Forgot your password?
typodupeerror

+ - Home Depot's credit cards may have been hacked ->

Submitted by criticalmass24
criticalmass24 (759213) writes "A massive batch of credit and debit card information that went on sale on a criminal Internet site Tuesday may be from Home Depot stores and could be linked to hackers previously responsible for breaches at Target and P.F. Chang’s, security experts say.

The credit card information was first offered up for sale Tuesday on an underground site that trafficks in stolen financial information, security author Brian Krebs reported on his blog, Krebsonsecurity.com."

Link to Original Source

Comment: Re:Details? (Score 2) 297

by pdclarry (#47037531) Attached to: Cisco Complains To Obama About NSA Adding Spyware To Routers

I don't know if we ever will receive the precise details of this NSA operation, but I would still like to know:

1) How was the integrity of the shipping chain tainted? At which point NSA grabbed the devices and who allowed them to do this?

2) What does this "spyware" do, and does this mean a modified system firmware or something else?

Most of that is covered in Greenwald's book, and also in the NSA documents that have been released. The specific physical interception point is not described, but the modified firmware is. Once the router goes into service it "phones home" periodically and allows NSA to send monitoring instructions.

+ - Cisco complains to Obama about NSA adding spyware to routers

Submitted by pdclarry
pdclarry (175918) writes "Glenn Greenwald's book No Place to Hide reveals that the NSA intercepts shipments of networking gear destined for overseas and adds spyware. Cisco has responded by asking the President to intervene and stop this practice, as it has severely hurt their non-US business, with shipments to other countries falling from 7% for emerging countries to over 25% for Brazil and Russia."

+ - AOL finally admits they were hacked

Submitted by pdclarry
pdclarry (175918) writes "Anyone managing email servers or lists has suspected for several weeks a major hack of AOL's servers, based on a sudden spurt in spam ostensibly from AOL email addresses (but actually spoofed) and sent to the contact lists of those AOL accounts. Of course, there is a steady stream of such spam from hacked individual accounts on many services, but the magnitude and suddenness of the most recent spam attack argues against individual account invasions.

Well, AOL has finally come clean. Apparently individuals unknown accessed AOL's servers and took screen names, account information including mailing addresses, contact lists, encrypted passwords and encrypted answers to security questions. And possibly credit card information. AOL claims that it affects "only" 2% of their members, but recommends that everyone change their passwords and security questions."

Comment: Re:Back when the Internet Mail Consortium was a th (Score 4, Informative) 83

by pdclarry (#46710035) Attached to: Yahoo DMARC Implementation Breaks Most Mailing Lists

The thing to do here is to fix the MLM software to use the correct additional headers, rather than rewriting the headers the DMARC policy feels are important; in addition, this would allow the DMARC policy to "whitelist" based on the attached headers, assuming everything else wasn't a black mark, and avoid the "greylisting" that would happen ordinarily with most SPAM filtering systems in "medium posture" rather than "low posture" (i.e. the ones that have the concept of "suspect email" as a middle ground).

I think you will find that most MLM software uses correct additional headers. At least listserv and mailman (for the lists that I manage) do. We've been playing nicely with ISPs for years on our lists, we create no spam (once we fixed the bounceback spam problem 3 years ago) and generally are among the more well-behaved email users around. The problem is that Yahoo's implementation of DMARC is not using the additional headers. All it looks at is From.

Comment: Re:Am I understanding this correctly? (Score 3, Insightful) 83

by pdclarry (#46708585) Attached to: Yahoo DMARC Implementation Breaks Most Mailing Lists

It's not blocking relayed mail in the usual sense. Most mailing lists use the original poster's email address as the FROM field so everyone on the list knows who posted the message. The SENDER field contains the actual list address. And that should match the sending server's IP address. So reverse DNS and SPF (and DKIM if enabled) will validate the SENDER as the list server software. The REPLY TO will be either the list or the original poster, depending on list policy. DMARC requires that the FROM field also match the sending server, and ignores SPF and DKIM.

+ - Yahoo DMARC implementation breaks most mailing lists

Submitted by pdclarry
pdclarry (175918) writes "On April 8 Yahoo implemented a new DMARC policy that essentially bars any Yahoo user from accessing mailing lists hosted anywhere except on Yahoo and Google. While Yahoo is the initiator, it also affects Comcast, ATT, Rogers, SBGlobal and several other ISPs. Internet Engineering Council expert John R. Levine, specialing in email infrastructure and spam filtering claimed in a post “Yahoo breaks every mailing list in the world including the IETF's.” on the Internet Engineering Task Force (IETF) list.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a two year old proposed standard previously discussed on Slashdot that is intended to curb email abuse, including spoofing an phishing. Unfortunately, as implemented by Yahoo, it claims most mailing list users as collateral damage. Messages posted to mailing lists (including listserv, mailman, majordomo, etc) by Yahoo subscribers are blocked when the list forwards them to other Yahoo (and other participating ISP's) subscribers. List members not using Yahoo or its partners are not affected and will receive posts from Yahoo users. And posts from non-Yahoo users are delivered to Yahoo members. So essentially those suffering the most are Yahoo's (comcast's, att's, etc) own customers. Hacker News has details about why DMARC has this affect on mailing lists. Their best proposed solution is to ban Yahoo email users from mailing lists and encourage them to switch to other ISPs. Unfortunately, it isn't just Yahoo, although they are getting the most attention."

Comment: Re:Totally pointless. (Score 1) 197

by pdclarry (#46336673) Attached to: US Carriers Said To Have Rejected Kill Switch Technology Last Year

The second way, and probably a preferable one, is to make the bricking recoverable by the end user, who must enter a password that they chose for their phone to unbrick the device. The password should not be of any pre-determinable length so that a hacker who wanted to unbrick the phone would not even know what the domain to try to guess the password by brute force might be. Ideally, such a password should not get reset simply by changing the sim card in the device, and changing it would require that the old password be entered first.

A bricked phone would be utterly useless for virtually any task... even using the apps that might be installed on it... the only thing it would be able to do is call emergency/911, which would remove much of the incentive to bother to steal phones.

That's exactly the way Activation Lock on the iPhone works. The lock is actually in Apple's activation servers and tied to the owner's iCloud ID and password, so wiping the phone does not get around the lock. When its serial number attempts to re-activate the phone it fails to activate. The only way around it is to know the owner's Apple ID and password. So having a secure password is an essential element in securing an iPhone, iPad or Mac (Activation lock works with all of them).

Comment: Re:Faster to AWS than Linode (Score 1) 213

by pdclarry (#46211871) Attached to: Reason To Hope Carriers Won't Win the War On Netflix

I'm on FIOS with their 50 down/25 up plan. Linode in Newark is 48Mbps, AWS East is 60Mbps. Just saying that a particular path is slow doesn't mean that it's Verizon interfering - it's more likely something else that's causing the problem.

I was able to duplicate your results with my FIOS 50 down/35 up plan). Speed to AWS was FASTER than the benchmark speed test (60 Mbps for AWS, 48 for the benchmark, 50 Mbps for Linode). If this is throttling they're doing it wrong. I repeated it several times and got similar results.

Comment: Re:I don't (Score 2) 64

by pdclarry (#44069763) Attached to: Developers Rolling Out Pebble Smartwatch Apps

If you want a gimmick watch Casio will do you a nice one for about $30 but I have to warn you that the days of digital watches being cool ended in about 1980 so you won't be getting any Hipsters putting down their skinny lattes in shock and envy by buying a Pebble either.

"The days of the digital [watch] are numbered"
                      - Tom Stoppard, the original script of The Real Thing
                          (he dropped the line in later revisions)

+ - Microwave your iPhone to charge it? People fall for this hoax!

Submitted by pdclarry
pdclarry (175918) writes "As reported by Knight News, A series of posts on the Internet claim that you can charge your iphone by microwaving it for 1 minute. Apparently some users have fallen for it, despite Snopes debunking the claim. There's even been a post Apple's support forums, perhaps showing that you can't underestimate the intelligence of Internet users. Don't try this at home, folks."

+ - Scientists resolve a 3.5 billion-year-old mystery of life->

Submitted by vinces99
vinces99 (2792707) writes "Most astrobiologists believe that life in some form is likely to exist away from Earth. But new research demonstrates that life as we know it on Earth might never have come to exist at all if not for a key element delivered to the planet by meteorites billions of years ago. Scientists at the University of Washington and the University of South Florida found that during the Hadean and Archean eons, the heavy bombardment by meteorites provided reactive phosphorus essential for creating the earliest life on Earth. When released in water, that reactive phosphorus could be incorporated into prebiotic molecules, and the researchers documented its presence in early Archean limestone, showing it was abundant some 3.5 billion years ago."
Link to Original Source

+ - Internet payment processor Liberty Reserve accused of laundering $6 Bn

Submitted by pdclarry
pdclarry (175918) writes "Liberty Reserve, apparently the Internet bank of choice for criminals, as reported by NY Times and other sources including Wired and Business Week, has been shut down. Liberty Reserve, incorporated in Costa Rica in 2006, “facilitated global criminal conduct” and was created and structured “as a criminal business venture, one designed to help criminals conduct illegal transactions and launder the proceeds of their crimes,” Manhattan U.S. Attorney Preet Bharara said in an indictment unsealed today. The Liberty Reserve site has been seized by the US government. Chatter on criminal web sites show a rising sense of panic as fortunes have disappeared in an instant."

When the weight of the paperwork equals the weight of the plane, the plane will fly. -- Donald Douglas

Working...