Explore More

Recent Ideas

  • Catalan

    Status: New

    IdeaStorm en Catalan sería genial!

    1 Vote | 0 Comment

  •   Human error is behind the latest threat to website security but giant corporations need to take their share of the blame   The Heartbleed coding error may have been around for three years, affecting two-thirds of computer servers. Photograph: Pawel Kopczynski/Reuters     Were you a thriller writer seeking a name for an apocalyptic software security flaw that threatened the future of civilization as we know it, then "Heartbleed" would be hard to beat. Last week saw the discovery of such a flaw, and Heartbleed was the name assigned to it.   Most security flaws are of interest only to specialists, but this one was different. Why? Because it's been around for something like three years, during which time it could have exposed the passwords and credit card numbers that countless millions of people had provided to online stores and other services. Heartbleed would enable attackers to eavesdrop on online communications, steal data directly from services and users, and impersonate both services and users. It could have affected up to two-thirds of the world's internet servers. And unlike some earlier such problems, the solution isn't as simple as immediately changing one's password. It was, said Bruce Schneier, a security expert not much given to hyperbole, a "catastrophic" flaw. "On the scale of one to 10," he wrote, "this is an 11."   Heartbleed is a flaw in the computer code that encrypts your personal data while it's in transit from your computer to an online service. When you buy something from Amazon, say, or proceed to the checkout on any reputable site, then the URL you're dealing with will change from one prefixed by "http" to one prefixed by "https". This indicates that the Secure Sockets Layer (SSL) protocol has been invoked and that your personal data will now be transmitted only in encrypted form.   SSL is an essential component of the global e-commerce system, and the most common implementation of it is an open-source version called OpenSSL. Any flaw in it could indeed be catastrophic – which is why there was such a furore a while back when it was revealed that the National Security Agency had apparently been working actively to weaken the cryptographic protection that SSL offered. Not surprisingly, therefore, the default assumption when the Heartbleed story first surfaced was that the NSA must be behind it. But this comforting conjecture was rapidly discounted when it was realized that the flaw was most probably the result of a relatively mundane programming error.   It turns out that within OpenSSL there is something called the "heartbeat" protocol. This is needed to ensure that communications between user and site are kept alive even when the line goes quiet. What seems to have happened is that when one of the programmers who works on OpenSSL was doing a software update in 2011, he made a coding error which then – unusually for open-source software – went undetected for several years.   The implications of this are both intriguing and troubling. It's possible that the flaw – and the opportunities it provided for undermining the protections offered by SSL – was indeed undetected by anyone and that therefore the world of online commerce was safe even though the door to the safe was swinging open in the breeze. But most security people are unwilling to make that bet. Instead they are assuming that some people knew about Heartbleed and have been either quietly exploiting the vulnerability or using it to hoover up personal data for later nefarious uses.   An equally troubling implication is that huge online companies, instead of developing their own SSL code, simply lifted the OpenSSL code and just bundled it into their web-service software. They are perfectly entitled to do this, provided that they adhere to the terms of open-source licensing. But in behaving as they did they have in effect been free-riding on the public domain.   Most open-source software – and Open SSL is no exception – is produced voluntarily by people who are not paid for creating it. They do it for love, professional pride or as a way of demonstrating technical virtuosity. And mostly they do it in their spare time. Responsible corporate use of open-source software should therefore involve some measure of reciprocity: a corporation that benefits hugely from such software ought to put something back, either in the form of financial support for a particular open-source project, or – better still – by encouraging its own software people to contribute to the project.   If the giant internet companies had taken the latter approach to OpenSSL, then they might have spotted the Heartbleed vulnerability earlier. In which case we wouldn't be in the mess that we are in now. Sometimes the ethical thing to do turns out also to be the prudent thing to do.  

    1 Vote | 0 Comment

  • Viruses used to be so simple.   You’d go online with your dial-up modem, take 25 minutes to naively download an appealing-sounding .exe file, and suddenly a sheep would walk across the screen or an embarrassing e-mail would be sent to your entire address book. Some would even wish you a Happy New Year. Annoying, maybe, but they had their own ‘90s cyber-kiddie sense of charm.   Some viruses, of course, were incredibly disruptive. Now, though, viruses and malware have become even more malicious. They’re out for more than just hacker cred – they’re out for your money.   For a long time, malware scammers used tactics known as Scare ware. The malicious software fraudulently claims that your computer has a serious virus infection then sends you to a page to buy their (useless) anti-virus software.   Related: Porn, Drugs, Hit men, and Hackers: This Is the Deep Web   While this is certainly still around, many people have gotten wise to the fraud. Now some scammers are playing hardball. Enter Ransom ware.   Ransom ware is a form of malware that encrypts files on your hard drives with a highly complicated algorithm then presents you with an ultimatum: Pay up or you lose your files forever. The inherent brilliance in the software is this: While the software can be removed, the files remain encrypted. Paying the ransom is the only chance you have to see your files again. Although this scam has been around since 1989, only recently has it become widespread due to advancements in cryptography algorithms, the ability to extort via the anonymous currency Bit coin, and the digitization of once-analog items of sentimental value like family photos and home videos.   Some consumers are aware of the latest and most notable iteration of this trend known as Crypto Locker, which encrypts the user’s data with a 2048-bit RSA Algorithm. The scammers weren’t fooling around when they invented this complicated algorithm, which is incredibly difficult – if not impossible – to crack without a key, which will cost victims about $150 to $300.   Crypto locker has been incredibly successful. Owing to surprisingly good “customer service” — the majority of people who pay the ransom have their files restored — the men behind the Crypto locker curtain have raked in over $27 million in Bit coin over a period of three months, according to an examination of the Bit coin block chain by ZDNet.    

    1 Vote | 0 Comment

Explore More

Trending Ideas

  • Status: Acknowledged

    Prior to getting my current laptop whenever I needed to do any work with video I always had to fire up my desktop system as even the best laptop HDDs had mediocre performance that would choke under the demands of video editing/encoding.  Not much of a problem when at home, but it severely curtailed doing any work on the road.To a lesser extent photo editing is also easier/faster particularly when exporting several hundred to several thousand JPGs from Lightroom; no longer is the HDD bottlenecking how quickly projects can be turned around and delivered to customers.

    3 Votes | 2 Comments Session in Progress...

  • Status: Acknowledged

    Have you ever tried to record a video with a laptop or a front facing camera (all in one desktop) of a subject other than yourself. It is not easy, so it would be very productive to have a rear built in camera so that the user could just sit at the desktop monitor as normal and record the subject that is in front. It would be nice if the camera could change directions as well.

    3 Votes | 4 Comments

  • Hello, As the title suggests I'll get straight to the point.Because Alienware 14 is so thick and heavy the 14inch screen on it seems pointless. Discontinue Alienware 14 and make a 15.6" thin and lightweight Alienware laptop that has similar portability as the MSI GS60/70, Razer Blade and Mac Book Pros but can match or outperform the MSI GS60/70 because they have GTX860m and GTX870m thus they are the most powerful thin and lightweight out of the 3 mentioned brands.If Alienware pulls this off it would really give them a run for their money.And regarding the design it off course has to look on par or even better than the mentioned 3 competitors above. Don't make it look imature but subtle like the current Alieneare 14, 17 and 18 but maybe even better.Thank you for your consideration.John

    4 Votes | 3 Comments

Explore More

Implemented Ideas

Biodegradable Packing material

202 Votes
Biodegradable Packing material

Touchscreen Desktop

52 Votes
Touchscreen Desktop

Blade Workstations

18 Votes
Blade Workstations