digest – Page 50

DoS attacks that took down big game sites abused Web’s time-sync protocol

69 percent of all DDoS attack traffic by bit volume in the first week of January was the result of NTP reflection. Black Lotus Miscreants who earlier this week took down servers for League of Legends, EA.com, and other online game services used a never-before-seen technique that vastly amplified the amount of junk traffic directed at denial-of-service targets. Rather than directly flooding the targeted services with torrents of data, an attack group calling itself DERP Trolling sent much smaller-sized data requests to time-synchronization servers running the Network Time Protocol (NTP). By manipulating the requests to make them appear as if they originated from one of the gaming sites, the attackers were able to vastly amplify the firepower at their disposal. A spoofed request containing eight bytes will typically result in a 468-byte response to victim, an increase of more than 58 fold. “Prior to December, an NTP attack was almost unheard of because if there was one it wasn’t worth talking about,” Shawn Marck, CEO of DoS-mitigation service Black Lotus , told Ars. “It was so tiny it never showed up in the major reports. What we’re witnessing is a shift in methodology.” Read 4 remaining paragraphs | Comments

More:
DoS attacks that took down big game sites abused Web’s time-sync protocol

Hackers use Amazon cloud to scrape mass number of LinkedIn member profiles

Image courtesy of TheTruthAbout. Image courtesy TheTruthAbout LinkedIn is suing a gang of hackers who used Amazon’s cloud computing service to circumvent security measures and copy data from hundreds of thousands of member profiles each day. “Since May 2013, unknown persons and/or entities employing various automated software programs (often referred to as ‘bots’) have registered thousands of fake LinkedIn member accounts and have extracted and copied data from many member profile pages,” company attorneys alleged in a complaint filed this week in US District Court in Northern California. “This practice, known as ‘scraping,’ is explicitly barred by LinkedIn’s User Agreement, which prohibits access to LinkedIn ‘through scraping, spidering, crawling, or other technology or software used to access data without the express written consent of LinkedIn or its Members.'” With more than 259 million members—many who are highly paid professionals in technology, finance, and medical industries—LinkedIn holds a wealth of personal data that can prove highly valuable to people conducting phishing attacks, identity theft, and similar scams. The allegations in the lawsuit highlight the unending tug-of-war between hackers who work to obtain that data and the defenders who use technical measures to prevent the data from falling into the wrong hands. Read 7 remaining paragraphs | Comments

See more here:
Hackers use Amazon cloud to scrape mass number of LinkedIn member profiles

AT&T turns data caps into profits with new fees for content providers

Aurich Lawson / Thinkstock AT&T today confirmed a long-rumored plan to monetize wireless data caps by charging content providers for the right to serve up video and other media without chewing up consumers’ monthly data limits. Sometimes called 1-800-DATA, AT&T billed the plan as “a new way for eligible 4G customers to enjoy mobile content and apps over AT&T’s wireless network without impacting their monthly wireless data plan.” Basically, the price of data is being charged to content providers instead of consumers. The rates for consumers and business will be similar. “We will offer AT&T Sponsored Data providers a wide range of options,” an AT&T spokesperson told Ars. “Customers will be billed according to usage, with costs varying by amounts of usage. Rates are comparable to consumer rates.” Read 15 remaining paragraphs | Comments

See the original post:
AT&T turns data caps into profits with new fees for content providers

Putting Windows and Android on the same PC doesn’t solve anyone’s problems

PC makers at CES may announce Windows PCs that run Android apps. But should you do something just because you can? Andrew Cunningham CES begins in just a few short days, but rumors about what we’ll be seeing there are already in full-swing. It’s a fair bet that the usual suspects will show up—phones, tablets, PCs, maybe even a Linux-powered gun or two—but the things that stick out usually end up being the Flavors of the Year. These are often technologies that are cool in theory but fail to light the world on fire in practice. Netbooks, 3D TVs, and the first run of Android tablets are all members of this illustrious group, and so far baubles like 4K TVs and smartwatches look like worthy heirs to the throne. One such upcoming flavor, according to a report from The Verge , is an Intel-backed initiative that combines Windows 8.1 and Android on the same device. Rather than combine an Android tablet with a Windows PC like Asus’ Transformer Book Trio , these computers will seamlessly run Android apps within a Windows environment, probably by way of a virtualization layer like Bluestacks . This idea is in no way new, though the report suggests that a larger push is imminent. The initiative makes some sense for Intel and the OEMs. For Intel, it’s a way to offer tablet makers something that they can’t get from ARM chips like those from Qualcomm or Nvidia: the ability to provide full Windows 8.1 app compatibility combined with Android app compatibility. For the OEMs, it’s (theoretically) a way to patch gaps in Windows 8.1’s improving-but-spotty app store by giving consumers Android tablet apps that they (theoretically) know and love. Read 7 remaining paragraphs | Comments

Follow this link:
Putting Windows and Android on the same PC doesn’t solve anyone’s problems

Windows 8.x breaks 10 percent, Internet Explorer 11 makes a splash

Net Market Share In 2013, Internet Explorer reversed some of its historic losses, Google released of Chrome for Android, and Windows 8 surpassed OS X and Windows Vista to become the third most widely used desktop operating system. Net Market Share Net Market Share Compared to last month, Internet Explorer actually fell slightly, declining by 0.45 points. Firefox, Safari, and Opera also fell, down 0.19, 0.08, and 0.06 points, respectively. The month’s winner was Chrome, which picked up 0.78 points. Over the course of the entire year, Internet Explorer was up 3.14 points on 2012. Firefox was down 1.47 points. Chrome was also down by 1.82 points. Safari rose 0.58 points. Read 9 remaining paragraphs | Comments

Read this article:
Windows 8.x breaks 10 percent, Internet Explorer 11 makes a splash

Why NSA spied on inexplicably unencrypted Windows crash reports

The National Security Agency’s X-KEYSCORE program gives the spy agency access to a wide range of Internet traffic. Any information that isn’t encrypted is, naturally, visible to passive Internet wiretaps of the kind the NSA and other intelligence agencies use. This in turn will typically expose such things as e-mails, online chats, and general browsing behavior. And, according to slides published this weekend by Der Spiegel , this information also includes crash reports from Microsoft’s Windows Error Reporting facility built in to Windows. These reports will tell eavesdroppers what versions of what software someone is running, what operating system they use, and whenever that software has crashed. Windows also sends messages in the clear whenever a USB or PCI device is plugged in as part of its hunt for suitable drivers. Read 3 remaining paragraphs | Comments

Read the original:
Why NSA spied on inexplicably unencrypted Windows crash reports

Wii U gamepad hacked, reverse engineered to stream from a PC

Reverse engineering the Wii U gamepad was non-trivial. libdrc The Wii U’s tablet controller isn’t moving as many consoles as Nintendo might like, but the technology itself is still interesting enough to draw the attention of the hacker community. Engadget reports that the libdrc team gave a presentation at the Chaos Communication Congress explaining how it managed to hack the Wii U’s gamepad to communicate with and stream content from a standard Linux PC. The full talk is available in video form here . The 64-slide deck describes the many, many hoops the team had to jump through to get the gamepad working—dumping the gamepad’s firmware helped the team reverse-engineer the Wi-Fi encryption system, at which point the team also needed to reverse-engineer the protocols Nintendo is using to stream video, audio, and input data. The team included a screenshot of an emulated Final Fantasy VII in its deck to prove that the software works and was also able to get the GameCube version of The Legend of Zelda: Wind Waker working live onstage. While the project is, at this point, “very buggy” and “not meant for end users,” the team thinks that the project is “a good prototype that can be improved on.” The team also wants to add the ability to pair other tablets with the Wii U, to port the project to Windows and to OS X, and to make it possible to stream things to the gamepad over the Internet. It may be some time before the layperson can take advantage of the libdrc team’s work, but even as an early alpha the project is an interesting proof-of-concept. Read on Ars Technica | Comments

View article:
Wii U gamepad hacked, reverse engineered to stream from a PC

Game of Thrones illegal downloads exceed TV viewers for second year

The most-torrented shows of 2013, according to Torrent Freak. Torrent Freak Game of Thrones again turned out to be the most-pirated TV show of 2013, according to a report from Torrent Freak. The show was downloaded an estimated 5.9 million times, besting its proportion of conventional television viewers, which clocks in at 5.5 million. That is a 37 percent increase from 2012, when Torrent Freak estimated Game of Thrones was downloaded 4.28 million times. As the New York Times points out , illegal downloads grew about 10 percent in 2013, with 327 million unique users navigating 13.9 billion webpages that handle pirated movies and TV. The shows Breaking Bad, The Walking Dead, The Big Bang Theory , and Dexter contributed another 14.3 million downloads between them. 2013 also saw plenty of industry leaders endorsing illegal downloading in one way or another. Game of Thrones director David Petrarca said the show thrives on “cultural buzz” in part generated by pirates; Time Warner CEO Jeff Bewkes said that Game of Thrones ’ status as the most pirated show was “ better than an Emmy ;” Netflix stated that it uses piracy statistics to determine what types of shows to produce or license; Breaking Bad creator Vince Gilligan said piracy ” helped… in terms of brand awareness .” The Walking Dead executive producer Gale Ann Hurd disagreed , calling the idea that piracy does good for content a “mistaken belief” and saying the activity is not something “we should encourage.” Read 1 remaining paragraphs | Comments

Efficient set-top boxes to save $1 billion on energy annually by 2017

Today, the US Department of Energy announced an agreement with a diverse group of NGOs that would see significant improvements to a poorly recognized energy sink: the set-top box that receives and controls TV programming. The agreement, while voluntary, commits service providers to using more efficient hardware through to 2017. Although the individual savings will be small, the cumulative impact is massive: a billion dollars in electricity saved by consumers and five million fewer metric tons of carbon dioxide emissions in the atmosphere. The agreement, brokered by the EPA, brings together a diverse coalition of groups. On the environmental side, we have the Natural Resources Defense Council and the Appliance Standards Awareness Project. Representing industry are the Consumer Electronics Association and the National Cable & Telecommunications Association. The American Council for an Energy-Efficient Economy, which gets its funding from a variety of sources (including utilities), was also at the party. The standards they’ve developed will cover all existing delivery methods: telecom, cable, and satellite. It won’t be written into legislation, but an independent third party will verify that hardware meets the agreement’s specifications each year between now and 2017. The exact details of the energy-saving changes aren’t specified in the announcement , but the electronics in the devices can get quite hot, and statements made by Senator Dianne Feinstein (D-CA) suggest that they often remain active even when the television is off. Read 1 remaining paragraphs | Comments

See more here:
Efficient set-top boxes to save $1 billion on energy annually by 2017

Scientists make exotic chemicals with high-pressure salt

Everything around you is made of elements that scientists have studied in quite some detail over the last 200 years. But all that understanding breaks down when these elements are subjected to high pressure and temperature. Now, using an advanced theoretical understanding and extreme conditions, researchers have converted table salt into exotic chemicals. Salt is made from one part sodium (Na) and one part chlorine (Cl). If somehow salt were transported to the center of the Earth, where the pressure is three million times that on the surface, its crystalline structure would change but the ratio of those two elements would remain the same. Vitali Prakapenka at the University of Chicago and his colleagues wanted to find out what would happen if there were an excess of either sodium or chlorine at such high pressures. Would the ratio between the elements change? “It might,” said Prakapenka, “because chemistry completely changes in such conditions.” If it did, the result would not just be formation of a new compound, but a serious revision of what we think about chemistry. Read 11 remaining paragraphs | Comments

Excerpt from:
Scientists make exotic chemicals with high-pressure salt

Ken May

Tag: digest