Tag: digest

Bitcoin cyberextortionists are blackmailing banks, corporations

A number of large UK corporations and institutions, such as Lloyds Bank and BAE systems, have reported a “marked increase” in Distributed Denial of Service (DDoS) attacks from the Bitcoin extortionist group DD4BC, which has been operational since last year . The increased aggressions appears concurrent with reports from other organisations. A cybersecurity case study released by Akamai identified 114 DD4BC attacks against the company’s customers since April 2015, with 41 cases taking place in June alone. In comparison, there were only 5 attacks in January and February 2015. “The latest attacks—focused primarily on the financial service industry—involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publicly,” said Akamai Security Division executive Stuart Scholly in a press release. 58% of DD4BC’s targets are financial institutions, according to Akamai. The group begins with ransom emails that state their demands, which vary anywhere between 1 and 100 bitcoins (about £160 to £16,000), a deadline for compliance, and warning of a “small, demonstrative attack.” Should the victim prove uncooperative, the figure is raised and a more forceful show of force is made. This technique is particularly effective against financial institutions as DD4BC threatens to publicise their attacks, negating the institution’s reputation and trustworthiness. Read 2 remaining paragraphs | Comments

Read the article:
Bitcoin cyberextortionists are blackmailing banks, corporations

Serious bug causes “quite a few” HTTPS sites to reveal their private keys

According to a security researcher for Linux distributer Red Hat, network hardware sold by several manufacturers failed to properly implement a widely used cryptographic standard, a data-leaking shortcoming that can allow adversaries to impersonate HTTPS-protected websites using the faulty equipment. A nine-month scan that queried billions of HTTPS sessions from millions of IP addresses was able to obtain leaked data for 272 keys, reports Red Hat security researcher Florian Weimer in a research paper  published this week. Because the scan surveyed only a very small percentage of the overall number of transport layer security protocol  handshakes, many more keys and manufacturers are likely to be affected by the leakage. Vulnerable hardware includes load balancers from Citrix as well as devices from Hillstone Networks, Alteon/Nortel, Viprinet, QNO, ZyXEL, BEJY, and Fortinet. The results of Weimer’s nine-month scan. Florian Weimer Enter Chinese Remainder Theorem The leakage is the result of insecure implementations of the RSA public key cryptosystem , which is one of several that HTTPS-protected websites can use to exchange keys with visitors. A 1996 research paper by researcher Arjen Lenstra warned that an optimization known as the Chinese Remainder Theorem sometimes causes faults to occur during the computation of an RSA signature. The errors cause HTTPS websites that use the perfect forward secrecy protocol to leak data that can be used to recover the site’s private key using what’s known as a side-channel attack . Read 6 remaining paragraphs | Comments

Link:
Serious bug causes “quite a few” HTTPS sites to reveal their private keys

Man who helped code highly destructive financial malware pleads guilty

The Latvian man accused of helping create the Gozi virus, which United States prosecutors dubbed ” one of the most financially destructive computer viruses in history ,” has pleaded guilty. As the original indictment stated : “The Gozi Virus has caused, at a minimum, millions of dollars in losses.” According to Reuters , Deniss Calovskis made the admission in federal court in Manhattan on Friday. Read 9 remaining paragraphs | Comments

Read More:
Man who helped code highly destructive financial malware pleads guilty

FBI, DEA and others will now have to get a warrant to use stingrays

The Department of Justice (DOJ) announced sweeping new rules Thursday concerning the use of cell-site simulators, often called stingrays, mandating that federal agents must now obtain a warrant in most circumstances. The policy, which takes effect immediately, applies to its agencies, including the FBI, the Bureau of Alcohol, Tobacco and Firearms (ATF), the Drug Enforcement Administration, and the United States Marshals Service, among others. “Cell-site simulator technology has been instrumental in aiding law enforcement in a broad array of investigations, including kidnappings, fugitive investigations and complicated narcotics cases,” Deputy Attorney General Sally Quillian Yates said in a statement . “This new policy ensures our protocols for this technology are consistent, well-managed and respectful of individuals’ privacy and civil liberties.” Read 15 remaining paragraphs | Comments

View article:
FBI, DEA and others will now have to get a warrant to use stingrays

Tesla’s $35,000 Model 3 will start production in 2017

God bless Elon Musk and his Twitter feed. While other companies rely on secretive press offices or employ PR giants to handle their communications, Musk happily uses the 140-character platform to break news about what’s going on at Tesla and SpaceX. Wednesday, we learned that the Model 3—Tesla’s next electric vehicle after the Model X SUV—will go into production in 2017, but only once the Gigafactory is up and running. Model 3, our smaller and lower cost sedan will start production in about 2 years. Fully operational Gigafactory needed. — Elon Musk (@elonmusk) September 2, 2015 The Gigafactory is a $5 billion plant that Tesla is building near Sparks, Nevada in partnership with Panasonic. The plan is to achieve significant economies of scale at the Gigafactory, which will make the Model 3’s $35,000 price tag possible—something Musk also told us via Twitter yesterday. @elonmusk $35k price, unveil in March, preorders start then. — Elon Musk (@elonmusk) September 2, 2015 When the Model 3 hits the streets in 2017 (assuming no Gigafactory-related delays) it won’t have as easy a time in the marketplace as the Model S, which even now still has no real competition. Chevrolet is launching the Bolt next year, a $30,000 EV which will match Tesla’s 200-mile (321km) range. However, Tesla has cleverly positioned itself as a premium brand with the Model S (and forthcoming Model X). Leveraging that cachet to move Model 3s seems like a no-brainer. Read on Ars Technica | Comments

More:
Tesla’s $35,000 Model 3 will start production in 2017

“NightShift” caches Netflix shows on your home network to boost speed

Are you having problems streaming Netflix? A startup called Aterlo Networks claims it has a solution: download Netflix shows and cache them locally so you can view them later without problems. Aterlo’s “ NightShift ” service could theoretically help anyone with slow home Internet connections access high-definition Netflix video. But Aterlo is primarily targeting it at satellite Internet customers who have to abide by strict data caps during the day and evening hours when most people watch streaming video. “Most satellite subscriptions in the US have a 10GB to 25GB monthly usage restriction, which effectively makes it impossible to use Netflix or other streaming video,” Aterlo CTO Scot Loach told Ars in a phone interview. Read 20 remaining paragraphs | Comments

More:
“NightShift” caches Netflix shows on your home network to boost speed

Sneaky adware caught accessing users’ Mac Keychain without permission

Last month, Ars chronicled a Mac app that brazenly exploited a then unpatched OS X vulnerability so the app could install itself without requiring people to enter system passwords. Now, researchers have found the same highly questionable installer is accessing people’s Mac keychain without permission. The adware taking these liberties is distributed by Israel-based Genieo Innovation, a company that’s long been known to push adware and other unwanted apps . According to researchers at Malwarebytes, the Genieo installer automatically accesses a list of Safari extensions  that, for reasons that aren’t entirely clear, is stashed inside the Mac Keychain  alongside passwords for iCloud, Gmail, and other important accounts. Genieo acquires this access by very briefly displaying a message asking for permission to open the Safari extensions and then automatically clicking the accompanying OK button before a user has time to respond or possibly even notice what’s taking place. With that, Genieo installs an extension known as Leperdvil. The following three-second video captures the entire thing: Read 5 remaining paragraphs | Comments

Continue Reading:
Sneaky adware caught accessing users’ Mac Keychain without permission

DNA used as velcro to form cells into 3D structures

One of the great hopes for stem cells is that they’ll allow us to eventually replace injured or damaged tissues. But there’s a big gap between the cells of stem cells and anything resembling an organ. Organs are complex, three-dimensional structures populated by multiple cell types. Getting a bunch of cells to form these structures is a significant challenge. One idea has been to use 3D printers. With multiple print-heads and a protein polymer gel, it’s possible to construct a rough approximation of the structure of a mature organ. Now, a team of California scientists has come up with an interesting alternative: use DNA as a sort of cellular velcro to get cells to stick to each other and form a complex, three-dimensional tissue. The basic idea is pretty simple. If they have the appropriate sequences, individual DNA molecules will pair up to form a double helix. If you coat one cell type with a short DNA sequence and then a second cell type with the sequence’s partner, the two cells will stick to each other. And it’s possible to coat a cell’s surface with DNA simply by adding a lipid molecule to the end of the DNA strand. Read 8 remaining paragraphs | Comments

More:
DNA used as velcro to form cells into 3D structures

Wikipedia blocks hundreds of linked accounts for suspect editing

The Wikimedia Foundation, the host of the online encyclopedia Wikipedia, said late Monday that it has suspended 381 accounts or “socks” that it claims accepted or charged money “to promote external interests on Wikipedia without revealing their affiliation.” The foundation said that it believed that activity from so-called “sockpuppet” accounts “were perpetrated by one coordinated group.” The foundation said that volunteer editors spent weeks investigating what it said was a violation of its terms of use . “The editors issued these blocks as part of their commitment to ensuring Wikipedia is an accurate, reliable, and neutral knowledge resource for everyone,” Wikimedia said in a statement. Read 6 remaining paragraphs | Comments

Originally posted here:
Wikipedia blocks hundreds of linked accounts for suspect editing

Microsoft, Google, Amazon, others, aim for royalty-free video codecs

Microsoft, Google, Mozilla, Cisco, Intel, Netflix, and Amazon today launched a new consortium, the Alliance for Open Media. The group plans to develop next-generation media formats—including audio and still images, but with video as the top priority—and deliver them as royalty-free open source, suitable for both commercial and noncommercial content. The issue of patent licenses and royalties continues to plague the video industry. While H.264/AVC video had relatively cheap licensing, it looks as if its successor, H.265/HEVC, is going to be considerably more expensive . Organizations that derive significant income from patent royalties and IP licensing weren’t happy with the low-cost model used for H.264, and so are pushing back. This is a great threat to open source and non-commercial streaming, which has no obvious way to pay the royalties. The HEVC royalty structure would even threaten the viability of commercial streamers such as Netflix. The Alliance for Open Media would put an end to this problem. The group’s first aim is to produce a video codec that’s a meaningful improvement on HEVC. Many of the members already have their own work on next-generation codecs; Cisco has Thor , Mozilla has been working on Daala , and Google on VP9 and VP10. Daala and Thor are both also under consideration by the IETF’s netvc working group, which is similarly trying to assemble a royalty-free video codec. Read 4 remaining paragraphs | Comments

Visit link:
Microsoft, Google, Amazon, others, aim for royalty-free video codecs