parsely-root – Page 9 – Tech Today w/ Ken May

Java users beware: Exploit circulating for just-patched critical flaw

If you haven’t installed last week’s patch from Oracle that plugs dozens of critical holes in its Java software framework, now would be a good time. As in immediately. As in, really, right now . In the past few days, attack code targeting one of the many remote-code-execution vulnerabilities fixed in Java 7 Update 21 was folded into either the folded into the RedKit or CrimeBoss exploit kit. By Sunday, that attack code was being actively unleashed on unsuspecting end users, according to a short blog post published by a researcher from antivirus provider F-Secure. The post doesn’t say where the attacks were being hosted or precisely how attackers are using them. Still, Oracle describes the vulnerability as allowing remote code execution without authentication. And that means you should install the patch before you do anything else today. The track record of malware purveyors of abusing advertising networks, compromised Apache servers , and other legitimate enterprises means readers could encounter attacks even when they’re browsing a site they know and trust. Read 3 remaining paragraphs | Comments

Originally posted here:
Java users beware: Exploit circulating for just-patched critical flaw

Senate advances “online sales tax” by 74-20 vote

Your tax-free days of online shopping are numbered. If S743 , also known as the Marketplace Fairness Act, becomes law, the millions of Americans who have been able to avoid sales tax online will have to start paying it. Given the broad support shown by today’s US Senate vote, some version of it is likely to come to fruition. The bill will compel companies having annual online sales of more than $1 million to collect sales tax on those purchases. Interstate sales have long been exempted from sales tax, but brick-and-mortar businesses have just as long complained about the edge that online businesses have since they avoid collecting taxes. A key opponent of online taxation, retail giant Amazon, recently switched sides after losing some key legal and political battles over taxation. Amazon already collects taxes on sales in nine states , including California, New York, and Texas. Technically this wouldn’t be a new tax, since California residents who make purchases from an online company are responsible for paying those taxes. But there’s never been an efficient way to collect such taxes so it rarely happens. Read 5 remaining paragraphs | Comments

Original post:
Senate advances “online sales tax” by 74-20 vote

Bitfloor, number four Bitcoin-based exchange, shuts down for good

On Wednesday evening, Bitfloor , the number four Bitcoin-based exchange (behind Mt. Gox, BTC-E, and Bitstamp) announced that it is closing its doors “indefinitely.” “Unfortunately, our US bank account is scheduled to be closed and we can no longer provide the same level of [US dollar] deposits and withdrawals as we have in the past,” wrote Roman Shtylman , the exchange’s founder. “As such, I have made the decision to halt operations and return all funds. Over the next days we will be working with all clients to ensure that everyone receives their funds. Please be patient as we process your request.” Ars reached out to Shtylman to find out more details, but he did not immediately respond. Read 2 remaining paragraphs | Comments

See the article here:
Bitfloor, number four Bitcoin-based exchange, shuts down for good

Microsoft rolls out standards-compliant two-factor authentication

Microsoft today announced that it is rolling out optional two-factor authentication to the 700 million or so Microsoft Account users, confirming last week’s rumors . The scheme will become available to all users “in the next few days.” It works essentially identically to existing schemes already available for Google accounts. Two-factor authentication augments a password with a one-time code that’s delivered either by text message or generated in an authentication app. Computers that you trust will be allowed to skip the two factors and just use a password, and application-specific passwords can be generated for interoperating with software that doesn’t support two-factor authentication. Read 1 remaining paragraphs | Comments

Read this article:
Microsoft rolls out standards-compliant two-factor authentication

New anti-speech low: buyer sued over negative eBay feedback

Ratings are important on eBay. Lots of buyers use them to assess the quality and reliability of particular sellers, and lots of sellers will go to great lengths to keep perfect or near-perfect ratings. But an Ohio company named Med Express has shown it’s willing to go further than other sellers: it’s willing to litigate. When Med Express got its first piece of negative feedback, it filed a lawsuit , insisting that the feedback be removed from eBay. Amy Nicholls paid $175 for a microscope light, as well as $12 for shipping. She was annoyed when she had to pay an extra $1.44 in postage due and left feedback complaining about that inconvenience. Med Express asked her to remove the feedback and she refused. The company complained that because it offered to refund her the $1.44, she should have taken down the feedback, which had the potential to hurt its business. (In the past six months, Med Express has 142 pieces of positive feedback and only one negative review.) Read 3 remaining paragraphs | Comments

Continue Reading:
New anti-speech low: buyer sued over negative eBay feedback

How an accountant created an entire RPG inside an Excel spreadsheet

A communique from the emperor, above, expresses interest at my formidable skill in killing bunnies and koalas with rocks. Sometimes it’s not always easy (or possible) to install your favorite games on your work computer. Sometimes, some Solitaire or maybe a little collaborative Bomberman is as much as you can get away with when you can’t install anything downloaded from the Internet. And you’d better make sure whatever you’re playing actually looks like work to any nearby screen snoopers around the office. Throughout a few months ending this past February, Cary Walkin created the perfect solution to this problem: an entire RPG made of a spreadsheet and many macros. The game, called Arena.Xlsm , is a turn-based RPG encompassed entirely in an Excel file. Users can download that and use it to progress through levels, collect items, and battle enemies and bosses with melee and ranged attacks as well as spells. Read 8 remaining paragraphs | Comments

Visit site:
How an accountant created an entire RPG inside an Excel spreadsheet

Huge attack on WordPress sites could spawn never-before-seen super botnet

CloudFlare Security analysts have detected an ongoing attack that uses a huge number of computers from across the Internet to commandeer servers that run the WordPress blogging application. The unknown people behind the highly distributed attack are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services reported. At least one company warned that the attackers may be in the process of building a “botnet” of infected computers that’s vastly stronger and more destructive than those available today. That’s because the servers have bandwidth connections that that are typically tens, hundreds, or even thousands of times faster than botnets made of infected machines in homes and small businesses. “These larger machines can cause much more damage in DDoS [distributed denial-of-service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic,” Matthew Prince, CEO of content delivery network CloudFlare, wrote in a blog post describing the attacks. Read 10 remaining paragraphs | Comments

See the original article here:
Huge attack on WordPress sites could spawn never-before-seen super botnet

BlackBerry wants SEC to investigate “false reports” of Z10 returns

Yesterday, brokerage firm Detwiler Fenton claimed that more people were returning BlackBerry Z10s than had bought them at retail in the first place. Today, BlackBerry responded , saying not only that the Detwiler report was incorrect, but that it was going to ask the Securities and Exchange Commission in the US and the Ontario Securities Commission in Canada to review the report. Of the reports, BlackBerry CEO Thorsten Heins said, “Return rate statistics show that we are at or below our forecasts and right in line with the industry. To suggest otherwise is either a gross misreading of the data or a willful manipulation. Such a conclusion is absolutely without basis and BlackBerry will not leave it unchallenged.” The smartphone company also noted that Detwiler refused to make its report or methodology available. How more phones could be returned than were sold isn’t clear. Detwiler Fenton is the same firm that predicted that Microsoft would sell 2-3 million Surface Pro units in the fourth quarter of 2012, despite the fact that Microsoft explicitly said the device wouldn’t ship until three months after the Surface RT’s October launch. Read 2 remaining paragraphs | Comments

More here:
BlackBerry wants SEC to investigate “false reports” of Z10 returns

A beginner’s guide to building botnets—with little assembly required

Original photo by Michael Kappel / Remixed by Aurich Lawson Have a plan to steal millions from banks and their customers but can’t write a line of code? Want to get rich quick off advertising click fraud but “quick” doesn’t include time to learn how to do it? No problem. Everything you need to start a life of cybercrime is just a few clicks (and many more dollars) away. Building successful malware is an expensive business. It involves putting together teams of developers, coordinating an army of fraudsters to convert ill-gotten gains to hard currency without pointing a digital arrow right back to you. So the biggest names in financial botnets—Zeus, Carberp, Citadel, and SpyEye, to name a few—have all at one point or another decided to shift gears from fraud rings to crimeware vendors, selling their wares to whoever can afford them. In the process, these big botnet platforms have created a whole ecosystem of software and services in an underground market catering to criminals without the skills to build it themselves. As a result, the tools and techniques used by last years’ big professional bank fraud operations, such as the ” Operation High Roller ” botnet that netted over $70 million last summer, are available off-the-shelf on the Internet. They even come with full technical support to help you get up and running. Read 63 remaining paragraphs | Comments

Read this article:
A beginner’s guide to building botnets—with little assembly required

Report: Xbox 360 successor can tolerate only brief Internet interruptions

Kotaku is citing two unnamed sources that it says “have a perfect track record in getting these kinds of things right” to report that Microsoft’s follow-up to the Xbox 360 will need a working Internet connection to start games and apps. And the site goes on to write that the system will only tolerate brief interruptions in that connection while the game or app is being used. “Unless something has changed recently, Durango consumer units must have an active Internet connection to be used,” one source told the site, referring to the internal code name for Microsoft’s next system. “If there isn’t a connection, no games or apps can be started. If the connection is interrupted, then after a period of time—currently three minutes, if I remember correctly—the game/app is suspended and the network troubleshooter started.” Another source said this requirement was still in effect on development hardware as recently as two weeks ago. Information suggesting that the next Microsoft console will need to be online is nothing new; numerous leaks and rumors have pointed in that direction throughout the last year or so. However, this is the first serious suggestion that such connectivity would need to be more or less continuous while a game is being played, rather than just checked once when a game or app is launched. Read 3 remaining paragraphs | Comments

More:
Report: Xbox 360 successor can tolerate only brief Internet interruptions