https
Latest
'Monster Cat' 30,472-core supercomputer can be yours for $1,279 an hour
Nicknamed after the magical "Nekomata" cat of Japanese nightmares, Cycle Computing's monstrous new supercomputer can now be yours to rent for the low price of $1,279 an hour. By fusing together the face-melting power of 3,809 eight-core Amazon AWS Elastic Computer 2s, the company was able to create the world's 30th fastest computer with 30,472 processor cores and 27TB of memory -- primarily used for complex modeling rather than Facebooking. Components of the beast hide out in three of Amazon's EC2 data center lairs located in California, Virginia and Ireland, and communicate using HTTPS and SSH encrypted with AES-256 to keep its secrets safe and secure. Compared to the company's previous 10,000-core offering ($1,060 / hour), the new version is far more powerful and minimally more expensive, mostly because it uses spot instances (where customers bid on unused EC2 capacity) rather than pricier reserved instances. Good on you Cycle Computing, not everyone has access to a Jeopardy champ.
Twitter adds 'Always use HTTPS' option, makes cyberterrorists FOF
One small checkbox for your mouse pointer, one giant leap for your Twitter account's security. The microblogging site that every techie knows, loves, and occasionally loathes, has added a new option to allow users to go HTTPS full-time. For the unenlightened among you, that means all your communications with Twitter can now be done over an SSL-encrypted channel, which massively boosts their resilience to external attacks. That won't protect you if you're careless with your password or leave your account logged in on computers other than your own, but at least you can sleep a little more restfully knowing that nobody other than yourself will be embarrassing you on the Twittersphere.
How to guard yourself and your Mac from Firesheep and Wi-Fi snooping
The prevalence of free/cheap and open Wi-Fi networks in coffee shops, airports, offices and hotels is a great boon to the traveling Mac or iPad user; it makes connectivity and remote work much easier than it used to be. Unfortunately, since most of those networks don't employ WEP or WPA passwords to secure the connection between device and hotspot, every byte and packet that's transmitted back and forth is visible to all the computers on the wireless LAN, all the time. While certain sites and services use full-time browser encryption (the ones that have URLs beginning with https:// and that show a lock in the browser status bar), many only encrypt the login session to hide your username and password from prying eyes. This, as it turns out, is the digital equivalent of locking the door but leaving the windows wide open. Firesheep is a Firefox extension which makes it trivially easy to impersonate someone to the websites they log in to while on the same open Wi-Fi network. It kicks in when you login to a website (usually in a secure fashion, via HTTPS) and then the site redirects you to a non-secured page after login. Most sites that operate this way will save your login information in a browser cookie, which can be 'sniffed' by a nogoodnik on the same network segment; that's what Firesheep does automatically. With the cookie in hand, it's simple to present it to the remote site and proceed to do bad things with the logged-in account. Bad things could range from sending fake Twitter or Facebook messages all the way up to, potentially, buying things on ecommerce sites. That process is known as "HTTP session hijacking" (informally, "sidejacking") and has been a known problem for several years, but many sites have not changed to protect their users. Firesheep has made this process of sidejacking very easy, and a reported 104,000+ people have downloaded it. It is important to realize that the security problem exists for users of all browsers. Firesheep is available only for Firefox, but that's just the exploit side; it will gladly harvest cookies from Safari, Chrome, IE or anything else. Unfortunately, you've got to assume that any unencrypted site you go to while on an open Wi-Fi network is susceptible to compromise by this attack. Read on for some suggested ways to combat this security challenge. Photo by adactio | flickr cc
Firesheep makes stealing your cookies, accessing your Facebook account laughably easy
A software developer called Eric Butler doesn't just want to make you aware of the lax security of most social networking sites, he wants to force you to do something about it! To that end, he's developed Firesheep, a Firefox add-on that even the least technically inclined among us can use to eavesdrop on open WiFi networks and capture your fellow users' cookies. Any time a site recognized by Firesheep (including Twitter, Flickr, Facebook, and Dropbox) is accessed by a user on your network, Firesheep provides you with an icon and a link to access that account. Sure, had these sites used SSL to begin with this would be nigh in impossible; but they don't, so it is possible. And easy! And fun! Keep in mind, we're not suggesting that you give this a try yourself (far from it!) but we do hope you look into the larger issues involved here, and take the appropriate steps to force sites to use SSL, and protect yourself in the process (we hear that HTTPS Everywhere and Force-TLS are good places to start). Because, really -- Internet security is enough of a problem without giving everybody at the Coffee Bean your Facebook credentials.
PlayStation 3 used to hack SSL, Xbox used to play Boogie Bunnies
Between the juvenile delinquent hordes of PlayStation Home and some lackluster holiday figures, the PlayStation has been sort of a bummer lately, for reasons that have nothing to do with its raison d'etre -- gaming. That doesn't mean that the machine is anything less than a powerhouse -- as was made clear today when a group of hackers announced that they'd beaten SSL, using a cluster of 200 PS3s. By exploiting a flaw in the MD5 cryptographic algorithm (used in certain digital signatures and certificates), the group managed to create a rogue Certification Authority (CA) which allows them to create their own SSL certificates -- meaning those authenticated web sites you're visiting could be counterfeit, and you'd have no way of knowing. Sure, this is all pretty obscure stuff, and the kids who managed the hack said it would take others at least six months to replicate the procedure, but eventually vendors are going to have to upgrade all their CAs to use a more robust algorithm. It is assumed that the Wii could perform the operation just as well, if the hackers had enough room to spread out all their Balance Boards.[Via ZD Net]
