www.wired.com/2016/01/hacking-team-leak-helps-kaspersky-researchers-find-zero-day-exploit/ By Kim Zetter Security Wired.com 01/13/16 ZERO-DAY EXPLOITS ARE a hacker’s best friend. They attack vulnerabilities in software that are unknown to the software maker and are therefore unpatched. Criminal hackers and intelligence agencies use zero day exploits to open a stealth door into your system, and because antivirus companies also don’t know about them, the exploits can remain undetected for years before they’re discovered. Until now, they’ve usually been uncovered only by chance. But researchers at Kaspersky Lab have, for the first time, discovered a valuable zero-day exploit after intentionally going on the hunt for it. And they did so by using only the faintest of clues to find it. The malware they found is a remote-code execution exploit that attacks a vulnerability in Microsoft’s widely used Silverlight software—a browser plug-in Netflix and other providers use to deliver streaming content to users. It’s also used in SCADA and other industrial control systems that are installed in critical infrastructure and industrial facilities. The vulnerability, which Microsoft called “critical” in a patch released to customers on Tuesday, would allow an attacker to infect your system after getting you to visit a malicious website where the exploit resides—usually through a phishing email that tricks you into clicking on a malicious link. The attack works with all of the top browsers except Chrome—but only because Google removed support for the Silverlight plug-in in its Chrome browser in 2014. […]
http://www.networkworld.com/article/2866950/cloud-computing/which-cloud-providers-had-the-best-uptime-last-year.html By Brandon Butler Network World Jan 12, 2015 Amazon Web Services and Google Cloud Platform recorded impressive statistics for how reliable their public IaaS clouds were in 2014, with both providers approaching what some consider the Holy Grail of availability: five nines. Flash back just to 2012 and pundits bemoaned the cloud being plagued with outages – from one that brought down Reddit and many other sites to the Christmas eve fiasco that impacted Netflix. It was a different story last year. Website tracking firm CloudHarmony monitors how often more than four dozen cloud providers experience downtime. The company has a web server running in each of these vendors’ clouds and tracks when the service is unavailable, logging both the number and length of outages. The science is not perfect but it gives a good idea of how providers are doing. And overall, vendors are doing well and getting better. Amazon and Google shone in particular. Amazon’s Elastic Compute Cloud (EC2) recorded 2.41 hours of downtime across 20 outages in 2014, meaning it was up and running 99.9974% of the time. Given AWS’s scale – Gartner predicted last year that Amazon had a distributed system that’s five times larger than its competitors – those are impressive figures. […]
http://arstechnica.com/security/2014/03/new-attack-on-https-crypto-might-know-if-youre-pregnant-or-have-cancer/ By Dan Goodin Ars Technica March 6 2014 As the most widely used technology to prevent eavesdropping on the Internet, HTTPS encryption has seen its share of attacks, most of which work by exploiting weaknesses that allow snoops to decode cryptographically scrambled traffic. Now there’s a novel technique that can pluck out details as personal as someone’s sexual orientation or a contemplation of suicide, even when the protection remains intact. A recently published academic paper titled “I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis” shows how even strongly encrypted Web traffic can reveal highly personal information to employers, Internet service providers, state-sponsored spies, or anyone else with the capability to monitor a connection between a site and the person visiting it. As a result, it’s possible for them to know with a high degree of certainty what video someone accessed on Netflix or YouTube, the specific tax form or legal advice someone sought from an online lawyer service, and whether someone visiting the Mayo Clinic website is viewing pages related to pregnancy, headaches, cancer, or suicide. The attack works by carefully analyzing encrypted traffic and taking note of subtle differences in data size and other characteristics of the encrypted contents. In much the way someone holding a wrapped birthday present can tell if it contains a book, a Blu-ray disk, or a box of candy, an attacker can know with a high degree of certainty the specific URL of the HTTPS-protected website. The transport layer security and secure sockets layer protocols underpinning the Web encryption specifically encrypt the URL, so until now, many people presumed an attacker could only deduce the IP address of a site someone was visiting rather than specific pages belonging to that site. […]
http://techcrunch.com/2014/01/30/clinkle-gets-hacked-before-it-even-launches/ By Jordan Crook @jordanrcrook TechCrunch January 30, 2014 Clinkle is the hottest app around to have done mostly nothing. The stealth payments service, which has raised $30 million from big-name investors, has yet to publicly launch. But that doesn’t mean it can’t be hacked. Today, a guest user posted a list of 33 usernames, user IDs, profile photos, and phone numbers to PasteBin. Based on the data provided, it seems as though these users are Clinkle employees who are testing the app. Founder Lucas Duplan is on the list (yep, that’s his Clinkle profile pic, shown above), as well as former Netflix CFO and Clinkle COO Barry McCarthy. Former PayPal exec Mike Liberatore, now Clinkle CFO, is also listed. The data was seemingly accessed through a private API that Clinkle has in place. Referred to by the hacker as “typeahead”, the API appears to be the basis of an autocomplete tool, allowing uses to type a single letter (like ‘A’) and find all usernames starting with that letter (like ‘Adam’ and ‘Andrew’). [Note: Twitter has a similar tool with the same name
A little off my normal topic here but this shows how things are changing with regard to television and digital content delivery. This last month I finally rid myself of $180 or so a month by canceling my Comcast service and going digital over the internet. Since many people are trying to save money during the economic recovery I thought you folks might like to know how I did it.
Step 1 – Purchase a Roku Video Player
Buy a HD capable Roku Device with the wireless option. The first time I heard about the Roku, I thought it was pronounced “Rock You” but apparently I was just thinking of a song. The pronunciation is more like “Row Coo”. Anyhow, I really like the Roku device. It comes with a simple and easy to use remote control and it has lots of digital content available. Content carriers such as Netflix, MBA, Amazon Video, and many other optional channels. I discovered that the Roku unit even has some un-disclosed channels that you can add when your in their website. The channel list is located here.
Step 2 – Get a Netflix subscription
Next, for only 9.99 a month, Netflix is a great option to get the latest content and movies directly to your Roku. All the Netflix instant movies and shows can be delivered right down to the Roku device. We use this extensively as it provides the HD content that we like to watch and at only $9.99 a month it’s CHEAP in comparison to full digital cable TV. The only thing I do miss is the live content such as CNN, MSNBC and Fox, but there’s always their websites and I’m sure they’ll jump onto the digital delivery as this technology picks up even more steam. The cool thing about Netflix is that you can build lists of things you want to watch on their website and it shows up immediately available to watch on your Roku or other Netflix enabled devices. We put our Roku unit in our living room since that TV is already HD capable and we like to entertain our guests with the quality it provides.
Step 3 – Playon.tv content service
Once we started using the Roku, I started itching for more content so I did some research and found a service called Playon.tv which provides content and they have an available channel on the Roku device. I bought their lifetime subscription for only $79 bucks, a pretty good deal in my opinion. The Playon.tv service is also expandable using their integrated Plugins and content scripts. The Roku device also supports the Hulu service which I promptly added to the Roku. The playon.tv service does require you to use your computer to be able to obtain the content on your TV devices, so you’ll need to account for the monthly electricity cost (usually around $20 a month) but since my computer was already on 24/7 I didn’t see anything different on my electric bill.
Step 4 – Bring it into the bedroom
Well, at this point I was really happy with my television service in my living room, but we lacked much in the way of TV in the bedroom. We had a Wii Game console that I hardly used in the last year and we received a CD from Netflix that added a channel to the Wii to get Netflix content. Apparently the Netflix channel is now available from the Nintendo Wii Store which we later converted to freeing up our CD slot on the Wii and improving the Netflix Wii Channel interface with search and browsing capabilities. I also found out that using the Playon.Tv service was possible on the Wii game console using the Wii internet channel which was cool since then I could watch Hulu on the Wii.
Optional Step 5 – What about local channels?
Now I know I said I got rid of comcast my cable provider, but since the cable is still present in my home, I did a little research and apparently many local cable providers add the local channels which they provide for free and not scrambled requiring the cable boxes. So I hooked up both of my TV’s to the cable and used the auto-progamming feature to have the TV scan for channels and whalla, 12 local channels added to my TV giving us all the local news that we missed after we went totally digital over the Internet.
Optional Step 6 – Local HD Channels
For the larger metro areas, there are quite a few HD channels available for free over the airwaves. You could easily pick up a digital HD receiver and hook up an HD antenna to get even more channels for free. I’ve yet to do this step but intend to soon. The HD receiver I’m looking to possibly purchase is the Samsung brand.
Cost of Hardware/Services:
$99 – Roku HD Video Player
$160 – Nintendo Wii Game Console
$40 – Miscellaneous cables
$79 (now $54.99) – Lifetime Playon.tv subscription
Total Cost of my Implementation: $378
Monthly Recurring Costs:
$9.99 – Netflix Service