Slashdot Mirror
Domain: h-online.com
Stories and comments across the archive that link to h-online.com.
Comments · 204
-
We are SLAVES.
http://thehiddenevil.com/
https://en.wikipedia.org/wiki/Cointelpro
https://en.wikipedia.org/wiki/Citizens'_Commission_to_Investigate_the_FBI
https://en.wikipedia.org/wiki/GaslightingSmart meters reveal TV viewing habits
"By analysing electricity consumption patterns, it is, in principle, also possible to identify films played from a DVD or other source."
Researchers find smart meters could reveal favorite TV shows
"Tests on smart meters made by German company Discovergy show that someone with network sniffing skills and equipment could determine what's been watched by looking at lighting display patterns."
-
Make your own...
You can make your own, I have been using this since version 2 - it allows you to make a DVD or you can just copy to a usb key.
http://www.h-online.com/security/features/Offline-Update-746179.html -
Android malware creates 3D maps of rooms
Android malware creates 3D maps of rooms
02 October 2012, 20:28
Researchers have created a proof-of-concept Android malware app that is able to use the phone's sensors and camera to gather data that can be used to surreptitiously create a 3D model of a room. The research paper[1] from Robert Templeman of the Naval Surface Warfare Center, Indiana and Zahid Rahman, David Crandall and Apu Kapadia of the School of Informatics and Computing at Indiana University discusses an Android app they created called PlaceRaider.
The PlaceRaider app makes opportunistic use of an Android device's camera to take photographs of a target's location. This information is complemented by data from the GPS, gyroscope and accelerometers to provide information on where the phone is in space. Then using that data, the researchers could reconstruct the target room as a three dimensional model. They emphasise that the taking of the photographs was entirely opportunistic so ideally would not be noticed by the target phone user.
The researchers found that one challenge in obtaining the data was to ensure that the phone's communications were not overwhelmed when providing imagery to their remote system. To take on that problem, they use the positional data to reduce the number of photographs they have to send upstream. They also used different image resolutions in their sampling depending upon opportunities available.
The project went on to use algorithms, based on computer vision systems that could convert the large unstructured collections of images, complete with "noisey" images and filter them down into coherent 3D models. The challenge there was that this software was normally used where there was a steady, consistent stream of high quality imagery, but they had to adapt these algorithms to handle a much more limited selection of imagery. Another tool was also developed which could allow a user to navigate through the imagery collected and be shown views created from all imagery that contributed to that view. In an example, they show how they navigated to a clear view of account numbers on a cheque on a desk.
To evaluate the technique, a HTC Amaze running Android 2.3.3 was used by the researchers to test the gathering of data using the app; twenty different users were recruited to go into the office and engage in typical office activities in the prepared room. From the results, they offer ideas for further optimisations of the process, how the 3D models generated could be improved and suggest a number of defences against what they call "Visual malware".
[1] http://arxiv.org/pdf/1209.5982v1.pdf
djwm@h-online.com
-
Android malware creates 3D maps of rooms
Android malware creates 3D maps of rooms
02 October 2012, 20:28
Researchers have created a proof-of-concept Android malware app that is able to use the phone's sensors and camera to gather data that can be used to surreptitiously create a 3D model of a room. The research paper[1] from Robert Templeman of the Naval Surface Warfare Center, Indiana and Zahid Rahman, David Crandall and Apu Kapadia of the School of Informatics and Computing at Indiana University discusses an Android app they created called PlaceRaider.
The PlaceRaider app makes opportunistic use of an Android device's camera to take photographs of a target's location. This information is complemented by data from the GPS, gyroscope and accelerometers to provide information on where the phone is in space. Then using that data, the researchers could reconstruct the target room as a three dimensional model. They emphasise that the taking of the photographs was entirely opportunistic so ideally would not be noticed by the target phone user.
The researchers found that one challenge in obtaining the data was to ensure that the phone's communications were not overwhelmed when providing imagery to their remote system. To take on that problem, they use the positional data to reduce the number of photographs they have to send upstream. They also used different image resolutions in their sampling depending upon opportunities available.
The project went on to use algorithms, based on computer vision systems that could convert the large unstructured collections of images, complete with "noisey" images and filter them down into coherent 3D models. The challenge there was that this software was normally used where there was a steady, consistent stream of high quality imagery, but they had to adapt these algorithms to handle a much more limited selection of imagery. Another tool was also developed which could allow a user to navigate through the imagery collected and be shown views created from all imagery that contributed to that view. In an example, they show how they navigated to a clear view of account numbers on a cheque on a desk.
To evaluate the technique, a HTC Amaze running Android 2.3.3 was used by the researchers to test the gathering of data using the app; twenty different users were recruited to go into the office and engage in typical office activities in the prepared room. From the results, they offer ideas for further optimisations of the process, how the 3D models generated could be improved and suggest a number of defences against what they call "Visual malware".
[1] http://arxiv.org/pdf/1209.5982v1.pdf
djwm@h-online.com
-
Re:Ok, ok, question
You might want this page then:
http://kernelnewbies.org/Linux_3.6
It usually has links to http://www.h-online.com/ http://lwn.net/ and/or Wikipedia which hopefully explains it in a way you'll understand.
-
slashdot purchased?Dice Holdings acquires Slashdot and SourceForge
.
The well-known news web site Slashdot, along with open source project hosting provider SourceForge and software index Freecode, has been bought by Dice Holdings for $20 million in cash. Dice Holdings, which provides career and job listing web sites, plans to integrate the acquired sites into its own online presence.... -
He was on their radar previously in 2004
According to the BBC article, the initial charges were dropped due to a technicality (i.e. indictiment was filed too late, whatever that means).
So chances are he knew that he was being watched and slipped up.
It's interesting that 72,000 boxes were used for one package. Doesn't mean that the machines under his control were "just" those. If someone wants to generate a certain amount volume (e.g. traffic for a DoS, SPAM, etc) probably 72k machines will suffice.
This is nothing was the Russian-based botnets offer especially for generating SPAM selling cheaps meds.
-
Re:Gizmodo has been banned for life from Apple eve
The obvious ones are WebKit and CUPS, but finding each project that an Apple employee is involved with is not simple.
Apple resources: https://developer.apple.com/opensource/ http://www.apple.com/opensource/
Commentary: http://www.techrepublic.com/blog/opensource/steve-jobs-effect-on-open-source/3101 http://trac.webkit.org/wiki/Companies%20and%20Organizations%20that%20have%20contributed%20to%20WebKit http://blog.openinnovation.net/2011/10/apple-contributions-to-open-innovation.html
And, for a negative to balance things out, http://www.h-online.com/open/features/Kernel-Log-Apple-streamlines-CUPS-1435991.html -
Google warns of using Adobe (Linux) Reader
"Google warns of using Adobe Reader - particularly on Linux
On its August Patch Day, Adobe has fixed numerous critical memory-related bugs in Reader for Windows and Mac OS X â" but has chosen to overlook Linux users. The researchers who discovered the holes now fear that potential attackers could find enough clues to build an exploit by comparing the current Windows version of Reader with the previous one. This would leave Linux users defenceless. On top of that, even the patched versions still contain a total of 16 open security holes.
Google employees Mateusz Jurczyk and Gynvael Coldwind initially examined the PDF engine of the Chrome browser and discovered numerous holes. They then tested Adobe Reader and found about 60 issues that triggered crashes, 40 of which are potential attack vectors. When the two researchers reported their discoveries to Adobe, the company promised to provide fixes â" but also indicated that not all the holes would be closed on Patch Day in August.
On Tuesday, that is exactly what happened. Versions 10.1.4 and 9.5.2 were released for Windows and Mac OS X only. Even these patched versions are still vulnerable to 16 of the reported issues that affect Windows, Mac OS X or both systems. To prove this, the Google employees have released obfuscated information concerning the crashes. The security experts say that the unpatched holes could potentially be identified by third parties because they were found by modifying publicly available PDF documents.
Apparently, the researchers' threat to publish all vulnerability details online in accordance with "responsible disclosure" did not worry Adobe. The deadline is set for 60 days after the day on which the researchers informed Adobe about the holes: 27 August. However, Adobe told the researchers that no further updates are planned in that timeframe.
The Google employees therefore recommend that users refrain from opening any PDF documents from external sources in Adobe Reader. Those who use a browser other than Chrome can protect themselves by disabling the Reader's browser extension. The extension allows the holes to be exploited with a simple visit to a specially crafted web page.
Windows users who still use version 9 of Reader have been advised to upgrade to Adobe Reader X, because this version contains a sandbox that makes exploiting the holes more difficult. While Linux users can fix two of the holes by deleting the annots.api and PPKLite.api plug-ins from the
-
Google warns of using Adobe (Linux) Reader
"Google warns of using Adobe Reader - particularly on Linux
On its August Patch Day, Adobe has fixed numerous critical memory-related bugs in Reader for Windows and Mac OS X â" but has chosen to overlook Linux users. The researchers who discovered the holes now fear that potential attackers could find enough clues to build an exploit by comparing the current Windows version of Reader with the previous one. This would leave Linux users defenceless. On top of that, even the patched versions still contain a total of 16 open security holes.
Google employees Mateusz Jurczyk and Gynvael Coldwind initially examined the PDF engine of the Chrome browser and discovered numerous holes. They then tested Adobe Reader and found about 60 issues that triggered crashes, 40 of which are potential attack vectors. When the two researchers reported their discoveries to Adobe, the company promised to provide fixes â" but also indicated that not all the holes would be closed on Patch Day in August.
On Tuesday, that is exactly what happened. Versions 10.1.4 and 9.5.2 were released for Windows and Mac OS X only. Even these patched versions are still vulnerable to 16 of the reported issues that affect Windows, Mac OS X or both systems. To prove this, the Google employees have released obfuscated information concerning the crashes. The security experts say that the unpatched holes could potentially be identified by third parties because they were found by modifying publicly available PDF documents.
Apparently, the researchers' threat to publish all vulnerability details online in accordance with "responsible disclosure" did not worry Adobe. The deadline is set for 60 days after the day on which the researchers informed Adobe about the holes: 27 August. However, Adobe told the researchers that no further updates are planned in that timeframe.
The Google employees therefore recommend that users refrain from opening any PDF documents from external sources in Adobe Reader. Those who use a browser other than Chrome can protect themselves by disabling the Reader's browser extension. The extension allows the holes to be exploited with a simple visit to a specially crafted web page.
Windows users who still use version 9 of Reader have been advised to upgrade to Adobe Reader X, because this version contains a sandbox that makes exploiting the holes more difficult. While Linux users can fix two of the holes by deleting the annots.api and PPKLite.api plug-ins from the
-
Re:Forced Upgrades?Note that the 3.6.x lineage continues to receive updates to fix security holes and improve stability. The most recent was March 13, 2012.
3.6.x has been EOLed; the March 2012 release was the last one.
-
Re:New Speak garbage
This news came to Slashdot via "The H Open".
-
Re:Reason? GNOME3
GNU/Linux true believers are incapable of seeing that GNU/Linux is dying,
So why do people not mod this "Troll"?
Debian-multimedia? Really?
As an Archlinux User I don't see your problem. It's extremely easy to get a PKGBUILD from ABS/AUR, modify it, compile it and create a mirror from it. I was curious about how complicated it would be and my bash script running a repository of several packages on a dropbox public directory is 12 lines long.
I just don't know why you (and Nursie) are fixated on Debian.perhaps you will use debian-multimedia to install the latest and greatest Gnome fork, Cinnamon? No, you wont, because it's not possible, but I wont be able to convince you that you couldn't trivially use debian-multimedia to do it.
I don't know why it is supposed to be impossible but on Archlinux I type yaourt -S cinnamon-git and that's all I have to do...
If software authors object to having to rewrite every package for every distro, and having to negotiate with each distro separately for a package to be accepted, it's their problem, right? The top games aren't available on Linux because of the stupidity of the game industry, right?
I don't know what you mean. I can play all of the Humble Indie Bundle games on Archlinux without a problem (as long as every special libraries needed are in the package.). Valve will release Steam for Ubuntu first but I would bet it will not take one day until there is a working AUR package for Archlinux.
I really don't get it. Software authors should write for standards, then it will work on almostall Linux distributions.GNU/Linux is dying, and as much as I'd like to help fix that, true believers in the ancient ways vastly outnumber those of us with enough software design sense
You should repeat that a few more times.
to see that GNU/Linux has to change.
It is changing all the time.
Fedora for example is working on its package manager: http://fedoraproject.org/wiki/Features/DNF
Where exactly do you get your idea of linux not changing?A million lines of production code I wrote currently in use by customers around the world contributed nothing to my understanding of anything. Hacking Vinux, speech DSP algorithms, and text-to-speech are child's play (the stuff I do for free to benefit GNU/Linx). It's only for the stupid. 26 years of building software, 22 patents, tech lead at one company that went IPO, early contributor to another IPO, and founder of yet another company I sold last year just means I have no clue.
Look at all the stuff I have done. That ought to make my point valid!
With a redesign of the package managers to work as a peer-to-peer distributed repository system built on a web of trust, with the pre-compiled binaries you need to run your system the way you want to,
Sure, redesign. Why not build it on top of the existing package managers?
Gosh I'm glad I get good quality packages from this vibrant innovative community!
Troll. -1
-
Re:Reason? GNOME3
This slashdot thread is about a major problem which by itself is a major blow to Linux. Obviously, you think everything is just fine, and always will be. If my tone sounds harsh, it's not you, its just the hordes of clones like you that in the end will insure no real change happens that saddens me.
GNU/Linux true believers are incapable of seeing that GNU/Linux is dying, so we should probably not try to talk rationally about it. I've put an insane number of hours into open source GNU/Linux stuff, so seeing it failing hurts me personally. Debian-multimedia? Really? So... you're going to switch your Gnome desktop like Linus wants to, perhaps you will use debian-multimedia to install the latest and greatest Gnome fork, Cinnamon? No, you wont, because it's not possible, but I wont be able to convince you that you couldn't trivially use debian-multimedia to do it. Math like Android's 600K packages vs Debian's 30K packages mean nothing to you. 590K of them are total crap, right? One week to publish to millions of users in Windows or Android versus years in Debian are a mere annoyance, and you prefer the exceptional quality control in Debian on those 30K packages, to any 600K repository of crap. If software authors object to having to rewrite every package for every distro, and having to negotiate with each distro separately for a package to be accepted, it's their problem, right? The top games aren't available on Linux because of the stupidity of the game industry, right?
GNU/Linux is dying, and as much as I'd like to help fix that, true believers in the ancient ways vastly outnumber those of us with enough software design sense to see that GNU/Linux has to change. The year of Linux on the desktop is 2013! Ignore the nay-sayers like me. We're ignorant morons. A million lines of production code I wrote currently in use by customers around the world contributed nothing to my understanding of anything. Hacking Vinux, speech DSP algorithms, and text-to-speech are child's play (the stuff I do for free to benefit GNU/Linx). It's only for the stupid. 26 years of building software, 22 patents, tech lead at one company that went IPO, early contributor to another IPO, and founder of yet another company I sold last year just means I have no clue. Guys like us are simply ignorant, and will be ignored by the vast majority of true believers. That's why Linux is dying.
With a redesign of the package managers to work as a peer-to-peer distributed repository system built on a web of trust, with the pre-compiled binaries you need to run your system the way you want to, GNU/Linux could be the next big thing (or at least bigger than now). It's actually quite involved and given how well you're picking up the whole "git" rewrite of "dpkg", I'll just assume you're not getting it. Actually, you're probably super smart, but simply refuse to believe that the existing GNU/Linux system is not already delivering anything I could possibly be talking about.
This fracturing of the tiny Linux market into Debian/Ubuntu/Fedora/etc and Gnome2/Gnome3/Unity/Cinnamon is just healthy growing pains, right? All this choice is a good thing, and your switching to KDE is just part of what makes GNU/Linxu so great! Gosh I'm glad I get good quality packages from this vibrant innovative community!
-
Amdocs, the telecom trojan?
How Israeli Backdoor Technology Penetrated the U.S. Government's Telecom System and Compromised National Security
An Israeli Trojan Horse
http://www.counterpunch.org/2008/09/27/an-israeli-trojan-horse/
.
.
.
B&N was fighting this FUD but looks like that they capitulate.... http://www.h-online.com/open/news/item/Barnes-Noble-Microsoft-deal-settles-patent-dispute-1563990.html -
Excuse me?
Why on earth did you think Skype was safe before they filed that patent? It's closed source, so there's no way to tell how exactly it encrypts the communication. There have been hints back in 2008 that Skype has a backdoor for certain government agencies.
-
slashverdicrap
This networkworld.com article gets submitted to
A host of small modifications and a large number of system-on-a-chip and PowerPC fixes inflated the size of release candidate No. 7 for Version 3.5 of the Linux kernel, according to curator Linus Torvalds' RC7 announcement, made on Saturday.
LAST TIME AROUND: Linux kernel 3.4 released
Torvalds wasn't happy with the extensive changes, most of which he said he received Friday and Saturday, saying "not cool, guys" in the announcement. However, the occasionally combustible kernel curator didn't appear to view this as a major setback.
"Now, admittedly, most of this is pretty small. The loadavg calculation fix patch is pretty big, but quite a lot of that is added comments," he wrote, referring to the subroutine that measures system workload.
However, he noted, there were also the assorted changes for SoCs, PowerPC compatibility, USB and audio to be folded in, forcing a comparatively large RC7.
"Ok, so it's still not *huge*, but it's bigger than -rc6 was. I had hoped for less," wrote Torvalds.
He also hopes that it won't be necessary to deploy an eighth release candidate before Version 3.5 of the kernel can be properly rolled out, and urged the community to "go forth and test."
Among the biggest new features expected in Linux 3.5 is enhanced compatibility with the ARM processor family, which are used in a wide array of low-cost computing devices. Several ARM-related fixes are part of 3.5-RC7, according to the official announcement email and changelog.
The H-Online reported earlier today that the final version of Linux 3.5 should be deployed next weekend, if all goes well with RC7.
The h-online.com article the networkworld one is a rehashing of:
Over the weekend, Linus Torvalds reluctantly published a seventh release candidate (RC7) for the 3.5 Linux kernel. In the LKML announcement email, the Linux creator says that he originally thought another RC would not necessarily be required; however, a large number of small pull requests submitted by developers late last week necessitated an additional RC for testing, leading Torvalds to tell the developers, "Not cool, guys. Not cool."
These changes include media fixes, random SOC fixes and PowerPC fixes, as well as patches for the leap second bug that caused Linux systems to freeze because of permanent high CPU loads that resulted in increased power consumption and wasted electricity. "Ok, so it's still not *huge*, but it's bigger than -rc6 was," said Torvalds, adding, "I had hoped for less."
Linus has asked the kernel developers to test the rc7 release to "make sure it's all good", and is hoping that he "won't have to do an -rc8". Barring any major problems over the coming week, Linux3.5 will likely be released next weekend. An overview of the changes made in the 3.5 kernel can be found in TheH's Kernel Log mini-series "Coming in 3.5" which examines the various subsystem developments in the upcoming release.
Review each article and notice what is and what is not a link, and where the links lead.
-
Tor Discussion Forums + DNSCrypt
# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)# 1. Tor Discussion Forums (two hidden services)
We need an official Tor discussion forum.
I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:
** HackBB:
http://www.tinyurl.com/hackbbonion** Onion Forum 2.0
http://www.tinyurl.com/onionforum2Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to
I know the Tor developers can do better, but how many years are we to wait?
Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.
If you prefer to visit the hidden services directly, bypassing the tinyurl service:
HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).
[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.
###
# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)
"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"
https://www.opendns.com/technology/dnscrypt/
- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/###
eof
-
Tor Discussion Forums + DNSCrypt
# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)# 1. Tor Discussion Forums (two hidden services)
We need an official Tor discussion forum.
I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:
** HackBB:
http://www.tinyurl.com/hackbbonion** Onion Forum 2.0
http://www.tinyurl.com/onionforum2Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to
I know the Tor developers can do better, but how many years are we to wait?
Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.
If you prefer to visit the hidden services directly, bypassing the tinyurl service:
HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).
[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.
###
# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)
"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"
https://www.opendns.com/technology/dnscrypt/
- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/###
eof
-
Tor Discussion Forums + DNSCrypt
# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)# 1. Tor Discussion Forums (two hidden services)
We need an official Tor discussion forum.
I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:
** HackBB:
http://www.tinyurl.com/hackbbonion** Onion Forum 2.0
http://www.tinyurl.com/onionforum2Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to
I know the Tor developers can do better, but how many years are we to wait?
Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.
If you prefer to visit the hidden services directly, bypassing the tinyurl service:
HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).
[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.
###
# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)
"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"
https://www.opendns.com/technology/dnscrypt/
- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/###
eof
-
Tor Discussion Forums + DNSCrypt
# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)# 1. Tor Discussion Forums (two hidden services)
We need an official Tor discussion forum.
I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:
** HackBB:
http://www.tinyurl.com/hackbbonion** Onion Forum 2.0
http://www.tinyurl.com/onionforum2Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to
I know the Tor developers can do better, but how many years are we to wait?
Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.
If you prefer to visit the hidden services directly, bypassing the tinyurl service:
HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).
[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.
###
# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)
"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"
https://www.opendns.com/technology/dnscrypt/
- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/###
eof
-
Tor Discussion Forums + DNSCrypt
# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)# 1. Tor Discussion Forums (two hidden services)
We need an official Tor discussion forum.
I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:
** HackBB:
http://www.tinyurl.com/hackbbonion** Onion Forum 2.0
http://www.tinyurl.com/onionforum2Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to
I know the Tor developers can do better, but how many years are we to wait?
Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.
If you prefer to visit the hidden services directly, bypassing the tinyurl service:
HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).
[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.
###
# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)
"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"
https://www.opendns.com/technology/dnscrypt/
- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/###
eof
-
Tor Discussion Forums + DNSCrypt
# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)# 1. Tor Discussion Forums (two hidden services)
We need an official Tor discussion forum.
I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:
** HackBB:
http://www.tinyurl.com/hackbbonion** Onion Forum 2.0
http://www.tinyurl.com/onionforum2Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to
I know the Tor developers can do better, but how many years are we to wait?
Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.
If you prefer to visit the hidden services directly, bypassing the tinyurl service:
HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).
[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.
###
# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)
"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"
https://www.opendns.com/technology/dnscrypt/
- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/###
eof
-
Tor Discussion Forums + DNSCrypt
# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)# 1. Tor Discussion Forums (two hidden services)
We need an official Tor discussion forum.
I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:
** HackBB:
http://www.tinyurl.com/hackbbonion** Onion Forum 2.0
http://www.tinyurl.com/onionforum2Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to
I know the Tor developers can do better, but how many years are we to wait?
Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.
If you prefer to visit the hidden services directly, bypassing the tinyurl service:
HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).
[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.
###
# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)
"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"
https://www.opendns.com/technology/dnscrypt/
- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/###
eof
-
Tor Discussion Forums + DNSCrypt
# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)# 1. Tor Discussion Forums (two hidden services)
We need an official Tor discussion forum.
I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:
** HackBB:
http://www.tinyurl.com/hackbbonion** Onion Forum 2.0
http://www.tinyurl.com/onionforum2Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to
I know the Tor developers can do better, but how many years are we to wait?
Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.
If you prefer to visit the hidden services directly, bypassing the tinyurl service:
HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).
[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.
###
# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)
"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"
https://www.opendns.com/technology/dnscrypt/
- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/###
eof
-
Tor discussion forums & DNSCrypt
We need an official Tor discussion forum.
I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:
** HackBB:
http://www.tinyurl.com/hackbbonion** Onion Forum 2.0
http://www.tinyurl.com/onionforum2Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to
I know the Tor developers can do better, but how many years are we to wait?
Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.
If you prefer to visit the hidden services directly, bypassing the tinyurl service:
HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).
[1]: Because any content can be posted! Think 4chan, for example. onionforum2 doesn't appear to be heavily moderated so be aware and take precautions.
----------
DNSCrypt for Linux, Windows, Mac (from opendns.com)"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"
https://www.opendns.com/technology/dnscrypt/
- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/ -
DNSCrypt
"That's quite true. However, your traffic is STILL going through your ISP. There literally isn't any way around that."
Tor, or:
DNSCrypt
"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"
https://www.opendns.com/technology/dnscrypt/
- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/ -
NSA Bobble-headed Fleshlight
John the Ripper now able to crack office files and use GPUs
4 July 2012, 12:38
"Version 1.7.9-jumbo-6 of the John the Ripper password cracker sees significant format support enhancements. The open source tool is now able to crack password-protected office documents (Office 2007/2010 and OpenDocument) and Firefox, Thunderbird and SeaMonkey master passwords, as well as WPA-PSK keys and Mac OS X keychains. It can also request to use GPUs via CUDA and OpenCL. The suffix "jumbo" appears to be intended literally â" more than 40,000 lines of code have been added in the six months since the previous release.
Developer Solar Designer told The H's associates at heise Security that, in developing GPU support, the focus has been on modern functions which can be slow to calculate, such as WPA-PSK and Unix password hashes. For some functions, such as Ubuntu's standard hash function (sha512crypt) and the time-consuming bcrypt, there were, according to the developers, no crackers with GPU support until now, "because others were unhappy about releasing a tool with 'non-impressive' speed numbers, even if this is desirable in practice".
In the case of sha512crypt, this means that the GPU on a GeForce GTX 570 graphics card can generate around 11,000 hashes per second â" still more than five times faster than on a computer with eight CPU cores. By comparison, for SHA1 hashes, with GPU support this figure would normally be in the millions. For bcrypt, a graphics card just beats an eight-core system by a hair's breadth â" in both cases the maximum figure is around 5,000 hashes. The inability of GPUs to realise speed gains with bcrypt is due to the algorithm's design, which is very memory intensive. According to Solar Designer, the developers were primarily concerned with finding out just how slow the bcrypt implementation would be."
- http://www.openwall.com/lists/john-users/2012/06/29/1
- http://www.openwall.com/john/
- http://en.wikipedia.org/wiki/OpenDocument
- http://en.wikipedia.org/wiki/Bcrypt
- http://www.reddit.com/r/netsec/comments/vsygc/john_the_ripper_179jumbo6_adds_gpu_support/
- http://www.h-online.com/news/item/Cracking-DES-faster-with-John-the-Ripper-1273585.html
* http://www.h-online.com/security/news/item/John-the-Ripper-now-able-to-crack-office-files-and-use-GPUs-1631901.htmlcrve@h-online.com
Copyright © 2012 Heise Media UK Ltd.###
Sensitive Information Security Sources and BreachesUnauthorized disclosures of secrets are essential for democracy.
In response to Wikileaks background inquiries Cryptome offers that there are hundreds of online and offline sources of sensitive information security breaches which preceded Wikileaks beginning about 120 years ago. This outline traces the conflict between technological capabilities for sensitive information breaches and control by law enforcement when technical countermeasures are insufficient -- a few examples among many others worldwide:
http://cryptome.org/0002/siss.htm
####
Feds Look to Fight Leaks With âFog of Disinformationâ(TM)July 4th, 2012
Via: Danger Room:
-
NSA Bobble-headed Fleshlight
John the Ripper now able to crack office files and use GPUs
4 July 2012, 12:38
"Version 1.7.9-jumbo-6 of the John the Ripper password cracker sees significant format support enhancements. The open source tool is now able to crack password-protected office documents (Office 2007/2010 and OpenDocument) and Firefox, Thunderbird and SeaMonkey master passwords, as well as WPA-PSK keys and Mac OS X keychains. It can also request to use GPUs via CUDA and OpenCL. The suffix "jumbo" appears to be intended literally â" more than 40,000 lines of code have been added in the six months since the previous release.
Developer Solar Designer told The H's associates at heise Security that, in developing GPU support, the focus has been on modern functions which can be slow to calculate, such as WPA-PSK and Unix password hashes. For some functions, such as Ubuntu's standard hash function (sha512crypt) and the time-consuming bcrypt, there were, according to the developers, no crackers with GPU support until now, "because others were unhappy about releasing a tool with 'non-impressive' speed numbers, even if this is desirable in practice".
In the case of sha512crypt, this means that the GPU on a GeForce GTX 570 graphics card can generate around 11,000 hashes per second â" still more than five times faster than on a computer with eight CPU cores. By comparison, for SHA1 hashes, with GPU support this figure would normally be in the millions. For bcrypt, a graphics card just beats an eight-core system by a hair's breadth â" in both cases the maximum figure is around 5,000 hashes. The inability of GPUs to realise speed gains with bcrypt is due to the algorithm's design, which is very memory intensive. According to Solar Designer, the developers were primarily concerned with finding out just how slow the bcrypt implementation would be."
- http://www.openwall.com/lists/john-users/2012/06/29/1
- http://www.openwall.com/john/
- http://en.wikipedia.org/wiki/OpenDocument
- http://en.wikipedia.org/wiki/Bcrypt
- http://www.reddit.com/r/netsec/comments/vsygc/john_the_ripper_179jumbo6_adds_gpu_support/
- http://www.h-online.com/news/item/Cracking-DES-faster-with-John-the-Ripper-1273585.html
* http://www.h-online.com/security/news/item/John-the-Ripper-now-able-to-crack-office-files-and-use-GPUs-1631901.htmlcrve@h-online.com
Copyright © 2012 Heise Media UK Ltd.###
Sensitive Information Security Sources and BreachesUnauthorized disclosures of secrets are essential for democracy.
In response to Wikileaks background inquiries Cryptome offers that there are hundreds of online and offline sources of sensitive information security breaches which preceded Wikileaks beginning about 120 years ago. This outline traces the conflict between technological capabilities for sensitive information breaches and control by law enforcement when technical countermeasures are insufficient -- a few examples among many others worldwide:
http://cryptome.org/0002/siss.htm
####
Feds Look to Fight Leaks With âFog of Disinformationâ(TM)July 4th, 2012
Via: Danger Room:
-
NSA Bobble-headed Fleshlight
John the Ripper now able to crack office files and use GPUs
4 July 2012, 12:38
"Version 1.7.9-jumbo-6 of the John the Ripper password cracker sees significant format support enhancements. The open source tool is now able to crack password-protected office documents (Office 2007/2010 and OpenDocument) and Firefox, Thunderbird and SeaMonkey master passwords, as well as WPA-PSK keys and Mac OS X keychains. It can also request to use GPUs via CUDA and OpenCL. The suffix "jumbo" appears to be intended literally â" more than 40,000 lines of code have been added in the six months since the previous release.
Developer Solar Designer told The H's associates at heise Security that, in developing GPU support, the focus has been on modern functions which can be slow to calculate, such as WPA-PSK and Unix password hashes. For some functions, such as Ubuntu's standard hash function (sha512crypt) and the time-consuming bcrypt, there were, according to the developers, no crackers with GPU support until now, "because others were unhappy about releasing a tool with 'non-impressive' speed numbers, even if this is desirable in practice".
In the case of sha512crypt, this means that the GPU on a GeForce GTX 570 graphics card can generate around 11,000 hashes per second â" still more than five times faster than on a computer with eight CPU cores. By comparison, for SHA1 hashes, with GPU support this figure would normally be in the millions. For bcrypt, a graphics card just beats an eight-core system by a hair's breadth â" in both cases the maximum figure is around 5,000 hashes. The inability of GPUs to realise speed gains with bcrypt is due to the algorithm's design, which is very memory intensive. According to Solar Designer, the developers were primarily concerned with finding out just how slow the bcrypt implementation would be."
- http://www.openwall.com/lists/john-users/2012/06/29/1
- http://www.openwall.com/john/
- http://en.wikipedia.org/wiki/OpenDocument
- http://en.wikipedia.org/wiki/Bcrypt
- http://www.reddit.com/r/netsec/comments/vsygc/john_the_ripper_179jumbo6_adds_gpu_support/
- http://www.h-online.com/news/item/Cracking-DES-faster-with-John-the-Ripper-1273585.html
* http://www.h-online.com/security/news/item/John-the-Ripper-now-able-to-crack-office-files-and-use-GPUs-1631901.htmlcrve@h-online.com
Copyright © 2012 Heise Media UK Ltd.###
Sensitive Information Security Sources and BreachesUnauthorized disclosures of secrets are essential for democracy.
In response to Wikileaks background inquiries Cryptome offers that there are hundreds of online and offline sources of sensitive information security breaches which preceded Wikileaks beginning about 120 years ago. This outline traces the conflict between technological capabilities for sensitive information breaches and control by law enforcement when technical countermeasures are insufficient -- a few examples among many others worldwide:
http://cryptome.org/0002/siss.htm
####
Feds Look to Fight Leaks With âFog of Disinformationâ(TM)July 4th, 2012
Via: Danger Room:
-
what's the word?
John the Ripper now able to crack office files and use GPUs
4 July 2012, 12:38
"Version 1.7.9-jumbo-6 of the John the Ripper password cracker sees significant format support enhancements. The open source tool is now able to crack password-protected office documents (Office 2007/2010 and OpenDocument) and Firefox, Thunderbird and SeaMonkey master passwords, as well as WPA-PSK keys and Mac OS X keychains. It can also request to use GPUs via CUDA and OpenCL. The suffix "jumbo" appears to be intended literally â" more than 40,000 lines of code have been added in the six months since the previous release.
Developer Solar Designer told The H's associates at heise Security that, in developing GPU support, the focus has been on modern functions which can be slow to calculate, such as WPA-PSK and Unix password hashes. For some functions, such as Ubuntu's standard hash function (sha512crypt) and the time-consuming bcrypt, there were, according to the developers, no crackers with GPU support until now, "because others were unhappy about releasing a tool with 'non-impressive' speed numbers, even if this is desirable in practice".
In the case of sha512crypt, this means that the GPU on a GeForce GTX 570 graphics card can generate around 11,000 hashes per second â" still more than five times faster than on a computer with eight CPU cores. By comparison, for SHA1 hashes, with GPU support this figure would normally be in the millions. For bcrypt, a graphics card just beats an eight-core system by a hair's breadth â" in both cases the maximum figure is around 5,000 hashes. The inability of GPUs to realise speed gains with bcrypt is due to the algorithm's design, which is very memory intensive. According to Solar Designer, the developers were primarily concerned with finding out just how slow the bcrypt implementation would be."
- http://www.openwall.com/lists/john-users/2012/06/29/1
- http://www.openwall.com/john/
- http://en.wikipedia.org/wiki/OpenDocument
- http://en.wikipedia.org/wiki/Bcrypt
- http://www.reddit.com/r/netsec/comments/vsygc/john_the_ripper_179jumbo6_adds_gpu_support/
- http://www.h-online.com/news/item/Cracking-DES-faster-with-John-the-Ripper-1273585.html
* http://www.h-online.com/security/news/item/John-the-Ripper-now-able-to-crack-office-files-and-use-GPUs-1631901.htmlcrve@h-online.com
Copyright © 2012 Heise Media UK Ltd.####
Sensitive Information Security Sources and BreachesUnauthorized disclosures of secrets are essential for democracy.
In response to Wikileaks background inquiries Cryptome offers that there are hundreds of online and offline sources of sensitive information security breaches which preceded Wikileaks beginning about 120 years ago. This outline traces the conflict between technological capabilities for sensitive information breaches and control by law enforcement when technical countermeasures are insufficient -- a few examples among many others worldwide:
http://cryptome.org/0002/siss.htm
####
Feds Look to Fight Leaks With âFog of Disinformationâ(TM)July 4th, 2012
Via: Danger Room:
-
what's the word?
John the Ripper now able to crack office files and use GPUs
4 July 2012, 12:38
"Version 1.7.9-jumbo-6 of the John the Ripper password cracker sees significant format support enhancements. The open source tool is now able to crack password-protected office documents (Office 2007/2010 and OpenDocument) and Firefox, Thunderbird and SeaMonkey master passwords, as well as WPA-PSK keys and Mac OS X keychains. It can also request to use GPUs via CUDA and OpenCL. The suffix "jumbo" appears to be intended literally â" more than 40,000 lines of code have been added in the six months since the previous release.
Developer Solar Designer told The H's associates at heise Security that, in developing GPU support, the focus has been on modern functions which can be slow to calculate, such as WPA-PSK and Unix password hashes. For some functions, such as Ubuntu's standard hash function (sha512crypt) and the time-consuming bcrypt, there were, according to the developers, no crackers with GPU support until now, "because others were unhappy about releasing a tool with 'non-impressive' speed numbers, even if this is desirable in practice".
In the case of sha512crypt, this means that the GPU on a GeForce GTX 570 graphics card can generate around 11,000 hashes per second â" still more than five times faster than on a computer with eight CPU cores. By comparison, for SHA1 hashes, with GPU support this figure would normally be in the millions. For bcrypt, a graphics card just beats an eight-core system by a hair's breadth â" in both cases the maximum figure is around 5,000 hashes. The inability of GPUs to realise speed gains with bcrypt is due to the algorithm's design, which is very memory intensive. According to Solar Designer, the developers were primarily concerned with finding out just how slow the bcrypt implementation would be."
- http://www.openwall.com/lists/john-users/2012/06/29/1
- http://www.openwall.com/john/
- http://en.wikipedia.org/wiki/OpenDocument
- http://en.wikipedia.org/wiki/Bcrypt
- http://www.reddit.com/r/netsec/comments/vsygc/john_the_ripper_179jumbo6_adds_gpu_support/
- http://www.h-online.com/news/item/Cracking-DES-faster-with-John-the-Ripper-1273585.html
* http://www.h-online.com/security/news/item/John-the-Ripper-now-able-to-crack-office-files-and-use-GPUs-1631901.htmlcrve@h-online.com
Copyright © 2012 Heise Media UK Ltd.####
Sensitive Information Security Sources and BreachesUnauthorized disclosures of secrets are essential for democracy.
In response to Wikileaks background inquiries Cryptome offers that there are hundreds of online and offline sources of sensitive information security breaches which preceded Wikileaks beginning about 120 years ago. This outline traces the conflict between technological capabilities for sensitive information breaches and control by law enforcement when technical countermeasures are insufficient -- a few examples among many others worldwide:
http://cryptome.org/0002/siss.htm
####
Feds Look to Fight Leaks With âFog of Disinformationâ(TM)July 4th, 2012
Via: Danger Room:
-
what's the word?
John the Ripper now able to crack office files and use GPUs
4 July 2012, 12:38
"Version 1.7.9-jumbo-6 of the John the Ripper password cracker sees significant format support enhancements. The open source tool is now able to crack password-protected office documents (Office 2007/2010 and OpenDocument) and Firefox, Thunderbird and SeaMonkey master passwords, as well as WPA-PSK keys and Mac OS X keychains. It can also request to use GPUs via CUDA and OpenCL. The suffix "jumbo" appears to be intended literally â" more than 40,000 lines of code have been added in the six months since the previous release.
Developer Solar Designer told The H's associates at heise Security that, in developing GPU support, the focus has been on modern functions which can be slow to calculate, such as WPA-PSK and Unix password hashes. For some functions, such as Ubuntu's standard hash function (sha512crypt) and the time-consuming bcrypt, there were, according to the developers, no crackers with GPU support until now, "because others were unhappy about releasing a tool with 'non-impressive' speed numbers, even if this is desirable in practice".
In the case of sha512crypt, this means that the GPU on a GeForce GTX 570 graphics card can generate around 11,000 hashes per second â" still more than five times faster than on a computer with eight CPU cores. By comparison, for SHA1 hashes, with GPU support this figure would normally be in the millions. For bcrypt, a graphics card just beats an eight-core system by a hair's breadth â" in both cases the maximum figure is around 5,000 hashes. The inability of GPUs to realise speed gains with bcrypt is due to the algorithm's design, which is very memory intensive. According to Solar Designer, the developers were primarily concerned with finding out just how slow the bcrypt implementation would be."
- http://www.openwall.com/lists/john-users/2012/06/29/1
- http://www.openwall.com/john/
- http://en.wikipedia.org/wiki/OpenDocument
- http://en.wikipedia.org/wiki/Bcrypt
- http://www.reddit.com/r/netsec/comments/vsygc/john_the_ripper_179jumbo6_adds_gpu_support/
- http://www.h-online.com/news/item/Cracking-DES-faster-with-John-the-Ripper-1273585.html
* http://www.h-online.com/security/news/item/John-the-Ripper-now-able-to-crack-office-files-and-use-GPUs-1631901.htmlcrve@h-online.com
Copyright © 2012 Heise Media UK Ltd.####
Sensitive Information Security Sources and BreachesUnauthorized disclosures of secrets are essential for democracy.
In response to Wikileaks background inquiries Cryptome offers that there are hundreds of online and offline sources of sensitive information security breaches which preceded Wikileaks beginning about 120 years ago. This outline traces the conflict between technological capabilities for sensitive information breaches and control by law enforcement when technical countermeasures are insufficient -- a few examples among many others worldwide:
http://cryptome.org/0002/siss.htm
####
Feds Look to Fight Leaks With âFog of Disinformationâ(TM)July 4th, 2012
Via: Danger Room:
-
Re:Has this removed the need for EGlibc?
The goal is to merge eglibc back into glibc, yes. After the previous glibc steering committee disbanded, it switched to being run by an informal three-person committee, one of whom (Joseph Myers) is also one of the lead maintainers of eglibc, so the two projects' leadership are no longer at odds. And Myers has suggested that the goal is to start moving eglibc changes over into the main glibc branch.
-
Re: The OS Warz have begun!
Dell Launches Laptops Pre-Loaded with Ubuntu Linux in 850 Stores Across India: http://www.h-online.com/open/news/item/Dell-to-bring-Ubuntu-laptops-to-850-retail-stores-in-India-1620657.html This was announced on the SAME day that Microsoft announced the Surface RT and Surface Pro. It seems that the OEM industry is secretly betting that Linux Desktop will overtake Windows in the huge Asian market. This is interesting considering that Valve is releasing Steam for Linux and that EA and other game companies are interested as well. They are predicting that Linux will be a big win and replacement for Windows in the long term. earlier... Dell Launches Laptops Pre-Loaded with Ubuntu Linux in China: http://www.h-online.com/open/news/item/Canonical-Dell-bring-Ubuntu-laptops-to-220-Chinese-retail-stores-1368347.html The OEM's are the BIGGEST CLOWNS for not jumping on Linux earlier to counter the Microsoft threat to their eco-system.
-
Re: The OS Warz have begun!
Dell Launches Laptops Pre-Loaded with Ubuntu Linux in 850 Stores Across India: http://www.h-online.com/open/news/item/Dell-to-bring-Ubuntu-laptops-to-850-retail-stores-in-India-1620657.html This was announced on the SAME day that Microsoft announced the Surface RT and Surface Pro. It seems that the OEM industry is secretly betting that Linux Desktop will overtake Windows in the huge Asian market. This is interesting considering that Valve is releasing Steam for Linux and that EA and other game companies are interested as well. They are predicting that Linux will be a big win and replacement for Windows in the long term. earlier... Dell Launches Laptops Pre-Loaded with Ubuntu Linux in China: http://www.h-online.com/open/news/item/Canonical-Dell-bring-Ubuntu-laptops-to-220-Chinese-retail-stores-1368347.html The OEM's are the BIGGEST CLOWNS for not jumping on Linux earlier to counter the Microsoft threat to their eco-system.
-
Re:Problems? Really?
... even one of the big Red hat developers says the current way of doing things simply isn't sustainable, that a single group can't control 20,000 packages and drivers and keep it working, and recommends an ABI
Ingo is talking about application ABI, not driver ABI. He's objected to proprietary drivers before, and I don't recall seeing any evidence of a change of heart.
Thanks to virtual memory and so on, applications have much more of an arms-length relationship to the rest of the system than drivers. That makes maintaining a fixed driver ABI more work.
After all how do you expect the smaller hardware guys to support you if the big guys have to pay entire teams to constantly fix the damned things just to make the drivers work?
In the judgement of most kernel developers, the most efficient use of limited resources is to write an open source driver that can be included in the upstream kernel. That makes it easier for other kernel developers to collaborate with your your developers on future maintenance.
-
Re:Skype?
Skype probably has a backdoor to allow governments to listen in, although the code is heavily obfuscated to try to prevent people from finding out the details via reverse engineering.
Oh, now that it belongs to an American company (the primary desktop software supplier to the U.S. government) you can be SURE Skype calls touching the U.S. are readily monitorable by the government. Just assume that for now.
-
Re:Skype?
Skype probably has a backdoor to allow governments to listen in, although the code is heavily obfuscated to try to prevent people from finding out the details via reverse engineering.
-
Re:Must be involved....
Landley is the guy. And even Mr Perens wasn't happy with the SFLC.
But then, why would he be? This is a company of lawyers that doesn't do anything but copyright shakedowns.
If we apply the usual anti-MPAA/pro-piracy/anti-patent/information-wants-to-be-free reasoning, usually featured on this site, we see that the SFLC is a bad thing, because it closely resembles everything we hate. Doesn't it? Perhaps evil tactics are fine if they are used in the service of good?
-
Re:Vapor Tablet
January 29 The Spark Tablet was announced (later renamed to Vivaldi). Two months it was supposed to be on the market. Now, it's 2 months after that and it still isn't shipping...
I want the tablet, but hell if I know when I'll be able to buy one.
Nobody really needs the Vivaldi tablet. It is just off-the-shelf hardware with Linux and Plasma Active installed. Plasma Active is *not* vaporware. Two major versions were already released with the third major release planed to coincide with KDE Platform 4.9 to no longer rely on Platform 4.8 + patches. KP 4.9 is set for release in August: http://www.h-online.com/open/news/item/KDE-SC-4-9-coming-in-August-1445350.html
You can get eg. an Acer Iconia W500 and install a regular Linux distribution with Plasma Active on it right now. Packages exist for openSUSE and AFAIK Kubuntu. Probably also other distributions but I am not aware of them. -
Native JSON fields
PostgreSQL 9.2 (now in beta) includes native JSON fields:
It's also available as an extension for the current 9.1 release:
-
Why not PostgreSQL?
PostgreSQL 9.2 beta improves scalability, adds JSON
http://www.h-online.com/open/news/item/PostgreSQL-9-2-beta-improves-scalability-adds-JSON-1573815.html -
Re:Finally
What is sad is how little you seem to know about ARM which has no ASLR except in ICS and it has been found wanting
- ARM is a processor architecture (well, really an ISA, but let's not confuse the beginners here).
-
ICS is an operating system version.
-
There is no ICS version of ARM.
- ASLR has often been found wanting. It is not a primary security layer, just a backup defence when the other layers fail.
- none of these facts are even relevant to the discussion.
so YES YOU CAN screw the boot sector by simply writing to the correct memory address (which since we are talking hundreds of thousands of identical handsets isn't hard)
The thing you want to look up is memory protection. This is before we even start discussing the
I will now just quote part of your post, putting beside each other two different things you said:
the engineers at Google they are idiots since they are doing the EXACT SAME THING as MSFT? [.....]The ONLY difference between MSFT's version and Google's is that Google has a "dev mode" that will cripple the security
Ah yes, the engineers at Google are doing the "EXACT" same thing except it's different. Yes. Not "a very similar thing". Not even "the same thing" but "the exact same thing". But different. I think I have a tip for you from a real actor.
But hey, what can one expect with troll in their name except trolling.
Given the quality and hilarity of your post; I guess I should take it up full time and not just when people fail to read the article. I thought you guys were professionals.
-
Re:Finally
What is sad is how little you seem to know about ARM which has no ASLR except in ICS and it has been found wanting so YES YOU CAN screw the boot sector by simply writing to the correct memory address (which since we are talking hundreds of thousands of identical handsets isn't hard) but since you are such the brainiac perhaps you'd like to tell the engineers at Google they are idiots since they are doing the EXACT SAME THING as MSFT? quote "Google claimed that Chrome OS would be the most secure consumer operating system due in part to a verified boot ability, in which the initial boot code, stored in read-only memory, checks for system compromises" unquote. But hey, what can one expect with troll in their name except trolling.
The ONLY difference between MSFT's version and Google's is that Google has a "dev mode" that will cripple the security while leaving it open to develop on, MSFT has VS so didn't bother with a switch. But hey, if your argument was correct then how do you explain that EVERY OS has malware? Are they ALL soooo stupid they haven't ever heard of defense in depth? or maybe, just maybe, it doesn't work on social engineering which is where all the malware comes from, dumbass.
-
Re:Skype?
It's likely there has always been a backdoor to Skype. The Austrian government seems to claim that tapping Skype is not a problem. This article is from 2008: http://www.h-online.com/security/news/item/Speculation-over-back-door-in-Skype-736607.html
-
actually four
-
We lack the expertise 2 program a complete program
Die Expertise, ein gesamtes Programm zu programmieren, ist nicht vorhanden.
Spokesman of the German Home Office (BMI, in charge of the "Federal Trojan Horse" exposed by the CCC) at the Federal Press Conference 2011-10-12.
-
Re:KDE, Gnome
Awesome post.
However the newer versions of KDE4 are being based on Qt5, which has a base requirement of OpenGL (ES) 2.0 or above.
If I understood properly, the issue is that Qt5 will use an OpenGL rendering model. That doesn't mean that the graphics hardware requires an OpenGL working driver to function, because Qt5 can use a raster engine in the CPU, like does right now (passing "-graphicssystem raster", which is the default). Actually, they have given some numbers, and the CPU rasterizer is faster in Qt5, because LLVMpipe is faster than Qt's rasterizer.
That's really interesting, and it's good news. As long as Qt5 + KDE5 continue to allow machines to use it without requiring OpenGL 3D support in hardware, especially if there's still a software rendering (i.e. rasterizer) available, I'm happy. And I don't even need for it to be fast -- just that it will work. Thank you VERY much for pointing the above information out.
Remember also that Qt5 is not out yet, much less KDE5. It will take years for being forced to upgrade to KDE5. This year we will have a LTS release of Kubuntu, which means you will have supported KDE4 till April 2017. I think there will be also one or maybe even two Debian releases with KDE4.
That's good as a backup plan, although I'll doubt I'll need to resort to using it based on the technical details you've given me above. Debian has had KDE4 since the release of Squeeze two years ago. I've run Kubuntu in the past and ccasionally I retry Kubuntu (and Mint Debian) but haven't found any compelling reason to switch away from Debian, as Debian has full support for doing major upgrades without reinstallation. And as you probably know, Canonical recently announced that they were going to stop funding Kubuntu development after the April release of Kubuntu 12.04 and is also dropping commercial support for it.
http://www.omgubuntu.co.uk/2012/02/canonical-withdraw-financial-support-from-kubuntu/
http://www.h-online.com/open/news/item/Canonical-pulls-funding-from-Kubuntu-drops-commercial-support-1429603.html -
GoogleDitch? Chrome only future for Flash on Linux
Penguins Planning to dump google 100%? Might want to read this.
Chrome only future for Flash on Linux
I could try to highlight that a million ways, it still doesn't fully kick in the ramifications.
Adobe has announced that in future, the Flash Player for Linux will only be available through Google as part of the Google Chrome browser and not as a standalone download. The shipped plugin will also only support Chrome's plugin API. The changes will take effect after the release of Flash Player 11.2 later this year.
(From H-Online)
http://www.h-online.com/open/news/item/Chrome-only-future-for-Flash-on-Linux-1440104.html