brides-cond – Page 47 – Tech Today w/ Ken May

Lavabit held in contempt of court for printing crypto key in tiny font

Image by Rene Walter A federal appeals court on Wednesday upheld a contempt of court ruling against Ladar Levison and his now-defunct encrypted e-mail service provider, Lavabit LLC, for hindering the government’s investigation into the National Security Agency leaks surrounding Edward Snowden. In the summer of 2013, Lavabit was ordered to provide real-time e-mail monitoring of one particular user of the service, believed to be Snowden, the former NSA contractor turned whistleblower. Instead of adequately complying with the order to turn over the private SSL keys that protected his company’s tens of thousands of users from the government’s prying eyes, Levison chose instead to shut down Lavabit last year after weeks of stonewalling the government. However, Levison reluctantly turned over his encryption keys to the government, although not in a manner that the government deemed useful, and instead provided a lengthy printout with tiny type, a move the authorities said was objectionable. “The company had treated the court orders like contract negotiations rather than a legal requirement,” US Attorney Andrew Peterson, who represented the government, told PC World . Read 5 remaining paragraphs | Comments

Fingerprint lock in Samsung Galaxy 5 easily defeated by whitehat hackers

SRLabs The heavily marketed fingerprint sensor in Samsung’s new Galaxy 5 smartphone has been defeated by whitehat hackers who were able to gain unfettered access to a PayPal account linked to the handset. The hack, by researchers at Germany’s Security Research Labs , is the latest to show the drawbacks of using fingerprints, iris scans, and other physical characteristics to authenticate an owner’s identity to a computing device. While advocates promote biometrics as a safer and easier alternative to passwords, that information is leaked every time a person shops, rides a bus, or eats at a restaurant, giving attackers plenty of opportunity to steal and reuse it. This new exploit comes seven months after a separate team of whitehat hackers bypassed Apple’s Touch ID fingerprint scanner less than 48 hours after it first became available. “We expected we’d be able to spoof the S5’s Finger Scanner, but I hoped it would at least be a challenge,” Ben Schlabs, a researcher at SRLabs, wrote in an e-mail to Ars. “The S5 Finger Scanner feature offers nothing new except—because of the way it is implemented in this Android device—slightly higher risk than that already posed by previous devices.” Read 7 remaining paragraphs | Comments

More here:
Fingerprint lock in Samsung Galaxy 5 easily defeated by whitehat hackers

Aftermarket CarPlay console coming this fall, costs between $500 and $700

Soon, you’ll be able to use Apple’s CarPlay without buying a whole new car. Apple So far, consoles compatible with Apple’s CarPlay feature have only been integrated into a handful of high-end cars. If you want to use the feature without buying an entirely new vehicle, Alpine Electronics will soon be able to hook you up—Nikkei reports that the company will begin selling a standalone CarPlay console in the US and Europe this fall. The console is “likely” to have a 7-inch display and will reportedly cost between $500 and $700. Alpine already sells a lineup of entertainment and navigation systems , and it’s possible that this new CarPlay-compatible version will offer similar features when there’s no iPhone connected to it. Current CarPlay-compatible vehicles offer the CarPlay interface when an iPhone is connected, but it’s available as an alternative to the automakers’ own software solutions rather than a complete replacement. CarPlay was first demonstrated as “iOS in the Car” at Apple’s Worldwide Developers Conference last year and was officially released earlier this year as part of the iOS 7.1 update . It provides access to Apple Maps’ turn-by-turn navigation features, your music and podcasts, and a handful of third-party streaming services approved by Apple; as of this writing, there’s no public API that developers can use to support the feature independently. CarPlay requires a compatible in-dash display and an iPhone 5, 5C, or 5S connected via a Lightning cable. Rumors of a wireless version of CarPlay persist, but it’s not clear whether these first CarPlay-compatible displays will be able to operate wirelessly when (and if) that capability arrives. Read on Ars Technica | Comments

Link:
Aftermarket CarPlay console coming this fall, costs between $500 and $700

FBI to have 52 million photos in its NGI face recognition database by next year

The EFF Jennifer Lynch is a senior staff attorney with the Electronic Frontier Foundation and works on open government, transparency and privacy issues, including drones, automatic license plate readers and facial recognition. New documents released by the FBI show that the Bureau is well on its way toward its goal of a fully operational face recognition database by this summer. The EFF received these records in response to our Freedom of Information Act lawsuit for information on Next Generation Identification (NGI) —the FBI’s massive biometric database that may hold records on as much as one-third of the US population. The facial recognition component of this database poses real threats to privacy for all Americans. Read 21 remaining paragraphs | Comments

Taken from:
FBI to have 52 million photos in its NGI face recognition database by next year

Here’s how Windows 8.1 Update tries to give you the right UI on any device

The Windows 8.1 Update that introduces a bunch of interface changes to Windows 8.1 is designed to enhance the experience of mouse and keyboard users, but what about the growing number of happy touch users? About 40 percent (and increasing) of PCs available at retail have a touchscreen (compared to just 4 percent when Windows 8 launched), and for the most part, their buyers enjoy how they work. With touch interfaces a growing part of the Windows ecosystem, Microsoft didn’t want to make the touch experience worse. While many desktop users may want their systems to boot straight to the desktop, this is unlikely to be a popular option for tablet users. Touch laptop users could easily go either way. Microsoft’s goal, therefore, was to pick a sensible default based on the kind of system being used. The way the update does this is based on something called the power platform role , a setting found in the computer’s firmware specified by the manufacturer. For Windows PCs, it will typically be “desktop,” “mobile,” or “slate,” for desktops, laptops, and tablets, respectively. Read 9 remaining paragraphs | Comments

Original post:
Here’s how Windows 8.1 Update tries to give you the right UI on any device

NSA used Heartbleed nearly from the start, report claims [Updated]

Citing two anonymous sources “familiar with the matter,” Bloomberg News reports that the National Security Agency has known about Heartbleed, the security flaw in the OpenSSL encryption software used by a majority of websites and a multitude of other pieces of Internet infrastructure, for nearly the entire lifetime of the bug—“at least two years.” The sources told Bloomberg that the NSA regularly used the flaw to collect intelligence information, including obtaining usernames and passwords from targeted sites. As Ars reported on April 9, there have been suspicions that the Heartbleed bug had been exploited prior to the disclosure of the vulnerability on April 5 . A packet capture provided to Ars by Terrence Koeman , a developer based in the Netherlands, shows malformed Transport Security Layer (TSL) Heartbeat requests that bear the hallmarks of a Heartbleed exploit. Koeman said the capture dates to November of last year. But if the NSA has been exploiting Heartbleed for “at least two years,” the agency would have needed to discover it not long after the code for the TLS Heartbeat Extension was added to OpenSSL 1.0.1, which was released on March 14, 2012. The first “beta” source code wasn’t available until January 3, 2012 . Read 2 remaining paragraphs | Comments

See original article:
NSA used Heartbleed nearly from the start, report claims [Updated]

Appeals court reverses hacker/troll “weev” conviction and sentence [Updated]

Self-portrait by Weev A federal appeals court Friday reversed and vacated the conviction and sentence of hacker and Internet troll Andrew “weev” Auernheimer. The case against Auernheimer, who has often been in solitary confinement for obtaining and disclosing personal data of about 140,000 iPad owners from a publicly available AT&T website, was seen as a test case on how far the authorities could go under the Computer Fraud and Abuse Act, the same law that federal prosecutors were invoking against Aaron Swartz. But, in the end, the Third U.S. Circuit Court of Appeals didn’t squarely address the controversial fraud law and instead said Aeurnheimer was charged in the wrong federal court. Read 4 remaining paragraphs | Comments

See the original article here:
Appeals court reverses hacker/troll “weev” conviction and sentence [Updated]

Heartbleed vulnerability may have been exploited months before patch

guthrieinator There’s good news, bad news, and worse news regarding the “Heartbleed” bug that affected nearly two-thirds of the Internet’s servers dependent on SSL encryption. The good news is that many of those servers (well, about a third) have already been patched. And according to analysis by Robert Graham of Errata Security, the bug won’t expose the private encryption key for servers “in most software” (though others have said several web server distributions are vulnerable to giving up the key under certain circumstances.) The bad news is that about 600,000 servers are still vulnerable to attacks exploiting the bug. The worse news is that malicious “bot” software may have been attacking servers with the vulnerability for some time—in at least one case, traces of the attack have been found in audit logs dating back to last November. Attacks based on the exploit could date back even further. Security expert Bruce Schneier calls Heartbleed a catastrophic vulnerability. “On the scale of 1 to 10, this is an 11,” he said in a blog post today. The bug affects how OpenSSL, the most widely used cryptographic library for Apache and nginx Web servers, handles a service of Transport Layer Security called Heartbeat—an extension added to TLS in 2012. Read 9 remaining paragraphs | Comments

Visit site:
Heartbleed vulnerability may have been exploited months before patch

Critical crypto bug exposes Yahoo Mail passwords Russian roulette-style

Mascamon at lb.wikipedia Lest readers think “catastrophic” is too exaggerated a description for the critical defect affecting an estimated two-thirds of the Internet’s Web servers , consider this: at the moment this article was being prepared, the so-called Heartbleed bug was exposing end-user passwords, the contents of confidential e-mails, and other sensitive data belonging to Yahoo Mail and almost certainly countless other services. The two-year-old bug is the result of a mundane coding error in OpenSSL , the world’s most popular code library for implementing HTTPS encryption in websites, e-mail servers, and applications. The result of a missing bounds check in the source code, Heartbleed allows attackers to recover large chunks of private computer memory that handle OpenSSL processes. The leak is the digital equivalent of a grab bag that hackers can blindly reach into over and over simply by sending a series of commands to vulnerable servers. The returned contents could include something as banal as a time stamp, or it could return far more valuable assets such as authentication credentials or even the private key at the heart of a website’s entire cryptographic certificate. Underscoring the urgency of the problem, a conservatively estimated two-thirds of the Internet’s Web servers use OpenSSL to cryptographically prove their legitimacy and to protect passwords and other sensitive data from eavesdropping. Many more e-mail servers and end-user computers rely on OpenSSL to encrypt passwords, e-mail, instant messages, and other sensitive data. OpenSSL developers have released version 1.0.1g that readers should install immediately on any vulnerable machines they maintain. But given the stakes and the time it takes to update millions of servers, the risks remain high. Read 6 remaining paragraphs | Comments

View article:
Critical crypto bug exposes Yahoo Mail passwords Russian roulette-style

Intel expands 10Gbps “Thunderbolt Ethernet” capability to Windows

Thunderbolt 2 is picking up another feature. Chris Foresman If standard gigabit Ethernet isn’t cutting it for you, Intel will soon give you another option: this week at the National Association of Broadcasters (NAB) show in Las Vegas, the company announced a new feature called ” Thunderbolt Networking ” that will soon be available to all PCs with Thunderbolt 2 controllers. The feature, which will be enabled by an upcoming Windows driver update, will “emulat[e] an Ethernet connection environment” and provide a 10Gbps two-way link between two computers connected with a Thunderbolt cable. Since you’ll need to connect the two computers directly to each other, this solution obviously won’t scale as well as real 10Gbps networking equipment. But for now, that hardware remains relatively uncommon and expensive—well outside the price range of individuals and smaller businesses. Thunderbolt Networking is apparently not being enabled for older computers with first-generation Thunderbolt controllers. While the feature will be new to the Windows operating system, the ability to network two Thunderbolt Macs together was introduced back in Mavericks. It doesn’t appear to require Thunderbolt 2 on that platform, though as we experienced , configuring a Thunderbolt Bridge can make for fast but occasionally choppy transfer speeds. That test connected one Thunderbolt 2 Mac to an older model with a first-generation Thunderbolt controller, though—it’s possible that connecting Thunderbolt 2 Macs to each other results in a more stable connection however. This new Windows driver update will enable any two Thunderbolt 2 PCs and Macs to be connected, though to date the Windows laptops, workstations, and motherboards with integrated Thunderbolt 2 controllers have been few and far between. Read on Ars Technica | Comments

Original post:
Intel expands 10Gbps “Thunderbolt Ethernet” capability to Windows