Posts by happygeek

Nice one Alan, you will have to post a pic once it is done. Unless it is on your arse. We don't want to see that ;)

As for the van, not a VW. Not a huge American jobby either. I'm picking up my Mazda Bongo (Japanese import) on Thursday. It's unconverted at the moment, so will be a project for me. Looking to add a rear conversion and turn it into a dayvan/weekender. Currently has 8 seats which fold flat to make a bed, which will be good enough for the time being. It's small, officially classified as a MPV rather than a van, about the size of a VW camper I guess. I'm naming it Jean-Claude, because it's one heck of a Damme Van.

How do passwords work?

What a password isn't, or at least really shouldn't be, is some kind of secret word or phrase that is simply compared against a table of usernames in a login database. Such plaintext systems are about as secure as a chocolate padlock on a furnace door. Even a login system whereby those passwords are encrypted isn't much better, although many people assume they are safe as houses. Breaches across the years have proven how insecure any system which relies purely on reversible algorithm encryption really is. The user logs in and enters a password, this triggers the system to decrypt the password in the login database that is associated with the username and if they match then authorisation is granted. The weakness here should be obvious, and simply put if someone manages to get access to the encrypted password database itself then it can be copied and cracked offline at their leisure as has happened time and time again.

Hashing

Which leads us to the next step up the password protection ladder, and that's usage of hashing. Think of a hash as being a one-way mathematical function, an algorithm to morph the password itself into a really long number and destroys the password data in so doing. It's the hash value that is stored in the login database, and when a user enters their password the hash is decrypted to provide the 'long number' value of that password and if they match authorisation is made. This …

I've just bought a camper van to satisfy the hippy in me.

Contrary to popular belief, Mary Mary wasn't...

Only 11 tats blackmiau? A mere ink beginner then :)

You could probably add a 0 and then treble it here. Actually, I have no idea how many I have, only how little blank skin is left. The last two pieces of ink I got were on the back of my head and my throat, which kind of sums the space problem up...

Good for you, on all counts!

As for the tattoo, may I suggest the England rugby union badge?

You've got to like the irony of 'hippopotomonstrosesquipedaliophobia' which is a fear of long words...

The OP (svsathyavishnu) needs to explain exactly what they are trying to do, otherwise this conversation could be deemed to be against the 'Do not ask for help to pursue any illegal activity including, but not limited to, hacking and spamming' rule and end up being deleted...

See my reply above about where to post. Now closing this thread...

There are two very obvious truths which need to be stated before going any further:

Truth 1 - prevention is better than cure, so don't visit 'dodgy' sites or download anything anyone sends you a link to, and do keep your PC as secure as possible with the help of security software such as real-time malware scanners and firewalls.

Truth 2 - when it comes to malware there is no single 'removes it all' solution, there are far too many malware variations out there from rootkits and zero-day exploits through to long-established malware families which are continuously evolving in order to thwart detection and removal attempts.

That said, there is a third truth which probably also needs mentioning; namely that shit happens and sometimes computers do become infected despite the best efforts of responsible users. So what should you do if you suspect that you have become the latest victim of the malware epidemic? This basic tutorial aims to highlight the procedures and resources available to users of the Windows Operating System, and should help get you on the path towards having a clean PC again; hopefully without having to take the nuke it, format and start again final option. Yes, I know that the real solution to malware is to run Windows within an isolated Virtual Machine environment that allows you to simply delete and restore a new instance if any infection gets in - but we are talking the real world here where very few users would go …

i dont think it would be hacked. Becuase adobe is a very high secured.

A ha ha ha ha ha ha ha ha ha.
Ha ha ha ha ha ha ha ha ha ha ha ha.
Ha ha ha ha ha.
ROFL
Bonk...

Having taken a look at the blog in question I would advise that the best way to upgrade it would be to press the delete button.

As I stated when reviewing the Minisuit 3-in-1 Folio Case for the Nexus 7 2013, the most important things a writer looks for in any keyboard are key travel, spacing and feedback. Obviously a travel keyboard throws some additional requirements into the mix such as weight, size and battery life. However, when it comes to the single most important factor for me personally, and that's key spacing, the Minisuit Ultra-Thin Aluminium Bluetooth Keyboard Cover falls flat. There is simply no spacing at all, the keys just seem to merge together and it is very hard indeed not to hit the neighbouring keys when typing at any rate above 'slowly hunt and peck with extreme care'. This lack of spacing does allow for a very small keyboard solution, there's no denying that, but it comes at the cost of usability and as far as I am concerned that's a deal-breaker.

Talking of which, although the key travel feels pretty much the same as the 3-in-1 Folio (and remember these are both from the same manufacturer) the feedback is not the same at all. I do prefer the bigger, and more responsive, spacebar on the aluminium keyboard but that's as far as it goes. The lack of an escape key the tiny shift keys, and the fact that the keyboard itself is sunk into a tray all make it hard to use for any prolonged period.

The positives are mainly to do with the look …

For a professional writer of any description, there are three things that matter when it comes to the keyboard that they are using: key spacing, key travel and key feedback. The Minisuit 3-in-1 Folio manages, as far as any such small keyboard is ever going to achieve, to get the key spacing and feedback right. The scrabble tile keys are far enough part, in that there is sufficient gap between them and above/below them to prevent too much mis-keying. This is the bane of most travel keyboards, the keys are badly spaced and you end up making so many typos that you give up. Not so with the 3-in-1 Folio, my typo count was low enough not to be problematical (and I say that as someone with compromised eyesight - so although my typing speed is relatively slow on a small keyboard it isn't compromised too badly overall). Key travel is decent enough, and there's sufficient feedback to know you've hit the key. Thankfully, neither keyboard I tested were of the rubber membrane variety which provide no depth of travel and no feedback and are consequently of no use whatsoever.

The Minisuit 3-in-1 Folio is not without some negatives though, notably the tiny spacebar which is only about the length of three keys including spacing and, importantly, only works reliably well if you hit in centrally rather than towards the edges. The Minisuit aluminium spacebar is twice as large and seems to allow …

Last year, CryptoLocker ransomware hit the headlines after infecting hundreds of thousands of computers and encrypting the data, and backups of that data to any connected device, with the promise of decryption on payment of a fee. This kind of IT extortion is profitable for the bad guys as it targets the people who are least likely to be in a position to do anything but pay; the people who are most likely to get infected are the same folk who are least likely to have an offsite backup or know how to get help with such a problem. This year we have CryptoDefense doing much the same thing, and already apparently infecting and encrypting many tens of thousands of victims. It targets the same victim profile, although in truth as with all such malware a scattergun approach to infection/distribution is employed; the targeting is in terms of who is most likely to pay up once infected. CryptoDefense hits text files, PDFs and Office files, images and video which are encrypted using a RSA-2049 key making it all but impossible recover data without that key. Like CryptoLocker before it, it also looks to disable backup and this time it appears to wipe out any shadow copies of data before encryption and putting up the ransom notice for a $500 unlocking fee.

So what can you do? Well you can avoid being infected in the first place, that's the most valuable piece of advice. Ensure you have up to …

'Spanner' or 'Soup' are both good, simply as I like the way my mouth feels when I say them (file me under odd).

And he's gone again for his offensive 'gay' and 'homo' remarks. Didn't take long, did it?

Hardly a week goes by without yet another press release hitting the desk of your technology journalist, or research flag being raised amongst the IT Security profession, that claims Android is insecure. What Android actually is, just like Windows on the desktop in fact, is a big and attractive target; which in turn makes it the focus of attention for those looking to exploit mobile device vulnerabilities. The bad guys will pour their resources, in terms of both time and money, into discovering and exploiting those vulnerabilities which will present them with the best profit making potential. That, dear reader, is a truism.

The latest such vulnerability to appear on the media radar as far as Android is concerned has been the discovery of a 'privilege escalation flaw' that, according to the headlines at any rate, has the potential to 'leave billions of devices vulnerable to malware attack'. How much of a truism is that, I wonder?

The fact that the privilege escalation vulnerability exists is not in any doubt, despite it being uncovered by Indiana University researchers working in conjunction with Microsoft Research. Just because 'the enemy' (as Microsoft, along with Apple, is oft-perceived when talking about mobile platforms) finds fault does not mean that fault is non-existent. If you want to check out the technical details for yourself, then go read 'Upgrading Your Android, Elevating My Malware: Privilege Escalation Through Mobile OS Updating' which explains all in some sixteen pages of gloriously geeky detail.

The long …

So you've got a tablet, be that an Android, iPad or Windows powered device. Maybe you've got a phablet or just a bog-standard smartphone. Whatever you have, the chances are that it will have a capacitive touch screen. Most people, however, won't have got a stylus. The reasons are straightforward enough: 'I come equipped with a finger, thank you' and, well, that's it actually. For those people who have experienced stylus enlightenment, there's no turning back. A stylus brings more precise input to your device, be that just launching apps, using the on-screen keyboard or maybe getting a little more adventurous than playing Angry Birds by drawing friendly ones with an art app. Not only does a stylus bring precision, it removes an awful lot of dirt. Fingers, well mine at least, are not the cleanest of things and come complete with sweat and oils which leave a residue on your device screen. Indeed, there's a whole industry out there which revolves around the cleaning of fingerprints from screens.

Let's assume you have found stylus religion and decided to join the ever-growing army of pointy-feely recruits; the big question that emerges at this point is 'which one should I buy?' and the answer is usually lost in a sea of claims to be the best, the cheapest, the longest lasting. Having bought and tried pretty much every different kind of stylus over the last few years, if you factor in the word 'cheapest' then you …

Yes, totally amazed. I understand that XP applications remain carved into many enterprise systems, but that really is no excuse to hang on regardless to what is fast becoming an OS dinosaur. The end of life security issues should be centre stage, and I fear that XP installations may well become one of the bigger vulnerability stories in coming months.

News headlines screaming that yet another Microsoft Windows vulnerability has been discovered, is in the wild or has just been patched are two a penny. Such has it ever been. News headlines declaring that a 'major security problem' has been found with Linux are a different kettle of fish. So when reports of an attack that could circumvent verification of X.509 security certificates, and by so doing bypass both secure sockets layer (SSL) and Transport Layer Security (TLS) website protection, people sat up and took notice. Warnings have appeared that recount how the vulnerability can impact upon Debian, Red Hat and Ubuntu distributions. Red Hat itself issued an advisory warning that "GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification... An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid." In all, at least 200 operating systems actually use GnuTLS when it comes to implementing SSL and TLS and the knock-on effect could mean that web applications and email alike are vulnerable to attack. And it's all Linux's fault. Or is it?

The problem with all of this would appear to have started with the best intentions; a programmer working for Red Hat discovered the flaw and Red Hat then issued that advisory which suggested users apply a product update to fix it. All good stuff, with a quick discovery and time …

Yep, like I said "Pastebin does not have a problem; people who abuse it have a problem and those who report on this abuse without any real knowledge of the service itself have a problem."

I have already replied to a PM request for this mass deletion of posts.

However, for the benefit of others in a similar situation I would suggest reading the DaniWeb terms of service, read the post a couple up from Mike, and understand that posting something you were told not to by your professor is not a valid reason for us to delete anything...

Hello Thomas, er sorry I mean Michael, you seem confused in so many ways. Not least that you are asking for advice that you are giving out elsewhere. One could be forgiven for thinking that a link to a certain network cable retailer will pop up from yet another account (now that Thomas is banned) real soon...

True story: I once told Jules Holland (Squeeze keyboard player) that I preferred the Lawnmower Deth cover of Up the Junction to the Squeeze original. As I recall, he didn't seem best pleased at the time...

Alan (diafol) has been featured but his Featured Poster badge fell off, now pinned back on to his profile.

ddanbe has been invited before, but declined (as is his right - and as have a number of folk I would have liked to feature, usually for privacy reasons)

The start button does make a comeback, sort of, in Windows 8.1 but it's still not enough to satisfy the die-hard 'I got Windows 8 but miss Windows 7' brigade. Not least as when you click the Windows 8.1 start button it doesn't pop up the old folder-structured start menu that many people miss so much, but instead it just takes you back to the start screen which those same folk have such a dislike of. Of course, if you right click the start button in Windows 8.1 it does produce a start menu of sorts, with one-click access to everything from Control Panel and Task Manager through to Run and Search. If this is still not enough and you really miss the Windows 7 look and feel, all is not lost; there's an app for that.

Actually, there are any number of apps for that and the choice is quite frankly bewildering. Classic Start, however, is the most popular of the free start button apps available in the Windows Store, and having tried a few I would say it has achieved that position on merit. When I say 'available in' that's not actually really true, as all that's available there is a description of the app and access to user reviews and screenshots; to install it you have to click the link and visit the app developer website. So let's start this step-by-step tutorial right there, at the beginning...

Step 1: Visit the Windows Store from your Start Screen …

So, Microsoft has finally announced that the SkyDrive cloud storage product line is to be renamed OneDrive. This isn't as a result of disappointing user take up leading to a re-branding exercise, it's much more daft than that. Six months ago a judge in a UK court ruled that Microsoft had to drop the name after 17 people contacted BskyB, which owns the Sky TV brand, thinking it also owned SkyDrive.

This despite the fact that if those 17 hard of thinking folk had looked at the website they might just have noticed the Microsoft branding. This despite the fact that if the hard of thinking judge had thought about it he might have realised that 17 people does not "a likelihood of confusion in the average consumer" make.

Seriously, 17 idiots got confused by something because it had 'sky' in the name and the courts said that Microsoft had to make a change? Who are these people, and do they think that a satellite TV outfit also arranges parachute jumps (Sky Diving) and sits in on company meetings pitching in suggestions (Blue Sky Thinking)? Maybe the judge involved in making that original decision needs to get in touch with Microsoft again, after all maybe people will think that OneDrive is a car sponsored by a boy band or be confused when they sign up that it doesn't involve flying past a cuckoo's nest.

Anyway, the deed is done. Or at least it will be …

Apparently it's Data Privacy Day tomorrow (January 28th) which, if you will allow me to quote the Stay Safe Online website blurb, is an "international effort to empower and educate people to protect their privacy and control their digital footprint". Given the Edward Snowden NSA spying revelations that broke during the course of last year, and the fallout from the recent Adobe and Target breaches which is ongoing, I don't happen to follow the flock and agree that Data Privacy Day is a timely and important event. More quotes from Stay Safe Online simply fuel my anger on the subject: "Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the January 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is now a celebration for everyone, observed annually on January 28."

Celebration? Seriously, a celebration of what? A celebration of abject failure? A celebration of how the vast majority not only don't possess the slightest idea of how to truly protect their data but nor could they, if I may be frank, give a damn. Actually, it's not anger that this kind of rubbish fuels but rather despair. Despair that such days of celebration or awareness, whichever way you paint it, ends up revealing a drab and depressing portrait of a technology culture that doesn't care. Let's …

Or even this one which is also abandoned?

Yes, we remember you. Hopefully you have developed a thicker skin and are more prepared for forum/chatroom life now...

What happened to your project? I note you say 'used to own'.

When it comes to web browsers, my general rule of thumb is that the latest version is usually the most secure and this is certainly the case with Internet Explorer. However, when I started using Internet Explorer 11 on my new Windows 8.1 Pro laptop I soon discovered that latest doesn't always mean greatest in terms of usability. If you have read my "How to return the resize buttons to Google Chrome" tutorial, you will appreciate that Windows 8 doesn't always give you the UI experience that you are expecting, or that you want. Such was the case when I fired up Internet Explorer by hitting the 'tile' from the Start screen, after I had set it to be my default browser. When I set Chrome to be the default, Internet Explorer behaved exactly as I expected. However, this I discovered, is courtesy of Windows 8 changing the UI behaviour depending upon whether Internet Explorer is the system default or not (great bit of design there, I don't think).

Anyway, what I encountered was not like any Internet Explorer I had seen before, and was in fact another full-screen touch-optimized and tablet friendly version of the browser. I do use a large touchscreen here at the office, although my laptop itself is not touch-enabled, but prefer for the time being at least to stick with the familiarity of the desktop browser interface.

So how do you go about changing things? Well, at first …

The purpose of this short and sweet tutorial is equally concise: how to get the original look and feel of the Google Chrome web browser back after installing on a Windows 8 computer.

Having recently been forced into buying a new laptop, I finally took the plunge and decided to start using Windows 8 on a daily basis. In fact I upgraded the Windows 8 OS that came with my Lenovo Y510P laptop to Windows 8.1 Pro, and am happy enough with it apart from a few small UI niggles which I will be addressing in a series of brief Windows 8 UI tutorials. The first problem identified itself after I installed my preferred web browser client, Google Chrome. The install itself was as smooth as expected and once I had signed in and synced my bookmarks I thought I was good to go. Wrong. This was not the Google Chrome browser I was used to.

The problem is that Windows 8 defaults to running Chrome as a Windows 8 app, which is OK if you like that kind of full-screen tablet experience but pretty useless on a laptop (even though I do link my laptop to a 22" touchscreen monitor) if you ask me. The main gripe though, is that you lose the resizing buttons completely. When running Chrome I found myself with something that consumed my entire large screen and didn't provide any way to allow other applications to share the screen estate with it.

If, like me, …

The photo messaging application Snapchat, which allows users to post images, video and text on a time limited basis to a group of recipient users, has been hacked. The attraction of Snapchat, apart from not being Facebook and therefore somewhere teenagers can meet online without their parents having a clue about it, is in the 'Mission Impossible' nature of the service: your photo will self-destruct in 10 seconds. Well sort of, as users set the time limit up to 10 seconds that the snap will be viewable to the receiving group, after which they can no longer see it and Snapchat deletes the item from the servers. This kind of discrete time-limited approach has appealed to many, leading them to send perhaps more risque images than they would otherwise, certainly stuff of a more personal nature as their confidence is boosted by the self-destructive feel of security it provides. It is, let's be honest, a magnet for online flirts. It is also less than apologetic after being hacked, apparently preferring to play the blame game.

Of course, what isn't deleted from the Snapchat servers are the usernames and phone numbers of people using the app. And now hackers have apparently successfully downloaded some 4.6 million of them into a database which was made available for anyone to access online. The SnapchatDB site made the data available, but censored the last two digits of the numbers which suggests that maybe this was more a case of a warning shot across the …

He trolled DaniWeb forums using another account, which is banned for three months as a result. The mace_windu account is also banned, permanently, as it was an attempt to get around the other account ban which is something we do not allow.

According to Dell SecureWorks Counter Threat Unit (CTU) security researcher Keith Jarvis, the CryptoLocker ransomware that has been written about so much of late has infected as many as 250,000 computers during the first 100 days of distribution (staring on the 5th of September, 2013). What's more, Jarvis estimates, based upon independent research, that owners of at least 0.4% of the infected machines will have paid the ransom demanded in order to unlock their data. Some pretty simple maths says that the $300 ransom multiplied by 1000 users equals a net haul of $300,000. Right? Well, maybe not.

Although it does seem likely that CryptoLocker remains the work of a single criminal gang, and security experts suggest it is operating out of either the Russian Federation or former Eastern Bloc states, the total ransom generated so far is open to some doubt. I'm not doubting that the infection rate is correct, and Jarvis himself admits that the 0.4% number of folk coughing up the cash is very much a minimum figure and likely to be much higher in reality, I do think that even so the total profit if going to be much, much greater. Why so? Well, I would imagine that you can up the number of people paying for a decryption key from that very low 0.4% to at least 1% which in itself still seems on the low side for such a well co-ordinated and executed attack as this. But hey, let's side with caution …

The single best way to get reputation points is to help people, participate positively in threads and answer their questions correctly. There really isn't a shortcut to better rep, it just comes naturally. Think of it as karma; rep is what the DaniWeb community gives back to those who give to it.

There are lots of reasons why I could say bah humbug today, but the primary one right now is aimed squarely at the spammers who seem to think that there will be nobody at DaniWeb to deal with their crap. Wrong. Happy xmas spamming losers, another day of your life wasted...

Happy Xmas, or whatever you celebrate, to each and every DaniWeb member. Have a good one.

Personally I'm trying to pretend it all doesn't exist, and that's why I am at work at the DaniWeb helm at 8am on Xmas morning - but apparently I'm just a bit weird... :)

Agreed, I was pondering just what he may have achieved if he had lived a full life. Computing may not have been different, but I suspect we may have got where we are a lot quicker.

No, homosexual activity is not still prohibited by law in the UK... Was that really a serious question, by the way?

If you don't know who Alan Turing was, then shame on you. The British code breaker, mathematics genius and father of both computer science and artificial intelligence is rightly credited with helping to bring the second world war to an end. Turing was also gay, and that's where the shame has stuck firmly on the UK establishment for more than 60 years. Turing was convicted for 'homosexual activity' in 1952, and his punishment was to be chemically castrated.

This shameful and appaling conviction meant that Turing was unable to continue his pioneering code-breaking work at Bletchley Park as he lost his security clearance. He also lost his life, committing suicide just two years later. Now, some 59 years after his death, Alan Turing has finally been given a pardon by Queen Elizabeth II under the 'Royal Prerogative of Mercy'.

Turing is widely credited with shortening the second world war by at least two years thanks to his work that helped crack the German Enigma codes at Bletchley Park. He went on, after the war, to work for the UK Government Communications Headquarters (GCHQ) until his security clearance was revoked thanks to that conviction. He died as a result of suicide poisoning, assumed a suicide at the age of just 41 although some gay rights campaigners have today called for a full investigation into the possibility that he was murdered by British intelligence forces as he was perversely considered a threat to national security because of a combination of …

My post count has dropped by something approaching 20,000. That's some re-tallying :)

The Welsh bloke who hates Fred.

AKA diafol (which is Welsh for devil) >;)

US retail giant Target has confirmed that hackers gained access to payment card data that could mean 40 million credit and debit card accounts are at risk. An official statement says that the retailer is "aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores" and is now working with law enforcement and financial institutions having "identified and resolved the issue".

The accounts in question were targeted, no excuse for the pun, between November 27th and December 15th in order to hit the increasingly busy seasonal shopping period. Gavin Millard, Technical Director at security experts Tripwire says that the two most worrying aspect to the breach "are time frame, because it occurred on the busiest shopping period in the US calendar year when millions flood to the big box retailers and the fact that the “track data” was captured, enabling the attackers to create counterfeit cards."

Meanwhile, Mark Bower, vice president at Voltage Security thinks that sadly this massive security breach is simply a reflection of the times we live in. "The size, scale and coordination required for this attack illustrates the lengths that attackers will go to steal valuable credit and debit information including card track data and CVV codes – the ultimate prize" Bower says. Typically there are two points in the retail chain where attacks take place – the POS or the payment switching back end. "POS systems are often the …

If it makes you feel any better I'm turning 50 in a couple of weeks, think how awful my birthday will be :)

According to a report from researchers at US security outfit FireEye, a number of computers belonging to diplomats attending the G20 summit in Russia three months ago, including at least five European foreign ministries, were successfully targeted by Chinese hackers.

FireEye researchers had monitored a server, one of 23, used by the Ke3chang group in August. This enabled them to observe the malware in action, although FireEye says no data was stolen as far as they were aware during this period of observation. Naturally the security firm contacted the relevant authorities as soon as it realised what was underway. The circumstantial evidence collected at the time leads FireEye to believe that Chinese hackers were carrying out the attacks, although it admits it could also have been 'other actors' making it look like the Chinese were to blame. In the murky world of international espionage, such things are never usually clear cut. If it were a matter of misdirection, then it would appear to be a cleverly crafted one with Chinese words on the CnC control panels, servers registered in China and linguistic clues within the malware binaries pointing towards a Chinese coder.

The attack, nicknamed Ke3Chang by the researchers, used fairly standard social engineering infection methods such as emails with attachments leading to malware installation once opened. These attachment were well targeted, apparently, with some purporting to be documents revealing a plan by the US to intervene in the Syrian crisis whilst others claimed to be photos of …

You want to know what SEO is, yet you have been giving advice to others about what SEO is and how to apply it? Have you had a bang on the head and lost your memory?

The Distributed Denial of Service (DDoS) attack is becoming the crowbar of the online criminal. In the past we have got rather used to DDoS attacks being one of the favoured approaches of hacktivists, with perhaps the Low Orbit Ion Cannon (LOIC) and later the High Orbit Ion Cannon (HOIC) as used by Anonymous to take down sites being the best known examples. However, recent evidence suggests that taking down a site is increasingly no longer the be all and end all of a DDoS attack, instead it's just a means to a much more profitable end.

A couple of weeks ago I reported how a Bitcoin bank robbery took place under the smokescreen of a DDoS attack. I've now learned that a DDoS attack on another Bitcoin-related site, the Bitcointalk.org online forum, could also have been implemented as a smokescreen tactic. Information Week reports the site was actually targeted for a password-stealing exercise with some 176,584 users login credentials at risk.

Indeed, as TK Keanini (CTO at Lancope) points out there is an established marketplace out there selling the DDoS capability to anyone with the cash, and relatively little of it is needed to attack a smaller company, so the bad guys don't even need a DDoS strike capability as a core competency any more. "It is almost always the case these days that DDoS attacks leverage blended methods, where the volumetric technique is included, but not the primary objective" Keanini says, adding "this is …

In his essay 'A Few Thoughts on Cryptographic Engineering' Matthew Green, a cryptographer and research professor at Johns Hopkins University, asks "how the hell is NSA breaking SSL?" If this is news to you, following the Edward Snowden revelations in The Guardian, then you obviously haven't read the New York Times piece about the NSA 'Bullrun' briefing sheet which quite plainly states that the agency has been circumventing exactly the type of encryption protection of everyday Internet communications that we take for granted, such as SSL (Secure Sockets Layer).

Of course, as Green has hinted at here, it's not the fact that SSL is being broken (or rather sidestepped, although it amounts to the same thing ultimately) that's in doubt but rather the precise method by which it is being circumvented. I'm not going to repeat all of the possibilities here, Green goes through them in some detail in his paper and I would humbly suggest you follow the link and do likewise. It's seriously interesting stuff, even for the non-ITSec geeks amongst you. But it's not all bad news, at least the Snowden revelations are increasing public awareness of the snooping and this in turn is driving IT vendors to double down on efforts to improve and extend encryption efforts to enhance data privacy.

"Whether implementing stronger encryption algorithms or adding it where it wasn't previously used, vendors are raising the bar for attackers (good and bad) attempting to orchestrate data breaches" says Michael Sutton, …