Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Kaleidescape Shuts Down (engadget.com)

An anonymous reader writes: If you're familiar with Kaleidescape, it's likely related to the company's years-long battle with the DVD Copy Control Association over the right to sell disc-ripping movie servers. After a decade of legal wrangling, the parties settled two years ago with an agreement that effectively killed the DVD copying feature. Now, after making attempts to build pricey Blu-ray jukeboxes and a high-quality movie download service that worked with Hollywood's copy-protection demands instead of against them, the company is shutting its doors.

Submission + - How Does One Close a Microsoft Store Account?

An anonymous reader writes: I tried on the web but was only able to delete my credit card number. In light of their new privacy policy, I would like them to delete all my personal information and close the account. Anyone know how to do this or am I checked into Hotel California?

Submission + - U. of Chicago researchers use data to predict police misconduct (chicagotribune.com) 2

schwit1 writes: In two Loop office buildings about eight blocks apart, a pair of University of Chicago research teams are analyzing big data to answer a thorny question that has become especially charged in recent months: Will a police officer have an adverse interaction with a citizen?

The team from the university's Crime Lab is in the first stages of working with the Chicago Police Department to build a predictive data program to improve the department's Early Intervention System, which is designed to determine if an officer is likely to engage in aggressive, improper conduct with a civilian.

The other team, part of U. of C.'s Center for Data Science & Public Policy, is expected to launch a data-driven pilot of an Early Intervention System with the Charlotte-Mecklenburg Police Department in North Carolina by the end of the summer. The center is working on similar efforts with the Los Angeles County sheriff's office and the Nashville and Knoxville police departments in Tennessee.

I am not hopeful seeing how a recent Chicago crime predictive program failed.

Submission + - 18-Year-Old Random Number Generator Flaw Fixed In Libgcrypt, GnuPG (helpnetsecurity.com) 1

An anonymous reader writes: Researchers have discovered a “critical security problem” that affects all versions of the Libgcrypt cryptographic library and, therefore, all versions of the GnuPG (a.k.a. GPG) hybrid-encryption software. The bug has now been fixed, and he advises users of GnuPG-2 to update Libgcrypt to version 1.7.3, 1.6.6, or 1.5.6, and users of GnuPG-1 to upgrade to version 1.4.21.

Submission + - Hackers Claim To Be Selling NSA Cyberweapons In Online Auction

blottsie writes: A group of hackers identifying themselves as the Shadow Brokers claims to have hacked the NSA's Equation Group, a team of American hackers that have been described as both "omnipotent" and "the most advanced" threat cyberspace has ever seen.

On the Shadow Brokers' website, the group has shared a sample of data that some cybersecurity experts say lends credibility to the breach. The the hackers' asking price for what they claim is a cache of NSA-built cyberweapons.

Submission + - PGP Short-ID Collision Attacks Continued, Now Targeted Linus Torvalds

An anonymous reader writes: Enrico Zini wrote:

There are currently at least 3 ways to refer to a GPG key: short key ID (last 8 hex digits of fingerprint), long key ID (last 16 hex digits) and full fingerprint. The short key ID used to be popular, and since 5 years it is known that it is computationally easy to generate a GnuPG key with an arbitrary short key id.

LWN.net wrote in June 3, 2016:

Gunnar Wolf urges developers to stop using "short" PGP key IDs as soon as possible. The impetus for the advice originates with Debian's Enrico Zini, who recently found two keys sharing the same short ID in the wild.

After contacted the owner, it turned out that one of the keys is a fake. In addition, labelled same names, emails, and even signatures created by more fake keys. Weeks later, more developers found their fake "mirror" keys on the keyserver, including the PGP Global Directory Verification Key. Gunnar Wolf wrote:

We don't know who is behind this, or what his purpose is. We just know this looks very evil.

Now, a fake key (fake: 0x6211aa3b00411886, real: 0x79be3e4300411886) of Linus Torvalds was found in the wild, scroll the page and you'll two of them. It looked like that every single key from the Linux kernel community have been forged successfully, another example is Greg Kroah-Hartman (fake:0x27365dea6092693e, real: 0x38dbbdc86092693e). LWN reader "rmayr" commented:

so it seems somebody is actually constructing a database of fake keypairs with "well-known" short IDs. Something is going on here...

Slashdot Top Deals

"Why waste negative entropy on comments, when you could use the same entropy to create bugs instead?" -- Steve Elias

Working...