Domain: wikipedia.org
Stories and comments across the archive that link to wikipedia.org.
Stories · 7,048
-
Parallel Algorithm Leads To Crypto Breakthrough
Hugh Pickens writes "Dr. Dobbs reports that a cracking algorithm using brute force methods can analyze the entire DES 56-bit keyspace with a throughput of over 280 billion keys per second, the highest-known benchmark speeds for 56-bit DES decryption and can accomplish a key recovery that would take years to perform on a PC, even with GPU acceleration, in less than three days using a single, hardware-accelerated server with a cluster of 176 FPGAs. The massively parallel algorithm iteratively decrypts fixed-size blocks of data to find keys that decrypt into ASCII numbers. Candidate keys that are found in this way can then be more thoroughly tested to determine which candidate key is correct." Update by timothy, 2010-01-29 19:05 GMT: Reader Stefan Baumgart writes to point out prior brute-force methods using reprogrammable chips, including Copacobana (PDF), have achieved even shorter cracking times for DES-56. See also this 2005 book review of Brute Force, about the EFF's distributed DES-breaking effort that succeeded in 1997 in cracking a DES-encrypted message. "'This DES cracking algorithm demonstrates a practical, scalable approach to accelerated cryptography,' says David Hulton, an expert in code cracking and cryptography. 'Previous methods of acceleration using clustered CPUs show increasingly poor results due to non-linear power consumption and escalating system costs as more CPUs are added. Using FPGAs allows us to devote exactly the amount of silicon resources needed to meet performance and cost goals, without incurring significant parallel processing overhead.' Although 56-bit DES is now considered obsolete, having been replaced by newer and more secure Advanced Encryption Standard (AES) encryption methods, DES continues to serve an important role in cryptographic research, and in the development and auditing of current and future block-based encryption algorithms." -
Parallel Algorithm Leads To Crypto Breakthrough
Hugh Pickens writes "Dr. Dobbs reports that a cracking algorithm using brute force methods can analyze the entire DES 56-bit keyspace with a throughput of over 280 billion keys per second, the highest-known benchmark speeds for 56-bit DES decryption and can accomplish a key recovery that would take years to perform on a PC, even with GPU acceleration, in less than three days using a single, hardware-accelerated server with a cluster of 176 FPGAs. The massively parallel algorithm iteratively decrypts fixed-size blocks of data to find keys that decrypt into ASCII numbers. Candidate keys that are found in this way can then be more thoroughly tested to determine which candidate key is correct." Update by timothy, 2010-01-29 19:05 GMT: Reader Stefan Baumgart writes to point out prior brute-force methods using reprogrammable chips, including Copacobana (PDF), have achieved even shorter cracking times for DES-56. See also this 2005 book review of Brute Force, about the EFF's distributed DES-breaking effort that succeeded in 1997 in cracking a DES-encrypted message. "'This DES cracking algorithm demonstrates a practical, scalable approach to accelerated cryptography,' says David Hulton, an expert in code cracking and cryptography. 'Previous methods of acceleration using clustered CPUs show increasingly poor results due to non-linear power consumption and escalating system costs as more CPUs are added. Using FPGAs allows us to devote exactly the amount of silicon resources needed to meet performance and cost goals, without incurring significant parallel processing overhead.' Although 56-bit DES is now considered obsolete, having been replaced by newer and more secure Advanced Encryption Standard (AES) encryption methods, DES continues to serve an important role in cryptographic research, and in the development and auditing of current and future block-based encryption algorithms." -
NFL Claims the Fleur-De-Lis, They Guarantee
margaret writes "Now that hell has frozen over and the New Orleans Saints are amazingly good, the NFL has decided to start issuing cease and desist letters for use of the fleur-de-lis, a symbol dating back to the 12th century which has long been ubiquitous in Louisiana culture. Hell, it's on the official city flag, and Quebec's flag too — is the NFL going to go after the Canadians next?" -
NFL Claims the Fleur-De-Lis, They Guarantee
margaret writes "Now that hell has frozen over and the New Orleans Saints are amazingly good, the NFL has decided to start issuing cease and desist letters for use of the fleur-de-lis, a symbol dating back to the 12th century which has long been ubiquitous in Louisiana culture. Hell, it's on the official city flag, and Quebec's flag too — is the NFL going to go after the Canadians next?" -
NFL Claims the Fleur-De-Lis, They Guarantee
margaret writes "Now that hell has frozen over and the New Orleans Saints are amazingly good, the NFL has decided to start issuing cease and desist letters for use of the fleur-de-lis, a symbol dating back to the 12th century which has long been ubiquitous in Louisiana culture. Hell, it's on the official city flag, and Quebec's flag too — is the NFL going to go after the Canadians next?" -
RIAA Confusion In Tenenbaum & Thomas Cases?
NewYorkCountryLawyer writes "There seems to be a bit of confusion in RIAA-land these days, caused by the only 2 cases that ever went to trial, Capitol Records v. Thomas-Rasset in Minnesota, and SONY BMG Music Entertainment v. Tenenbaum, in Boston. In both cases, the RIAA has recently asked for extensions of time. In Thomas-Rasset, they've asked for more time to make up their mind as to whether to accept the reduced verdict of $54,000 the judge has offered them, and in Tenenbaum they've twice asked for more time to prepare their papers opposing Tenenbaum's motion for remittitur. What is more, it has been reported that after the reduction of the verdict, the RIAA offered to settle with Ms. Thomas-Rasset for $25,000, but she turned them down." -
Tracking Browsers Without Cookies Or IP Addresses?
Peter Eckersley writes "The EFF has launched a research project called Panopticlick, to determine whether seemingly innocuous browser configuration information (like User Agent strings, plugin versions and fonts) may create unique fingerprints that allow web users to be tracked, even if they limit or delete cookies. Preliminary results indicate that the User Agent string alone has 10.5 bits of entropy, which means that for a typical Internet user, only one in about 1,500 (2 ^ 10.5) others will share their User Agent string. If you visit Panopticlick, you can get a reading of how rare or unique your browser configuration is, as well as helping EFF to collect better data about this problem and how best to defend against it." I remember laughing years ago when I would see users who had modified their user agent string with some sort of defiant pro-privacy message, without realizing that their action made them uniquely identifiable out of hundreds of thousands of others. -
Aliens Are Likely To Look and Behave Like Us
It's the tripnaut! writes "The Daily Telegraph has posted an article stating that 'Professor Simon Conway Morris at Cambridge University will tell a conference on alien life that extraterrestrials will most likely have evolved just like earthlings and so resemble us to a degree with heads, limbs and bodies. They also add a cautionary note that 'Unfortunately they will have also evolved our foibles and faults which could make them dangerous if they ever did visit us on Earth." -
Humans Nearly Went Extinct 1.2M Years Ago
Hugh Pickens writes "Scientific American has a story on researchers from the University of Utah who have calculated that 1.2 million years ago, at a time when our ancestors Homo erectus, H. ergaster, and archaic H. sapiens were spreading through Africa, Europe, and Asia, there were probably only about 18,500 individuals capable of breeding in all these species together (PNAS paper here). Pre-humans were an endangered species with a smaller population than today's gorillas and chimpanzees. Researchers scanned two completely sequenced modern human genomes for a type of mobile element called Alu sequences, then compared the nucleotides in these old regions with the overall diversity in the two genomes to estimate differences in effective population size, and thus genetic diversity between modern and early humans. Human geneticist Lynn Jorde says that the diminished genetic diversity one million years ago suggests human ancestors experienced a catastrophic event at that time as devastating as the Toba super-volcano in Indonesia that triggered a nuclear winter and is thought to have nearly annihilated humans 70,000 years ago." -
A Case For the Necessity of Science Fiction
unc0nn3ct3d writes "This article makes an interesting point about the necessity of science fiction — or, more specifically, speculative fiction as a tool to aid in the long-term survival of the human species. 'We live in a world that is incredibly frightening for a growing portion of the population because of the exponential rate of change we are experiencing. Our world is changing so fast now that we often don't have time to contemplate the full ramifications that come with the increasingly rapid adoption of new technologies and social changes. Most often this is simply because these changes are being introduced almost one after another after another, without any time to breathe. Speculative fiction, however, if widely adopted, makes it almost instinctive that we think about these situations and possible outcomes before they even arise.'" -
Heat Engines Shrunk By Seven Orders of Magnitude
KentuckyFC writes "The vast majority of motors that power our planes, trains, and automobiles are heat engines. They rely on the rapid expansion of gas as it heats up to generate movement. But attempts to shrink them by any significant amount have mostly ended in failure. Today, the smallest heat engines have a volume of some 10^7 cubic micrometers. Now group of Dutch engineers has built a heat engine that is seven orders of magnitude smaller than this. The engine consists of a piezoelectric bar that expands and contracts in the normal piezoelectric way. However it also heats up and cools at the same time causing a thermal expansion and contraction, which lags the piezoelectric displacement. By carefully choosing the frequency of the driving AC current, the Dutch team found a resonant effect in which the thermal expansion and contraction amplifies the mechanical motion, making it a true heat engine. Operating the thermodynamic cycle in reverse turns the device into a heat pump or refrigerator. The total volume of the device is just 0.5 cubic micrometres." -
Supreme Court Rolls Back Corporate Campaign Spending Limits
lorenlal writes "The Supreme Court of the United States must have figured that restrictions on corporate support of candidates was a violation of free speech, or something like that." From the AP story linked above: "By a 5-4 vote, the court on Thursday overturned a 20-year-old ruling that said corporations can be prohibited from using money from their general treasuries to pay for campaign ads. The decision, which almost certainly will also allow labor unions to participate more freely in campaigns, threatens similar limits imposed by 24 states." -
Scientists To Breed the Auroch From Extinction
ImNotARealPerson writes "Scientists in Italy are hoping to breed back from extinction the mighty auroch, a bovine species which has been extinct since 1627. The auroch weighed 2,200 pounds (1000kg) and its shoulders stood at 6'6". The beasts once roamed most of Asia and northern Africa. The animal was depicted in cave paintings and Julius Caesar described it as being a little less in size than an elephant. A member of the Consortium for Experimental Biotechnology suggests that 99% of the auroch's DNA can be recreated from genetic material found in surviving bone material. Wikipedia mentions that researchers in Poland are working on the same problem." -
Microsoft Sues TiVo To Help AT&T
Julie188 writes "Microsoft is suing TiVo, claiming patent infringement. Microsoft is doing this because TiVo has sued AT&T — and AT&T happens to be Microsoft's largest customer of Microsoft's Mediaroom IPTV technology. Microsoft says that TiVo has copied Microsoft's Mediaroom IPTV technology in its DVRs. If Microsoft wins, it would effectively block TiVo from selling DVRs without a licensing deal with Microsoft." -
Iceland's Data Center Push Finally Gets Traction
miller60 writes "Iceland is poised for the completion of its first major international data center project, after years of marketing itself as a potential data center mecca. Iceland offers an ample supply of geothermal energy and an ideal environment for fresh air cooling, but its ambitions were slowed by the global financial collapse. But now the huge UK charity Wellcome Trust has provided funding to complete a new data center in a former NATO facility in Keflavik." -
Programming With Proportional Fonts?
theodp writes "Betty or Veronica? Mary Ann or Ginger? Proportional or Monospaced? There's renewed interest in an old blog post by Maas-Maarten Zeeman, in which M-MZ made the case for programming with proportional fonts, citing studies that show proportional fonts can be read 14% faster than fixed-width fonts. Try it for a couple of weeks, he suggests, and you might like it too. Nowadays, Lucida Grande is M-MZ's font of choice on OS X, and he uses Lucida Sans on Windows. Helvetica, anyone?" -
Programming With Proportional Fonts?
theodp writes "Betty or Veronica? Mary Ann or Ginger? Proportional or Monospaced? There's renewed interest in an old blog post by Maas-Maarten Zeeman, in which M-MZ made the case for programming with proportional fonts, citing studies that show proportional fonts can be read 14% faster than fixed-width fonts. Try it for a couple of weeks, he suggests, and you might like it too. Nowadays, Lucida Grande is M-MZ's font of choice on OS X, and he uses Lucida Sans on Windows. Helvetica, anyone?" -
Another Attack, On Law Firm Suing China
An anonymous reader writes "In the wake of the attack on Google, another company claims to be the victim of a similar attack. Gipson Hoffman & Pancione is a Los Angeles law firm whose client, CYBERsitter, is suing the government of China and several Chinese companies for using their intellectual property in the infamous Green Dam censorship filter. According to the firm, they have been targeted by a spear phishing attack from China." Relatedly, smartaleckkill writes with news that the US state department is to formally protest to China over the alleged cyber-attacks on Google, "likely early next week." -
Airport Access IDs Hacked In Germany
teqo writes "Hackers belonging to the Chaos Computer Club have allegedly cloned digital security ID cards for some German airports successfully which then allowed them access to all airport areas. According to the Spiegel Online article (transgoogleation here), they used a 200 Euro RFID reader to scan a valid security ID card, and since the scanner was able to pretend to be that card, used it to forge that valid ID. Even the airport authorities say that the involved system from 1992 might be outdated, but I guess it might be deployed elsewhere anyway." -
Obama Appointee Sunstein Favors Infiltrating Online Groups
megamerican writes "President Barack Obama's appointee to head the Office of Information and Regulatory Affairs advocated in a recent paper the 'cognitive infiltration' of groups that advocate 'conspiracy theories' like the ones surrounding 9/11 via 'chat rooms, online social networks, or even real-space groups and attempt to undermine' those groups. Sunstein admits that 'some conspiracy theories, under our definition, have turned out to be true' Sunstein has also recently advocated banning websites which post 'right-wing rumors' and bringing back the Fairness Doctrine. You can find a PDF of his paper here. For decades (1956-1971), the FBI under COINTELPRO focused on disrupting, marginalizing and neutralizing political dissidents, most notably the Black Panthers. More recently CENTCOM announced it would be engaging bloggers 'who are posting inaccurate or untrue information, as well as bloggers who are posting incomplete information.' In January 2009 the USAF released a flow-chart for 'counter-bloggers' to 'counter the people out there in the blogosphere who have negative opinions about the US government and the Air Force.'" -
Attractive Open Source Search Interfaces?
An anonymous reader writes "I work for a company that manages an online database for the political market. We add to this DB daily with updates from a variety of sources and our customers then search through this content via our Solr/Lucene search engine. My problem is, our search interface is a little, well, basic and I would love to know if there are any feature-rich open source alternatives out there. The only one I can find is Flamenco, and while that seems strong on categorisation, that seems to be about the height of it." -
Attractive Open Source Search Interfaces?
An anonymous reader writes "I work for a company that manages an online database for the political market. We add to this DB daily with updates from a variety of sources and our customers then search through this content via our Solr/Lucene search engine. My problem is, our search interface is a little, well, basic and I would love to know if there are any feature-rich open source alternatives out there. The only one I can find is Flamenco, and while that seems strong on categorisation, that seems to be about the height of it." -
One Variety of Sea Slugs Cuts Out the Energy Middleman
dragonturtle69 writes with this story, short on details but interesting: "These sea slugs, Elysia chlorotica, have evolved the ability to gain energy via photosynthesis. Forget about genetic modifications for sports enhancements. I want to be able to never need to eat again — or do I?" -
How To Judge Legal Risk When Making a Game Clone?
An anonymous reader writes "I'm an indie game developer making a clone of a rather obscure old game. Gameplay in my clone is very similar to the old game, and my clone even has a very similar name because I want to attract fans of the original. The original game has no trademark or software patent associated with it, and my clone isn't infringing on the original's copyright in any way (all the programming and artwork is original), but nevertheless I'm still worried about the possibility of running afoul of a look and feel lawsuit or something similar. How do I make sure I'm legally in the clear without hiring an expensive lawyer that my indie developer budget can't afford?" -
How Earth Avoided a Fiery Premature Death
Hugh Pickens writes "Space.com has a piece about changing theories of planet migration. The classic picture suggests that planets like Earth should have plummeted into the sun while they were still planetesimals, asteroid-sized building blocks that eventually collide to form full-fledged planets. 'Well, this contradicts basic observational evidence, like We. Are. Here,' says astronomer Moredecai-Mark Mac Low. Researchers investigating this discrepancy came up with a new model that explains how planets can migrate as they're forming and still avoid a fiery premature death. One problem with the classic view of planet formation and migration is that it assumes that the temperature of the protoplanetary disk around a star is constant across its whole span. It turns out that portions of the disk are opaque and so cannot cool quickly by radiating heat out to space. So in the new model, temperature differences in the space around the sun, 4.6 billion years ago, caused Earth to migrate outward as much as gravity was trying to pull it inward, and so the fledgling world found equilibrium in its current, habitable, orbit. 'We are trying to understand how planets interact with the gas disks from which they form as the disk evolves over its lifetime,' adds Mac Low. 'We show that the planetoids from which the Earth formed can survive their immersion in the gas disk without falling into the Sun.'" -
The Murky Origins of Zork's Name
mjn writes "Computational media researcher Nick Montfort traces the murky origins of Zork's name. It's well known that the word was used in MIT hacker jargon around that time, but how did it get there? Candidates are the term 'zorch' from late 1950s DIY electronics slang, the use of the term as a placeholder in some early 1970s textbooks, the typo a QWERTY user would get if he typed 'work' on an AZERTY keyboard, and several uses in obscure sci-fi. No solid answers so far, though, as there are problems with many of the possible explanations that would have made MIT hackers unlikely to have run across them at the right time." -
MagicJack Femtocell Gates Cell Traffic to VoIP
olsmeister writes "MagicJack is demonstrating a femtocell device at CES that will allow any GSM phone (locked or unlocked) to place free phone calls over the internet using VOIP. The device costs $40 and includes free service for 1 year. It supposedly will cover a 3,000 sq ft house." -
M.U.L.E. Is Back
jmp_nyc writes "The developers at Turborilla have remade the 1983 classic game M.U.L.E. The game is free, and has slightly updated graphics, but more or less the same gameplay as the original version. As with the original game, up to four players can play against each other (or fewer than four with AI players taking the other spots). Unlike the original version, the four players can play against each other online. For those of you not familiar with M.U.L.E., it was one of the earliest economic simulation games, revolving around the colonization of the fictitious planet Irata (Atari spelled backwards). I have fond memories of spending what seemed like days at a time playing the game, as it's quite addictive, with the gameplay seeming simpler than it turns out to be. I'm sure I'm not the only Slashdotter who had a nasty M.U.L.E. addiction back in the day and would like a dose of nostalgia every now and then." -
400 Years Ago, Galileo Discovered Four Jovian Moons
krswan writes "OK, the moons themselves are much older, but on January 7, 1610 Galileo first observed '4 fixed stars' surrounding Jupiter. Observations of their changing positions led Galileo to postulate they were really moons orbiting Jupiter, which became further evidence against Aristotelian Cosmology, which led to problems with the Roman Catholic Church, etc... Jupiter will be low in the southwest (in the Northern Hemisphere) after sunset this evening — nothing else around it is as bright, so you can't miss it. Celebrate by pointing binoculars or a telescope at Jupiter and checking out the moons for yourself." -
Hotmailers Hawking Hoax Hunan Half-Offs
Frequent Slashdot contributor Bennett Haselton writes "An estimated 200,000 Hotmail users currently have their auto-reply set to a message spamming an advertisement for Chinese scam websites, which sell "discounted" electronics. Presumably the spammers compromised a large number of Hotmail accounts to pull this off, but wouldn't it be pretty easy for Hotmail to query for which users have that set as their auto-reply, and turn the auto-reply off for them?" Read below for Bennett's thoughts.After a recent mailing that I sent out to a subset of my proxy mailing list, I got back 18 auto-replies from Hotmail users, all substantially similar to this:
Dear friend:
We are an electronic products wholesale .Our products are of high quality and low price. If you want to do business , we can offer you the most reasonable discount to make you get more profits. We are expecting for your business.
Please visit our website: www.wedosale.com
Email: wedosale@vip.188.com .
MSN: wedosale@hotmail.com .
Looking forward to your contact and long cooperation with us!
Our mainly products such the phones, PSP, display TV, notebook, video, computers, Mp4, GPS, xbox 360, digital cameras and so on.
Welcome to visit our website!Some of the spam auto-replies advertised different websites, and the wording varied between the different auto-responses, but they were all similar advertisements for Chinese electronics "retailers." (And so, I assume, the websites are all fronts for the same company -- if multiple spammers had independently hacked Hotmail users' accounts to set their auto-replies, it would be vanishingly unlikely that those spammers would all happen to be electronics hawkers.) This was from a mailing that I sent to a set of subscribers that included about 26,000 users with "hotmail.com" e-mail addresses. If 18 out of 26,000 users in my sample have had their accounts hacked to send spam auto-replies, then this must be happening to a large number of Hotmail users -- not a large proportion (only one in 1,500, in my sample), but with about 300 million Hotmail users, that would still be a large absolute number.
The same spammers have apparently been spamming through Hotmail auto-replies for at least 11 months, according to this post in the Windows Live Help community forum from January 2009. At first, some pundits seemed to have assumed that spammers had created these accounts themselves and subscribed the accounts to people's lists, in order to spam the list owners (and, if it's a list that accepts subscriber posts, broadcast the spam to the other list readers). However, looking at the addresses in my proxy mailing list that were sending the spam auto-replies, I noticed that (1) our records show that the auto-reply-spamming subscribers joined the mailing list by various means, signing up through different Circumventor websites, not indicative of how a spammer would have joined the list by automated means, and (2) many of their email addresses are associated with legitimate-looking Myspace and Facebook accounts. Thus it looks as if these were real users who joined the list legitimately, and then got their accounts hacked by the spammers, who set those users' accounts to send the spam as an auto-response.
(If you happened to look at the spammers' www.wedosale.com website, at this point you might be thinking: I don't want to give money to spammers, but can I really get a Blackberry for only $295? Couldn't I just order from the website, and then if the goods don't show up or they're not as advertised, I can dispute the charge on my credit card? Well, I signed up for a dummy account on the www.wedosale.com page and got as far as the order page, and the only payment types that they accept are wire transfer, Western Union, and Moneygram -- precisely those types where you cannot get the money back or dispute fraudulent charges. If you've already gone and ordered a Blackberry, don't hold your breath.)
If my 26,000 users were a representative sample of the 300 million current Hotmail users, then with 1 out of 1,500 users in my sample being "infected," I could estimate that about 200,000 Hotmail users (1/1500 times 300 million) are currently set to send spam auto-replies. Hotmail claims to process 3 billion non-spam e-mails per day, for an average of about 10 non-spam e-mails per Hotmail user. That's the average for all users; what's the average for the infected users? Some factors would tend to lead to a lower average for infected users -- if they have lots of friends sending them mail, it's more likely that one of their friends would have told them about the auto-reply spam and told them to turn it off, so perhaps the users still sending the spams are the ones who don't receive a lot of messages from their friends. On the other hand, some of the infected accounts may be receiving more (non-spam) e-mail than average; one reason people sometimes abandon webmail accounts is that they're getting too much mail, even from newsletters like the Circumventor list that they had legitimately subscribed to. So, figuring that factors in both directions roughly cancel out, if each infected user is receiving the average number of 10 emails per day and sending 10 auto-reply spams in response, that's still a total of 2 million outgoing spams per day shilling for nonexistent Chinese iPhones.
These are just back-of-the-envelope calculations, but even I'm overestimating by a whole order of magnitude, that's still 0.2 million auto-reply spams per day, or about 70 million spams that will be sent by this one company through Hotmail's servers in the coming year, if Hotmail doesn't stop it. (And closer to a billion spams in the coming year if I'm not overestimating.)
And it's actually worse than that, because these spams are less likely than average to be filtered, since they're coming from Hotmail's servers. Normally you'd think that the content-based module of a spam filter would have no problem catching a message like the one at the top of this article, especially if millions of similar messages have been spewed out over the past year. However, messages from Hotmail's servers, regardless of content, are less likely to be blocked, since their network has a good reputation for sending little spam overall (due to measures such as requiring users to fill out a CAPTCHA when signing up, blocking each account from sending more than 500 messages per day, etc.). When I sent messages to the infected Hotmail users from my Gmail account, to see if the auto-responses would get through Gmail's spam filter, Gmail's blocked only half of the replies. When I mailed all the users again from my Hotmail account, the results were strange -- most of the users' accounts sent back no auto-reply at all, not even a reply that got routed to my junk folder. (Why would Hotmail accounts not send an auto-reply in response to a message from a Hotmail user? Please post if you have any idea what's going on there.) However, of the infected Hotmail accounts that did send a spam auto-reply, 100% of those auto-reply spams were delivered to my inbox. (Apparently, Hotmail's spam filter usually assumes that messages from other Hotmail users can't possibly be spam.) Only Yahoo Mail's spam filter, when I sent a test message to the infected users from my Yahoo Mail account, blocked all of the auto-replies as junk mail.
For the infected users on my mailing list, I sent them a link to a set of instructions I'd written about how to set and un-set their Hotmail auto-reply and how to change their Hotmail password, with the hopes that they'd eventually see the message and follow the steps. 18 users rescued, 200,000 to go.
So this is basically what's happening, but it still leaves some unanswered questions, such as: Why Hotmail accounts, but not Yahoo Mail, GMail, or AOL accounts? I've never noticed any auto-reply spam sent from any accounts at any of those other services. Whatever the spammers did to gain control of so many Hotmail accounts, if it was profitable for them, why didn't they do the same thing for Yahoo Mail? And, why did only one spammer do this? If they're sending between 1 and 10 million spams per day for free, they're probably making money at it. Whatever they did to hack those accounts, why wouldn't other spammers figure out the same method and copy them?
Presumably the Chinese spammers stole large numbers of passwords from Hotmail users either via a huge phishing attack, or through a security hole in Hotmail or some other part of the Windows Live service. If it was done via a security hole in Hotmail that the spammers discovered, then that would explain why the spammer's methods only worked for Hotmail accounts, and also why no other spammers have copied their techniques. (A phishing attack, on the other hand, would be easy to modify for other webmail services, and would also be easy for other spammers to emulate, so that's not consistent with the observed evidence so far.) I also found this post from blogger Stuart Shelton describing how his account was hacked by Chinese spammers -- and from the blog post, it's clear that he's very tech-savvy and would have been unlikely to fall for a run-of-the-mill password phish. If the attack happened even to people who know what they're doing, that seems to make the security hole explanation more likely.
Perhaps others can come up with some theories about what happened. It's easy to come up with guesses, but the hard part is to reconcile them with the fact that it has only affected Hotmail users so far, and no other spammer seems to have figured out how to copy the same technique yet.
But there's a much simpler question too: Why doesn't Microsoft just turn off the auto-replies for these users' accounts? They can query to see exactly which users have these messages in their auto-replies, and then un-set the auto-reply automatically. Yes, I know that even for a simple database operation like that, there's always more to it when you're managing hundreds of millions of accounts across multiple servers -- but if it will stop this one sender from sending between 50 million and 500 million spams (that in many cases will bypass people's spam filters) from Hotmail's servers in the coming year, isn't it probably worth it?
And even if it wasn't a phishing attack this time, sooner or later some other spammer will probably capture tens or hundreds of thousands of Hotmail accounts using a phish or some other method, and try spamming through auto-replies as well. So if Hotmail "fixes" this batch of auto-reply spam for practice, then the next time it happens, they'll know exactly what to do to take care of it.
I've written some columns where I strongly believed every word but expected a lot of opposition, some where I wasn't sure if I was right and just wanted to see what people thought, and . But I rarely argue something that I think is a no-brainer. Hotmail should un-set the auto-replies for those users whose accounts are spamming for nonexistent Chinese electronics knockoffs, before those accounts send another several hundred million spams in the coming year. Am I smoking crack?
Then again, maybe expectations for Hotmail shouldn't be set too high. I use SpeakEasy for my mail provider, and on about November 19th I found that all messages sent to hotmail.com addresses from SpeakEasy's servers were being bounced with an error message rejecting them for "spam-like characteristics."I called SpeakEasy and they confirmed that they knew Hotmail was blocking all mail from their users (although for "security reasons," SpeakEasy couldn't tell me what they were trying to do about it). The block wasn't lifted until about November 28th, when my messages started getting through again.
If SpeakEasy, which has been in business for 15 years, has annual revenues of $60 million, and was bought in 2007 by Best Buy, can't even get through to Microsoft in less than 10 days to tell them to stop blocking all mail from their servers, then Microsoft should first fix their postmaster trouble ticket system, so that people are not blocked from writing to their friends and family members at Hotmail for a week and a half. Then get to work on the spam auto-responders.
-
Which Math For Programmers?
An anonymous reader writes "It is no news that the greatest computer scientists and programmers are/were mathematicians. As a kid 'hacking' if-else programs, I was not aware of the importance of math in programming, but few years later, when I read Engines of Logic by Martin Davis I started becoming increasingly more convinced of this. Unfortunately, math doesn't return my love, and prefers me to struggle with it. Now, as the end of the semester approaches, I am faced with a dilemma: What math subject to choose next? I have two choices: 'Discreet structures with graph theory' (discrete math; proofs, sets, algorithms and graphs) on one side, and 'Selected math chapters' (math analysis; vectors, euclidean space, differentials) on the other. I'm scared of the second one because it's said to be harder. But contrary to my own opinion, one assistant told me that it would be more useful for a programmer compared to the first subject. Then again, he's not a programmer. That's why I turn to you for help, fellow slashdotters — any advice?" -
Which Math For Programmers?
An anonymous reader writes "It is no news that the greatest computer scientists and programmers are/were mathematicians. As a kid 'hacking' if-else programs, I was not aware of the importance of math in programming, but few years later, when I read Engines of Logic by Martin Davis I started becoming increasingly more convinced of this. Unfortunately, math doesn't return my love, and prefers me to struggle with it. Now, as the end of the semester approaches, I am faced with a dilemma: What math subject to choose next? I have two choices: 'Discreet structures with graph theory' (discrete math; proofs, sets, algorithms and graphs) on one side, and 'Selected math chapters' (math analysis; vectors, euclidean space, differentials) on the other. I'm scared of the second one because it's said to be harder. But contrary to my own opinion, one assistant told me that it would be more useful for a programmer compared to the first subject. Then again, he's not a programmer. That's why I turn to you for help, fellow slashdotters — any advice?" -
The LHC, Black Holes, and the Law
KentuckyFC writes "Now that the physicists have had their say over the safety of the Large Hadron Collider, a law professor has produced a comprehensive legal study addressing the legal issue that might arise were a court to deal with a request to halt a multi-billion-dollar particle-physics experiment (abstract). The legal issues make for startling reading. The analysis discusses the problem with expert witnesses, which is that any particle physicists would be afraid for their livelihoods and anybody else afraid for their lives. How can such evidence be relied upon? It examines the well established legal argument that death is not a redressable injury under American tort law, which could imply that the value in any cost-benefit analysis of the future of the Earth after it had been destroyed is zero (there would be nobody to compensate). It asks whether state-of-the-art theoretical physics is really able to say that the LHC is safe given that a scientific theory that seems unassailable in one era may seem naive in the next. But most worrying of all, it points out that the safety analyses so far have all been done by CERN itself. The question left open by the author is what verdict a court might reach." -
Encryption Cracked On NIST-Certified Flash Drives
An anonymous reader writes "USB Flash drives with hardware based AES 256-bit encryption manufactured by Kingston, SanDisk and Verbatim have reportedly been cracked by security firm SySS. These drives are advertised to meet security standards suitable for use with sensitive US Government data (unclassified, of course) as emphasized by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST). It looks likes the Windows-based password entry program always sends the same character string to the drive after performing various crypto operations." -
Does Cheap Tech Undermine Legal Privacy Protections?
bfwebster writes "Orin Kerr, a George Washington University law professor who focuses on legal issues regarding information technology (I own a copy of his book Computer Crime Law) raises an interesting issue about a 2001 Supreme Court decision (Kyllo v. United States) that prohibited police from using a thermal imaging device on a private home without a warrant. (The police were trying to detect excess heat coming from the roof of a garage, as an indication of lamps being used to grow marijuana inside.) The Court made its decision back in 2001 because thermal imaging devices were 'not in general use' and therefore represented a technology that required a warrant. However, Kerr points out that anyone can now buy such thermal imaging devices for $50 to $150 from Amazon, and that they're advertised as a means of detecting thermal leakage from your home. In light of that, Kerr asks, is the Supreme Court's ruling still sound?" -
Palm Pre and WebOS Get Native Gaming
rboatright writes "WebOS developers have been waiting, and with the 1.3.5 release, Palm's open source page suddenly listed SDL. Members of the WebOS internals team took that as a challenge and within 24 hours had a working port of Doom running in SDL on the Pre, in a webOS card. 48 hours later, they not only had Quake running, but had found in the latest LunaSysMgr the requirements to launch a native app from the webOS app launcher from an icon just like any other app. At the same time, the team demonstrated openGL apps running. With full native code support, with I/O available via SDL, developers now have a preview into Palm's future intent with regard to native code SDK's, and a hint of what's coming." -
Core i5 and i3 CPUs With On-Chip GPUs Launched
MojoKid writes "Intel has officially launched their new Core i5 and Core i3 lineup of Arrandale and Clarkdale processors today, for mobile and desktop platforms respectively. Like Intel's recent release of the Pinetrail platform for netbooks, new Arrandale and Clarkdale processors combine both an integrated memory controller (DDR3) and GPU (graphics processor) on the same package as the main processor. Though it's not a monolithic device, but is built upon multi-chip module packaging, it does allow these primary functional blocks to coexist in a single chip footprint or socket. In addition, Intel beefed up their graphics core and it appears that the new Intel GMA HD integrated graphics engine offers solid HD video performance and even a bit of light gaming capability." -
Core i5 and i3 CPUs With On-Chip GPUs Launched
MojoKid writes "Intel has officially launched their new Core i5 and Core i3 lineup of Arrandale and Clarkdale processors today, for mobile and desktop platforms respectively. Like Intel's recent release of the Pinetrail platform for netbooks, new Arrandale and Clarkdale processors combine both an integrated memory controller (DDR3) and GPU (graphics processor) on the same package as the main processor. Though it's not a monolithic device, but is built upon multi-chip module packaging, it does allow these primary functional blocks to coexist in a single chip footprint or socket. In addition, Intel beefed up their graphics core and it appears that the new Intel GMA HD integrated graphics engine offers solid HD video performance and even a bit of light gaming capability." -
World's Tallest Building To Open Monday
dtmos writes "The Burj Dubai ('Dubai Tower' in Arabic) is scheduled to open to the public on Monday. Its height, claimed to be 824.55m (2,705.2 feet), but believed to be 818m (2,684 feet) — either way, more than half a mile — makes it far taller than Taiwan's Taipei 101, which had been the world's tallest skyscraper at 509m (1,670 feet)." -
Bono Hopes Content Tracking Will Help Media Moguls
Khalid Baheyeldin writes "In his New York Times op-ed column, Irish singer Bono, otherwise noted for his humanitarian efforts expressed dismay at losses music artists incur from internet downloads. He notes that 'we know from America's noble effort to stop child pornography, not to mention China's ignoble effort to suppress online dissent, that it's perfectly possible to track content.' He then goes on to wonder 'perhaps movie moguls will succeed where musicians and their moguls have failed so far, and rally America to defend the most creative economy in the world, where music, film, TV and video games help to account for nearly 4 percent of gross domestic product.'" -
Is Early Childhood Education Technology Moving Backwards?
theodp writes "Four decades ago, the NSF-sponsored PLATO Elementary Reading Curriculum Project (pdf) provided Illinois schoolchildren with reading lessons and e-versions of beloved children's books that exploited networked, touch-sensitive 8.5"x8.5" bit-mapped plasma screens, color images, and audio. Last week, the Today Show promoted the TeacherMate — a $100 gadget that's teaching Illinois schoolchildren to read and do math using its 2.5" screen and old-school U-D-L-R cursor keys — as a revolution in education. Has early childhood education managed to defy Moore's Law?" -
Do IT Pros Abuse Their Power?
An anonymous reader writes "I have noticed that many airports and hospitals I've visited have some kind of internet usage policy in place. Some use software similar to Websense, which effectively blocks sites based on blacklisting them by category. A commonly used blacklist prevents users from accessing 'forums or discussion boards,' yet I find that often these networks allow users to access sites like Fark, Slashdot, Digg and other message boards that appeal to the technical culture one might find in the IT world. In your experience, do IT administrators abuse their supervisory powers? Has there ever been a backlash from users or management for doing so?" -
Google Sets Censorship Precedent In India
eldavojohn writes "Censorship varies from country to country but India, home to a sixth of the world's population, appears to be shaping up much like China. Not far behind everyone else, Google has increasingly censored websites with an incident where a very popular politician died and Google forcibly deleted and dissolved a group on Orkut where offensive comments about the Chief Minister of Andhra Pradesh were posted. An official from India's Ministry of Communications and Information Technology said, 'If you are doing business here, you should follow the local law, the sentiments of the people, the culture of the country. If somebody starts abusing Lord Rama on a Web site, that could start riots.' The lengthy opinion piece calls attention to the beginnings of a definitive lack of free speech online for Indian citizens. A spokeswoman for the 'Do No Evil' company explained, 'India does value free speech and political speech. But they are weighing the harm of free speech against violence in their streets.'" -
The Amiga, Circa 2010 — Dead and Loving It
Orion Blastar writes "While many Amiga users have moved on to Linux, Mac OS X, and even, gasp shock, Microsoft Windows, some of us don't want to give up so easily. There are two open source projects that are keeping the Amiga legacy alive even if Amiga Inc. seems to be deader than a doornail and not really doing much but selling old Classic Amiga games for new platforms. Like WINE, there was a project to run AmigaOS 3.1 software for Linux and other platforms, but it evolved instead into an open source operating system named Amiga Research OS, or AROS. AROS is best run inside an emulator, and while it is not a modern OS like Linux, it can be downloaded and run inside of Linux (and the downloads section has more). While it is not ready for prime time yet, it is a promising OS that is being ported to many platforms and uses the user friendly Amiga GUI we Amiga users grew up with." Read on for more. "OK — maybe AROS is not modern enough for you, and you like Linux instead. Then you might like Anubis OS, as it is a hybrid of AROS and Linux. Much like when Apple took NextStep (based on *BSD Unix and the MACH kernel) and the classic Mac OS to make Mac OS X, this project wants to take Linux and AROS and do the same thing.
For those who want the classic Amiga, there is UAE, the Universal Amiga Emulator, which needs kickstart ROMs and boot disk images to work. You can buy them from Amiga Forever; the emulator comes with all the files you need plus other goodies.
For the classic Amiga 68K series, it is recreated via the Minimig, which uses SD cards instead of floppy disks; a must for retro computer hobbyists. AmigaOS 4.1 exists for PowerPC based SAM 440EP systems like the SAM 440Ep systems and parts sold here. (I am not associated with Amiga Kit or Amiga Inc. or any Amiga company. I am just an Amiga user since 1985 and very much into retro computing.)" -
Embedded OS RTEMS Turns 21
joelsherrill writes "RTEMS is a free real-time operating system for embedded systems. The project is celebrating the 21st birthday of RTEMS today. RTEMS supports the single process with filesystem POSIX profile on over a dozen processor architectures. To just be entering young adulthood, RTEMS has had a busy life. It has been a Google Summer of Code project twice (Thanks Google!). It has been to Venus on the Venus Express, circles Mars on the Electra radio, powers Herschel and Planck, is on its way to the asteroid belt aboard DAWN, and has been a key part of physics discoveries at the Stanford Linear Accelerator Center." -
Quantum Encryption Implementation Broken
I Don't Believe in Imaginary Property writes "Professor Johannes Skaar's Quantum Hacking group at NTNU have found a new way to break quantum encryption. Even though quantum encryption is theoretically perfect, real hardware isn't, and they exploit these flaws. Their technique relies on a particular way of blinding the single photon detectors so that they're able to perform an intercept-resend attack and get a copy of the secret key without giving away the fact that someone is listening. This attack is not merely theoretical, either. They have built an eavesdropping device and successfully attacked their own quantum encryption hardware. More details can be found in their conference presentation." -
Geoengineering a Snow-Free Winter Fails In Moscow
dinoyum writes "Moscow Mayor Yury Luzhkov's promise of a winter without snow in the capital city has fallen short. While cloud seeding is not a new concept for Russia, often used on major holidays, geoengineering snow has never been done to that magnitude. Carrying off the $6 million procedure required jets to spray silver iodide into coming clouds, ensuring that all precipitation fell before it reached the capital. However a combination of disrupted radar, wind control, and faulty weathermen have been blamed by Luzhkov for his failed attempt at playing with mother nature. For now, Russia can go back to enjoying snow." -
Geoengineering a Snow-Free Winter Fails In Moscow
dinoyum writes "Moscow Mayor Yury Luzhkov's promise of a winter without snow in the capital city has fallen short. While cloud seeding is not a new concept for Russia, often used on major holidays, geoengineering snow has never been done to that magnitude. Carrying off the $6 million procedure required jets to spray silver iodide into coming clouds, ensuring that all precipitation fell before it reached the capital. However a combination of disrupted radar, wind control, and faulty weathermen have been blamed by Luzhkov for his failed attempt at playing with mother nature. For now, Russia can go back to enjoying snow." -
Canadian Censorship Takes Down 4500 Sites
uncadonna writes "According to activist group The Yes Men, the government of Canada has shut down two parody websites criticizing Canada's poor environmental policy. The article goes on to claim that 'In response to Environment Canada's request, Serverloft immediately turned off a whole block of IP addresses, knocking out more than 4500 websites that had nothing to do with the parody sites or the activists who created them. Serverloft was shown no warrant, and never called the web hosting company about the shutdown.'" -
Graphic Novelist Calls For Better Game Violence
eldavojohn writes "Landry Walker (alternative comics creator of X-Ray Studios) has a brief opinion piece at Elder Geek asserting that all he wants for Christmas is more realistic game violence. While he acknowledges the world probably isn't ready for it, he wishes that getting shot in a video game was a bit more like getting shot in real life. From his piece: '... that's my problem with video game violence. Bullets are something we shrug off. Point blank fire with a machine gun is something that a tiny bit of flexible body armor and 20 seconds sitting on a magic invisibility inducing gargoyle can cure. Time and time again, I've heard people claim that they want to see a greater degree of realism in video games. But that's a lie. We don't want realism. We want fantasy. We want unlimited ammo and we want rapid respawns. We want to jump out of second story windows without a scratch. We want to dodge bullets and shake off mortal wounds without pause.' What say you, reader? Would this bring a new level of impossibility to video games or would there be a way to balance this out?"