Preedit writes "An InformationWeek story points out a recent deal between Microsoft and Japanese printer maker Kyocera Mita. Under the agreement, Kyocera obtained from Microsoft a license to patents used in 'certain Linux-based embedded technologies.' The question the author asks is why Kyocera needs a patent license from Microsoft to develop its embedded Linux products."

Hugh Pickens writes "Bruce Schneier has a story on Wired about the new official standard for random-number generators the NIST released this year that will likely be followed by software and hardware developers around the world. There are four different approved techniques (pdf), called DRBGs, or 'Deterministic Random Bit Generators' based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. The generator based on elliptic curves called Dual_EC_DRBG has been championed by the NSA and contains a weakness that can only be described as a backdoor. In a presentation at the CRYPTO 2007 conference (pdf) in August, Dan Shumow and Niels Ferguson showed that there are constants in the standard used to define the algorithm's elliptic curve that have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."

KrispySausage writes "After weeks of grueling troubleshooting, I've finally had it confirmed by Microsoft Australia and USA — something as small as swapping the video card or updating a device driver can trigger a total Vista deactivation. Put simply, your copy of Windows will stop working with very little notice (three days) and your PC will go into "reduced functionality" mode, where you can't do anything but use the web browser for half an hour."

LKM writes "Sony seems to think we should not be allowed to rip CDs we own to our iPods. In fact, doing so is stealing, and we should all re-buy songs, preferably one copy for each device. Says Jennifer Pariser, the head of litigation for Sony BMG: 'When an individual makes a copy of a song for himself, I suppose we can say he stole a song. Making a copy of a purchased song is just a nice way of saying 'steals just one copy'.' I guess somebody should tell Sony about all the devices Sony produces that allow this stealing to occur!"

TheCoop1984 writes "A recent article on distrowatch, and an extended thread on the gentoo forums, have pointed out that gentoo is not what it used to be. Daniel Robbins came back and went again after only a few days, developer turnover is as high as ever, personal attacks on the mailing lists are common, and people are generally not happy about the current state of affairs. Is gentoo rotting from the inside, and can anything be done about it?"

OriginalArlen writes, "In a story so surreal I had to check the primary source, the Register reports that the (London, UK) Metropolitan Police are trying out the use of eight tiny cams, mounted in the police helmet, to provide 360-degree evidence gathering in the event that an officer witnesses a crime. The press release also gives more evidence of the stealth spread of ubiquitous ANPR systems across the country as a spin-off 'benefit' to the London car congestion-charging scheme, which is likely to be rolled out across the country in the next few years. Are we already living in a Panopticon Society?" According to this report from the information commissioner for Great Britain, yep.

slidersv writes "Not 24 hours after the release of IE7, Secunia reports Internet Explorer Arbitrary Content Disclosure Vulnerability. So much for the "you wanted it easier and more secure" slogan found on Microsoft's IE Website."

breun writes to bring us up to date on the doings of Jon Lech Johansen, known as "DVD Jon" after he cracked CSS encryption at the age of 15. As reported by GigaOM's Liz Gannes, Johansen has now reverse-engineered Apple's FairPlay DRM — but not to crack it. Instead Johansen's company, DoubleTwist Ventures, wants to license the tech to media companies shut out by Apple from playing their content on the iPod. And, soon, on the iTV. Johansen could end up selling a lot of hardware for Apple.

An anonymous reader writes "The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon. An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here."

Browser Buddy writes "A new Symantec study on browser vulnerabilities covering the first half of 2006 has some surprising conclusions. It turns out that Firefox leads the pack with 47 vulnerabilities, compared to 38 for Internet Explorer. From Ars Technica's coverage: 'In addition to leading the pack in sheer number of vulnerabilities, Firefox also showed the greatest increase in number, as the popular open-source browser had only logged 17 during the previous reporting period. IE saw an increase of just over 50 percent, from 25; Safari doubled its previous six; and Opera was the only one of the four browsers monitored that actually saw a decrease in vulnerabilities, from nine to seven.' Firefox still leads the pack when it comes to patching though, with only a one-day window of vulnerability."

xorgb writes "CryptoDox is an online encyclopedia on Cryptography and Information Security. The data is being made available under the GNU Free Documentation License. The site is powered by MediaWiki and in the few months that it has been online it has got some good articles on the basics of cryptography. It is currently looking out for contributors to enhance its database of articles. Check it out!"