KevLar's Space

my little space on the interwebs

Tor Is Building the Next Generation Dark Net With Funding From DARPA

Patrick O’Neill writes: After years of relative neglect, Tor has been able to dedicate increasing time and resources to its hidden services thanks to funding in part by DARPA, as well as an upcoming crowdfunding campaign. DARPA’s funding lasts 1-3 years and covers several projects including security and usability upgrades that close the gap between hidden services and the everyday Internet. “Next-generation hidden services may be run from multiple hosts to better deal with denial of service attacks and high traffic in general, a potentially big power boost that further closes the gap between the Dark Net and normal websites. … Hidden services, which make up about 4 percent of the entire Tor network, have until recently been relatively neglected when it comes to funding and developing.”

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1P9TBuT

How Security Companies Peddle Snake Oil

penciling_in writes: There are no silver bullets in Internet security, warns Paul Vixie in a co-authored piece along with Cyber Security Specialist Frode Hommedal: “Just as ‘data’ is being sold as ‘intelligence’, a lot of security technologies are being sold as ‘security solutions’ rather than what they really are: very narrow-focused appliances that, as a best case, can be part of your broader security effort.” We have to stop playing “cops and robbers” and pretending that all of us are potential targets of nation-states, or pretending that any of our security vendors are like NORAD, warn the authors.
Vixie adds, “We in the Internet security business look for current attacks and learn from those how to detect and prevent those attacks and maybe how to predict, detect, and prevent what’s coming next. But rest assured that there is no end game — we put one bad guy in prison for every hundred or so new bad guys who come into the field each month. There is no device or method, however powerful, which will offer a salient defense for more than a short time. The bad guys endlessly adapt; so must we. Importantly, the bad guys understand how our systems work; so must we.”

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1OA41lb

Why the Journey To IPv6 Is Still the Road Less Traveled

alphadogg writes The writing’s on the wall about the short supply of IPv4 addresses, and IPv6 has been around since 1999. Then why does the new protocol still make up just a fraction of the Internet? Though IPv6 is finished technology that works, rolling it out may be either a simple process or a complicated and risky one, depending on what role you play on the Internet. And the rewards for doing so aren’t always obvious. For one thing, making your site or service available via IPv6 only helps the relatively small number of users who are already set up with the protocol, creating a nagging chicken-and-egg problem.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1zDPZIz

Swift Tops List of Most-Loved Languages and Tech

Nerval’s Lobster writes Perhaps developers are increasingly overjoyed at the prospect of building iOS apps with a language other than Objective-C, which Apple has positioned Swift to replace; whatever the reason, Swift topped Stack Overflow’s recent survey of the “Most Loved” languages and technologies (cited by 77.6 percent of the 26,086 respondents), followed by C++11 (75.6 percent), Rust (73.8 percent), Go (72.5 percent), and Clojure (71 percent). The “Most Dreaded” languages and technologies included Salesforce (73.2 percent), Visual Basic (72 percent), WordPress (68.2 percent), MATLAB (65.6 percent), and SharePoint (62.8 percent). Those results were mirrored somewhat in recent list from RedMonk, a tech-industry analyst firm, which ranked Swift 22nd in popularity among programming languages (based on data drawn from GitHub and Stack Overflow) but climbing noticeably quickly.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1yLSAoO

New Dark Web Market Is Selling Zero-Day Exploits

Sparrowvsrevolution writes Over the last month, a marketplace calling itself TheRealDeal Market has emerged on the dark web, with a focus on sales of hackers’ zero-day attack methods. Like the Silk Road and its online black market successors like Agora and the recently defunct Evolution, TheRealDeal runs as a Tor hidden service and uses bitcoin to hide the identities of its buyers, sellers, and administrators. But while some other sites have sold only basic, low-level hacking tools and stolen financial details, TheRealDeal’s creators say they’re looking to broker premium hacker data like zero-days, source code, and hacking services, often offered on an exclusive, one-time sale basis. Currently an iCloud exploit is being offered for sale on the site with a price tag of $17,000 in bitcoin, claiming to be a new method of hacking Apple iCloud accounts. “Any account can be accessed with a malicious request from a proxy account,” reads the description. “Please arrange a demonstration using my service listing to hack an account of your choice.” Others include a technique to hack WordPress’ multisite configuration, an exploit against Android’s Webview stock browser, and an Internet Explorer attack that claims to work on Windows XP, Windows Vista and Windows 7, available for around $8,000 in bitcoin. None of these zero days have yet been proven to be real, but an escrow system on the site using bitcoin’s multisignature transaction feature is designed to prevent scammers from selling fake exploits.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1Gd6CCm

D-Link Apologizes For Router Security

Mark Wilson writes D-Link has issued an apology to its customers for an on-going security issue with many of its routers. A problem with the Home Network Administration Protocol (HNAP) means that it is possible to bypass authorization and run commands with escalated privileges. The list of routers affected by the issue is fairly lengthy, and D-Link has already issued one patch. But rather than fixing the problem, last week’s update left routers wide open to exactly the same problem. As it stands at the moment, a firmware patch is still being produced for a total of 17 routers. In the meantime, all D-Link has to offer is an apology. While unhelpful patches have already been issued, D-Link is currently working away on replacement firmware updates. The release dates for these patches is not yet set in stone, but some are due today (20 April), some tomorrow (21 April) and the remainder on 24 April.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1bkZwyQ

Chrome 43 Should Help Batten Down HTTPS Sites

River Tam writes The next version of Chrome, Chrome 43, promises to take out some of the work website owners — such as news publishers — would have to do if they were to enable HTTPS. The feature might be helpful for publishers migrating legacy HTTP web content to HTTPS when that old content can’t or is difficult to be modified. The issue crops up when a new HTTPS page includes a resource, like an image, from an HTTP URL. That insecure resource will cause Chrome to flag an ‘mixed-content warning’ in the form of a yellow triangle over the padlock.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1bhkyyn

Whoah, Small Spender! Steam Sets Limits For Users Who Spend Less Than $5

As GameSpot reports, Valve has implemented a policy that reduces the privileges of Steam users unless those users have spent $5 through the service. Along the same lines as suggestions to limit spam by imposing a small fee on emails, the move is intended to reduce resource abuse as a business model. From the article:

“Malicious users often operate in the community on accounts which have not spent any money, reducing the individual risk of performing the actions they do,” Valve said. “One of the best pieces of information we can compare between regular users and malicious users are their spending habits as typically the accounts being used have no investment in their longevity. Due to this being a common scenario we have decided to restrict certain community features until an account has met or exceeded $5.00 USD in Steam.”

Restricted actions include sending invites, opening group chats, and taking part in the Steam marketplace.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1Q6bhst

US Military To Recruit Civilian Cybersecurity Experts

An anonymous reader writes The U.S. Army is to create a new cybersecurity division, Cyber Branch 17, and is also considering launching a cyber career track for civilians, according to an announcement made this week by Lt. Gen. Edward C. Cardon. Cardon, who currently heads the U.S. Army’s cyber command, ARCYBER, spoke to the Senate Armed Services subcommittee on Tuesday about the growing threats and capabilities used in cyber warfare. He argued that creating a cyber career management field for civilians would result in an easier recruitment process, as opposed to recruiting internally and trying to retain the talent, he said. Cardon maintains that recruiting and retaining talent in the field is often challenging, given internal employment constraints surrounding compensation and slow hiring processes.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1DnA5CG

Norway Will Switch Off FM Radio In 2017

New submitter titten writes The Norwegian Ministry of Culture has announced that the transition to DAB will be completed in 2017. This means that Norway, as the first country in the world to do so, has decided to switch off the FM network. Norway began the transition to DAB in 1995. In recent years two national and several local DAB-networks has been established. 56 per cent of radio listeners use digital radio every day. 55 per cent of households have at least one DAB radio, according to Digitalradio survey by TNS Gallup, continuously measuring the Norwegian`s digital radio habits.

Read more of this story at Slashdot.

via Slashdot: IT http://ift.tt/1OruYr7

Follow

Get every new post delivered to your Inbox.