The Upload: Your tech news briefing for Friday, April 24

Comcast: Let’s call the whole thing offJust one day after a U.S. regulator was said to be calling for hearings on the proposed $45 billion merger between Comcast and Time Warner Cable come reports that Comcast is ready to abandon the tie-up, and may make an announcement on Friday. The combined companies would control more than half of the broadband Internet access market in the U.S.—a market where customers already grumble about their lack of choice, and pay more for less than people in virtually every other developed country. The omens for gaining regulatory approval have been darkening: not only did the Federal Communications Commission want hearings on the matter, but the Department of Justice, which monitors antitrust issues, was also apparently not a fan of the deal.To read this article in full or to leave a comment, please click here

Zensors app lets you crowdsource live camera monitoring

If you feel like you need eyes in the back of your head, there’s a crowdsourcing app for that.Zensors is a smartphone application that can monitor an area of interest by using a camera, crowdsourced workers and artificial intelligence.Developed by researchers from Carnegie Mellon University and University of Rochester, the idea behind Zensors is to use any camera in a fixed location to detect changes in what’s being monitored—for instance whether a pet’s food bowl is empty—and automatically notify users.The developers say it’s a cheap, accessible way to add sensors to the environment, part of the move toward building smart homes and smart cities.To read this article in full or to leave a comment, please click here

Network Dictionary: Homoglyphs

A homoglyph is a text characters with shapes that identical or similar to each other. Common examples are zero/O and one/l . More complex Homoglyphs are derived from characters used in other languages that are a part of Unicode. In the following, this website converts english text “EtherealMind” into characters that looks similar but use completely different HTML […]


The post Network Dictionary: Homoglyphs appeared first on EtherealMind.

Cisco VIRL NXOSv NXAPI Update

Cisco's VIRL latest update now supports NXAPI in it's NXOSv image. This is great for developing against it, for those (like me) that don't have full access all the time to Nexus...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

SAP patches login flaw in ASE database

SAP patched a flaw on Thursday that could allow an attacker to take complete control over a database, according to security vendor Trustwave.The flaw (CVE-2014-6284) affects SAP’s Adaptive Server Enterprise (ASE), a relational database for Unix, Linux and Windows systems, designed for high volumes of data-rich transactions. Vulnerable versions are 12.5, 15, 15.5, 15.7 and 16.TrustWave’s Martin Rakhmanov, a senior security researcher, found an error in the challenge and response mechanism used to access ASE. The account access gained is not a privileged account, but TrustWave said other flaws allow the privileges to be escalated to that of a database administrator.To read this article in full or to leave a comment, please click here

Hackers exploit Magento e-commerce vulnerability

Those using Magento’s e-commerce platform should ensure they’re using its latest software, as attackers are increasingly exploiting a flaw patched two months ago, security companies warned.The vulnerability can allow an attacker to gain complete control over a store with administrator access, potentially allowing credit card theft, wrote Netanel Rubin of Check Point’s Malware and Vulnerability Research Group. As many as 200,000 websites use Magento, which is owned by eBay.Check Point, which found the flaw, reported it to Magento, which issued a patch (SUPEE-5344) on Feb. 9. Since Check Point revealed the flaw earlier this week, it appears attackers have picked up on it and are trying to find unpatched applications.To read this article in full or to leave a comment, please click here

Of Phishing Attacks and WordPress 0days

Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. It also make us a target. Aside from the many, varied denial of service attacks that break against our defenses we also see huge number of phishing campaigns. In this blog post I will dissect a recent phishing attack that we detected and neutralized with the help of our friends at Bluehost.

An attack that is particularly interesting as it appears to be using a brand new WordPress 0day.

A Day Out Phishing

The first sign we typically see that shows a new phishing campaign is underway are the phishing emails themselves. There's general a constant background noise of a few of these emails targeting individual customers every day. However when a larger campaign starts up, typically that trickle turns into a flood of very similar messages.

Messages like this one:
Example Phish Note — We will never send you an email like this. If you see one, its fake and should be reported to our abuse team by forwarding it to [email protected].

In terms of the phishing campaign timeline, these emails aren’t the first event. Much like a spider looking to Continue reading

Acer Aspire Switch 10 saved by the dock

Acer’s new Aspire Switch 10 seems like just another low-cost Windows tablet, but its detachable keyboard dock turns the device into a shape-shifter that can stand in multiple angles.The Switch 10 is first a tablet, and it can become a laptop when attached to a keyboard dock. Acer announced two Switch 10 models at a lavish press event in New York, with the entry-level Switch 10 E SW3-013 starting at US$279 and the higher-resolution Switch 10 SW5-015 starting at $399.A brief hands-on with the Switch 10 revealed what’s most interesting about the device. Its biggest attraction is the detachable keyboard dock, which comes alongside the tablet. The tablet can be securely snapped on the dock, which has a 360-degree hinge that allows the device to be placed in multiple positions.To read this article in full or to leave a comment, please click here

Microsoft results get a lift from Office 365 and Azure

Microsoft has reported better-than-expected financial results for the quarter just ended, helped by strong sales of cloud services like Office 365 and Azure.Commercial cloud revenue more than doubled from a year earlier, the company announced Thursday, and online services like Bing and Xbox Live performed well.The results were hurt by the weak PC market, however, with sales of Microsoft’s Windows and Office software both declining. That meant that while sales were strong, profits declined from last year.In a statement, CEO Satya Nadella talked of “incredible growth across our cloud services.”To read this article in full or to leave a comment, please click here

Google sales hit a speed bump in Q1

Google’s sales rose 12 percent during the first quarter, the slowest rate of revenue growth since 2013, while the amount it charges for ad clicks continued to drop.Total sales for the period ending March 31 came in at US$17.3 billion, missing consensus expectations of $17.5 billion from analysts polled by Thomson Financial Network.After subtracting traffic acquisition costs, the portion of revenue paid to partners that distribute its ads, Google’s sales were $13.9 billion, the company reported Thursday.To read this article in full or to leave a comment, please click here

Amazon says its cloud is ‘a $5 billion business’

Amazon has finally shared some numbers about its cloud business, and not surprisingly they show that it’s thriving and profitable.Amazon Web Services brought in US$1.566 billion in net sales for Amazon’s first quarter, it said Thursday, up 49 percent from $1.05 billion AWS generated the same time a year ago. For this quarter, AWS netted a profit of $265 million, up from $245 million a year ago.AWS is a $5 billion business “and still growing fast—in fact it’s accelerating,” Amazon CEO Jeff Bezos was quoted as saying in a press release. He also called the group an “example of how we approach ideas and risk-taking at Amazon.”AWS now generates nearly 7 percent of Amazon’s total revenue. Overall, Amazon’s net sales for the quarter, which ended March 31, totaled $22.7 billion, up 15 percent from the $19.7 billion collected in the same period a year earlier. The company posted a net loss of $57 million in this first quarter, down from the $108 million it lost in last year’s first quarter.To read this article in full or to leave a comment, please click here

Google Fi: From disruptive to meh

This week's unveiling of Google's Project Fi, the search-messaging-phone-collaboration-broadband company's effort to shake up the wireless market in order to encourage people to use more of its services, has generated widespread reaction even though relatively few people will be eligible to use the service out of the gate.The general consensus seems to be that Google's latest experiment isn't revolutionary (for example, "Meh: Google launches disappointing Project Fi MVNO"). No, it isn't the first mobile virtual network operator (MVNO) to let you pay only for the data you use or bop between WiFi and cellular.  But it still has the potential to mess with the biggest wireless service providers' status quo.To read this article in full or to leave a comment, please click here

Credit card terminals have used same password since 1990s, claim researchers

While retailers battle breaches that have resulted in tens of millions of credit card numbers stolen, word comes from the RSA Conference in San Francisco that a major vendor of payment terminals has been shipping devices for over two decades with the same default password.The vendor wasn’t named by the researchers, David Byrne and Charles Henderson, but they did disclose the password: 166816.A Google search reveals that’s the default password for several models of credit card terminal sold by Verifone, a Silicon Valley-based vendor that says it connects 27 million payment devices and has operations in 150 countries.Verifone didn’t immediately comment on the claim.To read this article in full or to leave a comment, please click here

DOD wants to rebuild trust with the technology industry

The U.S. Department of Defense must rebuild trust with Silicon Valley because it needs new technology partners to fight against cyberattacks, Secretary of Defense Ashton Carter said Thursday.The DOD is looking to build its defensive cybersecurity capabilities with help from technology vendors, but the military also will deploy offensive measures when its warranted, Carter said in a speech at Stanford University.The department sees its cybersecurity role as largely focused on defense, but “adversaries should know that our preference for deterrence and our defensive posture don’t diminish our willingness to use cyber options if necessary,” he said.To read this article in full or to leave a comment, please click here

1 3,490 3,491 3,492 3,493 3,494 3,809