The new rules, according to the people briefed on them, will allow a company like Comcast or Verizon to negotiate separately with each content company—like Netflix, Amazon, Disney or Google—and charge different companies different amounts for priority service.
via F.C.C., in ‘Net Neutrality’ Turnaround, Plans to Allow Fast Lane.
“Consider any file-hosting service that allows people to store their own material, such as Dropbox. What if it can be shown they are storing copyrighted work. Do they need a license?” he asked in a telephone interview.
Mitch Stoltz, an Electronic Frontier Foundation attorney, said in a telephone interview that, “If the Supreme Court rules in favor of the broadcasters, their opinion might create liability for various types of cloud computing, especially cloud storage.”
via Aereo analysis: Cloud computing at a crossroads | Ars Technica.
Reuters – A cargo ship owned by Space Exploration Technologies arrived at the International Space Station on Sunday, with a delivery of supplies and science experiments for the crew and a pair of legs for the experimental humanoid robot aboard that one day may be used in a spacewalk.
via ‘Easter Dragon’ makes delivery to International Space Station | Reuters.
Dragon will be reloaded with science samples and equipment no longer needed on the station and returned to Earth in about a month.
This is a pretty serious problem so I’ll devote more space to another collection of tidbits from various sources.
EDITED TO ADD (4/9): Has anyone looked at all the low-margin non-upgradable embedded systems that use OpenSSL? An upgrade path that involves the trash, a visit to Best Buy, and a credit card isn’t going to be fun for anyone.
via Schneier on Security: Heartbleed.
From: https://news.ycombinator.com/item?id=7548991
The fact is that no programmer is good enough to write code which is free from such vulnerabilities. Programmers are, after all, trained and skilled in following the logic of their program. But in languages without bounds checks, that logic can fall away as the computer starts reading or executing raw memory, which is no longer connected to specific variables or lines of code in your program. All non-bounds-checked languages expose multiple levels of the computer to the program, and you are kidding yourself if you think you can handle this better than the OpenSSL team.
We can’t end all bugs in software, but we can plug this seemingly endless source of bugs which has been affecting the Internet since the Morris worm. It has now cost us a two-year window in which 70% of our internet traffic was potentially exposed. It will cost us more before we manage to end it.
Ironic how the above link uses https. The Ars Technica article below has interesting screenshots.
From: Critical crypto bug exposes Yahoo Mail, other passwords Russian roulette-style
For an idea of the type of information that remains available to anyone who knows how to use open source tools like this one, just consider Yahoo Mail, the world’s most widely used Web mail service. The images below were recovered by Mark Loman, a malware and security researcher with no privileged access to Yahoo Mail servers. The plaintext passwords appearing in them have been obscured to protect the Yahoo Mail users they belong to, a courtesy not everyone exploiting this vulnerability is likely to offer. To retrieve them, Loman sent a series of requests to servers running Yahoo Mail at precisely the same time as the credentials just happened to be stored—Russian roulette-style—in Yahoo memory.
Each team had to create an application that scores and weighs sales opportunities in Salesforce according to an algorithm, then displays the ranked opportunities in a graphical user interface.
Gabe Lozano, co-founder of the event and CEO at LockerDome, told Silicon Prairie News that the team built out all of the UI/UX, integrated it with Salesforce and created a prototype-grade algorithm within the 48-hour window. As a result, TopOPPS is going to expand upon the team’s work for the earliest versions of its software.
via Washington University team builds out prototype to win first GlobalHack – Silicon Prairie News.
BGP hijack
Using the Turk Telekom looking glass we can see that AS9121 (Turk Telekom) has specific /32 routes for these IP addresses. Since this is the most specific route possible for an IPv4 address, this route will always be selected and the result is that traffic for this IP address is sent to this new bogus route.
via Turkey Hijacking IP addresses for popular Global DNS providers.
William Plummer, a senior Huawei executive in the United States, said the company had no idea it was an N.S.A. target, adding that in his personal opinion, “The irony is that exactly what they are doing to us is what they have always charged that the Chinese are doing through us.”
via N.S.A. Breached Chinese Servers Seen as Security Threat – NYTimes.com.
Tor, the most popular anonymizing network on the Internet, gained over 10,000 new users this week in Turkey alone as protesters fought back against a government ban on Twitter.
via As Turkey bans Twitter, Tor usage skyrockets – Patrick Howell O’Neill | The Daily Dot.
Users can download the Tor program at TorProject.org.
Rather than go through the bureaucratic fight to move the attack logic into “system low” (and co-located on the wiretap), the NSA sought to work around it in the case of QUANTUMHAND. Instead of targeting just any web connection for exploitation, it targeted persistent “push” connections from Facebook, where a user’s browser would leave an idle connection open, waiting for a command from the server.
This way, even the slow, broken, classified architecture could exploit Facebook users. Sadly for NSA and GCHQ (and FSB, and DGSE, and every other spy agency), Facebook turned on encryption a few months ago, which should thwart this attack.
via A Close Look at the NSA’s Most Powerful Internet Attack Tool | Wired Opinion | Wired.com.
The biggest limitation on QUANTUM is location: The attacker must be able to see a request which identifies the target. Since the same techniques can work on a Wi-Fi network, a $50 Raspberry Pi, located in a Foggy Bottom Starbucks, can provide any country, big and small, with a little window of QUANTUM exploitation. A foreign government can perform the QUANTUM attack NSA-style wherever your traffic passes through their country.
The secretive technology is generically known as a stingray or IMSI catcher, but the Harris device is also specifically called the Stingray. When mobile phones — and other wireless communication devices like air cards — connect to the stingray, it can see and record their unique ID numbers and traffic data, as well as information that points to the device’s location. By moving the stingray around, authorities can triangulate the device’s location with much more precision than they can get through data obtained from a mobile network provider’s fixed tower location.
The government has long asserted that it doesn’t need to obtain a probable-cause warrant to use the devices because they don’t collect the content of phone calls and text messages but rather operate like pen-registers and trap-and-traces, collecting the equivalent of header information.
via Florida Cops’ Secret Weapon: Warrantless Cellphone Tracking | Threat Level | Wired.com.