Attacking Phones Using SMS

Though this will come as no surprise to anybody but a couple of researchers have found a method of attacking phones using the Simple Messaging Service (SMS):

A pair of security researchers from Germany demonstrated several techniques at the CanSecWest conference here Wednesday that enable them to remotely reboot, shut down or even completely disable many popular mobile phones with SMS messages.

It should be noted that they’ve only test this on feature phones so we don’t know if smartphones will be affected or not. Likewise they only tested this on GSM phones so it may be such a thing where most CDMA phones will remain unaffected. Either way if you want to screw with somebody and you know their number this would certainly be a viable method. Heck if you knew somebody’s number you could potentially start a denial of service attack against their phone by constantly sending crafted text messages that cause your target’s phone to reboot.

Get Palm OS Running Under WebOS 2

Along with the new version of WebOS comes some other great news, somebody has found a hack to get Palm OS running under WebOS 2. If you’ve been following WebOS to any extent you know HP/Palm removed the Palm OS ROM from WebOS 2 which basically killed Classic (Classic is a Palm OS emulator application).

This was also disturbing news for me. WebOS doesn’t have a lot of applications currently available meaning there are some massive gaps in their software library. For example there isn’t an application for WebOS that allows you to edit Microsoft Office documents. To fill in these gaps I’ve been using the Palm OS emulator as there was software released for Palm OS to do practically anything.

I’ve not had time to try this hack but I will report back on it when I do. Either way it’s great news and greatly increases the functionality of WebOS.

WebOS 2.1 Released

Good news everybody who has a Palm Pre 2 (you know that other guy and me), HP/Palm has released WebOS 2.1. It’s an over the air update meaning your device will find it and automatically notify you of its availability. Needless to say I’ve not had much time to play with it but the update doesn’t seem all that significant.

The main additions is the inclusion of voice dialing and exhibition mode. Voice dialing is pretty self-explanatory but it allows you to dial a number by holding down either volume button and then speaking the name of the person you wish to call. Exhibition mode is rather neat as it allows your Pre 2 to display information when it’s placed on a Touchstone. The information it displays is configuration about mine is currently displaying my daily agenda. It will be a bit before any developers make real use of this feature but I can imagine some cool things coming down the pipe (I know I have an idea on how to utilize it that I’ll likely be working on in the near future).

As HP/Palm aren’t big on releasing any changelogs for WebOS updates in a timely manner I’m not sure what else has been included in this update. I’m guessing not much.

iOS 4.3 Released

Last night Apple released the newest version of their iOS operating system. As it sits you can upgrade if you’re running an iPhone 3GS or GSM 4 (the CDMA iPhone 4 doesn’t get this update), iPad, third or forth generation iPod Touch, or an Apple TV. All support for the iPhone 3G appears to have been abandoned which isn’t surprising considering how Apple doesn’t really like supporting legacy products (although they seem to support their devices longer than most phone manufacturers).

So what’s changed? Most notable is Apple has now included Wi-Fi hot spot functionality… to those who have tethering plans. This allows you to turn your phone into a Wi-Fi access point. When a device connects to your iPhone it is able to use the iPhone’s data plan. Of course being you need a tethering plan (which I don’t get on AT&T since you pay by data usage you should be able to chose how you want to use your data) this feature is potentially very expensive.

Another feature is the ability to use iTunes Home Sharing. This feature simply allows your iOS device to access your iTunes library (podcasts, music, videos, etc.) if you’ve set it up to use iTunes Home Sharing. I can see this being nice if you have a media collection too large to place everything on your iOS device.

Under the hood Apple has included enhancements to Safari’s JaveScript engine, AirPlay improvements, HDMI-out capabilities (with purchase of the Apple 30-pin to HDMI adapter), and the ability to configure the iPad’s side switch to either be a mute switch or an orientation lock.

Needless to say nothing really Earth shattering was included but that is to be expected with a point release.