Tag: vanity-fair

GitHub resets user passwords following rash of account hijack attacks

GitHub is experiencing an increase in user account hijackings that’s being fueled by a rash of automated login attempts from as many as 40,000 unique Internet addresses. The site for software development projects has already reset passwords for compromised accounts and banned frequently used weak passcodes, officials said in an advisory published Tuesday night . Out of an abundance of caution, site officials have also reset some accounts that were protected with stronger passwords. Accounts that were reset despite having stronger passwords showed login attempts from the same IP addresses involved in successful breaches of other GitHub accounts. “While we aggressively rate-limit login attempts and passwords are stored properly, this incident has involved the use of nearly 40K unique IP addresses,” Tuesday night’s advisory stated. “These addresses were used to slowly brute force weak passwords or passwords used on multiple sites. We are working on additional rate-limiting measures to address this. In addition, you will no longer be able to login to GitHub.com with commonly used weak passwords.” Read 3 remaining paragraphs | Comments        

See the article here:
GitHub resets user passwords following rash of account hijack attacks

Feds arrest ATM thieves after discovering $800,000 stuffed in a suitcase

Noah Coffey Federal authorities have arrested five more men accused of taking part in a 21st-century bank heist that siphoned a whopping $45 million out of ATMs around the world in a matter of hours. Prosecutors said the men charged on Monday were members of the New York-based cell of a global operation and contributed to the $45 million theft by illegally withdrawing $2.8 million from 140 different ATMs in that city. The arrests came after the defendants sent $800,000 in cash proceeds in a suitcase transported by bus to a syndicate kingpin located in Florida, US Attorney for the Eastern District of New York Loretta E. Lynch said . Photos seized from one defendant’s iPhone showed huge amounts of cash piled on a hotel bed and being stuffed into luggage, she said. The heists took place during two dates in December 2012 and targeted payment cards issued by the National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman respectively. Prosecutors dubbed the heists “unlimited” operations because they systematically removed the withdrawal limits normally placed on debit card accounts. These restrictions work as a safety mechanism that caps the amount of loss that banks normally face when something goes wrong. The operation removed the limits by hacking into two companies that processed online payments for the two targeted banks, prosecutors alleged in earlier indictments. Prosecutors didn’t identify the payment processors except to say that one was in India and the other was in the United States. Read 3 remaining paragraphs | Comments        

Visit link:
Feds arrest ATM thieves after discovering $800,000 stuffed in a suitcase

Password hack of vBulletin.com fuels fears of in-the-wild 0-day attacks

János Pálinkás Forums software maker vBulletin has been breached by hackers who got access to customer password data and other personal information, in a compromise that has heightened speculation there may be a critical vulnerability in the widely used program that threatens websites that use it. “Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password,” vBulletin Technical Support Lead Wayne Luke wrote in a post published Friday evening . “Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password.” The warning came three days after user forums for MacRumors—itself a user of vBulletin—suffered a security breach that exposed cryptographically hashed passwords for more than 860,000 users . When describing the attack, MacRumors Editorial Director Arnold Kim said the compromise in many ways resembled the July hack of the Ubuntu user forums , which also ran on vBulletin. Read 9 remaining paragraphs | Comments        

Read the original:
Password hack of vBulletin.com fuels fears of in-the-wild 0-day attacks

California shuts down 10 “fraudulent” health care websites

This is the real McCoy. Covered California In a move rarely seen by state authorities, California has shut down 10 domain names that the Golden State claims were fraudulent imitations of Covered California, the state’s own version of the Affordable Care Act. On Thursday, the state’s attorney general announced that it had forced 10 domain names to either redirect to the bona fide Covered California website, or to remove their sites entirely. California also sent cease and desist letters to the operators of those sites. As California’s attorney general, Kamala Harris, wrote in a statement : Read 5 remaining paragraphs | Comments        

Read the original post:
California shuts down 10 “fraudulent” health care websites

Android 4.4 KitKat, thoroughly reviewed

After three Jelly Bean releases in a row, Google has unleashed a major revision to the world’s most widely used operating system. With the  Nexus 5  comes Android 4.4 “KitKat.” KitKat brings a ton of enhancements: support for hidden system and status bars, printer support, and lower memory usage. It also has a number of user-level improvements, including a new dialer, a Google-infused home screen, and a whole pile of UI refinements. The lower memory usage is particularly important because Google hopes this is the feature that will finally kill Gingerbread and other older versions of Android. Ice Cream Sandwich raised the system requirements for Android quite a bit, and to this day you still see lower-end phones shipping with Gingerbread because of the lower barrier to entry. Unfortunately, the only device that currently runs KitKat is the Nexus 5, which has a whopping 2GB of RAM, so there isn’t much memory testing that we can do right now. We’ll have to wait for actual low-memory hardware running KitKat to evaluate any of the low-memory requirement claims. We  can   take a look at just about everything else, though. We believe KitKat is the biggest Android release since Ice Cream Sandwich. Google has touched nearly every part of the OS in some way, so there’s a lot to cover. Read 47 remaining paragraphs | Comments        

See more here:
Android 4.4 KitKat, thoroughly reviewed

Meteorite impacts capture time capsules of the ecosystems they destroy

Sites like this can be searched for glass beads that reveal the past. rickmach Meteorite impacts can be very destructive. A meteorite that fell in Mexico around 66 million years ago created a 180 km crater and caused the extinction of non-avian dinosaurs while spewing debris and molten rock into the air. Now, in what is a fascinating tale of serendipity, researchers have found that these events don’t entirely destroy all traces of life at the site of impact. Molten rocks can capture and preserve organic matter as they cool down to form glass beads. When a meteor enters Earth’s atmosphere, the friction causes it to heat up, scorching everything in its path. Most of the time that’s where the story ends, as the meteor burns up in the sky as a “shooting star.” But sometimes it’s big enough to reach all the way to the surface and transfer its remaining energy to the ground. This energy is dissipated as mild earthquakes and sound shockwaves—but mostly as heat. The heat energy can be so great that it melts rocks on the surface and hurls them up in the atmosphere. Anything that comes in contact with this molten rock would presumably get burnt, leaving nothing but rocky material that cools down in the atmosphere, forming glass beads and tektites (gravel-sized natural glass). This is what City University of New York researcher Kieren Howard assumed, but he was able to show that his assumptions were wrong. Read 12 remaining paragraphs | Comments        

More:
Meteorite impacts capture time capsules of the ecosystems they destroy

Hack of MacRumors forums exposes password data for 860,000 users

MacRumors MacRumors user forums have been breached by hackers who may have acquired cryptographically protected passwords belonging to all 860,000 users, one of the top editors of the news website said Tuesday evening. “In situations like this, it’s best to assume that your MacRumors Forum username, e-mail address and (hashed) password is now known,” Editorial Director Arnold Kim wrote in a short advisory . He went on to advise users to change their passwords for their MacRumors accounts and any other website accounts that were protected by the same passcode. The MacRumors intrusion involved “a moderator account being logged into by the hacker who then was able to escalate their privileges with the goals of stealing user login credentials,” Kim said. The company is still investigating how the attacker managed to compromise the privileged account. Read 5 remaining paragraphs | Comments        

Follow this link:
Hack of MacRumors forums exposes password data for 860,000 users

Cisco-threatening open switch coming from Facebook, Intel, and Broadcom

Cisco Nexus switches. pchow98 Six months ago, Facebook announced that its Open Compute Project (OCP) would develop a top-of-rack switch that could boot nearly any type of networking software. With the help of Intel, Broadcom, and others, the consortium devoted to open hardware specifications would develop a rival to Cisco’s network hardware. Today, Facebook and friends described the first tangible steps they’ve taken toward reaching that goal. Intel, Broadcom, Mellanox, and Cumulus Networks have contributed specs and software that bring the Open Compute Project closer to a finished switch design. Frank Frankovsky, VP of hardware design and supply chain operations at Facebook and head of the Open Compute Project, announced the latest developments in a blog post and conference call with reporters today. Frankovsky says the project is on track to “help software-defined networking continue to evolve and flourish,” since open source software-defined networking systems could be installed on Open Compute switches. Read 11 remaining paragraphs | Comments        

More:
Cisco-threatening open switch coming from Facebook, Intel, and Broadcom

Bigger than Google Fiber: LA plans citywide gigabit for homes and businesses

Hollywood Boulevard in Los Angeles. Diliff Los Angeles is about to unleash one of the most ambitious city-led broadband projects to date, with the goal of bringing fiber to all of its 3.5 million residents and all businesses. Next month, the city plans to issue an RFP (request for proposals) “that would require fiber to be run to every residence, every business, and every government entity within the city limits of Los Angeles,” Los Angeles Information Technology Agency GM Steve Reneker told Ars today. The City Council this morning unanimously voted to move forward with drafting the RFP and will vote again in a few weeks to determine whether it’s ready for release, he said. LA expects the fiber buildout to cost $3 billion to $5 billion, but the cost would be borne by the vendor. “The city is going into it and writing the agreement, basically saying, ‘we have no additional funding for this effort.’ We’re requiring the vendors that respond to pay for the city resources needed to expedite any permitting and inspection associated with laying their fiber,” Reneker said. “If they’re not willing to do that, our City Council may consider a general fund transfer to reimburse those departments, but we’re going in with the assumption that the vendor is going to absorb those up-front costs to make sure they can do their buildout in a timely fashion.” Read 10 remaining paragraphs | Comments        

More:
Bigger than Google Fiber: LA plans citywide gigabit for homes and businesses

Acer CEO resigns on the back of $446 million quarterly loss

Soon-to-not-be CEO J.T. Wang. Acer Acer has issued a statement this morning reporting that Acer CEO J.T. Wang has resigned following news of the company’s significant $446 million loss during the third quarter of 2013. Wang will continue in his role as Acer’s chairman for another seven months, but he will be handing over the CEO reins to Acer President Jim Wong at the start of 2014. Acer’s financial beatdown was announced last Tuesday along with the rest of its Q3 results. It’s the second quarter in a row of losses for the PC OEM; Q2 in August ended with a $11.4 million loss where many analysts had expected at least some profit. According to GigaOm , an additional (Chinese) statement issued by Acer blames “the gross margin impact of gearing up for the Windows 8.1 sell-in and the related management of inventory.” As Microsoft Editor Peter Bright showed yesterday , though, Windows 8.1 hasn’t necessarily exploded out of the gate, and tying significant amounts of money up around the operating system’s launch doesn’t appear to have served Acer very well. Most OEMs see sales dips in Q2 and Q3 before the holiday-saddled Q4 pushes sales back up, but Acer’s numbers paint a particularly dismal picture: the company saw a 35 percent drop in sales from the same quarter last year. Read 1 remaining paragraphs | Comments        

Continued here:
Acer CEO resigns on the back of $446 million quarterly loss