brides-cond – Page 25 – Tech Today w/ Ken May

Google warns of unauthorized TLS certificates trusted by almost all OSes

In the latest security lapse involving the Internet’s widely used encryption system, Google said unauthorized digital certificates have been issued for several of its domains and warned misissued credentials may be impersonating other unnamed sites as well. The bogus transport layer security certificates are trusted by all major operating systems and browsers, although a fall-back mechanism known as public key pinning prevented the Chrome and Firefox browsers from accepting those that vouched for the authenticity of Google properties, Google security engineer Adam Langley wrote in a blog post published Monday . The certificates were issued by Egypt-based MCS Holdings , an intermediate certificate authority that operates under the China Internet Network Information Center (CNNIC). The Chinese domain registrar and certificate authority, in turn, is included in root stores for virtually all OSes and browsers. The issuance of the unauthorized certificates represents a major breach of rules established by certificate authorities and browser makers. Under no conditions are CAs allowed to issue certificates for domains other than those legitimately held by the customer requesting the credential. In early 2012, critics blasted US-based CA Trustwave for doing much the same thing and Langley noted an example of a France-based CA that has also run afoul of the policy. Read 6 remaining paragraphs | Comments

Islamic State doxes US soldiers, airmen, calls on supporters to kill them

Middle East terrorist organization Islamic State (ISIS) has called on its followers take the fight to 100 members of the United States military residing in the US. A group calling itself the “Islamic State Hacking Division” has posted names, addresses, and photographs of soldiers, sailors, and airmen online, asking its “brothers residing in America” to murder them, according to Reuters . Although the posting purports to come from the “Hacking Division,” US Department of Defense officials say that none of their systems appear to have been breached by the group. Instead, the personal data was almost certainly culled from publicly available sources, a DoD official told the New York Times on the condition of anonymity. Those appearing on the list include crew members from the 2d Bomb Wing at Barksdale Air Force Base in Louisiana and the 5th Bomb Wing at Minot AFB in North Dakota, even though they have played no part in the US air campaign against ISIS. Other military members doxed have either been identified in media reports on the campaign or were cited by name in official DoD reports, officials told the Times. Read 3 remaining paragraphs | Comments

See the original post:
Islamic State doxes US soldiers, airmen, calls on supporters to kill them

All four major browsers take a stomping at Pwn2Own hacking competition

The annual Pwn2Own hacking competition wrapped up its 2015 event in Vancouver with another banner year, paying $442,000 for 21 critical bugs in all four major browsers, as well as Windows, Adobe Flash, and Adobe Reader. The crowning achievement came Thursday as contestant Jung Hoon Lee, aka lokihardt, demonstrated an exploit that felled both the stable and beta versions of Chrome, the Google-developed browser that’s famously hard to compromise . His hack started with a buffer overflow race condition in Chrome. To allow that attack to break past anti-exploit mechanisms such as the sandbox and address space layout randomization, it also targeted an information leak and a race condition in two Windows kernel drivers, an impressive feat that allowed the exploit to achieve full System access. “With all of this, lokihardt managed to get the single biggest payout of the competition, not to mention the single biggest payout in Pwn2Own history: $75,000 USD for the Chrome bug, an extra $25,000 for the privilege escalation to SYSTEM, and another $10,000 from Google for hitting the beta version for a grand total of $110,000,” Pwn2Own organizers wrote in a blog post published Thursday . “To put it another way, lokihardt earned roughly $916 a second for his two-minute demonstration.” Read 2 remaining paragraphs | Comments

Taken from:
All four major browsers take a stomping at Pwn2Own hacking competition

Classic FPS Descent to be rebooted by Star Citizen alums

The last time we checked in with Eric “Wingman” Peterson was August of 2014, where he was running Cloud Imperium Games’ Austin office and overseeing development on Star Citizen’s persistent universe. However, just a few months after that, Peterson left Cloud Imperium to develop his own game: a reboot of the mid-’90s first-person shooter game Descent. Peterson has formed Descendent Studios , hired a development staff, and is currently overseeing a Kickstarter to pull together a minimum of $600,000 to finance development of the game, which is titled Descent Underground . Critically, Descent Underground has something that previous attempts to resurrect the Descent franchise have lacked: a licensing agreement with IP-holder Interplay. Kickstarter teaser for Descent Underground , formerly code-named “Ships That Fight Underground.” Old name, new presentation Descent was published by Interplay more than 20 years ago, in 1994. The first-person shooter developed by Parallax Software had players zipping around underground in a series of cavernous (and sometimes claustrophobic) mines filled with mad killer robots. Players navigated the underground environment in a Pyro GX spacecraft, which led to the game’s main selling point: it wasn’t just a regular FPS, but one which offered “six degrees of freedom.” In other words, you could move in any direction (X, Y, and Z) and turn in any direction (roll, pitch, yaw). Read 14 remaining paragraphs | Comments

Read the article:
Classic FPS Descent to be rebooted by Star Citizen alums

HTTPS-crippling FREAK exploit hits thousands of Android and iOS apps

While almost all the attention paid to the HTTPS-crippling FREAK vulnerability has focused on browsers, consider this: thousands of Android and iOS apps, many with finance, shopping, and medical uses, are also vulnerable to the same exploit that decrypts passwords, credit card details, and other sensitive data sent between handsets and Internet servers. Security researchers from FireEye recently examined the most popular apps on Google Play and the Apple App Store and found 1,999 titles that left users wide open to the encryption downgrade attack. Specifically, 1,228 Android apps with one million or more downloads were vulnerable, while 771 out of the top 14,079 iOS apps were susceptible. Vulnerable apps were those that used—or in the case of iOS, could use—an affected crypto library and connected to servers that offered weak, 512-bit encryption keys. The number of vulnerable apps would no doubt mushroom when analyzing slightly less popular titles. “As an example, an attacker can use a FREAK attack against a popular shopping app to steal a user’s login credentials and credit card information,” FireEye researchers Yulong Zhang, Zhaofeng Chen, Hui Xue, and Tao Wei wrote in a blog post scheduled to be published Tuesday afternoon. “Other sensitive apps include medical apps, productivity apps and finance apps.” The researchers provided the screenshots above and below, which reveal the plaintext data extracted from one of the vulnerable apps after it connected to its paired server. Read 3 remaining paragraphs | Comments

See original article:
HTTPS-crippling FREAK exploit hits thousands of Android and iOS apps

A $6 commute with Wi-Fi, USB ports, and coconut water

SAN FRANCISCO—In a city replete with not only local buses, and the famously-hated tech company buses that shuttle hundreds of workers daily 40 miles south, a new startup is set to debut a private luxury commuter bus line, charging $6 for a roughly three-mile ride. At its Wednesday launch, Leap will only operate four buses (with one more in reserve) during commuting hours, focusing on giving rides from the Marina neighborhood in the city’s north, going southeast to downtown in the morning, and the reverse in the evening. There’s no fixed schedule—the buses are just constantly rolling at 10 to 15 minute intervals, and passengers can check the iOS or Web apps to see when they will arrive. (Ars first profiled Leap in March 2014.) Leap is betting that riders are willing to pay nearly three times what a ride on a local Muni bus costs, and a fair bit less than what a taxi (or its newer cousins, Uber, Lyft, and Sidecar) would charge for a similar journey. What makes it worth that price? Free Wi-Fi, comfortable seats (limited to just 27, no standing passengers), USB ports, plus food and drinks. Read 24 remaining paragraphs | Comments

Windows 10 shaves off gigabytes with selective system file compression

With the Windows 8.1 Update, Microsoft shrank the Windows 8.1 install footprint to make it suitable for low-cost tablets with just 16GB of permanent storage, a reduction from the 32GB generally required for Windows 8. Windows 10 will shrink the disk footprint further, potentially freeing as much as 6.6GB of space on OEM preinstalls. Microsoft describes two sources of savings. The first is the re-use of a time-honored technique that fell out of fashion as hard drives grew larger and larger: per-file compression. The NTFS filesystem used in Windows has long allowed individual files and folders to be compressed, reducing their on-disk size at the expense of a small processor overhead when reading them. With spinning disks getting so large as to feel almost unlimited, per-file compression felt like a relic from a bygone age by the mid-2000s. But with the rise of solid state storage and ultra-cheap devices with just a handful of gigabytes available, per-file compression has gained a new lease on life. Read 11 remaining paragraphs | Comments

Read the article:
Windows 10 shaves off gigabytes with selective system file compression

Cops are freaked out that Congress may impose license plate reader limits

Despite the fact that no federal license plate legislation has been proposed, the International Association of Chiefs of Police (IACP) has sent a pre-emptive letter to top Congressional lawmakers, warning them against any future restrictions of automated license plate readers. The IACP claims to be the “world’s oldest and largest association of law enforcement executives.” As the letter, which was published last week, states: We are deeply concerned about efforts to portray automated license plate recognition (ALPR) technology as a national real-time tracking capability for law enforcement. The fact is that this technology and the data it generates is not used to track people in real time. ALPR is used every day to generate investigative leads that help law enforcement solve murders, rapes, and serial property crimes, recover abducted children, detect drug and human trafficking rings, find stolen vehicles, apprehend violent criminal alien fugitives, and support terrorism investigations. Sarah Guy, a spokeswoman for the IACP, told Ars that current state and local restrictions have made the police lobby group concerned at the federal level. Read 14 remaining paragraphs | Comments

View article:
Cops are freaked out that Congress may impose license plate reader limits

Consumer SSDs benchmarked to death—and last far longer than rated

We last checked in with TechReport’s grand SSD torture test back in June , when the first drives in the six-drive roundup had failed. The drives to first fall victim to the unending barrage of data writes were the Intel 335, one of two Kingston HyperX 3Ks (the one tasked with an non-compressible workload to stymie its compression-happy Sandforce controller), and the Samsung 840. All three failed short of 1PB of writes, but it’s also important to note that all of them—even the TLC-equipped Samsung 840—far exceeded their manufacturers’ stated write lifetimes. But now the experiment has come to its grand conclusion : all the drives have finally gone silent, their controllers unresponsive, their NAND cells heavy with extra electrons . The TechReport’s post-mortem is glorious in its depth and detail, with tons of data points and charts describing the course of the experiment and the fate of each of the drives. Tech-savvy buyers who might be worried about SSD lifetime decreasing even as SSD capacity skyrockets should have their fears assuaged by the ridiculous number of writes the tested drives endured; the drive that survived the longest survived more than 2.4 petabytes worth of sustained writes. That’s probably about 240x as much writing as a typical consumer SSD would need to endure over its lifetime. Read 2 remaining paragraphs | Comments

Link:
Consumer SSDs benchmarked to death—and last far longer than rated

Indian ISP’s routing hiccup briefly takes Google down worldwide

For a short time today, people all over the world trying to access Google services were cut off because of what Dyn Research Director of Internet Analysis Doug Madory identified as a “routing leak ” from an Indian broadband Internet provider. The leak is similar to a 2012 incident caused by an Indonesian ISP , which took Google offline for 30 minutes worldwide. Routing leaks occur when a network provider broadcasts all or part of its internal routing table to one or more peered networks via the Border Gateway Protocol, causing network traffic to be routed incorrectly. In this case, the Indian ISP Hathway’s boundary router incorrectly announced routing data for over 300 network prefixes belonging to Google to the Internet backbone via its provider Bharti Airtel. “Bharti in turn announced these routes to the rest of the world,” Madory wrote in a Dyn Research blog entry posted this morning, “and a number of ISPs accepted these routes.” In the US, Cogent and Level 3 accepted the routes; a number of overseas carriers, including Orange, were also affected. Read 1 remaining paragraphs | Comments

See the article here:
Indian ISP’s routing hiccup briefly takes Google down worldwide