Forgot your password?

Comment: Common Security Practise (Score 1) 387

by muphin (#47268255) Attached to: Code Spaces Hosting Shutting Down After Attacker Deletes All Data
I believe the owner of the EC2 had 1 single account (root account) when he should have setup 2 factor authentication for such an account and then created separate accounts, this would have prevented his issue using the security policies AWS has in place....
AWS is always targeted and being reliant on a single account for security is negligent.
So you people out there that use AWS, PLEASE don't use the default account, secure it with 2 factor and then create individual accounts for the services, using security policies to allow communication between each other. - from an AWS certified engineer :)

+ - Australian bank NAB's Bitcoin ban a symptom of the digital currency threat ->

Submitted by oztechmuse
oztechmuse (2323576) writes "The move of banks like Australia's NAB to close accounts of businesses trading in Bitcoin is being justified on the basis of risk whereas the more likely motivation is guarding against a currency that threatens their own business. The issue of risk is largely a smoke screen — especially when compared with the $2.1 trillion that is involved in crime globally — most of which goes through the banking system. This compares to the less than $10 billion in total capitalisation of cryptocurrencies."
Link to Original Source

+ - Congressman Introduces Bill Declaring Bitcoin A Currency, Not Property

Submitted by SonicSpike
SonicSpike (242293) writes "Congressman Steve Stockman of the 36th District of Texas is embracing digital currency. He made himself known in the Bitcoin space at the end of last year when he began accepting Bitcoin donations for a Senate campaign.

Last night at the New York City Bitcoin Center, Representative Stockman brought a copy of a bill he’s planning to introduce to the 113th Congress (second session) on the topic of virtual currencies.

Entitled “To change the tax status of virtual currencies from property to currency”, the bill (formally called the Virtual Currency Tax Reform Act) seeks to change how the Internal Revenue Service and other authoritative agencies in the United States views virtual currencies.

As you may recall, the IRS released guidance not long ago indicating that bitcoin and other virtual currency users classify their holdings as property as opposed to currency. For users, this has become rather problematic primarily because by the rules, users would have to keep track of all of their transactions and calculate gains/losses at the end of the year."

+ - Scientist Investigates Most Painful Body Locations for Bee Stings

Submitted by Hugh Pickens DOT Com
Hugh Pickens DOT Com (2995471) writes "Pain is notoriously difficult to quantify. Many pain-rating scales have been developed to bridge the gap between a patient’s perceived pain, and the medical practitioner who is trying to relieve the patient’s pain. One such scale is the Schmidt Sting Pain Index developed when Justin Schmidt judged the painfulness of stings from 78 species of Hymenopter.Schmidt’s 4-point scale ranges from 0, a sting that cannot penetrate the skin, to 4, the most painful insect sting known. Only the bullet ant, Paraponera clavata, and the tarantula hawk, Pepsis grossa, were awarded a painfulness of 4 . Now Rod McPhee reports at the Mirror that Michael Smith – a postgraduate studying bee behavior at Cornell decided to explore how pain affects different body parts by forcing insects to sting him 190 times, literally from head to toe, over five weeks. “We speculated it probably really would hurt to get stung in the testicles. Two days later, by chance, I did get stung there. But I was really surprised that it didn’t hurt as much as I thought it would.” Smith, who previously studied bee-keeping at United World College of the Atlantic, took agitated bees in forceps and applied them to 25 different areas of his body. He then rated the resulting pain from zero to ten. The results? Although his testicles were the fourth worst place to be stung – with a pain rating of 7.0 – that was only equally as painful as being stung in the palm and the cheek. The penis was only marginally more uncomfortable with a 7.3 rating. His nostril with a rating of 9.0 was the most painful, with the upper lip not far behind on 8.7. “If you’re stung in the nose and the penis, you’re going to want more stings to the penis, over the nose –if you’re forced to choose. There’s definitely no crossing of wires of pleasure and pain down there. It’s painful. Getting stung on the nose is a whole body experience. Your body really reacts. You’re sneezing and wheezing and snot is just dribbling out. It’s electric and pulsating.""

+ - MtGox's "Transaction Malleability" claim dismissed by researchers->

Submitted by Martin S.
Martin S. (98249) writes "The Register reports on a paper Arxiv (abstract below) by Christian Decker and Roger Wattenhofer analyse a year's worth of Bitcoin activity to reach their conclusion.

The Abstract claims

In Bitcoin, transaction malleability describes the fact that the signatures that prove the ownership of bitcoins being transferred in a transaction do not provide any integrity guarantee for the signatures themselves. This allows an attacker to mount a malleability attack in which it intercepts, modifies, and rebroadcasts a transaction, causing the transaction issuer to believe that the original transaction was not confirmed. In February 2014 MtGox, once the largest Bitcoin exchange, closed and filed for bankruptcy claiming that attackers used malleability attacks to drain its accounts. In this work we use traces of the Bitcoin network for over a year preceding the filing to show that, while the problem is real, there was no widespread use of malleability attacks before the closure of MtGox. "

Link to Original Source

+ - Geologists Warned of Washington State Mudslides for Decades

Submitted by Hugh Pickens DOT Com
Hugh Pickens DOT Com (2995471) writes "The Seattle Times reports that since the 1950s, geological reports on the hill that buckled last weekend killing at least 17 residents in Snohomish County in Washington State have included pessimistic analyses and the occasional dire prediction. But no language seems more prescient than what appears in a 1999 report filed warning of “the potential for a large catastrophic failure.” Daniel Miller, a geomorphologist, documented the hill’s landslide conditions in a report written in 1997 for the Washington Department of Ecology and the Tulalip Tribes. Miller knows the hill’s history, having collected reports and memos from the 1950s, 1960s, 1980s and 1990s and has a half-dozen manila folders stuffed with maps, slides, models and drawings, all telling the story of an unstable hillside that has defied efforts to shore it up. That’s why he could not believe what he saw in 2006, when he returned to the hill within weeks of a landslide that crashed into and plugged the North Fork of the Stillaguamish River, creating a new channel that threatened homes on a street called Steelhead Drive. Instead of seeing homes being vacated, he saw carpenters building new ones. “Frankly, I was shocked that the county permitted any building across from the river,” says Miller. “We’ve known that it’s been failing. It’s not unknown that this hazard exists.”

The hill that collapsed is referred to by geologists with different names, including Hazel Landslide and Steelhead Haven Landslide, a reference to the hillside’s constant movement. After the hill gave away in 1949, in '51, in '67, in '88, in 2006, residents referred to it simply as “Slide Hill.” “People knew that this was a landslide-prone area,” says John Pennington. Geomorphologist Tracy Drury said there were discussions over the years about whether to buy out the property owners in the area, but those talks never developed into serious proposals. "“I think we did the best that we could under the constraints that nobody wanted to sell their property and move.""

+ - Judge OKs Class Action Suit Against Apple for E-book Price Fixing

Submitted by Anonymous Coward
An anonymous reader writes "Reuters reports: 'A federal judge in New York granted class certification on Friday to a group of consumers who sued Apple Inc for conspiring with five major publishers to fix e-book prices in violation of antitrust law....The plaintiffs are seeking more than $800 million in damages.' The trial will probably be in July or September. The judge who granted class certification, Denise Cote, ruled in 2013 that Apple was guilty of colluding with other publishers to raise the price of e-books and to force to do the same."

+ - "Piracy is stealing! Piracy is killing the ___ industry!"->

Submitted by hessian
hessian (467078) writes "I asked him how one went about trading software. He looked at me like total noob but he smiled anyway. “See those lists.” he said pointing to 8 foot tall listings of fan-folded paper hanging ceiling to floor behind most of the computers. “Just look down the list, find the disk number, go to the box and take the disk. Then copy it and put it back.”"
Link to Original Source

+ - Australia's Dingo May be Its Own Species-> 1

Submitted by sciencehabit
sciencehabit (1205606) writes "For centuries, scientists have debated whether Australia’s native canine, the dingo, is its own species or merely a type of wolf or dog. Now, based on physical and genetic evidence, a team of scientists is making the case that the dingo is a unique species that deserves protection under Australia’s federal conservation laws. If they can’t convince governments and landholders, the dingo may be doomed."
Link to Original Source

+ - Ferrari Fan page creator ousted by Ferrari, Kid Sues->

Submitted by ganjadude
ganjadude (952775) writes "Sammy Wassem started the Facebook fan page for Ferrari when he was 15 and eventually grew it to over 500,000 followers. In 2009, the company congratulated him on the site's success, but said that "legal issues" forced it to take over the administration, according to Automotive News Europe. Wassem could still use the site, but managers had oversight.

Wassem asked Ferrari for financial compensation to keep working on the page but continued creating content on it for the next four years. Eventually, the company terminated his administration rights. In 2013 he and his father Olivier filed the lawsuit against the business alleging it owes payment over 5,500 hours of work and copyright infringement for taking over the page. They are asking for 10 million Swiss francs ($11.3 million)."

Link to Original Source

+ - U.S. Court: Chinese Search Engine's Censorship Is "Free Speech"->

Submitted by jfruh
jfruh (300774) writes "You will probably not be surprised to learn that Chinese search giant Baidu censors a wide range of content, particularly political material deemed to be pro-democracy — and does so for users everywhere, not just in China. A group of activists filed suit against Baidu in New York for violating free speech laws, but the judge in the case declared that, as a private entity in the United States, Baidu has the right to provide whatever kind of search results it wants, even for political reasons."
Link to Original Source

+ - Are the backdoors to flash memory reserve pools? 1

Submitted by hormiga
hormiga (600498) writes "Because flash memory has a relatively limited number of program/erase cycles before failure, wear leveling mechanisms are often employed. These mechanisms sometimes use a pool of reserve blocks, managed by the controller, invisible to the user. There seem to be two consequences of this: (1) erasure is problematic, because the supposedly erased data might be hidden in the reserve pool, and (2) it might be possible to develop a "flash unerase" to recover some portions of accidentally deleted files. The implications for forensics, security, and simple convenience appear obvious.

This line of thinking was prompted by the unintended erasure of a Verbatim USB memory stick, occasioned by a laptop hardware accident. The drive was simply zeroed by the accident, but I suspect from the quickness of the incident that there was not time for the laptop to write zeroes to the memory stick: there may have been activation of a special command channel to the controller. I would like to recover the contents of that device.

I would like to develop a library and utility for the recovery of hidden data from the reserve pool, and for the secure erasure of files and interstitial gaps in the file systems of flash drives, especially for devices such as USB memory sticks. However, I'm not having much success discovering the interfaces available to software. Are there special backdoors or handshakes to access the reserve pools or other features in the flash controllers? Where is this information available?

Naturally, the results and code will be published as FLOSS."

+ - Ferrari's douchbaggery response to years-long fan devotion on Facebook->

Submitted by Bysshe
Bysshe (1330263) writes "Ferrari, having been very successful in offline branding, had a criminal copyright case filed against them by a fan who's built up their most popular Facebook page over the past years. Ferrari took control of the page despite no money ever being made off the page. Ferrari's attitudes are much like the music industry's archaic approach to protecting their intellectual properly. The law (at least in the EU, where Ferrari is based) clearly states that fans have the right and own the intellectual property of their fan pages and yet companies that are highly dependent on fans seem determined to use legal tricks to enforce protectionist attitudes instead of taking the more successful route of accelerating the activities of their fans through clear and enthusiastic support."
Link to Original Source

To write good code is a worthy challenge, and a source of civilized delight. -- stolen and paraphrased from William Safire