events – Page 291

LastPass Vulnerable To Extremely Simple Phishing Attack

An anonymous reader writes: Security researcher Sean Cassidy has developed a fairly trivial attack on the LastPass password management service that allows attackers an easy method for collecting the victim’s master password. He developed a tool called LostPass that automates phishing attacks against LastPass, and even allows attackers to collect password vaults from the LastPass API. Read more of this story at Slashdot.

Originally posted here:
LastPass Vulnerable To Extremely Simple Phishing Attack

Cryptsy Bitcoin Trader Robbed, Blames Backdoor In the Code of a Wallet

An anonymous reader writes: Cryptsy, a website for trading Bitcoin, Litecoin, and other smaller crypto-currencies, announced a security incident, accusing the developer of Lucky7Coin of stealing 13, 000 Bitcoin and 300, 000 Litecoin, which at today’s rate stands more than $5.7 million / €5.2 million. Cryptsy says “the developer of Lucky7Coin had placed an IRC backdoor into the code of [a] wallet, which allowed it to act as a sort of a Trojan, or command and control unit.” Coincidentally this also explains why two days after the attack was carried out, exactly 300, 000 Litecoin were dumped on the BTC-e exchange, driving Litecoin price down from $9.5 to $2. Read more of this story at Slashdot.

See the original post:
Cryptsy Bitcoin Trader Robbed, Blames Backdoor In the Code of a Wallet

"DDoS-For-Bitcoin" Blackmailers Arrested

An anonymous reader writes: The DDoSing outfit that spawned the trend of “DDoS-for-Bitcoin” has been arrested by Europol in Bosnia Herzegovina last month. DD4BC first appeared in September 2015, when Akamai blew the lid on their activities. Since then almost any script kiddie that can launch DDoS attacks has followed their business model by blackmailing companies for Bitcoin. Read more of this story at Slashdot.

EU Companies Can Monitor Employees’ Private Conversations While At Work

An anonymous reader writes: A recent ruling of the European Court of Human Rights has granted EU companies the right to monitor and log private conversations that employees have at work while using the employer’s devices. The ruling came after a Romanian was fired for using Yahoo Messenger back in 2007, while at work, to have private conversations with his girlfriend. He argued that his employer was breaking his right for privacy and correspondence. Both Romanian and European courts disagreed. Read more of this story at Slashdot.

Excerpt from:
EU Companies Can Monitor Employees’ Private Conversations While At Work

Graphene Flakes Facilitate Neuromorphic Chips

An anonymous reader writes: One of the hot areas of semiconductor research right now is the creation of so-called neuromorphic chips — processors whose transistors are networked in such a way to imitate how neurons interact. “One way of building such transistors is to construct them of lasers that rely on an encoding approach called “spiking.” Depending on the input, the laser will either provide a brief spike in its output of photons or not respond at all. Instead of using the on or off state of the transistor to represent the 1s and 0s of digital data, these neural transistors rely on the time intervals between spikes.” Now, research published in Nature Scientific Reports has shown how to stabilize these laser spikes, so that they’re responsive at picosecond intervals. “The team achieved this by placing a tiny piece of graphene inside a semiconductor laser. The graphene acts as a ‘saturable absorber, ‘ soaking up photons and then emitting them in a quick burst. Graphene, it turns out, makes a good saturable absorber because it can take up and release a lot of photons extremely fast, and it works at any wavelength; so lasers emitting different colors could be used simultaneously, without interfering with each other—speeding processing.” Read more of this story at Slashdot.

View article:
Graphene Flakes Facilitate Neuromorphic Chips

Trend Micro Flaw Could Have Allowed Attacker To Steal All Passwords

itwbennett writes: Trend Micro has released an automatic update fixing the problems in its antivirus product that Google security engineer Tavis Ormandy discovered could allow “anyone on the internet [to] steal all of your passwords completely silently, as well as execute arbitrary code with zero user interaction.” The password manager in Trend’s antivirus product is written in JavaScript and opens up multiple HTTP remote procedure call ports to handle API requests, Ormandy wrote. Ormandy says it took him 30 seconds to find one that would accept remote code. He also found an API that allowed him to access passwords stored in the manager. This is just the latest in a string of serious vulnerabilities that have been found in antivirus products in the last seven months. Read more of this story at Slashdot.

See the original article here:
Trend Micro Flaw Could Have Allowed Attacker To Steal All Passwords

BBC Confirms 50% Bitrate Savings For H.265/HEVC Vs H.264/AVC

An anonymous reader writes: A research team from the BBC has done a series of tests to confirm earlier computations showing a ~50% savings in bit rate for H.265/HEVC compared to video using H.264/AVC at comparable quality. “The subjective tests used a carefully selected set of coded video sequences at four different picture sizes: UHD (3840×2160 and 4096×2048), 1080p (1920×1080), 720p (1280×720) and 480p (832×480), at frame rates of 30Hz, 50Hz, or 60Hz. The video content was chosen to represent diverse spatial and temporal characteristics, and then coded using HEVC and AVC standards at a wide span of bit rates producing a variety of quality levels.” Here is the full published analysis. “The tests confirmed the significant compression efficiency improvements achieved in HEVC, verifying the results previously reported using objective quality metrics (PSNR based methods).” The team did not test against VP9, which is shaping up to be an impressive standard as well. Read more of this story at Slashdot.

Visit site:
BBC Confirms 50% Bitrate Savings For H.265/HEVC Vs H.264/AVC

Questions Linger As Juniper Removes Suspicious Dual_EC Algorithm

msm1267 writes: Juniper Networks has removed the backdoored Dual_EC DRBG algorithm from its ScreenOS operating system, but new developments show Juniper deployed Dual_EC long after it was known to be backdoored. Stephen Checkoway, assistant professor of computer science at the University of Illinois at Chicago, said that he and a number of crypto experts looked at dozens of versions of Juniper’s NetScreen firewalls and learned that ANSI X9.31 was used exclusively until ScreenOS 6.2 when Juniper added Dual_EC. It also changed the size of the nonce used with ANSI X9.31 from 20 bytes to 32 bytes for Dual_EC, giving an attacker the necessary output to predict the PRNG output. ‘And at the same time, Juniper introduced what was just a bizarre bug that caused the ANSI generator to never be used and instead just use the output of Dual_EC. They made all of these changes in the same version update.’ Read more of this story at Slashdot.

More here:
Questions Linger As Juniper Removes Suspicious Dual_EC Algorithm

Watch An Apple IIgs Boot Over 20 Years After It Was Last Turned Off

Digital archeology is one of my favorite blog post forms. An avid X user from 198X resurrects an old system that he or she had used to create something amazing/build a business/write a game/or generally hack around. The resulting material – photos, video, and commentary – are priceless. Today we bring you Quinn Dunki has post a truly amazing look inside her Apple IIgs and a passel… Read More

Continued here:
Watch An Apple IIgs Boot Over 20 Years After It Was Last Turned Off

Linux Kernel 4.4 LTS Officially Released

prisoninmate writes: January 10, 2016, will enter in the Linux history books as the day when the Linux kernel 4.4 LTS (Long-Term Support) has been officially released by Linus Torvalds and his team of hard working kernel developers. Prominent features of Linux kernel 4.4 LTS include 3D support in the virtual GPU driver, allowing for 3D hardware-accelerated graphics in virtualization guests, a leaner and faster loop device that supports Asynchronous I/O and Direct I/O, thus increasing the system’s performance and saving memory, and support for Open-Channel Solid State Drives (SSDs) through LightNVM. Phoronix also took a look during the newest kernel’s development cycle, and has an overview of 4.4’s new features. Read more of this story at Slashdot.

See the original post:
Linux Kernel 4.4 LTS Officially Released

Ken May

Tag: events