Ytsejam-03 - Slashdot User

Comment Re:Wireshark (Score 1) 923

by Ytsejam-03 on Thursday August 01, 2013 @02:24PM (#44449467) Attached to: Google Pressure Cookers and Backpacks: Get a Visit From the Feds

The NSA could also be getting duplicate copies of customer certs issued by CAs in order to play MITM.

Presumably you mean certificates using NSA-generated key pairs, but that are otherwise identical to the "customer certs".

Comment Re:Ah the myth of amazing software tech (Score 1) 237

by Ytsejam-03 on Monday May 20, 2013 @12:55PM (#43774515) Attached to: Trade Group: US Software Developer Wages Fell 2% Last Year

winning the day. Didn't work our so well for Corel did it? Or Novel? Or Sun?

I assume you meant Novell.

Yeah, you're few good programmers will make better code, but my 100 code monkeys will make more of it.

Novell isn't really a good example. Starting in the late 90's, they began laying off employees in the states and replacing them with cheap labor in Bangalore. That didn't work out so well.

Especially telling was a blog post by then-CTO Jeff Jaffe sometime around 2008, where he talked about the superior quality of Novell's software. Only problem was that quality had been steadily declining for the past ten or so years. The comments section was full of Novell customers telling the CTO that he was full of shit.

Jaffe was fired (er, resigned) a year or so later, so that blog post is long-gone. Fortunately, the wayback machine has a copy.

Submission + - Stolen Certificates Found in Malware Possibly Targeting Tibetan Groups (threatpost.com)

Submitted by Trailrunner7 on Tuesday May 15, 2012 @12:29PM

Trailrunner7 writes: The recent trend of attackers using stolen digital certificates to make their malicious executables look legitimate is continuing unabated, with researchers now having come across a series of variants of the Etchfro Trojan that are using certificates taken from several companies and issued by VeriSign, Thawte and other certificate authorities.

After looking at recent examples of malware signed with stolen certificates, researchers at Norman ASA, a security firm in Norway, noticed that there was an odd string in one specific optional field included in the stolen certificates. The field, named moreInfo, often is used to enter a URL for users to find more information on a company. But in the examples that Norman looked at, that field instead included the following string: “identifierBegin:shiqiang:identifierEnd“.

It's not clear what, if any, purpose the string serves, but Norman researchers started digging through the company's malware database, looking for other samples with the same string. Lo and behold, there were more than 20 samples with the same odd string, and each of them included a stolen digital certificate. Many of the certificates are still valid right now. All of the malware samples, save one, was some version of the Etchfro Trojan. The other one is a version of the infamous Gh0st RAT tool.

The targets of the malware used in this attack are interesting. As has been the case with similar attacks that have employed stolen certificates, many of the malicious documents used in these attacks indicate that the attackers are going after organizations and individuals who are opposed to the Chinese government's policies. Researchers have uncovered several other examples of attackers, whether they be government-sponsored or private, going after human rights activists, Tibetan nationalists and others who oppose the Chinese government.

Submission + - Google+ is a ghost town, study says (bgr.com)

Submitted by zacharye on Tuesday May 15, 2012 @12:26PM

zacharye writes: Google’s emerging social network Google+ may boast big user numbers, but a new study suggests that social activity and user engagement are anything but impressive. Intended to give Google a stronger grip on the massive amount of data shared by users on social networks, Google’s answer to Facebook opened its doors to the public last September. After using some user acquisition methods that seemed a bit desperate, Google revealed in December that Google+ was then home to 62 million users. Google+ boasted an impressive 100 million users as of early April, but according to eCommerce analytics firm RJ Metrics, the social network is not the waterfall of data Google hoped it would be...

Hubble To Use the Moon To View Transit of Venus 37

Posted by Soulskill on Monday May 07, 2012 @05:44PM from the oh-yeah-it-was-easy-i-just-used-the-moon dept.

astroengine writes "As we recently discussed, on June 5 or 6 this year — the exact time and date depends on where you are in the world — Venus will be visible as a small black circle crossing the disk of the sun. Usually, the Hubble Space Telescope would have no business observing this event — the sun is too close for its optics. But plans are afoot for Hubble to observe the reflected sunlight bouncing off the lunar surface during the transit. As the sunlight will pass through the Venusian atmosphere, the transit will provide invaluable spectroscopic data about Venus' atmospheric composition. This, in turn, will help astronomers in characterizing the atmospheres of planets orbiting other stars."

Submission + - Running Apps from the Dashboard: A Good Idea? (blogspot.com)

Submitted by Anonymous Coward on Thursday May 03, 2012 @02:44PM

An anonymous reader writes: I guess is was inevitable, now that BMW is letting you view and make tweets from behind the wheel, but is it really a good idea to let people run smartphone apps from their dashboard monitor? I guess for navigation you could run your favorite map-app there, but there is nothing to stop people from running other apps on their dashbaord too. It might be better than texting from the handset, but I'm not sure I want people playing Angry Birds while they drive.

Submission + - Symantec: More Malware on Religious Sites Than Porn Sites (esecurityplanet.com) 1

Submitted by

kongshem

on Thursday May 03, 2012 @02:28PM

kongshem writes: "According to Symantec's annual Internet Security Threat Report, religious and ideological websites have far more security threats per infected site than adult/pornographic sites. Why is that? Symantec's theory: "We hypothesize that this is because pornographic Web site owners already make money from the Internet and, as a result, have a vested interested in keeping their sites malware-free — it's not good for repeat business,""

Submission + - Kaspersky:Apple's Walled Garden Is More Secure - For Now (techweekeurope.co.uk)

Submitted by

judgecorp

on Thursday April 26, 2012 @11:35AM

judgecorp writes: "Apple's walled garden is more secure than the open approach of Windows or Android Kaspersky CEO Eugene Kaspersky says. However, he thinks the approach is storing up trouble. Apple's security is where Microsoft's was 12 years ago, he says, and he expects Apple to suffer the same issues Microsoft has had to face. One problen: if Apple opens up enough to allow AV on iOS devices, that very act would open it up to malware."

Submission + - A 4000mph Train From D.C. To Beijing In 2 Hrs (singularityhub.com)

Submitted by

kkleiner

on Thursday April 26, 2012 @11:12AM

kkleiner writes: "Evacuated Tube Transport, or ETT, combines the efficiency of maglev trains, already in use in Europe and Asia, with the efficiency of moving through an airless environment. Not only does ETT lack an engine – and a need for fossil fuel propulsion – but because it can glide along almost indefinitely through the vacuum it takes full advantage of Newton’s age-old “an object in motion stays in motion.” If ETT does see the light of day it is estimated to travel at a top speed of 4,000 mph, fast enough to go from Washington DC to Beijing in just two hours."

Submission + - 7 Programming Myths (infoworld.com) 1

Submitted by

snydeq

on Monday April 23, 2012 @01:32PM

snydeq writes: "InfoWorld's Neil McAllister offers up seven myths of modern programming practices, noting that while programming tools have gotten sharper, software development remains rife with misconceptions on productivity, code efficiency, offshoring, and more. 'Even among people as logical and rational as software developers, you should never underestimate the power of myth. Some programmers will believe what they choose to believe against all better judgment,' McAllister wrties. 'The real shame is that, in many cases, our elders pointed out our errors years ago, if only we would pay attention. Here are just a few examples of modern-day programming myths, many of which are actually new takes on age-old fallacies.'"

Submission + - Google's chief Java architect: it's 'likely' I copied Sun code in Android (theverge.com) 1

Submitted by sproketboy on Monday April 23, 2012 @11:22AM

sproketboy writes: From the whoops department:
Google's chief Java architect: it's 'likely' I copied Sun code found in Android, 'I'm sorry' if I did.

Submission + - Brain Scan Can Predict Math Mistakes (itworld.com)

Submitted by

itwbennett

on Monday April 23, 2012 @10:11AM

itwbennett writes: "Computer Science Ph.D. candidate Federico Cirett says that he can predict with 80 percent accuracy when someone is about to make a mistake on a math question. Using an EEG machine, Cirett can identify the patterns in a volunteer's thinking that are likely to result in an error 20 seconds or so before it's made. 'If we can detect when they are going to fail, maybe we can change the text or switch the question to give them another one at a different level of difficulty, but also to keep them engaged,' Cirett said. 'Brain wave data is the nearest thing we have to really know when the students are having problems.' He will present a paper on his findings at the User Modeling, Adaptation and Personalization conference in July."

Submission + - Android Trojan Uses Motion Sensors To Steal Passwords (techweekeurope.co.uk)

Submitted by

judgecorp

on Monday April 23, 2012 @09:18AM

judgecorp writes: "TapLogger, a proof-of-concept Trojan for Android developed by resarchers at Pennsylvania State University and IBM, uses infrormation from the phone's motino sensor to deduce what keys the user has tapped, thus revealing otherwise-hidden information such as passwords and PINs."

Submission + - Oracle vs. Google: Who Owns The Java APIs? (infoworld.com)

Submitted by

snydeq

on Thursday April 19, 2012 @02:20PM

snydeq writes: "Fatal Exception's Neil McAllister sees Oracle's suit against Google boiling down to calling dibs on the Java APIs, and if the court agrees, this will be bad news for developers everywhere. 'Oracle's argument is roughly akin to me claiming that because I own the copyright to a book of commonly used English phrases, publishers of Shakespeare need to pay me royalties. If it holds true for Java, it will hold true for any programming language, from any source. That could radically change the relationship between developers and platform vendors,' McAllister writes. 'For one thing, it raises questions about programming language licensing. If the most basic language APIs can be copyrighted, would that not in effect make any program written in any language a derivative work of that language's APIs? How would that work in practice? Who would developers have to pay? What rights would they have to sign away?'"

Submission + - HBO Adds Additional Encryption to Prevent Piracy (techdirt.com)

Submitted by OccamsRazorTime on Thursday April 19, 2012 @12:58PM

OccamsRazorTime writes: HBO activated new HDCP encryption on their feed to cut down on piracy but at the encryption also blocks many common user functions in media centers not enabled for this type of encryption including DVR and HDMI output.
From the article:
"HBO is terrified of piracy—so terrified, in fact, that they're willing to toss roadblocks in the path of their subscribing customers as well. Ars Technica saw some complaints on a satellite forum, and discovered that DirecTV users with older DVRs and TVs are suddenly unable to watch HBO shows, thanks to newly-activated encryption."

Here is the story over at Ars Technica:

Perhaps worst of all is the fact that the encryption used has already been cracked so the only people suffering are their actual customers.

Slashdot Top Deals