user agreement – Page 45 – Tech Today w/ Ken May

Bugs in widely used WordPress plug-in leave sites vulnerable to hijacking

Security researchers have discovered vulnerabilities in a widely used WordPress extension that leaves sites susceptible to remote hijacking. WordPress-powered sites that use the All in One SEO Pack should promptly install an update that fixes the privilege escalation vulnerabilities, Marc-Alexandre Montpas, a researcher with security firm Sucuri wrote in a blog post published Saturday . Administrators can upgrade by logging in to the admin panel, selecting plug-ins, and choosing the All in One title. The just-released version that fixes the vulnerabilities is 2.1.6. The worst of the attacks made possible by the bugs can allow attackers to inject malicious code into the admin control panel, Montpas warned. Malicious hackers could then change an admin’s password or insert backdoor code into the underlying websites. People could also remotely tamper with a site’s search engine optimization settings. To exploit the bugs, attackers need only an unprivileged account on the site, such as one for posting reader comments. In some cases, the privilege escalation and cross-site scripting bugs in All in One SEO are combined with another vulnerability that Montpas didn’t elaborate on. Read 2 remaining paragraphs | Comments

View article:
Bugs in widely used WordPress plug-in leave sites vulnerable to hijacking

Meet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks

A packet capture showing Cupid attacking a wireless network. SysValue It just got easier to exploit the catastrophic Heartbleed vulnerability against wireless networks and the devices that connect to them thanks to the release last week of open source code that streamlines the process of plucking passwords, e-mail addresses, and other sensitive information from vulnerable routers and connected clients. Dubbed Cupid, the code comes in the form of two software extensions. The first gives wireless networks the ability to deploy “evil networks” that surreptitiously send malicious packets to connected devices. Client devices relying on vulnerable versions of the OpenSSL cryptography library can then be forced to transmit contents stored in memory. The second extension runs on client devices. When connecting to certain types of wireless networks popular in corporations and other large organizations, the devices send attack packets that similarly pilfer data from vulnerable routers. The release of Cupid comes eight weeks after the disclosure of Heartbleed , one of the most serious vulnerabilities to ever hit the Internet. The flaw, which existed for more than two years in OpenSSL, resides in “heartbeat” functions designed to keep a transport layer security (TLS) connection alive over an extended period of time. Read 5 remaining paragraphs | Comments

See more here:
Meet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks

Payback time: First patent troll ordered to pay “extraordinary case” fees

FindTheBest CEO Kevin O’Connor and Director of Operations Danny Seigle. FindTheBest When Santa Barbara startup FindTheBest (FTB) was sued by a patent troll called Lumen View last year, it vowed to fight back rather than pay up the $50,000 licensing fee Lumen was asking for. Company CEO Kevin O’Connor made it personal, pledging $1 million of his own money to fight the legal battle. Once FindTheBest pursued the case, the company dismantled the troll in short order. In November, the judge invalidated Lumen’s patent, finding it was nothing more than a description of computer-oriented “matchmaking.” At that point, FindTheBest had spent about $200,000 on its legal fight—not to mention the productivity lost in hundreds of work hours spent by top executives on the lawsuit, and three all-company meetings. Read 10 remaining paragraphs | Comments

Photonic crystals used to make optical RAM

This photonic lattice created at Sandia National Laboratories acts like a crystal in guiding light because of its tiny, regularly placed silicon “logs.” Japanese researchers have shown how to use photonic crystals like this as optical RAM. Sandia National Labs Most high-speed networking is done using optical fibers. The hardware on each end of these fibers has to convert the optical signals to electronic ones in order to figure out a packet’s destination and will often return it to optical form before sending it on toward its destination. Researchers at the Japanese telecom NTT find all that converting a bit wasteful and are working on ways to avoid it. They’ve recently published a paper that includes a description of a working 115-bit optical Random Access Memory device, made of a carefully structured series of photonic crystals, each of which can store light of a different wavelength. Photonic crystals are made of layered semiconductors, with the precise structure (the thickness and spacing of the layers) determining how they interact with light—it’s possible to make photonic crystals that selectively block or transmit a narrow frequency range. Read 8 remaining paragraphs | Comments

Prosecutors: ex-LulzSec hacker “Sabu” helped authorities stop 300+ cyberattacks

The much delayed sentencing of former LulzSec hacker-turned-FBI informant Hector “Sabu” Monsegur is set to take place next week. But before any decisions are made public, new court documents (PDF) show Monsegur has helped the feds disrupt more than 300 attacks against targets ranging from the US military to NASA, Congress to private companies. “The amount of loss prevented by Monsegur’s actions is difficult to fully quantify, but even a conservative estimate would yield a loss prevention figure in the millions of dollars,” the document stated. The tale of Sabu’s arrest and LulzSec’s fall: FBI still needs Hector “Sabu” Monsegur, sentencing delayed (again) “Literally” the day he was arrested, hacker “Sabu” helped the FBI LulzSec leader “Sabu” worked with FBI since last summer FBI names, arrests Anon who infiltrated its secret conference call Inside the hacking of Stratfor: the FBI’s case against Antisec member Anarchaos All the latest on the unmasking of LulzSec leader “Sabu,” arrests Stakeout: how the FBI tracked and busted a Chicago Anon Doxed: how Sabu was outed by former Anons long before his arrest Anonymous attacks security firm as revenge for LulzSec arrests “Everything incriminating has been burned”: Anons fight panic after Sabu betrayal Monsegur assisted in high-profile hacks of security firm HBGary and others as a member of LulzSec, a sect of Anonymous. He began cooperating with the FBI in June 2011 after his arrest at the Jacob Riis public housing complex in New York City. His work for the feds began immediately . Eventually Monsegur helped the government build cases against numerous Anonymous hackers, including Stratfor hacker Jeremy Hammond . He apparently also assisted the government in its investigation of Wikileaks . According to the New York Times , prosecutors filed the new documents because they are asking Judge Loretta A. Preska for leniency in light of Monsegur’s “extraordinary cooperation.” Sentencing in Monsegur’s case is currently scheduled for Tuesday in a Federal District Court in Manhattan. But while some of the other hackers in the LulzSec saga have faced steep penalties (for example, Hammond is serving a 10-year sentence), the government has asked for Monsegur to only be sentenced to time served— just seven months . Read 1 remaining paragraphs | Comments

Read this article:
Prosecutors: ex-LulzSec hacker “Sabu” helped authorities stop 300+ cyberattacks

Wireless broadband can reach the moon, and maybe Mars

Prescott Pym Aside from air, water and fresh vegetables, what would need to survive on the moon? One thing that would likely of feature high on the list is a decent, reliable wireless internet. And thanks to a group of researches from MIT and Nasa this kind of connectivity could be within the realms of possibility. Between them, the two organizations have demonstrated for the first time that data communication technology is capable of providing those in space with the same kind of connectivity we enjoy on Earth, and can even facilitate large data transfers and high-definition video streaming. To do this it uses four separate telescopes based at a ground terminal in New Mexico to send the uplink signal to the moon. A laser transmitter that can send information as coded pulses of invisible infrared light feeds into each of the telescopes, which results in 40 watts of transmitter power. Read 7 remaining paragraphs | Comments

More:
Wireless broadband can reach the moon, and maybe Mars

Apple will fix iMessage bug that makes it harder to leave the service

Andrew Cunningham iPhone users (and ex-iPhone users) attempting to sign out of Apple’s iMessage service recently began running into a nasty bug. Signing out of iMessage means that iPhones trying to text your number should seamlessly switch back to using SMS. However, this hasn’t been happening lately—instead, these iMessages continue to be sent as iMessages. They never actually make it to their destination, and neither the sender nor the receiver is given any indication that the message has failed. Apple acknowledged the bug in a statement to Re/code this morning , noting that it has “recently fixed a server-side iMessage bug which was causing an issue for some users,” and that an additional software update was being planned to fix more problems. Signing out of the iMessage service has always been more difficult than enabling it, and I say that as someone who recently disabled iMessage to make jumping between iOS, Android, Windows Phone, and other mobile operating systems easier. In my case, iMessages sent to my newly disconnected number would simply fail to send, and the problem only worked itself out after I changed my Apple ID password (thereby signing all of my devices out of the service), disassociating my phone number from my Apple ID, and then calling Apple support about the problem. This new bug sounds worse, since message senders don’t even know that the texts aren’t arriving at their destination. Read 1 remaining paragraphs | Comments

More:
Apple will fix iMessage bug that makes it harder to leave the service

Sailor convicted of hacking websites from aboard aircraft carrier

The USS Harry S. Truman apparently had adequate Internet bandwidth for a sailor to hack websites in his spare time. US Navy A 27-year old now-former sailor pleaded guilty in a federal court in Tulsa, Oklahoma on May 20 to charges of conspiracy after leading a band of hackers in the US and Canada from onboard an aircraft carrier . Nicholas Paul Knight, who was the system administrator for the USS Harry S. Truman’s nuclear reactors department, was caught trying to hack into a Navy database while at sea. Knight and a co-defendant—Daniel Kreuger of Salem, Illinois—were part of “Team Digi7al,” a collective of hackers who attacked at least 24 websites in 2012 in search of personal identifying information. Knight himself hacked the Navy’s Smart Web Move website , a system for sailors to manage household moves during transfers between stations; that hack included about 220,000 service members’ Social Security numbers, dates of birth, addresses, and other personal data. Other sites attacked by the group included ones operated by the Department of Homeland Security, the Library of Congress, Stanford University, Los Alamos National Laboratory, the Toronto Police Service, and the University of Nebraska-Lincoln. Read 2 remaining paragraphs | Comments

Original post:
Sailor convicted of hacking websites from aboard aircraft carrier

Airbnb gives up customer data to NY attorney general

Airbnb Home renting company Airbnb announced Wednesday that under pressure from the New York attorney general’s office, it will hand over the anonymized personal data of its New York hosts to the state. New York Attorney General Eric Schneiderman subpoenaed three years’ worth of data in 2013 in an effort to suss out whether Airbnb users are running “illegal hotels” and to determine if Airbnb’s business model and platform comply with the law. Schneiderman stated his suspicions in April that Airbnb hosts in New York operate residences or parts of their homes like hotels—but without the fire, safety, and tax regulations normally applied to hotels. Airbnb hosts could also be in violation of a 2010 law that prohibits New Yorkers from renting entire apartments for less than 29 consecutive days. Schneiderman claimed that Airbnb sells itself to investors as a hotel network, but it attempts to keep that pitch out of the public sphere for fear of incurring legal hotel status. The New York Supreme Court rejected Schneiderman’s subpoena request on May 13, “but the judge’s ruling also made it clear that he would accept a new, narrower subpoena and require Airbnb to turn over personal information about hosts if the Attorney General’s Office made some changes to their demands,” wrote Airbnb in its blog post Wednesday. Read 1 remaining paragraphs | Comments

More:
Airbnb gives up customer data to NY attorney general

California approves test of self-driving cars on public roads

Terrence Lui On Tuesday, the California Department of Motor Vehicles (DMV) officially approved rules to allow the testing of autonomous vehicles on public roads. The rules will take effect September 16, 2014. The move has been a long time coming , with the DMV promising back in December 2013 that it would post regulations for public use of self-driving cars and then holding a public hearing in January to address concerns about them. These new rules will set a statewide standard for all manufacturers. (Although Google has been running pilot programs in Mountain View and elsewhere, it’s not the only company pursuing an automated vehicle—Nvidia told Ars last week that Audi has plans to incorporate a “cruise control for stop-and-go traffic” feature in one of its cars come 2015.) Bryant Walker Smith, a fellow at the Center for Automotive Research at Stanford (CARS), told Ars that the new rules could change how manufacturers proceed with their testing. “The DMV has a really, really difficult task, and I was impressed with the thoughtfulness of their approach,” he said. “I would say that anyone who is reading these documents will have to read very closely.” Read 6 remaining paragraphs | Comments

More here:
California approves test of self-driving cars on public roads