Forgot your password?

+ - India forged Google SSL certificates

Submitted by NotInHere
NotInHere (3654617) writes "As Google writes on its Online Security Blog, the National Informatics Centre of India (NIC) used its intermediate CA certificate issued by Indian CCA, to issue several unauthorized certificates for Google domains, allowing to do Man in the middle attacks. Possible impact however is limited, as, according to Google, the root certificates for the CA were only installed on Windows, which Firefox doesn't use, and for the Chrom{e,ium} browser, the CA for important Google domains is pinned to the Google CA.
According to its website, the NIC CA has suspended certificate issuance, and according to Google, its root certificates were revoked by Indian CCA."

Comment: Re:Pretty sure this won't work (Score 3, Insightful) 309

You know, as a close relative of a victim of violent sexual assault, I take offense to your supposition that what my family member went through is exactly the same as what this woman is doing to herself. Don't bandy about the term "rape" for everything you disagree with, as it desensitizes people from the severity of that particular crime.

All the internets sir. You win them.

Comment: Better still (Score 1, Redundant) 83

by mfh (#47417139) Attached to: A Brain Implant For Synthetic Memory

Let's apply this towards eventually getting Matrix-styled learning models. Eventually we could implant memories of how to perform any skill. We could enable permanent muscle-memory learning instantaneously. Not only learning karate but being able to apply the lessons with strength and precision. Never having to work out to be in shape. Understanding advanced physics without ever taking a course at a university or even having any partial interest in the subject. That's a step towards singularity.

Comment: Human Safety Computing (Score 1) 30

by mfh (#47416879) Attached to: Interviews: Ask Juan Gilbert About Human-Centered Computing

To what extent are we able to compute safety related human dynamics issues and what is slowing us down in this particular programming area?

Can we ever come up with a safety system for a workplace that would be able to overcome employee buy-in issues early on, especially if the typical large corporation is in a constant tug of war with profit and employee needs?

You see whenever we introduce changes in policy in the workplace, employees assume they are going to be required to do MORE but they are not getting more money for the work so this tends at times to cause resistance from employees to safety policies. Management doesn't often understand the issues at hand so they tend to make contradictory safety policies as well, saying that things need to be addressed in a timely fashion.

But in the aftermath of this complexity, companies are often just faking safety in order to appear to be safe when in fact they are running at a significant moral hazard to everyone (their staff, the general public and anyone else for that matter).

This particular problem is of great interest to me and I find that whenever there is an imbalance between management and employee needs there is a systemic problem that is solvable but yet only once all the variables are on the table. The problem with human safety is that most of the variables are unknown.

The general equation for solving safety related issues is:

For every task an employee is required to do or will reasonably be presented with, the employee must be trained to perform the task safely within prescribed safety policy. This idea is fundamentally at odds with bravado in the workplace, hero complexes, profit margins and it goes directly against human psychopathy that is prevalent in modern corporate culture.

What's the best approach to stabilizing a safety model?

Comment: Re:Signals (Score 1, Interesting) 143

by mfh (#47415195) Attached to: Physicists Spot Potential Source of 'Oh-My-God' Particles

Unless the particles aren't the message but the means of communication. Maybe they form some kind of field mechanic communications bridge to enable instantaneous communications?

We should consider something like this instead of probes like Voyager. Eventually we'll find a way to use fields or lasers as a communications field conduit that enables immediate lagless communications. Someone is probably working on this right now. To some extent the teleportation technology we've seen for communications could use such beams as guidance and accelerators that cut down lag. So maybe instead of thousands of years the lag is like a day or an hour or a few minutes.

A darker side of this could mean that the existence these focused particles could prove someone is communicating with their homeworld from Earth.

The film Kpax used this kind of idea as his transportation method, which was a pretty awesome film.

Makes for some awesome sci-fi even if it's far fetched!

Comment: Signals (Score -1, Flamebait) 143

by mfh (#47414965) Attached to: Physicists Spot Potential Source of 'Oh-My-God' Particles

It would be really cool if we discovered these particles were actually packets of alien data. I mean if WE found a new civ and we decided to contact them I wonder how they would adapt to our technology. Wouldn't it present in a kind of similar way?

Because if these particles are pretty special, which they are, then can we not assume they might not be naturally occurring?

Comment: Garbage In (Score 1, Insightful) 222

by mfh (#47412903) Attached to: Avast Buys 20 Used Phones, Recovers 40,000 Deleted Photos

Mobile industry is afoul with moral hazard. They simply don't care about their clients because they only want to get paid once and then milk the clients for information.

Google's Android phones flat out REFUSE to uninstall Facebook, for example.

Users do not have control because we're experiencing what Oligarchy feels like.

Some of us remember what it was once like when you wanted to buy something and they would kiss your ass and make you at home while you were shopping. If you had any problems they would bend over backwards to serve you. That mentality is dead in the goods & service industry.

We are approaching the dusk of the psychopathic corporation era. Nothing after that folks. Thanks for playing.

Comment: Re:JS (Score 2) 68

by mfh (#47412877) Attached to: 'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

JS is totally impulsive for a site designer. They just decide to add so many different bells and whistles that they don't have enough time to do penetration tests on any of it. They grab source code from ANYWHERE and tack it on their site. Nobody checks that stuff.

Run NoScript and there are tons of sites calling 10+ different JS blocks.

Moral hazard.

Comment: Re:more leisure time for humans! (Score 1) 526

by Intrepid imaginaut (#47406421) Attached to: Foxconn Replacing Workers With Robots

"For example, "Free Market" is, for all intents and purposes, the god of capitalism, gets treated that way by everyone, has sacrifices performed to it, has temples and priests trying to predict its capricious whims, is the object of fundamentalist faith - I've had people define a human's very right to live in terms of body ownership - and doctrinal conflicts, etc. Someone who wasn't indoctrinated to the system from birth could hardly avoid classifying this all as a typical religion."

Sounds awfully like feminism or progressivism to me. Ideologies are generally counterproductive my friend, except Buddhism, and that only because its first and last instructions are to reject ideologies, including this one.

There is nothing so easy but that it becomes difficult when you do it reluctantly. -- Publius Terentius Afer (Terence)