Archive for the ‘DailyTech’ Category
DailyTech – Huge Hole in Open Source Software Found, Leaves Millions Vulnerable
Posted on: May 23, 2008
- In: - | DailyTech | Found | Hole | Huge | in | Leaves | Millions | Open Source | Software | Vulnerable
- Leave a Comment
It is incredible just how big the effects of the newly discovered error in open source key generation is
For all the criticism of Microsoft and its security flaws, the software giant has made an impressive turnaround. While Vista has been derided for a variety of reasons, most would agree that it’s much more secure than Windows XP. Recently, a hacker conference showed just how vulnerable systems running Mac OS X are, due to their slow rate of patches. The Mac machine was hijacked within 10 minutes, while the Linux and Windows boxes survived the day.
Now an even worse security flaw has been found in some of the basic code used by a wide variety of Linux security programs. The error originated back in May 2006 when workers on the open-source security project committed a grave and unrealized error.
A simple programming error reduced the entropy in the generated program keys created by the OpenSSL library. Why does this matter? The OpenSSL library’s key generation and other routines are used by the SSH remote access program, the IPsec Virtual Private Network (VPN), the Apache Web server, secure email clients, programs that offer secure internet portals and more.
Just two lines of code created crippling security holes in four different open source operating systems, 25 application programs, and millions of internet-attached computer systems. The vulnerability was publicly discovered for the first time May 13, after having left the door open nearly two years. A patch has been distributed, but that can do nothing to repair the damage that has occurred to compromise systems. Worse yet, it appears that through the installation of compromised keys on other systems, numerous systems not even running the code have likely been compromised.
To understand the error fully, a basic discussion on cryptography is essential. On a network anyone can peek at traffic, which is bad news for anyone sharing personal information. However, by using keys, information can be encrypted and then decrypted on the other side by a friendly computer with the proper key. As a “secure key” is typically 128 bits, which is 2128 or about 3.4*1038, the possibility of breaking the key by merely by a brute force attack is out of the realm of modern computing power. A brute force attack simply involves guessing every single number, but to try to do this on a number of this size would take many years.
DailyTech – Huge Hole in Open Source Software Found, Leaves Millions Vulnerable
Posted on: May 23, 2008
- In: - | DailyTech | Found | Hole | Huge | in | Leaves | Millions | Open Source | Software | Vulnerable
- Leave a Comment
It is incredible just how big the effects of the newly discovered error in open source key generation is
For all the criticism of Microsoft and its security flaws, the software giant has made an impressive turnaround. While Vista has been derided for a variety of reasons, most would agree that it’s much more secure than Windows XP. Recently, a hacker conference showed just how vulnerable systems running Mac OS X are, due to their slow rate of patches. The Mac machine was hijacked within 10 minutes, while the Linux and Windows boxes survived the day.
Now an even worse security flaw has been found in some of the basic code used by a wide variety of Linux security programs. The error originated back in May 2006 when workers on the open-source security project committed a grave and unrealized error.
A simple programming error reduced the entropy in the generated program keys created by the OpenSSL library. Why does this matter? The OpenSSL library’s key generation and other routines are used by the SSH remote access program, the IPsec Virtual Private Network (VPN), the Apache Web server, secure email clients, programs that offer secure internet portals and more.
Just two lines of code created crippling security holes in four different open source operating systems, 25 application programs, and millions of internet-attached computer systems. The vulnerability was publicly discovered for the first time May 13, after having left the door open nearly two years. A patch has been distributed, but that can do nothing to repair the damage that has occurred to compromise systems. Worse yet, it appears that through the installation of compromised keys on other systems, numerous systems not even running the code have likely been compromised.
To understand the error fully, a basic discussion on cryptography is essential. On a network anyone can peek at traffic, which is bad news for anyone sharing personal information. However, by using keys, information can be encrypted and then decrypted on the other side by a friendly computer with the proper key. As a “secure key” is typically 128 bits, which is 2128 or about 3.4*1038, the possibility of breaking the key by merely by a brute force attack is out of the realm of modern computing power. A brute force attack simply involves guessing every single number, but to try to do this on a number of this size would take many years.
DailyTech – The Ranting of a Madman: Google $5 Billion Lawsuit Dismissed Twice
Posted on: May 1, 2008
Jayne’s handwritten court documents (Source: Justia.com)
Pennsylvania inmate loses strange case in court of appeals
Pennsylvania resident Dylan Stephen Jayne saw his bizarre $5 billion “crimes against humanity” lawsuit against Google shot down a second time, this time by the U.S. Court of Appeals for the Third Circuit.
Jayne filed suit against Google last September, seeking $5 billion in damages over claims that Google’s founders committed aided terrorists and violated his privacy – due to the fact that part of Jayne’s Social Security number is somehow visible when the Google logo is turned upside down. His complaint was submitted, handwritten, to a Pennsylvania Middle District court along with motions to expedite nearly every step of his case – including motions to expedite payment, filing exhibits, and even a motion to expedite previously filed motions to expedite.
Pennsylvania District Judge James Munley dismissed Jayne’s suit sua sponte (on its own) nine days after it was filed, on the grounds that Jayne failed to make any actionable claims.
A month later, Jayne sought to appeal – again submitting a handwritten Motion to Appeal, taking the case to the Pennsylvania Supreme Court. The Appeals court chose to uphold the lower court’s decision, noting that Jayne’s claims – which invoked an obscure law that applied to state actors, to which Google does not apply – failed to demonstrate any instance of Google depriving him of Constitutionally-protected rights while the company acted “under color of state law.”
“It is clear that [none of the] criteria is satisfied here,” said the Appeals Court judge. “As explained by the District Court, Google and its founders are not state actors, and Jayne’s allegation concerning his coded social security number does not constitute a violation of the Constitution or federal law.”
Further, the court agreed that “any amendment of the complaint would be futile.”
A promotional poster made for street-marketing (Source: Rockstar Games)
Crime occurs outside GTA IV midnight launch
It might be just a part of the circle of art and real life, but a terrible but not entirely surprising act of crime happened around the launch of Grand Theft Auto IV. Police say that a 23-year old man was walking past a queue of people in the UK waiting for the midnight release of the latest game from Rockstar, according to the BBC.
The victim was eventually found and taken to hospital for treatment of several stab wounds. Witnesses described the suspect “as being a light skinned black man aged about 21, 6ft 5ins tall, of medium build wearing a light grey hooded top.”
No mention was made if there was any connection between the victim or attacker, nor if there was anything linking either party to the launch of Grand Theft Auto IV. But the mere fact that the attack occurred right outside a crowd waiting for the latest chapter in the most controversial videogame of all time could have the anti-videogame sharks circling.
A stabbing of any sort is troubling, but the media deliberately noted that it took place outside the release of what it believes could be the fastest-selling game of all time says something about the reputation of GTA and the people that play it.
“I never got money for reprogramming Echostar cards. Someone is trying to set me up,” said Christopher Tarnovsky with regards to the allegations leveled against him.
News Corp claims hackers only assisted in internal network security
The world’s “second best hacker” says he was hired under the table by media conglomerate News Corp, which owns the Wall Street Journal, MySpace, Fox News, and DirecTV.
Christopher Tarnovsky, testifying in Echostar v. NDS, says he was paid $20,000 — mailed inside electronics sent from Canada — to break into DISH Network’s satellite system and steal security codes necessary for pirating DISH Network’s satellite signals. EchoStar communications, which owned the DISH Network before a split in December of 2007, alleges that hackers from NDS Group, owned by News Corporation, employed hackers to flood the market with smart cards for satellite receivers designed specifically to steal paid DISH content. Both EchoStar and DISH, as separate entities, are plaintiffs in the case.
The suit alleges that the smart cards cost DISH $900M in lost sales and network repairs.
Tarnovsky says that while he was employed to develop “pirating software,” it was not used against DISH or any other rival – instead, it was designed to secure DirecTV’s network.
DISH attorneys said Tarnovsky constructed a device called “The Stinger” – which Tarnovsky admitted to doing – that was able to interface with any smart card, regardless of which company it was designed to work with. Tarnovsky says his actions with The Stinger were aboveboard, but DISH attorneys claimed that hackers and/or NDS employees used it to reprogram at least 50 DISH Network smart cards.
“I never got money for reprogramming Echostar cards,” Tarnovsky testified. “Someone is trying to set me up.”
- In: DailyTech | Devise | for | Google | images | Researchers | VisualRank
- Leave a Comment
Google creates PageRank for images
When Google introduced its PageRank algorithm long ago it allowed web searchers to have a metric they could look at and easily determine the authority of a webpage. Google researchers are now saying they have developed technology to do for images what PageRank did for web pages.
The New York Times reports that a pair of Google scientists presented a paper called “PageRank for Product Image Search” at the International World Wide Web Conference in Beijing. The software technology is being called VisualRank and is at its core an algorithm that blends techniques for recognizing images and technology for weighting images and ranking them based on what looks the most similar.
Google already has an image search engine that is widely held to be one of the largest image databases online. The current image database pulls images based on clues from text associated with each image. This for instance is why you might get an image of President George W. Bush if you did an image search for Republican.
What the paper the Google researchers presented proposes is a method to actually rank images based on things in the image. Technology has been in place to recognize faces in images for a while, but identifying other things by computer in an image that humans can identify at a glance like a car or mountain has lagged.
Google researchers Shumeet Baluja and Yushi Jing told the New York Times, “We wanted to incorporate all of the stuff that is happening in computer vision and put it in a Web framework.”
- In: DailyTech | Executives | Fear | Grand Theft Auto IV | Iron Man
- Leave a Comment
(Source: Paramount)
Hollywood worried gamers will ignore Iron Man
The target audience for summer blockbuster movies aren’t that different from blockbuster video games. Popcorn flicks feature fast-paced action with special effects, and hit games usually also feature intense action sequences with the latest graphical tricks. Perhaps for this reason, some Hollywood executives are sweating the release of Grand Theft Auto IV.
In particular, the Iron Man movie will hit screens at the end of this week in an environment now filled with people playing Grand Theft Auto IV. The target demographic for Iron Man shares much overlap with GTA IV, causing some concern for Hollywood.
According to the Financial Times, EA CEO John Riccitiello said that movie executives have told him they worry that GTA IV would take away from Iron Man box office. “I don’t think I’ve ever heard of that before,” he says. “There’s a big reset happening now.”
This isn’t the first time that Hollywood is looking at a hot game property with some trepidation. Last fall, the release of Halo 3 pulled in at $170 million on day one, eventually amounting to over $300 million on the game alone in the first week.
A piece of the reusable paper, eight hours ago read ‘Reusable Paper. Xerox Parc Inside Innovation at Xerox’. Now it is blank. (Source: Michael Kanellos/CNET Networks)
An outlandish Bond-esque idea actually may deliver real environmental and financial promise
What self respecting paper company would look to develop paper that could be reused multiple times at an affordable price? One that is in the printer, apparently. The Palo Alto Research Center (PARC) a child of printing giant Xerox have been developing a unique paper with fading “ink” that it soon hopes to market.
The process requires the works — a special printer and a special type of paper — but the results are intriguing. After 16 to 24 hours the “ink,” once printed clearly on the page fades. This could have numerous uses such as being used for memos, restaurant menus, and much more. After the “ink” fades, the paper can be reused.
The paper utilizes a coat of photosensitive chemicals, which darken when exposed to UV light. The printer uses no real ink, but writes in UV light. Users can wait for the ink to fade, or put it back in the printer, which will automatically wipe anything on the sheet, even if it hasn’t yet faded.
According to Xerox, the technology is only a few years away from hitting the market. Eric Shrader, area manager, energy systems, device hardware laboratory at Xerox says one key advantage is that the same sheet of paper, in testing, has been shown to be able to be reused hundreds of times. Only damage or crumpling would prevent reuse.
The end result is a large savings in energy and production costs. Reusing is better than recycling or making new material from scratch in that it takes less energy and resources. It takes 204,000 joules to make a sheet of standard 8.5×11 paper, enough power to run a 60 watt lightbulb for an hour. It takes 114,000 joules to recycle the same size piece of paper. Printing that size on a traditional printer requires around 2,000 joules.
The UV printer only requires 1,000 joules to print with erase, or 100 joules to print to a faded sheet. Thus not only are the paper production costs dramatically decreased, but the printing costs are as well. According to Schrader, “Being able to reuse paper is a big energy win.”
PARC has focused heavily on power usage over the years. The enterprising center helped to create the PC, inkjet printing, and Ethernet networking. In its early days it often failed to properly secure its inventions, so other companies like Apple Computer openly “borrowed” from it. Today the center focuses on developing, securing, and licensing new innovative technologies.
Toyota plans to go full-bore with third-generation Prius.
When someone tosses around the word “hybrid”, one vehicle typically first comes to mind: the Toyota Prius. The first generation model was introduced in ‘00 as a ’01 model while the second generation model came out in ’03 as an ’04 model.
The original Prius got Americans talking about hybrid vehicles, but it was the second generation model that really set things in motion for Toyota and its aim to equip the bulk of its lineup with hybrid technology. The second generation Prius — classified as a mid-size sedan — manages to achieve EPA ratings of 48 MPG/45 MPG city/highway thanks to its 1.5-liter gasoline engine and its hybrid-electric system.
Toyota is looking to boost the appeal and size of the third generation Prius which is due to be unveiled at the 2009 Detroit Auto Show. The vehicle will catch the disease that seems to afflict every new vehicle redesign these days: further increases in exterior dimensions. According to AutoObserver, the next Prius will gain roughly four inches in length and an inch in width.
The larger Prius will also be powered by a new 1.8 liter gasoline engine. Power will increase from 75 HP today to around 100 HP. This will push the combined gasoline engine/Hybrid Synergy Drive combination to 160 HP. The increased displacement should allow the third generation Prius to accelerate faster and should squash any performance complaints leveled against the current model.
As stated in previous DailyTech articles, the third generation Prius will continue using nickel-metal hydride batteries for its initial run. Toyota will switch over to more efficient lithium-ion batteries as soon as performance, safety, and production concerns are ironed out. The use of lithium-ion batteries should also allow for better packing efficiencies and a longer driving range when operating in electric-only mode.
Google, a champion of internet advertising, seeks to test its hand at cell phone ads
With more and more cell phones supporting capable browsers, a logical area of expansions is the advertising market for cell phone browsers. Most ads have trouble with cell phone browsers resolutions and are not conducive for the environment. This is troublesome as the cell phone internet industry today is what the internet of yesterday was — financially unfueled.
In the early days of the internet in the 1990s, large companies sprang up promoting websites which reached massive values by only providing amorphous content and limited services. These sites made billionaires of people like Mark Cuban, but inevitably the bubble burst and the market fell apart.
Today much of the modern internet is driven heavily by advertising, similar to the offline news industry. If the internet is a vehicle, advertising is the fuel that drives much of it. And these days, cell phone internet connections provide little “fuel” to the internet. Google seeks to change that.
Google on Wednesday announced that it will be deploying small brand-image advertisements, which it is custom making. When the site detects a cell-phone browser, it will switch to displaying these ads. This, Google hopes, will help it conquer the vast new emerging market.
Google feels that its fate is inextricably tied to cell phones and other mobile devices as the industry continues to shift toward mobile sales and development. The company has heavily invested in developing an OS named Android, which it hopes will help standardize the mobile phone industry. And like most Google products, the OS will likely find a way to tie in ads for revenue.
The new system Google will be rolling out for mobile browser advertising will display images similar to those seen on PC browsers. The images will be scaled optimally to look appropriate on the small screen. Advertisers will pay on a per click basis, and are only allowed to link to pages optimized for mobile phones.
Valleywag - valleywag.wordpress.com 
Recent Comments