Tag: brides-cond

Lavabit goes head to head with feds in contempt-of-court case

In oral arguments heard on Tuesday, Lavabit and federal prosecutors each presented their cases in front of three judges from the 4 th US Circuit Court of Appeals in Richmond, Virginia. This particular case is an appeal of contempt-of-court charges against Lavabit, a now-defunct e-mail hosting service that once offered secure communication. In the summer of 2013, Lavabit was ordered to provide real-time e-mail monitoring of one of its users, widely believed to be Edward Snowden, the former NSA contractor-turned-leaker. When Lavabit told the feds that the only way it could hand over communications was through an internal process that would deliver results 60 days after anycommunication was sent, the authorities returned with a search warrant for Lavabit’s SSL keys , which could decrypt the traffic of all  of Lavabit’s users. Ladar Levinson, the CEO of Lavabit, handed over the SSL keys but then shut down his 10-year-old business rather than expose all of Lavabit’s users. Levinson now faces charges of contempt-of-court. The case is proving to be difficult for both parties, as well as presiding judges Roger Gregory, Paul Niemeyer, and Steven Agee, to parse. As PC World reports : “Attorneys from both Lavabit and the US government agreed that the legal issues between them could have been resolved before heading to court, though neither party seemed to have an adequate technical answer of how Lavabit could have successfully passed unencrypted data to a law enforcement agency in order to meet the government’s demands.” Read 4 remaining paragraphs | Comments

Original post:
Lavabit goes head to head with feds in contempt-of-court case

Streaming comes to Steam: run on your gaming rig, play on your laptop

Valve is not done redefining itself yet. The gaming juggernaut added ‘operating system developer’ to ‘games studio’ and ‘digital media distributor’ with the introduction of SteamOS. And now it’s adding ‘streaming service’ to its repertoire. The service , currently in beta, allows users to stream game play from one PC to any other PC in their home. Invited users run a beta version of the Steam client on their computers and have settings for adjusting the amount of bandwidth the stream consumes. Though work is in progress to make streaming an option from OS X and Linux machines, the service is primarily aimed at Windows PCs to start. The Windows focus may, in part, be a result of the relatively larger library of Windows games on Steam. Valve’s Linux-based SteamOS has one big limitation compared with the full Steam experience: it can only run games compatible with Linux. That limitation may be mostly put to rest when a Steam Box is now paired with a Windows PC, allowing users to run any game in the Steam library either natively in the Steam Box or streamed. The other key benefit to the new streaming option is convenience. Graphically rich games often suffer when run on thermally limited notebooks. Decoding a video stream requires drastically less computing power than rendering a 3D environment, so gaming on a modestly specced laptop could become much more satisfying. Read 1 remaining paragraphs | Comments

Read more here:
Streaming comes to Steam: run on your gaming rig, play on your laptop

Investigation of password crackers busts site feds say hacked 6,000 accounts

An international law-enforcement crackdown on paid password cracking services has resulted in at least 11 arrests, including the operators of an alleged cracker-for-hire site in the US that prosecutors said compromised almost 6,000 e-mail accounts. Mark Anthony Townsend, 45, of Cedarville, Arkansas, and Joshua Alan Tabor, 29, of Prairie Grove, Arkansas, ran a site called needapassword.com, according to court documents filed this week in federal court in Los Angeles. The site accepted user requests to hack into specific e-mail accounts hosted by Google, Yahoo, and other providers, prosecutors alleged. According to charging documents, the operators would break into the accounts, access their contents and send screenshots to the users proving the accounts had been compromised. The men would then send passwords in exchange for a fee paid to their PayPal account, prosecutors said. “Through www.needapassword.com, defendant and others known and unknown to the United States Attorney obtained unauthorized access to over 5,900 e-mail accounts submitted by customers,” a criminal information filed against Townsend stated. During the time of Tabor’s involvement, needapassword.com broke into at least 250 accounts, a separate charging document claimed. Read 3 remaining paragraphs | Comments

View original post here:
Investigation of password crackers busts site feds say hacked 6,000 accounts

Amazon cuts cloud storage prices, Microsoft immediately follows suit

Yesterday, Amazon announced that it would be cutting the prices of both its S3 and EBS cloud-based storage. Today, Microsoft announced that it too was cutting the cost of its cloud storage. The software giant promised last April that it would match Amazon’s prices for commodity cloud services: storage, bandwidth, and computation. Amazon’s pricing varies from region to region, and the price cuts range from 6 percent if you’re storing between 1 and 50 terabytes of data, to up to 22 percent—though you’ll need to be storing at least 5 petabytes to take advantage of this. Microsoft says that not only is it going to match these prices, making cuts of up to 20 percent itself, but it will also charge the same amount in every region . This means that Azure storage will in some parts of the world as much as 10 percent cheaper than the Amazon equivalent. Read 2 remaining paragraphs | Comments

Read More:
Amazon cuts cloud storage prices, Microsoft immediately follows suit

Tivo lays off 5 hardware engineers but says it won’t abandon its boxes

The TiVo box itself got a slight aesthetic makeover… Something’s afoot at Tivo, and it started today with five lay-offs. Wired reporter Roberto Baldwin had the initial report , claiming that five layoffs from the company’s hardware division left “a skeleton crew of two engineers,” indicating an official exit from the hardware business. Baldwin’s sources within Tivo may have been overstating the situation, though. Subsequent reports feature comments from Tivo’s Vice President of Corporate Communication Steve Wymer, where he emphatically denies that Tivo is abandoning hardware. What Wymer doesn’t do, however, is deny the layoffs. An update to the original Wired piece indicates that Tivo will work with third-party designers for subsequent hardware. Tivo hardware has been a saga of gradual iterations, with each successive generation adding features and capabilities. Ars’ Nathan Matisse reviewed  the company’s latest hardware, the Tivo Roamio, and had heaps of praise—after he went through the hellish setup process. At CES this year, Tivo didn’t have new consumer hardware, but instead met with network operators to discuss its new NDVR hardware, which moves the Tivo experience entirely to the cloud. Moving content recording, discovery, and delivery into the cloud has a lot of appeal for operators who want more control over viewers’ content. Read 1 remaining paragraphs | Comments

See the original post:
Tivo lays off 5 hardware engineers but says it won’t abandon its boxes

Sleeping spacecraft Rosetta nearly ready to wake up for comet landing

ESA The Rosetta spacecraft is due to wake up on the morning of January 20 after an 18-month hibernation in deep space. For the past ten years, the three-ton spacecraft has been on a one-way trip to a 4 km-wide comet. When it arrives, it will set about performing a maneuver that has never been done before: landing on a comet’s surface. The spacecraft has already achieved some success on its long journey through the solar system. It has passed by two asteroids—Steins in 2008 and Lutetia in 2010—and it tried out some of its instruments on them. Because Rosetta’s journey is so protracted, however, preserving energy has been of the utmost importance, which is why it was put into hibernation in June 2011. The journey has taken so long because the spacecraft needed to be “gravity-assisted” by many planets in order to reach the necessary velocity to match the comet’s orbit. Rosetta’s path through the inner Solar System. When it wakes up, Rosetta is expected to take a few hours to establish contact with Earth, 673 million km (396 million mi) away. The scientists involved will wait with bated breath. Dan Andrews, part of a team at the Open University who built one of Rosetta’s on-board instruments, said, “If there isn’t sufficient power, Rosetta will go back to sleep and try again later. The wake-up process is driven by software commands already on the spacecraft. It will wake itself up autonomously and spend some time warming up and orienting its antenna toward Earth to ‘phone home.’” Read 10 remaining paragraphs | Comments

View original post here:
Sleeping spacecraft Rosetta nearly ready to wake up for comet landing

Point-of-sale malware infecting Target found hiding in plain sight

Cyberslayer Independent security journalist Brian Krebs has uncovered important new details about the hack that compromised as many as 110 million Target customers, including the malware that appears to have infected point-of-sale systems and the way attackers first broke in. According to a post published Wednesday to KrebsOnSecurity, point-of-sale (POS) malware was uploaded to Symantec-owned ThreatExpert.com on December 18, the same day that  Krebs broke the news of the massive Target breach . An unidentified source told Krebs that the Windows share point name “ttcopscli3acs” analyzed by the malware scanning website matches the sample analyzed by the malware scanning website . The thieves used the user name “Best1_user” to log in and download stolen card data. Their password was “BackupU$r”. KrebsonSecurity The class of malware identified by Krebs is often referred to as a memory scraper, because it monitors the computer memory of POS terminals used by retailers. The malware searches for credit card data before it has been encrypted and sent to remote payment processors. The malware then “scrapes” the plain-text entries and dumps them into a database. Krebs continued: Read 2 remaining paragraphs | Comments

Continue reading here:
Point-of-sale malware infecting Target found hiding in plain sight

Google Play Movies & TV comes to iOS, minus the store and offline support

Google loves itself some iOS apps. Its newest addition to Apple’s platform is Google Play Movies & TV , Google’s video content store. To call the app a “store” on iOS is a bit of a misnomer, as buying content from the iOS app isn’t possible, thanks to Apple’s restrictions. What it  can do is play existing content that you’ve purchased on an Android device or through the Google Play Web interface . There isn’t much to the app. Movies and TV shows are broken out into separate categories, and everything is displayed as a large thumbnail. The individual content pages show a short description, a minimal list of credits, and the all-important “play” button. The app supports Google’s Chromecast via a button in the top right corner, and that’s about it. It’s simple, but a movie player doesn’t really need to be complicated. Compared to the Android version, there are a few things missing. The lack of a store means Google’s recommendation engine is missing too, which leads to of a lot of blank-looking pages. The biggest omission is offline support—there is no way to download a video for later offline viewing, so make sure you have a great Internet connection before pressing “play.” In fact, the app doesn’t work over a cellular connection at all—Wi-Fi is required. Read 2 remaining paragraphs | Comments

Visit site:
Google Play Movies & TV comes to iOS, minus the store and offline support

Critical Microsoft, Adobe, and Oracle updates: Like dental floss for your PC

drueckert.com I was still wiping the sleep from my eyes this morning when the nagging voice kicked in: before trawling the Internet for news, you better install yesterday’s security updates. It wasn’t a pleasant thought, given the raft of patches released yesterday by Microsoft, Adobe, and Oracle for a variety of products. But as someone who has covered computer security for eight years, I’ve come to make updating a top priority. And for good reason. A large percentage of the booby-trapped websites that surreptitiously install malware on visitors’ machines exploit vulnerabilities that have already been patched. The recent hack on Yahoo’s ad network , for instance, targeted two security flaws in the Java software framework that Oracle had fixed 17 and 24 months ago, Trend Micro reported in a blog post . Those who visited compromised Yahoo servers with up-to-date systems were immune to those attacks. By contrast, people using unpatched software were exposed to malicious payloads that installed the Dorkbot and Gamarue trojans, as well as malware that turned visitors’ machines into Bitcoin miners. Read 5 remaining paragraphs | Comments

See the original post:
Critical Microsoft, Adobe, and Oracle updates: Like dental floss for your PC

DoS attacks that took down big game sites abused Web’s time-sync protocol

69 percent of all DDoS attack traffic by bit volume in the first week of January was the result of NTP reflection. Black Lotus Miscreants who earlier this week took down servers for League of Legends, EA.com, and other online game services used a never-before-seen technique that vastly amplified the amount of junk traffic directed at denial-of-service targets. Rather than directly flooding the targeted services with torrents of data, an attack group calling itself DERP Trolling sent much smaller-sized data requests to time-synchronization servers running the Network Time Protocol (NTP). By manipulating the requests to make them appear as if they originated from one of the gaming sites, the attackers were able to vastly amplify the firepower at their disposal. A spoofed request containing eight bytes will typically result in a 468-byte response to victim, an increase of more than 58 fold. “Prior to December, an NTP attack was almost unheard of because if there was one it wasn’t worth talking about,” Shawn Marck, CEO of DoS-mitigation service Black Lotus , told Ars. “It was so tiny it never showed up in the major reports. What we’re witnessing is a shift in methodology.” Read 4 remaining paragraphs | Comments

More:
DoS attacks that took down big game sites abused Web’s time-sync protocol