Friday, May 16, 2008

A major security hole was discovered in the pseudo-random number generator (PRNG) of the Debian version of OpenSSL. OpenSSL is one of the most used cryptographic software, that allows the creation of secure network connections with the protocols called SSL and TLS. It is included in many popular computer programs, like the Mozilla Firefox web browser and the Apache web server. Debian is one of the most used GNU/Linux distributions, on which are based other distributions, like Ubuntu and Knoppix. The problem affects all the Debian-based distributions that were used to create cryptographic keys since the September 17, 2006. The bug was discovered by Luciano Bello, an argentine Debian package maintainer, and was announced on May 13, 2008.

This vulnerability was caused by the removal of two lines of code from the original version of the OpenSSL library. These lines were used to gather some entropy data by the library, needed to seed the PRNG used to create private keys, on which the secure connections are based. Without this entropy, the only dynamic data used was the PID of the software. Under Linux the PID can be a number between 1 and 32,768, that is a too small range of values if used to seed the PRNG and will cause the generation of predictable numbers. Therefore any key generated can be predictable, with only 32,767 possible keys for a given architecture and key length, and the secrecy of the network connections created with those keys is fully compromised.

These lines were removed as “suggested” by two audit tools (Valgrind and Purify) used to find vulnerabilities in the software distributed by Debian. These tools warned the Debian maintainers that some data was used before its initialization, that normally can lead to a security bug, but this time it was not the case, as the OpenSSL developers wrote on March 13, 2003. Anyway this change was erroneously applied on September 17, 2006, when the OpenSSL Debian version 0.9.8c-1 was released to the public.

Even though the Debian maintainer responsible for this software released a patch to fix this bug on May 8, 2008, the impact may be severe. In fact OpenSSL is commonly used in software to protect the passwords, to offer privacy and security. Any private key created with this version of OpenSSL is weak and must be replaced, included the session keys that are created and used only temporary. This means that any data encrypted with these keys can be decrypted without a big deal, even if these keys are used (but not created) with a version of the library not affected, like the ones included in other operating systems.

For example any web server running under any operating system may use a weak key created on a vulnerable Debian-based system. Any encrypted connection (HTTPS) to this web server established by any browser can be decrypted. This may be a serious problem for sites that requires a secure connection, like banks or private web sites. Also, if some encrypted connection was recorded in the past, it can be decrypted in the same way.

Another serious problem is for the network security software, like OpenSSH and OpenVPN, that are used to encrypt the traffic to protect passwords and grant the access to an administrative console or a private network protected by firewalls. This may allows hackers to gain unwanted access to private computers, networks or data traveled over the network, even if a not affected version of OpenSSL was used.

The same behavior can be applied to any software or protocol that use SSL, like POP3S, SSMTP, FTPS, if used with a weak key. This is the case of Tor, software used to offer strong anonymity on the TCP/IP, where about 300 of 1,500-2,000 nodes used a weak key. With 15-20% of weak Tor nodes, there is a probability of 0.34-0.8% circa to build a circuit that has all tree nodes weak, resulting in a full loss of anonymity. Also the case of only one weak node begin used may facilitate some types of attack to the anonymity. The Tor hidden services, a sort of anonymous public servers, are affected too. However the issue was speedly addressed on May 14, 2008.

The same problem also interested anonymous remailers like Mixmaster and Mixminion, that use OpenSSL to create the remailer keys for the servers and the nym keys for the clients. Although currently there is no official announcement, at least two remailer changed their keys because were weak.

Friday, September 21, 2007

A briefcase containing magnets, batteries and a cell phone sitting in the bushes outside a Charleston, South Carolina coffee shop drew the local bomb squad’s attention, before it was determined that it contained no explosives.

Police had earlier closed down Calhoun Street in downtown, where the coffee shop is located, but reopened the street and let local residents and business owners that the situation was over after performing an investigation.

Customers inside the shop called police around 9:00 a.m. when they found the package by a bush, but some reports say the package was found near cars parked on the street.

As a precaution, the president of the College of Charleston dismissed classes for the day, before taking in a round of golf himself.

It is not known what was inside the package.

Wednesday, June 13, 2007

Wikinews will be attending The 2007 MuchMusic Video Awards this weekend, a popular annual event in Toronto, Ontario, Canada. True stars will be out to play, present, and else wise schmooze at the CHUM-City Building just above the city’s Entertainment District in the Queen Street West neighbourhood.

MuchMusic is the most popular music channel in Canada, and has been holding the event since 1990. Roughly 6000 fans line the streets surrounding Much headquarters each year, and 1200 more score “the wristband” and enjoy a free festival-style show in the parking lot, watching four outdoor performance areas spread out in the downtown location. New this year is a special roof-top stage, on the top of the building.

Last year’s show reached 3.5 million viewers in Canada and 100 million around the globe, with broadcasts in 65 countries.

Performing at the show will be Avril Lavigne, Fergie, Billy Talent, Hilary Duff, Alexisonfire, Maroon 5, Belly, The Used, and Finger Eleven.

On stage presenting will be Nickelback, Jay Manuel (Canada’s Next Top Model, America’s Next Top Model), Tara Reid (American Pie, this fall’s Land of Canaan), Joss Stone, Sum 41, Amber Tamblyn (Joan of Arcadia, Grudge 2), Hedley, Chris Bosh (Toronto Raptors), Sean Avery (New York Rangers), George, Sam Roberts, Emilie de Ravin (LOST), Marianas Trench, and Kardinal Offishall.

Photographer Robin Wong will be photographing the red carpet of the MMVAs for Wikinews and Wikipedia. He first helped the sites in April of this year, photographing Hilary Duff at MuchMusic. Wong’s extensive client list includes Fidelty Investments, Flare Magazine, Masterfile, First Light, Fashion Television, FCB Canada, Profit Magazine, Financial Post, and Publicis. His works have appeared in the 2004 and 2005 Applied Arts Awards Annual, the top publication for the creative industry.

Saturday, October 20, 2007

It has been announced that Saudi Arabia is planning to open an official embassy in Finland, to signify continuing improvement in relations between the two countries.

Teemu Tanner, director general of Africa and the Middle East at the Ministry for Foreign Affairs of Finland, said to reporters concerning Finnish President Tarja Halonen’s first visit to Saudi Arabia on Sunday, “One indication of this visit is that you (Saudi Arabia) are planning to open an embassy here in Helsinki,” adding that “We regard this as extremely important for relations,” and that it is only a matter of time before the facility is made available.

Another act set to strengthen diplomatic relations is the planned visit of a trade delegation headed by Saudi Minister of Trade and Commerce Hashim Yamani, which will arrive in Finland next month.

“Our relationship is no longer in relation to trade,” said Tanner. “More broadly, we will discuss regional and global issues. It is extremely important for us to know Saudi Arabia’s views on Iraq, Iran, but also issues such as Somalia… One objective of the visit is to convey notes on international questions, as we enter a very interesting phase in the Middle East peace process,” adding that the presidential visit is a relational “landmark” that will “crystallize” Finland’s image to Saudi Arabia.

Despite the comment that the international cooperation is no longer entirely a trade issue, he did point out Saudi Arabia’s important role in the Finnish economy as one of the five largest importers of Finnish products. Finland’s main exports to Saudi Arabia are mobile phones, paper, wood and machinery, while Saudi Arabia exports large quantities of raw materials for use in manufacturing plastics. The total volume if this trade is estimated to be worth over €840 million.

Other topics on the table for the two nations to discuss during Halonen’s visit include energy, the role of science, environmental issues and combating terrorism, as well as other global issues. Tanner has also suggested tourism may be a future area of attention, with a possibility of package holidays for Finnish tourists being organized to Saudi Arabia.

Finland and Saudi Arabia have been officially involved in diplomatic relations since 1969. Finland has maintained an embassy in Saudi Arabia since 1974.

Thursday, January 13, 2011

Jared Loughner, a 22-year-old former college student, has appeared in federal court following the shooting on Saturday at a supermarket in Tucson, Arizona. The shooting killed five people including John Roll, a federal judge, and injured 19 including Congresswoman Gabrielle Giffords.

Loughner has been charged in federal court with attempted assassination of a member of Congress, first-degree murder and attempting to kill employees of the federal government. Prosecutors for the State of Arizona are trying to determine whether they can bring charges for the other killings and attempted killings in state court.

Loughner confirmed his identity to the court and was denied bail but did not enter a plea. He stated that he understood the potential punishment for the charges include the death penalty or life imprisonment. He is being represented by Judy Clarke, who has previously defended Theodore Kaczynski (the ‘Unabomber’) and Oklahoma City bomber Timothy McVeigh.

Surgeons have had to perform emergency surgery on Giffords, including a hemicraniectomy, which involves removing a large section of her skull to reduce the pressure from the swelling in the brain caused by the gunshot wound. Dr. Michael Lemole, one neurosurgeon operating on Giffords said that she was “not out of the woods yet”. He also noted that “swelling can sometimes take three days or five days to maximize. But every day that goes by and we don’t see an increase, we’re slightly more optimistic.” Giffords has been able to respond to basic commands from doctors like holding up two fingers.

Meanwhile, debates rage following allegations that Loughner had a political basis for his attack. Pima County Sheriff Clarence Dupnik blamed some extreme rhetoric in the media. “The anger, the hatred, the bigotry that goes on in this country is getting to be outrageous. This has not become the nice United States of America that most of us grew up in and I think it’s time that we do the soul-searching.”

[[1]]Proclamation by Oregon Governor Kate Brown

Together, with business support and countless Oregonians standing behind Ocean Blue’s Beach Cleanup Project, we have successfully created an official State holiday of observance signed by Governor Kate Brown.

Largest Microplastic Awareness Movement in Oregon

This is the largest beach plastic volunteer cleanup awareness event of it’s kind. In fact, Ocean Blue a nonprofit has created so much awareness around no landfill microplastic pollution solutions, that Governor Kate Brown proclaimed the[[“ANNUAL OREGON COAST CLEANUP AWARENESS DAY” of April 23rd”]] to be an official State Holiday for all nonprofits, schools, businesses, communities, Universities, and all Oregonians to take part in the day for everyone to give back to Oregon Coast Beaches.

Every wave hitting the Oregon Beach, is leaving thousands of pounds of plastic on Oregon Beaches. The Plastic that continues to wash up on theNorth Pacific Coast. The plastic is floating in the Ocean and is traveling by waves, and this floating plastic journey is powered by the North Pacific Gyro on the Oregon shores and solutions are vital to saving out the ocean.

No Landfill Microplastic Pollution Solutions

The plastic fragments collected by a nonprofit group that is partnered with Terra Cycle for all recycled and upcycled beach plastic items collected will be placed back into re-usable products, for example, the plastic collected from the April 23rd Annual Coast Cleanup and Awareness Day was used by the P&G Corporation that makes head and shoulders shampoo bottles.

For more information about the nonprofit behind making the Annual Oregon Coast Cleanup and Awareness Day possible visit. http://www.oceanblueproject.org/proclamationbykatebrown.html

Thursday, February 9, 2017

On Monday, scientists from the Stanford University School of Medicine announced the invention of a new diagnostic tool that can sort cells by type: a tiny printable chip that can be manufactured using standard inkjet printers for possibly about one U.S. cent each. Lead researchers say this may bring early detection of cancer, tuberculosis, HIV and malaria to patients in low-income countries, where the survival rates for illnesses such as breast cancer can be half those of richer countries.

Existing methods tend to identify cell types using fluorescent or magnetic labels, which take time to attach, but this platform uses the phenomenon of dielectrophoresis: because different kinds of cells have different levels of receptivity to electrical fields, a trait called polarizability, when an electric potential gradient is activated around the chip, different cells are pulled in different directions at different speeds. This allows doctors to diagnose cancer by determining the number of tumor cells in a patient’s blood sample. Different chips can be printed to diagnose different diseases.

Physically, the scientists say, the system has two parts. Cells are held in a clear microfluidic chamber made of silicone. The chip itself is an electronic strip that can be printed onto flexible polyester. Most lab-on-a-chip devices must be manufactured by professional staff in specialized facilities called clean rooms and can take weeks, but the chip component of this system can be made almost anywhere in as little as twenty minutes. The chips cost approximately one U.S. cent to produce (US$0.01) and can be reused. For comparison, a standard flow cytometry machine can cost US$100,000 to purchase.

“Enabling early detection of diseases is one of the greatest opportunities we have for developing effective treatments,” said lead author and electrical engineer Dr. Rahim Esfandyarpour. “Maybe $1 in the U.S. doesn’t count that much, but somewhere in the developing world, it’s a lot of money.”

Senior author Dr. Ron Davis of the Stanford University Genome Technology Center compared this invention to that of low-cost genome sequencing, which helped lead to personalized medicine.

The findings appeared in the Proceedings of the National Academy of Sciences on Monday.