Tag: style-details

Whitehat hacker goes too far, gets raided by FBI, tells all

A whitehat hacker from the Baltimore suburbs went too far in his effort to drive home a point about a security vulnerability he reported to a client. Now he’s unemployed and telling all on reddit . David Helkowski was working for Canton Group, a Baltimore-based software consulting firm on a project for the University of Maryland (UMD), when he claims he found malware on the university’s servers that could be used to gain access to personal data of students and faculty. But he says his employer and the university failed to take action on the report, and the vulnerability remained in place even after a data breach exposed more than 300,000 students’ and former students’ Social Security numbers. As Helkowski said to a co-worker in Steam chat, “I got tired of being ignored, so I forced their hand.” He penetrated the university’s network from home, working over multiple VPNs, and downloaded the personal data of members of the university’s security task force. He then posted the data to Pastebin and e-mailed the members of the task force anonymously on March 15. Read 6 remaining paragraphs | Comments

Read More:
Whitehat hacker goes too far, gets raided by FBI, tells all

Heartbleed vulnerability may have been exploited months before patch

guthrieinator There’s good news, bad news, and worse news regarding the “Heartbleed” bug that affected nearly two-thirds of the Internet’s servers dependent on SSL encryption. The good news is that many of those servers (well, about a third) have already been patched. And according to analysis by Robert Graham of Errata Security, the bug won’t expose the private encryption key for servers “in most software” (though others have said several web server distributions are vulnerable to giving up the key under certain circumstances.) The bad news is that about 600,000 servers are still vulnerable to attacks exploiting the bug. The worse news is that malicious “bot” software may have been attacking servers with the vulnerability for some time—in at least one case, traces of the attack have been found in audit logs dating back to last November. Attacks based on the exploit could date back even further. Security expert Bruce Schneier calls  Heartbleed  a catastrophic vulnerability. “On the scale of 1 to 10, this is an 11,” he said in a  blog post today.  The bug affects how OpenSSL, the most widely used cryptographic library for Apache and nginx Web servers, handles a service of Transport Layer Security called Heartbeat—an extension added to TLS in 2012. Read 9 remaining paragraphs | Comments

Visit site:
Heartbleed vulnerability may have been exploited months before patch

Windows 8.1 Update halted to some enterprise users amid WSUS issues

Distribution of the Windows 8.1 Update, Microsoft’s hefty patch for Windows 8.1 that updates the user interface for desktop and mouse users , has been temporarily suspended for some enterprise users after the company  discovered  that patched systems are no longer able to receive future updates from Windows Server Update Services (WSUS) servers. The problem occurs when clients connect to WSUS  with HTTPS enabled, but without TLS 1.2. Windows 8.1 machines with the KB 2919355 update installed will no longer be able to receive future updates from those servers. Microsoft describes it primarily as an issue for WSUS  3.0 Service Pack 2, also known as WSUS 3.2, when run on Windows Server 2003, 2003 R2, 2008, and 2008 R2; this version does not have HTTPS or TLS 1.2 enabled by default, but HTTPS is part of the recommended configuration. WSUS 4 on Windows Server 2012 and 2012 R2 is also technically affected, as the bug is client-side, but Windows Server enables TLS 1.2 by default, so issues are unlikely to arise in practice. Read 2 remaining paragraphs | Comments

See original article:
Windows 8.1 Update halted to some enterprise users amid WSUS issues

LAPD officers monkey-wrenched cop-monitoring gear in patrol cars

Cliff The Los Angeles Police Commission is investigating how half of the recording antennas in the Southeast Division went missing, seemingly as a way to evade new self-monitoring procedures that the Los Angeles Police Department imposed last year. The antennas, which are mounted onto individual patrol cars, receive recorded audio captured from an officer’s belt-worn transmitter. The transmitter is designed to capture an officer’s voice and transmit the recording to the car itself for storage. The voice recorders are part of a video camera system that is mounted in a front-facing camera on the patrol car. Both elements are activated any time the car’s emergency lights and sirens are turned on, but they can also be activated manually. According to the Los Angeles Times , an LAPD investigation determined that around half of the 80 patrol cars in one South LA division were missing antennas as of last summer, and an additional 10 antennas were unaccounted for. Citing a police source, the newspaper said that removing the antennas can reduce the range of the voice transmitters by as much as a third of the normal operating distance. Read 10 remaining paragraphs | Comments

Follow this link:
LAPD officers monkey-wrenched cop-monitoring gear in patrol cars

Intel expands 10Gbps “Thunderbolt Ethernet” capability to Windows

Thunderbolt 2 is picking up another feature. Chris Foresman If standard gigabit Ethernet isn’t cutting it for you, Intel will soon give you another option: this week at the National Association of Broadcasters (NAB) show in Las Vegas, the company announced a new feature called ” Thunderbolt Networking ” that will soon be available to all PCs with Thunderbolt 2 controllers. The feature, which will be enabled by an upcoming Windows driver update, will “emulat[e] an Ethernet connection environment” and provide a 10Gbps two-way link between two computers connected with a Thunderbolt cable. Since you’ll need to connect the two computers directly to each other, this solution obviously won’t scale as well as real 10Gbps networking equipment. But for now, that hardware remains relatively uncommon and expensive—well outside the price range of individuals and smaller businesses. Thunderbolt Networking is apparently not being enabled for older computers with first-generation Thunderbolt controllers. While the feature will be new to the Windows operating system, the ability to network two Thunderbolt Macs together was introduced back in Mavericks. It doesn’t appear to require Thunderbolt 2 on that platform, though as we experienced , configuring a Thunderbolt Bridge can make for fast but occasionally choppy transfer speeds. That test connected one Thunderbolt 2 Mac to an older model with a first-generation Thunderbolt controller, though—it’s possible that connecting Thunderbolt 2 Macs to each other results in a more stable connection however. This new Windows driver update will enable any two Thunderbolt 2 PCs and Macs to be connected, though to date the Windows laptops, workstations, and motherboards with integrated Thunderbolt 2 controllers have been few and far between. Read on Ars Technica | Comments

Original post:
Intel expands 10Gbps “Thunderbolt Ethernet” capability to Windows

Experian in hot seat after exposing millions of social security numbers [Update]

Ruddington Photos/Flickr Regulators from several states are investigating a data breach from a subsidiary of the credit-tracking behemoth Experian. The investigation by attorneys general in these states concerns whether the subsidiary adequately secured some 200 million social security numbers and whether victims were properly notified. The investigation, first disclosed by Reuters , comes as the Obama administration is pressing for legislation requiring companies to better secure customer data . A Vietnamese man who operated a website, called findget.me, offering social security numbers has pleaded guilty to charges that he obtained the data from the Experian subsidiary, Court Ventures. The firm, a court document retrieval service, also jointly maintains a database of some 200 million social security numbers with another firm. Read 5 remaining paragraphs | Comments

See the article here:
Experian in hot seat after exposing millions of social security numbers [Update]

Creepshots: Microsoft discovers an on-campus peeping tom

Microsoft’s lush RedWest campus. Microsoft On July 24, 2013, a Microsoft vendor employee working at the company’s RedWest campus in Redmond had a piece of good fortune—he found a Muvi USB video camera just lying in the footpath between buildings. He picked up the camera, only later taking a look at the footage on the device, which revealed that his good fortune was actually evidence of a crime. The Muvi camera contained “upskirt” video footage of women climbing stairs or escalators—or sometimes just standing in checkout lines—and some of it had been shot on Microsoft’s campus. The vendor employee reported the incident to Microsoft Global Security, who took possession of the camera on July 26. To find the camera’s owner, two Global Security investigators pulled up Microsoft’s internal security camera footage covering the RedWest footpath. They began by locating the moment when the vendor employee walked into the frame, paused, and bent down to retrieve the camera off the ground. Investigators then rewound the footage to see who had dropped it. At the 11:24am mark, they saw a man in a collared shirt and reddish pants walk out of a RedWest building and walk along the footpath. Then, at 11:25am, the vendor employee appeared and picked up the camera. At 11:26am, the man in the reddish pants suddenly returned to the picture. According to a later report from the Redmond Police Department, he was “rushing” back to the RedWest building he had just left and appeared “nervous, frantically looking around.” He eventually used a keycard to re-enter the RedWest building. Read 6 remaining paragraphs | Comments

Visit site:
Creepshots: Microsoft discovers an on-campus peeping tom

Cassini points to a hidden ocean on Saturn’s icy moon

I carry an ocean in my womb. NASA/JPL/SSI/J Major Finding liquid water on a body within the Solar System is exciting. The only thing that is probably more exciting is finding an ocean full of it. Today such news comes via Cassini, which has made measurements that show that Saturn’s moon Enceladus has a hidden ocean beneath its icy surface. While orbiting Saturn in 2005, Cassini found jets of salty water spewing from the south polar region of Enceladus. According to Luciano Iess of Sapienza University of Rome, lead author of the new study published in Science , “The discovery of the jets was unexpected.” Geysers require liquid water, and we wouldn’t expect Enceladus to have any. It is too far from the Sun to absorb much energy and too small (just 500km in diameter) to have trapped enough internal energy to keep its core molten. The answer to how the water got there might lie in the details of the moon’s internal structure. Read 13 remaining paragraphs | Comments

See the original post:
Cassini points to a hidden ocean on Saturn’s icy moon

Google Wireless: Google Fiber cities could get mobile service, but to what end?

Through Google Fiber, Google is already an Internet service provider, piping Gigabit Internet to homes and businesses in a handful of cities across the US. According to a report from The Information (paywall)  Google has been considering supplementing Google Fiber’s home Internet access with a wireless cellular service. Google’s plan wasn’t to build towers, but to become a Mobile Virtual Network Operator (MVNO)—basically a middle man who buys service from one of the “big four” carriers at wholesale prices and resells that to consumers under its own brand. According to the report, Google spoke to Sprint and then Verizon about reselling their networks to customers, with the Verizon talks happening earlier this year. The service would be available to users in Google Fiber cities, and it would be supplemented with free Wi-Fi hotspots. What would Google hope to  accomplish  with a move like this?  Google built Google Fiber from the ground up by putting fiber on poles, running connections to each house, and providing self-built hardware. Complete control over every part of the network allows Google to differentiate Google Fiber in several ways, like service location, speed, and pricing. Google’s plan for its wireless service appears to be much less ambitious, though. A s an MVNO, Google would be using someone else’s network, so the only thing Google would really have control over is the resale price. The whole point of Google Fiber is to “shame” other ISPs into increasing their speeds and lowering their prices. Google doesn’t plan on covering the entire country in fiber, but one look at Google’s 1,000Mbps service for $70 and the traditional ISP plan of 5 to 15Mbps for about the same price looks like a huge ripoff. This ” halo effect ” puts pressure on ISPs to speed up their service, and that makes Google products like search and YouTube run faster. The strategy seems to be working, with companies like AT&T rolling out fiber in response . As an MVNO, Google can’t do anything like the Google Fiber strategy, since it isn’t running the network. It won’t have control over speed or reception, meaning the best it can do to stand out is resell the service very cheaply. Unfairly competing with wireless carriers by pricing to only break even doesn’t seem like it would put much pressure on other carriers, because they would realize Google isn’t trying to turn a profit. Read 5 remaining paragraphs | Comments

View original post here:
Google Wireless: Google Fiber cities could get mobile service, but to what end?

One week before its end of life, 28 percent of Web users are still on Windows XP

Windows XP will receive its last ever security update on April 8th next week. After that, any flaws, no matter how severe, will not be patched by Microsoft, and one would be well advised to not let Windows XP machines anywhere near the public Internet as a result. In spite of this, 28 percent of Web users were still using the ancient operating system in March. This seems unlikely to end well. Net Market Share Net Market Share Chrome has come close to Firefox’s market share a number of times over the years. However, the market share tracker we use, Net Market Share, has never seen Google’s browser actually surpass Mozilla’s—until now. In March, Chrome finally overtook Firefox to claim the second spot. Internet Explorer dropped a quarter of a point, Firefox dropped 0.42 points, and Chrome reaped the reward, gaining 0.68 points. Safari was essentially unchanged, up 0.01 points; likewise Opera, dropping 0.03 points. Read 4 remaining paragraphs | Comments

More:
One week before its end of life, 28 percent of Web users are still on Windows XP