Excellent analysis of the attack against github reported earlier. Great firewall demystified just a little.
Errata Security: Pin-pointing China's attack against GitHub.
Scary how easy it is to gain control over physical building systems.
Owning a Building: Exploiting Access Control and Facility Management Systems by Billy Rios – YouTube.
Very good analysis of the current DDoS attack that GitHub is facing, apparently over the hosting of github.com/greatfire and github.com/cn-nytimes, which is used to bypass censorship in China.
The hard truths – cloud is not always the answer.
Great comment from HN:
The reason why it is extremely hard to engineer robust large scale AWS cloud apps can be summarized under the umbrella of performance variance:
– machine latency varies more, you can’t control it
– network latency varies more
– storage latency varies more (S3, Redshift, etc.)
– machine outages are more frequent
How and Why Swiftype Moved from EC2 to Real Hardware – High Scalability –.
Good grief! Has no one learned from Sony’s rootkit incident yet? If you are a Lenovo owner, you may want to check if there’s a Superfish certificate in your certificate chain by running certmgr.msc. Other than injecting unwanted ads in your browser, in theory the adware could sniff on your banking transactions ‘cos it’s performing a MiTM on your HTTPS.
The greatest bank robbery of all times? Some says hundreds of millions have been stolen, some say up to 1 billion. Given the extent of attack, it could be hard to know the exact amount. But one thing is clear, we have come a long way since the playful days of prank worms and viruses. Cyber criminals are now extremely well-organized, funded and motivated by huge monetary rewards.
A stunning look at the extent some organizations would go to achieve its objectives. From a technical perspective, it’s brilliant. This will no doubt be used as a template for other state actors to follow, as some already did earlier.
How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last | Ars Technica.
A break from the usual cybersecurity stories. Here’s a nice one on obfuscated C, if you can call it that.
$ cat test.c
const int main[] = {
-443987883, 440, 113408, -1922629632,
4149, 899584, 84869120, 15544,
266023168, 1818576901, 1461743468, 1684828783,
-1017312735
};
$ gcc test.c -o a.out
$ ./a.out
Hello World!
Yes I tested and it works. Want to know how it works? Here’s the link:
Main is usually a function. So then when is it not?.
I knew about Gluster File system, but it’s the first time I heard of Bees with Machine Guns! This article provides an insider’s view on how an online magazine company scale up their back-end to prepare for Kim Kardashian’s backend ;-). If you are a sysadmin or web engineer I bet some parts of the article will make you smile.
How PAPER Magazine’s web engineers scaled Kim Kardashian’s back-end (SFW) — The Message — Medium.
Categories
