Forgot your password?
typodupeerror

+ - "Canvas Fingerprinting" Online Tracking Difficult To Block->

Submitted by globaljustin
globaljustin (574257) writes "First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor’s Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it.

[The] fingerprints are unusually hard to block: They can’t be prevented by using standard Web browser privacy settings or using anti-tracking tools such as AdBlock Plus.

The researchers found canvas fingerprinting computer code, primarily written by a company called AddThis, on 5 percent of the top 100,000 websites."

Link to Original Source

+ - Online Advertising of the Mujahideen Kind-> 1

Submitted by Taco Cowboy
Taco Cowboy (5327) writes "As ISIL's push into Iraq has been making headline news, and as picture/video of their slaughter of thousands of Iraqi prisoners have gone viral, a recruiting video has also making its online debut, starring three Britons and two Australians

Nasser Muthana, 20, with the nom du guerre of Abu Muthanna al Yemeni, along with Abu Dujana al Hindi and Abu Bara al Hindi are the three Britons are the stars of the Mujahidden recruitment video, appealing all their brothers to "fight for Allah. Sacrifice for Allah"

"Are you willing to sacrifice this for the sake of Allah? Definitely, if you sacrifice something for Allah, Allah will give you 700 times more than this "

Addressing to those who are scared of being killed, the Briton Abu Dujana al Hindi said

"What prevents you from obtaining martyrdom? You are going to die anyway"

This 13-minute video has shocked the British Prime Minister David Cameron so much that he has directed his Home Office to work with internet companies to stop terrorist messages from being broadcast

"

Link to Original Source

+ - 12 year old develops a Braille Printer from Lego->

Submitted by Anonymous Coward
An anonymous reader writes "Developed by Shubham Banerjee, a 7th grade student from Santa Clara, California. BRAIGO is a Braille Printer using Lego Mindstorms EV3. This concept slashes the price of a printer from more than $2000 to $350. Thus giving a more cost effective printer for the disadvantaged. Additionally he plans to give the design and code for free download.
ref: http://www.indiawest.com/news/...
ref: http://sociotechnocrat.kinja.c..."

Link to Original Source

+ - Next-gen USB connector will be reversible->

Submitted by TinTops
TinTops (2954063) writes "The next micro-usb equivalent will be a thin, USB 3.0 speed connector which can be inserted either way up. Hopefully this will let the rest of the smartphone industry catch up with Apple's Lightning.

"The new specification is currently under development and will be called USB Type-C, according to the USB 3.0 Promoter Group. In addition to an orientation-neutral design, the Type-C will feature USB 3.0 speeds – around 640MBps – with the addition of scalable charging, meaning devices with larger batteries can be charged more quickly.""

Link to Original Source

+ - Best resources for job searching internationally?

Submitted by thesandbender
thesandbender (911391) writes "I'm a U.S. Citizen and my spouse is Japanese (with a U.S. green card) . Recently we've had serious discussions about relocating to Japan for various personal reasons. What sites and resources does the /. community recommend for finding employment overseas? Also, are there any issues I should watch out for (e.g. companies using H1-B sponsorship for near extortion here in the U.S.)? I'm specifically interested in Japan (obviously) but I'm sure a lot of people have the same question for other countries."

+ - Australian Devs Launch Crowd Funding for Open Software, Open Hardware, Router 3

Submitted by Anonymous Coward
An anonymous reader writes "Australian devs have launched a crowd funding campaign to market an open software, open hardware platform to protect against wholesale snooping. Stilgherrian from ZDNet writes:

If Redfish's crowdfunding campaign is successful, the ORP1 will fill a valuable niche in the marketplace: A high-performance router that's available commercially with all the right certifications, rather than having to be built by a hobbyist, which has the potential to dramatically improve privacy protection for ordinary households.

While it's clear from the specs that they're targeting commercial grade routers, the hardware could just as easily run other applications requiring higher performance than is available on platforms like the rPi and Beaglebone. Can a completely open system compete against tier 2 and tier 3 companies in this field?"

+ - Xerox to correct dangerous software bug in their scan copiers

Submitted by Anonymous Coward
An anonymous reader writes "To all of those making fun of the German dude and saying he didn't read the manual: The guy was perfectly right, and it's good he insisted, Xerox press statement says.

http://realbusinessatxerox.blogs.xerox.com/2013/08/07/update-on-scanning-issue-software-patches-to-come/

There was indeed a dangerous bug mangling numbers across all compression modes (serious candidate for the "mother of all bugs" award).

They didn't believe him at first, too. They do now, and they probably warm up their lawyers in advance to withstand all the upcoming class action lawsuits.

Original article:
http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning

Current blog post confirming Xerox statement:
http://www.dkriesel.com/en/blog/2013/0812_xerox_scanning_issue_fully_confirmed"

+ - Rooting Transcend WiFi SD Cards

Submitted by Freshly Exhumed
Freshly Exhumed (105597) writes "This is the story of a clever blogger who discovered that Transcend WiFi SD Cards are not just small memory devices that can store 16GB (a 32GB version is available) in a tiny space, but are also embedded Linux systems fully capable of running applications and shells: Busybox, a webserver, and their own wireless networks. With some clever hacks that took advantage of some OEM programming blunders, the blogger was able to root the devices to do his bidding."

+ - Behind the story of the iPhone's default text tone-> 1

Submitted by Anonymous Coward
An anonymous reader writes "In a fascinating post from Kelly Jacklin, the long time Apple software engineer details how he helped create the default text alert sound on the iPhone — a sound otherwise known as "Tri-tone".

The history of the the pleasant text alert sound that we've all come to know and love stretches all the way back to 1998, nearly 10 years before the iPhone ever hit store shelves."

Link to Original Source

Comment: Re:keyspace negawatts (Score 1) 207

by papafox_too (#44442461) Attached to: More Encryption Is Not the Solution

It's weird that PHK framed it this way, but he's on the right track, regardless. Compromised entropy is one of the largest persistent attack surfaces in the state surveillance war. It's darn hard to notice when your client-side random key is leaking key space from prior exchanges, unless we're all running perfectly vetted software every day of the week and twice on Sunday and nothing bad ever happens to the golden master distribution chain. Developers never lose their private keys ...

Compromising the entropy of 100 major web sites (Google, Yahoo, MS, etc) may be possible. Compromising the entropy of hundreds of millions of clients would be vastly more difficult. OK, the evil government may persuade MS to modify every copy of Windows - after they tried that years ago with US vs Export versions of crypto - but what about Linux and other open source OS's? Any attempt to play with the client side of crypto is going to get noticed very quickly.

As for compromised private keys, yes it can happen, but only on a small scale. All serious SSL crypto (banks, Gmail etc) is done using Hardware Security Modules. HSM's store the private keys securely, performing all key operations internally. The only time the private key will leave the HSM is when it's backed up onto a smart card (which is itself a form of HSM). So large scale compromising of Private Keys is not practical.

Alternatively, the Evil Government could theoretically persuade Google, Yahoo et al to use one of a number of pre-approved Private Keys. Even that would be noticed very quickly. There are a number of monitoring sites which collect X.509 certificates regularly for most major sites. We are looking for forged certificates being used for Man in the Middle Attacks. So if a key is ever used across multiple web sites it will be detected very quickly.

I still think the whole scenario is a Movie Plot Threat.

Comment: Re:Then the client should supply the symmetric key (Score 0) 207

by papafox_too (#44441605) Attached to: More Encryption Is Not the Solution
In SSL, the symmetric key is already chosen by the client. This whole story is bullshit. It's an example of what Bruce Schneier calls a Movie Plot Threat, only this time instead of being a terrorist attack, it's based on an evil government threat. This particular scenario is rubbish.

+ - ARM In Supercomputers - "Get Ready For The Change"->

Submitted by Anonymous Coward
An anonymous reader writes "Commodity ARM CPUs are poised to to replace x86 CPUs just as commodity x86 CPUs replaced vector CPUs in early supercomputers. An analysis by the EU Mountblanc Project (using Nvidia Tegra 2/3, Samsung Exynos 5 & Intel Core i7 CPUs) highlights the suitability & energy efficiency of ARM based solutions. They finish off by saying that 'Current limitations due to target market condition — not real technological challenges' and 'A Whole set of ARM server chips is coming — solving most of the limitations identified'"
Link to Original Source

+ - Ex-Marine detained under Operationn Vigilant Eagle for his political views sues->

Submitted by stry_cat
stry_cat (558859) writes "You may remember the story of Brandon Raub, who was detained withtout due process over some facebook posts he made. Now with the help of the Rutherford Institute, he is suing his captors.

According to his complaint [PDF], his detention was part of a federal government program code-named “Operation Vigilant Eagle,” which monitors military veterans with certain political views."

Link to Original Source

CCI Power 6/40: one board, a megabyte of cache, and an attitude...

Working...