supraoutletshop.com

Friday, May 16, 2008

A major security hole was discovered in the pseudo-random number generator (PRNG) of the Debian version of OpenSSL. OpenSSL is one of the most used cryptographic software, that allows the creation of secure network connections with the protocols called SSL and TLS. It is included in many popular computer programs, like the Mozilla Firefox web browser and the Apache web server. Debian is one of the most used GNU/Linux distributions, on which are based other distributions, like Ubuntu and Knoppix. The problem affects all the Debian-based distributions that were used to create cryptographic keys since the September 17, 2006. The bug was discovered by Luciano Bello, an argentine Debian package maintainer, and was announced on May 13, 2008.

This vulnerability was caused by the removal of two lines of code from the original version of the OpenSSL library. These lines were used to gather some entropy data by the library, needed to seed the PRNG used to create private keys, on which the secure connections are based. Without this entropy, the only dynamic data used was the PID of the software. Under Linux the PID can be a number between 1 and 32,768, that is a too small range of values if used to seed the PRNG and will cause the generation of predictable numbers. Therefore any key generated can be predictable, with only 32,767 possible keys for a given architecture and key length, and the secrecy of the network connections created with those keys is fully compromised.

These lines were removed as “suggested” by two audit tools (Valgrind and Purify) used to find vulnerabilities in the software distributed by Debian. These tools warned the Debian maintainers that some data was used before its initialization, that normally can lead to a security bug, but this time it was not the case, as the OpenSSL developers wrote on March 13, 2003. Anyway this change was erroneously applied on September 17, 2006, when the OpenSSL Debian version 0.9.8c-1 was released to the public.

Even though the Debian maintainer responsible for this software released a patch to fix this bug on May 8, 2008, the impact may be severe. In fact OpenSSL is commonly used in software to protect the passwords, to offer privacy and security. Any private key created with this version of OpenSSL is weak and must be replaced, included the session keys that are created and used only temporary. This means that any data encrypted with these keys can be decrypted without a big deal, even if these keys are used (but not created) with a version of the library not affected, like the ones included in other operating systems.

For example any web server running under any operating system may use a weak key created on a vulnerable Debian-based system. Any encrypted connection (HTTPS) to this web server established by any browser can be decrypted. This may be a serious problem for sites that requires a secure connection, like banks or private web sites. Also, if some encrypted connection was recorded in the past, it can be decrypted in the same way.

Another serious problem is for the network security software, like OpenSSH and OpenVPN, that are used to encrypt the traffic to protect passwords and grant the access to an administrative console or a private network protected by firewalls. This may allows hackers to gain unwanted access to private computers, networks or data traveled over the network, even if a not affected version of OpenSSL was used.

The same behavior can be applied to any software or protocol that use SSL, like POP3S, SSMTP, FTPS, if used with a weak key. This is the case of Tor, software used to offer strong anonymity on the TCP/IP, where about 300 of 1,500-2,000 nodes used a weak key. With 15-20% of weak Tor nodes, there is a probability of 0.34-0.8% circa to build a circuit that has all tree nodes weak, resulting in a full loss of anonymity. Also the case of only one weak node begin used may facilitate some types of attack to the anonymity. The Tor hidden services, a sort of anonymous public servers, are affected too. However the issue was speedily addressed on May 14, 2008.

The same problem also interested anonymous remailers like Mixmaster and Mixminion, that use OpenSSL to create the remailer keys for the servers and the nym keys for the clients. Although currently there is no official announcement, at least two remailer changed their keys because were weak.

Thursday, March 18, 2010

Nigeria’s acting president, Goodluck Jonathan, has announced the dissolution of the country’s cabinet.

In a statement after a cabinet meeting, Nigeria’s information minister, Dora Akunyili, said that “the acting president of the Federal Republic of Nigeria, Goodluck Jonathan, dissolved the Federal Executive Council [cabinet].” In the same statement, Akunyili said that Jonathan had provided no reason for the move, although analysts said that it was due to the impediment of the cabinet to Jonathan’s efforts to put his own mark on the office.

According to Akunyili, the move would not lead to a power vacuum, as the permanent secretaries will step up to take the positions vacated. Jonathan had taken over the role of acting president in February after President Umaru Yar’Adua temporarily stepped down due to sickness, and the cabinet had been entirely appointed by Yar’Adua.

In Akunyili’s statement, she said that an official statement from Jonathan as to the future of the cabinet would be released soon. Additionally, at some time in the future, Jonathan will submit to the National Assembly a list of his submissions for the next incarnation of the cabinet.

In a statement released from the president’s office, a spokesman said that it was “the prerogative of the president to change the cabinet whenever he feels the need to inject new blood, reinvigorate the cabinet and give it a new focus.” According to another, unnamed, government official, the cabinet had become paralyzed by infighting, impeding attempts of governance on major issues.

Yar’Adua has recently returned to Nigeria after being treated for a heart ailment in Saudi Arabia, but has made no public appearances. As a reflection of his impaired condition, Nigeria’s election next year has been brought forward three months, and the ruling People’s Democratic Party, of which both Yar’Adua and Jonathan belong to, has announced that its candidate in those elections will be a Muslim, preventing Jonathan, a Christian, from running. The decision follows a tradition of alternating between Muslim and Christian candidates, allowing each two four-year terms.

A compilation of brief news reports for Monday, May 7, 2007.

A 30 meter section of a gas pipeline in Luka (near Kiev) in Ukraine has been destroyed by an explosion. Although supplies to Europe via this pipeline have stopped, Ukrainian Energy Minister Georgi E. Boyko said that supplies to Europe would not be affected.

“There are no changes in volumes of gas being transported,” Yuri Korolchuk said. “Volumes due to pass through the damaged section are being redirected through the Soyuz pipeline.”

Normal flows are reported in the Czech Republic, Hungary, Poland and Romania.

Sources

• “Blast damages pipeline in Ukraine” — Russia Today, May 8, 2007
• Natalya Zinets, Reuters. “Blast hits Ukraine gas pipeline” — The Scotsman, May 7, 2007

Copper prices are rising. Between record copper imports from China, and a mining strike in Peru, the prices have climbed to over $8100 (United States dollars) a tonne, for a gain of $575 dollars over the last week. However the upward trend is not new, it has been climbing for quite some time. In April 2003, the price of copper was under $2000 a tonne.

The metal market has been tending up due to growth in the Chinese industrial production. This trickles down to the local level, where the buying price at scrap yards is ever climbing, making scrap metal collection a more profitable endeavour for individual people using pick up trucks or other such vehicles to collect and cash in the scrap metal at metal buying yards. It can be collected via agreements with businesses, from the garbage, or, sometimes, by theft.

Copper prices fell today on the NYMEX commodity exchange from US$3.7545 per pound to US$3.7125 based on the July futures contract.

Sources

• “Copper up but crude oil down” — Financial Express, May 6, 2007
• Millie Munshi. “Metals Bubble Poised to Burst on Increasing Supplies” — Bloomberg L.P., May 7, 2007
• “Commodity Futures” — Bloomberg L.P., accessed May 7, 2007

One man was killed and another injured by an exploding backpack in the parking lot of the Luxor Hotel in Las Vegas, Nevada. The explosion happened at 4 a.m. PDT when the victim tried to remove a the object left on top of his car.

Agents from the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) are on the scene. Aerial images did not show any apparent damage.

“We believe the victim was the intended target of this,” Bill Cassell said, spokesperson for the Las Vegas Metropolitan Police Department. “This is being treated as a homicide in which the weapon used to cause death is a non-traditional weapon.”

Both of the victims worked at the Luxor.

Sources

• Associated Press. “1 dead, 1 hurt in Las Vegas parking lot blast” — MSNBC, May 7, 2007
• “Explosion kills man in Vegas outside Luxor hotel” — Reuters, May 7, 2007

Sunday, March 26, 2006

Buffalo, New York —For the second weekend in a row, demonstrators protested the Elmwood Village Hotel proposal on the proposed site.

The Elmwood Village Hotel is a proposed hotel by Savarino Construction Services Corporation and is designed by architect Karl Frizlen of the Frizlen Group. It is to be placed on the corner of Elmwood and Forest Avenues in Buffalo and will require the demolition of at least five properties (1109-1121 Elmwood).

The proposal also required that all five properties, including 605 Forest, be rezoned to a “C-2” zone, or a “special development plan.” The rezoning was passed by Buffalo’s Common Council on March 21, 2006.

Russell Smith, owner of the Six Nation’s Gift Shop at 1121 Elmwood, also participated in the protest.

“I am a Native American and we opened a Native American gift shop and we are just brand new [and just] opened. Having started out a business for the first time, and it the only Native American shop in the city, and I do not see the use of any hotel, especially at this district. The Elmwood Strip is pretty well established. Some of these people have been here a long while you know and they’re [Savarino Construction] disrupting their livelihood,” said Smith to Wikinews.

When Smith was asked if he was going to be in any of the shops in the new hotel he replied, “we don’t have the option of getting into the hotel or any of the shops that are going to be there. We haven’t [had] any idea that they [Savarino] were even planning to tear these buildings down to put a hotel here until we had moved in. I think thats a little unfair.”

Former City of Buffalo Mayor Anthony Masiello was asked to sign the petition to stop the hotel when he walked by, but he declined saying, “I respect what you are doing, but I am for the hotel.”

Despite the cold weather, at least 45 people showed up to walk the picket line.

For the moment, no further protests have been scheduled, pending the final decision on the hotel proposal by the city’s Planning Board which meets Tuesday, March 28, 2006. The meeting begins at 8:00am and will be held in room 902 on the 9th floor of City Hall in downtown Buffalo.

On Saturday morning several individuals attended a meeting with a lawyer to see what could be done, if anything, about the proposal and about Hans Mobius, former Buffalo mayoral candidate and owner of the properties to be demolished at 1109-1121 Elmwood.

One of the attendees, Nancy Pollina, co-owner of Don Apparel with Patty Morris, stated that “there is a case” but that she is likely unable to afford the large attorney’s fees. Pollina reports that she is looking into a “legal fund.”

Some of the affected are considering going to the New York State Supreme Court pro se to seek an injunction.

Some tenants of Mobius’s buildings have accused him of being a “slumlord” and claim that he “intentionally neglected” his properties with the intention of selling. Mobius, who has owned the properties for about 20 years, tried in 1995 to sell them to a developer who wanted to build a Walgreens Drugstore on the same site as the proposed hotel.

Mobius is expected to appear in housing Court on April 11, 2006. He has not returned any phone calls from Wikinews.

Saturday, December 5, 2009

According to Médecins Sans Frontières the health care system in Sierra Leone causes loss of life because the poor cannot afford medical treatment.The maternal death rate and the child mortality rate in Sierra Leone are the highest in the world.Experiences of Médecins Sans Frontières had shown that free care or low fees lead to a dramatic increase in the number of patients.Nonetheless the national health system of Sierra Leone demands payment for all treatment with simple consultations costing as much as 25 days of income.According to Action Against Hunger the number of children with acute malnutrition has reached almost twice the level of the WHO‘s emergency threshold of 2% in the Moyamba district of Sierra Leone.

The Los Angeles Times writes that Sierra Leone, in spite of decades of foreign aid, has not yet increased the standard of living of its people considerably and 60% of the public spending of Sierra Leone come from other governments and nonprofit organizations.Since 2002 the country received $1 billion in aid but the infant mortality rate is almost the highest in the world, lower than Angola but higher than Afghanistan. The newspaper further reports that the United Nations state that 1 in 8 Sierra Leonean women die giving birth, as compared to 1 in 4,800 in the United States and that life expectancy in Sierra Leone is merely 41 years while in Bangladesh life expectancy reaches 60 years.

The government of Sierra Leone had expressed its intend to abolish user fees for women and children with a new plan for a fairer health care system that was to be revealed on the Sierra Leone Investment and Donor Conference, which was held in London on November 18 and 19.

“The Sierra Leone government has publicly stated its commitment to abolish user fees, and the UK government and other donors have promised to help,” said Seco Gerard, advisor at Médecins Sans Frontières’s analysis and advocacy unit. “What is crucial now is that Sierra Leone actually receives the necessary funding and technical assistance to realise this objective. It is time that words are being followed up by concrete action. If not, people who could otherwise be saved will continue to die needlessly every day.”

The Telegraph reports that president Bai Koroma was also hoping to secure a significant increase in aid donations with his new health plan.While Germany declined to support president Bai Koroma’s “Agenda for Change” and urged to give more consideration to women’s welfare the country received support from the European Union, DFID, UNIPSIL, World Bank, IFAD and the African Development Bank. From the pledges of $850 million the government of Sierra Leone was hoping for only about $300 millions could be secured, with attached conditionalities concerning the use of funding.

In a presentation at the Ministry of Finance and Economic Development in Freetown the Unicef representative for Sierra Leone, Mr. Mahimbo Mdoe, expressed gratitude about a pledge of about $1.3 million conveyed by the Ambassador of Japan to Sierra Leone, His Excellency Mr. Keiichi Katakami, and about earlier donations to UNICEF-Sierra Leone in the past years, amounting to over $20 million.The intended application of the funding is the goal to half child and maternal mortality by 2010, to introduce a social health insurance scheme, to improve equipment and to train health professionals.

Wednesday, December 30, 2009

Authorities in Yemen say the Nigerian man accused of trying to destroy a U.S. airliner last week lived in Yemen during a four-month period earlier this year.

The Yemeni Foreign Ministry and it’s Minister, Abu Bakr al-Qirbi says 23-year-old Umar Farouk Abdulmutallab lived there between early August and early December. The ministry says the Nigerian was granted a visa to study Arabic at an institute in the capital Sana’a. Security officials say they approved the visa for Abdulmutallab because he was granted visas by several friendly countries, and still held a valid visa to the United States.

Abdulmutallab is charged with trying to detonate a bomb while flying aboard Northwest Airlines Flight 253 traveling from Amsterdam to Detroit. Authorities say he unsuccessfully tried to set off explosives attached to his body as the plane was approaching Detroit.

A group known as al-Qaeda in the Arabian Peninsula claimed responsibility on Monday for the failed attack. In an Internet statement, the group says the attack was in retaliation for U.S. support for operations against the group in Yemen. The claim could not be independently verified.

Yemen has recently begun operations with U.S. support against al-Qaeda due to concerns that the country is becoming a training ground for militants. al-Qirbi said to BBC’s Radio 4, that al-Qeada remains a top priority despite the Yemeni government having to deal with two insurgencies, one in the north by Shi’a rebels and one in the south by separatists.

al-Qirbi said the Yemeni government needs more support, “We need more training. We have to expand our counter terrorism units and this means providing them with the necessary training, military equipment, ways of transportation – we are very short of helicopters. The United States can do a lot, Britain can do a lot, the European Union can do a lot in that regard.”

He also believed there 200 to 300 members of al-Qaeda in Yemen, however, that is a rough estimate. He added, “Of course there are a number in Yemen and they may actually plan for attacks as in Detroit.” However, he called some statements made by U.S. officials overstated and “exaggerated in some media.”

U.S. President Barack Obama says the United States will use all resources to find and hold accountable those responsible for the terrorist plot.

The president on Monday ordered a full review of air safety regulations and the terrorist watch-list system, in an effort to prevent future attacks. He vowed to use every element of U.S. power “to disrupt, to dismantle and defeat” extremists in Afghanistan, Pakistan, Yemen, Somalia or elsewhere, who might want to attack the United States.

Abdulmutallab’s name was listed in a U.S. government intelligence database, but he was not on the government’s so-called “no-fly list,” which would have banned him from flying on a U.S. airline.

His father, a prominent banker and former Nigerian government minister, had warned the U.S. embassy in Nigeria about his son’s extremist views.

Thursday, March 13, 2008

Wikinews held an exclusive interview with Jeremy Robinson, the bestselling American author from Massachusetts who wrote the thrillers The Didymus Contingency, Raising the Past and Antarktos Rising.

Before deciding to take up the writing of fiction, Robinson was an artist and moviemaker. He says of his years before getting published, “I lived well under the poverty line…..so I could write.”

Although his first book, The Didymus Contingency, was self-published, the following two were released through a small press. Recently, he signed a three book deal with St. Martin’s Press, a major publisher. He said that he was “pretty excited” about this.

Robinson is currently at work on two other novels.