Categories
Uncategorized

Full(er) House: Exposing high-end poker cheating devices

This is a fascinating expose of a card game cheating device straight out of a spy movie.


This post exposes how real-world highly advanced poker cheating devices work.

Source: Full(er) House: Exposing high-end poker cheating devices

Categories
security sysadmin

Strange Loop – IP Spoofing

A very clear explanation to the DDoS problem that has been plaguing the Internet and recent advances in DDoS techniques.

The internet was originally created as a collection of equal connected peers. Everyone connected had equal rights, could consume content, produce content.

It was normal to host DNS or HTTP services on your home land-line.

But this is not possible anymore. It’s just too easy to knock unprotected websites off line.

Strange Loop – IP Spoofing

Categories
privacy

EXCLUSIVE-Yahoo secretly scanned customer emails for US intelligence-sources

Just when you thought things couldn’t get worse for Yahoo, which is dealing with the fallout from news of its massive hack. It is also trying to sell itself to Verizon, which is taking the opportunity to ask for a massive price cut.

YAHOO-NSA/ (EXCLUSIVE, PIX):EXCLUSIVE-Yahoo secretly scanned customer emails for US intelligence-sources

Source: EXCLUSIVE-Yahoo secretly scanned customer emails for US intelligence-sources

Categories
security

150,000 IoT Devices behind the 1Tbps DDoS attack on OVH

This is not the first incident where large number of IoT devices are being used to launch a DDoS attack. It’s a worrying sign that the number of compromised devices are getting larger and the technique is getting more popular.

The hosting provider OVH continues to face massive DDoS attacks launched by a botnet composed at least of 150000 IoT devices.

Source: 150,000 IoT Devices behind the 1Tbps DDoS attack on OVH

Categories
privacy security

Hack Brief: Yahoo Breach Hits Half a Billion Users

Largest password breach so far – 500M users.

After earlier reports of a cybercriminal hack that affected 200 million users, the real breach turns out to be far more serious.

Source: Hack Brief: Yahoo Breach Hits Half a Billion Users

[2016-09-29]: Defending Against Hackers Took a Back Seat at Yahoo, Insiders Say. ‘Cos it doesn’t affect the bottom line, no?

“Yahoo is already suffering. I don’t think they’ll suffer more because of this,” said Avivah Litan, a security analyst with the research firm Gartner.
Ouch.

Categories
Uncategorized

Beware: Windows 10 Signature Edition Blocks Installing Linux – FossBoss

Anti-competitive practice from Microsoft. Microsoft is apparently pressuring some hardware vendors to lock their BIOS to prevent installation of 3rd party OSes including Linux. Someone bought a Yoga 900 ISK2 and found that they can’t install Linux on it.

Just when you thought Microsoft is turning good – from all the open-source and Windows Subsystem for Linux efforts.

For you: If you see the “Windows 10 Signature Edition” badge on a laptop, DON’T BUY IT! You may not be able to install Linux (or any OS) on it, and there’s nothing you can do to the machine to change this currently.

Source: Beware: Windows 10 Signature Edition Blocks Installing Linux – FossBoss

Update (2016-09-22): Someone claims that the issue is overblown and that Ms isn’t forcing manufacturers to lock their BIOS. It’s Lenovo that is mishandling the whole thing.

Update (2016-09-22): Lenovo denies blocking installation of alternate OSes. Well they didn’t exactly block it. They just didn’t make it possible. If Lenovo wants to keep its customers happy it should release a BIOS patch that do exactly that.

Categories
privacy security

The Dropbox hack is real

It’s not a suspect breach. Change your Dropbox password now.

Earlier today, Motherboard reported on what had been rumoured for some time, namely that Dropbox had been hacked. Not just a little bit hacked and not in that “someone has cobbled together a list of credentials that work on Dropbox” hacked either, but proper hacked to the tune of 68

Source: The Dropbox hack is real

Categories
security

The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender – The Citizen Lab

The dark side of the cybersecurity industry has surfaced once again – companies that provide cyberweapons to organizations with deep pockets. In this case, the cyberweapon is a chain of zero-day exploits that requires no more than clicking on a link from an SMS. Good thing the target is discerning enough not to click on it – which means a million dollars (or two, or three) is wasted.

This report describes how a government targeted an internationally recognized human rights defender, Ahmed Mansoor, with the Trident, a chain of zero-day exploits designed to infect his iPhone with sophisticated commercial spyware.

Source: The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender – The Citizen Lab

Categories
security

The NSA Leak Is Real, Snowden Documents Confirm

Yes any organization can be hacked. Even the NSA. The stolen cyberweapons – there may be more than one group who possess them – are now being auctioned publicly. This is why it’s a bad idea to add backdoors that only governments can use.

A never-before-published NSA manual makes it clear that malware released by a hacker group this week came from the spy agency.

Source: The NSA Leak Is Real, Snowden Documents Confirm

Categories
Uncategorized

Google launches 1-to-1 video calling app Duo


Google launches another video calling app. It’s not the app that caught my eyes though, but comments on Hacker News about Google’s culture:

Google culture is hiring the smartest or most motivated college grads, paying them to babysit legacy money printing systems built by the generation before them, then occasionally encouraging them to team up and clone popular services from other companies and startups.

The clones get passed around the campus for dogfooding until enough interest builds up and the project goes up the chain of command until a VP (at the time Marissa) signs off on it with notes on what to improve along with granting the necessary resources to spin it up.

Then if someone decides the project has legs they figure out how to engineer it for Google’s audience and launch. If it doesn’t work then the team disperse and move on to another project. Or it works and the team gets a moment in the sun.

Every single popular thing on the internet has a Google clone somewhere in the intranet.