Forgot your password?
typodupeerror

+ - In Wake of Latest Crypto Revelations, 'Everything is Suspect'->

Submitted by msm1267
msm1267 (2804139) writes "So now that RSA Security has urged developers to back away from the table and stop using the maligned Dual Elliptic Curve Deterministic Random Bit Generation (Dual EC DRBG) algorithm, the question begging to be asked is why did RSA use it in the first place?
Since 2007, experts have been suspicious about this particular algorithm, which was submitted by the NSA as part of NIST Special Publication 800-90; it stood out like a sore thumb then because it was slow and its PRNG contained a bias.
Yet RSA included it by default in a number of products and it is being used by many other applications, putting all of those software programs within the purview of NSA surveillance.
“I wrote about it in 2007 and said it was suspect. I didn’t like it back then because it was from the government,” expert Bruce Schneier said. “It was designed so that it could contain a backdoor. Back then I was suspicious, now I’m terrified. We don’t know what’s been tampered with. Nothing can be trusted. Everything is suspect.""

Link to Original Source

+ - Steve Ballmer calls Google a monopoly, questions their practices->

Submitted by JoeyRox
JoeyRox (2711699) writes "Outgoing Microsoft CEO Steve Ballmer lamented Google's success in a meeting with financial analysts yesterday, saying "They (Google) have this incredible, amazing, dare I say monopoly that we are the only person left on the planet trying to compete with.". Ballmer continued with more pointed criticisms, stating "I do believe that Google's practices are worthy of discussion with competition authority, and we have certainly discussed them with competition authorities"."
Link to Original Source

+ - Conflict minerals and cell phones 1

Submitted by Presto Vivace
Presto Vivace (882157) writes "Is your cellphone made with conflict minerals mined in the Congo? The industry doesn’t want you to know.

If you are reading this on a smartphone, then you are probably holding in your palm the conflict minerals that have sent the biggest manufacturing trade group in the U.S. into a court battle with the Securities and Exchange Commission. At stake in this battle between the National Association of Manufacturers and the government is whether consumers will know the potentially blood-soaked origins of the products they use every day and who gets to craft rules for multinational corporations—Congress or the business itself.

"

+ - USAF almost nuked North Carolina in 1961 – declassified document-> 1

Submitted by Freshly Exhumed
Freshly Exhumed (105597) writes "A secret document, published in declassified form for the first time by the Guardian today, reveals that the US Air Force came dramatically close to detonating an atom bomb over North Carolina that would have been 260 times more powerful than the device that devastated Hiroshima.

The document, obtained by the investigative journalist Eric Schlosser under the Freedom of Information Act, gives the first conclusive evidence that the US was narrowly spared a disaster of monumental proportions when two Mark 39 hydrogen bombs were accidentally dropped over Goldsboro, North Carolina on 23 January 1961. The bombs fell to earth after a B-52 bomber broke up in mid-air, and one of the devices behaved precisely as a nuclear weapon was designed to behave in warfare: its parachute opened, its trigger mechanisms engaged, and only one low-voltage switch prevented untold carnage."

Link to Original Source

+ - SUSE's global HR talks about employing Linux talent

Submitted by lorddebian
lorddebian (1182163) writes "The SUSE’s Global HR Director elaborates on the recruitment process at SUSE. When asked to put a value on certification vs work experience she stated that "certifications are nice, but not essential for most roles. Active participation in the open source community, relevant experience and technical knowledge are better resume triggers." According to SUSE’s Global HR Director, the best skills to master by job seekers desiring to pursue a Linux career in 5 years are: C, C++, Python, Ruby on rails and experience with OpenStack and Cloud Computing."

+ - What are the Consumers' Rights to Modify Files in Their Devices?

Submitted by michalk
michalk (750517) writes "I own a device that was manufactured in the post-DMCA period that uses a database. This database is available from only one company. I've looked at the files in the database card, of which there are two files: the actual database, and what I believe to be a signature. Changing one or the other causes the device to refuse to work.
I have come to the point where I want to make my own database, but there is no way to do this unless I know how to make the device accept the signature file.
What are the consumer rights in this circumstance? DMCA most likely prevents reverse engineering, but I don't want their database. I'm not interested in duplicating or reverse engineering the hardware, but that seems like the only way to get around their DRM to use my own data.
Searching Google, I get drowned in other irrelevant DRM arguments and am unable to find examples relevant to supplanting data provided by a company on my device.
Is this legal?"

+ - Snowden docs: Brits hacked accounts of Belgian IT admins for GRX network access->

Submitted by Anonymous Coward
An anonymous reader writes "Seems like the British secret service GCHQ is willing to penetrate the networks of telecoms firms to subsequently use them for spying: German magazine DER SPIEGEL reports GCHQ hacked the machines of Belcacom staff to later use their GRX routers for targeted man-in-the-middle-attacks on people's phones. DER SPIEGEL publishes three originals slides from a GCHQ presentation. They specifically mention targeting "engineers/systems administrators"."
Link to Original Source

+ - RSA devs - Do NOT USE RSA as it may have been backdoored by the NSA-> 2

Submitted by Anonymous Coward
An anonymous reader writes "RSA, the internet security firm, has warned customers not to use one of its own encryption algorithms after fears it can be unlocked by the US National Security Agency (NSA).
In an advisory note to its developer customers, RSA said that a default algorithm in one of its toolkits could contain a "back door" that would allow the NSA to decrypt encrypted data.
It "strongly recommends" switching to other random number generators.
RSA is reviewing all its products.

- Source (bbc.co.uk)"

Link to Original Source

Comment: Well, probably (Score 1) 2

by Naish0ze (#44110053) Attached to: Did Skype tip the government about NSA leak?

A: The FSB has claimed that they are able to tap skype calls,

http://tech.slashdot.org/story/13/03/15/1241229/russian-fsb-can-reportedly-tap-skype-calls

and B: Skype (Mirosoft) is in the list of cooperating companies in Snowdens PRISM disclosure. If A and B are true, C: it is likely that ALL skype calls are either actively intercepted in real time or logged for voice and language analysis later (probably minutes later) (In fiction this is a central part of a 'Project Black Briar')

If that doesn't give you the willies and make you clutch your laptop and hide under the bed, well try this on for size.

http://www.news.com.au/world-news/reporter-michael-hastings-sent-panicky-email-hours-before-sudden-car-crash-death/story-fndir2ev-1226669297371

Slate reports (Hastings) last email, found by a friend, read: "Hey... the feds are interviewing my 'close friends and associates.' Perhaps if the authorities arrive 'buzz Feed GQ' er HQ, may be wise to immediately request legal counsel before any conversations or interviews about our news-gathering practices or related journalism issues. Also: I'm onto a big story, and need to go off the radar for a bit."

Investigators are yet to formally identify Hastings' body as his remains are so badly charred.

On the subject of his car accident, the LAPD says there are no signs of foul play. His Mercedes reportedly hit a tree at high speed, causing the car to burst into flames. But there are some eyewitness accounts which suggest his car exploded before impact.

It would seem a stolen laptop may be the least of our concerns

+ - Did Skype tip the government about NSA leak?-> 2

Submitted by sfcrazy
sfcrazy (1542989) writes "Glen Greenwald recently told the world that Edward Snowden has NSA documents encrypted and distributed to a few key people — and it will be decrypted if anything happens to him. Another aspect of the story which was overlooked was that when Glen told his colleague that he would send some documents to him his (the colleague's) laptop was stolen after two days. Glen gave this info about sending document to his colleague over Skype. Does that mean that Microsoft is working with the government to let them spy on people? Not surprising Microsoft recently patented a technology to just that."
Link to Original Source

Comment: Re:Wrong by law (Score 1) 601

by Naish0ze (#44108245) Attached to: Edward Snowden is ...

While I understand the fears of prosecution, his evasive actions are marks against hero-status. Third, he's avoided channels that actually exist for this purpose... there are whistleblower protections and organizations and laws, and even US newspapers where at least the responsibilities to national security would be more closely managed.

Except when the risk is that those 'whistleblower protections' wont protect you from...

"Hey... the feds are interviewing my 'close friends and associates.' Perhaps if the authorities arrive 'buzz Feed GQ' er HQ, may be wise to immediately request legal counsel before any conversations or interviews about our news-gathering practices or related journalism issues. Also: I'm onto a big story, and need to go off the radar for a bit."

...

Investigators are yet to formally identify Hastings' body as his remains are so badly charred.

So Um, sometimes you need to RUN hard, fast, far, and keep moving!

+ - Backdoor in HP StoreOnce backup systems discovered-> 1

Submitted by hypnosec
hypnosec (2231454) writes "A security researcher is claiming that he has discovered an undocumented administrator level SSH username in HP StoreOnce backup systems, which if used along with its password will allow complete access to the system. The researcher going by the pseudonym Technion has claimed that he has been in touch with HP for weeks now but, his status update requests are being ignored and such a behavior from HP despite being involved in Zero Day Initiative (ZDI) is unacceptable. Disclosing the details of the backdoor, Technion has published the password required for the ‘HPSupport’ username but, in a SHA1 hash."
Link to Original Source

+ - Snowden Sought NSA Job In Order To Leak->

Submitted by J053
J053 (673094) writes "The HuffPo reports:

Edward Snowden, the former government contractor who leaked information on the National Security Agency's surveillance programs, says he sought the job with Booz Allen Hamilton to gather evidence on the agency's data collection networks.

In a June 12 interview with the South China Morning Post published Monday, Snowden, who previously worked as a CIA technician, said he took the position with the intention of collecting information on the NSA.

“My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked,” he said. “That is why I accepted that position about three months ago.”"

Link to Original Source

Save energy: Drive a smaller shell.

Working...