Tag: elegant-bride

Guerilla researcher created epic botnet to scan billions of IP addresses

Aurich Lawson (after Aliens) In one of the more audacious and ethically questionable research projects in recent memory, an anonymous hacker built a botnet of more than 420,000 Internet-connected devices and used it to perform one of the most comprehensive surveys ever to measure the insecurity of the global network. In all, the nine-month scanning project found 420 million IPv4 addresses that responded to probes and 36 million more addresses that had one or more ports open. A large percentage of the unsecured devices bore the hallmarks of broadband modems, network routers, and other devices with embedded operating systems that typically aren’t intended to be exposed to the outside world. The researcher found a total of 1.3 billion addresses in use, including 141 million that were behind a firewall and 729 million that returned reverse domain name system records. There were no signs of life from the remaining 2.3 billion IPv4 addresses. Continually scanning almost 4 billion addresses for nine months is a big job. In true guerilla research fashion, the unknown hacker developed a small scanning program that scoured the Internet for devices that could be logged into using no account credentials at all or the usernames and passwords of either “root” or “admin.” When the program encountered unsecured devices, it installed itself on them and used them to conduct additional scans. The viral growth of the botnet allowed it to infect about 100,000 devices within a day of the program’s release. The critical mass allowed the hacker to scan the Internet quickly and cheaply. With about 4,000 clients, it could scan one port on all 3.6 billion addresses in a single day. Because the project ran 1,000 unique probes on 742 separate ports, and possibly because the binary was uninstalled each time an infected device was restarted, the hacker commandeered a total of 420,000 devices to perform the survey. Read 16 remaining paragraphs | Comments

Read the original post:
Guerilla researcher created epic botnet to scan billions of IP addresses

Finally, Feds say cops’ access to your e-mail shouldn’t be time-dependent

“When ECPA was enacted, e-mail was primarily a means of communicating information, not storing it,” said Sen. Mike Lee (R-UT) on Tuesday in a statement. Ed Yourdon On Tuesday, the Department of Justice acknowledged for the first time that the notion that e-mail more than 180 days old should require a different legal standard is outdated. This marked shift in legal theory, combined with new House subcommittee hearings and new Senate legislation, might just actually yield real, meaningful reform on the  much-maligned Electronic Communications Privacy Act . It’s an act, by the way, that dates back to 1986. As Ars’ Tim Lee wrote  in November 2012, “ECPA requires a warrant to obtain freshly sent e-mail before it’s been opened by the recipient. But once an e-mail has been opened, or once it has been sitting in the recipient’s e-mail box for 180 days, a lower standard applies. These rules simply don’t line up with the way modern e-mail systems work.” Read 14 remaining paragraphs | Comments

More:
Finally, Feds say cops’ access to your e-mail shouldn’t be time-dependent

US regulator: Bitcoin exchanges must comply with money-laundering laws

Zach Copley The federal agency charged with enforcing the nation’s laws against money laundering has issued new guidelines suggesting that several parties in the Bitcoin economy qualify as Money Services Businesses under US law. Money Services Businesses (MSBs) must register with the federal government, collect information about their customers, and take steps to combat money laundering by their customers. The new guidelines do not mention Bitcoin by name, but there’s little doubt which “de-centralized virtual currency” the Financial Crimes Enforcement Network (FinCEN) had in mind when it drafted the new guidelines. A FinCEN spokesman told Bank Technology News last year that “we are aware of Bitcoin and other similar operations, and we are studying the mechanism behind Bitcoin.” America’s anti-money-laundering laws require financial institutions to collect information on potentially suspicious transactions by their customers and report these to the federal government. Among the institutions subject to these regulatory requirements are “money services businesses,” including “money transmitters.” Until now, it wasn’t clear who in the Bitcoin network qualified as a money transmitter under the law. Read 7 remaining paragraphs | Comments

See original article:
US regulator: Bitcoin exchanges must comply with money-laundering laws

Stabilizing the electric grid by keeping generators in sync

Library of Congress When the lights go out, it affects everyone. It’s not only the inconvenience of having the TV shut off unexpectedly—a lot of heavy equipment really dislikes having the power disappear suddenly. For the most part, the power grid is very stable. But sometimes random events and seemingly small operator errors can cascade to create massive power outages. Underlying the stability of a power grid is the need to keep multiple generators operating in a synchronized manner. New research shows (in an annoyingly abstract way) that good network design can take advantage of the tendency for generators to self-synchronize. Counting the beat Depending on where you happen to be in the world, your power outlet supplies alternating current at either 50 or 60 Hz. The precise value doesn’t really matter as long as it stays within a narrow limit. Essentially, this means that the generator supplying the power needs to rotate at a rate producing this frequency. Read 14 remaining paragraphs | Comments

Follow this link:
Stabilizing the electric grid by keeping generators in sync

Brazilian docs fool biometric scanners with bag full of fake fingers

Six silicone fingers, all in a row. BBC The BBC is one of several outlets carrying the bizarre story of a Brazilian doctor arrested for allegedly defrauding her employer, a hospital in the town of Ferraz de Vasconcelos, near São Paulo. At the time of her arrest, she was equipped with a total of sixteen fingers—ten of which God gave her, and six of which were crafted of silicone and given to her by coworkers. At least three of the extra fingers bore the prints of fellow doctors at the hospital. The doctor, Thaune Nunes Ferreira, 29, claims through her attorney that she was forced to use the silicone fingers to clock in to the hospital’s time card system in order to cover for absentee colleagues. “She says she was innocent because it is a condition they imposed on her to keep her job,” the attorney notes. According to the Bangkok Post and several other sources, Brazil’s Globo TV International network obtained and played footage of Ferreira clocking in to the hospital with her own permanently attached digits, then touching the same fingerprint scanner with two of the silicone fakes. The scanner produced paper time card receipts for her and the two employees to whom the silicone fingers’ prints belonged. In this way, notes the Post, “it looked like there were three doctors on duty when there was just one.” Read 2 remaining paragraphs | Comments

Link:
Brazilian docs fool biometric scanners with bag full of fake fingers

For first time, US military says it would use offensive cyberweapons

For the first time ever, the Obama administration has publicly admitted to developing offensive cyberweapons that could be aimed at foreign nations during wartime. According to an article published Tuesday night by The New York Times , that admission came from General Keith Alexander, the chief of the military’s newly created Cyber Command. He said officials are establishing 13 teams of programmers and computer experts who would focus on offensive capabilities. Previously, Alexander publicly emphasized defensive strategies in electronic warfare to the almost complete exclusion of offense. “I would like to be clear that this team, this defend-the-nation team, is not a defensive team,” Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee on Tuesday. “This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone.” Read 3 remaining paragraphs | Comments

Excerpt from:
For first time, US military says it would use offensive cyberweapons

ID thieves “dox” Joe Biden, Jay-Z, Michelle Obama, and dozens more

The front page of exposed.su. Identity thieves have posted social security numbers, credit information, and other sensitive data belonging to more than a dozen politicians and celebrities. It’s a list that includes Vice President Joe Biden, FBI Director Robert Mueller, former Secretary of State Hillary Clinton, rapper Jay Z, and actor and director Mel Gibson. The website, exposed.su, surfaced on Monday with birth dates, telephone numbers, home addresses, and in some cases credit reports for a handful of politicians and celebrities. Throughout the past 24 hours the site has published details on additional individuals. Social security numbers for Mueller, Jay-Z, and Gibson appeared to be valid, the Associated Press reported . Los Angeles Police Chief Charlie Beck, whose information was also posted on the site, hasn’t challenged the accuracy, either. Still, other journalists wrote that phone numbers purportedly belonging to former California Governor Arnold Schwarzenegger and actor Ashton Kutcher reportedly went to a movie production company and a New York-based accounting firm respectively. The site included the image of a gaunt young woman with black circles around her eyes and an index finger in front of her lips. It was headed by a quote from the Showtime TV series Dexter , in which the title character says, “If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve.” The site included an embarrassing or humorous photo related to each individual whose information was disclosed. The act of publicly documenting the private details of people is known as “doxxing,” and it came into vogue a few years ago with the growing visibility of the Anonymous hacking collective. Read 2 remaining paragraphs | Comments

Read the original post:
ID thieves “dox” Joe Biden, Jay-Z, Michelle Obama, and dozens more

Dating site Zoosk resets some user accounts following password dump (Updated)

A screenshot from Jeremi Gosney showing passwords cracked by the ocl-Hashcat-plus program. Jeremi Gosney Zoosk.com, an online dating service with about 15 million unique visitors each month, is requiring some users to reset their passwords. The move comes after someone published a list cryptographically protected passcodes that may have been used by subscribers to the website. In the past, the San Francisco-based company has said it has more than 50 million users . With this dump, a small but statistically significant percentage of the 29-million-strong password list contained the word “zoosk,” an indication that at least some of the credentials may have originated with the dating site. Jeremi Gosney, a password expert at Stricture Consulting Group , said he cracked more than 90 percent of the passwords and found almost 3,000 had links to Zoosk. The cracked passcodes included phrases such as “logmein2zoosk,” “zoosk password,” “myzooskpass,” “@zoosk,” “zoosk4me,” “ilovezoosk,” “flirtzoosk,” “zooskmail.” Other passwords contained strings such as “flirt,” “lookingforlove,” “lookingforguys,” and “lookingforsex,” another indication that they were used to access accounts at one or more dating websites. Many users choose passwords containing names, phrases, or topics related to the specific website or generic type of service they’re used to access. In December, Ars profiled a 25-GPU cluster system Gosney built that’s capable of trying every possible Windows passcode in the typical enterprise in less than six hours. . Read 6 remaining paragraphs | Comments

Originally posted here:
Dating site Zoosk resets some user accounts following password dump (Updated)

Porn trolling mastermind is the world’s most evasive witness

Stefan Schlautmann On Wednesday we wrote about the elaborate chart defense attorney Morgan Pietz created to help Judge Otis Wright keep track of the many organizations associated with porn copyright trolling firm Prenda law, all of which seem to be run by the same half-dozen people. Pietz has now released a transcript of a remarkable deposition he took of Paul Hansmeier, who along with John Steele is widely regarded as the brains behind Prenda’s litigation campaign. Officially, a Prenda-linked shell company called “AF Holdings” is suing Pietz’s client for infringing copyright by downloading a pornographic film from BitTorrent. But in recent weeks, the focus of the litigation has shifted to alleged misconduct by Prenda, including whether the firm stole the identity of Minnesota resident Alan Cooper to use as an officer of AF Holdings. Judge Wright has scheduled a Monday hearing to get to the bottom of the allegations. Last month, we covered a filing by Prenda attorney Brett Gibbs, who insisted that all the important decisions had been made by “senior members of the law firms” connected to Prenda. Gibbs later identified these individuals as Hansmeier and Steele. Read 18 remaining paragraphs | Comments

Continue Reading:
Porn trolling mastermind is the world’s most evasive witness

VMware will hate this: Amazon slashes cloud prices up to 28 percent

OH MY GOD, Amazon’s having a FIRE… sale . This is bad for business! 20th Century Fox Television Last week, VMware’s top executives displayed just how worried they are about the competitive threat posed by Amazon’s cloud computing service. With customers able to spin up virtual machines in Amazon data centers, VMware is concerned fewer people will buy its virtualization tools. According to CRN , VMware CEO Pat Gelsinger told service partners at the company’s Partner Exchange Conference that if “a workload goes to Amazon, you lose, and we have lost forever.” VMware COO Carl Eschenbach jumped on the Amazon theme, saying, “I look at this audience, and I look at VMware and the brand reputation we have in the enterprise, and I find it really hard to believe that we cannot collectively beat a company that sells books.” Given VMware’s view of Amazon, Gelsinger and Eschenbach won’t like the latest news from the “bookseller,” which also happens to be a large IT services provider. Amazon today announced price reductions of up to 27.7 percent for Elastic Compute Cloud Reserved Instances running Linux/UNIX, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server. Reserved instances requiring up-front payments already provide discounts over “on-demand instances,” which can be spun up and down at will. Using reserved instances requires a little more advance planning to make sure you get the most bang for your buck—although customers who buy more than they need can sell excess capacity on Amazon’s Reserved Instance Marketplace . Read 7 remaining paragraphs | Comments

Continue Reading:
VMware will hate this: Amazon slashes cloud prices up to 28 percent