Blog

New DoS attack exploits algorithms to knock sites offline

[ad_1]

The exploit was detailed at the Black Hat cybersecurity conference in Las Vegas by Nathan Hauke and David Renardy security company Two Six Labs, as reported by Wired.

Rather than a traditional DDoS attack which overwhelms a server by sending thousands of junk traffic requests to it from hundreds of different computers until it fails, the new attack uses a related technique called Denial of Service (DoS). The DoS attack can originate from just one machine and targets the algorithms used by many sites for data processing.

The researchers found a common vulnerability across three sets of software, in which they could throw large amounts of data at algorithms which then try to process the data and crash out. This worked for PDF software, by uploading a single large PDF file which could crash a whole website, for virtual networking computers (VNCs) which could be filled with junk data until the servers crashed and for password strength indicating software developed by Dropbox which could be stalled when a user entered thousand-character passwords.

In each case, the attacks take advantage of the large amount of processing done by algorithms. If these algorithms are fed enough junk data, they can gum up a website and cause server outages.

The researchers say they want to bring awareness of this vulnerability to developers’ attention, and they have created a tool called ACsploit which developers can use to generate the “worst-case inputs for algorithms” and test against them.

[ad_2]

Source link

Apple updates its USB-C AV dongle for 4K HDR video

[ad_1]

In addition to using a display, TV or projector that can support that spec, you’ll also need to be playing videos from a 15-inch MacBook Pro introduced in 2017 or later, a Retina iMac introduced in 2017 or later, an iMac Pro or an iPad Pro. Further, your devices must be running macOS Mojave 10.14.6 or later or iOS 12.4 or later. The upgraded accessory also adds support for HDR10 and Dolby Vision, two competing HDR formats becoming more common today.

Apple has already discontinued the adapter’s older version, which only supports HDMI 1.4b, so you’re getting the updated model when you buy from its online store. If you’re buying elsewhere or want to be sure, though, the new version is Model A2119, while the older one is Model A1621.

[ad_2]

Source link

Huawei reveals Harmony OS, its alternative to Android

[ad_1]

Yu’s own presentation was rather technical, but in a nutshell, Harmony OS is positioned as a future-proof, “microkernel-based, distributed OS for all scenarios.” The platform is open source, and it’s actually more of a competitor to Google’s upcoming Fuchsia, given that both are microkernel-based and can be deployed to multiple types of devices at once. In contrast, Android isn’t as efficient due to its redundant codes, outdated scheduling mechanism and general fragmentation issues.

Huawei Harmony OS
Developing…

[ad_2]

Source link

Blackmagic’s new $2,495 pocket camera can shoot 6K videos

[ad_1]

Blackmagic says the device can preserve more detail in the image’s lightest and darkest parts than simpler video cameras can, thanks to the fact that it offers 13 stops of dynamic range. That will allow you to capture clear and detailed images even though they’re, for instance, taken from a dark interior with sunlight streaming in.

The camera’s EF lens mount works with lenses from various brands like Canon, Sigma and Zeiss, so you can use your existing collection. And due to its larger sensor and EF mount, you’ll be able capture images with shallower depth of field than its predecessor can, with subjects that stand out more against a blurred background.

Like its 4K sibling, the 6K Pocket Cinema Camera comes with a 5-inch screen and is powered by Blackmagic OS. It’s now available from resellers worldwide for US$2,495. While that’s no pocket change, that makes the model a lot more affordable than rival 6K cameras with similar features.

[ad_2]

Source link

Key U.S. election systems could have been exposed online for months

[ad_1]

It’s likely the case that election officials who claimed their systems weren’t online didn’t know any better. “We … discovered that at least some jurisdictions were not aware that their systems were online,” Kevin Skoglund, an independent security consultant, told Motherboard.

At issue isn’t the electronic voting machines themselves, but the SFTP server and firewall that some polling places use to speedily transmit votes. Such systems are only supposed to be connected to the internet during Election Day, and then are promptly disconnected. Researchers told Motherboard that critical backend systems are connected to the firewalls. If a hacker was able to intercept the firewall, they could alter vote totals or infect voting machines with malware.

ES&S disagrees with the conclusion reached by the researchers interviewed for the story. “There’s nothing connected to the firewall that is exposed to the internet,” Gary Weber, vice president of software development and engineering for ES&S, told Motherboard.

This isn’t the first instance of ES&S running into trouble for its handling of election security. Last summer, the vendor admitted to Senator Ron Wyden (D-OR) that some of its election management systems had vulnerable remote-access tools — despite repeated denials in the past. The North Carolina Board of Elections — which uses ES&S systems — recently voted to disqualify the company’s machines for not providing an option for hand-marked ballots.

[ad_2]

Source link

Facebook offers publishers millions for its dedicated news tab

[ad_1]

Company chief Mark Zuckerberg first revealed plans to add a dedicated news tab to the platform earlier this year, shortly after Apple rolled out its news and magazine subscription service. Back then, reports said the service would be free to use, even though Facebook might pay outlets for their content.

Based on WSJ’s new report, the tab might offer a mix of full articles and short snippets. Participating publishers will reportedly be able to choose whether to host full stories on the platform or just a headline and a short part of the piece that links to their websites. The latter would drive traffic to their domain, though we imagine Facebook may pay more for pieces posted fully on the platform.

The dedicated news tab is a separate venture from all of Facebook’s older news-oriented features. It’s not the same as “Today In,” which shows users news from publishers in their area. And it’s also not associated with Instant Articles, which only splits ad revenues with news outlets

[ad_2]

Source link

Apple extends bug bounty and provides special iPhones for researchers

[ad_1]

By including its other operating systems, Apple is extending the bug bounty program that it first launched for iOS in 2016. Researchers who discover security flaws that affect platforms other than iOS are eligible to receive payouts as large as $200,000. That is the same price Apple initially offered as a maximum reward for its iOS program. The company boosted that payout to $1 million today, only for iOS flaws that allow an attacker to gain full access to an iPhone or iPad without any physical interaction with the device. The company also added a $500,000 tier reward for security shortcomings that allow hackers to access user data.

Extending its bug bounty program to all of its platforms is a long time coming for Apple, and perhaps motivated by people withholding disclosure of bugs because of the lack of incentive. Earlier this year, a security researcher revealed that he discovered a flaw in macOS that could expose user passwords but refused to provide details to Apple because of the lack of a bounty program for the operating system.

[ad_2]

Source link

‘No Man’s Sky Beyond’ trailer reveals expanded multiplayer and VR

[ad_1]

Hello Games founder Sean Murray called Beyond the “biggest update” to the No Man’s Sky series yet. A look at the trailer reveals vivid imagery, bigger and more detailed ships and buildings, as well as rideable animals. While Next added multiplayer for up to four players, the trailer suggests around a dozen. The update will include full VR support for PSVR, Rift, and Vive players, and non-VR and VR players will be able to play together to boot. You can watch a special trailer tailored to the VR experience below:

“Multiplayer is something we introduced in Next, and we know that people who play together play for nearly twice as long on average — we are excited to expand this for Beyond,” noted Murray on Twitter. Beyond will be released on August 14th, and will be available for free on Xbox, PC, PS4, PSVR and Steam VR.



[ad_2]

Source link

Misuse of land and agriculture is driving climate change

[ad_1]

The UN’s Intergovernmental Panel on Climate Change (IPCC), which issued the report, relied on the expertise of 107 scientists from 50 nations all over the world — more than half from developing nations. The report outlines the ways that increased demand for food is not only warming the planet, but making it harder to farm. Increased global warming since the Industrial Revolution has lead to more frequent, longer and harsher droughts in much of the world, including the Mediterranean, parts of Asia, South America and much of Africa.

Vegetation browning due to the heat and lack of rain has been observed in much of the world, including parts of North America and northern Eurasia. At present, farmers in Western Canada are facing a major crop failure and feed shortage due to a drought. Many Colorado farmers and ranchers opted not to plant at all last year due to the ongoing drought in the Colorado River Basin, reported Colorado NPR affiliate KRCC.

The report lists some suggestions for what humans can do to help, including scaling back on eating meat and reducing food waste. The report estimates that over 25 percent of total food produced every year is thrown away, and that waste drives as much as 10 percent of greenhouse gas emissions. Wasting food only increases the demand for more food, which then, in turn, amps up agricultural production.

[ad_2]

Source link

Uber has more than 100 million users, but is still losing money

[ad_1]

UberEats certainly boosted the bottom line, as it helped bring in new customers. The number of people Uber delivered food to over the quarter rose by 140 percent from Q2 2018. “Over 40 percent of new Eats consumers had never used Uber’s platform before,” the company said.

Uber’s net loss over the quarter amounted to $5.24 billion, but that’s perhaps not quite as bad as it seems on the surface. The majority ($3.9 billion) is a result of stock-based awards to employees after its IPO in May. It also doled out a $298 million “driver appreciation award” related to the IPO. Even discounting those, Uber lost over $1 billion for the second quarter running.

By way of comparison, rival Lyft reported its earnings yesterday. It posted record quarterly revenue of $867.3 million, up 72 percent year-over-year. It lost $644.2 million overall. Making more money off each rider helped, though. Over the three months, it had 21.8 million active riders. They generated an average of $39.77 each — that’s an increase of $1.91 per person from the previous quarter.

[ad_2]

Source link