yorker-vanity – Page 73

To prevent hacking, disable Universal Plug and Play now

Security experts are advising that a networking feature known as Universal Plug and Play be disabled on routers, printers, and cameras, after finding it makes tens of millions of Internet-connected devices vulnerable to serious attack. UPnP, as the feature is often abbreviated, is designed to make it easy for computers to connect to Internet gear by providing code that helps devices automatically discover each other over a local network. That often eliminates the hassle of figuring out how to configure devices the first time they’re connected. But UPnP can also make life easier for attackers half a world away who want to compromise a home computer or breach a business network, according to a white paper published Tuesday by researchers from security firm Rapid7. Over a five-and-a-half-month period last year, the researchers scanned every routable IPv4 address about once a week. They identified 81 million unique addresses that responded to standard UPnP discovery requests, even though the standard isn’t supposed to communicate with devices that are outside a local network. Further scans revealed 17 million addresses exposed UPnP services built on the open standard known as SOAP, short for simple object access protocol. By broadcasting the service to the Internet at large, the devices can make it possible for attackers to bypass firewall protections. Read 5 remaining paragraphs | Comments

Review: Microsoft Office 365 Home Premium Edition hopes to be at your service

Office 365 Home Premium Edition’s lineup of software, ready to stream to your PC today. Today, Microsoft releases Office 2013—the first full release of Microsoft’s latest-generation productivity suite for consumers. Office 2013 has already made a partial debut on Microsoft’s Windows RT tablets, though RT users will get a (slight) refresh with the full availability of the suite. The company gave consumers an open preview of Office last summer, which we reviewed in depth at the time of the suite’s announcement. So there aren’t any real surprises in the final versions of the applications being releasing today, at least as far as how they look and work. Today’s release, however, marks the first general availability of Microsoft’s new subscription model under the Office 365 brand the company has used for its hosted mail and collaboration services for businesses. While the applications in Office are being offered in a number of ways, Microsoft is trying hard to steer consumer customers to Office 365 Home Premium Edition, a service-based version of the suite that will sell for $100 a year. And just as Windows 8’s app store started to fill up as the operating system approached release, the same is true of Office’s own app store—an in-app accessible collection of Web-powered functionality add-ons for many of the core Office applications based on the same core technologies (JavaScript and HTML5) that power many of Windows 8’s interface-formerly-known-as-Metro apps. Now, the trick is getting consumers to buy into the idea of Office as a subscription service and embracing Microsoft’s Office “lifestyle,” instead of something they buy once and hold onto until their computers end up in the e-waste pile. Read 28 remaining paragraphs | Comments

Visit site:
Review: Microsoft Office 365 Home Premium Edition hopes to be at your service

Grammar badness makes cracking harder the long password

Comparison of the size of password search space when treating the password as a sequence of characters or words, or as words generated by grammatical structure. Rao,et al. When it comes to long phrases used to defeat recent advances in password cracking, bigger isn’t necessarily better, particularly when the phrases adhere to grammatical rules. A team of Ph.D. and grad students at Carnegie Mellon University and the Massachusetts Institute of Technology have developed an algorithm that targets passcodes with a minimum number of 16 characters and built it into the freely available John the Ripper cracking program. The result: it was much more efficient at cracking passphrases such as “abiggerbetter password” or “thecommunistfairy” because they followed commonly used grammatical rules—in this case, ordering parts of speech in the sequence “determiner, adjective, noun.” When tested against 1,434 passwords containing 16 or more characters, the grammar-aware cracker surpassed other state-of-the-art password crackers when the passcodes had grammatical structures, with 10 percent of the dataset cracked exclusively by the team’s algorithm. The approach is significant because it comes as security experts are revising password policies to combat the growing sophistication of modern cracking techniques which make the average password weaker than ever before . A key strategy in making passwords more resilient is to use phrases that result in longer passcodes. Still, passphrases must remain memorable to the end user, so people often pick phrases or sentences. It turns out that grammatical structures dramatically narrow the possible combinations and sequences of words crackers must guess. One surprising outcome of the research is that the passphrase “Th3r3 can only b3 #1!” (with spaces removed) is one order of magnitude weaker than “Hammered asinine requirements” even though it contains more words. Better still is “My passw0rd is $uper str0ng!” because it requires significantly more tries to correctly guess. Read 9 remaining paragraphs | Comments

View article:
Grammar badness makes cracking harder the long password

All backscatter “pornoscanners” to be removed from US airports

Bloomberg is reporting that the TSA will be removing all of the remaining backscatter X-ray machines from US airports. The removal isn’t because of health concerns—instead, the machines’ manufacturer, Rapiscan Systems , failed to meet a US Congress-imposed deadline for altering the machines’ software to produce “generic passenger images,” according to the report. TSA assistant administer for acquisitions Karen Shelton Waters, speaking on behalf of the agency, noted that Rapiscan Systems would absorb the cost for the scanners’ removal, and that the removal is unrelated to Rapiscan’s alleged falsification of the machines’ abilities to protect passengers’ privacy. Nor does the removal appear to be related to ongoing questions about the safety of the backscatter X-ray technology. The CEO of OSI systems, Rapiscan’s parent company, says that rather than pitching the expensive machines into the garbage bin, the TSA will be relocating them to other government agencies. In total, there are 174 Rapiscan backscatter X-ray machines that will be pulled from airports and relocated, on top of the 76 that were removed last year. Read 1 remaining paragraphs | Comments

Excerpt from:
All backscatter “pornoscanners” to be removed from US airports

Metamaterials perform image compression before light reaches the sensor

This metamaterial is the aperture of the new microwave imaging device. John Hunt Add image compression to the list of nifty applications for metamaterials. Metamaterials guide light waves to create “ invisibility cloaks ” and bend sound waves to make theoretical noise reduction systems for urban areas. But these materials are tuned to particular wavelengths; some invisibility cloaks don’t work at all visible wavelengths because they leak those wavelengths of light. Now researchers have capitalized on that leakiness to build a new functional device: a microwave imaging system that compresses an image as it’s being collected—not afterward as our digital cameras do. Every pixel in a picture from our digital cameras corresponds to a pixel of information recorded on the detector inside the camera. Once a camera collects all the light intensity information from a scene, it promptly discards some of it and compresses the data into a JPEG file (unless you explicitly tell it to save raw data). You still end up with a decent picture, though, because most of the discarded data was redundant. Compressive sensing aims to ease this process by reducing the amount of data collected in the first place. One way to do this is with a single pixel camera , developed in 2006. These devices capture information from random patterns of pixels around the image, essentially adding the light intensity values of several pixels together. If you know something about the structure of that image—say clusters of bright stars set against a dark sky—you’ll be able to capture that image with fewer measurements than a traditional camera. Read 8 remaining paragraphs | Comments

More:
Metamaterials perform image compression before light reaches the sensor

Is Dell looking to kill PCs with “Project Ophelia”?

Dell’s Project Ophelia: an Android-based thin client that you can put in your pocket for around $50, eventually. Dell Dell is reportedly investigating a move to take the company private in a leveraged buy-out to clear the decks for a radical repositioning of the company. And according to a report from Atlantic Media’s Quartz , that includes relaunching Dell’s desktop and mobile business around a brand-new product: a computing device the size of a thumb-drive that will sell for about $50. Dell announced its pocket client PC, called ” project Ophelia ,” on January 8, and demonstrated it at CES. Developed by Dell’s Wyse unit, Ophelia uses a Mobile High-Definition Link (MHL) to draw power to boot from an HDTV display, or it can be powered off a USB port. It has integrated Bluetooth and Wi-Fi capability for connecting to a keyboard, a mouse, and the network, and it runs the Android 4.1 (Jelly Bean) operating system with all of the functionality of a tablet. It can also be used to power virtual instances of other desktop operating systems on a remote server or in the cloud. In other words, it’s a fusion of Wyse’s thin client technology modeled after the capabilities of a Google Chromebook—except it can be carried in a pocket. The main drawbacks are that few HDTVs currently support MHL—though such support can be found in a number of Dell flat-panel displays. Read 2 remaining paragraphs | Comments

Read the original post:
Is Dell looking to kill PCs with “Project Ophelia”?

New report shows Congress’ favorite BitTorrent downloads

Congress has become gun-shy about putting together Internet-related legislation after the attempt to pass SOPA generated unprecedented public outrage, but Internet piracy is still on its radar. Still, it turns out that digital copies of pirated movies and TV shows aren’t just the subject of committee debates on Capitol Hill—they’re also being downloaded onto Capitol Hill computers. A post today in US News & World Report’s tech blog published new information from anti-piracy forensics company ScanEye , a company that offers BitTorrent monitoring services in the name of fighting piracy. The ScanEye report [ PDF ] shows apparently pirated movie files being downloaded via IP addresses associated with the US House of Representatives. Congressional employees downloaded episodes of Glee , CSI , Dexter , and Home and Away in October and early November. There are more TV episodes downloaded than movies, but the report also shows downloads of films, such as Iron Sky , which was downloaded by a Congress-owned computer on Oct. 4; Life of Pi , downloaded on Oct. 27; and the Dark Knight Rises , downloaded on Oct. 25. Another download listed is Bad Santa 2 , a movie which has not been released yet. Read 1 remaining paragraphs | Comments

Microsoft releases emergency update to patch Internet Explorer bug

Microsoft has released an emergency update to patch a security vulnerability in Internet Explorer that is being exploited in attacks aimed at government contractors and other targeted organizations. The patch fixes a “use after free” bug in versions 6, 7, and 8 of the Microsoft browser and will be automatically installed on affected machines that have automatic updating enabled, Dustin Childs, the Group Manager of the company’s Trustworthy Computing program wrote in a blog post published Monday . The unscheduled release comes just six days after Microsoft’s most recent monthly Patch Tuesday batch of security updates, but it was pushed out to counter an experienced gang of hackers who have infected websites frequented by government contractors to exploit the vulnerability. Monday’s update came hours after Oracle released an unscheduled patch to fix a critical vulnerability in its Java software framework. As Ars reported last week , the zero-day Java exploits were added to a variety of exploit kits that criminals use to turn compromised websites into platforms for silently installing keyloggers and other malware on the machines of unsuspecting visitors. Read 3 remaining paragraphs | Comments

Originally posted here:
Microsoft releases emergency update to patch Internet Explorer bug

Fastest Wi-Fi ever is almost ready for real-world use

Wilocity’s wireless chips allow 4.6Gbps transmission over the 60GHz band. Wilocity In a quiet suite removed from the insanity of the Consumer Electronics Show expo floor, a company aiming to build the fastest Wi-Fi chips in the world demonstrated its vision of wireless technology’s future. On one desk, a laptop powered a two-monitor setup without any wires. At another, a tablet playing an accelerometer-based racing game mirrors its screen in high definition to another monitor. Across the room, a computer quickly transfers a 3GB file from a wireless router with built-in storage. The suite was set up in the Las Vegas Hotel by Wilocity , a chip company specializing in wireless products using 60GHz transmissions, which are far faster than traditional Wi-Fi. Avoiding the show floor is a good idea if you’re worried about Internet connectivity, because thousands of vendors are clogging the pipes. But that’s not why Wilocity was here—they’d be able to perform the demo even in the busiest parts of CES without interference because they’re not relying on the congested bands used by regular Wi-Fi. Read 24 remaining paragraphs | Comments

Read the original post:
Fastest Wi-Fi ever is almost ready for real-world use

Amazon AutoRip: How the labels held back progress for 14 years

Michael Robertson Gabe Lawrence When Michael Robertson heard news of AutoRip , the new Amazon service that automatically adds high-quality MP3s to Cloud Player when you buy a CD, he must have had a sense of deja vu. After all, the entrepreneur introduced a similar service way back in 1999. Unfortunately, it wasn’t licensed by the recording industry, and they sued it out of existence. He tried again with a licensed service in 2007, but only one label would cut a deal and the company failed to gain traction. In a Friday interview with Ars Technica, Robertson told us that the major labels’ decision to license AutoRip represents a sea change in their attitudes toward cloud music services. Until the last couple of years, the labels were relentlessly hostile to the idea that consumers should have the freedom to store DRM-free music online. But a series of business failures and legal defeats forced the labels to face reality. And so fourteen years after Robertson first floated the concept, consumers finally have the freedom to instantly get an MP3 when they buy a CD online. Robertson’s first company, MP3.com was one of the hottest startups in Silicon Valley when it launched what we would now call a cloud music service, My.MP3.com, in 1999. The service included a feature called “Beam-It” that allowed users to instantly stock their online lockers with music from their personal CD collections. Read 11 remaining paragraphs | Comments

See the original post:
Amazon AutoRip: How the labels held back progress for 14 years

Ken May

Tag: yorker-vanity