Link to Original Source
imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an “authentication gap” exists during the renegotiation process at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."
Link to Original Source
Link to Original Source
ElvaWSJ writes with a link to a Wall Street Journal interview with Steve Jobs and AT&T's CEO Randall Stephenson. As you can imagine, they're pretty enthusiastic. Just the same, they address the possibility that the iPhone will slow internet access on Ma Bell's cell network. "Mr. Jobs acknowledged that the company's new iPhone won't surf the Internet as fast as he would like on the network, called "Edge," but added that the device's ability to connect to Wi-Fi hotspots would give consumers a speedier alternative for Web browsing. For his part, Mr. Stephenson said the iPhone represents a broader push by AT&T into Wi-Fi services, including, potentially, mobile Internet calling. The two men also discussed the iPod's "halo effect" and reflected on the origins of their corporate partnership."
An anonymous reader writes "ArsTechnica is running a story regarding comments by Microsoft Business Group President Jeff Raikes, who had a pithy comment on the subject of software piracy. His view is that, should software piracy occur, Microsoft's desire is that the pirated software should be theirs. Potentially, in the future, they could then convert the illegal users from the 'dark side' into legit users who obtain licenses. 'We understand that in the long run the fundamental asset is the installed base of people who are using our products. What you hope to do over time is convert them to licensing the software.' Obviously Microsoft prefers the market to use their software even if it's pirated, rather than the alternative: the use of free software."
uniquebydegrees writes "InfoWorld is reporting about a new controversy swirling around a planned presentation at Black Hat Federal in Washington D.C. this week. Security researcher Chris Paget of IOActive will demo an RFID hacking tool that can crack HID brand door access cards. HID Corp., which makes the cards, is miffed and is accusing IOActive of patent infringement over the presentation, recalling the legal wrangling over Michael Lynn's presentation of a Cisco IOS hole at Black Hat in 2005. Black Hat's Jeff Moss says they're standing by their speaker. A news conference is scheduled for tomorrow AM." Update: 02/27 20:10 GMT by Z :InfoWorldMike wrote with a link to story saying that the presentation has been pulled from the slate for Black Hat, as a result of this pressure.
uglyduckling writes "The British Government has issued a response to a recent petition calling for 'the Prime Minister to make software patents clearly unenforcible'. The answer is reassuring but perhaps doesn't go far enough, and gives no specific promises to bring into line a patent office that grants software patents (according to the petition) 'against the letter and the spirit of the law'. The Gowers Review that it references gives detailed insight into the current British position on this debate, most interestingly recommending a policy of 'not extending patent rights beyond their present limits within the areas of software, business methods and genes.'"
An anonymous reader writes "Purdue University researchers have created a handheld sensing system its creators liken to Star Trek's "tricorder" used to analyze the chemical components of alien worlds. But the system could have down-to-earth applications, such as testing foods for dangerous bacterial contaminants including salmonella, which was recently found in a popular brand of peanut butter."
eldavojohn writes "Yesterday speaking as a private citizen & without authority from the U.S. space agency, James Hansen from NASA told Washington to stop building coal plants. From the article, "In his briefing to leaders of the press corps, entitled "Global Warming: Connecting the Dots from Causes to Solutions", Hansen said that evidence in the international scientific community shows global warming is occurring at a much faster pace than earlier forecasts predicted and that the burning of coal is a leading cause of elevated levels of carbon dioxide in the atmosphere, which traps heat via the so-called greenhouse effect. According to the U.S. Department of Energy, coal-fueled power plants produce about half of the electricity consumed in America. Plans currently call for the construction of some 160 new coal-based facilities to meet future energy needs over the next decade." Hansen is a controversial but high ranking scientist at NASA who is a well known outspoken opponent of the Bush administration's handling & policies of environmental issues."