blackstoneharness.com

Friday, May 16, 2008

A major security hole was discovered in the pseudo-random number generator (PRNG) of the Debian version of OpenSSL. OpenSSL is one of the most used cryptographic software, that allows the creation of secure network connections with the protocols called SSL and TLS. It is included in many popular computer programs, like the Mozilla Firefox web browser and the Apache web server. Debian is one of the most used GNU/Linux distributions, on which are based other distributions, like Ubuntu and Knoppix. The problem affects all the Debian-based distributions that were used to create cryptographic keys since the September 17, 2006. The bug was discovered by Luciano Bello, an argentine Debian package maintainer, and was announced on May 13, 2008.

This vulnerability was caused by the removal of two lines of code from the original version of the OpenSSL library. These lines were used to gather some entropy data by the library, needed to seed the PRNG used to create private keys, on which the secure connections are based. Without this entropy, the only dynamic data used was the PID of the software. Under Linux the PID can be a number between 1 and 32,768, that is a too small range of values if used to seed the PRNG and will cause the generation of predictable numbers. Therefore any key generated can be predictable, with only 32,767 possible keys for a given architecture and key length, and the secrecy of the network connections created with those keys is fully compromised.

These lines were removed as “suggested” by two audit tools (Valgrind and Purify) used to find vulnerabilities in the software distributed by Debian. These tools warned the Debian maintainers that some data was used before its initialization, that normally can lead to a security bug, but this time it was not the case, as the OpenSSL developers wrote on March 13, 2003. Anyway this change was erroneously applied on September 17, 2006, when the OpenSSL Debian version 0.9.8c-1 was released to the public.

Even though the Debian maintainer responsible for this software released a patch to fix this bug on May 8, 2008, the impact may be severe. In fact OpenSSL is commonly used in software to protect the passwords, to offer privacy and security. Any private key created with this version of OpenSSL is weak and must be replaced, included the session keys that are created and used only temporary. This means that any data encrypted with these keys can be decrypted without a big deal, even if these keys are used (but not created) with a version of the library not affected, like the ones included in other operating systems.

For example any web server running under any operating system may use a weak key created on a vulnerable Debian-based system. Any encrypted connection (HTTPS) to this web server established by any browser can be decrypted. This may be a serious problem for sites that requires a secure connection, like banks or private web sites. Also, if some encrypted connection was recorded in the past, it can be decrypted in the same way.

Another serious problem is for the network security software, like OpenSSH and OpenVPN, that are used to encrypt the traffic to protect passwords and grant the access to an administrative console or a private network protected by firewalls. This may allows hackers to gain unwanted access to private computers, networks or data traveled over the network, even if a not affected version of OpenSSL was used.

The same behavior can be applied to any software or protocol that use SSL, like POP3S, SSMTP, FTPS, if used with a weak key. This is the case of Tor, software used to offer strong anonymity on the TCP/IP, where about 300 of 1,500-2,000 nodes used a weak key. With 15-20% of weak Tor nodes, there is a probability of 0.34-0.8% circa to build a circuit that has all tree nodes weak, resulting in a full loss of anonymity. Also the case of only one weak node begin used may facilitate some types of attack to the anonymity. The Tor hidden services, a sort of anonymous public servers, are affected too. However the issue was speedly addressed on May 14, 2008.

The same problem also interested anonymous remailers like Mixmaster and Mixminion, that use OpenSSL to create the remailer keys for the servers and the nym keys for the clients. Although currently there is no official announcement, at least two remailer changed their keys because were weak.

Sunday, July 30, 2017

Robert Anker, a British dancer and member of troupe Diversity when they won the 2009 season of Britain’s Got Talent, died in a car accident in Canada on Thursday. Anker died after a collision between his Chevrolet Cobalt and a Ford pick-up truck. The accident occurred in Vaughan, Ontario at around 6:00 AM Thursday morning, local time. Anker, who moved to Canada last year, was 27 years old.

York Regional Police confirmed the accident had occurred and the driver of the pick-up truck was not injured. A spokesman for the British Foreign Office said “We are aware of the death of a British man in Canada. We are providing assistance to his family at this sad time”.

Anker’s cousin Rochelle Hanson set up a JustGiving page, by yesterday already past its target of £5,000, to raise funds for his family to travel to the funeral in Canada. Hanson said “The family are devastated. He was an amazing and talented dancer. We would love to ensure that his family don’t worry or stress about money at this time.”

Diversity, Anker’s former dance crew, tweeted “A former member of our group has tragically passed away. He inspired so many with his talent and was taken far too soon. R.I.P Rob.” The Twitter account for Britain’s Got Talent said “We are so sorry to hear of the loss of Robert Anker, our thoughts and condolences go out to his friends, family and the whole of Diversity.”

Dean Lee, a choreographer on talent show The X Factor, tweeted, “Rob Anker. I have no words to speak after hearing of your passing. This is truly heart breaking. Thanks for the memories. Shine bright.”

After winning the 2009 series of Britain’s Got Talent, Anker performed in music videos of singers Jessie J and Paloma Faith, and in the production of Thriller Live in the West End. Anker and his girlfriend Cyndi married in September.

Tuesday, November 13, 2007

This week in Taiwan Intel and other technology companies showcased server and computer hardware with processors built using “Penryn” technology, the second generation of quad core technology that is produced with the high-k metal Hafnium that has come to replace halogen and lead components, which are not environmentally safe.

This new 45 nanometer (45nm) process technology included features on Intel Streaming SIMD Extensions 4 (SSE4) compatible with video decoding (encoding) software, “Radix 16” which increased computing efficiency, and “deep power down” technology for energy efficiency. For the SSE4 feature, this will benefit makers of high-definition and AV-media, as both HDMI and 1080p are supported.

Companies that will participate in the Taiwan Informonth exhibition next month, announced that some products with “Penryn” processors will be on the market by then. Some companies like Tyan and Supermicro will provide small business solutions as well as enterprises solutions. This launch will be tied to other unveilings by the IT and AV-media industries in Taiwan.

Tuesday, April 5, 2005 Terry Vo, the 10-year old Australian boy who had two hands and a foot reattached by surgeons after losing them in an accident, has had to have the foot re-amputated. He will be given a prosthetic foot in its place.

The operation to re-attach three limbs was thought to have been a first – but was ultimately unsuccessful, with the foot having died inside, and receiving insufficient blood supply following the surgery to reattach it.

“That would lead to the small muscles in the foot actually constricting, the toes bending over and a deformed …. foot that is sort of clawed over and doesn’t have good sensation,” said plastic surgeon, Mr Robert Love today, on Australia’s ABC Radio.

“Even if you can get all of that to survive, he [would be] worse off than having had an amputation.”

“What is very disappointing is that for the first two days after [the operation] the foot looked absolutely magnificent,” he said.

Terry’s hands were healing well, said the surgeon. The prosthetic foot would allow him to walk normally, since his knee was intact.

Tuesday, January 24, 2006

Following the return of the Stardust space capsule from its encounter with the Comet Wild 2, NASA scientists have come up with a novel approach to dealing with the samples of “interstellar dust” that have been collected; they want help from the public.

The Stardust spacecraft carried an aerogel-based dust collector, which was exposed to space in varying orientations during different phases of the mission.

Only one side of the collector was exposed towards the stream of particles coming off the Comet Wild 2 during the encounter in 2004, while the other side was used to collect interstellar dust at an earlier point in the spacecraft’s journey.

Although scientists have seen the particles captured from comet Wild 2 when they examined the aerogel, they have not examined any of the particles expected on the other side of the collector due to their smallness. They will be examined after they are found with the help of Stardust@home. It is believed that on the order of 50 interstellar dust particles impacted the aerogel, each now resting inside a tiny crater.

Stardust traveled nearly three billion miles and its mission lasted seven years. At times it was traveling at 8 miles a second. Thats fast enough to go from San Francisco to Los Angeles in one minute.

Stardust set a new all-time record for being the fastest spacecraft to return to Earth, breaking the previous record set in May of 1969 during the return of the Apollo X(10) command module. Don Brownlee of the University of Washington, Seattle said “our spacecraft has traveled further than anything from Earth ever has – and came back. We went half-way to Jupiter to meet the comet and collect samples from it. But the comet actually came in from the outer edge of the solar system, out beyond the orbit of Neptune, out by Pluto.”

In a move similar to some distributed computing projects, the analysis work for the project will be spread among volunteers on the Internet, who are being asked to participate in this scientific undertaking.

Wikinews reporter Jason Safoutin investigated the Stardust@home project, and discussed its goals with one of its founders. Via email, he interviewed David P. Anderson, a founder of the SETI@home project, and one of the creators of the Virtual Microscope which will be used to search for captured particles from interstellar space.

I was wondering If I could get some questions answered or if you could give me some “insider” info for the project. I am aware that you are taking place in the development of the VM (Virtual Microscope)…Could I know more about that? The ‘virtual microscope’ lets you scan through a set of images as if you were turning the focus knob on a microscope. The images are fairly large (about 100 KB each) so it’s important to pre-load the images. While you’re looking through one set of images, the VM is busy downloading the JPEG files for the next set.

At first we thought we’d have to do this with a Java applet or Flash program – something tricky and complicated. My contribution was to point out that it could be done fairly easily using Javascript, and I wrote a prototype of this.

Will this project use the BOINC Platform/Program?

No. We thought about using some parts of BOINC (like the database and web pages for creating “accounts”) but it was easier just to do this from scratch.

How long will the project take?

It depends how many volunteers participate, and how fast they look at the ‘focus movies’. It will probably be just a month or two.

Anyone can join but they have to take a test before they can participate. What will the test include?

Looking at some focus movies and deciding whether they contain a dust particle. Participants see a lot of training examples before they take the test. It’s easy, not like a test in school.

How many will be allowed to participate?

No limit as of now.

When will the project start?

I think in about 2 months. It will take that long to transport the aerogel to the laboratory, and photograph it with the microscope. The software is ready to go.

Will the VM project analyze any of the particles or just look for them?

Stardust@home will only locate the particles. When they are located, they will be cut out of the aerogel and physically analyzed.

Thank you for your time David. And great work on the upcoming project and SETI@home.

Sunday, December 23, 2012

Wind storms swept across a large part of Texas on Wednesday, leaving property damaged and many homes without power.

Downed lamposts and trees were reported in multiple locales. One media source reported overturned playground equipment in the city of Rockwall. Winds up to 40 miles-per-hour (mph) were reported over much of the Dallas-Fort Worth Metroplex. Approximately 9,500 people within Tarrant and Dallas counties were without electrical power as late as Thursday afternoon.

Late Wednesday evening, the National Weather Service reported winds at Dallas Love Field up to 66 mph. The city of Edgewood recorded wind speeds up to 70 mph during the storm; three homes, two barns and two business buildings sustained damage. A home in Chandler was damaged when a tree was toppled during the storm (see photo at left).

Dust from as far away as west Texas covered vehicles and other property early Thursday morning in the eastern part of the state. A car wash manager in Tyler told media his business cleaned about three hundred cars on Thursday, busier than usual even for holiday season.

Saturday, September 17, 2005

The Spanish word “tortuga” means “turtle.” But in the wake of the New Orleans disaster, the USS Tortuga is helping other animals.

For nearly two weeks now, sailors from Tortuga’s repair division have devoted much of their time during this disaster relief operation to ensure the health and comfort of displaced pets.

September 4th, just after the ship moored to a pier at Naval Support Activity (NSA) New Orleans, HT1(SW) Mark Hanley and DC1(SW) Antony Graves gathered materials from the repair shop on board to construct a kennel along the levee. The facility they made soon became a popular shelter for the homeless animals of the storm.

Tortuga’s search and rescue team brought aboard more than 170 displaced citizens during this past week, providing them with food, water, medical aid and a place to sleep.

Tortuga’s makeshift kennel, named ‘Camp Milo & Otis,’ has housed as many as 90 dogs, eight cats, one rabbit, one guinea pig, a pair of parakeets and a flightless pigeon during the past week of operation.

Currently, there are 14 dogs that remain in Tortuga’s care, as many of the other pets have been taken to animal shelters in the area for extra medical attention, or been claimed by their owners upon arrival to Tortuga. The pets that Tortuga has registered have all been in the hands of professional veterinarians assigned to provide expert medical attention to the members of Camp Milo & Otis.

Dr. Kelly Crowdis and Dr. Latina Gambles, both from Tuskegee University and Christian Veterinary Missions, have treated many of the pets for infection, dehydration, malnourishment and broken bones at the Camp during the past week.

“The animals were bathed and assessed before physical interaction with the sailors,” said Dr. Crowdis. “They’ve been given immunizations, antibiotics and medications based on their medical needs.”

Dr. Crowdis added, “What these sailors have done on their own has been such a heart-warming thing. As an animal lover, it is so comforting to know that everyone cares about the animals in addition to the human lives rescued from the storm. I’m very pleased with these guys for taking the initiative to construct this kennel.”

Graves, Hanley and other members of their division have consistently bathed, fed, walked and given special attention to every dog, every day.

“We play with them,” said Hanley. “We take them out of their kennels to give them attention every day. And we’ll continue to do that for as long as our ship’s mission keeps us here.”

September 11th, the Agricultural Center at Louisiana State University donated supplies to “Camp Milo & Otis” in support of Tortuga’s efforts to help the animal victims.

”We got medical supplies, bowls, food, cages, leashes, collars, toys, cat litter and cleaning supplies from these people yesterday,” said Graves. “It’s nice to know that so many people out there have heard about what our ship is doing, and responded by donating so much to support us the best they can.”

A photo gallery of unclaimed pets is on the USS Tortuga’s web site.

As part of disaster plans, the Department of Homeland Security has also deployed Veterinary Medical Assistance Teams to provide medical care to pets and livestock, as well as provide any needed veterinary medical care for search and rescue dogs.

There are over 3,850 animals being sheltered around the state. If someone is looking for a pet they should contact their nearest Humane Society or go online to http://www.petfinder.org// . More information is also available at http://www.vetmed.lsu.edu//.

Wednesday, January 21, 2015

Three Baptist priests in Guinea were assaulted and held hostage yesterday by local villagers after being mistaken for campaigners promoting awareness about Ebola, the BBC has reported. They were visiting Kabac, a village in the sub-prefecture of Forécariah, to spray insecticide for the treatment of wells and pit latrines. Locals reportedly thought they were bringing Ebola and attacked the priests. After the assault they were held hostage and had their vehicle set alight.

Following the attack on the priests, town council workers were forced to evacuate as their building came under assault and was set fire to. A local report, not been independently verified, alleged a council worker was killed during the incident. Police intervened to arrest a number of the local villagers involved in the attacks but were met with hostility from those trying to stop the arrested being taken away.

Such incidents have been noted by the World Health Organisation (WHO). A recent WHO report said “community resistance” is a “major barrier to control” in the countries Ebola has worst hit.

Forécariah has seen incidents like this before. In one incident, on September 23, two Red Cross volunteers buried an Ebola victim, and were then attacked. Villagers removed the corpse from the grave and hid it. This then grew into an attack on a team of epidemiologists by a mob of about 3000 armed youths. This attack had undone “weeks of persistent and effective efforts to slow the outbreak” according to the WHO, who were overseeing the team.

Although not the worst affected country, Guinea has seen 1,876 deaths from 2,871 cases of Ebola, according to WHO. This is compared to Liberia and Sierra Leone with 3,605 and 3,145 deaths each from the effects of the Ebola virus.

Sunday, March 29, 2009

With the United States in a recession, more and more people are looking for ways to spend less money and get a better bargain at the same time. In a time where prices are higher, ‘recession gardens’ are becoming increasingly popular, echoing the victory gardens which were planted during World War I and World War II which helped to reduce the stress and pressure of food shortages.

“There is more interest in vegetable gardens similar to the victory gardens. Because of the economy, they are being called recession gardens,” said a master gardener who volunteers at Ohio State University‘s Extension Service office, Fred Hanacek.

The new fad recently caught on in Iowa where families have began to plant the recession gardens to save money in the produce sections of supermarkets, especially organic fruits and vegetables. Public News Service quotes the National Gardening Association (NGA) as saying that they expect a nearly 20% increase in personal home garden across the U.S.. Some of the increase is also due to people wanting to know what goes onto their vegetables and in their foods.

“I do believe you’ll find there’s an extra expense in actually producing your own food, but the food quality you get is far better than what you can purchase in a store,” said Beverly Bernhard a veteran gardener from Iowa.

The new trend has also gotten the attention of U.S. president Barack Obama who recently stated that he plans to plant a vegetable garden at the White House. It will be the first vegetable garden to be planted at the White House in over 20 years. The last time a garden of this kind was planted at the White House was in World War II when Eleanor Roosevelt planted her Victory Garden. In 1800, former U.S. president John Adams is reported to have planted the first White House garden. Andrew Jackson went a bit further, building a greenhouse.

Michelle Obama, the First Lady of the United States, broke ground on the new garden with the fifth grade class at Bancroft Elementary located in Washington, D.C. on March 20. The garden, which will be 1,100 square feet and an ‘L’ shape, will be located on the White House’s South Lawn and the Obamas plan to grow over 55 varieties of vegetables.

“Let’s hear it for vegetables. Let’s hear it for fruits,” yelled Mrs. Obama as they broke ground on the garden. “I’ve been able to have my kids eat so many different things that they would have never touched if we had bought them at a store,” she added. Mrs. Obama also said that it will be the entire family’s responsibility to maintain the garden, including the U.S. president.

Many vegetables grow easily, without having to do a lot of work to maintain them. Some examples are lettuce and zucchini. The NGA says at least 9 million Americans will grow vegetable gardens for the first time ever in 2009. An estimated 43 million Americans will plant their own personal vegetable gardens this year.