Explaining The Terrifying Bug That Just Exposed A Huge Portion Of The Internet’s Secrets


, , , ,

What Is The Heartbleed Bug?

The Heartbleed bug is a just-discovered vulnerability in the immensely popular OpenSSL cryptographic software library. Is your head spinning yet? Just stick with us.

OpenSSL is the most widely used implementation of a suite of security protocols called Secure Sockets Layer (SSL) that help encrypt traffic while surfing the web.

Every time you send and receive information online — say when you’re buying that awesome new pizza t-shirt from Urban Outfitters — there’s a chance your data is sent via SSL. You can tell SSL is being used when you see “https,” a lock, or a green indicator while browsing certain sites. Read more…@digg & @heartbleed

Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping


, , , ,

Exploits allow attackers to obtain private keys used to decrypt sensitive data.

Researchers have discovered an extremely critical defect in the cryptographic software library an estimated two-thirds of Web servers use to identify themselves to end users and prevent the eavesdropping of passwords, banking credentials, and other sensitive data.

The warning about the bug in OpenSSL coincided with the release of version 1.0.1g of the open-source program, which is the default cryptographic library used in the Apache and nginx Web server applications, as well as a wide variety of operating systems and e-mail and instant-messaging clients. The bug, which has resided in production versions of OpenSSL for more than two years, could make it possible for people to recover the private encryption key at the heart of the digital certificates used to authenticate Internet servers and to encrypt data traveling between them and end users. Attacks leave no traces in server logs, so there’s no way of knowing if the bug has been actively exploited. Still, the risk is extraordinary, given the ability to disclose keys, passwords, and other credentials that could be used in future compromises.

“Bugs in single software or library come and go and are fixed by new versions,” the researchers who discovered the vulnerability wrote in a blog post published Monday. “However this bug has left a large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitations and attacks leaving no trace this exposure should be taken seriously.” Read more…@arstechnica

Abstract Class Versus Interface in the JDK 8 Era


, , ,

In The new Java 8 Date and Time API: An interview with Stephen ColebourneStephen Colebourne tellsHartmut Schlosser, “I think the most important language change isn’t lambdas, but static and default methods on interfaces.” Colebourne adds, “The addition of default methods removes many of the reasons to use abstract classes.” As I read this, I realized that Colebourne is correct and that many situations in which I currently use abstract classes could be replaced with interfaces with JDK 8 default methods. This is pretty significant in the Java world as the difference between abstract classes and interfaces has been one of the issues that vex new Java developers trying to understand the difference. In many ways, differentiating between the two is even more difficult in JDK 8.

Read more… @marxsoftware

Adventures in GPS Track Analytics: A Geospatial Primer


, ,

This all started on a hiking trip to Žbevnica more than 10 years ago. I had my new GPS with me and a friend of mine had a GPS connected to a Windows ME phone. The hike was great, but when we returned to our cars, we were surprised to see that one GPS claimed we had walked 6.2km, while the other reported 6.7km. One claimed our elevation gain (i.e., the sum of all uphill parts of our hike) had been 300m, while the other reported it as 500m.

Being a programmer, I was immediately intrigued by the problem. I said to myself, “this should not be that hard to fix with a simple script.” After all, GPS tracks are just a list of tuples in the form of (latitude, longitude, elevation), right?

Well, not really.

And thus began my excursion into the fascinating world of GPS tracks and, more generally, geospatial programming.

Geospatial Information Systems (GIS) is a huge and complex domain, encompassing map projections andgeodetic datumsraster and vector data processing, and remote sensing. A comprehensive introduction to this domain would be well beyond the scope of this article. And since focusing on a specific problem can often be a useful way to introduce oneself to a new domain anyway, I’ll present a few specific challenges I encountered and some possible solutions; namely:

  • How to recognize, understand, and programmatically correct GPS tracking errors
  • How to compute and derive additional useful information from GPS tracks

For starters, GPS tracks are not just a series of (latitude, longitude, elevation) tuples. Many GPS-enabled devices will also provide metadata like time, heart rate, and so on. Some GPS devices will even provide information on how accurate the data is; a.k.a., “dilution of precision”. But, unfortunately, most GPS devices – especially the lower-end ones that dominate the market – won’t provide this information and we are left with the challenge of deducing the accuracy of the device on our own (and ideally correcting accordingly, where possible).

Let’s start with one possible algorithm to detect low-end GPS devices (like most smartphones) which usually have low-quality GPS data. Read more… @total

Big Data ‘Escapes the Lab’: Tips for Small Businesses


, ,

In the business world, there’s no such thing as being too small for Big Data. The term Big Data refers to the vast amount of customer information gathered from social networks, chat and email correspondences, browsing history and other online and offline sources. And it has offered businesses unparalleled insights into consumer behaviors and preferences, making it easier than ever to improve sales and service. Read more… @BusinessNewsDaily


Get every new post delivered to your Inbox.

Join 147 other followers