Security

Fixing Security Issue Isn't Always the Right Answer 361

Trailrunner7 writes "In a column on Threatpost, Bruce Schneier writes that the recent security breach at Newark Airport shows that fixing a given security problem isn't always the right move. 'An unidentified man breached airport security at Newark Airport on Sunday, walking into the secured area through the exit, prompting an evacuation of a terminal and flight delays that continued into the next day. This problem isn't common, but it happens regularly. The result is always the same, and it's not obvious that fixing the problem is the right solution. American airports can do more to secure against this risk, but I'm reasonably sure it's not worth it. We could double the guards to reduce the risk of inattentiveness, and redesign the airports to make this kind of thing less likely, but that's an expensive solution to an already rare problem. As much as I don't like saying it, the smartest thing is probably to live with this occasional but major inconvenience.'"
Security

Encryption Cracked On NIST-Certified Flash Drives 252

An anonymous reader writes "USB Flash drives with hardware based AES 256-bit encryption manufactured by Kingston, SanDisk and Verbatim have reportedly been cracked by security firm SySS. These drives are advertised to meet security standards suitable for use with sensitive US Government data (unclassified, of course) as emphasized by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST). It looks likes the Windows-based password entry program always sends the same character string to the drive after performing various crypto operations."
Privacy

Does Cheap Tech Undermine Legal Privacy Protections? 282

bfwebster writes "Orin Kerr, a George Washington University law professor who focuses on legal issues regarding information technology (I own a copy of his book Computer Crime Law) raises an interesting issue about a 2001 Supreme Court decision (Kyllo v. United States) that prohibited police from using a thermal imaging device on a private home without a warrant. (The police were trying to detect excess heat coming from the roof of a garage, as an indication of lamps being used to grow marijuana inside.) The Court made its decision back in 2001 because thermal imaging devices were 'not in general use' and therefore represented a technology that required a warrant. However, Kerr points out that anyone can now buy such thermal imaging devices for $50 to $150 from Amazon, and that they're advertised as a means of detecting thermal leakage from your home. In light of that, Kerr asks, is the Supreme Court's ruling still sound?"
Security

Adobe Security Chief Defends JavaScript Support 216

Trailrunner7 writes "Despite the fact that the majority of [PDF-related] malware exploits use JavaScript to trigger an attack in Adobe's PDF Reader product, the company says it's impossible to completely remove JavaScript support without causing major compatibility problems. In a Q&A on Threatpost, Adobe security chief Brad Arkin says the removal of JavaScript support is a non-starter because it's an integral part of how users do form submissions. '"Anytime you're working with a PDF where you're entering information, JavaScript is used to do things like verify that the date you entered is the right format. If you're entering a phone number for a certain country it'll verify that you've got the right number of digits. When you click 'submit' on the form it'll go to the right place. All of this stuff has JavaScript behind the scenes making it work and it's difficult to remove without causing problems," Arkin explained.'"
Privacy

Can Imaging Technologies Save Us From Terrorists? 480

itwbennett writes "In the aftermath of the failed Christmas Day terrorist attack, full body scanning technologies such as millimeter wave and backscatter are regaining popularity, writes blogger Steven J. Vaughan-Nichols in a recent post. But, he asks, do they really work? The TSA seems to think so. It has just issued a contract to purchase more millimeter wave scanners from L3 Communications. Michael Chertoff, the former homeland security secretary, told the New York Times that if these scanners had been in place, they would have caught the would-be bomber. Ben Wallace, the Conservative Member of Parliament in the United Kingdom, disagrees, saying that the technologies can't detect the kind of low-density explosive that the would-be terrorist tried to use on December 25th."
Mars

Mars Images Reveal Evidence of Ancient Lakes 128

Matt_dk writes "Spectacular satellite images suggest that Mars was warm enough to sustain lakes three billion years ago, a period that was previously thought to be too cold and arid to sustain water on the surface, according to research published today in the journal Geology. Earlier research had suggested that Mars had a warm and wet early history but that between 4 billion and 3.8 billion years ago, before the Hesperian Epoch, the planet lost most of its atmosphere and became cold and dry. In the new study, the researchers analysed detailed images from NASA’s Mars Reconnaissance Orbiter, which is currently circling the red planet, and concluded that there were later episodes where Mars experienced warm and wet periods."
Books

Kurzweil Takes On Kindle With "Blio" E-Reader 168

kkleiner writes "Ray Kurzweil, prolific inventor and Singularity enthusiast, is planning to debut Blio at CES 2010. Blio is an e-reader platform, not hardware, that can be used on PC, Mac, iPhone and iPod touch. Developed by Kurzweil company knfb Reading, Blio preserves the original format of books including typography, and illustrations, in full color. It also takes advantage of knfb’s high quality text to speech capabilities and supports animation and video content."
Businesses

IT Workers To Get Fewer Perks, No Free Coffee 620

dasButcher writes "While the economy is showing signs of recovery and tech stocks posted double- and triple-digit gains in 2009, IT workers are facing a less hospitable workplace in the coming year. Many employers say they're going to continue trimming budgets, particularly in human resources. Rather than giving up head count, they're planning to trim 401k contributions, eliminate bonuses, curtail travel and, dare we say, shut off the free coffee (it wasn't that good anyway)."
Science

Antarctic's First Plane, Found In Ice 110

Arvisp writes "In 1912 Australian explorer Douglas Mawson planned to fly over the southern pole. His lost plane has now been found. The plane – the first off the Vickers production line in Britain – was built in 1911, only eight years after the Wright brothers executed the first powered flight. For the past three years, a team of Australian explorers has been engaged in a fruitless search for the aircraft, last seen in 1975. Then on Friday, a carpenter with the team, Mark Farrell, struck gold: wandering along the icy shore near the team's camp, he noticed large fragments of metal sitting among the rocks, just a few inches beneath the water."
Privacy

Kodak Wireless Picture Frames Open To Public 185

Jaxoreth writes "The Kodak Easyshare Wireless Digital Picture Frame displays images via a per-frame RSS feed hosted by FrameChannel. Each frame's URL is identical except for a parameter matching its particular MAC address, enabling public browsing of users' feeds. And worse, if you reach the feed of a not-yet-activated frame, it gives you the code to activate it, allowing you to preload it with whatever content you choose."
Games

Whatever Happened To Second Life? 209

Barence writes "It's desolate, dirty, and sex is outcast to a separate island. In this article, PC Pro's Barry Collins returns to Second Life to find out what went wrong, and why it's raking in more cash than ever before. It's a follow-up to a feature written three years ago, in which Collins spent a week living inside Second Life to see what the huge fuss at the time was all about. The difference three years can make is eye-opening."
Censorship

Australian Net Filter Protest Site Returns 75

An anonymous reader writes "The Stephen Conroy 'Minister for Fascism' website, whose stephenconroy.com.au domain was forced offline by the Australian Domain Name Administrator, has now reclaimed the name after the initial 14-day injunction expired. During those 14 days, the protesters managed to comply with the Australian domain name registration criteria. However, contrary to auDA's own rules and contrary to public quotes by the auDA CEO, the protesters were continually refused the domain. Now, however, it seems that they have unequivocally shown that they have the right to the domain and have re-registered it."
Math

New Pi Computation Record Using a Desktop PC 204

hint3 writes "Fabrice Bellard has calculated Pi to about 2.7 trillion decimal digits, besting the previous record by over 120 billion digits. While the improvement may seem small, it is an outstanding achievement because only a single desktop PC, costing less than $3,000, was used — instead of a multi-million dollar supercomputer as in the previous records."
Games

EVE Online Battle Breaks Records (And Servers) 308

captainktainer writes "In one of the largest tests of EVE Online's new player sovereignty system in the Dominion expansion pack, a fleet of ships attempting to retake a lost star system was effectively annihilated amidst controversy. Defenders IT Alliance, a coalition succeeding the infamous Band of Brothers alliance (whose disbanding was covered in a previous story), effectively annihilated the enemy fleet, destroying thousands of dollars' worth of in-game assets. A representative of the alliance claimed to have destroyed a minimum of four, possibly five or more of the game's most expensive and powerful ship class, known as Titans. Both official and unofficial forums are filled with debate about whether the one-sided battle was due to difference in player skill or the well-known network failures after the release of the expansion. One of the attackers, a member of the GoonSwarm alliance, claims that because of bad coding, 'Only 5% of [the attackers] loaded,' meaning that lag prevented the attackers from using their ships, even as the defenders were able to destroy those ships unopposed. Even members of the victorious IT Alliance expressed disappointment at the outcome of the battle. CCP, EVE Online's publisher, has recently acknowledged poor network performance, especially in the advertised 'large fleet battles' that Dominion was supposed to encourage, and has asked players to help them stress test their code on Tuesday. Despite the admitted network failure, leaders of the attacking force do not expect CCP to replace lost ships, claiming that it was their own fault for not accounting for server failures. The incident raises questions about CCP's ability to cope with the increased network use associated with their rapid growth in subscriptions."

Slashdot Top Deals