Forgot your password?

Comment: Re:Why do you want pieces of plastic (Score 1) 338

by theskipper (#47508295) Attached to: Netflix Reduces Physical-Disc Processing, Keeps Prices the Same

You mean because of the torrent option? Can't speak for others but personally I don't fall into the hyperactive content consumer category. With a little priming of the queue, it's easy to plan to ahead and just get the disk instead of messing with a seedbox or other vpn option. And if I mess up and don't get a disk for Friday night, there always seems to be something worth watching via streaming for an hour or two.

So for less than $20 a month including the streaming option it's a pretty good deal for access just about every movie or series out there. Especially for cord cutters (raises hand).

Comment: Re:For those that don't know: (Score 3, Informative) 112

by theskipper (#47496321) Attached to: Domain Registry of America Suspended By ICANN

I doubt a registrar would sell their internal customer billing database to an entity whose sole purpose is to take their business away. If you want to speculate, try this. When DROA scraped whois for targets, they filtered by Godaddy customers instead of Fabulous or Moniker. The thought being that more average Joes use GD and therefore easier to fool.

On the other hand it doesn't mean they didn't target the lesser known registrars. I've gotten plenty of DROA scam letters targeted toward my domains in the small registrars.

IOW, I don't think you can draw a conclusion that they filtered by registrar. If they did target, it would make sense to blanket those whois records with an organization name (i.e. formal businesses). And the bigger the better so it has a chance of hitting AP in accounting. Getting a $500 renewal on 5 years is much more likely to happen in that scenario.


Critroni Crypto Ransomware Seen Using Tor for Command and Control 122

Posted by samzenpus
from the protect-ya-neck dept.
Trailrunner7 writes There's a new kid on the crypto ransomware block, known as Critroni, that's been sold in underground forums for the last month or so and is now being dropped by the Angler exploit kit. The ransomware includes a number of unusual features and researchers say it's the first crypto ransomware seen using the Tor network for command and control.

The Critroni ransomware is selling for around $3,000 and researchers say it is now being used by a range of attackers, some of whom are using the Angler exploit kit to drop a spambot on victims' machines. The spambot then downloads a couple of other payloads, including Critroni. Once on a victim's PC, Critroni encrypts a variety of files, including photos and documents, and then displays a dialogue box that informs the user of the infection and demands a payment in Bitcoins in order to decrypt the files.

"It uses C2 hidden in the Tor network. Previously we haven't seen cryptomalware having C2 in Tor. Only banking trojans," said Fedor Sinitsyn, senior malware analyst at Kaspersky Lab, who has been researching this threat. "Executable code for establishing Tor connection is embedded in the malware's body. Previously the malware of this type, this was usually accomplished with a Tor.exe file. Embedding Tor functions in the malware's body is a more difficult task from the programming point of view, but it has some profits, because it helps to avoid detection, and it is more efficient in general."

Comment: Re:Really? (Score 2) 125

by theskipper (#47488193) Attached to: FTC To Trap Robocallers With Open Source Software

Heh, you're more devious than me. No, there's no limit but I suspect there will be some blowback if you start doing that. I just wanted a simple way of breaching their defenses, winning a battle vs. the war so to speak. Like the last act of defiance. Most people see the fake caller id, put a post on 800notes, and figure there's nothing they can do.

And it should be noted that this really only works against business services like merchant processing and SEO, getting past Rachel's defenses is probably different. That scam has a simple goal of getting the credit card number at all costs. Once they've got it they've succeeded; I suspect there's little need to field incoming calls.

But a crowdsourced project towards gathering target numbers/info about Rachel would be interesting. Like what anonymous does, with the sole purpose of exposing her inner sanctum.

Comment: Re:I always come here for the gnashing of teeth (Score 1) 152

by theskipper (#47487193) Attached to: Dell Starts Accepting Bitcoin

Bullshit. I was talking about adopting critical mass by the general population, not wall street.

In 95 when Netscape was climbing there was nothing but negativity. The media was saturated with stuff like what's the internet good for, the stock price is absurd, browsers are clunky and crash all the time, any search engine was limited to a small set of sites (rings), usenet is a haven for porn/bins, I'd never trust putting my credit card in a browser. Probably another 10 things on top of that.

Even Ebay was surrounded with extreme negativity when it IPOed in late '98. Why would anyone want to pay for someone else's junk and pay shipping to boot? Amazon was criticized as never being able to compete against bricks and mortar, why pay for a book to be shipped when I can go to the mall and buy it now?

The negativity among the general population slowly waned during 98-99 when the infrastructure was built out enough for people to realize that really useful stuff could be done on the internet. That was the point of the analogy in my original post.

Comment: Re:Really? (Score 4, Interesting) 125

by theskipper (#47487005) Attached to: FTC To Trap Robocallers With Open Source Software

If you're the type willing to spend time messing with them, consider adding this to your arsenal:

If you have Callcentric or another VOIP provider, you then have the option to create call treatments for forwarding a good percentage of telemarketing calls to any number you want, including the telemarketers themselves.

For example, one of the ways I get target numbers to forward to, is by responding to the Google SEO guys then pretend to be cut off mid conversation. When they call back since they think they have a good lead, the caller ID (surprisingly) is almost always a valid number to the call center. That's the target number. Even just faking an emergency and asking for their number so you can call them back usually works. Once you have that, Bob's your uncle since there's not much reason for them to change their block of unpublished incoming numbers.

Then it's simply a matter of going into the dashboard, creating a forwarding treatment of all obvious caller ids (i.e. any 800*, anonymous, +1, etc.) to the target number and voila, the call center gets hit with all my forwarded telemarketing calls transparently. And of course forward the target number back to itself, or even better, another target.

The best way is if you can whitelist your incoming calls and simply forward any non-matching numbers, especially since most telemarketing calls these days use a random out-of-area code caller id number. Not realistic if you're running a business but for personal lines you can whitelist the area codes you might expect valid calls to come from.

Obviously this doesn't work all the time. But when it does, it's pretty satisfying to check the online report at the end of the week to see all the forwarded calls that transparently went to Raj and Rachel. My way of paying forward the opportunity to lower their interest rates.

Comment: Re:I always come here for the gnashing of teeth (Score 1) 152

by theskipper (#47486019) Attached to: Dell Starts Accepting Bitcoin

Well said. There was the same kind of negativity back in the 90's when the internet as a whole was taking off. The ones who missed out gradually turn from whining to reluctantly adopting, then it went mainstream like it was perfectly natural from the get-go.

The same will happen with digital currency. The mentality is not unlike the stock market. The ones who whine the most are the ones who didn't expend the effort to understand stuff early and therefore missed out. It's happened before and will happen again, there's a perfect example right here in this thread.

Comment: Re:Black hole? (Score 1) 277

by theskipper (#47472119) Attached to: Sony Forgets To Pay For Domain, Hilarity Ensues

It looks like that is specifically tied to using false whois info if there is a subsequent copyright or trademark infringement, not if Joe Average decides to put 123 Main St. as his contact address. Seems like the law is a tool that can be used to help prosecution of Lanham violations (there probably aren't many criminals who keep their whois info up to date ;)

Here's the text copied from wikia:

"Fraudulent Online Identity Sanctions Act, Tit. II of the Intellectual Property Protection and Courts Amendments Act of 2004, Pub. L. No. 108-482, 118 Stat. 3912, 3916 (Dec. 23, 2004).
Overview Edit

This Act increases criminal penalties for those who submit false contact information when registering a domain name that is subsequently used to commit a crime or engage in copyright or trademark infringement."

If it's broader than that then please correct me (IANAL).

Comment: Re:Black hole? (Score 4, Informative) 277

by theskipper (#47471909) Attached to: Sony Forgets To Pay For Domain, Hilarity Ensues

There's no law per se, but there is a recent ICANN requirement called "Whois Accuracy Data Specification". It requires registrars to contact the registrant and click an emailed link as validation that their whois info is correct. The domain can be suspended if the validation isn't done within 15 days.

The intent is good but the implementation is pretty mindboggling. They're expecting every owner of a domain name to check that the email sent to them is not a phishing that's supposed to work reliably is anyone's guess.

So, yeah, owners are supposed to verify to the registrars that the info is accurate which you could say is "ICANN's law". But not legally. Here's one of many articles that goes deeper into the issue:

+ - Coming Soon(ish) From LG: Transparent, Rollup Display->

Submitted by jfruh
jfruh (300774) writes "Korean electronics manufacturer LG has shown off experimental see-through, roll-up displays, paper thin and flexible and capable of letting through about 30% of the light that strikes it. The company is eager to sell the concept and promises it'll be arriving soon, though they've shown of similar (though less capable) technology over the past few years and have yet to bring any products to market."
Link to Original Source

+ - Three-Year Deal Nets Hulu Exclusive Rights to South Park-> 1

Submitted by gunner_von_diamond
gunner_von_diamond (3461783) writes "From the PC Mag Article:
If you're a fan of South Park, you better be a fan of Hulu as well. Specifically, Hulu Plus.
The creators of the funny, foul-mouthed animated TV show have signed a deal with the online streaming service. Valued at more than $80 million, the three-year deal grants Hulu exclusive rights to stream the 240+ episode back catalog of South Park in addition to all new episodes (as soon as they've aired on Comedy Central). "This is a natural partnership for us. We are excited that the entire library will be available on Hulu and that the best technology around will power South Park Digital Studios," said creators Trey Parker and Matt Stone, in a statement."

Link to Original Source

+ - Critical Vulnerabilities In Web-Based Password Managers Found

Submitted by Anonymous Coward
An anonymous reader writes "A group of researchers from University of California, Berkeley, have analyzed five popular web-based password managers and have discovered — and then responsibly reported — vulnerabilities that could allow attackers to learn a user’s credentials for arbitrary websites. The five password managers they analyzed are LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword, and they did it to evaluate their security in practice, and to provide pointers to "guide the design of current and future password managers.""
The Almighty Buck

Predicting a Future Free of Dollar Bills 753

Posted by samzenpus
from the your-money-is-no-good-here dept.
An anonymous reader writes with this story about how a cashless society might work and how far-off in the future it is. "...We're not there yet, but a cashless society is not as fanciful as it seems. Recent research suggests that many believe we will stop using notes and coins altogether in the not-too-distant future. New payments technologies are rapidly transforming our lives. Today in the U.S., 66 percent of all point-of-sale transactions are done with plastic, while in the U.K. it's just under half. But while a truly cashless society is some time away yet, there is raft of groundbreaking technologies that will make cash a mere supporting act in the near future."

What ever you want is going to cost a little more than it is worth. -- The Second Law Of Thermodynamics