Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Submission + - Hacker Set to Demonstrate 60 Second BRINKS Safe Hack at DEFCON (eweek.com)

Submitted by darthcamaro
darthcamaro writes: Ok so we know that Chrysler cars will be hacked at Black Hat, Android will be hacked at DEFCON with Stagefright, and now word has come out that a pair of security researchers plan on bringing a BRINKS safe onstage at DEFCON to demonstrate how it can be digitally hacked. No this isn't some kind of lockpick, but rather a digital hack, abusing the safe's exposed USB port. And oh yeah, it doesn't hurt that the new safe is running Windows XP either.

Submission + - EU new VAT regulation ends up helping Amazon (theguardian.com)

Submitted by Taco Cowboy
Taco Cowboy writes: Last year the EU passed a new legislation which was supposed to punish entities such as Amazon (which has its EU base in Belgium and thus not paying appropriate taxes in other EU countries) but ironically the same legislation which comes into effect 1st Jan of this year ends up helping Amazon

Microbusinsses (small shops dotted around the EU countries) simply couldn't cope with the complication of having to comply with each and every kind of VAT regulation in each and every EU country (plus local version of VATs)

Most of the microbusinesses may end up shutting their digital businesses, and those who hang on, opted to sell their wares on sites such as E-Bay or Amazon — the very entities the new EU regulation tried to punish

Submission + - Cold War, NSA, GCHQ and Encryption (bbc.com)

Submitted by Taco Cowboy
Taco Cowboy writes: In the 1980s, the historian James Bamford was researching his book The Puzzle Palace about the US National Security Agency (NSA) and came across references to the "Boris project" in papers written by William F Friedman, the founding father of code-breaking in America. The "Boris project' details a secret agreement between Boris Hagelin, the founder of Crypto AG, a Switzerland company which sold Enigma-like machines to nations and spy agencies around the world, and NSA

Upon learning of Mr. Bamford's discovery the NSA promptly had the papers locked up in a vault

In 1995, journalist Scott Shane, then at the Baltimore Sun, found indications of contacts between the company and the NSA in the 1970s, but the company said claims of a deal were "pure invention"

The new revelations of a deal do not come from a whistleblower or leaked reports, but are buried within 52,000 pages of documents declassified by the NSA itself this April and investigated by the BBC

The relationship was based on a deep personal friendship between Hagelin and Friedman, forged during the War. The central document is a once top-secret 22-page report of a 1955 visit by Friedman to Zug in Switzerland, where Crypto AG was based

Some elements of the memo have been redacted — or blacked out — by the NSA. But within the released material, are two versions of the same memo, as well as a draft

Each of the versions has different parts redacted. By placing them side by side and cross referencing with other documents, it is possible to learn many — but not all — details. The different versions of the report make clear Friedman — described as special assistant to the director of NSA — went with a proposal agreed not just by US, but also British intelligence

http://ichef.bbci.co.uk/news/4...

Friedman offered Hagelin time to think his proposal over, but Hagelin accepted on the spot

The relationship, initially referred to as a "gentleman's agreement", included Hagelin keeping the NSA and GCHQ informed about the technical specifications of different machines and which countries were buying which ones. The provision of technical details "is a revelation of the first order," says Paul Reuvers, an engineer who runs the Crypto Museum website

"That's extremely valuable. It is something you would not normally do because the integrity and secrecy of your own customer is mandatory in this business"

The key to breaking mechanical encryption machines — such as Enigma or those produced by Hagelin — is to understand in detail how they work and how they are used. This knowledge can allow smart code breakers to look for weaknesses and use a combination of maths and computing to work through permutations to find a solution. In one document, Hagelin hints to Friedman he is going to be able "to supply certain customers" with a specific machine which, Friedman notes, is of course "easier to solve than the new models"

Previous reports of the deal suggested it may have involved some kind of backdoor in the machines, which would provide the NSA with the keys. But there is no evidence for this in the documents (although some parts remain redacted)

Rather, it seems the detailed knowledge of the machines and their operations may have allowed code-breakers to cut the time needed to decrypt messages from the impossible to the possible

The relationship also involved not selling machines such as the CX-52, a more advanced version of the C-52 — to certain countries. "The reason that CX-52 is so terrifying is because it can be customised," says Prof Richard Aldrich, of the University of Warwick. "So it's a bit like defeating Enigma and then moving to the next country and then you've got to defeat Enigma again and again and again"

Some countries — including Egypt and India — were not told of the more advanced models and so bought those easier for the US and UK to break

In some cases, customers appear to have been deceived. One memo indicates Crypto AG was providing different customers with encryption machines of different strengths at the behest of Nato and that "the different brochures are distinguishable only by 'secret marks' printed thereon"

Historian Stephen Budiansky says: "There was a certain degree of deception going on of the customers who were buying [machines] and thinking they were getting something the same as what Hagelin was selling everywhere when in fact it was a watered-down version"

Among the customers of Hagelin listed are Egypt, Iraq, Saudi Arabia, Syria, Pakistan, India, Jordan and others in the developing world

In the summer of 1958, army officers apparently sympathetic to Egyptian President Gamal Abdel Nasser overthrew the regime in Iraq. Historian David Easter, of King's College, London, says intelligence from decrypted Egyptian communications was vital in Britain being able to rapidly deploy troops to neighbouring Jordan to forestall a potential follow-up coup against a British ally

The 1955 deal also appears to have involved the NSA itself writing "brochures", instruction manuals for the CX-52, to ensure "proper use". One interpretation is these were written so certain countries could use the machines securely — but in others, they were set up so the number of possible permutations was small enough for the NSA to crack

In a statement, a GCHQ spokesman said the agency "does not comment on its operational activities and neither confirms nor denies the accuracy of the specific inferences that have been drawn from the document you are discussing"

The NSA also declined to comment on the specific conclusions

Submission + - Voyager's Golden Record For Aliens Now Available On SoundCloud

Submitted by Anonymous Coward
An anonymous reader writes: For years you've been able to listen to the sounds recorded on the golden records carried by the twin Voyager spacecraft online but NASA just made it a bit easier. The orginization just uploaded the recordings to SoundCloud. Now you can listen to a continuous stream of clips instead of clicking back and forth to hear the different tracks.

Submission + - Michael Chertoff Makes the Case against Back Doors

Submitted by koan
koan writes: Schneier on Security had an interesting link to a comment made by Michael Chertoff When asked about whether the government should be able to require back doors. He provided this response:

I think that it’s a mistake to require companies that are making hardware and software to build a duplicate key or a back door even if you hedge it with the notion that there’s going to be a court order. And I say that for a number of reasons and I’ve given it quite a bit of thought and I’m working with some companies in this area too.

More at the link. https://www.emptywheel.net/2015/07/26/michael-chertoff-makes-the-case-against-back-doors/

Submission + - Air-Gapped computer hacked (again) (wired.com)

Submitted by Anonymous Coward
An anonymous reader writes: Researchers from Ben Gurion University managed to extract GSM signals from air gapped computers, they demonstrates password extraction using this technique.

Submission + - German scientists confirm NASA results of propellantless 'impossible' EM drive (examiner.com)

Submitted by MarkWhittington
MarkWhittington writes: Hacked Magazine reported that a group of German scientists believe that they have confirmed that the EM Drive, the propulsion device that uses microwaves rather than rocket fuel, provides thrust. The experimental results are being presented at the American Institute for Aeronautics and Astronautics' Propulsion and Energy Forum in Orlando by Martin Tajmar, a professor and chair for Space Systems at the Dresden University of Technology. Tajmar has an interest in exotic propulsion methods, including one concept using “negative matter.”

Submission + - Could some vaccines make diseases more deadly? (sciencemag.org)

Submitted by sciencehabit
sciencehabit writes: Vaccines save millions of lives every year by teaching our immune systems how to combat certain viruses or bacteria. But a new study suggests that, paradoxically, they could sometimes teach pathogens to become more dangerous as well. The study is controversial. It was done in chickens, and some scientists say it has little relevance for human vaccination; they worry it will reinforce doubts about the merits or safety of vaccines. It shouldn't, says lead author Andrew Read, a biologist at Pennsylvania State University, University Park: The study provides no support whatsoever for the antivaccine movement. But it does suggest that some vaccines may have to be monitored more closely, he argues, or supported with extra measures to prevent unintended consequences.

Submission + - Honeywell Home Controllers Open to Any Hacker Who Can Find Them Online

Submitted by Trailrunner7
Trailrunner7 writes: The accumulation of automation and Internet-connected devices in many homes these days has led observers to coin the term smart homes. But as researchers take a closer look at the security of these devices, they’re finding that what these homes really are is naive.

The latest batch vulnerabilities to hit home automation equipment are in the Tuxedo Touch controller made by Honeywell, a device that’s designed to allow users to control home systems such as security, climate control, lighting, and others. The controller, of course, is accessible from the Internet and researcher Maxim Rupp discovered that there are two vulnerabilities in the Tuxedo Touch that could allow an attacker to take arbitrary actions, including unlocking doors or modifying the climate controls in the house.

Submission + - Google Is Dropping Its Google+ Requirement Across All Products Including YouTube

Submitted by Anonymous Coward
An anonymous reader writes: Google has finally announced the Google+ news that everyone has been waiting for: Your Google+ profile will no longer be your identity in all Google products. This change will be trickling out “in the coming months,” and the first product to enjoy the change will be the one that was most negatively affected by Google’s Google+ obsession: YouTube. Bradley Horowitz, Google’s vice president of streams, photos, and sharing, says the changes are a response to user feedback: “We’ve also heard that it doesn’t make sense for your Google+ profile to be your identity in all the other Google products you use.” No shit.

Submission + - Razer Acquires Ouya Microconsole's Storefront, Technical Team (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: The Ouya Android-based gaming console was one of Kickstarter's biggest successes — and one of the biggest letdowns for all the backers. The console never really took off, and the company behind it has limped along over the past couple years. Until today. Razer has now acquired the Ouya technical team, as well as their online storefront — but not the console hardware itself. Razer intends to dump of all these new resources into its Forge TV product, also an Android game console. "Razer went so far as to kick a little sand in the face of the little-console-that-couldn't—by advertising its own Forge microconsole as a 'more advanced' system and telling Ouya owners that they will receive 'a clear path of migration' to buy the company's current $100, AndroidTV-compatible box." The fate of Ouya's hardware is not explicitly mentioned, but the news article suggests it is simple "discontinued."

Submission + - Trillion-Dollar World Trade Deal Aims To Make IT Products Cheaper (itworld.com)

Submitted by itwbennett
itwbennett writes: A new (tentative) global trade agreement, struck on Friday at a World Trade Organization meeting in Geneva, eliminates tariffs on more than 200 kinds of IT products, ranging from smartphones, routers, and ink cartridges to video game consoles and telecommunications satellites. A full list of products covered was published by the Office of the U.S. Trade Representative, which called the ITA expansion 'great news for the American workers and businesses that design, manufacture, and export state-of-the-art technology and information products, ranging from MRI machines to semiconductors to video game consoles.' The deal covers $1.3 trillion worth of global trade, about 7 percent of total trade today.

Submission + - Debian Drops SPARC Platform Support

Submitted by jones_supa
jones_supa writes: As SPARC isn't exactly the most alive architecture anymore, Debian operating system is dropping support for the platform, told Joerg Jaspert last week in the "debian-sparc" mailing list. He noted that this does not block a later comeback as "sparc64". Following that announcement, a recent one tells us that SPARC support was just removed from the unstable, experimental and jessie-updates channels.

Submission + - Musk, Woz, Hawking, and Robotics/AI Experts Urge Ban on Autonomous Weapons (cnet.com)

Submitted by Anonymous Coward
An anonymous reader writes: An open letter published by the Future of Life Institute urges governments to ban offensive autonomous weaponry. The letter is signed by high profile leaders in the science community and tech industry, such as Elon Musk, Stephen Hawking, and Steve Wozniak. It's also signed — more importantly — but literally hundreds of expert researchers in robotics and AI. They say, "The key question for humanity today is whether to start a global AI arms race or to prevent it from starting. If any major military power pushes ahead with AI weapon development, a global arms race is virtually inevitable, and the endpoint of this technological trajectory is obvious: autonomous weapons will become the Kalashnikovs of tomorrow. Unlike nuclear weapons, they require no costly or hard-to-obtain raw materials, so they will become ubiquitous and cheap for all significant military powers to mass-produce."

Slashdot Top Deals

If all else fails, lower your standards.

Close