Tag: production

Man beats child porn rap by proving unintentional downloading

Every day, the popular uTorrent client is used by the masses to legally or illegally download all manner of torrent files. With that comes the risk of computer infections or a lawsuit from a copyright holder. A suburban Illinois man got way more than what he bargained for after the history buff downloaded files on World War II ordnance. What 40-year-old Wocjciech Florczykowski of Schaumburg got in 2011 was an extreme visit from the FBI and ultimately a charge of child-porn possession. “The FBI descended on his home with bomb-sniffing dogs and a diffusing team and the whole shebang,” his attorney, Lawrence Lykowski, told Ars on Friday. Read 10 remaining paragraphs | Comments

See the original article here:
Man beats child porn rap by proving unintentional downloading

TrueCrypt security audit is good news, so why all the glum faces?

The ongoing audit of the TrueCrypt whole-disk encryption tool used by millions of privacy and security enthusiasts has reached an important milestone—a detailed review of its cryptographic underpinnings that found no backdoors or fatal flaws. The 21-page Open Cryptographic review published Thursday uncovered four vulnerabilities, the most serious of which involved the use of a Windows programming interface to generate random numbers used by cryptographic keys. While that’s a flaw that cryptographers say should be fixed, there’s no immediate indication that the bug undermines the core security promise of TrueCrypt. To exploit it and the other bugs, attackers would most likely have to compromise the computer running the crypto program. None of the vulnerabilities appear to allow the leaking of plaintext or secret key material or allow attackers to use malformed inputs to subvert TrueCrypt. The report was produced by researchers from information security consultancy NCC Group . “The TL;DR is that based on this audit, TrueCrypt appears to be a relatively well-designed piece of crypto software,” Matt Green, a Johns Hopkins University professor specializing in cryptography and an audit organizer, wrote in a blog post accompanying Thursday’s report . “The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.” Read 7 remaining paragraphs | Comments

Visit site:
TrueCrypt security audit is good news, so why all the glum faces?

Google Chrome will banish Chinese certificate authority for breach of trust

Google’s Chrome browser will stop trusting all digital certificates issued by the China Internet Network Information Center following a major trust breach last week that led to the issuance of unauthorized credentials for Gmail and several other Google domains . The move could have major consequences for huge numbers of Internet users as Chrome, the world’s most widely used browser, stops recognizing all website certificates issued by CNNIC. To give affected website operators time to obtain new credentials from a different certificate authority, Google will wait an unspecified period of time before implementing the change. Once that grace period ends, Google engineers will blacklist both CNNIC’s root and extended-validation certificates in Chrome and all other Google software. The unauthorized certificates were issued by Egypt-based MCS Holdings , an intermediate certificate authority that operated under the authority of CNNIC. MCS used the certificates in a man-in-the-middle proxy, a device that intercepts secure connections by masquerading as the intended destination. Such devices are sometimes used by companies to monitor employees’ encrypted traffic for legal or human resources reasons. Read 2 remaining paragraphs | Comments

Visit link:
Google Chrome will banish Chinese certificate authority for breach of trust

New Firefox version says “might as well” to encrypting all Web traffic

Developers of the Firefox browser have moved one step closer to an Internet that encrypts all the world’s traffic with a new feature that can cryptographically protect connections even when servers don’t support the HTTPS protocol. Opportunistic encryption, as the feature is known, acts as a bridge between plaintext HTTP connections and fully compliant HTTPS connections based on transport layer security or its predecessor, protocol secure sockets layer. These traditional Web-based encryption measures require site operators to obtain a digital credential issued by a browser-recognized certificate authority and to implement TLS protection through OpenSSL or a similar code library. Even then, many sites are unable to fully encrypt their pages because they embed ads and other third-party content that’s still transmitted in plaintext. As a result, large numbers of sites (including this one) continue to publish some or all of their content in HTTP, which can be readily manipulated by people with the ability to monitor the connection. OE, as opportunistic encryption is often abbreviated, was turned on by default in Firefox 37, which was released this week. The move comes 17 months after an Internet Engineering Task Force working group proposed OE become an official part of the HTTP 2.0 specification . The move garnered critics and supporters alike, with the former arguing it may delay some sites from using the more secure HTTPS protections and the latter saying, in effect, some protection is better than none. The chief shortcoming of OE is its lack of authentication for cryptographically validating that a connected server is operated by the organization claiming ownership. Read 2 remaining paragraphs | Comments

View article:
New Firefox version says “might as well” to encrypting all Web traffic

California governor mandates 25 percent water use reduction

Today, California Governor Jerry Brown issued an executive order that is intended to spur water savings. The order comes as the state enters another year of extreme drought caused by lack of winter rain and snowfall. The state receives almost all of its precipitation in the winter and relies on that to fill reservoirs and deposit snow in the Sierra Nevada mountains. But this year, there was no precipitation for the entire month of January, leaving snowpack at many locations well below average —and completely absent in many areas. The new order focuses on conservation, with mandatory water reductions in cities and towns that will cut use by 25 percent. Many of the additional steps are obvious and probably should have been done before a crisis hit: remove 50 million square feet of lawns, have places like school campuses, golf courses, and cemeteries limit water use, and ban any installation of new irrigation systems that don’t use efficient drip irrigation. Standards for toilet and faucet water use will also be updated. Read 1 remaining paragraphs | Comments

Original post:
California governor mandates 25 percent water use reduction

New ARM-powered chip aims for battery life measured in decades

The number of things getting plugged into the “Internet of Things” has already reached the point of satire . But there’s a new, extremely low power technology that’s being prepared for market that could put computing power and network access into a whole new class of sensors, wearables, and practically disposable devices. That’s because it can run off a battery charge for over over 10 years. Atmel, the San Jose-based microcontroller maker, today released samples of a new type of ultra-low power, ARM based microcontroller that could radically extend the battery life of small low-power intelligent devices. The new SAM L21 32-bit ARM family of microcontroller (MCUs) consume less than 35 milliamps of power per megahertz of processing speed while active, and less than 200 nanoamps of power overall when in deep sleep mode—with varying states in between. The chip is so low power that it can be powered off energy capture from the body, as Andreas Eieland, Atmel’s Director of Product Marketing for low-power products, demonstrated at CES earlier this year. Read 7 remaining paragraphs | Comments

Continued here:
New ARM-powered chip aims for battery life measured in decades

Dark Web vendors offer up “thousands” of Uber logins starting at $1 each

Two vendors on a relatively new Dark Web marketplace are selling active Uber usernames and passwords. On Saturday, Ars verified that “Courvoisier” is claiming to sell these logins for $1 each on the AlphaBay Market, which launched in late 2014. Another vendor, “ThinkingForward,” sells the same items for $5 each. As Courvoisier writes: “The credentials provided will be a valid login for the Uber website for which you can use to order phones from completely free. (You can find the guide in our store if you’re unaware on the how-to).” Read 5 remaining paragraphs | Comments

Visit link:
Dark Web vendors offer up “thousands” of Uber logins starting at $1 each

NASA announces details of its asteroid redirection mission

Today, NASA held a press conference in which it described the latest developments in its plan to return an asteroid to an orbit close enough to Earth that it could easily be studied by a manned mission. Gone is the idea of returning an entire asteroid. In its place, a robotic probe will pluck a boulder from the surface of an asteroid and return that, testing our ability to redirect similar rocks if they threaten Earth. In fact, the entire mission is generally focused on technology development. Once the asteroid is placed in a cis-lunar orbit (orbiting Earth and closer than the Moon), it will be visited by a crewed Orion capsule that will allow detailed study and a return of samples to Earth. But the focus of this mission will be testing technology that will allow extended manned missions in space. The current timeline involves further studies of potential targets for extracting a boulder in the years leading up to 2019. Right now, three asteroids are on the menu: Itokawa (which was visited by the Japanese spacecraft Hayabusa), Bennu (which is planned for a sample return mission called OSIRIS-REx), and 2008 EV5. In each case, the orbit and composition are well-known, making them relatively low risk. Read 4 remaining paragraphs | Comments

Continued here:
NASA announces details of its asteroid redirection mission

New WoW item will allow players to trade gold for game time

Blizzard will soon allow World of Warcraft players to trade purchased game time for in-game gold, and vice versa, effectively putting an official, floating real-world value on the in-game currency. With yesterday’s rollout of WoW patch 6.12, Blizzard says it’s ready to introduce the ” WoW token,” a new in-game item that can be traded for 30 days of play time in the subscription-based MMO. Blizzard says the new feature will be launched in the Americas “once Patch 6.1.2 has been live for a while [to] help us ensure the foundation for the feature is solid.” Other regions will get tokens further down the line. WoW tokens will be available for purchase from the in-game shop for $20 or “the rough equivalent” in other regions. That’s somewhat more than the $14.99 maximum usually charged for a single month’s subscription fee, but the tokens differ from regular subscription game time because they can be exchanged for in-game gold through an in-game auction house. Read 4 remaining paragraphs | Comments

More:
New WoW item will allow players to trade gold for game time

We know where you’ve been: Ars acquires 4.6M license plate scans from the cops

OAKLAND, Calif.—If you have driven in Oakland any time in the last few years, chances are good that the cops know where you’ve been, thanks to their 33 automated license plate readers (LPRs). Now Ars knows too. In response to a public records request, we obtained the entire LPR dataset of the Oakland Police Department (OPD), including more than 4.6 million reads of over 1.1 million unique plates between December 23, 2010 and May 31, 2014. The dataset is likely the largest ever publicly released in the United States—perhaps in the world. Read 59 remaining paragraphs | Comments

View article:
We know where you’ve been: Ars acquires 4.6M license plate scans from the cops