BlueMerle - Slashdot User

Submission + - CNet rates Vista one of "history's worst produ (cnet.co.uk)

Submitted by DrNick on Monday November 26, 2007 @04:40PM

DrNick writes: It could be one of the most controversial decisions in recent times online, but CNet UK has rated Windows Vista as one of the worst tech products in history.

From the article: "Its incompatibility with hardware, its obsessive requirement of human interaction to clear security dialogue box warnings and its abusive use of hated DRM, not to mention its general pointlessness as an upgrade, are just some examples of why this expensive operating system earns the final place in our terrible tech list.

Submission + - Print-On Solar Panels: Innovation of the Year (nanosolar.com)

Submitted by

nweaver

on Wednesday November 14, 2007 @05:41PM

nweaver writes: "Popular Science Magazine has announced its Innovation of the year, which are Nano Solar's Print on Solar Cells. Unlike conventional solar cells, these are printed onto sheets of flexible aluminum, with the company claiming a cost of $.30/W for solar cells. Nano Solar's Factory for producing mile long rolls of solar cells is almost online. The potential is staggering. Even assuming that the completed cells, in a household system, cost $2000/kW to produce, this will easily undercut electricity as even at just $.10/kwh and producing for just 8 hours per day and 300 days in a year, a solar installation with such cells would have a 12%/year return on investment. We may be only a few years away from the Solar Age."

Submission + - Tor: The hack of the year (theage.com.au)

Submitted by

mlauzon

on Tuesday November 13, 2007 @08:06PM

mlauzon writes: "A Swedish hacker tells how he infiltrated a global communications network used by scores of embassies over the world, using tools freely available on the internet.

In August, Swedish hacker Dan Egerstad gained access to sensitive embassy, NGO and corporate email accounts. Were they captured from the clutches of hackers? Or were they being used by spies? Patrick Gray investigates the most sensational hack of 2007.

IT WASN'T supposed to be this easy. Swedish hacker Dan Egerstad had infiltrated a global communications network carrying the often-sensitive emails of scores of embassies scattered throughout the world. It had taken him just minutes, using tools freely available for download on the internet.

In time, Egerstad gained access to 1000 high-value email accounts. He would later post 100 sets of sensitive email logins and passwords on the internet for criminals, spies or just curious teenagers to use to snoop on inter-governmental, NGO and high-value corporate email.

The question on everybody's lips was: how did he do it? The answer came more than a week later and was somewhat anti-climactic. The 22-year-old Swedish security consultant had merely installed free, open-source software — called Tor — on five computers in data centres around the globe and monitored it. Ironically, Tor is designed to prevent intelligence agencies, corporations and computer hackers from determining the virtual — and physical — location of the people who use it.

"Tor is like having caller ID blocking for your internet address," says Shava Nerad, development director with the Tor Project. "All it does is hide where you're communicating from."

Tor was developed by the US Navy to allow personnel to conceal their locations from websites and online services they would access while overseas. By downloading the simple software, personnel could hide the internet protocol address of their computers — the tell-tale number that allows website operators or intelligence services to determine a user's location.

Eventually the navy realised it must take Tor beyond the armed forces. "The problem is, if you make Tor a tool that's only used by the military . . . by using Tor you're advertising that you're military," Nerad says.

So Tor was cast into the public domain. It is now maintained and distributed by a registered charity as an open-source tool that anyone can freely download and install. Hundreds of thousands of internet users have installed Tor, according to the project's website.

Mostly it is workers who want to browse pornographic websites anonymously. "If you analyse the traffic, it's just porn," Egerstad told Next by phone from Sweden. "It's kind of sad."

However, Dmitri Vitaliev, a Russian-born, Australian-educated computer security professional who lives in Canada, says Tor is a vital tool in the fight for democracy. Vitaliev trains human-rights campaigners on how to stay safe when online in oppressive regimes. "It's incredibly important," he said in a Skype chat from the unrecognised state of Transnistria, a breakaway region in Moldova where he's assisting a local group working to stop the trafficking of women. "Anonymity is a high advantage in countries that perform targeted surveillance on activists."

It's also used to bypass website censorship in more than 20 countries that censor political and human rights sites, he says.

Tor works by connecting its users' internet requests, randomly, to volunteer-run Tor network nodes. Anyone can run a Tor node, which relays the user's traffic through other nodes as encrypted data that can't be intercepted.

When the user's data reaches the edge of the Tor network, after bouncing through several nodes, it pops out the other side as unencrypted, readable data. Egerstad was able to get his mitts on sensitive information by running an exit node and monitoring the traffic that passed through it.

The problem, says Vitaliev, is some Tor users assume their data is protected from end to end. "As in pretty much any other internet technology, its vulnerabilities are not well understood by those who use it (and) need it most," he says.

The discovery that sensitive, government emails were passing through Tor exit nodes as unencrypted, readable data was only mildly surprising to Egerstad. It made sense — because Tor documentation mentions "encryption", many users assume they're safe from all snooping, he says.

"People think they're protected just because they use Tor. Not only do they think it's encrypted, but they also think 'no one can find me'," Egerstad says. "But if you've configured your computer wrong, which probably more than 50 per cent of the people using Tor have, you can still find the person (on) the other side."

Initially it seemed that government, embassy, NGO and corporate staffers were using Tor but had misconfigured their systems, allowing Egerstad to sniff sensitive information off the wire. After Egerstad posted the passwords, blame for the embarrassing breach was initially placed on the owners of the passwords he had intercepted.

However, Egerstad now believes the victims of his experiment may not have been using Tor. It's quite possible he stumbled on an underground intelligence gathering exercise, carried out by parties unknown.

"The whole point of the story that has been forgotten, and I haven't said much about it, (is that) many of these accounts had been compromised," he says. "The logins I caught were not legit users but actual hackers who'd been reading these accounts."

In other words, the people using Tor to access embassy email accounts may not have been embassy staff at all. Egerstad says they were computer hackers using Tor to hide their origins from their victims.

The cloaking nature of Tor is appealing in the extreme to computer hackers of all persuasions — criminal, recreational and government sponsored.

If it weren't for the "last-hop" exit node issue Egerstad exposed in such a spectacular way, parties unknown would still be rifling the inboxes of embassies belonging to dozens of countries. Diplomatic memos, sensitive emails and the itineraries of government staffers were all up for grabs.

After a couple of months sniffing and capturing information, Egerstad was faced with a moral dilemma: what to do with all the intercepted passwords and emails.

If he turned his findings over to the Swedish authorities, his experiment might be used by his country's intelligence services to continue monitoring the compromised accounts. That was a little too close to espionage for his liking.

So Egerstad set about notifying the affected governments. He approached a few, but the only one to respond was Iran. "They wanted to know everything I knew," he says. "That's the only response I got, except a couple of calls from the Swedish security police, but that was pretty much all the response I got from any authority."

Frustrated by the lack of a response, Egerstad's next step caused high anxiety for government staffers — and perhaps intelligence services — across the globe. He posted 100 email log-ins and passwords on his blog, DEranged Security. "I just ended up (saying) 'Screw it, I'm just going to put it online and see what happens'."

The news hit the internet like a tonne of bricks, despite some initial scepticism. The email logins were quickly and officially acknowledged by some countries as genuine, while others were independently verified.

US-based security consultant — and Tor user — Sam Stover says he has mixed feelings about Egerstad's actions. "People all of a sudden (said) 'maybe Tor isn't the silver bullet that we thought it was'," Stover says. "However, I'm not sure I condone the mechanism by which that sort of information had to be exposed in order to do that."

Stover admits that he, too, once set up a Tor exit node. "It's pretty easy . . . I set it up once real quick just to make sure that I could see other people's traffic and, sure enough, you can," he says. "(But) I'm not interested in that sort of intelligence gathering."

While there's no direct evidence, it's possible Egerstad's actions shut down an active intelligence-gathering exercise. Wired.com journalist Kim Zetter blogged the claims of an Indian Express reporter that he was able to access the email account for the Indian ambassador in China and download a transcript of a meeting between the Chinese foreign minister and an Indian official. In addition to hackers using Tor to hide their origins, it's plausible that intelligence services had set up rogue exit nodes to sniff data from the Tor network.

"Domestic, or international . . . if you want to do intelligence gathering, there's definitely data to be had there," says Stover. "(When using Tor) you have no idea if some guy in China is watching all your traffic, or some guy in Germany, or a guy in Illinois. You don't know."

Egerstad is circumspect about the possible subversion of Tor by intelligence agencies. "If you actually look in to where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they're using lots of bandwidth, they're heavy-duty servers and so on," Egerstad says. "Who would pay for this and be anonymous?"

While Stover regards Tor as a useful tool, he says its value is greatly overestimated by those who promote and use it. "I would not use or recommend the tool to hide from people between you and your endpoint. It's really purely a tool to hide from the endpoint," he says.

As a trained security professional, Stover has the nous to understand its limitations, he says. Most people don't.

The lesson remains but the data Egerstad captured is gone, the Swedish hacker insists. He's now focusing on his career as a freelance security consultant. "I deleted everything I had because the information I had was belonging to so many countries that no single person should have this information so I actually deleted it and the hard drives are long gone," he says."

New Startup Hopes to Slay the Botnet

Posted by ScuttleMonkey on Monday November 05, 2007 @07:25PM from the saint-nemean-and-the-botnet dept.

eldavojohn writes "How do you identify Botnet traffic on your network? Well, the problem with current commercial technologies is that they generate too many false positives. But a new startup name Nemean Networks hopes to solve all that by building signatures of traffic at many different levels of the network stack. 'Finding the proper sensitivity threshold for NIDS sensors has always been a problem for network and security administrators. Lower the threshold and some attacks get through the signature screening; raise it too high and false positives flourish. Nemean attempts to find the proper balance by gathering traffic sent to a honeynet to build signatures based on weighted data. The numerical weights are entirely subjective and based on the creators' expertise. The data is then clustered and fed through an algorithm to determine threat levels and develop signatures.'"

Submission + - Black holes may harbour their own universes

Submitted by mcgrew on Wednesday October 31, 2007 @03:51PM

mcgrew writes: From the "head explodes" department:

When matter gets swallowed by a black hole, it could fall into another universe contained inside the black hole, or get trapped inside a wormhole-like connection to a second black hole, a new study suggests.
Christian Böhmer of University College London, in the UK and colleague Kevin Vandersloot of the University of Portsmouth in the UK used computers to approximate what would happen to matter falling into a black hole using the Loop Quantum Gravity theory.

"We were very surprised about the results," Böhmer says. Instead of a boundary around the singularity, they got two other kinds of solutions — both bizarre — that replaced the singularity
More at New Scientist.

Submission + - Telcos Pull Rockefeller's Strings (blogspot.com)

Submitted by

Mike Kuykendall

on Wednesday October 31, 2007 @03:44PM

Mike Kuykendall writes: "Senate Select Committee on Intelligence Chairman John Rockefeller shows his bias due to telecom campaign contributions as he advocates for immunity in today's Wapo."

Submission + - Mac OS X gets a trojan

Submitted by Anonymous Coward on Wednesday October 31, 2007 @03:40PM

An anonymous reader writes: MacWorld is reporting that there's a trojan making the rounds for OS X. It's a pretty simple and largely harmless affair that, once onboard, directs users to phishing and porn sites, rather than the sites they intended (it installs a fake DNS on the computer). MacOSXHints provides a method of removing the trojan. This couldn't have come at a worst time for Apple, following revelations of a poor firewall implementation in Leopard that could help avoid things just like this.

Submission + - Ohio University finds key to getting RIAA to stop 7

Submitted by

NewYorkCountryLawyer

on Wednesday October 31, 2007 @03:26PM

NewYorkCountryLawyer writes: "Ohio University, in Athens, Ohio, has found the key to getting the RIAA to stop inundating it and its students with "settlement" letters. According to the university's student online publication, the university paid $60,000, plus $16,000 per year "maintenance", to Audible Magic, the business partner of the RIAA's all-purpose expert witness Dr. Doug Jacobson, for its "CopySense" filtering software. Once it made the payments, the letters stopped. This of course raises a lot of questions as to the 'disinterestedness' of Dr. Jacobson, whose deposition in the UMG v. Lindor case was the subject of interesting Slashdot commentary."

Submission + - Video Professor sues critics! Wait There's More! (arstechnica.com)

Submitted by BlueMerle on Friday October 26, 2007 @12:29PM

BlueMerle writes: I'm so sure you'll like my product that I'll sue if you don't!

John Scherer, the "Video Professor" of infomercial fame, really wants to make his customers happy. That's why he's suing them. Now, it looks like he may get sued in return.

Submission + - In Depth: Apple's Leopard leaps to new heights (computerworld.com)

Submitted by jcatcw on Thursday October 25, 2007 @04:58PM

jcatcw writes: Computerworld begins its Week of Leopard, and first in-depth review and image gallery, with a question: Is it worth the wait? Answers include Yes: it trumps Vista, of course; the Finder, Quick Look and Cover Flow provide better functionality and eye candy; Time Machine is the biggest undelete ever and the restore function is one of the coolest things we've ever seen; it has iChat (bonus pic of CW Editor); and has lots of updates under the hood. Or the answer might be no if you're lacking in the hardware, software or guts departments. And finally, if you live a cave, here's an FAQ.

Submission + - "Don't tase me bro" police cleared

Submitted by Fozzyuw on Wednesday October 24, 2007 @04:30PM

Fozzyuw writes: WFTV.com's website has news on the University of Florida police involved in the Andrew Meyer tasering have been cleared of using excessive force. It also includes a link to the full report, which shares details of the incident and events leading up to the incident.

Submission + - Verizon relents on open access legal challenge! (arstechnica.com)

Submitted by BlueMerle on Wednesday October 24, 2007 @02:10PM

BlueMerle writes: It seems that Verizon has decided to drop its legal challenge to the the FCC's requirement for open access on the upcoming 700MHz spectrum auction. Can you say "Thanks Google"?

After seeing its request for an expedited review denied, Verizon has dropped its challenge to the FCC's open access rules for the upcoming 700MHz spectrum auction. Verizon's decision removes the last major obstacle to the auction's beginning as scheduled next January.

Submission + - China behind daily internet attacks on Germany

Submitted by Stony Stevenson on Tuesday October 23, 2007 @06:14PM

Stony Stevenson writes: China is conducting almost daily spying attacks on businesses and government agencies in Germany, according to one of the country's intelligence officers. Hans Elmar Remberg, vice president of the German Office for the Protection of the Constitution, told a Berlin conference on industrial espionage that his country was involved in "the Chinese cyber war".

"In our view, state Chinese interests stand behind these digital attacks," he said. "Supporting this view is the intensity, structure and scope of the attacks, and above all the targets, which include authorities and companies." Remberg's comments follow a recent spate of government statements that China is using hacking to gain information.

Submission + - Verizon offers 20/20 symmetrical FiOS service (arstechnica.com)

Submitted by BlueMerle on Tuesday October 23, 2007 @04:59PM

BlueMerle writes: Verizon offers 20Mbps both ways for current FiOS customers. Cable companies sweating like a whore in church.

In a huge win for both medical imaging and BitTorrent porn, 20Mbps symmetrical connections are now available over Verizon's fiber optic FiOS network.

Submission + - DHS to require government permission before flying (10zenmonkeys.com)

Submitted by

destinyland

on Tuesday October 23, 2007 @04:17PM

destinyland writes: "The Department of Homeland Security quietly moves closer to an invasive "Secure Flights" proposal that requires government-issued credentials for all air travellers — and government permission for each flight! International "Advance Passenger Information System" rules were published Monday (effective February of 2008), making the U.S. version much more likely to pass. The proposed rules also let airlines retain the information obtained, even after it's been passed it on to the government. "The Identity Group" discovered that the U.S. government's travel dossier records include everything — the books travelers were carrying, the phone numbers of their friends, and even whether they asked for one bed or two in their hotel room."

Slashdot Top Deals