Tag: reprints

Indian ISP’s routing hiccup briefly takes Google down worldwide

For a short time today, people all over the world trying to access Google services were cut off because of what Dyn Research Director of Internet Analysis Doug Madory identified as a “routing leak ” from an Indian broadband Internet provider. The leak is similar to a 2012 incident caused by an Indonesian ISP , which took Google offline for 30 minutes worldwide. Routing leaks occur when a network provider broadcasts all or part of its internal routing table to one or more peered networks via the Border Gateway Protocol, causing network traffic to be routed incorrectly. In this case, the Indian ISP Hathway’s boundary router incorrectly announced routing data for over 300 network prefixes belonging to Google to the Internet backbone via its provider Bharti Airtel. “Bharti in turn announced these routes to the rest of the world,” Madory wrote in a Dyn Research blog entry posted this morning, “and a number of ISPs accepted these routes.” In the US, Cogent and Level 3 accepted the routes; a number of overseas carriers, including Orange, were also affected. Read 1 remaining paragraphs | Comments

See the article here:
Indian ISP’s routing hiccup briefly takes Google down worldwide

AT&T still throttles unlimited data, and FCC isn’t promising to stop it

How long will AT&T continue to get away with throttling unlimited data plans? Even after the Federal Communications Commission’s recent net neutrality ruling banned throttling, the FCC isn’t saying whether it will put a stop to it. All major US cellular carriers impose some form of throttling on unlimited data plans, but AT&T’s throttling seems most likely to fall afoul of the FCC’s rules. The big carriers generally reserve the right to slow down data speeds for customers with unlimited data plans after they hit a certain usage threshold each month, but they only do the actual throttling when the user is connected to a congested tower. AT&T, on the other hand, slows its unlimited LTE users down for the rest of the month once they’ve hit a 5GB threshold, and the throttling happens at all hours of the day and in all locations regardless of whether the user is connected to a congested tower. More than any other throttling policy enforced by a major carrier, this one seems designed to push customers with grandfathered unlimited data plans onto newer, more expensive plans that charge automatic overage fees when customers go over their caps. Read 12 remaining paragraphs | Comments

See the article here:
AT&T still throttles unlimited data, and FCC isn’t promising to stop it

CryptoLocker look-alike searches for and encrypts PC game files

Crypto-based “ransomware” has become a lucrative business for cybercriminals. Since the arrival of CryptoLocker on the scene last year, a number of copycat malware packages have appeared to compete in the cyber-extortion market, encrypting victims’ photos and other personal files with a key that will be destroyed if they don’t contact the malware’s operators and pay up. Recently, a new variant has emerged that seeks to raise the stakes with a particular class of victim by specifically seeking out files related to a number of popular PC games, as well as Valve’s Steam gaming platform. The malware, which is a variant of the crypt-ransomware called TeslaCrypt, superficially looks like CryptoLocker. But according to a number of security researchers who have analyzed the malware, it shares little code with CryptoLocker or its more well-known successor CryptoWall. And while it will also will target photos and documents, as well as iTunes-related files, as Bromium security researcher Vadim Kotov noted in an analysis on Bromium Labs’ blog , TeslaCrypt also includes code that specifically looks for files related to more than 40 specific PC games, gaming platforms, and game developer tools. The games include both single player and multiplayer games, though it isn’t clear how targeting some of the multiplayer games would affect users other than requiring a re-install. The games targeted include a mix of older and newer titles— for example, Blizzard’s StarCraft II and WarCraft III real-time strategy games and its World of Warcraft online game are targeted. Also on TeslaCrypt’s hit list: Bioshock 2, Call of Duty, DayZ, Diablo, Fallout 3, League of Legends, F.E.A.R, S.T.A.L.K.E.R, Minecraft, Metro 2033, Half-Life 2, Dragon Age: Origins, Resident Evil 4, World of Tanks, Metin 2, and The Elder Scrolls (specifically, Skyrim-related files), as well as Star Wars: The Knights Of The Old Republic. There’s also code that searches for files associated with games from specific companies that affect a wide range of titles, including a variety of games from EA Sports, Valve, and Bethesda, and Valve’s Steam gaming platform. And the game development tools RPG Maker, Unity3D and Unreal Engine are targeted as well. Read 4 remaining paragraphs | Comments

See the original article here:
CryptoLocker look-alike searches for and encrypts PC game files

Internet providers ordered to stop hiding the true size of monthly bills

New rules for home Internet providers and wireless carriers require them to be truthful about how much their service actually costs. As part of the transparency requirements in the Federal Communications Commission’s net neutrality order , Internet providers have to clearly detail all charges, such as modem rental and installation fees, and disclose the full monthly price that will go into effect after any promotional pricing expires. The new disclosure rule is more specific than a previous one, the FCC said. Read 7 remaining paragraphs | Comments

Read More:
Internet providers ordered to stop hiding the true size of monthly bills

Water droplets bounce off these new self-cleaning surfaces

Every day, we interact with a myriad of surfaces ranging from soft fabrics to hard metals. Inevitably, this means we have to spend our time cleaning them. A class of self-cleaning materials would certainly make our lives easier. Previous attempts to create these materials have focused on developing surfaces that are rough and waxy; these cause water droplets to roll along the surface, picking up dirt and dust due as it goes. These materials have been relatively successful, but they have many limitations. For example, they’re easily worn away and easily contaminated by oils like those found on our skin. Luckily, scientists have now developed a waterproof, self cleaning coating that can be applied to materials that are as soft as cotton and as hard as glass. This coating is composed of titanium dioxide (TiO2) nanoparticles with two size distributions, delivered as a suspension in ethanol containing the chemical perfluorooctyltriethoxysilane. After application, the ethanol is allowed to evaporate for 180 seconds before the coating is ready for use. This coating can be sprayed, dipped, or painted onto a surface, and it maintains its performance after several types of damage. Read 6 remaining paragraphs | Comments

Read the original:
Water droplets bounce off these new self-cleaning surfaces

Now you can easily send (free!) encrypted messages between Android, iOS

On Monday, Open Whisper Systems announced the release of Signal 2.0 , the second version of its app for iOS. What makes this latest release special is that it allows users to send end-to-end encrypted messages, for free, to users of Redphone and TextSecure, Android apps supported by Open Whisper Systems that encrypt calling and text messages, respectively. Previously, this kind of cross-platform secure messaging cost money in the form of a monthly subscription fee that both the sender and the receiver of the message had to pay. (Or, encrypting messages cost considerable time and effort to implement without a dedicated app.) Signal and its Android counterpart TextSecure are unique in that they use forward encryption, which generates temporary keys for each message, but still allow asynchronous messaging through the use of push notifications and “prekeys.” Ars reported on the implementation details in 2013 . Open Whisper Systems has pulled ahead of other privacy apps by making its interface easy for a person who doesn’t know too much about encryption to use. It’s also open source, so it can be vetted by experts, and its open encryption protocol can be adopted by other messaging apps. In fact, last November, messaging platform Whatsapp deployed Open Whisper Systems’ protocol for its 500 million Android users . Still, until now communicating with iOS users from an Android phone has been much more challenging. Read 4 remaining paragraphs | Comments

See the original article here:
Now you can easily send (free!) encrypted messages between Android, iOS

In major goof, Uber stored sensitive database key on public GitHub page

Uber is trying to force GitHub to disclose the IP address of every person that accessed a webpage connected to a database intrusion that exposed sensitive personal data for 50,000 drivers. The court action revealed that a security key unlocking the database was stored on a publicly accessible place, the online equivalent of stashing a house key under a doormat. Uber officials have yet to say precisely what information was contained in the two now-unavailable GitHub gists . But in a lawsuit filed Friday against the unknown John Doe intruders, Uber lawyers said the URLs contained a security key that allowed unauthorized access to the names and driver’s license numbers of about 50,000 Uber drivers . The ride-sharing service disclosed the breach on Friday, more than two months after it was discovered. “The contents of these internal database files are closely guarded by Uber,” the complaint stated. “Accessing them from Uber’s protected computers requires a unique security key that is not intended to be available to anyone other than certain Uber employees, and no one outside of Uber is authorized to access the files. On or around May 12, 2014, from an IP address not associated with an Uber employee and otherwise unknown to Uber, John Doe I used the unique security key to download Uber database files containing confidential and proprietary information from Uber’s protected computers.” Read 3 remaining paragraphs | Comments

More:
In major goof, Uber stored sensitive database key on public GitHub page

Verizon issues furious response to FCC, in Morse code, dated 1934

Verizon is just so mad at the Federal Communications Commission today that a normal press release wouldn’t do. After all, Verizon issues so many press releases denouncing the FCC for trying to regulate telecommunications that today’s vote on net neutrality required a special one to make sure it would be remembered. So Verizon wrote it in Morse code and set the date as “1934” to make the point that the FCC is taking us backward in time. Verizon sent out the press release in this e-mail: Read 6 remaining paragraphs | Comments

Link:
Verizon issues furious response to FCC, in Morse code, dated 1934

Windows Defender now removes Superfish malware… if you’re lucky

First the good news. Microsoft today released a signature update for Windows Defender, the anti-malware software that’s built in to Windows, to enable it to both detect and remove the Superfish malware that Lenovo installed on some systems . Defender’s removal process seems to be quite robust, both uninstalling the software and removing the dangerous certificate that Superfish installs. However, it doesn’t appear to clean any contaminated installs of Firefox or Thunderbird; for that, you’ll want to check out our manual removal instructions . Uh oh… 2 more images in gallery Now the bad news. While Windows Defender is supplied as part of Windows and works well enough, Microsoft gave it some rather strange behavior  as a concession to third-party anti-malware vendors . If a third-party anti-malware product is installed, Windows Defender will automatically disable itself. Many Lenovo systems include trial versions of anti-malware software; during the duration of these trials, Windows Defender will be inactive. Read 2 remaining paragraphs | Comments

View article:
Windows Defender now removes Superfish malware… if you’re lucky

Linux has 2,000 new developers and gets 10,000 patches for each version

Nearly 2,000 developers started contributing to Linux in the past 15 months, making up nearly half of all developers writing code for the open source operating system kernel. The new developers are helping fuel an ever-bigger Linux community, according to the latest Linux Kernel Development report, which will be released today by the Linux Foundation. The report is expected to be available at this link . “The rate of Linux development is unmatched,” the foundation said in an announcement accompanying the report. “In fact, Linux kernel 3.15 was the busiest development cycle in the kernel’s history. This rate of change continues to increase, as does the number of developers and companies involved in the process. The average number of changes accepted into the kernel per hour is 7.71, which translates to 185 changes every day and nearly 1,300 per week. The average days of development per release decreased from 70 days to 66 days.” Read 16 remaining paragraphs | Comments

View article:
Linux has 2,000 new developers and gets 10,000 patches for each version