Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

A Nice Little Cryptography Primer

By itss | 28/06/2021
0 Comment

Pun Intended.

Category: Technology
Post navigation
← pfSense / Wireguard / Bad Code / Close Call Why Quake3 was so fast : Fast Inverse Square Root →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • SMPTE Opens Entire Standards Catalog for Free, Removing Century-Old Paywall
    by EditorDavid on 20/06/2026 at 4:34 pm

    The Society of Motion Picture and Television Engineers has published over 800 technical standards over the years (as a professional association for the media and entertainment industry). But this week SMPTE "announced that its complete Standards catalog, the technical backbone behind everything from SDI and timecode to IP-based broadcast workflows, is now freely available to anyone in the global media technology community," reports the filmmaking news site CineD, arguing it's "one of the more meaningful structural shifts we have seen from a standards body in years" that could "reshape how smaller developers and educators engage with professional media technology." The move covers all published Standards, Recommended Practices, Engineering Guidelines and Registered Disclosure Documents, plus every future release, ending a long-standing model in which individual documents often sold for well over $100 each. For more than a century, SMPTE Standards have quietly governed how images and sound move through the production chain. If you have ever recorded timecode in the HH:MM:SS:FF format, routed a signal over 3G-SDI, or built a facility around the ST 2110 suite for media over IP, you have relied on SMPTE specifications, whether you knew it or not... Until now, accessing the actual text of those documents usually meant paying per file, a barrier that this announcement removes entirely... The latest releases are available through the Recently Published Documents page on the SMPTE website, with the complete archive reachable through the SMPTE Standards Library... There is also a practical, behind-the-scenes story here. The open-access move is part of a broader modernization of how SMPTE develops and publishes Standards. Recent initiatives include adopting GitHub-based workflows for version control, issue tracking and automation, transitioning to structured HTML-based authoring, and implementing an integrated publishing pipeline that streamlines document creation, review, validation and release... The most consequential beneficiaries are arguably not the large members already inside the system, but the developers, integrators, educators and manufacturers who previously worked around the paywall... The practical upshot is that developers and emerging markets can build from accurate primary specifications rather than secondhand sources, which matters enormously when a single misread tolerance or metadata field can break compatibility down the line. This also fits a wider pattern of the industry moving toward openness. We have previously covered moments like GoPro's decision to make its CineForm codec open source and release the SDK, a codec that SMPTE itself standardized in 2015 as an open standard for acquisition and post production. Lowering the cost of knowledge tends to widen the pool of people who can contribute to it, and a freely readable standards library is a significant step in that direction for an organization that has historically sat behind a per-document fee. "This was a decision we did not make lightly," says SMPTE President Rich Welsh. But "For 110 years, SMPTE has evolved alongside the media technology industry, helping to drive change and innovation — and we're not stopping now." "Our industry is confronting transformative shifts, from IP-based workflows to AI authenticity and content provenance, and we find ourselves at another inflection point. We listened to our Members, Partners and the global Standards community, and the answer was clear: Interoperability is essential to the future of media. Now is the time to open the gates and ensure the next generation of media technology is built on a stronger, more accessible foundation." Thanks to innocent_white_lamb (Slashdot reader #151,825) for sharing the news. Read more of this story at Slashdot.

  • Microsoft Discovers Cryptocurrency Stealer That Spreads Through USB Drives and Uses Tor
    by EditorDavid on 20/06/2026 at 3:34 pm

    Ars Technica's senior security editor reports: Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency credentials, which it then sends to attacker-controlled servers. The company named the worm Crypto Clipper because it monitors the contents of device clipboards for patterns consistent with wallet addresses or seed phrases. When found, the malware also takes five screenshots over a 10-second period... "The execution of this clipper is notable because it does not depend on a traditional installer or exposed IP-based C2 infrastructure," Microsoft said Thursday. "Instead, it deploys a portable Tor client, routes traffic through a local SOCKS5 proxy, and blends data theft with remote code execution, turning a financially motivated stealer into a lightweight backdoor." Microsoft said it observed Crypto Clipper spreading through .lnk file on a USB drive. These files store executable code. When an infected USB drive is plugged into a device, the code checks whether it is already installed on the machine. If it isn't, the malware downloads it through the Tor proxy. To better conceal evidence of the worm, the malware scans the infected USB drive and names the .lnk files with similar names... The stealer also replaces addresses it finds with ones belonging to attacker-controlled wallets. This allows the malware to divert payments to the attacker's pockets. Microsoft believes the purpose of the screenshots is to provide context that may be useful. "This malware family shows how lightweight, script-based stealers can deliver outsized impact when paired with anonymized communications and runtime tasking," Microsoft said. "The combination of Tor-routed C2, clipboard targeting, screenshot capture, and remote code execution gives attackers both immediate monetization paths and continued control over compromised devices." Thanks to Slashdot reader joshuark for sharing the news. Read more of this story at Slashdot.

  • FSF Patches Two-Year-Old Vulnerability Found by AI Researchers in GNU Savannah Repository
    by EditorDavid on 20/06/2026 at 2:34 pm

    The Free Software Foundation's GNU Savannah hosts thousands of free software projects — both GNU and non-GNU projects, including Drupal. But in early May, security researchers from Hacktron.AI reported vulnerabilities and demonstrated an exploit, according to a new statement Friday from the FSF: We have been working with these researchers since their initial report, and have also addressed additional security issues they submitted. All reported issues have been patched thanks to the hard work of GNU and FSF volunteers, as well as FSF staff. After thorough review, we have found no reason to believe that sensitive project data or credentials were accessed, nor that there has been any compromise of Savannah's software supply chain. Nevertheless, we take the security of the GNU system, the tools which make it possible, and the projects we host very seriously. This body of software has become essential to millions (if not billions) of users around the world. We are therefore taking additional precautionary steps. Though the initial security issue was reported to us in early May, the vulnerabilities were discovered in software that was published approximately two years prior. We will be communicating directly with Savannah-hosted projects about steps they can take to review and strengthen the security of their projects. We have also communicated with the other Savane instances we're aware of to assist their review of their own environments, and take any steps needed to help protect their users... This statement is intended as an initial notice. We expect to publish a report on the incident within 30 days. Hacktron.AI bills itself as "Your AI teammate for security." Its web page notes that its investors include Meta, DeepMind, and Perplexity. Read more of this story at Slashdot.

  • Student Loan Borrowers Will Get Interest Rate Cut If They Sign Up For Auto Pay
    by BeauHD on 20/06/2026 at 11:00 am

    An anonymous reader quotes a report from NPR: Student loan borrowers who enroll in automatic payments will get a much bigger discount on interest starting July 1, the U.S. Department of Education says. Auto pay has long offered a modest discount off borrowers' interest rate -- .25 percentage points -- but after millions of borrowers opted out during the long COVID repayment pause, with some making no payments for years, the nation's student debt portfolio swelled to $1.7 trillion. On Thursday, the department said it will temporarily increase its auto pay interest rate discount to one full percentage point. Practically, that means an undergraduate borrower with a loan at the current 6.39% would see their interest rate drop temporarily to 5.39%. The rate cut will last for two years, from July 1, 2026 through June 30, 2028. Borrowers already enrolled in auto pay do not need to act. They will automatically receive the rate cut. [...] The department says borrowers will have until Sept. 30 to sign up for auto pay and qualify for the two-year interest discount. Read more of this story at Slashdot.

  • Amazon Retaliated Against Workers Who Supported Regulating Data Centers, Complaint Says
    by BeauHD on 20/06/2026 at 7:00 am

    Three Amazon employees have filed a civil-rights complaint alleging the company retaliated against them for publicly supporting Seattle regulations on data centers. "The complaint was filed on the workers' behalf by Amazon Employees for Climate Justice, an independent group of corporate employees at Amazon that since 2018 has organized around climate issues," reports The New York Times. "It said the company started investigations and told the employees that they could face discipline, in one case up to potential termination, in an act of intimidation that violated the city's civil rights protections against discrimination for political beliefs." Amazon says it launched the internal investigations to determine whether the employees appeared to be speaking on the company's behalf rather than as private citizens. "As we looked more closely at how these employees represented themselves, and how their comments were received by others, it became clear that they may have been speaking in their capacity as Amazonians and not as private citizens," said an Amazon spokesperson. They said that the company does not allow retaliatory behavior and that when the investigation is concluded, Amazon "may or may not take action based on what we find." The New York Times reports: Five Amazon tech workers affiliated with Amazon Employees for Climate Justice testified at several different hearings before the Seattle City Council and two of its committees. Their testimony in the company's hometown drew national attention, and it put the tech giant in the awkward position of responding to public criticism of data centers and artificial intelligence from its own employees. Patrick Schloesser, who has worked as a software engineer at Amazon Web Services since 2020, said in an interview with The New York Times that Amazon told him he was under investigation last week, when he was called into a meeting with no notice. He had testified at two City Council hearings in early June. "I had this rising sense of anger that Amazon is attempting to infringe on my rights to speak out politically in my city," he said. "If we allow corporations to decide which speech is or is not allowed, that absolutely hurts democracy." [...] [...] The Amazon employees testified that Seattle should consider conditions on allowing new data centers, such as requiring new renewable energy sources of power, banning the use of nondisclosure agreements between the city and developers, and limiting public subsidies. They offered to help create new rules based on their experience as tech workers. "Seattle needs to set the terms so the way any new data centers get built here actually moves us closer to the future we want," Darius Irani, who has worked as a software engineer in Amazon's grocery business since 2021, said at a June 3 hearing before the Council's Parks and City Light Committee. He suggested requiring public reporting of water and power use, banning shell companies and harnessing the heat emitted from the chips in data centers to warm nearby buildings. Amazon told news organizations at the time that it respected 'our colleagues' right to voice their opinions and that the company did not have plans to build data centers within the city limits. On June 9, the Council unanimously voted for a one-year moratorium on new, large data centers in order to give it time to develop regulations. The next day, an Amazon employee relations staff member met the three workers in individual meetings and told them that they were under investigation for their testimony, according to the complaint. Mr. Irani said he was repeatedly questioned about his testimony and who else at Amazon was present at the hearings. "It feels like they say one thing publicly and try to silence and intimidate me privately, which I think is wrong," Mr. Irani said. Read more of this story at Slashdot.

  • Using Sound Waves To Make Espresso Could Cut Coffee-Brewing Energy Use By 75%
    by BeauHD on 20/06/2026 at 3:30 am

    Researchers developed an ultrasonic espresso process that uses high-frequency sound waves instead of hot water to produce espresso-strength coffee at room temperature. And, not only did coffee drinkers find it comparable to traditional espresso, but the brewing process cut energy use by up to 75%. An anonymous reader quotes a report from The Conversation: We have developed what we call an ultrasonic espresso: a room-temperature brewing process that uses high-frequency sound waves to extract the flavor, oils, aroma and caffeine from coffee grounds. The result is an espresso-strength coffee made in under three minutes, but needing far less energy than the conventional method. Saving up to 75% of energy by not heating the water is a minor benefit for home users or small coffee shops. But for companies making ready-to-drink coffee products at industrial scale, it could be very significant indeed. A concentrated room-temperature coffee could be used directly in bottled drinks, milk-based beverages or cold coffee products. It can also be shipped as a concentrate and diluted later. This would reduce not only energy use, but potentially processing time as well. The key to the new process is ultrasound. These are sound waves above the range of human hearing. In our system, a small metal device called a transducer presses against the side of a traditional espresso basket and makes it vibrate rapidly. Those vibrations move through the water and coffee grounds. This creates a phenomenon known as acoustic cavitation. Tiny bubbles form and collapse in the liquid. When these bubbles collapse near coffee particles, they produce microscopic jets and forces that act a little like scrubbing brushes. They pit and fracture the surface of the coffee grounds, helping flavor compounds, oils and caffeine move into the water much faster than they normally would at room temperature. In other words, ultrasound helps us replace heat with mechanical energy. [...] In earlier work, we used ultrasound to speed up cold brew dramatically. But the challenge in this project was different: could we produce something with the strength, body and intensity of espresso, without heating the water? To do that, we adjusted several variables. Brew ratio was one of the most important: how much water we used for each gram of coffee. Too much water and the drink becomes diluted; too little and extraction becomes difficult. Grind size also mattered. Finer grounds allowed us to extract flavor more rapidly. Finally, we tested how long the ultrasound should be applied. We found the sweet spot was about two-and-a-half to three minutes. Of course, making a concentrated coffee in the laboratory is one thing. The real test is whether people want to drink it. [...] For the espresso samples, participants could not reliably tell the traditional and ultrasonic versions apart. There were no significant differences in aroma, flavor, bitterness or overall liking. For filter coffee, the ultrasound version was actually preferred overall, with participants rating its bitterness more pleasantly. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress