Month: April 2007

PSP price drop – $170

Finally. The long-overdue PSP price drop has come to be. Starting April 3rd, the PSP core pack will be just $169.99.

Were you planning on picking up a Sony PSP tomorrow from your local Gamestop or EB Games? Excellent. Were you planning on paying for it? Super excellent. As a reward for your unquestionable moral values, you’ll be given a $30 discount on that purchase of “the past”. You see, as of April 3, the PSP Core Pack is being marked down from $199.99 to $169.99.

I’ve been planning on getting a PSP for a while. Looks like another push for me to get out and do it.

[tags]PSP price drops $30, PSP core now $170[/tags]

Australian game reviewers get offered special perks for positive reviews

If I ever saw a dream job, this story about the offerings for game reviewers in Australia certainly seems to be the one I’d try to get.

Former editor of Official Australian PlayStation 2 Magazine Richie Young got his weekly editorial off to a very controversial start by suggesting that corruption is rife in the Australian gaming press.

Young’s accusations include reviewers being offered sex and money to change review scores, backroom deals in exchange for “exclusive” stories, elaborate gifts like overseas trips, and advertising support influencing review scores.

Time to start looking for a job down, I suppose, so I can pay the bills until I get the dream job.

[tags]Australian game reviewer offered sex for exclusive stories and better review scores[/tags]

Latest zero day attack in the wild

If you surf the web using Internet Explorer, here’s another reminder that you should consider switching browsers:

If you’re reading this with Internet Explorer on a Windows machine, don’t. The Windows animated cursor zero-day attack that was coming through on IE 6 and 7 running on fully patched Windows XP SP2 is now also hitting Windows 2000, Server 2003 and Vista. As F-Secure advises, better to use some other combination.

Proof-of-concept code for the attack was released after business hours on Friday, according to SANS.

Blocking .ani files won’t help. SANS has picked up reports of the vulnerability being exploited in the wild with .ani files renamed as JPEGs.

Microsoft today posted security advisory 935423 about the exploit. Here’s the full list of vulnerable systems:

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Vista

The company still hasn’t provided a patch. The vulnerability is a candidate for inclusion in the CVE (Common Vulnerabilities and Exposures) list, having been assigned the label CVE-2007-0038 (previously also CVE-2007-1765).Although there currently is no official patch, a SANS handler has posted instructions on detecting and filtering out .ani file exploitation attempts. eEye provided a temporary patch, although the company recommends updating to Microsoft’s patch when it’s out.

That’s a pretty significant vulnerability, and there’s just not a way to deal with it in a manner that would leave me comfortable.  I highly recommend Mozilla or Opera for the Windows-bound, although you have to remember that no matter what browser you use, there will be vulnerabilities at times.  In this case, it’s a matter of reducing your exposure.

[tags]Zero-day Windows exploit via animated cursors, Time to switch browsers[/tags]

Remember, all this security is only for your protection

Proving that our government continues to be incapable of protecting us, no matter how many rights or freedoms it strips away, we find that screeners at the Denver airport can identify a bomb only about 10% of the time, even when screening systems set off alarms. So, as almost always is the case, the human element breaks down. But then, that weakness of security has been known so long (and a shorter link to that article). The question is, how do we improve the weak link? I’m thinking hiring better people for the positions, training them better, cutting shift durations (repetition and boredom lead to reduced performance), and I’m sure other measures – all requiring more money.

Checkpoint security screeners at Denver International Airport last month failed to find liquid explosives packed in carry-on luggage and also improvised explosive devices, or IED’s, worn by undercover agents sources told 9NEWS.

“It really is concerning considering that we’re paying millions of dollars out of our budget to be secure in the airline industry,” said passenger Mark Butler who has had two Army Swiss knives confiscated by screeners in the past. “Yet, we’re not any safer than we were before 9/11, in my opinion.”

The Transportation Security Administration (TSA) screeners failed most of the covert tests because of human error, sources told 9NEWS. Alarms went off on the machines, but sources said screeners violated TSA standard operating procedures and did not hand-search suspicious luggage, wand, or pat down the undercover agents.

“The good news is we have our own people probing and looking and examining the system,” said Rep. Ed Perlmutter, a Democrat in the 7th congressional who sits on the House Homeland Security and transportation committees. “The bad news is they’re finding weaknesses.”

Actually, the fact that they are finding weaknesses is also good news. Having the weaknesses is indeed bad news. Finding them means we can develop means of improving on them, which is a good thing. Still – I can no longer take my keychain Leatherman when I fly, because it has a 1 inch knife blade, but people who actually want to inflict harm have a 90% chance of getting their bombs on with them. Way to protect us, TSA and Homeland Security!

[tags]Denver airport security screeners miss 90% of explosives[/tags]

Build your own X-Ray vision camera

Popular Science has starting instruction on their How 2.0 Blog for building your own X-Ray vision camera. They are quick to point out one of the potential issues with building the camera:

xray-pic_resize.jpgYou’ve seen them in the back of magazines–heck, probably Popular Science–all your life: the crazy swirling paper X-ray specs, with the campy ’50s pervert looking at the bloomers of a shocked gal. While we don’t support such nefarious uses, you can make your own working X-ray camera, just by modifying a CVS Disposable. It won’t give you Superman vision, but you should be able to see through one or two layers of paper and fabric (again, behave!) in the right light. Here’s the catch: The key is in a hard-to-find X-ray conversion material called a beryllium window. PopSci got its sample from NASA during a visit to the Goddard Space Flight Center a few years ago, as it is sometimes used in satellites to block out cosmic X rays that might distort digital communications.


So if you don’t have friends at Goddard, you might want to start looking now for another source of a beryllium window (a quick search of ebay turned up zero, so don’t think it’s that easy). Still, I think the results show this to be worth trying to get and build anyway.

[tags]Build your own X-Ray vision camera, PopSci X-ray camera instructions[/tags]