Aereo Gets OK From Bankruptcy Court To Auction Technology Assets Slashdotby samzenpus on tv at January 1, 1970, 1:00 am (cached at December 29, 2014, 11:33 pm)

An anonymous reader writes Judge Sean Lane of the U.S. Bankruptcy Court in Manhattan gave permission to Aereo to sell its remaining assets to the highest bidder. The decision came after Aereo reached an agreement with the major broadcast networks that are suing the service. From the article: "Now a bankruptcy court in New York has granted Aereo permission to sell off its assets, with one big caveat: those angry broadcasters who shut them down in the first place? They get to approve any sales that go down. The auction will take place on February 24, at which point the broadcasters have two weeks to decide if they're okay with the highest bidder."

Read more of this story at Slashdot.








ISC website compromised, possibly due to vulnerable WordPress plugin (SC Magazine) SANS ISC SecNewsFeed(cached at December 29, 2014, 11:30 pm)

U.S. suspects North Korea had help attacking Sony Pictures: source (Yahoo Security) SANS ISC SecNewsFeed(cached at December 29, 2014, 11:30 pm)

Will 2015 be the year we finally do something about DDoS?, (Mon, Dec 29th) SANS Internet Storm Center, InfoCON: green(cached at December 29, 2014, 11:30 pm)

Among the events of the past few days during the holidays was a DDoS attack on Sonys Playstation network and on Xbox Lives network. The attack was reportedly carried out by a group called Lizard Squad and by all measures is not precisely the profile of a highly sophisticated attack. Such attacks have increased in both intensity and frequency in the past year but, to an extent, are not terribly new.

The question is, why are these low-skill attacks still happening and what can be done to stop them. This week I hope to put up a series of posts on some things every organization can do, this one is the first.

Many of these attacks rely on spoofing source IPs to an open UDP service (i.e. NTP, DNS, etc) that respond with traffic much larger to the spoofed target. Since some protocols can respond with hundreds of times larger of a response than the request, it makes it easy for someone with a gigabit connection to the internet to direct large DDoSs at a victim assume they know enough open services.

The first step to deal with this problem is for organizations to stop running open UDP services without a really really good reason (which you dont have). Usually, this involves very minor configuration changes. If you do need to run open services to the internet (you dont) than to use rate-limiting to prevent the service from being abused.
Does your network run any open UDP services? There are 4 websites that will help you find such services on your network.

openresovlerproject.org
openntpproject.org
openssdpproject.org
opensnmpproject.org

These are the four biggest offenders in reflective DDoS attacks and eliminating them would go a long way to taking a bite out of the DDoS threat. In all cases, there are good reasons to disable the services even if you are not a victim. First, could be the potential of civil liability from a victim. Second, is the possibility of information leakage (i.e. SNMP).
Be sure to check your organizations IP space and for fun, check your home networks as well and/or your favorite WiFi hotspot.

If we all take some time to clean up our small corners of the net, we can start tamping down on DDoS and get back to our XBox.

--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Will 2015 be the year we finally do something about DDoS?, (Mon, Dec 29th) SANS Internet Storm Center, InfoCON: green(cached at December 29, 2014, 11:30 pm)

Among the events of the past few days during the holidays was a DDoS attack on Sonys Playstation network and on Xbox Lives network. The attack was reportedly carried out by a group called Lizard Squad and by all measures is not precisely the profile of a highly sophisticated attack. Such attacks have increased in both intensity and frequency in the past year but, to an extent, are not terribly new.

The question is, why are these low-skill attacks still happening and what can be done to stop them. This week I hope to put up a series of posts on some things every organization can do, this one is the first.

Many of these attacks rely on spoofing source IPs to an open UDP service (i.e. NTP, DNS, etc) that respond with traffic much larger to the spoofed target. Since some protocols can respond with hundreds of times larger of a response than the request, it makes it easy for someone with a gigabit connection to the internet to direct large DDoSs at a victim assume they know enough open services.

The first step to deal with this problem is for organizations to stop running open UDP services without a really really good reason (which you dont have). Usually, this involves very minor configuration changes. If you do need to run open services to the internet (you dont) than to use rate-limiting to prevent the service from being abused.
Does your network run any open UDP services? There are 4 websites that will help you find such services on your network.

openresovlerproject.org
openntpproject.org
openssdpproject.org
opensnmpproject.org

These are the four biggest offenders in reflective DDoS attacks and eliminating them would go a long way to taking a bite out of the DDoS threat. In all cases, there are good reasons to disable the services even if you are not a victim. First, could be the potential of civil liability from a victim. Second, is the possibility of information leakage (i.e. SNMP).
Be sure to check your organizations IP space and for fun, check your home networks as well and/or your favorite WiFi hotspot.

If we all take some time to clean up our small corners of the net, we can start tamping down on DDoS and get back to our XBox.

--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Vårdas i Glasgow efter eboladiagnos SvD Utrikes(cached at December 29, 2014, 11:04 pm)

En vårdarbetare som nyligen återvänt till Skottland från Sierra Leone i Västafrika har fått en eboladiagnos. Kvinnan vårdas nu på ett sjukhus i Glasgow, bekräftar Skottlands regering.
Microsoft Is Building a New Browser As Part of Its Windows 10 Push Slashdotby samzenpus on microsoft at January 1, 1970, 1:00 am (cached at December 29, 2014, 11:03 pm)

mpicpp sends word that Microsoft may be working on a new browser. "There's been talk for a while that Microsoft was going to make some big changes to Internet Explorer in the Windows 10 time frame, making IE 'Spartan' look and feel more like Chrome and Firefox. It turns out that what's actually happening is Microsoft is building a new browser, codenamed Spartan, which is not IE 12 — at least according to a couple of sources of mine. Thomas Nigro, a Microsoft Student Partner lead and developer of the modern version of VLC, mentioned on Twitter earlier this month that he heard Microsoft was building a brand-new browser. Nigro said he heard talk of this during a December episode of the LiveTile podcast. Spartan is still going to use Microsoft's Chakra JavaScript engine and Microsoft's Trident rendering engine (not WebKit), sources say. As Neowin's Brad Sams reported back in September, the coming browser will look and feel more like Chrome and Firefox and will support extensions. Sams also reported on December 29 that Microsoft has two different versions of Trident in the works, which also seemingly supports the claim that the company has two different Trident-based browsers. However, if my sources are right, Spartan is not IE 12. Instead, Spartan is a new, light-weight browser Microsoft is building. Windows 10 (at least the desktop version) will ship with both Spartan and IE 11, my sources say. IE 11 will be there for backward-compatibility's sake. Spartan will be available for both desktop and mobile (phone/tablet) versions of Windows 10, sources say."

Read more of this story at Slashdot.








The Interview: Sony's Embrace Of Cloud Distribution A Metaphor For Enterprise Applic SANS ISC SecNewsFeed(cached at December 29, 2014, 11:00 pm)

Ygeman öppnar för stöd efter moskéattacker SvD Inrikes(cached at December 29, 2014, 10:33 pm)

Moskébranden i Eslöv är en i raden av misstänkta angrepp mot muslimska församlingar i år. Elvir Gigovic, ordförande för Sveriges muslimska råd, kräver nu att muslimska församlingar ska få samma ekonomiska stöd för säkerhet som judiska församlingar fått. Inrikesminister Anders Ygeman (S) öppnar för ett sådant stöd.
Skottlossning mot lägenhet i Malmö SvD Inrikes(cached at December 29, 2014, 10:33 pm)

En lägenhet i området Seved i Malmö besköts vid 19-tiden på måndagskvällen.
Ungdomar sköt på folk med fyrverkeri SvD Inrikes(cached at December 29, 2014, 10:33 pm)

Ett ungdomsgäng på upp till trettio personer mellan 13 och 15 sköt fyrverkerier, smällare och raketer mot människor i Navestad i Norrköping.
Russia Plans To Build World First DNA Databank of All Living Things Slashdotby samzenpus on biotech at January 1, 1970, 1:00 am (cached at December 29, 2014, 10:33 pm)

An anonymous reader writes Researchers from Moscow State University plan to build a database that will house the DNA of every creature known to man. The University has secured a $194 million grant for the project dubbed "Noah's Ark." The gigantic "ark," set to be completed by 2018, will be 430 sq km in size, built at one of the university's central campuses. "It will enable us to cryogenically freeze and store various cellular materials, which can then reproduce. It will also contain information systems. Not everything needs to be kept in a petri dish," MSU rector Viktor Sadivnichy says.

Read more of this story at Slashdot.








Catalyst-View-TT-0.42 search.cpan.orgby John Napiorkowski at January 1, 1970, 1:00 am (cached at December 29, 2014, 10:32 pm)

Template View Class
Catalyst-View-TT-0.42 search.cpan.orgby John Napiorkowski at January 1, 1970, 1:00 am (cached at December 29, 2014, 10:32 pm)

Template View Class
Are airlines keeping us safe? AL JAZEERA ENGLISH (AJE)(cached at December 29, 2014, 10:30 pm)

The fate of AirAsia flight is once again raising questions about air safety.