CRIME attack is shown to decrypt HTTPS web sessions

first_img Security researchers Juliano Rizzo and Thai Duong devised a technique that can attack web sessions that are protected by the Secure Sockets Layer and Transport Layer Security protocols, only when they use certain data-compression schemes. These are compression schemes that reduce network congestion or the time it takes for webpages to load. Security experts have noted that a downside of compression is that it leaks clues about encrypted contents. For the attack to work, a computer user’s client and server hosting the targeted website need to support the vulnerable SSL/TLS features. According to reports, Internet Explorer was never vulnerable because it never supported SPDY or the TLS compression scheme known as Deflate. Apple’s Safari browser doesn’t support SPDY, but its use of compression is unknown.Google and Mozilla released patches after the weaknesses were reported by the researchers. A video taken by Rizzo and Duong shows Github.com, Dropbox.com, and Stripe.com, when visited with Chrome, succumbing to the CRIME attack, but those sites had disabled compression and are no longer vulnerable. Mozilla and Google have prepared patches that block the attack. More information: www.ekoparty.org/2012/juliano-rizzo.php This is a short demo of the CRIME attack against TLS protocol. Rizzo and Duong will take their demo of CRIME to the Buenos Aires, Argentina, security conference, Ekoparty, on September 21. Their attack technique no longer works on the most popular browsers to connect to HTTPS-protected websites, but security watchers believe this is a most useful reminder that the science of encrypton protection knows no rest. Their CRIME exploit is the type of attack that would be a large-scale attack by geopolitical antagonists. In turn, security watchers reasons are paying attention to the researchers’ CRIME technique. Citation: CRIME attack is shown to decrypt HTTPS web sessions (2012, September 14) retrieved 18 August 2019 from https://phys.org/news/2012-09-crime-shown-decrypt-https-web.html This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only. © 2012 Phys.org Hackers target British anti-crime agency website Explore further (Phys.org)—The fun of acronyms is reflected in coming up with CRIME, which stands for Compression Ratio Info-leak Made Easy. What it translates into, though, is not much fun. Two security researchers have developed the CRIME attack that can successfully decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure) connections. This, in theory, would be a serious weakness that would enable the hijacking of a user’s session cookie while the user is still authenticated to a website. Encryption protocols are the Internet’s fundamental safety cushion, the basic level of trust, in encrypting traffic that flows over open networks. They cryptographically confirm websites are really operated by those sites rather than cyber-criminals and spies. last_img read more

Continue reading

Laptop clipon is on a mission to outdo mouse

first_imgThe Haptix Touch creators are Darren Lim, CEO and Lai Xue. CTO. Haptix Touch is in San Francisco. They seek $100,000 to help fund manufacturing costs; the project will only be funded if at least $100,000 is pledged by September 13. They said the funding will go toward “refinement of the electronics and additional tooling for mass production.” Haptix currently works with Windows and Ubuntu. Android and OS X support are in the works.The retail price will be $70 but early birds can get a Haptix at $59. After that they cost $65. Haptix expects to ship to backers by February next year. More information: www.kickstarter.com/projects/h … ultitouch-reinvented Citation: Laptop clip-on is on a mission to outdo mouse (2013, August 15) retrieved 18 August 2019 from https://phys.org/news/2013-08-laptop-clip-on-mission-outdo-mouse.html Leap Motion targets May for pre-orders and store sales Explore further © 2013 Phys.org With Haptix, the option to clip the device on your laptop turns your keyboard into a multitouch tool with which you can control your computer entirely from your keyboard. (It automatically turns off when you type.) The device uses twin cameras to see what the user’s hands are doing and turns actions into input signals. You can use your middle finger as the cursor, your index finger to left-click, and your ring finger to right-click.People who are working with spreadsheets can use five-finger touch. Designers, artists and engineers can capture pen or brush strokes. A distinguishing feature about Haptix is hand comfort. The Haptix team is vocal about the fact that their product, in supporting 2D and 3D gestures, allows users to rest their hands while working, and in turn they can use the controller for extended periods without discomfort in the wrists. Haptix has two CMOS image sensors that capture the position of your hands in 640×360 resolution, attached to a microcontroller. The device works with any lighting condition—making use of infrared if in the dark. Haptix connects to a computer through a USB 2.0 cable.It supports a number of gesture types, including pinch to zoom, on flat surfaces, but gestures need to be performed within its field of vision. The Kickstarter prototype has a 120 degree field of view. The creators said they are in the middle of transitioning to better lenses with a 150 degree field of view. (Phys.org) —Haptix is a newly announced gesture-based controller that launched this week on Kickstarter. Haptix looks like a sleek ice cream bar with its anodized bead-blasted aluminum casing. The Haptix is designed to transform tabletops and keyboards into tools that you use to interact with your computer. Basically, it wants to be the reason that workers can finally say, without fear, goodbye mouse. The creators consider their device “Multitouch Reinvented.” They say that it is as intuitive and natural as a multitouch screen, just without the actual screen. They have a point. This product is no Leap Motion me-too hiccup, but rather an attempt to create a practical alternative for people who work with spreadsheets, reports, and design projects where traditionally the mouse and keyboard have been thought to be the most practical tools to get the work done. This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.last_img read more

Continue reading

Class0Firewall for SMS attack protection lands in Google Play

first_img This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only. Explore further Google appears poised to unveil new Nexus tablets Citation: Class0Firewall for SMS attack protection lands in Google Play (2013, December 3) retrieved 18 August 2019 from https://phys.org/news/2013-12-class0firewall-sms-google.html (Phys.org) —Last month, news of smartphone vulnerabilities ended with more of a bang than a whimper when Bogdan Alecu, a system administrator at Levi9 and, also, an independent security researcher, presented his findings about Nexus phones at DefCamp. This is a key conference on information security, and it ran from November 29 to November 30 in Bucharest.center_img © 2013 Phys.org More information: defcamp.ro/ In one of his tests, performed on a Nexus 4 with the screen unlocked and running Android 4.3, after receiving around 30 class 0 messages, the phone did not respond to taps or attempts to lock the screen. While in that state, the phone was unable to take incoming calls; a manual reboot was necessary. Overall, he said that he found Nexus phones –the Galaxy Nexus, Nexus 4, and Nexus 5—to be vulnerable to multiple SMS attempts which may force the phones to reboot or lose connectivity. The mischief is accomplished if the attacker sends around 30 Flash SMS messages to the phone. (He wanted to see what would happen if sending multiple messages to a device at short intervals.)Flash SMS messages are displayed on the screen and with this type of exploit, the user who ignores the messages without saving or dismissing actions at once may see the phone lose connectivity or reboot.According to reports, Alecu contacted Google about the issues. Is it only happening with Nexus phones? Alecu said he tried the attack on other devices with no such results. This does not mean the exploit would be impossible to carry out on smartphones from other vendors but so far he was only able to confirm such effects on Nexus phones. According to PCWorld, “We thank him for bringing the possible issue to our attention and we are investigating,” said a Google representative via email.According to Android Police, “Based on limited testing with devices from various vendors, the vulnerability appears to only affect the Nexus line running on all versions of stock Android through to the current release of KitKat.”The latest news is that a firewall app that addresses the vulnerability is available now in the Google Play store. The ClassOFirewall, from SilentServices, has been designed to help protect against such attacks; as a line of defense, the app limits how many Flash SMS can be received. Values can be set for threshold and block duration. If the number of incoming messages exceeds the defined value the message gets dropped by the Firewall. If a message gets dropped, a toast message appears. Class0Firewall is a Proof of Concept app, according to the description on Google Play, “discovered by Bogdan Alecu. He also came up with the idea for the defense.” Due to the SMS API change in Android 4.4 KitKat, the notice added, the Firewall has no effect but an attempt is to be made, said the notice, to find a way around.last_img read more

Continue reading

Xray images of cuprate superconductors reveals fractures clumps and defects

first_img Journal information: Nature Explore further Correlated quenched disorder due to Oi atomic stripes in Hg1201. Credit: Nature 525, 359–362 (17 September 2015) doi:10.1038/nature14987 © 2015 Phys.org As scientists continue with efforts to discover a superconductor that can work at room temperature, they are also studying the properties of superconductors that have already been found, a necessary prerequisite to actually using superconductors in real-world applications. In this latest effort, the researchers used scanning micro X-ray diffraction to study the structure of a copper oxide superconductor as electrons were flowing through it. As Carlson notes, the technology allowed for viewing electron-density distribution, which prior research had shown, at the quantum level, the material looked like stripped wallpaper. Instead of uniform striping however, which the team expected, they observed a mish-mash of clumps of various shapes. Further research showed that the density of the clumps was related to the how much doping was used to create the material.Carlson further explains that the findings by the team are important for two reasons: connectivity and dimensionality. The first could have implications for the transfer of charge between different domains, possibly serving as a hindrance to flow, making such materials impractical for use. Also the odd shapes appear to reduce dimensionality options which could wind up causing superconductors to behave differently than has been theorized. Complicating things is that the clumps appear to follow a power law, which suggests they may form in a way similar to fractals—electron behavior in such structures is not very well understood.The findings by the team suggest the path to understanding superconductors may be more complex than has been thought, though it also appears they may offer opportunities that have not yet been discovered. More work needs to be done—Carlson suggests a better observation of the morphology of the path that electrons take as they move through the material, should help. (Phys.org)—A team of researchers with members from several countries in Europe has used a type of X-ray diffraction to reveal defects in the way a superconductor develops. In their paper published in the journal Nature, the team describes the technique they used to study one type of superconductor and what they saw. Erica Carlson with Perdue University offers a News & Views piece on the work done by the team in the same journal issue.center_img More information: Inhomogeneity of charge-density-wave order and quenched disorder in a high-Tc superconductor, Nature 525, 359–362 (17 September 2015) DOI: 10.1038/nature14987AbstractIt has recently been established that the high-transition-temperature (high-Tc) superconducting state coexists with short-range charge-density-wave order and quenched disorder arising from dopants and strain. This complex, multiscale phase separation invites the development of theories of high-temperature superconductivity that include complexity. The nature of the spatial interplay between charge and dopant order that provides a basis for nanoscale phase separation remains a key open question, because experiments have yet to probe the unknown spatial distribution at both the nanoscale and mesoscale (between atomic and macroscopic scale). Here we report micro X-ray diffraction imaging of the spatial distribution of both short-range charge-density-wave ‘puddles’ (domains with only a few wavelengths) and quenched disorder in HgBa2CuO4 + y, the single-layer cuprate with the highest Tc, 95 kelvin. We found that the charge-density-wave puddles, like the steam bubbles in boiling water, have a fat-tailed size distribution that is typical of self-organization near a critical point. However, the quenched disorder, which arises from oxygen interstitials, has a distribution that is contrary to the usually assumed random, uncorrelated distribution. The interstitial-oxygen-rich domains are spatially anticorrelated with the charge-density-wave domains, because higher doping does not favour the stripy charge-density-wave puddles, leading to a complex emergent geometry of the spatial landscape for superconductivity. Researchers set new temperature record for a superconductor This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only. Citation: X-ray images of cuprate superconductors reveals fractures , clumps and defects (2015, September 17) retrieved 18 August 2019 from https://phys.org/news/2015-09-x-ray-images-cuprate-superconductors-reveals.htmllast_img read more

Continue reading

Conspiracy in play to strike off Roshan Giris name from electoral roll

first_imgDarjeeling: Former Gorkha Janmukti Morcha General Secretary Roshan Giri’s mother has alleged of a conspiracy to strike out her son’s name from the electoral list. This comes in the wake of a show cause notice served to him from the office of the Electoral Registration Officer, Darjeeling. Giri, who is wanted in numerous cases, is on the run.”There is a conspiracy to strike out his name. The police have been constantly pressuring me. They have even taken away computers, files and other valuables in the name of investigations,” alleged Deepa Giri, mother of Roshan Giri. Also Read – Heavy rain hits traffic, flightsGiri has been absconding since the political unrest in the Hills in July 2017. On September 16, 2017, warrants had been issued against GJM leader Bimal Gurung and 7 others including Giri.On March 6, a show cause notice was issued to Giri, stating that it has been proposed to delete his name from the electoral roll of 23 Darjeeling Assembly constituency, on the ground that he has “ceased to be or is not ordinarily a resident in the constituency.”Giri had been asked to reply either in person or through a representative within 11 am on March 23, if he desired to be heard, along with evidence that he wished to place in support of his representation. Also Read – Speeding Jaguar crashes into Merc, 2 B’deshi bystanders killed”The Election Commission of India, along with the Supreme Court, had earlier ordered for names of absconders to be struck off the electoral rolls. It is a routine electoral exercise all over the country. However, his name has not yet been struck off. No one has responded to the show cause yet,” stated Joyoshi Das Gupta, District Magistrate, Darjeeling.Sources state that similar notices will be sent to other absconders, including Gurung and his wife Asha Gurung. Directives of the Election Commission of India states “A person who is absent from his given address for long periods and is not available to, or traceable by the police authorities and the agencies interested with the task of execution of Non Bailable Warrant against him, can as a logical consequence, be presumed to be not ordinarily a resident at the address. The name of a person who has ceased to be an ordinary resident in the constituency, can be deleted by the Electoral Registration Officer.”In 2017, Punjab police intelligence wing had directed the districts to urgently delete the name of 20,968 proclaimed offenders and absconding criminals from the electoral rolls.last_img read more

Continue reading

No respite from rain in next 48 hrs MeT office

first_imgKolkata: The city and South Bengal districts may receive moderate to heavy rainfall in the next 48 hours, predicted the Regional Meteorological Centre at Alipore on Wednesday.It may be mentioned here that the incessant rain has already left several roads in the city inundated. People faced difficulties as there was waterlogging in some thoroughfares. In some parts, people are having harrowing experiences while travelling in vehicles, especially two-wheelers, due to the poor condition of roads. Also Read – Rain batters Kolkata, cripples normal lifeIn some stretches of DH Road, Jessore Road, EM Bypass and others, the roads are full of potholes.On Wednesday, it rained in several parts of the city throughout the day. The sky was overcast since the morning like other days. Kolkata and its adjoining areas witnessed incessant rains.This is due to the development of a depression over Bangladesh and its adjoining areas. The condition has been intensified as the depression is accompanied with cyclonic circulation. Along with the Gangetic planes, North Bengal is also getting ample amounts of rain. Kolkata Municipal Corporation is trying to address the problem of waterlogging by ensuring that all the pumps are fully functional. Normal traffic has been hit, owing to waterlogging in some parts of the city. Also Read – Speeding Jaguar crashes into Mercedes car in Kolkata, 2 pedestrians killedAccording to the weather office, Birbhum, Nadia, Murshidabad, East and West Midnapore, North and South 24-Parganas and Burdwan will receive heavy to very heavy rainfall in the next 24 hours, while some North Bengal districts like Darjeeling, Jalpaiguri, Alipurduar, Cooch Behar, Kalimpong, Malda, North and South Dinajpur will also witness heavy rainfall. It also issued a fresh alert, urging the fishermen not to voyage into the sea as it will remain turbulent. According to the Kolkata Municipal Corporation (KMC), Kamdohori pumping station registered 41 mm rainfall up to 2 pm on Wednesday, whereas Maniktala saw 28 mm, Birpara saw 35 mm, Belgachia saw 23 mm, Dhapa saw 32 mm, Topsia saw 39 mm, Ultadanga saw 25 mm, Pamarbridge saw 34 mm, Thanthania saw 26 mm, Ballygunge saw 34 mm, Mominpur saw 25 mm, Chetla saw 26 mm, Jodhpur Park saw 32 mm, Kalighat saw 33 mm, Jhinjira Bazar saw 22 mm and Behala saw 21 mm.last_img read more

Continue reading

Man dies after falling off Maa flyover cops scan CCTV footage

first_imgKolkata: A person died after he fell off Maa Flyover near Milan Mela on Monday morning.Some car drivers and pedestrians informed on-duty police personnel posted at the Parama Island about the incident. According to sources, some car drivers noticed a man lying in a pool blood on the service while going towards Eastern Metropolitan Bypass along the Park Circus connector. Pedestrians along others who noticed immediately informed the on-duty traffic police personnel. Also Read – Speeding Jaguar crashes into Mercedes car in Kolkata, 2 pedestrians killedPolice rushed the person to Chittaranjan National Medical College and Hospital using Kolkata Police’s trauma care ambulance. However, he was declared brought by the doctors. It was found that due to fall from a such height, the victim, a 35-year-old man, sustained major head injuries and several bones on the body were found broken. According to police sources, the sleuths suspect him to be a vagabond as indicated from his clothes. But question arose on how he had gone up on the flyover. The sleuths also suspect that someone might have thrown him off the flyover over personal rivalry or might have been hit by a speeding car and went over the guard wall due to the impactTo be sure about the incident, police are checking with the footages of the CCTV cameras in the said area on Maa flyover. Primarily, an Unnatural Death case has been initiated at Pragati Maidan police station.last_img read more

Continue reading

Tea association and unions fail to resolve arrear impasse

first_imgDarjeeling: The recent meeting between the Darjeeling Tea Association and the trade unions failed to resolve the ongoing arrear impasse. In January 2018, the daily wages of tea garden workers had been increased by Rs 17.50. In majority of tea gardens in the Hills, the increment took effect from March 2018.”Though a year has passed, still the arrear has not been paid in around 60 per cent of the tea gardens in the Hills,” said Balam Tamang, president, Darjeeling sub division committee, Darjeeling Terai Dooars Plantation Labour Union, which is affiliated to the Gorkha Janmukti Morcha. There are 87 gardens in the Hills. On March 1, the Darjeeling Terai Dooars Plantation Labour Union had issued an ultimatum to the gardens that if arrears were not paid within March 6, the dispatch of tea would be stopped from March 7. The joint forum of tea trade unions had threatened to stop plucking of leaves, if arrears were not paid by March 10. “Arrears could not be paid to tea workers because of financial paucity. By stopping plucking and dispatches the financial situation would further get compounded which would be detrimental to the interest of the workers and the onus of which would be on the trade unions themselves,” said Sandeep Mukherjee, principal advisor, Darjeeling Tea Association. Also Read – Bose & Gandhi: More similar than apart, says Sugata BoseThe unions have decided to continue the agitation. “The meeting failed because the Darjeeling Tea Association did not agree to pay arrears by March 10. They have not announced a fresh date for a meeting also. We will continue with the protests,” Tamang said. The joint forum has also decided to continue with the agitation. “We will wait till March 10 as declared earlier. If they fail to pay the arrear we will stop plucking tea leaves from March 11,” said Saman Pathak, a member of the joint forum.last_img read more

Continue reading

100 Left Front workers join Trinamool in Balurghat

first_imgBALURGHAT: In a major political development in South Dinajpur before the upcoming Parliamentary elections, 100 Left Front workers from different wards under Balurghat municipality joined Trinamool Congress on Tuesday afternoon, in presence of party candidate and popular theatre personality Arpita Ghosh.Ghosh conducted a workers’ conference in Balurghat for discussing a strategic plan before the polls, where she handed over the party flag to them. The newly joined workers were also welcomed by senior Trinamool leaders, including former PWD minister Shankar Chakraborty and Balurghat town party president Subhas Chaki. Also Read – Bose & Gandhi: More similar than apart, says Sugata BoseAccording to a source, there was speculation that a group of Left Front workers, mainly from RSP, would join the ruling party. “The Left Front workers have joined Trinamool as they were impressed by the policy for people made by Mamata Banerjee. Our Chief Minister’s policy has definitely geared up the development in Bengal. Their joining has proved that the general people trust Trinamool Congress despite fabricated speeches by different state and Central level BJP leaders against us. If this outward flow continues, Trinamool will do better in the district in the upcoming LS polls,” Ghosh said. Also Read – Rs 13,000 crore investment to provide 2 lakh jobs: MamataVisibly overwhelmed after joining the new party, the Left Front workers said: “We are fortunate enough to join Trinamool and will surely do our task sincerely for the party’s betterment from today onwards.” Political observers feel this joining will definitely give an advantage to the ruling party. “Some other workers from different political parties including BJP, Congress and Left Front are likely to join Trinamool soon,” said an observer. Former PWD minister Shankar Chakraborty said: “There is no doubt that this joining will make us stronger before the upcoming poll. We will surely have a positive reflection in the ballot box.”last_img read more

Continue reading

Celebrating nature with Garden Tourism Festival

first_imgTo celebrate the hues of mother nature and fervour of spring season, 32nd Garden Tourism Festival is being organised by Delhi Tourism in association with Government of Delhi. The festival will be inaugurated today (February 15), at 4 pm by Manish Sisodia, Dy Chief Minister and Minister of Tourism, Government of Delhi.With the objective of creating awareness about the environment and showcasing the rich floriculture of Delhi, the three-day extravaganza will go on until February 17. Also Read – Add new books to your shelfBased on the theme of ‘Plants-Lifeline for Everyone’, it emphasises on the importance of plants in one’s home, and brings together various elements that help one create flourishing home gardens. The theme narrates the important role gardening plays in our life with various health and environmental benefits. The festival over the years has become the biggest flower show in the capital as participants include horticulture departments of NDMC, CPWD, DJB, DDA, SDMC, Northern Railways, Airport Authority, Noida Authority, Environment and Forest Department (GNCTD), leading nurseries, and suppliers of the horticulture equipment, seeds, fertilisers and others. A large variety of seasonal and exclusive flowers are displayed and competitions will be held in various categories. Special cultural programmes have been organised to entertain the visitors and create a festive atmosphere. A variety of food stalls and several amusement facilities for children will also be a part of the Festival. Also Read – Over 2 hours screen time daily will make your kids impulsiveThe venue, Garden of Five Senses spread over 22 acres of land is dotted with colourful flowers which shall add to the charm of the event. The highlights of 32nd Garden Tourism Festival is the display of terrariums, floral animals, potted plants, foliage, medicinal and herbal plants, hanging baskets, dahlia, roses, cacti, bonsai, bougainvillea, and more. Painting competition for children, garden bazaar, sale of flowers, plants, organic items, medicinal plants, gardening accessories, live entertainment, food stalls where people will get to savour the taste of different delicacies and activities like magic show, on the spot painting competition for children are planned for the festival. It shall remain open for the public from 11 am to 8 pm on all three days. Delhi Tourism will also provide free shuttle service from Saket Metro Station to the venue and back.last_img read more

Continue reading