Group items tagged

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total."When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

And, yes, the "but what about my $100 million movie" crowd will scoff and argue that this number is so "small." But, two points there: first, this number is growing very, very, very fast. And if you can't understand how trends explode, then you're going to be in trouble soon. Second -- and this is the more important point -- those funds helped create 8,000 films. For those who have been arguing about culture and how we're going to lose the ability to make movies... this suggests something amazing and important is happening which goes against all those gloom and doom predictions. By way of comparison, the UN, which keeps track of stats on film production, claimed that in 2009, 7,233 films were made. Worldwide.

Industry organizations have abandoned litigation efforts, and many copyright owners now compete directly with infringing products by offering licit content at a price of $0.

This sea change has ushered in an era of “copyright freeconomics.” Drawing on an emerging body of behavioral economics and consumer psychology literature, this Article demonstrates that, when faced with the “magic” of zero prices, the neoclassical economic model underpinning modern U.S. copyright law collapses. As a result, the shift to a freeconomic model raises fundamental questions that lie at the very heart of copyright law and theory. What should we now make of the established distinction between “use” and “ownership”? To what degree does the dichotomy separating “utilitarian” from “moral” rights remain intact? And — perhaps most importantly — has copyright’s ever-widening law/norm divide finally been stretched to its breaking point? Or can copyright law itself undergo a sufficiently radical transformation and avoid the risk of extinction through irrelevance?

The other interesting bit of the report is Newman's suggestion that an interesting proposal for changing copyright laws that might actually make traditional "maximalists" and "minimalists" both happy is to increase more moral rights for copyright -- and allow copyright holders to effectively choose if they want to enforce the "economic" rights to exclude by going after statutory damages, or, alternatively, enforce the "moral" rights to protect their reputation. His argument is that this might fit better with the nature of content creation today:

Earlier Edward Snowden leaks had revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve, which RSA used in its Bsafe security tool and now Snowden has revealed that RSA received $10 million from NSA for keeping Encryption Weak. So, anyone who knows the right numbers used in Random number generator program, can decipher the resulting cryptotext easily.

According to a new report from Der Spiegel based on internal NSA documents, the signals intelligence agency's elite hacking unit (TAO) is able to conduct sophisticated wiretaps in ways that make Hollywood fantasy look more like reality. The report indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories in order to implant bugs before they reach their destinations. According to Der Spiegel, the NSA's TAO group is able to divert shipping deliveries to its own "secret workshops" in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access. While the report does not indicate the scope of the program, or who the NSA is targeting with such wiretaps, it's a unique look at the agency's collaborative efforts with the broader intelligence community to gain hard access to communications equipment. One of the products the NSA appears to use to compromise target electronics is codenamed COTTONMOUTH, and has been available since 2009; it's a USB "hardware implant" that secretly provides the NSA with remote access to the compromised machine.

Starting tomorrow, Microsoft will launch a Windows Insider Program that will give users who are comfortable with running very early beta software access to Windows 10. This first preview will be available for laptops and desktops. A build for servers will follow later.

The company went on to detail that its new operating system will have a tailored user experience between different screen sizes — that’s to say that if you are on a smaller device, you will see a different sort of user interface. The code will run across all device categories: “One product family. One platform. One store.”

Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well.

Using genetically modified E. coli to generate biofuel isn’t new. U.K. scientists said in April they have developed a process under which the bacterium turns biomass into an oil that is almost identical to conventional diesel–a development that followed similar research by U.S. biotechnology firm LS9 in 2010. But the breakthrough this time is important because the reprogrammed E. coli can produce gasoline, a high-premium oil product that’s more expensive than diesel if the biofuel becomes commercially viable, according to Prof. Lee Sang-yup at the Korea Advanced Institute of Science and Technology. His team’s study was published in the international science journal Nature on Monday.

The significance of this breakthrough is that you don’t have to go through another process to crack the oil created by E. coli to produce gasoline. We have succeeded in converting glucose or waste biomass directly into gasoline,

only a few drops of the fuel per hour—making just 580 milligrams of gasoline from one liter of glucose culture.

the malware was more advanced than the malicious programs developed by the NSA-tied Equation Group that Kaspersky just exposed. More intriguing still, Kaspersky antivirus products showed the same malware has infected one or more venues that hosted recent diplomatic negotiations the US and five other countries have convened with Iran over its nuclear program.