‘Unparticles’ May Hold The Key To Superconductivity, Say Physicists

In very simple terms, when that happens, material properties such as resistance no longer depend on the length scales involved. So if electrons move without resistance on a tiny scale, they should also move without resistance on much larger scales too. Hence the phenomenon of superconductivity.

“We have described how it is possible for unparticles in strongly correlated matter to mediate superconductivity,” say LeBlanc and Grushin.

via ‘Unparticles’ May Hold The Key To Superconductivity, Say Physicists — The Physics arXiv Blog — Medium.

Over a Billion Passwords Stolen?

As expected, the hype is pretty high over this. But from the beginning, the story didn’t make sense to me. There are obvious details missing: are the passwords in plaintext or encrypted, what sites are they for, how did they end up with a single criminal gang? The Milwaukee company that pushed this story, Hold Security, isn’t a company that I had ever heard of before. I was with Howard Schmidt when I first heard this story. He lives in Wisconsin, and he had never heard of the company before either. The New York Times writes that “a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic,” but we’re not given any details. This felt more like a PR story from the company than anything real.

via Schneier on Security: Over a Billion Passwords Stolen?.

From: Krebs on Security in an article entitled Q&A on the Reported Theft of 1.2B Email Accounts

These actors — mostly spammers and malware purveyors (usually both) — focus on acquiring as many email addresses and account credentials as they can. Their favorite methods of gathering this information include SQL injection (exploiting weaknesses in Web sites that can be used to force the site to cough up user data) and abusing stolen credentials to steal even more credentials from victim organizations.

Overall Krebs trusts some researcher who claims to have seen this data first hand.  According to Krebs:

I’ve known Hold Security’s Founder Alex Holden for nearly seven years.

and

Alex isn’t keen on disclosing his methods, but I have seen his research and data firsthand and can say it’s definitely for real.

Wikipedia’s monkey selfie ruling is a travesty for the world’s monkey artists

9uv7yL0m

The “monkey selfie” in question is a diamond in the mud: a truly remarkable portrait, perfectly focused and strategically positioned to capture a mischievous yet vulnerable smile. If that macaque had an Instagram account she’d have, like, a million followers.

But she doesn’t, and the sorry state of our copyright law – as interpreted by the Copyright Office and exploited by Wikipedia – is to blame. Due to the backwards treatment of animal creators everywhere, monkey art (and monkey photography in particular) continues to languish. How is an aspiring monkey photographer supposed to make it if she can’t stop the rampant internet piracy of monkey works?

via Wikipedia’s monkey selfie ruling is a travesty for the world’s monkey artists | Sarah Jeong | Comment is free | theguardian.com.

It is an incontrovertible fact that a society with more monkey selfies is better than a society with none, so, as long as monkeys are denied copyright, we all lose.

Rosetta arrives at comet destination

“After ten years, five months and four days travelling towards our destination, looping around the Sun five times and clocking up 6.4 billion kilometres, we are delighted to announce finally ‘we are here’,” says Jean-Jacques Dordain, ESA’s Director General.

“Europe’s Rosetta is now the first spacecraft in history to rendezvous with a comet, a major highlight in exploring our origins. Discoveries can start.”

via Rosetta arrives at comet destination / Rosetta / Space Science / Our Activities / ESA.

From: Re-Live the excitement

For those of you who couldn’t follow the live streamed event this morning, here’s a short summary of what happened here at ESA’s European Space Operations Centre in Darmstadt at the Rosetta Rendezvous event. A full replay of the livestream can be found here.

A couple of pics here.

Previous coverage of it waking up here and of it having its software upgraded here.

SynoLocker demands 0.6 Bitcoin to decrypt Synology NAS devices

It’s not clear yet how SynoLocker’s operators installed the malware, for example, if they had exploited a vulnerability in Synology devices. CSO Australia has asked Synology for comment and will update the story if it receives one.

According to the victim, Synology’s support team are interested in hearing from victims who have not reinstalled its Linux-based DiskStation Manager NAS operating system. Synology’s NAS devices were hit late last year by scammers looking to use their compute power to mine several cryptocurrencies, including Bitcoin.

via SynoLocker demands 0.6 Bitcoin to decrypt Synology NAS devices – CSO | The Resource for Data Security Executives.

Having proper backups would thwart this attack.  Simply wipe the box and rebuild the NAS.

Ed, man! !man ed

When I log into my Xenix system with my 110 baud teletype, both vi and Emacs are just too damn slow. They print useless messages like, ‘C-h for help’ and ‘“foo” File is read only’. So I use the editor that doesn’t waste my VALUABLE time.

Ed, man!  !man ed

via Ed, man! !man ed- GNU Project – Free Software Foundation (FSF).

When IBM, in its ever-present omnipotence, needed to base their “edlin” on a Unix standard, did they mimic vi? No. Emacs? Surely you jest. They chose the most karmic editor of all. The standard.

Ed is for those who can remember what they are working on. If you are an idiot, you should use Emacs. If you are an Emacs, you should not be vi. If you use ED, you are on THE PATH TO REDEMPTION. THE SO-CALLED “VISUAL” EDITORS HAVE BEEN PLACED HERE BY ED TO TEMPT THE FAITHLESS. DO NOT GIVE IN!!! THE MIGHTY ED HAS SPOKEN!!!

Create an Army of Raspberry Pi Honeypots on a Budget

Organizations typically focus on monitoring inbound and outbound network traffic via firewalls, yet ignore internal network traffic due to the complexity involved. In the scenario above, a firewall will not protect or alert us.

By running honeypots on our internal network, we are able to detect anomalous events. We gain awareness and insight into our network when network hosts interact with a Raspberry Pi honeypot sensor. Since there isn’t a good reason to interact with it (since it doesn’t do anything), activity on the Raspberry Pi is usually indicative of something roaming around our network and a possible security breach.

via Create an Army of Raspberry Pi Honeypots on a Budget | ThreatStream.

Multipath TCP Introduces Security Blind Spot

MPTCP is an extension to the Internet’s primary communication protocol. It allows a TCP session to move over multiple connections and network providers to the same destination. Should one drop, the session seamlessly moves to its second, backup connection, keeping phone calls or Internet sessions alive.

via Black Hat 2014: Multipath TCP Introduces Security Blind Spot | Threatpost | The first stop for security news.

“Technology like MPTCP makes it much harder for surveillance states,” Pearce said. “If I split traffic across my cell provider and an ISP I may not trust, in order for a surveillance state to snoop they have to collaborate with all these parties. It’s a much harder proposition.”

A Fictional Compression Metric Moves Into the Real World

It seems that someone would have come up with such a metric by now. But, says Weissman, “there are two communities: the practitioners, who care about running time, and the theoreticians, who care about how succinctly you can represent the data and don’t worry about the complexity of the implementation.” As a result of this split, he says, no one had yet combined, in a single number, a means of rating both how fast and how tightly an algorithm compresses.

Misra came up with a formula (photo above), incorporating both. Along with existing benchmarks the formula creates a metric that the show writers tagged the “Weissman Score.” It’s not a fictional metric: although it didn’t exist before Misra created it for the show, it works and may soon find use in the real world.

via A Fictional Compression Metric Moves Into the Real World – IEEE Spectrum.

Service Drains Competitors’ Online Ad Budget

The service, which appears to have been in the offering since at least January 2012, provides customers both a la carte and subscription rates. The prices range from $100 to block between three to ten ad units for 24 hours to $80 for 15 to 30 ad units. For a flat fee of $1,000, small businesses can use GoodGoogle’s software and service to sideline a handful of competitors’s ads indefinitely. Fees are paid up-front and in virtual currencies (WebMoney, e.g.), and the seller offers support and a warranty for his work for the first three weeks.

via Service Drains Competitors’ Online Ad Budget — Krebs on Security.