Blocking Shodan

Posted on January 25, 2016 by mea

One of the most popular services to shine light on and enumerate the darkest corners of the Internet is Shodan. It’s a portal-driven service through which subscribers can query its vast database of IP addresses, online applications and service banners that populate the Internet. Behind the scenes, Shodan’s multiple servers continually scan the Internet, enumerating and probing every device they encounter and recording the latest findings.

Source: Blocking Shodan

On one hand, you might empathize with many organizations on the receiving end of a Shodan scan. Their Internet-accessible systems are constantly probed, their services are enumerated, and every embarrassing misconfiguration or unpatched service is catalogued and could be used against them by evil hackers, researchers and journalists.

Is Blockchain the most important IT invention of our age?

Posted on January 24, 2016 by mea

Like records of land ownership. Creating and maintaining incorruptible registers of land titles is a huge – and mostly unsolved – problem for developing countries. So when the government of Honduras launched an investigation into whether a blockchain-based land registry could solve it, the non-geek world sat up and began to take notice. The unmistakable message was that this technology could be much more useful than merely securing cryptocurrencies. It might actually turn out to be one of the biggest IT inventions of our time.

Source: Is Blockchain the most important IT invention of our age? | John Naughton | Opinion | The Guardian

Docker’s Unikernel Purchase and the Changing Role of the OS

Posted on January 21, 2016 by mea

It isn’t really as if the operating system ceases to exist. More to the point, it ceases to be a separate entity from the compiled application. A unikernel, therefore, is an indivisible unit of computing logic. As a microservice, it carries the promise of unlimited scalability. And as a virtual machine, it is designed to run under the Xen Type 1 (hardware-level) hypervisor.

Source: Docker’s Unikernel Purchase and the Changing Role of the OS

Amid court battle, Yosemite park plans to change some iconic names

Posted on January 19, 2016 by mea

Bid farewell to some of Yosemite National Park’s most iconic names.In an extraordinary move, the National Park Service announced Thursday that it was changing the names of The Ahwahnee hotel, Curry Village and other beloved park sites. The move, officials say, was forced on them by an intellectual property dispute with the park’s departing concessions company.

Source: Amid court battle, Yosemite park plans to change some iconic names | The Sacramento Bee

Yahoo releases massive research dataset

Posted on January 15, 2016 by mea

The data release, part of the company’s Webscope initiative and announced on Yahoo’s Tumblr blog, is intended for researchers to use in validating recommender systems, high-scale learning algorithms, user-behaviour modelling, collaborative filtering techniques and unsupervised learning methods.

Source: Yahoo releases massive research dataset

From: Yahoo Releases the Largest-ever Machine Learning Dataset for Researchers

Today, we are proud to announce the public release of the largest-ever machine learning dataset to the research community. The dataset stands at a massive ~110B events (13.5TB uncompressed) of anonymized user-news item interaction data, collected by recording the user-news item interactions of about 20M users from February 2015 to May 2015.

Big Ball of Mud

Posted on January 14, 2016 by mea

These patterns explore the forces that encourage the emergence of a BIG BALL OF MUD, and the undeniable effectiveness of this approach to software architecture. What are the people who build them doing right? If more high-minded architectural approaches are to compete, we must understand what the forces that lead to a BIG BALL OF MUD are, and examine alternative ways to resolve them.

A number of additional patterns emerge out of the BIG BALL OF MUD. We discuss them in turn. Two principal questions underlie these patterns: Why are so many existing systems architecturally undistinguished, and what can we do to improve them?

Source: Big Ball of Mud

Verizon Routing Millions of IP Addresses for Cybercrime Gangs

Posted on January 13, 2016 by mea

Because spammers can’t easily obtain new IP addresses through legitimate means, they frequently resort to stealing IP address blocks that are dormant and aren’t being utilized by the rightful owners. There is a thriving black market in IP addresses; spammers don’t care whether the source of their IP addresses is legitimate or even legal. A cybercriminal that can steal a large IP address block (for example, a /16 or 65,536 IP addresses) can generate thousands of dollars per month.

Source: Verizon Routing Millions of IP Addresses for Cybercrime Gangs

Trend Micro flaw could have allowed attacker to steal all passwords

Posted on January 12, 2016 by mea

Overall, Ormandy wrote that he found over 70 APIs exposed to the Internet, not all of which he had investigated for security issues. He suggested Trend should hire an external consultancy to audit the code.

Source: Trend Micro flaw could have allowed attacker to steal all passwords

Wi-Fi Alliance® introduces low power, long range Wi-Fi HaLow™

Posted on January 11, 2016 by mea

Wi-Fi HaLow extends Wi-Fi into the 900 MHz band, enabling the low power connectivity necessary for applications including sensor and wearables. Wi-Fi HaLow’s range is nearly twice that of today’s Wi-Fi, and will not only be capable of transmitting signals further, but also providing a more robust connection in challenging environments where the ability to more easily penetrate walls or other barriers is an important consideration.

Source: Wi-Fi Alliance® introduces low power, long range Wi-Fi HaLow™ | Wi-Fi Alliance

Antivirus software could make your company more vulnerable

Posted on January 10, 2016 by mea

While these are mainly examples of using antivirus vulnerabilities to evade detection, there’s also a demand for remote code execution exploits affecting antivirus products and these are being sold by specialized brokers on the largely unregulated exploit market.

Among the emails leaked last year from Italian surveillance firm Hacking Team there is a document with exploits offered for sale by an outfit called Vulnerabilities Brokerage International. The document lists various privilege escalation, information disclosure and detection bypassing exploits for multiple antivirus products, and also a remote code execution exploit for ESET NOD32 Antivirus with the status “sold.”

Source: Antivirus software could make your company more vulnerable

Bucktown Bell

Cut to the chase.