Amazon.com website briefly offline, hackers claim credit

Posted on by

The group went on detail how it knocked the front door down (only Amazon.com’s front page was offline), with a large “botnet” or network of thousands of computers working together.

via Amazon.com website briefly offline, hackers claim credit | Fox News.

Interesting.  Looks like a distributed denial of service (DDOS) on the grand daddy of the data center and cloud computing industry.  Amazon was down for only 49 minutes.  It will be interesting to hear the inside baseball techie talk as to how this happened and how Amazon recovered.

Belkin WeMo remote shell and rapid state change exploit

Posted on by

Published on Jan 29, 2013

Belkin WeMo with latest firmware. Able to gain full root access and send commands including changing the state of connected device via flaw in UPnP implementation. Chose a small desk lamp and simple on/off sequence due to safety concerns. Real world this could be a fan or space heater and rapidly turn on/off without limitation. Updates with PoC soon to come.

via Belkin WeMo remote shell and rapid state change exploit – YouTube.

Stuff like this amaze me.  Again.  Just because you can put an IP stack on something doesn’t mean you should!  Below is a video showing how to break in to this device that simply controls an electric outlet.  He uses Backtrack 5 to break in.   Backtrack is a very useful set of security research tools.  The video inspires me to fire up my copy and break into something.  🙂

50 Million Potentially Vulnerable to UPnP Flaws

Posted on by

Between June 1 and Nov. 17, 2012, Rapid7 conducted weekly scans that sent simple service discovery protocUPnPol SSDP requests to each routable IPv4 address. In all, 2.2 percent of all public IPv4 addresses responded to the standard UPnP discovery requests. So, 81 million unique IP addresses responded and, upon deeper probing, researchers determined some 17 million further systems exposed the UPnP simple object access protocol SOAP. This level of exposure was far higher than researchers had expected, according to the report.

via 50 Million Potentially Vulnerable to UPnP Flaws | threatpost.

Yes, that PC cleanup app you saw on TV at 3am is a waste

Posted on by

To highlight just why you and your loved ones should never let these applications anywhere near your PC, we picked one that we have recently seen ads for: MyCleanPC. It’s the archetypal Windows cleanup app—and you probably shouldn’t install it.

via Yes, that PC cleanup app you saw on TV at 3am is a waste | Ars Technica.

There are some useful tips on cleaning your PC in this article.   Like the article advises, I also use Malwarebytes exclusively to scan every now and then if something seems to be running funny.  Being on a monitored wifi allows for my firewall, the gateway between the wifi and Internet, to alert me of any funny communication coming from my PC.  I have some other unconventional PC security advice that I may provide in a future post once I can put together all my thoughts into a coherent package.

EVE Online’s Battle of Asakai: who was involved, the stakes, and the aftermath

Posted on by

The cause

A single misclick.

No, really: A Titan pilot beneath the Cluster banner was attempting a “bridge”—using a ship to act as an artificial warp corridor for other ships—to Asakai VI when he accidentally warped himself straight into a very surprised Pandemic Legion fleet. The pilot, named Dabigredboat, immediately came under heavy attack as the Legion pounced on the extremely valuable ship.

via EVE Online’s Battle of Asakai: who was involved, the stakes, and the aftermath | News | PC Gamer.

I sometimes find the drama in these MMORPG fascinating and Eve Online usually has the best stories.  The cynical side of me suspects this might have been staged as a marketing promotion.   I hear nothing but good things about Eve Online however.

5 years after major DNS flaw is discovered, few US companies have deployed long-term fix

Posted on by

Network World – Five years after the disclosure of a serious vulnerability in the Domain Name System dubbed the Kaminsky bug, only a handful of U.S. ISPs, financial institutions or e-commerce companies have deployed DNS Security Extensions (DNSSEC ) to alleviate this threat.

via 5 years after major DNS flaw is discovered, few US companies have deployed long-term fix.

DVR Insecurity

Posted on by

tl;dr; A whole slew of security dvr devices are vulnerable to an unauthenticated login disclosure and unauthenticated command injection.

via consolecowboys: Swann Song – DVR Insecurity.

Interesting read.  Obviously, a device like a DVR should be placed inside a NAT and possibly have its traffic monitored at the firewall.  Then if port 9000 is open for telnet you just have to worry about an attack from with access to the LAN — not the entire Internet.

New video codec to ease pressure on global networks

Posted on by

The new codec will considerably ease the burden on global networks where, by some estimates, video accounts for more than half of bandwidth use. The new standard, known informally as ‘High Efficiency Video Coding’ (HEVC) will need only half the bit rate of its predecessor, ITU-T H.264 / MPEG-4 Part 10 ‘Advanced Video Coding’ (AVC), which currently accounts for over 80 per cent of all web video. HEVC will unleash a new phase of innovation in video production spanning the whole ICT spectrum, from mobile devices through to Ultra-High Definition TV.

via New video codec to ease pressure on global networks.

Docsis 3.1 Rides the Wireless Wave

Posted on by

OFDM will provide Docsis with a new order of bandwidth efficiency, but it also offers some sound business reasons for cable to adopt it. OFDM, already used for Wi-Fi and Long Term Evolution (LTE), could lead to better economies of scale and get more vendors interested in the cable market, explained Daniel Howard, the SVP of engineer and CTO at Society of Cable Telecommunications Engineers (SCTE), during a webcast earlier this month on the topic (SCTE is tasked with helping the cable industry get trained up for Docsis 3.1). (See Setting the Stage for Docsis 3.1.)

via Light Reading – Docsis 3.1 Rides the Wireless Wave.

Lots of interesting info on OFDM in this article.  I find it amazing how creative people get in squeezing not just more bandwidth, but orders of magnitude more bandwidth, using the same physical outside plant infrastructure.

DOSBoxWiki

Posted on by

DOSBox emulates an Intel x86 PC, complete with sound, graphics, mouse, joystick, modem, etc., necessary for running many old MS-DOS games that simply cannot be run on modern PCs and operating systems, such as Microsoft Windows XP, Windows Vista, Linux and FreeBSD. However, it is not restricted to running only games. In theory, any MS-DOS or PC-DOS (referred to commonly as “DOS”) application should run in DOSBox, but the emphasis has been on getting DOS games to run smoothly, which means that communication, networking and printer support are still in early development.

via DOSBoxWiki.

Not sure if I’ll ever need to use this but it’s nice to know it exists.  I read that they even ported this onto an Android platform.  I encountered DOSBox from this slashdot article.  Someone is running Windows 3.1 on their Android tablet so they can run a 1996 version of  Photoshop.