california – Page 119

Adobe issues emergency Flash update for attacks on Windows, Mac users

Adobe Systems has released a patch for two Flash player vulnerabilities that are being actively exploited online to surreptitiously install malware, one in attacks that target users of Apple’s Macintosh platform. While Flash versions for OS X and Windows are the only ones reported to be under attack, Thursday’s unscheduled release is available for Linux and Android devices as well. Users of all affected operating systems should install the update as soon as possible. The Mac exploits target users of the Safari browser included in Apple’s OS X, as well as those using Mozilla’s Firefox. That vulnerability, cataloged as CVE-2013-0634, is also being used in exploits that trick Windows users into opening booby-trapped Microsoft Word documents that contain malicious Flash content, Adobe said in an advisory . Adobe credited members of the Shadowserver Foundation , Lockheed Martin’s Computer Incident Response Team, and MITRE with discovery of the critical bug. Read 4 remaining paragraphs | Comments

Continue Reading:
Adobe issues emergency Flash update for attacks on Windows, Mac users

Data siphoned in Fed reserve hack a “bonanza” for spear phishers

Sensitive details on thousands of banking executives lifted from a hacking involving the Federal Reserve represent a potential “bonanza” for spear phishers looking to snare high-value targets in personalized scam e-mails, a security researcher said. The list is no longer readily available online, but according to Chris Wysopal, CTO of security firm Veracode, it contained details from a Federal Reserve-related database that Anonymous-affiliated hackers claimed to breach on Sunday. It included 31 fields, including home addresses, e-mail addresses, login IDs, and cryptographically hashed passwords. “As you can see, this is a spearphishing bonanza and even a password reuse bonanza for whoever can crack the password hashes,” he wrote in a blog post published on Wednesday. “It doesn’t look like any of these are internal Federal Reserve System accounts as those would have FRS AD UIDs associated with each account. Still, this is about the most valuable account dump by quality I have seen in a while.” Read 2 remaining paragraphs | Comments

View article:
Data siphoned in Fed reserve hack a “bonanza” for spear phishers

CES tells CNET: You’re fired!

At the 2013 CES convention, CNET’s editorial staff loved the Dish Hopper DVR and nominated it “Best in Show.” That journalistic decision was quickly tossed out, however, by the legal department at CBS, CNET’s corporate parent. CBS is involved in litigation against Dish over the Hopper. The censoring of CNET’s decision has produced a fair bit of fallout for CBS already. The company has been criticized in many quarters for silencing its journalists. Greg Sandoval, a well-known writer for CNET, even left the company, saying he was concerned that his employer didn’t respect editorial independence. Now, CES itself has put out a press release slamming CNET’s behavior and announcing that CNET won’t be allowed to produce the “Best of CES” awards anymore. Those awards are produced by CNET under contract with the Consumer Electronics Association (CEA), which puts on CES. CEA said it will work to identify a new partner to run the Best of CES awards. Read 4 remaining paragraphs | Comments

See original article:
CES tells CNET: You’re fired!

To prevent hacking, disable Universal Plug and Play now

Security experts are advising that a networking feature known as Universal Plug and Play be disabled on routers, printers, and cameras, after finding it makes tens of millions of Internet-connected devices vulnerable to serious attack. UPnP, as the feature is often abbreviated, is designed to make it easy for computers to connect to Internet gear by providing code that helps devices automatically discover each other over a local network. That often eliminates the hassle of figuring out how to configure devices the first time they’re connected. But UPnP can also make life easier for attackers half a world away who want to compromise a home computer or breach a business network, according to a white paper published Tuesday by researchers from security firm Rapid7. Over a five-and-a-half-month period last year, the researchers scanned every routable IPv4 address about once a week. They identified 81 million unique addresses that responded to standard UPnP discovery requests, even though the standard isn’t supposed to communicate with devices that are outside a local network. Further scans revealed 17 million addresses exposed UPnP services built on the open standard known as SOAP, short for simple object access protocol. By broadcasting the service to the Internet at large, the devices can make it possible for attackers to bypass firewall protections. Read 5 remaining paragraphs | Comments

Review: Microsoft Office 365 Home Premium Edition hopes to be at your service

Office 365 Home Premium Edition’s lineup of software, ready to stream to your PC today. Today, Microsoft releases Office 2013—the first full release of Microsoft’s latest-generation productivity suite for consumers. Office 2013 has already made a partial debut on Microsoft’s Windows RT tablets, though RT users will get a (slight) refresh with the full availability of the suite. The company gave consumers an open preview of Office last summer, which we reviewed in depth at the time of the suite’s announcement. So there aren’t any real surprises in the final versions of the applications being releasing today, at least as far as how they look and work. Today’s release, however, marks the first general availability of Microsoft’s new subscription model under the Office 365 brand the company has used for its hosted mail and collaboration services for businesses. While the applications in Office are being offered in a number of ways, Microsoft is trying hard to steer consumer customers to Office 365 Home Premium Edition, a service-based version of the suite that will sell for $100 a year. And just as Windows 8’s app store started to fill up as the operating system approached release, the same is true of Office’s own app store—an in-app accessible collection of Web-powered functionality add-ons for many of the core Office applications based on the same core technologies (JavaScript and HTML5) that power many of Windows 8’s interface-formerly-known-as-Metro apps. Now, the trick is getting consumers to buy into the idea of Office as a subscription service and embracing Microsoft’s Office “lifestyle,” instead of something they buy once and hold onto until their computers end up in the e-waste pile. Read 28 remaining paragraphs | Comments

Visit site:
Review: Microsoft Office 365 Home Premium Edition hopes to be at your service

Yes, that PC cleanup app you saw on TV at 3 a.m. is a waste

Step one: incite panic. MyCleanPC.com Maybe you’ve seen the ads on the Internet or on TV in the wee hours of the morning. They make lofty promises: get rid of blue screens and error messages! Increase your speed! Clean up your system! But even when these PC cleanup apps aren’t just malware in disguise, the things they’re doing for your PC are often dubious. Many either replicate tasks that can be handled by built-in utilities or do things that could cause more problems than they solve. To highlight just why you and your loved ones should never let these applications anywhere near your PC, we picked one that we’d recently seen ads for: MyCleanPC. It’s the archetypal Windows cleanup app—and you probably shouldn’t install it. Intimidation tactics The standard ad for a PC cleanup app follows the same basic format as this ad from MyCleanPC.com . These ads for PC cleanup products often follow the same basic formula: appeal to people with slow or buggy PCs, throw in a few shots of an operating system that looks kind of like Windows, tack on some “customer testimonials,” and offer a free diagnosis that will make all the problems go away. Read 14 remaining paragraphs | Comments

See more here:
Yes, that PC cleanup app you saw on TV at 3 a.m. is a waste

Credit Card Swipe Fees Begin Sunday In USA

An anonymous reader writes “A speedbump on the road to a cash-free economy will go into effect Sunday in the USA, as retailers in 40 states will have the option of passing along a surcharge to customers who pay with credit cards. The so-called swipe fees arose from the settlement of a seven-year lawsuit filed by retailers against Visa, Mastercard, and big banks, who collect an electronic processing fee averaging 1.5 to 3 percent on transactions involving credit cards. The banks naturally have opposed the consumer surcharges, preferring that the extra costs to be passed along in the form of higher prices. Consumers in ten states (California, Colorado, Connecticut, Florida, Kansas, Maine, Massachusetts, New York, Oklahoma, Texas) won’t be affected, since laws in those states forbid the practice (it seems that gasoline station owners here in Massachusetts got a different memo, though). Also, the surcharges won’t be collected for debit or prepaid cards.” Read more of this story at Slashdot.

See the article here:
Credit Card Swipe Fees Begin Sunday In USA

California’s Surreal Retroactive Tax On Tech Startup Investors

waderoush writes “Engineers and hackers don’t think much about tax policy, but there’s a bizarre development in California that they should know about, since it could reduce the pool of angel-investment money available for tech startups. Under a tax break available since the 1990s, startup founders and other investors in California were allowed to exclude or defer their gains when they sold stock in California-based small businesses. Last year, a California appeals court ruled that the tax break was unconstitutional, since it discriminated against investors in out-of-state companies. Now the Franchise Tax Board, California’s version of the IRS, has issued a notice saying how it intends to implement the ruling — and it’s a doozie. Not only is the tax break gone, but anyone who claimed an exclusion or deferral on the sale of small-business stock since 2008 is about to get a big retroactive tax bill. Investors, entrepreneurs, and even the plaintiffs in the original lawsuit are up in arms about the FTB’s notice, saying that it goes beyond the court’s intent and that it will drive investors out of the state. This Xconomy article takes an in-depth look at the history of the court case, the FTB’s ruling, and the reaction in the technology and investing communities.” Read more of this story at Slashdot.

View original post here:
California’s Surreal Retroactive Tax On Tech Startup Investors

Grammar badness makes cracking harder the long password

Comparison of the size of password search space when treating the password as a sequence of characters or words, or as words generated by grammatical structure. Rao,et al. When it comes to long phrases used to defeat recent advances in password cracking, bigger isn’t necessarily better, particularly when the phrases adhere to grammatical rules. A team of Ph.D. and grad students at Carnegie Mellon University and the Massachusetts Institute of Technology have developed an algorithm that targets passcodes with a minimum number of 16 characters and built it into the freely available John the Ripper cracking program. The result: it was much more efficient at cracking passphrases such as “abiggerbetter password” or “thecommunistfairy” because they followed commonly used grammatical rules—in this case, ordering parts of speech in the sequence “determiner, adjective, noun.” When tested against 1,434 passwords containing 16 or more characters, the grammar-aware cracker surpassed other state-of-the-art password crackers when the passcodes had grammatical structures, with 10 percent of the dataset cracked exclusively by the team’s algorithm. The approach is significant because it comes as security experts are revising password policies to combat the growing sophistication of modern cracking techniques which make the average password weaker than ever before . A key strategy in making passwords more resilient is to use phrases that result in longer passcodes. Still, passphrases must remain memorable to the end user, so people often pick phrases or sentences. It turns out that grammatical structures dramatically narrow the possible combinations and sequences of words crackers must guess. One surprising outcome of the research is that the passphrase “Th3r3 can only b3 #1!” (with spaces removed) is one order of magnitude weaker than “Hammered asinine requirements” even though it contains more words. Better still is “My passw0rd is $uper str0ng!” because it requires significantly more tries to correctly guess. Read 9 remaining paragraphs | Comments

View article:
Grammar badness makes cracking harder the long password

MP3 files written as DNA with storage density of 2.2 petabytes per gram

The general approach to storing a binary file as DNA, described in detail below. Goldman et al., Nature It’s easy to get excited about the idea of encoding information in single molecules, which seems to be the ultimate end of the miniaturization that has been driving the electronics industry. But it’s also easy to forget that we’ve been beaten there—by a few billion years. The chemical information present in biomolecules was critical to the origin of life and probably dates back to whatever interesting chemical reactions preceded it. It’s only within the past few decades, however, that humans have learned to speak DNA. Even then, it took a while to develop the technology needed to synthesize and determine the sequence of large populations of molecules. But we’re there now, and people have started experimenting with putting binary data in biological form. Now, a new study has confirmed the flexibility of the approach by encoding everything from an MP3 to the decoding algorithm into fragments of DNA. The cost analysis done by the authors suggest that the technology may soon be suitable for decade-scale storage, provided current trends continue. Trinary encoding Computer data is in binary, while each location in a DNA molecule can hold any one of four bases (A, T, C, and G). Rather than using all that extra information capacity, however, the authors used it to avoid a technical problem. Stretches of a single type of base (say, TTTTT) are often not sequenced properly by current techniques—in fact, this was the biggest source of errors in the previous DNA data storage effort. So for this new encoding, they used one of the bases to break up long runs of any of the other three. Read 9 remaining paragraphs | Comments

Continued here:
MP3 files written as DNA with storage density of 2.2 petabytes per gram

Ken May

Tag: california