writes: Two researchers have developed a new attack on TLS 1.0/SSL 3.0 that enables them to decrypt client requests on the fly and hijack supposedly confidential sessions with sensitive sites such as online banking, e-commerce and payment sites. The attack breaks the confidentiality model of the protocol and is the first known exploitation of a long-known flaw in TLS, potentially affecting the security of transactions on millions of sites.
The attack, developed by Juliano Rizzo and Thai Duong, will be presented at the Ekoparty conference in Argentina on Friday, and, unlike many other attacks on TLS and SSL, it has nothing to do with the certificate trust model in the protocol. Instead, the researchers have developed a tool called BEAST that enables them to grab and decrypt HTTPS cookies from active user sessions. The attack can even decrypt cookies that are marked HTTPS only from sites that use HTTP Strict Transport Security, which forces browsers to communicate over TLS/SSL when it's available.Link to Original Source
An anonymous reader writes: One week after Sony's PlayStation 3 private cryptography key was obtained, FreeBSD is up and running on the PS3. There are still a few problems and rough edges, but they should be ironed out when FreeBSD 9.0 is released:
Nathan Whitehorn writes:
"Yesterday, I imported support for the Sony Playstation 3 into our 64-bit PowerPC port, expanding our game console support into the current generation.
There are still a few rough edges due to missing hardware support, but the machine boots and runs FreeBSD stably. These rough edges should be
smoothed out in time for the 9.0 release."
Mailing List Announce- http://docs.freebsd.org/cgi/getmsg.cgi?fetch=559737+0+archive/2011/freebsd-current/20110109.freebsd-current
writes: From an AAAS news release: "Bacteria made quick work of the methane released by the Deepwater Horizon blowout, digesting most of the gas within the four months after its release, according to a new study published online at ScienceExpress." This study however did not deal with other chemicals (oil) from the disaster's fallout. A glimpse of good news from the disaster's fallout...Link to Original Source
writes: From Scientific American: "An accidental find in a star-forming dwarf galaxy shows that black holes may mature early in galaxy evolution" also "if giant black holes in star-forming dwarf galaxies prove to be common—that is, if Henize 2-10 is not an outlier but a representative of a larger population—they may have much to tell about the formation of primordial black holes and galaxies in the early universe" I personally do not come from a large point of knowledge here, but I found this read very interesting and thought someone else would share my sentiment.Link to Original Source
writes: The New York Times reports that Russia selectively pursues software piracy complaints from Microsoft in order to suppress the opposition — confiscating computers for evidence, searching offices, and the like. Microsoft lawyers usually back the authorities in such cases, even when cases such as that of the environmentalist group Baikal Waves, which went out of its way to buy licenses to prevent police harassment and nevertheless had its offices raided, and its computers confiscated. Microsoft participated in this legal process. Published alongside this story, under the same byline, is a related piece on the collusion of Microsoft lawyers with corrupt Russian police in extorting money from the targets of software piracy investigations. In a responding press release, the company states, 'Microsoft antipiracy efforts are designed to honor both [antipiracy concerns and human rights], but we are open to feedback on what we can do to improve in that regard.'Link to Original Source
writes: The NY Times is reporting that Microsoft directly aided the arrest of Russian evenvironmental activists. The Baikal Environmental Wave was organizing protests against Prime Minister Vladimir V. Putin's decision to reopen a paper factory that had polluted nearby Lake Baikal. Instead, the group fell victim to one of the authorities' newest tactics for quelling dissent: confiscating computers under the pretext of searching for pirated Microsoft software. As the ploy grows common, the authorities are receiving key assistance from an unexpected partner: Microsoft itself. Baikal Wave, in fact, said it had purchased and installed legal Microsoft software specifically to deny the authorities an excuse to raid them. The group later asked Microsoft for help in fending off the police. "Microsoft did not want to help us, which would have been the right thing to do," said Marina Rikhvanova, a Baikal Environmental Wave co-chairwoman.
writes: The NY Times reports that the Roman Catholic Archbishop of Melbourne has announced a ban on the playing of pop music at funerals, which, he said, are not to be described as “a celebration of the life of” the deceased. According to new guidelines published on Archbishop Denis Hart’s Web site: "Secular items are never to be sung or played at a Catholic funeral, such as romantic ballads, pop or rock music, political songs, football club songs." According to a cemetery contacted by Melbourne's Herald Sun, a list of more unusual songs played at Australian funerals includes: “Always Look on the Bright Side of Life” by Monty Python, “Another One Bites the Dust” by Queen, “Highway to Hell,” by AC/DC and “Ding Dong the Witch is Dead” from “The Wizard of Oz.”Link to Original Source
writes: The month of June started with a bad news for all the Windows systems power users and personalizations fans: X-Setup Pro, a long-history tweaking software with unique features, reached the end of its lifetime. Because of its financial problems, the company behind X-Setup interrupted the program’s development giving away the latest version with a serial code useful for its registration.Link to Original Source
writes: You think copyright can't get any more Draconian? Think again: in Germany, newspaper publishers are lobbying for "a new exclusive right conferring the power to monopolise speech e.g. by assigning a right to re-use a particular wording in the headline of a news article anywhere else without the permission of the rights holder. According to the drafts circulating in the internet, permission shall be obtainable exclusively by closing an agreement with a new collecting society which will be founded after the drafts have matured into law. Depending on the particulars, new levies might come up for each and every user of a PC, at least if the computer is used in a company for commercial purposes." Think that will never work because someone will always break the news cartel? Don't worry, they've got that covered too: they want to "to amend cartel law in order to enable a global 'pooling' of all exclusive rights of all newspaper publishers in Germany in order to block any attempt to defect from the paywall cartell by single competitor." And rest assured, if anything like this passes in Germany, publishers everywhere will be using the copyright ratchet to obtain "parity".Link to Original Source
writes: After 30 years (since the public vote in 1980) the ban on nuclear power in Sweden has been lifted. The decision means a maximum of 10 reactors in Sweden will be allowed, meaning old ones have to be shut down to start a new reactor. No government funds will be allowed to be used to subsidize any nuclear power endeavors.
However, the opposing parties have promised to reverse the decision if they gain power in the September election.Link to Original Source
writes: Over the last couple of years I've been slowly getting deaf. Too much loud rock and roll I suppose. After flubbing a couple of job interviews because I couldn't understand my inquisitors I had a hearing test which confirmed what I already knew, I'm deaf. So I tried on a set of behind the ear hearing aids, wow, my keyboard makes clacks as I type and my wife doesn't mumble to herself. Then I asked how much: $3700 for the pair. Hey I'm unemployed. The cheapest digital hearing aids thy had were $1200 each. WYF? If you look at the specs they are not very impressive. A digital hearing aid has a low power A to D converter. Output consists of D to A conversion with volume passing through an equalizer that inversely matches your hearing loss. Most hearing loss, mine included, is frequency dependent so an equalizer does wonders. The "cheap" hearing aids had only 4 channels while the high end one had 12. My 1970 amplifier had more than that. I suppose they have some kind of noise reduction circuitry too but that's pretty much it. So my question is this — when I can get a very good netbook computer for under $400 why do I need to pay $1200 per ear for a hearing aid? Alternatives would be welcome.