Category: Uncategorised

Enlarge / A demo planned for Wednesday will show how an ad hosted on nytimes.com could attack other HTTPS-protected sites. (credit: Vanhoef, Van Goethem)

The HTTPS cryptographic scheme protecting millions of websites is vulnerable to a newly revived attack that exposes encrypted e-mail addresses, social security numbers, and other sensitive data even when attackers don't have the ability to monitor a targeted end user's Internet connection.

The exploit is notable because it doesn't require a man-in-the-middle position. Instead, an end user need only encounter an innocuous-looking JavaScript file hidden in an Web advertisement or hosted directly on a webpage. The malicious code can then query a variety of pages protected by the secure sockets layer or transport layer security protocols and measure the precise file sizes of the encrypted data they transmit. As its name suggests, the HEIST technique—short for HTTP Encrypted Information can be Stolen Through TCP-Windows—works by exploiting the way HTTPS responses are delivered over the transmission control protocol, one of the Internet's most basic building blocks.

Once attackers know the size of an encrypted response, they are free to use one of two previously devised exploits to ferret out the plaintext contained inside it. Both the BREACH and the CRIME exploits are able to decrypt payloads by manipulating the file compression that sites use to make pages load more quickly. HEIST will be demonstrated for the first time on Wednesday at the Black Hat security conference in Las Vegas.

(credit: Laura Bittner)

In the past, we’ve covered attempts by some political groups (or politicians) to access climate scientists’ e-mails. The idea is generally to trawl through them for anything that can be used to bolster the claim that climate science is somehow fraudulent—hypothetically vindicating those who have refused to acknowledge the scientific consensus for decades.

A long-time target of these activists has been researcher Michael Mann, whose work on tree ring climate records resulted in “the hockey stick,” a graph of the last millennium of climate history that shows rapid warming at the end of a gradual cooling trend. Although that record has been extended and replicated many times now, some still believe Mann must have somehow distorted the data to produce the appearance of sudden warming. As a result, Mann has been involved in court cases for years over demands for his e-mails from a conservative advocacy group and then Virginia Attorney General Ken Cuccinelli. More recently, Mann has been involved in a countersuit against those who publicly accused him of fraud.

Well, having failed to get access to Mann’s e-mails through the Virginia courts, the same opposition group (now called the Energy & Environment Legal Institute) decided to go after one of Mann’s colleagues since he worked in a different state. The University of Arizona rebuffed a very broad 2011 Freedom of Information Act request for the e-mails of Malcolm Hughes, part of the “hockey stick” team, and James Overpeck, a coordinating lead author of the 2007 IPCC report’s chapter on paleoclimate.

A cartoon representing neurotransmitters crossing a synapse. (credit: University of Connecticut)

Neurons communicate by sending chemical signals called neurotransmitters across synapses, specialized connections between two individual cells. This communication requires a delicate and intricate molecular architecture. A recent paper published in Nature has now shown that the structure of this intercellular space is more complicated than previously thought, and it probably helps boost the efficiency of the signaling.

The authors of this paper imaged three proteins found in the cell that start the signaling process. (Generically called presynaptic proteins, the ones looked at here are RIM1, RIM2, Munc13, and bassoon.) Each of these proteins was specifically tagged, and the authors plotted the density of their distribution across the active zones of the synapse.

The team then developed an algorithm that allowed it to identify small clusters of proteins based on their local density. These nanoclusters were more likely to be located near the center of each synapse than near the synaptic edges. This wasn’t true of all the proteins, but at least two were tightly restricted and a third less so (bassoon was almost uniform throughout the synapse).

The value of bitcoins plummeted 20 percent after almost 120,000 units of the digital currency were stolen from Bitfinex, a major Bitcoin exchange.

The Hong Kong-based exchange said it had discovered a security breach late Tuesday, and has suspended all transactions.

“We are investigating the breach to determine what happened, but we know that some of our users have had their Bitcoins stolen. We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up,” said the company on its website.