5 09 19

first_imgOil prices fell away from $50 per barrel on Monday despite an agreement last week by exporters to cut output, with traders doubting the step was enough to rein in production that has exceeded consumption for the better part of three years.Brent crude futures LCOc1 were trading down 25 cents, or 0.5 percent, at $49.94 per barrel at 0205 GMT.U.S. West Texas Intermediate (WTI) futures CLc1 were down 26 cents, or 0.5 percent, at $47.98 a barrel.The dips follow fresh production highs from the Organization of the Petroleum Exporting Countries (OPEC) as rival members like Saudi Arabia, Iran and Iraq are reluctant to give away market share.OPEC’s oil output is likely to reach 33.60 million bpd in September from a revised 33.53 million bpd in August, its highest in recent history, a Reuters survey found on Friday.”Sentiment has been slightly dented by a Reuters survey Friday, showing that despite agreeing to cut production OPEC pumped crude in record amounts through September,” said Jeffrey Halley, senior market analyst at brokerage OANDA in Singapore.The price falls came despite last week’s agreement by OPEC members to cut output to between 32.5 million barrels per day (bpd) and 33.0 million bpd from about 33.5 million bpd, with details to be finalised at OPEC’s policy meeting in November.Traders said there was more downside risk to oil prices if the planned cut wasn’t deep enough to bring production back in line with consumption.”OPEC has created its own Q4 risk to oil prices … In raising expectations of a November deal to cut production, it also risks a steep price decline should it fail to achieve its goal of cutting output back to less than 33 million bpd,” Barclays said in a note to clients.Despite that, the British bank said it did not expect a repeat of the price crash seen late last year after a rally earlier in 2015.”We think oil prices, and commodities more generally, will avoid the Q4 price crash that has become a feature of the market in recent years,” it said, pointing to an improving Asian economic growth outlook, falling oil supplies and rising investor interest in oil markets as support factors.Trading activity will be limited on Monday as public holidays in China and Germany mean Asia’s and Europe’s biggest markets are shut.last_img read more

30 08 19

first_img 2 min read August 19, 2009 This story appears in the September 2009 issue of Entrepreneur. Subscribe » Growing a business sometimes requires thinking outside the box. Free Webinar | Sept. 9: The Entrepreneur’s Playbook for Going Global Mere portability isn’t enough for most entrepreneurs. We want to carry everything but feel as if we’re carrying nothing–and look cutting-edge while we’re at it.That’s why ultra-portable laptops are all the rage. They’re as light and thin as a notebook (the kind people used to write in), and as sleek and shiny as a large sushi knife. For a while, there have been only two real objects of ultra-lust: Dell’s Adamo and–the gizmo that really got everyone salivating–Apple’s $1,500 MacBook Air.Now, MSI Computer has given us one more–and at a much lower price. The MSI X340 notebook PC weighs in at just under the MacBook Air’s 3 pounds and is barely more than three-quarters of an inch thick. It has a 13.4-inch screen with HD 1366×768 resolution LCD and HDMI video input. It comes loaded with Bluetooth and Wi-Fi, and you can add mobile broadband if you like.The X340 is also the first laptop to use Intel’s Ultra-Low Voltage CPU, cutting its power draw to as low as one-sixth of a similar PC’s. This power feature really has tongues wagging, but we’re more excited about the reduced draw on our wallet: At around $800, it’s much lighter than . well, you know. Register Now »last_img read more

30 08 19

first_imgMarch 11, 2016 U.S. Attorney General Loretta Lynch said that Apple won’t comply with its customer’s needs by refusing to unlock the phone of a deceased terrorist.”What we’re asking them to do is to do what their customer wants. The real owner of the phone is the county — the employer of one of the terrorists who is now dead,” she told Stephen Colbert on The Late Show last night. “And what we’re asking them to do is to help us disable the password erase function that basically wipes the phone if you guess the password wrong after 10 times. We will try and get into the phone. We will extract the evidence under the court order that we have gotten that’s very narrow and very focused.”The case between the Justice Department and Apple involves potential information held on the iPhone belonging to one of the San Bernardino shooters, who killed 14 people and injured 22 in an attack in December.Related: FBI Director Says Apple Case May Set a Precedent for Other DevicesIn an open letter to customers last month, Tim Cook said that while the company had complied with the FBI’s investigation to that point, they had reached an impasse because the company had been asked to build a backdoor to the security system of the iPhone.”In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession. … And while the government may argue that its use would be limited to this case, there is no way to guarantee such control,” the CEO wrote.Related: Justice Department Calls Apple’s Rhetoric ‘Corrosive’ in iPhone CaseWhen Colbert asked her about the case, saying that he assumed she disagreed with Cook’s stance on the issue, Lynch said that the Justice Department is not asking for a backdoor or to turn any device on to spy on anyone. She added that while she and the Apple CEO have disagreed publicly in court, “I’ve had a number of great conversations with Tim Cook on issues of privacy,” and as both the attorney general and a private citizen, she said she understood why privacy is so important.   Pushing back a bit, Colbert said that Cook has characterized this request as a slippery slope — that if the function did exist, it could be used turn on someone’s phone to surveil them without their knowledge.Moving away from Apple at the end of the interview, Colbert asked for the Attorney General’s take on Hillary Clinton’s State Department emails. Unsurprisingly, Lynch couldn’t say too much about any Justice Department activity involving Clinton. For more, check out the video above. Register Now » Free Webinar | Sept. 9: The Entrepreneur’s Playbook for Going Globalcenter_img Growing a business sometimes requires thinking outside the box. 3 min readlast_img read more

26 08 19

first_imgDavid Wong, Security Consultant, at NCC Group, a global expert in cyber security and risk mitigation, revealed details about the new cryptographic attack, last week, that can break the encrypted TLS traffic. Wong collaborated with other security researchers and found out that out of the nine different TLS implementations against cache attacks, seven were found to be vulnerable, namely, OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS. TLS or Transport Layer Security refers to a cryptographic protocol that offers end-to-end communications security over networks. It is widely used for internet communications and online transactions. TLS (except TLS 1.3) makes use of RSA as a key exchange algorithm, which determines how the client and server will authenticate during the handshake to negotiate a shared secret. The client encrypts a shared secret under the server’s RSA public key, the server then receives it and decrypts it. The latest attack isn’t entirely new; it is simply another variation of the original Bleichenbacher oracle attack that was able to decrypt an RSA encrypted message using the Public-Key Cryptography Standards (PKCS) #1 function. This new attack uses a side-channel leak via cache access timings of TLS implementations to break these RSA key exchanges of TLS implementations. It affects all versions of TLS (including TLS 1.3) as well as QUIC and makes use of the state-of-the-art cache attack techniques such as Flush+Reload, Prime+Probe, Branch-Prediction, etc. Attacking TLS 1.3 and downgrading to TLS 1.2 Since TLS 1.3 does not offer an RSA key exchange, researchers started with downgrading to an older version of TLS (TLS 1.2) for the exploitation of the attack. To downgrade a client’s connection attempt, a spoofed TLS 1.2 handshake technique is used. The server’s RSA certificate was presented in a ServerCertificate message and then the handshake was put to an end with a ‘ServerHelloDone’ message. However, if at this point, the server does not have a trusted certificate that allows RSA key exchanges or the client refuses to support RSA key exchanges or older versions than TLS 1.2, the attack halts. Otherwise, the client will make use of the RSA public key contained in the certificate to encrypt the TLS premaster secret. It will then send it in a ClientKeyExchange message and ends its part of the handshake using a ChangeCipherSpec and a Finished message. It is at this time, the attack is performed to decrypt the RSA encrypted premaster secret. The last Finished message being sent should contain an authentication tag (with HMAC) of the whole transcript and should be encrypted with the transport keys derived from the premaster secret.                                                  NCC Group Now, even if some clients might have zero handshake timeouts, most serious applications such as browsers can give up on the connection attempt if the response takes too much time to arrive. So, there are several techniques that can slow down the handshake such as sending the ChangeCipherSpec message to reset the client’s timer and sending TLS warning alerts to reset the handshake timer. After the decryption attack terminates, the expected Finished message is sent to the client and a handshake is finalized. This downgrade attack is able to bypass multiple downgrade mitigations, namely, one server-side and two client-side. TLS 1.3 servers that negotiate older versions of TLS must also advertise this information to their peers. TLS 1.3 clients that negotiate an older version of TLS must check for these values and abort the handshake if found. On the other hand, a TLS 1.3 client that goes back to an older version of TLS must advertise this information in their subsequent client hellos. Furthermore, a client should also include the version used by the client hello inside the encrypted premaster secret. “As it stands, RSA is the only known downgrade attack on TLS 1.3, which we are the first to successfully exploit in this research”, states Wong. The researchers also state that it is time for RSA PKCS#1 v1.5 to be deprecated and replaced by more modern schemes like OAEP (Optimal asymmetric encryption padding) and ECEIS (Elliptic Curve Integrated Encryption Scheme) for asymmetric encryption or Elliptic Curve Diffie-Hellman in case of key exchanges. For more information, check out the official NCC Group blog. Read Next Zimperium zLabs discloses a new critical vulnerability in multiple high-privileged Android services to Google A kernel vulnerability in Apple devices gives access to remote code execution FreeRTOS affected by 13 vulnerabilities in its TCP/IP stacklast_img read more

19 08 19

first_img MCLEAN, VA — Hilton has signed on to develop an upscale, all-suite Embassy Suites by Hilton brand in Aruba in 2021.The new-build 330-suite oceanfront Embassy Suites by Hilton Aruba Resort marks Hilton’s second hotel on the island and reinforces the company’s continued expansion plans in the Caribbean.“The signing of Embassy Suites by Hilton Aruba Resort underscores Hilton’s commitment to expanding its portfolio across the Caribbean,” said Juan Corvinos, VP, development, Caribbean and Latin America, Hilton.“We are focused on continued growth in the region and bringing our industry leading brands to top destinations like Aruba. The new Embassy Suites by Hilton resort across Eagle Beach will be a wonderful complement to our existing Hilton Aruba Caribbean Resort & Casino on Palm Beach, further extending our hospitality to a new area of the island.”Located on J.E. Irausquin Boulevard across from the white sands of Eagle Beach and less than 10 km from the airport, hotel guests will get unobstructed views of the Caribbean Sea and proximity to the area’s main attractions, dining and entertainment.More news:  Virgin Voyages de-activates Quebec accounts at FirstMates agent portalThe new-build eight-storey 330-suite resort in Aruba will feature Embassy Suites by Hilton’s signature spacious suites equipped with a separate living area, private bedroom and wet bar fitted with a microwave, mini-fridge and coffee maker.The resort will provide 6,000 square feet of flexible meeting space, a more than 3,000 square foot spa, outdoor swimming pool, fitness center and casino. There will also be a three-meal signature restaurant, bar and grab-and-go dining option.Hilton currently has a portfolio of nearly 150 hotels and resorts in 25 countries across the Caribbean and Latin America.The company says it is actively pursuing additional growth opportunities and currently has a development pipeline of more than 80 hotels throughout the region. Hilton announces plans for Embassy Suites by Hilton Hotel in Aruba Wednesday, March 13, 2019 Tags: Aruba, Embassy Suites, Openings & Renovations Sharecenter_img Travelweek Group Posted by << Previous PostNext Post >>last_img read more