golf – Page 49 – Tech Today w/ Ken May

Meet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks

A packet capture showing Cupid attacking a wireless network. SysValue It just got easier to exploit the catastrophic Heartbleed vulnerability against wireless networks and the devices that connect to them thanks to the release last week of open source code that streamlines the process of plucking passwords, e-mail addresses, and other sensitive information from vulnerable routers and connected clients. Dubbed Cupid, the code comes in the form of two software extensions. The first gives wireless networks the ability to deploy “evil networks” that surreptitiously send malicious packets to connected devices. Client devices relying on vulnerable versions of the OpenSSL cryptography library can then be forced to transmit contents stored in memory. The second extension runs on client devices. When connecting to certain types of wireless networks popular in corporations and other large organizations, the devices send attack packets that similarly pilfer data from vulnerable routers. The release of Cupid comes eight weeks after the disclosure of Heartbleed , one of the most serious vulnerabilities to ever hit the Internet. The flaw, which existed for more than two years in OpenSSL, resides in “heartbeat” functions designed to keep a transport layer security (TLS) connection alive over an extended period of time. Read 5 remaining paragraphs | Comments

See more here:
Meet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks

OS X Yosemite unveiled at WWDC, features big UI overhaul

Photo by DAVID ILIFF. License: CC-BY-SA 3.0 This morning at Apple’s 2014 Worldwide Developer’s Conference, Apple SVP Craig Federighi gave us our first official look at the upcoming version of the Macintosh desktop operating system. This is the tenth formal release of OS X (which is pronounced “oh ess ten,” never “oh ess ecks”); Apple’s naming convention uses “OS X” as the brand, separate from the version, and so the brand and version of this release is indeed “OS X 10.10″—”oh ess ten ten dot ten” (or “ten point ten,” if you insist). Starting with OS X 10.9, though, Apple has given the OS California-themed names—10.9 was “OS X Mavericks,” after a famous surfing location, and this new version is “OS X Yosemite,” named after California’s Yosemite National Park. Mavericks’ branding and banners were all wave-related, after the surf theme; Yosemite’s desktop features the famous slab-sided southwest face of Half Dome , one of the park’s most recognizable rock formations. (PC gamers who cut their teeth in the late 80s and 90s will also recognize Half Dome from its role as the logo of the legendary adventure gaming company Sierra On-Line .) Translucency and new Dock icons. “Translucency” is the name of the day, with trandlucent panels and sidebars popping up all in all windows. The icons in the Dock have also gotten a big overhaul, gaining a very iOS-like appearance across the board. “You wouldn’t believe how much time we spent crafting that trash can,” joked Federighi. The revised interface can also be shifted to a “dark” mode, where windows and menus shift to light text on a smoky background instead of the Mac’s more typical black-on-white. Read 6 remaining paragraphs | Comments

Read the original:
OS X Yosemite unveiled at WWDC, features big UI overhaul

Payback time: First patent troll ordered to pay “extraordinary case” fees

FindTheBest CEO Kevin O’Connor and Director of Operations Danny Seigle. FindTheBest When Santa Barbara startup FindTheBest (FTB) was sued by a patent troll called Lumen View last year, it vowed to fight back rather than pay up the $50,000 licensing fee Lumen was asking for. Company CEO Kevin O’Connor made it personal, pledging $1 million of his own money to fight the legal battle. Once FindTheBest pursued the case, the company dismantled the troll in short order. In November, the judge invalidated Lumen’s patent, finding it was nothing more than a description of computer-oriented “matchmaking.” At that point, FindTheBest had spent about $200,000 on its legal fight—not to mention the productivity lost in hundreds of work hours spent by top executives on the lawsuit, and three all-company meetings. Read 10 remaining paragraphs | Comments

TrueCrypt security audit presses on, despite developers jumping ship

ZEISS Microscopy TrueCrypt, the whole-disk encryption tool endorsed by National Security Agency leaker Edward Snowden and used by millions of privacy and security enthusiasts around the world, will receive a second round of safety audits despite being declared unsafe and abruptly abandoned by its anonymous developers two days ago. Phase II of the security audit was already scheduled to commence when Wednesday’s bombshell advisory dropped on the TrueCrypt SourceForge page. After 24 hours to reflect on the unexpected move, an organizer with the Open Crypto Audit Project said he saw no reason to scrub those plans. Online fundraisers to bankroll the project have raised about $70,000, well past the $25,000 organizers had initially aimed for . “We have conferred and we are firmly going forward on schedule with the audit regardless of yesterday’s circumstances,” Kenn White, a North Carolina-based computer scientist and audit organizer told Ars Thursday. “We don’t want there to remain all sorts of questions or scenarios or what ifs in people’s minds. TrueCrypt has been around for 10 years and it’s never received a proper formal security analysis. People are going to continue to use it for better or worse, and we feel like we owe the community the proper analysis.” Read 5 remaining paragraphs | Comments

More:
TrueCrypt security audit presses on, despite developers jumping ship

Prosecutors: ex-LulzSec hacker “Sabu” helped authorities stop 300+ cyberattacks

The much delayed sentencing of former LulzSec hacker-turned-FBI informant Hector “Sabu” Monsegur is set to take place next week. But before any decisions are made public, new court documents (PDF) show Monsegur has helped the feds disrupt more than 300 attacks against targets ranging from the US military to NASA, Congress to private companies. “The amount of loss prevented by Monsegur’s actions is difficult to fully quantify, but even a conservative estimate would yield a loss prevention figure in the millions of dollars,” the document stated. The tale of Sabu’s arrest and LulzSec’s fall: FBI still needs Hector “Sabu” Monsegur, sentencing delayed (again) “Literally” the day he was arrested, hacker “Sabu” helped the FBI LulzSec leader “Sabu” worked with FBI since last summer FBI names, arrests Anon who infiltrated its secret conference call Inside the hacking of Stratfor: the FBI’s case against Antisec member Anarchaos All the latest on the unmasking of LulzSec leader “Sabu,” arrests Stakeout: how the FBI tracked and busted a Chicago Anon Doxed: how Sabu was outed by former Anons long before his arrest Anonymous attacks security firm as revenge for LulzSec arrests “Everything incriminating has been burned”: Anons fight panic after Sabu betrayal Monsegur assisted in high-profile hacks of security firm HBGary and others as a member of LulzSec, a sect of Anonymous. He began cooperating with the FBI in June 2011 after his arrest at the Jacob Riis public housing complex in New York City. His work for the feds began immediately . Eventually Monsegur helped the government build cases against numerous Anonymous hackers, including Stratfor hacker Jeremy Hammond . He apparently also assisted the government in its investigation of Wikileaks . According to the New York Times , prosecutors filed the new documents because they are asking Judge Loretta A. Preska for leniency in light of Monsegur’s “extraordinary cooperation.” Sentencing in Monsegur’s case is currently scheduled for Tuesday in a Federal District Court in Manhattan. But while some of the other hackers in the LulzSec saga have faced steep penalties (for example, Hammond is serving a 10-year sentence), the government has asked for Monsegur to only be sentenced to time served— just seven months . Read 1 remaining paragraphs | Comments

Read this article:
Prosecutors: ex-LulzSec hacker “Sabu” helped authorities stop 300+ cyberattacks

Airbnb gives up customer data to NY attorney general

Airbnb Home renting company Airbnb announced Wednesday that under pressure from the New York attorney general’s office, it will hand over the anonymized personal data of its New York hosts to the state. New York Attorney General Eric Schneiderman subpoenaed three years’ worth of data in 2013 in an effort to suss out whether Airbnb users are running “illegal hotels” and to determine if Airbnb’s business model and platform comply with the law. Schneiderman stated his suspicions in April that Airbnb hosts in New York operate residences or parts of their homes like hotels—but without the fire, safety, and tax regulations normally applied to hotels. Airbnb hosts could also be in violation of a 2010 law that prohibits New Yorkers from renting entire apartments for less than 29 consecutive days. Schneiderman claimed that Airbnb sells itself to investors as a hotel network, but it attempts to keep that pitch out of the public sphere for fear of incurring legal hotel status. The New York Supreme Court rejected Schneiderman’s subpoena request on May 13, “but the judge’s ruling also made it clear that he would accept a new, narrower subpoena and require Airbnb to turn over personal information about hosts if the Attorney General’s Office made some changes to their demands,” wrote Airbnb in its blog post Wednesday. Read 1 remaining paragraphs | Comments

More:
Airbnb gives up customer data to NY attorney general

Missing features we’d like to see in the next version of OS X

It’s only been about seven months since Apple released OS X 10.9, the latest and greatest version of its Mac operating system. But the yearly upgrade cycle means that unless something unexpected happens, Apple will tell us about OS X 10.10 at the traditional keynote next month on the first morning of its Worldwide Developers Conference (WWDC). The operating system is over 13 years old and it’s come a long way since those first versions , but it’s still not perfect. What areas do we think Apple should focus on in 10.10? Think of the SSDs Isn’t it time our modern hard drives got a modern filesystem? The latest Macs may have solid state drives that can read and write over 700 megabytes per second over a direct PCI Express connection, but all that data is still organized by a file system from the previous millennium: HFS+. There’s something to be said for using stable, battle-hardened code for the file system, which is probably the most critical part of the operating system. Unfortunately, Apple’s current HFS+ implementation isn’t as stable as it should be, much to the chagrin of Ars’ OS X reviewer extraordinaire John Siracusa. With the introduction of a logical volume manager—Core Storage—it looks like Apple has found a way to innovate in the area of storage without having to replace HFS+. One of the big missing features in HFS+ is snapshots . Time Machine, for example, works per-file. Changing a few bytes in the middle of a large file means that the entire file is copied during the next backup. With snapshots, that’s not necessary: multiple snapshots share the unmodified disk blocks. As such, snapshots could be implemented in Core Storage rather than in the file system. This would allow Time Machine backups to be much faster and more efficient. Read 18 remaining paragraphs | Comments

Continued here:
Missing features we’d like to see in the next version of OS X

Wi-Fi networks are wasting a gigabit—but multi-user beamforming will save the day

Aurich Lawson Wi-Fi equipment based on the new 802.11ac standard—often called Gigabit Wi-Fi —has been on the market for nearly two years. These products offer greater bandwidth and other improvements over gear based on the older 802.11n specification, but they don’t implement one of the most impressive features of 11ac. It was simply too complicated to deploy all the upgrades at once, hardware makers say. As a result, 11ac networks actually waste a lot of capacity when serving devices like smartphones and tablets. This shortcoming should be fixed over the next year with new networking equipment and upgrades to end-user devices. Once everything is in place, Wi-Fi networks will be better able to serve lots of devices at once, particularly the mobile devices that every single person in the US seemingly has in his or her hands every minute of the day.The soon-to-be-deployed technology is called MU-MIMO (multi-user, multiple-input and multiple-output), which is like a wireless “switch” that sends different data to different receivers at the same time. It’s powered by multi-user beamforming, an improvement over the single-user beamforming found in first-generation 11ac products. MU-MIMO will let wireless access points send data streams of up to 433Mbps to at least three users simultaneously, for a total of 1.3Gbps or more. First-generation 11ac equipment without MU-MIMO could send those streams of data simultaneously, but only to one device—and only if that device was capable of receiving multiple streams. Many computers could handle the influx of data, but smartphones and tablets generally couldn’t. That meant they could only receive one stream (occasionally two) because of power limitations. Read 37 remaining paragraphs | Comments

Continued here:
Wi-Fi networks are wasting a gigabit—but multi-user beamforming will save the day

For Do Not Call violations, Sprint will pay FCC $7.5M in largest ever settlement

Hunter Edwards On Monday, Sprint agreed to pay the Federal Communications Commission $7.5 million to resolve violations of the Do Not Call registry—the largest settlement payout ever. The program first began in 2003 as a way to allow Americans to opt out of unsolicited sales calls. According to the FCC, Sprint will also put into effect a “robust compliance plan,” designate a new senior manager to deal with compliance, retrain its employees, and report any further noncompliance to the agency, among other necessary actions. “We expect companies to respect the privacy of consumers who have opted out of marketing calls,” said Travis LeBlanc, acting chief of the Enforcement Bureau, in a statement . “When a consumer tells a company to stop calling or texting with promotional pitches, that request must be honored. Today’s settlement leaves no question that protecting consumer privacy is a top enforcement priority.” Read 3 remaining paragraphs | Comments

Urine and the bladder are not sterile, contain bacteria

Gray’s Anatomy No, urine is not sterile, according to a study presented this week by researchers from the Stritch School of Medicine at Loyola University. Instead, the bodily excretion does contain a diverse array of bacteria that can vary depending on bladder condition. Up until now, the types of bacteria present have been hard to detect because they don’t grow in urine cultures. That urine is not sterile is not actually news; the same medical school reported findings in 2012 suggesting that urine can contain bacteria when drawn directly from the bladder. But the study may surprise many due to the deeply entrenched belief , even in the medical community, that urine is bacteria-free and thus safe to use in a number of activities, from drinking to rinsing wounds in a pinch. A commonly traded rule of thumb is that, while the initial part of a stream of urine contains bacteria washed from the urethra, the “mid-stream” is safely sterile. This is not so, or at least it’s not entirely reliable information. The two studies, from 2013 and 2012, looked only at samples from women. The 2013 study compared samples from women with and without overactive bladder disorder (OAB) and found different types of bacteria in both types of samples, including Streptococcus and Staphylococcus. The authors of the study suggested that the presence of certain types of bacteria in women with OAB could be causing their symptoms, and treating their presence could help with their condition. Read 2 remaining paragraphs | Comments

View article:
Urine and the bladder are not sterile, contain bacteria