Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Australian Competition & Consumer Commissio (Score 1) 270

by dmiller (#31773878) Attached to: Geohot Brings Other OS Support To PS3 With Custom Firmware
Thanks for the pointer, I have been meaning to do just that. Here is mine:

Sony has just issued a firmware update[1] that disables the "OtherOS" support that is used to run alternate operating systems such as Linux on the Playstation 3 (PS3) game console. This was an advertised feature of the PS3 and was a factor in my decision to purchase the product. The firmware update is effectively mandatory; the PS3 will not support online play or game updates/downloads via the Playstation network without it (these are also advertised features).

That a major consumer electronics company can unilaterally remove advertised features from a product that I have bought and paid for is chilling to say the least and appears misleading and deceptive in the classic "bait and switch" style. I request that the ACCC investigate this matter.

[1] http://blog.us.playstation.com/2010/03/28/ps3-firmware-v3-21-update/

Encryption

OpenSSH 5.4 Released 127

Posted by timothy from the but-it's-secret dept.
HipToday writes "As posted on the OpenBSD Journal, OpenSSH 5.4 has been released: 'Some highlights of this release are the disabling of protocol 1 by default, certificate authentication, a new "netcat mode," many changes on the sftp front (both client and server) and a collection of assorted bugfixes. The new release can already be found on a large number of mirrors and of course on www.openssh.com.'"

Comment Do nothing (Score 1) 497

by dmiller (#31385682) Attached to: Coping With 1 Million SSH Authentication Failures?
If you are randomly generating your passwords and they are of a decent length then you don't really need to do anything. If your passwords contain lower-case letters only (not recommended), but are eight characters long then your million authentication attempts would represent only a 0.0005% chance of success. If you passwords contain numbers and upper-case characters too, then the likelihood is 1000 times less.

Comment Re:Fast, Weak sshfs (Score 1) 249

by dmiller (#29625509) Attached to: OpenSSH Going Strong After 10 Years With Release of v5.3

Faster still (and a better cipher):

ssh -o Compression=no -o Ciphers=arcfour256 -o MACs=umac64@openssh.com ...

The umac-64 MAC is only supported by OpenSSH AFAIK (though the spec is available to anyone else who wants to). It is faster and has a better security guarantee than HMAC-MD5 (and is way faster than HMAC-SHA1).

Comment Re:Thanks OpenBSD (Score 1) 249

by dmiller (#29625393) Attached to: OpenSSH Going Strong After 10 Years With Release of v5.3

I'd like to thank the OpenBSD project, as well, but I'd also like to point out a few issues.

OpenSSH still won't work with certificates signed by a CA.

Quite right, and we have no intention of incorporating x.509 support. X.509 parsing and verification exposes a large amount of attack surface and all of it is, by necessity, pre-authentication too (the type which, if buggy, allows worms). Read Peter Gurmann's X.509 style guide and see if you ever want to go near this horror again. We have actually written our own minimal RSA verification code to avoid the sort of ASN.1 parsing that is necessary to deal with X.509, and it has saved us from at least seven bugs - some probably exploitable for authentication bypass or remote code execution.

OpenSSH doesn't allow an unencrypted connection (after authentication). Not all CPUs can encrypt/decrypt at 1Gbps.

Yep, we are a _secure_ shell and we take a mildly patriarchal attitude to adding options that can lead to insecure use of OpenSSH. Note that the actual bottleneck in most cases is not the crypto anyway (at least when using arcfour256 as your cipher) but the MAC, and you wouldn't want to switch that off. We do have a very fast MAC though: umac-64

OpenSSH doesn't work - as advertised - with an exclamation point in a "Match" statement.

File a bug, we'll fix it.

Other than that, OpenSSH is possibly one of the most capable and reliable pieces of software I've ever had the privilege to use.

Thanks :)

Comment Re:Thanks OpenBSD (Score 1) 249

by dmiller (#29625267) Attached to: OpenSSH Going Strong After 10 Years With Release of v5.3
Use arcfour256 as your cipher and umac-64@openssh.com as your MAC (ssh -oCiphers=arcfour256 -oMACs=umac-64@openssh.com ...). Between these, CPU is usually not the bottleneck anymore.

We don't support the none cipher because "secure networks" often aren't, and there are already tools that are insecure and go fast.
Biotech

Scientists Deliver Bee Toxin To Tumors Via "Nanobees" 98

Posted by ScuttleMonkey from the stop-calling-everything-nano dept.
ScienceDaily is reporting that Washington University School of Medicine researchers have found a way to deliver bee toxin to tumors using nano-spheres they call "nanobees." The results in mice showed a cessation of growth or even shrinkage of tumors while the surrounding tissue was protected from the toxin. "The core of the nanobees is composed of perfluorocarbon, an inert compound used in artificial blood. The research group developed perfluorocarbon nanoparticles several years ago and have been studying their use in various medical applications, including diagnosis and treatment of atherosclerosis and cancer. About six millionths of an inch in diameter, the nanoparticles are large enough to carry thousands of active compounds, yet small enough to pass readily through the bloodstream and to attach to cell membranes."
Democrats

Obama Significantly Revises Technology Positions 940

Posted by timothy from the platitude-adjustment dept.
method9455 writes "Barack Obama has edited his official website on many issues, including a huge revision on the technology page. Strangely it seems net neutrality is no longer as important as it was a few months ago, and the swaths of detail have been removed and replaced with fairly vague rhetoric. Many technologists were alarmed with the choice of Joe Biden before, and now it appears their fears might have been well founded." Update: 09/22 18:07 GMT by T : Julian Sanchez of Ars Technica passed on a statement from an Obama campaign representative who points out that the changes in wording highlighted by Versionista aren't the whole story, and that more Obama tech-plan details are now available in a PDF, saying "there is absolutely no substantive change to our policy - folks who want more information can click to get our full plan."

Slashdot Top Deals

Remember, UNIX spelled backwards is XINU. -- Mt.

Close