Novosti na Internet sceni

[Indy]

Rodžer je nešto mnogo ljut ovde. Ali, to ne znači da najverovatnije nije u pravu. Neki koji se profi bave programiranjem kažu da je više nego moguće da slučajno dođe do takve greške.

[Venom]

Pa naravno da je moguce, moguce je i da nije; mislim da niko nema toliki autoritet da kaze da je ovo sve slucajnost ili da nije slucajnost. S druge strane, taj "sporni" clanak se tice poznavanja buga, ne toga da su ga sami napravili. Da pomno prate svaki update, patch itsl. vezano konkretno za OpenSSL (ili bilo sta drugo) je takodje verovatno. Negde oko 1,0.

[Roger Sanchez]

Čovjek koji je ovo ubacio kao i njegov code reviewer akademski su ljudi iz Njemačke, potpisani imenom i prezimenom. Pregled tog commita u sorsu otvoren je od dana kad je napravljen. Riječ je očito o greški, vulnovi koji NSA zanimaju trebaju biti skriveni da imaju pravu vrijednost.

Pravo je pitanje zašto, kad se već freeloadaju na FOSS, sve te firme s ogromnim materijalnim resursima (Cisco, Google, Juniper, etc.) ne ulože bar u code review kad već ne ulažu u pisanje softwera. Čini mi se da je i gOOg ovo ulovio tek kad se bacio na fuzzing potaknut Snowdenijom.

[Aion]

Rodžer je nešto mnogo ljut ovde. Ali, to ne znači da najverovatnije nije u pravu. Neki koji se profi bave programiranjem kažu da je više nego moguće da slučajno dođe do takve greške.

Ja se profesionalno bavim programiranjem skoro 30 godina. Odgovorno tvrdim da u softveru koji sam napisao ima brdo gresaka ovog tipa. Svaki ozbiljan programer (koji programira, a ne palamudi) dnevno pravi ovakve greske. Vecina njih se otkrije prilikom testiranja, licnog pregleda koda, pregleda koda od drugih osoba, neke promaknu. Najgore je unositi ispravke i dodatke u postojeci kod, sto je ovde upravo bio slucaj.

 

Sa ovim prethodnim Rogerovim postom se potpuno slazem. Jebiga ako jedan google ne moze da ulozi pare u razvoj sopstvenog softvera za one delova sistema koji su osetljivi sa stanovista bezbednosti.

[Razzmatazz]

Ne verujem da je ovo namerno podmetnuto kao metoda upada za NSA ili neku drugu službu. Snowden jeste pisao o bekdorovima koji su namerno uključeni u sigurnosne protokole i kako su te bekdorove ugradili nosioci tehnologije u branši (MS, Google...) u saradnji sa sigurnosnim agencijama. I u to verujem, jer sam bio lično svedok kad je jedna od mojih bivših firmi razvila novi metod enkripcije i patentirala to - prodavati to evropskim firmama nije bio problem, ali kad smo otišli na američko tle, bio je oficijelni zahtev FBI-ja da se stvar promeni tako da oni to mogu da otključaju po potrebi (terorizam i slični izgovori), inače nećemo dobiti zeleno svetlo za prodaju u US. Ako su to nama zahtevali bez ikakvog blama, mogu samo da zamislim šta rade ovim velikim firmama koje još jesu američke kompanije i čije implementacije automatski koristi xy manjih firmi. Zato mislim da je veća verovatnoća da je ovo bio bug, nego namerno podmetnuta rupa. Jer da je namerno ugrađeno, moralo bi da bude sofisticiranije i sigurnije/komfornije za ove agencije da to koriste. A ne ovako - čitaš na random memoriju servera, pa možda ti upadne password, možda ključ, a možda i šoping lista nekog zaposlenog. Previše je to "trapavo" za tako nešto.

[Aion]

Ja sam uveren da ovo slucajan bug. Nema tu niceg sofisticiranog sto bi agencije mogle pametno da koriste. Dampujes slucajan sadrzaj memorije, koji moze da sadrzi sertifikat nekog korisnika. Moze da eventualno bude zanimljivo za hakere (mada i to tesko), za agencije nikako. Veca je steta u daljem urusavanju poverenja u sigurnost Interneta.

[Venom]

Wild at Heart: Were Intelligence Agencies Using Heartbleed in November 2013?

 

 

Yesterday afternoon, Ars Technica published a story reporting two possible logs of Heartbleed attacks occurring in the wild, months before Monday's public disclosure of the vulnerability. It would be very bad news if these stories were true, indicating that blackhats and/or intelligence agencies may have had a long period when they knew about the attack and could use it at their leisure.

[Roger Sanchez]

 

"Regrettably, the CRA has been notified by the Government of Canada's lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period," Canadian officials disclosed in a blog post published Monday morning. "Based on our analysis to date, Social Insurance Numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability. We are currently going through the painstaking process of analyzing other fragments of data, some that may relate to businesses, that were also removed."

Edited April 14, 2014 by Roger Sanchez

[Razzmatazz]

[renne]

Hm, ovde moze sad da se registruje: http://www.noip.com/free/

ma platio sam dns. ko će sad sve menjati

[Roger Sanchez]

oof, what a whimper.

 

 

 

The second blockbuster Apple v. Samsung patent trial has ended, and it looks like a Pyrrhic victory for Apple.

The Cupertino company can notch a second win, but with far less damages than it requested. Apple wanted $2.2 billion, and the jury awarded it $119.6 million, or just over 5 percent of what Apple had requested.

And Samsung wasn't the only infringer in court, the jury ruled. While Samsung was found to have infringed two of the five Apple patents used in court, Apple was also found to have infringed one of two Samsung patents. Samsung was awarded $158,400.

While Apple "won" this trial, Apple simply lost on damages. There's the best way to describe a number that's such a low proportion of what it was seeking.

From the trial's very beginning, Apple lawyers said that the whole purpose of Samsung presenting two patents of its own and asking for the "small" sum of $6 million was a cynical one: to convince the jurors that patents aren't worth that much.

If that was Samsung's goal—today's verdict is "mission accomplished." Considering litigation at this level is something of a war of attrition; Samsung has shown that it can basically fight Apple to a standstill. Considering Apple likely spent tens of millions on this trial alone, $120 million would certainly cover their legal bill but not make much difference beyond that.

In any case, both companies have plenty of cash in the bank, and the markets have accounted for even worst-case scenario outcomes (which this didn't come close to.) "Apple just won six hours of revenue," tweeted one court-watcher.

[Roger Sanchez]

Level 3 Communications network map

 

 

 

The orange lines are cable systems that Level 3 built and fully owns (the yellow lines are owned by multiple carriers or leased).  That means thousands of miles of fiber in trenches across land and thousands of miles of fiber in cables on the seabed. In all, our network contains approximately 180,000 miles of fiber – enough to circle the equator seven times.

[Roger Sanchez]

Moja tiha patnja, Casey J., izvještava:

Trolls bring down the launch of conservative social network “Reaganbook”
ReaganBook tried a soft launch, but wayward Internet denizens still found it.

by Casey Johnston - July 31 2014, 10:15pm CEST

A number of the profiles created on Reaganbook and cached by Google before the site was closed to the public, some of them NSFW.

The launch of ReaganBook, a conservative-oriented social network, was overrun by trolls Thursday despite its attempt at a soft launch meant specifically to avoid trolls. RawStory reports that the site was flooded with several fake accounts, including ones for Vladimir Putin, Sarah Palin, and Manuel Noriega. Eventually the whole site was taken offline.

ReaganBook is the work of Janet Porter, an Ohio Republican and founder of "pro-life, pro-advocacy" group Faith 2Action, according to The Daily Beast. The site, pitched as "Facebook for patriots," officially opened Tuesday and attracted such personalities as "Ben Ghazi, "Al Zheimers," "Ayn Randy," "Zombie Reagan," and "Ronald Reagan" himself. Users also created group pages for the band Slayer, "Cut Dicks for Christ,"    and various types of pornographic content, wrote The Daily Beast.

As of Thursday, the site is nothing but a boilerplate message thanking those who (attempted to) participate in the soft launch. "Your participation is helping us build a more secure site. Thank you!" the message reads. "Please be patient while we make the necessary changes to keep the site free from obscenity, pornography, and those intent on the destruction of life, liberty, and the family… As Reagan taught us, trust, but verify." The post is signed "Management." Ayn Randy could not be reached for comment.

 

[Svarog]

nema prikladnijeg topica, a nije mi se otvarala tema samo za ovo.

 

startup Seven Bridges Genomics, čiji je čitav inženjering lociran u Beogradu, a to je trenutno preko 60 ljudi, je dobio investiciju (grant) od strane američkog National Cancer Institute u visini od 5.8M$. sve to je u sklopu projekta Cancer Genomics Cloud Pilots za istraživanja raka (uprošćeno rečeno) gde je SBG jedini iz industrije dobio grant, dok su druga dva akademske institucije (The Broad Institute, kao i The Institute for Systems Biology). dodatna stvar koja se sada dešava je aktivnija podrška od strane Amazona SBG-u, koji je do sada bio samo cloud provider za platformu. Google je za to vreme sa svojim cloud-om stao uz jedan od instituta (Broad, ako se ne varam).

 

vest na StartIt-u: http://startit.rs/beogradski-sbgenomics-dobio-ugovor-vredan-5-8m-za-razvoj-revolucionarne-platforme-za-istrazivanje-raka/

Amazonovo saopštenje: http://aws.amazon.com/blogs/aws/next-generation-genomics-with-aws/

Edited October 22, 2014 by Svarog

[Indy]

 

Turski solarni internet magarci, ftw!

 

http://www.bbc.com/news/technology-28002064