Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment Chinese don't trust CNNIC (Score 1) 256 256

the truth is that Chinese don't trust CNNIC, me included. if you search CNNIC on twitter, you'll find many Chinese talking about how to remove it permanently. what I want to add is that the we use SSL/TLS because we trust the CA, but now if the CA is not trusted, what do you think?
Security

Submission + - 1024-bit RSA is safe at least until 2014?

xizhi.zhu writes: "Security researchers recently claim that 1024-bit RSA is at a small risk at least until 2014, and 160-bit ECC over a prime field is safe at least until 2020, based on the state-of-the-art in practical data of large scale integer factorization and elliptic curve discrete logarithm computation efforts."

Comment This maybe not enough (Score 2, Interesting) 219 219

For a real success, they should be runnable for all email accounts, not only those using Gmail, etc. The reason is that China or Iran may simply block those providers (and it's true that China has blocked several services of Google). Also, encryption is needed, as China now filters all the traffic, including SMTP, POP3, IMAP. Moreover, it should be quite easy for the end users.
Security

Submission + - Latest practical attacks on AES-256->

xizhi.zhu writes: "As blogged by Schneier, there is another new attack against AES-256. This new attack can break AES-256 of 9 rounds at the time 2^39, AES-256 of 10 rounds at time 2^45, and AES-256 of 11 rounds at time 2^70. Note that the full AES-256 has 14 rounds. However, this attack requires the cryptanalyst to have access to plain-texts encrypted with multiple keys that are related in a specific way. Also, Schneier suggests AES-128 at 16 rounds, AES-192 at 20 rounds, and AES-256 at 28 rounds."
Link to Original Source
Security

Submission + - More problems for SSL->

xizhi.zhu writes: "More attacks against SSL/TLS would be presented in the Black Hat conference next week.

First, Moxie Marlinspike would extend his novel work on SSL Strip that new tools/tricks would be released against other SSL based protocols like imaps, pop3s, etc., ultimately providing highly effective attacks on SSL connections themselves.

Then, Alexander Sotirov and Mike Zusman would present their attack against Extended Validation SSL Certificate, a security-enhanced SSL certificate. They will show how any attacker who can obtain a non-EV SSL certificate for a website can perform completely transparent man-in-the-middle attacks on any SSL connection to that site, even if the website is protected is by an EV certificate and the users are diligently inspecting all information contained in the SSL certificates.

Besides, researchers from Carnegie Mellon found that for most times, the invalid certificate warnings one gets when visiting a secure web site are not useful. They found that as different browsers used different language to warn, they had different effects that 55% to 100% users ignored the warnings, among which FireFox 3 seems to be the best. They also found that people didn't really understand these warnings, e.g. many thought they could ignore the messages when visiting a site they trust, but that they should be more careful at less-trustworthy sites. Their finding would appear in the 18th USENIX Security Symposium next month."

Link to Original Source

Comment Net does have influence in China, but not enough (Score 1) 204 204

As a Chinese, I would say the Internet does have influence in China, and it's becoming more and more important for Chinese people. We have cases that some corruptions are exposed first over the Internet.
However, now the government is trying its best to control everything online, because it's currently an obvious threat to them. They've setup Internet filtering mechanisms, known as Great Fire Wall, to filter all the traffic in and out China. Also, they have a strict rule for web-sites in China, and they've already shut down many web-sites, especially blog providers, like Bullog.
Government

Submission + - Nightmare might really kill you

xizhi.zhu writes: "At the end of last month, a Chinese man called Wenyan Li died in the detention house. The authority explained that he died during the night of March 27th at about 1:53, when he had a nightmare. It's the second interesting cause of death in Chinese detention house this year. In February, a 24-year-old man called Qiaoming Li died in another detention house because he had his head hit heavily on the wall when he was playing a hide-and-seek game."

Comment the description is not complete :D (Score 3, Informative) 272 272

more background is still needed :D besides the "grass-mud horse", another animal, "river crab" is also popular in China now, which is the enemy of the "horse". in Chinese, "river crab" sounds like "harmony", which is what the Chinese government use as an excuse to shut down websites they don't like.

"There is nothing new under the sun, but there are lots of old things we don't know yet." -Ambrose Bierce

Working...