ShackNews reports on an emerging trend which sees game publishers offer one-time bonus codes to unlock extra content for certain titles. Rock Band 2, for example, comes with a code which will allow free 20-song download, but is only usable once. NBA Live '09 has functionality to update team rosters on a daily basis, but will only do so for the original owner. "'This information and data is very valuable and it wasn't free for us,' an EA representative explained on Operation Sports. 'T-Mobile is paying for it this year for all users who buy the game new. This is a very expensive tool to use, and if you don't buy it new, then you'll have to pay for this. It isn't greed at all.'"

An anonymous reader writes "Researchers at Carnegie Mellon University have shown that given a buggy program with an unknown vulnerability, and a patch, it is possible automatically to create an exploit for unpatched systems. They demonstrate this by showing automatic patch-based exploit generation for several Windows vulnerabilities and patches can be achieved within a few minutes of when a patch is first released. From the article: 'One important security implication is that current patch distribution schemes which stagger patch distribution over long time periods, such as Windows Update... can detract from overall security, and should be redesigned.' The full paper is available as PDF, and will appear at the IEEE Security and Privacy Symposium in May."

I Don't Believe in Imaginary Property writes "Raymond Niro of Niro Scavone Haller & Niro is fighting back against criticism from the Patent Troll Tracker blog by offering a $10,000 bounty for the identity of the person behind it. He thinks the blogger might work for Microsoft, Intel, or has connections to a 'serial infringer' and that could 'color' what they say."

Roland Piquepaille writes "In a short article, New Scientist reports that researchers at Virginia Tech University have developed a tripedal experimental robot. With its three legs, this robot, named STriDER — short for 'Self-excited Tripedal Dynamic Experimental Robot' — is actually more stable than 2- or 4-legged robots. As said another researcher, 'It's like a biped with a walking stick.' This robot is intended to deploy sensors and cameras in difficult-to-access areas."

Rob wrote in with a link to a CBR Online article discussing drive-by pharming, a new exploitation technique developed by Indiana University and Symantec Corporation. While it's not known if the technique is in use 'in the wild', the exploit could easily co-opt the web-browsing habits of a user that had not properly configured their router. "The attack works because most of the popular home routers ship with default passwords, default internal IP address ranges, and web-based configuration interfaces. The exploit is a single line of JavaScript loaded with a default router IP address, a default password, and an HTTP query designed to reconfigure the router to use the attacker's DNS servers." The article goes on to discuss several related and more advanced techniques related to this one, which security companies will have to keep in mind to guard against future attacks.

dolphinling writes "Everyone is aware that the Mozilla Corporation makes some money, and employs some people now. Google has full-time employees working on Firefox too, as do a number of other places. Yet despite that, in the six months up to Firefox 2 some 27% of the patches to Firefox were submitted by key volunteers, and those patches represent 24% of changes made to the source code. What's more, those numbers only counted contributers with 50 patches or more, so the actual numbers are probably quite a bit higher. It's good to see that even as Mozilla does so well in the business world, it can still keep its ties to the community so strong." They were running these number to find out who they need to start offering support to. So: contribute to Firefox, and you know you'll get a hand up. Nice work, folks.