Bureau didn’t say how the site running the plugin was hacked. Many legitimate websites used in malware attacks are commandeered after administrator credentials are compromised. He said the malicious Apache plugin is separate from a Linux rootkit discovered last month that also injects malicious content into otherwise legitimate webpages.
via Apache plugin turns legit sites into bank-attack platforms | Ars Technica.
Xboxes, iPads, connected TVs: Netflix streams to a lot of different devices. More than 900, to be precise. And many of them have different screen sizes, bitrate requirements and codec support. That’s why Netflix is doing a whole lot of encoding: Each and every movie is encoded in 120 different versions, according to a behind-the-scenes video recently published by the company.
via To stream everywhere, Netflix encodes each movie 120 times — Online Video News.
The download feature, which lets Comcast adopt an iTunes-ish model without the incremental pay-per-view component (for now), is a nice add-on because it lets users watch shows and movies on planes and in other venues that usually don’t have a solid enough broadband connection for streaming.
via Light Reading Cable – The Bauminator – Who’s Behind Comcast’s Video Downloader?.
As the culmination of ten years’ work, the Samba Team has created the first compatible Free Software implementation of Microsoft’s Active Directory protocols. Familiar to all network administrators, the Active Directory protocols are the heart of modern directory service implementations.
via Samba – opening windows to a wider world.
Suitable for low-power and embedded applications, yet scaling to large clusters, Samba 4.0 is efficient and flexible. Its Python programming interface and administration toolkit help in enterprise deployments.
In a test, the researcher’s system was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM NTLM (NT Lan Manager), for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference.
via Update: New 25 GPU Monster Devours Passwords In Seconds | The Security Ledger.
The first MySQL vulnerability, a stack-based buffer overflow, would allow an authenticated database user a chance to cause the MySQL daemon to crash, and then execute code with the same privileges as the user running MySQL. A heap-based overflow vulnerability, separate from the previous flaw, could be used to do the same thing – again the damage could be caused by an authenticated database user.
via Security Researcher Discloses New Batch of MySQL Vulnerabilities | SecurityWeek.Com.
Netflix has released Hystrix, a library designed for managing interactions between distributed systems, complete with “fallback” options for when those systems inevitably fail.
The code for Hystrix—which Netflix tested on its own systems—can be downloaded at Github, with documentation available here, in addition a getting-started guide and operations examples, among others.
via Netflix Gives Data Center Tools to Fail.
Netflix will also release the real-time dashboard it uses for monitoring Hystrix. That dashboard relies on a traffic-light system to display service dependencies for the last ten seconds, with colors measuring latency and the size of the circles showing traffic.
The interface for Orca was a mobile Web application connected to a set of mirrored databases of voter rolls. When a user logged in, the app would load a page with a scrollable list of all the registered voters in the precinct they were assigned to. By swiping a checkbox next to a voter’s name, they could record them as having voted; the entry was then transmitted back to Orca’s application server. A back-up call response system—similar in nature to the Houdini system used by the Obama campaign in 2008 (a system which also ran into trouble)—provided a way for volunteers to report possible voting irregularities into the system even if their data connectivity failed. Using information gathered through the campaign’s digital outreach and pulled from the campaign’s voter contact vendor, FLS Connect, the system was supposed to give volunteers in Boston a complete view of Romney supporters in swing states who hadn’t yet voted. It would then prompt phone calls asking supporters to vote.
via Which consultants built Romney’s “Project Orca?” None of them | Ars Technica.
With a few quick steps, you can turn your old comment system into a new way to engage your visitors.
From small blogs to massive websites, Disqus is the easiest way to build active communities. It’s free to use and works with virtually any type of website.
The faster 64-bit processors will appear in servers, high-end smartphones and tablets, and offer better performance-per-watt than ARM’s current 32-bit processors, which haven’t been able to expand beyond embedded and mobile devices. The first servers with 64-bit ARM processors are expected to become available in 2014.
“Samsung is a lead partner of ARM’s new Cortex A50 processors. However, we’re not in a position to comment on our plans for how we’ll use the Cortex A50 as part of our Exynos product family,” said Lisa Warren-Plungy, a Samsung Semiconductor spokeswoman, in an e-mail.