Tag: newsletters

Former US cybersecurity official gets 25 years for child porn charges

On Monday, a federal judge in Nebraska sentenced the former acting director of cybersecurity for the US Department of Health and Human Services to 25 years in prison on child porn charges. Timothy DeFoggi, who was convicted back in August 2014, is the sixth person to be convicted in relations to a Nebraska-based child porn Tor-enable website known as PedoBook. That site’s administrator, Aaron McGrath, was sentenced to 20 years last year by the same judge. McGrath famously did not have an administrator password, a mistake that federal investigators were easily able to make use of. DeFoggi’s attorneys did not immediately respond to Ars’ request for comment, but he was almost certainly unmasked via an FBI-created malware exploit designed to expose him and other PedoBook users. Read 3 remaining paragraphs | Comments

View original post here:
Former US cybersecurity official gets 25 years for child porn charges

Broadwell U arrives: Faster laptop CPUs and GPUs from Core i7 to Celeron

Intel promised us more chips based on the new Broadwell architecture in early 2015, and today it’s delivering on that promise. Today at CES in Las Vegas the company announced a total of 17 new dual-core processors across most of its consumer product lines—from Core i7 at the high end all the way down to Pentium and Celeron at the low end. Intel usually starts with high-end CPUs and rolls out low-end ones later, once demand for the high-end chips falls a bit and manufacturing costs have come down. Broadwell’s strange rollout means we’re getting mainstream and low-end mobile CPUs dropped on us all at once, but faster, more power-hungry quad-core chips destined for mobile and laptop workstations still aren’t available. Today we’ll walk you through all of the products Intel is announcing and what kind of performance and feature improvements you can expect. As CES rolls on, we’ll hopefully get a chance to go hands-on with some new Broadwell systems and provide some hands-on impressions. These systems should begin shipping to the public at some point in the next month or two. Read 27 remaining paragraphs | Comments

View article:
Broadwell U arrives: Faster laptop CPUs and GPUs from Core i7 to Celeron

HP sells Palm trademarks; brand could be resurrected with new smartphones

Palm, the legendary smartphone and PDA company, might seem dead and gone, but it’s now looking like the name “Palm” will rise again as a zombie brand. For a quick refresher:  HP bought Palm for $1.2 billion in 2010. HP killed the Palm brand after about a year of ownership and stopped making WebOS devices entirely about a year-and-a-half after the acquisition. Since then, Palm has been pretty dead. Lately, though, the brand has started to stir. The diehards over at WebOS Nation have been keeping a close eye on  Palm.com , which recently stopped redirecting nostalgic visitors to hpwebos.com  and started sending people to mynewpalm.com . The page shows a looping video of a Palm logo along with the text “Coming Soon” and “Smart Move.” No one was sure who was behind the site resuscitation until this document was found, which shows the transfer of the Palm trademark from Palm, Inc (still a subsidiary of HP) to a company called Wide Progress Global Limited. Wide Progress Global Limited doesn’t seem to be a company with any kind of real purpose—it’s just a shell meant to hide the true buyer. The person signing the paperwork for Wide Progress Global Limited is Nicolas Zibell, who also  just happens to hold the title “President Americas and Pacific” at Alcatel One Touch. Couple that with the fact that the “Smart Move”—the text that appears on the new Palm site—is Alcatel One Touch’s slogan, and it’s pretty clear that Alcatel One Touch bought the Palm brand. Read 3 remaining paragraphs | Comments

Visit site:
HP sells Palm trademarks; brand could be resurrected with new smartphones

Apple automatically patches Macs to fix severe NTP security flaw

Most OS X security updates are issued alongside other fixes via the Software Update mechanism, and these require some kind of user interaction to install—you’ve either got to approve them manually or tell your Mac to install them automatically. Apple does have the ability to quietly and automatically patch systems if it needs to, however, and it has exercised that ability for the first time to patch a critical flaw in the Network Time Protocol (NTP) used to keep the system clock in sync. This security hole became public knowledge late last week . When exploited, the NTP flaw can cause buffer overflows that allow remote attackers to execute code on your system. If you allow your system to “install system data files and security updates” automatically (checked by default), you’ve probably already gotten the update and seen the notification above. If not, Mountain Lion, Mavericks, and Yosemite users should use Software Update to download and install the update as soon as possible. The flaw may exist in Lion, Snow Leopard, and older OS X versions, but they’re old enough that Apple isn’t providing security updates for them anymore. While this was the first time this particular auto-update function has been used, Apple also automatically updates a small database of malware definitions on all Macs that keeps users from installing known-bad software. That feature, dubbed “XProtect,” was introduced in Snow Leopard in response to the Mac Defender malware and has since expanded to include several dozen items . Read on Ars Technica | Comments

Read More:
Apple automatically patches Macs to fix severe NTP security flaw

Watching lava fight with snow in Kamchatka

Depending on the context, volcanic eruptions are either terrifying or transfixing—sometimes both, but rarely neither. The opportunity to safely view the otherworldly spectacle of lava rarely fails to ignite a child-like, giddy wonder. The damage currently being done by a lava flows in the Cape Verde Islands , on the other hand, is heart-breaking. We study these things because they are both lovely and terrible. We want to see a lava flow spill across a snowfield out of curiosity, and we want to better understand the hazards surrounding snow-capped volcanoes out of caution. Benjamin Edwards of Dickinson College and Alexander Belousov and Marina Belousova of Russia’s Institute of Volcanology and Seismology got the opportunity to witness one of these events last year in Russia’s Kamchatka Peninsula. For nine months, Tolbachik spewed basaltic lava flows that ultimately covered 40 square kilometers, reaching as far as 17 kilometers from their source. The lava flows came in two flavors , known to geologists by Hawaiian names. (While frozen Kamchatka doesn’t exactly evoke coconuts and grass skirts, these lavas are similar to those of the Hawaiian volcanoes.) First there’s ‘a’a (pronounced as a staccato “AH-ah”), which ends up a chunky, blocky crumble of basalt. The other is pahoehoe (roughly “puh-HOY-hoy”, which is how volcanologists answer the phone), which flows more like thick batter and can solidify into a surface resembling a pile of ropes. Read 8 remaining paragraphs | Comments

See the article here:
Watching lava fight with snow in Kamchatka

Activist group sues San Diego Police Department over “stingray” records

A legal advocacy group has sued the San Diego Police Department (SDPD) and the city of San Diego in an attempt to force the release of public records relating to stingrays, also known as cell-site simulators. Stingrays are often used covertly by local and federal law enforcement to locate target cellphones and their respective owners. However, stingrays also sweep up cell data of innocent people nearby who have no idea that such collection is taking place. Stingrays can be used to intercept voice calls and text messages as well. Earlier this week, a local judge in Arizona ruled that a local reporter could not receive similar stingray documents from the Tucson Police Department because disclosure “would give criminals a road map for how to defeat the device, which is used not only by Tucson but other local and national police agencies.” Read 5 remaining paragraphs | Comments

Originally posted here:
Activist group sues San Diego Police Department over “stingray” records

ICANN e-mail accounts, zone database breached in spearphishing attack

Unknown attackers used a spearphishing campaign to compromise sensitive systems operated by the Internet Corporation for Assigned Names and Numbers (ICANN), a coup that allowed them to take control of employee e-mail accounts and access personal information of people doing business with the group. ICANN, which oversees the Internet’s address system, said in a release published Tuesday that the breach also gave attackers administrative access to all files stored in its centralized zone data system , as well as the names, postal addresses, e-mail addresses, fax and phone numbers, user names, and cryptographically hashed passwords of account holders who used the system. Domain registries use the database to help manage the current allocation of hundreds of new generic top level domains (gTLDs) currently underway. Attackers also gained unauthorized access to the content management systems of several ICANN blogs. “We believe a ‘spear phishing’ attack was initiated in late November 2014,” Tuesday’s press release stated. “It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff. The attack resulted in the compromise of the email credentials of several ICANN staff members.” Read 4 remaining paragraphs | Comments

Original post:
ICANN e-mail accounts, zone database breached in spearphishing attack

Feds used Adobe Flash to identify Tor users visiting child porn sites

A little more than 16 months ago, word emerged that the FBI exploited a recently patched Firefox vulnerability to unmask Tor users visiting a notorious child pornography site. It turns out that the feds had waged an even broader uncloaking campaign a year earlier by using a long-abandoned part of the open source Metasploit exploit framework to identify Tor-using suspects. According to Wired , “Operation Torpedo,” as the FBI sting operation was dubbed, targeted users of three darknet child porn sites. It came to light only after Omaha defense attorney Joseph Gross challenged the accuracy of evidence it uncovered against a Rochester, New York-based IT worker who claims he was falsely implicated in the campaign. Operation Torpedo used the Metasploit Decloaking Engine to identify careless suspects who were hiding behind Tor, a free service used by good and bad guys alike to shield their point of entry to the Internet. The Decloaking Engine went live in 2006 and used five separate methods to break anonymization systems. One method was an Adobe Flash application that initiated a direct connection with the end user, bypassing Tor protections and giving up the user’s IP address. Tor Project officials have long been aware of the vulnerability and strenuously advise against installing Flash. According to Wired: Read 1 remaining paragraphs | Comments

View article:
Feds used Adobe Flash to identify Tor users visiting child porn sites

4 seconds of body cam video can reveal a biometric fingerprint, study says

Researchers say they can have computers examine body camera video footage and accurately identify a person wearing a body-mounted device in about four seconds, according to a recently released paper . The authors of the study had their software look at biometric characteristics like height, stride length, and walking speed to find the identity of the person shooting the footage. As they point out, this could have both positive and negative implications for civilians, law enforcement, and military personnel if they’re using body-mounted cameras. (It’s important to note that this research paper,  Egocentric Video Biometrics , was posted  to the arXiv repository . As such, it’s not considered a final, peer-reviewed work.) Using static, mounted cameras to match a person’s height and gait is a relatively common and well-researched vector for narrowing down the identity of people caught in videos. The authors said that, to get an accurate read of the biometric data of the person wearing the body cam, the footage has to be from a camera secured to one point on a person’s body (handheld cameras don’t work), and it has to have at least four seconds of video of the camera-wearer walking. Despite these restrictions, the two researchers from The Hebrew University in Jerusalem noted that once the necessary information had been gathered, “the identity of the user can be determined quite reliably from a few seconds of video.” “This is like a fingerprint,” Shmuel Peleg, one of the paper’s authors, told The Verge. “In order to find the person you have to have their fingerprint beforehand. But we can compare two people and say whether two videos were shot by the same person or not.” Read 4 remaining paragraphs | Comments

More:
4 seconds of body cam video can reveal a biometric fingerprint, study says

Judge says reporter can’t get public records about cops’ “stingray” use

A local judge in Arizona ruled Friday that the Tucson Police Department (TPD) does not have to disclose records related to the use of stingrays, also known as cell-site simulators, under the state’s public records act. According to a Saturday report from Capitol Media Services , a state news wire, complying with reporter Beau Hodai ’s public records request “would give criminals a road map for how to defeat the device, which is used not only by Tucson but other local and national police agencies.” Hodai sued the TPD and the City of Tucson in March 2014 to force them to hand over such records. The devices are often used covertly by local and federal law enforcement to locate target cellphones and their respective owners. However, stingrays also sweep up cell data of innocent people nearby who have no idea that such collection is taking place. Stingrays can be used to intercept voice calls and text messages as well. Read 9 remaining paragraphs | Comments

Link:
Judge says reporter can’t get public records about cops’ “stingray” use