Latest Posts | Latest posts from our site.

Saturday, October 22, 2016

US under cyber attack

SAN FRANCISCO — Eleven hours after a massive online attack that blocked access to many popular websites, the company under assault has finally restored its service. Dyn, a New Hampshire-based company that monitors and routes Internet traffic, was the victim of a massive attack that began at 7:10 a.m. ET Friday morning. The issue kept some users on the East Coast from accessing Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, PayPal and other sites.
At 6:17 p.m. ET Friday, Dyn updated its website to say it had resolved the large-scale distributed denial of service attack (DDoS) and service had been restored.

DDoS attacks flood servers with so many fake requests for information that they cannot respond to real ones, often crashing under the barrage. It's unclear who orchestrated the attack.
“It’s a very smart attack. We start to mitigate, they react. It keeps on happening every time. We’re learning, though” said Kyle York, Dyn’s chief strategy officer said on a conference call with reporters Friday afternoon.
Internet_outage_map_October_2016
Troubling to security experts was that the attackers relied on Mirai, an easy-to-use program that allows even unskilled hackers to take over online devices and use them to launch DDoS attacks. The software uses malware from phishing emails to first infect a computer or home network, then spreads to everything on it, taking over DVRs, cable set-top boxes, routers and even Internet-connected cameras used by stores and businesses for surveillance.
These devices are in turn used to create a robot network, or botnet, to send the millions of messages that knock the out victims' computer systems. The source code for Mirai was released on the so-called dark web, sites that operate as a sort of online underground for hackers, at the beginning of the month. The release led some security experts to suggest it would soon be widely used by hackers. That appears to have happened in this case.
Dyn is getting “tens of millions” of messages from around the globe sent by seemingly harmless but Internet-connected devices. “It could be your DVR, it could be a CCTV camera, a thermostat. I even saw an Internet-connected toaster on Kickstarter yesterday,"  said York. The complexity and breadth of the multiple attack points make it difficult to fight because it's hard to distinguish legitimate traffic from botnet traffic.
York said one bright spot for the company had been the tremendous outpouring of aid from its customers, competitors and law enforcement. “You guys wouldn’t believe the amount of support we’ve received,” he told reporters.


Effects felt nationwide - Dyn first  posted on its website at 7:10 a.m. ET that it "began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure."
These resolved towards 9:30 a.m. Then more waves began. "It's been a hectic day," said York. The attack comes at a time of heightened public sensitivity and concern that the nation's institutions and infrastructure could face large-scale hacking attacks. The most recent example has been the release of emails stolen from the servers of the Democratic National Committee, which U.S. intelligence sources say was the work of Russia. The topic has come up frequently during the fall's hard-fought presidential campaign.
White House Press Secretary Josh Earnest said the Department of Homeland Security was “monitoring the situation" but that “at this point, I don’t have any information about who may be responsible for this malicious activity.”
So far Dyn has not been able to ascertain whether the attack is aimed at any specific customer. “We have no reason to believe it is at this point,” said Dave Allen, the company’s general counsel. The attack is “consistent with record-setting sized cyber attacks seen in the last few weeks,” said Carl Herberger, vice president of security at security company Radware.
Disruption - A post on Hacker News first identified the attack and named the sites that were affected. Several sites, including Spotify and GitHub, took to Twitter Friday morning to post status updates once the social network was back online.

Friday, October 21, 2016

US Hacker Attack

http://www.techtechnik.com/wp-content/uploads/2014/11/hacking.jpg

Several of the world's best-known websites were inaccessible across parts of the United States on Friday after hackers unleashed a series of attacks on a company that acts as a switchboard for the internet. The attacks affected access to Twitter, Paypal, Spotify and other customers of the infrastructure company in New Hampshire called Dyn, which processes large volumes of internet traffic.

"The attacks came in waves," Al Jazeera's Rob Reynolds, reporting from Los Angeles, said. "First targeting the East Coast of the United States, spreading then to the other parts of the country and even to Western Europe." "The websites that were disrupted were some of the top names in the internet: CNN and the New York Times, AirBnB, Reddit, HBO ... a whole variety of sites were attacked."

"Dyn is kind of a middle man that directs users to different websites and routes traffic from server to server in a complex way," said Reynolds. The attackers used hundreds of thousands of internet-connected devices that had previously been infected with a malicious code that allowed them to cause outages.

"This type of attack is known as a distributed denial of service attack [DDoS]," explained our correspondent. "They used affected computers to fire requests at the servers of Dyn simultaneously and essentially overwhelm it."

The US under cyber attack
"The complexity of the attacks is what's making it very challenging for us," Dyn's chief strategy officer, Kyle York, told Reuters news agency. York said that at least some of the malicious traffic was coming from connected devices, including webcams and digital video recorders, that had been infected with control software named Mirai.

Security researchers have previously raised concerns that such connected devices, sometimes referred to as the Internet of Things, lack proper security. The Mirai code was dumped on the internet about a month ago, and criminal groups are now charging to employ it in cyber attacks, said Allison Nixon, director of security research at Flashpoint, which was helping Dyn analyse the attack.

Tuesday, October 11, 2016

How computers are setting us up

Crash: how computers are setting us up for disaster

When a sleepy Marc Dubois walked into the cockpit of his own aeroplane, he was confronted with a scene of confusion. The plane was shaking so violently that it was hard to read the instruments. An alarm was alternating between a chirruping trill and an automated voice: “STALL STALL STALL.” His junior co-pilots were at the controls. In a calm tone, Captain Dubois asked: “What’s happening?”

Co-pilot David Robert’s answer was less calm. “We completely lost control of the aeroplane, and we don’t understand anything! We tried everything!”

The crew were, in fact, in control of the aeroplane. One simple course of action could have ended the crisis they were facing, and they had not tried it. But David Robert was right on one count: he didn’t understand what was happening.

As William Langewiesche, a writer and professional pilot, described in an article for Vanity Fair in October 2014, Air France Flight 447 had begun straightforwardly enough – an on-time take-off from Rio de Janeiro at 7.29pm on 31 May 2009, bound for Paris. With hindsight, the three pilots had their vulnerabilities. Pierre-Cédric Bonin, 32, was young and inexperienced. David Robert, 37, had more experience but he had recently become an Air France manager and no longer flew full-time. Captain Marc Dubois, 58, had experience aplenty but he had been touring Rio with an off-duty flight attendant. It was later reported that he had only had an hour’s sleep.

Fortunately, given these potential fragilities, the crew were in charge of one of the most advanced planes in the world, an Airbus 330, legendarily smooth and easy to fly. Like any other modern aircraft, the A330 has an autopilot to keep the plane flying on a programmed route, but it also has a much more sophisticated automation system called fly-by-wire. A traditional aeroplane gives the pilot direct control of the flaps on the plane – its rudder, elevators and ailerons. This means the pilot has plenty of latitude to make mistakes. Fly-by-wire is smoother and safer. It inserts itself between the pilot, with all his or her faults, and the plane’s mechanics. A tactful translator between human and machine, it observes the pilot tugging on the controls, figures out how the pilot wanted the plane to move and executes that manoeuvre perfectly. It will turn a clumsy movement into a graceful one.
This makes it very hard to crash an A330, and the plane had a superb safety record: there had been no crashes in commercial service in the first 15 years after it was introduced in 1994. But, paradoxically, there is a risk to building a plane that protects pilots so assiduously from even the tiniest error. It means that when something challenging does occur, the pilots will have very little experience to draw on as they try to meet that challenge.

The complication facing Flight 447 did not seem especially daunting: thunderstorms over the Atlantic Ocean, just north of the equator. These were not a major problem, although perhaps Captain Dubois was too relaxed when at 11.02pm, Rio time, he departed the cockpit for a nap, leaving the inexperienced Bonin in charge of the controls.


https://www.theguardian.com/technology/2016/oct/11/crash-how-computers-are-setting-us-up-disaster

Thursday, September 22, 2016

Samsung is recalling the Galaxy Note 7

samsung-galaxy-note-7-feu
Smasung is recalling the Galaxy Note 7 smartphones worldwide after reports that the devices can catch fire while charging.

The massive recall of one of Samsung's flagship devices is an embarrassing setback for the world's biggest selling smartphone maker. The Note 7 was unveiled just a month ago, and big rival Apple (AAPL, Tech30) is expected to show off its new smartphone next week.

Samsung (SSNLF) said Friday it had found a problem with the battery in some of the phones and was halting sales in 10 countries, including South Korea and the U.S. It will offer customers a new product for free in the coming weeks to replace the 2.5 million Galaxy Note 7s that have been sold.
Samsung said devices in China don't appear to be affected because it used another battery supplier. But it was unclear if models sold in China would nonetheless be recalled.

The company originally said it would take about two weeks to prepare the recall, but later announced Note 7 users in the U.S. can exchange their device for a Galaxy S7 or Galaxy S7 Edge, starting next week. It will also refund the cost of Note 7-specific accessories. Samsung is giving Note 7 users a $25 gift card or bill credit for the inconvenience. Read more in http://adf.ly/1dwtPi

Monday, September 12, 2016

11 new Siri features to try in iOS 10, MacOS Sierra, and Apple TV

Major upgrades are coming to Siri. Here are some of the new ways you'll be able to use Siri following the updates.


Siri is a lot more useful in iOS 10, MacOS Sierra and the Apple TV's latest update. The iPhone voice assistant work with and control many non-Apple apps, get improved voice search and will even be baked into your MacBook or iMac. Siri will also have more predictive features, so you get the info you need without having to ask for it first. Here are all the ways you can talk to Siri in iOS 10, MacOS Sierra and Apple TV.

You'll be able to control a lot more apps

imessagewwdc201615.gifIn iOS 10, Apple opened Siri to third-party developers, however, so you can control many more apps with your voice. Apple provided us with a list of some of the apps that Siri can control at launch, as well as sample commands. Here are some examples:

Pinterest: Look for pins you've saved, like "Hey Siri, find men's fashion pins on Pinterest." Check out the GIF on the right to see it in action.

Square Cash: "Hey Siri, pay Sharon 10 dollars with Square Cash." That's much faster than thumbing through the Square Cash app, selecting the person to send the money to and setting the dollar amount.