‘Distributed guessing’ attack lets hackers verify Visa card details

Add credit card fraud to the list of things that distributed processing can speed up. An e-commerce site will typically block a credit card number after 10 or 20 failed attempts to enter the corresponding expiry date and CVV (card verification value), making life difficult for fraudsters who don't have a full set of credentials. But there are plenty of e-commerce sites out there, and it's possible to obtain missing account details by submitting slightly different payment requests to hundreds of them in parallel. It takes less than six seconds to perform the "distributed guessing attack," according to the researchers at Newcastle University in the U.K. who figured out how to do it.To read this article in full or to leave a comment, please click here

‘Distributed guessing’ attack lets hackers verify Visa card details

Add credit card fraud to the list of things that distributed processing can speed up. An e-commerce site will typically block a credit card number after 10 or 20 failed attempts to enter the corresponding expiry date and CVV (card verification value), making life difficult for fraudsters who don't have a full set of credentials. But there are plenty of e-commerce sites out there, and it's possible to obtain missing account details by submitting slightly different payment requests to hundreds of them in parallel. It takes less than six seconds to perform the "distributed guessing attack," according to the researchers at Newcastle University in the U.K. who figured out how to do it.To read this article in full or to leave a comment, please click here

28% off Bushbox Titanium Outdoor Pocket Stove – Deal Alert

This Bushbox is an ultra light Titanium multi-fuel pocket stove for the great outdoors. It can be used with wood, organic material, a standard alcohol burner or esbit tabs, and folds down so small and lightweight that you could fit it in your pocket (or a Christmas stocking!). It comes with two trivets for any pot size, and comes with an ash pan for soil/ground protection. It averages 4.5 out of 5 stars on Amazon, where its list price of $69 has been reduced to $49.90. See the discounted titanium Bushbox on Amazon.To read this article in full or to leave a comment, please click here

Up close with Amazon Snowball: Cloud migration for the data center

At the AWS re:Invent show, Network World's Brandon Butler takes a closer look at the AWS Snowball offering. The ruggedized appliance helps enterprises migrate very large amounts of data to Amazon's cloud.

How to find out if your iPhone 6s is eligible for free battery replacement

When my iPhone 6s started shutting down earlier this month even though it still had 20% or 30% battery life showing, I suspected maybe it was just getting too cold. After all, I've seen my iPhones be temperature sensitive in the past.But it turns out that the problem really stemmed from a bug in version 10.1 or 10.1.1 of Apple iOS, and now Apple is offering free battery replacement by those affected. The weird thing that those of us affected by this have experienced is that after charging the phone back in, it almost immediately turns back on, back at its 20% or 30% battery level.MORE: Best Black Friday 2016 deals on Apple iPhones, Macs & MoreTo read this article in full or to leave a comment, please click here

Windows 10 posts user-share gains after multi-month stall

After a two-month stretch of no growth, Windows 10 in November gained user share, powering more than a quarter of all Windows PCs for the first time, data published today showed.According to U.S. metrics vendor Net Applications, Windows 10 gained 1.1 percentage points of user share last month, ending with 23.7% of all personal computers. Windows 10 ran 26.1% of all Windows machines: The difference between the user share of all PCs and only those running Windows stemmed from the fact that Windows powered 91% of all personal computers, not 100%.User share is an estimate of the proportion of all personal computer users who run a device powered by a specific operating system. The analytics company measures OS user share by counting devices whose browsers reach websites of Net Applications' clients.To read this article in full or to leave a comment, please click here

Western Digital releases series of Raspberry Pi disk drives

Western Digital (WD) today introduced a new series of storage devices designed specifically for use with Raspberry Pi, a single-board micro PC.The WD PiDrive Foundation Edition drives include a microSD card preloaded with the custom New Out of Box Software OS installer.Raspberry Pi's official OS, Raspbian PIXEL, can be installed directly from WD's microSD card without an Internet connection, the company stated. In addition, the drives include Project Spaces, independent partitions of the drive with Raspbian Lite, which allows up to five separate projects to be developed on a single drive.To read this article in full or to leave a comment, please click here

22 wildly imaginative PCs that don’t look like PCs at all

More than meets the eyeImage by Anshel SagFor many people, PCs are just a tool; a bland beige or black box shoved underneath a desk and physically ignored except for when you press the power button. But not for everyone. In the right hands, PCs can be transformed into works of art inside and out.To read this article in full or to leave a comment, please click here

AWS looks to take the drudge work out of data analysis

Amazon Web Services is looking to make it easier, and more efficient, for enterprises to analyze their data in the cloud."Eighty percent of what we call analytics is not analytics at all but just hard work," said Werner Vogels, chief technology officer at Amazon.com, speaking during a keynote speech this morning at the AWS re:Invent cloud conference in Las Vegas.Instead of digging down into a company's data to find patterns and insights that will give an enterprise a competitive advantage, too much time is spent on indexing, storage, security, and making sure the right access is set up.+ MORE FROM AWS RE:INVENT: Cool tech at AWS re:Invent +To read this article in full or to leave a comment, please click here

The Daily DDoS: Ten Days of Massive Attacks

Back in March my colleague Marek wrote about a Winter of Whopping Weekend DDoS Attacks where we were seeing 400Gbps attacks occurring mostly at the weekends. We speculated that attackers were busy with something else during the week.

This winter we've seen a new pattern, and attackers aren't taking the week off, but they do seem to be working regular hours.

CC BY 2.0 image by Carol VanHook

On November 23, the day before US Thanksgiving, our systems detected and mitigated an attack that peaked at 172Mpps and 400Gbps. The attack started at 1830 UTC and lasted non-stop for almost exactly 8.5 hours stopping at 0300 UTC. It felt as if an attacker 'worked' a day and then went home.

The very next day the same thing happened again (although the attack started 30 minutes earlier at 1800 UTC).

On the third day the attacker started promptly at 1800 UTC but went home a little early at around 0130 UTC. But they managed to peak the attack over 200Mpps and 480Gbps.

And the attacker just kept this up day after day. Right through Thanksgiving, Black Friday, Cyber Monday and into this week. Night after night attacks were peaking Continue reading

Face-off: New Relic vs. AppDynamics for APM

Application performance management (APM) software must serve multiple masters -- developers, IT and business managers -- all of whom want visibility into the performance of corporate software to make sure it produces a great, reliable experience for the end-user.To read this article in full or to leave a comment, please click here(Insider Story)

How Windows 10 data collection trades privacy for security

Windows 10’s aggressive data-collection capabilities may concern users about corporate spying, but enterprises have control that consumer-edition Windows users do not: Administrators can decide how much information gets sent back to Microsoft.But enterprises need to think twice before turning off Windows telemetry to increase corporate privacy. That’s because doing so can decrease the effectiveness of Windows 10’s security features.[ InfoWorld’s deep look: Why (and how) you should manage Windows 10 PCs like iPhones. | The essentials for Windows 10 installation: Download the Windows 10 Installation Superguide today. ] Microsoft isn’t merely hoovering up large amounts of data because it can. The company has repeatedly reiterated its stance that Windows 10 does not collect the user’s personal data, but rather anonymized file data that is then used to improve overall user experience and Windows functionality.To read this article in full or to leave a comment, please click here

How Windows 10 data collection trades privacy for security

Windows 10’s aggressive data-collection capabilities may concern users about corporate spying, but enterprises have control that consumer-edition Windows users do not: Administrators can decide how much information gets sent back to Microsoft.But enterprises need to think twice before turning off Windows telemetry to increase corporate privacy. That’s because doing so can decrease the effectiveness of Windows 10’s security features.[ InfoWorld’s deep look: Why (and how) you should manage Windows 10 PCs like iPhones. | The essentials for Windows 10 installation: Download the Windows 10 Installation Superguide today. ] Microsoft isn’t merely hoovering up large amounts of data because it can. The company has repeatedly reiterated its stance that Windows 10 does not collect the user’s personal data, but rather anonymized file data that is then used to improve overall user experience and Windows functionality.To read this article in full or to leave a comment, please click here

AI will take some jobs, but no need to worry

The capabilities of artificial intelligence and machine learning are accelerating, and many cybersecurity tasks currently performed by humans will be automated. There will still be plenty of work to go around so job prospects should remain good, especially for those who keep up with technology, broaden their skill sets, and get a better understanding of their company's business needs.Cybersecurity jobs won't go the way of telephone operators. Take, for example, Spain-based antivirus company Panda Security. When the company first started, there were a number of people reverse-engineering malicious code and writing signatures.To read this article in full or to leave a comment, please click here

China cracks down on fake news

The current debate over fake online news has one country feeling vindicated: China. For years, its controversial censorship system has been cracking down on so-called "online rumors," and last week a state-controlled newspaper essentially told the U.S., "I told you so.""China’s crackdown on online rumors a few years ago was harshly condemned by the West,” wrote the Global Times. “Things changed really quickly, as the anxiety over internet management has been transferred to the U.S."To be sure, the two are very different.In the U.S., it’s private citizens and internet companies that are questioning the role of fake news while acknowledging freedom of speech. In China, the government itself is arresting people as part of its concerted effort to maintain control over all corners of the internet.To read this article in full or to leave a comment, please click here

Packet Blast: Top Tech Blogs, Dec. 2

IDG Contributor Network: How we got our tattered IoT insecurity blanket

In my last post—Your network, IoT, cloud computing and the future—I introduced a few trends that appear to be shaping the Internet we have today. This post is the first of two that detail my observations on the large-scale security picture on the Internet and what companies, network professionals and individuals need to take into consideration when addressing the new challenges presented by expanding trends such as the cloud and the Internet of Things (IoT).Today’s installment outlines some fundamental architectural underpinnings of the security vulnerabilities we all face. The next installment will outline some near-term suggestions for things we each might do, as well as suggest some overall architectural moves that may make things safer for all users of the InternetTo read this article in full or to leave a comment, please click here

Weekly Snapshot of Tier 1 carrier performance

The post Weekly Snapshot of Tier 1 carrier performance appeared first on Noction.

Building a L3-Only Data Center with Cumulus Linux

Dinesh Dutt was the guest speaker in the second Leaf-and-Spine Fabric Design session. After I explained how you can use ARP/ND information to build a layer-3-only data center fabric that still support IP address mobility Dinesh described the details of Cumulus Linux redistribute ARP functionality and demoed how it works in a live data center.

Twitter gets new product head and team from app startup Yes

Twitter has swallowed social app developer Yes and is also getting a new product head as part of the deal.Keith Coleman, formerly CEO of the Palo Alto startup, is joining Twitter as vice president of product development. “Yes! Keith and team are joining Twitter to help lead and strengthen our service!,” wrote Twitter CEO Jack Dorsey in a message on the social network.The post of head of product development has been vacant for some time at Twitter, which has been struggling to boost its user base and turn a profit. In the third quarter, the company posted a loss of US$103 million on revenue of $616 million. Average monthly active users grew in the quarter by 3 percent year-on-year to 317 million.To read this article in full or to leave a comment, please click here