Tag: newsletters

Ukranian fraudster and CarderPlanet “Don” finally sentenced to 18 years

401(K) 2012 In 2001, a group of 150 Russian-speaking hackers gathered at a restaurant in Odessa to found CarderPlanet . It ultimately became one of the world’s most notorious fraudulent credit card data websites, and it was shut down in 2004 . On Thursday, one of the site’s founders, Roman Vega (aka “Boa”), was sentenced to 18 years in prison by a United States federal judge. Vega’s case has been going on for quite some time. The Ukrainian credit card fraudster was arrested, prosecuted, and convicted in Cyprus in 2003. Then, he was brought to the United States in 2004 to face federal charges in California, to which he pleaded guilty. By 2007, Vega faced fresh charges in New York. By early 2009, Vega pleaded guilty to those charges, but then he attempted to withdraw his plea in 2011. Various motions were filed, but by May 2012, the judge denied his request and his plea stood. Read 5 remaining paragraphs | Comments        

More:
Ukranian fraudster and CarderPlanet “Don” finally sentenced to 18 years

AT&T offers gigabit Internet discount in exchange for your Web history

AT&T is watching you browse. Seth Anderson AT&T’s “GigaPower” all-fiber network has launched in parts of Austin, Texas, with a price of $70 per month for download speeds of 300Mbps (which will be upgraded to a gigabit at no extra cost in 2014). The $70 price is only available if you agree to see targeted ads from AT&T and its partners, however. Interestingly, AT&T labels the Internet service with targeted ads as its “premier” service while calling the service without targeted ads “standard.” Not only is the price of the premier service (with ads) only $70 a month, but it comes with a waiver of equipment, installation, and activation fees. The standard service without ads is $99 a month, and there’s no mention of a waiver in AT&T’s announcement . “The waiver is part of the Premier package, so is not available with the standard service at this time,” AT&T told Ars. Read 8 remaining paragraphs | Comments        

Read this article:
AT&T offers gigabit Internet discount in exchange for your Web history

The first smartring has an LED screen, tells time, and accepts calls

Forget smartwatches —smartrings are the new thing now. An Indiegogo campaign for a product called the “Smarty Ring” has hit its funding goal. Smarty Ring is a 13mm-wide stainless steel ring with an LED screen, Bluetooth 4.0, and an accompanying smartphone app. The ring pairs with a smartphone and acts as a remote control and notification receiver. The ring can display the time, accept or reject calls, control music, trigger the smartphone’s camera, and initiate speed-dial calls. It will also alert the wearer with light-up icons for texts, e-mails, Facebook, Twitter, Google Hangouts, and Skype. It supports dual time zones and comes with a countdown timer, a stopwatch, and an alarm. It can work as a tracker for your phone, too—if your smartphone is more than 30 feet away from the ring, Smarty Ring will trigger an alarm. The ring supports Android and iOS—as long as your device has Bluetooth 4.0, it should be compatible. The creators are promising 24 hours of battery life from the whopping 22 mAh battery, and charging happens via a wireless induction pad. Read 1 remaining paragraphs | Comments        

Read More:
The first smartring has an LED screen, tells time, and accepts calls

French agency caught minting SSL certificates impersonating Google

sharyn morrow Rekindling concerns about the system millions of websites use to encrypt and authenticate sensitive data, Google caught a French governmental agency spoofing digital certificates for several Google domains. The secure sockets layer (SSL) credentials were digitally signed by a valid certificate authority, an imprimatur that caused most mainstream browsers to place an HTTPS in front of the addresses and display other logos certifying that the connection was the one authorized by Google. In fact, the certificates were unauthorized duplicates that were issued in violation of rules established by browser manufacturers and certificate authority services. The certificates were issued by an intermediate certificate authority linked to the Agence nationale de la sécurité des systèmes d’information, the French cyberdefense agency better known as ANSSI. After Google brought the certificates to the attention of agency officials, the officials said the intermediate certificate was used in a commercial device on a private network to inspect encrypted traffic with the knowledge of end users, Google security engineer Adam Langley wrote in a blog post published over the weekend . Google updated its Chrome browser to reject all certificates signed by the intermediate authority and asked other browser makers to do the same. Firefox developer Mozilla and Microsoft, developer of Internet Explorer have followed suit . ANSSI later blamed the mistake on human error . It said it had no security consequences for the French administration or the general public, but the agency has revoked the certificate anyway. Read 5 remaining paragraphs | Comments        

Originally posted here:
French agency caught minting SSL certificates impersonating Google

New US spy satellite features world-devouring octopus

United Launch Alliance via ODNI President Obama is out to put the public’s mind at ease about new revelations on intelligence-gathering, but the Office for the Director of National Intelligence can’t quite seem to get with the program of calming everyone down. Over the weekend, the ODNI was pumping up the launch of a new surveillance satellite launched by the National Reconnaissance Office. The satellite was launched late Thursday night, and ODNI’s Twitter feed posted photos and video of the launch over the following days. Read 4 remaining paragraphs | Comments        

Continue reading here:
New US spy satellite features world-devouring octopus

Mozilla making progress with Firefox’s long journey to multiprocess

Multiple Firefox processes. Gill Penney Internet Explorer and Chrome both use a multiprocess architecture to enhance stability and security. They separate the task of parsing and rendering Web pages from the job of drawing the browser on-screen, saving downloaded files, creating network connections, and so on. This allows them to run the dangerous parts—the parts exposed to malicious scripts and exploitative HTML—in a sandbox with reduced permissions, making it harder for browser flaws to be turned into system compromises. It also means that they’re much more tolerant of crash bugs; a bug will bring down an individual tab, but shouldn’t, in general, bring down the browser as a whole. In 2009, Mozilla announced the Electrolysis project , which was to bring this kind of multiprocess design to Firefox. Read 10 remaining paragraphs | Comments        

Read the article:
Mozilla making progress with Firefox’s long journey to multiprocess

Google compute cloud load balances 1 million requests per second for $10

We hold Google ransom for… one million Web requests. New Line Cinema Google Compute Engine, the company’s infrastructure-as-a-service cloud that competes against Amazon Web Services, is trying to take reliability and scale to the extreme. Yesterday, the company said it was able to serve “one million load balanced requests per second” with a single IP address receiving the traffic and distributing it across 200 Web servers. Each of the million requests was just “one byte in size not including the http headers,” Google Performance Engineering Manager Anthony F. Voellm wrote in a blog . It’s thus not representative of real-world traffic, but the simulation shows that Compute Engine should be able to let websites absorb big bursts in traffic without shutting down. According to Google, the test showed the load balancer was able to serve the aforementioned one million requests “within five seconds after the setup and without any pre-warming.” The test ran for more than seven minutes. “The 1M number is measuring a complete request and successful response,” Voellm wrote. Read 9 remaining paragraphs | Comments        

Read More:
Google compute cloud load balances 1 million requests per second for $10

Scientist-developed malware covertly jumps air gaps using inaudible sound

Topology of a covert mesh network that connects air-gapped computers to the Internet. Hanspach and Goetz Computer scientists have developed malware that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection. The proof-of-concept software—or malicious trojans that adopt the same high-frequency communication methods—could prove especially adept in penetrating highly sensitive environments that routinely place an “air gap” between computers and the outside world. Using nothing more than the built-in microphones and speakers of standard computers, the researchers were able to transmit passwords and other small amounts of data from distances of almost 65 feet. The software can transfer data at much greater distances by employing an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals. The researchers, from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics , recently disclosed their findings in a paper published in the Journal of Communications . It came a few weeks after a security researcher said his computers were infected with a mysterious piece of malware that used high-frequency transmissions to jump air gaps . The new research neither confirms nor disproves Dragos Ruiu’s claims of the so-called badBIOS infections, but it does show that high-frequency networking is easily within the grasp of today’s malware. Read 6 remaining paragraphs | Comments        

More:
Scientist-developed malware covertly jumps air gaps using inaudible sound

Anti-GMO crop paper to be forcibly retracted

Chiot’s Run Last year, a French researcher made waves by announcing a study that suggested genetically modified corn could lead to an increased incidence of tumors in lab animals. But the way the finding was announced seemed designed to generate publicity while avoiding any scientific evaluation of the results. Since then, the scientific criticisms have rolled in, and they have been scathing. Now, the editor of the journal that published it has decided to pull the paper despite the objections of its primary author. The initial publication focused on corn that had been genetically engineered to carry a gene that allowed it to break down a herbicide. French researchers led by Gilles-Eric Séralini fed the corn, with and without herbicide, to rats. Control populations were given the herbicide alone or unmodified corn. The authors concluded that the genetically-modified corn led to an elevated incidence of tumors and early death. But even a cursory glance at the results suggested there were some severe problems with this conclusion. To begin with, there were similar effects caused by both the genetically engineered crop and by the herbicide it was designed to degrade. None of the treatments showed a dose effect; in some cases, the lowest doses had the most dramatic effect. And, if the treatment populations were combined, in some cases they were healthier than the controls. Tests of whether the results were statistically significant were completely lacking. Read 8 remaining paragraphs | Comments        

More:
Anti-GMO crop paper to be forcibly retracted

TV news team falls for Facebook doppelgänger scam

The doppelgänger Facebook profile scraped from WBAL producer Chris Dachille convinced many of his friends that it was actually him—and then spammed them with requests for money and malicious links. WBAL Reporters and producers at a television station in Baltimore recently found out the hard way that they shouldn’t blindly accept Facebook friend requests. Last month, they found that their profiles had been cloned by an attacker who quickly used their network of friends to spread malicious links and ask for money. Attacks on media organizations’ social media accounts have been at an all-time high this past year, including “hacktivist” and state-sponsored attacks on media outlets from the Syrian Electronic Army. But the attack on the staff of WBAL-TV was directed toward staff members’ personal accounts. And this initiative was a more workaday one, less targeted at the station itself than the friends, co-workers, and viewers who were connected to the cloned accounts. Because some of WBAL’s staff members mixed their personal and professional social networking together, the attack gave the scammer access to a huge audience’s Facebook news feeds. After the attack was discovered, it took weeks for Facebook to shut down the fake accounts. Read 12 remaining paragraphs | Comments        

Read More:
TV news team falls for Facebook doppelgänger scam