Comment University of Cambridge ... (Score 1) 70
it should be stated for record that we have links with the security group at University of Cambridge as well as alumni but Scrambler was developed by a startup Smart Crib Ltd.
Comment Re:Not only new, but already commercially availabl (Score 1) 70
We would be interested in PHP or Python support for TPM! The TPM is a bit tricky to use in virtual machines - my guess is that 99% of online servers run in VM, am I far from truth?
Comment Re:API over HTTP??? (Score 1) 70
I encourage to read the specs. HTTPS is your option if you have money, expertise and time to sort out proper certificates. Simply run the web service with HTTPS/SSL switched on. If you don't want to do that, the API provides end-to-end encryption of sensitive data.
Comment Re:Next please. (Score 1) 70
You can't "always read the key from the dongle you're cloning". You can only do it at the initialisation phase = before the first scrambling command. You can print it, store in a strong box, split into components and put each into a different strong box . and only again use it when you need to create a clone of a dongle already in use.
Comment Re:Usefulness is reduces if a single account is kn (Score 1) 70
Do it, publish it at crypto conferences, become famous:-) The key is 199 bits long. You can try to use collision attacks on SHA-1 but that would be again stuff securing life-long glory.
Comment Re:why a RasPi? (Score 1) 70
cheap, easy to setup, runs Debian (almost) so our code (web service in Python) is likely to be portable.
Comment Re: Usefulness is reduces if a single account is k (Score 1) 70
76 characters.
Comment Re: Usefulness is reduces if a single account is k (Score 1) 70
Completely futile exercise as you have the length wrong as well as the size of character set.
Try 32 character l permutation of
Comment Re: Ridiculous (Score 1) 70
We did see quite a few Of those HSMs and cracked some of them.
Comment Re:Usefulness is reduces if a single account is kn (Score 1) 70
The password / key used for SHA1-HMAC is actually 32 characters long - up to about 199 bits of entropy with the character set used (a-zA-Z0-9+10 special chars)
Submission + - Fox's attempt to block ad-skipping TV recorder Autohop fails (bbc.co.uk) 2
another random user writes: A bid to block a TV service that allows viewers to automatically skip adverts on recorded shows has been rejected.
Fox had called for a preliminary injunction on Dish Network's Autohop ahead of a copyright ruling.
Broadcasters Fox, Comcast, NBC and CBS have each sued Dish Networks, saying the show recordings are unauthorised.
Fox said it would appeal against the ruling. It says Autohop is "destroying the fundamental underpinnings of the broadcast television ecosystem".
But Dish called the decision not to grant a preliminary injunction a "victory for common sense".
Its Hopper digital video recorder can record and store prime-time content from the four major networks for up to eight days.
And the Autohop feature lets viewers skip advertisements completely — rather than fast-forwarding through them — at the press of a button.
Fox had called for a preliminary injunction on Dish Network's Autohop ahead of a copyright ruling.
Broadcasters Fox, Comcast, NBC and CBS have each sued Dish Networks, saying the show recordings are unauthorised.
Fox said it would appeal against the ruling. It says Autohop is "destroying the fundamental underpinnings of the broadcast television ecosystem".
But Dish called the decision not to grant a preliminary injunction a "victory for common sense".
Its Hopper digital video recorder can record and store prime-time content from the four major networks for up to eight days.
And the Autohop feature lets viewers skip advertisements completely — rather than fast-forwarding through them — at the press of a button.
Submission + - Dutch Ministry Proposes Powers for Police to Hack Computers, Install Spyware (paritynews.com) 1
hypnosec writes: The Dutch Ministry of Justice and Security has proposed some rather over the line measures and wants to extend such powers to the police that would allow them to break into computers and mobile phones in any part of the world. According to the proposal, dated October 15, the ministry has asked for powers that would allow police to not only break into computers but, would also allow them to install spyware, search for data in those computers and destroy data. As explained by the digital rights group ‘Bits of Freedom’, which obtained the copy of the proposal, if the Dutch police gets such powers the security of computer users would be lessened and that there will be a “perverse incentive to keep information security weak.”
Submission + - Computer Viruses Are "Rampant" on Medical Devices in Hospitals (technologyreview.com)
Dupple writes: Computerized hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable.
While no injuries have been reported, the malware problem at hospitals is clearly rising nationwide, says Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, who took part in the panel discussion...
The computer systems at fault in the monitors were replaced several months ago by the manufacturer, Philips; the new systems, based on Windows XP, have better protections and the problem has been solved, Olson said in a subsequent interview.
While no injuries have been reported, the malware problem at hospitals is clearly rising nationwide, says Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, who took part in the panel discussion...
The computer systems at fault in the monitors were replaced several months ago by the manufacturer, Philips; the new systems, based on Windows XP, have better protections and the problem has been solved, Olson said in a subsequent interview.
Submission + - Wall Street Journal describes how Facebooks Outs your Most Personal Secrets (wsj.com)
McGruber writes: The Wall Street Journal (FREE Link: http://online.wsj.com/article/SB10000872396390444165804578008740578200224.html) is reporting that Facebook revealed the sexual preferences of users despite those users have choosen "privacy lockdown" settings on Facebook.
The article describes two students who were casualties of a privacy loophole on Facebook—the fact that anyone can be added to a group by a friend without their approval. As a result, the two lost control over their secrets, even though both students were sophisticated users who had attempted to use Facebook's privacy settings to shield some of their activities from their parents.
Facebook spokesprick Andrew Noyes responded with a statement blaming the users: "Our hearts go out to these young people. Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls."
The article describes two students who were casualties of a privacy loophole on Facebook—the fact that anyone can be added to a group by a friend without their approval. As a result, the two lost control over their secrets, even though both students were sophisticated users who had attempted to use Facebook's privacy settings to shield some of their activities from their parents.
Facebook spokesprick Andrew Noyes responded with a statement blaming the users: "Our hearts go out to these young people. Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls."
Submission + - RATs Are Found Riddled With Bugs And Weak Encryption (darkreading.com)
ancientribe writes: A couple of college interns have discovered that remote administration tools (RATs) often used for cyberspying and targeted cyberattacks contain common flaws that ultimately could be exploited to help turn the tables on the attackers. RATs conduct keylogging, screen and camera capture, file management, code execution, and password-sniffing,and give the attacker a foothold in the infected machine as well as the targeted organization. This new research opens the door for incident responders to detect these attacker tools in their network and fight back.
Slashdot Top Deals
Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (4) How many times do we have to tell you, "No prior art!"
