Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

CCC Create a Rogue CA Certificate 300

Posted by CmdrTaco from the they-even-faked-this-dept dept.
t3rmin4t0r writes "Just when you were breathing easy about Kaminsky, DNS and the word hijacking, by repeating the word SSL in your head, the hackers at CCC were busy at work making a hash of SSL certificate security. Here's the scoop on how they set up their own rogue CA, by (from what I can figure) reversing the hash and engineering a collision up in MD5 space. Until now, MD5 collisions have been ignored because nobody would put in that much effort to create a useful dummy file, but a CA certificate for phishing seems juicy enough to be fodder for the botnets now."

Comment Re:It's great that there's money for this stuff... (Score 2, Insightful) 238

by LotsOfPhil (#26161625) Attached to: NVIDIA GTX 295 Brings the Pain and Performance

Does helping folding@home make that portion of your power bill tax deductible? Otherwise.. who cares? Donate to a non-profit science foundation.

You are also kind of donating the hardware, which is a much bigger cost than the power. $10 worth of electricity will do more of these calcs than a $10 donation would enable.
Earth

Drilling Hits an Active Magma Chamber In Hawaii 251

Posted by timothy from the time-for-a-lava-luau dept.
Smivs writes "The BBC are reporting that drillers looking for geothermal energy in Hawaii have inadvertently put a well right into a magma chamber. Molten rock pushed back up the borehole several meters before solidifying, making it perfectly safe to study. Magma specialist Bruce Marsh says it will allow scientists to observe directly how granites are made. 'This is unprecedented; this is the first time a magma has been found in its natural habitat,' the Johns Hopkins University professor told BBC News. 'Before, all we had to deal with were lava flows; but they are the end of a magma's life. They're lying there on the surface, they've de-gassed. It's not the natural habitat.' It is hoped the site can now become a laboratory, with a series of cores drilled around the chamber to better characterise the crystallisation changes occurring in the rock as it loses temperature."
Role Playing (Games)

Review: Wrath of the Lich King 545

Posted by Soulskill from the slaying-pixels-for-fun-and-profit dept.
Since shortly after its release in late 2004, World of Warcraft has held the position of the most popular MMO, quickly outstripping predecessors such as Everquest and Ultima Online, and continuing to hold the lead despite competition from contemporaries and newer offerings, like Warhammer Online. When World of Warcraft's first expansion, The Burning Crusade, was released, it built on an already rich world by using feedback from players and two extra years of design experience to work on condensing the game to focus more on the best parts. Now, with the release of Wrath of the Lich King, Blizzard seems to have gotten themselves ahead of the curve; in addition to the many changes intended to remove the "grind" aspect that is so prevalent in this genre, they've gone on to effectively put themselves in the player's shoes and ask, "What would make this more fun? Wouldn't it be cool if..?" Read on for the rest of my thoughts.
The Courts

Lessig, Zittrain, Barlow To Square Off Against RIAA 288

Posted by timothy from the ensemble-cast dept.
NewYorkCountryLawyer writes "The RIAA's case in Boston against a 24-year-old grad student, SONY BMG Music v. Tenenbaum, in which Prof. Charles Nesson of Harvard Law School, along with members of his CyberLaw class, are representing the defendant, may shape up as a showdown between the Electronic Frontier and Big Music. The defendant's witness list includes names such as those of Prof. Lawrence Lessig (Author of 'Free Culture'), John Perry Barlow (former songwriter of The Grateful Dead and cofounder of the Electronic Frontier Foundation), Prof. Johan Pouwelse (Scientific Director of P2P-Next), Prof. Jonathan Zittrain (Author of 'The Future of the Internet — And How to Stop It'), Professors Wendy Seltzer, Terry Fisher, and John Palfrey, and others. The RIAA requested, and was granted, an adjournment of the trial, from its previously scheduled December 1st date, to March 30, 2009. (The RIAA lawyers have been asking for adjournments a lot lately, asking for an adjournment in UMG v. Lindor the other day because they were so busy preparing for the Tenenbaum December 1st trial ... I guess when you're running on hot air, you sometimes run out of steam)."

Comment McCain, Obama and public financing (Score 1) 1601

by LotsOfPhil (#25706365) Attached to: Press Favored Obama Throughout Campaign

McCain stayed within public financing limits. Obama exceeded them.

Not quite true. McCain and Obama both said, during the primaries before either was nominated (or the front-runner), that they would limit themselves to public financing, $85 million each, if their opponent did as well. When McCain sewed up the nomination, he pressed Obama, who had begun his inch towards the nomination. His campaign had also become a cash cow. Obama reneged. So, McCain declined the public limits, too.
MSNBC story from Feb. about this.

End result, instead of $170 million spent between the two, it was more like $1000 million ($630 million for Obama, $360 for McCain).
Source for the spending totals, they were tough to find.
Security

DNS Inventor Tackles Flaw 101

Posted by ScuttleMonkey from the always-evolving dept.
nk497 writes "Dr Paul Mockapetris is looking to fix the flaws in the Domain Name System he helped invent. 'It was never meant to be the only security mechanism for naming data on the internet, but was intended for additional security measures to be added to it later.' The flaws, first uncovered by security researcher Dan Kaminsky over the summer, lets attackers redirect genuine URLs to malicious ones — a problem Mockapetris believes could be solved using digital signatures."
GNU is Not Unix

(Stupid) Useful Emacs Tricks? 412

Posted by timothy from the bonus-if-it-uses-10-fingers-at-once dept.
Count Fenring writes "Since the Vi version of this question was both interesting and popular, let's hear from the other end of the spectrum. What are your favorite tricks, macros, extensions, and techniques for any of the various Emacs? Myself, I like 'M-x dunnet' ;-)"
The Internet

Australian Censorship Bypassed Before Live Trials 184

Posted by timothy from the you-expect-free-choice-from-the-government? dept.
newt writes "The Australian Government is planning to conduct live trials of as-yet-unspecified censorship technology. But as every geek already knows, these systems can't possibly work in the presence of VPNs and proxy servers. PC Authority clues the punters in." Maybe the ISPs secretly like encouraging SSH tunneling — and making everyone pay for the extra bandwidth used. Not really; Australia's major ISPs, as mentioned a few days ago, think it's a bad idea.
Image

Programming .NET 3.5 Screenshot-sm 224

Posted by samzenpus
lamaditx writes "The world of the .NET framework is taken to the next level by the release of .NET 3.5. The intended audience of this book are experienced .NET programmers. There are no sections that tell you details about C#, SQL servers or anything like that. I don't recommend this book if you never worked on a .NET project and don't know how to set up a SQL database. You should be aware that the code is written in C#. You might use one of the software code converters if you prefer Visual Basic instead. I think the code is still readable even if you do not know C#. I appreciate the fact that the authors decided to use one language only because it keeps the book smaller. The authors assume you are using Visual Studio 2008. You don't necessarily need to update to 2008 if you are working with an older edition because you can use the free Express Edition to get started." Keep reading for the rest of Adrian's review.
The Almighty Buck

How To Make Money With Free Software 81

Posted by kdawson from the coin-of-the-realm dept.
bmsleight writes "The Dutch Ministry of Finance organized an architecture competition to design not a building, but rather the new 5-Euro commemorative coin. The theme was 'Netherlands and Architecture'. The winning design was made 100% with free software, mainly Python, but also including The Gimp, Inkscape, Phatch, and Ubuntu. The design is amazing — the head of Queen Beatrix is made up of the names of architects based on their popularity in Yahoo searches (rendered in a font of the artist's own devising). In the end the artist, Stani Michiels, had to collaborate closely on location with technicians of the Royal Dutch Mint, so all the last bits were done on his Asus Eee PC. Soon, 350,000 Dutch people will use and enjoy the fruits of free software."
Books

Fraud Threat Halts Knuth's Hexadecimal-Dollar Checks 323

Posted by timothy from the sobering-thought-about-checks-in-general dept.
Barence writes "You may be aware of Donald Knuth, the creator of TeX and author of The Art of Computer Programming, who used to post checks to anyone who spotted an error in one of his books — one hexadecimal dollar, or $2.56. No one cashed them though. This blogger has two of them proudly on his wall, but the sad news is that modern day bank fraud has put a stop to Knuth's much-loved way of keeping his books free of errors." (Here's Knuth's own post about the sad change.)
Privacy

ACLU Creates Map of US "Constitution-Free Zone" 979

Posted by kdawson from the stay-well-inland dept.
trackpick points out a recent ACLU initiative to publicize a recent expansion of authority claimed by the Border Patrol to stop and search individuals up to 100 miles from any US border. They have created a map of what they call the US Constitution-Free Zone. "Using data provided by the US Census Bureau, the ACLU has determined that nearly 2/3 of the entire US population (197.4 million people) live within 100 miles of the US land and coastal borders. The government is assuming extraordinary powers to stop and search individuals within this zone. This is not just about the border: This 'Constitution-Free Zone' includes most of the nation's largest metropolitan areas.'"
Portables (Apple)

Users Rage Over Missing FireWire On New MacBooks 820

Posted by kdawson from the liar-liar-pants-not-wired dept.
CWmike writes "Apple customers, unhappy that the company dropped FireWire from its new MacBook (not the Pro), are venting their frustrations on the company's support forum in hundreds of messages. Within minutes of Apple CEO Steve Jobs wrapping up a launch event in Cupertino, Calif., users started several threads to vent over the omission. 'Apple really screwed up with no FireWire port,' said Russ Tolman, who inaugurated a thread that by Thursday has collected more than 300 messages and been viewed over 8,000 times. 'No MacBook with [FireWire] — no new MacBook for me,' added Simon Meyer in a message posted yesterday. Several mentioned that FireWire's disappearance means that the new MacBooks could not be connected to other Macs using Target Disk Mode, and one noted that iMovie will have no way to connect to new MacBooks. Others pointed out that the previous-generation MacBook, which Apple is still selling at a reduced price of $999, includes a FireWire port. Apple introduced FireWire into its product lines in 1999 and championed the standard."

Slashdot Top Deals

Any circuit design must contain at least one part which is obsolete, two parts which are unobtainable, and three parts which are still under development.

Close