Only a quarter of the drives we’re tracking cost less now than they did before the flooding. A couple have come full circle, but the vast majority have higher prices.
via Hard drive prices one year after the flood – The Tech Report – Page 1.
Persistent Threat Detection on a Budget
It’s staggering to me how few security teams have gotten wise to regularly interrogating the logs from their recursive DNS servers. In many ways DNS logging can be considered sprinkling flour on the floor to track the footsteps of the culprit who’s been raiding the family fridge. Each step leaves a visible impression of where and how the intruder navigated the kitchen, and their shoe size.
via Persistent Threat Detection on a Budget « Damballa.
To turn on logging in bind use:
# rndc querylog
This puts all DNS queries into /var/log/messages. Just grep for named and pipe that into some custom perl script or whatever to run against a blacklist.
# grep named /var/log/messages | run_my_blacklist_script.pl
The Web Won’t Be Safe or Secure until We Break It
If the user is logged in, then the image file loads successfully, which causes the executions of loggedIn. If the user is not logged in, then notLoggedIn is executed. The result is an ability to test easily and invisibly whether a visitor is logged in to a particular Web site that a Web developer does not have a relationship with. This login-detection technique, which leverages CSRF, can be applied to online banks, social networks, Web mail, and basically anything else useful to an attacker. The attacker behind http://coolwebsite/ just has to find the URLs that respond in a Boolean state with respect to login.
via The Web Won’t Be Safe or Secure until We Break It – ACM Queue.
Browser intranet hacking allows Web-site owners to access the private networks of their visitors, which are probably behind network firewalls, by using their browsers as a launch point. This attack technique is painfully simple and works equally well on enterprises and home users, exposing a whole new realm of data.
Obama Wins: How Chicago’s Data-Driven Campaign Triumphed
For all the praise Obama’s team won in 2008 for its high-tech wizardry, its success masked a huge weakness: too many databases. Back then, volunteers making phone calls through the Obama website were working off lists that differed from the lists used by callers in the campaign office. Get-out-the-vote lists were never reconciled with fundraising lists.
via Obama Wins: How Chicago’s Data-Driven Campaign Triumphed | TIME.com.
The new megafile didn’t just tell the campaign how to find voters and get their attention; it also allowed the number crunchers to run tests predicting which types of people would be persuaded by certain kinds of appeals.
Chinese smartphone vendors cut Apple out of top five in shipments for Q3
The big surprise was the rise of Yulong Computer Telecommunication Scientific which took third place. Yulong sells smartphones under the brand name Coolpad. The company is largely unknown outside China, but has seen its shipments in the country steadily increase as a result of its broad product profile and low-end handsets, which reach prices below US$100, said Nicole Peng, an analyst with Canalys.
Samsung laying groundwork for server chips, analysts say
The faster 64-bit processors will appear in servers, high-end smartphones and tablets, and offer better performance-per-watt than ARM’s current 32-bit processors, which haven’t been able to expand beyond embedded and mobile devices. The first servers with 64-bit ARM processors are expected to become available in 2014.
“Samsung is a lead partner of ARM’s new Cortex A50 processors. However, we’re not in a position to comment on our plans for how we’ll use the Cortex A50 as part of our Exynos product family,” said Lisa Warren-Plungy, a Samsung Semiconductor spokeswoman, in an e-mail.
Welcome to the Ruby Ranch Internet Cooperative Association
The Coop was founded in 2001 because at the time, no one offered DSL or cable modem Internet access in our neighborhood, and because the voice telephone service to the neighborhood is of such poor quality that it was (and is) not possible to get modem connections faster than about 26K bits per second. The Coop is a Colorado nonprofit corporation and is federally tax-exempt under 501(c)(12).
The Coop’s launch of service in 2002 was made possible only by loans from “angels,” neighborhood residents who chose to lend money to the Coop with no assurance the loans would ever be repaid. The Coop reached a milestone in the first quarter of 2004 successfully repaying (ahead of schedule, and with interest) all of the “angel” loans. The Coop is now debt-free.
via Welcome to the Ruby Ranch Internet Cooperative Association.
Me.ga Suspended, Dotcom Says “We Have Alternative Domain”
Kim Dotcom’s plan of launching a “bigger, better, faster, stronger, safer” Megaupload successor, Mega, is already in peril as Gabon’s government has suspended the domain www.me.ga.
A Slower Speed of Light | MIT Game Lab
A Slower Speed of Light is a first-person game prototype in which players navigate a 3D space while picking up orbs that reduce the speed of light in increments. Custom-built, open-source relativistic graphics code allows the speed of light in the game to approach the player’s own maximum walking speed. Visual effects of special relativity gradually become apparent to the player, increasing the challenge of gameplay. These effects, rendered in realtime to vertex accuracy, include the Doppler effect red- and blue-shifting of visible light, and the shifting of infrared and ultraviolet light into the visible spectrum; the searchlight effect increased brightness in the direction of travel; time dilation differences in the perceived passage of time from the player and the outside world; Lorentz transformation warping of space at near-light speeds; and the runtime effect the ability to see objects as they were in the past, due to the travel time of light. Players can choose to share their mastery and experience of the game through Twitter. A Slower Speed of Light combines accessible gameplay and a fantasy setting with theoretical and computational physics research to deliver an engaging and pedagogically rich experience
Why Google Went Offline Today and a Bit about How the Internet Works
Unfortunately, if a network starts to send out an announcement of a particular IP address or network behind it, when in fact it is not, if that network is trusted by its upstreams and peers then packets can end up misrouted. That is what was happening here.
I looked at the BGP Routes for a Google IP Address. The route traversed Moratel (23947), an Indonesian ISP. Given that I’m looking at the routing from California and Google is operating Data Centre’s not far from our office, packets should never be routed via Indonesia. The most likely cause was that Moratel was announcing a network that wasn’t actually behind them.
via Why Google Went Offline Today and a Bit about How the Internet Works – CloudFlare blog.
When I figured out the problem, I contacted a colleague at Moratel to let him know what was going on. He was able to fix the problem at around 2:50 UTC / 6:50pm PST. Around 3 minutes later, routing returned to normal and Google’s services came back online.