7658 stories
·
60 followers

E-Mail Tracking

1 Share

Good article on the history and practice of e-mail tracking:

The tech is pretty simple. Tracking clients embed a line of code in the body of an email­ -- usually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device. Newsletter services, marketers, and advertisers have used the technique for years, to collect data about their open rates; major tech companies like Facebook and Twitter followed suit in their ongoing quest to profile and predict our behavior online.

But lately, a surprising­ -- and growing­ -- number of tracked emails are being sent not from corporations, but acquaintances. "We have been in touch with users that were tracked by their spouses, business partners, competitors," says Florian Seroussi, the founder of OMC. "It's the wild, wild west out there."

According to OMC's data, a full 19 percent of all "conversational" email is now tracked. That's one in five of the emails you get from your friends. And you probably never noticed.

I admit it's enticing. I would very much like the statistics that adding trackers to Crypto-Gram would give me. But I still don't do it.

Read the whole story
fxer
15 hours ago
reply
Bend, Oregon
Share this story
Delete

Meteors over Inner Mongolia

1 Share
Meteors over Inner Mongolia
Did you ever get caught in a meteor shower? If yes, then every minute or so the sky sparked with fleeting flashes of light. This was the fate of the pictured astrophotographer during last year's Perseids meteor shower. During the featured three-hour image composite, about 90 Perseids rained down above Lake Duolun of Inner Mongolia, China. If you trace back the meteor streaks, you will find that most of them appear to radiate from a single constellation -- in this case Perseus. In fact, you can even tell which meteors are not Perseids because they track differently. Tonight promises to be another good night to get caught in a meteor shower because it is the peak for the Geminids. Gemini, the shower radiant, should rise shortly after sunset and be visible most of the night.
Read the whole story
fxer
15 hours ago
reply
Bend, Oregon
Share this story
Delete

Mirai IoT Botnet Co-Authors Plead Guilty

2 Shares

The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

Entering guilty pleas for their roles in developing and using Mirai are 21-year-old Paras Jha from Fanwood, N.J. and Josiah White, 20, from Washington, Pennsylvania.

Jha and White were co-founders of Protraf Solutions LLC, a company that specialized in mitigating large-scale DDoS attacks. Like firemen getting paid to put out the fires they started, Jha and White would target organizations with DDoS attacks and then either extort them for money to call off the attacks, or try to sell those companies services they claimed could uniquely help fend off the attacks.

CLICK FRAUD BOTNET

In addition, the Mirai co-creators pleaded guilty to charges of using their botnet to conduct click fraud — a form of online advertising fraud that will cost Internet advertisers more than $16 billion this year, according to estimates from ad verification company Adloox. 

The plea agreements state that Jha, White and another person who also pleaded guilty to click fraud conspiracy charges — a New Orleans man named Dalton Norman — leased access to their botnet for the purposes of earning fraudulent advertising revenue through click fraud activity and renting out their botnet to other cybercriminals.

As part of this scheme, victim devices were used to transmit high volumes of requests to view web addresses associated with affiliate advertising content. Because the victim activity resembled legitimate views of these websites, the activity generated fraudulent profits through the sites hosting the advertising content, at the expense of online advertising companies.

Jha and his co-conspirators admitted receiving as part of the click fraud scheme approximately two hundred bitcoin, valued on January 29, 2017 at over $180,000.

Prosecutors say Norman personally earned over 30 bitcoin, valued on January 29, 2017 at approximately $27,000. The documents show that Norman helped Jha and White discover new, previously unknown vulnerabilities in IoT devices that could be used to beef up their Mirai botnet, which at its height grew to more than 300,000 hacked devices.

MASSIVE ATTACKS

The Mirai malware is responsible for coordinating some of the largest and most disruptive online attacks the Internet has ever witnessed. The biggest and first to gain widespread media attention began on Sept. 20, 2016, when KrebsOnSecurity came under a sustained distributed denial-of-service attack from more than 175,000 IoT devices (the size estimates come from this Usenix paper (PDF) on the Mirai botnet evolution).

That September 2016 digital siege maxed out at 620 Gbps, almost twice the size of the next-largest attack that Akamai — my DDoS mitigation provider at the time — had ever seen.

The attack continued for several days, prompting Akamai to force my site off of their network (they were providing the service pro bono, and the attack was starting to cause real problems for their paying customers). For several frustrating days this Web site went dark, until it was brought under the auspices of Google’s Project Shield, a program that protects journalists, dissidents and others who might face withering DDoS attacks and other forms of digital censorship because of their publications.

At the end of September 2016, just days after the attack on this site, the authors of Mirai — who collectively used the nickname “Anna Senpai” — released the source code for their botnet. Within days of its release there were multiple Mirai botnets all competing for the same pool of vulnerable IoT devices.

The Hackforums post that includes links to the Mirai source code.

Some of those Mirai botnets grew quite large and were used to launch hugely damaging attacks, including the Oct. 21, 2016 assault against Internet infrastructure firm Dyn that disrupted Twitter, Netflix, Reddit and a host of other sites for much of that day.

A depiction of the outages caused by the Mirai attacks on Dyn, an Internet infrastructure company. Source: Downdetector.com.

The leak of the Mirai source code led to the creation of dozens of copycat Mirai botnets, all of which were competing to commandeer the same finite number of vulnerable IoT devices. One particularly disruptive Mirai variant was used in extortion attacks against a number of banks and Internet service providers in the United Kingdom and Germany.

In July 2017, KrebsOnSecurity published a story following digital clues that pointed to a U.K. man named Daniel Kaye as the apparent perpetrator of those Mirai attacks. Kaye, who went by the hacker nickname “Bestbuy,” was found guilty in Germany of launching failed Mirai attacks that nevertheless knocked out Internet service for almost a million Deutsche Telekom customers, for which he was given a suspended sentence. Kaye is now on trial in the U.K. for allegedly extorting banks in exchange for calling off targeted DDoS attacks against them.

Not long after the Mirai source code was leaked, I began scouring cybercrime forums and interviewing people to see if there were any clues that might point to the real-life identities of Mirai’s creators.

On Jan 18, 2017, KrebsOnSecurity published the results of that four-month inquiry, Who is Anna Senpai, the Mirai Worm Author? The story is easily the longest in this site’s history, and it cited a bounty of clues pointing back to Jha and White — two of the men whose guilty pleas were announced today.

A tweet from the founder and CTO of French hosting firm OVH, stating the intended target of the Sept. 2016 Mirai DDoS on his company.

According to my reporting, Jha and White primarily used their botnet to target online gaming servers — particularly those tied to the hugely popular game Minecraft. Around the same time as the attack on my site, French hosting provider OVH was hit with a much larger attack from the same Mirai botnet (see image above), and the CTO of OVH confirmed that the target of that attack was a Minecraft server hosted on his company’s network.

My January 2017 investigation also cited evidence and quotes from associates of Jha who said they suspected he was responsible for a series of DDoS attacks against Rutgers University: During the same year that Jha began studying at the university for a bachelor’s degree in computer science, the school’s servers came under repeated, massive attacks from Mirai.

With each DDoS against Rutgers, the attacker — using the nicknames “og_richard_stallman,” “exfocus” and “ogexfocus,” — would taunt the university in online posts and media interviews, encouraging the school to spend the money to purchase some kind of DDoS mitigation service.

It remains unclear if Jha (and possibly others) may face separate charges in New Jersey related to his apparent Mirai attacks on Rutgers. According to a sparsely-detailed press release issued Tuesday afternoon, the Justice Department is slated to hold a media conference at 2 p.m. today with officials from Alaska (where these cases originate) to “discuss significant cybercrime cases.”

Update: 11:43 a.m. ET: The New Jersey Ledger just published a story confirming that Jha also has pleaded guilty to the Rutgers DDoS attacks, as part of a separate case lodged by prosecutors in New Jersey.

PAYBACK

Under the terms of his guilty plea in the click fraud conspiracy, Jha agreed to give up 13 bitcoin, which at current market value of bitcoin (~$17,000 apiece) is nearly USD $225,000.

Jha will also waive all rights to appeal the conviction and whatever sentence gets imposed as a result of the plea. For the click fraud conspiracy charges, Jha, White and Norman each face up to five years in prison and a $250,000 fine.

In connection with their roles in creating and ultimately unleashing the Mirai botnet code, Jha and White each pleaded guilty to one count of conspiracy to violate 18 U.S.C. 1030(a)(5)(A). That is, to “causing intentional damage to a protected computer, to knowingly causing the transmission of a program, code, or command to a computer with the intention of impairing without authorization the integrity or availability of data, a program, system, or information.”

For the conspiracy charges related to their authorship and use of Mirai, Jha and White likewise face up to five years in prison, a $250,000 fine, and three years of supervised release.

This is a developing story. Check back later in the day for updates from the DOJ press conference, and later in the week for a follow-up piece on some of the lesser-known details of these investigations.

The Justice Department unsealed the documents related to these cases late in the day on Tuesday. Here they are:

Jha click fraud complaint (PDF)
Jha click fraud plea (PDF)
Jha DDoS/Mirai complaint (PDF)
Jha DDoS/Mirai plea (PDF)
White DDoS complaint (PDF)
White DDoS/Mirai Plea (PDF)
Norman click fraud complaint (PDF)
Norman click fraud plea (PDF)

Read the whole story
fxer
15 hours ago
reply
Bend, Oregon
Share this story
Delete

Computer science student pleads guilty to creating Mirai botnet

1 Share

Enlarge (credit: Open Grid Scheduler )

A New Jersey man has pled guilty to hacking charges and creating the devastating Mirai botnet, which spread via vulnerabilities in Internet-connected devices to unleash numerous massive distributed-denial-of-service attacks. As recently as last week, new Mirai strains continued to proliferate online.

As Ars reported in October 2016, the most serious DDoS degraded or completely took down Twitter, GitHub, the PlayStation network, and hundreds of other sites by targeting Dyn, a service that provided domain name services to the affected sites.

Paras Jha admitted to being behind Mirai according to court documents that were unsealed on Tuesday. The Rutgers University computer science student was originally publicly identified as a likely suspect in January 2017 by Brian Krebs, a well-known independent computer security journalist.

Read 4 remaining paragraphs | Comments

Read the whole story
fxer
15 hours ago
reply
Bend, Oregon
Share this story
Delete

How Google protects your data in transit

1 Share


Protecting your data is of the utmost importance for Google Cloud, and one of the ways we protect customer data is through encryption. We encrypt your data at rest, by default, as well as while it’s in transit over the internet from the user to Google Cloud, and then internally when it’s moving within Google, for example between data centers.

We aim to create trust through transparency, and today, we’re releasing a whitepaper, “Encryption in Transit in Google Cloud,” that describes our approach to protecting data in transit.

Google Cloud employs several security measures to help ensure the authenticity, integrity and privacy of data in transit. Authentication means we know and verify the data source. Integrity means we make sure data you send arrives at its destination unaltered. Encryption means we make your data confidential while in transit to keep it private.


Your data is encrypted in transit by default


By default, when a user connects to Google Cloud, the connection between the user and Google is encrypted. That means that when you connect to Google Cloud, the data you send is encrypted using HTTPS, so that an adversary cannot snoop on your traffic. (You can find out more about HTTPS at Google in our HTTPS transparency report.) Google implements TLS and other encryption in transit protocols by using BoringSSL, an open-source cryptographic library derived from OpenSSL.

By default, Google Cloud encrypts and authenticates all data in transit at one or more network layers when data moves outside physical boundaries not controlled by or on behalf of Google. For comparison, data in transit inside a physical boundary is authenticated but not necessarily encrypted because rigorous security controls are already in place. To ensure we are protecting data against any potential threats, our inherent assumption is that the wide area network is only semi-trusted — that is, that network links between physical boundaries can be compromised by an active adversary who can snoop, inject or alter traffic on the wire. Encrypting data in transit helps protect against this type of activity.

At the network layer, Google Cloud’s virtual network infrastructure automatically encrypts VM to VM traffic if it crosses a physical boundary not controlled by or on behalf of Google. On top of this, at the application layer, Application Layer Transport Security automatically provides authentication, integrity and encryption of remote procedure calls from service to service, when those calls leave a physical boundary controlled by or on behalf of Google. Each service that runs in Google’s infrastructure has a service account identity with associated cryptographic credentials that are used to authenticate these communications.

You have additional options to encrypt your data in transit


In addition to default protections, Google Cloud customers have many options to further encrypt data in transit, including IPsec tunnels, free and automated TLS certificates and Istio.

With Google Cloud VPN, you can send requests from your on-premise machine to a service hosted on Google Cloud through a secure, IPsec VPN tunnel at the network layer. You can also set up multiple, load-balanced tunnels through multiple VPN gateways.

For applications built on Google Cloud, Google provisions free and automated certificates to implement TLS in Firebase Hosting and Google App Engine custom domains.

Istio is an open-source service mesh developed by Google, IBM, Lyft and others, to simplify service discovery and connectivity. Istio authentication aims to automatically encrypt data in transit between services, and manage the associated keys and certificates.

Google helps the internet encrypt data in transit


In addition to how we specifically protect Google Cloud users, we have several open-source projects and other efforts to improve the internet’s security at large and support the use of encryption in transit. These include Certificate Transparency (CT), which is designed to audit and monitor certificates issued by publicly trusted CAs. Certificate Transparency helps detect certificates that may not have been issued according to industry standards, or may not have been requested by the domain owner.

Your data is yours


While we’re on the topic of data protection and privacy, it's useful to reinforce how we think about customer data. In Google Cloud, you choose what data your business stores and what applications your business creates and runs on the service. We process your data only according to our agreement with your business. You can read more about how we keep your business data private on our Privacy website.

To learn more about how we encrypt your data at rest and our overall security design, read our whitepapers “Encryption at Rest in Google Cloud Platform” and “Google Infrastructure Security Design Overview.”

Safe computing!
Read the whole story
fxer
15 hours ago
reply
Bend, Oregon
Share this story
Delete

The State of JavaScript 2017

1 Share
Comments

A few years back, a JavaScript survey would've been a simple matter. Question 1: are you using jQuery? Question 2: any comments? Boom, done!

But as we all know, things have changed. The JavaScript ecosystem is richer than ever, and even the most experienced developer can start to hesitate when considering the multitude of options available at every stage.

This is where this survey comes in: we asked over a hundred questions to more than 28,000 developers all over the world, covering topics going from front-end libraries all the way to back-end frameworks.

We believe the result is the most complete picture of the state of JavaScript currently available, and we're excited to share it with you!

P.S. if all this data ever feels overwhelming, I'm sure you'll find a way to console yourself…


Comments
Read the whole story
fxer
1 day ago
reply
Bend, Oregon
dreadhead
1 day ago
This just makes me feel like I am stuck using old JS and know nothing about this new fancy (probably nicer) stuff.
DMack
12 hours ago
vue/express/es2047 gang reporting in; "probably nicer" is putting it lightly :P
Share this story
Delete
Next Page of Stories