Uzbey

Twitter Goodies

Categories

Slam the Online Scam

Archives

Blue Coat reveals dangers of ‘One Day Wonders’

It might surprise you to learn that a very large percentage of websites have the lifespan of a typical mayfly—24 hours or less. Blue Coat dubbed such sites “One Day Wonders”, and has released a research study on the risks of these fly-by-night sites.

There are a select few Web domains that account for the vast majority of Web traffic—household names like Google, Amazon, and Netflix. There are probably fewer than 100—possibly even fewer than 25—that an average user visits with any regularity. The reality, though, is that there are hundreds of millions of domains in existence, and that many exist for very brief periods of time.

To read this article in full or to leave a comment, please click here

Are you prepared to handle the rising tide of ransomware?

Have you dealt with ransomware or know someone who has? Is it something you take seriously?

I didn’t.

My exposure to ransomware was limited to reading about a friend helping a friend on Facebook. Aware of the threat, I never looked deeper to learn more about it. That is until Damballa (disclosure: Damballa is a recent client) released the State of Infections report for Q2 2014 (get the full report here ).

The report, also available in a concise infographic (here), is loaded with specifics and metrics on recent ransomware. The broader report held two key findings:  

To read this article in full or to leave a comment, please click here

THP Semifinalist: Autonomous Recharging For Multirotors

quadEven with visions of quadcopters buzzing around metropolitan areas delivering everything from pizzas to toilet paper fresh in the minds of tech blogospherites, There’s been a comparatively small amount of research into how to support squadrons of quadcopters and other unmanned aerial vehicles. The most likely cause of this is the FAA’s reactionary position towards UAVs. Good thing [Giovanni] is performing all his research for autonomous recharging and docking for multirotors in Australia, then.

The biggest obstacle of autonomous charging of a quadcopter is landing a quad exactly where the charging station is; run of the mill GPS units only have a resolution of about half a meter, and using a GPS solution would require putting GPS on the charging station as well. The solution comes from powerful ARM single board computers – in this case, an Odroid u3 – along with a USB webcam, OpenCV and a Pixhawk autopilot.

Right now [Giovanni] is still working out the kinks on his software system, but he has all the parts and the right tools to get this project up in the air, down, and back up again.


SpaceWrencherThe project featured in this post is a semifinalist in The Hackaday Prize.


Filed under: drone hacks, The Hackaday Prize

What is Fracking? How Is It Dangerous?

One doesn’t need to be an environmentalist to be familiar with fracking. It is a topic that has dominated conversations about energy, sustainability, economics, government intervention in the private sector, business freedoms — the list goes on and on.  Oil companies lobby for it, environmentalists try and regulate it, and the general public tries (often in vain) to separate fact from fiction. So instead of telling you how you should feel about it, we’ll just tell you what it is and how it impacts our planet. You can weigh the costs and benefits from there.

What It Is:

Fracking — otherwise known as hydraulic fracturing (a term that sounds decidedly more menacing) — is the process by which shale deposits are forced open. Notably, these deposits generally hold gas reserves (fracking is mostly used to access crude oil; however, it can be used for petroleum and other substances as well). In short, it is a process we use to retrieve contents hidden beneath Earth’s surface. Fracking is accomplished by using a drill to stimulate horizontal, vein-like tunnels that branch into a normal (vertical) well. 

Once these “veins” are implemented, workers pump them full of water (about 8 million liters of it) and a few other components (like sand and sometimes other chemical ingredients), until the pressures mount to the point that fissures emerge in the deposit (we use pressurized liquid in order to fracture rock; hence the term “hydraulic fracturing”). When these fissures open, the substance that is being retrieved is guided into the horizontal well before it flows to storage tanks above ground. 

Infographic of how fracking works. Via Australian Geographic.

Infographic of how fracking works. Via Australian Geographic.

So.. how far would we need to drill to get to this oil? Well, according to estimates, most wells are about 7,700 feet (2,347 meters) deep or approximately 6 Empire State Buildings that are each stacked right on top of each other.

How It Impacts Earth (& Its Inhabitants):

Clearly, the process outlined above is an oversimplification. If it were truly that easy, people wouldn’t be so up in arms over fracking. The simple truth is this: there are many ways fracking can go horribly wrong, even under the most controlled circumstances.

Image Credit: NASA

Image Credit: NASA

  • Fracking Flares:

Over the last few years, we’ve seen some of these complications in action. Most recently in North Dakota — a state that seen an economic boom due to a growing number of fracking operations. Here, a large number of fracking-induced “flares” have popped up.

However, notably, these flares don’t have too much to do with fracking itself, but how we deal with unusable or unideal resources collected through the drills. Often, businesses in the fracking industry do not deal with byproducts in a responsible manner, which leads to flares. Thus, by changing their businesses practices, this concern could be effectively dealt with. 

So, how do we get these flares? After the tunnels are dug some of the substances that they recover (like natural gas) are far less profitable than other substances (crude oil). Since it would cost more to separate the desirables from the undesirables, workers sometimes set fire to the well. As a result, nearly a third of the natural gas produced in the region is being burned to secure crude oil. There are two concerns here. This burning releases a substantial amount of carbon dioxide in the process (so we are making further contributions to global warming), and we’re essentially wasting a natural resource — an estimated 100 million dollars worth each month — to obtain something far more harmful to the environment (crude oil).

Famously, these flares are now so numerous, the center of operations in South Dakota is lit up like a Christmas tree; it’s even visible from space!

  • Contamination:

In another scenario that has played out a few times in recent history — when fracking goes wrong it can contaminate the water supply of an entire community. Moreover, it’s established that this contaminated water can inflict sensory, respiratory, and neurological damage if someone is subjected to it long enough. See the below graphic to understand how this contamination happens:

Credit: Checks And Balances Project (Click here to see a larger image)

Credit: Checks And Balances Project (Click here to see a larger image)

Recent history also shows that incidents with spilled oil can have a crippling impact on oceanic wildlife. In fact, just earlier this year, a huge amount of crude oil spilled after the train carrying it derailed, sparking an explosion so toxic that almost all of Casselton’s 2,300 residents living in Plaster Rock (in New Brunswick, Canada) were forced to evacuate. Again, this did not occur because of fracking, but at the same time, it is a direct consequence of the practice. 

A similar event happened just the year before with more disastrous consequences. Crude oil exploded in Lac-Mégantic, Quebec after the train carrying it derailed. This time, 47 people were killed. A reporter from the Vancouver Sun stated that “‘The significant increase in the transport of oil by rail, and the growing evidence that Bakken shale oil is proving itself to be a very explosive commodity, shows that regulations on both sides of the border are not adequate,’ said Mark Winfield, an associate professor at York University who researches public safety regulation.”

  • Constant Danger To Workers:

As you can imagine, any time people work with flammable material, the situation must be treated delicately. No matter how delicate, a growing number of workers continue to get killed on the job. Researchers also published a study discussing other ramifications, namely that fracking might negatively affect fetuses before emerging from the womb

  • Other Environmental Consequences: 

Pollution from truck traffic, chemical contamination around storage tanks, habitat fragmentation, and damage from drilling to other environmentally sensitive areas  are all concerns when dealing with fracking.

This Kurzgesagt video goes into some of the other dangers, and it expands on the controversy happening in Europe as we speak.

 WATCH: Fracking Explained: Opportunity or Danger?

 

The Benefits:

  • Economic

The benefits from fracking are largely economic. One of the primary points is that this is a more local industry, one that does not rely on foreign reserves. According to Energy From Shale, “Hydraulic fracturing has boosted local economies—generating royalty payments to property owners, providing tax revenues to the government and creating much-needed high-paying American jobs. Engineering and surveying, construction, hospitality, equipment manufacturing and environmental permitting are just some of the professions experiencing the positive ripple effects of increased oil and natural gas shale development.”

Ultimately, fracking has helped the USA nearly double domestic crude oil production since 2008.

  • Environmental

We’ve spent a lot of time on the environmental dangers, and you’ll note that this section on the befits is much shorter. That is not because of any intentional bias, but because the accidents that can arise from energy production are necessarily more numerous than the environmental benefits.

That said, one way that fracking is beneficial is that it enables businesses to create a localized drilling site. Environmentalists, of course, may not be swayed by this benefit, as they would argue that it is not really beneficial, it is just less worse than current drilling methods. Nonetheless, it is an improvement, and those who promote fracking would note (and correctly so) that all methods of energy production have environmental costs (even wind and solar power).

Image via Energy From Shale

Image via Energy From Shale


 

This should just serve as a general guide to the benefits and the costs of fracking. For more information, please see the sources linked throughout.
In the end, what do you think? Is fracking worth the cost? How should we produce energy? Leave your thoughts in the comments. 

 

Hackers make drive-by download attacks stealthier with fileless infections

Cybercriminals are increasingly infecting computers with malware that resides only in memory in order to make their attacks harder to detect.

Recent attacks launched with the Angler exploit kit -- a Web-based attack tool -- injected malicious code directly into other processes and did not create malicious files on affected computers, an independent malware researcher known online as Kafeine said Sunday in a blog post.

[Stealthy malware 'Poweliks' resides only in system registry]

To read this article in full or to leave a comment, please click here

UK Govt. Warns Google, Microsoft & Yahoo Over Piracy

Developments over the past 12 months have sent the clearest message yet that the UK government is not only prepared to morally support the creative industries, but also spend public money on anti-piracy enforcement.

The government-funded City of London Intellectual Property Crime Unit is definitely showing no signs of losing interest, carrying out yet another arrest yesterday morning on behalf of video rightsholders. In the afternoon during the BPI’s Annual General Meeting in London, the unit was being praised by both government officials and a music sector also keen to bring piracy under control.

“We’ve given £2.5 million to support the City of London Police Intellectual Property Crime Unit, PIPCU,” Culture Secretary Sajid Javid told those in attendance.

“The first unit of its kind in the world, PIPCU is working with industry groups – including the BPI – on the Infringing Websites List. The list identifies sites that deliberately and consistently breach copyright, so brand owners can avoid advertising on them.”

Referencing rampant online piracy, Javid said that no industry or government could stand by and let “massive, industrial scale” levels of infringement continue.

“I know some people say the IP genie is out of the bottle and that no amount of wishing will force it back in. But I don’t agree with them,” he said.

“We don’t look at any other crimes and say ‘It’s such a big problem that it’s not worth bothering with.’ We wouldn’t stand idly by if paintings worth hundreds of millions of pounds were being stolen from the National Gallery.Copyright infringement is theft, pure and simple. And it’s vital we try to reduce it.”

Going on to detail the Creative Content initiative which the government is supporting to the tune of £3.5m, Javid said the system would deliver a “robust, fair and effective enforcement regime”.

But that, however, is only one part of the puzzle. Infringing sites need to be dealt with, directly and by other means, he added.

“Copyright crooks don’t love music. They love money, and they’ve been attracted to the industry solely by its potential to make them rich. Take away their profits and you take away their reason for being. Of course, it’s not just up to the government and music industry to deal with this issue,” he noted.

Putting search engines on notice, the MP said that they have an important role to play.

“They must step up and show willing. That’s why [Business Secretary] Vince Cable and I have written to Google, Microsoft and Yahoo, asking them to work with [the music industry] to stop search results sending people to illegal sites,” Javid said.

“And let me be perfectly clear: if we don’t see real progress, we will be looking at a legislative approach. In the words of [Beggars Group chairman] Martin Mills, ‘technology companies should be the partners of rights companies, not their masters’.”

The Culture Secretary said that when it comes to tackling piracy, the government, music industry and tech companies are “three sides of the same triangle.” But despite that expectation of togetherness, only time will tell if the search engines agree to the point of taking voluntary action to support it.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

IDG Contributor Network: Top 10 threats, trends and business priorities for security executives

I've been getting a number of inquires regarding by blog. More the the point, folks have been wanting to know why I haven't published recently. Two major factors contributed to my lack of contribution in recent months.

One, I've really been a road warrior as of late -- even for me, the guy that is always blogging about Singapore, Brazil, Australia, etc. In fact, for the first time in a professional lifetime of heavy travel I was averaging more than 150,000 miles a quarter. I don't suggest this as a lifestyle choice -- unless that choice is to emulate George Clooney in Up in the Air.  Two, I recently changed jobs; you can learn more about that by checking out my updated profile. But now I'm back.

To read this article in full or to leave a comment, please click here

The 17 Worst Things About Going Back To School

1. Going back to school.

Going back to school can be difficult:

Going back to school can be difficult:

Via lovatos-little-skyscraper.tumblr.com

You knew the summer was winding down and the inevitable was coming:

You knew the summer was winding down and the inevitable was coming:

Via bandsareeverythingouo.tumblr.com

Yet still managing to get up and go can be a struggle:

Yet still managing to get up and go can be a struggle:

Via lets-l0se-it-4ll.tumblr.com

But going back is just the beginning:

But going back is just the beginning:

Via pinterest.com


View Entire List ›

Rigging Your 3D Models In The Real-World

3D Real-World Rig

Computer animation is a task both delicate and tedious, requiring the manipulation of a computer model into a series of poses over time saved as keyframes, further refined by adjusting how the computer interpolates between each frame. You need a rig (a kind of digital skeleton) to accurately control that model, and researcher [Alec Jacobson] and his team have developed a hands-on alternative to pushing pixels around.

3D Rig with Control Curves

Control curves (the blue circles) allow for easier character manipulation.

The skeletal systems of computer animated characters consists of kinematic chains—joints that sprout from a root node out to the smallest extremity. Manipulating those joints usually requires the addition of easy-to-select control curves, which simplify the way joints rotate down the chain. Control curves do some behind-the-curtain math that allows the animator to move a character by grabbing a natural end-node, such as a hand or a foot. Lifting a character’s foot to place it on chair requires manipulating one control curve: grab foot control, move foot. Without these curves, an animator’s work is usually tripled: she has to first rotate the joint where the leg meets the hip, sticking the leg straight out, then rotate the knee back down, then rotate the ankle. A nightmare.

[Alec] and his team’s unique alternative is a system of interchangeable, 3D-printed mechanical pieces used to drive an on-screen character. The effect is that of digital puppetry, but with an eye toward precision. Their device consists of a central controller, joints, splitters, extensions, and endcaps. Joints connected to the controller appear in the 3D environment in real-time as they are assembled, and differences between the real-world rig and the model’s proportions can be adjusted in the software or through plastic extension pieces.

The plastic joints spin in all 3 directions (X,Y,Z), and record measurements via embedded Hall sensors and permanent magnets. Check out the accompanying article here (PDF) for specifics on the articulation device, then hang around after the break for a demonstration video.

[Thanks Sam]


Filed under: 3d Printer hacks, software hacks

Tax Relief Bill For County Fire Victims Passes Legislature

Esri map shows the fires across San Diego County this year.

Highlights of the Esri User Conference 2014, San Diego July 14-18

Esri products featured at the 2014 Esri User Conference.

ConnectED Could be a Game Changer for Technology in Schools

Esri commitment leads tech giants in ConnectED efforts to empower teachers and students.

KATU’s powerful new map will help keep your kids safe on way to school

Portland Public Schools map the safest routes for students and parents using ArcGIS.

Most Amazing GIFs That Teach You Math Concepts

Dave Whyte is a PhD candidate who is currently studying the physics of foam. He is also an amazing animator. His geometric gifs are more than just beautiful; many of them also explain mathematical concepts in simple (but elegant) terms. His Tumblr, Bees & Bombs, has hundreds of gifs that he has posted over the years. His Twitter also has several posts that contain his source code (in case you want to try your hand at processing). You can also hit him up for some freelance work.

Below are some of our favorite animations from Whyte’s collection:

1. This Is A Virtual Torus

The single-holed “ring” torus is known in older literature as an “anchor ring.” It can be constructed from a rectangle by gluing both pairs of opposite edges together with no twists.

torus

2. How Pendulums Work

A Pendulum is something hanging from a fixed point which, when pulled back and released, is free to swing down by force of gravity and then out and up because of its inertia.

pendulum

3. This Is A Cube

A cube is a three-dimensional solid object bounded by six square faces, facets or sides, with three meeting at each vertex.

cube

4. Here’s The Difference Between a Circle and a Sphere

A circle and sphere are both round in shape but whereas a circle is a figure, a sphere is an object. You can compare the two as a drawing of a tennis ball on a piece of paper and the ball itself in real life. A circle is a 2D figure whereas a sphere is a 3D object having volume.

circle spehere

5. How To Make A Near Fractal With Triangles

Fractals are geometric figures that typically display self-similar patterns. The term “self-similarity” can be most readily understood by thinking of a camera that zooms in on an image. Typically, when you zoom in on a photograph, you see finer points, different details, and new structures. Not so with fractals. When you zoom in on a true fractal, no new detail appears. Nothing changes. Rather, the same pattern repeats over and over.

triangle fractal


 Be sure to check out more of Whyte’s work at his Tumbler blog. However, be warned, you may find yourself roaming about his many gifs for hours…so consider canceling your day plans.

North Korea using foreign bases to launch cyberattacks, says HP

The Democratic People's Republic of North Korea (DPRK) is a country with almost no conventional Internet presence and yet it has among the most active cyberwarfare footprints of any nation on earth and appears obsessed with expanding its operations, HP has concluded after reviewing evidence from a range of third-party sources.

It's an apparent paradox: how can a hermit-like country with a population on par with Romania get up to the sort of mischief North Korea has been accused of when satellite images show the country is so lacking of a working electricity grid that at night it advertises itself as a lightless, black expanse?

HP's answer in latest its primer 101 is that North Korea doesn't actually do that much from North Korea, relying instead of cells planted in other parts of the world, particularly China, and even inside sworn enemy South Korea.

To read this article in full or to leave a comment, please click here

11 steps attackers took to crack Target

Despite the massive scale of the theft of Personal Identifiable Information (PII) and credit card and debit card data resulting from last year's data breach of retail titan Target, the company's PCI compliance program may have significantly reduced the scope of the damage, according to new research by security firm Aorato, which specializes in Active Directory monitoring and protection.

Leveraging all the publicly available reports on the breach, Aorato Lead Researcher Tal Be'ery and his team catalogued all the tools the attackers used to compromise Target in an effort to create a step-by-step breakdown of how the attackers infiltrated the retailer, propagated within its network and ultimately seized credit card data from a Point of Sale (PoS) system not directly connected to the Internet.

To read this article in full or to leave a comment, please click here

30 Years later TED finds his voice: A Commodore Story Part I

MOS VICII Chip

MOS VICC II Video Interface Chip

MOS SID Chip

MOS SID Chip Sound Interface Device

In the before-time (I’m talking about the 1980’s here), when home computers were considered to be consumer items, there was the Commodore C64. The C64 derived its vast array of superpowers from two Integrated Circuits (IC) named VIC and SID standing for Video Interface Chip and Sound Interface Device. Chip names were part of our culture back them, from VIC up to Fat AGNES in the end.

We spoke about VIC and SID as if they were people or distant relatives, sometimes cantankerous or prone to sudden outburst, but there was always an underlying respect for the chips and the engineers who made them. VIC and SID together made one of the world’s best video and sound experiences; movement and noise, musical notes and aliens.

chicago ces cropI was going on my second week as a young upstart engineer working for Commodore in the offices above the MOS chip fab building, when the head of engineering and my boss, [Shiraz Shivji], pulled me into his office. It had been a blusterous two weeks with un-imagined technology ever-present and spilling out from the offices as one roamed the halls. Video games played in one out of every two doorways causing one to wonder how many people were working, how many just goofing off, and how many were doing both at the same time.

Rare Commodore C364 "Talking TED" Commodore C364 Prototype Computer Rare Commodore C-364 Bottom PCB Jumpers partial due to make Magic Voice desktop app speak.

I had already been on my own whirlwind tour of duty in that short time. 25 years after I went to work for Commodore I found out by reading [Brain Bagnal’s] book On the Edge that I had been hired only as a lowly technician. I had been immediately upgraded to programmer on my first day to fill in for a programmer who was out on vacation. They put me in his chair in a small office with 2 other people. All of the offices held three people at most; if we could have dispensed with the door we undoubtedly would have had four stuffed in the same space.

This office was unlike any other office. This office had a large collection of spider plants. I felt blessed to be working at Commodore and even more so sitting in the only office with green growing things.

MOS Chip Fab Building

Standing Silent: Former MOS Semiconductor in King Of Prussia PA

I didn’t get any of my software assignment done, I literally couldn’t sit in a chair with so much wonder in the air, I kept ending up in the hardware labs. On Friday of the first week I became the victim of what we called back then a “drive-by”. The head of engineering was passing by me in the hall when he stopped my foursome wanting to talk about chip yield. Somehow out of this group I was the guy picked to represent the Engineering R&D Department at that particular moment.

I must have done well, and I’m sure I’ll share that full story another time. The short of it was that I solved a problem rather than just having averted blame. The next time I was pulled into [Shiraz’s] office felt like another drive-by. I sat down attentively ready for my new mission. What I lacked in training and experience I was going to try and make up with exuberance.

800px-ZXSpectrum48k

ZX Spectrum

[Shiraz] opened a Commodore-made file cabinet (and you thought we just made computers) and showed me a Timex/Sinclair Spectrum. There it sat on my side of the desk; the competition, those that would steal our lunch money to feed themselves. The Enemy.

Commodore 116

Commodore C116 – 1980 Computer

I was put in charge of the newest computer in that moment, no doubt as punishment for spending all my time in the hardware lab. I was introduced to TED, the Text Display chip, our newest single chip computer system. I didn’t mention that we had previously met, afraid that the wrong words would get me thrown off the project as quickly as I had just come on board.

A bit more of the conversations and issues surrounding the Commodore TED family can be seen in this video I made a few years back.

The standard stories aside, something happened this year when I found a rare version of the TED machine and took it to VCF with me. This TED was different from most, this one could speak to you.

TI Speak and Spell

Texas Instruments TI Speak and Spell from the 1980’s

This is back in the day when only one device was known to speak, the TI Speak and Spell. So naturally Commodore went and hired, or stole, maybe coerced, the very engineering talent that gave the Speak and Spell his voice. And now TED would speak with that voice, I still remember the day TED cleared his throat and spoke, he mispronounced a few words but it was a wholly wondrous moment in time, or least in my life.

What did TED have to say? That’s a story for a different day. Keep checking Hackaday for Part 2 of my story.

[Photo of MOS Building courtesy of Fran Blanche]
[Photo of C64 Motherboard courtesy of Bill Bertram]

 


Filed under: Featured, news

Bogus cellphone towers found in the US

CryptoPhone 500 security firm has found 17 bogus cellphone towers in the US with a heavily customized handset exploited for surveillance activities.

Seventeen mysterious cellphone towers have been discovered in the USA, they are identical to legitimate towers, the unique difference is related a heavily customized handset built for Android security. According to the Popular Science, the bogus cellphone towers have a malicious purpose

The fake cellphone towers were used by an unknown threat actor to eavesdrop mobile communication, but the infrastructures be used also to server malware. The disconcerting discovery was made by the users of the CryptoPhone 500, a company which sells secure handsets, after that an executive noticed his mobile device was “leaking” data. The company provides smartphone running a hardened version the Android OS, and company claims that its Android release is free from hundreds of flaws which affect commercial release. CryptoPhone 500 is commercialized in the US by ESD America and run on top of an unassuming Samsung Galaxy SIII body, features high-powered encryption.

“Les Goldsmith, the CEO of ESD America, says the phone also runs a customized or “hardened” version of Android that removes 468 vulnerabilities that his engineering team team found in the stock installation of the OS. His mobile security team also found that the version of the Android OS that comes standard on the Samsung Galaxy SIII leaks data to parts unknown 80-90 times every hour. That doesn’t necessarily mean that the phone has been hacked, Goldmsith says, but the user can’t know whether the data is beaming out from a particular app, the OS, or an illicit piece of spyware. His clients want real security and control over their device, and have the money to pay for it.” state the Popular Science.

After investigation, the data leaks were traced to the cellphone towers,  Goldsmith revealed that they also implement “interception” features and the possibility to inoculate malware in a wide range of connected mobile devices. Be aware that mobile devices on the market cannot detect the malicious activity, only hardened handsets which implement “baseband attack detection.” can do it. The Baseband attack detection allows to protect, through a firewalling mechanism, the cellphone against over-the-air attacks.

 

malicious cellphone towers baseban attack

 

The origin of cellphone towers is a mystery, they were located in different places in the US as explained by Goldsmith.

“Interceptor use in the U.S. is much higher than people had anticipated,” Goldsmith says.  “One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip.  We even found one at South Point Casino in Las Vegas.”

Some of the bogus cellphone towers were discovered in proximity of U.S. military bases and this circumstance alarm intelligence and security experts that has no idea of who has installed and currently maintain a so expensive and complex apparatus.

“What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.” says Goldsmith.  “Whose interceptor is it?  Who are they, that’s listening to calls around military bases?  The point is: we don’t really know whose they are.”

Devices for traffic eavesdropping are not easy to acquire, law enforcement and intelligence agencies are principal buyers of this technology. Goldsmith confirmed that the devices deployed on the malicious cellphone towers cost “less than $100,000” avoiding to provide further details on the appliances discovered.

“The baseband processor is one of the more difficult things to get into or even communicate with,” says Mathew Rowley, a senior security consultant at Matasano Security.  “[That’s] because my computer doesn’t speak 4G or GSM, and also all those protocols are encrypted.  You have to buy special hardware to get in the air and pull down the waves and try to figure out what they mean.  It’s just pretty unrealistic for the general community.”

Goldsmith explained that  some devices are only able to passively listen to either outgoing or incoming calls, but most advanced solutions, like the VME Dominator, are able to actively control the mobile handsets.

The document leaked by Edward Snowden revealed that the NSA has developed these cyber capabilities and has technology to conduct so called over-the-air attacks. Recently, on August 11th, the F.C.C. announced an investigation into the use of interceptors to spy on Americans by foreign intelligence services and cyber criminals.

Pierluigi Paganini

(Security Affairs – cellphone towerscyberespionage)

The post Bogus cellphone towers found in the US appeared first on Security Affairs.

Tribler Makes BitTorrent Anonymous With Built-in Tor Network

boxedThe Tribler client has been around for more nearly a decade already, and during that time it’s developed into the only truly decentralized BitTorrent client out there.

Even if all torrent sites were shut down today, Tribler users would still be able to find and add new content.

But the researchers want more. One of the key problems with BitTorrent is the lack of anonymity. Without a VPN or proxy all downloads can easily be traced back to an individual internet connection.

The Tribler team hopes to fix this problem with a built-in Tor network, routing all data through a series of peers. In essence, Tribler users then become their own Tor network helping each other to hide their IP-addresses through encrypted proxies.

“The Tribler anonymity feature aims to make strong encryption and authentication the Internet default,” Tribler leader Dr. Pouwelse tells TF.

For now the researchers have settled for three proxies between the senders of the data and the recipient. This minimizes the risk of being monitored by a rogue peer and significantly improves privacy.

“Adding three layers of proxies gives you more privacy. Three layers of protection make it difficult to trace you. Proxies no longer need to be fully trusted. A single bad proxy can not see exactly what is going on,” the Tribler team explains.

“The first proxy layer encrypts the data for you and each next proxy adds another layer of encryption. You are the only one who can decrypt these three layers correctly. Tribler uses three proxy layers to make sure bad proxies that are spying on people can do little damage.”

Tribler’s encrypted Tor routing

wtvTMix

Today Tribler opens up its technology to the public for the first time. The Tor network is fully functional but for now it is limited to a 50 MB test file. This will allow the developers to make some improvements before the final release goes out next month.

There has been an increased interest in encryption technologies lately. The Tribler team invites interested developers to help them improve their work, which is available on Github.

“We hope all developers will unite inside a single project to defeat the forces that have destroyed the Internet essence. We really don’t need a hundred more single-person projects on ‘secure’ chat applications that still fully expose who you talk to,” Pouwelse says.

For users the Tor like security means an increase in bandwidth usage. After all, they themselves also become proxies who have to pass on the transfers of other users. According to the researchers this shouldn’t result in any slowdowns though, as long as people are willing to share.

“Tribler has always been for social and sharing people. Like private tracker communities with plenty of bandwidth to go around we think we can offer anonymity without slow downs, if we can incentivize people to leave their computers on overnight and donate,” Pouwelse says.

“People who share will have superior anonymous speeds,” he adds.

Those interested in testing Tribler’s anonymity feature can download the latest version. Bandwidth statistics are also available. Please bear in mind that only the test file can be transferred securely at the moment.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Astronomy Photo of the Day (APotD) 9/2/14 — N49

N49 with X-Rays (Credit: NASA/JPL/Judy Schmidt)

N49 in X-Ray   (Credit: X-ray: (NASA/CXC/Penn State/S.Park et al.); Optical: NASA/STScI/UIUC/Y.H.Chu & R.Williams et al)

Meet N49 (also known as LMC N49, or DEM L 190); a nebular region belonging to one of the satellite galaxies of the Milky Way. 

Taken using the Chandra X-ray Observatory, this almost-malevolent-looking figure has taken on haunting appearance, but perhaps, in similar circumstances, we too would be worse for the wear. By ‘circumstances,’ I’m referencing the fact that this region is technically a supernova remnant, thus it didn’t exist until a massive star died a bloody, violent death.

Fast Facts:

  • The star has since converted into a neutron star.
  • This stellar corpse spins so quickly — with it completing one revolution every eight seconds — it generates a magnetic field more than a quadrillion times stronger than Earth’s.
  • This technically makes it a rare breed of star: a magnetar.
  • Moreover, astronomers point out that it’s a source of soft gamma-ray emissions, which are far less powerful than normal GBR

To get a clear picture of just how violent and catastrophic we’re talking about, this region is not only the brightest remnant in the entirety of its parent dwarf galaxy, but it’s also one of the hottest. Inwardly, its temperatures hang around 1 million degrees. However, in contrast, its outer shell appears to be comprised of much cooler gas (these temperatures within vary from anywhere between 8,000 and 300,000 degrees).

Its temperature and luminosity will steadily decrease over time though, as the supernova that set “fire” to the ionized gas seen here ignited a little over 160,000 years ago (as a fun side-note, what might be the oldest human remains on record — with the exception of 8 teeth found in an Israeli cave — date back 160,000 years), the light from which just arrived on Earth. Similarly, if we could see it in real time, it would look drastically different to us.. maybe even unrecognizable. It will, however, give birth to new stars eventually. 

It’s would likely still be pretty impressive in its own right based on size alone, as it spans well over 75 light-years across, in a portion of the sky inhabited by the Large Magellanic Cloud (LMC). (The satellite galaxy itself lies about 160,000 light-years from Earth in the Dorado constellation).

Learn more information here, or download a larger image here.

The Strange & Wonderful Reality of Supernovae: