/ By Fahmida Y. Rashid / 0 Comments

There are two types of open source projects: those with corporate sponsorship and those that fall under the “labor of love” category. Actually, there’s a third variety: projects that get some support but have to keep looking ahead for the next sponsor.

Some open source projects are so widely used that if anything goes wrong, everyone feels the ripple effects. OpenSSL is one such project; when the Heartbleed flaw was discovered in the open source cryptography library, organizations scrambled to identify and fix all their vulnerable networking devices and software. Network Time Protocol (NTP) arguably plays as critical a role in modern computing, if not more; the open source protocol is used to synchronize clocks on servers and devices to make sure they all have the same time. Yet, the fact remains that NTP is woefully underfunded and undersupported.

To read this article in full or to leave a comment, please click here

/ By Fahmida Y. Rashid / 0 Comments

The Network Time Foundation's Network Time Protocol Project has patched multiple denial-of-service vulnerabilities with the release of ntp-4.2.8p9. The last update to the open source protocol used to synchronize computer clocks was in June.  

"NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in DDoS (distributed denial-of-service) attacks," the project maintainers wrote in the security advisory.

NTP is a widely used protocol, and has been hijacked several times over the past two years in distributed denial-of-service attacks. Attackers harness the power of the servers running NTP and amplify the amount of traffic -- as much as 1,000 times the size of the initial query -- sent to victim systems. Research from network security company Arbor Networks estimated that 85 percent of volumetric DDoS attacks exceeding 100Gbps in size were NTP reflection attacks.

To read this article in full or to leave a comment, please click here

/ By Roger A. Grimes / 0 Comments

The long-awaited SHA-1 deprecation deadline of Jan. 1, 2017, is almost here. At that point, we’ll all be expected to use SHA-2 instead. So the question is: What is your browser going to do when it encounters a SHA-1 signed digital certificate?

We’ll delve into the answers in a minute. But first, let’s review what the move from SHA-1 to SHA-2 is all about.

Getting from SHA-1 to SHA-2

SHA-1 is a cryptographic hash officially recommended by NIST. It’s used to verify digital content, as well as digital certificates and certificate revocation lists (CRLs). Whenever a PKI certification authority (CA) issues a certificate or CRL, it signs it with a hash to assist “consuming” applications and devices with trust verification. 

To read this article in full or to leave a comment, please click here

/ By Fahmida Y. Rashid / 0 Comments

Despite months of reminders and warnings, more than one-third of websites will become inaccessible come 2017. There is barely a month left before major browsers start blocking websites using certificates signed with the SHA-1 hash, but 60 million-plus websites still rely on the insecure encryption algorithm, according to the latest estimates from security company Venafi.

Starting Jan. 1, Mozilla's Firefox browser will show an "Untrusted Connection" error for sites using a SHA-1 certificate, and Google's Chrome browser will drop all support for SHA-1 and completely block sites using SHA-1 certificates. Microsoft has said its Edge and Internet Explorer browsers will start blocking the sites outright on Feb. 1, 2017.

To read this article in full or to leave a comment, please click here

/ By John Ribeiro / 0 Comments

U.S. lawmakers have introduced legislation to delay the coming into force on Dec. 1 of a rule change that aims to expand the government’s ability to search computers and other digital devices across many jurisdictions with a single warrant.

The new Review the Rule Act aims to delay for discussion proposed amendments to rule 41 of the Federal Rules of Criminal Procedure until July 1 next year. The changes to the rule have already been approved by the Supreme Court in April, and if Congress doesn’t act to the contrary, they will go into effect on Dec. 1.

To read this article in full or to leave a comment, please click here

/ By Michael Kan / 0 Comments

Apple may have refused to help the FBI unlock an iPhone used by the San Bernardino shooter, but the tech industry is still better off working with the U.S. government on encryption issues than turning away, according to a former official with the Obama administration.

“The government can get very creative,” said Daniel Rosenthal, who served as the counterterrorism director in the White House until January this year. He fears that the U.S. government will choose to “go it alone” and take extreme approaches to circumventing encryption, especially if another terrorist attack occurs.

To read this article in full or to leave a comment, please click here

/ By Compsys / Phone repair / / 0 Comments

Most repair companies will tell you that the gaming consoles are too complicated to be repaired. But, we say that it is possible because it needs more technicalities that our team has. If you are looking to get your game consoles repaired, come to us and we will make sure that they work as good as the new ones.

Read more “Unlocking PIN protected devices”

/ By Compsys / Mac & PC repair / / 0 Comments

Whether you have a broken glass, broken LCD, charging problems or your tablet won’t turn on, bring it to us. We are professional and qualified to carry out such repairs to get it fixed up at the earliest. By using the highest quality replacement parts, we make sure that your device will work like new. We replace only those parts that are required to be replaced and will not burden you with the cost of repair that your tablet do not need. We work on all leading tablets of different brands.

Read more “Damaged ports and slots in laptops”