Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×

Submission + - BREACH Compression Attack Steals SSL Secrets (threatpost.com)

Submitted by msm1267
msm1267 writes: A serious attack against ciphertext secrets buried inside HTTPS responses has prompted an advisory from Homeland Security. The BREACH attack is an offshoot of CRIME, which was thought dead and buried after it was disclosed in September. Released at last week’s Black Hat USA 2013, BREACH enables an attacker to read encrypted messages over the Web by injecting plaintext into an HTTPS request and measuring compression changes.
Researchers Angelo Prado, Neal Harris and Yoel Gluck demonstrated the attack against Outlook Web Access (OWA) at Black Hat. Once the Web application was opened and the Breach attack was launched, within 30 seconds the attackers had extracted the secret.
“We are currently unaware of a practical solution to this problem,” said the CERT advisory, released one day after the Black Hat presentation.

Submission + - Multiple banking IP addresses hijacked

Submitted by Anonymous Coward
An anonymous reader writes: This incident clearly shows the dark side of BGP attacks and ISP/operator trusting each other to configure their networks properly. All it takes is one typo somewhere, misconfiguration, or a deliberate attack on BGP to bring down the Internet. On 24 July 2013 a significant number of Internet Protocol (IP) addresses that belong to banks suddenly were routed to somewhere else. Sampling of some of the owners of the IP addresses includes ecom giant Amazon, financial and banking companies such as JPMorgan Chase & Co., Bank of America, HSBC and others.

So how does one protect from such attacks? IPSec and DNSSEC? How does bank end users verify the identity of bank web sites and protect themselves from such attacks?

Submission + - Moscow Subway To Use Special 'Devices' To Read Data On Phones (rferl.org)

Submitted by dryriver
dryriver writes: The head of police for Moscow's subway system has said stations will soon be equipped with devices that can read the data on the mobile telephones of passengers. In the July 29 edition of "Izvestia," Moscow Metro police chief Andrei Mokhov said the device would be used to help locate stolen mobile phones. Mokhov said the devices have a range of about 5 meters and can read the SIM card. If the card is on the list of stolen phones, the system automatically sends information to the police. The time and place of the alert can be matched to closed-circuit TV in stations. "Izvestia" reported that "according to experts, the devices can be used more widely to follow all passengers without exception." Mokhov said it was illegal to track a person without permission from the authorities, but that there was no law against tracking the property of a company, such as a SIM card. — Submitter's Note: What is this all about? Is it really about detecting stolen phones/SIM cards, or is that a convenient 'cover story' for eavesdropping on people's private smartphone data while they wait to ride the subway? Also — if this scheme goes ahead, how long will it be before the U.S., Europe and other territories employ 'Devices' that do this, too? How long before your local bus stop or train terminal eavesdrops on your smartphone just like in the Russian model?

Submission + - Dell's Reinvention Plan: Project Ophelia - Thumb-size PC

Submitted by IAmStrider
IAmStrider writes: "Dell has started shipping its thumb-size PC called Project Ophelia to beta testers and is preparing to ship the final product in the coming months.

Ophelia looks much like a USB stick and it can turn any screen or display with an HDMI port into a PC, gaming machine, or streaming media player. The thumb PC runs on the Android OS and once it is plugged into an HDMI port, users can run applications, play games, watch streaming movies or access files stored in the cloud.

Priced at about $100, Dell hopes Ophelia will be an inexpensive alternative to PCs, whose shipments are falling with the growing adoption of tablets and smartphones. With more data now being stored in the cloud, Dell hopes the idea of a keychain PC will catch on, especially for those who do most of their computing on the Web."

This looks to be in direct competition to the planned Google Chromecast.

Submission + - GMO Oranges? Altering a Fruit's DNA to Save it (nytimes.com)

Submitted by biobricks
biobricks writes: NY Times story says the Florida orange crop is threatened by an incurable disease and traces the efforts of one company to insert a spinach gene in orange trees to fend it off. Not clear if consumers will go for it though.

Submission + - UPDATED EDIT: A Circular New York City Subway Map to Straighten Things Out (vice.com)

Submitted by Daniel_Stuckey
Daniel_Stuckey writes: The U.K.'s Max Roberts, a mapmaker and critic, has created a map that sees this problem and then solves it by adopting a similar distortion strategy to the MTA map, but to a far greater degree. The map heads in the direction of a diagram and away from a map representing features. It may be the most lucid reinterpretation of the New York City subway map I've seen yet.

Submission + - Wood nanobattery could be green option for large-scale energy storage (gizmag.com)

Submitted by cylonlover
cylonlover writes: Li-ion batteries may be ok for your smartphone, but when it comes to large-scale energy storage, the priorities suddenly shift from compactness and cycling performance (at which Li-ion batteries excel) to low cost and environmental feasibility (in which Li-ion batteries still have much room for improvement). A new "wood battery" could allow the emerging sodium-ion battery technology to fit the bill as a long-lasting, efficient and environmentally friendly battery for large-scale energy storage.

Submission + - Employers Switching from Payroll Checks to Prepaid Cards with Fees 1

Submitted by Anonymous Coward
An anonymous reader writes: The New York Times reports a growing number of American workers are being paid by prepaid "payroll card." The cards often have fees attached to basic services like making a cash withdrawal or for inactivity. Some employees report that the employers pay by card by default, with paperwork barriers to opting out, and some report that their employers refuse to pay them by check or direct deposit. The issuing banks pitch the cards to employers as a cost-cutting payroll alternative, and sometimes even offer a financial reward for each employee they sign up.

Submission + - Write on the Sidewalks, Go To Jail (truth-out.org)

Submitted by Frosty Piss
Frosty Piss writes: Jeff Olson is being persecuted for thirteen counts of vandalism stemming from an expression of political protest that involved washable children's chalk on a City sidewalk. He has no previous criminal record. A San Diego Judge placed an unprecedented gag order on a misdemeanor trial — in particular muzzling Olson. But it also apparently included witnesses, the jury and others. Judge Howard Shore also chastised the Mayor of San Diego, Bob Filner. In the judge's eyes, the mayor had the temerity to call the trial of Olson a waste of time and taxpayer money. It is alleged that the San Diego city attorney is prosecuting this case at the beheist of the Bank of America after Olson scrawled anti-big bank messages in front of three Bank of America branches water soluble chalk

Submission + - New Zealand ISP offers 'global mode' so users can circumvent geo-restrictions (brw.com.au)

Submitted by Anonymous Coward
An anonymous reader writes: Many content sites restrict access from different markets or have variable pricing for downloads in different markets. New Zealand-based ISP Slingshot is now offering a 'global mode' that lets customers hide their location. This means they can access overseas online services that would normally be restricted to specific markets.

Comment Re:Is the science repeatable? (Score 2) 69

It looks like it was a difficult accomplishment:
They also combined DNA sequencing techniques to get maximum DNA coverage — using routine next-generation sequencing with single-molecule sequencing in which a machine directly reads the DNA without the need to amplify it up which can lose some DNA sequences. [1]
Such genetic puzzle assembly generally includes multiple samples from each part of the genome, sometimes as many as five or 10. In this case, the so-called coverage was just 1.12. [2]
"We sequenced 12 billion DNA molecules, of which 40 million [were of] horse origin," said Orlando. "There was a bit of horse DNA in an ocean of microbial DNA." [3]
[1]http://www.nature.com/news/first-horses-arose-4-million-years-ago-1.13261
[2]http://www.latimes.com/news/science/la-sci-ancient-horse-genome-20130627,0,2514595.story
[3]http://news.nationalgeographic.com/news/2013/06/130626-ancient-dna-oldest-sequenced-horse-paleontology-science/

Submission + - LAN games now requires $5000 permit from Swedish Gaming Board (google.se)

Submitted by Xemu
Xemu writes: In Sweden, a recent judgement from the Supreme Administrative Court, has declared that anyone arranging a LAN game must seek permission from the Swedish Gaming Board. Such a permission carries a 35 kSEK (5000 USD) administrative fee. Failure to register your LAN game with the authorities may result in penalties, and a criminal record, preventing a young gamer from getting a driver's license, US work visa and potentially causing problems with employers with strict hire policies.

Comment Re:The equipment isn't the story (Score 4, Interesting) 316

by only_human (#43890421) Attached to: Chicago Sun Times Swaps iPhone Training For Staff Photographers

The real story is that they want their P/L to look better Right Now because:
"Some 40 parties have expressed interest in acquiring some or all of Tribune Co.’s newspapers, according to sources close to the situation. The Chicago-based media company hired investment bankers in February to manage inquiries for its eight daily newspapers, including the Chicago Tribune and Los Angeles Times."
http://www.chicagotribune.com/business/breaking/chi-tribune-company-20130515,0,1793743.story

Submission + - Microsoft funding patent troll .. (groklaw.net)

Submitted by Anonymous Coward
An anonymous reader writes: Some days $30 million seems like a lot of money, and other days it's just a bit of a letdown. Vringo is a once-upon-a-time ringtone company that's now basically a holding company for search patents dating back to the Lycos days, and it used those patents to sue Google. In November, a federal jury found that the patents were infringed, but Google should pay just $30 million, far less than the nearly $700 million it was seeking.

Investors had big dreams for Vringo, but that too-small payday, combined with an assurance of a lengthy appeal by Google, has left the stock price disappointingly stagnant.

In January Vringo unveiled its wholly predictable backup plan—sue the one other viable search engine, Microsoft's Bing. Now that case has settled for $1 million, plus five percent of whatever Google ultimately pays, according to a Vringo regulatory filing yesterday...

The five percent addendum is an interesting twist to this early settlement. One has to wonder if Microsoft really fought very hard. The company has effectively paid $1 million for an "option" to see its chief competitor hurt 20 times as bad as it is.

The settlement also provides for Microsoft to transfer six patents to I/P engine, the patent-holding subsidiary of Vringo. "The assigned patents relate to telecommunications, data management, and other technology areas," stated Vringo in its filing.

Slashdot Top Deals

A language that doesn't affect the way you think about programming is not worth knowing.

Close