privacy-rights – Page 65 – Tech Today w/ Ken May

Solar power, white spaces bring 16Mbps broadband to towns without electricity

Microsoft White space networks haven’t exactly revolutionized Internet access in the US, but that doesn’t mean the technology can’t have a major impact in countries that lack consistent access to the Internet. The latest project showing the power of white spaces is unfolding in Kenya, where a solar-powered network is bringing the Internet to people who aren’t even connected to an electric grid. Microsoft deployed the network last month in conjunction with Kenyan government officials. It is serving a health care clinic in Burguret, a primary and secondary school in Male (that’s pronounced “mah-lay”), a secondary school in Gakawa, and a library in Laikipia. The network will be expanded to 20 locations in the coming months. “Down in the valley, nobody has electricity,” Paul Garnett, director of technology policy at Microsoft, told Ars. Garnett has been shuttling back and forth between the US and Kenya to get the white spaces network up and running, and he gave me an update on the project in a recent phone interview. Read 17 remaining paragraphs | Comments

“Cloud gaming” has a future—just maybe not in the cloud

Nvidia’s Shield tablet can stream full PC games from your Steam library as long as you’re using a GeForce graphics card. This may be the best way to stream your PC games to your tablet. Andrew Cunningham In practically every one of its major press conferences since last year’s GPU Technology Conference, Nvidia has reminded us that they want to virtualize the graphics processor. The company wants to take it out of the computer on your lap or on your desk and put it into a server somewhere without you noticing the difference. It introduced the concept at GTC 2012. Then over the course of the next year, Nvidia unveiled the actual graphics cards that would enable this tech, started selling them to partners, and also stuck them in Nvidia Grid-branded servers aimed at both gamers and businesses . The difference between Nvidia’s initiatives and more traditional virtualization is that the company’s products support relatively few users for the hardware they require. The Grid gaming server supports 24 users per server box and the Visual Computing Appliance (VCA) only supports eight or 16 depending on the model. Most virtualization is all about dynamically allocating resources like CPU cycles and RAM to give as many users as possible the bare minimum amount of power they need. Instead, Nvidia’s is about providing a fixed number of users with a pretty specific amount of computing power, thus attempting to recreate the experience of using a regular old computer. There are situations where this makes sense. Given the cost of buying and maintaining workstation hardware, Nvidia’s argument for the VCA seems more or less convincing. But I’m slightly less optimistic about the prospect for the Grid gaming server, or any cloud gaming service, really—call it leftover skepticism from OnLive’s meltdown earlier this year . Read 11 remaining paragraphs | Comments

Read the original post:
“Cloud gaming” has a future—just maybe not in the cloud

One day after iOS 6.1.3, a new iPhone lock screen bug emerges

Just a day after Apple released iOS 6.1.3 , a new lock screen bug has been discovered that could give an attacker access to private information. The vulnerability is different from the passcode bug(s) addressed by Tuesday’s iOS update, but the end result is similar: access to iPhone’s contact list and photos. The new lock screen bug was first documented by YouTube user videosdebarraquito , who posted a video demoing the procedure. The basic gist, seen in the video below, is to eject the iPhone’s SIM card while using the built-in voice controls to make a phone call. Bypassing the iPhone passcode lock on iOS 6.1.3. There are a couple important things to keep in mind, though. For one, it seems like this bug applies to most modern iPhones, though apparently the procedure isn’t as easy as it looks. The YouTube video above shows the hack being executed on an iPhone 4, and iphoneincanada was able to replicate it on an iPhone 4. TheNextWeb was able to replicate it on an iPhone 4S but not an iPhone 5. But the iPhone 5 didn’t get away scot free, as German language site iPhoneblog.de appears to have been able to replicate the bug on that version of the phone. We have not yet seen a confirmed case of the bug existing on the iPhone 3GS, though it’s probably safe to assume that it does. Read 1 remaining paragraphs | Comments

Excerpt from:
One day after iOS 6.1.3, a new iPhone lock screen bug emerges

Chameleon botnet steals millions from advertisers with fake mouseclicks

Security researchers have discovered a botnet that is stealing millions of dollars per month from advertisers. The botnet does so by simulating click-throughs on display ads hosted on at least 202 websites. Revealed and dubbed “Chameleon” by the Web analytics firm spider.io because of its ability to fool advertisers’ behavior-tracking algorithms, the botnet is the first found to use display advertisements to generate fraudulent income for its masters. In a blog post today, spider.io reported that the company had been tracking Chameleon since December of 2012. Simulating multiple concurrent browser sessions with websites, each bot is able to interact with Flash and JavaScript based ads. So far, more than 120,000 Windows PCs have been identified—95 percent of them with IP addresses associated with US residential Internet services. The company has issued a blacklist of the 5,000 worst-offending IP addresses for advertisers to use to protect themselves from fraud. While in many respects the botnet simulates human activity on webpages to fool countermeasures to clickfraud, it generates random mouse clicks and mouse pointer traces across pages. This makes it relatively easy for bot-infected systems to be identified over time. The bot is also unstable because of the heavy load it puts on the infected machine, and its frequent crashes can also be used as a signature to identify infected systems. Read 1 remaining paragraphs | Comments

See the original post:
Chameleon botnet steals millions from advertisers with fake mouseclicks

Cisco switches to weaker hashing scheme, passwords cracked wide open

Password cracking experts have reversed a secret cryptographic formula recently added to Cisco devices. Ironically, the encryption type 4 algorithm leaves users considerably more susceptible to password cracking than an older alternative, even though the new routine was intended to enhance protections already in place. It turns out that Cisco’s new method for converting passwords into one-way hashes uses a single iteration of the SHA256 function with no cryptographic salt. The revelation came as a shock to many security experts because the technique requires little time and computing resources. As a result, relatively inexpensive computers used by crackers can try a dizzying number of guesses when attempting to guess the corresponding plain-text password. For instance, a system outfitted with two AMD Radeon 6990 graphics cards that run a soon-to-be-released version of the Hashcat password cracking program can cycle through more than 2.8 billion candidate passwords each second. By contrast, the type 5 algorithm the new scheme was intended to replace used 1,000 iterations of the MD5 hash function. The large number of repetitions forces cracking programs to work more slowly and makes the process more costly to attackers. Even more important, the older function added randomly generated cryptographic “salt” to each password, preventing crackers from tackling large numbers of hashes at once. Read 7 remaining paragraphs | Comments

Continue reading here:
Cisco switches to weaker hashing scheme, passwords cracked wide open

The 49ers’ plan to build the greatest stadium Wi-Fi network of all time

49ers CTO Kunal Malik (left) and Senior IT director Dan Williams (right) stand in front of Santa Clara Stadium. Jon Brodkin When the San Francisco 49ers’ new stadium opens for the 2014 NFL season, it is quite likely to have the best publicly accessible Wi-Fi network a sports facility in this country has ever known. The 49ers are defending NFC champions, so 68,500 fans will inevitably walk into the stadium for each game. And every single one of them will be able to connect to the wireless network, simultaneously , without any limits on uploads or downloads. Smartphones and tablets will run into the limits of their own hardware long before they hit the limits of the 49ers’ wireless network. A model of Santa Clara Stadium, with a wall painting visible in the background. Jon Brodkin Jon Brodkin Until now, stadium executives have said it’s pretty much impossible to build a network that lets every single fan connect at once. They’ve blamed this on limits in the amount of spectrum available to Wi-Fi, despite their big budgets and the extremely sophisticated networking equipment that largesse allows them to purchase. Even if you build the network perfectly, it would choke if every fan tried to get on at once—at least according to conventional wisdom. Read 69 remaining paragraphs | Comments

More here:
The 49ers’ plan to build the greatest stadium Wi-Fi network of all time

911 tech pinpoints people in buildings—but could disrupt wireless ISPs

NextNav’s enhanced 911 technology locates people within buildings—but may interfere with millions of existing devices. NextNav Cell phones replacing landlines are making it difficult to accurately locate people who call 911 from inside buildings. If a person having a heart attack on the 30th floor of a giant building can call for help but is unable to speak their location, actually finding that person from cell phone and GPS location data is a challenge for emergency responders. Thus, new technologies are being built to accurately locate people inside buildings. But a system that is perhaps the leading candidate for enhanced 911 geolocation is also controversial because it uses the same wireless frequencies as wireless Internet Service Providers, smart meters, toll readers like EZ-Pass, baby monitors, and various other devices. NextNav , the company that makes the technology, is seeking permission from the Federal Communications Commission to start commercial operations. More than a dozen businesses and industry groups oppose NextNav (which holds FCC licenses through a subsidiary called Progeny), saying the 911 technology will wipe out devices and services used by millions of Americans. Read 37 remaining paragraphs | Comments

Read this article:
911 tech pinpoints people in buildings—but could disrupt wireless ISPs

Brazilian docs fool biometric scanners with bag full of fake fingers

Six silicone fingers, all in a row. BBC The BBC is one of several outlets carrying the bizarre story of a Brazilian doctor arrested for allegedly defrauding her employer, a hospital in the town of Ferraz de Vasconcelos, near São Paulo. At the time of her arrest, she was equipped with a total of sixteen fingers—ten of which God gave her, and six of which were crafted of silicone and given to her by coworkers. At least three of the extra fingers bore the prints of fellow doctors at the hospital. The doctor, Thaune Nunes Ferreira, 29, claims through her attorney that she was forced to use the silicone fingers to clock in to the hospital’s time card system in order to cover for absentee colleagues. “She says she was innocent because it is a condition they imposed on her to keep her job,” the attorney notes. According to the Bangkok Post and several other sources, Brazil’s Globo TV International network obtained and played footage of Ferreira clocking in to the hospital with her own permanently attached digits, then touching the same fingerprint scanner with two of the silicone fakes. The scanner produced paper time card receipts for her and the two employees to whom the silicone fingers’ prints belonged. In this way, notes the Post, “it looked like there were three doctors on duty when there was just one.” Read 2 remaining paragraphs | Comments

Link:
Brazilian docs fool biometric scanners with bag full of fake fingers

For first time, US military says it would use offensive cyberweapons

For the first time ever, the Obama administration has publicly admitted to developing offensive cyberweapons that could be aimed at foreign nations during wartime. According to an article published Tuesday night by The New York Times , that admission came from General Keith Alexander, the chief of the military’s newly created Cyber Command. He said officials are establishing 13 teams of programmers and computer experts who would focus on offensive capabilities. Previously, Alexander publicly emphasized defensive strategies in electronic warfare to the almost complete exclusion of offense. “I would like to be clear that this team, this defend-the-nation team, is not a defensive team,” Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee on Tuesday. “This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone.” Read 3 remaining paragraphs | Comments

Excerpt from:
For first time, US military says it would use offensive cyberweapons

Dating site Zoosk resets some user accounts following password dump (Updated)

A screenshot from Jeremi Gosney showing passwords cracked by the ocl-Hashcat-plus program. Jeremi Gosney Zoosk.com, an online dating service with about 15 million unique visitors each month, is requiring some users to reset their passwords. The move comes after someone published a list cryptographically protected passcodes that may have been used by subscribers to the website. In the past, the San Francisco-based company has said it has more than 50 million users . With this dump, a small but statistically significant percentage of the 29-million-strong password list contained the word “zoosk,” an indication that at least some of the credentials may have originated with the dating site. Jeremi Gosney, a password expert at Stricture Consulting Group , said he cracked more than 90 percent of the passwords and found almost 3,000 had links to Zoosk. The cracked passcodes included phrases such as “logmein2zoosk,” “zoosk password,” “myzooskpass,” “@zoosk,” “zoosk4me,” “ilovezoosk,” “flirtzoosk,” “zooskmail.” Other passwords contained strings such as “flirt,” “lookingforlove,” “lookingforguys,” and “lookingforsex,” another indication that they were used to access accounts at one or more dating websites. Many users choose passwords containing names, phrases, or topics related to the specific website or generic type of service they’re used to access. In December, Ars profiled a 25-GPU cluster system Gosney built that’s capable of trying every possible Windows passcode in the typical enterprise in less than six hours. . Read 6 remaining paragraphs | Comments

Originally posted here:
Dating site Zoosk resets some user accounts following password dump (Updated)