Well the innovation here is obviously not the 80s video game 3D rendering but the fact that it tracks the user movement using just the camera, without the user needing to wear a ridiculous looking "tracking bar" mounted on safety goggles, if you don't see the innovation there well, can't help you.
It's a research group under the publicly funded research institute CNRS. This is French people tax euros at work (with likely a sprinkle of European funds).
You could also try to read about it...
The problem is not with SSL, it's with an attacker redirecting the traffic before it is in SSL, as your typical banking session usually start in plain HTTP. People then fail to understand the visual clues given by their browser.
This attack is a nice technical MITM/social engineering mix, countermeasures are not really purely technical, if banks stopped to be cheap and did all their serving over HTTPS there would not be any HTTP traffic to modify in the first place...
Smart developers do not have an adversarial attitude towards the people that pay their salaries.
Who pays their salary more? The odd 150 cheaters or the 150k non cheaters expecting the cheats to be banned? They'd lose more customers if people got the idea than cheating wasn't kept in check than they lost with that round of bans.
He didn't destroy anything. He stole unused stuff and cash.
The real hurt is not is stolen and destroyed items but in the loss of the alliance (just a legal shell) and the associated loss of sovereignty, of which I cannot find a good RL equivalent.
BNC still got lots of hardware and his in fighting condition despite the setback.
BoB got betrayed by one of its most trusted members, it's not unlike a RL CFO running with some company funds.
Individual players lost nothing, but will have a hard time rebuilding under the pressure they'll be under. Everyone is very excited, the big war (about 2 years now) has been a stalemate with both sides deeply entrenched, now there's some hope of a conclusion at last.
And at the very least, lots of boat violence(*).
* EVE meme made famous after a Chinese ISK farmer whose spaceship got caught by players said "Please do not violence my boat"
Nowadays, I understand that tracking information on satellites is pretty much in the public domain. Anybody got a link for a track on this one?
What part exactly in "Tue Aug 19, 2008" didn't you understand? Yeah that's it, that's the date of the article you linked. Since you look a bit challenged I'll take the opportunity to remind you than we are in 2009...
A lot of people assume since git uses SHA-1 and SHA-1 is used for cryptographically secure stuff, they think that it's a huge security feature. It has nothing at all to do with security, it's just the best hash you can get.
What I don't get is this hype about it being a Chinese-style "great firewall". Obviously it's nothing of the sort; there's no restriction on political or religious traffic or indeed anything except child porn.
How do you know? The banned site list isn't public...
The generaly accepted definition for "cracking a password" is, given the encrypted password, being able to generate a password the once entered in the authentication system will generate the same encrypted form.
For the second time, this attack does not permit that. This attack permits build two byte streams that hashes to the same value. So in a password context, assuming the password system permits the entry permits more than 1024 bits of arbitrary data to be entered as password (I don't remind the details well, but I think this is the amount of data that you must be able to change between the two streams) one could generate to "passwords" (being that long they don't qualify for this name anymore IMHO) that would hash to the same value.
How does that amount to an attack on MD5 passwords again? Never at any point the attack had been being able given a unknown to him MD5 hash to produce a stream that would hash to the same value.
It's the same attack that has already ben spoken about, just now it is available for the masses.
The scope of the attack is one can generate two files having the same MD5 sum, if he can have a random looking section in the middle of the file. i.e. possible in many binary formats but not possible in well formed ASCII text.
What the attack doesn't do is given a MD5 hash being able to find a byte stream that hashes to the same value. So passwords stored as their MD5 sums are still safe, you can't attack the RADIUS protocol with it and constructs like HMAC-MD5 used in SSL and IPsec are still safe. What you cannot trust anymore is for example the mechanism used to check distfiles on some BSD where the port system check the MD5 of the freshly downloaded archive. Nothing proves it is the same one that the porter used for the port (OpenBSD has been safe for a few years checking not only MD5 but SHA1 and RIPEMD, dunno for the other BSDs). And certificate authorities that don't modify the CSR they are submitted also are vulnerable to people forging certificates. Any serious CA won't be caught doing that mistake again.
One of the big lessons of these attacks on cryptographic hashes is : do not ever sign the hash of a document you didn't generate or at least modified (the document, not the hash).
Frankly this video is not representative, and btw most of what is shouted is insults towards the cops and the interior minister. I think this is akin to punks wearing svatiskas while not being nazi, great for the shock value. They certainly don't want charia who could cost them at least one hand.
What a joke... Maybe their parent were, althought many black Africans are Christian/Animist. But anyway most of those whose parent were Muslims are alcohol drinking, pork eating and certainly not mosque going. In fact, many imams (muslims clerics) in France edicted fatwas (religious orders) strictly prohibiting any riotting.
They are just kids with nothing better to do and the first days lax law enforcement gave them the very clear lesson it was possible to burn things and not being caught. And since it must be quite fun we get that result...
Being in the same situation I can vouch for the accuracy of the comment.
Another thing that the Americans could do is count the corpses. How many dead people our little civil war left dead? What? Less than any night in a typical US city. Another exercise is to put a cost on the riots, you'll see it has been avoided to burn anything of real value...
Slashdot Mirror
Well the innovation here is obviously not the 80s video game 3D rendering but the fact that it tracks the user movement using just the camera, without the user needing to wear a ridiculous looking "tracking bar" mounted on safety goggles, if you don't see the innovation there well, can't help you.
Also Johnny Chung Lee used to work at the HCII lab of CMU, not there.
It's a research group under the publicly funded research institute CNRS. This is French people tax euros at work (with likely a sprinkle of European funds).
You could also try to read about it... The problem is not with SSL, it's with an attacker redirecting the traffic before it is in SSL, as your typical banking session usually start in plain HTTP. People then fail to understand the visual clues given by their browser. This attack is a nice technical MITM/social engineering mix, countermeasures are not really purely technical, if banks stopped to be cheap and did all their serving over HTTPS there would not be any HTTP traffic to modify in the first place...
Smart developers do not have an adversarial attitude towards the people that pay their salaries.
Who pays their salary more? The odd 150 cheaters or the 150k non cheaters expecting the cheats to be banned? They'd lose more customers if people got the idea than cheating wasn't kept in check than they lost with that round of bans.
He didn't destroy anything. He stole unused stuff and cash. The real hurt is not is stolen and destroyed items but in the loss of the alliance (just a legal shell) and the associated loss of sovereignty, of which I cannot find a good RL equivalent. BNC still got lots of hardware and his in fighting condition despite the setback.
BoB got betrayed by one of its most trusted members, it's not unlike a RL CFO running with some company funds.
Individual players lost nothing, but will have a hard time rebuilding under the pressure they'll be under. Everyone is very excited, the big war (about 2 years now) has been a stalemate with both sides deeply entrenched, now there's some hope of a conclusion at last.
And at the very least, lots of boat violence(*).
* EVE meme made famous after a Chinese ISK farmer whose spaceship got caught by players said "Please do not violence my boat"
Is the 0.0 experiment, travel log of a noob taking off for the wild 0.0 space http://00experiment.blogspot.com/
EvE if for people who find fun to screw over people. In no other game I played the loss was so harsh. And it is what makes victories all the sweeter.
In other news, I just killed Revolver Ocelot in MGS. It was a really tough fight but I managed to pull it out. Can I get my own Slashdot article too?
I kinda doubt that it impacted greatly the hobby of 2k+ people, so sorry, no.
Small change... I don't actually expect to see Islam 1500 year in my lifetime. The Prophet birth is circa 570 and Islam itself quite a few year later.
Man, Islam is not even 1500 year old yet... Way to lose credibility fast.
Some US Gov sources claim launch was a failure:
http://www.reuters.com/article/worldNews/idUSN1927773920080819
Nowadays, I understand that tracking information on satellites is pretty much in the public domain. Anybody got a link for a track on this one?
What part exactly in "Tue Aug 19, 2008" didn't you understand? Yeah that's it, that's the date of the article you linked. Since you look a bit challenged I'll take the opportunity to remind you than we are in 2009...
They did the bit about factorization right because they had Adleman (the A in RSA) as a consultant on the movie. http://world.std.com/~reinhold/math/sneakers.adleman.html
A lot of people assume since git uses SHA-1 and SHA-1 is used for cryptographically secure stuff, they think that it's a huge security feature. It has nothing at all to do with security, it's just the best hash you can get.
Lulz, well no, frightening actually.
What I don't get is this hype about it being a Chinese-style "great firewall". Obviously it's nothing of the sort; there's no restriction on political or religious traffic or indeed anything except child porn.
How do you know? The banned site list isn't public...
Who to believe?
And don't you think a real denial would have the name of a press contact attached?
Short sell Intel, the sacred cow just gor slaughtered.
And a bad one at that. Better use MD5(secret input secret2) or even better use a properly defined one like HMAC if what you want is a MAC.
Or you may have a brain tumor...
The generaly accepted definition for "cracking a password" is, given the encrypted password, being able to generate a password the once entered in the authentication system will generate the same encrypted form.
For the second time, this attack does not permit that. This attack permits build two byte streams that hashes to the same value. So in a password context, assuming the password system permits the entry permits more than 1024 bits of arbitrary data to be entered as password (I don't remind the details well, but I think this is the amount of data that you must be able to change between the two streams) one could generate to "passwords" (being that long they don't qualify for this name anymore IMHO) that would hash to the same value.
How does that amount to an attack on MD5 passwords again? Never at any point the attack had been being able given a unknown to him MD5 hash to produce a stream that would hash to the same value.
It can be used to generate two byte streams having the same hash, for some applications a big enough problem to render MD5 unusable.
It's the same attack that has already ben spoken about, just now it is available for the masses.
The scope of the attack is one can generate two files having the same MD5 sum, if he can have a random looking section in the middle of the file. i.e. possible in many binary formats but not possible in well formed ASCII text.
What the attack doesn't do is given a MD5 hash being able to find a byte stream that hashes to the same value. So passwords stored as their MD5 sums are still safe, you can't attack the RADIUS protocol with it and constructs like HMAC-MD5 used in SSL and IPsec are still safe. What you cannot trust anymore is for example the mechanism used to check distfiles on some BSD where the port system check the MD5 of the freshly downloaded archive. Nothing proves it is the same one that the porter used for the port (OpenBSD has been safe for a few years checking not only MD5 but SHA1 and RIPEMD, dunno for the other BSDs). And certificate authorities that don't modify the CSR they are submitted also are vulnerable to people forging certificates. Any serious CA won't be caught doing that mistake again.
One of the big lessons of these attacks on cryptographic hashes is : do not ever sign the hash of a document you didn't generate or at least modified (the document, not the hash).
A man who was beaten trying to estinguish a fire and died after a coma...
Frankly this video is not representative, and btw most of what is shouted is insults towards the cops and the interior minister. I think this is akin to punks wearing svatiskas while not being nazi, great for the shock value. They certainly don't want charia who could cost them at least one hand.
What a joke... Maybe their parent were, althought many black Africans are Christian/Animist. But anyway most of those whose parent were Muslims are alcohol drinking, pork eating and certainly not mosque going. In fact, many imams (muslims clerics) in France edicted fatwas (religious orders) strictly prohibiting any riotting.
They are just kids with nothing better to do and the first days lax law enforcement gave them the very clear lesson it was possible to burn things and not being caught. And since it must be quite fun we get that result...
Being in the same situation I can vouch for the accuracy of the comment.
Another thing that the Americans could do is count the corpses. How many dead people our little civil war left dead? What? Less than any night in a typical US city. Another exercise is to put a cost on the riots, you'll see it has been avoided to burn anything of real value...