Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Submission + - Physical Key Extraction Attacks on PCs (acm.org)

An anonymous reader writes: - Story:
http://cacm.acm.org/magazines/...

- Archived:
https://web.archive.org/web/*/...
https://archive.is/MrXho

"For attackers, ramming the gates of cryptography is not the only option. They can instead undermine the fortification by violating basic assumptions made by the cryptographic software. One such assumption is software can control its outputs. Our programming courses explain that programs produce their outputs through designated interfaces (whether print, write, send, or mmap); so, to keep a secret, the software just needs to never output it or anything that may reveal it. (The operating system may be misused to allow someone else's process to peek into the program's memory or files, though we are getting better at avoiding such attacks, too.)

Yet programs' control over their own outputs is a convenient fiction, for a deeper reason. The hardware running the program is a physical object and, as such, interacts with its environment in complex ways, including electric currents, electromagnetic fields, sound, vibrations, and light emissions. All these "side channels" may depend on the computation performed, along with the secrets within it. "Side-channel attacks," which exploit such information leakage, have been used to break the security of numerous cryptographic implementations"

Submission + - Is Windows 10 Still A Step Back? 5

BrendaEM writes: Many people are pleased with Windows 10, but to dig though the user interface is to see one that seem like it was never finished. In the simplified dumbed-down menus, there is not enough functionality for a user to maintain their computer. Clicking on "advanced" give you access to Windows 7-style menus, going deeper, you see menus that haven't been updated since Windows 2000.

Many people are still having hardware problems such as dealing with a crippled Bluetooth file transfer which can no longer automatically receive files, thereby making the user invoke every single transfer. Many others are having charging problems with Android phones.

Even Windows 7 needlessly made it difficult to use more than two power schemes, which many people who work their computer hard may want to use. Windows 7 made the computer management event logs terribly slow to sort on even a modern computer. Windows 7 also made it next to impossible to format a large FAT32 drive.

With poor privacy practices, a disrespect for the user as far as upgrades, recent unfair browser marking practices, a lack of UI vision, will another company ever dare make a competing commercial operating system for PC compatibles?

Submission + - Tinder Scam Promises Account Verification, But Actually Sells Porn (csoonline.com)

itwbennett writes: Tinder users should be on the lookout for Tinder profiles asking them to get “verified" and then sending them a link to a site called Tinder Safe Dating. The service asks for credit card information, saying this will verify the user's age. Once payment information has been captured, the user is then signed up for a free trial of porn, which will end up costing $118.76 per month unless the service is cancelled.

Submission + - EFF lawsuit seeks to overturn DMCA ban on breaking DRM

Robotech_Master writes: The EFF has just filed suit against the US government on the grounds that the Digital Millennium Copyright Act’s anti-circumvention provision, Section 1201, represents an unconstitutional restraint on free speech.

The suit takes aim at the practice of outlawing breaking DRM, with the Librarian of Congress permitted to make exceptions to the prohibition every three years, as well as outlawing any explanation of how to break DRM. The EFF calls this “an unconstitutional speech-licensing regime.”

This isn't the first time the DMCA's anti-circumvention provision has been called in to question. Earlier this year, Congress asked for public comments on ways to improve the anti-circumvention process.

Submission + - Oracle Issues Patch Bundle Fixing 276 Security Flaws (csoonline.com)

itwbennett writes: Oracle has released its largest Critical Patch Update (CPU) yet, fixing 276 vulnerabilities in more than 80 products. Assuming you've got lots of patching ahead of you, start with the Java patches, advises John Matthew Holt, CTO of application security firm Waratek. And Qualys adds that companies should quickly turn their attention to assets that can be directly attacked from the internet.

Submission + - Library of Congress Hit With A Denial-Of-Service Attack (fedscoop.com)

An anonymous reader writes: The Library of Congress (LOC) announced via Twitter Monday that they were the target of a denial-of-service attack. The attack was detected on July 17 and has caused other websites hosted by the LOC, including the U.S. Copyright Office, to go down. In addition, employees of the Library of Congress were unable to access their work email accounts and to visit internal websites. The outages continue to affect some online properties managed by the library. "In June 2015, the Government Accountability Office, or GAO, published a limited distribution report — undisclosed publicly though it was sourced in a 2015 GAO testimony to the Committee on House Administration — highlighting digital security deficiencies apparent at the Library of Congress, including poor software patch management and firewall protections," reports FedScoop.

Submission + - UK 'emergency' bulk data slurp permissible in pursuit of 'serious crime' (theregister.co.uk)

An anonymous reader writes: Bulk collection of data from phone calls and emails by carriers acting under government orders could be permissible in the pursuit of “serious crime”.

That’s the preliminary ruling in a case brought by Brexit chief minister David Davis against PM Theresa May before the European Union’s highest court.

The ruling suggests bulk collection and retention of customer data might not be in breach of the EU Charter of Fundamental Rights — if it’s done legally and with safeguards.

Davis with Labour Party deputy leader Tom Watson and others brought their case to the European Court of Justice in February.

Submission + - A Debate Over the Physics of Time (quantamagazine.org)

An anonymous reader writes: Einstein once described his friend Michele Besso as “the best sounding board in Europe” for scientific ideas. They attended university together in Zurich; later they were colleagues at the patent office in Bern. When Besso died in the spring of 1955, Einstein — knowing that his own time was also running out — wrote a now-famous letter to Besso’s family. “Now he has departed this strange world a little ahead of me,” Einstein wrote of his friend’s passing. “That signifies nothing. For us believing physicists, the distinction between past, present and future is only a stubbornly persistent illusion.”

Einstein’s statement was not merely an attempt at consolation. Many physicists argue that Einstein’s position is implied by the two pillars of modern physics: Einstein’s masterpiece, the general theory of relativity, and the Standard Model of particle physics. The laws that underlie these theories are time-symmetric — that is, the physics they describe is the same, regardless of whether the variable called “time” increases or decreases. Moreover, they say nothing at all about the point we call “now” — a special moment (or so it appears) for us, but seemingly undefined when we talk about the universe at large. The resulting timeless cosmos is sometimes called a “block universe” — a static block of space-time in which any flow of time, or passage through it, must presumably be a mental construct or other illusion.

Submission + - SPAM: Napthlalene-derived carbon nanospheres for room temperature quantum computing

synaptic writes: In the journal Nature, scientists report the novel synthesis of carbon nanospheres from napthalene pyrolysis allowing room-temperature quantum computing. From the Phys.org article:

"We have demonstrated that a long conduction electron spin lifetime in metallic-like material made up of carbon nanospheres can be achieved at room temperature. This material was produced simply by burning naphthalene, the active ingredient in mothballs. The material is produced as a solid powder and handled in air. It can then be dispersed in ethanol and water solvents, or deposited directly onto a surface like glass. As the material was remarkably homogeneous, the measurements could be made on the bulk solid powder. This allowed us to achieve a new record electron spin lifetime of 175 nanoseconds at room temperature. This might not sound like a long time, but it exceeds the prerequisite for applications in quantum computing and is about 100 times longer than that found in graphene."

Link to Original Source

Submission + - UK gov says new Home Sec will have powers to ban end-to-end encryption (theregister.co.uk)

An anonymous reader writes: IPBill During a committee stage debate in the UK's House of Lords yesterday, the government revealed that the Investigatory Powers Bill will provide any Secretary of State with the ability to force communication service providers (CSPs) to remove or disable end-to-end encryption.

Earl Howe, a Minister of State for Defence and the British government's Deputy Leader in the House of Lords, gave the first explicit admission that the new legislation would provide the government with the ability to force CSPs to “develop and maintain a technical capability to remove encryption that has been applied to communications or data”.

This power, if applied, would be imposed upon domestic CSPs by the new Home Secretary, Amber Rudd, who was formerly the secretary of state for Energy and Climate Change. Rudd is now only the fifth woman to hold one of the great offices of state in the UK. As she was only appointed on Wednesday evening, she has yet to offer her thoughts on the matter.

Submission + - SPAM: Nanowre Battery Breakthrough

sycodon writes: Researchers at the University of California Irvine (UCI) have found a way to protect and extend the life of nanowire based batteries.

The Nerd take:
"We demonstrate reversible cycle stability for up to 200000 cycles with 94–96% average Coulombic efficiency for symmetrical -MnO2 nanowire capacitors operating across a 1.2 V voltage window in a poly(methyl methacrylate) (PMMA) gel electrolyte."

When researchers applied a plexiglass-like gel to gold nanowires in a manganese dioxiode shell, it increased that number to over 200,000 and the battery didn’t lose any of its power or storage capacity over a period of three months.

Link to Original Source

Submission + - Black Hole Imager Gets First View of Galactic Core (seeker.com)

astroengine writes: A powerful new instrument at one of the world's most powerful observatories is now online and capturing its first deep views of the environment surrounding the black hole behemoth center of our Milky Way. The GRAVITY instrument is currently undergoing commissioning at the Very Large Telescope (VLT) Interferometer at the ESO's Paranal Observatory in Chile and it's prime mission is to ultimately probe the region immediately surrounding Sagittarius A*, the 4 million solar mass supermassive black hole that lurks in the center of our galaxy, around 25,000 light-years from Earth. This sophisticated instrument collects light from the four main 8.2 meter diameter telescopes of the VLT Interferometer, combining it as one.

Submission + - Russia lawmakers pass sweeping spying law that requires encryption backdoors (dailydot.com)

Patrick O'Neill writes: Russian lawmakers passed new "anti-terrorism" legislation Friday including new rules on providing mandatory backdoor access into encrypted communications for the FSB, the Russian intelligence agency and successor to the KGB, as well as a vast data-eavesdropping and -retention program so that telecom and internet companies have to record and store all customer communications for six months, potentially at a multitrillion-dollar cost.

Submission + - Crypto-Ransomware Attacks Hit Over 700,000 Users In One Year (helpnetsecurity.com)

Orome1 writes: Kaspersky Lab found a drastic increase in encryption ransomware attacks, with 718,536 users hit between April 2015 and March 2016. This is an increase of 5.5 times compared to the same period in 2014-2015, showing that crypto-ransomware has become an epidemic. The biggest problem with crypto-ransomware today is that sometimes the only way to get the encrypted data back is to pay the criminals, and victims tend to pay. That brings a lot of money into the underground ecosystem that has grown up around this malware, and as a result we are seeing new cryptors appear almost daily.

Submission + - SCOTUS says warrant required for DUI blood test (ap.org)

schwit1 writes: The Supreme Court on Thursday placed new limits on state laws that make it a crime for motorists suspected of drunken driving to refuse alcohol tests.

The justices ruled that police must obtain a search warrant before requiring drivers to take blood alcohol tests, but not breath tests, which the court considers less intrusive.

Slashdot Top Deals

Nearly every complex solution to a programming problem that I have looked at carefully has turned out to be wrong. -- Brent Welch

Working...