| Welcome, Guest |
You have to register before you can post on our site.
|
| Latest Threads |
Evaluating Kibin.com: An ...
Forum: Off Topic
Last Post: Bowie Tylar
10-12-2023, 09:04 PM
» Replies: 0
» Views: 6
|
Path of Exile Slayer Supe...
Forum: Off Topic
Last Post: KristiaParkins
10-10-2023, 01:50 PM
» Replies: 1
» Views: 12
|
A Comprehensive SpeedyPap...
Forum: Off Topic
Last Post: mollysummers
10-09-2023, 11:36 PM
» Replies: 0
» Views: 8
|
Norway Calls Out Sony, EA...
Forum: Gaming
Last Post: Lockie Terrence
10-09-2023, 03:06 PM
» Replies: 2
» Views: 429
|
MMOexp: FIFA 23 Coins to ...
Forum: Off Topic
Last Post: Nonie Bourne
10-04-2023, 04:43 PM
» Replies: 1
» Views: 11
|
WTS PC/PS/Xbox EA FC 24 C...
Forum: Everything AlienBabelTech
Last Post: Annnapaenin
09-27-2023, 11:23 AM
» Replies: 0
» Views: 8
|
How to choose a good plat...
Forum: Video
Last Post: Annnapaenin
09-21-2023, 02:17 PM
» Replies: 0
» Views: 6
|
You need to know and be w...
Forum: Video
Last Post: Annnapaenin
09-15-2023, 01:51 PM
» Replies: 0
» Views: 8
|
Choose the best platform ...
Forum: Everything AlienBabelTech
Last Post: Annnapaenin
09-14-2023, 11:49 AM
» Replies: 0
» Views: 9
|
It is necessary to prepar...
Forum: Everything AlienBabelTech
Last Post: Annnapaenin
09-12-2023, 12:21 PM
» Replies: 0
» Views: 8
|
|
|
| Apple, Android Hit By FREAK Security Exploit |
|
Posted by: SteelCrysis - 03-04-2015, 08:41 AM - Forum: Software & Programming
- Replies (1)
|
 |
http://www.extremetech.com/computing/200...le-devices
Won't be long before the same people who said "Android is Linux!" will start saying "Android is not Linux!". Note also someone is saying in the comments: Quote:"For reference, the Komodia software we covered extensively over the past few weeks used 1024-bit keys and was broken in hours"
Thats simply not correct. The private key was hidden in plain sight inside the executable code, and was itself encrypted by a much weaker password, that was arrived at using a dictionary attack...
Quote:A recently announced security flaw, dubbed FREAK (Factoring RSA Export Keys) has significant implications for Android and Apple devices that connect to other websites via HTTPS — and offers an object lesson in why deliberately weakening cryptographic standards to allow for backdoors or other forms of “protection” is such an emphatically bad idea.
To understand the problem, we need to cover a bit of history. Back in the early 1990s, the US government treated cryptography as a matter of national security. This resulted in a split system, in which the US used one level of cryptography for domestic software, but internationally distributed programs might set a different encryption level for programs that would be deployed overseas. Netscape, for example, was distributed in both a 128-bit and a 40-bit version.
This left cryptography standards developers stuck between a rock and a hard place. Any software suite or implementation standard had to be able to support both a “strong” version of a standard and a “weak” version, with the NSA or other governmental agency demanding the “weak” version be available to ensure national security. If you follow security even at the most tangential level, you’re undoubtedly aware that government and industry bodies periodically adopt stronger security standards as cracking methods become more sophisticated and computers become more powerful. Old computer ciphers that would’ve taken decades or centuries to decode when they debuted can now be cracked in minutes, in some cases.
The government eventually lifted most of these requirements, thus allowing foreign connections to be secured by the same methods that domestic software used. Unfortunately, SSL was defined during the time period when these restrictions existed. The largest key US companies were allowed to distribute outside the US was a 512-bit RSA key. For reference, the Komodia software we covered extensively over the past few weeks used 1024-bit keys and was broken in hours; current best practice is to use 2048-bit keys.
Matthew Green, a cryptographer and researcher at Johns Hopkins University, summarizes the problem as follows:
“It turns out that some modern TLS clients — including Apple’s SecureTransport and OpenSSL — have a bug in them. This bug causes them to accept RSA export-grade keys even when the client didn’t ask for export-grade RSA. The impact of this bug can be quite nasty: It admits a ‘man in the middle’ attack whereby an active attacker can force down the quality of a connection, provided that the client is vulnerable and the server supports export RSA.”
Now, none of this would be a problem if export-RSA had actually been phased out on schedule. Remember, we’re talking about a security standard based on requirements that were lifted decades ago; Netscape was developing SSL before some of you were born. (Yes, that’s depressing).
Unfortunately, scans show that the export-RSA standard is apparently still supported by up to 36.7% of the sites serving browser-trusted certifications, including Content Distribution Networks (CDNs) like Akamai. Affected websites include NSA.gov, Whitehouse.gov, irs.gov, and tips.FBI.gov, but government sites are far from the only sites affected — a full list of the affected Top 10,000 sites is available here. Crack the 512-bit key, and you’ve got a perfect man-in-the-middle scenario.
It turns out, it costs about $104 worth of Amazon EC2 server time to break a 512-bit RSA key, which makes this kind of flaw eminently practical for certain types of targeted attacks. Apple is expected to patch the problem by next week, but Android users are, in Green’s words, “screwed.” Firefox is reportedly protected for both OS X and Android, so concerned users should consider using that browser (Google is patching Chrome for Mac to make it immune as well).
Also, I fucking LOL at this:Quote:FREAK is an example of how bad security decisions can ripple outwards for decades. The first version of SSL to be publicly deployed, SSL 2.0, launched in 1995 when a Pentium 90 was still a high-end chip. Today, we see government officials in both the US and Britain calling for limited encryption, emphasizing that there’s still a way to support the majority of public security functions while giving law enforcement the ability to break standards, and swearing that such powers will only be used for good.
Don’t believe it.
Attempting to mandate the creation of a deliberately weakened security system inevitably creates flaws and exploits that can be used to attack security infrastructure, often in ways not anticipated by the original backers of the standard. There is no way to mandate weak security that does not compromise a strong system, any more than you can dig a one-way tunnel underneath a castle wall. The only way to avoid these kinds of messes is to stop approving the initiatives that create them.
Yeah, giving law enforcement the option to break encryption by breaking standards is totally wrong, and not giving them the option thus merely delaying the inevitable breaking of encryption as computer hardware leaps in performance thanks to GPU computing power is right.
|
|
|
| Khronos Announces Vulkan API, Fusing Desktop and Mobile |
|
Posted by: SteelCrysis - 03-04-2015, 02:59 AM - Forum: Video
- Replies (1)
|
 |
https://www.khronos.org/news/press/khron...te-on-gpus
I would make yet another reference to Longs Peak, but that would be redundant. Of course, Gaben has to get his fat ass into the press release. With that done, if failure happens, everyone but Valve will be blamed, regardless of whatever the truth is. Quote:March 3rd 2015, San Francisco, GDC – The Khronos™ Group, an open consortium of leading hardware and software companies, today announced the availability of technical previews of the new Vulkan™ open standard API for high-efficiency access to graphics and compute on modern GPUs used in a wide variety of devices. This ground-up design, previously referred to as the Next Generation OpenGL® Initiative, provides applications direct control over GPU acceleration for maximized performance and predictability, and uses Khronos’ new SPIR-V™ specification for shading language flexibility. Vulkan initial specifications and implementations are expected later this year and any company may participate in Vulkan’s ongoing development by joining Khronos. Industry feedback is welcomed at https://www.khronos.org/vulkan/vulkan_feedback_forum.
“Industry standard APIs like Vulkan are a critical part of enabling developers to bring the best possible experience to customers on multiple platforms,” said Valve's Gabe Newell. “Valve and the other Khronos members are working hard to ensure that this high-performance graphics interface is made available as widely as possible and we view it as a critical component of SteamOS and future Valve games.”
|
|
|
| Netflix Goes Full Hypocrite, Opposes Net Neutraility in Australia |
|
Posted by: SteelCrysis - 03-04-2015, 02:02 AM - Forum: Software & Programming
- Replies (1)
|
 |
http://www.dslreports.com/shownews/Netfl...les-132830
I guess it's OK to be a hypocrite if it's for the good of the consumer. Quote:While Netflix has been an incredibly vocal supporter of net neutrality and a massive opponent of usage caps here in the States, apparently those positions didn't make the ocean voyage to Australia. Janko Roettgers at GigaOM notes that Netflix will be launching in Australia on 24, much to the pleasure of those who've had to use VPNs to access out of market Netflix content. Oddly however, Netflix has been striking deals with ISPs there to have its content exempt from usage caps.
Broadband provider iiNet offers a variety of DSL plans with usage caps ranging from 100 GB to 1 Terabyte, with each additional gigabyte charging users around fifty cents. Except Netflix has struck a deal that will make Netflix exempt from those caps entirely.
"Working with iiNet to offer quota-free Netflix content gives more people the opportunity to familiarise themselves with who we are and what our service offers,” Netflix said in an announcement. The company is working on striking similar deals with Optus and other Australian ISPs, giving the streaming operator a leg up over other services.
That position is a far cry from Netflix's stance here in the States, where the company has criticized draconian usage caps for being a ham fisted way for incumbents to prop up sagging TV revenues in the face of Internet video. When the company entered Canada, Netflix executives went so far to claim that usage caps made for "third world broadband," and joked that Canadian broadband rates were so bad, they almost qualified as "human rights abuses."
Netflix has also been a fierce critic of exempting content from usage caps. Specifically, Netflix CEO Reed Hastings complained a few years ago on Facebook about how Comcast's content was cap-exempt if funneled via the Xbox 360.
...
Obviously the U.S. and Australian broadband markets have notable differences, including transit costs. Australian ISPs have employed usage caps for so long, many customers there have grown comfortable with the idea (though not too comfortable). That's in contrast with the States, where customers have grown used to unlimited flat-rate offerings, and react poorly when having strict usage limits foisted upon them.
And while a growing number of nations have passed net neutrality rules (and have specifically outlawed this kind of "zero rating" of services), net neutrality hasn't quite caught on with the same fervor in Australia. Netflix obviously wants to have a successful Australian launch without rocking the boat upon entry, though it seems likely they may change their tune on caps and neutrality once they've established a more comfortable beach head.
|
|
|
| Steiger Dynamics Explains Why HTPCs Have Stagnated |
|
Posted by: SteelCrysis - 03-04-2015, 01:55 AM - Forum: General Hardware
- No Replies
|
 |
http://www.tomshardware.com/news/steiger...28646.html
Valve could have learned from the failure of HTPCs when they were considering Steam Machines, but of course Valve can't even learn from their past and make SteamOS exclusives. Quote:Even with a wide variety of products available, the idea of using an HTPC instead of a regular PC isn't widely accepted. Most people choose a regular desktop computer for daily use, or a decent laptop, or some combination. We spoke to Steiger Dynamics CEO Martin Gossner about the current state and future of HTPCs, and how they can compete in the PC market.
...
"…a typical living room has a lot of single devices, like a Blu-ray player, cable box, NAS, Apple TV, Roku, Chromecast, and gaming console. When you sum up the cost for all of those devices, the cost of an HTPC is redeemed really quickly. Furthermore, an HTPC does not only replace those devices, but does the same functions even better. This means fewer cables, fewer remotes, and no constant switching between TV and HDMI inputs."
Even with all its features, the hefty price tag is still a big concern. That's why people still buy Blu-ray and DVD players or gaming consoles to satisfy most, if not all, of their living room needs. However, Gossner pointed out that HTPCs, unlike other living room devices, can easily be upgraded.
...
Although PC gaming has been mostly based in users' bedrooms or personal offices, companies like Steiger and Origin, as well as the whole array of Steam Machines, sparked the idea of bringing PC games out of the bedroom and into the living room. Again, the biggest issue is not necessarily cost, as many gamers have a budget in mind that does the job for a little less than the cost of an HTPC. Also, console gamers pay even less than PC gamers, but unlike PCs, consoles don't have the flexibility to upgrade components.
...
The challenge now is convincing people to ditch their home theater system or PC for an HTPC. Gossner believes that there many assumptions that go along with having an HTPC, such as TV latency issues for gaming. He also mentioned that companies must look at demographics to determine the advantage of using an HTPC versus owning a home theater system or desktop PC.
However, it seems that HTPCs are slowly being adopted for a wide range of uses.
"We have a lot of customers who completely gave up their desktop and do everything on their HTPC. We even have customers who work from home and want to use our system for all their creative tasks," he said. This is one of the reason [sic] why we launched the LEET Pro at this year's CES."
So where does that put HTPCs in the long run? At the moment, it's still uncertain, but early adopters, from Gossner's perspective, are very happy with Steiger's products and wouldn't want to go back to a regular desktop PC. There's a lot of work to be done on Steiger's end to convince diehard PC fans to switch to an HTPC, but as long as people are interested, Steiger, Origin, and the multitude of companies with their Steam Machines will continue to improve on HTPCs.
|
|
|
| Democrats Plan To Win Elections With Illegal Alien Votes |
|
Posted by: SteelCrysis - 03-03-2015, 10:08 PM - Forum: News & Politics
- No Replies
|
 |
http://news.investors.com/ibd-editorials...htm?p=full
Normally I wouldn't agree with anything Phyllis Schlafly says, but this is nothing the Democrats haven't done before: http://en.wikipedia.org/wiki/Tammany_Hal...nt_support Quote:Tammany Hall also served as a social integrator for immigrants by familiarizing them with American society and its political institutions and by helping them become naturalized citizens. One example was the naturalization process organized by William M. Tweed. Under Tweed's regime, "naturalization committees" were established. These "committees" were made up primarily of Tammany politicians and employees, and their duties consisted of filling out paperwork, providing witnesses, and lending immigrants money for the fees required to become citizens. Judges and other city officials were bribed and otherwise compelled to go along with the workings of these committees.[29] In exchange for all these benefits, immigrants assured Tammany Hall they would vote for their candidates.[25] By 1854, the support which Tammany Hall received from immigrants would firmly establish the organization as the leader of New York City's political scene.[25] With the election of Fernando Wood as mayor in 1854, Tammany Hall would now dominate New York City politics until Fiorello La Guardia won the mayoral election of 1934.
|
|
|
| Steam Fanboy Accuses Origin of Spying, But Steam Allows Precisely The Same |
|
Posted by: SteelCrysis - 03-03-2015, 12:00 PM - Forum: Gaming
- No Replies
|
 |
http://www.eteknix.com/investigation-sta...1737942321
Obvious Steam fanboy is obvious, don't let the GOG reference fool you:
Quote:Well, it's dec' 2014 now and the Origin EULA still says it will snoop!! Uninstalled :-(
Gog.com is getting the lion's share of my game spend these days, when you buy a game from them it's yours without any DRM or spying crap.
http://www.eteknix.com/investigation-sta...1737942321
Quote:Current Origin EULA:
Quote:You agree that EA may collect, use, store and transmit technical and related information that identifies your computer (including the Internet Protocol Address), operating system, Application usage (including but not limited to successful installation and/or removal), software, software usage and peripheral hardware, that may be gathered periodically to facilitate the provision of software updates,
dynamically served content, product support and other services to you, including online services. EA may also use this information combined
with personal information for marketing purposes and to improve our products and services. We may also share that data with our third party
service providers in a form that does not personally identify you
AKA they say they are going to spy on your computer usage and maybe give that information to other companies.
Actually, this is probably illegal in the EU because of data protection laws.
Steam permits exactly the same, yet if my response makes it through moderation due to its including a link, and he notices my response to him, he'll deny it even though I confronted him with the exact words that permit it: http://store.steampowered.com/privacy_agreement/
Quote:By using Valve's online sites, products, and services, users agree that Valve may collect personally identifiable information (as defined below). Valve will not share personally identifiable information with other parties except as described in this policy. Valve may also collect aggregate information and individual information. "Aggregate information" is information that describes the habits, usage patterns, and demographics of users as a group but does not describe or reveal the identity of any particular user. "Individual information" is information about a user or user’s machine that is presented in a form distinguishable from information relating to other users but not in a form that personally identifies any user or enables the recipient to communicate directly with any user. Valve may share aggregate and individual information with other parties without restriction.
|
|
|
|