Tag: hash

Seattle utility wants $17,500 refund after failure to scrub negative search results

John Tregoning Seattle’s publicly-owned electrical utility, City Light, is now demanding  a refund for the $17,500 that it paid to Brand.com  in a botched effort to boost the online reputation of its highly-paid chief executive, Jorge Carrasco. The project was concocted by the CEO’s chief of staff, Sephir Hamilton . In an interview with Ars, Hamilton said that the agency may even file a lawsuit to enforce this refund. “We’re leaving our options open,” he said. “I hope that they’ll see that what we signed up for was not the service that they delivered. We were sold one bill of goods and we were given another.” Read 26 remaining paragraphs | Comments

Link:
Seattle utility wants $17,500 refund after failure to scrub negative search results

Judge orders unmasking of Amazon.com “negative” reviewers

A federal judge has granted a nutritional supplement firm’s request to help it learn the identities of those who allegedly left “phony negative” reviews of its products on Amazon.com. The decision means that Ubervita may issue subpoena’s to Amazon.com and Cragslist to cough up the identities of those behind a “campaign of dirty tricks against Ubervita in a wrongful effort to put Ubervita at a competitive disadvantage in the marketplace .” (PDF). According to a lawsuit by the maker of testosterone boosters, multivitamins and weight loss supplements, unknown commenters  had placed fraudulent orders “to disrupt Ubervita’s inventory,” posted a Craigslist ad “to offer cash for favorable reviews of Ubervita products,” and posed “as dissatisfied Ubervita customers in posting phony negative reviews of Ubervita products, in part based on the false claim that Ubervita pays for positive reviews.” Read 2 remaining paragraphs | Comments

More:
Judge orders unmasking of Amazon.com “negative” reviewers

Emergency Windows update revokes dozens of bogus Google, Yahoo SSL certificates

Microsoft has issued an emergency update for most supported versions of Windows to prevent attacks that abuse recently issued digital certificates impersonating Google and Yahoo. Company officials warned other undiscovered fraudulent credentials for other domains may still be in the wild. Thursday’s unscheduled update revokes 45 highly sensitive secure sockets layer (SSL) certificates that hackers managed to generate after compromising systems operated by the National Informatics Centre (NIC) of India, an intermediate certificate authority (CA) whose certificates are automatically trusted by all supported versions of Windows. Millions of sites operated by banks, e-commerce companies, and other types of online services use the cryptographic credentials to encrypt data passing over the open Internet and to prove the authenticity of their servers. As Ars explained Wednesday , the counterfeit certificates pose a risk to Windows users accessing SSL-protected sections of Google, Yahoo, and any other affected domains. “These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against Web properties,” a Microsoft advisory warned. “The subordinate CAs may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks.” Read 4 remaining paragraphs | Comments

View post:
Emergency Windows update revokes dozens of bogus Google, Yahoo SSL certificates

Deep-sea streaming: 500-mile NEPTUNE cabling brings Internet to the ocean floor

Your home Ethernet cable doesn’t deal with any of this ish—pictured here, a sea star and a squat lobster—behind some desk. NEPTUNE Canada The Juan de Fuca tectonic plate is by far one of the Earth’s smallest. It spans just a few hundred kilometers of the Oregon, Washington, and British Columbia coast. But what the Juan de Fuca lacks in size it makes up for in connectivity. It’s home to a unique, high-speed optical cabling that has snaked its way across the depths of the Pacific seafloor plate since late 2009. This link is called NEPTUNE—the North-East Pacific Time-Series Underwater Networked Experiment—and, at more than 800 kilometers (about 500 miles), it’s about the same length as 40,000 subway cars connected in a single, long train. A team of scientists, researchers, and engineers from the not-for-profit group Oceans Network Canada maintains the network, which cost CAD $111 million to install and $17 million each year to maintain. But know that this isn’t your typical undersea cable. For one, NEPTUNE doesn’t traverse the ocean’s expanse, but instead loops back to its starting point at shore. And though NEPTUNE is designed to facilitate the flow of information through the ocean, it also collects information about the ocean, ocean life, and the ocean floor. Read 52 remaining paragraphs | Comments

See more here:
Deep-sea streaming: 500-mile NEPTUNE cabling brings Internet to the ocean floor

The Witcher coming to iOS, Android, WP8 as a free-to-play MOBA game

For a video game, the jump from “series” to “franchise” can have its seriously awkward moments. At what point does it make sense for a beloved game character to show up in different genres, like puzzle, sports, or kart-racing games? It’s a question worth posing to the folks at Polish design studio CD Projekt Red, who today publicly unveiled the first major spin-off for the company’s plot- and morals-loaded RPG series The Witcher . Thankfully, The Witcher: Battle Arena  seems more logical for the series than, say, Dr. Geralt of Rivia’s Mean Bean Machine , as the game will pit the series’ heroes and villains against each other in three-on-three “MOBA”-styled combat by the end of this year. The game’s unveiling didn’t come with a grand pronouncement of new twists on the genre; rather, CD Projekt Red appeared to justify the game’s existence on the fact that quality MOBA games simply don’t exist on smartphones and tablets. “I dare you to name three MOBA games on mobile devices,” Tadek Zielinski said in a Eurogamer report , adding, “We don’t want to fight with League of Legends or Dota . We are a humble company. It wouldn’t be wise to go against guys who are working on it for such a long time.” Read 3 remaining paragraphs | Comments

Follow this link:
The Witcher coming to iOS, Android, WP8 as a free-to-play MOBA game

Millions of dymanic DNS users suffer after Microsoft seizes No-IP domains

Microsoft Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users. Microsoft enforced a federal court order making the company the domain IP resolver for the No-IP domains. Microsoft said the objective of the seizure was to identify and reroute traffic associated with two malware families that abused No-IP services. Almost immediately, end-users, some of which were actively involved in Internet security, castigated the move as heavy handed, since there was no evidence No-IP officially sanctioned or actively facilitated the malware campaign, which went by the names Bladabindi (aka NJrat) and Jenxcus (aka NJw0rm). “By becoming the DNS authority for those free dynamic DNS domains, Microsoft is now effectively in a position of complete control and is now able to dictate their configuration,” Claudio Guarnieri, co-founder of Radically Open Security, wrote in an e-mail to Ars Technica. “Microsoft fundamentally swept away No-IP, which has seen parts of its own DNS infrastructure legally taken away.” Read 6 remaining paragraphs | Comments

Read the article:
Millions of dymanic DNS users suffer after Microsoft seizes No-IP domains

Steam reaches highest-ever concurrent user count at over 8 million

Aurich Lawson Over the weekend, Steam’s annual summer video game sale posted its final list of bargains, gathering the two-week sale’s most popular discounts for one last hurrah. Steam sales veterans, heeding the usual advice of “wait until the last day,” responded in kind by storming the service during the sale’s final 24 hours. On Steam’s official statistics page, which logs the past 48 hours of activity, the service confirmed just how big that last hurrah was, counting over 8 million simultaneous live users on Sunday . That’s a new peak for the service, which had crossed the 7 million concurrent mark this past December. Valve Software, operators of the Steam store, announced during January’s Steam Dev Days that the service had reached 75 million active users, which comes shy of the 186 million accounts we measured in April . A NeoGAF thread talking about the Steam numbers showed that they compare well to Xbox Live’s 48 million members (both Gold and otherwise) as of May 2013 and PSN’s 110 million members as of July 2013. Read 1 remaining paragraphs | Comments

View post:
Steam reaches highest-ever concurrent user count at over 8 million

Apple releases iOS 7.1.2 with iBeacon, mail attachment encryption fixes

Andrew Cunningham Apple today released iOS 7.1.2, the second minor update to iOS 7.1 . The list of changes is short and focused mainly on minor bugs—it “improves iBeacon connectivity and stability,” patches a security hold whereby at-rest e-mail attachments could be accessed by an attacker if he or she had physical access to your phone, and fixes a problem with data transfers from accessories “including barcode scanners.” The e-mail attachment bug is probably the most important thing addressed by the update—it was reported widely back in April when Andreas Kurtz wrote about it on his blog . Kurtz was able to access e-mail attachments using standard tools on several different iOS devices running versions 7.1.1 and 7.0.4. As part of the iBeacon update, iOS 7.1.2 also re-enables Bluetooth on iOS devices, which we verified on an iPhone 5S by disabling Bluetooth before installing the update. Read 1 remaining paragraphs | Comments

Read the original:
Apple releases iOS 7.1.2 with iBeacon, mail attachment encryption fixes

Verizon Wireless employee stole 900 phones, made $270,000 profit on eBay

A Verizon Wireless account executive who pleaded guilty to stealing more than 900 cell phones and selling them on eBay for a profit of $272,290 was sentenced this week to 27 months in prison. James Hopkins, 35, committed the fraud throughout most of 2009 while working as a business-to-business account executive at a Verizon Wireless branch office in Trevose, PA, according to a criminal complaint. He was charged with mail fraud and sentenced in US District Court in New Jersey, where Verizon is based. “From February through November 2009, Hopkins placed numerous orders for Verizon Wireless cellular telephones, handheld devices and accessories in the names of existing Verizon Wireless customers without their knowledge,” the US Attorney’s office in New Jersey wrote in an announcement. “After arranging for the merchandise to be shipped to the home of a relative in New Jersey, the defendant manipulated Verizon’s computer database to conceal the fraudulent orders and shipments. Hopkins received $328,517 worth of stolen Verizon Wireless merchandise, which he sold on eBay for a profit of $272,290.” That amounts to a profit of about $300 for each stolen phone. Read 2 remaining paragraphs | Comments

More here:
Verizon Wireless employee stole 900 phones, made $270,000 profit on eBay

Running WordPress? Got webshot enabled? Turn it off or you’re toast

A zero-day vulnerability in the popular TimThumb plugin for WordPress leaves many websites vulnerable to exploits that allow unauthorized attackers to execute malicious code, security researchers have warned. The vulnerability, which was disclosed Tuesday on the Full Disclosure mailing list , affects WordPress sites that have TimThumb installed with the webshot option enabled. Fortunately, it is disabled by default, and sites that are hosted on WordPress.com are also not susceptible. Still, at press time, there was no patch for the remote-code execution hole. People who are unsure if their WordPress-enabled site is vulnerable should open the timthumb file inside their theme or plugin directory, search for the text string “WEBSHOT_ENABLED,” and ensure that it’s set to false. When “WEBSHOT_ENABLED” is set to true, attackers can create or delete files and execute a variety of other commands, Daniel Cid, CTO of security firm Sucuri, warned in a blog post published Thursday . He said uploading a file to a vulnerable site was possible using URLs such as the following, where a.txt was the file being created: Read 1 remaining paragraphs | Comments

View original post here:
Running WordPress? Got webshot enabled? Turn it off or you’re toast