Tag: yorker-vanity

How whitehats stopped the DDoS attack that knocked Spamhaus offline

Unlike Unicast-based networks, Anycast systems use dozens of individual data centers to dilute the effects of distributed denial-of-service attacks. CloudFlare As an international organization that disrupts spam operators, the Spamhaus Project has made its share of enemies. Many of those enemies possess the Internet equivalent of millions of water cannons that can be turned on in an instant to flood targets with more traffic than they can possibly stand. On Tuesday, Spamhaus came under a torrential deluge—75 gigabits of junk data every second—making it impossible for anyone to access the group’s website (the real-time blacklists that ISPs use to filter billions of spam messages were never effected). Spamhaus quickly turned to CloudFlare, a company that secures websites and helps mitigate the effects of distributed denial-of-service attacks. This is a story about how the attackers were able to flood a single site with so much traffic, and the way CloudFlare blocked it using a routing methodology known as Anycast. Read 8 remaining paragraphs | Comments

View article:
How whitehats stopped the DDoS attack that knocked Spamhaus offline

Finally, Feds say cops’ access to your e-mail shouldn’t be time-dependent

“When ECPA was enacted, e-mail was primarily a means of communicating information, not storing it,” said Sen. Mike Lee (R-UT) on Tuesday in a statement. Ed Yourdon On Tuesday, the Department of Justice acknowledged for the first time that the notion that e-mail more than 180 days old should require a different legal standard is outdated. This marked shift in legal theory, combined with new House subcommittee hearings and new Senate legislation, might just actually yield real, meaningful reform on the  much-maligned Electronic Communications Privacy Act . It’s an act, by the way, that dates back to 1986. As Ars’ Tim Lee wrote  in November 2012, “ECPA requires a warrant to obtain freshly sent e-mail before it’s been opened by the recipient. But once an e-mail has been opened, or once it has been sitting in the recipient’s e-mail box for 180 days, a lower standard applies. These rules simply don’t line up with the way modern e-mail systems work.” Read 14 remaining paragraphs | Comments

More:
Finally, Feds say cops’ access to your e-mail shouldn’t be time-dependent

911 tech pinpoints people in buildings—but could disrupt wireless ISPs

NextNav’s enhanced 911 technology locates people within buildings—but may interfere with millions of existing devices. NextNav Cell phones replacing landlines are making it difficult to accurately locate people who call 911 from inside buildings. If a person having a heart attack on the 30th floor of a giant building can call for help but is unable to speak their location, actually finding that person from cell phone and GPS location data is a challenge for emergency responders. Thus, new technologies are being built to accurately locate people inside buildings. But a system that is perhaps the leading candidate for enhanced 911 geolocation is also controversial because it uses the same wireless frequencies as wireless Internet Service Providers, smart meters, toll readers like EZ-Pass, baby monitors, and various other devices. NextNav , the company that makes the technology, is seeking permission from the Federal Communications Commission to start commercial operations. More than a dozen businesses and industry groups oppose NextNav (which holds FCC licenses through a subsidiary called Progeny), saying the 911 technology will wipe out devices and services used by millions of Americans. Read 37 remaining paragraphs | Comments

Read this article:
911 tech pinpoints people in buildings—but could disrupt wireless ISPs

Most PC security problems come from unpatched third-party Windows apps

If you’ve got 99 security problems, odds are Microsoft’s not one—or at least it’s just a minority of them. In its annual review of software vulnerabilities , security software firm Secunia found that 86 percent of vulnerabilities discovered on systems scanned by its software in the 50 most popular Windows software packages in 2012 were attributable to third-party developers and not to Microsoft’s Windows operating system or applications. And for most of these vulnerabilities, a patch was already available at the time they were discovered. Of the top 50 most used Windows packages—including the Windows 7 operating system itself, 18 were found to have end-point security vulnerabilities, a 98 percent increase over five years ago. Of those 18 packages, Google’s Chrome and the Mozilla Firefox browser were the biggest culprits, with 291 and 257 detected vulnerabilities respectively. Apple iTunes came in third, with 243 detected vulnerabilities. The remainder of the top ten offenders were: Adobe Flash Player: 67 Oracle Java JRE SE: 66 Adobe AIR: 56 Microsoft Windows 7: 50 Adobe Reader: 43 Microsoft Internet Explorer: 41 Apple Quicktime: 29 Of the vulnerabilities documented in Secunia’s database, 84 percent had already been patched by vendors when they were discovered on systems. “This means that it is possible to remediate the majority of vulnerabilities,” said Secunia Director of Product Management Morten R. Stengaard. “There is no excuse for not patching.” Read on Ars Technica | Comments

View original post here:
Most PC security problems come from unpatched third-party Windows apps

Dropbox 2.0 brings functional drop-down menus to Mac and Windows

Dropbox for Mac received an update to version 2.0 on Tuesday, bringing with it a number of UI upgrades to the desktop. The most noticeable difference is the revamped and prettified drop-down interface, which now allows you to accept or decline sharing requests right from the menu instead of requiring a trip to the website. The new drop-down interface also displays a list of recently updated files from across your Dropbox-enabled devices, and it gives easy access to both sync settings and the Dropbox website. This is a small but significant change to the way the menu item previously functioned. In the past, there was not much functionality there, but now it’s a place where the user might actually go in order to see which files are being synced. Additionally, the new menu interface makes for much easier file or folder sharing. Select the item in the menu that you want to share and a “Share” button pops up on the right. Clicking it still takes you to the Dropbox website in order to invite other users, but it’s a start in making the desktop software a little more usable. Read 1 remaining paragraphs | Comments

Visit link:
Dropbox 2.0 brings functional drop-down menus to Mac and Windows

ID thieves “dox” Joe Biden, Jay-Z, Michelle Obama, and dozens more

The front page of exposed.su. Identity thieves have posted social security numbers, credit information, and other sensitive data belonging to more than a dozen politicians and celebrities. It’s a list that includes Vice President Joe Biden, FBI Director Robert Mueller, former Secretary of State Hillary Clinton, rapper Jay Z, and actor and director Mel Gibson. The website, exposed.su, surfaced on Monday with birth dates, telephone numbers, home addresses, and in some cases credit reports for a handful of politicians and celebrities. Throughout the past 24 hours the site has published details on additional individuals. Social security numbers for Mueller, Jay-Z, and Gibson appeared to be valid, the Associated Press reported . Los Angeles Police Chief Charlie Beck, whose information was also posted on the site, hasn’t challenged the accuracy, either. Still, other journalists wrote that phone numbers purportedly belonging to former California Governor Arnold Schwarzenegger and actor Ashton Kutcher reportedly went to a movie production company and a New York-based accounting firm respectively. The site included the image of a gaunt young woman with black circles around her eyes and an index finger in front of her lips. It was headed by a quote from the Showtime TV series Dexter , in which the title character says, “If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve.” The site included an embarrassing or humorous photo related to each individual whose information was disclosed. The act of publicly documenting the private details of people is known as “doxxing,” and it came into vogue a few years ago with the growing visibility of the Anonymous hacking collective. Read 2 remaining paragraphs | Comments

Read the original post:
ID thieves “dox” Joe Biden, Jay-Z, Michelle Obama, and dozens more

EA not altering return policy for furious SimCity buyers

Aurich Lawson / Thinkstock Electronic Arts has indicated that it will not be altering its usual digital refund policy in the wake of SimCity server issues that have led to access problems and scaled-back features for players that are able to log in, days after the game’s North American release. “In general we do not offer refunds on digital download games,” EA tweeted through its official Origin account yesterday, directing people to the company’s  online policy on returns and cancellations . While downloadable games purchased in North America are not be refunded “as a general policy,” EA does offer a “14-day unconditional guarantee” on any physical product sold through the Origin store. European customers, however, may be able to withdraw their downloadable purchase during a 14-day “Cooling Off period” as outlined on EA’s European return policy page . The recent tweet comes after a message posted to EA’s forums by Community Manager Raven on Tuesday, stating that “[i]f you regrettably feel that we let you down, you can of course request a refund for your order… though we’re currently still in the process of resolving this issue.” That message has now been revised to simply say “please review our refund policy here .” Read 6 remaining paragraphs | Comments

See the article here:
EA not altering return policy for furious SimCity buyers

Bill would force cops to get a warrant before reading your e-mail

Last fall we wrote about how easy it probably was for the FBI to get the e-mails it needed to bring down CIA chief David Petraeus over allegations of infidelity. Under the ancient Electronic Communications Privacy Act, passed in 1986, the police can often obtain the contents of private e-mails without getting a warrant from a judge. A bipartisan group of legislators has introduced a bill to the House of Representatives to change that. The bill would require the police to get warrants before reading users’ e-mails in most circumstances and would also repudiate the view, advanced by the Obama administration last year, that the police can obtain information about the historical location of your cell phone without a warrant. The new legislation , proposed by Rep. Zoe Lofgren (D-CA) and supported by Reps. Ted Poe (R-TX) and Suzan DelBene (D-WA), would extend privacy protections for both e-mail and location privacy. “Fourth Amendment protections don’t stop at the Internet,” Lofgren said in an e-mailed statement. “Establishing a warrant standard for government access to cloud and geolocation provides Americans with the privacy protections they expect, and would enable service providers to foster greater trust with their users and international trading partners.” Read 2 remaining paragraphs | Comments

Read the original:
Bill would force cops to get a warrant before reading your e-mail

VMware will hate this: Amazon slashes cloud prices up to 28 percent

OH MY GOD, Amazon’s having a FIRE… sale . This is bad for business! 20th Century Fox Television Last week, VMware’s top executives displayed just how worried they are about the competitive threat posed by Amazon’s cloud computing service. With customers able to spin up virtual machines in Amazon data centers, VMware is concerned fewer people will buy its virtualization tools. According to CRN , VMware CEO Pat Gelsinger told service partners at the company’s Partner Exchange Conference that if “a workload goes to Amazon, you lose, and we have lost forever.” VMware COO Carl Eschenbach jumped on the Amazon theme, saying, “I look at this audience, and I look at VMware and the brand reputation we have in the enterprise, and I find it really hard to believe that we cannot collectively beat a company that sells books.” Given VMware’s view of Amazon, Gelsinger and Eschenbach won’t like the latest news from the “bookseller,” which also happens to be a large IT services provider. Amazon today announced price reductions of up to 27.7 percent for Elastic Compute Cloud Reserved Instances running Linux/UNIX, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server. Reserved instances requiring up-front payments already provide discounts over “on-demand instances,” which can be spun up and down at will. Using reserved instances requires a little more advance planning to make sure you get the most bang for your buck—although customers who buy more than they need can sell excess capacity on Amazon’s Reserved Instance Marketplace . Read 7 remaining paragraphs | Comments

Continue Reading:
VMware will hate this: Amazon slashes cloud prices up to 28 percent

Trigger word: e-mail monitoring gets easy in Office 365, Exchange

I’m in ur email, watching ur filez. Diana Dee Sophia Exchange 2013 and Office 365 include a new feature that can peek into e-mail messages and enclosed documents, then flag them, forward them, or block them entirely based on what it finds. This sort of data loss prevention technology has become increasingly common in corporate mail systems. But its inclusion as a feature in Office 365’s cloud service makes it a lot more accessible to organizations that haven’t had the budget or expertise to monitor the e-mail lives of their employees. As we showed in our review of the new Office server platforms , the data loss prevention feature of Microsoft’s new messaging platforms can detect things like credit card numbers, social security numbers, and other content that has no business travelling by e-mail.  Because of how simple it is to configure rules for Microsoft’s DLP and security features, administrators will also have the power to do other sorts of snooping into what’s coming and going from users’ mailboxes. Unfortunately, depending on the mix of mail servers in your organization—or which Exchange instances you happen to hit in the O365 Azure cloud—they may not work all the time. And they won’t help defeat someone determined to steal data via e-mail. Read 9 remaining paragraphs | Comments

Read More:
Trigger word: e-mail monitoring gets easy in Office 365, Exchange