Department Of Labor Attack Points To Industry Weaknesses

Posted on by

“This is basically the same pattern that a lot of advanced malware is taking today,” says Srinivas Kumar, CTO of TaaSERA. By taking a multi-stage approach and going after server-side vulnerabilities at legitimate sites, the attackers can be assured that unsuspecting visitors to the site are more likely to trust links redirecting to malware-laden sites, he says.

via Department Of Labor Attack Points To Industry Weaknesses — Dark-Reading

Apparently the Department of Labor’s site was hosting links to malware.  Usually users get hacked by sites hosting compromised  advertisements.

NASA’s system for avoiding collisions with space junk

Posted on by

Potential collisions are flagged for monitoring if there’s simply a high probability of conjunction. Typically, the probability goes down after a couple of additional days of tracking, but in rare cases this doesn’t happen (and, in a few, the probability went up with further monitoring). When the probability doesn’t go down, the software can calculate a maneuver that will reduce the probability of collision to an acceptable level. The solution will take into account other potential hazards as well as mission requirements—some Earth-monitoring satellites can’t orbit above a certain altitude and still perform their jobs.

via Saving Fermi: NASA’s system for avoiding collisions with space junk | Ars Technica.

bcache

Posted on by

Bcache is a Linux kernel block layer cache. It allows one or more fast disk drives such as flash-based solid state drives (SSDs) to act as a cache for one or more slower hard disk drives.

Hard drives are cheap and big, SSDs are fast but small and expensive. Wouldn’t it be nice if you could transparently get the advantages of both? With Bcache, you can have your cake and eat it too.

via bcache.

Passive OS Fingerprinting

Posted on by

Active measures, like those employed by Nmap, are unfortunately not available when doing passive analysis of live traffic or when analyzing previously captured network traffic. Passive analysis requires much more subtle variations in the network traffic to be observed, in order to identify a computer’s OS. A simple but effective passive method is to inspect the initial Time To Live (TTL) in the IP header and the TCP window size (the size of the receive window) of the first packet in a TCP session, i.e. the SYN or SYN+ACK packet.

via Passive OS Fingerprinting – NETRESEC Blog.

Why weren’t the Prenda porn trolls stopped years ago?

Posted on by

Of course, lawyers and litigants use the court system every day as a way to make money; entire business models like patent trolling remain legal, and the lawyers involved aren’t so much as sanctioned. But with Prenda, the difference in Wright’s mind was apparently the target—not companies but individuals, many without much money or court experience. Prenda’s plan, Wright said, was nothing less than a scheme “to plunder the citizenry.”

via Why weren’t the Prenda porn trolls stopped years ago? | Ars Technica.

As for the porn trolling business model, well, it’s not dead yet. But at least it can’t be done this way.

This case has been terribly confusing for me to follow.  The following comment from the comment section sums up the issue with Prenda nicely.

One issue is that lawyers aren’t supposed to misrepresent who their clients are. In this case the lawyers *are* the clients, via numerous shell corporations and offshore trusts designed to obscure that fact. The Prenda attorneys allegedly bought the IP of little-known porn movies for very little money and then set up various bogus organizations to obscure the fact that the attorneys were also the plaintiffs who would benefit from favorable judgments. IANAL but apparently that behavior is frowned upon by law-talking guys.

Last mention of it here was last March.  A lot of work from sites like DieTrollDie and FightCopyrightTrolls went into helping the victims of this extortion.  Here’s a snippet from the latter:

We have been waiting for this moment for a long time. Congratulations to everyone involved, especially Morgan and Nick.

CSS Zen Garden: The Beauty in CSS Design

Posted on by

There is a continuing need to show the power of CSS. The Zen Garden aims to excite, inspire, and encourage participation. To begin, view some of the existing designs in the list. Clicking on any one will load the style sheet into this very page. The HTML remains the same, the only thing that has changed is the external CSS file. Yes, really.

via CSS Zen Garden: The Beauty in CSS Design.

From: 10 Years

Wow. It’s finally happened. The CSS Zen Garden is 10 years old today.

BT Retail Tests Controversial Carrier Grade NAT IP Address Sharing

Posted on by

The technique has been criticised because it imposes certain limits on users by virtue of the fact that their broadband connection no longer has the use of a fixed unique IP address, but is rather sharing an address with other users – in BT’s trial, up to nine other users. This means, for instance, that users can’t serve content to the wider Internet from servers on their home network; and BT admits that it can also affect activities such as online gaming and dynamic DNS services.

via BT Retail Tests Controversial Carrier Grade NAT IP Address Sharing.

Government Lab Reveals It Has Operated Quantum Internet For Over Two Years

Posted on by

The basic idea here is that the act of measuring a quantum object, such as a photon, always changes it. So any attempt to eavesdrop on a quantum message cannot fail to leave telltale signs of snooping that the receiver can detect. That allows anybody to send a “one-time pad” over a quantum network which can then be used for secure communication using conventional classical communication.

via Government Lab Reveals It Has Operated Quantum Internet For Over Two Years | MIT Technology Review.

That may sound limiting but it still allows each node to send a one-time pad to the hub which it then uses to communicate securely over a classical link. The hub can then route this message to another node using another one time pad that it has set up with this second node. So the entire network is secure, provided that the central hub is also secure.

Why Your Startup Should Be Open Source

Posted on by

Rather than staying limited to a small team perhaps even a single developer, fostering an open source community will open the doors to potentially unlimited contributions from other developers, especially ones who happen to use your software; this type of feedback is thus a great indicator of major pain points your users have with your product. Even among your users who aren’t programmers, the GitHub issues system is an incredibly useful tool for tracking bug reports and feature requests.

via Why Your Startup Should Be Open Source – by Peer.fm formerly Napster.fm | citizentekk.

Reasons to believe

Posted on by

It’s time to assume the mantle of Defender of the Faith. I’m going to give you ten arguments for believing P!=NP: arguments that are pretty much obvious to those who have thought seriously about the question, but that (with few exceptions) seem never to be laid out explicitly for those who haven’t. You’re welcome to believe P=NP if you choose. My job is to make you understand the conceptual price you have to pay for that belief.

via Shtetl-Optimized » Blog Archive » Reasons to believe.