Tag Archives: Other

Police Confirm ‘Extra’ Illegal Spying on Kim Dotcom

Post Syndicated from Ernesto original https://torrentfreak.com/police-confirms-extra-illegal-spying-on-kim-dotcom-170727/

Kim Dotcom has made headlines in the press again over the past week, but not for his own alleged misconduct.

Instead, there is a renewed focus on the unlawful surveillance practices of the Government Communications Security Bureau (GCSB).

During the months leading up to the raid, the GCSB carried out surveillance on Dotcom but failed to check his residency status. The outfit was not allowed to spy on its own residents and clearly crossed a line with its unlawful information gathering.

To find out what was collected, Dotcom asked the High Court for access to the surveilled information, but last week this request was denied. While this came as a disappointment, the court did reveal something else of interest.

As it turns out, the illegal spying on Dotcom didn’t stop on January 20, 2012, when Dotcom was arrested. Instead, it carried on for another two months, ending March 22, 2012.

Initially, some people thought that the High Court may have made a mistake in the timeline, but with pressure mounting, New Zealand police have now confirmed that this is not the case. The illegal spying did indeed continue for two more months.

“We’ve checked the file and can confirm that the dates you’ve highlighted were known to the Operation Grey team. They were considered as part of the investigation and decision-making about the outcome,” a police spokesman told NZ Herald.

While this is all news to the public, the police and others were well-aware of the additional spying. This raises a series of questions, which Megaupload’s founder would like to see answered.

“Does this mean that New Zealand Police knew that the GCSB affidavits were false? GCSB told the Courts under oath that the illegal spying ended two months earlier. Not in March but in January,” Dotcom says, commenting on the news.

The issue is more than a matter of oversight, Dotcom says, and he calls for a proper investigation where the people responsible will be held accountable.

“New Zealand Police investigated GCSB because of the illegal spying but nobody was ever charged with any crime. How is that possible if the Police knew that the GCSB lied to the New Zealand Courts? What else would we discover if we had a fair and open hearing instead of secret submissions in closed Court?

“The New Zealand Courts have been fooled by the GCSB and the Police. What’s next? What are the consequences?” Dotcom adds.

In recent years the Megaupload case has been a stumbling block for several politicians and the latest revelations have put Prime Minister Bill English under pressure. It’s clear that several high ranked officials would rather see Dotcom leave, but thus far the fiasco is more likely to help him stay.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Premier League Wins New Stream Blocking Injunction to Fight Piracy

Post Syndicated from Andy original https://torrentfreak.com/premier-league-wins-new-stream-blocking-injunction-to-fight-piracy-170727/

Earlier this year the Premier League obtained a rather special High Court injunction to assist in its fight against illegal football match streaming.

Similar in its aims to earlier blocking orders that targeted torrent sites including The Pirate Bay, the injunction enabled the Premier League to act quickly, forcing local ISPs such as Sky, BT, and Virgin to block football streams in real-time.

Although public results varied, the English Premier League (EPL) reports that under the injunction it was able to block 5,000 server IP addresses that were streaming its content. That appears to have encouraged the organization to apply for another injunction for the upcoming 2017-18 season.

According to a statement published on the EPL site, that has now been granted.

“This blocking order is a game-changer in our efforts to tackle the supply and use of illicit streams of our content,” said Premier League Director of Legal Services, Kevin Plumb.

“It will allow us to quickly and effectively block and disrupt the illegal broadcast of Premier League football via any means, including so called ‘pre-loaded Kodi boxes’.”

Although the details of the new injunction are yet to be published by the High Court, the EPL indicates that the injunction is very similar to the one obtained previously, which targets overseas servers streaming Premier League matches into the UK.

Upon notice from the Premier League, ISPs including Sky, BT, Virgin Media, Plusnet, EE and TalkTalk are required to block IP addresses quickly as matches are being streamed, all without any direct intervention from the court.

“The protection of our copyright, and the investment made by our broadcast partners, is hugely important to the Premier League and the future health of English football,” the Premier League said.

The injunction itself lists the Internet service providers as defendants but it’s important to note that most have a vested interest in the injunction being put in place. Sky, BT and Virgin Media all screen Premier League matches in some way so there’s no surprise that none put up a fight when confronted by the football organization.

Indeed, several of the ISPs appeared to have assisted the EPL in some pretty intimate ways, even going as far as sharing a certain level of customer traffic data with the organization.

It will be interesting to see what effect the new blocking efforts will have on stream availability when the new season begins. Saturday afternoons, when matches take place around the country but are prohibited from being screened due to the blackout, should be the main focal point. As previously suggested, the EPL will probably enjoy more success than last season with experience under their belts.

Finally, tabloids in the UK have been giving the injunction their usual dramatic coverage but a special mention must go out to The Sun. In an article titled “Closing the Net“, the paper said that under the injunction, “BRITS who illegally stream Premier League football matches could have their internet connection shut off.”

The way things are worded it suggests that people who watch streams could be disconnected by their ISP. That is not the case.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Slowloris all the things

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/07/slowloris-all-things.html

At DEFCON, some researchers are going to announce a Slowloris-type exploit for SMB — SMBloris. I thought I’d write up some comments.

The original Slowloris from several years creates a ton of connections to a web server, but only sends partial headers. The server allocates a large amount of memory to handle the requests, expecting to free that memory soon when the requests are completed. But the requests are never completed, so the memory remains tied up indefinitely. Moreover, this also consumes a lot of CPU resources — every time Slowloris dribbles a few more bytes on the TCP connection is forces the CPU to walk through a lot of data structures to handle those bytes.

The thing about Slowloris is that it’s not specific to HTTP. It’s a principle that affects pretty much every service that listens on the Internet. For example, on Linux servers running NFS, you can exploit the RPC fragmentation feature in order to force the server to allocate all the memory in a box waiting for fragments that never arrive.

SMBloris does the same thing for SMB. It’s an easy attack to carry out in general, the only question is how much resources are required on the attacker’s side. That’s probably what this talk is about, causing the maximum consequences on the server with minimal resources on the attacker’s machine, thus allowing a Raspberry Pi to tie up all the resources on even the largest enterprise server.

According to the ThreatPost article, the attack was created looking at the NSA ETERNALBLUE exploit. That exploit works by causing the server to allocate memory chunks from fragmented requests. How to build a Slowloris exploit from this is then straightforward — just continue executing the first part of the ETERNALBLUE exploit, with larger chunks. I say “straightforward”, but of course, the researchers have probably discovered some additional clever tricks.

Samba, the SMB rewrite for non-Windows systems, probably falls victim to related problems. Maybe not this particular attack that affects Windows, but almost certainly something else. If not SMB, then the DCE-RPC service on top of it.

Microsoft has said they aren’t going to fix the SMBloris bug, and for good reason: it might be unfixable. Sure, there’s probably some kludge that fixes this specific script, but would still leave the system vulnerable to slight variations. The same reasoning applies to other services — Slowloris is an inherent problem in all Internet services and is not something easily addressed without re-writing the service from the ground up to specifically deal with the problem.

The best answer to Slowloris is the “langsec” discipline, which counsels us to separate “parsing” input from “processing” it. Most services combine the two, partially processing partial input. This should be changed to fully validate input consuming the least resources possible, before processing it. In other words, services should have a light-weight front-end that consumes the least resources possible, waiting for the request to complete, before it then forwards the request to the rest of the system.

Google Challenges Canada’s Global Blocking Injunction in the US

Post Syndicated from Andy original https://torrentfreak.com/google-challenges-canadas-global-blocking-injunction-in-the-us-170726/

Despite being what courts have described as an “innocent bystander”, Google has found itself at the heart of a potentially damaging intellectual property case. Running since 2014, Equustek Solutions Inc. v. Jack saw Canadian entities battle over stolen intellectual property.

Equustek Solutions claimed that Google’s search results helped to send visitors to Datalink websites operated by the defendants (former Equustek employees) who were selling unlawful products. Google voluntarily removed links to the sites from its Google.ca (Canada) results but Equustek wanted more, and soon got it.

A court in British Columbia, the Court of Appeal, and then the Supreme Court of Canada all agreed that Google should remove links to the sites on a global basis, by definition beyond Canada’s borders.

When court rulings encroach on potentially opposing legal systems overseas, difficulties are bound to arise. Google raised concerns that the decision would conflict with U.S. law, but the Supreme Court described the issues as “theoretical” and left it up to the U.S. to solve the problem.

In response, Google filed for an injunction at the US District Court for Northern California this week, arguing that the Canadian decision violates important U.S. legislation.

“Google now turns to this Court, asking it to declare that the rights established by the First Amendment and the Communications Decency Act are not merely theoretical,” Google wrote.

“The Canadian order is repugnant to those rights, and the order violates principles of international comity, particularly since the Canadian plaintiffs never established any violation of their rights under U.S. law.

“Pursuant to well-established United States law, Google seeks a declaratory judgment that the Canadian court’s order cannot be enforced in the United States and an order enjoining that enforcement.”

According to Google, Internet search results are fully protected speech under the First Amendment, and because the Canadian decision is directed to a specific speaker (Google) and is content-specific, it must come under scrutiny.

Google insists that the websites to be censored are already a matter of public record and Equustek has not shown that it has no alternative remedies to hand other than to censor Google’s results outside of Canada.

“Equustek has not sought similar delisting injunctions against the world’s other search engines, such as Bing or Yahoo,” Google writes, noting that action hasn’t been taken against regular websites carrying links either.

Google also suggests that Equustek could have taken action against Datalink’s registrars and webhosts, which have the ability to delete the actual sites in question. With the websites gone the search de-indexing battle would be moot, but for reasons unknown, Equustek has chosen a different battle.

Describing the Canadian order as one of “convenience,” Google criticizes the effort to deal with a Canadian legal problem on a global basis, adding that “no one country should purport to control the global internet.”

In closing, Google asks the court to declare the Canadian Order unenforceable in the United States on the basis it violates the the First Amendment, the Communications Decency Act, and public policy surrounding enforceability of foreign judgments.

“The Canadian Order purports to place the Canadian court in the position of
supervising the law enforcement activities of a foreign sovereign nation (the United States) against the United States’ own citizens on American soil. Because the Canadian courts ignored principles of international comity, corrective action by this Court is required,” Google concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

New AWS Training: Building a Serverless Data Lake

Post Syndicated from Sara Snedeker original https://aws.amazon.com/blogs/big-data/new-aws-training-building-a-serverless-data-lake/

AWS Training allows you to learn from the experts so that you can advance your knowledge with practical skills and get more out of the AWS Cloud. We are adding one of our most popular event boot camps, Building a Serverless Data Lake, to our permanent instructor-led training portfolio.

This one-day course is designed to teach you how to design, build, and operate a serverless data lake solution with AWS services. We cover topics such as ingesting data from any data source at large scale, storing the data securely and durably, enabling the capability to use the right tool to process large volumes of data, and understanding the options available for analyzing the data in near-real time.

This course is intended for solution architects, big data developers, data architects and analysts, and other hands-on data analysis practitioners.

You can explore our complete course catalog, or search for a public class near you. You can also request a private onsite training for your team by contacting AWS Training.

 

Surge of Threatening Piracy Letters Concerns Finnish Authorities

Post Syndicated from Ernesto original https://torrentfreak.com/massive-surge-in-threatening-piracy-letters-concerns-finnish-authorities-170726/

finlandStarting three years ago, copyright holders began sending out thousands of settlement letters to alleged pirates in Finland, a practice often described as copyright trolling.

In a country with a population of just over five million, copyright holders have cast their net wide. According to local reports, Internet providers handed over details of one hundred thousand customers last year alone.

This practice has not been without controversy. As the settlement letters were sent out, recipients – including some pensioners – started to complain. Many of the accused denied downloading any pirated material but felt threatened by the letters.

Thus far, complaints have been filed with the Market Court, the Finnish Communications Regulatory Authority, the Consumer Authority, and the Ministry of Education and Culture.

In May, the Ministry of Education set up a working group to create a set of ‘best practices’ for copyright enforcement. The working group includes, among others, Internet providers, and outfits that are involved in sending the influx of settlement letters.

Anna Vuopala, a Government’s counselor at the Ministry of Education and Culture, told Kauppaleht that rightsholders should act within the boundaries of the law.

“We strive to create good practices [for copyright enforcement] and eliminate practices that are contrary to law,” says Vuopala, who’s leading the working group.

If the parties involved can’t reach an agreement on how to proceed, the Government considers changing existing copyright law to defuse the situation. What these changes could be is unclear at this point.

Earlier this year the Finnish market court already dealt a blow to local copyright trolls. In a unanimous ruling, seven judges ruled that the privacy of alleged BitTorrent pirates outweighs the evidence provided by the rightsholders.

While it was clear that copyright infringement was taking place, the rightsholders failed to show that it was significant enough to hand over the requested personal details.

Although this decision supports the rights of those who are falsely accused, the Government believes that a set of good practices is still needed to prevent future excesses and controversy.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

[$] IncludeOS: a unikernel for C++ applications

Post Syndicated from jake original https://lwn.net/Articles/728682/rss

Is it truly an efficient use of cloud computing resources to run
traditional operating systems inside virtual machines? In many cases, it
isn’t. An interesting alternative is to bundle a program into a unikernel,
which is a single-tasking library operating system made specifically for
running a
single application in the cloud.
A unikernel packs everything needed to run an application into
a tiny bundle and, in theory, this approach would save disk space,
memory, and processor time compared to running a full traditional operating
system.
IncludeOS is such a unikernel; it was
created
to support C++ applications. Like other unikernels, it is designed for
resource-efficiency on shared infrastructure, and is primarily meant to run on
a hypervisor.

New – GPU-Powered Streaming Instances for Amazon AppStream 2.0

Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/new-gpu-powered-streaming-instances-for-amazon-appstream-2-0/

We launched Amazon AppStream 2.0 at re:Invent 2016. This application streaming service allows you to deliver Windows applications to a desktop browser.

AppStream 2.0 is fully managed and provides consistent, scalable performance by running applications on general purpose, compute optimized, and memory optimized streaming instances, with delivery via NICE DCV – a secure, high-fidelity streaming protocol. Our enterprise and public sector customers have started using AppStream 2.0 in place of legacy application streaming environments that are installed on-premises. They use AppStream 2.0 to deliver both commercial and line of business applications to a desktop browser. Our ISV customers are using AppStream 2.0 to move their applications to the cloud as-is, with no changes to their code. These customers focus on demos, workshops, and commercial SaaS subscriptions.

We are getting great feedback on AppStream 2.0 and have been adding new features very quickly (even by AWS standards). So far this year we have added an image builder, federated access via SAML 2.0, CloudWatch monitoring, Fleet Auto Scaling, Simple Network Setup, persistent storage for user files (backed by Amazon S3), support for VPC security groups, and built-in user management including web portals for users.

New GPU-Powered Streaming Instances
Many of our customers have told us that they want to use AppStream 2.0 to deliver specialized design, engineering, HPC, and media applications to their users. These applications are generally graphically intensive and are designed to run on expensive, high-end PCs in conjunction with a GPU (Graphics Processing Unit). Due to the hardware requirements of these applications, cost considerations have traditionally kept them out of situations where part-time or occasional access would otherwise make sense. Recently, another requirement has come to the forefront. These applications almost always need shared, read-write access to large amounts of sensitive data that is best stored, processed, and secured in the cloud. In order to meet the needs of these users and applications, we are launching two new types of streaming instances today:

Graphics Desktop – Based on the G2 instance type, Graphics Desktop instances are designed for desktop applications that use the CUDA, DirectX, or OpenGL for rendering. These instances are equipped with 15 GiB of memory and 8 vCPUs. You can select this instance family when you build an AppStream image or configure an AppStream fleet:

Graphics Pro – Based on the brand-new G3 instance type, Graphics Pro instances are designed for high-end, high-performance applications that can use the NVIDIA APIs and/or need access to large amounts of memory. These instances are available in three sizes, with 122 to 488 GiB of memory and 16 to 64 vCPUs. Again, you can select this instance family when you configure an AppStream fleet:

To learn more about how to launch, run, and scale a streaming application environment, read Scaling Your Desktop Application Streams with Amazon AppStream 2.0.

As I noted earlier, you can use either of these two instance types to build an AppStream image. This will allow you to test and fine tune your applications and to see the instances in action.

Streaming Instances in Action
We’ve been working with several customers during a private beta program for the new instance types. Here are a few stories (and some cool screen shots) to show you some of the applications that they are streaming via AppStream 2.0:

AVEVA is a world leading provider of engineering design and information management software solutions for the marine, power, plant, offshore and oil & gas industries. As part of their work on massive capital projects, their customers need to bring many groups of specialist engineers together to collaborate on the creation of digital assets. In order to support this requirement, AVEVA is building SaaS solutions that combine the streamed delivery of engineering applications with access to a scalable project data environment that is shared between engineers across the globe. The new instances will allow AVEVA to deliver their engineering design software in SaaS form while maximizing quality and performance. Here’s a screen shot of their Everything 3D app being streamed from AppStream:

Nissan, a Japanese multinational automobile manufacturer, trains its automotive specialists using 3D simulation software running on expensive graphics workstations. The training software, developed by The DiSti Corporation, allows its specialists to simulate maintenance processes by interacting with realistic 3D models of the vehicles they work on. AppStream 2.0’s new graphics capability now allows Nissan to deliver these training tools in real time, with up to date content, to a desktop browser running on low-cost commodity PCs. Their specialists can now interact with highly realistic renderings of a vehicle that allows them to train for and plan maintenance operations with higher efficiency.

Cornell University is an American private Ivy League and land-grant doctoral university located in Ithaca, New York. They deliver advanced 3D tools such as AutoDesk AutoCAD and Inventor to students and faculty to support their course work, teaching, and research. Until now, these tools could only be used on GPU-powered workstations in a lab or classroom. AppStream 2.0 allows them to deliver the applications to a web browser running on any desktop, where they run as if they were on a local workstation. Their users are no longer limited by available workstations in labs and classrooms, and can bring their own devices and have access to their course software. This increased flexibility also means that faculty members no longer need to take lab availability into account when they build course schedules. Here’s a copy of Autodesk Inventor Professional running on AppStream at Cornell:

Now Available
Both of the graphics streaming instance families are available in the US East (Northern Virginia), US West (Oregon), EU (Ireland), and Asia Pacific (Tokyo) Regions and you can start streaming from them today. Your applications must run in a Windows 2012 R2 environment, and can make use of DirectX, OpenGL, CUDA, OpenCL, and Vulkan.

With prices in the US East (Northern Virginia) Region starting at $0.50 per hour for Graphics Desktop instances and $2.05 per hour for Graphics Pro instances, you can now run your simulation, visualization, and HPC workloads in the AWS Cloud on an economical, pay-by-the-hour basis. You can also take advantage of fast, low-latency access to Amazon Elastic Compute Cloud (EC2), Amazon Simple Storage Service (S3), AWS Lambda, Amazon Redshift, and other AWS services to build processing workflows that handle pre- and post-processing of your data.

Jeff;

 

Use CloudFormation StackSets to Provision Resources Across Multiple AWS Accounts and Regions

Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/use-cloudformation-stacksets-to-provision-resources-across-multiple-aws-accounts-and-regions/

AWS CloudFormation helps AWS customers implement an Infrastructure as Code model. Instead of setting up their environments and applications by hand, they build a template and use it to create all of the necessary resources, collectively known as a CloudFormation stack. This model removes opportunities for manual error, increases efficiency, and ensures consistent configurations over time.

Today I would like to tell you about a new feature that makes CloudFormation even more useful. This feature is designed to help you to address the challenges that you face when you use Infrastructure as Code in situations that include multiple AWS accounts and/or AWS Regions. As a quick review:

Accounts – As I have told you in the past, many organizations use a multitude of AWS accounts, often using AWS Organizations to arrange the accounts into a hierarchy and to group them into Organizational Units, or OUs (read AWS Organizations – Policy-Based Management for Multiple AWS Accounts to learn more). Our customers use multiple accounts for business units, applications, and developers. They often create separate accounts for development, testing, staging, and production on a per-application basis.

Regions – Customers also make great use of the large (and ever-growing) set of AWS Regions. They build global applications that span two or more regions, implement sophisticated multi-region disaster recovery models, replicate S3, Aurora, PostgreSQL, and MySQL data in real time, and choose locations for storage and processing of sensitive data in accord with national and regional regulations.

This expansion into multiple accounts and regions comes with some new challenges with respect to governance and consistency. Our customers tell us that they want to make sure that each new account is set up in accord with their internal standards. Among other things, they want to set up IAM users and roles, VPCs and VPC subnets, security groups, Config Rules, logging, and AWS Lambda functions in a consistent and reliable way.

Introducing StackSet
In order to address these important customer needs, we are launching CloudFormation StackSet today. You can now define an AWS resource configuration in a CloudFormation template and then roll it out across multiple AWS accounts and/or Regions with a couple of clicks. You can use this to set up a baseline level of AWS functionality that addresses the cross-account and cross-region scenarios that I listed above. Once you have set this up, you can easily expand coverage to additional accounts and regions.

This feature always works on a cross-account basis. The master account owns one or more StackSets and controls deployment to one or more target accounts. The master account must include an assumable IAM role and the target accounts must delegate trust to this role. To learn how to do this, read Prerequisites in the StackSet Documentation.

Each StackSet references a CloudFormation template and contains lists of accounts and regions. All operations apply to the cross-product of the accounts and regions in the StackSet. If the StackSet references three accounts (A1, A2, and A3) and four regions (R1, R2, R3, and R4), there are twelve targets:

  • Region R1: Accounts A1, A2, and A3.
  • Region R2: Accounts A1, A2, and A3.
  • Region R3: Accounts A1, A2, and A3.
  • Region R4: Accounts A1, A2, and A3.

Deploying a template initiates creation of a CloudFormation stack in an account/region pair. Templates are deployed sequentially to regions (you control the order) to multiple accounts within the region (you control the amount of parallelism). You can also set an error threshold that will terminate deployments if stack creation fails.

You can use your existing CloudFormation templates (taking care to make sure that they are ready to work across accounts and regions), create new ones, or use one of our sample templates. We are launching with support for the AWS partition (all public regions except those in China), and expect to expand it to to the others before too long.

Using StackSets
You can create and deploy StackSets from the CloudFormation Console, via the CloudFormation APIs, or from the command line.

Using the Console, I start by clicking on Create StackSet. I can use my own template or one of the samples. I’ll use the last sample (Add config rule encrypted volumes):

I click on View template to learn more about the template and the rule:

I give my StackSet a name. The template that I selected accepts an optional parameter, and I can enter it at this time:

Next, I choose the accounts and regions. I can enter account numbers directly, reference an AWS organizational unit, or upload a list of account numbers:

I can set up the regions and control the deployment order:

I can also set the deployment options. Once I am done I click on Next to proceed:

I can add tags to my StackSet. They will be applied to the AWS resources created during the deployment:

The deployment begins, and I can track the status from the Console:

I can open up the Stacks section to see each stack. Initially, the status of each stack is OUTDATED, indicating that the template has yet to be deployed to the stack; this will change to CURRENT after a successful deployment. If a stack cannot be deleted, the status will change to INOPERABLE.

After my initial deployment, I can click on Manage StackSet to add additional accounts, regions, or both, to create additional stacks:

Now Available
This new feature is available now and you can start using it today at no extra charge (you pay only for the AWS resources created on your behalf).

Jeff;

PS – If you create some useful templates and would like to share them with other AWS users, please send a pull request to our AWS Labs GitHub repo.

Top Ten Ways to Protect Yourself Against Phishing Attacks

Post Syndicated from Roderick Bauer original https://www.backblaze.com/blog/top-ten-ways-protect-phishing-attacks/

It’s hard to miss the increasing frequency of phishing attacks in the news. Earlier this year, a major phishing attack targeted Google Docs users, and attempted to compromise at least one million Google Docs accounts. Experts say the “phish” was convincing and sophisticated, and even people who thought they would never be fooled by a phishing attack were caught in its net.

What is phishing?

Phishing attacks use seemingly trustworthy but malicious emails and websites to obtain your personal account or banking information. The attacks are cunning and highly effective because they often appear to come from an organization or business you actually use. The scam comes into play by tricking you into visiting a website you believe belongs to the trustworthy organization, but in fact is under the control of the phisher attempting to extract your private information.

Phishing attacks are once again in the news due to a handful of high profile ransomware incidents. Ransomware invades a user’s computer, encrypts their data files, and demands payment to decrypt the files. Ransomware most often makes its way onto a user’s computer through a phishing exploit, which gives the ransomware access to the user’s computer.

The best strategy against phishing is to scrutinize every email and message you receive and never to get caught. Easier said than done—even smart people sometimes fall victim to a phishing attack. To minimize the damage in an event of a phishing attack, backing up your data is the best ultimate defense and should be part of your anti-phishing and overall anti-malware strategy.

How do you recognize a phishing attack?

A phishing attacker may send an email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem with your account. When users respond with the requested information, attackers can use it to gain access to the accounts.

The image below is a mockup of how a phishing attempt might appear. In this example, courtesy of Wikipedia, the bank is fictional, but in a real attempt the sender would use an actual bank, perhaps even the bank where the targeted victim does business. The sender is attempting to trick the recipient into revealing confidential information by getting the victim to visit the phisher’s website. Note the misspelling of the words “received” and “discrepancy” as recieved and discrepency. Misspellings sometimes are indications of a phishing attack. Also note that although the URL of the bank’s webpage appears to be legitimate, the hyperlink would actually take you to the phisher’s webpage, which would be altogether different from the URL displayed in the message.

By Andrew Levine – en:Image:PhishingTrustedBank.png, Public Domain, https://commons.wikimedia.org/w/index.php?curid=549747

Top ten ways to protect yourself against phishing attacks

  1. Always think twice when presented with a link in any kind of email or message before you click on it. Ask yourself whether the sender would ask you to do what it is requesting. Most banks and reputable service providers won’t ask you to reveal your account information or password via email. If in doubt, don’t use the link in the message and instead open a new webpage and go directly to the known website of the organization. Sign in to the site in the normal manner to verify that the request is legitimate.
  2. A good precaution is to always hover over a link before clicking on it and observe the status line in your browser to verify that the link in the text and the destination link are in fact the same.
  3. Phishers are clever, and they’re getting better all the time, and you might be fooled by a simple ruse to make you think the link is one you recognize. Links can have hard-to-detect misspellings that would result in visiting a site very different than what you expected.
  4. Be wary even of emails and message from people you know. It’s very easy to spoof an email so it appears to come from someone you know, or to create a URL that appears to be legitimate, but isn’t.

For example, let’s say that you work for roughmedia.com and you get an email from Chuck in accounting ([email protected]) that has an attachment for you, perhaps a company form you need to fill out. You likely wouldn’t notice in the sender address that the phisher has replaced the “m” in media with an “r” and an “n” that look very much like an “m.” You think it’s good old Chuck in finance and it’s actually someone “phishing” for you to open the attachment and infect your computer. This type of attack is known as “spear phishing” because it’s targeted at a specific individual and is using social engineering—specifically familiarity with the sender—as part of the scheme to fool you into trusting the attachment. This technique is by far the most successful on the internet today. (This example is based on Gimlet Media’s Reply All Podcast Episode, “What Kind of Idiot Gets Phished?“)

  1. Use anti-malware software, but don’t rely on it to catch all attacks. Phishers change their approach often to keep ahead of the software attack detectors.
  2. If you are asked to enter any valuable information, only do so if you’re on a secure connection. Look for the “https” prefix before the site URL, indicating the site is employing SSL (Secure Socket Layer). If there is no “s” after “http,” it’s best not to enter any confidential information.
By Fabio Lanari – Internet1.jpg by Rock1997 modified., GFDL, https://commons.wikimedia.org/w/index.php?curid=20995390
  1. Avoid logging in to online banks and similar services via public Wi-Fi networks. Criminals can compromise open networks with man-in-the-middle attacks that capture your information or spoof website addresses over the connection and redirect you to a fake page they control.
  2. Email, instant messaging, and gaming social channels are all possible vehicles to deliver phishing attacks, so be vigilant!
  3. Lay the foundation for a good defense by choosing reputable tech vendors and service providers that respect your privacy and take steps to protect your data. At Backblaze, we have full-time security teams constantly looking for ways to improve our security.
  4. When it is available, always take advantage of multi-factor verification to protect your accounts. The standard categories used for authentication are 1) something you know (e.g. your username and password), 2) something you are (e.g. your fingerprint or retina pattern), and 3) something you have (e.g. an authenticator app on your smartphone). An account that allows only a single factor for authentication is more susceptible to hacking than one that supports multiple factors. Backblaze supports multi-factor authentication to protect customer accounts.

Be a good internet citizen, and help reduce phishing and other malware attacks by notifying the organization being impersonated in the phishing attempt, or by forwarding suspicious messages to the Federal Trade Commission at [email protected]. Some email clients and services, such as Microsoft Outlook and Google Gmail, give you the ability to easily report suspicious emails. Phishing emails misrepresenting Apple can be reported to [email protected].

Backing up your data is an important part of a strong defense against phishing and other malware

The best way to avoid becoming a victim is to be vigilant against suspicious messages and emails, but also to assume that no matter what you do, it is very possible that your system will be compromised. Even the most sophisticated and tech-savvy of us can be ensnared if we are tired, in a rush, or just unfamiliar with the latest methods hackers are using. Remember that hackers are working full-time on ways to fool us, so it’s very difficult to keep ahead of them.

The best defense is to make sure that any data that could compromised by hackers—basically all of the data that is reachable via your computer—is not your only copy. You do that by maintaining an active and reliable backup strategy.

Files that are backed up to cloud storage, such as with Backblaze, are not vulnerable to attacks on your local computer in the way that local files, attached drives, network drives, or sync services like Dropbox that have local directories on your computer are.

In the event that your computer is compromised and your files are lost or encrypted, you can recover your files if you have a cloud backup that is beyond the reach of attacks on your computer.

The post Top Ten Ways to Protect Yourself Against Phishing Attacks appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Alternatives to Government-Mandated Encryption Backdoors

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/07/alternatives_to_1.html

Policy essay: “Encryption Substitutes,” by Andrew Keane Woods:

In this short essay, I make a few simple assumptions that bear mentioning at the outset. First, I assume that governments have good and legitimate reasons for getting access to personal data. These include things like controlling crime, fighting terrorism, and regulating territorial borders. Second, I assume that people have a right to expect privacy in their personal data. Therefore, policymakers should seek to satisfy both law enforcement and privacy concerns without unduly burdening one or the other. Of course, much of the debate over government access to data is about how to respect both of these assumptions. Different actors will make different trade-offs. My aim in this short essay is merely to show that regardless of where one draws this line — whether one is more concerned with ensuring privacy of personal information or ensuring that the government has access to crucial evidence — it would be shortsighted and counterproductive to draw that line with regard to one particular privacy technique and without regard to possible substitutes. The first part of the paper briefly characterizes the encryption debate two ways: first, as it is typically discussed, in stark, uncompromising terms; and second, as a subset of a broader problem. The second part summarizes several avenues available to law enforcement and intelligence agencies seeking access to data. The third part outlines the alternative avenues available to privacy-seekers. The availability of substitutes is relevant to the regulators but also to the regulated. If the encryption debate is one tool in a game of cat and mouse, the cat has other tools at his disposal to catch the mouse — and the mouse has other tools to evade the cat. The fourth part offers some initial thoughts on implications for the privacy debate.

Blog post.

Facebook Buys Startup to Expand its Anti-Piracy Repertoire

Post Syndicated from Ernesto original https://torrentfreak.com/facebook-buys-startup-expand-anti-piracy-repertoire-170725/

facebayIn common with other sites dealing with user-generated content, Facebook has to battle a constant stream of unauthorized copyright material.

When it comes to targeting infringement, Facebook has rolled out a few anti-piracy initiatives in recent years. The company has a “Rights Manager” tool that detects infringing material automatically and allows owners to take down or monetize this content.

The social media network is not done yet, though. Anti-piracy strategies need constant refinement and with a new acquisition, Facebook has expanded its expertise in this area.

Facebook has taken over the startup Source3, which specializes in IP recognition, IP licensing and rights administration services. The company is a known player in the copyright industry and its founders previously sold another startup, RightsFlow, to Google.

“Today, we wanted to let everyone know that we’ve decided to continue our journey with Facebook,” Source3 announced in a statement on its website.

“We’re excited to bring our IP, trademark and copyright expertise to the team at Facebook and serve their global community of two billion people, who consume content, music, videos and other IP every day.”

Commenting on the deal, a Facebook spokesperson informed Recode that they are excited to learn from Source3’s copyright expertise. No further details were released on the terms of the deal, and it’s unclear how much was paid.

Neither company has shared any concrete plans for the future, but it’s likely that the acquisition will be used to expand existing anti-piracy initiatives.

Among other things, the startup heavily focused on automated licensing tools. This could mean that Facebook might want to offer its users the option to license content from rightsholders and minimize copyright infringement in a positive way.

“Source3 can monitor and manage third-party IP and proactively establish licensing relationships with brands,” the company boasted on its website, before the acquisition.

“We also provide a range of scalable licensing tools, supported by a team of licensing veterans, to manage the licensing process from negotiation to real-time approvals to royalty reporting,” it added.

Time will tell how exactly Facebook will expand its anti-piracy efforts, but it’s clear that it remains a high priority for the social network.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Weekly roundup: Never enough

Post Syndicated from Eevee original https://eev.ee/dev/2017/07/24/weekly-roundup-never-enough/

Chugging along.

  • fox flux: Touched up another critter, some more terrain, messing with a background, blah blah.

  • veekun: Pokémon importing is so close. I’ve hunted down how incense affects breeding (which was sort of pointless since there aren’t any new incense), found shapes, dealt with evolution, and filled in a few other little things. It even runs to completion now! But I can’t fully import Pokémon until I import items — oops! — so I’m working on that now.

  • art: Drew some ridiculous nonsense.

  • blog: Been working on a post about datamining, since that’s a thing I’ve been working on lately.

  • cc: I think I basically spent two days squabbling with Unity Collab and the asset store.

[$] Faster reference-count overflow protection

Post Syndicated from corbet original https://lwn.net/Articles/728675/rss

Improving the security of a system often involves tradeoffs, with the costs
measured in terms of convenience and performance, among others. To their
frustration, security-oriented developers often discover that the tolerance
for these costs is quite low. Defenses against reference-count overflows
have run into that sort of barrier, slowing their adoption considerably.
Now, though, it would appear that a solution has been found to the
performance cost imposed by reference-count hardening, clearing the way
toward its adoption throughout the kernel.

Cloudflare Wants to Eliminate ‘Moot’ Pirate Site Blocking Threat

Post Syndicated from Ernesto original https://torrentfreak.com/cloudflare-asks-court-to-vacate-moot-pirate-site-blocking-order-170724/

Representing various major record labels, the RIAA filed a lawsuit against MP3Skull in 2015.

With millions of visitors per month the MP3 download site had been one of the prime sources of pirated music for a long time.

Last year a Florida federal court sided with the RIAA, awarding the labels more than $22 million in damages. In addition, it issued a permanent injunction which allowed the RIAA to take over the site’s domain names.

Despite the multi-million dollar verdict, MP3Skull continued to operate using a variety of new domain names, which were subsequently targeted by the RIAA’s legal team. As the site refused to shut down, the RIAA eventually moved up the chain targeting CDN provider Cloudflare with the permanent injunction.

The RIAA argued that Cloudflare was operating “in active concert or participation” with the pirates. Cloudflare objected and argued that the DMCA shielded the company from the broad blocking requirements. However, the court ruled that the DMCA doesn’t apply in this case, opening the door to widespread anti-piracy filtering.

The court stressed that, before issuing an injunction against Cloudflare, it still had to be determined whether the CDN provider is “in active concert or participation” with the pirate site. However, this has yet to happen. Since MP3Skull has ceased its operations the RIAA has shown little interest in pursuing the matter any further.

Cloudflare now wants the dangerous anti-piracy filtering order to be thrown out. The company submitted a motion to vacate the order late last week, arguing that the issue is moot. In fact, it has been for a while for some of the contended domain names.

The CDN provider says it researched the domain names listed in the injunction and found that only three of the twenty domains used Cloudflare’s services at the time the RIAA asked the court to clarify its order. Some had never used CloudFlare’s services at all, they say.

“Indeed, six domains – including five of the so-called ‘Active MP3Skull Domains’ in the amended injunction – had never used Cloudflare services at all. And the remaining eleven had stopped using Cloudflare before Plaintiffs brought their motion, in some cases long before Plaintiffs filed suit,” Cloudflare writes.

“Every domain Plaintiffs identified had stopped using Cloudflare by December 2016, without any independent or affirmative action by Cloudflare. Yet Plaintiffs made no effort to inform the Court of the mootness of their ’emergency’ motion in the three months before the Court issued its Order.”

Cloudflare’s research

Making the matter even worse, several of the domain names listed in the injunction were owned by the record labels, when the RIAA tried to have Cloudflare block them.

“Moreover, Cloudflare’s investigation revealed that that Plaintiff Sony Music Entertainment itself owned seven of the twenty domains months as of the time Plaintiffs brought their motion, and Sony acquired one more domain shortly after.”

The latter is due to the seizure order, which was also granted by the court. However, according to Cloudflare, the RIAA failed to inform the court about these and several other changes.

“Plaintiffs did not inform the Court of the mootness of their motion against Cloudflare,” the company writes.

Since the RIAA was not entirely upfront, and the issue is no longer relevant, Cloudflare is now asking the court to vacate the order. This will push the looming piracy blocking obligations aside, which could otherwise come back to haunt the company in the future.

The RIAA has yet to reply to CloudFlare’s request, but they would likely want to keep the order in place. There’s always a tiny chance that MP3Skull might arise from the ashes, and they would want to be prepared should that be the case.

Cloudflare’s full motion is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Introducing Our Content Director: Roderick

Post Syndicated from Yev original https://www.backblaze.com/blog/introducing-content-director-roderick/

As Backblaze continues to grow, and as we go down the path of sharing our stories, we found ourselves in need of someone that could wrangle our content calendar, write blog posts, and come up with interesting ideas that we could share with our readers and fans. We put out the call, and found Roderick! As you’ll read below he has an incredibly interesting history, and we’re thrilled to have his perspective join our marketing team! Lets learn a bit more about Roderick, shall we?

What is your Backblaze Title?
Content Director

Where are you originally from?
I was born in Southern California, but have lived a lot of different places, including Alaska, Washington, Oregon, Texas, New Mexico, Austria, and Italy.

What attracted you to Backblaze?
I met Gleb a number of years ago at the Failcon Conference in San Francisco. I spoke with him and was impressed with him and his description of the company. We connected on LinkedIn after the conference and I ultimately saw his post for this position about a month ago.

What do you expect to learn while being at Backblaze?
I hope to learn about Backblaze’s customers and dive deep into the latest in cloud storage and other technologies. I also hope to get to know my fellow employees.

Where else have you worked?
I’ve worked for Microsoft, Adobe, Autodesk, and a few startups. I’ve also consulted to Apple, HP, Stanford, the White House, and startups in the U.S. and abroad. I mentored at incubators in Silicon Valley, including IndieBio and Founders Space. I used to own vineyards and a food education and event center in the Napa Valley with my former wife, and worked in a number of restaurants, hotels, and wineries. Recently, I taught part-time at the Culinary Institute of America at Greystone in the Napa Valley. I’ve been a partner in a restaurant and currently am a partner in a mozzarella di bufala company in Marin county where we have about 50 water buffalo that are amazing animals. They are named after famous rock and roll vocalists. Our most active studs now are Sting and Van Morrison. I think singing “a fantabulous night to make romance ‘neath the cover of October skies” works for Van.

Where did you go to school?
I studied at Reed College, U.C. Berkeley, U.C. Davis, and the Università per Stranieri di Perugia in Italy. I put myself through college so was in and out of school a number of times to make money. Some of the jobs I held to earn money for college were cook, waiter, dishwasher, bartender, courier, teacher, bookstore clerk, head of hotel maintenance, bookkeeper, lifeguard, journalist, and commercial salmon fisherman in Alaska.

What’s your dream job?
I think my dream would be having a job that would continually allow me to learn new things and meet new challenges. I love to learn, travel, and be surprised by things I don’t know.

I love animals and sometimes think I should have become a veterinarian.

Favorite place you’ve traveled?
I lived and studied in Italy, and would have to say the Umbria region of Italy is perhaps my favorite place. I also worked in my father’s home country of Austria, which is incredibly beautiful.

Favorite hobby?
I love foreign languages, and have studied Italian, French, German, and a few others. I am a big fan of literature and theatre and read widely and have attended theatre productions all over the world. That was my motivation to learn other languages—so I could enjoy literature and theatre in the languages they were written in. I started scuba diving when I was very young because I wanted to be Jacques-Yves Cousteau and explore the oceans. I also sail, motorcycle, ski, bicycle, hike, play music, and hope to finish my pilot’s license someday.

Coke or Pepsi?
Red Burgundy

Favorite food?
Both my parents are chefs, so I was exposed to a lot of great food growing up. I would have to give more than one answer to that question: fresh baked bread and bouillabaisse. Oh, and white truffles.

Not sure we’ll be able to stock our cupboards with Red Burgundy, but we’ll see what our office admin can do! Welcome to the team!

The post Introducing Our Content Director: Roderick appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

IoT Sleepbuddy, the robotic babysitter

Post Syndicated from Janina Ander original https://www.raspberrypi.org/blog/sleepbuddy-robotic-babysitter/

You’re watching the new episode of Game of Thrones, and suddenly you hear your children, up and about after their bedtime! Now you’ll probably miss a crucial moment of the show because you have to put them to bed again. Or you’re out to dinner with friends and longing for the sight of your sleeping small humans. What do you do? Text the babysitter to check on them? Well, luckily for you these issues could soon be things of the past, thanks to Bert Vuylsteke and his Pi-powered Sleepbuddy. This IoT-controlled social robot could fulfil all your remote babysitting needs!

IoT Sleepbuddy – babyphone – Design concept

This is the actual concept of my robot and in what context it can be used.

A social robot?

A social robot fulfils a role normally played by a person, and interacts with humans via human language, gestures, and facial expressions. This is what Bert says about the role of the Sleepbuddy:

[For children, it] is a friend or safeguard from nightmares, but it is so much more for the babysitters or parents. The babysitters or parents connect their smartphone/tablet/PC to the Sleepbuddy. This will give them access to control all his emotions, gestures, microphone, speaker and camera. In the eye is a hidden camera to see the kids sleeping. The speaker and microphone allow communication with the kids through WiFi.

The roots of the Sleepbuddy

As a student at Ghent University, Bert had to build a social robot using OPSORO, the university’s open-source robotics platform. The developers of this platform create social robots for research purposes. They are also making all software, as well as hardware design plans, available on GitHub. In addition, you will soon be able to purchase their robot kits via a Kickstarter. OPSORO robots are designed around the Raspberry Pi, and controlled via a web interface. The interface allows you to customise your robot’s behaviour, using visual or text-based programming languages.

Sleepbuddy Bert Vuylsteke components

The Sleepbuddy’s components

Building the Sleepbuddy

Bert has provided a detailed Instructable describing the process of putting the Sleepbuddy together, complete with video walk-throughs. However, the making techniques he has used include thermoforming, laser cutting, and 3D printing. If you want to recreate this build, you may need to contact your local makerspace to find out whether they have the necessary equipment.

Sleepbuddy Bert Vuylsteke assembly

Assembling the Sleepbuddy

Finally, Bert added an especially cute touch to this project by covering the Sleepbuddy in blackboard paint. Therefore, kids can draw on the robot to really make it their own!

So many robots!

At Pi Towers we are partial to all kinds of robots, be they ones that test medical devices, play chess or Connect 4, or fight other robots. If they twerk, or are cute, tiny, or shoddy, we maybe even like them a tiny bit more.

Do you share our love of robots? Would you like to make your own? Then check out our resource for building a simple robot buggy. Maybe it will kick-start your career as the general of a robot army. A robot army that does good, of course! Let us know your benevolent robot overlord plans in the comments.

The post IoT Sleepbuddy, the robotic babysitter appeared first on Raspberry Pi.

BulkyIPTV Operator Was Arrested For Fraud, Money Laundering

Post Syndicated from Andy original https://torrentfreak.com/bulkyiptv-operator-was-arrested-for-fraud-money-laundering-170724/

For many years, video-focused Internet piracy was all about obtaining pre-recorded content such as movies and TV shows. Now, however, the rise of streaming is enabling a massive uptake of live ‘pirate’ programming.

At the forefront of this movement are web streaming portals, dedicated Kodi add-ons, and premium IPTV services. The latter, which can rival official services, tend to offer a better quality service but with a price tag attached. This has resulted in a whole new market for people seeking to generate revenue from piracy.

One of those outfits was UK-based BulkyIPTV, but as first reported here on TF, last week the entire operation was shut down after police arrested its operator.

“Hi all. Today I was arrested. Everything has been shut down,” its operator confirmed Wednesday.

“They took everything – phone, laptop, PC and cash, as well as other stuff to gather evidence against me. I’m sorry it has come to this but i’m looking at a stretch inside.”

Soon after the news was made public, many people on Facebook speculated that the arrest never happened and that BulkyIPTV’s operator had conjured up a story in order to “do a runner” with his customers’ subscription money.

However, a source close to the situation insisted that an arrest had been made in the Derby area of the UK in connection with live TV piracy, a fact we reported in our article.

For a few days things went silent, but in a joint statement with the Federation Against Copyright Theft, Derbyshire Police have now confirmed that they executed a warrant at a Derby property last week.

“The warrant took place on Tuesday (18th July) as part of ongoing work to stop the use of the illegal set top boxes, which are tampered with to enable them to offer a range of premium subscription services such as Sky TV and BT Sport without paying for them,” the police statement reads.

While the police don’t specifically mention BulkyIPTV in their press release, everything points to the operator of the service being the person who was targeted last week.

BulkyGifts.co.uk, a site connected to BulkyIPTV that sold a product which enabled people to access cable and satellite programming cheaply, was initially registered to the address that police targeted on Tuesday in Grenfell Avenue, Sunny Hill. The name of the person who registered the domain is also a perfect match with Electoral Roll records and social media profiles across numerous sites.

Police confirmed that a 29-year-old man was arrested on suspicion of fraud, money laundering, and copyright offenses. Electronic equipment was seized along with a “large amount” of cash.

In a statement, Kieron Sharp, CEO of the Federation Against Copyright Theft, reminded sellers and buyers of these services that their actions are illegal.

“This collaboration between Derbyshire police and FACT is another step forward in disrupting the sale of illegal streaming devices,” Sharp said.

“People may think there is nothing wrong with having one of these devices and streaming premium pay-for channels for free, such as live sports. However, this is illegal and you would be breaking the law.”

As highlighted in our opinion piece last week, some service providers appear to be playing fast and loose with their security. If that trend continues, expect FACT and the police to keep taking these services down.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Top 10 Most Pirated Movies of The Week on BitTorrent – 07/24/17

Post Syndicated from Ernesto original https://torrentfreak.com/top-10-pirated-movies-week-bittorrent-072417/

This week we have two newcomers in our chart.

The Mummy is the most downloaded movie for the second week in a row.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the weekly movie download chart.

This week’s most downloaded movies are:
Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrents
1 (1) The Mummy 2017 (Subbed HDRip) 5.8 / trailer
2 (2) Ghost In the Shell 6.8 / trailer
3 (…) Going In Style 6.8 / trailer
4 (3) The Boss Baby 6.5 / trailer
5 (…) Spider-Man: Homecoming (HDTS) 8.0 / trailer
6 (5) Despicable Me 3 (HDTS) 6.7 / trailer
7 (6) Wonder Woman (Subbed HDrip) 8.2 / trailer
8 (…) S.W.A.T.: Under Siege ?.? / trailer
9 (4) Alien Covenant (Subbed HDrip) 6.7 / trailer
10 (7) Kong: Skull Island 6.9 / trailer

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.