US Federal Communications Commission (FCC) chairman sought "smart, practical, voluntary solutions", without mandating his own, for internet service providers (ISPs) to fight online fraud and data theft. Chairman Julius Genachowski estimated that 8.4 million credit-card details are stolen online, each year. "If consumers lose trust in the Internet, this will suppress broadband adoption and online commerce and communication, and all the benefits that come with it," Genachowski said in a speech. The FCC feels ISPs can come up with solutions that prevent client PCs in the US from being forced into malicious botnets by hackers, without having to encroach upon users' privacy.

Genachowski urged ISPs to adopt DNSSEC, a system that ensures people accessing sensitive sites such as their banks' online transaction portals go to the right address, and not redirected to a fraudulent password phishing site. "To be effective, everyone who is a part of the Internet ecosystem must play a meaningful role in ensuring that private and government networks, and personal computers and devices are secured," said Comcast/NBCUniversal President Kyle McSlarrow in a blog posting. Comcast is one of America's biggest ISPs. This is an example of how threats to the sanctity of a productive internet can be defeated with highly-specific solutions that don't threaten privacy and freedoms, instead of broad-scoped legislations that potentially do.

Security software maker Symantec confirmed to the press that the group of hackers that obtained source code of its pcAnywhere software were holding it to ransom. The group claims to be linked to Anonymous. The group allegedly demanded US $50,000 from Symantec in return for destroying the source code it stole, on failing to pay it, the group threatened it would leak the source code to the public, which would expose the software to malware writers and competitors.

Symantec has apparently been in negotiations with the hacker group over preventing the leak, it even agreed to pay the group its "ransom", provided it could do so in monthly installments. The group declined, and the negotiations fell through. A transcript of this email conversation was posted on Pastebin (can be accessed here). The hackers claimed to have posted the source code of pcAnywhere (in a 2.3 GB RAR archive), on a popular bit-torrent site. In our opinion, extorting money is very un-Anonymous. Anonymous, being the self-proclaimed hacktivist group that it is, would post the source code "just for the lulz", without even getting into negotiations with Symantec.

If online gaming wasn't hard enough a game-hacking site called Artificial Aiming has some members that are now targeting innocent players for Punkbuster bans in Battlefield 3. They were able to do this by corrupting a streaming Punkbuster ban list shared by certain server admins. A junior member from the Artificial Aiming forums that took the lead on this attack is focusing on servers that use GGC-Stream. He is are quoted as saying,

"We have selected ggc-stream as the target since they have the most streaming bf3 servers and makes it very easy to add fake bans. In 2011 we hit them with a mass ban wave and now were are banning real players from battlelog while ggc-stream is totally unaware. We have framed 150+ bf3 players alone"

Welcome to the TechPowerUp 2011 PC technology Christmas special. We hope that you will enjoy reading it while tucking into your turkey, Christmas presents and a little too much wine... In this article, we go through the technology of 2011 that has had the most significance, the most impact and was generally the most talked about. It's not necessarily the best tech of 2011 which is the most significant though, since lemons can be just as significant as the ground-breakers in how they fail to deliver - and the backlash that goes with it.

January: Intel Sandy Bridge i5 & i7

Released on January 9th, the new Intel Core i5 & i7 processors were based on Intel's second generation Core architecture built on a 32 nm production process (HEXUS review). They included an IGP (Integrated Graphics Processor) physically on the same piece of silicon along with HyperThreading. These new dual and quad core processors soundly beat all previous generations of Intel processors in terms of processing performance, heat, power use, features and left AMD in the dust. Therefore, Intel badly needed some competition from AMD and unless you have been living under a rock, you will know how that turned out in October with the launch of Bulldozer. Sandy Bridge was a sound win and is generally considered to be the only architecture worth considering at this point. The i5-2500K is currently at the sweet spot of price/performance. It comes at a stock speed of 3.3 GHz, but typically overclocks to an amazing 4.5 - 5 GHz with a decent air cooler and without too much difficulty in getting there. Models in the budget i3 range were released at various times later. See this Wikipedia article for details.

Three weeks ago, we brought you news that researchers had apparently found serious vulnerabilities in the firmware of HP printers that can allow hackers to cause the fuser to overheat and almost make the paper inside catch fire. HP dismissed these claims as exaggerated, but said that they would look into it. Three days later, we reported that some enterprising New Yorker called David Goldblatt sued HP, alleging that he would not have bought their printers had he known about this problem beforehand, which seems a bit unlikely when you consider that HP is the number one printer brand by a mile. Now HP have released patches for these vulnerabilities and issued the following press release:

Following on from the hack into Square Enix's (Deus Ex, Tomb Raider franchises) servers last week, the Japanese company has been sending out an email to its members, updating them on the situation. They explain that no personal information was lifted, but have suspended their member's service while investigations continue. This rather reassuring explanation is in stark contrast to initial reports that up to 1.8 million accounts (1M in Japan, 800K in America) had had personal information lifted, such as names, phone numbers and email addresses. However, it does appear that no personal, login or credit card info was accessed in the end, the company reports (hopefully honestly). Here is that Square Enix email in full:

Three days ago, we brought you news of how researchers have made proof-of-concept attacks on HP printers by reprogramming their firmware. Among other things, these attacks could deliberately cause the fuser in a printer to overheat and singe the paper, until shut down by a built-in unoverridable thermal switch, preventing a fire. Now, in light of this, a lawsuit has been filed by David Goldblatt of New York, seeking damages for fraudulent and deceptive business practices and is looking for class action status: "As a result of HP's failure to require the use of digital signatures to authenticate software upgrades, hackers are able to reprogram the HP Printers' software with malicious software without detection," the suit says. "Once the HP printers' software is maliciously reprogrammed, the HP printers can be remotely controlled by computer hackers over the Internet, who can then steal personal information, attack otherwise secure networks, and even cause physical damage to the HP printers, themselves." Note that HP has used digital signatures since 2009 to authenticate the firmware updates, helping to mitigate this potential problem in recent models.

Despite this though, HP still intends to patch the firmware to eliminate threats from this hack, which exploits bugs in the firmware. As these attacks have only actually been demonstrated in the lab and no actual losses have been incurred by Goldblatt, it makes one wonder if he is just using the prevailing American "victim culture" to try and make a quick buck off HP. HP are the top printer brand, mainly because their products are excellent, performing well and lasting a long time, plus other companies' printers and embedded devices have the same problems, so it seems unlikely that he would really not have bought HP printers.

In news, that will be sweet music to the ears of honest gamers, InfinityWard has been busily banning cheaters who exploit loopholes and coding errors in the game to get one over others. The figure is currently around the 1600 mark and rising, as InfinityWard's community man Robert Bowling posted on Twitter: Any attempt to cheat, hack, or glitch in #MW3 will not be tolerated. 1600+ bans issued. Updates in works. Please cont. to report offenders. He then added: We are doing mass bans on PC as well while we work on updates. He has promised that a hot fix is in the works for multiple glitches that have been reported.

Now, while cheating is wrong, it can also be an incredibly fun, but guilty pleasure. So, is it really all the cheater's fault, when opportunities like this are laid at there feet? It's like giving someone a cake and telling them not to eat it. Perhaps the program code should have been more bug free in the first place, too?

We have brought you the potential perils of the upcoming UEFI Forum-implemented - www.uefi.org - Windows 8 secure boot feature here, here and here. However, it appears that it may not be so 'secure' after all, since there appears to be a surefire way to circumvent it, at least for the moment, while it's in development.

Softpedia has scored an exclusive interview with security researcher Peter Kleissner, who has created various Windows (XP, Server 2003 etc) "bootkits", which allow OS infection at the highest privilege level, giving unrestricted access to the whole of the PC. His latest one, called Stoned Lite, shows how the Windows 8 secure boot process, still in development, can be subverted, as it stands. He is planning to release details of how the code works at the upcoming International Malware Conference (MalCon) - malcon.org - that will take place in India on November 25th. It appears that the real vulnerability exists in the legacy BIOS boot procedure, not in Microsoft's implementation of secure boot, as Kleissner said:

The problem with the legacy startup is that no one verifies the MBR, which makes it the vulnerable point. With UEFI and secure boot, all the boot applications and drivers have to be signed (otherwise they won't be loaded). You can compare it to TPM, although Arie van der Hoeven from Microsoft announced that the secure boot feature is mandatory for OEMs who want to be UEFI certified. It is a good message that security is not an option.

Just like any good design implementing security by obscurity, hackers and cheaters will find a way to exploit the system in no time flat. In this instance, DICE said via Twitter that cheaters have "found a glitch that allows them to use the Engineer repair tool or the EOD Bot to garner tens of thousands of points in a match." A beautiful and satisfying cheat if ever there was one, really letting you get on the wrong side of your fellow player! However, there's this small problem, since developer DICE has now cottoned on to underhand tactics and is banning these sporting gamers en-masse. Isn't retribution wonderful?

Via Twitter, DICE reported, "This week we've banned hundreds of offending accounts and have stats-wiped accounts for exploiting (such as boosting)..." and they also ask for honest gamer's help in nailing the culprits, "To report players cheating or boosting send us a direct message to this Twitter with a screen shot of the Battle Log Report." There is also a problem with the Sony PS3 version of the game, which will be addressed with a patch, soon. This suggests that the bug is in the core program code, rather than a platform-specific implementation. Finally, one should always strive to behave honestly and ethically in life and it looks like in this instance it really pays off. Here's wishing all honest players an enjoyable time playing BF3, free from cheaters.

Gabe Newell of Valve has issued a statement that the forum hack they experienced over the weekend actually goes much deeper than they thought. The criminals accessed the main database containing such goodies as user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. Apparently, no personally identifying information was taken - but we await the result of the full investigation before breathing a sigh of relief. Due to this serious breach, TechPowerUp advises all Steam users to change their account password immediately. People starting up their Steam client will now see the following message from Gabe Newell about this:

Valve, a company that operates solely online, takes its security pretty seriously and has a good reputation in this area. However, at the time of writing, its Steam forums are down, having suffered a hack attack earlier today. Visit the forums now and you see a message saying "The Steam Forums are temporarily offline for maintenance. Your patience is appreciated." This attack was apparently done by hackers who want to offer free game cheats (but one should be wary of stealthy malware payloads) since before the forums were taken down, they had planted this message:

Ever wanted to dominate the servers you play on with guaranteed results, but you were too afraid to cheat because of ban risks?

The rest of the message then recommends a website where one can obtain all sorts of illegal game cheats, hack tools and porn. Some Steam forum users even received an email with this text, such as this NeoGAF user. There's no indication that any user's account information has been compromised. However, if you haven't yet set up Steam Guard, now is a good time to do so, along with changing your password when the forums come back online. Also, be sure to use different a password for every login. Of course, many other gaming forums have been hacked in the past and just this year saw many hacks against such big names as Nintendo, Sega, BioWare, Epic Games and of course Sony, which was hacked many times over in protest at their business practices, such as removing the OtherOS feature from their PS3 console.

For years Apple Mac users have felt smug that their computers didn't need any security software installed, unlike their poor Windows counterparts which were always coming down with a cold. This they believed is because their beloved operating system is inherently more secure than leaky old Windows (which it used to be). This smug feeling has been especially strong over the last decade, since the release of Mac OS X in 2001, as it's based on Unix which has always had security baked into it. They therefore felt safe from the multitude of viruses, keyloggers, trojans and various other nasties that the bad guys like to infect operating systems with. However, there have been successful attacks in the past on every Apple Mac operating system since the first one in 1984, just nowhere near the number of attacks as on Windows. Of course, what Windows users, Linux users and other OS users have also been saying for years is that Apple's operating systems simply weren't popular enough to bother with and aren't particularly secure. After all, the hackers do this for fun and financial profit, so why aim for a little teeny tiny target, when you can aim for a big, fat one like Windows?

Yes, that's right the maker of notoriously vulnerable software is now blaming you, the user, should you get a virus, trojan or other malware infection on your Windows computer. However, it does look like they have some justification for saying this. For those with long attention spans, Microsoft have just released their 168 page Microsoft Security Intelligence Report 6MB PDF, with the stated aim of providing:

An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011

The first thing to note about the report is that it is limited to its Malicious Software Removal Tool and Microsoft's other anti-malware products. Zero-day attacks that it can't detect are not included in the findings. So, surely it can't all be the user's fault then? It also means that the security angles from third party security vendors such as Kaspersky, Norton and McAfee aren't represented here.

Rice University and Duke University are the latest in a long line of educational institutions to fund research on the effect of using restrictive Digital Rights Management (DRM) to try and control levels of so-called "piracy", which is allegedly reducing sales of content-only, infinite goods/virtual products, such as music, movies, computer games and books. (Some observers writing about DRM replace the word "Rights", giving us the phrase Digital Restrictions Management, which seems a more accurate description of what it's really about and removes the veneer of legitimacy from it. When buying DRM'd content, you are buying digital handcuffs, nothing more, nothing less.) The universities sponsored a study called Music Downloads and the Flip Side of Digital Rights Management Protection and what it found is that contrary to popular belief amongst the big content companies, removing DRM can actually decrease levels of piracy and increase sales. The fact is that DRM is always broken by hackers and pretty quickly too, often within a day or two (there isn't a single one still standing) leaving legal users who work within its confinements with all the restrictive hassles that it imposes, while the pirates get an unencumbered product to do with as they please. How is this progress?

The "Scene", self-styled "Robin Hood" hackers of the computer world allegedly fighting for you and me, who first made the no-CD crack and then the cracked DRM, are starting to target the intrusive adverts that are now appearing in today's hottest game titles such as the latest Deus Ex:

Earlier this month, it was reported that the master-key that overrides or unlocks HDCP-encrypted digital content may have been leaked. The worst fears of the HDCP team are coming true, with Intel, a main developer of HDCP, confirming that the master-key leak is genuine. High-bandwidth Digital Content Protection (HDCP) is everywhere, wherever there's commercial high-definition video content, such as Blu-ray movie titles, HDTV set-top boxes, PCs capable of Blu-ray playback, and so on. It is an encryption layer that protects the HD content in its natural audio-video quality from being ripped. Without HDCP one would still be able to watch HD content, albeit with degraded quality.

The immediate repercussions of the master key leak are directed at consumer electronics manufacturers, they might hesitate to adopt HDCP paying its royalty for making use of the protocol, there is technically no fidelity left in it. Grey-market and el-cheapo consumer electronic manufacturers can circumvent HDCP compliance to offer near-perfect video playback. What's worse, it's party-time for pirates. Devices that recover digital content while retaining perfect picture/audio quality by stripping out the encryption can be made. Whatever the consequences Intel maintains it won't affect HDCP much.

Rudimentary software-level protection for IPv6 (Internet Protocol Version 6), a network protocol which comes pre-installed with several operating systems (OS) but poorly implemented in the real-world makes it a protocol ignored by security providers, and effectively a soft-target for hackers to compromise a system.

Several OSes including Linux 2.6 upwards, Windows Vista, Solaris, Mac OS X and mobile OSes such as Windows Mobile 5 and 6 come with IPv6 enabled by default, though the user would probably not use the protocol in a year 2008 setting where the networks haven't embraced the protocol to level that makes it an explicit requirement for all internet-enabled computers the way IPv4 is. Keeping this in mind, software level protection for IPv6 is close to non-existent, having strong intrusion detection-enabled protection might keep you safe at an IPv4 level that's still standard, but with IPv6 enabled and with protection that doesn't cover IPv6, the PC is as vulnerable as one without any firewall at all. With IPv6 'listeners' (programs that open ports and allow incoming connections) in place the PC becomes vulnerable to intrusions. All it takes is for a hacker to create an IPv6 listener program (malware) and plant it on a PC.

Security vulnerabilities have plagued the computing world ever since computing became a significant advance of mankind. As of today, the plethora of security software we use that gobble money, system resources and network bandwidth to keep our computers and networks safe, have done a good job and it's relatively 'peaceful' these days. And just when we thought so, enter Kris Kaspersky, eminent security researcher, comes up with the hypothesis that microcode errors, known errors and flaws in the design of CPUs could be exploited by malicious code to attack and compromise systems irrespective of which operating system (OS) and other software are running. Kaspersky claims that different errata of the CPU could be exploited differently.

The United States Army is quietly integrating Macintosh computers into its systems to make them harder to attack. In an interview with Forbes Magazine, U.S. Army Lieutenant Colonel C.J. Wallington explains that fewer hack attacks have been designed to infiltrate Macs and adding more Macs to the mix makes it harder to destabilize their system. Jonathan Broskey, who once worked for Apple, argues that the Unix core at the center of Mac operating system makes it easier to lockdown. While the number of malicious software programs targeting Macs has been small in the past, it is beginning to grow. Charlie Miller, a software researcher with Security Evaluators, worries that the Army's diversification plan will not stop a determined intruder. He also explains that Apple's security is a myth and has been proven more vulnerable than Windows.