Slashdot Mirror

← Back to Domains

Domain: blogspot.com.au

Stories and comments across the archive that link to blogspot.com.au.

Stories · 10

  1. 600,000 Arris Cable Modems Have 'Backdoors In Backdoors,' Researcher Claims (thestack.com)

    Hardware · Security · · posted by timothy · from the wrapped-in-an-enigma dept. · 76 comments
    An anonymous reader writes: A security researcher using Shodan to probe Arris cable modems for vulnerabilities has found that 600,000 of the company's modems not only have a backdoor, but that the backdoor itself has an extra backdoor. Brazilian vulnerability tester Bernardo Rodrigues posted that he found undocumented libraries in three models, initially leading to a backdoor that uses an admin password disclosed back in 2009. Brazilian researcher Bernardo Rodrigues notes that the secondary backdoor has a password derived in part from the final five digits from the modem's serial number. However, the default 'root' password for the affected models remains 'arris.'

  2. Google Adds Handwriting Input To Android

    Hardware · Android · · posted by timothy · from the dreaming-of-sheep-is-next dept. · 124 comments
    BarbaraHudson writes: The Reg is reporting on the release of Google Handwriting Input for Android smartphones and tablets: "The Chocolate Factory's research arm says handwriting recognition is needed because touchscreen keyboards remain modestly effective and while 'Voice input is an option, but there are situations where it is not feasible, such as in a noisy environment or during a meeting." The Google Research Blog notes that it allows recognition both on-device and in the cloud (by tapping on the cloud icon) in any Android app.

    It works as advertised on my smartphone, so now I can type, speak, or scribble my searches, texts, etc.

  3. Google Finds Vulnerability In SSL 3.0 Web Encryption

    It · Security · · posted by Soulskill · from the another-day-another-vuln dept. · 68 comments
    AlbanX sends word that security researchers from Google have published details on a vulnerability in SSL 3.0 that can allow an attacker to calculate the plaintext of encrypted communications. Google's Bodo Moller writes, SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue. Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response (PDF) is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

  4. Zazzle.com Thinks Depictions of Pi Are Protected Intellectual Property

    Science · Math · · posted by Soulskill · from the attention-i-have-trademarked-the-space-between-letters-please-stop-using-it dept. · 264 comments
    Byteme writes: "A number of Zazzle.com users have had their art and products removed from the site after a man named Paul Ingrisano was granted a trademark for 'Pi Productions' using a logo that consists of this freely available version of the pi symbol from the Wikimedia website combined with a period. He made infringement claims against several websites, and Zazzle took down many clothing products that featured designs using the pi symbol. When users called them on it, they locked a public forum thread and said they're evaluating Ingrisano's complaint."

  5. NSA Trying To Build Quantum Computer

    It · Encryption · · posted by Soulskill · from the looking-forward-to-quantum-leaks dept. · 221 comments
    New submitter sumoinsanity writes "The Washington Post has disclosed that the NSA is trying to build a quantum computer for use in cracking modern encryption. Their work is part of a research project into tackling the toughest equipment, which received $79.7 million in total funding. Another article makes the case that the NSA's quantum computing efforts are both disturbing and reassuring. The reassuring part is that public key infrastructure is still OK when done properly, since the NSA is still working so hard to defeat it. It's also highly unlikely that the NSA has achieved significant progress without outside awareness or help. More disturbing is that it may simply be a matter of time before it fails, and our private messages are out there for all to see."

  6. China Arrests Anti-Corruption Blogger

    Politics · China · · posted by Soulskill · from the forcibly-recommending-a-new-line-of-work dept. · 113 comments
    quantr tips this news from Bloomberg: "A Chinese journalist who posted allegations of corrupt dealings during the privatization of state-owned assets has been formally arrested on a defamation charge, his lawyer said. The Beijing People's Procuratorate approved Liu Hu's arrest on Sept. 30, lawyer Zhou Ze said by phone yesterday. Liu, who worked for the Guangzhou-based New Express, had been in detention since Aug. 24, according to Zhou. Liu's arrest adds to evidence that the government is stepping up a crackdown against people who go online with revelations of official malfeasance. At the same time that the Communist Party has vowed to get tough on corruption, authorities have targeted outspoken bloggers and announced that people who post comments deemed defamatory could face as much as three years behind bars."

  7. $20 'Toy' Deactivates Cheap Home Alarms, Opens Doors

    Tech · Security · · posted by Soulskill · from the don't-come-in-or-i'll-beep-at-you dept. · 153 comments
    mask.of.sanity writes "Cheap home alarms, door opening systems and wireless mains switches can be bypassed with low-cost and home-made devices that can replicate their infrared signals. Fixed-code radio frequency systems could be attacked using a $20 'toy', or using basic DIY componentry. Quoting: 'Criminals might be able to capture IR signals if they can get a line of sight to when the system is being armed or disarmed. If a criminal knows what type of alarm system you're using then they could do what we did here and reverse it for cloning a remote. A more likely scenario is just to buy a duplicate system and use that remote. Not all IR remotes can be switched from the same system. It depends on whether a code is being transmitted and how many variations of the code and remote exist. In the system described in this post, there is no code, just a carrier signal. If a code is being transmitted, then the Infrared toy can capture it and replay it. So that's your best bet for a criminal looking at a completely unknown remote.'"

  8. Google Admits Bitcoin Thieves Exploited Android Crypto PRNG Flaw

    It · Bitcoin · · posted by timothy · from the oopsie dept. · 183 comments
    rjmarvin writes "The theft of 55 Bitcoins, or about $5,720, through Android wallet apps last week was made possible because of flaws in Android's Java and OpenSSL crypto PRNG, Google revealed in a blog post. In the wake of a Bitcoin security advisory and a Symantec vulnerability report, the Android Developers Blog admitted the reason the thieves were able to pilfer their wallet apps. The flaws are already, or in the process of being repaired."

  9. Revamped Google Maps Finally Available On iOS

    Search · Google_Fb · · posted by timothy · from the no-more-billabong-diving dept. · 279 comments
    hcs_$reboot writes "After the disastrous Apple Maps replacement over Google Maps in September, Google has a Maps app on iOS approved and released by Apple today. The app includes turn-by-turn directions, vector-based graphics and live traffic data. It's available from the Apple Store for iPhone and iPod touch (and iPad — iPhone format)." Adds reader snowtigger: "It's a sharper looking, vector-based map that loads quickly and provides smooth tilting and rotating of 2D and 3D views. Google also released the Google Maps SDK for iOS, and a simple URL scheme to help developers use Google Maps when building their beautiful and innovative apps. The new Google Maps app is available for the iPhone and iPod Touch (4th gen) iOS 5.1 and higher, in more than 40 countries and 29 languages." SlashCloud points out that Apple's own maps will be forced to improve as a consequence: "Directions will become more accurate, major towns and landmarks will appear in their proper places. But now that a free, standalone Google Maps app is available for download from Apple’s App Store, will iOS users even give those improving Apple Maps a chance?"

  10. Google Axes Free Google Apps For Businesses

    Tech · Cloud · · posted by Soulskill · from the bringing-home-the-bacon dept. · 141 comments
    New submitter Macfox writes "In a move to focus on serving small business better, Google has axed the popular free edition of Google Apps for businesses. From Dec 6th, it will not be possible to sign up for the free edition. In a statement to the Wall Street Journal, Google's senior vice president in charge of Google Apps said Google wants to provide small businesses that use the free version of the software with dedicated customer support — something only paying customers currently get. 'We're not serving them well,' he said of the free users." Google's blog post notes that "this change has no impact on our existing customers, including those using the free version."