Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - The Pirate Bay co-founder unveils Helm.is – an app "where no one can liste->

Submitted by hypnosec
hypnosec (2231454) writes "Peter Sunde, the Pirate Bay co-founder, has unveiled Helm.is – a highly secure alternative to apps like WhatsApp, Viber and other such similar messaging service. The main motive behind developing Helm.is, according to Sunde and his partners, Leif Högberg and Linus Olsson, is to keep government spying and snooping agencies away from people’s messages at a time when surveillance activities alongside privacy violations are at an all time high – as recently revealed by Edward Snowden. The anti-snooping app isn’t ready yet as the code is still in the works. The project is currently in funding mode and out of the $100,000 goal, Helm.is has already received $36,329 as of this writing. Helmis means ‘secret’ in Swedish and the app will compete directly with services such as Phil Zimmerman’s Silent Circle."
Link to Original Source

+ - Heml.is, new encrypted messaging service from the brokep of The Pirate Bay 1

Submitted by freddej
freddej (122902) writes "Heml.is ("secret" in Swedish), is a new peer encrypted messaging service from some of the guys behind TPB and Flattr. They describe it as this: "Our focus is your privacy so we are building everything from software to company structure to protect that. The others are focused on maximising profit.". So if you agree on the mantra that "if you're not paying, you're the product" then you might want to check them out."

+ - New Attack Breaks Security Model of SSL->

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Two researchers have developed a new attack on TLS 1.0/SSL 3.0 that enables them to decrypt client requests on the fly and hijack supposedly confidential sessions with sensitive sites such as online banking, e-commerce and payment sites. The attack breaks the confidentiality model of the protocol and is the first known exploitation of a long-known flaw in TLS, potentially affecting the security of transactions on millions of sites.

The researchers use what's known as a block-wise chosen-plaintext attack against the AES encryption algorithm that's used in TLS/SSL. In order to execute their attack, researchers Juliano Rizzo and Thai Duong use a new tool they developed called BEAST (Browser Exploit Against SSL/TLS) against a victim who is on a network on which they have a man-in-the-middle position. Once a victim visits a high-value site, such as PayPal, that uses TLS 1.0, and logs in and receives a cookie, they inject the client-side BEAST code into the victim's browser. This can be done through the use of an iframe ad or just loading the BEAST JavaScript into the victim's browser.

The same researchers developed the padding oracle attack against ASP.NET apps last year that required an emergency patch from Microsoft."

Link to Original Source

+ - Stephen Fry and DVD Jon back USB Sniffer Project->

Submitted by Anonymous Coward
An anonymous reader writes "bushing and pytey of the iPhone DevTeam and Team Twiizers have created a Kickstarter project to fund the build of an open-source/open-hardware high-speed USB protocol analyzer. The board features a high-speed USB 2.0 sniffer that will help with the reverse engineering of proprietary USB hardware, the project has gained the backing from two high-profile individuals Jon Lech Johansen (DVD Jon) and Actor and Comedian Stephen Fry"
Link to Original Source

Comment: Re:This has been envisioned for quite a while... (Score 1) 282

by freddej (#26652409) Attached to: Cox Communications and "Congestion Management"

That's a good point. The negative side of it is that most of the P2P apps always sets the highest prio, so it doesn't work very well anyway.

Look at the traffic with DPI is unfortunately the only way to be sure of what apps has which DSCP flag, and even enables you to rewrite this flag to match what you really think the particular app should have in your (as in the ISP's) part of the network.

He: Let's end it all, bequeathin' our brains to science. She: What?!? Science got enough trouble with their OWN brains. -- Walt Kelly