Xinoura's from Geek to Chic

rifles only writes "A German techie has found a remarkably simple way to discern some of the content of encrypted volumes containing images. The encrypted images don't reveal themselves totally, but in many cases do let an attacker see the outline of a high-contrast image. The attack works regardless of the encryption algorithm used (the widely-used AES for instance), and affects all utilities that use single symmetric keys. More significant to police around the world struggling with criminal and terrorist use of encryption, the attack also breaks the ability of users to 'hide' separate encrypted volumes inside already encrypted volumes, whose existence can now for the first time be revealed." The discoverer of this attack works for a company making full-disk encryption software; their product, TurboCrypt, has already been enhanced to defeat the attack. Other on-the-fly encryption products will probably be similarly enhanced, as the discoverer asserts: "To our knowledge is the described method free of patents and the author can confirm that he hasn't applied for protection."

Read more of this story at Slashdot.

Wired is running a story about a case the Supreme Court will be hearing on Tuesday that relates to searches based on erroneous information in government databases. In the case of Herring vs. US 07-513, the defendant was followed and pulled over based on a records indicating he had a warrant out for his arrest. Upon further review, the local county clerk found the records were in error, and the warrant notification should have been removed months prior. Unfortunately for Herring, he had already been arrested and his car searched. Police found a small amount of drugs and a firearm, for which Herring was subsequently prosecuted. Several friend-of-the-court briefs have been filed to argue this case, some calling for "an accuracy obligation on law enforcement agents [PDF] who rely on criminal justice information systems," and others defending such searches as good-faith exceptions [PDF].

Read more of this story at Slashdot.

darkeye writes "I'm facing a difficult dilemma and looking for opinions. I've been contributing heavily to an open source project, making considerable changes to code organization and quality, but the work is unfinished at the moment. Now, a company is approaching me to continue my changes. They want to keep the improvements to themselves, which is possible since the project is published under the BSD license. That's fair, as they have all the rights to the work they pay for in full. However, they also want me to sign a non-competition clause, which would bar me from ever working on and publishing results for the original open source project itself, even if done separately, in my free time. How would you approach such a decision? On one side, they'd provide resources to work on an interesting project. On the other, it would make me an outcast in the project's community. Moreover, they would take ownership of not just what they paid for, but also my changes leading up to this moment, and I wouldn't be able to continue on my original codebase in an open source manner if I sign their contract."

Read more of this story at Slashdot.

An anonymous reader alerts us to a two-week-old story that hasn't gotten much traction in the press to date. A Japanese newspaper and the AP report that China plans to demand source code from hardware manufacturers, and ban the sale of products from companies that don't comply. China is calling this an "obligatory accreditation system for IT security products." The plan is to go into effect next May, according to sources. "Products expected to be subject to the system are those equipped with secret coding, such as [a] contactless smart card system developed by Sony Corp., digital copiers, and computer servers. The Chinese government said it needs the source code to prevent computer viruses taking advantage of software vulnerabilities and to shut out hackers. However, this explanation is unlikely to satisfy concerns that disclosed information might be handed from the Chinese government to Chinese companies. There also are fears that Chinese intelligence services could exploit such confidential information by making it easier to break codes used in... digital devices."

Read more of this story at Slashdot.

Lumenary7204 writes "The Register has a story about the Large Synoptic Survey Telescope, a project to build a 6.7 meter effective-diameter ground-based telescope that will be used to map some of the faintest objects in the night sky. Jeff Kantor, the LSST Project Data Manager, indicates that the telescope should be in operation by 2016, will generate around 30 terabytes of data per night, and will 'open a movie-like window on objects that change or move on rapid timescales: exploding supernovae, potentially hazardous near-Earth asteroids, and distant Kuiper Belt Objects.' The end result will be a 150 petabyte database containing one of the most detailed surveys of the universe ever undertaken by a ground-based telescope. The telescope's 8.4 meter mirror blank was recently unveiled at the University of Arizona's Mirror Lab in Tucson."

Read more of this story at Slashdot.

tsa writes "Ars Technica reports that 13 of the 23 members from the technical committee of the Norwegian standards body, the organization that manages technical standards for the country, have resigned because of the way the OOXML standardization was handled. We've previously discussed Norway's protest and ISO's rejection of other appeals. From the article: 'The standardization process for Microsoft's office format has been plagued with controversy. Critics have challenged the validity of its ISO approval and allege that procedural irregularities and outright misconduct marred the voting process in national standards bodies around the world. Norway has faced particularly close scrutiny because the country reversed its vote against approval despite strong opposition to the format by a majority of the members who participated in the technical committee.'"

Read more of this story at Slashdot.

ruphus13 writes "As mentioned earlier, there was a kernel bug in the alpha/beta version of the Linux kernel (up to 2.6.27 rc7), which was corrupting (and rendering useless) the EEPROM/NVM of adapters. Thankfully, a patch is now out that prevents writing to the EEPROM once the driver is loaded, and this follows a patch released by Intel earlier in the week. From the article: 'The Intel team is currently working on narrowing down the details of how and why these chipsets were affected. They also plan on releasing patches shortly to restore the EEPROM on any adapters that have been affected, via saved images using ethtool -e or from identical systems.' This is good news as we move towards a production release!"

Read more of this story at Slashdot.

darthcamaro writes "Some programming languages just move on to major version numbers, leaving older legacy versions (and users) behind, but that's not the plan for Python. Python 2.6 has the key goal of trying to ensure compatibility between Python 2.x and Python 3.0, which is due out in a month's time. From the article: 'Once you have your code running on 2.6, you can start getting ready for 3.0 in a number of ways,' Guido Van Rossum said. 'In particular, you can turn on "Py3k warnings," which will warn you about obsolete usage patterns for which alternatives already exist in 2.6. You can then change your code to use the modern alternative, and this will make you more ready for 3.0.'"

Read more of this story at Slashdot.

Chicken_dinner writes "Engineers at Battelle have come up with a way to send data through the air at 10 Gigabits per second using point-to-point millimeter-wave technology. They used standard optical networking equipment and essentially combined two lower bandwidth signals to produce a 10Gb signal from the interference. They say the technology could replace fiber optics around large campuses or companies or even deliver high-bandwidth streaming within the home."

Read more of this story at Slashdot.

Tsunayoshi writes "My son volunteered me to give a presentation on what I do for a living for career day at his elementary school. I need to come up with a roughly 20-minute presentation to be given to 4-5 different classrooms. I am a systems administrator, primarily Unix/Linux and enterprise NAS/SAN storage, working for an aerospace company. I was thinking something along the lines of explaining how some everyday things they experience (websites, telephone systems, etc.) all depend on servers, and those servers are maintained by systems administrators. I was also going to talk about what I do specifically, which is maintain the computer systems that allow the really smart rocket scientists to get things into space. Am I on the right track? Can anyone suggest some good (and cheap/easy to make) visual aids?"

Read more of this story at Slashdot.

wiedzmin writes "A couple of very useful updates have just been released by Microsoft for the ever so popular Sysinternals tool set. The most notable one is ProcessMonitor v2.0 which will now include 'real-time TCP and UDP monitoring.' Another one, released earlier this year — Desktops 1.0, provides a very unique multi-thread way to get multiple desktops running on your Windows box."

Read more of this story at Slashdot.

arcticstoat writes with an excerpt from Custom PC: "After developing a brand new CPU architecture from the ground-up, you'd expect that Toshiba, Sony and IBM would have more uses for the Cell architecture than the PlayStation 3, and Toshiba has been quick to make use of the architecture's HD video transcoding abilities in its new Qosimo laptops. However, Leadtek is now taking Toshiba's efforts a step further by putting the chip onto a PCI-E card for desktop PCs. The WinFast PxVC1100 is based on Toshiba's SpursEngine SE1000 processor, which is a cut-down version of the Cell chip. The SpursEngine chip features four SPEs (synergistic processing elements) based on 128-bit RISC cores, along with H.264 and MPEG-2 codecs, but it doesn't contain its own CPU as the chip in the PS3 does. The chip is capable of encoding and decoding H.264, MPEG-2 and MPEG-4 video streams in hardware."

Read more of this story at Slashdot.

Pickens writes "Human-rights activists have discovered a huge surveillance system in China that monitors and archives Internet text conversations sent by customers of Tom-Skype, a joint venture between a Chinese wireless operator and eBay. Researchers say the system monitors a list of politically charged words that includes words related to the religious group Falun Gong, Taiwan independence, the Chinese Communist Party and also words like democracy, earthquake and milk powder. The encrypted list of words inside the Tom-Skype software blocks the transmission of these words and records personal information about the customers who send the messages. Researchers say their discovery contradicts a public statement made by Skype executives in 2006 that 'full end-to-end security is preserved and there is no compromise of people's privacy.' The Chinese government is not alone in its Internet surveillance efforts. In 2005, The New York Times reported that the National Security Agency was monitoring large volumes of telephone and Internet communications flowing into and out of the United States as part of an eavesdropping program that President Bush approved after the Sept. 11 attacks. 'This is the worst nightmares of the conspiracy theorists around surveillance coming true,' says Ronald J. Deibert, an associate professor of political science at the University of Toronto. 'It's "X-Files" without the aliens.'"

Read more of this story at Slashdot.

steveit_is writes "Yesterday it was reported that Microsoft's revised CAPTCHA had been cracked. Now it's Google's turn. In a move that is sure to surprise no one, the spammers behind 'Xrumer' have announced that they've not only cracked Google's CAPTCHA, but other forms of image verification as well, including 'pick the cat' style CAPTCHA."

Read more of this story at Slashdot.

Bruce Schneier's blog says "This is good: Microsoft Corp. and the state of Washington this week filed lawsuits against a slew of 'scareware' purveyors, scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software. "

Read more of this story at Slashdot.