The iPod as burglary tool?
http://slashdot.org/article.pl?sid=06/11/18/154229&from=rss
Man Used MP3 Player To Hack Cash Machines
Posted by CowboyNeal on Saturday November 18, @11:21AM from the easy-money dept. The Almighty Buck Hardware Hacking Security The Courts
Juha-Matti Laurio writes "A man in Manchester, England has been convicted of using an MP3 player to hack cash machines. The MP3 player was plugged into the back of free standing cash machines in bars. Tones being recorded from the phone line were decoded with special software to a readable format. Later this information was used to clone credit cards."
Too techie for you?
http://it.slashdot.org/article.pl?sid=06/11/18/2030247&from=rss
A New Vulnerability In RSA Cryptography
Posted by kdawson on Saturday November 18, @04:45PM from the predictions-of-trouble dept. Encryption Security
romiz writes, "Branch Prediction Analysis is a recent attack vector against RSA public-key cryptography on personal computers that relies on timing measurements to get information on the bits in the private key. However, the method is not very practical because it requires many attempts to obtain meaningful information, and the current OpenSSL implementation now includes protections against those attacks. However, German cryptographer Jean-Pierre Seifert has announced a new method called Simple Branch Prediction Analysis that is at the same time much more efficient that the previous ones, only needs a single attempt, successfully bypasses the OpenSSL protections, and should prove harder to avoid without a very large execution penalty." From the article: "The successful extraction of almost all secret key bits by our SBPA attack against an openSSL RSA implementation proves that the often recommended blinding or so called randomization techniques to protect RSA against side-channel attacks are, in the context of SBPA attacks, totally useless." Le Monde interviewed Seifert (in French, but Babelfish works well) and claims that the details of the SBPA attack are being withheld; however, a PDF of the paper is linked from the ePrint abstract.
http://yro.slashdot.org/article.pl?sid=06/11/18/2112248&from=rss
New Google Service Manipulates Caller-ID For Free
Posted by kdawson on Saturday November 18, @07:31PM from the party-to-whom-you-are-speaking dept.
Lauren Weinstein writes to raise an alarm about a new Google service, Click-to-Call. As he describes it, the service seems ripe for abuse of several kinds. One red flag is that Google falsifies the caller-ID of calls it originates for the service. From the article: "Up to now, the typical available avenue for manipulating caller-ID has been pay services that tended to limit the potential for large-scale abuse since users are charged for access. Google, by providing a free service that will place calls and manipulate caller-ID, vastly increases the scope of the problem. Scale matters."
http://www.bespacific.com/mt/archives/013056.html
November 17, 2006
DOJ OIG Report on Top Management and Performance Challenges in the Department of Justice - 2006
DOJ OIG - Top Management Challenges in the Department of Justice - 2006 Challenges [Full Report]
Section by section:
http://www.researchbuzz.org/wp/2006/11/18/new-wiki-for-librarians-ambientlibrarian/
November 18, 2006
New Wiki for Librarians — AmbientLibrarian
Filed under: Net-Tech-Wikis
I’m not the only one who’s been messing with MediaWiki. AmbientLibrarian, at http://www.ambientlibrarian.org/ , is a wiki designed to keep librarians up to date with Web 2.0 technologies.
Categories include Blogs, Cool Tools, Digital Libraries, and, of course, Wikis. For those of you interested in Wikis and want to give ‘em a try, there’s a sandbox where you can practice your wiki editing skills.
No too much activity here — looks like the site’s less than a week old. Plenty of information, though, and a nice outline of categories.
Is there a legal equivalent of “first, do not harm?”
http://news.zdnet.co.uk/security/0,1000000189,39284750,00.htm
Cybercrime laws 'will harm security research'
Police and Justice Bill could hamper malware research and affect Linux distributions, experts warn
Updated cybercrime laws could have a "chilling effect" on anti-malware research, security experts warned this week.
The Police and Justice Bill 2006, which received Royal Assent last Wednesday, contains amendments to the Computer Misuse Act 1990 that alter the law surrounding the creation and distribution of 'dual use' software tools. These are tools such as nmap – a security scanner – which are primarily used by legitimate users and security researchers, but can also be used by hackers to scan networks for vulnerabilities. [nmap is at http://insecure.org/nmap/ Bob]
The amendments to the law could potentially prohibit the downloading of such security tools, according to Malcolm Hutty, head of public affairs at the London Internet Exchange (LINX).
"We do have to have responsible software supply. However, [under these amendments] any form of download tool could be prohibited," said Hutty earlier this week. "The Government is inadvertently throwing the baby out with the bathwater."
Part 37 of the Police and Justice Bill amends section 3A, clause 2 of the CMA, and states: "A person is guilty of an offence if he supplies or offers to supply any article believing that it is likely to be used to commit, or to assist in the commission of, an offence."
This will place serious constraints on the distribution of security tools, as the prosecution must only prove that the distributor believed it was likely that the tool will be used for hacking, even if this was not his intention, said Richard Clayton, a Cambridge University security expert. This would include malware researchers, ISPs and universities that host download tools, Clayton claimed.
Malware researchers could also be severely constrained by the new law because of the definition of "article", according to Clayton and Hutty. Clause 4 of section 3A states: "In this section 'article' includes any program or data held in electronic form."
The law is supposed to cover virus writing and hacking tools, but the wording of the law also covers the disclosure of software flaws, according to Hutty.
"In theory this covers the announcement of software flaws. The fear in the security world is that the legislation makes it possible for a vendor to come along and say that if security researchers are making [software-flaw] information available to the public, they must know it will be used to exploit software, as well as used for beneficial purposes," said Hutty. "The chilling effects on security research is a concern."
Clayton added: "If you approach a company and say you've found a problem, they can issue a writ to silence you. HSBC threatened to sue the Guardian [over reports of research by Cardiff University into HSBC's online banking authentication procedure]. This shows people are starting to think about going to the law to deal with bad news about security."
Several experts raised concerns about the amendments in the Police and Justice Bill earlier this year, which prompted the Government to make some changes.
LINX has expressed its concerns to the Home Office, and has asked the Government to clarify the law. The director of public prosecutions will issue guidelines on how the law is used.
As well as security researchers, Linux distributions could also be affected, as they often bundle dual-use systems administration tools, such as TCP dump and nmap, said Hutty.
"TCP dump gives a raw view of what's passed over your network. It's clearly in the public interest that the tool is available – but it could also be used for bad purposes," Hutty explained.
Clayton and Hutty were speaking at an event hosted by anti-spam appliance vendor Barracuda Networks.
I contend that a blawg is a great way for lawyers to differentiate themselves...
http://www.technewsworld.com/rsstory/54327.html
Blogging Lawyers: The Ethics Debate
By Ameet Sachdev Mclatchy-Tribune News Service 11/19/06 4:00 AM PT
The marketing potential, whether explicit or not, of law-related blogs -- or "blawgs" as some attorneys have come to call their online journals -- is raising some tricky ethical questions for the profession, which regulates lawyer advertising. Those issues have come to the forefront in recent months.
...they may even make a buck or two...
http://www.economist.com/printedition/displayStory.cfm?story_id=8173520&fsrc=RSS
Going pro
Nov 16th 2006 | SAN FRANCISCO From The Economist print edition
More people are quitting their day jobs to blog for a living
... Until recently, there were two main kinds of blogs. Most of the 57m blogs in existence are personal diaries that happen to be online. These blogs have tiny audiences and make no effort to sell advertising.
... The second main kind of blogs are, in effect, niche magazines that choose to publish in a blog format. These blogs are explicitly run as businesses, with paid staff doing the writing and sales departments selling advertising. The best example is Gawker Media, a stable of blogs that includes Gawker, a New York gossip site, and Gizmodo, a blog devoted to gadgets. Collectively its 14 blogs get 60m page views a month. Such blogs are “the most profitable media business today,” says Jason Calacanis, who runs Weblogs Inc, another stable of popular blogs that he sold to AOL, the web arm of Time Warner, a year ago. His sites, including Engadget, another gadget blog, are “an eight-figure-a-year business” with negligible distribution costs compared with the huge printing and shipping bills of traditional magazines.
Now, however, a third category is emerging: the mom-and-pop blog. “In the old days, we used to be called newsletter publishers,” says Om Malik, a technology writer who quit his job at Business 2.0 magazine in June to work full-time on his blog, GigaOm. He has hired two other writers, and his blog now attracts about 50,000 readers a day, generating “tens of thousands” in monthly revenues. Costs, including salaries, are around $20,000 a month.
Video blawgs might be even better. Think of them as recorded classes or seminars.
http://digg.com/videos_educational/Google_TechTalks
Google TechTalks
kevinrose submitted by kevinrose 13 hours 44 minutes ago (via http://video.google.com/videosearch?q=Google+engEDU )
"Google TechTalks are designed to disseminate a wide spectrum of views on topics including current affairs, science, medicine, engineering, business, humanities, law, entertainment, and the arts."
[Try searching google for “Google engEDU law” Bob]
Since e-Discovery (to cite one example) results in vast volumes of data, this is something to pay attention to...
http://www.our-picks.com/archives/2006/11/18/300gb-holographic-cds-will-be-available-this-week/
300GB Holographic CD’s will be available this week
November 18th, 2006
There was a rumor for some time now, that a large capacity disc will be developed, but nothing on-topic has proven so yet. Now, Hitachi-Maxell is planning to organize a showcase this week, and present to the open public their new 300GB holographic CD’s. It does seem like this is Science-Fiction, but I can assure you it’s not.
We are all asking ourselves what would be the advantages and disadvantages of this removable media. Within advantages, I could mention the transfer rate of 20MB/s, the high capacity and the multitude of operations that could be fulfilled with the help of it, like large amounts of backups, uncompressed media (movies and audio) that could be easily edited later, and many many more.
Disadvantages? The price, of course. It’s expected that one holographic disc will cost somewhere between $100 and $125, and the optical drive that will be able to operate them will go up to $15.000! And wait, there’s more for the future. In 2008, InPhase plans a second-generation 800GB rewritable optical disc with data transfer rates of about 80MBbps, with plans to expand its capacity to 1.6TB by 2010.
No comments:
Post a Comment