Tag: golf

How whitehats stopped the DDoS attack that knocked Spamhaus offline

Unlike Unicast-based networks, Anycast systems use dozens of individual data centers to dilute the effects of distributed denial-of-service attacks. CloudFlare As an international organization that disrupts spam operators, the Spamhaus Project has made its share of enemies. Many of those enemies possess the Internet equivalent of millions of water cannons that can be turned on in an instant to flood targets with more traffic than they can possibly stand. On Tuesday, Spamhaus came under a torrential deluge—75 gigabits of junk data every second—making it impossible for anyone to access the group’s website (the real-time blacklists that ISPs use to filter billions of spam messages were never effected). Spamhaus quickly turned to CloudFlare, a company that secures websites and helps mitigate the effects of distributed denial-of-service attacks. This is a story about how the attackers were able to flood a single site with so much traffic, and the way CloudFlare blocked it using a routing methodology known as Anycast. Read 8 remaining paragraphs | Comments

View article:
How whitehats stopped the DDoS attack that knocked Spamhaus offline

Finally, Feds say cops’ access to your e-mail shouldn’t be time-dependent

“When ECPA was enacted, e-mail was primarily a means of communicating information, not storing it,” said Sen. Mike Lee (R-UT) on Tuesday in a statement. Ed Yourdon On Tuesday, the Department of Justice acknowledged for the first time that the notion that e-mail more than 180 days old should require a different legal standard is outdated. This marked shift in legal theory, combined with new House subcommittee hearings and new Senate legislation, might just actually yield real, meaningful reform on the  much-maligned Electronic Communications Privacy Act . It’s an act, by the way, that dates back to 1986. As Ars’ Tim Lee wrote  in November 2012, “ECPA requires a warrant to obtain freshly sent e-mail before it’s been opened by the recipient. But once an e-mail has been opened, or once it has been sitting in the recipient’s e-mail box for 180 days, a lower standard applies. These rules simply don’t line up with the way modern e-mail systems work.” Read 14 remaining paragraphs | Comments

More:
Finally, Feds say cops’ access to your e-mail shouldn’t be time-dependent

Chameleon botnet steals millions from advertisers with fake mouseclicks

Security researchers have discovered a botnet that is stealing millions of dollars per month from advertisers. The botnet does so by simulating click-throughs on display ads hosted on at least 202 websites. Revealed and dubbed “Chameleon” by the Web analytics firm spider.io because of its ability to fool advertisers’ behavior-tracking algorithms, the botnet is the first found to use display advertisements to generate fraudulent income for its masters. In a blog post today, spider.io reported that the company had been tracking Chameleon since December of 2012. Simulating multiple concurrent browser sessions with websites, each bot is able to interact with Flash and JavaScript based ads. So far, more than 120,000 Windows PCs have been identified—95 percent of them with IP addresses associated with US residential Internet services. The company has issued a blacklist of the 5,000 worst-offending IP addresses for advertisers to use to protect themselves from fraud. While in many respects the botnet simulates human activity on webpages to fool countermeasures to clickfraud, it generates random mouse clicks and mouse pointer traces across pages. This makes it relatively easy for bot-infected systems to be identified over time. The bot is also unstable because of the heavy load it puts on the infected machine, and its frequent crashes can also be used as a signature to identify infected systems. Read 1 remaining paragraphs | Comments

See the original post:
Chameleon botnet steals millions from advertisers with fake mouseclicks

US regulator: Bitcoin exchanges must comply with money-laundering laws

Zach Copley The federal agency charged with enforcing the nation’s laws against money laundering has issued new guidelines suggesting that several parties in the Bitcoin economy qualify as Money Services Businesses under US law. Money Services Businesses (MSBs) must register with the federal government, collect information about their customers, and take steps to combat money laundering by their customers. The new guidelines do not mention Bitcoin by name, but there’s little doubt which “de-centralized virtual currency” the Financial Crimes Enforcement Network (FinCEN) had in mind when it drafted the new guidelines. A FinCEN spokesman told Bank Technology News last year that “we are aware of Bitcoin and other similar operations, and we are studying the mechanism behind Bitcoin.” America’s anti-money-laundering laws require financial institutions to collect information on potentially suspicious transactions by their customers and report these to the federal government. Among the institutions subject to these regulatory requirements are “money services businesses,” including “money transmitters.” Until now, it wasn’t clear who in the Bitcoin network qualified as a money transmitter under the law. Read 7 remaining paragraphs | Comments

See original article:
US regulator: Bitcoin exchanges must comply with money-laundering laws

Cisco switches to weaker hashing scheme, passwords cracked wide open

Password cracking experts have reversed a secret cryptographic formula recently added to Cisco devices. Ironically, the encryption type 4 algorithm leaves users considerably more susceptible to password cracking than an older alternative, even though the new routine was intended to enhance protections already in place. It turns out that Cisco’s new method for converting passwords into one-way hashes uses a single iteration of the SHA256 function with no cryptographic salt. The revelation came as a shock to many security experts because the technique requires little time and computing resources. As a result, relatively inexpensive computers used by crackers can try a dizzying number of guesses when attempting to guess the corresponding plain-text password. For instance, a system outfitted with two AMD Radeon 6990 graphics cards that run a soon-to-be-released version of the Hashcat password cracking program can cycle through more than 2.8 billion candidate passwords each second. By contrast, the type 5 algorithm the new scheme was intended to replace used 1,000 iterations of the MD5 hash function. The large number of repetitions forces cracking programs to work more slowly and makes the process more costly to attackers. Even more important, the older function added randomly generated cryptographic “salt” to each password, preventing crackers from tackling large numbers of hashes at once. Read 7 remaining paragraphs | Comments

Continue reading here:
Cisco switches to weaker hashing scheme, passwords cracked wide open

The 49ers’ plan to build the greatest stadium Wi-Fi network of all time

49ers CTO Kunal Malik (left) and Senior IT director Dan Williams (right) stand in front of Santa Clara Stadium. Jon Brodkin When the San Francisco 49ers’ new stadium opens for the 2014 NFL season, it is quite likely to have the best publicly accessible Wi-Fi network a sports facility in this country has ever known. The 49ers are defending NFC champions, so 68,500 fans will inevitably walk into the stadium for each game. And every single one of them will be able to connect to the wireless network, simultaneously , without any limits on uploads or downloads. Smartphones and tablets will run into the limits of their own hardware long before they hit the limits of the 49ers’ wireless network. A model of Santa Clara Stadium, with a wall painting visible in the background. Jon Brodkin Jon Brodkin Until now, stadium executives have said it’s pretty much impossible to build a network that lets every single fan connect at once. They’ve blamed this on limits in the amount of spectrum available to Wi-Fi, despite their big budgets and the extremely sophisticated networking equipment that largesse allows them to purchase. Even if you build the network perfectly, it would choke if every fan tried to get on at once—at least according to conventional wisdom. Read 69 remaining paragraphs | Comments

More here:
The 49ers’ plan to build the greatest stadium Wi-Fi network of all time

911 tech pinpoints people in buildings—but could disrupt wireless ISPs

NextNav’s enhanced 911 technology locates people within buildings—but may interfere with millions of existing devices. NextNav Cell phones replacing landlines are making it difficult to accurately locate people who call 911 from inside buildings. If a person having a heart attack on the 30th floor of a giant building can call for help but is unable to speak their location, actually finding that person from cell phone and GPS location data is a challenge for emergency responders. Thus, new technologies are being built to accurately locate people inside buildings. But a system that is perhaps the leading candidate for enhanced 911 geolocation is also controversial because it uses the same wireless frequencies as wireless Internet Service Providers, smart meters, toll readers like EZ-Pass, baby monitors, and various other devices. NextNav , the company that makes the technology, is seeking permission from the Federal Communications Commission to start commercial operations. More than a dozen businesses and industry groups oppose NextNav (which holds FCC licenses through a subsidiary called Progeny), saying the 911 technology will wipe out devices and services used by millions of Americans. Read 37 remaining paragraphs | Comments

Read this article:
911 tech pinpoints people in buildings—but could disrupt wireless ISPs

How two volunteers built the Raspberry Pi’s operating system

Aurich Lawson When you buy a Raspberry Pi, the $35 computer doesn’t come with an operating system. Loading your operating system of choice onto an SD card and then booting the Pi turns out to be pretty easy. But where do Pi-compatible operating systems come from? With the Raspberry Pi having just  turned one year old , we decided to find out how  Raspbian —the officially recommended Pi operating system—came into being. The project required 60-hour work weeks, a home-built cluster of ARM computers, and the rebuilding of 19,000 Linux software packages. And it was all accomplished by two volunteers. Like the Raspberry Pi itself, an unexpected success story Although there are numerous operating systems for the Pi, the Raspberry Pi Foundation recommends one for the general populace. When the Pi was born a year ago, the  recommended operating system was a version of Red Hat’s Fedora tailored to the computer’s ARM processor. But within a few months, Fedora fell out of favor on the Pi and was replaced by Raspbian. It’s a version of Debian painstakingly rebuilt for the Raspberry Pi by two volunteers named Mike Thompson and Peter Green. Read 53 remaining paragraphs | Comments

Read the article:
How two volunteers built the Raspberry Pi’s operating system

Trigger word: e-mail monitoring gets easy in Office 365, Exchange

I’m in ur email, watching ur filez. Diana Dee Sophia Exchange 2013 and Office 365 include a new feature that can peek into e-mail messages and enclosed documents, then flag them, forward them, or block them entirely based on what it finds. This sort of data loss prevention technology has become increasingly common in corporate mail systems. But its inclusion as a feature in Office 365’s cloud service makes it a lot more accessible to organizations that haven’t had the budget or expertise to monitor the e-mail lives of their employees. As we showed in our review of the new Office server platforms , the data loss prevention feature of Microsoft’s new messaging platforms can detect things like credit card numbers, social security numbers, and other content that has no business travelling by e-mail.  Because of how simple it is to configure rules for Microsoft’s DLP and security features, administrators will also have the power to do other sorts of snooping into what’s coming and going from users’ mailboxes. Unfortunately, depending on the mix of mail servers in your organization—or which Exchange instances you happen to hit in the O365 Azure cloud—they may not work all the time. And they won’t help defeat someone determined to steal data via e-mail. Read 9 remaining paragraphs | Comments

Read More:
Trigger word: e-mail monitoring gets easy in Office 365, Exchange

Sodium-air battery shows potential

Pete Slater With battery technology being critical for so many things, interest in building better batteries just keeps on growing. The recent Tesla Model S testing debacle, explosive laptop batteries , and Boeing battery problems give us hints at how close to the edge engineers operate batteries. Volume, weight, and energy are key. Minimize the first two and maximize the last to obtain energy storage nirvana. Lithium-ion batteries rule the roost at the moment, but as capacities are already on the order of 200Wh/kg, we’re pushing up against their limits—basic chemical reactions provide a fixed amount of energy. The search for alternatives is being pursued by a rapidly growing field of eyebrow-less engineers (just kidding; battery mishaps don’t happen that often ). A recent publication on a sodium-air battery shows promise, but it also demonstrates what a huge amount of work still needs to be done. The key to a battery is a simple chemical reaction that, at its heart, is the exchange of an electron. During the exchange, a certain amount of energy is released, usually in the form of heat. That’s why, when you drop some sodium metal in water, the energy released is enough to cause explosions. The role of the battery is to intercept that electron and release its energy in the form of useful work. Read 8 remaining paragraphs | Comments

Read the original post:
Sodium-air battery shows potential