9/23/2011

Tiny Neutrinos May Have Broken Cosmic Speed Limit


Tiny Neutrinos May Have Broken Cosmic Speed Limit
By DENNIS OVERBYE
Published: September 22, 2011


Roll over, Einstein?

The physics world is abuzz with news that a group of European physicists plans to announce Friday that it has clocked a burst of subatomic particles known as neutrinos breaking the cosmic speed limit — the speed of light — that was set by Albert Einstein in 1905.


If true, it is a result that would change the world. But that “if” is enormous.


Even before the European physicists had presented their results — in a paper that appeared on the physics Web site arXiv.org on Thursday night and in a seminar at CERN, the European Center for Nuclear Research, on Friday — a chorus of physicists had risen up on blogs and elsewhere arguing that it was way too soon to give up on Einstein and that there was probably some experimental error. Incredible claims require incredible evidence.

“These guys have done their level best, but before throwing Einstein on the bonfire, you would like to see an independent experiment,” said John Ellis, a CERN theorist who has published work on the speeds of the ghostly particles known as neutrinos.

According to scientists familiar with the paper, the neutrinos raced from a particle accelerator at CERN outside Geneva, where they were created, to a cavern underneath Gran Sasso in Italy, a distance of about 450 miles, about 60 nanoseconds faster than it would take a light beam. That amounts to a speed greater than light by about 0.0025 percent (2.5 parts in a hundred thousand).

Even this small deviation would open up the possibility of time travel and play havoc with longstanding notions of cause and effect. Einstein himself — the author of modern physics, whose theory of relativity established the speed of light as the ultimate limit — said that if you could send a message faster than light, “You could send a telegram to the past.”

Alvaro de Rujula, a theorist at CERN, called the claim “flabbergasting.”

“If it is true, then we truly haven’t understood anything about anything,” he said, adding: “It looks too big to be true. The correct attitude is to ask oneself what went wrong.”

The group that is reporting the results is known as Opera, for Oscillation Project with Emulsion-Tracking Apparatus. Antonio Ereditato, the physicist at the University of Bern who leads the group, agreed with Dr. de Rujula and others who expressed shock. He told the BBC that Opera — after much internal discussion — had decided to put its results out there in order to get them scrutinized.

“My dream would be that another, independent experiment finds the same thing,” Dr. Ereditato told the BBC. “Then I would be relieved.”

Neutrinos are among the weirdest denizens of the weird quantum subatomic world. Once thought to be massless and to travel at the speed of light, they can sail through walls and planets like wind through a screen door. Moreover, they come in three varieties and can morph from one form to another as they travel along, an effect that the Opera experiment was designed to detect by comparing 10-microsecond pulses of protons on one end with pulses of neutrinos at the other. Dr. de Rujula pointed out, however, that it was impossible to identify which protons gave birth to which neutrino, leading to statistical uncertainties.

Dr. Ellis noted that a similar experiment was reported by a collaboration known as Minos in 2007 on neutrinos created at Fermilab in Illinois and beamed through the Earth to the Soudan Mine in Minnesota. That group found, although with less precision, that the neutrino speeds were consistent with the speed of light.

Measurements of neutrinos emitted from a supernova in the Large Magellanic Cloud in 1987, moreover, suggested that their speeds differed from light by less than one part in a billion.

John Learned, a neutrino astronomer at the University of Hawaii, said that if the results of the Opera researchers turned out to be true, it could be the first hint that neutrinos can take a shortcut through space, through extra dimensions. Joe Lykken of Fermilab said, “Special relativity only holds in flat space, so if there is a warped fifth dimension, it is possible that on other slices of it, the speed of light is different.”

But it is too soon for such mind-bending speculation. The Opera results will generate a rush of experiments aimed at confirming or repudiating it, according to Dr. Learned. “This is revolutionary and will require convincing replication,” he said.


This article has been revised to reflect the following correction:

Correction: September 22, 2011

A previous version of this article misspelled Alvaro de Rujula's last name.

A version of this article appeared in print on September 23, 2011, on page A8 of the New York edition with the headline: Tiny Neutrinos May Have Broken Cosmic Speed Limit.


Source: NYT Sciense

9/22/2011

The OWASP Top 10 Web Application Security Risks for 2010



The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2010 version are underway and they will be posted as they become available.
We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

The OWASP Top 10 Web Application Security Risks for 2010 are:



Infográfico: 12 entraves para a ausência de inovação

Fonte: Portal HSM


9/21/2011

Elmore James - Every Day I Have The Blues


Willie Dixon - 'I ain't superstitious'



Sonny Boy Williamson II and The Yardbirds - Highway 49

U.S. Route 49 is a north–south United States highway. The highway's northern terminus is in Piggott, Arkansas, at an intersection with U.S. Route 62. Its southern terminus is in Gulfport, Mississippi, at an intersection with U.S. Route 90. US 49 is approximately 516 miles (830 km) in length. It was at the junction of US 49 and U.S. Route 61 that blues singer Robert Johnson is said to have sold his soul to the Devil.

This song was recorded on The London Howlin' Wolf Sessions album by blues musician Howlin' Wolf, released in the summer of 1971 on Chess Records, catalogue CH 60008 (Rolling Stones Records in Britain). It was one of the first of the super session blues albums, setting a blues master among famous musicians from the second generation of rock and roll, in this case Eric Clapton, Steve Winwood, Charlie Watts, and Bill Wyman. It peaked at #79 on the Billboard 200.

Sonny Boy was, legitimately, "The King of the Delta Blues Harmonica." whose career spanned most of the Golden Era of delta blues began as a preacher “Reverend Blue” at age six and by the 1930s he was playing with blues legend Robert Johnson and his stepson Robert Lockwood Jr., with whom he was playing amplified blues as early as 1938 (six years before Muddy Waters owned an electric guitar) to recording with Eric Clapton and the Yardbirds, Eric Burdon and the Animals and Jimmy Page in 1963-65.

Rolling Stones & Muddy Waters- I'm a man



Taj Mahal - Statesboro Blues



9/15/2011

PCI point-to-point encryption guidelines raise new questions


This story appeared on Network World at
http://www.networkworld.com/news/2011/091511-pci-encryption-250925.html


Guidelines don't cover software or mobile payments

By Ellen Messmer, Network World
September 15, 2011 09:26 AM ET

The PCI Security Standards Council today is expected to issue guidelines on use of point-to-point encryption in protecting sensitive payment card data, but the narrow approach — which is focused on hardware — is raising questions.
Security pros come clean at Summit on Advanced Persistent Threats
Merchants and payment-card processors have suffered from the lack of industry standardized end-to-end encryption from the point where a merchant captures customer card data in a point-of-sale (POS) device, transmitting it over networks, including the Internet, to card-processing and bank networks. Hackers have taken advantage of this weakness, as the notorious criminal Albert Gonzalez (now convicted and in jail) did two years ago in his attack against Heartland Payment Systems and many merchants, including TJX Companies and Hannaford.
"There were no standards," says Bob Russo, the council's general manager, about point-to-point encryption, saying the new guidelines, which are entirely voluntary and optional, are the council's first step in influencing product development in this area.
The council has drawn from work done at the National Institute of Standards and Technology (NIST) and supports use of the AES standard as well as some RSA technologies, he noted.
The council's approach doesn't define complete end-to-end encryption of card data; basically, it's hardware-based encryption of POS data to the edge of the acquiring bank's network, says Jeremy King, the council's European director.
The council by year end intends to release more technical requirements to vendors about building this type of point-to-point encryption, and under a certification program, the council anticipates certifying encryption devices early next year. The guidance also covers encryption key-management and practices that should be adhere to in its use, such as strong authentication and monitoring.
The data breach quiz
While use of any PCI-certified equipment is entirely voluntarily, the advantage is expected to vastly simplify a PCI audit. "The big benefit here is for the merchant," said Jeremy King, the council's European director,
But the guidelines only pertain to hardware-based equipment. Plans for specifying a fully software-based approach — or a hybrid software/hardware approach — are in the future, as is guidance related to security for mobile payments.
When the council's first direct step to point-to-point encryption is needed, it raises a lot of questions, according to analysts.
For one thing, merchants and their processors such as RBS, Heartland, Fifth Third Processing Solutions and others, have gradually started to adopt network point-to-point encryption based on their own diverse methodologies, says Gartner analyst Avivah Litan. When Gartner asked 77 of larger retailers about encryption adoption for payment processing, over one-fifth of them said they had already put something in place.
Though it's not a comprehensive survey, the Gartner findings do suggest that a variety of encryption methods have come into substantial use already. The question for merchants, payment processors and banks will be whether to continue whatever method they've come up with or shift toward equipment that might eventually be approved in the council's certification process.
Heartland, for instance, after its data breach, embarked on an ambitious course to design and build its own encryption-based processing gear designed for use with its customer base.


Read more about security in Network World's Security section.


All contents copyright 1995-2011 Network World, Inc. http://www.networkworld.com

Source: Network World

9/08/2011

Norton Study Calculates Cost of Global Cybercrime: $114 Billion Annually

One of World’s Largest Cybercrime Studies Reveals More Than One Million Victims a Day


MOUNTAIN VIEW, Calif. – Sept. 7, 2011 – Symantec Corp. (Nasdaq: SYMC) For the first time a Norton study calculates the cost of global cybercrime: $114 billion annually1. Based on the value victims surveyed placed on time lost due to their cybercrime experiences, an additional $274 billion was lost2. With 431 million adult victims globally in the past year and at an annual price of $388 billion globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion).3

According to the Norton Cybercrime Report 2011 more than two thirds of online adults (69 percent) have been a victim of cybercrime in their lifetime. Every second 14 adults become a victim of cybercrime, resulting in more than one million cybercrime victims every day4. For the first time, the Norton Cybercrime Report reveals that 10 percent of adults online have experienced cybercrime on their mobile phone. In fact, the Symantec Internet Security Threat Report, Volume 16 reported there were 42 percent more mobile vulnerabilities in 2010 compared to 2009 – a sign that cybercriminals are starting to focus their efforts on the mobile space. The number of reported new mobile operating system vulnerabilities increased, from 115 in 2009 to 163 in 2010. In addition to threats on mobile devices, increased social networking and a lack of protection are likely to be some of the main culprits behind the growing number of cybercrime victims.

Male, Millennial, Mobile
The study identifies men between 18 and 31 years old who access the Internet from their mobile phone as even more likely victims: in this group four in five (80 percent) have fallen prey to cybercrime in their lifetime. Globally, the most common – and most preventable – type of cybercrime is computer viruses and malware with 54 percent of respondents saying they have experienced it in their lifetime. Viruses are followed by online scams (11 percent) and phishing messages (10 percent). Earlier this year the Symantec Internet Security Threat Report, Volume 16, found more than 286 million unique variations of malicious software (“malware”) compared to the 240 million reported in 2009, representing a 19 percent increase5.

“There is a serious disconnect in how people view the threat of cybercrime,” said Adam Palmer, Norton Lead Cybersecurity Advisor. “Cybercrime is much more prevalent than people realize. Over the past 12 months, three times as many adults surveyed have suffered from online crime versus offline crime, yet less than a third of respondents think they are more likely to become a victim of cybercrime than physical world crime in the next year. And while 89 percent of respondents agree that more needs to be done to bring cybercriminals to justice, fighting cybercrime is a shared responsibility. It requires us all to be more alert and to invest in our online smarts and safety.”

The disconnect between awareness and action is further illustrated by the fact that while 74 percent of respondents say they are always aware of cybercrime, many are not taking the necessary precautions. Forty-one percent of adults indicated they don’t have an up to date security software suite to protect their personal information online. In addition, less than half review credit card statements regularly for fraud (47 percent), and 61 percent don’t use complex passwords or change them regularly. Among those who access the Internet via their mobile phone, only 16 percent install the most up to date mobile security.

For more findings from the Norton Cybercrime Report globally and by country, please visit: http://norton.com/cybercrimereport.

About Norton from Symantec
Symantec’s Norton products protect consumers from cybercrime with technologies like antivirusanti-spyware and phishing protection-- while also being light on system resources. The company also provides services such as online backup and PC tuneup, and family online safety. Fan Norton on Facebook at www.facebook.com/norton and follow @NortonOnline on Twitter.

About Symantec
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

Norton Cybercrime Report Methodology
Between February 6, 2011 and March 14, 2011, StrategyOne conducted interviews with 19,636 people and included 12,704 adults, aged 18 and over 4,553 children aged 8-17 years and 2,379 grade 1-11 teachers from 24 countries (Australia, Brazil, Canada, China, France, Germany, India, Italy, Japan, New Zealand, Spain, Sweden, United Kingdom, United States, Belgium, Denmark, Holland, Hong Kong, Mexico, South Africa, Singapore, Poland, Switzerland, United Arab Emirates).

The margin of error for the total sample of adults (n=12,704) is + 0.87% at the 95% level of confidence. The global data has been weighted to ensure all countries have equal representation: adults to n500.

1 Findings are extrapolations based upon results from a survey conducted in 24 countries among adults 18-64. The financial cost of cybercrime in the last year ($114bn) is calculated as follows: Victims over past 12 months (per country) x average financial cost of cybercrime (per country in US currency).
2 The value of time lost due to cybercrime experiences in the last year ($274 billion) is calculated as follows: Victims over past 12 months (per country) x average time cost of cybercrime (per country in US currency). Figure shown in the sum of all countries total cost.
3 431 million victims in 24 countries over past 12 months is calculated as follows: Latest research from NCR shows 69% of adults in 24 countries have been a victim of cybercrime ever and of these 65% have been a victim in the past 12 months. Online population per country (24 country total = 802,872,752 according to CIA World Factbook) x % cybercrime ever per country x % cybercrime past 12 months per country = 431,504,885 (sum of 24 countries) Total cost of cybercrime is calculated as follows: Total financial cost $114billion plus value attributed to lost time trying to resolve cybercrime $274billion = $388 billion Total value of the world’s marijuana, cocaine and heroin market ($288 billion) is calculated as follows:
4 14 cybercrime victims per second and one million cybercrime victims per day calculated as follows: victims over past 12 months (as above) 431,504,885 / 365 days per year / 24 hours / 60 minutes / 60 seconds Source: Symantec Internet Security Threat Report published April 2011https://www4.symantec.com/mktginfo/downloads/21182883_GA_REPORT_ISTR_Main-Report_04-11_HI-RES.pdf
5 Source: Symantec Internet Security Threat Report published April 2011 https://www4.symantec.com/mktginfo/downloads/21182883_GA_REPORT_ISTR_Main-Report_04-11_HI-RES.pdf


9/06/2011

Microsoft: Stolen SSL certs can't be used to install malware via Windows Update


Updates also code-signed by separate certificate that Microsoft controls

By Gregg Keizer, Computerworld
September 06, 2011 11:47 AM ET


Microsoft said Sunday that a digital certificate stolen from a Dutch company could not be used to force-feed customers malware through its Windows Update service.
The company's assertion came after a massive theft of more than 500 SSL (secure socket layer) certificates, including several that could be used to impersonate Microsoft's update services, was revealed by Dutch authorities and several other affected developers.
"Attackers are not able to leverage a fraudulent Windows Update certificate to install malware via the Windows Update servers," said Jonathan Ness, an engineer with the Microsoft Security Response Center (MSRC), in a Sunday blog post. "The Windows Update client will only install binary payloads signed by the actual Microsoft root certificate, which is issued and secured by Microsoft."
Seven of the 531 certificates now known to have been fraudulently obtained by hackers in July were for the domains update.microsoft.com and windowsupdate.com, while another six were for *.microsoft.com.

According to Microsoft, the certificates issued for windowsupdate.com couldn't be used by attackers because the company no longer uses that domain. (Windows Update is now at windowsupdate.microsoft.com..) However, those for update.microsoft.com -- the domain for Microsoft Update -- and the wildcard *.microsoft.com could be.
As Ness said, updates delivered via Microsoft's services are signed with a separate certificate that's closely held by the company.
Without that code-signing certificate, attempts to deliver malware disguised as an update to a Windows PC would fail.
Other vendors, including Apple, also sign software updates with a separate certificate.
The certificates for the various Microsoft domains were issued by DigiNotar, a Dutch company that last week admitted its network had been hacked in mid-July .
The company initially believed it had revoked all the fraudulent certificates, but later realized it had overlooked one that could be used to impersonate any Google service, including Gmail. DigiNotar went public only after users reported their findings to Google.
Criminals or governments could use the stolen certificates to conduct "man-in-the-middle" attacks, tricking users into thinking they were at a legitimate site when in fact their communications were being secretly intercepted.
Microsoft has added its voice to the chorus from rival browser makers, notably Google and Mozilla, about the seriousness of the situation. Like its competitors, Microsoft will also permanently block all DigiNotar certificates.
"We are in the process of moving all DigiNotar owned or managed [certificate authorities] to the Untrusted Root Store, which will deny access to any website using DigiNotar certificates," said Dave Forstrom, a director in the Microsoft Trustworthy Computing group, in an emailed statement Sunday.
Forstrom did not set a date by when Microsoft would block all DigiNotar certificates, including those used by the Dutch government, which has been a major customer of the company.
Google updated Chrome on Saturday to block all DigiNotar certificates, while Mozilla plans to do the same on Tuesday for Firefox.
However, Microsoft's partial ban of DigiNotar certificates -- which it instituted last week -- and the complete sanction now in the works only protects users running Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.
Customers still on Windows XP or Windows Server 2003 must wait for an update specific to those operating systems; Ness said only that that update would "be available soon."
Until that Windows XP update is available, users can protect themselves by manually deleting the DigiNotar root from the list of approved certificate-issuing authorities. Microsoft has posted lengthy instructions for doing that on its "Security Research & Defense" blog.

Source: NetworkWorld and ComputerWorld

9/01/2011

Corinthians 101 Anos de História


Parabéns!!!


Quando eu morrer
Não quero vela nem pranto
Quero um caixão em preto e branco
Com a bandeira do meu coringão.

Peço, cantem um samba maneiro
Com repique, tantã e pandeiro
Cavaquinho e violão.

Muita música, mulheres, cerveja gelada
Mostrem pra rapaziada a força da nossa nação
Façam mais uma coisa por mim,
Uma placa escrita assim:
"Aqui repousa um campeão".


Ah...um comentário muito oportuno que vi na Internet:


Peço um favor aos não corinthianos. Não atrapalhem a festa do meu time em um dia tão glorioso. Eu não atrapalhei a parada gay, adoro bacon e só compro peixe nobre. Meu time tem 101 anos, não tem estádio, nem libertadores, não precisou de nada disso pra conquistar 30 milhões de corações Obrigado! PARA SEMPRE CORINTHIANS!!!