U.S.: Stop using Internet Explorer

Posted on April 28, 2014 by mea

The United States Computer Emergency Readiness Team, a part of Homeland Security known as US-CERT, said in an advisory released on Monday morning that the vulnerability in versions 6 to 11 of Internet Explorer could lead to “the complete compromise” of an affected system.

“We are currently unaware of a practical solution to this problem,” Carnegie Mellon’s Software Engineering Institute warned in a separate advisory, that US-CERT linked to in its warning.

via U.S.: Stop using Internet Explorer – chicagotribune.com.

How the FCC Plans to Save the Internet By Destroying It

Posted on April 26, 2014 by mea

Previous telecommunications systems — most notably the phone system — are regulated as “common carriers”. This means you can call whoever you like; you can use whatever phone you want; and anyone in a service area can sign up at a fair rate.

This designation recognizes that communication systems are too important to be left to the vagaries of profit-be-damned executives and that the operators are in very powerful positions to do harm and extract tolls.

via How the FCC Plans to Save the Internet By Destroying It: An Explainer — Medium.

F.C.C., in ‘Net Neutrality’ Turnaround, Plans to Allow Fast Lane

Posted on April 24, 2014 by mea

The new rules, according to the people briefed on them, will allow a company like Comcast or Verizon to negotiate separately with each content company—like Netflix, Amazon, Disney or Google—and charge different companies different amounts for priority service.

via F.C.C., in ‘Net Neutrality’ Turnaround, Plans to Allow Fast Lane.

Aereo analysis: Cloud computing at a crossroads

Posted on April 20, 2014 by mea

“Consider any file-hosting service that allows people to store their own material, such as Dropbox. What if it can be shown they are storing copyrighted work. Do they need a license?” he asked in a telephone interview.

Mitch Stoltz, an Electronic Frontier Foundation attorney, said in a telephone interview that, “If the Supreme Court rules in favor of the broadcasters, their opinion might create liability for various types of cloud computing, especially cloud storage.”

via Aereo analysis: Cloud computing at a crossroads | Ars Technica.

‘Easter Dragon’ makes delivery to International Space Station

Posted on April 20, 2014 by mea

Reuters – A cargo ship owned by Space Exploration Technologies arrived at the International Space Station on Sunday, with a delivery of supplies and science experiments for the crew and a pair of legs for the experimental humanoid robot aboard that one day may be used in a spacewalk.

via ‘Easter Dragon’ makes delivery to International Space Station | Reuters.

Dragon will be reloaded with science samples and equipment no longer needed on the station and returned to Earth in about a month.

More on Heartbleed

Posted on April 9, 2014 by mea

This is a pretty serious problem so I’ll devote more space to another collection of tidbits from various sources.

EDITED TO ADD (4/9): Has anyone looked at all the low-margin non-upgradable embedded systems that use OpenSSL? An upgrade path that involves the trash, a visit to Best Buy, and a credit card isn’t going to be fun for anyone.

via Schneier on Security: Heartbleed.

From: https://news.ycombinator.com/item?id=7548991

The fact is that no programmer is good enough to write code which is free from such vulnerabilities. Programmers are, after all, trained and skilled in following the logic of their program. But in languages without bounds checks, that logic can fall away as the computer starts reading or executing raw memory, which is no longer connected to specific variables or lines of code in your program. All non-bounds-checked languages expose multiple levels of the computer to the program, and you are kidding yourself if you think you can handle this better than the OpenSSL team.

We can’t end all bugs in software, but we can plug this seemingly endless source of bugs which has been affecting the Internet since the Morris worm. It has now cost us a two-year window in which 70% of our internet traffic was potentially exposed. It will cost us more before we manage to end it.

Ironic how the above link uses https. The Ars Technica article below has interesting screenshots.

From: Critical crypto bug exposes Yahoo Mail, other passwords Russian roulette-style

For an idea of the type of information that remains available to anyone who knows how to use open source tools like this one, just consider Yahoo Mail, the world’s most widely used Web mail service. The images below were recovered by Mark Loman, a malware and security researcher with no privileged access to Yahoo Mail servers. The plaintext passwords appearing in them have been obscured to protect the Yahoo Mail users they belong to, a courtesy not everyone exploiting this vulnerability is likely to offer. To retrieve them, Loman sent a series of requests to servers running Yahoo Mail at precisely the same time as the credentials just happened to be stored—Russian roulette-style—in Yahoo memory.

Washington University team builds out prototype to win first GlobalHack

Posted on April 4, 2014 by mea

Each team had to create an application that scores and weighs sales opportunities in Salesforce according to an algorithm, then displays the ranked opportunities in a graphical user interface.

Gabe Lozano, co-founder of the event and CEO at LockerDome, told Silicon Prairie News that the team built out all of the UI/UX, integrated it with Salesforce and created a prototype-grade algorithm within the 48-hour window. As a result, TopOPPS is going to expand upon the team’s work for the earliest versions of its software.

via Washington University team builds out prototype to win first GlobalHack – Silicon Prairie News.

Turkey Hijacking IP addresses for popular Global DNS providers

Posted on April 2, 2014 by mea

BGP hijack
Using the Turk Telekom looking glass we can see that AS9121 (Turk Telekom) has specific /32 routes for these IP addresses. Since this is the most specific route possible for an IPv4 address, this route will always be selected and the result is that traffic for this IP address is sent to this new bogus route.

via Turkey Hijacking IP addresses for popular Global DNS providers.

N.S.A. Breached Chinese Servers Seen as Security Threat

Posted on March 24, 2014 by mea

William Plummer, a senior Huawei executive in the United States, said the company had no idea it was an N.S.A. target, adding that in his personal opinion, “The irony is that exactly what they are doing to us is what they have always charged that the Chinese are doing through us.”

via N.S.A. Breached Chinese Servers Seen as Security Threat – NYTimes.com.

As Turkey bans Twitter, Tor usage skyrockets

Posted on March 24, 2014 by mea

Tor, the most popular anonymizing network on the Internet, gained over 10,000 new users this week in Turkey alone as protesters fought back against a government ban on Twitter.

via As Turkey bans Twitter, Tor usage skyrockets – Patrick Howell O’Neill | The Daily Dot.

Users can download the Tor program at TorProject.org.

Bucktown Bell

Cut to the chase.

Category Archives: Current Events