feeds – Page 55 – Tech Today w/ Ken May

After Netflix pays Comcast, speeds improve 65%

Netflix’s decision to pay Comcast for a direct connection to the Comcast network has resulted in significantly better video streaming performance for customers of the nation’s largest broadband provider. Netflix has bemoaned the payment, asking the government to prevent Comcast from demanding such interconnection ” tolls .”But there’s little doubt the interconnection has benefited consumers in the short term. Average Netflix performance for Comcast subscribers rose from 1.51Mbps to 1.68Mbps from January to February, though the interconnection didn’t begin until late February. In data released today, Netflix said average performance on Comcast has now risen further to 2.5Mbps , a 65 percent increase since January. Comcast’s increased speed allowed it to pass Time Warner Cable, Verizon, CenturyLink, AT&T U-verse, and others in Netflix’s rankings. Comcast remains slower than Cablevision, Cox, Suddenlink, Charter, and Google Fiber. Read 4 remaining paragraphs | Comments

Continue reading here:
After Netflix pays Comcast, speeds improve 65%

FBI to have 52 million photos in its NGI face recognition database by next year

The EFF Jennifer Lynch is a senior staff attorney with the Electronic Frontier Foundation and works on open government, transparency and privacy issues, including drones, automatic license plate readers and facial recognition. New documents released by the FBI show that the Bureau is well on its way toward its goal of a fully operational face recognition database by this summer. The EFF received these records in response to our Freedom of Information Act lawsuit for information on Next Generation Identification (NGI) —the FBI’s massive biometric database that may hold records on as much as one-third of the US population. The facial recognition component of this database poses real threats to privacy for all Americans. Read 21 remaining paragraphs | Comments

Taken from:
FBI to have 52 million photos in its NGI face recognition database by next year

Flowing salt water over graphene generates electricity

An image of graphene, showing defects in its single-atom thickness. UC Berkeley Hydroelectricity is one of the oldest techniques for generating electrical power, with over 150 countries using it as a source for renewable energy. Hydroelectric generators only work efficiently at large scales, though—scales large enough to interrupt river flow and possibly harm local ecosystems. And getting this sort of generation down to where it can power small devices isn’t realistic. In recent years, scientists have investigated generating electrical power using nano-structures. In particular, they have looked at generating electricity when ionic fluids—a liquid with charged ions in it—are pushed through a system with a pressure gradient. However, the ability to harvest the generated electricity has been limited because it requires a pressure gradient to drive ionic fluid through a small tube. But scientists have now found that dragging small droplets of salt water on strips of graphene generates electricity without the need for pressure gradients. In their study, published in Nature Nanotechnology , researchers from China grew a layer of graphene and placed a droplet of salt water on it. They then dragged the droplet across the graphene layer at different velocities and found that the process generated a small voltage difference. Read 6 remaining paragraphs | Comments

Continue Reading:
Flowing salt water over graphene generates electricity

Appeals court reverses hacker/troll “weev” conviction and sentence [Updated]

Self-portrait by Weev A federal appeals court Friday reversed and vacated the conviction and sentence of hacker and Internet troll Andrew “weev” Auernheimer. The case against Auernheimer, who has often been in solitary confinement for obtaining and disclosing personal data of about 140,000 iPad owners from a publicly available AT&T website, was seen as a test case on how far the authorities could go under the Computer Fraud and Abuse Act, the same law that federal prosecutors were invoking against Aaron Swartz. But, in the end, the Third U.S. Circuit Court of Appeals didn’t squarely address the controversial fraud law and instead said Aeurnheimer was charged in the wrong federal court. Read 4 remaining paragraphs | Comments

See the original article here:
Appeals court reverses hacker/troll “weev” conviction and sentence [Updated]

Whitehat hacker goes too far, gets raided by FBI, tells all

A whitehat hacker from the Baltimore suburbs went too far in his effort to drive home a point about a security vulnerability he reported to a client. Now he’s unemployed and telling all on reddit . David Helkowski was working for Canton Group, a Baltimore-based software consulting firm on a project for the University of Maryland (UMD), when he claims he found malware on the university’s servers that could be used to gain access to personal data of students and faculty. But he says his employer and the university failed to take action on the report, and the vulnerability remained in place even after a data breach exposed more than 300,000 students’ and former students’ Social Security numbers. As Helkowski said to a co-worker in Steam chat, “I got tired of being ignored, so I forced their hand.” He penetrated the university’s network from home, working over multiple VPNs, and downloaded the personal data of members of the university’s security task force. He then posted the data to Pastebin and e-mailed the members of the task force anonymously on March 15. Read 6 remaining paragraphs | Comments

DNA-based logic gates operate inside cockroach cells

DNA robots crawl across a surface made of DNA. Harvard DNA-based nanotechnology has been around for more than 30 years, but it really took off in 2006, when DNA origami was featured on the cover of Nature . This form of origami, the folding of DNA into 2D and 3D shapes, was more of an art form back then, but scientists are now using the approach to construct nanoscale robots. The basic principle of DNA origami is that a long, single-stranded DNA molecule will fold into a predefined shape through the base-pairing of short segments called staples. All that’s required is to ensure that each staple can find a complementary match to base-pair with at the right location elsewhere in the molecule. This approach can be used to create both 2D and 3D structures. The idea behind the new work is that a DNA origami robot can be programmed to have a specific function based on a key, which can be a protein, a drug, or even another robot. Once the right key and the right robot find each other, the key drives a conformational (structural) change in the robot. The new shape causes the robot to perform a programmed function, such as releasing a drug. Read 7 remaining paragraphs | Comments

View article:
DNA-based logic gates operate inside cockroach cells

Heartbleed vulnerability may have been exploited months before patch

guthrieinator There’s good news, bad news, and worse news regarding the “Heartbleed” bug that affected nearly two-thirds of the Internet’s servers dependent on SSL encryption. The good news is that many of those servers (well, about a third) have already been patched. And according to analysis by Robert Graham of Errata Security, the bug won’t expose the private encryption key for servers “in most software” (though others have said several web server distributions are vulnerable to giving up the key under certain circumstances.) The bad news is that about 600,000 servers are still vulnerable to attacks exploiting the bug. The worse news is that malicious “bot” software may have been attacking servers with the vulnerability for some time—in at least one case, traces of the attack have been found in audit logs dating back to last November. Attacks based on the exploit could date back even further. Security expert Bruce Schneier calls Heartbleed a catastrophic vulnerability. “On the scale of 1 to 10, this is an 11,” he said in a blog post today. The bug affects how OpenSSL, the most widely used cryptographic library for Apache and nginx Web servers, handles a service of Transport Layer Security called Heartbeat—an extension added to TLS in 2012. Read 9 remaining paragraphs | Comments

Visit site:
Heartbleed vulnerability may have been exploited months before patch

Critical crypto bug exposes Yahoo Mail passwords Russian roulette-style

Mascamon at lb.wikipedia Lest readers think “catastrophic” is too exaggerated a description for the critical defect affecting an estimated two-thirds of the Internet’s Web servers , consider this: at the moment this article was being prepared, the so-called Heartbleed bug was exposing end-user passwords, the contents of confidential e-mails, and other sensitive data belonging to Yahoo Mail and almost certainly countless other services. The two-year-old bug is the result of a mundane coding error in OpenSSL , the world’s most popular code library for implementing HTTPS encryption in websites, e-mail servers, and applications. The result of a missing bounds check in the source code, Heartbleed allows attackers to recover large chunks of private computer memory that handle OpenSSL processes. The leak is the digital equivalent of a grab bag that hackers can blindly reach into over and over simply by sending a series of commands to vulnerable servers. The returned contents could include something as banal as a time stamp, or it could return far more valuable assets such as authentication credentials or even the private key at the heart of a website’s entire cryptographic certificate. Underscoring the urgency of the problem, a conservatively estimated two-thirds of the Internet’s Web servers use OpenSSL to cryptographically prove their legitimacy and to protect passwords and other sensitive data from eavesdropping. Many more e-mail servers and end-user computers rely on OpenSSL to encrypt passwords, e-mail, instant messages, and other sensitive data. OpenSSL developers have released version 1.0.1g that readers should install immediately on any vulnerable machines they maintain. But given the stakes and the time it takes to update millions of servers, the risks remain high. Read 6 remaining paragraphs | Comments

View article:
Critical crypto bug exposes Yahoo Mail passwords Russian roulette-style

Experian in hot seat after exposing millions of social security numbers [Update]

Ruddington Photos/Flickr Regulators from several states are investigating a data breach from a subsidiary of the credit-tracking behemoth Experian. The investigation by attorneys general in these states concerns whether the subsidiary adequately secured some 200 million social security numbers and whether victims were properly notified. The investigation, first disclosed by Reuters , comes as the Obama administration is pressing for legislation requiring companies to better secure customer data . A Vietnamese man who operated a website, called findget.me, offering social security numbers has pleaded guilty to charges that he obtained the data from the Experian subsidiary, Court Ventures. The firm, a court document retrieval service, also jointly maintains a database of some 200 million social security numbers with another firm. Read 5 remaining paragraphs | Comments

See the article here:
Experian in hot seat after exposing millions of social security numbers [Update]

Creepshots: Microsoft discovers an on-campus peeping tom

Microsoft’s lush RedWest campus. Microsoft On July 24, 2013, a Microsoft vendor employee working at the company’s RedWest campus in Redmond had a piece of good fortune—he found a Muvi USB video camera just lying in the footpath between buildings. He picked up the camera, only later taking a look at the footage on the device, which revealed that his good fortune was actually evidence of a crime. The Muvi camera contained “upskirt” video footage of women climbing stairs or escalators—or sometimes just standing in checkout lines—and some of it had been shot on Microsoft’s campus. The vendor employee reported the incident to Microsoft Global Security, who took possession of the camera on July 26. To find the camera’s owner, two Global Security investigators pulled up Microsoft’s internal security camera footage covering the RedWest footpath. They began by locating the moment when the vendor employee walked into the frame, paused, and bent down to retrieve the camera off the ground. Investigators then rewound the footage to see who had dropped it. At the 11:24am mark, they saw a man in a collared shirt and reddish pants walk out of a RedWest building and walk along the footpath. Then, at 11:25am, the vendor employee appeared and picked up the camera. At 11:26am, the man in the reddish pants suddenly returned to the picture. According to a later report from the Redmond Police Department, he was “rushing” back to the RedWest building he had just left and appeared “nervous, frantically looking around.” He eventually used a keycard to re-enter the RedWest building. Read 6 remaining paragraphs | Comments

Visit site:
Creepshots: Microsoft discovers an on-campus peeping tom