Hack most likely not the reason Chinese traffic bombarded US addresses

Network and security experts are still trying to nail down the cause of an outage on Tuesday that briefly redirected huge amounts of China's Internet traffic to US destinations.

The incident left a large portion of China's 500 million Internet users unable to visit websites ending in .com, .net, and .org. Requests for addresses ending in those top-level domains were instead sent to IP addresses operated by US-based Dynamic Internet Technology or, according to The New York Times, a 1,700-square-foot house in Cheyenne, Wyoming.

Local officials in China said the incident was the result of a malfunction in the country's domain name system. They called on authorities to do more to protect China's DNS servers. US-based security researchers, however, said a DNS outage or hack was most likely not the cause. A public DNS server operated by Google returned the same faulty IP addresses generated by China's official servers, these researchers said. They pointed out that Dynamic Internet Technology operates services designed to circumvent China's censorship regime, which is often referred to as the Great Firewall of China (GFW).

Read 2 remaining paragraphs | Comments


Cisco Releases Multiple Security Advisories

Original release date: January 22, 2014

Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow a local unauthenticated user to execute arbitrary commands with escalated privileges or cause a denial-of-service (DoS) condition. These vulnerabilities affect the following:

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply any necessary updates to help mitigate these vulnerabilities.

This product is provided subject to this Notification and this Privacy & Use policy.

Speech recognition hack turns Google Chrome into advanced bugging device

Users of Google's Chrome browser are vulnerable to attacks that allow malicious websites to use a computer microphone to surreptitiously eavesdrop on private conversations for extended periods of time, an expert in speech recognition said.

The attack requires an end user to click on a button giving the website permission to access the microphone. Most of the time, Chrome will respond by placing a blinking red light in the corresponding browser tab and putting a camera icon in the address bar—both indicating that the website is receiving a live audio feed from the visitor. The privacy risk, according to a blog post published Tuesday, stems from what happens once a user leaves the site. The red light and camera icon disappear even though the website has the ability to continue listening in.

In this demonstration video, a site given permission to access the microphone continues to record all sounds within earshot of the computer with no clear indication of what's happening. From there, Israeli researcher Tal Ater said, the audio is sent to Google for analysis before being sent to the site that made the request. Once permission has been granted, Chrome can be programmed to begin recording only after certain keywords—say, "Iran" or "National Security Agency"—are uttered.

Read 5 remaining paragraphs | Comments


The 25 Worst Passwords Of 2013 – “password” Is Not #1

The worst passwords of 2013 – really, more like the most common. The majority come from the massive Adobe leak, which contributed over 40 million passwords and skewed the data a fair bit pushing “photoshop” and “adobe123″ into the list. Most of them are no surprise though, we published the top 10 most common passwords...

Read the full post at darknet.org.uk