linux – Page 129

81% of Tor Users Can Be De-anonymized By Analysing Router Information

An anonymous reader writes A former researcher at Columbia University’s Network Security Lab has conducted research since 2008 indicating that traffic flow software included in network routers, notably Cisco’s ‘Netflow’ package, can be exploited to deanonymize 81.4% of Tor clients. Professor Sambuddho Chakravarty, currently researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology, uses a technique which injects a repeating traffic pattern into the TCP connection associated with an exit node, and then compares subsequent aberrations in network timing with the traffic flow records generated by Netflow (or equivalent packages from other router manufacturers) to individuate the ‘victim’ client. In laboratory conditions the success rate of this traffic analysis attack is 100%, with network noise and variations reducing efficiency to 81% in a live Tor environment. Chakravarty says: ‘it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods [] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection.’ Read more of this story at Slashdot.

More:
81% of Tor Users Can Be De-anonymized By Analysing Router Information

Ubisoft Points Finger At AMD For Assassin’s Creed Unity Poor Performance

MojoKid (1002251) writes “Life is hard when you’re a AAA publisher. Last month, Ubisoft blamed weak console hardware for the troubles it had bringing Assassin’s Creed Unity up to speed, claiming that it could’ve hit 100 FPS but for weak console CPUs. Now, in the wake of the game’s disastrous launch, the company has changed tactics — suddenly, all of this is AMD’s fault. An official company forum post currently reads: “We are aware that the graphics performance of Assassin’s Creed Unity on PC may be adversely affected by certain AMD CPU and GPU configurations. This should not affect the vast majority of PC players, but rest assured that AMD and Ubisoft are continuing to work together closely to resolve the issue, and will provide more information as soon as it is available.” There are multiple problems with this assessment. First, there’s no equivalent Nvidia-centric post on the main forum, and no mention of the fact that if you own an Nvidia card of any vintage but a GTX 970 or 980, you’re going to see less-than ideal performance. According to sources, the problem with Assassin’s Creed Unity is that the game is issuing tens of thousands of draw calls — up to 50, 000 and beyond, in some cases. This is precisely the kind of operation that Mantle and DirectX 12 are designed to handle, but DirectX 11, even 11.2, isn’t capable of efficiently processing that many calls at once. It’s a fundamental limit of the API and it kicks in harshly in ways that adding more CPU cores simply can’t help with. Read more of this story at Slashdot.

Researchers Forecast the Spread of Diseases Using Wikipedia

An anonymous reader writes Scientists from Los Alamos National Laboratory have used Wikipedia logs as a data source for forecasting disease spread. The team was able to successfully monitor influenza in the United States, Poland, Japan, and Thailand, dengue fever in Brazil and Thailand, and tuberculosis in China and Thailand. The team was also able to forecast all but one of these, tuberculosis in China, at least 28 days in advance. Read more of this story at Slashdot.

See the original post:
Researchers Forecast the Spread of Diseases Using Wikipedia

Researchers Demonstrate Electrically Activated Micro-Muscles

mpicpp sends news of research at the University of Michigan in which a self-assembling chain of particles can be used as tiny, electrically-activated muscles. The team started with particles similar to those found in paint, with diameters of about a hundredth the width of a strand of hair. They stretched these particles into football shapes and coated one side of each football with gold. The gilded halves attracted one another in slightly salty water—ideally about half the salt concentration in the sports drink Powerade. The more salt in the water, the stronger the attraction. Left to their own devices, the particles formed short chains of overlapping pairs, averaging around 50 or 60 particles to a chain. When exposed to an alternating electric field, the chains seemed to add new particles indefinitely. But the real excitement was in the way that the chains stretched. … While the force generated by the fibers is about 1, 000 times weaker than human muscle tissue per unit area, it may be enough for microbots. Read more of this story at Slashdot.

More here:
Researchers Demonstrate Electrically Activated Micro-Muscles

Tor Project Mulls How Feds Took Down Hidden Websites

HughPickens.com writes: Jeremy Kirk writes at PC World that in the aftermath of U.S. and European law enforcement shutting down more than 400 websites (including Silk Road 2.0) which used technology that hides their true IP addresses, Tor users are asking: How did they locate the hidden services? “The first and most obvious explanation is that the operators of these hidden services failed to use adequate operational security, ” writes Andrew Lewman, the Tor project’s executive director. For example, there are reports of one of the websites being infiltrated by undercover agents and one affidavit states various operational security errors.” Another explanation is exploitation of common web bugs like SQL injections or RFIs (remote file inclusions). Many of those websites were likely quickly-coded e-shops with a big attack surface. Exploitable bugs in web applications are a common problem says Lewman adding that there are also ways to link transactions and deanonymize Bitcoin clients even if they use Tor. “Maybe the seized hidden services were running Bitcoin clients themselves and were victims of similar attacks.” However the number of takedowns and the fact that Tor relays were seized could also mean that the Tor network was attacked to reveal the location of those hidden services. “Over the past few years, researchers have discovered various attacks on the Tor network. We’ve implemented some defenses against these attacks (PDF), but these defenses do not solve all known issues and there may even be attacks unknown to us.” Another possible Tor attack vector could be the Guard Discovery attack. The guard node is the only node in the whole network that knows the actual IP address of the hidden service so if the attacker manages to compromise the guard node or somehow obtain access to it, she can launch a traffic confirmation attack to learn the identity of the hidden service. “We’ve been discussing various solutions to the guard discovery attack for the past many months but it’s not an easy problem to fix properly. Help and feedback on the proposed designs is appreciated.” According to Lewman, the task of hiding the location of low-latency web services is a very hard problem and we still don’t know how to do it correctly. It seems that there are various issues that none of the current anonymous publishing designs have really solved. “In a way, it’s even surprising that hidden services have survived so far. The attention they have received is minimal compared to their social value and compared to the size and determination of their adversaries.” Read more of this story at Slashdot.

Read the original:
Tor Project Mulls How Feds Took Down Hidden Websites

Multi-Process Comes To Firefox Nightly, 64-bit Firefox For Windows ‘Soon’

An anonymous reader writes with word that the Mozilla project has made two announcements that should make hardcore Firefox users very happy. The first is that multi-process support is landing in Firefox Nightly, and the second is that 64-bit Firefox is finally coming to Windows. The features are a big deal on their own, but together they show Mozilla’s commitment to the desktop version of Firefox as they both improve performance and security. The news is part of a slew of unveilings from the company on the browser’s 10th anniversary — including new Firefox features and the debut of Firefox Developer Edition. Read more of this story at Slashdot.

Read this article:
Multi-Process Comes To Firefox Nightly, 64-bit Firefox For Windows ‘Soon’

Apple Releases iMessage Deregistration Utility

tlhIngan writes When moving from an iPhone to something else, if you were an avid user of iMessage, you may find your messages missing, especially from iOS-using friends. Indeed, it has been such a problem that there are even lawsuits about it. While Apple has maintained that users can always switch off iMessage, that only works if you still have your iOS device. Unless one also has other iOS devices or a Mac, they may not even realize their friends have been sending messages that are queued up on Apple’s services via iMessage. Well, that problem has been resolved with Apple creating a deregistration utility to remove your phone number from the iMessage servers so friends will no longer send you texts via iMessage that you can no longer receive. It’s a two-step process involving proof of number ownership (via regular SMS) before deregistration takes place. Read more of this story at Slashdot.

Originally posted here:
Apple Releases iMessage Deregistration Utility

Pitivi Video Editor Surpasses 50% Crowdfunding Goal, Releases Version 0.94

kxra writes With the latest developments, Pitivi is proving to truly be a promising libre video editor for GNU distributions as well as a serious contender for bringing libre video production up to par with its proprietary counterparts. Since launching a beautifully well-organized crowdfunding campaign (as covered here previously), the team has raised over half of their 35, 000 € goal to pay for full-time development and has entered “beta” status for version 1.0. They’ve released two versions, 0.94 (release notes) being the most recent, which have brought full MPEG-TS/AVCHD support, porting to Python 3, lots of UX improvements, and—of course—lots and lots of bug fixes. The next release (0.95) will run on top of Non Linear Engine, a refined and incredibly more robust backend Pitivi developers have produced to replace GNonLin and bring Pitivi closer to the rock-solid stability needed for the final 1.0 release. Read more of this story at Slashdot.

Continue reading here:
Pitivi Video Editor Surpasses 50% Crowdfunding Goal, Releases Version 0.94

Dealer-Installed GPS Tracker Leads To Kidnapper’s Arrest in Maryland

New submitter FarnsworthG writes A news story about the capture of a kidnapper mentioned that he was caught because a car dealer had secretly installed a GPS device on his car. Apparently this is becoming common for “buy-here-pay-here” dealers. The devices are sold by Spireon, among many others. Raises interesting privacy questions. FarnsworthG also points to this Jalopnik article condemning the practice, when it’s done without disclosure. The kidnapping itself, of Philadelphia nursing assistant Carlesha Freeland-Gaither, was captured by a surveillance camera. Read more of this story at Slashdot.

British Spies Are Free To Target Lawyers and Journalists

Advocatus Diaboli writes British spies have been granted the authority to secretly eavesdrop on legally privileged attorney-client communications, according to newly released documents. On Thursday, a series of previously classified policies confirmed for the first time that the U.K.’s top surveillance agency Government Communications Headquarters has advised its employees: “You may in principle target the communications of lawyers.” The country’s other major security and intelligence agencies—MI5 and MI6—have adopted similar policies, the documents show. The guidelines also appear to permit surveillance of journalists and others deemed to work in “sensitive professions.” Read more of this story at Slashdot.

More here:
British Spies Are Free To Target Lawyers and Journalists

Ken May

Tag: linux