An explosion this weekend at the United State's National Institute of Standards and Technology's Gaithersburg, Maryland complex appears to have resulted from the clandestine manufacture of crystal meth. A security guard was injured in connection with the explosion. NIST is most commonly known for their role as timekeeper for the United States Government.
Category Archives: News
Universal Shares Own Film With Pirates
On the 15th of this month Universal Pictures France filed a takedown request with Google (archived) demanding they remove from results sites hosting or linking pirated copies of Jurassic World. Among the addresses Universal demanded Google sanction was 127.0.0.1 which is the IP address a computer reserves for communicating with itself. This means that not only was Universal seeding its own film to pirates, it was likely doing so from the same machine used detect and prepare a report on infringement for Universal. Continue reading
Coin.mx Operators Arrested For Violating Anti Money Laundering Laws
Anthony Murgio and Yuri Lebedev operators of the Bitcoin/Fiat exchange Coin.mx were arrested by the FBI at their Florida homes last week and charges in the Southern District of New York by Preet Bharara's office were unsealed against them this week. The Feds accuse Coin.mx of trading roughly 1.8 million dollars worth of Bitcoin and Fiat using the pretext of a memorabilia collector's club to conceal their actual activities from their banks and later acquiring control of a small credit union for greater autonomy. Continue reading
Brute Force for keyboard-interactive OpenSSH Logins Discovered
There is a proof of concept which allows for an attacker to attempt to brute force OpenSSH servers with keyboard-interactive logins enabled. FreeBSD users are especially affected as FreeBSD allows keyboard-interactive OpenSSH logins by default. This brute force allows attempting up to 10,000 password entries at a time. For quite some time it has been known that all forms of password authentication over SSH are weaker by necessity than key based authentication which should be the only login method allowed on any machines over SSH. This is a rather minor enhancement to an existing protocol level vulnerability, but this incident should serve as a reminder that a well configured SSH server will by necessity only allow key based logins. A patch which corrects this issue has already been committed to the source tree and will be included with OpenSSH 7.0 which is due for release in a few weeks.
Grooveshark Cofounder Dead at 28
Josh Greenberg a cofounder of the late music streaming service Grooveshark was found dead in his Florida home, and according to the BBC and his mother he had no ongoing health concerns. Grooveshark was founded in 2006 and closed this April after years of legal harassment by agents of the copyright regime culminating in a United States court finding Grooveshark liable for up to nearly three quarter of a billion dollars in damages. At its peak Grooveshark provided 145 people with employment.
"Entertainment System" Vulnerability Turns Vehicles Into Hot Death
Reports (video) are in that cybersecurity researchers Charlie Miller and Chris Valasek have demonstrated a potentially life-threatening1 security vulnerability in a raft of new cars and trucks with "connected" entertainment systems. Continue reading
Michael Hastings, anyone ? ↩
Microsoft Product Critical Vulnerability Week After Update End of Life
Microsoft has now announced a vulnerability in all of its Windows products a week after their Windows Server 2003 product has reached end of life for continued support. For what little it is worth Microsoft has issued an emergency patch to address this vulnerability in supported versions of their Windows family of products. The vulnerability exists in the way Microsoft products handle Microsoft's own "OpenType" format for fonts. This exploit via fonts affecting Windows desktops and servers follows an April exploit which rooted Windows servers using their flawed JPEG handling mechanisms. Microsoft stands to profit from users of Windows Server 2003 both upgrading to a supported version or opting for premium beyond end of life support contracts.
ALM CEO Cries 'Terrorism' after Ashley Madison Hack
Billing itself as a dating site specifically for people in relationships who wish to have an affair, Ashley Madison was recently breached by an entity calling itself The Impact Team. A Gitlab user of the same name reportedly released a partial database dump containing members' personal information, including email and physical addresses and real names, though the dump was no longer accessible as of July 21st. In a message left on the site and since removed, the breacher claims to have "taken over all systems in [Avid Life Media (Ashley Madison's parent company)'s] entire office and production domains, all customer information databases, source code repositories, financial records, emails." The message lambasted ALM for charging its users a $19 fee to delete their account data while keeping their credit card purchase details including names and addresses on file, and threatened to release a complete database dump unless the company "shuts down" Ashley Madison and Established Men, another site it "owns". Continue reading
Kickass Torrents Dropped From Google Search Results
Torrent Freak and others are reporting that Google has dropped Kickass Torrents from its search results, describing Google's action as a "severe penalty" to its search rankings. After the final collapse of the Pirate Bay Kickass Torrents has ascended to become the most popular torrent site. Kickass Torrents as moved domains in its history but at the moment has settled at the domain kat.cr for the foreseeable future. Google over its decade and a half of existence has moved away from its PageRank algorithm which brought it to dominance instead favoring manual actions to shape search results. Immediately after dropping Kickass Torrents from search results the first result on Google for the query "Kickass Torrents" was a known malware site imitating the actual Kickass Torrents site.
Ashley Madison Hacked
Extramarital dating site Ashley Madison has been hacked according to a report by Brian Krebs. The hack also affects other niche social networking properties operated by Ashley Madison's corporate parent Avid Life Media. The actors behind the attack call themselves "The Impact Group" and along with releasing corporate data on Avid Life Media they have claimed that one of Ashley Madison's more profitable services, a $19 charge for fully deleting one's account, is a complete lie as the company retains user information. According to the Impact group in 2014 "Full Delete" netted Ashley Madison 1.7 million US dollars in revenue while they were still retaining user's real names, addresses, and full billing information. The Impact Team demands Avid life take Ashley Madison and another site "Established Men" offline permanently in order to prevent the release of all information taken from Avid Life's servers.
This incident is just another blow to the world consumers have come to expect. In a world with strong and readily accessible cryptography there is no longer any compelling reason for users to depend so entirely on a service like Ashley Madison and leaving their interests in and activities oriented towards extramarital dating exposed.