bennyboy64 - Slashdot User

Submission + - Heartbleed Sparks 'Responsible' Disclosure Debate

Submitted by bennyboy64 on Friday April 18, 2014 @12:07AM

bennyboy64 writes: IT security industry experts are beginning to turn on Google and OpenSSL, questioning whether the Heartbleed bug was disclosed "responsibly". A number of selective leaks to Facebook, Akamai and CloudFlare occurred prior to disclosure on April 7. A separate, informal pre-notification program run by Red Hat on behalf OpenSSL to Linux and Unix operating system distributions also occurred. But router manufactures and VPN appliance makers Cisco and Juniper had no heads up. Nor did large web entities such as Amazon Web Services, Twitter, Yahoo, Tumblr and GoDaddy, just to name a few. The Sydney Morning Herald has spoken to many people who think Google should've told OpenSSL as soon as it uncovered the critical OpenSSL bug in March, and not as late as it did on April 1. The National Cyber Security Centre Finland (NCSC-FI), which reported the bug to OpenSSL after Google, on April 7, which spurred the rushed public disclosure by OpenSSL, also thinks it was handled incorrectly. Jussi Eronen, of NCSC-FI, said Heartbleed should have continued to remain a secret and be shared only in security circles when OpenSSL received a second bug report from the Finnish cyber security centre that it was passing on from security testing firm Codenomicon. "This would have minimised the exposure to the vulnerability for end users," Mr Eronen said, adding that "many websites would already have patched" by the time it was made public if this procedure was followed.

Comment Typo (Score 1) 1

by bennyboy64 on Monday April 14, 2014 @02:18PM (#46749559) Attached to: Heartbleed Disclosure Timeline Revealed

"Other key dates include Finnish security testing firm Codenomicon discovering the flaw independently of Google at 23:30 PDT, April 2" Should be April 3, not 2.

Submission + - Heartbleed Disclosure Timeline Revealed 1

Submitted by bennyboy64 on Monday April 14, 2014 @01:59PM

bennyboy64 writes: Ever since the Heartbleed flaw in OpenSSL was made public there have been various questions about who knew what and when. The Sydney Morning Herald has done some analysis of public mailing lists and talked to those involved with disclosing the bug to get the bottom of it. The newspaper finds that Google discovered Heartbleed on or before March 21 and notified OpenSSL on April 1. Other key dates include Finnish security testing firm Codenomicon discovering the flaw independently of Google at 23:30 PDT, April 2. SuSE, Debian, FreeBSD and AltLinux all got a heads up from Red Hat about the flaw in the early hours of April 7 — a few hours before it was made public. Ubuntu, Gentoo and Chromium attempted to get a heads up by responding to an email with few details about it but didn't get a heads up, as the guy at Red Hat sending the disclosure messages out in India went to bed. By the time he woke up, Codenomicon had reported the bug to OpenSSL and they freaked out and decided to tell the world about it.

Submission + - Auto-complete Comes To Email To Save You Time

Submitted by bennyboy64 on Friday April 04, 2014 @03:55AM

bennyboy64 writes: Auto-complete has existed on mobiles for several years. So why has it taken an Australian start-up to take it out of the smartphone and onto the desktop? Called Composure, they're working on a Google Chrome extension that can auto-complete words, phrases, and even whole paragraphs, according to the Sydney Morning Herald. At the moment it just does dictionary words and phrases, but in the future they plan to scour through your Gmail to predict entire paragraphs that you've said in the past. They also plan to have a feature that recommends documents you might want to attach to an email based on the contents of the email.

Submission + - Epson Chief Takes Swipe At Copycat Tech Giants

Submitted by bennyboy64 on Wednesday December 11, 2013 @11:44PM

bennyboy64 writes: The president of Epson, Minoru Usui, has accused technology companies such as Samsung and Apple of copying each other, saying most of the components inside their gadgets are the same, the Sydney Morning Herald reports.
"If you look at products like iPhones or Samsung devices, if you take them apart then you'll find that they're basically all using the same displays, they're using the same batteries, the same condensers, the same parts. Where there's a difference between [them] is [in] the design or the software or even just the brand," Mr Usui said.
He made the comments while discussing how Epson would soon move beyond its traditional product range to become involved in emerging technologies, such as wearables.

Submission + - Australian 'Lulzsec Leader' Hacked Council Website (smh.com.au)

Submitted by bennyboy64 on Wednesday May 15, 2013 @06:12AM

bennyboy64 writes: The IT security professional who the Australian Federal Police said was a self-proclaimed leader of international hacking ring Lulzsec allegedly penetrated a NSW council website, the Sydney Morning Herald reports. Federal police made a big deal of his arrest last month and said he claimed to be the leader of the disbanded hacking collective Lulzsec, though many have questioned this. Although federal police said he could do a lot of damage, it was only revealed that he was charged with three offence, all to do with defacing a council's website.

Submission + - How Aussie Uni Creates World's Best Hackers (smh.com.au)

Submitted by bennyboy64 on Saturday May 11, 2013 @10:53AM

bennyboy64 writes: An Australian university appears to be excelling at cultivating some of Australia's best computer hackers. Following the University of NSW's students recently placing first, second and third in a hacking war game (the first place winners also won first place last year), The Sydney Morning Herald reports on what exactly about the NSW institution is breeding some of Australia's best hackers. It finds that a lecturer and mentor to the students with controversial views on responsible disclosure appears to the be the reason for their success.

Submission + - Steve Jobs's Ego Will Bite: Netgear CEO (smh.com.au) 1

Submitted by bennyboy64 on Monday January 31, 2011 @12:41AM

bennyboy64 writes: The global chairman and CEO of home networking giant Netgear has launched into a scathing attack on Apple and its founder Steve Jobs, criticising Jobs's "ego" and Apple's closed up products.

Submission + - Google Attempts To Gag Another Business: Scoogle (smh.com.au)

Submitted by bennyboy64 on Thursday November 11, 2010 @09:38PM

bennyboy64 writes: After settling a trademark dispute with Australian business Groggle and getting it to change its name, Google has taken issue with another Australian business: Scoogle, which sells eyewear.

Submission + - Aussie Student Responsible For Twitter Exploit

Submitted by bennyboy64 on Wednesday September 22, 2010 @01:00AM

bennyboy64 writes: An Australian teen has caused havoc on Twitter by discovering an exploit that hit thousands of users, including Barack Obama's press secretary, and resulted in the tweets of a former British PM's wife linking to hardcore porn, The Sydney Morning Herald reports. Pearce Delphin, who is studying his last year at high school, said that he was surprised that "so many famous people got infected".

Submission + - AU Government Backs Away From Web Snooping Plans

Submitted by bennyboy64 on Wednesday August 04, 2010 @12:48AM

bennyboy64 writes: The Australian Government has moved to distance itself from its controversial web snooping plans during the election campaign and the decision to hide details from the public. Australia's Attorney-General Robert McClelland yesterday defended his department censoring about 90 per cent of a secret government document, obtained under freedom of information (FoI) laws, outlining plans to snoop on Australians' web surfing.

Submission + - Aussie Lasers Stop Satellite Collisions, Death (zdnet.com.au)

Submitted by bennyboy64 on Thursday July 15, 2010 @07:46PM

bennyboy64 writes: An Australian company is developing a laser tracking system that will help prevent collisions between satellites and space debris, ZDNet reports . 'The trouble is it's [debris] in orbit and travelling at orbital speeds, which means that it is travelling at about 30,000 kilometres an hour," said the CEO of the Australian company. 'If even a tiny little piece runs into a satellite it'll destroy it or punch a hole through a person if they're out there space walking.'

Submission + - New Zealand Software To Be "Unpatentable" (zdnet.com.au)

Submitted by bennyboy64 on Thursday July 15, 2010 @09:30AM

bennyboy64 writes: New Zealand's great software patent debate has come to a head after Commerce Minister Simon Power said that he would make no further amendments to the country's new Patents Bill, which will make software "unpatentable", ZDNet reports.

Submission + - Video Of A Human Microship Implant In Four Minutes (zdnet.com.au)

Submitted by bennyboy64 on Tuesday June 29, 2010 @08:22PM

bennyboy64 writes: A 28-year-old West Australian IT professional is one of the latest to have a radio-frequency identification (RFID) chip implanted in their hand, ZDNet reports. A four minute video on ZDNet of the chip being implanted might make you queezy, but sure is an interesting watch. How long before everyone starts doing this? In the article, the gentleman says his daughter (who is 8) would be given a key fob for now. Apparently she wants an implant too, but her father won't allow it.

Submission + - US Shows Interest In Zombie Quarantine Code (zdnet.com.au) 1

Submitted by bennyboy64 on Friday June 25, 2010 @12:51AM

bennyboy64 writes: Barack Obama's cyber-security coordinator has shown interest in an e-security code of practice developed in Australia that aims to quarantine internet users infected by malware, also known as zombie computers. He reportedly said it would be a useful role model for the US to adopt. One suggestion within the code is to put infected users into a 'walled garden', which limits internet access to prevent further security problems until quarantined. Another is to throttle the speed of an infected users' internet connection until their computer fixed. The code is also being considered by other Asia-Pacific countries, ZDNet reports.

Slashdot Top Deals