Sandb - Slashdot User

FBI Alleged To Have Backdoored OpenBSD's IPSEC Stack 536

Posted by kdawson on Tuesday December 14, 2010 @08:36PM from the all-your-vpn dept.

Aggrajag and Mortimer.CA, among others, wrote to inform us that Theo de Raadt has made public an email sent to him by Gregory Perry, who worked on the OpenBSD crypto framework a decade ago. The claim is that the FBI paid contractors to insert backdoors into OpenBSD's IPSEC stack. Mr. Perry is coming forward now that his NDA with the FBI has expired. The code was originally added ten years ago, and over that time has changed quite a bit, "so it is unclear what the true impact of these allegations are" says Mr. de Raadt. He added: "Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products." (Freeswan and Openswan are not based on this code.)

Fourth Amendment Protects Hosted E-mail 236

Posted by kdawson on Tuesday December 14, 2010 @07:45PM from the decade-overdue dept.

Okian Warrior writes "As reported on the EFF website, today the US Court of Appeals for the Sixth Circuit ruled that the contents of the messages in an email inbox hosted on a provider's servers are protected by the Fourth Amendment, even though the messages are accessible to an email provider. As the court puts it, 'The government may not compel a commercial ISP to turn over the contents of a subscriber's emails without first obtaining a warrant based on probable cause.'"

Wikileaks Founder Arrested In London 1060

Posted by CmdrTaco on Tuesday December 07, 2010 @08:58AM from the that-didn't-take-long dept.

CuteSteveJobs writes "The founder of WikiLeaks, Julian Assange, has been arrested by London police on behalf of Swedish authorities on allegation of rape. Assange has admitted that he is exhausted by the ongoing battle against authorities. The Swiss Government has confiscated $37K in his Swiss Bank account. PayPal and Mastercard have frozen Wikileak's accounts, hampering Wikileaks from raising any more funds."

Comment Oss and Gpl (Score 1) 216

by Sandb on Tuesday October 26, 2010 @07:50AM (#34022996) Attached to: New Programming Language Weaves Security Into Code

Wasn't too clear from the site, but downloaded it and checked, oss and gpl 2, coolness!

Submission + - Apple blocks iPhones from green ranking scheme (guardian.co.uk)

Submitted by Anonymous Coward on Wednesday August 25, 2010 @11:47AM

An anonymous reader writes: Apple has refused to allow its iPhones to be included in the UK's first-ever green ranking scheme for mobile phones. The scheme gives phones a rating of zero to five based on their environmental footprint and major manufacturers including Nokia, Sony Ericsson and Samsung have signed up. The network O2, which is launching the rating system today, said 93% of the devices its customers use will be covered... An Apple spokeswoman declined to comment on why the company had decided not to join the voluntary labelling scheme, but highlighted its environmental reporting online.

Submission + - Facebook hit list leads to 3 murders. (npr.org)

Submitted by kj_kabaje on Wednesday August 25, 2010 @11:42AM

kj_kabaje writes: "Violence in Colombia has apparently taken a new, disturbing social media turn: hit lists have appeared on Facebook and some of the teens named have been killed." If you didn't have reason enough to quit Facebook, think again. Or maybe I've missed the point of the article.

Submission + - Red Hat News | Deltacloud Update (redhat.com)

Submitted by mfojtik on Wednesday August 25, 2010 @11:21AM

mfojtik writes: The Deltacloud project came about to fill the hole created by the lack of open, community-driven standards for moving computing and data among private clouds and the wide range of public cloud providers. This hole creates friction, slows down adoption of cloud, and raises the true cost of cloud for users and vendors alike. Imagine you are an IDE vendor wanting to enable launching of cloud instances from within the IDE – a feature that users would certainly applaud, but whose implementation forces you to make a choice immediately: do you shoulder the cost of adapting to as many vendor-specific cloud APIs or do you reign in cost by guessing which clouds will gain the largest share of the cloud market (and, best case, excluding yourself from a chunk of the market)?

Submission + - Major budget cuts to slow down progress at LHC (physorg.com)

Submitted by Gnaget on Wednesday August 25, 2010 @11:18AM

Gnaget writes: Major budget cuts at the world's biggest atom smasher over the next five years are set to slow down its quest to unlock the deepest secrets of the universe, management and staff warned on Wednesday.

The director-general of the European Organisation for Nuclear Research (CERN), Rolf Heuer, presented a proposal for 450 million Swiss francs (433 million dollars, 343 million euros) in savings in 2011-2015 to its 20 member states at a meeting here, spokesman James Gillies told AFP.

Great, each country saves less than $25 million dollars at the cost of human advancement. I'm sure that will make a huge dent in those deficits.

Submission + - Ip Packet Headers in Lego! (wordpress.com)

Submitted by gavsta on Wednesday August 25, 2010 @10:59AM

gavsta writes: Always having problems explaining packets and headers to non network techs, then attempt no more, its all been visualised in Lego! Colour representation of each part of the packet header, and of course yet another glorious use of lego!

"If you said, “Hey! That’s a TCP header diagram in Lego(TM)”, or perhaps, “Holy &^%@! That idiot made a TCP header diagram in Lego(TM)!”, then you’re exactly right! This is another one of those wild, wacky ideas that we dreamed up in the middle of one of my SANS classes (note to the SANS staff: shorter breaks might be a good idea). I bet my students never thought I’d actually do it."

Submission + - Global Security Threats Reach Record Levels (securityweek.com)

Submitted by wiredmikey on Wednesday August 25, 2010 @10:57AM

wiredmikey writes: Web vulnerabilities lead the way, representing more than half of the 4,396 publicly disclosed vulnerabilities documented by the X-Force Research & Development team in the first half of 2010. This represents a 36 percent increase over the same time period last year, with 55 percent of the disclosed vulnerabilities having no vendor-supplied patch at the end of the period.

Keep in mind that these figures don’t include custom-developed Web applications, which can also contain vulnerabilities.

On the positive side, the report noted that organizations were doing more to identify and disclose security vulnerabilities than in the past, helping to drive more open collaboration to identify and eliminate vulnerabilities before cyber criminals can exploit them.

Submission + - Fedora Users gather together in Switzerland (fedoraproject.org)

Submitted by

Marcus Moeller

on Wednesday August 25, 2010 @10:51AM

Marcus Moeller writes: "This years Fedora Users and Developers Conference (FUDCon) EMEA will happen from 17th to 19th September 2010 on the premises of the ETH Zurich, Switzerland. It features talks, hacking and barcamp sessions related to anything within the Fedora ecosystem. The event coincides with the FrOSCamp (http://froscamp.org) which is an annual, multilingual two-day event. Both, FUDCon and FrOSCamp, focus on free and open source software and related topics.

As for Fedora, being a major Linux distribution, FrOSCamp will feature many of it's upstream projects and also a lot of other Linux distributions and UNIX derivatives.

One highlight is the Wired Dreams party on Friday, 2010-09-17, after the first event day just next to the primary event location featuring free (as in creative commons) live music and delicious free beer (with some mugs in form of free as in free beer).

Need to chill out a bit after a long day of hacking and collaborating? On Saturday evening, 2010-09-18 there will be a FUDPub in Zurich and everyone participating in FUDCon is very welcome to join.

For further information, take a look at the Fedora mailing lists and visit the Homepage for this Event at the Fedora Project Wiki."

Submission + - High Freq. Traders Face Charges for Market Madness (reuters.com)

Submitted by

eldavojohn

on Wednesday August 25, 2010 @10:48AM

eldavojohn writes: "Occurrences like May 6 plunge are causing some to doubt high frequency traders. Today, the Chicago Mercantile Exchange announced an investigation into bad high frequency algorithms being employed in its own marketplaces. Infinium Capital Management is in the middle of a six month with regards to its "bad algorithm" that caused oil prices to jump. From Business Insider: 'Five seconds after the firm turned it on, they had to turn it off. The algo[rithm] "choked," after it had already flooded the oil market with orders that made up 4 percent of average daily trading volume in the contract, and caused a brief 1.3 percent jump in oil prices, from $76.60 to $77.60.' Two to three thousand orders per second caused 4,612 "buy limit" orders which were met with huge block trades minutes later at the offset position netting the company a cool $1.03 million LOSS. Imagine turning on your high frequency trader and five seconds later you're out one million dollars. If you haven't yet doubted the prudence or the extreme volatility of high frequency trading the forthcoming civil case might make the decision for you."

Submission + - "Retro programming" teaches using 1980s machines (bbc.co.uk) 1

Submitted by

Death Metal Maniac

on Wednesday August 25, 2010 @10:00AM

Death Metal Maniac writes: ""Modern computers go too fast," said Mr Abrams. "You can see the instructions happening for real with these machines. They need to have that understanding for the A-level.""

Submission + - Should Developers Have Access to Production? (serverfault.com) 1

Submitted by WHiTe VaMPiRe on Wednesday August 25, 2010 @09:43AM

WHiTe VaMPiRe writes: Kyle Brandt recently wrote an editorial exploring the implications of providing developers access to the production servers of a Web site. He explores the risk introduced by providing higher level access as well as potential compromise solutions.

Rustock Botnet Responsible For 40% of Spam 250

Posted by timothy on Tuesday August 24, 2010 @10:49PM from the long-walk-short-plank dept.

angry tapir writes "More than 40 percent of the world's spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec's MessageLabs' division. The Rustock botnet has shrunk since April, when about 2.5 million computers were infected with its malicious software that sent about 43 billion spam e-mails per day. Much of it is pharmaceutical spam."

Slashdot Top Deals