Monday, July 4, 2011

Officials announced that a treasure containing sacks of diamonds and gold coins as well as golden idols, jewelry and other riches has been discovered in the secret subterranean vaults of Sree Padmanabhaswamy temple, in the southwestern state of Kerala, India. Estimates of its worth have been rising and it is now thought to be worth US$20 billion.

The Hindu temple was built in the 16th century by the kings of the then Kingdom of Travancore to serve as a royal chapel for the rulers of Travancore. The six vaults containing the treasure have been undisturbed for over a century. Assessment of the treasure began on June 27 after a lawyer concerned about the security of the treasure petitioned India’s Supreme Court, which then appointed a seven-member panel of experts to inventory the treasure. The panel does not have the power to determine to whom the treasure will belong. Estimates of the treasure’s worth are rising, provoking a heated debate as to how the treasure will be used in a country that has 450 million poverty-stricken people.

The chief minister of Kerala, Oommen Chandy, announced on Sunday the treasure would remain with the temple, and security matters would be decided in consultation with the Travancore Royal Family, the temple management, and the temple priest.

“The gold was offered to the lord. It is the property of the temple. The government will protect the wealth at the temple,” Oommen Chandy said. Meanwhile, hundreds of armed police have been deployed around the temple to protect the treasure.

However, the view that the treasure should remain at the temple has been disputed. Among the dissenters is eminent jurist V R Krishna Iyer, who said the treasure should be put in a national trust for the peoples’ benefit. “God’s wealth belongs to the people, not to the king. It’s meaningless to say that it belongs to Hindus or any particular religious community,” said Iyer. “A mechanism should be devised to ensure that the benefits of it reach the poor and the needy and not the rich.”

Five of the six vaults of the Sree Padmanabhaswamy Temple have been inventoried.

On Saturday, reports leaked to the press revealed that the treasure, including a golden idol of Mahavishnu and a golden ‘anki’, were found in one of the vaults, estimated to weigh 30 kilograms, along with precious stones, silver, two coconut shells of pure gold and another golden idol as well as other jewels and valuable coins. The panel hopes to find more treasure when the sixth and final vault is opened, but the attempt was suspended on Monday because the iron door inside presented “technical problems” requiring further consultation before opening. This vault is thought to contain the bulk of the wealth.

Keralan officials in a preliminary estimate said that the treasure was worth over US$11.2 billion; those estimates have now risen to US$20 billion. Historians say that the temple’s location on a site through which passed lucrative trade routes support the higher evaluations.

“Traders, who used to come from other parts of the country and abroad for buying spices and other commodities, used to make handsome offerings to the deity for not only his blessings but also to please the then rulers,” said P.J. Cherian, the director of Kerala Council for Historic Research

Some suggest that the profit from the sale of the treasure would be enough to wipe out the entire public debt of Kerala and fund future Kerala projects such as seaports, airports and highways.

Friday, May 16, 2008

A major security hole was discovered in the pseudo-random number generator (PRNG) of the Debian version of OpenSSL. OpenSSL is one of the most used cryptographic software, that allows the creation of secure network connections with the protocols called SSL and TLS. It is included in many popular computer programs, like the Mozilla Firefox web browser and the Apache web server. Debian is one of the most used GNU/Linux distributions, on which are based other distributions, like Ubuntu and Knoppix. The problem affects all the Debian-based distributions that were used to create cryptographic keys since the September 17, 2006. The bug was discovered by Luciano Bello, an argentine Debian package maintainer, and was announced on May 13, 2008.

This vulnerability was caused by the removal of two lines of code from the original version of the OpenSSL library. These lines were used to gather some entropy data by the library, needed to seed the PRNG used to create private keys, on which the secure connections are based. Without this entropy, the only dynamic data used was the PID of the software. Under Linux the PID can be a number between 1 and 32,768, that is a too small range of values if used to seed the PRNG and will cause the generation of predictable numbers. Therefore any key generated can be predictable, with only 32,767 possible keys for a given architecture and key length, and the secrecy of the network connections created with those keys is fully compromised.

These lines were removed as “suggested” by two audit tools (Valgrind and Purify) used to find vulnerabilities in the software distributed by Debian. These tools warned the Debian maintainers that some data was used before its initialization, that normally can lead to a security bug, but this time it was not the case, as the OpenSSL developers wrote on March 13, 2003. Anyway this change was erroneously applied on September 17, 2006, when the OpenSSL Debian version 0.9.8c-1 was released to the public.

Even though the Debian maintainer responsible for this software released a patch to fix this bug on May 8, 2008, the impact may be severe. In fact OpenSSL is commonly used in software to protect the passwords, to offer privacy and security. Any private key created with this version of OpenSSL is weak and must be replaced, included the session keys that are created and used only temporary. This means that any data encrypted with these keys can be decrypted without a big deal, even if these keys are used (but not created) with a version of the library not affected, like the ones included in other operating systems.

For example any web server running under any operating system may use a weak key created on a vulnerable Debian-based system. Any encrypted connection (HTTPS) to this web server established by any browser can be decrypted. This may be a serious problem for sites that requires a secure connection, like banks or private web sites. Also, if some encrypted connection was recorded in the past, it can be decrypted in the same way.

Another serious problem is for the network security software, like OpenSSH and OpenVPN, that are used to encrypt the traffic to protect passwords and grant the access to an administrative console or a private network protected by firewalls. This may allows hackers to gain unwanted access to private computers, networks or data traveled over the network, even if a not affected version of OpenSSL was used.

The same behavior can be applied to any software or protocol that use SSL, like POP3S, SSMTP, FTPS, if used with a weak key. This is the case of Tor, software used to offer strong anonymity on the TCP/IP, where about 300 of 1,500-2,000 nodes used a weak key. With 15-20% of weak Tor nodes, there is a probability of 0.34-0.8% circa to build a circuit that has all tree nodes weak, resulting in a full loss of anonymity. Also the case of only one weak node begin used may facilitate some types of attack to the anonymity. The Tor hidden services, a sort of anonymous public servers, are affected too. However the issue was speedily addressed on May 14, 2008.

The same problem also interested anonymous remailers like Mixmaster and Mixminion, that use OpenSSL to create the remailer keys for the servers and the nym keys for the clients. Although currently there is no official announcement, at least two remailer changed their keys because were weak.

Thursday, February 4, 2010

Yahoo announced plans to sell its HotJobs employment search service to Monster Worldwide for $225m, the companies said yesterday. Monster currently controls one third of online jobs postings in the United States. The two companies also struck a three-year agreement under which Monster will provide career and job content for the Internet giant’s homepage in the U.S. and Canada.

Terms of the deal include Monster being paid for providing job-related postings for Yahoo’s homepage in the US and Canada for three years and other expressions of interest. Yahoo, who bought HotJobs in 2001 for $436 million, last month agreed to sell email provider Zimbra to VMWare Inc. for an undisclosed amount, having it acquired for $350 million two years ago.

“HotJobs with its significant customer base plus the traffic agreement are an ideal complement to Monster’s innovative recruitment solutions and global reach,” said Sal Iannuzzi, chairman, CEO and president of Monster Worldwide. “Monster will be able to offer its employers a significantly larger pool of candidates across diverse geographies and industries,” the company said in a statement.

Buying Yahoo out of the online recruitment business leaves Monster with only one major competitor, Careerbuilder.com. “We have substantially added quality traffic, while substantially increasing our customer base,” he added.

HotJobs averaged 12.6 million unique visitors a month, according to Media Metrics comScore. HotJobs generates annual revenue of about $100 million while Monster’s revenue totalled $905 million in 2009. Alexa.com rates HotJobs at rank 3 while Monster.com at rank 531.

== Sources ==

*Mike Swift. “Yahoo to sell HotJobs employment service to Monster for $225 million” — Mercury News, 3 February, 2010

*Nick Zieminski and Alexei Oreskovic. “Monster to pay $225 million for Yahoo’s HotJobs site” — Reuters, 3 February, 2010

Sunday, March 22, 2009

After an early morning fire began, four out of the nine people living at the Riverview Individual Residential Alternative group home located in Wells, New York were killed by the blaze. The Sunmount Developmental Disabilities Services Office, which supervises the home, told the media that the fire started at approximately 5:30 AM Eastern Daylight Time. Two staff members were at the home at the time, who safely evacuated four of the five survivors.

The names of the residents killed in the fire were not able to be released due to New York’s Mental Hygiene Law, but are able to be identified as two adult men, aged 32 and 52, and two adult women, aged 43 and 60. A 71-year-old male was injured in the fire, and was taken to a hospital in Utica, a nearby city. The other four residents have been relocated to an unnamed group home. Both staff members are also being examined at the hospital.

“On behalf of all New Yorkers, I wish to extend my heartfelt condolences to the families, loved ones and friends of the four victims and to continue to pray for the full recovery of those five people and two staff members who survived this incident. I also want to express my thanks and appreciation for the first responders and volunteers who worked swiftly and diligently to respond to this tragedy,” David Patterson, the governor of New York, said to the media.

The exact cause of the fire has yet to be determined. However, the New York Civil Liberties Union stated that “the blaze appears to have been an electrical fire and the sprinkler system was knocked out immediately.” They also called for “an immediate investigation into the causes of and contributing factors of the fire.”

The New York State Department of State Office of Fire Prevention and Control is currently investigating the causes of the blaze, with help from New York State Police Bureau of Criminal Investigation and the New York State Commission on Quality of Care and Advocacy for Persons with Disabilities.

Wednesday, October 3, 2007

Kristen Monster is running for the Family Coalition Party in the Ontario provincial election, in the Willowdale riding. Wikinews’ Nick Moreau interviewed her regarding her values, her experience, and her campaign.

Stay tuned for further interviews; every candidate from every party is eligible, and will be contacted. Expect interviews from Liberals, Progressive Conservatives, New Democratic Party members, Ontario Greens, as well as members from the Family Coalition, Freedom, Communist, Libertarian, and Confederation of Regions parties, as well as independents.