Tag: wired

DoS attacks that took down big game sites abused Web’s time-sync protocol

69 percent of all DDoS attack traffic by bit volume in the first week of January was the result of NTP reflection. Black Lotus Miscreants who earlier this week took down servers for League of Legends, EA.com, and other online game services used a never-before-seen technique that vastly amplified the amount of junk traffic directed at denial-of-service targets. Rather than directly flooding the targeted services with torrents of data, an attack group calling itself DERP Trolling sent much smaller-sized data requests to time-synchronization servers running the Network Time Protocol (NTP). By manipulating the requests to make them appear as if they originated from one of the gaming sites, the attackers were able to vastly amplify the firepower at their disposal. A spoofed request containing eight bytes will typically result in a 468-byte response to victim, an increase of more than 58 fold. “Prior to December, an NTP attack was almost unheard of because if there was one it wasn’t worth talking about,” Shawn Marck, CEO of DoS-mitigation service Black Lotus , told Ars. “It was so tiny it never showed up in the major reports. What we’re witnessing is a shift in methodology.” Read 4 remaining paragraphs | Comments

More:
DoS attacks that took down big game sites abused Web’s time-sync protocol

Researchers warn of new, meaner ransomware with unbreakable crypto

Security researchers have uncovered evidence of a new piece of malware that may be able to take gigabytes’ worth of data hostage unless end users pay a ransom. Discussions of the new malware, alternately dubbed PrisonLocker and PowerLocker, have been occurring on underground crime forums since November, according to a blog post published Friday by Malware Must Die, a group of researchers dedicated to fighting online crime. The malware appears to be inspired by CryptoLocker, the malicious software that wreaked havoc in October when it used uncrackable encryption to lock up victims’ computer files until they paid hundreds of dollars for the decryption key. PowerLocker could prove an even more potent threat because it would be sold in underground forums as a DIY malware kit to anyone who can afford the $100 for a license, Friday’s post warned. CryptoLocker, by contrast, was custom built for use by a single crime gang. What’s more, PowerLocker might also offer several advanced features, including the ability to disable the task manager, registry editor, and other administration functions built into the Windows operating system. Screen shots and online discussions also indicate the newer malware may contain protections that prevent it from being reverse engineered when run on virtual machines. Read 1 remaining paragraphs | Comments

View original post here:
Researchers warn of new, meaner ransomware with unbreakable crypto

Facebook sued for allegedly making private messages into public “likes”

With all the pieces of my master plan falling into place, Ars will soon be silly with Likes. Facebook is being sued by two users for intercepting the “content of the users’ communications,” including private messages, with the intent to “mine user data and profit from those data by sharing them with third parties—namely, advertisers, marketers, and other data aggregators.” The plaintiffs argue in a December 30 class action complaint that Facebook’s use of the word “private” in relation to its messaging system is misleading, given the way the company treats the info contained within those messages. Many of the allegations in this case are based on research done in 2012 by the Wall Street Journal  for a series of articles about digital privacy. Facebook is far from the first company to use private messages to mint money. Gmail continues to be dinged for creating text ads based off of the content of e-mails  ten years after the ads were first introduced. (And Gmail has been sued for that, too.) This is from 2010, but without the “with” that is no doubt just beyond the crop, it’s still relevant. MoneyBlogNewz Facebook goes to lengths to clearly distinguish its messaging feature as “private,” even calling it “unprecedented” in terms of the privacy controls, the filing alleges. “Facebook never intended to provide this level of confidentiality. Instead, Facebook mines any and all transmissions… in order to gather any and all morsels of information it can about its users.” Read 6 remaining paragraphs | Comments

Visit site:
Facebook sued for allegedly making private messages into public “likes”

Windows 8.x breaks 10 percent, Internet Explorer 11 makes a splash

Net Market Share In 2013, Internet Explorer reversed some of its historic losses, Google released of Chrome for Android, and Windows 8 surpassed OS X and Windows Vista to become the third most widely used desktop operating system. Net Market Share Net Market Share Compared to last month, Internet Explorer actually fell slightly, declining by 0.45 points. Firefox, Safari, and Opera also fell, down 0.19, 0.08, and 0.06 points, respectively. The month’s winner was Chrome, which picked up 0.78 points. Over the course of the entire year, Internet Explorer was up 3.14 points on 2012. Firefox was down 1.47 points. Chrome was also down by 1.82 points. Safari rose 0.58 points. Read 9 remaining paragraphs | Comments

Read this article:
Windows 8.x breaks 10 percent, Internet Explorer 11 makes a splash

Wii U gamepad hacked, reverse engineered to stream from a PC

Reverse engineering the Wii U gamepad was non-trivial. libdrc The Wii U’s tablet controller isn’t moving as many consoles as Nintendo might like, but the technology itself is still interesting enough to draw the attention of the hacker community. Engadget reports that the libdrc team gave a presentation at the Chaos Communication Congress explaining how it managed to hack the Wii U’s gamepad to communicate with and stream content from a standard Linux PC. The full talk is available in video form here . The 64-slide deck describes the many, many hoops the team had to jump through to get the gamepad working—dumping the gamepad’s firmware helped the team reverse-engineer the Wi-Fi encryption system, at which point the team also needed to reverse-engineer the protocols Nintendo is using to stream video, audio, and input data. The team included a screenshot of an emulated  Final Fantasy VII  in its deck to prove that the software works and was also able to get the GameCube version of The Legend of Zelda:  Wind Waker working live onstage. While the project is, at this point, “very buggy” and “not meant for end users,” the team thinks that the project is “a good prototype that can be improved on.” The team also wants to add the ability to pair other tablets with the Wii U, to port the project to Windows and to OS X, and to make it possible to stream things to the gamepad over the Internet. It may be some time before the layperson can take advantage of the libdrc team’s work, but even as an early alpha the project is an interesting proof-of-concept. Read on Ars Technica | Comments

View article:
Wii U gamepad hacked, reverse engineered to stream from a PC

Apple’s incremental 2013—and what to expect in 2014

The trouble with the Apple beat is that everyone wants it to be as exciting and newsworthy as it was in 2007 when Apple announced the iPhone, or in 2010 when the original iPad dropped. Among both the tech press and enthusiasts, Apple is a victim of its own success—every year that the company doesn’t redefine a product category, the pundits get a bit more bored. In 2013, almost every one of Apple’s new hardware and software releases refined something that came before. While that might seem boring to early adopters, Apple continues to be a master of iteration, improving its products in noticeable and useful ways every single year. Here, we’ll look back at everything Apple has put out this year—and what we might expect in 2014. The iPhone Apple put a whole lot of marketing muscle behind the iPhone 5C, which is essentially a year-old phone. Andrew Cunningham In the strictest sense, Apple actually delivered two new iPhones this year: the iPhone 5S and the  iPhone 5C . The 5S was the only truly new one, though—it delivered the expected improvements to the SoC and the camera while introducing a new hardware feature in the form of the TouchID fingerprint sensor. In contrast, the 5C is just an iPhone 5 with slightly upgraded cellular hardware and some colorful plastic. Read 21 remaining paragraphs | Comments

More:
Apple’s incremental 2013—and what to expect in 2014

Efficient set-top boxes to save $1 billion on energy annually by 2017

Today, the US Department of Energy announced an agreement with a diverse group of NGOs that would see significant improvements to a poorly recognized energy sink: the set-top box that receives and controls TV programming. The agreement, while voluntary, commits service providers to using more efficient hardware through to 2017. Although the individual savings will be small, the cumulative impact is massive: a billion dollars in electricity saved by consumers and five million fewer metric tons of carbon dioxide emissions in the atmosphere. The agreement, brokered by the EPA, brings together a diverse coalition of groups. On the environmental side, we have the Natural Resources Defense Council and the Appliance Standards Awareness Project. Representing industry are the Consumer Electronics Association and the National Cable & Telecommunications Association. The American Council for an Energy-Efficient Economy, which gets its funding from a variety of sources (including utilities), was also at the party. The standards they’ve developed will cover all existing delivery methods: telecom, cable, and satellite. It won’t be written into legislation, but an independent third party will verify that hardware meets the agreement’s specifications each year between now and 2017. The exact details of the energy-saving changes aren’t specified in the announcement , but the electronics in the devices can get quite hot, and statements made by Senator Dianne Feinstein (D-CA) suggest that they often remain active even when the television is off. Read 1 remaining paragraphs | Comments        

See more here:
Efficient set-top boxes to save $1 billion on energy annually by 2017

Scientists make exotic chemicals with high-pressure salt

Everything around you is made of elements that scientists have studied in quite some detail over the last 200 years. But all that understanding breaks down when these elements are subjected to high pressure and temperature. Now, using an advanced theoretical understanding and extreme conditions, researchers have converted table salt into exotic chemicals. Salt is made from one part sodium (Na) and one part chlorine (Cl). If somehow salt were transported to the center of the Earth, where the pressure is three million times that on the surface, its crystalline structure would change but the ratio of those two elements would remain the same. Vitali Prakapenka at the University of Chicago and his colleagues wanted to find out what would happen if there were an excess of either sodium or chlorine at such high pressures. Would the ratio between the elements change? “It might,” said Prakapenka, “because chemistry completely changes in such conditions.” If it did, the result would not just be formation of a new compound, but a serious revision of what we think about chemistry. Read 11 remaining paragraphs | Comments        

Excerpt from:
Scientists make exotic chemicals with high-pressure salt

After sailing the domain name seas, Pirate Bay returns to Sweden

Aurich Lawson After nearly two weeks of bouncing its domain name around the globe, The Pirate Bay has returned to its home port. The notorious BitTorrent site originally went from .se to .sx (Sint Maarten), but it didn’t stop there—in recent days, it has shifted from .ac (Ascension Island) to .pe (Peru) to .gy (Guyana). Now, as of Thursday, it’s back to the comforts of .se (Sweden). Neither The Pirate Bay blog nor its Twitter feed offered any explanation. The move to .sx originally took place back in April 2013 when a Swedish prosecutor filed a motion to seize thepiratebay.se, piratebay.se, and thepiratebay.is. The registrar, the Internet Infrastructure Foundation, has said previously that it would only do so after being served by a Swedish court. “Our actions would largely be determined by the contents of the order and the issuing party,” the agency wrote in June 2012. “Accordingly, we will assess the situation on a case-by-case basis if such an order is issued.” Read 3 remaining paragraphs | Comments        

Visit link:
After sailing the domain name seas, Pirate Bay returns to Sweden

Report: Facebook set to finally launch auto-play video ads in news feeds

Caress this chipmunk’s cheeks with your pointer? Facebook wants to know about it. Facebook is due to announce the launch of video advertisements in users’ news feeds on Tuesday, according to The Wall Street Journal , citing anonymous sources. The newspaper added that the new program, which has been anticipated for some time now, is set to launch on Thursday on mobile applications as well as on the desktop browser. The ads apparently are designed to play automatically—a move that is surely bound to irritate many users of the social network. Ad Age reported in September 2013 that Facebook video ads had been originally slated for October 2013, but were then delayed. The Journal , which added that Facebook would charge $2 million per day to let advertisers reach its data-rich user based, noted that a teaser for the Lions Gate film “Divergent” is expected to be one of the first ads. Read 4 remaining paragraphs | Comments        

View article:
Report: Facebook set to finally launch auto-play video ads in news feeds