spydir31 - Slashdot User

Comment Re:There are some problems with it (Score 3, Interesting) 137

by spydir31 on Sunday April 22, 2012 @01:08PM (#39763697) Attached to: Anonymous, People's Liberation Front Build Anonymous Data-Sharing Site

The server operator could modify the javascript it sends to the client, so that the client sends either the key or the plaintext to a place of the operator's choosing.

That would fall under the same category as MITM in this case. You still need to trust the server (or a server, if you prefer)

You could move the client side code to a browser addon/extension, but you'd still have the problem of trusting the extension to behave

Comment Re:There are some problems with it (Score 4, Informative) 137

by spydir31 on Sunday April 22, 2012 @12:05PM (#39763175) Attached to: Anonymous, People's Liberation Front Build Anonymous Data-Sharing Site

It runs on ZeroBin, which uses client side javascript to generate a random 256bit AES key, then compress and encrypt the text before sending it to the server. Comments are also compressed and encrypted. The key is never seen by the server, so the server can't decrypt your data.

It uses the Stanford Javascript Crypto Library for its AES code, and its codebase is available on github.

The system is vulnerable to an MITM attack, also a server admin may be able to reveal the poster's identity, but not the post's content

Comment Re:Can you guess 2 4 digit numbers? (Score 1) 164

by spydir31 on Friday December 30, 2011 @12:00PM (#38538866) Attached to: Attack Tool Released For WPS Setup Flaw

Worse than than, you guess 4 digits, then guess 3 (as the last digit is a checksum)

Comment Re:Here's the full details. (Score 4, Informative) 165

by spydir31 on Monday September 26, 2011 @09:33AM (#37514686) Attached to: Aussie Researcher Cracks OS X Lion Passwords

Even better is the researchers' own blog post

Submission + - Attack Breaks Confidentiality Model of SSL (threatpost.com)

Submitted by Gunkerty Jeb on Tuesday September 20, 2011 @11:00AM

Gunkerty Jeb writes: Two researchers have developed a new attack on TLS 1.0/SSL 3.0 that enables them to decrypt client requests on the fly and hijack supposedly confidential sessions with sensitive sites such as online banking, e-commerce and payment sites. The attack breaks the confidentiality model of the protocol and is the first known exploitation of a long-known flaw in TLS, potentially affecting the security of transactions on millions of sites.

The attack, developed by Juliano Rizzo and Thai Duong, will be presented at the Ekoparty conference in Argentina on Friday, and, unlike many other attacks on TLS and SSL, it has nothing to do with the certificate trust model in the protocol. Instead, the researchers have developed a tool called BEAST that enables them to grab and decrypt HTTPS cookies from active user sessions. The attack can even decrypt cookies that are marked HTTPS only from sites that use HTTP Strict Transport Security, which forces browsers to communicate over TLS/SSL when it's available.

Submission + - Researchers announce TLS1.0 broken (theregister.co.uk) 3

Submitted by ludwigf on Tuesday September 20, 2011 @05:37AM

ludwigf writes: The plaintext-recovery attack exploits a vulnerability in TLS that has long been regarded as mainly a theoretical weakness. At the moment, [their exploit] requires about two seconds to decrypt each byte of an encrypted cookie. That means authentication cookies of 1,000 to 2,000 characters long will still take a minimum of a half hour for their PayPal attack to work.

TLS 1.1 fixes the problem but: "Actually we have worked with browser and SSL vendors since early May, and every single proposed fix is incompatible with some existing SSL applications," Duong wrote. “What prevents people is that there are too many websites and browsers out there that support only SSL 3.0 and TLS 1.0. If somebody switches his websites completely over to 1.1 or 1.2, he loses a significant part of his customers and vice versa.”

Comment Re:How can they patch this? (Score 3, Informative) 94

by spydir31 on Thursday July 28, 2011 @12:02PM (#36909354) Attached to: Sniffer Hijacks SSL Traffic From Unpatched IPhones

No, you're thinking of SSLstrip which methodically strips HTTPS references. This is a different attack, where the client accepts certificates signed by any certificate that has a valid chain

Apple Approves Opera Mini For iPhone 284

Posted by kdawson on Tuesday April 13, 2010 @08:15AM from the game-is-afoot dept.

andylim writes "Opera today announced its popular mobile browser, Opera Mini, has been approved for iPhone and iPod touch on the App Store. Opera Mini will be available in less than 24 hours, market by market, as a free download. Here's the download URL for when it goes live."

Comment XScreenSaver has this (Score 1) 367

by spydir31 on Tuesday November 17, 2009 @07:04AM (#30127462) Attached to: Making Old Games Look Good On Modern LCDs?

It's called xanalogtv, it's also used by the Pong and Apple2 hacks

Comment Re:Flat screens! (Score 1) 134

by spydir31 on Wednesday July 08, 2009 @04:55AM (#28619161) Attached to: Gaze-Tracking Software Protects Computer Privacy

You can get an E-IPS panel, I recently got me a Dell 2209WA screen, was fairly cheap.

Comment Re:GNOME has better (Score 1) 150

by spydir31 on Wednesday December 31, 2008 @07:43AM (#26278575) Attached to: Next Generation T9 Keyboard Technology

Do you mean Dasher?

Steam Cloud Launches This Week 69

Posted by Soulskill on Tuesday November 04, 2008 @04:31AM from the names-that-are-puns dept.

Valve announced yesterday that their extension of Steam, called Steam Cloud, will launch later this week with the Left 4 Dead demo. Steam Cloud is "a set of services for Steam that stores application data online and allows user experiences to be consistent from any PC." We discussed an early announcement for it back in May. Valve adds that "Steam Cloud will be available to all publishers and developers using Steam, free of charge, and Valve will add Cloud support to its back catalog of Steam games. Cloud services are compatible with games purchased via Steam, at retail, and other digital outlets."

LittleBigPlanet Creations Raising Copyright Questions 66

Posted by Soulskill on Tuesday November 04, 2008 @02:33AM from the darth-sackboy-the-hedgehog dept.

Joystiq's Law of the Game column uses the recently released LittleBigPlanet to address the question of intellectual property rights for user-created content within and for games. At this point, Sony's ToS claims a great deal of control over users' work, unlike Second Life's, which is much more permissive. GiantBomb has a related story pointing out creations within LittleBigPlanet that are copies of other games, and how they could lead to legal troubles for Sony if they aren't quick about taking them down.

The State of Game AI 88

Posted by Soulskill on Tuesday November 04, 2008 @12:28AM from the don't-let-it-get-the-railgun dept.

Gamasutra has a summary written by Dan Kline of Crystal Dynamics for this year's Artificial Intelligence and Interactive Digital Entertainment (AIIDE) Conference held at Stanford University. They discussed why AI capabilities have not scaled with CPU speed, balancing MMO economies and game mechanics, procedural dialogue, and many other topics. Kline also wrote in more detail about the conference at his blog. "... Rabin put forth his own challenge for the future: Despite all this, why is AI still allowed to suck? Because, in his view, sharp AI is just not required for many games, and game designers frequently don't get what AI can do. That was his challenge for this AIIDE — to show others the potential, and necessity, of game AI, to find the problems that designers are trying to tackle, and solve them."

Submission + - Skype caught out over video enhancement 'hack' (zdnet.co.uk)

Submitted by

superglaze

on Thursday November 22, 2007 @06:16AM

superglaze writes: "When Skype signed a deal with Logitech to enable "high quality" video calls, what it didn't make clear is that an option already existed within Skype to manually boost video quality. But Skype removed the feature, possibly to protect its new partnership. Guess what? The users of that feature cried foul, and now Skype has been forced to do a U-turn, reintroducing the option to manually increase resolution. Surely a victory for the consumer, albeit of a free product. I wonder how this will affect Skype's ongoing problem with being profitable."

Slashdot Top Deals