Comment Re:Biased Wording (Score 2) 312
Believe it or not, but slashdot is actually reachable all over the world thanks to this Internet-thingie!
Submission + - New Attack Breaks Security Model of SSL (threatpost.com)
Trailrunner7 writes: Two researchers have developed a new attack on TLS 1.0/SSL 3.0 that enables them to decrypt client requests on the fly and hijack supposedly confidential sessions with sensitive sites such as online banking, e-commerce and payment sites. The attack breaks the confidentiality model of the protocol and is the first known exploitation of a long-known flaw in TLS, potentially affecting the security of transactions on millions of sites.
The researchers use what's known as a block-wise chosen-plaintext attack against the AES encryption algorithm that's used in TLS/SSL. In order to execute their attack, researchers Juliano Rizzo and Thai Duong use a new tool they developed called BEAST (Browser Exploit Against SSL/TLS) against a victim who is on a network on which they have a man-in-the-middle position. Once a victim visits a high-value site, such as PayPal, that uses TLS 1.0, and logs in and receives a cookie, they inject the client-side BEAST code into the victim's browser. This can be done through the use of an iframe ad or just loading the BEAST JavaScript into the victim's browser.
The same researchers developed the padding oracle attack against ASP.NET apps last year that required an emergency patch from Microsoft.
The researchers use what's known as a block-wise chosen-plaintext attack against the AES encryption algorithm that's used in TLS/SSL. In order to execute their attack, researchers Juliano Rizzo and Thai Duong use a new tool they developed called BEAST (Browser Exploit Against SSL/TLS) against a victim who is on a network on which they have a man-in-the-middle position. Once a victim visits a high-value site, such as PayPal, that uses TLS 1.0, and logs in and receives a cookie, they inject the client-side BEAST code into the victim's browser. This can be done through the use of an iframe ad or just loading the BEAST JavaScript into the victim's browser.
The same researchers developed the padding oracle attack against ASP.NET apps last year that required an emergency patch from Microsoft.
Submission + - Stephen Fry and DVD Jon back USB Sniffer Project (kickstarter.com)
An anonymous reader writes: bushing and pytey of the iPhone DevTeam and Team Twiizers have created a Kickstarter project to fund the build of an open-source/open-hardware high-speed USB protocol analyzer. The board features a high-speed USB 2.0 sniffer that will help with the reverse engineering of proprietary USB hardware, the project has gained the backing from two high-profile individuals Jon Lech Johansen (DVD Jon) and Actor and Comedian Stephen Fry
Comment Re:Six months from now (Score 1) 280
Well, I've heard operators think that getting rid of the top tier customers is a good thing, since that means that the other customers would have more bandwidth to play with, and the can postpone investments in network upgrades (and node splits)
Comment Re:Dissappointed. (Score 2, Interesting) 251
Well, since the report is provided by Arbor, whom bought the DPI vendor Ellacoya some time ago, we can probably pretty safely say that changing the port doesn't matter.
Comment Re:This has been envisioned for quite a while... (Score 1) 282
That's a good point. The negative side of it is that most of the P2P apps always sets the highest prio, so it doesn't work very well anyway.
Look at the traffic with DPI is unfortunately the only way to be sure of what apps has which DSCP flag, and even enables you to rewrite this flag to match what you really think the particular app should have in your (as in the ISP's) part of the network.
Submission + - Apple Developer Conference: Leopard is Glimpsed (earthweb.com)
jammag writes: "John Welch reports from this past weekend's Apple Worldwide Developer Conference. He talks about the Leopard interface and functionality, Parallels, VMWare, and the new terminal server application for OS X. Some cool stuff. Oddly enough, he even sees some improvement in the Microsoft Mac Business Unit."
