Tag: privacy-rights

Getting a Linux box corralled into a DDoS botnet is easier than many think

Enlarge (credit: Aurich Lawson and Getty) Getting a Linux server hacked and made part of a botnet is easier than some people may think. As two unrelated blog posts published in the past week demonstrate, running a vulnerable piece of software is often all that’s required. Witness, for example, a critical vulnerability disclosed earlier this year in Elasticsearch , an open source server application for searching large amounts of data. In February, the company that maintains it warned it contained a vulnerability that allowed hackers to execute commands on the server running it. Within a month, a hacking forum catering to Chinese speakers provided all the source code and tutorials needed for people with only moderate technical skills to fully identify and exploit susceptible servers. A post published Tuesday by security firm Recorded Future deconstructs that hacker forum from last March. It showed how to scan search services such as Shodan and ZoomEye to find vulnerable machines. It includes an attack script written in Python that was used to exploit one of them and a separate Perl script used to make the newly compromised machine part of a botnet of other zombie servers. It also included screenshots showing the script being used against the server. The tutorial underscores the growing ease of hacking production servers and the risk of being complacent about patching. Read 5 remaining paragraphs | Comments

See the article here:
Getting a Linux box corralled into a DDoS botnet is easier than many think

“Nemesis” malware hijacks PC’s boot process to gain stealth, persistence

Malware targeting banks, payment card processors, and other financial services has found an effective way to remain largely undetected as it plucks sensitive card data out of computer memory. It hijacks the computer’s boot-up routine in a way that allows highly intrusive code to run even before the Windows operating system loads. The so-called bootkit has been in operation since early this year and is part of “Nemesis,” a suite of malware that includes programs for transferring files, capturing screens logging keystrokes, injecting processes, and carrying out other malicious actions on an infected computer. Its ability to modify the legitimate volume boot record makes it possible for the Nemesis components to load before Windows starts. That makes the malware hard to detect and remove using traditional security approaches. Because the infection lives in such a low-level portion of a hard drive, it can also survive when the operating system is completely reinstalled. “The use of malware that persists outside of the operating system requires a different approach to detection and eradication,” researchers from security firm FireEye’s Mandiant Consulting wrote in a blog post published Monday . “Malware with bootkit functionality can be installed and executed almost completely independent of the Windows operating system. As a result, incident responders will need tools that can access and search raw disks at scale for evidence of bootkits.” Read 5 remaining paragraphs | Comments

Follow this link:
“Nemesis” malware hijacks PC’s boot process to gain stealth, persistence

New diabetes cases finally on the decline

(credit: Steven Depolo/Flickr ) After more than a quarter of a century of rising diabetes rates, the number of new cases seems to be on a downward trend. From 1980 to 2009, the annual number of new diabetes cases more than tripled in the US, going from 493,000 to 1.7 million diagnoses a year in people aged 18 to 79. But since 2009, case numbers appear to have slumped, though the decline had not registered as statistically significant. Now, using newly released data from 2014 , the Centers for Disease Control and Prevention announced that case numbers are definitely on their first sustained decline. In 2014, the number of diagnosed cases was down to 1.4 million. “It seems pretty clear that incidence rates have now actually started to drop,” said Edward Gregg, one of the CDC’s top diabetes researchers told the New York Times . “Initially it was a little surprising because I had become so used to seeing increases everywhere we looked.” Read 2 remaining paragraphs | Comments

See the article here:
New diabetes cases finally on the decline

HGST beats Seagate to market with helium-filled 10TB hard drive

Western Digital’s HGST division has released the world’s first helium-filled 10TB hard drive for everyday use—assuming you have about £600 burning a hole in your pocket, anyway. Meanwhile, despite reiterating that it would have a 10TB drive on the market this year, Seagate hasn’t yet moved past the 8TB mark. The Ultrastar He10 is notable for two reasons: it’s hermetically sealed and filled with helium, which is still a rather novel idea; and it has seven platters crammed into a standard-height 25.4mm (1-inch) hard drive. PMR vs. SMR. With SMR, there’s almost no guard space between tracks, which increases density but can reduce write speed (if you want to rewrite a track in the middle, you may also have to rewrite the adjacent tracks as well). (credit: Seagate) The platters themselves are impressive, too: instead of using shingled magnetic recording (SMR) to boost areal density, these platters use conventional perpendicular magnetic recording (PMR). PMR has been the standard hard drive recording tech since 2005, when it replaced longitudinal recording. The move to PMR has increased the maximum platter density by an order of magnitude—from about 100Gb per square inch to 1000Gb—but now, alas, we’re beginning to hit the limits of PMR. Read 6 remaining paragraphs | Comments

See original article:
HGST beats Seagate to market with helium-filled 10TB hard drive

Thunderbird “a tax” on Firefox development, and Mozilla wants to drop it

Mozilla would like to drop Thunderbird from its list of projects. (credit: Andrew Cunningham) You might know Mozilla primarily for its Firefox browser, but for many years the company has also developed an e-mail client called Thunderbird. The two projects use the same rendering engine and other underlying technology, but Mozilla Executive Chairwoman Mitchell Baker has announced that Mozilla would like to stop supporting Thunderbird, calling its continuing maintenance “a tax” on the more important work of developing Firefox. “Many inside of Mozilla, including an overwhelming majority of our leadership, feel the need to be laser-focused on activities like Firefox that can have an industry-wide impact,” Baker writes. “With all due respect to Thunderbird and the Thunderbird community, we have been clear for years that we do not view Thunderbird as having this sort of potential.” Mozilla doesn’t plan to drop Thunderbird immediately, however—the current maintenance schedule will continue and Thunderbird users can continue to use the product. But the end goal for Mozilla, according to Baker, is to find “the right kind of legal and financial home” for the Thunderbird project, and “[separate] itself from reliance on Mozilla development systems and in some cases, Mozilla technology.” In other words, the company would like to give Thunderbird to people who will take care of it, freeing the Firefox team from having to worry about it. Read 1 remaining paragraphs | Comments

Read More:
Thunderbird “a tax” on Firefox development, and Mozilla wants to drop it

Apple’s A9X has a 12-core GPU and is made by TSMC

Enlarge / A die shot of the A9X. The ratio of GPU to CPU is becoming pretty insane. (credit: Chipworks via AnandTech ) Apple makes interesting chips for its mobile devices, but it doesn’t talk about them much aside from extremely high-level relative performance comparisons. That means it’s up to experts like the ones at Chipworks to open them up and figure it out, and they’ve partnered up with AnandTech to dig into the A9X in the iPad Pro. The most significant news is about the GPU, which is a 12-core Imagination Technologies PowerVR Series 7XT design. The company doesn’t generally offer a 12-core design, as shown in the chart below, but the architecture is designed to be easily scalable and it wouldn’t be the first time Apple had gotten something from a supplier that other companies couldn’t get. The standard A9 in the iPhone 6S and 6S Plus uses a 6-core version of the same GPU. Apple feeds that GPU with a 128-bit memory bus, something that it’s also included in other iPads to boost memory bandwidth and GPU performance. The Series 7XT lineup. The iPad Pro’s GPU falls somewhere in between the stock 8-cluster and 16-cluster designs. (credit: Imagination Technologies) Imagination’s chart for the Series 7XT GPU puts a hypothetical 12-core design in the same general performance neighborhood as an Nvidia GeForce GT 730M, a low-end discrete GPU that’s a bit slower than the stuff Apple is shipping in its high-end MacBook Pros. Our own graphics benchmarks place it a bit higher than that, but as some of you have pointed out , iOS may have a small advantage in some of these tests because of differences between the mobile OpenGL ES API in iOS and the standard OpenGL API used in OS X. Read 2 remaining paragraphs | Comments

Read More:
Apple’s A9X has a 12-core GPU and is made by TSMC

The National Security Letter spy tool has been uncloaked, and it’s bad

It took 11 years to finally unveil what the FBI demands in a National Security Letter. How it evolved over the years is shown above. (credit: ACLU ) The National Security Letter (NSL) is a potent surveillance tool that allows the government to acquire a wide swath of private information—all without a warrant. Federal investigators issue tens of thousands of them each year to banks, ISPs, car dealers, insurance companies, doctors, and you name it. The letters don’t need a judge’s signature and come with a gag to the recipient, forbidding the disclosure of the NSL to the public or the target. Nicholas Merrill (credit: Wikipedia ) For the first time, as part of a First Amendment lawsuit, a federal judge ordered the release of what the FBI was seeking from a small ISP as part of an NSL. Among other things, the FBI was demanding a target’s complete Web browsing history, IP addresses of everyone a person has corresponded with, and records of all online purchases, according to a court document unveiled Monday. All that’s required is an agent’s signature denoting that the information is relevant to an investigation. “The FBI has interpreted its NSL authority to encompass the websites we read, the Web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs,” said Nicholas Merrill, who was president of Calyx Internet Access in New York when he received the NSL targeting one of his customers in 2004. Read 6 remaining paragraphs | Comments

Continued here:
The National Security Letter spy tool has been uncloaked, and it’s bad

Managing a 100-percent renewable grid, without batteries

(credit: US DOE ) Stanford researcher Mark Jacobson likes to take current thinking about renewable energy and supersize it. Rather than aiming for 50 percent renewables, like California is , he has analyzed what it would take for each of the 50 states to go fully renewable . It would apparently involve so many offshore wind turbines that hurricanes headed toward the States would be suppressed. Now, he and a few collaborators are back with a more detailed look at how to manage the grid stability issues that come with large amounts of intermittent generators, like photovoltaic panes and wind turbines. Normally, issues of intermittency are expected to be handled by fossil fuel power and batteries. But the new analysis suggests we don’t need any of that—and we don’t need biofuels or nuclear, either. Instead, it suggests we could manage a 100-percent renewable grid through a combination of hydrogen production and heat storage. None of this is entirely new. People have been talking about generating hydrogen from renewable energy for years—with a fuel cell, it can be used to power cars or generate electricity as needed. And the paper cites an existing community that’s already using solar energy to generate heat that’s stored under ground. But, as with Jacobson’s past analyses, they are taken to new scales here. Read 11 remaining paragraphs | Comments

More:
Managing a 100-percent renewable grid, without batteries

Iranian military spear-phish of State Department employees detected first by Facebook

The Facebook and email accounts of US State Department officials focused on Iran were hacked, and possibly used to gather data about US-Iranian dual citizens in Iran. More details have emerged about the hacking the computers of US State Department and other government employees, first revealed earlier this month in a Wall Street Journal report . The intrusions by hackers purported to be associated with the Iranian Revolutionary Guard may be tied to the arrest of an Iranian-American businessman in Tehran in October and other arrests of dual citizens in Iran. The attackers used compromised social media accounts of junior State Department staff as part of a “phishing” operation that compromised the computers of employees working in the State Department’s Office of Iranian Affairs and Bureau of Near Eastern Affairs and computers of some journalists. The first warning of the attacks came from Facebook, which alerted some of the affected users that their accounts had been compromised by a state-sponsored attack, the New York Times reports . The Iranian Revolutionary Guard hackers used the access to identify the victims’ contacts and build “spear-phishing” attacks that gave them access to targeted individuals’ e-mail accounts. The attack “was very carefully designed and showed the degree to which they understood which of our staff was working on Iran issues now that the nuclear deal is done,” an unnamed senior US official told the Times . This most recent attack, which came after a brief period of little or no Iranian activity against US targets over the summer according to data from Check Point and iSight Partners, was a change from tactics previously associated with Iranian hackers. Earlier attacks attributed to Iran were focused on taking financial services companies’ websites offline  and destroying data—such as in the attack attack on casino company Las Vegas Sands Corp. last year after its majority owner called for a nuclear attack on Iran. These attacks may not have been carried out by the Iranian government but by Iranian or pro-Iranian “hacktivists.” The State Department attack, however, was more subtle and aimed at cyber-espionage rather than simple vengeance—bearing hallmarks of tactics attributed to Chinese state-sponsored hackers. Read 1 remaining paragraphs | Comments

Follow this link:
Iranian military spear-phish of State Department employees detected first by Facebook

Tesla Model X production starts in earnest, pricing revealed

(credit: Tesla) Several months ago we found out pricing for the fully loaded “Signature” edition Tesla Model X electric SUV. Now, we’ve got a better idea of what the cheapest Model X will set you back: $80,000 before any options and tax rebates or incentives. That’s for the 70D, which has all-wheel drive (a motor for each axle) and a 70kWh battery (pricing for the 90D and P90D haven’t been announced). That’s $5000 more than the equivalent Model S sedan , which hits 60mph a little quicker and has a slightly longer range than the SUV but not the same funky rear doors. The distinctive Falcon wing doors are Tesla’s approach to making an SUV with all the utility of a minivan; that was how Elon Musk described the design brief back in September. By opening up and out, they’re supposed to give better access to the rear seats while taking up less space than a traditional door. There are three different interior layouts. The base 70D is a five seater, but there’s also a six seat version (three rows of two) for an extra $3000 and seven seats are yours for $4500. Tesla released the pricing information for the 70D Model X at the same time it told customers with preorders that they can begin configuring their vehicles. Screenshots of the online configurator provided by Tesla to Ars state that Model X deliveries will begin in early 2016, starting with range-topping P90D orders. “Lesser” 90D Model Xs follow by mid-year, with 70D deliveries before 2017. Read 1 remaining paragraphs | Comments

View article:
Tesla Model X production starts in earnest, pricing revealed