Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - PGP Short-ID Collision Attacks Continued, Now Targeted Linus Torvalds

An anonymous reader writes: Enrico Zini wrote:

There are currently at least 3 ways to refer to a GPG key: short key ID (last 8 hex digits of fingerprint), long key ID (last 16 hex digits) and full fingerprint. The short key ID used to be popular, and since 5 years it is known that it is computationally easy to generate a GnuPG key with an arbitrary short key id.

LWN.net wrote in June 3, 2016:

Gunnar Wolf urges developers to stop using "short" PGP key IDs as soon as possible. The impetus for the advice originates with Debian's Enrico Zini, who recently found two keys sharing the same short ID in the wild.

After contacted the owner, it turned out that one of the keys is a fake. In addition, labelled same names, emails, and even signatures created by more fake keys. Weeks later, more developers found their fake "mirror" keys on the keyserver, including the PGP Global Directory Verification Key. Gunnar Wolf wrote:

We don't know who is behind this, or what his purpose is. We just know this looks very evil.

Now, a fake key (fake: 0x6211aa3b00411886, real: 0x79be3e4300411886) of Linus Torvalds was found in the wild, scroll the page and you'll two of them. It looked like that every single key from the Linux kernel community have been forged successfully, another example is Greg Kroah-Hartman (fake:0x27365dea6092693e, real: 0x38dbbdc86092693e). LWN reader "rmayr" commented:

so it seems somebody is actually constructing a database of fake keypairs with "well-known" short IDs. Something is going on here...

Submission + - PGP Key of President of the Muslim Association of Puget Sound Trivially Factored

An anonymous reader writes: One of seven keys recently found to be trivially factorable by the Phuctor belongs to Mahmood Khadeer, President of the Muslim Association of Puget Sound. Khadeer's key and the others appear to have been generated with PGP software that utilized a null random number generator based on the way they were factored.

Submission + - Your exotic pet is actually a bioweapon (thebulletin.org)

Lasrick writes: Laura Kahn at Princeton's Program on Science and Global Security writes about how security experts, including some in the US military, are becoming concerned about the potential for adversaries to deliberately introduce non-native species as biological weapons. But, as Kahn points out: 'The United States already endures biological attacks from non-native species every year, which arrive in large numbers via the exotic pet trade.'

Kahn goes on to look at both the legal and illegal wildlife trade in the US, and efforts to curb wildlife trafficking. Great read.

Submission + - Judge Orders "Intentionally Deceptive" DOJ Lawyers To Take Remedial Ethics Class (zerohedge.com)

An anonymous reader writes: In writing the ruling, Hanen quoted from the scene in "Miracle on 34th Street" when the boy is called to testify to Santa's existence and saying that everyone knows not to tell a lie to the court. Hanen went on to say that that the Justice Department lawyers have an even stricter duty: Tell the truth, don't mislead the court, and don't allow it to be mislead by others.

"The Government's lawyers failed on all three fronts. The actions of the DHS should have been brought as early as December 19, 2014. The failure of counsel to do that constituted more than mere inadvertent omissions — it was intentionally deceptive." Judge Hanen wrote in his ruling.

Hanen ordered that the classes must be "taught by at least one recognized ethics expert who is unaffiliated with the Justice Department."

I wonder if the judge could order the lawyers to jail for contempt of court?

Submission + - Oculus breaks promise, uses DRM to kill app that let you switch VR systems

AmiMoJo writes: As recently as 5 months ago, Oculus founder Palmer Luckey was promising his customers that they could play the software they bought from the Oculus store on "whatever they want," guaranteeing that the company wouldn't shut down apps that let customers move their purchased software to non-Oculus hardware. But now, Oculus has changed its DRM to exclude Revive, a "proof-of-concept compatibility layer between the Oculus SDK [software development kit] and OpenVR," that let players buy software in the Oculus store and run it on competing hardware. The company billed the update as an anti-piracy measure, but Revive's developer, who call themselves "Libre VR," points out that the DRM only prevents piracy using non-Oculus hardware, and allows for unlimited piracy by Oculus owners.

Submission + - Argentina And Monsanto Fight Over Patents

An anonymous reader writes: Monsanto has embargoed Argentina from receiving new soybean technologies marketed by the company after the Argentine government insisted it had the sole right to demand the inspection of exports leaving the country. Monsanto has been pressuring export and shipping companies to enforce their patent royalty collection, while the Argentine government insist it holds the sole right to approve and order inspections. This patent battle is looking like it might tip to Argentina's favor given the disappointing nature of Monsanto's upcoming RoundUp Ready XTend(TM)(R) Glyphosate+Dicamba crop system.

Submission + - Argentina And Monsanto Fight Over Patents 1

An anonymous reader writes: Monsanto has embargoed Argentina from receiving new soybean technologies marketed by the company after the Argentine government insisted it had the sole right to demand the inspection of exports leaving the country. Monsanto has been pressuring export and shipping companies to enforce their patent royalty collection, while the Argentine government insist it holds the sole right to approve and order inspections. This patent battle is looking like it might tip to Argentina's favor given the disappointing nature of Monsanto's upcoming RoundUp Ready XTend(TM)(R) Glyphosate+Dicamba crop system.

Submission + - Medical errors third leading cause of death in United States

sittingnut writes: According to a new study by patient safety researchers, led by Martin Makary, a professor of surgery at the Johns Hopkins University School of Medicine, published in BMJ (formerly British Medical Journal) and referred to in Washington Post, "medical errors" in hospitals and other health care facilities, are now the third leading cause of deaths in the United States. At over 251,000 lives per year, number of such deaths are less than those claimed by heart decease and cancer, but more than "respiratory disease, accidents, stroke and Alzheimer's".

""It boils down to people dying from the care that they receive rather than the disease for which they are seeing care," Makary said."

Echoing others, he wants results of investigations of such deaths to be made public, to help prevent them in future; "When a plane crashes, we don’t say this is confidential proprietary information the airline company owns. We consider this part of public safety. Hospitals should be held to the same standards,"

Submission + - ImageMagick Vulnerabilities Are Being Actively Exploited (imagetragick.com)

itwbennett writes: Slack security engineer Ryan Huber warned Tuesday of vulnerabilities in the image manipulation suite ImageMagick. These flaws, which are being actively exploited, leave millions of websites vulnerable to a complete takeover. Security researcher and Metasploit founder HD Moore has said that Metasploit modules for the vulnerabilities will be released on Wednesday.

Submission + - Schools are helping police spy on kids' social media activity (washingtonpost.com)

schwit1 writes: Schools in Florida are renewing a program that monitors theirstudents'social media activity for criminal or threatening behavior, although it has caused somecontroversy since its adoption last year.

The school system in Orange County, where Orlando is located, recentlytold the Orlando Sentinel that the program,which partners the school system with local police departments,has been successful in protecting students' safety, saying that itled to12police investigations in the past year. Theschool district says it will pay about $18,000 annually for SnapTrends, the monitoring software used tocheckstudents' activity. It's the same softwareused by police in Racine, Wis., totrackcriminal activity and joins a slew of similar social media monitoring software usedby law enforcement to keep an eye on the community.

SnapTrendscollects datafrom public posts on students'social mediaaccounts byscanning for keywords that signify cases of cyberbullying, suicide threats, or criminal activity.School security staff thencomb throughflaggedposts andalert police when they see fit. Research suggeststhat 23 percent of children and teens have been cyberbullied. Studiesconnecting social media and suicide have not shown definitive results, but there has been research that suggests that cyberbullying leads to suicide ideation more than traditional bullying.

Nowhere in the article is there a mention of parental participation in the program or parental approval in kids being monitored.

Submission + - Failing Tanks Have Hanford Site Cascading Towards Disaster

An anonymous reader writes: As the cleanup of the Hanford nuclear waste site slide continually further behind schedule local news sources are reporting that even the newer doubled walled tanks are failing to contain the high level waste. Looming on the horizon is a DOE prediction from 2008 that puts the window where contamination from the begins reaching the Columbia River only four years away.

Submission + - Obama's Global Warming Plan Cost Poor Americans $44 Billion, Raises Taxes By 166 (dailycaller.com) 1

An anonymous reader writes: The title summarized it pretty well, but here is an interesting excerpt;

"The study determined that taxing CO2 emissions or gasoline inherently hurts the poor more than the rich because the lowest-income U.S. households spend roughly 35 percent of their annual income on energy; while the highest income households spent less than 3 percent of their income on energy."

In addition to that, we keep paying the power bills of the wealthy through extreme solar subsidies. I know,..... "its all in their best interest."

Submission + - Beijing warns Chinese women not to date foriegners (chinalawtranslate.com)

An anonymous reader writes: On April 15, China’s first annual National Security Education Day, Beijing officials launched a poster campaign entitled “Dangerous Love” () that has appeared in residential districts of the capital. Using a comic strip format, Chinese women are warned against dating foreign men in case they are actually foreign agents. The cartoon story line specifically mentions state employees but it is as yet unclear why this message is being promoted in ordinary apartment complexes rather than in ministries and government offices. By targeting a mass audience this campaign is being seen some expats as a worrying trend in xenophobia by Chinese authorities. Chinese media already vilifies Japan at every possible opportunity and some observers are concerned that the government is now preparing to make all foreigners scapegoats for the failing economy. A full translation of the new poster is available here:
http://chinalawtranslate.com/n...

Submission + - Have Google forgotten what a joejob is? Or is it bullying smaller operators? (blogspot.no)

badger.foo writes: Joejobs are a fact of life for everyone running a mail service. In his latest piece, Does Your Email Provider Know What A "Joejob" is? Peter Hansteen describes an investigation into why messages sent to Google hosted domains started disappearing into thin air. An unexpected bounce message provided clues, but the question remains, is this a matter of incompetence, bad luck or something more sinister like one operator trying to bully itself into dominance?

Submission + - Vulnerability in Northrop Grumman PGP Root-CA

An anonymous reader writes: Phuctor, a public service provided by No Such lAbs has discovered a vulnerability in the Northrop Grumman PGP Root Certificate authority. The public exponent is 16385 a number which is not prime. In fact 16385 has prime factors of 5, 29, and 113. Phuctor recently returned to continue its hunt bad PGP keys after a period of extended downtime.

Slashdot Top Deals

I have the simplest tastes. I am always satisfied with the best. -- Oscar Wilde

Working...