Links from 2012-02-15

Filmpiraterie - Kein Schaden in den USA nachweisbar. | Fefes Blog

Was passiert, wenn sich Wirtschaftswissenschaftler mit der Frage beschäftigen, wieviel eigentlich an den von der Contentmafia herbeihalluzinierten Milliardenschäden durch Filmpiraterie dran ist. Die Antwort wird euch sicher genau so überraschen wie mich: Kein Schaden in den USA nachweisbar. Außerhalb der USA gibt es einen Schaden von 7% und mehr — aber nur bei Filmen, die im jeweiligen Land signifikant später anlaufen als in den USA.

Microsoft AV Flags Google.com as ‘Blacole’ Malware — Krebs on Security

Computers running Microsoft‘s antivirus and security software may be flagging google.com — the world’s most-visited Web site — as malicious, apparently due to a faulty Valentine’s Day security update shipped by Microsoft.

The destructive desktop — Linux in trouble? | Pas un Geek en tant que tel

The effect of all those changes are numerous. For one, it is no longer possible to run the system without a graphical user interface unless you plan to invest a huge amount of work and to throw out most of your system support. If you want to get vendor support, this is not the way you will want to go. You also can’t implement complex network or authentication setups anymore. The number of possible combinations in the configuration has been significantly reduced by removing options which are not typically used for desktop systems. Also, since the APIs have a tendency to change very frequently, typically, only genuine supported Gnome or Ubuntu/Fedora software tends to work on the long run. If you try to use an alternative which has an user interface you prefer or has a feature you want, you will find very frequently that it is trying to call some DBus interface which is no longer implemented or has a different set of parameters.

Fefes Blog

In dem Paper haben einige Kryptologen mal das Internet nach RSA-Schlüsseln durchsucht, einige Millionen eingesammelt, und geguckt, ob es da gemeinsame Primfaktoren in den Modulen gibt. More worrisome is that among the 4.7 million distinct 1024-bit RSA moduli that we had originally collected, more than 12500 have a single prime factor in common. […] in our current collection of 7.1 million 1024-bit RSA moduli, almost 27000 are vulnerable and 2048-bit RSA moduli are affacted as well. Das ist ein sehr gruseliges Ergebnis. Ihre Schlussfolgerung ist, dass das Generieren von RSA-Schlüsseln deutlich risikobehafteter ist als das Generieren von Schlüsseln mit nur einer Komponente, wie bei ElGamal oder (EC)DSA.

EFF: Tens of thousands of websites’ SSL „offers effectively no security” - Boing Boing

The Electronic Frontier Foundation’s SSL Observatory is a research project that gathers and analyzes the cryptographic certificates used to secure Internet connections, systematically cataloging them and exposing their database for other scientists, researchers and cryptographers to consult. Now Arjen Lenstra of École polytechnique fédérale de Lausanne has used the SSL Observatory dataset to show that tens of thousands of SSL certificates „offer effectively no security due to weak random number generation algorithms.” Lenstra’s research means that much of what we think of as gold-standard, rock-solid network security is deeply flawed, but it also means that users and website operators can detect and repair these vulnerabilities.

Chinesische Hacker gingen bei Nortel ein und aus | heise Security

Mutmaßliche chinesische Hacker haben laut einem Zeitungsbericht über viele Jahre Zugang zum Computersystem des Telekom-Ausrüsters Nortel gehabt – und diesen auch ausgiebig genutzt. Dank sieben gestohlener Passwörter von Top-Managern habe es für die Eindringlinge ab dem Jahr 2000 bei Nortel kaum Geheimnisse gegeben, berichtete das „Wall Street Journal” am Dienstag unter Berufung auf eine interne Untersuchung.

Adam Curry’s Simple Weblog: SOPA is a Red Herring

It’s been highly underreported that ICANN is now accepting submissions for new gTLD’s, or ‘generic top level domains’. # Without getting into all the details of what that means, other than possibly hundreds if not thousands of new domains like .shop .dork .shill and .drone that you will be able to register vanity domain names under, ICANN has come up with a new requirement upon registration: # You must verify who you are when you register a new domain name, even an international one. # So, if I pay GoDaddy or any other outfit my $9 for curry.blog and have it point to my server at blog.curry.com, I will have to prove my identity upon registration. Presumably with some form of government approved ID. # This way, when OPEN or perhaps a non-NDS-version of SOPA is passed, if you break the rules, you will be hunted down, regardless of where you live or operate since this also includes international domain names. #

Tagged as: delicious, links | Author: Martin Leyrer
[Donnerstag, 20120216, 04:00 | permanent link | 0 Kommentar(e)