Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security

Submission + - Turkish Registrar Enabled Phishing Attacks Against Google (krebsonsecurity.com)

Submitted by tsu doh nimh
tsu doh nimh writes: Google and Microsoft today began warning users about active phishing attacks against Google's online properties. The two companies said the attacks resulted from a fraudulent digital certificate that was mistakenly issued by a domain registrar run by TURKTRUST Inc., a Turkish domain registrar. Google said that on Dec. 24, 2012, its Chrome Web browser detected and blocked an unauthorized digital certificate for the ".google.com" domain. "TURKTRUST told us that based on our information, they discovered that in August 2011 they had mistakenly issued two intermediate CA certificates to organizations that should have instead received regular SSL certificates," Google said in a blog post today. Microsoft issued an advisory saying it is aware of active attacks using one of the fraudulent digital certificates issued by TURKTRUST, and that the fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against virtually any domain. The incident harkens back to another similar compromise that happened around the same timeframe. In September 2011, Dutch certificate authority Diginotar learned that a security breach at the firm had resulted in the fraudulent issuing of certificates.
Google

Submission + - Turkish CA Issues Fraudulent Certificate for Google.com (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Google said that late on Christmas Eve, they detected and blocked an unauthorized digital certificate that was created for the "*.google.com" domain that was linked back to Turkish certificate authority, TURKTRUST.

“TURKTRUST told us that based on our information, they discovered that in August 2011 they had mistakenly issued two intermediate CA certificates to organizations that should have instead received regular SSL certificates,” Adam Langley, Software Engineer at Google wrote in a blog post on Thursday.

Microsoft on Thursday issued a security advisory on the incident and took measures to protect customers.

Because Intermediate CA certificates have the full authority of the CA, an attacker could use it to create a certificate for any website they want to impersonate. “The fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties,” Microsoft’s advisory said. “This issue affects all supported releases of Microsoft Windows.”

Google said that it may also take additional action after looking into the issue further.
Math

Physicists Say Graphene Could Create Mass 184

Posted by kdawson from the boson-walks-into-a-church dept.
eldavojohn writes "Graphene has gotten a lot of press lately. The Nobel prize-winning, fastest-spinning, nanobubble-enhanced silicon replacement is theorized to have a new, more outlandish property. As reported by Technology Review's Physics Blog, graphene should be able to create mass inside properly formed nanotubes. According to Abdulaziz Alhaidari's calculations, if one were to roll up graphene into a nanotube, this could compactifiy dimensions (from the sheet's two down to the tube's one), and thus 'the massless equations that describe the behavior of electrons and holes will change to include a term for mass. In effect, compactifying dimensions creates mass.' What once would require a massive high-energy particle accelerator can now be tested with carbon, electricity, and wires, according to the recent paper."
Hardware Hacking

Building a Telegraph Using Only Stone Age Materials 238

Posted by samzenpus from the from-scratch dept.
MMBK writes "It's the ultimate salvagepunk experiment, building a telegraph out of things found in the woods. From the article: 'During the summer of 2009, artist Jamie O’Shea of the organization Substitute Materials set out to test whether or not electronic communication could have been built at any time in history with the proper knowledge, and with only tools and materials found in the wilderness of New Jersey.'"

Comment Re:About the resolution... (Score 1) 134

by hsdpa (#30609576) Attached to: Motorola's Rumored Android Phone Focuses on Screen Size

Well, you're right. 800x480 is a very standard resolution, but we're talking about Motorola, right? ;-)
Having 854x480, you still keep one axis standard (480) which makes 800x480 applications easier to port.
Just google the different resolutions and you see which one's more popular and widely used:

resolution - hits
480x800: 365 000
800x480: 1 270 000
484x850: 73 000
850x484: 102 000
480x854: 80 200
854x480: 475 000 -- // AC
Programming

Speech-to-Speech Translator Developed For iPhone 133

Posted by samzenpus from the we-got-a-word-for-that dept.
Ponca City, We love you writes "Dr. Dobbs reports that Alex Waibel, professor of computer science and language technologies at Carnegie Mellon University, has developed an iPhone application that turns the iPhone into a translator that converts English speech into Spanish, or vice versa. Users simply speak a sentence or two at a time into the iPhone and the iPhone will respond with an audible translation. 'Jibbigo's software runs on the iPhone itself, so it doesn't need to be connected to the Web to access a distant server,' says Waibel. Waibel is a leader in speech-to-speech translation and multimodal speech interfaces, creating the first real-time, speech-to-speech translator for English, German and Japanese. 'Automated speech translation is an expensive proposition that has been supported primarily by large government grants,' says Waibel. 'But our sponsors are impatient to see this technology become more widely available and we, as researchers, are eager to find new revenues that will help us extend this technology to more of the 6,000 languages now spoken worldwide.'"
Transportation

Carefully Timed Jerks Could Power Space Elevator 270

Posted by ScuttleMonkey from the pull-harder-and-faster dept.
Hugh Pickens writes "BBC has an interesting article on the long-standing issue of how to power the 'climber' that would ascend a space elevator into space. Previous ideas have included delivering microwave or laser power to the climber beamed from the Earth's surface, but now European Space Agency ground station engineer Age-Raymond Riise has demonstrated a device that could provide a "lift into space" for cheaper space missions along a 100,000-km long tether anchored to the Earth. Riise demonstrated sending power mechanically by providing carefully timed jerks of the cable at its base with a broomstick to represent the cable held in tension, an electric sander to provide a rhythmic vibration to the bottom of the stick, and three brushes representing the climber with their bristles pointing downwards allowing the climber assembly to slide upward along the broomstick as it moved slightly downward, but grip it as it moved slightly upward. 'It would be possible to make a suspension system that completely decouples the cabin where the passengers are,' says Riise. 'For them it would be a linear movement with very little disturbance.' Riise says that he has been approached by commercial elevator companies, who are researching new ideas for elevators in superscrapers where the simplicity of the approach makes it attractive when compared to other ideas for powering lifts, such as compressed air."
Government

Anti-Matter Created By Laser At Livermore 465

Posted by kdawson from the billions-and-billiions dept.
zootropole alerts us to a press release issued today by Lawrence Livermore National Laboratory, announcing the production of 'billions of particles of anti-matter.' "Take a gold sample the size of the head of a push pin, shoot a laser through it, and suddenly more than 100 billion particles of anti-matter appear. The anti-matter, also known as positrons, shoots out of the target in a cone-shaped plasma 'jet.' This new ability to create a large number of positrons in a small laboratory opens the door to several fresh avenues of anti-matter research, including an understanding of the physics underlying various astrophysical phenomena such as black holes and gamma ray bursts." The press release doesn't characterize the laser used in this experiment, but it may have been this one.
Space

Hubble's Exoplanet Pics Outshined by Keck's 140

Posted by timothy from the keckkeckkeck-is-the-new-bwahaha dept.
dtolman writes "Scientists at the Keck and Gemini telescopes stole the thunder of Hubble scientists announcing the first picture of an extrasolar world orbiting a star. Hubble scientists announced today that they were able to discover an extrasolar world for the first time by taking an actual image of the newly discovered exoplanet orbiting Fomalhaut — previous discoveries have always been made by detecting changes in the parent star's movement, or by watching the planet momentarily eclipse the star — not by detecting them in images. Hubble's time to shine was overshadowed though by the Keck and Gemini observatories announcing that they had taken pictures of not just one planet, but an entire alien solar system. The images show multiple planets orbiting the star HR 8799 — 3 have been imaged so far."
Image

Schneier on Security Screenshot-sm 204

Posted by samzenpus from the protect-ya-neck dept.
brothke writes "There is a perception in both the private and government sector, that security, both physical and digital, is something you can buy. Witness the mammoth growth of airport security products following 9/11, and the sheer number of vendors at security conferences. With that, government officials and corporate executives often think you can simply buy products and magically get instant security by flipping on the switch. The reality is that security is not something you can buy; it is something you must get." Keep reading for the rest of Ben's review.
United States

National Debt Clock Overflowed, Extended By a Digit 696

Posted by timothy from the but-don't-worry-balanced-budget's-a-crazy-idea dept.
hackingbear writes "The National Debt Counter, erected in 1989 when the US debt was 'merely' a tiny $2.7 trillion, has been moving so much that it recently ran out of digits to display the ballooning figure: $10,150,603,734,720, or roughly $10.2 trillion, as of Saturday afternoon. To accommodate the extra '1,' the clock was hacked: the '1' from "$10.2" has been moved left to the LCD square once occupied solely by the digital dollar sign. A non-digital, improvised dollar sign has been pasted next to the '1.' It will be replaced in 2009 with a new clock able to track debt up to a quadrillion dollars, which is a '1' followed by 15 zeros. That should be good enough for a few more months at least, I believe." Adds reader MarkusQ, "I know Dick Cheney has assured us that 'Deficits don't matter' but I can't help wondering if we should be fixing the problem rather than the sign."

Comment Re:No limit (Score 1) 656

by hsdpa (#24827989) Attached to: Typical Home Bandwidth Usage?
Well, I've got 30/30 full duplex (although the contract says 30/10) and have at least 1.5 TB up/week. Rather expensive though, about 400 SEK / $60 a month. No limits. Of course I live in Sweden.
Government

State Lawmaker Wants To Ban Anonymous Posting Online 471

Posted by Zonk from the didn't-know-kentucky-was-so-powerful dept.
bfwebster writes "According to a local news article from last week, Kentucky state lawmaker Tim Couch wants to ban anonymous posting on the internet in order to 'cut down on online bullying', which he says has been 'a particular problem in eastern Kentucky.' His bill would require posters to register with their real names and e-mail addresses under threat of fines. Looks like another battle in the right for anonymous free speech."
The Courts

Submission + - Hosting a DC-hub leads to a provisional sentence (icelandreview.com)

Submitted by hsdpa
hsdpa writes:
"Reykjavík District Court convicted nine individuals for illegal downloads on Monday through the file-sharing website DC++, which thousands of Icelanders have used. The longest sentence was given to Bjarki Magnússon, a 30-day provisional sentence."
Turns out that hosting a DC(++)-hub can lead to a 30-day provisional sentence. The case is rather interesting, despite the awfully low quality of the article. It's the Association of film rights-holder in Iceland (SMÁÍS) who seems to be involved in lots of filesharing incidents in Iceland. 2007 a bittorrent-tracker was shut down as well.
Security

Submission + - Whistleblower: Feds Have a High-Speed Backdoor Int

Submitted by Anonymous Coward
An anonymous reader writes: An unnamed U.S. wireless carrier maintains an unfiltered, unmonitored DS-3 line from its internal network to a facility in Quantico, Virginia, according to Babak Pasdar, a computer security consultant who did work for the company in 2003. Customer voice calls, billing records, location information and data traffic are all allegedly exposed. A similar claim was leveled against Verizon Wireless in a 2006 lawsuit.

Slashdot Top Deals

What good is a ticket to the good life, if you can't find the entrance?

Close