Tag: digest

Google making the Web faster with protocol that reduces round trips

Can Google’s QUIC be faster than Mega Man’s nemesis, Quick Man? Josh Miller Google, as is its wont, is always trying to make the World Wide Web go faster. To that end, Google in 2009 unveiled SPDY , a networking protocol that reduces latency and is now being built into HTTP 2.0. SPDY is now supported by Chrome, Firefox, Opera, and the upcoming Internet Explorer 11 . But SPDY isn’t enough. Yesterday, Google released a boatload of information about its next protocol, one that could reshape how the Web routes traffic. QUIC—standing for Quick UDP Internet Connections—was created to reduce the number of round trips data makes as it traverses the Internet in order to load stuff into your browser. Although it is still in its early stages, Google is going to start testing the protocol on a “small percentage” of Chrome users who use the development or canary versions of the browser—the experimental versions that often contain features not stable enough for everyone. QUIC has been built into these test versions of Chrome and into Google’s servers. The client and server implementations are open source, just as Chromium is. Read 11 remaining paragraphs | Comments

Original post:
Google making the Web faster with protocol that reduces round trips

Password complexity rules more annoying, less effective than lengthy ones

Few Internet frustrations are so familiar as the password restriction . After creating a few (dozen) logins for all our Web presences, the use of symbols, mixed cases, and numbers seems less like a security measure and more like a torture device when it comes to remembering a complex password on a little-used site. But at least that variety of characters keeps you safe, right? As it turns out, there is some contrary research that supports both how frustrating these restrictions are and suggests it’s possible that the positive effect of complexity rules on security may not be as great as long length requirements. Let’s preface this with a reminder: the conventional wisdom is that complexity trumps length every time, and this notion is overwhelmingly true. Every security expert will tell you that “Supercalifragilistic” is less secure than “gj7B!!!bhrdc.” Few password creation schemes will render any password uncrackable, but in general, length does less to guard against crackability than complexity. A password is not immune from cracking simply by virtue of being long—44,991 passwords recovered from a dump of LinkedIn hashes last year were 16 characters or more. The research we describe below refers specifically to the effects of restrictions placed by administrators on password construction on their crackability. By no means does it suggest that a long password is, by default, more secure than a complex one. Read 13 remaining paragraphs | Comments

Continue reading here:
Password complexity rules more annoying, less effective than lengthy ones

Attackers sign malware using crypto certificate stolen from Opera Software

Alan Cleaver Hackers penetrated network servers belonging to Opera Software, stole at least one digital certificate, and then used it to distribute malware that incorrectly appeared to be published by the browser maker. The attack was uncovered, halted, and contained on June 19, according to a short advisory  that Opera published Wednesday morning. While administrators have cleaned the system and have yet to find any evidence of any user data being compromised, the breach still had some troubling consequences. “The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware,” Wednesday’s advisory stated. “This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software or appears to be the Opera browser. It is possible that a few thousand Windows users, who were using Opera between June 19 from 1.00 and 1.36 UTC , may automatically have received and installed the malicious software.” Read 3 remaining paragraphs | Comments

Original post:
Attackers sign malware using crypto certificate stolen from Opera Software

Microsoft, like Google, asks secret court if it can publish data sharing total

In a new legal filing made public on Wednesday, Microsoft submitted a motion (PDF) to the notoriously secretive Foreign Intelligence Surveillance Court (FISC) saying that the company “continues to seek—to correct the misimpression, furthered by such inaccurate media reporting, that it provides the United States Government with direct access to its servers and network infrastructure and, thereby, indiscriminately discloses Microsoft users’ information to the Government.” The filing was submitted on June 19, 2013, just one day after Google’s similar motion . Like Google, Microsoft said it “seeks to report aggregate information about [Foreign Intelligence Surveillance Act] orders and [FISA Amendments Act] directives separately from all other local, state, and federal law enforcement demands.” Tech companies are presumably attempting to get FISC to allow them to release this information so that they can show there isn’t a hand-in-glove relationship between these corporations and the federal government. Read 2 remaining paragraphs | Comments

Read More:
Microsoft, like Google, asks secret court if it can publish data sharing total

Can Apple read your iMessages? Ars deciphers “end-to-end” crypto claims

Aurich Lawson Ever since the National Security Agency’s secret surveillance program came to light three weeks ago, implicated companies have issued carefully worded statements denying that government snoops have direct or wholesale access to e-mail and other sensitive customer data. The most strenuous denial came 10 days ago, when Apple said it took pains to protect personal information stored on its servers , in many cases by not collecting it in the first place. “For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them,” company officials wrote . “Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.” Some cryptographers and civil liberties advocates have chafed at the claim that even Apple is unable to bypass the end-to-end encryption protecting them. After all, Apple controls the password-based authentication system that locks and unlocks customer data. More subtly, but no less important, cryptographic protections are highly nuanced things that involve huge numbers of moving parts. Choices about the types of keys that are used, the ways they’re distributed, and the specific data that is and isn’t encrypted have a huge effect on precisely what data is and isn’t protected and under what circumstances. Read 15 remaining paragraphs | Comments

View post:
Can Apple read your iMessages? Ars deciphers “end-to-end” crypto claims

Hands-on with Windows 8.1 Preview: Windows 8 done right

Late last month, Microsoft announced a raft of interface changes that Windows 8.1 would introduce. We’ve been giving them a spin. As you might guess from the name, Windows 8.1 is an update to (and improvement on) Windows 8. The new user interface introduced in that operating system—the Start screen, touch-friendly “Modern” apps, the charms bar—is retained in Windows 8.1. What we see is a refinement and streamlining of these concepts. The new Start screen is a pleasing evolution of the old one. The differences are visible as soon as you log in. In 8.1, the Start screen offers a lot more flexibility over layout and tile sizing. By default, the Weather tile takes advantage of this, using a new double-height tile size to show the forecasts for both today and tomorrow, in addition to the current conditions. Read 22 remaining paragraphs | Comments

Visit site:
Hands-on with Windows 8.1 Preview: Windows 8 done right

Vast majority of malware attacks spawned from legit sites

Google The vast majority of sites that push malware on their visitors are legitimate online services that have been hacked as opposed to those hosted by attackers for the purposes of distributing malicious software, Google security researchers said Tuesday. The data, included for the first time as part of the safe browsing section of Google’s regular transparency report, further challenges the myth that malware attacks happen only on disreputable sites, such as those that peddle porn, illicit software (“warez”), and similar content. For instance, on June 9 only 3,891 of the sites Google blocked as part of its Safe Browsing program were dedicated malware sites, while the remaining 39,247 sites that were filtered offered legitimate services that had been compromised. In all, Google blocks about 10,000 sites per day as part of the program, which is designed to help people using Firefox, Chrome, and other participating browsers to steer clear of phishing scams and drive-by malware attacks. The program is also designed to inform webmasters of infections hitting their site and to take steps to fix the problems. In all, the Safe Browsing program helps protect about 1 billion people per day. Read 2 remaining paragraphs | Comments

View article:
Vast majority of malware attacks spawned from legit sites

Stow it no more: FAA easing ban on electronics during takeoff, landing

The words “please stow all electronic devices” may soon disappear from the scripts of flight attendants. The Federal Aviation Administration (FAA) is poised to lift its ban on the use of electronic devices aboard airline flights at elevations under 10,000 feet. It would also allow the use of e-readers, iPods, tablets, and phones in “airplane” mode even during take-offs and landings. The Wall Street Journal reports that the FAA is circulating a draft set of recommendations from an advisory panel that recommends relaxing the bans. Cell phone calls during flight would still be banned. T he report acknowledges that technology has changed dramatically since the FAA originally placed the ban on electronic devices during takeoff and landing back in the 1960s, when there were valid concerns about interference to aircraft communications from personal radios and other electronics.  The panel also admitted that having airlines each evaluate the safety of individual electronic devices before allowing them to be left on at low altitude “has become untenable.” Passengers are widely ignoring the ban already, and the FAA advisory panel’s report cited research that showed a third of airline passengers had “accidentally” left a device turned on for entire flights at least once. An FAA spokeswoman sent a statement to the Wall Street Journal that said that the FAA “recognizes consumers are intensely interested in the use of personal electronics aboard aircraft. That is why we tasked a government-industry group to examine the safety issues and the feasibility of changing the current restrictions. At the group’s request, the FAA has granted the two-month extension to complete the additional work necessary for the safety assessment.” Read on Ars Technica | Comments

View article:
Stow it no more: FAA easing ban on electronics during takeoff, landing

How OS X “Mavericks” works its power-saving magic

Apple execs talk up the new features in OS X Mavericks. At yesterday’s Worldwide Developer Conference (WWDC) keynote, Apple made some bold claims about the future of battery life in its laptops. A new 13-inch Macbook Air, for instance, should now run a full 12 hours on a single charge , up from 7 in the previous model. Assuming that testing bears out Apple’s numbers, how did the company do it? The obvious part of the answer is “Haswell”—but that turns out to be only part of the story. The power efficiency gains found in Intel’s new Haswell CPUs should provide modest gains in battery life, and such gains were widely expected. Back in January, Intel claimed that the new Haswell CPUs featured the “largest generation-to-generation battery life increase in the history of Intel” and said that the chips were the first of its architectures designed “from the ground up” for Ultrabooks and tablets. The new chips run at lower clockspeeds and at lower wattages. Less expected was the announcement of OS X 10.9 “Mavericks” and its own focus on mobile power usage. While Apple made a few comments during the keynote about the new technologies meant to enable longer battery life, more information appeared later in the day with the separate release of a Core Technology Overview (PDF) document that offers a high-level look at some of the Mavericks internals. Read 11 remaining paragraphs | Comments

View original post here:
How OS X “Mavericks” works its power-saving magic