Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Vulnerabilities vs infections (Score 1) 204

I haven't read the article, my bad, my I guess it's not talking about vulnerabilities but about various malware which indeed in most cases requires admin rights to be properly installed.

However a great number of modern viruses live under various hidden directories in the user's profile, e.g. C:\Users\User\AppData\Roaming, so Admin Rights or not but you will be successfully infected.

The real problem with Windows is that most users blindly trust whatever .exe/.pdf/.docx/.xlsx files they receive from absolute strangers and they don't associate them with threats. Microsoft is trying hard to solve this problem by migrating to an app model which is used by Android and iOS but it just cannot work with Windows for far too many reasons, the primary two are of course compatibility and UWP limitations. It can be solved by a new OS which won't be called Windows but Microsoft just doesn't have the guts for that.

Submission + - First victim of SHA-1 collisions: Subversion. Technique was reverse engineered

Artem Tashkinov writes: A WebKit developer who tried to upload "bad" PDF files generated from the first successful SHA-1 attack broke WebKit's SVN repository because Subversion uses SHA-1 hash to differentiate commits. The reason to upload the files was to create a test for checking cache poisoning in WebKit.

Another news story is that based on the theoretical incomplete description of the SHA-1 collision attack published by Google just two days ago, people have managed to recreate the attack in practice and now you can download a python script which can create a new PDF file with the same SHA-1 hashsum using your input PDF. The attack is also implemented as a website which can prepare two PDF files with different JPEG images which will result in the same hash sum.

Submission + - Intel unofficially cuts prices for its x86 CPUs across the board 1

Artem Tashkinov writes: In an expected turn of events, now that AMD Ryzen is less than a week away from going public, Intel has unofficially cut prices for a long range of its CPUs. The biggest price cuts involve the following CPUs:
  • Intel Core i7-6850K, Broadwell, 3.6GHz, 6 cores (with HT), LGA 2011-3, was $700, now $550 (21% off)
  • Intel Core i7-6800K, Broadwell, 3.4GHz, 6 cores (with HT), LGA 2011-3, was $500, now $360 (28% off)
  • Intel Core i7-5820K, Haswell, 3.3GHz, 6 cores (with HT), LGA 2011-3, was $420, now $320 (24% off)
  • Intel Core i7-6700K, SkyLake, 4.0GHz, 4 cores (with HT), LGA 1151, was $400, now $260 (35% off)
  • Intel Core i7-6600K, SkyLake, 3.5GHz, 4 cores (with HT), LGA 1151, was $270, now $180 (33% off)

It's so good to finally have a competition in the x86 CPU market back after more than ten years since Intel released its Core 2 CPUs.

Comment And? (Score 5, Insightful) 185

What's in there for us, mere mortals? The guy got lucky and earned 6800% on his investment, great. Now where are the stories of people losing money by investing in a bad stock?

Also, where would most people get $400K to invest in stock options when they have no spare money at all or even owe lots of money until they hit their late 50s?

Or is it a story about a super successful company which is known to have a cult status, which allows it to sell the same product year after year with minimal changes, yet earn billions? I don't understand.

Comment Intelligence doesn't require that many neurons? (Score 5, Insightful) 74

This whole story makes me think: bumblebees have very primitive, simple brains, with comparatively few neurons (I've heard reports which mention one million) yet they master the task which seems impossible for any "AI" invented to this day. I've got a feeling a modern CPU with 4 billion transistors running at 4GHz (at least 4 million times faster than brains in nature which work at up to 1000Hz a second) and having 128GB of RAM can easily replicate all the processes running in the bumblebee's brain yet no one is doing that to the best of my knowledge.

What's more I've heard that even extremely primitive earthworms show signs of intelligence yet we cannot recreate their AI. That makes me feel true or general AI is still nowhere close and all this talk about "AI", is really a talk about smart algorithms which cannot reason or create (new solutions, new behavioral patterns, new ideas, new concepts) which is the staple of any true intelligent entity.

Comment Here's the answer (Score 2) 154

We've almost reached the limits of physics and there's basically no viable competition because modern technologies require capex in an order of billions of dollars. What's there to marvel at or be happy about when, for instance, we've had a stagnation in the x86 CPU market since the introduction of Sandy Bridge (don't remind me of Ryzen: AMD has just reached IPC parity with two years old Intel CPUs)? Also GPUs don't grow as fast as they used to in the past, and even then in the past GPUs required passive cooling while certain modern GPUs have three slots cooling solutions with over 200 watts of power dissipation and have billions of transistors (NVIDIA Pascal Titan X has 12 billion transistors working at roughly 1500MHz).

However in my opinion it's astonishing what we've reached so far: certain modern computer games are just breathtakingly beautiful while not being too far off from being photo realistic: Deus Ex: Mankind Divided, Battlefield 1, The Division, Quantum Break and others. Recently, I just gave up on playing in The Division for two hours and just roamed NYC and enjoyed the scenery.

Just look at this and compare to this.

Comment Re:PDF is a major malware vector (Score 1) 141

True! As for me I usually run downloaded PDFs though virustotal.com and then all scripting features in my Acrobat Reader are completely disabled.

Speaking of ISO's: most Ubuntu mirrors (and their official servers as well) distribute Ubuntu ISO's via ... HTTP and FTP. That's so "lovely" considering that any ISP can easily replace your HTTP traffic. Yes, they have PGP signatures but 99% of people out there have no idea how to verify them. And those PGP signatures are distributed from the same ... insecure channels.

Comment Re:Are two hashes better than one? (Score 1) 141

Perhaps I was completely wrong - skip to the Mysid's comment. My sincere apologies then. But this explanation just doesn't work/compute in my head - even today finding MD5 collisions is extremely computationally expensive, yet the person says SHA1 + MD5 is only slightly more computationally expensive.

Let's put it in layman's terms: let's say your cluster made of a thousand GPUs finds MD5 collisions for given data every second. Now finding an SHA1 collision in Google's case required 9,223,372,036,854,775,808 computations based either on purely random data or data which needed to be fed to the SHA1 algorithm in succession both of which you cannot get using your already found MD5 collisions, because they are not random. I cannot see how your non random MD5 data could be used as a basis for cracking SHA-1 simultaneously. Again, maybe I'm totally wrong about that.

I'd also love to hear someone with a good cryptography background rather than believe a random person on the net or my amateurish logic.

Comment Re: NB: most medical scientists (Score 1) 320

Complex doesn't mean perfect or without flaws. Also, you cannot imagine how many germs coexist with us and we depend our life on them.

Also I'm not a biologist however as far as I understand it's not viruses that kill us, it's our own failing biology due to our DNA: death is programmed deep in our DNA, or otherwise there wouldn't be evolution. I might be totally wrong of course - I'd like to hear what actual biologists would say.

Comment Re:Practical? (Score 2) 141

If Google can do that, NSA can surely do that - maybe not right now but quite soon.

Also don't underestimate various botnets - right now they are mostly used for spamming/DDOS'ing/crypto currency mining (which in itself is ... hashing) but they can be used for finding collisions in SHA-1 as well.

Also don't forget that "practical" in this case means that an attack can be carried out using currently existing availble computational resources, vs. something purely theoretical which requires billions of CPUs/GPUs or quantum computers.

Comment NB: most medical scientists (Score 4, Insightful) 320

The human body is the most complex organism in the known universe so there's nothing to be sneezed at or be surprised by. For instance recent studies have shown that for a lot of people placebo works even when people have a perfect knowledge that they are given placebo.

As another confirmation, the brain has the ability to directly change/affect the chemical processes in the body as demonstrated by Wim Hof who can manage his body's temperature at will.

Submission + - Google has demonstrated a successful practical attack against SHA-1 (googleblog.com)

Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

Slashdot Top Deals

Recent investments will yield a slight profit.

Working...