eEye Digital Security tomorrow will make its first foray into the Web vulnerability space -- with a new member of its Retina Security Scanner family that roots out Web application flaws. ... Retina Web Security Scanner officially ships tomorrow and list pricing begins at $6,995.
Irony is a new-generation .NET compiler construction kit. It utilizes the full potential of c# 2.0 and .NET Framework to implement a completely new and streamlined technology of compiler construction. Unlike most existing yacc/lex-style solutions Irony does not employ any scanner or parser code generation from grammar specifications written in proprietary meta-language. In Irony the target language grammar is coded directly in c# using operator overloading to express grammar constructs. Irony's scanner and parser modules use the grammar encoded as c# class to control the parsing process. See the expression grammar sample for an example of grammar definition in c# class, and using it in a working parser.
The Lenovo X300, The Macbook Air, and a Big Manila Envelope
Topic: Technology
10:17 am EST, Mar 2, 2008
Fits in a manila envelope like a hand in the OJ glove.
I would of bought an X300 last summer when I was shopping for a Thinkpad. I wanted a X-series but with higher screen resolution. Finally Lenovo offers what I wanted.
This Psychologist Might Outsmart the Math Brains Competing for the Netflix Prize
Topic: Technology
10:21 pm EST, Feb 28, 2008
At first, it seemed some geeked-out supercoder was going to make an easy million.
In October 2006, Netflix announced it would give a cool seven figures to whoever created a movie-recommending algorithm 10 percent better than its own. Within two weeks, the DVD rental company had received 169 submissions, including three that were slightly superior to Cinematch, Netflix's recommendation software. After a month, more than a thousand programs had been entered, and the top scorers were almost halfway to the goal.
But what started out looking simple suddenly got hard. The rate of improvement began to slow. The same three or four teams clogged the top of the leaderboard, inching forward decimal by agonizing decimal. There was BellKor, a research group from AT&T. There was Dinosaur Planet, a team of Princeton alums. And there were others from the usual math powerhouses — like the University of Toronto. After a year, AT&T's team was in first place, but its engine was only 8.43 percent better than Cinematch. Progress was almost imperceptible, and people began to say a 10 percent improvement might not be possible.
Then, in November 2007, a new entrant suddenly appeared in the top 10: a mystery competitor who went by the name "Just a guy in a garage." His first entry was 7.15 percent better than Cinematch; BellKor had taken seven months to achieve the same score. On December 20, he passed the team from the University of Toronto. On January 9, with a score 8.00 percent higher than Cinematch, he passed Dinosaur Planet.
I always thought the Netflix challenge would require less technology and more of that je ne sais quoi. This guy applies psychology to set theory with impressive results.
How Crypto Won the DVD War | Threat Level from Wired.com
Topic: Technology
9:31 pm EST, Feb 26, 2008
Support from studios has been widely cited as the reason for Blu-ray's victory, but few consumers know that the studios were likely won over by the presence of a digital lock on movies called BD+, a far more sophisticated and resilient digital rights management, or DRM, system than that offered by HD DVD.
That is interesting... But we all know that first there will be blu-ray software, second there will be blu-ray burners, third there will be blu-ray decrypters.
The Windows Client-Server Communication Protocols can be implemented in a range of server applications to communicate or interoperate with Windows-based client operating systems and other compatible server or client software. This document describes the technical relationships among these protocols.
Wiperless windshields in your future? Thanks, nanotech.
Topic: Technology
10:31 pm EST, Feb 24, 2008
The first layer protects from sun and repels water, the second layer features "nano-dust" to push dirt to the edges of the windshield and is activated by the third layer which senses the dirt, while the whole kit is powered by the fourth layer which conducts electricity to keep it going. The tech could be ready for mass production within 5 years, but there's already a working prototype in the Hidra concept car.
A team of Russian hackers have found a way to read the CAPTCHA with 35% accuracy. Let there be no mistake: the CAPTCHA that Yahoo! deploys is believed one of the most difficult CAPTCHA's to crack. It utilizes bended alpha numeric characters and other features you might expect from a strong CAPTCHA, and still it's easy to solve by humans.
Impressive Russian hackers... Only failing roughly 2 out of 3 tries. The Russian hackers went on to say:
The CAPTCHA has a vulnerability we'll discuss later. It's not necessary to achieve high degree of accuracy when designing automated recognition software. The accuracy of 15% is enough when attacker is able to run 100,000 tries per day, taking into the consideration the price of not automated recognition – one cent per one CAPTCHA.
Why can they get away with 100,000 tries per day?!?! That statement made me think that Yahoo's CAPTCHA sounds like a good candidate for the incremental delay anti-bruteforcing technique. In short, the incremental delay could decrease the number of successful attacks by delaying the response time from a failed automated attack.
After the first failed login attempt, for example, the response would be delayed by one second. After the second failed attempt, the response would be delayed by two seconds, and so on. A one-, two-, or even six-second delay is probably not going to bother a human user too seriously. Certainly he will find it less irritating than having to wait 30 minutes for his account to reactivate because he accidentally left his caps lock key on. On the other hand, an incrementing delay can completely defeat an automated tool being used for a brute force attack. Assuming the tool could normally make ten requests per second, the time it would take to make one thousand requests would jump from two minutes to five days. This pretty much renders the brute force attack tool useless.
If only to prevent Russian spammers from creating less bogus Yahoo email accounts to SPAM from; do you think incremental delay would help Yahoo?
