Windows Flaw Allowed Hackers To Spy On NATO, Ukraine, Others
In addition to isight's blog
there's an article in Wired
Police Using Dogs To Sniff Out Computer Memory
Apparently the Rhode Island State Police posted a photo and plausible statement:
The post says the canine is "trained to detect electronic devices".
That does not look as bogus a claim as training specifically for storage media: the chemicals used in the soldering, cleaning, and IC packaging conceivably could have a detectable smell.
Math Advance Suggest RSA Encryption Could Fall Within 5 Years
The whole thing is unsubstantiated FUD. I base my judgment on the slides at
The whole argument boils down to:
a) there has recently been huge progress [*] in solving the Discrete Log Problem over fields of small characteristic;
b) progress in solving the DLP have historically implied progress in factorization, and vice versa;
c) factorization breaks RSA, and solving the DLP breaks DSA;
d) thus RSA and DSA are dead, move to ECDSA.
The fallacy of it is that in b) and c), the DLP is exclusively over fields of huge characteristics (thousands of bits), making the algorithms in a) powerless. The slides do not hint at the faintest research lead towards moving to huge characteristics. Best argument is that "renewed interest could result in further improvements".
One the positive side, the author is honest: "I’m not a mathematician, I just play one on stage".
[*] See e.g. this recent paper and its references
Razvan Barbulescu, Pierrick Gaudry, Antoine Joux, Emmanuel Thomé: A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic
New Thermocell Could Turn 'Waste Heat' Into Electricity
From the article: "The top performing redox electrolyte (..) yielded output powers of 522 mW per square meter."
Seems that to get the 1 GW power of a nuclear reactor, one would need the active surface of a square of 43 kilometer side coated with that Cobalt stuff.
Backdoor Discovered In Atlassian Crowd
The original report says about the last vulnerability discussed (but not disclosed)
Indicators such as covert positioning, the use of special parameters, absence of log messages, facilitation of persistence, and apparent lack of legitimate purpose suggest that this vulnerability could be classified as a symmetric backdoor if malicious intent were to be established (which it has not).
I like the tone: they stop short of stating this is a deliberate backdoor of the worst kind, but give extremely convincing argument that it is one.
CipherCloud Invokes DMCA To Block Discussions of Its Crypto System
The taken-down images, and the promotional video around 2:53
make it clear that in these promotional materials, identical plaintext leads to identical ciphertext.
Ciphercould's DMCA takedown notice
rebuts that as wrong ("Ciphercloud's product is not deterministic"), with a key point at the beginning of page 3:
"[detractor] implies that what was perceived from a public demo is Ciphercould's product offering".
Ciphercould's position is: you misjudged us from what we have shown, which is not the real thing.
Intrade Shutdown Hurts Academics
If trading funny money and a bare-bones web interface is OK, there is Foresight Exchange (aka Ideosphere) which has worked almost flawlessly since 1994.
The World's Oldest Original Digital Computer Springs Back Into Action At TNMOC
If this computer can decide to reboot itself, it must have now reached self-awareness!
Ask Steve Wozniak Anything
My favorite is the Apple ][ disk controller, most notably the read synchronization and decoding achieving 5, then ultimately 6 useful data bits per raw 8 bits, using little discrete logic and a small (P)ROM.
Ask Slashdot: How Do I De-Dupe a System With 4.2 Million Files?
Recently had this situation.
Nirsoft's free "SearchMyFiles" http://www.nirsoft.net/utils/search_my_files.html has a straightforward Find Duplicates mode which helped a lot. It is easy (the most "complex" is designating the base locations for searches as e.g. K:\;L:\;P:\;Q:\), fast, never crashed on me, and had only cosmetic issues ("del" key not working). I recommend running it with administrative privileges so that it does not miss files.
AMD Downgrades Bulldozer Transistor Count By 800 Million
AMD just clarified that Bulldozer does have 2 billion transistors after all, but only 1.2 billion work.
XML Encryption Broken, Need To Fix W3C Standard
"..we describe a practical attack on XML Encryption, which allows to decrypt a ciphertext by sending related ciphertexts to a Web Service and evaluating the server response. We show that an adversary can decrypt a ciphertext by performing only 14 requests per plaintext byte on average."
Another CA Issues False Certificates To Iran
I now see your point: a CAs does not guarantee against MITM in the same way a safe does not guarantee against robbery.
Another CA Issues False Certificates To Iran
CA does not guarantee that there is no MITM either
Can you please explain, preferably with a link to a reference?
Common wisdom is that good CA + SSL should protect against MITM, including if the DNS service is comprimized.
FreeBSD Running On PS3
This is *NOT* related to the recent crypto break, as demonstrated by the release note stating
Supported hardware:Sony Playstation 3 Fat, firmware version 3.21
Virtualizing Workstations For Common Hardware?
It's easy enough to slipstream (lots of) extra drivers and periodically update a master install .iso using tools such as nlite.
Any pointer to (or hint) for some "Slipstream for novices?" Explaining in particular how do you deal with
- disparate versions of serial-number protected things (MSO and Windows XP Pro/Home, or worse vendor-customized Vistas/7)
- machines where XP needs extra drivers to boot a SATA device
- drivers that seem to only come as an interractive installer (ATI)
- patch tuesday routine
Dell Defect Turning 2.2GHz CPU Into 100MHz CPU?
This one seems to work
Brazilian Breaks Secrecy of Brazil's E-Voting Machines With Van Eck Phreaking
> What options do you have to protect your self from Van eck phreaking?
One option to consider seriously is: paper ballot inserted, in a voting booth protected by opaque curtain, into an opaque paper envelope, which is then publicly dropped into a transparent urn, which is left under public view during the voting, and publicly shaked before the counting process.
That's how 90% of the votes are cast in France for decades [the "transparent" bit was added some 45 years ago]. Not only is it secure against Van Eck phreaking before its invention, it has great resilience against many kinds of fraud, and most voters are able to understand and check the process.
You still have to guard against quite a few things, including
* unsuitably opaque envelopes;
* bulletins printed on paper of different color/size/material [even if the envelope is opaque, it is usually not sealed, and sometime some portion of the bulletin (hopefully the back side, if the bulletin is folded) may be glanced at thru the opening; also the weight/stiffness of the bulletin may be revealing]
* hidden cameras in the voting booth; including those built into cellphones held by the voter [because the voter could be trying to prove what (s)he voted [in order to sell her/his vote or avoid retaliation if s/he did not vote as instructed].
Actually, in some locations much closer to you than half the circumference of planet earth, it may happen that voters are threatened to be beaten/killed is they do not vote as instructed; and maybe, on election day, a few of those who voted could be beaten publicly (often: regardless of what they actually voted, or based on their perceived opinion), in order to make the threat credible to those who did not vote yet. In these circumstances, the voters must be able to really trust the secrecy of their vote.
AIDS Vaccine Is Partially Successful
According to numerous online sources, raw numbers are:
51 out of 8187 found infected in the vaccinated group;
74 out of 8198 found infected in the control group.
The most basic course of statistics tells how to proceed from here: test if the null hypothesis (vaccine has no effect) remains plausible despite this evidence. Conditions are ideal for the chi-squared test.
We get Observed values 51, 74, 8147, 8123; Expected values 62.504, 62.496, 8135.5, 8134.5; then sum((O-E)^2/E) = 4.267, with two degrees of freedom.
Conclusion: the null hypohesis is rejected with only 88% confidence level.
This is not enough to confortably say that the vaccine has any benefit. Odds of the contrary are about 1/17.
This is much less reason to trust that the vaccine reduce infection rate by 31.1%, as reported in some press articles. Odds are 1/2 that it is less efficient than this.
Alex, The Brainy Parrot Who Knows About Zero
Reconizing "none" is NOT an indication of grasping the concept of "zero", which is about "zero" sharing proterties similar to other numbers (i.e can be meaningfully added).
fgrieu hasn't submitted any stories.
fgrieu has no journal entries.