Tag: digest-golf

Bitcoin security guarantee shattered by anonymous miner with 51% network power

Cornering the Bitcoin market may be easier than cornering orange juice futures. Paramount Pictures / Aurich Lawson For the first time in Bitcoin’s five-year history, a single entity has repeatedly provided more than half of the total computational power required to mine new digital coins, in some cases for sustained periods of time. It’s an event that, if it persists, signals the end of crypto currency’s decentralized structure. Researchers from Cornell University say that on multiple occasions, a single mining pool repeatedly contributed more than 51 percent of Bitcoin’s total cryptographic hashing output for spans as long as 12 hours. The contributor was GHash , which bills itself as the “#1 Crypto & Bitcoin Mining Pool.” During these periods, the GHash operators had unprecedented powers that circumvented the decentralization that is often held up as a salient advantage Bitcoin has over traditional currencies. So-called 51 percenters, for instance, have the ability to spend the same coins twice, reject competing miners’ transactions, or extort higher fees from people with large holdings. Even worse, a malicious player with a majority holding could wage a denial-of-service attack against the entire Bitcoin network. Like tremblers before a major earthquake, most of GHash’s 51-percent spans were relatively short. Few people paid much attention, since shortly after a miner loses the majority position, it also loses its extraordinary control. Then, on June 12, GHash produced a majority of the power for 12 hours straight, a sustained status that enables precisely the type of doomsday scenario some researchers have warned was possible. Read 8 remaining paragraphs | Comments

Read the original:
Bitcoin security guarantee shattered by anonymous miner with 51% network power

Former Microsoft employee gets 3 months in jail for leaking Windows 8 secrets

Earlier this week, a man accused of stealing trade secrets from Microsoft and handing them to a French blogger was sentenced to three months in jail and a $100 fine in the Western District of Washington. Alex Kibkalo worked for Microsoft in the company’s Russia and Lebanon offices. According to an FBI complaint filed earlier this year, Kibkalo leaked pre-release updates for Windows RT and a Microsoft-internal Activation Server SDK to a French blogger in retaliation for a poor performance review. The blogger allegedly asked a third party to verify the stolen SDK, but that third party, who connected with the blogger via Hotmail, alerted Microsoft of the theft instead. At that point, Microsoft launched its own internal investigation and searched the Hotmail account to find the blogger and his source. The company’s investigation team was soon able to trace back to Kibkalo and then discovered that he had created a virtual machine on Microsoft’s corporate network from which he uploaded the stolen goods to SkyDrive. When confronted, Kibkalo admitted to handing over software, company memos, and other documents. He was fired and later arrested. Read 3 remaining paragraphs | Comments

Original post:
Former Microsoft employee gets 3 months in jail for leaking Windows 8 secrets

Local cops in 15 US states confirmed to use cell tracking devices

ACLU A new map released  Thursday by the American Civil Liberties Union shows that fake cell towers, also known as stingrays, are used by state and local law enforcement in 15 states. Police departments in Baltimore, Chicago, Houston, Tucson, Los Angeles, and even Anchorage, among others, have been confirmed to use the devices. Beyond those states, 12 federal law enforcement agencies, ranging from the FBI to the National Security Agency, also employ them. Relatively little is known about precisely how police decide when and where to deploy them, but stingrays are used to track targeted phones and can also be used to intercept calls and text messages. However, privacy advocates worry that while the devices go after specific targets, they also often capture data of nearby unrelated people. Read 4 remaining paragraphs | Comments

Read More:
Local cops in 15 US states confirmed to use cell tracking devices

Google’s university book scanning can move ahead without authors’ OK

random letters/Flickr A federal appeals court on Tuesday upheld the right of universities, in conjunction with Google, to scan millions of library books without the authors’ permission. The 2nd US Circuit Court of Appeals, ruling in a case brought by the Authors Guild and other writers’ groups, argued that the universities were not breaching federal copyright law, because the institutions were protected by the so-called “fair use” doctrine. More than 73 percent of the volumes were copyrighted. The guild accused 13 universities in all of copyright infringement for reproducing more than 10 million works without permission and including them in what is called the HathiTrust Digital Library  (HDL) available at 80 universities. The institutions named in the case include the University of California, Cornell University, Indiana University, and the University of Michigan. Read 7 remaining paragraphs | Comments

Read the original:
Google’s university book scanning can move ahead without authors’ OK

Is Chicago using cell tracking devices? One man tries to find out

David D’Agostino A local activist has filed a new lawsuit against the Chicago Police Department in an attempt to learn how the city uses fake cell tower devices, also known as stingrays. Relatively little is known about the devices, which are used to track targeted phones and can also be used to intercept calls and text messages. The American Civil Liberties Union recently began a campaign to learn more about how stingrays are used by filing public records requests in Florida, the home state of the Stingray’s manufacturer, Harris Corporation. (While “Stringray” is a trademarked name and particular product, it has entered the technical lexicon as a generic term, like Kleenex or Xerox.) In nearly every sales agreement , that firm has required law enforcement agencies to sign nondisclosure agreements forbidding them from discussing whether or not an agency even possesses such a device, much less describing its capabilities. Read 8 remaining paragraphs | Comments

More:
Is Chicago using cell tracking devices? One man tries to find out

RadioShack continues death march, loses $98.3 million in a quarter

On Tuesday, electronics retailer RadioShack reported its quarterly earnings , and the results were not good. The company lost $98.3 million in its first fiscal quarter of 2014, a figure that’s more than triple the loss it sustained in the same quarter last year. Ars put RadioShack on our 2014 “Deathwatch” earlier in January, and not without reason. The retailer has relied on mobile phone sales to buoy it through the hard times and has tried to rebrand itself as the place to shop for Do-It-Yourselfers, stocking its shelves with various Arduino projects. But customers can find the handsets they need in carriers’ shops, and they often choose to buy DIY electronics goods online or in hardware stores. In a press release , the company attributed the quarter results to ” an industry-wide decline in consumer electronics and a soft mobility market which impacted traffic trends throughout the quarter.” Read 3 remaining paragraphs | Comments

Originally posted here:
RadioShack continues death march, loses $98.3 million in a quarter

Google will flag search results erased due to “right to be forgotten”

Wikipedia founder Jimmy Wales is a vocal critic of the new ruling. Jimmy Wales/ Wikipedia In the wake of a controversial European high court ruling last month that search providers like Google must remove “inadequate, irrelevant, or no longer relevant” materials from search results upon request by EU citizens, the US search giant has expressed a desire to alert users to when such results have been altered. Google’s plan to flag censored search results will likely be similar to how the company notifies users that links have been removed due to a copyright takedown request. The search giant aims to place such notifications at the bottom of pages that would have contained links that have been erased in order to alert users of the change, reports The Guardian. The company also plans to include statistics regarding “right to be forgotten” link removal requests in its biannual transparency report. Read 5 remaining paragraphs | Comments

Read the article:
Google will flag search results erased due to “right to be forgotten”

Amtrak wants 25Mbps per train

A familiar dialogue box for riders on the Northeast corridor. Amtrak is looking to build a trackside Wi-Fi network on its Northeast corridor that would bump its trains’ connections to broadband-level speeds. The increase is meant to accommodate busy trains with hundreds of customers crowding the Wi-Fi, a common scenario that results in slow or no connections for some customers. Amtrak has offered Wi-Fi on trains running between Boston and Washington, DC for several years now , but currently, the connection is 10Mbps shared among everyone on the train. In this reporter’s experience on crowded trains, this means you can only get on the Wi-Fi long enough to re-establish a connection through the network’s dialog boxes before the process resets. The company has requested proof-of-concept bids to bump the connection speed to 25Mbps per train “to meet growing customer data usage demands.” The bids will be used to see if it is “technically and financially feasible” to bring network improvements to the entire stretch of the Northeast corridor. Read 1 remaining paragraphs | Comments

Original post:
Amtrak wants 25Mbps per train

We “will be paying no ransom,” vows town hit by Cryptowall ransom malware

Cisco Systems The town manager of a hamlet in south eastern New Hampshire has defied demands that he pay a ransom to recover police department computer files taken hostage by Cryptowall, a newer piece of malware that encrypts hard drive contents of infected machines until victims pay for them to be decrypted. “Make no mistake, the Town of Durham will be paying no ransom,” Town Manager Todd Selig was quoted as saying by CBS Boston news. Police department computers for the town of almost 15,000 residents were reportedly infected Thursday after an officer opened what appeared to be a legitimate file attachment to an e-mail. By Friday morning, widespread “issues” were hitting the department computer network . It was shut down by noon that day to prevent the infection from spreading to other systems. The game may be RIGged The department was reportedly hit by Cryptowall, a newer form of crypto malware that rivals the better known CryptoLocker . According to a blog post published Thursday by researchers from Cisco Systems, Cryptowall has been gaining ground since April, when it was folded into the RIG exploit kit, which is software sold in underground forums that automates computer scams and malware attacks for less technically knowledgeable criminals. Cisco’s Cloud Web Security service has been blocking requests tied to more than 90 infected Internet domains pushing Cryptowall scams to more than 17 percent of service customers. Read 6 remaining paragraphs | Comments

Excerpt from:
We “will be paying no ransom,” vows town hit by Cryptowall ransom malware

Bugs in widely used WordPress plug-in leave sites vulnerable to hijacking

Security researchers have discovered vulnerabilities in a widely used WordPress extension that leaves sites susceptible to remote hijacking. WordPress-powered sites that use the All in One SEO Pack should promptly install an update that fixes the privilege escalation vulnerabilities, Marc-Alexandre Montpas, a researcher with security firm Sucuri wrote in a blog post published Saturday . Administrators can upgrade by logging in to the admin panel, selecting plug-ins, and choosing the All in One title. The just-released version that fixes the vulnerabilities is 2.1.6. The worst of the attacks made possible by the bugs can allow attackers to inject malicious code into the admin control panel, Montpas warned. Malicious hackers could then change an admin’s password or insert backdoor code into the underlying websites. People could also remotely tamper with a site’s search engine optimization settings. To exploit the bugs, attackers need only an unprivileged account on the site, such as one for posting reader comments. In some cases, the privilege escalation and cross-site scripting bugs in All in One SEO are combined with another vulnerability that Montpas didn’t elaborate on. Read 2 remaining paragraphs | Comments

View article:
Bugs in widely used WordPress plug-in leave sites vulnerable to hijacking