naChoZ - Slashdot User

Submission + - Building a better spam trap (nytimes.com)

Submitted by

SpiritGod21

on Monday December 03, 2007 @03:21PM

SpiritGod21 writes: "Steven T. Kirsch, the developer of the optical mouse, has been thinking about the spam problem for a number of years. After filing several patents covering other approaches, Mr. Kirsch hit on the idea underlying his latest invention, Abaca, quite by accident.

The approach underlying the Abaca technique is the recognition that the ratio of spam to legitimate e-mail is individually unique. It is also a singular identifier that a spammer cannot manipulate easily. By assessing the combined reputations of the recipients of any individual message, the Abaca system determines the "spaminess" of a particular message. Mr. Kirsch asserts this provides a high degree of accuracy in deciding whether the message is spam."

Submission + - WiFi PDA (Linux Based?) Suggestions

Submitted by

cwelch

on Monday December 03, 2007 @02:21PM

cwelch writes: "I'm looking for a PDA that has Wifi to play with at home and in the office. I'd prefer one that has Linux and a decent bit of storage so I can add a little bit of stuff (maybe VNC or SSH?) to play with. I don't have a lot of funds to play with, but any devices would be a point in the right direction. Any suggestions?"

Submission + - Some Best Buys not honoring Mario Galaxy Promotion

Submitted by

Selikoff

on Friday November 16, 2007 @03:42PM

Selikoff writes: "As many of you may have heard Toys R Us began giving away $25 gift cards this week with every purchase of Super Mario Galaxy for the Wii. Not to be outdone, Best Buy announced it would match the offer with its own $25 gift certificates. There's been some noise in forums that some Best Buy stores are failing to honor this promotion. I decided to go to Best Buy, with SKU number in hand (although it shouldn't be needed), only to experience the same problems at my local store. Clerks refused to acknowledge or even type in the coupon, and only after fighting a manager for 10 minutes did he try the SKU number out, only to discover it was a real promotion. I don't know if I should chalk this one up to bad customer service or failure in the chain of command to notify store associates, but I'm sure there are a lot of Best Buy customers who failed to get their certificate this week."

Submission + - AMD's Phenom Available Online

Submitted by Anonymous Coward on Friday November 16, 2007 @03:38PM

An anonymous reader writes: Amid speculation that AMD will formally announce shipping of its desktop quad-core Phenom processor on Monday, the devices are already available for pre-order online at Directron.com. There appear to be three models: The Phenom X4 9700, a 2.4-GHz quad-core processor with a 4MB cache and a power rating of 125W. Like all the Phenoms, it will plug into AMD's AM2+ socket. Directron is posting it at at price of $335. Also in the first crop of Phenoms is the X4 9600, a 2.3-GHz clock, 4MB cache, 95W power device priced at $322; and the Phenom X4 9500, which is 2.2-GHz, 4MB cache, 95W and $286. Phenom is AMD's first desktop quad and implements its new 10h architecture, but it's 65-nm so the big question is whether it's enought to beat back Intel's new 45-nm Penryn processors.

Submission + - id software to release more cellphone/DS games

Submitted by

certain death

on Friday November 16, 2007 @03:37PM

certain death writes: "Mesquite, Texas-based id Software plans big push into cellphone games

Mesquite-based id Software, the company that revolutionized computer games in the 1990s with titles like Doom and Quake, is now taking aim at the lucrative world of mobile games.

The company is announcing today the creation of an internal division called id Mobile that will make games for cellphones and Nintendo's handheld DS game system.

id has been dabbling in the cell phone market recently with the release of Orks and Elves for Nintendo DS. John Carmack's wife will head the new division within id.

Article located here: http://www.dallasnews.com/sharedcontent/dws/bus/ptech/stories/DN-idmobile_15bus.State.Edition1.4a396d2.html"

Submission + - DirecTV offers HD hookup on Space Station 1

Submitted by orion205 on Friday November 16, 2007 @03:30PM

orion205 writes: DirecTV is hyping its new HD lineup by offering a complete HD package to NASA to be used on the International Space Station. They'll even provide engineering support for the installation of a satellite dish on top of the new Harmony module. Will the astronauts be able to get anything done if they have 100 HD channels to watch??

Submission + - Carbon nanotube memory coming (idg.com.au)

Submitted by

inkslinger77

on Friday November 16, 2007 @03:30PM

inkslinger77 writes: "Startup Nantero has built a carbon nanotube-based memory wafer using standard semiconductor fabrication processes, which it reckons removes a significant hurdle in commercializing the seemingly exotic NRAM (non-volatile RAM). But will DRAM, SRAM and flash ever be replaced?"

Submission + - Apple releases fix for Freezing Aluminum iMacs (apple.com)

Submitted by

losman

on Friday November 16, 2007 @02:32PM

losman writes: "Visiting the Apple discussion forums for the new 20" and 24" iMacs will show a lot of buyers found their machines freezing and it was felt to be a problem with ATI 2600HD cards. Many customers found both Apple phone and in-store support rejecting that this was a wide spread problem. Last night, along with the latest system updates, Apple released an iMac Video Firmware Update that addresses this issue. Apple never acknowledged that the problem actually existed but apparently it did with release of this patch. Here is the link to the note describing this fix: http://docs.info.apple.com/article.html?artnum=307008"

Submission + - Aerogel Insulation Finds Home in New LapDesks

Submitted by

LapLogic

on Friday November 16, 2007 @02:23PM

LapLogic writes: "Aerogel Insulation Finds Home in New LapDesks
November 15, 2007

LapLogic, Inc. announced today the release of a new line of LapDesks featuring Aerogel Insulation. Holding 15 world records in the Guinness Book of World Records, including Best Thermal Insulator, Aerogel insulation has previously been restricted to high-budget government programs such as the Mars Rover.

Designed to permit laptop users to work in comfort, the Aerogel Extreme LapDesks provide a new level of heat protection and improved ergonomics. Part of the second-generation LapDesks introduced in 2003 by LapLogic and featured in PC Magazine and the Wall Street Journal, the Aerogel Extreme line improves on the CR Thermal Technology which is designed to block radiant, convective and conductive heat transfer. In addition to the Aerogel insulation, the new designs feature integrated cooling channels which increase the air gap under the laptop, improving air circulation and helping the CPU run cooler. No-slip mesh keeps the laptop and the lapdesk from sliding at odd angles, allowing users to shift position for comfort.

Available in the traditional width, the G800 Aerogel Extreme is also available in the W800 Wide version, which features an integrated mouse pad."

Submission + - Razer Touts Next-Gen Laser, 4000 dpi Mouse (extremetech.com)

Submitted by

ThinSkin

on Friday November 16, 2007 @02:17PM

ThinSkin writes: "As a refresher: Gaming mice have doubled in dpi sensitivity in the last two years, from 2000 dpi to 4000 dpi, with the latter going to Razer's latest beast — the Lachesis. Razer's Lachesis has nine buttons, an ambidextrous shape, and plenty of software hacks for profile and macro management. While Razer hopes the Lachesis will woo consumers with its muscle, ExtremeTech's review of the Lachesis isn't quite convinced that horsepower is enough, as the design and button placement both became issues. The mouse retails for $80."

Submission + - Comcast disables Tivo Serial Port channel changing (google.com)

Submitted by Anonymous Coward on Friday November 16, 2007 @02:03PM

An anonymous reader writes: Across New England, updates have apparently been rolled out to Comcast's Motorola cable boxes that disable the serial port so that Tivo can no longer change channels. My dual-tuner Tivo can still access non-digital channels, but I have to use the cable remote to access HBO and the like. If you're a Comcast user with a Tivo, please let Comcast know you're displeased with this behavior — although they may be working with Motorola to back-out the change. New cable boxes with functioning serial ports will have the serial port disabled after automatically downloading this update. Asking tech support for a "Factory Default Reset" might help for some boxes. Comcast claims to have been unaware of the update and blames Motorola for pushing it out — begging the question of why a service provider would allow a hardware vendor to make changes to their customers' devices without so much as a heads-up?

Submission + - Sprint Customer dis-Service (carpetempestas.com)

Submitted by

Eddo

on Friday November 16, 2007 @12:19PM

Eddo writes: "Sprint seems to be having troubles with that whole customer service thing. One customer offers a detailed account of upgrading a phone and the numerous phone calls involved that finally leads to the returning of the phone. During the process, the customer discovers that they've been charged 911 fees from a different state for the last six months when he's never moved since he became a customer. The customer also details user interface issues on the website and active problems still reproducable on Sprint's website."

Submission + - Google Sued by Northeastern University (reuters.com)

Submitted by bostonsoxfan on Friday November 16, 2007 @11:57AM

bostonsoxfan writes: Reuters is reporting that Google is being sued by Northeastern University and a a small startup Jarg Corp. The lawsuit is over "Distributed Computer Database System and Method" which Dr. Kenneth Baclawski patented and contends that is the basis of Google's search system. The suit is being brought in the Eastern District of Texas in Marshall, a court known for being plaintiff friendly and significantly quicker than other courts.

TB-Sized Solid State Drives Announced 130

Posted by Zonk on Friday November 16, 2007 @11:45AM from the soon-to-be-implantable dept.

prostoalex writes "Several companies have announced solid state hard drives in excess of one terrabyte in size. ComputerWorld describes one from BitMicro that's just 3.5". Their flash drive will support up to 4 Gbps data transfer rate. From the article: 'SSDs access data in microseconds, instead of the millliseconds that traditional hard drives use to retrieve data. The BitMicro E-Disk Altima 4Gb FC delivers more than 55,000 I/O operations per second (IOPS) and has a sustained data transfer rate over 230MB/sec. By comparison, a fast hard drive for example will run at around 300 IOPS.'" Ah, the speed of tech. Seems like only last month we were talking about 500GB drives.

Submission + - Microsoft PRNG encryption CRACKED! (computerworld.com)

Submitted by

Martin Shin

on Friday November 16, 2007 @11:36AM

Martin Shin writes: "November 15, 2007 (Computerworld) Israeli researchers who have reverse-engineered a critical component of Windows' encryption technology say attackers could exploit flaws to decipher secured information. Microsoft Corp. has downplayed the threat.

In a paper published earlier this month, Benny Pinkas from the University of Haifa and two Hebrew University graduate students, Zvi Gutterman and Leo Dorrendorf, described how they recreated the algorithm used by Windows 2000's pseudo-random number generator (PRNG). They also spelled out vulnerabilities in the CryptGenRandom function, which calls on the algorithm.

Windows and its applications use the PRNG to create random encryption keys, which are in turn used to encrypt files and e-mail messages, and by the Secure Socket Layer protocol. SSL secures virtually every important Internet data transmission, including information from consumers to online retailers, and from bank customers to their online accounts.

By cracking the PRNG's algorithm, Pinkas and his team were able to predict its future results and uncover what it had come up with in the past, which then let them compute both previous and future encryption keys. They also discovered multiple design flaws in the algorithm that they said could give hackers the keys to the kingdom.

One of the flaws let Pinkas calculate the keys that had already been used on a Windows 2000 machine. In effect, given even remote access to the machine, a hacker could uncover encryption keys that had been generated, and thus the passwords — or other information — which had been used, even if they weren't saved elsewhere on the system. "If you know the 'state' of the PRNG, it should be hard to predict its previous state," said Pinkas yesterday. "It should be like a one-way street. Going backward [in time] should be impossible. But we found a way to very efficiently predict previous states of the PRNG."

That's a major bug, and one that should not have been overlooked, Pinkas added. "It's very well known how to construct a one-way generator. The fact that the PRNG used by Windows 2000 does not provide [this] demonstrates that the design is flawed."

Another problem with Windows' PRNG, added Pinkas, is that a single peek at the current state of its calculations can expose a huge amount of information. Unlike other operating systems such as Linux, Windows only refreshes its "randomness" after the PRNG has produced 128K of output. And since a typical SSL connection between, say, Internet Explorer and a bank consumes just 100-200 bytes of output, it's possible to predict 600-1,200 different SSL connections.

"Once we get the state of the PRNG, we can simulate its future state until the generator is refreshed with new random data," said Pinkas. "But that represents several hundred SSL connections."

Pinkas acknowledged that an attacker must have access to the target PC to get a glimpse of the PRNG's current state — the prerequisite to calculating either future or past encryption keys — but in today's security landscape, that's no barrier. "People are finding new ways to get administrative privileges all the time," he argued. By combining a relatively run-of-the-mill attack — one that results in full access to the machine, such as the just-patched vulnerability in Windows' URI protocol handler — with an exploit of the PRNG's design flaws, hackers could decrypt files or reveal secure traffic between the PC and the outside world, Pinkas said. "It should be pretty easy to do our attacks."

That's not a vulnerability, that's a feature

Microsoft downplayed the problem. "We found that there is no security vulnerability," the company said in a statement attributed to Bill Sisk, Microsoft's security response communications manager. "Information is not disclosed inappropriately to unauthorized users on any supported Windows systems. In all cases discussed in the claim, information is visible only to the users themselves or to another user logged onto the local system with administrator credentials."

Sisk then went on to justify Microsoft's position that the flaws did not qualify as security vulnerabilities. "Because administrators by design can access all files and resources on a system, this does not represent inappropriate disclosure of information."

"We got basically the same [response] when we reported our findings in May," said Pinkas, who believes that the risk is greater than Microsoft wants users to believe. An attacker does not need physical access to the PC to carry out an attack that leverages the PRNG's flaws, for example. "Once you have a way to do remote code execution, you can grab the state of the generator," he said. "Any hacker who knows the OS, could grab the state, and as I said, it's not difficult to get administrative privileges on a PC."

A Symantec Corp. researcher took a middle position. In a research note made available to customers of Symantec's DeepSight threat network, analyst Erik Kamerling called the level of difficulty of such an attack as "relatively high" even as he said that Pinkas' discovery was "an extremely sought-after tool in cryptanalysis."

"An attacker must first gain some type of privileged access to an affected machine," said Kamerling. "Then the attacker would have to run a custom application or script that reads internal RNG variables. The attacker would also need to compute pending and past state information, and finally correlate and apply this forward and backward state reconstruction with the communications emanating from the target machine. It's a complicated scenario to say the least."

But Kamerling also hedged his bets. "Any development of an automated tool or program that would accomplish the techniques in the paper would increase the severity of this discovery," he admitted.

Microsoft came close to promising that it would fix the random number generator. "We are evaluating changes to further strengthen our random number generation capabilities," Sisk said. In an earlier statement, the company had said it might include an update in a future Windows service pack.

The paper co-authored by Pinkas, Gutterman and Dorrendorf can be downloaded from the Cryptology ePrint Archive in PDF format."

Slashdot Top Deals