Articles about Paper Pdf

PureVPN calls pure BS on VPN insecurity study

Hong Kong virtual private network provider PureVPN has rejected claims in a study published this week that its service among many other popular providers are open to DNS hijacking and has pushed fixes to shore up security. Research revealed earlier this week ruffled privacy feathers after a five security bods identified that 14 …
Darren Pauli, 03 Jul 2015

City of birth? Why password questions are a terrible idea

Using secret questions to give people access to their passwords is a terrible idea, according to a new paper from Google. A white paper [PDF] called "Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google" dug into the data of millions of users interactions with a range of password- …
Kieren McCarthy, 21 May 2015
WAtering_trough

Facebook SSD failure study pinpoints mid-life burnout rate trough

Facebook engineers and Carnegie Mellon researchers have looked into SSD failure patterns and found surprising temperature and data contiguity results in the first large-scale SSD failure study. In a paper (PDF) entitled A Large-Scale Study of Flash Memory Failures in the Field they looked at SSDs used by Facebook over a four …
Chris Mellor, 22 Jun 2015

Stop climate change by drinking Coca-Cola says Oz government

If you want to understand the quality of advice the Australian government wants in the climate change debate, you need only need one passage from page 56 of a new report into the energy sector. Discussing carbon capture and storage, which currently has “failed technology” status nearly the whole world around, the government's …
Snail photo Jurgen Schoner CC wikimedia

Web tracking puts lead in your saddlebags, finds Mozilla study

You already know that too many tracking cookies will slow Web page loading down to a crawl. Now, a study by Mozilla and Columbia University quantifies the problem. According to Columbia's Georgios Kontaxis and Mozilla's Monica Chew, spiking the excessive load of extraneous connections on the Alexa top 200 news sites can improve …

US hospitals to treat medical device malware with AC power probes

Two large US hospitals will in the next few months begin using a system that can detect malware infections on medical equipment by monitoring AC power consumption. The unnamed hospitals will be the first in a list to test the add-on monitoring platform dubbed WattsUpDoc to check for potentially life-threatening malware running …
Darren Pauli, 27 Apr 2015

Hey kids, who wants to pwn a million BIOSes?

The overlooked task of patching PC BIOS and UEFI firmware vulnerabilities leaves corporations wide open to attack, a new paper by security researchers warns. Xeno Kovah and Corey Kallenberg argue that the poor state of low-level software security is among the easiest ways for hackers to deeply infiltrate organizations. A …
John Leyden, 12 Jun 2015
iPhone Battery

IBM Research wants laptop batteries to retire and slum it

IBM's Indian research lab has come up with a nice idea: using old laptop batteries too feeble to power a ThinkPad as off-grid power sources. In a paper [PDF] titled “UrJar: A Lighting Solution using Discarded Laptop Batteries”, IBM and Radio Studio India boffins explain that “Forty percent of the world’s population, including a …
Simon Sharwood, 08 Dec 2014
Pinocchio CC 2.0 Flickr https://www.flickr.com/photos/jepoirrier/

Microsoft proves Pinocchio's a real boy with proofs tool

Microsoft cloud wonks have developed a tool for developers capable of practical generation of proofs that an outsourced job has been crunched securely. The team of eight including Craig Costello; Cedric Fournet; Jon Howell; Markulf Kohlweiss ; Michael Naehrig, and Bryan Parno together with University of Virginia boffins Benjamin …
Darren Pauli, 20 Apr 2015
TOR Logo

New relay selection fix for Tor to spoil spooks' fun (eventually)

Research by American and Israeli academics has lead to the development of Astoria, a new Tor client specifically designed to spoil spooks' traffic analysis of the surveillance-dodging network. Astoria all-but decimates the number of vulnerable connections on the Tor network, bringing the figure from 58 per cent of total users to …

Australia mulls dumping the .com from .com.au – so you can bake URLs like chocolate.gate.au

Australia may ditch the .com in .com.au and offer citizens straight .au domain names following increased competition from the explosion of dot-word addresses. A discussion paper [PDF] published by the .AU Domain Administration (AuDA) puts forward the case for making the aforementioned change. It notes that while it has …
Kieren McCarthy, 21 Apr 2015

Tachyon Nexus theorises on ultra fast storage

Any in-memory-focussed clustered system has to deal with failure at some point, and learn how to recover from, or tolerate, it. Replication is a common method but it slows down processing, especially in sequences of jobs in a pipeline. However, upstart Tachyon Nexus thinks it has found a way round that problem, and can go a …
Chris Mellor, 24 Mar 2015
The US White House. Pic: Roman Boed

CozyDuke hackers targeting prominent US targets

A newly discovered group of cyber-spies are closely targeting high profile US targets, possibly including both the White House and the State Department. The so-called CozyDuke hackers make extensive use of spear-phishing, sometimes using emails containing a link to a hacked (otherwise legitimate) websites such as "diplomacy.pl …
John Leyden, 22 Apr 2015
Sad cloud

Chinese researchers develop fuzzy search algorithm for encrypted cloud data

Chinese researchers from Nanjing University have developed an encrypted search mechanism which they say is both more productive and secure than existing systems. Existing systems can search encrypted data only for exact keyword matches and nothing similar. Authors of such systems can employ fuzziness to detect phrases (such as “ …
Darren Pauli, 06 Oct 2014
botnet

Chinese cyber-spies hid botnet controls in MS TechNet comments

Cyber-spies are increasingly attempting to hide their command and control operations in plain sight by burying their command infrastructure in the forums of internet heavyweights, including Microsoft. FireEye and Microsoft have successfully shut down the Chinese threat actor APT17’s use of the MSFT TechNet blog to hide their …
John Leyden, 14 May 2015
Red-haired child in glasses looks thoughtful. Image via Shutterstock -  Copyright: Sofi photo

Export control laws force student to censor infosec research

An ethical hacking student at the University of Northumbria has claimed that the university's ethics board and the Wassenaar Arrangement have forced him to delete some references to exploits from his final year dissertation. Grant Willcox, a BSc student studying Ethical Hacking for Computer Security, claimed in a blog post that …
Orchestration

Quiet, please – HP waves baton for 'composable' IT

HP Discover HP has a grand plan for when it morphs into Hewlett Packard Enterprise later this year, and the key to it is a concept it's calling "composable infrastructure." In his keynote at the HP Discover conference in Las Vegas on Wednesday, HP CTO Martin Fink said that to understand composability, you should think about a composer …
Neil McAllister, 04 Jun 2015
Sad cloud

Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals

Apple, Microsoft, HP and other cloud giants are begging Europe for help to stop US feds seizing customers’ data from servers on the Continent. A policy paper [PDF] published on Friday by DigitalEurope – which represents the above goliaths – urged the European Commission to wade into an ongoing legal fight between Uncle Sam and …
Jennifer Baker, 14 Nov 2014

Global Commission on Internet Governance wobbles into IANA debate

The Global Commission on Internet Governance (GCIG) has waded into the debate over the critical IANA contract with a formal statement and position paper. Rather than making a splash, however, the result is somewhat of a soggy mess. The elite group has spent two days in closed meetings in Canada and on Wednesday morning held a …
Kieren McCarthy, 27 Nov 2014

Big changes proposed to DNS overseer ICANN

Domain name overseer ICANN is likely to go through a radical reorganization if it wants to be given more control of critical internet functions, currently run under contract from the US government. Two recent papers - one from independent legal experts hired by a group looking into the contract's transitioning, and a second from …
Kieren McCarthy, 03 Apr 2015
HP's Multi Jet Fusion 3D printer

Multi Jet Fusion: THAT's HP's promised 3D printer, not crazy 'leccy invention

A year and eight days ago, The Reg was in the room when HP CEO Meg Whitman promised the company would deliver a 3D printer that service providers could wield by the middle of 2014. On Wednesday the company made a lie of that claim by revealing the Multi Jet Fusion printer it says won't go on sale until 2016. “Multi Jet Fusion” …
Simon Sharwood, 31 Oct 2014
Angry old man

A Cambridge boffin told me YOU'RE A BIG, FAT LIAR

Cambridge University boffins have begun exploring an alternative to the traditional polygraph approach to detecting liars and cheats. Instead of calculating variations in a person's respiration, pulse and sweat production, the fib-detecting tech looks at the subject's body movements. As a first stage in investigating the …
John Leyden, 06 Jan 2015
Moose

There's a Moose loose aboot this hoose: Linux worm hijacks Twitter feeds for spam slinging

ESET researchers Olivier Bilodeau and Thomas Dupuy have found malware capable of compromising routers and embedded devices, seizing control of social networking accounts, and booting out competitors. The duo report the Moose malware exploits weak login credentials in the networking gear, and does not require vulnerabilities to …
Darren Pauli, 26 May 2015

GRAV WAVE DRAMA: 'Big Bang echo' may have been grit on the scanner – boffins

Data from the European Space Agency's Planck satellite has cast doubt over the claimed discovery of a gravitational wave tsunami sweeping the universe from the Big Bang. In March, a team of astrophysicists running the Background Imaging of Cosmic Extragalactic Polarization 2 (BICEP2) observatory shocked the scientific …
Iain Thomson, 22 Sep 2014
Evil Android

Memory troubling you, Android? Surprise! Another data slurp vuln uncovered

Yet another Android vulnerability has been revealed by researchers presenting at the Usenix conference: the way apps use memory can be exploited to leak private information with a success rate “between 82 and 92 per cent of the time”. Announced by the University of California, Riverside here, the researchers' paper [PDF] gives a …

We're off to DC! Silicon Valley startups start up law lobbying machine

Analysis Fresh from pressuring politicians in Indiana, Arkansas and Arizona to backtrack on social policy, Silicon Valley is heading to Washington DC to push the startup mindset into public policy discussions. A group of VCs, including Napster founder Sean Parker and big name investor Ron Conway, have set up the Economic Innovation Group …
Kieren McCarthy, 02 Apr 2015
Stephen Hawking, weightless and happy

Prof Stephen Hawking: 'There are NO black holes' – they're GREY!

Brit uber-boffin Prof Stephen Hawking has quietly published a new paper proposing a radical rethink of the nature of black holes, which have been a major part of his life's work. Hawking's paper [PDF], Information Preservation and Weather Forecasting for Black Holes has been submitted for peer review and attempts to apply both …
Iain Thomson, 25 Jan 2014
Ruhr University's malware architecture

How to marry malware to software downloads in an undetectable way (Hint: Please use HTTPS)

Be thankful it's only a proof-of-concept of a hack: German researchers have shown that internet software distribution mechanisms can be turned into virus vectors, without modifying the original code. The Ruhr University boffins – Felix Gröbert, Ahmad-Reza Sadeghi and Marcel Winandy – have developed an on-the-fly mechanism for …

Lads from Lagos using 'Predator Pain' on hapless 419 victims

Advanced-fee fraudsters are adopting the tactics of state-sponsored hackers in attacks targeting small- to medium-sized businesses, rather than large corporates, according to research from Trend Micro. 419 gangs are using the Predator Pain and Limitless keyloggers to steal network credentials through spear-phishing attacks, …
John Leyden, 13 Nov 2014

'POWER from AIR' backscatter tech now juices up Internet of Stuff Wi-Fi gizmos

Researchers who last year demonstrated they could harvest stray RF signals to power RFID tags have scaled-up their technology to power Wi-Fi devices. The University of Washington team is pitching their ultra low-power “backscatter harvesting” technology with the inevitable Internet of Things (IoT) tag, since if it could be …
Google bouncer

Droid malware cloak outwits Google Bouncer and friends

Google's Bouncer Android defence tool is one of a dozen malware detection platforms that can be flawlessly skirted by malware employing smarter heuristics, researchers have found. Malware kitted out with virtual machine detection functions and clever heuristics could bypass seemingly any detection platform on the market. …
Darren Pauli, 13 May 2014
Windows XP boot screen

Victorian Police say Redmond's wrong! XP doesn't 'heighten risk'

Victoria Police has defended its continued use of Windows XP until the dying days of 2014, claiming it does not elevate risk. The use of the almost 13 year-old now defunct operating system was revealed in a blue paper which found many officers could not open files in new applications and resorted to printing documents to take …
Darren Pauli, 19 Jun 2014

DAYS from end of life as we know it: Boffins tell of solar storm near-miss

Two years ago this week the Sun let off one of its periodic solar flares, and a new analysis of its force shows that human civilization had a very near miss indeed. "If it had hit, we would still be picking up the pieces," said Daniel Baker of the University of Colorado this week. On 23 July 2012, two coronal mass ejections ( …
Iain Thomson, 26 Jul 2014

Self-forming liquid metal just like a TERMINATOR emerges from China lab

Scientists in China say they have developed a way to manipulate liquid metal substances into self-assembling shapes and forms. The researchers, working out of Tsinghua University and the Chinese Academy of Sciences, reckon that by applying an electric charge to liquid metal alloys, they could control the behavior of substances …
Shaun Nichols, 21 Feb 2014
Barney Rubble driving with Fred Flinstone

Forget 5G, UK.gov is making 2G fit for the 21st century!

Analysis The government flagged up the biggest shake-up in mobile regulation for 25 years yesterday. Tories who ridiculed Ed Miliband’s intervention in the energy market might need to remove the large wooden beam from their field of vision first. Four major policy options are suggested in the Ministry of Fun’s rural mobile consultation …
Andrew Orlowski, 06 Nov 2014
Docker Red Hat

Cisco climbs aboard containerisation cloudwagon, with security reservations

Cisco has climbed aboard the containerisation cloudwagon, hinting that it will make Docker and Linux containers a part of its emerging “Intercloud”. The Borg has slipped out a blog post in which it offers an unremarkable containers vs. virtual machines primer. But at the end is an interesting nugget, to wit: “Cisco Cloud …
Simon Sharwood, 02 Sep 2014
The Hubble Extreme Deep Field (XDF): an image of a small area of space in the constellation Fornax, created using Hubble Space Telescope datafrom combined Space Telescope exposures taken over a decade

MIT scientists craft a storage system fit for THE ENTIRE UNIVERSE

Distributed file systems may be cheap to run, but their performance can be atrocious when the network becomes saturated, and some boffins are hoping to change this so to better simulate our universe. MIT researchers have tried to solve the network saturation problems bought about by SSD-loaded distributed storage systems with a …
Jack Clark, 31 Jan 2014
Volcano erupting

We all owe our EXISTENCE to lovely VOLCANOES, say boffins

Pic Research by the British Antarctic Survey has found that volcanos played a crucial role in preserving life when our world went through one of its periodic ice ages. From time to time in Earth's history, the planet cools and an ice cover extends from the poles to cover large sections of the planet's surface. It's even hypothesized …
Iain Thomson, 12 Mar 2014
Pretty woman looks miffed. Copyright: Danil Nevsky via Shutterstock http://www.shutterstock.com/pic.mhtml?id=149618984&src=id

Cheer up UK mobile grumblers. It's about to get even pricier

You may not think being a mobile phone customer in Britain is much fun, what with rural Not Spots, the world's most irritating advertising campaigns*, and LTE arriving later (and rolling out slower) than anywhere else. Readers are quick to complain. But you actually get a better deal than you think. So enjoy it while you can, …
Andrew Orlowski, 21 Jan 2015
Pfeiffer Consulting 'Smartphone OS User Experience Shootout' – Cognitive Load Comparison: iOS 7 vs. Android (Samsung)

Boffins run iOS apps on Android hardware

Boffins from Columbia University have shown off a tool called “Cider” that runs iOS apps inside Android. Detailed in this paper (PDF), Cider is complex enough that your correspondent probably can't do much better than to quote the authors' explanation of how it works. So let's get into that: "Cider enhances the domestic …
Simon Sharwood, 16 May 2014
USB Stress Panic Button

Police at the door? Hit the PANIC button to erase your RAM

The next time the police kick down a hackers' door, suspects can reach for the Panic button to make it nigh-on impossible for plod to recover any data, even if they freeze their target PCs. The Panic button is a new Python app called "Centry Panic" and was developed to mitigate cold boot and direct memory access attacks on …
Darren Pauli, 28 May 2014
permacoin

How Bitcoin could become a super-sized Wayback Machine

Researchers have proposed a system which could see Bitcoin users earning their trendy tender by replicating vital data sources rather than crunching pointless algorithms. The new system, dubbed Permacoin by a team of University of Maryland and Microsoft researchers, would substitute the current requirement to obtain Bitcoins …
Darren Pauli, 03 Jun 2014
Brute force

Holey? COWL! Boffins build boxes to hold sketchy JavaScript libs

Researchers have developed what they say is a new web privacy system for Google Chrome and Mozilla Firefox: we're told it blocks dodgy JavaScript code from funneling sensitive information to crooks. The Confinement with Origin Web Labels (COWL) system tries to protect websites that rely on JavaScript libraries written by third …
Iain Thomson, 07 Oct 2014

Net neutrality, Verizon, open internet ... How can we solve this mess?

Analysis So President Obama chimed in this week over the issue of "net neutrality" – arguing that in order to protect netizens and keep the internet "free and open", cable companies should be reclassified as "Title II common carriers". "Whether you use computer, phone or tablet, your internet provider should have a legal obligation not …
Kieren McCarthy, 12 Nov 2014
Parliament House Canberra by Flickr user OzMark17 used under CC Share and Share alike licence

Information Technology Supplier Advocate job abolished

Australia has abolished its Information Technology Supplier Advocate, a Canberra-based role designed to help small biz jump through the hoops of government contracting. The incumbent, Don Easter, finishes work next Monday. The position of Information Technology Supplier Advocate was created in 2010 when, as Labor Senator Kate …
Simon Sharwood, 23 Jun 2014

Be the next tech hotshot – by staying the hell away from regulators

Column Little else is requisite to carry a state to the highest degree of opulence from the lowest barbarism, but peace, easy taxes, and a tolerable administration of justice: all the rest being brought about by the natural course of things – that's Adam Smith, by the way. I'm often left rather scratching my head as I read the latest …
Tim Worstall, 15 May 2014

Extended Random: The PHANTOM NSA-RSA backdoor that never was

Over the last day or so the security press has been touting stories of a second NSA-induced backdoor in RSA's encryption software BSafe. But it appears to be more sound and fury than substance. The brouhaha was kicked off by a Reuters report into an as-yet-unpublished academic study examining the cryptographically crap Dual …
Iain Thomson, 02 Apr 2014
UWashTease

Google-funded boffins figure out age-busting facial prediction system

Google's former chief Eric Schmidt once remarked that to have true privacy after spending some time on the internet you would need to change your name. Now, thanks to some research funded by Google and Intel, you would have to change your face as well. Three University of Washington researchers – one of whom, Steven Seitz, also …
Jack Clark, 10 Apr 2014

SCIENCE and RELIGION AGREE! LIFE and Man ARE from CLAY

Topflight boffins say they have discovered that life - or anyway the necessary complex precursor chemicals without which life cannot appear - probably originated in ancient "clay hydrogels". "We propose that in early geological history clay hydrogel provided a confinement function for biomolecules and biochemical reactions," …
Lewis Page, 06 Nov 2013

Boffins: Earth will be habitable for only 1.75 BEEELLION more years

Unless we meddlesome humans – or our follow-on Earth inhabitants – muck up our planet with a nuclear holocaust, runaway greenhouse emissions, or some other ecological disaster, our 4.54-billion-year-old home should be habitable for at least the next 1.75 billion years. Well, there's always the possibility of chance encounter …
Rik Myslewski, 20 Sep 2013