Forgot your password?
typodupeerror

+ - OpenBSD Team Cleaning Up OpenSSL

Submitted by Iarwain Ben-adar
Iarwain Ben-adar (2393286) writes "The OpenBSD has started a cleanup of their in-tree OpenSSL library. Improvements include removing "exploit mitigation countermeasures", fixing bugs, removal of questionable entropy additions, and many more. If you support the effort of these guys who are responsible for the venerable OpenSSH library, consider a donation to the OpenBSD Foundation. Maybe someday we'll see a "portable" version of this new OpenSSL fork. Or not.
 "
The Media

Guardian and WaPo Receive Pulitzers For Snowden Coverage 75

Posted by Unknown Lamer
from the pulitzer-prize-board-added-to-terrorist-organization-list dept.
Late Yesterday, the Pulitzer Prize board announced (PDF) the 2014 Pulitzer Prize winners. The public service prize was awarded to the Guardian and the Washington Post. The Washington Post was given the award for its role in revealing widespread surveillance by the NSA, "...marked by authoritative and insightful reports that helped the public understand how the disclosures fit into the larger framework of national security," and the Guardian for sparking "...a debate about the relationship between the government and the public over issues of security and privacy." Snowden released a statement praising the Pulitzer board: "Today's decision is a vindication for everyone who believes that the public has a role in government. We owe it to the efforts of the brave reporters and their colleagues who kept working in the face of extraordinary intimidation, including the forced destruction of journalistic materials, the inappropriate use of terrorism laws, and so many other means of pressure to get them to stop what the world now recognizes was work of vital public importance. This decision reminds us that what no individual conscience can change, a free press can. "
Technology

This 1981 BYTE Magazine Cover Explains Why We're So Bad At Tech Predictions 259

Posted by Unknown Lamer
from the futuristic-but-not-too-futuristic dept.
harrymcc (1641347) writes "If you remember the golden age of BYTE magazine, you remember Robert Tinney's wonderful cover paintings. BYTE's April 1981 cover featured an amazing Tinney image of a smartwatch with a tiny text-oriented interface, QWERTY keyboard, and floppy drive. It's hilarious — but 33 years later, it's also a smart visual explanation of why the future of technology so often bears so little resemblance to anyone's predictions. I wrote about this over at TIME.com. 'Back then, a pundit who started talking about gigabytes of storage or high-resolution color screens or instant access to computers around the world or built-in cameras and music players would have been accused of indulging in science fiction.'"
Medicine

U.S. Biomedical Research 'Unsustainable' Prominent Researchers Warn 131

Posted by Unknown Lamer
from the phd-researcher-deathmatch dept.
sciencehabit (1205606) writes "The U.S. biomedical science system 'is on an unsustainable path' and needs major reform, four prominent researchers say. Researchers should 'confront the dangers at hand,' the authors write, and 'rethink' how academic research is funded, staffed, and organized. Among other issues, the team suggests that the system may be producing too many new researchers and forcing them to compete for a stagnating pool of funding."
Windows

Microsoft Confirms It Is Dropping Windows 8.1 Support 536

Posted by Unknown Lamer
from the little-orphan-windows dept.
snydeq (1272828) writes "Microsoft TechNet blog makes clear that Windows 8.1 will not be patched, and that users must get Windows 8.1 Update if they want security patches, InfoWorld's Woody Leonhard reports. 'In what is surely the most customer-antagonistic move of the new Windows regime, Steve Thomas at Microsoft posted a TechNet article on Saturday stating categorically that Microsoft will no longer issue security patches for Windows 8.1, starting in May,' Leonhard writes. 'Never mind that Windows 8.1 customers are still having multiple problems with errors when trying to install the Update. At this point, there are 300 posts on the Microsoft Answers forum thread 'Windows 8.1 Update 1 Failing to Install with errors 0x80070020, 80073712 and 800F081F.' The Answers forum is peppered with similar complaints and a wide range of errors, from 800F0092 to 80070003, for which there are no solutions from Microsoft. Never mind that Microsoft itself yanked Windows 8.1 Update from the corporate WSUS update server chute almost a week ago and still hasn't offered a replacement.'"
The Almighty Buck

IRS Can Now Seize Your Tax Refund To Pay a Relative's Debt 582

Posted by Unknown Lamer
from the dead-...-beat-relatives? dept.
Hugh Pickens DOT Com (2995471) writes "Just in time for the April 15 IRS filing deadline comes news from the Washington Post that hundreds of thousands of taxpayers expecting refunds are instead getting letters informing them of tax debts they never knew about: often a debt incurred by their parents. The government is confiscating their checks, sometimes over debts 20—30 years old. For example, when Mary Grice was 4 (in 1960), her father died ... 'Until the kids turned 18, her mother received survivor benefits from Social Security ... Now, Social Security claims it overpaid someone in the Grice family in 1977. ... Four years after Sadie Grice died, the government is coming after her daughter. ... "It was a shock," says Grice, 58. "What incenses me is the way they went about this. They gave me no notice, they can't prove that I received any overpayment, and they use intimidation tactics, threatening to report this to the credit bureaus."' The Treasury Department has intercepted ... $75 million from debts delinquent for more than 10 years according to the department's debt management service. 'The aggressive effort to collect old debts started three years ago — the result of a single sentence tucked into the farm bill lifting the 10-year statute of limitations on old debts to Uncle Sam.'"
Space

Saturn May Have Given Birth To a Baby Moon 69

Posted by Unknown Lamer
from the probably-an-alien-spacecraft dept.
astroengine (1577233) writes "NASA's Saturn-orbiting Cassini spacecraft has imaged something peculiar on the outermost edge of the gas giant's A-ring. A bright knot, or arc, has been spotted 20 percent brighter than the surrounding ring material and astronomers are interpreting it as a gravitational disturbance caused by a tiny moon. "We have not seen anything like this before," said Carl Murray of Queen Mary University of London. 'We may be looking at the act of birth, where this object is just leaving the rings and heading off to be a moon in its own right.'"
Mozilla

Mozilla Appoints Former Marketing Head Interim CEO 201

Posted by Unknown Lamer
from the but-chris-beard-hates-kittens dept.
itwbennett (1594911) writes "Following the contentious and ultimately failed appointment of Brendan Eich as CEO last month, the Mozilla Corporation has appointed Chris Beard to the board of directors and made him interim CEO. Beard starting working as chief marketing officer for Mozilla in 2004, and oversaw the launch of its current browser, Firefox, in 2005. Beard also managed the launches of Firefox on Android and the Firefox OS for mobile phones." See the official announcement. Quoting: "We began exploring the idea of Chris joining the Board of Directors some months ago. Chris has been a Mozillian longer than most. He’s been actively involved with Mozilla since before we shipped Firefox 1.0, he’s guided and directed many of our innovative projects, and his vision and sense of Mozilla is equal to anyone’s. I have relied on his judgement and advice for nearly a decade. This is an excellent time for Chris to bring his understanding of Mozilla to the Board."
Encryption

First Phase of TrueCrypt Audit Turns Up No Backdoors 168

Posted by Unknown Lamer
from the only-slightly-insecure dept.
msm1267 (2804139) writes "A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase. A report on the first phase of the audit was released today (PDF) by iSEC Partners, which was contracted by the Open Crypto Audit Project (OCAP), a grassroots effort that not only conducted a successful fundraising effort to initiate the audit, but raised important questions about the integrity of the software.

The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code reviews were performed, as well as penetration tests including fuzzing interfaces, said Kenneth White, senior security engineer at Social & Scientific Systems. The second phase of the audit will look at whether the various encryption cipher suites, random number generators and critical key algorithms have been implemented correctly."

+ - US Government confiscates passport of citizen while overseas, doesn't say why-> 1

Submitted by Faizdog
Faizdog (243703) writes "The US State Department has confiscated the passport of a US citizen who is overseas. Due to that, he is in a precarious situation regarding his legal status.

The State Dept. has given no explanation for their actions.

Federal law requires that US citizens be granted a hearing before their passports are revoked. According to the man’s attorneys: “Having a passport is part of a citizen’s right to international travel, because without a passport you’re not able to move about or return to the US they can revoke it if they believe it has been obtained fraudulently. But here, there isn’t any allegation of wrongdoing.”

How does one answer the question “papers please?” when they government has taken your papers?"

Link to Original Source
Encryption

Theo De Raadt's Small Rant On OpenSSL 301

Posted by timothy
from the heartbleed-of-the-matter dept.
New submitter raides (881987) writes "Theo De Raadt has been on a better roll as of late. Since his rant about FreeBSD playing catch up, he has something to say about OpenSSL. It is worth the 5 second read because it is how a few thousand of us feel about the whole thing and the stupidity that caused this panic." Update: 04/10 15:20 GMT by U L : Reader badger.foo pointed out Ted Unangst (the Ted in the mailing list post) wrote two posts on the issue: "heartbleed vs malloc.conf and "analysis of openssl freelist reuse" for those seeking more detail.

+ - Scientists 'Tricked' Into Appearing in Geocentric Universe Documentary ->

Submitted by EwanPalmer
EwanPalmer (2536690) writes "Three scientists and Star Trek actress Kate Mulgrew say they were duped into appearing in a controversial documentary which claims the Earth is the center of the Universe.

The Principle, a film which describes itself as "destined to become one of the most controversial films of our time”, argues the long-debunked theory of geocentrism – where the earth is the center of the Universe and the Sun resolves around it – is true and Nasa has tried to cover it up.

The film features the narration of actress Mulgrew, who played the part of captain Kathryn Janeway in Star Trek Voyager, as well as three prominent scientists."

Link to Original Source

+ - Heartbleed OpenSSL Vulnerability: A Technical Remediation

Submitted by Anonymous Coward
An anonymous reader writes "Since the announcement, there has been buzz around the underground and malicious actors have been actively leaking software library data and using one of the several provided PoC code to attack the massive amount of services available on the internet. One of the more complicated issues is that the OpenSSL patches were not in-line with the upstream of large Linux flavors. We have had a opportunity to review the behavior of the exploit and have come up with the following IDS signatures to be deployed for detection."

"Just Say No." - Nancy Reagan "No." - Ronald Reagan

Working...