Group items tagged

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total."When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

Wheeler's latest revision doesn't entirely ban Internet fast lanes and will leave room for some deals, including public-interest cases like a health care company sending electrocardiography results.But unlike his initial proposal last month, Wheeler is seeking to specifically ban certain types of fast lanes, including prioritization given by ISPs to their subsidiaries that make and stream content, according to an FCC official who wasn't authorized talk about the revisions publicly before the vote. The FCC would retain powers to review any prioritization deals that may pose public harm.

California Governor Jerry Brown announced today that he has signed into law the Spaceflight Liability and Immunity Act, AB 2243.  This law provides the necessary liability protections for compliant companies in the state, should any spaceflight participant who has acknowledged the risks sustain any bodily injury during spaceflight activities. Currently, Florida, Virginia, and Texas also provide spaceflight companies liability protection.

last year the company described a prototype solid state lithium superionic conductor battery in an article in the journal Nature Materials that was based on a three dimensional framework. And just this month the company announced plans to introduce several new lines of hybrid and all electric vehicles over the next three years (after also announcing that the Prius hybrid now accounts for ten percent of all sales). The sticking point has been and remains, the batteries used in such vehicles which can account for up to half their cost to consumers.

The new battery, first described last year, uses Li10GeP2S12 in a layered three dimensional framework where cells are sandwiched together to create a stack of seven tiers with each having a voltage of four volts for a total of twenty eight at normal temperatures. The result, they say is a battery with five times the output density of previous varieties. To demonstrate its progress in refining the battery, the prototype was demonstrated recently to a group attending a green technology seminar as a power source for an electric scooter.

the 11,000 mile Lunar equator

will beam microwave and laser energy to giant energy conversion facilities on Earth. These beams will travel to semiconductors and inverters which will convert that energy to clean electricity to the grid that will power households, businesses and factories.

Shimizu’s plan uses Earthly materials, ceramics, water, glass, concrete, oxygen and solar cells. They would not ship water from Earth, they will make user of the Moon’s own resources and reduce the lunar soil using hydrogen shipped from our planet and then extract the water for use in construction.

Because of section 1201 of the DMCA, the "anti-circumvention" provision, companies have been abusing copyright law to block all sorts of actions that are totally unrelated to copyright. That's because 1201 makes it illegal to circumvent basically any "technological protection measures." The intent of the copyright maximalists was to use this section to stop people from breaking DRM. However, other companies soon distorted the language to argue that it could be used to block certain actions totally unrelated to copyright law -- such as unlocking garage doors, ink jet cartridges, gaming accessories... and phones

Now, with OneDrive for Business — the new SkyDrive Pro — Microsoft is selling cloud storage directly to businesses, no other strings attached. If you don’t want to buy into an Office-as-a-service contract, you can still buy cloud storage from Microsoft.

Microsoft is offering a deep discount — 50 percent

Wednesday's report exposes serious risks in what banks, mortgage companies, and other financial services call "knowledge-based authentication." Representatives from these services frequently rely on a list of about 100 questions such as "What was your previous address?" or "Which company services your mortgage?" when trying to determine if the person on the phone or filling out an application is the individual he claims to be. Ready access to the data stored by the data aggregators can make the difference between a fraudulent application being approved or rejected. Krebs goes on to recount a story told by Gartner fraud analyst Avivah Litan about a fellow analyst who witnessed an identity thief in action.

This is a fundamental problem for nations that aren't interested in exposing their traffic to American observation, whether they're engaged in nefarious activities or not. Long term, the problem could lead to the construction of digital firewalls, in which the United States is effectively isolated behind protective nodes built by local governments to scrub and redirect traffic away from potential capture points. This is directly in opposition to the central concept of the Internet, which is a dynamic structure capable of responding to outages or damage by routing around the problem.

After the disastrous technological launch of the healthcare.gov website, built by political cronies rather than companies who understand the internet, there has been plenty of discussion as to why the code wasn't open sourced. At that link, there's a good discussion from On the Media, with Paul Ford, discussing what a big mistake it was that the government decided not to open source the code and be much more transparent about the process. It discusses the usual attacks on open source and why they almost certainly don't apply to this situation.

Starting tomorrow, Microsoft will launch a Windows Insider Program that will give users who are comfortable with running very early beta software access to Windows 10. This first preview will be available for laptops and desktops. A build for servers will follow later.

The company went on to detail that its new operating system will have a tailored user experience between different screen sizes — that’s to say that if you are on a smaller device, you will see a different sort of user interface. The code will run across all device categories: “One product family. One platform. One store.”

the report recognized that email privacy is critical

one issue was left conspicuously unaddressed in the report. The Securities and Exchange Commission, the civil agency in charge of protecting investors and ensuring orderly markets, has been advocating for a special exception to the warrant requirement. No agency can or should have a get-out-of-jail-free card for bypassing the Fourth Amendment.

the algorithm is only as fair as the data fed into it.

Researchers have uncovered a malware campaign that gave attackers the ability to sabotage the operations of energy grid owners, electricity generation firms, petroleum pipelines, and industrial equipment providers.

the hacking group managed to install one of two remote access trojans (RATs) on computers belonging to energy companies located in the US and at least six European countries, according to a

Mega was founded by Kim Dotcom but the site bears little resemblance to his now defunct Megaupload. Perhaps most importantly, Mega was the most-scrutinized file-hosting startup ever, so every single detail simply had to be squeaky clean. As a result the site took extensive legal advice to ensure that it complies with every single facet of the law. Nevertheless, NetNames took the decision to put Mega in its report anyway, bundling the site in with what are described as some of the market’s most dubious players. This was not received well by Mega CEO Graham Gaylard. In a TorrentFreak article he demanded a full apology from NetNames and Digital Citizens Alliance and for his company to be withdrawn from the report. Failure to do so would result in “further action”, he said.

the malware was more advanced than the malicious programs developed by the NSA-tied Equation Group that Kaspersky just exposed. More intriguing still, Kaspersky antivirus products showed the same malware has infected one or more venues that hosted recent diplomatic negotiations the US and five other countries have convened with Iran over its nuclear program.