salec - Slashdot User

Comment Re:More hair-brained ideas for "Global Warming" (Score 1) 418

by salec on Wednesday June 24, 2009 @05:12AM (#28450381) Attached to: DoE Considers Artificial Trees To Remove CO2

Personally, I would prefer some sort of direct separation of (gaseous or liquid) oxygen and (solid, or various nanostructure material) carbon,

Hmm, could liquid CO2 be electrolyzed, or gaseous CO2 broken down by a strong electric field?

Bookmark LORAN-C, a GPS backup navigation system, to be axed (popularmechanics.com)

by salec on Friday May 22, 2009 @04:48AM

Comment Re:A to B (Score 1) 473

by salec on Monday October 13, 2008 @07:42AM (#25353425) Attached to: People Prefer Angry-Faced Cars

Comfortably is safely, for large values (YMMV) of A to B.

Submission + - UK may U-turn and back OOXML (zdnet.co.uk) 1

Submitted by

superglaze

on Friday March 28, 2008 @05:45AM

superglaze writes: "An unnamed source has claimed that the UK could be set to back OOXML, despite previously voting against Microsoft's format. It seems that the technical group advising the British Standards Institution is now backing OOXML, with IBM, unsurprisingly, being the sole hold-out. Still, even if the UK says yes, it looks like the format will fail the ISO fasttrack process."

Submission + - In The Search For Status Quo (corrupt.org)

Submitted by

Anti Globalism

on Friday November 16, 2007 @11:44AM

Anti Globalism writes: "One of the most difficult challenges for a leader is to know how many rules you should enforce, in order to maintain order and discipline in a group of people. There is no absolute guideline how to do this right and the results will vary among cultures and individuals. Parents face the same dilemma every day: if you let your child do whatever it feels like doing, it will end up being driven over by a car or kidnapped by some local lunatic. If you restrict it too much, that will eventually back lash when it grows older and realizes that you destroyed its childhood.

Human nature is very simple: in any given environment where's there's a group of individuals living together, certain norms and principles will be established over time, that seem to benefit the group as a whole. This may of course also include taboos and not all rules are necessarily stated in public; in fact, if you think about the social norms in our society today, they consist of quiet agreements that all people assume you agree with and follow: don't walk naked to work, stand in line to the concert, avoid wearing the Nazi uniform at school etc.

Read more"

Submission + - Microsoft PRNG encryption CRACKED! (computerworld.com)

Submitted by

Martin Shin

on Friday November 16, 2007 @11:36AM

Martin Shin writes: "November 15, 2007 (Computerworld) Israeli researchers who have reverse-engineered a critical component of Windows' encryption technology say attackers could exploit flaws to decipher secured information. Microsoft Corp. has downplayed the threat.

In a paper published earlier this month, Benny Pinkas from the University of Haifa and two Hebrew University graduate students, Zvi Gutterman and Leo Dorrendorf, described how they recreated the algorithm used by Windows 2000's pseudo-random number generator (PRNG). They also spelled out vulnerabilities in the CryptGenRandom function, which calls on the algorithm.

Windows and its applications use the PRNG to create random encryption keys, which are in turn used to encrypt files and e-mail messages, and by the Secure Socket Layer protocol. SSL secures virtually every important Internet data transmission, including information from consumers to online retailers, and from bank customers to their online accounts.

By cracking the PRNG's algorithm, Pinkas and his team were able to predict its future results and uncover what it had come up with in the past, which then let them compute both previous and future encryption keys. They also discovered multiple design flaws in the algorithm that they said could give hackers the keys to the kingdom.

One of the flaws let Pinkas calculate the keys that had already been used on a Windows 2000 machine. In effect, given even remote access to the machine, a hacker could uncover encryption keys that had been generated, and thus the passwords — or other information — which had been used, even if they weren't saved elsewhere on the system. "If you know the 'state' of the PRNG, it should be hard to predict its previous state," said Pinkas yesterday. "It should be like a one-way street. Going backward [in time] should be impossible. But we found a way to very efficiently predict previous states of the PRNG."

That's a major bug, and one that should not have been overlooked, Pinkas added. "It's very well known how to construct a one-way generator. The fact that the PRNG used by Windows 2000 does not provide [this] demonstrates that the design is flawed."

Another problem with Windows' PRNG, added Pinkas, is that a single peek at the current state of its calculations can expose a huge amount of information. Unlike other operating systems such as Linux, Windows only refreshes its "randomness" after the PRNG has produced 128K of output. And since a typical SSL connection between, say, Internet Explorer and a bank consumes just 100-200 bytes of output, it's possible to predict 600-1,200 different SSL connections.

"Once we get the state of the PRNG, we can simulate its future state until the generator is refreshed with new random data," said Pinkas. "But that represents several hundred SSL connections."

Pinkas acknowledged that an attacker must have access to the target PC to get a glimpse of the PRNG's current state — the prerequisite to calculating either future or past encryption keys — but in today's security landscape, that's no barrier. "People are finding new ways to get administrative privileges all the time," he argued. By combining a relatively run-of-the-mill attack — one that results in full access to the machine, such as the just-patched vulnerability in Windows' URI protocol handler — with an exploit of the PRNG's design flaws, hackers could decrypt files or reveal secure traffic between the PC and the outside world, Pinkas said. "It should be pretty easy to do our attacks."

That's not a vulnerability, that's a feature

Microsoft downplayed the problem. "We found that there is no security vulnerability," the company said in a statement attributed to Bill Sisk, Microsoft's security response communications manager. "Information is not disclosed inappropriately to unauthorized users on any supported Windows systems. In all cases discussed in the claim, information is visible only to the users themselves or to another user logged onto the local system with administrator credentials."

Sisk then went on to justify Microsoft's position that the flaws did not qualify as security vulnerabilities. "Because administrators by design can access all files and resources on a system, this does not represent inappropriate disclosure of information."

"We got basically the same [response] when we reported our findings in May," said Pinkas, who believes that the risk is greater than Microsoft wants users to believe. An attacker does not need physical access to the PC to carry out an attack that leverages the PRNG's flaws, for example. "Once you have a way to do remote code execution, you can grab the state of the generator," he said. "Any hacker who knows the OS, could grab the state, and as I said, it's not difficult to get administrative privileges on a PC."

A Symantec Corp. researcher took a middle position. In a research note made available to customers of Symantec's DeepSight threat network, analyst Erik Kamerling called the level of difficulty of such an attack as "relatively high" even as he said that Pinkas' discovery was "an extremely sought-after tool in cryptanalysis."

"An attacker must first gain some type of privileged access to an affected machine," said Kamerling. "Then the attacker would have to run a custom application or script that reads internal RNG variables. The attacker would also need to compute pending and past state information, and finally correlate and apply this forward and backward state reconstruction with the communications emanating from the target machine. It's a complicated scenario to say the least."

But Kamerling also hedged his bets. "Any development of an automated tool or program that would accomplish the techniques in the paper would increase the severity of this discovery," he admitted.

Microsoft came close to promising that it would fix the random number generator. "We are evaluating changes to further strengthen our random number generation capabilities," Sisk said. In an earlier statement, the company had said it might include an update in a future Windows service pack.

The paper co-authored by Pinkas, Gutterman and Dorrendorf can be downloaded from the Cryptology ePrint Archive in PDF format."

Submission + - Robotic Cockroaches Raise Ethical Debate (boston.com)

Submitted by xrsblu on Friday November 16, 2007 @11:31AM

xrsblu writes: The Boston Globe reports that European scientists have persuaded a colony of cockroaches to behave differently by planting a robot leader in the midst. With robots imitating and influencing living creatures, this raises the question of how humans and machines will interact as robotic technology advances.

"Already, Asian countries that represent the gold standard in robotic research are pondering unprecedented new laws that would regulate how much independence robots should be given by programmers and even what "rights" should be accorded the clever devices, which one day may possess something approaching wills of their own, according to robotic gurus."

Submission + - free software; free legal forms

Submitted by

ir0b0t

on Friday November 16, 2007 @11:19AM

ir0b0t writes: "Coders and lawyers for openmissoula presented a "proof-of-concept" demo to the Montana Supreme Court Commission on Self-Represented Litigants that uses free code to give free legal forms to low and moderate income Montanans. Many Montanans cannot get access to the courts for even simple matters. Existing nonprofits typically use large grants for proprietary solutions. Will the proof-of-concept demo be embraced by the Montana lawyers?"

Submission + - Penetration Testing Fundamentals Course (allthatsevil.net)

Submitted by

zenofjazz

on Friday November 16, 2007 @11:17AM

zenofjazz writes: "Penetration Testing is a noble art, and whether you're a white hat, a black hat, or a grey hat, there's always more to learn. A new course has been made available online, and you can read about it here: http://www.allthatsevil.net/index.php?slash=84"

Submission + - Eco-ruin caused the fall of Bronze Age Argaric civ (bbc.co.uk)

Submitted by

kfz versicherung

on Friday November 16, 2007 @11:12AM

kfz versicherung writes: "A new study suggests that the fall of the Bronze Age Argaric people in south-east Spain, Europe's driest area, was caused by the exhaustion of precious natural resources resulting from the early civilisation. By compiling a pollen sequence to see how vegetation changed over thousands of years, the researchers obtained clues to how human settlement and climate affected ecosystems. The study revealed significant amounts of charcoal about 4,200 years ago, just after the Argaric civilisation emerged. The authors say that this is a sign that Bronze Age people were setting fires to clear the forests for mining activities and grazing."

Submission + - Expert: Robot lovers will save geeks, ugly people

Submitted by holy_calamity on Friday November 16, 2007 @11:07AM

holy_calamity writes: The guy that predicted human-robot marriage by 2050 has fielded questions from readers of New Scientist. His answers include the assertion that robots will be the saviour of loveless geeks and uglies: "I see nothing wrong from an ethical perspective in designing robots that will behave as though they have strong emotional feelings for their human owner/partner no matter whether that human is fat, thin, ugly, or whatever." Other questions tackled include "why would a robot want sex with an animal?"

Submission + - WWII Colossus codecracker outdone by a German (zdnet.co.uk)

Submitted by

superglaze

on Friday November 16, 2007 @11:04AM

superglaze writes: "More on the World War II-era Colossus codecracker project. Not only has it been outdone in a cipher-breaking challenge, but — irony of ironies — it was beaten by a German! From the story: The winner was Joachim Schüth, from Bonn, who completed the task using software he wrote himself. "[Schüth] cracked the most difficult code yesterday," said the museum's spokesperson on Friday. "We're absolutely delighted. He used specially written software for the challenge. Colossus is still chugging away, as we got the signals late. Yesterday the atmospheric conditions were such that we couldn't get good signals.""

Submission + - The last DC power grid shutdown in NYC (nytimes.com)

Submitted by cell-block-9 on Friday November 16, 2007 @11:00AM

cell-block-9 writes: Today the section of the old Edison DC power grid will be shutdown in Manhattan. I guess Tesla finally won the argument.

Submission + - Lepenski Vir Archaeological Sile from 7000 BC (funnytogo.com)

Submitted by

milos31

on Friday November 16, 2007 @10:59AM

milos31 writes: "Complete multimedia article about Lepenski Vir Archaeological site from 7000 BC located on the banks of the river Danube in Eastern Europe. Over 50 images, video, links and more"

Submission + - 62% paid nothing for Radiohead's In Rainbows (custompc.co.uk)

Submitted by

arcticstoat

on Tuesday November 06, 2007 @09:55AM

arcticstoat writes: "When asked how much they wanted to pay for Radiohead's In Rainbows album, most of the tight-assed general public (unsurprisingly) chose to pay nothing at all, but what does this mean for the music industry? Does the remaining 38% who paid mean that this business model is sustainable, or will we have to suffer over-priced, DRM-loaded downloads for the rest of the future?"

Slashdot Top Deals