Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Comment not really that bad (Score 4, Informative) 161

by mogness (#33413204) Attached to: Hackers Eavesdrop On Quantum Crypto With Lasers
The problem isn't really with quantum encryption, it's with the technical implementation. And anyway, according to the article, they've already figured out a way to detect the hack and defeat it, so it's still pretty solid.

Makorov informed both companies of the details of the hack before publishing, so that patches could made, avoiding any possible security risk.

Submission + - Hackers blind quantum cryptographers (cccure.org)

Submitted by Martin Hellman
Martin Hellman writes: According to an article in Nature magazine, Quantum hackers have performed the first 'invisible' attack on two commercial quantum cryptographic systems. By using lasers on the systems — which use quantum states of light to encrypt information for transmission —" they have fully cracked their encryption keys, yet left no trace of the hack."

Submission + - FreedomBox: you own your social networking data

Submitted by Anonymous Coward
An anonymous reader writes: I thought the FreedomBox deserved more publicity. If it gets off the ground on a public scale (i.e. becomes idiot-friendly), it should finally change the way the masses view social networking and their presence and data online. So far, the project has done extremely well for what basically is a month's work.

It can be run from a home server or a plug box ("wall wart"). The data, obviously, is the owner's and the owner's alone.
It can also be run from any webspace, but IMO that kind of defies the point of ownership of data: if you rent webspace you don't have a 100% guarantee that no one's messing with your stuff.

The system will run GNU Social, which is Free Software.

The (proposed-but-not-mandatory-at-all) free hardware: http://foocorp.net/projects/fooplug/

The idea and vision: http://wiki.debian.org/FreedomBox
The Military

Submission + - PGP Meets The Next Dimension (jamestown.org)

Submitted by biomech
biomech writes: Quantum encryption has reportedly been developed by the PRC and offers a radical shift in secure communications from traditional encryption algorithms. Of course, the initial foreseen application involves satellite linkage and military communications, but a new era of "secure" communications has wider ramifications than something strictly military. The article also touches on the facts of improvements in computing power slowly creating obsolescence in old approaches to secure communication algorithms.

Submission + - Christine coming to a garage near you (autosec.org)

Submitted by Anonymous Coward
An anonymous reader writes: I'm looking at hacking my Honda S2000 and have been reading up on the fascinating world of vehicle communication busses. While searching around I ran across this gem of a research paper: Experimental Security Analysis of a Modern Automobile. The researchers set out to investigate the security of a vehicle bus as it relates to injuring the occupant; the result on the 2009 GM automobile: something Stephen King would be proud of. The researchers bypassed any semblance of security between components and created CarShark, a CAN-bus packet sniffer and injector with application layer support. Using CarShark they were able to set the brakes to a test mode where they would not operate and they were able to have the ECU command the ignition to be on even when the key was not in the run position; both of those modes could not be overridden by driver input. To go the extra mile they commanded the doors to repeatedly lock frustrating but not completely blocking attempts at escape. Even worse is that the researchers were able to upload new software into the OnStar unit (did you know it runs QNX?) and have it act as a bridge between the two physical networks, one with a low speed for body control information and one with a fast speed for the human-rated control data for the engine and safety systems. Using the OnStar bridge for privilege escalation the researchers could perform DoS, replay attacks, fuzzing, and arbitrary data injection attacks on the safety-critical bus. This is also not just something that happened on a bench, the researchers tested the vehicle on an unused runway to verify they could reproduce these results at speed under real operating conditions. Absolutely choice bits: an engine control module that can be commanded into software update mode while controlling a vehicle operating on a road and against the explicit advice of the protocol used for communication to the module. Challenge/request sequences that issue a challenge but disregard the response blindly accepting input for things such as firmware updates. A protocol specific security key space that can be fully searched for all devices on the car in 7 days with out requiring any modification to the vehicle and 2.5 days if you want to get items in the lab. The researchers even demonstrated a software update for the OnStar that does not disrupt it's normal operation, but once the vehicle reached 20 mph the OnStar would command the washer fluid to pump on the windshield until the car came to a stop, then the OnStar would reboot removing any trace of the modified software. Rife with details on CAN-bus, procedures on how to reverse engineer the components, and examples of bad bad bad software practices, this paper both sickens and inspires me to keep on hacking.

Comment Re:Counterfeiting is Ok. (Score 1) 283

by mogness (#33120868) Attached to: $200B Lost To Counterfeiting? Back It Up

It's like arguing that your company is broke because it has too many assets.

First of all, what I said (the US having a much higher population than Norway) is nothing like that, and are you really arguing that you think Norway would hold a $55,000 GDP/capita if they had as much land and as many people as the US? It's not a problem of more resources, it's a problem of scaling. Are you saying you think it's equally challenging for a government to manage 3.7 million sqm of real estate as it is for a government to manage 125,000? Or 300 million people as opposed to 5? You think a government fit for one task is equally fit for the other?
Let me give you a nice company analogy... That's like saying a company in charge of running a business with one corner office in Bumsville, Idaho and 12 employees would be equally fit to run a company with 1,000 employees and an office in every US state. It's just not that simple.

Comment Re:Counterfeiting is Ok. (Score 4, Insightful) 283

by mogness (#33120444) Attached to: $200B Lost To Counterfeiting? Back It Up
Like most other U.S.-bashing slashdot members, you fail to include some important facts in your comparison. For instance, population of either country. Please note...

Approximate population
Norway: 4,478,497
USA: 309,162,581
Whether your underlying point is right or wrong, I don't consider your comparison valid because of this little detail.
I would even venture as far as to say that your statement goes against your point. The fact that the US figures in your original post are so close to those of Norway even though the US has to govern almost 80x the population is actually more of a testament of an effectively scaling government. It's unlikely that the governmental system of someplace as small as Norway would meet the needs of such a large population.

Comment Not so sure Fring is the bad guy here. (Score 4, Interesting) 152

by mogness (#32884090) Attached to: Fring Calls Skype 'Cowards'; Skype Responds
According to the article:

Skype’s client does not offer many of the new iOS4 features that Fring is quick to jump on, namely video calling, background operation, and even push notifications which have been around for a long time. One could argue that Fring’s client allows Skype users to use these features with Skype, which is something that users want. Skype is notoriously slow at adopting new features such as these, and is also slow at their geographical expansion. You still cannot get a Canadian Skype-In number, but there are a host of Canadian VOIP services offering phone numbers for example.

Basically, sounds like the vanilla Skype client is not ready to adopt this technology on their iPhone apps, but Fring already has, using Skype's API. This makes Skype's devs look bad, obviously, if a third party's app is surpassing their native app on their native API. Sounds like a lot of code-dick measuring as far as I'm concerned. Unfortunately, Skype still wins if Fring violated any licensing agreements (which it seems like Skype is implying)

Comment similar experience (Score 5, Funny) 262

by mogness (#32796730) Attached to: BBC Web Slip-Up Insults Facebook Fans
Once I was debugging some code at work and added a javascript alert "The dinosaur says RAWR!" to an error case that I was trying to reproduce. Well, I fixed the error but being the smart guy I am, forgot to take out the debug code. A few months later, some erroneous data in our app started causing an exception in the same exact place where my old error debug message was. It was a real head-slapper when I got the bug report...

For client X, when loading Y, error message is displayed: "The dinosaur says RAWR!"
While this is amusing it is not the expected behavior.

Ya, it's not harmful but it was a little embarrassing. It must be really embarrassing for a web developer at a company which is so publicly visible. I feel this particular developer's pain.

Slashdot Top Deals

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Close