Hackers claim to have found a new vulnerability in the cryptographic library as serious as Heartbleed, and are selling it for 2.5 bitcoins
Security experts have expressed doubts about a hacker claim that there's a new vulnerability in the patched version of OpenSSL, the widely used cryptographic library repaired in early April.
A group of five hackers writes in a posting on Pastebin that they worked for two weeks to find the bug and developed code to exploit it. They've offered the code for the price of 2.5 bitcoins, around $870.
A new flaw in OpenSSL could pose just as much of a threat as Heartbleed did. But the hackers' claim was met with immediate suspicion on Full Disclosure, a forum for discussing vulnerability reports.
One commentator, Todd Bennett, wrote the technical description of their claim is "rather extraordinary."
The open-source OpenSSL code is used by millions of web sites to create encrypted communications between client computers and servers. The flaw disclosed in early April, nicknamed "Heartbleed," can be abused to reveal login credentials or a server's private SSL key.
More than two-thirds of the websites affected by the flaw have patched OpenSSL, according to McAfee.
The hackers said they've found a buffer overflow vulnerability that is similar to Heartbleed. They claim they've spotted a missing bounds check in the handling of the variable "DOPENSSL_NO_HEARTBEATS."
"We could successfully overflow the 'DOPENSSL_NO_HEARTBEATS' and retrieve 64kb chunks of data again on the updated version," they wrote.
They have not published their exploit code, so there is no way to verify their claim. The group provided an email address for questions, but did not immediately respond to a query.
A Google search showed the same email address has been used in other offers for data on Pastebin. In March, it was used in a Pastebin posting advertising a trove of data from Mt. Gox, the defunct Tokyo-based bitcoin exchange that was hacked.
The same advertisement also offered database dumps from "carding" websites, or those selling stolen credit card data, and data from CryptoAve, another virtual currency exchange that's been attacked by hackers. Scammers often try to make money by falsely claiming they have data of interest to the hacking community.
The Heartbleed flaw has since touched off an effort to strengthen the security of widely used open-source products. The OpenSSL Project, for example, had just one full-time employee and only received about $2,000 in donations annual despite its critical role in protecting communications.
On Thursday, a group of technology companies and organizations launched the Core Infrastructure Initiative, a project intended to generate funds for full-time developers on important open-source products.
The group's participants include Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and The Linux Foundation.
Google uitvoerend voorzitter Eric Schmidt geeft regelmatig salie advies inzake technologie en aanverwante onderwerpen zoals privacy en vrijheid van meningsuiting. De woorden van wijsheid die hij tijdens een recent bezoek aan Hongkong aangeboden lijken al niet zo verrassend. Hij zei dat onze economie leunde ook zwaar op de financiën en eigendom en had om te diversifiëren om betere kansen en werkgelegenheid. Kleine bedrijven moest vinden een manier rond hoge huurprijzen om te groeien en de regering moet meer technische universiteiten open zodat onze stad haar concurrentievermogen zou kunnen vergroten.
Autoriteiten hebben jarenlang geprobeerd om te bevorderen van nieuwe industrieën om onze economie een nieuwe richting. Het ontbreken van wetenschap, informatietechnologie en engineering graden aan onze universiteiten is waarom zo weinig hi-tech bedrijven hier instelt. We zijn niet langer verbaasd te horen dat de hoge huurprijzen de sluiting van nog een andere favoriet hebben gedwongen winkel of restaurant in onze buurt. Dit zijn de realiteit van het leven in Hong Kong en velen van ons zijn gekomen zonder twijfel overnemen.
Het is daarom dat we naar Schmidt luisteren moeten. Als we de problemen van onze samenleving kunnen weten, vaak het moet een waarschuwing van een buitenstaander te schudden ons van onze zelfgenoegzaamheid. De voormalige Google chief executive officer is geen gewone buitenstaander. Behalve dat het een van's werelds rijkste mensen, ranking van 139th op de meest recente lijst van de Forbes van miljardairs met een persoonlijke rijkdom van US$ 8,3 miljard, hoofd hij ook van de tweede-grootste technologie onderneming.
Hong Kong gemakkelijk omarmt van nieuwe technologieën en heeft een goed opgeleide bevolking. De hoog ontwikkelde infrastructuur en vrije markt maakt het een ideale plek voor startende ondernemingen. Dat was waarom Schmidt, een softwareingenieur van beroep, op bezoek was. Hij kondigde een partnerschapsprogramma met de Chinese Universiteit te stimuleren het aantal ondernemers.
Niet mogelijk schmidts weergaven nieuwe, maar ze zijn opnieuw overwegen waard. Ze zijn een tijdige herinnering dat we nodig hebben om meer vastberadenheid van onze stad uitdagingen.
TOKYO – Apple Inc. plans to open a store in Tokyo’s upscale Omotesando shopping district as early as March, adding its first outlet in the city in years as Japan’s economy recovers, according to a person familiar with the plan.
Construction is scheduled to be completed by February, the person said, asking not to be identified because they aren’t authorized to speak for Apple. The store would be Apple’s first opening in Tokyo since August 2005, according to the company’s website, which is advertising jobs for a new store in the city.
Takashi Takebayashi, a spokesman in Tokyo for Apple, didn’t immediately return a telephone call seeking comment. The iPad-maker’s first store in Tokyo in almost a decade is under construction as Prime Minister Shinzo Abe unveils the third prong of his strategy to boost economic growth that has already included fiscal stimulus and monetary policy.
“For Apple, the Japanese market is appealing in terms of quantity and price,” said Satoru Kikuchi, an analyst at SMBC Nikko Securities Inc. “There is a room to expand tablet sales and a possibility the Japanese market expands if Apple’s mobile carrier partners increase.”
NTT DoCoMo, Japan’s largest wireless carrier, would consider carrying the iPhone if it can limit the handset’s share of sales to less than 30 percent of the company’s total, Chief Financial Officer Kazuto Tsubouchi said Aug. 8. The Japanese carrier’s online store, called market, offers music, videos and games and competes with Apple’s iTunes store.
Prime Minister Abe has promised to loosen business regulations and increase government support to help the country’s industry as part of the “third arrow” plan, following fiscal and monetary stimulus. Consumer prices rose in June, and the world’s third-biggest economy expanded at an annualized 2.6 percent in the three months through June 30.
The land costs about $164 million and a completed store with Apple as tenant would value the property at around $254 million, said Seth Sulkin, a representative director at Tokyo real estate and asset manager Pacifica Capital KK.
Sulkin was Apple’s real estate adviser for all seven of the company’s previous stores in Japan.
“Apple wants the best real estate they can get,” said Sulkin. “They are particular about size and shape. If they have to wait to get the real estate, they would.”
Related article here:
http://yigg.de/nachrichten/2013/01/19/abney-associates-effect