Submission Summary: 0 pending, 22 declined, 3 accepted (25 total, 12.00% accepted)
Submission + - Breaking Nintendo WII system security (thedailywtf.com)
El_Oscuro writes: On Thedailywtf.com,
Hector just wanted to see what he could do with the Wii. And when he first took a look under the hood, he started with the usual approach — he started poking through Wii game discs. On every disc he tried, the entire contents were encrypted with secure RSA-2048 and SHA-1. The second place he looked — game saves — were signed using elliptic curve cryptography. Nintendo clearly wasn't going to make this easy.
It looked hopeless. That is, until someone looked at the core function via a disassembler that performed the RSA and SHA-1 verification. Hector provided this pseudocode for the check function:
bool is_valid_signature(byte signature[256], byte public_key[256], byte content_sha1[256]) {
byte decrypted_signature[256];
decrypt_rsa(signature, public_key, decrypted_signature);
if(strncmp(content_sha1, decrypted_signature + 236, 20) == 0)
return 1;
else
return 0;
}
Hector just wanted to see what he could do with the Wii. And when he first took a look under the hood, he started with the usual approach — he started poking through Wii game discs. On every disc he tried, the entire contents were encrypted with secure RSA-2048 and SHA-1. The second place he looked — game saves — were signed using elliptic curve cryptography. Nintendo clearly wasn't going to make this easy.
It looked hopeless. That is, until someone looked at the core function via a disassembler that performed the RSA and SHA-1 verification. Hector provided this pseudocode for the check function:
bool is_valid_signature(byte signature[256], byte public_key[256], byte content_sha1[256]) {
byte decrypted_signature[256];
decrypt_rsa(signature, public_key, decrypted_signature);
if(strncmp(content_sha1, decrypted_signature + 236, 20) == 0)
return 1;
else
return 0;
}
Submission + - What makes shitty software? (slashdot.org)
El_Oscuro writes: Another slashdot poster submitted a comment with examples of bad software. Since this is something every slashdotter experiences on a daily basis, this should be a basis for a poll or an article. There is no FA. Not that it matters; nobody reads them anyway. :) Let the flame wars begin!
Submission + - You pwn it, you own it (cansecwest.com)
El_Oscuro writes: CanSecWest Vancouver 2008 is having their second PWN2OWN contest.
Three targets, all patched. All in typical client configurations with typical user configurations. You hack it, you get to keep it.
Each has a file on them and it contains the instructions and how to claim the prize.
Targets (typical road-warrior clients):
Happing hunting! I wonder which will pwned first?
Three targets, all patched. All in typical client configurations with typical user configurations. You hack it, you get to keep it.
Each has a file on them and it contains the instructions and how to claim the prize.
Targets (typical road-warrior clients):
- VAIO VGN-TZ37CN running Ubuntu 7.10
- Fujitsu U810 running Vista Ultimate SP1
- MacBook Air running OSX 10.5.2
Happing hunting! I wonder which will pwned first?
Submission + - Pirates crack Vista at last (apcmag.com) 5
El_Oscuro writes: A genuine crack for Windows Vista has just been released by pirate group Pantheon, which allows a pirated, non-activated installation of Vista (Home Basic/Premium and Ultimate) to be properly activated and made fully-operational. It seems that Microsoft has allowed large OEMs like ASUS to ship their products with a pre-installed version of Vista that doesn't require product activation — apparently because end users would find it too inconvenient. The question, how can I do this with XP?
Submission + - Two Linux stories in The Washington Post
El_Oscuro writes: In todays business section of The Washington Post, there were two stories which referenced Linux. The first one is a piece about Windows Vista after 1 year, and article can be summarized by: "Windows Vista after one year: meh." This article is interesting because it is something an average Windows XP user would understand, and also mentions Linux and OS-X as alternatives. It is the first time I have read about the Linux alternative in a mainstream dead tree newspaper.
The second article is about Future Combat Systems, a major US Army program for battlefield communications which will run Linux. From TFA:
"Another software difficulty is the operating system, which is being developed by Boeing. The System-of-Systems Common Operating Environment, or SOSCOE, is supposed to be like Windows, the world's dominant operating system, only better.
"Boeing and the Army said they chose not to use Microsoft's proprietary software because they didn't want to be beholden to the company. Instead, they chose to develop a Linux-based operating system based on publicly available code.
"Microsoft, which does substantial business with the military, declined to comment.
The second article is about Future Combat Systems, a major US Army program for battlefield communications which will run Linux. From TFA:
"Another software difficulty is the operating system, which is being developed by Boeing. The System-of-Systems Common Operating Environment, or SOSCOE, is supposed to be like Windows, the world's dominant operating system, only better.
"Boeing and the Army said they chose not to use Microsoft's proprietary software because they didn't want to be beholden to the company. Instead, they chose to develop a Linux-based operating system based on publicly available code.
"Microsoft, which does substantial business with the military, declined to comment.
Submission + - Real or fake Linux PC? Everex will know 3
El_Oscuro writes: Sure, it's a Linux box, nudge nudge, wink wink. How many users keep the Linux that vendors sell them?
PC vendors haven't been eager to know how many users run Linux when it's preloaded on their low-end PCs, and how many replace it with an infringing copy of Microsoft Windows. Everex, the latest company to introduce a low-priced desktop Linux system, will have the information, however, thanks to the software update system behind its Linux distribution.
Submission + - Slashdot topic in Apple commercial (youtube.com)
Submission + - Madonna signs all-in-one contract with Live Nation
El_Oscuro writes: Madonna is the first major artist to sign an all-in-one agreement with a tour company instead of a traditional record deal. This deal gives Live Nation rights to all her music-related projects — including new albums, tours, merchandise, websites, DVDs, sponsorship, TV shows and films.
"The paradigm in the music business has shifted and as an artist and a businesswoman, I have to move with that shift," the singer said.
"The paradigm in the music business has shifted and as an artist and a businesswoman, I have to move with that shift," the singer said.
Submission + - MS can sue SUSE users for using OOO, Wine
El_Oscuro writes: There is an article on
arstechnica about the MS/Novell agreement. The deal specifically excludes patent protection for "clone products." In the agreement, a clone product is broadly defined as "a product (or major component thereof) of a Party that has the same or substantially the same features and functionality as a then-existing product (or major component thereof) of the other Party ... and that has the same or substantially the same user interface, or implements all or substantially all of the Application Programming Interfaces of the Prior Product." The text of the clone product definition subsections is very cumbersome to read, but it specifically mentions OpenOffice, Wine, and OpenXchange by name without asserting that they are necessarily clone products.
Submission + - Those eBay ratings may not mean what you think
El_Oscuro writes: "For those of you who buy stuff on eBay, there is a new kind of scam
A seller sells lots of cheap stuff (in this case, camera memory cards) to build up a a 99.9% positive rating, then starts selling expensive items (like $700 cameras). That is when the scam starts. Once they have acquired a positive rating and the trust of buyers, they start gyping people on the expensive items.
On amazon and other sites that have reviews, somethimes the auther of a book will give his book a glowing review.
If you are buying something expensive on eBay, make sure you read the seller reviews for similar items.
<PITA>
Unfortunately, TFA makes you create an account with washingtonpost.com to read it.
</PITA>"
On amazon and other sites that have reviews, somethimes the auther of a book will give his book a glowing review.
If you are buying something expensive on eBay, make sure you read the seller reviews for similar items.
<PITA>
Unfortunately, TFA makes you create an account with washingtonpost.com to read it.
</PITA>"
