achowe - Slashdot User

Submission + - Mozilla to Support Key Pinning in Firefox 32

Submitted by Trailrunner7 on Friday August 29, 2014 @11:24AM

Trailrunner7 writes: Mozilla is planning to add support for public-key pinning in its Firefox browser in an upcoming version. In version 32, which would be the next stable version of the browser, Firefox will have key pins for a long list of sites, including many of Mozilla’s own sites, all of the sites pinned in Google Chrome and several Twitter sites.

Public-key pinning has emerged as an important defense against a variety of attacks, especially man-in-the-middle attacks and the issuance of fraudulent certificates. In the last few years Google, Mozilla and other organizations have discovered several cases of attackers using fraudulent certificates for high-value sites, including Gmail. The function essentially ties a public key, or set of keys, issued by known-good certificate authorities to a given domain. So if a user’s browser encounters a site that’s presenting a certificate that isn’t included in the set of pinned public keys for that domain, it will then reject the connection. The idea is to prevent attackers from using fake certificates in order to intercept secure traffic between a user and the target site.

The first pinset will include all of the sites in the Chromium pinset used by Chrome, along with Mozilla sites and high-value sites such as Facebook. Later versions will add pins for Twitter, a long list of Google domains, Tor, Dropbox and other major sites.

Submission + - IEEE Guides Software Architects Toward Secure Design (threatpost.com)

Submitted by msm1267 on Friday August 29, 2014 @07:34AM

msm1267 writes: The IEEE's Center for Secure Design debuted its first report this week, a guidance for software architects called "Avoiding the Top 10 Software Security Design Flaws." Developing guidance for architects rather than developers was a conscious effort the group made in order to steer the conversation around software security away from exclusively talking about finding bugs toward design-level failures that lead to exploitable security vulnerabilities.
The document spells out the 10 common design flaws in a straightforward manner, each with a lengthy explainer of inherent weaknesses in each area and how software designers and architects should take these potential pitfalls into consideration.

Submission + - Youth Arrested for "Killing Pet Dinosaur"

Submitted by Rambo Tribble on Saturday August 23, 2014 @10:08AM

Rambo Tribble writes: In South Carolina a 16-year old boy, Alex Stone, was arrested and charged with creating a disturbance at his school, as well as suspended, for choosing to write: "I killed my neighbor's pet dinosaur. I bought the gun to take care of the business," in response to a class writing assignment. The story has attracted international attention.

Submission + - Securing networks in the Internet of Things era

Submitted by Anonymous Coward on Friday August 22, 2014 @10:00AM

An anonymous reader writes: Gartner reckons that the number of connected devices will hit 26 billion by 2020, almost 30 times the number of devices connected to the IoT in 2009. This estimate doesn’t even include connected PCs, tablets and smartphones. The IoT will represent the biggest change to our relationship with the Internet since its inception. Many IoT devices themselves suffer from security limitations as a result of their minimal computing capabilities. For instance, the majority don’t support sufficiently robust mechanisms for authentication, leaving network admins with only weak alternatives or sometimes no alternatives at all. As a result, it can be difficult for organizations to provide secure network access for certain IoT devices. Yet IT teams need to set network access policies for all connected devices in order to preserve network security and make the most efficient use of available network resources.

Submission + - Netflix's CEO Reed Hastings on Net Neutrality, Blames Large ISPs For Problem (wired.com) 2

Submitted by KindMind on Tuesday August 19, 2014 @02:55PM

KindMind writes: On Wired, Reed Hastings (Netflix's CEO) has his take on net neutrality. He lays the problem at the feet of the large ISPs. He says "It's worth noting that Netflix connects directly with hundreds of ISPs globally, and 99 percent of those agreements don't involve access fees. It is only a handful of the largest U.S. ISPs, which control the majority of consumer connections, demanding this toll. Why would more profitable, larger companies charge for connections and capacity that smaller companies provide for free? Because they can."

Submission + - How patent trolls destroy innovation (vox.com)

Submitted by walterbyrd on Tuesday August 19, 2014 @10:24AM

walterbyrd writes: A new study by researchers at Harvard and the University of Texas provides some insight on this question. Drawing from data on litigation, R&D spending, and patent citations, the researchers find that firms that are forced to pay NPEs (either because they lost a lawsuit or settled out of court) dramatically reduce R&D spending: losing firms spent $211 million less on R&D, on average, than firms that won a lawsuit against a troll.

"After losing to NPEs, firms significantly reduce R&D spending — both projects inside the firm and acquiring innovative R&D outside the firm," the authors write. "Our evidence suggests that it really is the NPE litigation event that causes this decrease in innovation.

Submission + - How Shark Weeks screws scientists 1

Submitted by Sockatume on Thursday August 14, 2014 @08:06AM

Sockatume writes: The Verge has an article on Discovery's hugely successful Shark Week, discussing how the increasing sensationalist special event misrepresents science and exploits nature and local history for shock value. Scientists who appeared in and were misrepresented by the channel's programming are beginning to encourage their peers to stay away from the Discovery network, which stands by the programming's viewing figures.

Feed Ars Technica: J. Michael Straczynski wants to reboot Babylon 5 as a big-budget movie (arstechnica.com)

From feed by feedfeeder on Friday August 08, 2014 @01:12PM

Original series creator will pen the script, possibly finance the film.

Submission + - Linus Torvalds is pissed at Change.org, starts a petition (themukt.com) 1

Submitted by sfcrazy on Friday August 08, 2014 @08:37AM

sfcrazy writes: Linus Torvalds rarely gets upset over a wrong reason and Change.org has given him that reason. The creator of the world's most dominant technology – the linux kernel – found that someone started a petition on Change.org using his identity. So Linus took over and created a petition asking Change.org to stop its dickish ways and verify emails.

Submission + - Majority of users are disabling Ubuntu's online search results in Unity (nathanheafner.com)

Submitted by Anonymous Coward on Thursday August 07, 2014 @11:19AM

An anonymous reader writes: The Ubuntu community survey data is out and it shows that a very large majority of users simply disable Unity's online search results feature. It looks like all those articles suggesting the solution to disable the feature .. worked.

Submission + - Apple and Samsung agree to drop cases outside the US

Submitted by mrspoonsi on Wednesday August 06, 2014 @05:02PM

mrspoonsi writes: Apple and Samsung have agreed to withdraw all legal cases against each other outside the United States. The two rivals have sued each other over a range of patent disputes in nine countries outside the US, including the UK, South Korea, Japan and Germany. A joint statement said the agreement "does not involve any licensing arrangements", and they would continue to pursue existing cases in US courts. The two firms are the biggest players in the smartphone and tablet PC market. But they have been involved in a bitter legal battle, spread across various countries, which has escalated in recent years.

Submission + - Monkey Selfie, Aboriginal Language Among Wikipedia Copyright Takedown Requests (itworld.com)

Submitted by itwbennett on Wednesday August 06, 2014 @11:06AM

itwbennett writes: Wikimedia, which operates Wikipedia, published its first transparency report Wednesday detailing two years of alteration and takedown requests as well as requests for user data it received. Of the 304 general content removal requests, none were granted, Wikimedia said in a blog post. And while the amount of copyright takedown requests was notably low, the requests that were made included a selfie taken by a black macaque monkey and an entire aboriginal language, among other eyebrow-raising items.

Submission + - Colorado's Secret Separate Set of State Laws (cocommonlaw.com)

Submitted by phxlaw on Friday July 25, 2014 @11:46AM

phxlaw writes: The state of Colorado is one of a handful of states that do not provide their state statutes, the Colorado Revised Statutes, through a government website. Instead, every state government website that I could find links to a "free" LexisNexis version, including the Colorado General Assembly. The problem with the LexisNexis version is there is a contract of adhesion you have to sign before you can view the statutes. In the Terms of Service that must be agreed to as a part of the contract, users disclaim liability for LexisNexis, the statutes are provided "as is" with no guarantee of accuracy.

Colorado holding out that LexisNexis is the official source of the Colorado Revised Statutes creates procedural due process problems. First, you shouldn't have to give up legal rights to sign a contract to view state law. Second, if the state is holding out LexisNexis as the official publisher of the laws, they should not be provided "as is."

Even more interesting is the Office of Legislative Legal Services has a semi-private version, indexed, and free to download off of their website. Director Cartin mentioned the semi-private site after the second open records request.

Submission + - Firefox 31 Released (mozilla.org)

Submitted by Anonymous Coward on Tuesday July 22, 2014 @03:13PM

An anonymous reader writes: Mozilla has released version 31 of its Firefox web browser for desktops and Android devices. According to the release notes, major new features include malware blocking for file downloads, automatic handling of PDF and OGG files if no other software is available to do so, and a new certificate verification library. Smaller features include a new search field on the new tab page, better support for parental controls, and partial implementation of the OpenType MATH table. Mozilla also took the opportunity to note the launch of a new game, Dungeon Defenders Eternity, which will run at near-native speeds on the web using asm.js, WebGL, and Web Audio. "We’re pleased to see more developers using asm.js to distribute and now monetize their plug-in free games on the Web as it strengthens support for Mozilla’s vision of a high performance, plugin-free Web."

Submission + - Ars editor learns feds have his old IP addresses, full credit card numbers (arstechnica.com)

Submitted by mpicpp on Sunday July 20, 2014 @09:27AM

mpicpp writes: FOIA request turns up 9 years of records, including plaintext credit card numbers

In May 2014, Cyrus Farivar reported on his efforts to learn what the feds know about me whenever I enter and exit the country. In particular, he wanted my Passenger Name Records (PNR), data created by airlines, hotels, and cruise ships whenever travel is booked.

ASK ARS: CAN I SEE WHAT INFORMATION THE FEDS HAVE ON MY TRAVEL?

One Ars editor tries to FOIA travel documents on himself.
But instead of providing what he had requested, the United States Customs and Border Protection (CBP) turned over only basic information about my travel going back to 1994. So he appealed—and without explanation, the government recently turned over the actual PNRs I had requested the first time.
The 76 new pages of data, covering 2005 through 2013, show that CBP retains massive amounts of data on us when we travel internationally. His own PNRs include not just every mailing address, e-mail, and phone number I've ever used; some of them also contain:

The IP address that I used to buy the ticket
His credit card number (in full)
The language he used
Notes on his phone calls to airlines, even for something as minor as a seat change
The breadth of long-term data retention illustrates yet another way that the federal government enforces its post-September 11 "collect it all" mentality.

Slashdot Top Deals