Tag: reprints

Feds plow $10 billion into “groundbreaking” crypto-cracking program

Wikimedia The federal government is pouring almost $11 billion per year into a 35, 000-employee program dedicated to “groundbreaking” methods to decode encrypted messages such as e-mails, according to an intelligence black budget published by The Washington Post. The 17-page document, leaked to the paper by former National Security Agency (NSA) contractor Edward Snowden, gives an unprecedented breakdown of the massive amount of tax-payer dollars—which reached $52 billion in fiscal 2013—that the government pours into surveillance and other intelligence-gathering programs. It also details the changing priorities of the government’s most elite spy agencies. Not surprisingly, in a world that’s increasingly driven by networks and electronics, they are spending less on the collection of some hard-copy media and satellite operations while increasing resources for sophisticated signals intelligence, a field of electronic spying feds frequently refer to as “SIGINT.” “We are bolstering our support for clandestine SIGINT capabilities to collect against high priority targets, including foreign leadership targets, ” James Clapper, director of national intelligence, wrote in a summary published by the WaPo . “Also, we are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic.” Read 3 remaining paragraphs | Comments        

Read More:
Feds plow $10 billion into “groundbreaking” crypto-cracking program

Bethesda “pushing” against Xbox Live Gold fee for Elder Scrolls Online

So far, Bethesda Softworks (and parent company Zenimax Media) has bucked industry trends by planning a $15 per month subscription for its upcoming The Elder Scrolls Online , adding a bit of insult to injury by including a real-money shop for nonessential items . Now the company says it’s trying to get Microsoft to agree to waive the additional requirement of an Xbox Live Gold subscription for Xbox One players, though without much success so far. Microsoft currently requires a $60/year Xbox Live Gold account to play any and all online games on the system, even otherwise free-to-play titles like World of Tanks . Speaking to the UK’s official Xbox Magazine , though, Zenimax Online Creative Director Paul Sage says the company has “been in talks with Microsoft” about getting a waiver for The Elder Scrolls Online  since the game already has its own subscription fee. “[We’re] seeing whether or not there’s any room to change their minds about that, for folks who are only paying The Elder Scrolls Online and don’t want to pay for an Xbox Live Gold subscription, just to pay The Elder Scrolls Online , ” Sage said. So far Microsoft has been less than responsive to these concerns, reportedly answering, “that’s the way it works, ” but Sage promises that Bethesda will “keep on pushing” on the issue. Read 1 remaining paragraphs | Comments        

See the original article here:
Bethesda “pushing” against Xbox Live Gold fee for Elder Scrolls Online

Amazon and Microsoft, beware—VMware cloud is more ambitious than we thought

vCloud Hybrid Service integrates with on-premises VMware deployments. VMware VMware today announced that vCloud Hybrid Service , its first public infrastructure-as-a-service (IaaS) cloud, will become generally available in September. That’s no surprise, as we already knew it was slated to go live this quarter. What is surprising is just how extensive the cloud will be. When first announced, vCloud Hybrid Service was described as infrastructure-as-a-service that integrates directly with VMware environments. Customers running lots of applications in-house on VMware infrastructure can use the cloud to expand their capacity without buying new hardware and manage both their on-premises and off-premises deployments as one. That’s still the core of vCloud Hybrid Service—but in addition to the more traditional infrastructure-as-a-service, VMware will also have a desktops-as-a-service offering, letting businesses deploy virtual desktops to employees without needing any new hardware in their own data centers. There will also be disaster recovery-as-a-service, letting customers automatically replicate applications and data to vCloud Hybrid Service instead of their own data centers. Finally, support for the open source distribution of Cloud Foundry and Pivotal’s deployment of Cloud Foundry  will let customers run a platform-as-a-service (PaaS) in vCloud Hybrid Service. Unlike IaaS, PaaS tends to be optimized for building and hosting applications without having to manage operating systems and virtual computing infrastructure. Read 8 remaining paragraphs | Comments        

Original post:
Amazon and Microsoft, beware—VMware cloud is more ambitious than we thought

In surveillance era, clever trick enhances secrecy of iPhone text messages

Creative Heroes A security researcher has developed a technique that could significantly improve the secrecy of text messages sent in near real time on iPhones. The technique, which will debut in September in an iOS app called TextSecure, will also be folded into a currently available Android app by the same name. The cryptographic property known as perfect forward secrecy has always been considered important by privacy advocates, but it has taken on new urgency following the recent revelations of widespread surveillance of Americans by the National Security Agency. Rather than use the same key to encrypt multiple messages—the way, say PGP- and S/MIME-protected e-mail programs do—applications that offer perfect forward secrecy generate ephemeral keys on the fly . In the case of some apps, including the OTR protocol for encrypting instant messages , each individual message within a session is encrypted with a different key. The use of multiple keys makes eavesdropping much harder. Even if the snoop manages to collect years worth of someone’s encrypted messages, he would have to crack hundreds or possibly hundreds of thousands of keys to transform the data into the “plaintext” that a human could make sense of. What’s more, even if the attacker obtains or otherwise compromises the computer that his target used to send the encrypted messages, it won’t be of much help if the target has deleted the messages. Since the keys used in perfect forward secrecy are ephemeral, they aren’t stored on the device. Read 7 remaining paragraphs | Comments        

See more here:
In surveillance era, clever trick enhances secrecy of iPhone text messages

Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist

William Ward Google developers have confirmed a cryptographic vulnerability in the Android operating system that researchers say could generate serious security glitches on hundreds of thousands of end user apps, many of them used to make Bitcoin transactions. This weakness in Android’s Java Cryptography Architecture is the root cause of a Bitcoin transaction that reportedly was exploited to pilfer about $5, 720 worth of bitcoins out of a digital wallet  last week. The disclosure, included in a blog post published Wednesday by Google security engineer Alex Klyubin, was the first official confirmation of the Android vulnerability since Ars and others  reported the incident  last weekend. Klyubin warned that other apps might also be compromised unless developers change the way they access so-called PRNGs, short for pseudo random number generators. “We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG, ” he wrote. “Applications that directly invoke the system-provided OpenSSL PRNG without explicit initialization on Android are also affected.” Apps that establish encrypted connections using the HttpClient and java.net classes aren’t vulnerable. Read 5 remaining paragraphs | Comments        

Read this article:
Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist

Hyperloop—a theoretical, 760 mph transit system made of sun, air, and magnets

Concept sketches of the Hyperloop passenger capsules; note the air intake noses. Tesla Motors The proposed design for the “Hyperloop, ” an ultra-fast transit system that would run between San Francisco and Los Angeles, was revealed today on Elon Musk’s Tesla Motors website. Musk, the founder of SpaceX and Tesla Motors, describes a system that moves pods under low pressure through a tube between the two cities following the I-5 freeway, all within a 56-page PDF document . The Hyperloop would consist of aluminum pods inside a set of two steel tubes, one for each direction of travel. These are connected at each terminus. The tubes would be positioned on top of pylons spaced 100 feet apart holding the tube 20 feet in the air, and the tube would be covered by solar arrays to generate its own power. Inside the tubes, the pods would carry people up to 760 miles per hour. The pods would each carry 28 passengers, departing every two minutes from either location (or every 30 seconds at peak times). So each pod would have about 23 miles between each other while traversing the tube. The transport capacity would therefore be about 840 passengers per hour. Read 15 remaining paragraphs | Comments        

View post:
Hyperloop—a theoretical, 760 mph transit system made of sun, air, and magnets

“Hand of Thief” banking trojan doesn’t do Windows—but it does Linux

The administration panel for Hand of Thief. RSA Signaling criminals’ growing interest in attacking non-Windows computers, researchers have discovered banking fraud malware that targets people using the open-source Linux operating system. Hand of Thief, as researchers from security firm RSA have dubbed it , sells for about $2, 000 in underground Internet forums and boasts its own support and sales agents. Its functionality—consisting of form grabbers and backdoor capabilities—is rudimentary compared to Windows banking trojans spawned from the Citadel or Blackhole exploit kits, but that’s likely to change. RSA researcher Limor Kessem said she expects Hand of Thief to become a full-blown banking trojan that includes more advanced features such as the ability to inject attacker-controlled content into trusted bank webpages. “Although Hand of Thief comes to the underground at a time when commercial trojans are high in demand, writing malware for the Linux OS is uncommon, and for good reason, ” Kessem wrote. “In comparison to Windows, Linux’s user base is smaller, considerably reducing the number of potential victims and thereby the potential fraud gains.” Read 5 remaining paragraphs | Comments        

Read More:
“Hand of Thief” banking trojan doesn’t do Windows—but it does Linux

Mobile startup offers unprecedented plan: 500MB of data, free incoming calls

On Tuesday, the American mobile phone market took one step closer to looking a bit more like the European or Asian markets: free incoming calls, inexpensive outgoing calls, and a focus on data. A Canadian startup, TextNow , just launched a new mobile service in the United States. For $18.99 per month, you get 500MB of data, 750 rollover minutes, and unlimited texting and incoming calls. In the US, it’s the norm for both the sending and receiving parties to be charged for a call. But nearly everywhere else in the world, only the person who originated the call actually pays. “Incoming calls don’t really cost us that much, ” Derek Ting, the company’s CEO, told Ars. “Carriers charge you anyway because they can get away with it.” Read 5 remaining paragraphs | Comments        

Read this article:
Mobile startup offers unprecedented plan: 500MB of data, free incoming calls

Update: Researchers say Tor-targeted malware phoned home to NSA

A search reveals the address used in an attack on Tor users’ privacy referenced an IP address belonging to the NSA, routed through SAIC. Malware planted on the servers of Freedom Hosting — the “hidden service” hosting provider on the Tor anonymized network brought down late last week—may have de-anonymized visitors to the sites running on that service. This issue could send identifying information about site visitors to an Internet Protocol address that was hard-coded into the script the malware injected into browsers. And it appears the IP address in question belongs to the National Security Agency (NSA). This revelation comes from analysis done collaboratively by Baneki Privacy Labs , a collective of Internet security researchers, and VPN provider Cryptocloud . When the IP address was uncovered in the JavaScript exploit —which specifically targets Firefox Long-Term Support version 17, the version included in Tor Browser Bundle—a source at Baneki told Ars that he and others reached out to the malware and security community to help identify the source. The exploit attacked a vulnerability in the Windows version of the Firefox Extended Support Release  17 browser —the one used previously in the Tor Project’s Tor Browser Bundle (TBB).  That vulnerability had been patched by Mozilla in June, and the updated browser is now part of TBB. But the TBB configuration of Firefox doesn’t include automatic security updates, so users of the bundle would not have been protected if they had not recently upgraded. Read 6 remaining paragraphs | Comments        

View post:
Update: Researchers say Tor-targeted malware phoned home to NSA

Simple technique puts graphene capacitors on par with lead-acid battery

If the bottom is a layer of graphene in a super capacitor, then storage can be increased by making the solution above it as low-volume as possible. Lawrence Livermore National Lab Individual pieces of graphene have some pretty amazing properties, but finding a way to produce bulk materials that make good use of those properties has been rather challenging. Now, researchers have figured out a way to make graphene-based electrodes in bulk through a process so simple that it can be adapted to the manufacturing techniques that we currently use to make paper. And the resulting capacitors, at least in these test cases, had storage capacities that approached those of lead-acid batteries. Those of us who have taken basic physics tend to think of capacitors as two parallel, charge-holding plates, since that’s how they’re taught. But electrochemical capacitors perform a similar trick on a much smaller scale, by having the charges held by individual ions that absorb to an electrode. To boost capacity, the simplest thing to do is to increase the surface area for the ions to interact with. That’s why graphene seems so appealing; since it’s only a single atom thick, it should be possible to stick a tremendous amount of surface into a relatively small volume. The problem, however, has been getting the ions into the graphene itself in order for them to interact. Once the graphene is prepared, lots of factors like pore size and inter-sheet spacing come into play, since these control how quickly ions can get into the graphene. A team at Australia’s Monash University came up with an easy solution to this: put the ions in place during the manufacturing process. Read 4 remaining paragraphs | Comments        

Continued here:
Simple technique puts graphene capacitors on par with lead-acid battery