portfolio-cond – Page 21

Now you can easily send (free!) encrypted messages between Android, iOS

On Monday, Open Whisper Systems announced the release of Signal 2.0 , the second version of its app for iOS. What makes this latest release special is that it allows users to send end-to-end encrypted messages, for free, to users of Redphone and TextSecure, Android apps supported by Open Whisper Systems that encrypt calling and text messages, respectively. Previously, this kind of cross-platform secure messaging cost money in the form of a monthly subscription fee that both the sender and the receiver of the message had to pay. (Or, encrypting messages cost considerable time and effort to implement without a dedicated app.) Signal and its Android counterpart TextSecure are unique in that they use forward encryption, which generates temporary keys for each message, but still allow asynchronous messaging through the use of push notifications and “prekeys.” Ars reported on the implementation details in 2013 . Open Whisper Systems has pulled ahead of other privacy apps by making its interface easy for a person who doesn’t know too much about encryption to use. It’s also open source, so it can be vetted by experts, and its open encryption protocol can be adopted by other messaging apps. In fact, last November, messaging platform Whatsapp deployed Open Whisper Systems’ protocol for its 500 million Android users . Still, until now communicating with iOS users from an Android phone has been much more challenging. Read 4 remaining paragraphs | Comments

See the original article here:
Now you can easily send (free!) encrypted messages between Android, iOS

In major goof, Uber stored sensitive database key on public GitHub page

Uber is trying to force GitHub to disclose the IP address of every person that accessed a webpage connected to a database intrusion that exposed sensitive personal data for 50,000 drivers. The court action revealed that a security key unlocking the database was stored on a publicly accessible place, the online equivalent of stashing a house key under a doormat. Uber officials have yet to say precisely what information was contained in the two now-unavailable GitHub gists . But in a lawsuit filed Friday against the unknown John Doe intruders, Uber lawyers said the URLs contained a security key that allowed unauthorized access to the names and driver’s license numbers of about 50,000 Uber drivers . The ride-sharing service disclosed the breach on Friday, more than two months after it was discovered. “The contents of these internal database files are closely guarded by Uber,” the complaint stated. “Accessing them from Uber’s protected computers requires a unique security key that is not intended to be available to anyone other than certain Uber employees, and no one outside of Uber is authorized to access the files. On or around May 12, 2014, from an IP address not associated with an Uber employee and otherwise unknown to Uber, John Doe I used the unique security key to download Uber database files containing confidential and proprietary information from Uber’s protected computers.” Read 3 remaining paragraphs | Comments

More:
In major goof, Uber stored sensitive database key on public GitHub page

Hands-on with the fastest LTE network in Europe: 400Mbps down, 45Mbps up

LONDON—Today, I got to play around with Europe’s (and probably the world’s) fastest LTE network: when I opened up Speedtest.net, depending on how many people were standing in the room, my download speed was between 350 and 400Mbps, my upload speed was around 45Mbps, and my ping latency was just 20ms. Funny enough, beyond Speedtest.net, it is actually quite hard to use 400Mbps of bandwidth. When I loaded up a 4K video from YouTube, I only used around 40Mbps, or 10 percent, of my wireless uber-pipe. Ars Technica certainly loaded very quickly indeed. As it stands today, there are very few websites or services that will let you pull data down at 400Mbps, or where being able to download at 400Mbps even makes much sense. If we’ve learned anything from the last few decades of telecoms and networking, however, it’s that Internet usage will always expand until every last inch of available bandwidth is consumed. So while 400Mbps might seem a little bit over the top today, in five years you’ll probably wonder how you ever survived with anything less. For some background, I had a 400Mbps LTE connection at my disposal because I had been invited to Wembley Stadium in London to try out the first deployment of Category 9 LTE in the UK. It was a “live” deployment in that it used commercially available hardware, but it was still very much a tech demo—the Cat 9 base station only covered a small portion of the stadium, and there were only a handful of devices in the world configured to connect to this specific LTE network. The LTE network was operated by EE (one of the UK’s big four wireless carriers), the LTE base station was made by Huawei, and the mobile device that I used was a smartphone powered by the Qualcomm Snapdragon 810 SoC . Read 4 remaining paragraphs | Comments

Verizon issues furious response to FCC, in Morse code, dated 1934

Verizon is just so mad at the Federal Communications Commission today that a normal press release wouldn’t do. After all, Verizon issues so many press releases denouncing the FCC for trying to regulate telecommunications that today’s vote on net neutrality required a special one to make sure it would be remembered. So Verizon wrote it in Morse code and set the date as “1934” to make the point that the FCC is taking us backward in time. Verizon sent out the press release in this e-mail: Read 6 remaining paragraphs | Comments

Link:
Verizon issues furious response to FCC, in Morse code, dated 1934

Intel forges ahead to 10nm, will move away from silicon at 7nm

This week at the 2015 International Solid-State Circuits Conference (ISSCC), Intel will provide an update on its new 10nm manufacturing process and new research on how it’s maintaining the march of Moore’s law to 7nm and beyond. The first chips based on Intel’s new 10nm process are expected in late 2016/early 2017, and the company says it’s hoping to avoid the delays that haunted the belabored release of 14nm Broadwell. To hit 7nm, Intel says new materials will be required—as in, it looks like 10nm will finally be the end of the road for silicon. The most likely replacement for silicon is a III-V semiconductor such as indium gallium arsenide (InGaAs), though Intel hasn’t provided any specific details yet. ISSCC 2015, being held in San Francisco this week, is where all the big players in silicon (Intel, Samsung, TSMC, IBM, etc.) meet to talk about their latest manufacturing processes and how they might go about overcoming the current barriers to smaller, faster, and denser computer chips. It’s not unusual for Intel to have one of the largest presences at the conference, and this year is no different: it will be presenting three papers on its 14nm technology, hosting sessions on a variety of topics, and Mark Bohr—one of Intel’s most esteemed researchers—will be sitting on a panel that discusses Moore’s law beyond 10nm. The steady march of new CMOS processes driving ever smaller transistors. Intel Read 4 remaining paragraphs | Comments

Taken from:
Intel forges ahead to 10nm, will move away from silicon at 7nm

If you skipped Windows 8, here’s some new stuff you get with Windows 10

It’s a shame that Windows 8’s interface was so divisive. The UI dominated the conversation around the OS to the extent that its other, subtler changes got buried. People who stuck with Windows 7 never saw these updates at all. Windows 10, as we’ve covered, is Microsoft’s effort to repackage Windows 8’s improvements in a way that will be more appealing to Windows 7 loyalists. As if to drive that point home, Microsoft is giving current Windows 7 users a whole year after launch to hop on the Windows 10 train at no charge . Microsoft has made a bunch of changes to Windows in the last two years that have nothing to do with the new user interface. This list doesn’t have anything new on it, but if you’re still running Windows 7 and you decide to upgrade to Windows 10, it’ll be new to you, and you’ll get to use it all without having to figure out how to live life without a Start menu. (If you’re interested in seeing some of the UI stuff that you’ll be sidestepping, ZDNet’s Ed Bott recently published this piece about Windows 8 features that got cut from Windows 10). Read 27 remaining paragraphs | Comments

Read the article:
If you skipped Windows 8, here’s some new stuff you get with Windows 10

Password cracking experts decipher elusive Equation Group crypto hash

Unraveling a mystery that eluded the researchers analyzing the highly advanced Equation Group the world learned about Monday, password crackers have deciphered a cryptographic hash buried in one of the hacking crew’s exploits. It’s Arabic for “unregistered.” Researchers for Moscow-based Kaspersky Lab spent more than two weeks trying to crack the MD5 hash using a computer that tried more than 300 billion plaintext guesses every second. After coming up empty-handed, they enlisted the help of password-cracking experts, both privately and on Twitter , in hopes they would do better. Password crackers Jens Steube and Philipp Schmidt spent only a few hours before figuring out the plaintext behind the hash e6d290a03b70cfa5d4451da444bdea39 was غير مسجل, which is Arabic for “unregistered”. The hex-encoded string for the same Arabic word is dbedd120e3d3cce1. “That was a shock when it popped up and said ‘cracked,'” Steube told Ars Monday evening. He is the developer behind the free Hashcat password-cracking programs and an expert in password cracking. Read 6 remaining paragraphs | Comments

Apple increases the maximum size of iOS app binaries for the first time ever

For the first time since the introduction of the App Store in 2008 , Apple is increasing the maximum size of the app binaries that developers can upload to iTunes Connect. The company announced today that the cap would increase from 2GB to 4GB , though this doesn’t affect the 100MB limit imposed on apps downloaded on cellular networks. iOS app binaries contain both the executable file and all of the images, sounds, and other assets that the app needs—everything from icons to splash screens to UI is all included in one big file. Because of how they’re packaged, these binaries can get rather large. Binaries include all the assets for all the devices they support. If you’re shipping a universal app that supports all iOS 8 devices, for example, you’ve got Retina iPhone assets, Retina and non-Retina iPad assets, and special “3x” assets specifically for the iPhone 6 Plus (Apple’s got a table here ). Universal apps include all of those assets, and the binary you download from the App Store is the same whether you’ve got an old iPhone 4S or a brand-new iPad Air 2. If you’re running on an iPhone, for example, a universal binary will still contain assets for other iPhones and iPads, increasing the amount of space the app needs even though some of those extra assets aren’t needed for your device. Xcode 6 partially supports vector graphics to ease the developer burden of maintaining and generating all these assets, but they’re still stored as PNG files when the binary is built and uploaded. Read 1 remaining paragraphs | Comments

15-year-old bug allows malicious code execution in all versions of Windows

Microsoft just patched a 15-year-old bug that in some cases allows attackers to take complete control of PCs running all supported versions of Windows. The critical vulnerability will remain unpatched in Windows 2003, leaving that version wide open for the remaining five months Microsoft pledged to continue supporting it. The flaw, which took Microsoft more than 12 months to fix, affects all users who connect to business, corporate, or government networks using the Active Directory service. The database is built into Windows and acts as a combination traffic cop and security guard, granting specific privileges to authorized users and mapping where on a local network various resources are available. The bug—which Microsoft classifies as MS15-011 and the researcher who first reported it calls Jasbug—allows attackers who are in a position to monitor traffic passing between the user and the Active Directory network to launch a man-in-the-middle exploit that executes malicious code on vulnerable machines. “All computers and devices that are members of a corporate Active Directory may be at risk,” warned a blog post published Tuesday by JAS Global Advisors, the firm that reported the bug to Microsoft in January 2014. “The vulnerability is remotely exploitable and may grant the attacker administrator-level privileges on the target machine/device. Roaming machines—Active Directory member devices that connect to corporate networks via the public Internet (possibly over a Virtual Private Network (VPN))—are at heightened risk.” Read 4 remaining paragraphs | Comments

View post:
15-year-old bug allows malicious code execution in all versions of Windows

Google announces SPDY’s coming demise as HTTP/2 approaches

A little over five years ago, Google unveiled SPDY, a new protocol that it positioned as a more secure, better-performing replacement for hypertext transfer protocol (HTTP), the communication protocol on which the Web is built. Today the company announced that it would soon be removing SPDY support from Chrome. That’s because the Internet Engineering Task Force (IETF) has been working to update HTTP to produce HTTP/2, an updated revision of a protocol that has not seen any major changes since its introduction in the early 1990s. SPDY’s major goals were to reduce latency and improve security. To reduce latency, it included support for multiplexing—making multiple requests and responses over a single connection, with prioritization for different requests—and for security, it makes the use of TLS compulsory. Read 2 remaining paragraphs | Comments

Continued here:
Google announces SPDY’s coming demise as HTTP/2 approaches

Ken May

Tag: portfolio-cond