Slashdot Mirror

← Back to Domains

Domain: h-online.com

Stories and comments across the archive that link to h-online.com.

Stories · 116

  1. Encryption Cracked On NIST-Certified Flash Drives

    It · Security · · posted by timothy · from the whoopsie-daisy dept. · 252 comments
    An anonymous reader writes "USB Flash drives with hardware based AES 256-bit encryption manufactured by Kingston, SanDisk and Verbatim have reportedly been cracked by security firm SySS. These drives are advertised to meet security standards suitable for use with sensitive US Government data (unclassified, of course) as emphasized by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST). It looks likes the Windows-based password entry program always sends the same character string to the drive after performing various crypto operations."

  2. Microsoft To Get Malware Bailout In Germany

    News · Microsoft · · posted by kdawson · from the you-broke-it-you-fix-it dept. · 226 comments
    hweimer writes "The German government plans on paying to set up a call center to help Windows users with malware infections. I think this has the effect of being a malware bailout for Microsoft, discouraging them and other software companies from writing better code and giving users little incentive to switch to more secure alternatives. How much government money is needed to run the call center is also not revealed." The call center, running in cooperation with ISPs (but not manufacturers), is envisioned to have a staff of about 40.

  3. ECMAScript Version 5 Approved

    Developers · Programming · · posted by timothy · from the javascript-by-any-other-name dept. · 158 comments
    systembug writes "After 10 years of waiting and some infighting, ECMAScript version 5 is finally out, approved by 19 of the 21 members of the ECMA Technical Committee 39. JSON is in; Intel and IBM dissented. IBM is obviously in disagreement with the decision against IEEE 754r, a floating point format for correct, but slow representation of decimal numbers, despite pleas by Yahoo's Douglas Crockford." (About 754r, Crockford says "It was rejected by ES4 and by ES3.1 — it was one of the few things that we could agree on. We all agreed that the IBM proposal should not go in.")

  4. Microsoft Advice Against Nehalem Xeons Snuffed Out

    Hardware · Intel · · posted by Soulskill · from the keep-that-under-your-hat dept. · 154 comments
    Eukariote writes "In an article outlining hidden strife in the processor world, Andreas Stiller has reported the scoop that Microsoft advised against the use of Intel Nehalem Xeon (Core i7/i5) processors under Windows Server 2008 R2, but was pressured by Intel to refrain from publishing this advisory. The issue concerns a bug causing spurious interrupts that locks up the Hypervisor of Server 2008. Though there is a hotfix, it is unattractive as it disables power savings and turbo boost states. (The original German-language version of the article is also available.)"

  5. Major IE8 Flaw Makes "Safe" Sites Unsafe

    Tech · Msie · · posted by kdawson · from the keep-your-scripts-to-yourself dept. · 83 comments
    After this weekend's report of a dangerous flaw in IE (which Microsoft confirmed today), intrudere points out an exclusive report in The Register on a new hole in IE8 that could allow an attacker to pull off cross-site scripting attacks on Web sites that ought, by rights, to be safe from XSS. This is according to two anonymous sources, who told El Reg that Microsoft had been notified of the vulnerability a few months ago.

  6. GPL Wins In French Court Case

    Yro · Gnu · · posted by CmdrTaco · from the here-come-the-jokes dept. · 266 comments
    viralMeme writes "An appeals court in Paris has upheld the ruling from a lower court, which found that the French firm Edu4 had violated the GNU General Public License (GPL). The plaintiff was the French Organisation Association francaise pour la Formation Professionnelle des Adultes (AFPA), an umbrella organization for adult education." The basic charge was the removal of copyrights and such from VNC source code, and not distributing it.

  7. Mozilla To Protect Adobe Flash Users

    Tech · Mozilla · · posted by Soulskill · from the helping-those-who-don't-help-themselves dept. · 132 comments
    juct writes "Beginning with versions 3.5.3 and 3.0.14 of Firefox, Mozilla is going to check the version of installed Adobe Flash plug-ins and warn users if it discovers an outdated version with potential security holes. Mozilla confirmed this new security feature and said that the Flash version check was part of a wider commitment to 'protect users from emerging threats online.' Just recently, a study confirmed that 80 per cent of users surf with a vulnerable version of Adobe's plug-in."

  8. Mozilla To Protect Adobe Flash Users

    Tech · Mozilla · · posted by Soulskill · from the helping-those-who-don't-help-themselves dept. · 132 comments
    juct writes "Beginning with versions 3.5.3 and 3.0.14 of Firefox, Mozilla is going to check the version of installed Adobe Flash plug-ins and warn users if it discovers an outdated version with potential security holes. Mozilla confirmed this new security feature and said that the Flash version check was part of a wider commitment to 'protect users from emerging threats online.' Just recently, a study confirmed that 80 per cent of users surf with a vulnerable version of Adobe's plug-in."

  9. Bootkit Bypasses TrueCrypt Encryption

    It · Security · · posted by timothy · from the war-of-attrition dept. · 192 comments
    mattOzan writes with this excerpt from H-online: "At Black Hat USA 2009, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption. The bootkit uses a 'double forward' to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt."

  10. German Health Insurance Card CA Loses Secret Key

    It · Security · · posted by timothy · from the your-replacement-papers-please dept. · 174 comments
    Christiane writes "The SSL Root CA responsible for issuing the German digital health insurance card lost its secret private key during a test enrollment. After their Hardware Security Module (HSM) dutifully deleted its crypto keys during a power outage, it was all 'Oops, why is there no backup?' All issued cards must be replaced: 'Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys. "We did not decide against a back-up service. The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfills this obligation is its own responsibility."'"

  11. Linux Kernel 2.6.30 Released

    Linux · Os · · posted by Soulskill · from the stick-a-fork-in-it-wait-let-me-rephrase dept. · 341 comments
    diegocgteleline.es writes "Linux kernel 2.6.30 has been released. The list of new features includes NILFS2 (a new, log-structured filesystem), a filesystem for object-based storage devices called exofs, local caching for NFS, the RDS protocol (which delivers high-performance reliable connections between the servers of a cluster), a new distributed networking filesystem (POHMELFS), automatic flushing of files on renames/truncates in ext3, ext4 and btrfs, preliminary support for the 802.11w drafts, support for the Microblaze architecture, the Tomoyo security MAC, DRM support for the Radeon R6xx/R7xx graphic cards, asynchronous scanning of devices and partitions for faster bootup, the preadv/pwritev syscalls, several new drivers and many other small improvements."

  12. Linux Flourishes In 200-Year-Old Gold Markets

    Linux · Linuxbusiness · · posted by timothy · from the neal-stephenson-themes-everyhere dept. · 195 comments
    tbarkerload writes "H-Online [a spin off of a major German daily] reports on a gold trader managing over 15 tonnes of gold, worth $660m, with a platform built on open source tech. BullionVault operates a 24-7 electronic market in gold bullion open to both retail and professional traders. Their systems handle thousands of daily transactions from both human traders and bots operating through their API. If Linux has reached the world of hundred year old assaying firms, and Swiss vaults buried in mountains, can final world domination be too far away?"

  13. All Five Smartphones Survive Pwn2Own Contest

    Mobile · Cellphones · · posted by Soulskill · from the can't-hit-a-mobile-target dept. · 144 comments
    CWmike writes "Although three of the four browsers that were targets in the PWN2OWN hacking contest quickly fell to a pair of researchers, none of the smartphones were successfully exploited. TippingPoint had offered $10,000 for each exploit on any of the phones, which included the iPhone and the BlackBerry, as well as phones running the Windows Mobile, Symbian and Android operating systems. 'With the mobile devices so limited on memory and processing power, a lot of [researchers'] main exploit techniques are not able to work,' said TippingPoint's Terri Forslof. 'Take, for example, [Charlie] Miller's Safari exploit,' referring to Miller's 10-second hack of a MacBook via an unpatched Safari vulnerability that he'd known about for more than a year. 'People wondered why wouldn't it work on the iPhone, why didn't he go for the $10,000?' she said. 'The vulnerability is absolutely there, but it's a lot tougher to exploit on the iPhone.'" Chrome was the only browser at the contest that was not successfully exploited. We previously discussed day one of the contest, and a summary of day two is available as well.

  14. Ext4 Data Losses Explained, Worked Around

    Linux · Storage · · posted by timothy · from the you-did-back-up-right dept. · 421 comments
    ddfall writes "H-Online has a follow-up on the Ext4 file system — Last week's news about data loss with the Linux Ext4 file system is explained and new solutions have been provided by Ted Ts'o to allow Ext4 to behave more like Ext3."

  15. Apps That Rely On Ext3's Commit Interval May Lose Data In Ext4

    Linux · Storage · · posted by timothy · from the heavy-trade-off dept. · 830 comments
    cooper writes "Heise Open posted news about a bug report for the upcoming Ubuntu 9.04 (Jaunty Jackalope) which describes a massive data loss problem when using Ext4 (German version): A crash occurring shortly after the KDE 4 desktop files had been loaded results in the loss of all of the data that had been created, including many KDE configuration files." The article mentions that similar losses can come from some other modern filesystems, too. Update: 03/11 21:30 GMT by T : Headline clarified to dispel the impression that this was a fault in Ext4.

  16. QT 4.5 Released, Plus New IDE and Analysis Tool

    Tech · Programming · · posted by timothy · from the cute-train-is-the-q-train dept. · 62 comments
    stoolpigeon writes "QT 4.5 has arrived and is now available for download. This new release is quite significant due to licensing changes that now make it simpler to use QT in a wider range of products without cost as well as a number of new features. The latest version of Webkit is now integrated into the product. Qt 4.5 sees the introduction of QtBenchLib, a new component to make measuring the performance of the toolkit and checking for regressions easier. Mac developers who use Qt will note a major reworking of 4.5 on the Mac, now providing 64-bit support. QT Creator is a new IDE that looks to have combined a number of previously separate tools. And there is much more."