Skip to main content

Home/ Indie Nation/ Group items tagged web

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
John Lemke

Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks - 0 views

thehackernews.com/...ash-Vulnerability-exploit.html

2014.09.29-TNN indienationnews vulnerability bash hackers security vunerability

shared by John Lemke on 27 Sep 14 - No Cached
  • Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well.
  • the vulnerability is already being used maliciously by the hackers.
  • There is as of yet no official patch that completely addresses both vulnerabilities, including the second, which allows an attacker to overwrite files on the targeted system.
  • ...3 more annotations...
  • It's things like CGI scripts that are vulnerable, deep within a website (like CPanel's /cgi-sys/defaultwebpage.cgi)," Graham wrote in a blog post. "Getting just the root page is the thing least likely to be vulnerable. Spidering the site and testing well-known CGI scripts (like the CPanel one) would give a lot more results—at least 10x." In addition, Graham said, "this thing is clearly wormable and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable—once the worm gets behind a firewall and runs a hostile DHCP server, that would be 'game over' for large networks."
  • 32 ORACLE PRODUCTS VULNERABLE
  • PATCH ISSUED, BUT INCOMPLETE
  • John Lemke on 27 Sep 14
     
    "Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well."
John Lemke

Guitar maker sues Web-based t-shirt vendor for shirts reading "born to rock" | Ars Tech... - 0 views

arstechnica.com/...or-shirts-reading-born-to-rock

2012 law legal litigation copywrong trademark guitar born to rock intelectualProperty indienationnews

shared by John Lemke on 24 Sep 12 - No Cached
  • A guitar design firm called Born to Rock has won an initial victory over the user-generated T-shirt-printing website CafePress in a legal battle over whether CafePress users will be allowed to use the company's name as part of their T-shirt designs. While the guitar firm initially registered the phrase only for use selling guitars, it has taken the position that any use of the phrase "born to rock" by a CafePress user infringes its trademarks.
John Lemke

FBI pushes for surveillance backdoors in Web 2.0 tools - 0 views

arstechnica.com/...-backdoors-in-web-20-tools.ars

fbi surveillance cyberattack 2011 writeabout writeatlockergnome privacy spying monitoring

shared by John Lemke on 01 Mar 11 - No Cached
  • John Lemke on 01 Mar 11
     
    The FBI pushed Thursday for more built-in backdoors for online communication, but beat a hasty retreat from its earlier proposal to require providers of encrypted communications services to include a backdoor for law enforcement wiretaps. LUMPY HAS NOTES BELOW ties in with securirty and cyber attack.. use it as excuse
John Lemke

FCC to buy out TV broadcasters to free up mobile spectrum | Ars Technica - 0 views

arstechnica.com/...ers-to-free-up-mobile-spectrum

indienationnews 2012 fcc broadband spectrum mobile bandwidth cellphone mobile mobile-web

shared by John Lemke on 30 Sep 12 - No Cached
    • John Lemke
      John Lemke on 30 Sep 12
       
      I had my first issue at step one, "asks broadcasters to tell the FCC how much it wold take for the agency to buy them out".  They claim that this is a way to keep cost down by hopefully grabbing the least popular via low bids.   I see two issues immediately.  Number one by asking them what they want they are going to immediately INCREASE the bids.  Two, if you are asking me what I want for my business to change how it broadcasts why would I not include any expense to make the switch. By asking them what they think a fair bid would be, they are, more or less, giving them a blank check.
  • the commission will put the newly-freed blocks of spectrum up for auction. If, as expected, the spectrum is more valuable when used for mobile services than broadcast television, then the FCC should reap significantly more from these traditional auctions than it had to pay for the spectrum in the original reverse auctions, producing a tidy profit for taxpayers.
    • John Lemke
      John Lemke on 30 Sep 12
       
      The objective at an auction is to purchase the object at the lowest possible cost.  How much mobile providers are willing to pay will determine how high bids will climb.  Based on how our current mobile providers already provide poor service when compared to the rest of the world, how much is that bandwidth actually worth to these companies that, more or less, have a lobbied stranglehold on the consumer?
  • ...6 more annotations...
  • Bergmayer also praised an FCC proposal to update its "spectrum screen," a set of rules that prevent any single provider from gaining too large a share of the spectrum available in a particular market. The current scheme, he said, "treats all spectrum alike, even though some spectrum bands are better-suited to mobile broadband than others." As a result, he argued, it has become ineffective at preventing Verizon and AT&T from gaining enough spectrum to threaten competition. He urged the FCC to revise the rules to ensure the new auctions don't further entrench the dominance of the largest incumbents.
    • John Lemke
      John Lemke on 30 Sep 12
       
      It is the stuff like this that worries me, on one hand they want a high bid, and on the other it is going to be regulated.
  • Over the last decade, it has become increasingly obvious that America's spectrum resources are mis-allocated. The proliferation of cell phones, and more recently smartphones and tablets, has given mobile providers a voracious appetite for new spectrum. But a big chunk of the available spectrum is currently occupied by broadcast television stations. With more and more households subscribed to cable, satellite, and Internet video services, traditional broadcast television is looking like an increasingly outmoded use of the scarce and valuable airwaves.
  • incumbent broadcasters have controlled their channels for so long that they've come to be regarded as de facto property rights. And needless to say, the politically powerful broadcasters have fiercely resisted any efforts to force them to relinquish their spectrum.
  • incentive auctions
  • The plan has three phases. In the first phase, the FCC will conduct a reverse auction in which it asks broadcasters to tell the FCC how much it would take for the agency to buy them out. Presumably, the least popular (and, therefore, least profitable) channels will submit the lowest bids. By accepting these low bids, the FCC can free up the maximum possible spectrum at the minimum cost
John Lemke

Java-based malware driving DDoS botnet infects Windows, Mac, Linux devices | Ars Technica - 0 views

arstechnica.com/...ects-windows-mac-linux-devices

2014 malware ddos windows mac linux technology tech security botnet

shared by John Lemke on 29 Jan 14 - No Cached
  • takes hold of computers by exploiting CVE-2013-2465, a critical Java vulnerability that Oracle patched in June. The security bug is present on Java 7 u21 and earlier. Once the bot has infected a computer, it copies itself to the autostart directory of its respective platform to ensure it runs whenever the machine is turned on. Compromised computers then report to an Internet relay chat channel that acts as a command and control server.
  • The botnet is designed to conduct distributed denial-of-service attacks on targets of the attackers' choice. Commands issued in the IRC channel allow the attackers to specify the IP address, port number, intensity, and duration of attacks.
John Lemke

F-Secure: Android accounted for 97% of all mobile malware in 2013, but only 0.1% of tho... - 0 views

thenextweb.com/...e-malware-2013-0-1-google-play

2014 indienationnews mobile malware google android

shared by John Lemke on 05 Mar 14 - No Cached
  • Android threats are primarily a non-US problem
  • F-Secure believes it would be incorrect to say that “Google hasn’t been actively making efforts to increase the security of the Android platform.”
  • At the very bottom of the list was Google Play itself, with the lowest percentage of malware in the gathered samples: 0.1 percent. F-Secure also noted that “the Play Store is most likely to promptly remove nefarious applications, so malware encountered there tends to have a short shelf life.”
John Lemke

Uroburos Rootkit: Most sophisticated 3-year-old Russian Cyber Espionage Campaign - The ... - 0 views

thehackernews.com/...tkit-most-sophisticated-3.html

rootkit russian espionage 2014 indienationnews hacker technology tech security malware

shared by John Lemke on 05 Mar 14 - No Cached
  • The researchers claimed that the malware may have been active for as long as three years before being discovered and appears to have been created by Russian developers.
  • The two main components of Uroburos are - a driver and an encrypted virtual file system, used to disguise its nasty activities and to try to avoid detection. Its driver part is extremely complex and is designed to be very discrete and very difficult to identify.
  • The virtual file system can’t be decrypted without the presence of drivers, according to the Gdata’s analysis explained in the PDF.
  • ...2 more annotations...
  • we assume that the group behind Uroburos is the same group that performed a cyberattack against the United States of America in 2008 with a malware called Agent.BTZ
  • The attacks carried out with Uroburos are targeting government institutions, research institutions, intelligence agencies, nation states, research institutions or companies dealing with sensitive information as well as similar high-profile targets. The oldest drivers identified by the researchers was compiled in 2011 is the evidence that the malware was created around three years ago and was undetected.
John Lemke

Iron Maiden makes millions of dollars by playing live for pirates | The Verge - 0 views

www.theverge.com/...ds-to-piracy-by-planning-tours

2013 indienationnews writeabout wroteatindienation pirates IN-Pub

shared by John Lemke on 26 Dec 13 - No Cached
  • John Lemke on 26 Dec 13
     
    The only thing the article got wrong is that they are not "pirates"... they are fans.
John Lemke

Petition Launched To Get The White House To Open Source Healthcare.gov Code | Techdirt - 0 views

www.techdirt.com/...ource-healthcaregov-code.shtml

2013 indienationnews code gov healthcare source politics yourrights waste

shared by John Lemke on 22 Oct 13 - No Cached
  • Of course, there are a few issues with this. First of all, while things created by government employees is automatically public domain, works created by contractors is not. So while conceptually we can argue that the code should be open sourced, it's not required by law. Second, and more importantly, it's a lot harder to take proprietary code and then release it as open source, than it is to build code from the ground up to be open source (and it's even more difficult to make sure that code is actually useful for anything). Indeed, if the code had been open sourced from the beginning, perhaps they wouldn't make embarrassing mistakes like violating other open source licenses.
  • By this point, open sourcing the code isn't going to fix things, but if more attention is put on the issue of closed vs. open code in government projects, hopefully it means that government officials will recognize that it should be open source from the beginning for the next big government web project.
  • After the disastrous technological launch of the healthcare.gov website, built by political cronies rather than companies who understand the internet, there has been plenty of discussion as to why the code wasn't open sourced. At that link, there's a good discussion from On the Media, with Paul Ford, discussing what a big mistake it was that the government decided not to open source the code and be much more transparent about the process. It discusses the usual attacks on open source and why they almost certainly don't apply to this situation.
John Lemke

Shellshock: Code injection vulnerability found in Bash | LIVE HACKING - 0 views

www.livehacking.com/...on-vulnerability-found-in-bash

2014.09.29-TNN code bash hacking indienationnews 2014 technology tech security

shared by John Lemke on 26 Sep 14 - No Cached
  • A code injection vulnerability in the Bourne again shell (Bash) has been disclosed on the internet. If exploited then arbitrary commands can be executed, and where Bash is used in relation to a network service, for example in CGI scripts on a web server, then the vulnerability will allow remote code execution.
  • The problem is that Bash does not stop after processing the function definition; it continues to parse and execute any shell commands following the function definition
  • The vulnerability is deemed as critical because Bash is used widely on many types of UNIX-like operating systems including Linux, BSD, and Mac OS X.
  • ...1 more annotation...
  • The most prominent attack vector is via HTTP requests sent to CGI scripts executed by Bash. Also, if SSH has been configured to allow remote users to run a set of restricted commands, like rsync or git, this bug means that an attacker can use SSH to execute any command and not just the restricted command.
John Lemke

Comcast Declares War on Tor? - Deep Dot Web - 0 views

www.deepdotweb.com/...comcast-declares-war-tor

2014 indienationnews law legal tech Comcast ISP TOR

shared by John Lemke on 14 Sep 14 - No Cached
  • Comcast agents have contacted customers using Tor and instructed them to stop using the browser or risk termination of service. A Comcast agent named Jeremy allegedly called Tor an “illegal service.” The Comcast agent told its customer that such activity is against usage policies.
  • Users who try to use anonymity, or cover themselves up on the internet, are usually doing things that aren’t so-to-speak legal. We have the right to terminate,   fine, or suspend your account at anytime due to you violating the rules. Do you have any other questions? Thank you for contacting Comcast, have a great day.
  • Comcast previously corroborated with the FBI by providing information on alleged Silk Road mastermind Ross Ulbricht’s internet usage. Ulbricht’s legal defense without a warrant. Ulbricht was most certainly never given a warning by Comcast or given time to contact a lawyer before he was arrested in a San Francisco library last October. Comcast already monitors its customers internet usage to prevent them from downloading pirated media in violation of copyright laws. Under the “Six Strikes” plan, Comcast customers who are caught by Comcast pirating copy-written material are emailed by Comcast and told to cease the activity. Comcast will continue monitoring them, and if they violate the “Six Strikes” plan five more times, their internet service will be terminated.
John Lemke

Simply Scripts - Old Time Radio from the Golden Age of Radio - 0 views

www.simplyscripts.com/radio_all.html

time radio scripts 2011

shared by John Lemke on 07 Oct 11 - Cached
  • Academy Award Theater: "The Maltese Falcon"
  • Academy Award Theater: The Great McGinty
  • Academy Award Theater: Brief Encounter
John Lemke

Self-repairing software tackles malware -- ScienceDaily - 0 views

www.sciencedaily.com/...141113140011.htm

software malware 2014 technology self-healing virus

shared by John Lemke on 17 Nov 14 - No Cached
  • Unlike a normal virus scanner on consumer PCs that compares a catalog of known viruses to something that has infected the computer, A3 can detect new, unknown viruses or malware automatically by sensing that something is occurring in the computer's operation that is not correct. It then can stop the virus, approximate a repair for the damaged software code, and then learn to never let that bug enter the machine again.
  • To test A3's effectiveness, the team from the U and Raytheon BBN used the infamous software bug called Shellshock for a demonstration to DARPA officials in Jacksonville, Florida, in September. A3 discovered the Shellshock attack on a Web server and repaired the damage in four minutes, Eide says. The team also tested A3 successfully on another half-dozen pieces of malware.
1 - 18 of 18
Showing 20 items per page