vanity-fair – Page 20 – Tech Today w/ Ken May

Teen arrested for 30 “swatting” attacks against schools, security reporter

Police in the Canadian city of Ottawa said they arrested a 16-year-old male charged with carrying out so-called “swatting” attacks that targeted 30 North American targets. One of the targets included KrebsOnSecurity reporter Brian Krebs , who was previously on the receiving end of a vicious swatting attack that resulted in a team of police pointing guns at him as he opened the front door of his Virginia home. Krebs said the recent attacks were preceded by taunts from someone controlling the Twitter handle @ProbablyOnion . The last tweet made from that account, made on Thursday, stated: “Still awaiting for the horsies to bash down my door.” The individual didn’t have long to wait. That same day, the 16-year-old was arrested, according to press releases here and here issued by the Ottawa Police Service and the FBI, respectively. Swatting refers to the act of knowingly giving authorities false information about bomb threats, the taking of hostages, or similar threats in progress with the goal of tricking heavily armed police to raid the location of an innocent person or group. According to authorities, the unnamed 16-year-old allegedly carried out swatting attacks on 30 targets, including schools in North America that responded with lockdowns or evacuations. The minor was charged with 60 criminal offenses, including public mischief, mischief to property, uttering death threats, and conveying false info with intent to alarm. Read 1 remaining paragraphs | Comments

Continued here:
Teen arrested for 30 “swatting” attacks against schools, security reporter

YouTube shuts down public RSS feeds of user subscriptions

If you’re a news junky, you probably use an RSS reader like Feed.ly to keep up with stuff on the Web. One of the nicest ways to consume YouTube subscriptions was to use an RSS feed of new videos, allowing them to show up just like news articles do. You might not have noticed yet, but Google quietly shut down this feature a few days ago. The RSS feed, which used to be http://gdata.youtube.com/feeds/base/users/[username]/newsubscriptionvideos, now throws out a “403 Forbidden” error. Previously, the URL would provide a publicly accessible feed of new subscriptions from any YouTube account, provided users didn’t choose to turn off public subscription retrieval. The feed was part of the YouTube Data API v2, which was deprecated in March of this year. The replacement—predictably named YouTube Data API v3—doesn’t offer a comparable data stream. Bug reports filed for this regression as early as January 2013 have gone unanswered, save for a single response in January 2014 (yes, a year later) saying, “Patch is in the works, however we can’t comment on the expected date.” Now it’s five months later, the feature is gone, and there’s no solution in sight. Read 3 remaining paragraphs | Comments

See more here:
YouTube shuts down public RSS feeds of user subscriptions

Microsoft boosts cloud security, network performance, compute power, and more

At TechEd in Houston today, Microsoft announced a wide range of updates to its Azure cloud platform. As has become customary for Azure updates, the new features announced today include a mix of previews of brand-new capabilities, and general availability releases of features previously only in preview. In the general availability bucket are a set of new networking options for connectivity to Azure. Currently, Azure users connect to Azure through a mix of public Internet addresses and private VPNs, with all traffic going over the Internet. The new ExpressRoute capability provides a third option: direct private connections to Azure, either through exchange providers, or by connecting Azure to existing corporate WANs. ExpressRoute will be offered with a 99.9 percent SLA and four bandwidth tiers: 200Mbps, 500Mbps, 1Gbps, and 10Gbps. Though now generally available, the connectivity is currently limited to connections via two US sites—Silicon Valley and Washington, DC—and London. Microsoft intends to make it available in 13 further locations by the end of the year. Read 10 remaining paragraphs | Comments

See more here:
Microsoft boosts cloud security, network performance, compute power, and more

Router company that threatened a reviewer loses Amazon selling license

The Medialink router that was reviewed. Mediabridge Update 5/8/2014 19:44 CT: On Thursday, Mediabridge Products posted an official statement about this incident to its Facebook page, clarifying its position and saying that Amazon has revoked its selling privileges. (Thanks to PrimalxConvoy for the tip). In the statement, the company says that it did not actually sue the Amazon reviewer, but that it did insist that the reviewer’s “untrue, damaging, and disparaging statements” be taken down. “It’s our sincere belief that reasonable people understand that not only is it within our rights to take steps to protect our integrity, but that it should be expected that we would do so when it is recklessly attacked,” Mediabridge Products wrote. “The reviewer has since changed his review completely to remove the libelous statements, but unfortunately not before having an army attack us on the internet.” The company did not give any clue as to the terms of Amazon’s rescinding of Mediabridge’s selling license, but only said at the end of its statement “Unfortunately, as a result of our attempt to get this reviewer to do the right thing & remove his untrue statements about our company, Amazon has revoked our selling privileges. Many hard-working employees whose livelihood depended on that business will likely be put out of a job, by a situation that has been distorted & blown out of proportion.” Read 8 remaining paragraphs | Comments

New guidelines outline what iPhone data Apple can give to police

If you store your stuff on iCloud, Apple can provide most of that information to law enforcement if it’s requested. Andrew Cunningham We’ve known (or suspected) for some time that Apple can provide data from iOS devices to US law enforcement, whether that data is stored on Apple’s iCloud servers or on a password protected phone or tablet . In an effort to be more transparent about this process, Apple yesterday posted an extensive document describing what data the company can provide to law enforcement and the processes for requesting that data. The document outlines two basic types of data: information stored on Apple’s servers and information stored locally on iOS devices. Information on Apple’s servers includes both data associated with your Apple ID—your basic contact information, customer service records, your transaction history both in Apple’s retail stores and in the online iTunes and App Stores, and iTunes gift card information—and data associated with your iCloud account. All account data stored on Apple’s servers is obtainable “with a subpoena or greater legal process.” The short version is that essentially anything you’ve backed up to or stored on iCloud is available for Apple to fork over to law enforcement, including connection logs and IP addresses you’ve used. Apple has access to 60 days of iCloud mail logs that “include records of incoming and outgoing communications such as time, date, sender e-mail addresses, and recipient e-mail addresses”; any e-mail messages that the user has not deleted; and any other information that can be backed up to iCloud. As of this writing, this list includes contacts, calendars, browser bookmarks, Photo Stream photos, anything that uses the “documents and data” feature (which can include not just word processors but also photo and video apps, games, and data from other applications), and full device backups. Subscriber information requires a “subpoena or greater legal process,” e-mail logs require a court order or search warrant, and e-mail or other iCloud content requires a search warrant. Any iCloud information that the user deletes cannot be accessed. Read 5 remaining paragraphs | Comments

See more here:
New guidelines outline what iPhone data Apple can give to police

Level 3 claims six ISPs dropping packets every day over money disputes

Network operator Level 3, which has asked the FCC to protect it from ” arbitrary access charges ” that ISPs want in exchange for accepting Internet traffic, today claimed that six consumer broadband providers have allowed a state of “permanent congestion” by refusing to upgrade peering connections for the past year. Level 3 and Cogent, another network operator, have been involved in disputes with ISPs over whether they should pay for the right to send them traffic. ISPs have demanded payment in exchange for accepting streaming video and other data that is passed from the network providers to ISPs and eventually to consumers. When the interconnections aren’t upgraded, it can lead to congestion and dropped packets, as we wrote previously regarding a dispute between Cogent and Verizon . In a blog post today , Level 3 VP Mark Taylor wrote: Read 4 remaining paragraphs | Comments

Read the article:
Level 3 claims six ISPs dropping packets every day over money disputes

Infecting DVRs with Bitcoin-mining malware even easier than you suspected

The dialog that appears when users want to manually change the default password on their EPCOM Hikvision S04 DVR. Sans Institute It took just one day for a low-end, Internet-connected digital video recorder to become infected with malware that surreptitiously mined Bitcoins on behalf of the quick-moving attackers. The feat, documented in a blog post published Monday by researchers at the security-training outfit Sans Institute, was all the more impressive because the DVR contained no interface for downloading software from the Internet. The lack of a Wget , ftp, or kermit application posed little challenge for the attackers. To work around the limitation, the miscreants used a series of Unix commands that effectively uploaded and executed a Wget package and then used it to retrieve the Bitcoin miner from an Internet-connected server. Monday’s observations from Sans CTO Johannes Ullrich are part of an ongoing series showing the increasing vulnerability of Internet-connected appliances to malware attacks. In this case, he bought an EPCOM Hikvision S04 DVR off eBay, put it into what he believes was its factory new condition, and connected it to a laboratory “honeypot” where it was susceptible to online attackers. In the first day, it was probed by 13 different IP addresses, six of which were able to log into it using the default username and password combination of “root” and “12345.” Read 4 remaining paragraphs | Comments

View article:
Infecting DVRs with Bitcoin-mining malware even easier than you suspected

Fitbit designer calls Project Ara the “IKEA chair” of smartphones

Magnets, how do they work? Google’s eventual, modular Project Ara smartphone will answer that question and more once its first “millions of units” ship in 2015’s first half. Project Ara To some extent, Gadi Amit, the tech-design guru who owns New Deal Design and helms the team behind devices like Fitbit, is letting go. His latest project forced him to. It’s called Project Ara , a smartphone concept that began as a Motorola product before Google bought the company. Project Ara strays from Amit’s string of simple, elegant, self-contained products. This phone is not like a fitness band or a more efficient camera; it doesn’t solve a single, immediate goal and then step out of the way. Rather, Project Ara demands experimentation and customization, forcing everyone outside of the Project Ara team to become the phone’s designers. In Amit’s eyes, especially in the modern phone era, that has become the point. The mission, even. Read 11 remaining paragraphs | Comments

Taken from:
Fitbit designer calls Project Ara the “IKEA chair” of smartphones

High School senior charged with hacking report-card system

A high school senior in Miami has been arrested on charges claiming he illegally accessed his school’s online report card system and changed grades for him and at least four other students, according to a published report. Jose Bautista, 18, appeared in court Friday, according to WFOR . He reportedly faces charges of intellectual property offense, modifying programs, and an offense against computer users. The student allegedly approached fellow students and asked if they wanted him to change their grades. The principal of Dr. Michael M. Krop Senior High School, the school Bautista attended, said the student gave a written confession detailing the hacking. Bautista’s bond was set at $20,000. He is under house arrest with a GPS monitor. It’s unclear if he will be allowed to graduate or if the other students involved will face any punishment. Read on Ars Technica | Comments

Read this article:
High School senior charged with hacking report-card system

Hulu to launch free mobile content, new iOS app this summer

Free Hulu users will enjoy more full, ad-supported TV episodes this summer, and those ads will quite possibly force Pizza Hut pizza down their throats. Future app updates will add “extra cheese” as an option (we hope). This morning, Hulu CEO Mike Hopkins announced at a New York event that the streaming media service would begin offering select free content to mobile users “this summer.” Currently, Hulu requires a “Plus” subscription to watch its full-length TV and film content on anything other than a desktop Web browser, while non-paying app users are limited to brief video clips until they cough up $7.99 a month. Like Hulu’s free and paid content up until this point, the free-for-mobile summer content will remain advertising-backed. Though the free shows in question haven’t been announced, Hulu used the event to promote its next wave of internally produced programming, including new seasons of The Awesomes and Deadbeat , and it’s tempting to assume that the free mobile access will lean toward some of the only-on-Hulu selection. The move may very well have come in response to individual networks releasing more apps, particularly Comedy Central’s recent self-titled app that serves free, ad-supported episodes for all users (along with a deeper video selection after a user logs in with cable subscription information). Read 1 remaining paragraphs | Comments

More:
Hulu to launch free mobile content, new iOS app this summer