security – Page 162

TrueCrypt Audit Back On Track After Silence and Uncertainty

itwbennett writes: In October 2013 Cryptography professor Matthew Green and security researcher Kenneth White launched a project to perform a professional security audit of TrueCrypt, partly prompted by the leaks from Edward Snowden that suggested the NSA was engaged in efforts to undermine encryption. Their report, published in April 2014, covered the first phase of the audit. Phase two was supposed to involve a formal review of the program’s encryption functions, with the goal of uncovering any potential errors in the cryptographic implementations—but then the unexpected happened. In May 2014, the developers of TrueCrypt, who had remained anonymous over the years for privacy reasons, abruptly announced that they were discontinuing the project and advised users to switch to alternatives. Now, almost a year later, the project is back on track. Read more of this story at Slashdot.

Read this article:
TrueCrypt Audit Back On Track After Silence and Uncertainty

Scotland’s Police Lose Data Because of Programmer’s Error

Anne Thwacks writes Assistant Chief Constable Wayne Mawson told the [Scottish Police Authority] committee that a total of 20, 086 records had been lost because a computer programmer pressed the wrong button between May and July last year. He added: “….they had been properly put on the system by the officers as a result of stopping and searching people, but we lost the outcome of it as a computer programming error. We have been working really hard to recover that data. I have personally overseen the sending out of several thousand emails to officers and follow-up audits. We have been working hard with HMICS to oversee everything that we do, to make sure it is done properly and I am pleased to say that the vast majority of that data, those results, are now back on the system.” Read more of this story at Slashdot.

See more here:
Scotland’s Police Lose Data Because of Programmer’s Error

Samsung’s Portable SSD T1 Tested

MojoKid writes The bulk of today’s high-capacity external storage devices still rely on mechanical hard disk drives with spinning media and other delicate parts. Solid state drives are much faster and less susceptible to damage from vibration, of course. That being the case, Samsung saw an opportunity to capitalize on a market segment that hasn’t seen enough development it seems–external SSDs. There are already external storage devices that use full-sized SSDs, but Samsung’s new Portable SSD T1 is more akin to a thumb drive, only a little wider and typically much faster. Utilizing Samsung’s 3D Vertical NAND (V-NAND) technology and a SuperSpeed USB 3.0 interface, the Portable SSD T1 redlines at up to 450MB/s when reading or writing data sequentially, claims Samsung. For random read and write activities, Samsung rates the drive at up to 8, 000 IOPS and 21, 000 IOPS, respectively. Pricing is more in-line with high-performance standalone SSDs, with this 1TB model reviewed here arriving at about $579. In testing, the drive did live up to its performance and bandwidth claims as well. Read more of this story at Slashdot.

See the original post:
Samsung’s Portable SSD T1 Tested

FreeBSD-Current Random Number Generator Broken

First time accepted submitter bobo the hobo writesThe FreeBSD random number has been discovered to be generating possibly predictable SSH keys and SSL certificates for months. Time to regenerate your keys and certs if using FreeBSD-Current. A message to the freebsd-current mailing list reads in part: “If you are running a current kernel r273872 or later, please upgrade your kernel to r278907 or later immediately and regenerate keys. I discovered an issue where the new framework code was not calling randomdev_init_reader, which means that read_random(9) was not returning good random data. read_random(9) is used by arc4random(9) which is the primary method that arc4random(3) is seeded from.” Read more of this story at Slashdot.

View the original here:
FreeBSD-Current Random Number Generator Broken

Storing Data In Synthetic Fossils

Bismillah tips news of research from ETH Zurich which brings the possibility of extremely long-term data storage. The scientists encoded data in DNA, a young but established technique that has a major problem: accuracy. “[E]ven a short period of time presents a problem in terms of the margin of error, as mistakes occur in the writing and reading of the DNA. Over the longer term, DNA can change significantly as it reacts chemically with the environment, thus presenting an obstacle to long-term storage.” To get around this issue, they encapsulated the DNA within tiny silica spheres, a process roughly comparable to the fossilization of bones (abstract). The researchers say data can be preserved this way for over a million years. Read more of this story at Slashdot.

HTTP/2 Finalized

An anonymous reader writes: Mark Nottingham, chair of the IETF HTTP working group, has announced that the HTTP/2 specification is done. It’s on its way to the RFC Editor, along with the HPACK specification, where it’ll be cleaned up and published. “The new standard brings a number of benefits to one of the Web’s core technologies, such as faster page loads, longer-lived connections, more items arriving sooner and server push. HTTP/2 uses the same HTTP APIs that developers are familiar with, but offers a number of new features they can adopt. One notable change is that HTTP requests will be ‘cheaper’ to make. … With HTTP/2, a new multiplexing feature allows lots of requests to be delivered at the same time, so the page load isn’t blocked.” Here’s the HTTP/2 FAQ, and we recently talked about some common criticisms of the spec. Read more of this story at Slashdot.

Continue reading here:
HTTP/2 Finalized

Nanotech Makes Steel 10x Stronger

An anonymous reader writes: A new metal-making process currently in testing at oil fields uses nano-scale plating to make metals like steel as much as ten times stronger than they would be without it. “[The process] uses an advanced form of electroplating, a process already used to make the chrome plating you might see on the engine and exhaust pipes of a motorcycle. Electroplating involves immersing a metal part in a chemical bath containing various metal ions, and then applying an electrical current to cause those ions to form a metal coating. The company uses a bath that contains more than one kind of metal ion and controls how ions are deposited by varying the electrical current. By changing the current at precise moments, it can create a layered structure, with each layer being several nanometers thick and of different composition. The final coating can be up to a centimeter thick and can greatly change the properties of the original material.” Read more of this story at Slashdot.

Originally posted here:
Nanotech Makes Steel 10x Stronger

OpenStreetMap.org Gets Routing

An anonymous reader writes “Good news for OpenStreetMap: the main website now has A-to-B routing (directions) built in to the homepage! The OSM website offers directions which are powered by third-parties using OSM data, providing car, bike, and foot routing. OpenStreetMap has a saying: ‘What gets rendered, gets mapped’ – meaning that often you don’t notice a bit of data that needs tweaking unless it actually shows up on the map image. It will make OpenStreetMap’s data better by creating a virtuous feedback loop.” Read more of this story at Slashdot.

See the article here:
OpenStreetMap.org Gets Routing

Canada’s Next-Generation Military Smart Gun Unveiled

Zothecula writes Looking every bit like a weapon from a science fiction movie, the latest integrated assault rifle prototype being developed for the Canadian Armed Forces (CAF) is packed with some very smart weapons technology. Along with the ability to fire new lightweight telescoped ammunition, and a secondary effects module that adds either a three-round 40 mm grenade launcher or a 12-gauge shotgun, there is also a NATO-standard power and data bus to allow the attachment of smart accessories, such as electro-optical sights and position sensors that connect to command and control networks. Read more of this story at Slashdot.

Company Promises Positive Yelp Reviews For a Price; Yelp Sues

jfruh writes Many restaurants and other small businesses live and die by Yelp reviews. Revleap operates a paid service that it says can “create a large constant flow of positive reviews that stay on top of your [Yelp] profile, and remove fake reviews.” But Yelp is suing Revleap for what it says are practices that are fraudulent and in violation of Yelp’s terms of service; among other things, Revleap promises users gift cards in exchange for good reviews. Read more of this story at Slashdot.

See the article here:
Company Promises Positive Yelp Reviews For a Price; Yelp Sues

Ken May

Tag: security