German IT Industry Looks for Boom from Snowden Revelations – SPIEGEL ONLINE
This is a great idea — Neelie Kroes suggesting that there be a certification mark for EU companies who have top-of-the-line data protection practices.
(tags: data-protection privacy certification marks eu neelie-kroes)
GCHQ slide claiming that they DDoS’d anonymous’ IRC servers
Mikko Hypponen: “This makes British Government the only Western government known to have launched DDoS attacks.”
(tags: ddos history security gchq dos anonymous irc hacking)
RTE internal memo to unhappy staff re Pantigate
‘I want to reassure you that RTÉ explored every option available to it, including right of reply. Legal advice was sought and all avenues were explored, including an offer to make a donation to a neutral charity.’ And they folded. Notable lack of testicular fortitude by our national broadcaster.
(tags: fail rte leaks memos pantigate panti-bliss homophobia libel defamation ireland)
A looming breakthrough in indistinguishability obfuscation
‘The team’s obfuscator works by transforming a computer program into what Sahai calls a “multilinear jigsaw puzzle.” Each piece of the program gets obfuscated by mixing in random elements that are carefully chosen so that if you run the garbled program in the intended way, the randomness cancels out and the pieces fit together to compute the correct output. But if you try to do anything else with the program, the randomness makes each individual puzzle piece look meaningless. This obfuscation scheme is unbreakable, the team showed, provided that a certain newfangled problem about lattices is as hard to solve as the team thinks it is. Time will tell if this assumption is warranted, but the scheme has already resisted several attempts to crack it, and Sahai, Barak and Garg, together with Yael Tauman Kalai of Microsoft Research New England and Omer Paneth of Boston University, have proved that the most natural types of attacks on the system are guaranteed to fail. And the hard lattice problem, though new, is closely related to a family of hard problems that have stood up to testing and are used in practical encryption schemes.’ (via Tony Finch)
(tags: obfuscation cryptography via:fanf security hard-lattice-problem crypto science)
Little’s Law, Scalability and Fault Tolerance: The OS is your bottleneck. What you can do?
good blog post on Little’s Law, plugging quasar, pulsar, and comsat, 3 new open-source libs offering Erlang-like lightweight threads on the JVM
(tags: jvm java quasar pulsar comsat littles-law scalability async erlang)
Target Hackers Broke in Via HVAC Company
Avivah Litan, a fraud analyst with Gartner Inc., said that although the current PCI standard does not require organizations to maintain separate networks for payment and non-payment operations (page 7), it does require merchants to incorporate two-factor authentication for remote network access originating from outside the network by personnel and all third parties.
Target shared the same network for outside contractor access and the critical POS devices. fail. (via Joe Feise)(tags: via:joe-feise hvac contractors fraud malware 2fa security networking payment pci)