Pixel_K - Slashdot User

Submission + - Labour party suspends Freedom of Speech law (yahoo.com)

Submitted by Anonymous Coward on Friday July 26, 2024 @11:23AM

An anonymous reader writes: The government has decided to put a hold on the Higher Education (Freedom of Speech) Act 2023 “in order to consider options, including its repeal”, education secretary Bridget Phillipson announced on Friday.

The legislation, which was set to come into force next week, would have allowed the Office for Students (OfS) to sanction higher education providers and student unions in England if they did not sufficiently protect freedom of speech.

Submission + - NASA fires lasers at the ISS (theverge.com) 1

Submitted by joshuark on Friday July 26, 2024 @11:23AM

joshuark writes: The Verge reports, "NASA fired its space lasers to communicate with the ISS." NASA is testing 4K video streaming using lasers so that it can provide live coverage of the Artemis Moon landing.NASA normally uses radio waves to send data and talk between the surface to space but says that laser communications using infrared lasers. Although Artemis missions have been delayed, the fourth one that takes humans back to the Moon is still on track for 2028. By then, we might see clear 4K livestreams of astronauts on the Moon displayed on mainstream 8K TVs. Also ISS astronauts, cosmonauts, and unwelcomed commercial space-flight visitors can now watch their favorite porn in real-time, adding some life to a boring zero-G existence. Ralph Kramden when contacted by Ouiji board simple spelled out "Bang, zoom, straight to the moon!"

Submission + - Let's Encrypt Intent to End OCSP Service (letsencrypt.org)

Submitted by unixbhaskar on Friday July 26, 2024 @04:27AM

unixbhaskar writes: Well, Let's Encrypt decided to do another layer of security protocol update. And as per their statement stop IP tracking of the visitor.

The new kid in the block is Certificate Revocation Lists (CRLs) .

Submission + - Secure Boot Is Completely Broken On 200+ Models From 5 Big Device Makers (arstechnica.com)

Submitted by Anonymous Coward on Thursday July 25, 2024 @04:25PM

An anonymous reader writes: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fgithub.com%2Fraywu-aaeon..., and it's not clear when it was taken down. The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot.

Binarly researchers said their scans of firmware images uncovered 215 devices that use the compromised key, which can be identified by the certificate serial number 55:fb:ef:87:81:23:00:84:47:17:0b:b3:cd:87:3a:f4. A table appearing at the end of this article lists each one. The researchers soon discovered that the compromise of the key was just the beginning of a much bigger supply-chain breakdown that raises serious doubts about the integrity of Secure Boot on more than 300 additional device models from virtually all major device manufacturers. As is the case with the platform key compromised in the 2022 GitHub leak, an additional 21 platform keys contain the strings “DO NOT SHIP” or “DO NOT TRUST.” These keys were created by AMI, one of the three main providers of software developer kits that device makers use to customize their UEFI firmware so it will run on their specific hardware configurations. As the strings suggest, the keys were never intended to be used in production systems. Instead, AMI provided them to customers or prospective customers for testing. For reasons that aren't clear, the test keys made their way into devices from a nearly inexhaustive roster of makers. In addition to the five makers mentioned earlier, they include Aopen, Foremelife, Fujitsu, HP, Lenovo, and Supermicro.

Cryptographic key management best practices call for credentials such as production platform keys to be unique for every product line or, at a minimum, to be unique to a given device manufacturer. Best practices also dictate that keys should be rotated periodically. The test keys discovered by Binarly, by contrast, were shared for more than a decade among more than a dozen independent device makers. The result is that the keys can no longer be trusted because the private portion of them is an open industry secret. Binarly has named its discovery PKfail in recognition of the massive supply-chain snafu resulting from the industry-wide failure to properly manage platform keys. The report is available here. Proof-of-concept videos are here and here. Binarly has provided a scanning tool here.

Submission + - Project 2025 could escalate US cybersecurity risks, endanger more Americans (csoonline.com)

Submitted by snydeq on Thursday July 25, 2024 @11:25AM

snydeq writes: The conservative think tank blueprint for how Donald Trump should govern the US if he wins in November calls for dismantling CISA, among many cyber-related measures. Experts say this would increase cybersecurity risks, undermine critical infrastructure, and put more Americans in danger. CSO's Cynthia Brumfield takes a look at what could become of US cybersecurity policy under a Trump administration in 2025 and beyond.

Comment Re:if they don't give me the option... (Score 1) 84

by Pixel_K on Wednesday February 20, 2019 @11:48AM (#58152044) Attached to: 'Samsung's One UI Is the Best Software It's Ever Put On a Smartphone'

Play store, bxActions. Problem solved. (and yes I hate it that the option to disable it natively disappeared with the Pie update).

Anatomy of an Attempted Malware Scam 139

Posted by samzenpus on Thursday August 05, 2010 @01:44AM from the dial-M-for-malware dept.

Dynamoo writes "Malicious advertisements are getting more and more common as the Bad Guys try to use reputable ad networks to spread malware. Julia Casale-Amorim of Casale Media details the lengths that some fake companies will go to to convince ad networks to take the bait."

How To Rack Up $28,000 In Roaming Without Leaving the US 410

Posted by timothy on Tuesday February 24, 2009 @11:36AM from the seasick-yet-still-docked dept.

pmbasehore writes "While waiting for his cruise ship to depart, a man decided to use his AT&T wireless card and Slingbox account to watch the Bears vs. Lions football game. When he got his bill, he was slammed with $28,067.31 in 'International Roaming' charges, even though he never left American soil. The bill was finally dropped to $290.65, but only after the media got involved." He might have left the soil (the story says he was already aboard the ship), but shouldn't the dock count?

Comment Re:Those features are great and all... (Score 3, Informative) 290

by Pixel_K on Thursday October 02, 2008 @01:24PM (#25235259) Attached to: New Nintendo DSi Announced

but where the hell is my goddamn WPA support?

According to this link http://bb.watch.impress.co.jp/cda/news/23361.html (in Japanese) The DSi supports WPA(TKIP/AES) and WPA2(TKIP/AES)

Submission + - Ray tracing for gaming explored (pcper.com) 3

Submitted by

Vigile

on Thursday January 17, 2008 @03:26AM

Vigile writes: "Ray tracing is still thought of as the 'holy grail' for real-time imagery but because of the intense amount of calculations required it has been plagued with long frame render times. This might soon change, at least according to an article from Daniel Pohl, a researcher at Intel. With upcoming many-core processors like Intel's Larrabee he believes that real-time ray tracing for games is much closer than originally thought thanks in large part to the efficiency it allows with spatial partitioning and reflections when compared to current rasterization techniques. Titles like Valve's Portal are analyzed to see how they could benefit from ray tracing technology and the article on PC Perspective concludes with the difficulties combing the two rendering techniques as well as a video of the technology in action."

Futurama Returns! 226

Posted by Zonk on Friday November 30, 2007 @07:33PM from the teach-me-to-love-you-squishy-poet-from-beyond-the-stars dept.

Random BedHead Ed writes "Good news everyone! After a five year vanishing act the sci-fi spoof Futurama returned this week with a direct-to-DVD feature. Wired has an article about its return, including the story of the show's origins, a behind the scenes gallery, interviews with creators Matt Groening and David X. Cohen, and some interesting trivia. For example, did you know the ship has an overbite like a Simpson's character? Or that the show's title is taken from an exhibition at the 1939 Worlds Fair?." We just talked about this a bit the other day, too, in reference to a great interview on TVSquad.

Slashdot Top Deals