SynoLocker demands 0.6 Bitcoin to decrypt Synology NAS devices

Posted on August 5, 2014 by mea

It’s not clear yet how SynoLocker’s operators installed the malware, for example, if they had exploited a vulnerability in Synology devices. CSO Australia has asked Synology for comment and will update the story if it receives one.

According to the victim, Synology’s support team are interested in hearing from victims who have not reinstalled its Linux-based DiskStation Manager NAS operating system. Synology’s NAS devices were hit late last year by scammers looking to use their compute power to mine several cryptocurrencies, including Bitcoin.

via SynoLocker demands 0.6 Bitcoin to decrypt Synology NAS devices – CSO | The Resource for Data Security Executives.

Having proper backups would thwart this attack. Simply wipe the box and rebuild the NAS.

Ed, man! !man ed

Posted on August 3, 2014 by mea

When I log into my Xenix system with my 110 baud teletype, both vi and Emacs are just too damn slow. They print useless messages like, ‘C-h for help’ and ‘“foo” File is read only’. So I use the editor that doesn’t waste my VALUABLE time.

Ed, man! !man ed

via Ed, man! !man ed- GNU Project – Free Software Foundation (FSF).

When IBM, in its ever-present omnipotence, needed to base their “edlin” on a Unix standard, did they mimic vi? No. Emacs? Surely you jest. They chose the most karmic editor of all. The standard.

Ed is for those who can remember what they are working on. If you are an idiot, you should use Emacs. If you are an Emacs, you should not be vi. If you use ED, you are on THE PATH TO REDEMPTION. THE SO-CALLED “VISUAL” EDITORS HAVE BEEN PLACED HERE BY ED TO TEMPT THE FAITHLESS. DO NOT GIVE IN!!! THE MIGHTY ED HAS SPOKEN!!!

Create an Army of Raspberry Pi Honeypots on a Budget

Posted on August 2, 2014 by mea

Organizations typically focus on monitoring inbound and outbound network traffic via firewalls, yet ignore internal network traffic due to the complexity involved. In the scenario above, a firewall will not protect or alert us.

By running honeypots on our internal network, we are able to detect anomalous events. We gain awareness and insight into our network when network hosts interact with a Raspberry Pi honeypot sensor. Since there isn’t a good reason to interact with it (since it doesn’t do anything), activity on the Raspberry Pi is usually indicative of something roaming around our network and a possible security breach.

via Create an Army of Raspberry Pi Honeypots on a Budget | ThreatStream.

Multipath TCP Introduces Security Blind Spot

Posted on August 1, 2014 by mea

MPTCP is an extension to the Internet’s primary communication protocol. It allows a TCP session to move over multiple connections and network providers to the same destination. Should one drop, the session seamlessly moves to its second, backup connection, keeping phone calls or Internet sessions alive.

via Black Hat 2014: Multipath TCP Introduces Security Blind Spot | Threatpost | The first stop for security news.

“Technology like MPTCP makes it much harder for surveillance states,” Pearce said. “If I split traffic across my cell provider and an ISP I may not trust, in order for a surveillance state to snoop they have to collaborate with all these parties. It’s a much harder proposition.”

A Fictional Compression Metric Moves Into the Real World

Posted on July 28, 2014 by mea

It seems that someone would have come up with such a metric by now. But, says Weissman, “there are two communities: the practitioners, who care about running time, and the theoreticians, who care about how succinctly you can represent the data and don’t worry about the complexity of the implementation.” As a result of this split, he says, no one had yet combined, in a single number, a means of rating both how fast and how tightly an algorithm compresses.

Misra came up with a formula (photo above), incorporating both. Along with existing benchmarks the formula creates a metric that the show writers tagged the “Weissman Score.” It’s not a fictional metric: although it didn’t exist before Misra created it for the show, it works and may soon find use in the real world.

via A Fictional Compression Metric Moves Into the Real World – IEEE Spectrum.

Service Drains Competitors’ Online Ad Budget

Posted on July 27, 2014 by mea

The service, which appears to have been in the offering since at least January 2012, provides customers both a la carte and subscription rates. The prices range from $100 to block between three to ten ad units for 24 hours to $80 for 15 to 30 ad units. For a flat fee of $1,000, small businesses can use GoodGoogle’s software and service to sideline a handful of competitors’s ads indefinitely. Fees are paid up-front and in virtual currencies (WebMoney, e.g.), and the seller offers support and a warranty for his work for the first three weeks.

via Service Drains Competitors’ Online Ad Budget — Krebs on Security.

The Problem with Apple and eBooks

Posted on July 26, 2014 by mea

Apple would sell more music if they released an Android app, and the same can be said for movies and ebooks. But Apple hasn’t done so, and I think it’s time to acknowledge that the strategy is working for Apple.

That is especially true in the case of ebooks. By my estimate, Apple sells more ebooks than B&N.

via The Problem with Apple and eBooks, Redux | The Digital Reader.

Level 3’s Selective Amnesia on Peering

Posted on July 23, 2014 by mea

Fortunately, Verizon and Netflix have found a way to avoid the congestion problems that Level 3 is creating by its refusal to find “alternative commercial terms.” We are working diligently on directly connecting Netflix content servers into Verizon’s network so that we both can keep the interests of our mutual customers paramount.

via Level 3’s Selective Amnesia on Peering | Verizon Public Policy.

Help Us Build an Open Wireless Router

Posted on July 22, 2014 by mea

EFF is releasing an experimental hacker alpha release of wireless router software specifically designed to support secure, shareable Open Wireless networks.

via Calling All Hackers: Help Us Build an Open Wireless Router | Electronic Frontier Foundation.

Biggest “patent troll” slapped down hard by appeals court

Posted on July 20, 2014 by mea

The patent also contains a method claim, but it “recites a process of taking two data sets and combining them into a single data set,” the judges noted. “Without additional limitations, a process that employs mathematical algorithms to manipulate existing information to generate additional information is not patent eligible,” wrote the judges.

The language used seems like a fairly broad application of the new Section 101 law. If the logic is used by other appeals and district court judges, it suggests that the results from Alice v. CLS Bank could invalidate a wide range of software-based patents.

via Biggest “patent troll” slapped down hard by appeals court | Ars Technica.

Bucktown Bell

Cut to the chase.