user agreement – Page 58 – Tech Today w/ Ken May

Mozilla making progress with Firefox’s long journey to multiprocess

Multiple Firefox processes. Gill Penney Internet Explorer and Chrome both use a multiprocess architecture to enhance stability and security. They separate the task of parsing and rendering Web pages from the job of drawing the browser on-screen, saving downloaded files, creating network connections, and so on. This allows them to run the dangerous parts—the parts exposed to malicious scripts and exploitative HTML—in a sandbox with reduced permissions, making it harder for browser flaws to be turned into system compromises. It also means that they’re much more tolerant of crash bugs; a bug will bring down an individual tab, but shouldn’t, in general, bring down the browser as a whole. In 2009, Mozilla announced the Electrolysis project , which was to bring this kind of multiprocess design to Firefox. Read 10 remaining paragraphs | Comments

Read the article:
Mozilla making progress with Firefox’s long journey to multiprocess

Found: hacker server storing two million pilfered paswords

Spider Labs Researchers have unearthed a server storing more than two million pilfered login credentials for a variety of user accounts, including those on Facebook, Yahoo, Google, Twitter, and a handful of other websites. More than 1.5 million of the user names and passwords are for website accounts, including 318,121 for Facebook, 59,549 for Yahoo, 54,437 for Google, and 21,708 for Twitter, according to a blog post published Tuesday by researchers from security firm Trustwave’s Spider Labs. The cache also included credentials for e-mail addresses, FTP accounts, remote desktops, and secure shells. More than 1.8 million of the passwords, or 97 percent of the total, appeared to come from computers located in the Netherlands, followed by Thailand, Germany, Singapore, and Indonesia. US accounts comprised 0.1 percent, with 1,943 compromised passwords. In all, the data may have come from as many as 102 countries. Read 5 remaining paragraphs | Comments

Link:
Found: hacker server storing two million pilfered paswords

Google compute cloud load balances 1 million requests per second for $10

We hold Google ransom for… one million Web requests. New Line Cinema Google Compute Engine, the company’s infrastructure-as-a-service cloud that competes against Amazon Web Services, is trying to take reliability and scale to the extreme. Yesterday, the company said it was able to serve “one million load balanced requests per second” with a single IP address receiving the traffic and distributing it across 200 Web servers. Each of the million requests was just “one byte in size not including the http headers,” Google Performance Engineering Manager Anthony F. Voellm wrote in a blog . It’s thus not representative of real-world traffic, but the simulation shows that Compute Engine should be able to let websites absorb big bursts in traffic without shutting down. According to Google, the test showed the load balancer was able to serve the aforementioned one million requests “within five seconds after the setup and without any pre-warming.” The test ran for more than seven minutes. “The 1M number is measuring a complete request and successful response,” Voellm wrote. Read 9 remaining paragraphs | Comments

New Linux worm targets routers, cameras, “Internet of things” devices

Wesley Fryer Researchers have discovered a Linux worm capable of infecting a wide range of home routers, set-top boxes, security cameras, and other consumer devices that are increasingly equipped with an Internet connection. Linux.Darlloz , as the worm has been dubbed, is now classified as a low-level threat, partly because its current version targets only devices that run on CPUs made by Intel, Symantec researcher Kaoru Hayashi wrote in a blog post published Wednesday . But with a minor modification, the malware could begin using variants that incorporate already available executable and linkable format (ELF) files that infect a much wider range of “Internet-of-things” devices, including those that run chips made by ARM and those that use the PPC, MIPS, and MIPSEL architectures. “Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability,” Hayashi explained. “If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.” Read 4 remaining paragraphs | Comments

More:
New Linux worm targets routers, cameras, “Internet of things” devices

Google launches Play Newsstand: a hybrid magazine store and RSS reader

The long-rumored Google Play Newsstand for Android has finally launched , and it’s not at all what we were expecting. Early reporting and investigation pinned it as a newspaper section of the Play Store, but it’s much more than that. Google is selling newspapers and magazines under a single banner, and there’s a visual-heavy RSS reader, sort of like Flipboard. This means Newsstand is replacing two of Google’s existing apps: Google Play Magazines and Google Currents. Google is pitching it as “all your subscriptions in one place.” Like most things “Google” these days, calling it an “app” isn’t really the whole story. There’s also a new section of the desktop Play Store, and some magazines and newspapers are even viewable in the browser. RSS is strictly confined to the app, though. Just like the old Play Magazines, paid content is available as a subscription or on a per-issue basis, and 30-day trials are available for some premium content. RSS feeds, magazines, and newspaper can be downloaded for offline reading later, and there’s also a bookmark function. Read 1 remaining paragraphs | Comments

See the original post:
Google launches Play Newsstand: a hybrid magazine store and RSS reader

Hack of Cupid Media dating website exposes 42 million plaintext passwords

A hack on niche online dating service Cupid Media earlier this year has exposed names, e-mail addresses and—most notably—plain-text passwords for 42 million accounts, according to a published report. The cache of personal information was found on the same servers that housed tens of millions of records stolen in separate hacks on sites including Adobe , PR Newswire , and the National White Collar Crime Center, KrebsonSecurity journalist Brian Krebs reported Tuesday night . An official with Southport, Australia-based Cupid Media told Krebs that user credentials appeared to be connected to “suspicious activity” that was detected in January. Officials believed they had notified all affected users, but they are in the process of double-checking that all affected accounts have had their passwords reset in light of Krebs’s discovery. The compromise of 42 million passwords makes the episode one of the biggest passcode breaches on record. Adding to the magnitude is the revelation the data was in plain-text, instead of a cryptographically hashed format that requires an investment of time, skill, and computing power to crack. As Krebs noted: Read 3 remaining paragraphs | Comments

Continue Reading:
Hack of Cupid Media dating website exposes 42 million plaintext passwords

Feds arrest ATM thieves after discovering $800,000 stuffed in a suitcase

Noah Coffey Federal authorities have arrested five more men accused of taking part in a 21st-century bank heist that siphoned a whopping $45 million out of ATMs around the world in a matter of hours. Prosecutors said the men charged on Monday were members of the New York-based cell of a global operation and contributed to the $45 million theft by illegally withdrawing $2.8 million from 140 different ATMs in that city. The arrests came after the defendants sent $800,000 in cash proceeds in a suitcase transported by bus to a syndicate kingpin located in Florida, US Attorney for the Eastern District of New York Loretta E. Lynch said . Photos seized from one defendant’s iPhone showed huge amounts of cash piled on a hotel bed and being stuffed into luggage, she said. The heists took place during two dates in December 2012 and targeted payment cards issued by the National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman respectively. Prosecutors dubbed the heists “unlimited” operations because they systematically removed the withdrawal limits normally placed on debit card accounts. These restrictions work as a safety mechanism that caps the amount of loss that banks normally face when something goes wrong. The operation removed the limits by hacking into two companies that processed online payments for the two targeted banks, prosecutors alleged in earlier indictments. Prosecutors didn’t identify the payment processors except to say that one was in India and the other was in the United States. Read 3 remaining paragraphs | Comments

Visit link:
Feds arrest ATM thieves after discovering $800,000 stuffed in a suitcase

California shuts down 10 “fraudulent” health care websites

This is the real McCoy. Covered California In a move rarely seen by state authorities, California has shut down 10 domain names that the Golden State claims were fraudulent imitations of Covered California, the state’s own version of the Affordable Care Act. On Thursday, the state’s attorney general announced that it had forced 10 domain names to either redirect to the bona fide Covered California website, or to remove their sites entirely. California also sent cease and desist letters to the operators of those sites. As California’s attorney general, Kamala Harris, wrote in a statement : Read 5 remaining paragraphs | Comments

Read the original post:
California shuts down 10 “fraudulent” health care websites

Google Books ruled legal in massive win for fair use

Moyan Brenn A long-running copyright lawsuit between the Authors’ Guild and Google over its book-scanning project is over, and Google has won on the grounds that its scanning was “fair use.” In other words, the snippets of books that Google shows for free don’t break copyright, and it doesn’t need the authors’ permission to engage in the scanning and display of short bits of books. On the fair use factor that’s often the most important—whether or not the fair use of a work hurts the market for the original work—US District Judge Denny Chin seemed to find the plaintiffs’ ideas both nonsensical and ignorant of the limits on the Google Books software: Read 1 remaining paragraphs | Comments

See the original post:
Google Books ruled legal in massive win for fair use

Android 4.4 KitKat, thoroughly reviewed

After three Jelly Bean releases in a row, Google has unleashed a major revision to the world’s most widely used operating system. With the Nexus 5 comes Android 4.4 “KitKat.” KitKat brings a ton of enhancements: support for hidden system and status bars, printer support, and lower memory usage. It also has a number of user-level improvements, including a new dialer, a Google-infused home screen, and a whole pile of UI refinements. The lower memory usage is particularly important because Google hopes this is the feature that will finally kill Gingerbread and other older versions of Android. Ice Cream Sandwich raised the system requirements for Android quite a bit, and to this day you still see lower-end phones shipping with Gingerbread because of the lower barrier to entry. Unfortunately, the only device that currently runs KitKat is the Nexus 5, which has a whopping 2GB of RAM, so there isn’t much memory testing that we can do right now. We’ll have to wait for actual low-memory hardware running KitKat to evaluate any of the low-memory requirement claims. We can take a look at just about everything else, though. We believe KitKat is the biggest Android release since Ice Cream Sandwich. Google has touched nearly every part of the OS in some way, so there’s a lot to cover. Read 47 remaining paragraphs | Comments

See more here:
Android 4.4 KitKat, thoroughly reviewed