al0ha writes "Schneier briefs members of Congress on the NSA in a closed door meeting. According to Bruce, "Surreal part of setting up this meeting: I suggested that we hold this meeting in a SCIF, because they wanted me to talk about top secret documents that had not been made public. So we had to have the meeting in a regular room."
I am so very happy to hear a rational expert, that is almost uniquely able to explain complex subjects and their potential ramifications to those of us possessing less than brilliant minds in this world, has been briefing Congress on the NSA." Link to Original Source top
The Memristor - It may transform computer hardware
al0ha writes "The first new passive circuit element since the 1830s might transform computer hardware.
In a thriving transistor monoculture where more transistors are created than grains of rice grown world wide; can a new circuit element find a place to take root and grow? That’s the question posed by the memristor, a device first discussed theoretically 40 years ago and finally implemented in hardware in 2008. The name is a contraction of “memory resistor,” which offers a good clue to how it works." Link to Original Source top
al0ha writes "Why is it that Slashdot session management is insecure? If you force HTTPS during login, then session cookies are set for encrypted sessions only, so for the rest of the site you are not logged in. If you login over insecure HTTP, then the session cookies are set for any connection.
This is totally lame and makes session hijacking via FireSheep simple, as well as credential sniffing on the wire and wireless.
How Geeky can Geeknet be if they can't even handle session management appropriately?
The password change page and login pages should be protected by HTTPS. Then session cookies appropriate for general content, or privileged content (like changing account information) should be set where privileged content always runs over HTTPS." Link to Original Source top
al0ha writes "A team of security researchers has created a proof-of-concept Trojan for Android handsets that is capable of listening out for credit card numbers — typed or spoken — and relaying them back to the application's creator." Link to Original Source top
al0ha writes "To paraphrase the article: "These days, the main enemy of privacy is not Big Brother, but a whole bunch of Little Brothers. I grant you that long experience teaches us that the government itself must be watched. However, if you think that it is the main threat to your privacy these days, I humbly suggest that you think again."" Link to Original Source top
al0ha writes "In this week's issue of the journal Nature, a research team led by scientists at the California Institute of Technology (Caltech) has taken an important step toward understanding just how this kickoff occurs by beginning to dissect the neural circuitry of fear. In their paper, these scientists—led by David J. Anderson, the Benzer Professor of Biology at Caltech and a Howard Hughes Medical Institute investigator—describe a microcircuit in the amygdala that controls, or "gates," the outflow of fear from that region of the brain.
al0ha writes "From American Scientist: "Although data show that taking college-level science courses dramatically improves public science literacy, only about 30 percent of U.S. adults have ever taken even one college-level science course."
al0ha writes "The attack begins as it usually does — the Trojan steals the username and password as it is inserted by the user. Then, a rogue form pops up and demands of him to share his mobile phone vendor, model and phone number:
al0ha writes "Among many others I also found myself very skeptical that this self-proclaimed, "Whiz Kid" could code a truly useful and secure application in a few days.. Seems it turns out to be just another example of over-hype by the media regarding a product they themselves never saw. How pathetic." Link to Original Source top
al0ha writes "TWO small signals detected in an experiment deep underground in an abandoned US iron ore mine could be the first glimpses of the mysterious dark matter that is thought to make up about 24 per cent of the universe." Link to Original Source top
Browser Security Courtesy of the American Taxpayer
al0ha writes "Invincea, a security firm originally funded by the Defense Advanced Research Projects Agency (DARPA) to build a prototype virtualized browser, today rolled out a Windows application that places Internet Explorer (IE) into a virtual environment in order to protect the underlying system from Web-based attacks.
While the product is an interesting idea and may be useful, I totally object to the pricing as an American taxpayer. I have already helped pay for the development of this product; the CEO must be related to Bush/Cheney somehow. What a scam." Link to Original Source top
University of Virginia p0wn'd for almost a million
al0ha writes "Er, trojan anyone? "According to several sources familiar with the case, thieves stole the funds after compromising a computer belonging to the university’s comptroller."" Link to Original Source top
al0ha writes "At Wharton's Risk Management and Decision Processes Center, researchers are investigating why humans do such a poor job planning for, and learning from, catastrophes." Link to Original Source top
al0ha writes "From the article, "A paper published today by Chris Soghoian and Sid Stamm [pdf] suggests that the threat may be far more practical than previously thought. They found turnkey surveillance products, marketed and sold to law enforcement and intelligence agencies in the US and foreign countries, designed to collect encrypted SSL traffic based on forged 'look-alike' certificates obtained from cooperative certificate authorities."
al0ha writes "Today, the jury in the District Court of Utah trial between SCO Group and Novell issued a verdict.
Novell is very pleased with the jury’s decision confirming Novell’s ownership of the Unix copyrights, which SCO had asserted to own in its attack on Linux. Novell remains committed to promoting Linux, including by defending Linux on the intellectual property front.
This decision is good news for Novell, for Linux, and for the open source community.
al0ha writes "Desperate to fund its seemingly-endless legal battle for Unix copyrights against Novell and others, SCO Group has found someone willing to buy the bankrupt company's mobile assets — and it's none other than Darl McBride, the former SCO chief executive sacked as a result of his ruinous crusade to claim Unix." Link to Original Source top
al0ha writes "This is an excellent piece well worth the read for all/.ers
"It seems unavoidable that most of the data in our future will be digital, so it behooves us to understand how to manage and preserve digital data so we can avoid what some have called the 'digital dark age.' This is the idea—or fear!—that if we cannot learn to explicitly save our digital data, we will lose that data and, with it, the record that future generations might use to remember and understand us." "Unlike the many venerable institutions that have for centuries refined their techniques for preserving analog data on clay, stone, ceramic or paper, we have no corresponding reservoir of historical wisdom to teach us how to save our digital data. That does not mean there is nothing to learn from the past, only that we must work a little harder to find it." — Kurt D. Bollacker PhD" Link to Original Source top
al0ha writes "It's hardly a secret that taking cocaine can change the way you feel and the way you behave. Now, a study published in the Jan. 8 issue of Science shows how it also alters the way the very genes in your brain operate. Understanding this process could eventually lead to new treatments for the 1.4 million Americans with cocaine problems, and millions more around the world." Link to Original Source top
al0ha writes "Presented by the Los Angeles chapter of OWASP, the linked PDF is a nice overview of some new security risks to help spark the imagination of security practitioners.
From the introduction, "As the line between desktop and web applications becomes increasingly blurry in a web 2.0 world, browser functionality is being pushed well beyond what it was originally intended for. Persistent client side storage has become a requirement for web applications if they are to be available both online and off. While all such technologies offer great promise, it is clear that the vast majority of developers simply do not understand their security implications."" Link to Original Source
I have to admint the/. interface is extremely buggy and frustrating. I don't think they actually know where all the CSS loads, or how it effects pages and submissions. Pages are rendered differently in different areas for whatever reason, fonts bigger, bold, etc.; and submissions? Forget about it - I have ended up accidentally creating multiple submissions several times due to this stupd interface which is out of control.
Web 2.0 is completely insecure at worst and makes/. a bug filled nightmare at best.