Tag: user agreement

Millions of dymanic DNS users suffer after Microsoft seizes No-IP domains

Microsoft Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users. Microsoft enforced a federal court order making the company the domain IP resolver for the No-IP domains. Microsoft said the objective of the seizure was to identify and reroute traffic associated with two malware families that abused No-IP services. Almost immediately, end-users, some of which were actively involved in Internet security, castigated the move as heavy handed, since there was no evidence No-IP officially sanctioned or actively facilitated the malware campaign, which went by the names Bladabindi (aka NJrat) and Jenxcus (aka NJw0rm). “By becoming the DNS authority for those free dynamic DNS domains, Microsoft is now effectively in a position of complete control and is now able to dictate their configuration,” Claudio Guarnieri, co-founder of Radically Open Security, wrote in an e-mail to Ars Technica. “Microsoft fundamentally swept away No-IP, which has seen parts of its own DNS infrastructure legally taken away.” Read 6 remaining paragraphs | Comments

Read the article:
Millions of dymanic DNS users suffer after Microsoft seizes No-IP domains

Serious Android crypto key theft vulnerability affects 10% of devices

Kevlangdo Researchers have warned of a vulnerability present on an estimated 10 percent of Android phones that may allow attackers to obtain highly sensitive credentials, including cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices. The vulnerability resides in the Android KeyStore , a highly sensitive region of the Google-made operating system dedicated to storing cryptographic keys and similar credentials, according to an advisory published this week by IBM security researchers. By exploiting the bug, attackers can execute malicious code that leaks keys used by banking and other sensitive apps, virtual private network services, and the PIN or finger patterns used to unlock handsets. The advisory said Google has patched the stack-based buffer overflow only in version 4.4, aka KitKat, of Android. The remaining versions, which according to Google figures run 86.4 percent of devices , have no such fix. In an update, IBM said the vulnerability affected only version 4.3, which runs on about 10.3 percent of handsets. There are several technical hurdles an attacker must overcome to successfully exploit the vulnerability. Android is fortified with modern software protections, including data execution prevention and address space layout randomization, both of which are intended to make it much harder for hackers to execute code when they identify security bugs. Attackers would also have to have an app installed on a vulnerable handset. Still, the vulnerability is serious because it resides in KeyStore, arguably one of the most sensitive resources in the Android OS. In an e-mail, Dan Wallach , a professor specializing in Android security in the computer science department of Rice University, explained: Read 5 remaining paragraphs | Comments

See the original article here:
Serious Android crypto key theft vulnerability affects 10% of devices

Steam reaches highest-ever concurrent user count at over 8 million

Aurich Lawson Over the weekend, Steam’s annual summer video game sale posted its final list of bargains, gathering the two-week sale’s most popular discounts for one last hurrah. Steam sales veterans, heeding the usual advice of “wait until the last day,” responded in kind by storming the service during the sale’s final 24 hours. On Steam’s official statistics page, which logs the past 48 hours of activity, the service confirmed just how big that last hurrah was, counting over 8 million simultaneous live users on Sunday . That’s a new peak for the service, which had crossed the 7 million concurrent mark this past December. Valve Software, operators of the Steam store, announced during January’s Steam Dev Days that the service had reached 75 million active users, which comes shy of the 186 million accounts we measured in April . A NeoGAF thread talking about the Steam numbers showed that they compare well to Xbox Live’s 48 million members (both Gold and otherwise) as of May 2013 and PSN’s 110 million members as of July 2013. Read 1 remaining paragraphs | Comments

View post:
Steam reaches highest-ever concurrent user count at over 8 million

Running WordPress? Got webshot enabled? Turn it off or you’re toast

A zero-day vulnerability in the popular TimThumb plugin for WordPress leaves many websites vulnerable to exploits that allow unauthorized attackers to execute malicious code, security researchers have warned. The vulnerability, which was disclosed Tuesday on the Full Disclosure mailing list , affects WordPress sites that have TimThumb installed with the webshot option enabled. Fortunately, it is disabled by default, and sites that are hosted on WordPress.com are also not susceptible. Still, at press time, there was no patch for the remote-code execution hole. People who are unsure if their WordPress-enabled site is vulnerable should open the timthumb file inside their theme or plugin directory, search for the text string “WEBSHOT_ENABLED,” and ensure that it’s set to false. When “WEBSHOT_ENABLED” is set to true, attackers can create or delete files and execute a variety of other commands, Daniel Cid, CTO of security firm Sucuri, warned in a blog post published Thursday . He said uploading a file to a vulnerable site was possible using URLs such as the following, where a.txt was the file being created: Read 1 remaining paragraphs | Comments

View original post here:
Running WordPress? Got webshot enabled? Turn it off or you’re toast

NASA melds vacuum tube tech with silicon to fill the terahertz gap

Vacuum tubes in a guitar amplifier. Shane Gorski The transistor revolutionized the world and made the abundant computing we now rely on a possibility, but before the transistor, there was the vacuum tube. Large, hot, power hungry, and prone to failure, vacuum tubes are a now-forgotten relic of the very earliest days of computing. But there’s a chance that vacuum tube technology could make its way back into computers—albeit without the vacuum—thanks to NASA research that has put together nanoscale “vacuum channel” transistors that can switch at more than 400GHz. Vacuum tubes have three important components: two electrodes—the negative, electron-emitting cathode, and the positive, electron-receiving anode—and a control grid placed between them. The flow of current between the cathode and the anode is controlled by the grid; the higher the voltage applied to the grid, the greater the amount of current that can flow between them. All three parts are housed in an evacuated glass tube or bulb and look somewhat like a kind of overcomplicated light bulb. The thing that made vacuum tubes so hot and power hungry was the cathode. Electrons can be encouraged to cross gaps by using very high voltages, but these tend to be difficult to work with. Instead, a phenomenon called thermionic emission is used—heat a piece of metal up enough, and the thermal energy lets the electrons escape the metal. Vacuum tubes have heating elements to make the cathode hot enough to emit electrons. Read 8 remaining paragraphs | Comments

View post:
NASA melds vacuum tube tech with silicon to fill the terahertz gap

Mint 17 is the perfect place for Linux-ers to wait out Ubuntu uncertainty

The team behind Linux Mint unveiled its latest update this week—Mint 17 using kernel 3.13.0-24, nicknamed “Qiana.” The new release indicates a major change in direction for what has quickly become one of the most popular Linux distros available today. Mint 17 is based on Ubuntu 14.04, and this decision appears to have one major driver.  Consistency.  Like the recently released Ubuntu 14.04, Mint 17 is a Long Term Support Release. That means users can expect support to continue until 2019. But even better, this release marks a change in Mint’s relationship with Ubuntu. Starting with Mint 17 and continuing until 2016, every release of Linux Mint will be built on the same package base—Ubuntu 14.04 LTS. With this stability, instead of working to keep up with whatever changes Ubuntu makes in the next two years, Mint can focus on those things that make it Mint. With major changes on the way for Ubuntu in the next two years, Mint’s decision makes a lot of sense. Not only does it free up the Mint team to focus on its two homegrown desktops (Cinnamon and MATE), but it also spares Mint users the potential bumpy road that is Ubuntu’s future. Read 53 remaining paragraphs | Comments

Original post:
Mint 17 is the perfect place for Linux-ers to wait out Ubuntu uncertainty

Microsoft wants you to trade in your MacBook Air for a Surface Pro 3

Ready to kick your MacBook Air to the curb (and wonder how much exactly in in-store credit it’s worth)? Your friendly neighborhood Microsoft Store is ready to help. Peter Bright This weekend, Microsoft Stores launched a trade-in program to encourage sales of the new Surface Pro 3 , but the trade-in promotion named only a single device : the MacBook Air, at a value of “up to $650” toward any Surface Pro 3 purchase. At the lowest specification, that trade-in amount would let buyers walk out of a Microsoft Store with an Intel i3 Surface Pro 3 for as little as $150. Though Microsoft Stores maintain a trade-in program that accepts video games, consoles, Apple iDevices, and PC laptops, this is the first promotion from Microsoft Stores that has actively sought Apple laptops—or, in this case, laptop singular. Seeing as how Microsoft has attempted to position the Surface Pro 3 as the best of both tablet and laptop worlds, the capable, paper-thin MacBook Air is the obvious recipient of Microsoft’s promotional crosshairs. We called the flagship Microsoft Store in Seattle with trade-in value questions, and while the representative said that any Macbook Air could be traded in at stores in the United States and Canada, he insisted that Microsoft won’t break down the exact trade-in value of a given Macbook Air or any other Apple hardware (iPhones, iPads, etc.) without seeing the product in person. The response came even after we tried listing off our MacBook Air’s processor, hard drive, and other specs. This stays in line with Microsoft Store policy through their own website to not disclose trade-in values. Read on Ars Technica | Comments

Read more here:
Microsoft wants you to trade in your MacBook Air for a Surface Pro 3

Tell a lie, remove the gear: How the NSA covers up when cable taps are found

Der Spiegel via Edward Snowden via NSA Sometimes, the spooks do get caught. German magazine Der Spiegel yesterday revealed a new slide  (PDF) from the Edward Snowden document cache that offers a tantalizing glimpse of what it looks like when someone stumbles on an intelligence agency cable tap. The NSA’s Special Source Operations (SSO) branch isn’t in the business of computer hacking but of cable tapping; its logo shows an eagle flying above the globe and clutching a string of wires in its talons. These taps, each obscured with a codename, are often made deep within the network of telecom providers and often with the cooperation of key executives. But sometimes non-cleared people start raising questions about just what might be going on, as was the case with AT&T whistleblower Mark Klein, who revealed an NSA “secret room” in San Francisco . On March 14, 2013, an SSO weekly briefing included a note regarding such a discovery. The unit had been informed two days earlier that “the access point for WHARPDRIVE was discovered by commercial consortium personnel. Witting partner personnel have removed the evidence and a plausible cover story was provided. All collection has ceased.” Read 2 remaining paragraphs | Comments

See the original post:
Tell a lie, remove the gear: How the NSA covers up when cable taps are found

Hacker infects Synology storage devices, makes off with $620,000 in Dogecoin

One of the affected Synology devices. Synology A hacker generated digital coins worth more than $620,000 by hijacking a popular type of Internet-connected storage device from Synology, security researchers said. The incident, which was documented in a research report published Tuesday by Dell SecureWorks, is only the latest hack to steal other people’s computing resources to perform the computationally intense process of digital currency mining. The cryptographic operations behind the process often draw large amounts of power and produce lots of heat. People looking to acquire a large war chest of digital coins typically must pour large amounts of money and effort into the endeavor. One way malicious actors get by this requirement is by compromising large numbers of devices operated by other people. The devices then perform the work at the expense of the unsuspecting end users and pass on the proceeds to the attacker. According to researchers from SecureWorks Counter Threat Unit, the attackers exploited four separate vulnerabilities contained in the software of Synology network-attached storage boxes. The vulnerabilities were documented in September and fixed in February by Synology . By then, large numbers of people began complaining their Synology devices were running sluggishly and extremely hot . It turns out that at least some of them were running software that mined large sums of the Dogecoin cryptocurrency. Read 4 remaining paragraphs | Comments

See more here:
Hacker infects Synology storage devices, makes off with $620,000 in Dogecoin

Report: Seattle paid $17,500 to boost online reputation of city official

tdlucas5000 A newly-published document shows that Seattle’s publicly-owned electrical utility paid thousands of dollars to Brand.com to manage the online reputation of CEO Jorge Carrasco. The document , which was received and published Saturday by the Seattle Times after a public records request, shows that Brand.com charged City Light $5,000 in December 2013. As the contract states: Read 6 remaining paragraphs | Comments

Excerpt from:
Report: Seattle paid $17,500 to boost online reputation of city official