fronck - Slashdot User

Submission + - New SWEET32 Crypto Attacks Speed Up Deprecation of 3DES, Blowfish (threatpost.com)

Submitted by msm1267 on Wednesday August 24, 2016 @08:22AM

msm1267 writes: New attacks revealed today against 64-bit block ciphers push cryptographic ciphers such as Triple-DES (3DES) and Blowfish closer to extinction.

The attacks, known as SWEET32, allow for the recovery of authentication cookies from HTTPS traffic protected by 3DES, and BasicAUTH credentials from OpenVPN traffic protected by default by Blowfish.

In response, OpenSSL is expected tomorrow to remove 3DES from its default bulid in 1.1.0, and lower its designation from High to Medium 1.0.2 and 1.0.1. OpenVPN, meanwhile, is expected to release a new version this week as well with a warning about Blowfish and new configuration advice protecting against the SWEET32 attacks.

The researchers behind SWEET32 said this is a practical attack because collisions begin after a relatively short amount of data is introduced. By luring a victim to a malicious site, the attacker can inject JavaScript into the browser that forces the victim to connect over and over to a site they're authenticated to. The attacker can then collect enough of that traffic--from a connection that is kept alive for a long period of time--to recover the session cookie.

Submission + - Japanese Government Plans Cyber Attack Institute

Submitted by Anonymous Coward on Wednesday August 24, 2016 @07:34AM

An anonymous reader writes: The government of Japan will create an institute to train employees to counter cyber attacks. The institute, which will be operational early next year, will focus on preventing cyber attacks on electrical systems and other infrastructure. The training institute, which will operate as part of Japan’s Information Technology Promotion Agency (IPA), is the first center for training in Japan to focus on preventing cyber attacks. A government source said that the primary aims will be preventing a large-scale blackout during the Tokyo Olympics and Paralympics in 2020, and stopping leaks of sensitive power plant designs. The source also stated that there is potential for a joint exercise in cyber awareness between the Japanese group and foreign cybersecurity engineers in the future.

Comment Re:RAID (Score 2) 229

by fronck on Friday May 27, 2016 @03:03AM (#52193221) Attached to: What do you do at home to protect your data? (In comments: Any specific companies or services you recommend?)

+1

"At home", I use RAID 1 to make sure my systems don't die of one disk kicks the bucket.
For backup, I use a cron script that mirrors important files to Mega

Submission + - Clinton campaign chair: 'The American people can handle the truth' on UFOs

Submitted by Anonymous Coward on Friday April 08, 2016 @07:07AM

An anonymous reader writes: In what seems like an April Fools' Day prank story but is surprisingly real, Hillary Clinton's campaign chair, John Podesta, says that he has convinced Hillary Clinton to declassify as many documents as possible related to Area 51 and UFOs.
http://www.cnn.com/2016/04/07/...

On the matter of alien visitation, Clinton has previously stated that "I think we may have been [visited already]. We don’t know for sure."
http://www.huffingtonpost.com/...

Meanwhile, Democratic rival Bernie Sanders has been dismissive of UFO talk.
http://www.coasttocoastam.com/...

And on the other side of the isle, everyone surely already knows how likely Republican nominee Donald Trump feels about illegal aliens.

Submission + - Childbirth Charity Hack Leaks 15,000 Expectant Parents' Data (thestack.com)

Submitted by Anonymous Coward on Friday April 08, 2016 @06:54AM

An anonymous reader writes: A data breach has been uncovered at the UK's National Childbirth Trust, with over 15,000 new and expectant parents’ details compromised. The charity has apologised to its users and has informed them that their email addresses, usernames and an encrypted version of their passwords had been exposed in the data leak. It has assured members that no sensitive or financial information was accessed. The hack, which targeted the NCT’s registration database, has since been reported to the police and the UK’s data watchdog, the Information Commissioner’s Office.

Comment Re:Wow! (Score 1) 565

by fronck on Friday April 08, 2016 @06:19AM (#51866543) Attached to: Torvalds Hasn't Given Up On Linux Desktop Domination, Will 'Wear Them Down'

This!

If only I had mod points!

Submission + - Adobe Patches Flash Zero-Day Exploited by Magnitude Exploit Kit (securityweek.com)

Submitted by wiredmikey on Thursday April 07, 2016 @09:20PM

wiredmikey writes: Adobe released a Flash Player update on Thursday night to patch a zero-day vulnerability that has been leveraged by cybercriminals to deliver malware via the Magnitude exploit kit.

The vulnerability, a memory corruption that can be exploited for remote code execution, was discovered after, on April 2, security researcher Kafeine of Proofpoint noticed a change in the Magnitude exploit kit. The sample was then investigated by FireEye, which determined that Magnitude EK had been exploiting a previously unknown vulnerability in Flash Player.

Submission + - 50 Embedded Linux Conference Presentation Slide Decks Now Available (hackerboards.com)

Submitted by __aajbyc7391 on Thursday April 07, 2016 @07:17PM

__aajbyc7391 writes: The Linux Foundation has posted slide presentations from this week’s Embedded Linux Conference, which featured the first ever ELC keynote by Linus Torvalds. Well over 100 technical presentations were presented at ELC, many of which are now available in posted slide shows. In addition to sessions detailing updates on traditional embedded Linux technologies such as security, memory management, real-time Linux, interfaces, cryptography, debugging, and the like, you’ll find presentations on drones, robots, Project ARA, the Chip SBC, and much more.

Submission + - $40 of hardware is enough to hijack $28k professional drones from 2km away (theregister.co.uk)

Submitted by mask.of.sanity on Friday April 01, 2016 @01:45AM

mask.of.sanity writes: Thieves can hijack US$28,000 professional drones used widely across the law enforcement, emergency, and private sectors using $40 worth of hardware. The quadcopters can be hijacked from 2km away thanks to a lack of encryption which is not present due to latency overheads.

Submission + - AMD Announces 16 TFLOP Radeon Pro Duo, Partners With Crytek For VR First Program (hothardware.com)

Submitted by MojoKid on Monday March 14, 2016 @08:33PM

MojoKid writes: Today, AMD is holding its "Capsaicin" webcast in which the company is talking about all of its latest initiatives in the graphics realm, including VR and a powerful graphics card AMD has been hinting at for months. For starters, AMD has partnered up with powerhouse developer Crytek and will be Crytek's exclusive technology partner for its VR First initiative, which "provides colleges and universities a ready-made VR solution for developers, students and researchers." AMD and Crytek hope to plant VR seeds early so that can it empower people to create immersive VR experiences in the fields of medicine, entertainment, journalism and of course gaming. Also, remember that Radeon R9 Fury X2 graphics card that AMD CEO Lisa Su showed off months ago? We were previously lead to believe that the dual-GPU graphics card would deliver performance of around 12 TFLOPs. However, the card will actually deliver in excess of 16 TFLOPs. AMD says that this is more than enough to allow developers to "Develop content more rapidly for tomorrow's killer VR experiences while at work, and playing the latest DirectX 12 experiences at maximum fidelity while off work." And the Radeon R9 Fury X2 name? That's dead and buried — the card is now known as the Radeon Pro Duo. Not much is know about new car at this point but Radeon Pro Duo will apparently be available during the second quarter with an estimated street price of $1,499.

Submission + - Dropboxes "Magic Pocket" gets them off of Amazon S3

Submitted by Richard_at_work on Monday March 14, 2016 @10:59AM

Richard_at_work writes: Dropbox today announced that it has been working on a "top secret" project called Magic Pocket for the past couple of years to get it off its Amazon S3 addiction, culminating in them moving over 400 petabytes of user data to multiple internal data centres and a custom mass storage hardware and software solution.

Dropboxes relationship with AWS isn't completely over however, as they will continue to use AWS for specific regional data stores where there is a requirement, such as the one currently available in Germany for example.

Submission + - Google, Facebook And Whatsapp Look To Improve User Data Encryption (thestack.com)

Submitted by Anonymous Coward on Monday March 14, 2016 @10:03AM

An anonymous reader writes: Tech giants including Google, Facebook, Whatsapp and Snapchat are looking to increase the privacy of user data by expanding their encryption features. The recent reports mark growing industry support for Apple in its fight to not allow authorities backdoor access into users’ devices. Facebook has suggested that it is increasing privacy of its Messenger service, while its instant messaging app Whatsapp also confirmed that it would be extending its encryption offering to secure voice calls. Others reportedly joining the industry shift include Snapchat, which is working on securing its messaging service, and search heavyweight Google, which is currently developing an encrypted email project.

Submission + - 6 small robots, weighing 3.5 ounces in total, pull a car weighing 3900 pounds (nytimes.com)

Submitted by schwit1 on Monday March 14, 2016 @08:36AM

schwit1 writes: Their demonstration is the functional equivalent of a team of six humans moving a weight equivalent to that of an Eiffel Tower and three Statues of Liberty, Mr. Christensen said. Part of the magic is the use of a special adhesive that was inspired by gecko toes.

Submission + - Hacker GhostShell Doxes Himself So He Could Get a Job in the Industry

Submitted by Anonymous Coward on Monday March 14, 2016 @06:07AM

An anonymous reader writes: One of the most notorious hackers around has decided to dox himself after getting tired of hacking companies and failing to find a legitimate job in the infosec community. The hacker GhostShell, one of the early LulzSec members and leader of Team GhostShell is a 24-year-old Romanian, that's now hoping to get arrest and negotiate a plea deal so he can stay on as a white hat hacker with a company or state agency somewhere. For the past 4 years, the hacker was literally 2KM away from Romania's crime investigation unit, a 10-minute ride away.

Submission + - Hackers Completely Shut Down DDoS Protection Firm Staminus (softpedia.com)

Submitted by Anonymous Coward on Friday March 11, 2016 @08:22AM

An anonymous reader writes: Hackers have breached DDoS protection firm Staminus, and have reset all their routers to factory settings., shutting down their network all day, yesterday. The hackers also stole the service's database, and have later dumped it online.

Apparently the company was using the same root password for all its servers, was storing credit card details in cleartext, was exposing crucial services via external Telnet and was also hosting sites for the KKK (which also got leaked).

Slashdot Top Deals