Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - The first successful collision attack on the SHA-1 hashing algorithm

Artem Tashkinov writes: Researchers from Dutch and Singapore universities have successfully carried out an initial attack on the SHA-1 hashing algorithm by finding a collision at the SHA1 compression function.They describe their work in the paper "Freestart collision for full SHA-1". The work paves the way for full SHA-1 collision attacks, and the researchers estimate that such attacks will become reality at the end of 2015. They also created a dedicated web site called ironically The SHAppening.

Perhaps the call to deprecate the SHA-1 standard in 2017 in major web browsers seems belated and this event has to be accelerated.

Comment Re:Start over (Score 5, Informative) 191

Unlike iOS Android allows you to side load apps *officially* but in this case all bets are off and you MUST understand what you're doing. With Apple there's no such freedom (unless you root your phone which is unsafe and voids your warranty) at all.

So, Google's walled garden is at your full discretion. If you like the feeling of safety you stay in it. If you want freedom, you can leave it any time you want. Most Android phones even allow you to have root if you're hellbent on having total freedom [to destroy your device].

Comment Things to consider (Score 5, Informative) 191

In case you got a sophisticated piece of malware which installed a rootkit into your bootloader or system partition, a simple factory reset will *not* help, so your *only safe* remedy is to reflash your phone *completely*. Google for "Reflash Nexus 6" or follow this link: http://forum.xda-developers.co...

After that make sure you install apps *only* from Google Play and you have "Allow Unknown Sources" under Security disabled. Make sure that the apps you install have a considerable number of positive reviews and the apps make use of sane permissions.

Make sure you're the only person who uses your smartphone, because other people may do things you'll regret later. If you absolutely need to let someone use your phone, activate a guest account for them and let them run only the apps they need.

Create a decent password for your lock screen (at least six digits) and make sure your phone locks after a period of inactivity.

If you're extremely paranoid, before installing an app, find its offline version, i.e. apk (they are usually easily googeable) and run it through virustotal.com (I usually do that when I install unpopular dubious apps).

Comment HTTPS scanning (Score 5, Interesting) 229

./ has neglected an even bigger elephant in the room: most modern AV products insert their own HTTPS certificate into the OS you're running for your "safety" and "protection".

In short they scan the traffic which wasn't meant to be scanned by third parties, thus AV vendors circumvent the vary basis of encryption.

Welcome to a brave new world. Then your PC hasn't really belonged to you since 2008 or something but no one cares anyway: http://libreboot.org/faq/#inte...

I wonder if there's anything left to buy nowadays which is yours truly and which doesn't spy on you or have a dozen of backdoors for NSA/CIA/M5/etc.

Comment Oh, Russia (Score 1) 141

It has already been blocked: http://reestr.rublacklist.net/... - welcome to Russia.

Most sane people who value privacy and freedom in Russia use TOR or VPN, because far too many websites are blocked while they contain a single "infringing" document. Unfortunately when we're talking about HTTPS the only way to block the infringing document is to take down the whole website.

Comment Unsympathetic (Score 1) 83

Well, I'm not so sympathetic with the conclusions.

Firstly, English is perhaps the most vocal language among all existing languages on Earth, it has far too many words which sound like the object being described.

Secondly, there's German.

Thirdly, and let me quote the article, "Their guesses were not nearly as good as the face-to-face participantsâ"35.6% right versus 82.2%â"but they had only one round in which to make their guess." Now, I'm not a mathematician but everything below 50% sounds like a wild guess to me.

Submission + - Destroying the Windows 10 hype train

An anonymous reader writes: Now that Windows 10 is out and the clamour in its regard has substantially subdued it's time to revisit what it's given and what it's taken from us. An unknown person has compiled a wonderful list of the new Windows 10 features which show that in many ways this version of Windows is worse than almost universally abhorred Windows 8.

What's your take? How do you like Windows 10 two weeks after it was released? Has it improved your productivity? Do you believe Microsoft has redeemed itself after the Windows 8 fiasco?

Comment Won't work (Score 1) 136

First of all there are immortal cookies (infinite cache entries created specifically for your unique PC). Secondly, there's a unique combination of your web browser + OS + fonts + plug ins: https://panopticlick.eff.org/ Thirdly, there are unique patterns in your behaviour (websites that you visit and how frequently you do that) and other wonderful metrics to trace you.

If you want to avoid being traced and tracked there's just one way:

  • You buy a single time anonymous SIM card.
  • You go to some public place where there no web cameras installed or you're not under their monitoring.
  • You browse the web using at least TOR, or even better a combination of VPN + TOR.
  • You use the most common computer OS (Windows 7 64), the most common web browser (IE11/Google Chrome or Mozilla Firefox) and the least number of browser plugins and extensions.
  • You do NOT login using Facebook/Google/Microsoft/Yahoo/etc. services, because these companies trace your presence on unrelated websites using various "Share Me" options.
  • You do NOT use Skype/WhatsApp/Vibe other apps.
  • You completely destroy your browser profile and this SIM card after you're finished.

This is actually a recipe for browsing the web anonymously however this is the reality of the modern web - not to be traced means to be anonymous as much as possible.

Comment If you're f*cked you're more than f*cked (Score 1) 128

"To exploit the vulnerability and install the rootkit, attackers would need to already have kernel or system privileges on a computer."

You know, even without this particular SMM attack vendor, a hacker who already has system level privileges on your PC renders your PC totally insecure, besides he also can ... rewrite BIOS or various firmware components of your PC to allow his code to survive an HDD wipe.

Comment I've seen better comparisons (Score 2) 98

A much better comparison would have been if they'd compared the same CPUs at the same frequency so that IPC gains could be immediately spotted. Also I've never understood the point of all-in-one benchmarks like PCMark which measure everything and nothing because various PCs with wildly different CPUs/GPUs/RAM configurations have very similar results.

The trouble with doing something right the first time is that nobody appreciates how difficult it was.