Feed aggregator

'Logjam' Vulnerability Threatens Encrypted Connections

Slashdot - Wed, 20/05/2015 - 1:02pm
An anonymous reader writes: A team of security researchers has revealed a new encryption vulnerability called 'Logjam,' which is the result of a flaw in the TLS protocol used to create encrypted connections. It affects servers supporting the Diffie-Hellman key exchange, and it's caused by export restrictions mandated by the U.S. government during the Clinton administration. "Attackers with the ability to monitor the connection between an end user and a Diffie-Hellman-enabled server that supports the export cipher can inject a special payload into the traffic that downgrades encrypted connections to use extremely weak 512-bit key material. Using precomputed data prepared ahead of time, the attackers can then deduce the encryption key negotiated between the two parties." Internet Explorer is the only browser yet updated to block such an attack — patches for Chrome, Firefox, and Safari are expected soon. The researchers add, "Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break." Here is their full technical report (PDF).

Read more of this story at Slashdot.

Healthy Drobo set free by Connected Data to go it alone

El Reg - Wed, 20/05/2015 - 1:01pm
Ex-Brocade veep takes charge of independent biz

Drobo, maker of simple-to-use personal data storage robots which you populate yourself with disk drives, is being spun-out by owner Connected Data, with an investment group buying the business.…

Alca-Lu pitches carrier SDN from Layer 3 to optical

El Reg - Wed, 20/05/2015 - 12:44pm
Network Services Platform hopes to align carriers with clouds

There's still too many disparate systems for carriers to easily go down the software-defined network (SDN) path, Alcatel-Lucent reckons, and it's pitching a network services platform (NSP) to change that.…

LibreOffice 5.0 Open-Source Office Suite Has Been Branched

Phoronix - Wed, 20/05/2015 - 12:34pm
LibreOffice 5.0 is the next version of this popular, cross-platform, open-source office suite and not LibreOffice 4.5 as was originally planned. LibreOffice 5.0 has now been branched in Git with the trunk development now focusing on LibreOffice 5.1...

OpenStack unveils cross-cloud container and code-sharing projects

L'Inq - Wed, 20/05/2015 - 12:33pm

Firm shows how containers can scale across clouds

NetApp consciously uncouples from 500+ staff

El Reg - Wed, 20/05/2015 - 12:32pm
Baffling wordblurt straight from the Gwyneth Paltrow soundbite phrasebook

We're hearing NetApp has laid-off up to 512 staff world-wide in a cost-cutting exercise before its full-year results come out later today.…

OpenGL 4.3 Shader Storage Buffer Objects Coming To Mesa

Phoronix - Wed, 20/05/2015 - 12:21pm
Among other OpenGL 4.x extensions, one of the more recent additions to OpenGL being tackled by open-source developers is ARB_shader_storage_buffer_object...

AP Computer Science Education Scalability: Advantage, Rupert Murdoch?

Slashdot - Wed, 20/05/2015 - 12:20pm
theodp writes: Code.org's AP Computer Science offering won't be going mainstream until the 2016-2017 school year. In the meantime, NewsWorks' Avi Wolfman-Arent reports that Rupert Murdoch's Amplify MOOC just wrapped up its second year of offering AP Computer Science A. And unlike Microsoft TEALS, Google CS First, and Code.org — programs constrained by the number of volunteers, teacher and classroom availability, professional development requirements, and money — Murdoch's AP CS MOOC holds the promise of open-access, unlimited-enrollment, learn-anywhere-and-anytime classes, a la Coursera, Udacity and EdX. So, did Microsoft, Google, Amazon, Facebook, and their leaders place a $30 million bet on the wrong horse when it comes to AP Computer Science scalability? And, even if they've got a more scalable model, will Murdoch's Amplify and schools be willing to deal with higher MOOC failure rates, and allow large numbers of students to try — and possibly drop or fail — AP CS without economic or academic consequences?

Read more of this story at Slashdot.

SimpliVity opens its doors to KVM, OpenStack

El Reg - Wed, 20/05/2015 - 12:17pm
Hyper-V also on the roadmap for hyper-convergence evangelists

Hyper-converged infrastructure company SimpliVity has announced it now supports the KVM hypervisor and OpenStack.…

Galaxy Note 5 release date, specs and price

L'Inq - Wed, 20/05/2015 - 12:04pm

Everything you need to know about Samsung's next-generation phablet

100s of Virgin Media customers hit by handset repair glitch, telco admits

El Reg - Wed, 20/05/2015 - 12:02pm
Clusterf*ck? Pissed-off punters left without phones for weeks

Virgin Media has admitted to The Register that hundreds of its mobile customers were left without their handsets for weeks due to a "glitch" with its repair service.…

Spy-tech firms Gamma and Trovicor target Shell Oil in Oman

El Reg - Wed, 20/05/2015 - 11:42am
Not just activists this time, but Western commercial interests

Exclusive  The Sultan of Oman's intelligence services are spying on the local operations of British oil company Shell with the aid of controversial European tech companies, the Register has learned.…

US Levels Espionage Charges Against 6 Chinese Nationals

Slashdot - Wed, 20/05/2015 - 11:36am
Taco Cowboy writes: The U.S. government has indicted five Chinese citizens and arrested a Chinese professor on charges of economic espionage. The government alleges that they took jobs at two small, American chipmakers — Avago Technologies and Skyworks Solutions — in order to steal microelectronics designs. "All of them worked, the indictment contends, to steal trade secrets for a type of chip popularly known as a “filter” that is used for acoustics in mobile telephones, among other purposes. They took the technology back to Tianjin University, created a joint venture company with the university to produce the chips, and soon were selling them to both the Chinese military and to commercial customers." It's interesting to note that the Reuters article keeps mentioning how this technology — used commonly as an acoustic filter — has "military applications." It's also interesting to look at another recent case involving Shirrey Chen, a hydrologist who was mysteriously arrested on suspicion of espionage, but then abruptly cleared five months later. One can't help but wonder what's driving the U.S.'s new strategy for tackling economic espionage.

Read more of this story at Slashdot.

Candlelit vigil planned to honour executed Newcastle cow Bessie

El Reg - Wed, 20/05/2015 - 11:32am
'A little prayer' for bovine victim of Northumbria Police marksmen

Tearful locals have convened a candlelit vigil to mourn the passing of Bessie the cow, gunned down on Sunday night by Northumbria Police marksmen after hoofing it from the Rising Sun Country Park in North Tyneside.…

Intel: OpenStack is ready for enterprise-grade deployment

L'Inq - Wed, 20/05/2015 - 11:16am

Chip firm backs OpenStack as the operating system for the data centre

Twitter CRAWLS to Google ON ITS KNEES, starts blowing content

El Reg - Wed, 20/05/2015 - 11:15am
Receives fat pipe of huge ad platform once again

Twitter has crawled to Google to get Tweets displayed in the ad giant's search results once again. The micro-blabbing site previously had a deal with Mountain View to provide feeds of tweets directly within its search results.…

Do any REAL CIOs believe we're in a post PC world? No.

El Reg - Wed, 20/05/2015 - 11:01am
Reg roundtable delivers non-rose-tinted view of 2020

CIO Manifesto  One reason for getting a dozen senior IT execs in for a chat is to work out which are the most flagrant lies peddled to us by PRs.…

Fove: 'World's first' eye-tracking VR headset hits Kickstarter to rival Oculus Rift

L'Inq - Wed, 20/05/2015 - 10:41am

Users experience more realistic simulations with reduced motion sickness

Safari URL-spoofing vuln reveals how fanbois can be led astray

El Reg - Wed, 20/05/2015 - 10:37am
Here's website A. Oh, is that the address of website B?

A recently published exploit for the Safari browser demonstrates a URL spoofing mechanism which might convince users they are visiting a legitimate website, when they are actually visiting another site which may be phishing their details.…

Hi! You've reached TeslaCrypt ransomware customer support. How may we fleece you?

El Reg - Wed, 20/05/2015 - 10:22am
Infosec bods tear into the belly of the beast

The TeslaCrypt ransomware gang raked in $76,500 in around 10 weeks, according to new research into the scam.…

Syndicate content