Gargantuan SQL injection infects 3.8 million URLs, installs rogue antivirus

Over the last few days, a mass SQL injection attack has been quickly gathering speed. Just three days ago only 28,000 URLs were affected, but at the time of writing, there could be up to 3.8 million infected URLs.

Websense has a complete write up the attack, dubbed 'LizaMoon,' but here's the basic gist: it looks like someone is exploiting a vulnerabilty (or vulnerabilities) in hundreds of thousands of websites running on Microsoft SQL Server 2003 and 2005. It's not yet known whether this is a vulnerability in SQL Server, or simply a case of outdated, unmaintained, and easily-exploitable CMSes.

The attack takes the form of an SQL injection, which then inserts a link to a JavaScript file hosted on the attacker's server. This is repeated over and over until every Web page in the SQL database has been infected -- and considering 3.8 million URLs have been infected, you can see that this is a very easy, and automated, attack.

Fortunately, the JavaScript isn't particularly malicious: it pops up a rogue AV program called Windows Stability Center, but that's it. Better yet, the rogue antivirus is already recognized by a bunch of real antivirus suites, including Avast, Panda and Microsoft Security Essentials.

The real problem with SQL injection attacks is that there's nothing we surfers can do about them. There will always be old and unmaintained websites, and thus SQL injections will remain one of the easiest and most lucrative tools of hackers and spammers alike. All you can do is keep your antivirus and anti-malware software up to date, and pray.

Gargantuan SQL injection infects 3.8 million URLs, installs rogue antivirus originally appeared on Download Squad on Fri, 01 Apr 2011 05:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Source: http://downloadsquad.switched.com/2011/04/01/massive-sql-injection-infects-3-8-million-urls-installs-rogue-a/

INFORMATICA ECLIPSYS

Nintendo DSi drops to $100, DSi XL drops to $130 on May 20th

Three-dimensional gaming not your thing? Then Nintendo's latest price drop might just grab you. It's cast an eye over the rest of its portable gaming family and decided to cut the cost on both the DSi (down to $100) and the hulking DSi XL (dropped to $130). These new prices will kick off on May 20th -- exactly the same day as this purple mess.

Continue reading Nintendo DSi drops to $100, DSi XL drops to $130 on May 20th

Nintendo DSi drops to $100, DSi XL drops to $130 on May 20th originally appeared on Engadget on Thu, 10 May 2012 14:15:00 EDT. Please see our terms for use of feeds.

Permalink   |  Joystiq  | Email this | Comments

Source: http://feeds.engadget.com/~r/weblogsinc/engadget/~3/4Gw9mF_NGas/

TRANSACTION SYSTEMS ARCHITECTS TEXAS INSTRUMENTS HYNIX SEMICONDUCTOR

GNOME 3 released, ushers in an interesting amalgam of iOS and OS X

GNOME 3, after more than two years of development, has been released into the wild. GNOME 3 is not merely the logical successor of GNOME 2: it is an entirely new project, started from scratch, to create a "completely new, modern desktop designed for today's users and technologies."

The best way to check out GNOME 3's new features -- and it has lots of new features -- is to run a live version of openSUSE or Fedora, or simply head over to the GNOME 3 website and watch the (rather pretty) introductory videos. If you want a synopsis, though, here it is: GNOME 3 looks a lot like Mac OS X, with a healthy dollop of iOSesqueness for good measure, but yet it still somehow retains an underlying feel of Linux.

The overall aesthetic is very simple, very elegant, and despite being slightly out of fashion, there are plenty of rounded corners, too. The main addition, workflow-wise, is the addition of an app-launcher-cum-alt-tab screen, where you can launch apps, or flip through your open windows. For a complete list of the new features and changes, check the GNOME 3 release notes.

Despite GNOME 3 being officially launched, there aren't actually any releases for existing, stable Linux distros -- it's the live CD/USB images, or Ubuntu users will have to wait for the launch of 11.04 for a GNOME 3 PPA, but it will break Unity in the process. Fedora users will have to wait for for the May 24 release of Fedora 15. Of course, if you're feeling crazy, you can always build GNOME 3 from source.

GNOME 3 released, ushers in an interesting amalgam of iOS and OS X originally appeared on Download Squad on Thu, 07 Apr 2011 06:40:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Source: http://downloadsquad.switched.com/2011/04/07/gnome-3-released-ushers-in-an-interesting-amalgam-of-ios-and-os/

SALESFORCE COM UNITED ONLINE KINGSTON TECHNOLOGY COMPANY

HTC One X and One XL rooted

The Snapdragon S4-based One X has been rooted, thanks to kennethpenn​ of XDA-developers.  This isn't a bootloader unlock, but it is full root, so apps like Titanium Backup will work just fine.  It's also been confirmed to work on the AT&T version (I'm enjoying root now yay!).  The developer has been nice enough to make a neat little one-click package that will do the work for you.  All the relevant files are installed automatically, and when it's done you have Super SU installed, too.  So no confusing ADB commands to follow on this one.  The usual warnings do apply, you're rooting at your own risk and anything that happens to your phone is your fault and no one elses.  Are you also enjoying root?  Let us know in the forums.

Source: XDA-Developers; More: HTC One X Forums

Source: http://feedproxy.google.com/~r/androidcentral/~3/tJ0UKpWsgss/story01.htm

NVIDIA METHODE ELECTRONICS GOOGLE

Insert Coin: Playsurface open-source multitouch computing table

In Insert Coin, we look at an exciting new tech project that requires funding before it can hit production. If you'd like to pitch a project, please send us a tip with "Insert Coin" as the subject line.

A Microsoft Surface in every office? Yeah, fat chance. At $8,000, you may never see Samsung's SUR40 glow in the wild, but budget versions of the backlit HD table have begun popping up, such as the Merel Mtouch, which retails for half the price. Still, four grand is a lot to ask from casual users -- we need a bargain-basement option to help catapult the concept to success. The Playsurface could be one solution, with an open-source design and a much more affordable price tag. The multitouch computing table is the product of Templeman Automation, and its creators have begun promoting their concept on Kickstarter. In its current iteration, the Playsurface will ship in two flavors -- short, to double as a coffee table, and tall for stand-up applications -- with a $1,750 pledge netting backers a complete kit.

Setting out to fulfill the goal of widespread adaptation, the creator is promising one Playsurface kit with a $1,750 pledge, including a Windows computer, a short-throw 1280 x 800-pixel DLP projector and a transparent touch surface, all housed within a self-assembled wood enclosure. There's also an infrared LED strip to aid with input recognition and something called a "Blob Board," which serves as a dedicated hardware processor tasked with touch detection and connects to the computer via USB. A $350 pledge gets you a Blob Board alone, while $650 is matched with a table (sans computer and projector) and $1,250 will net you a full kit, less the computer. There's just shy of four weeks left to go to get your Playsurface pledge in -- hit up the source link to make it happen.

Continue reading Insert Coin: Playsurface open-source multitouch computing table

Insert Coin: Playsurface open-source multitouch computing table originally appeared on Engadget on Wed, 09 May 2012 11:42:00 EDT. Please see our terms for use of feeds.

Permalink   |  Kickstarter  | Email this | Comments

Source: http://feeds.engadget.com/~r/weblogsinc/engadget/~3/XuaJlJt-yVQ/

KEY COMCAST SPANSION

AVG launches LiveKive cloud sync and backup tool

A while back, we told you about AVG's new LiveKive service, a new cloud synchronization and backup tool which appears to have been named after a vat in which mash is made during the brewing process. But enough about AVG's odd choice of monikers -- LiveKive has launched and is now ready to accept your files into the AVG cloud.

LiveKive takes aim at services like Dropbox and SugarSync, though at the moment it's lagging behind in terms of features. As it stands, LiveKive is only compatible with Windows and OS X. There are no mobile clients yet, though with AVG's strong presence on Android we wouldn't be surprised to see an app arrive in the near future.

The company is offering a heck of a deal right now, however. If you sign up for a paid account during the launch phase, you can score unlimited storage for $80 for a whole year. You can't even score 50GB per year at that price from Dropbox, so if cost and space are more important to you than cross-platform availability, LiveKive might be worth checking out.

If you're not interested in ponying up any cash at the moment, you can still get a 5GB account free of charge. Just head on over, and create a LiveKive account.

AVG launches LiveKive cloud sync and backup tool originally appeared on Download Squad on Thu, 07 Apr 2011 10:42:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Source: http://downloadsquad.switched.com/2011/04/07/avg-launches-livekive-cloud-sync-and-backup-tool/

OSI SYSTEMS LM ERICSSON NIKON

Tasty Planet is a fun flash game where you eat everything in sight

So this professor comes up with a new toilet cleaner that works by "eating" the dirt; or so he thinks. That's how the plot starts for Tasty Planet. You play the role of the toilet cleaner, but you're not really a toilet cleaner after all -- you're a blob of gray goo that can eat anything that's smaller than yourself.

As you chomp away, you grow -- and as you grow, you can eat bigger and bigger stuff. The first level pits you against microscopic particles; by the time I stopped playing, I got all the way to eating cats and dogs. I know that sounds disturbing, but it's a really cute game, and there's no gore or anything like that.

Supposedly you keep growing and growing until you're able to eat whole planets (hence the name). The challenge factor comes when you realize you can't touch any critter larger than yourself - you'll get "bitten" and become smaller. In the beginning you're so small, that a single touch can kill you. Later on, you're big enough that touching larger animals doesn't kill you on the spot, but it does reduce your size. Each level is timed, so if you're not large enough by the time your clock runs out, you need to start again. As long as you don't touch the larger animals, you should be fine.

All in all, a fun, addictive little game. It's available for iOS, too.

Tasty Planet is a fun flash game where you eat everything in sight originally appeared on Download Squad on Tue, 08 Mar 2011 17:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Source: http://downloadsquad.switched.com/2011/03/08/tasty-planet-is-a-fun-flash-game-where-you-eat-everything-in-sight/

INTERSECTIONS AMKOR TECHNOLOGY SHAW COMMUNICATIONS

Gadget Lab Podcast: WWDC Tickets, Android Tablets, Tiny James May and Tin-Can Telephony

This week on the Gadget Lab show, the gang talks about WWDC ticket drama, Android tablets, augmented reality and a decidedly retro iPhone accessory.

Source: http://www.wired.com/gadgetlab/2012/04/podcast-wwdc-tabets-cans/

QLOGIC OSI SYSTEMS LM ERICSSON

Cuppow Turns Any Jar Into a Travel Mug [Video]

Maybe you care about the environment. Maybe you just want to look cool while enjoying your morning coffee. Or maybe you're just a total hipster. Whatever your motivation, Cuppow, a lid that will turn your jars into a travel mugs, helps you drink your beverages on the go. More »

Source: http://feeds.gawker.com/~r/gizmodo/full/~3/gAONFIZPEy0/cuppow-turns-any-jar-into-a-travel-mug

FORMFACTOR FACTSET RESEARCH SYSTEMS UNISYS

Color vulnerable to simple GPS hack, lets you spy on anyone, anywhere

Color, the $41-million-in-funding location-oriented photo sharing startup, is susceptible to simple GPS spoofing. With nothing more than a jailbroken iPad or iPhone, you can use FakeLocation to trick Color into thinking you're somewhere else. Within seconds you can be browsing photos that were snapped thousands of miles away. With a little digging, you can pore through photos not intended for your eyes.

Of course, such a hack isn't illegal as such -- every photo you take with Color is public. With FakeLocation you are simply circumventing Color's very limited location-oriented security mechanism. It does undermine Color's usefulness (and uniqueness), though -- if nefarious types can sit in their bedroom or basement and eavesdrop on classy dinner parties and wild night club soirees, people might be less inclined to share personal photos with those around them.

Fortunately, both for Color and its users, this is an easy security hole to plug -- at least in the short term. The app (or server-side) code simply checks to see if the user has 'teleported' an impossibly large distance, without any intermediate steps in between. In the long term, though, Color's users must be aware that its social graph is completely public. Color's users must realize that every photo they upload is visible by anyone, from any place.

After the break, just to elucidate a little on Color's actual business model and ultimate intention, we have two amazing quotes from Bill Nguyen, Color's founder.

Continue reading Color vulnerable to simple GPS hack, lets you spy on anyone, anywhere

Color vulnerable to simple GPS hack, lets you spy on anyone, anywhere originally appeared on Download Squad on Tue, 29 Mar 2011 05:36:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Source: http://downloadsquad.switched.com/2011/03/29/color-vulnerable-to-simple-gps-hack-lets-you-spy-on-anyone-any/

SKYWORKS SOLUTIONS LEVEL 3 COMMUNICATIONS GOOGLE

Why Poison Oak Is the F&%*ing Worst [Giz Explains]

My mortal enemy is not a man. Nor is it a beast, a virus, an addiction, or a female secret agent. It's a plant. A stupid, fucking, plant. Poison oak, poison ivy, and/or poison sumac (depending on where you live) is pure, insidious evil. Oh, and it's going to be extra bad this year. More »

Source: http://feeds.gawker.com/~r/gizmodo/full/~3/deIQbKWoITI/why-poison-oak-is-the-fing-worst

IMATION SPSS MICROSEMI

Mobile Miscellany: week of April 23rd, 2012

Not all mobile news is destined for the front page, but if you're like us and really want to know what's going on, then you've come to the right place. This past week, we learned that ZTE intends to release a phablet of its own, and Samsung unseated Nokia as the world's largest supplier of mobile phones. These stories and more await after the break. So buy the ticket and take the ride as we explore the "best of the rest" for this week of April 23rd, 2012.

Continue reading Mobile Miscellany: week of April 23rd, 2012

Mobile Miscellany: week of April 23rd, 2012 originally appeared on Engadget on Sat, 28 Apr 2012 22:35:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

Source: http://www.engadget.com/2012/04/28/mobile-miscellany-week-of-april-23rd-2012/

SANDISK FEI COMPANY NETGEAR

Google holds back on open-sourcing Honeycomb, heralds massive shift for Android

Google, in an interesting but not entirely unexpected twist, will not be open-sourcing Android 3.0 Honeycomb for the foreseeable future.

Historically, Android is usually open-sourced via the Android Open Source Project (AOSP) a few days or weeks after the code is finalized. While this departure from the norm won't affect OEMs like HTC and Motorola that have access to internal builds of Android, small-time developers will likely have to wait months before rolling their own distributions.

As to why Google is holding back Honeycomb, its reasons are actually rather rational. Honeycomb, while originally intended to run on all mobile form factors, is only ready for deployment on tablets. "To make our schedule to ship the tablet, we made some design tradeoffs," says Andy Rubin, the head of Google's Android group. "We didn't want to think about what it would take for the same software to run on phones. It would have required a lot of additional resources and extended our schedule beyond what we thought was reasonable. So we took a shortcut."

In other words, Google wants to prevent OEMs and homebrew developers like Cyanogen from rolling their own smartphone versions of Honeycomb -- it doesn't want to see the same bitter-tasting tabletified bastardization that occurred with Android 2.1 and 2.2 last year.

Continue reading Google holds back on open-sourcing Honeycomb, heralds massive shift for Android

Google holds back on open-sourcing Honeycomb, heralds massive shift for Android originally appeared on Download Squad on Fri, 25 Mar 2011 07:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Source: http://downloadsquad.switched.com/2011/03/25/google-holds-back-on-open-sourcing-honeycomb-heralds-shift-android/

AMERICA MOVIL WESTERN DIGITAL MICROCHIP TECHNOLOGY