Pixel_K - Slashdot User

Submission + - Labour party suspends Freedom of Speech law (yahoo.com)

Submitted by Anonymous Coward on Friday July 26, 2024 @10:23AM

An anonymous reader writes: The government has decided to put a hold on the Higher Education (Freedom of Speech) Act 2023 “in order to consider options, including its repeal”, education secretary Bridget Phillipson announced on Friday.

The legislation, which was set to come into force next week, would have allowed the Office for Students (OfS) to sanction higher education providers and student unions in England if they did not sufficiently protect freedom of speech.

Submission + - NASA fires lasers at the ISS (theverge.com) 1

Submitted by joshuark on Friday July 26, 2024 @10:23AM

joshuark writes: The Verge reports, "NASA fired its space lasers to communicate with the ISS." NASA is testing 4K video streaming using lasers so that it can provide live coverage of the Artemis Moon landing.NASA normally uses radio waves to send data and talk between the surface to space but says that laser communications using infrared lasers. Although Artemis missions have been delayed, the fourth one that takes humans back to the Moon is still on track for 2028. By then, we might see clear 4K livestreams of astronauts on the Moon displayed on mainstream 8K TVs. Also ISS astronauts, cosmonauts, and unwelcomed commercial space-flight visitors can now watch their favorite porn in real-time, adding some life to a boring zero-G existence. Ralph Kramden when contacted by Ouiji board simple spelled out "Bang, zoom, straight to the moon!"

Submission + - Let's Encrypt Intent to End OCSP Service (letsencrypt.org)

Submitted by unixbhaskar on Friday July 26, 2024 @03:27AM

unixbhaskar writes: Well, Let's Encrypt decided to do another layer of security protocol update. And as per their statement stop IP tracking of the visitor.

The new kid in the block is Certificate Revocation Lists (CRLs) .

Submission + - Secure Boot Is Completely Broken On 200+ Models From 5 Big Device Makers (arstechnica.com)

Submitted by Anonymous Coward on Thursday July 25, 2024 @03:25PM

An anonymous reader writes: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fgithub.com%2Fraywu-aaeon..., and it's not clear when it was taken down. The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot.

Binarly researchers said their scans of firmware images uncovered 215 devices that use the compromised key, which can be identified by the certificate serial number 55:fb:ef:87:81:23:00:84:47:17:0b:b3:cd:87:3a:f4. A table appearing at the end of this article lists each one. The researchers soon discovered that the compromise of the key was just the beginning of a much bigger supply-chain breakdown that raises serious doubts about the integrity of Secure Boot on more than 300 additional device models from virtually all major device manufacturers. As is the case with the platform key compromised in the 2022 GitHub leak, an additional 21 platform keys contain the strings “DO NOT SHIP” or “DO NOT TRUST.” These keys were created by AMI, one of the three main providers of software developer kits that device makers use to customize their UEFI firmware so it will run on their specific hardware configurations. As the strings suggest, the keys were never intended to be used in production systems. Instead, AMI provided them to customers or prospective customers for testing. For reasons that aren't clear, the test keys made their way into devices from a nearly inexhaustive roster of makers. In addition to the five makers mentioned earlier, they include Aopen, Foremelife, Fujitsu, HP, Lenovo, and Supermicro.

Cryptographic key management best practices call for credentials such as production platform keys to be unique for every product line or, at a minimum, to be unique to a given device manufacturer. Best practices also dictate that keys should be rotated periodically. The test keys discovered by Binarly, by contrast, were shared for more than a decade among more than a dozen independent device makers. The result is that the keys can no longer be trusted because the private portion of them is an open industry secret. Binarly has named its discovery PKfail in recognition of the massive supply-chain snafu resulting from the industry-wide failure to properly manage platform keys. The report is available here. Proof-of-concept videos are here and here. Binarly has provided a scanning tool here.

Submission + - Project 2025 could escalate US cybersecurity risks, endanger more Americans (csoonline.com)

Submitted by snydeq on Thursday July 25, 2024 @10:25AM

snydeq writes: The conservative think tank blueprint for how Donald Trump should govern the US if he wins in November calls for dismantling CISA, among many cyber-related measures. Experts say this would increase cybersecurity risks, undermine critical infrastructure, and put more Americans in danger. CSO's Cynthia Brumfield takes a look at what could become of US cybersecurity policy under a Trump administration in 2025 and beyond.

Comment Re:if they don't give me the option... (Score 1) 84

by Pixel_K on Wednesday February 20, 2019 @10:48AM (#58152044) Attached to: 'Samsung's One UI Is the Best Software It's Ever Put On a Smartphone'

Play store, bxActions. Problem solved. (and yes I hate it that the option to disable it natively disappeared with the Pie update).

Google Demonstrates Chrome Native Client With Bastion 154

Posted by Soulskill on Friday December 09, 2011 @05:45PM from the smashing-crates-in-the-browser dept.

Multiple readers sent word that Bastion, an action RPG from indie developer Supergiant Games originally made for Xbox Live Arcade, has shown up in the Chrome Web Store. The purpose of the move is to showcase the browser's Native Client technology. From the article: "Ian Ellison-Taylor, Google's director of product management for the open Web platform, said that Native Client, also called NaCl, can currently improve browser performance by 1 to 10 times. 'What would it be like if we could run native code inside the browser,' he asked the crowd, and he enumerated two goals for the Native Client project. He said Google wants to bring native applications to the Web for performance and security reasons, and it wants to enrich the Web ecosystem by bringing popular, long-in-use programming languages to the Web."

Russian Software Company Says Its App Can Crack BlackBerry Security 78

Posted by timothy on Sunday October 02, 2011 @11:25AM from the put-down-that-wrench dept.

AZA43 leaps into the ranks of accepted submitters, writing "Russian security software vendor Elcomsoft has released an app that it claims can determine BlackBerry handheld passwords. The software supposedly hacks the BlackBerry password via an advanced handheld security setting that's meant to encrypt data stored on a user's memory card. And a hacker doesn't even need to have the BlackBerry to determine a password, just the media card."

Submission + - Oracle: Proud, Self-Reliant, Increasingly Isolated (itworld.com) 1

Submitted by

jfruhlinger

on Thursday September 29, 2011 @11:23AM

jfruhlinger writes: "One of Oracle's stated purposes when it bought Sun more than two years ago was to create full-stack appliances: SPARC servers running Solaris or Oracle Linux and Oracle's suite of app servers and of course its omnipresent database. Its new T4 processor is a reaffirmation of that strategy. But has the company painted itself into a corner? While it's cautiously embraced the cloud, its cloud services don't work with Windows or other companies' offerings, which kills much of their potential value; meanwhile, they've managed to alienate open source developers and big swaths of the Java community. It seems that Oracle's inability to play well with others is locking them out of the multipolar future."

Chrome 14 Beta Integrates Native Client 209

Posted by Soulskill on Friday August 12, 2011 @03:21PM from the going-native dept.

derGoldstein writes "This year Microsoft kept signaling that it's going back to lower-level code with a C++ renaissance. It would give C++ programmers the same priority that was, up until now, reserved for .Net programmers. They even launched a new show about it on their Channel9. Now Google wants to appeal to native programmers with their Native Client for Chrome. It seems the two companies want to cover both the higher-level JavaScript and lower-level C/C++. I dare hope this will give seasoned C/C++ programmers a place alongside JavaScript programmers at the web development table."

Submission + - Explosion at Foxconn factory kills 2, injures 16 (washingtonpost.com)

Submitted by arielCo on Friday May 20, 2011 @11:57PM

arielCo writes: There are several reports in the news about an explosion in a Foxconn factory in Chengdu that manufactures the iPad 2, killing 2 workers and injuring another 16. There's a short amateur video of the ensuing fire, taken during the evacuation.

Boot Linux In Your Browser 393

Posted by Soulskill on Tuesday May 17, 2011 @12:11AM from the year-of-linux-in-the-browser dept.

An anonymous reader writes "Fabrice Bellard, the initiator of the QEMU emulator, wrote a PC emulator in JavaScript. You can now boot Linux in your browser, provided it is recent enough (Firefox 4 and Google Chrome 11 are reported to work)."

SABAM Wants Truckers To Pay For Listening To Radio 337

Posted by Soulskill on Sunday March 27, 2011 @01:19AM from the tell-us-of-your-plight dept.

A user writes "SABAM, the Belgian RIAA, wants truckers to start paying for the copyrights to listen to the radio in their cabin (Google translation of Dutch original). SABAM already has a system in place to extract fees from businesses for having radios in the work area for businesses with more than 9 employees, and they find that truckers' cabins are areas of work and thus infringe on their copyrights. The local politicians think this is going too far; they believe truckers need a radio for safety reasons and view a truck cabin as 'an intimate place.'"

Mirah Tries To Make Java Fun With Ruby Syntax 444

Posted by timothy on Sunday March 20, 2011 @05:37PM from the user-friendly-is-hard dept.

An anonymous reader writes "Java is performant, widely adopted and eminently portable, however, its syntax is largely inherited from C++ along with some of its esoteric unfriendliness. Mirah aims to place a friendly face on Java through the implementation of a syntax whose primary concern is developer friendliness (think Ruby/Python/Groovy), and route of least surprise. The result is a truly cogent alternative syntax delivering readability, expressiveness and some compelling new language features."

Book Review: OSGi and Apache Felix 3.0 52

Posted by samzenpus on Monday February 07, 2011 @02:26PM from the read-all-about-it dept.

RickJWagner writes "OSGi is a Java framework that's designed to simplify application deployments in shared environments. It allows applications with differing dependencies to run side-by-side in the same container without any deployment time contortions. The end result is that your application that needs FooLib v2.2.2 can run right beside my application that needs FooLib v1.0, something not often possible in today's application servers." Keep reading for the rest of Rick's review.

Slashdot Top Deals