zellfaze - Slashdot User

Submission + - Trust is for Suckers: Lessons from the RSA Breach (securityweek.com)

Submitted by wiredmikey on Friday June 24, 2011 @12:17PM

wiredmikey writes: Andrew Jaquith has written a great analysis of lessons learned from the recent RSA Cyber Attack, from a customer’s perspective.

According to Jaquith, in the security industry, “trust” is a somewhat slippery term defined in terms ranging from the cryptographic to the contractual. Bob Blakley, a Gartner analyst and former chief scientist of Tivoli, once infamously wrote that “Trust is for Suckers.” What he meant by that is that trust is an emotional thing, a fragile bond whose value transcends prime number multiplication, tokens, drug tests or signatures — and that it is foolish to rely too much on it.
Jaquith observed three things about the RSA incident: (1) even the most trusted technologies fail; (2) the incident illustrates what “risk management” is all about; and (3) customers should always come first. Here Jaquith reviews each of these in detail.

Submission + - 'John The Ripper' Gets A Face-Lift (techweb.com)

Submitted by

Batblue

on Friday June 24, 2011 @11:29AM

Batblue writes: "One of the industry's first open-source password-cracking tools just got a big boost in power and performance with sponsorship from Rapid7, which also plans to more tightly integrate the so-called John the Ripper tool with Metasploit.

Alexander Peslyak, founder and CTO of Openwall, which created John the Ripper, says the password security-auditing tool is now nearly 20 percent faster at cracking Data Encryption Standard (DES)-based password hashes — a major improvement to the hacking tool.

That means a major decrease in the time and effort to validate whether passwords are following company policy for strength, for instance. Openwall also is offering via open source the method by which it sped up this process, using more optimal "S-box expressions," which are basically substitution tables used in calculations. The organization came up with a faster and more efficient way to perform these calculations."

Submission + - Chatting with LulzSec - A Protocol (futurezone.at)

Submitted by Anonymous Coward on Friday June 24, 2011 @10:57AM

An anonymous reader writes: Austrian IT portal futurezone.at managed to get hold of one of the active LulzSec members in IRC chats. Over the course of four days reporter Sarah Kriesche chatted with a guy, who seems to be well respected among the group. During the talks she found out more about the motivation of the group and their goals they want to achieve. The LulzSec guy made clear to her that "there are no lines we won`t cross unless its obvious shit like children etc". Also, he didn't show a lot of sympathy for gamers, concerning the latest hacks.

The article is in German, the chat logs are unchanged in English, though... Also, if you want to read it through Google Translate, you find the article here:
http://translate.google.com/translate?js=n&prev=_t&hl=de&ie=UTF-8&layout=2&eotf=1&sl=de&tl=en&u=http%3A%2F%2Ffuturezone.at%2Fnetzpolitik%2F3741-chatten-mit-lulzsec-ein-protokoll.php

Submission + - Police share Intelligence on innocent people (backup-technology.com)

Submitted by doperative on Friday June 24, 2011 @09:46AM

doperative writes: Logica have worked alongside The National Policing Improvement Agency (NPIA) to develop a new database which allows Police departments across England and Wales to share intelligence relating to crime ..

Advocates of the new database retort by arguing that it is the nature of police work which makes it essential to hold the records of innocent people ..

In total around 12,000 authorised officers will have access with secure access controls acting to ensure that only role relevant information can be searched.

Submission + - FBI "stole" our server, says Instapaper

Submitted by nk497 on Friday June 24, 2011 @05:02AM

nk497 writes: Website Instapaper has accused the FBI of stealing its server, after it went offline following a raid at hosting company DigitalOne. "As far as I know, my single DigitalOne server was among those taken by the FBI (which I’m now calling “stolen” since I assume it was not included in the warrant)," said founder Marco Arment. The server has since been returned, but Arment is still moving his service away from DigitalOne: "I’m not convinced that they did everything they could to prevent the seizure of non-targeted servers, and their lack of proactive communication with the affected customers is beneath the level of service I expect from a host."

Submission + - Oracle Patent Case Against Google Weakening (itworld.com)

Submitted by

jfruhlinger

on Wednesday June 22, 2011 @02:01PM

jfruhlinger writes: "If Oracle thought that they'd wave their vague Java patents around get licensing money from Google and other vendors in perpetuity, they may have another thing coming. The judge in the case seems skeptical of many of Oracle's claims, and indeed some of the patents at the heart of the suit are being re-examined — and rejected."

Submission + - Do Cities Cause Schizophrenia? (sciencemag.org)

Submitted by sciencehabit on Wednesday June 22, 2011 @01:26PM

sciencehabit writes: City dwellers worldwide enjoy several advantages over their rural compatriots, including, on average, better job prospects and better access to food and health care (not to mention nightlife). At the same time, city living can be stressful, and studies have found that mental health problems, such as schizophrenia, depression, and anxiety disorders, are more common in urbanites. Now, researchers have taken a crack at understanding this connection by looking for differences in how the brains of people from urban and rural environments react to certain kinds of stress. The team found that the bigger the city someone currently lives in, the more amygdala activity he or she exhibits during social stress, which could predispose to schizophrenia, depression, and other disorders.

Submission + - Defeating Skype Encryption Without a Key (securityweek.com)

Submitted by wiredmikey on Wednesday June 22, 2011 @12:22PM

wiredmikey writes: Researchers have found a novel way to decrypt Skype conversations without ever knowing the encryption key. This particular attack has its roots in linguistics. The researchers liken it to how infants break up speech into words without hearing actual pauses and word divisions within a sentence.

The researchers used an attack, dubbed “Phonotactic Reconstruction”, in their research paper, amusingly subtitled “Hookt on Fon-iks,” to predict clear text words from encrypted sequences. What they did was segment sequences of the VoIP packets into sub-sequences mapped into candidate words, then, based on rules of grammar, hypothesized these sub-sequences into whole sentences. In other words, they were able to reconstruct the conversation by guessing and predicting the original sounds used within the original Skype conversation.

Submission + - Ask Slashdot:How to I not get other people's email

Submitted by vrimj on Wednesday June 08, 2011 @11:09AM

vrimj writes: vrimj writes "I have a common enough first name lastname combination that I sometimes get other peoples email at my firstname.lastname@gmail.com account.

It isn't a big deal if it is a person, I let them know, they fix it.

The big problem I am having is with companies and websites. These emails are often no reply which means I can't send back a quick note.

I got someone's credit card bills for three months before I realized there was nothing for it but calling the company (I tried a couple of emails first).

Recently got a notice about someone's kid signing up for a website. I don't have any but to hit the response and tell them that I first have to say I am that kids parent or guardian. I didn't know where to go from there.

Today I get an invoice from a cable company, it is for a different state. I can't reply. I go to the online support, they tell me my only choice is to call the sales office. I gave in for the bank but I am not talking to someone else's cable company.

Is there any way to make emails to an improperly formatted gmail address bounce or do something else obvious? Is there a technical solution I am overlooking.

I doesn't happen that often but it is an increasing PITA with no reply email addresses. I hate just setting up a filter because that cuts off these other people who made a typo or had someone not enter something correctly, but it is looking like the best choice.

It isn't spam, but it isn't my meat."

Submission + - Slashdot discount for Foresight@Google, June 25-26 (foresight.org)

Submitted by Anonymous Coward on Wednesday May 18, 2011 @04:03PM

An anonymous reader writes: Nanodot's parent organization Foresight Institute cordially invites Slashdot folks to use the code SLASHDOT to get $50 off this upcoming tech conference:

FORESIGHT@GOOGLE
25th Anniversary Conference Celebration & Reunion Weekend
Google HQ in Mountain View, CA
June 25-26, 2011
http://www.foresight.org/reunion

Topics are emerging tech with special emphasis on transformative nanotech.

A rockstar lineup of speakers include:
BARNEY PELL, PhD — Cofounder/CTO of Moon Express making robotic lunar landers
WILLIAM ANDREGG — Founder/CEO of Halcyon Molecular
PAUL SAFFO, PhD — Renowned tech forecaster and strategist
LUKE NOSEK — CoFounder of Paypal, Partner at the Founders Fund
SIR FRASER STODDART, PhD — Knighted creator of molecular "switches"
THOMAS THEIS, PhD — IBM's Director of Physical Sciences
Keynote JIM VON EHR — Founder/President of Zyvex, the world's first successful molecular nanotech company

Comments, including by Hemos, on previous meetings in this series: http://www.foresight.org/SrAssoc/Comments/

Submission + - Budweiser Wants Dudes to Stop Shaving (ecouterre.com) 3

Submitted by fangmcgee on Wednesday May 18, 2011 @02:15PM

fangmcgee writes: Men of America, back away from the shaving cream. Budweiser wants you to conserve 1 million gallons of water by eschewing your razors until World Environment Day on June 5. With the “Grow One, Save a Million” campaign on Facebook, brewski lovers can pledge to save an average of 5 gallons of agua per shave simply by doing nothing.

Submission + - Researchers broke x86 Virtual Machine isolation (blogspot.com)

Submitted by northox on Monday May 16, 2011 @12:34PM

northox writes: Invisible Things Lab has found a very critical security hole in the x86 architecture. They found a way to abuse the virtualization architecture when a physical device as been assign to a guest VM (PCI passthrough) and gain complete access of the hypervisor (i.e. completely bypassing the isolation layer of any hypervisor (e.g. XEN, VMware, etc)). The actual vulnerability is in the VT-d implementation and the exploit use software interrupts (MSI). The solution is to use "Interrupt Remapping" technology which is only available in the very latest Sandy Bridge processors.

Submission + - Do Developers Really Need A Second Monitor? (earthweb.com)

Submitted by

jammag

on Monday May 16, 2011 @11:36AM

jammag writes: "It was an agonizing moment: a developer arrived at work to realize his second monitor had been taken (given to the accounting dept., to add insult to injury). Soon, the wailing and the gnashing of teeth began. As this project manager recounts, developers feel strongly — very strongly — about needing a second monitor (maybe a third?) to work effectively. But is this just the posturing of pampered coders, or is this much screen real estate really a requirement for today's developers?"

Submission + - What is the Top Open Source License? (internetnews.com)

Submitted by darthcamaro on Monday May 16, 2011 @10:54AM

darthcamaro writes: Ok, this is an obvious question right? It has to be GPL? No? Not necessarily. A new study released today at the OSBC shows a difference between what open source licenses are used and which ones are included in the top downloaded projects. 68.9 percent of open source software packages use the GPL, however measured by downloads the top open source license is the Apache License at 32.7 percent. The LGPL came in second at 21.0 percent and GPL is third at 14.4 percent.

Submission + - Open Sourceing and Patents

Submitted by Anonymous Coward on Saturday May 14, 2011 @08:23AM

An anonymous reader writes: A programming buddy and I have cooked up an experimental graphics algorithm (a "2D image processing algorithm" to be precise) that we believe could prove quite useful to people working in a number of different fields if we were to open source it under a GPL license. But there is a small hitch. While we R&D'd every line of the algorithm from zero, putting in 100s of hours of exhausting trial & error and experimentation over a number of months to get it working correctly, we don't know what its "patent compliance status" is. Neither one of us is particularly skilled at reading and understanding what are often highly technical and obscurely worded image processing patents. And there are thousands of them scattered across many different patent databases, filed under all sorts of titkes — i.e. we don't even know WHERE TO START LOOKING to check if our algo overlaps with one or more existing imaging patents.

If we were to open source our graphics algorithm without knowing for certain whether it violates some other person's — or worse — some large, well endowed and potentially "agressively protective" commercial entity's image processing patents, can this bounce back to harm us? i.e. could we get sued for "loss of business" or similar because our "crafted-from-zero" open source graphics algo happens, by chance, to overlap with some 5 or 10 year old patent that we didn't see, didn't understand fully, or didn't realize existed in the first place because its filed under some obscure field (e.g. 'Method for detecting x type edges in y type CMOS images — or — Method for recognizing and removing z type pixel artifacts from x-y-z type medical MR images')?

If you were in our shoes, i.e. strongly wanting to open source a neat 2D graphics algorithm so other people can benefit from it, but uncertain what its patents status is, how would you proceed?

Slashdot Top Deals