Posts Tagged ‘attack’

LaCie customers hit by data breach

LaCie customers hit by data breach

Storage specialist LaCie has warned customers of a data breach which has resulted in ne’er-do-wells making off with usernames, passwords and credit card details.

Storage specialist LaCie has warned customers of a major data breach that may have compromised their personal data used for purchases between March 2013 and 2014.

The hole in the company’s servers is not, it has been quick to reassure customers, indicative of the security of its storage products in general; no customer data stored on the company’s cloud services or network-connected storage devices is thought to be involved in the breach. Rather, the attack targeted the company’s ecommerce system, making off with transaction information for purchases made in the last year.

On March 19, 2014, the FBI informed LaCie that it found indications that an unauthorised person used malware to gain access to information from customer transactions that were made through LaCie’s website,‘ the company explained to customers in a statement made nearly a month after it was alerted to the breach. ‘We believe that transactions made between March 27, 2013 and March 10, 2014 were affected. The information that may have been accessed by the unauthorised person may include customers’ names, addresses, email addresses, and payment card numbers and card expiration dates. Customers’ LaCie website user names and passwords could also have been accessed, which is why we required a reset of all passwords.

LaCie has not confirmed how the data was stored; while credit card information should be encrypted, password are better stored as salted one-way hashes which become much harder for an attacker to crack. Either way, those with LaCie accounts are advised to change their passwords, both on the LaCie service itself and anywhere else where the same or similar password was used, and to keep a close eye on their credit card statements for unauthorised activity.

As a precaution, we have temporarily disabled the ecommerce portion of the LaCie website while we transition to a provider that specialises in secure payment processing services,‘ the company added. ‘We will resume accepting online orders once we have completed the transition.

Article source:

Article source:

DayZ Standalone Early Access Review

DayZ Standalone Early Access Review

Price: £19.99
Developer: Bohemia Interactive
Publisher: Bohemia Interactive
Date Tested: 26/03/2014

DayZ Standalone Early Access Review DayZ Early Access Review

Note: Early Access Reviews are critical appraisals of games still in development which are charging money for player access to their alpha and beta stages. This review is intended to give you an idea of whether the game is currently worth investing in, but without offering a final verdict.

Take a cursory glance at DayZ and it appears little has changed in the four months since release. The major content Bohemia are planning for the mod; namely vehicles, craftable bases, and broader communication channels such as radios, are still a long way from being added. Investigate a little further, however, and you’ll discover that significant changes have been made, but they’re many and small rather than large and few.

For example, rain was added about a month ago, and now players can catch the water droplets in their canteens, making it ever so slightly easier to acquire this vital resource. In addition, players can aim their guns while sat down, enabling them to sit around a campfire with friends without completely compromising their safety, or keep watch over player prisoners in a more casual, more disturbing manner.

DayZ Standalone Early Access Review DayZ Early Access Review

There are lots of different little channels that feed into DayZ’s remarkable success since it debuted on Steam Early Access at the end of last year. But one of them is this detailed way in which players can interact with their environment and the other players they encounter in post-apocalypse Chernarus. It’s this granularity of experience which Bohemia have been chasing since the Standalone release.

To understand the importance of this, it’s necessary to grasp the basis of what DayZ is, and the developer’s intent behind it. For all its layers of complexity, your ultimate goal when playing DayZ is the most basic possible. Stay alive. Do not die. See that bucket? Avoid kicking it. This is done by seeing to your needs, avoiding the zombies scattered around the environment like organic litter, and performing the delicate and potentially deadly social dance with fellow survivors you’ll inevitably encounter during your travels.

Your objective may be simple, but achieving it is anything but. Resources are scarce, and you require lots of food and water just to keep your body functional. The first hour or so of a DayZ life are a half-terrifying, half-gleeful rush as you frantically scour the nearest village for supplies, interspersed with moments of bravely running away from the prowling zombies.

DayZ Standalone Early Access Review DayZ Early Access Review

If you’re very lucky you might find enough food and water to keep you healthy. More typically you’ll either bleed to death after being attacked by your first zombie, or find nothing but rotten food, eat that in desperation, become sick, and spend the next half hour hopelessly searching for the right medication before ultimately collapsing. This is of course an entirely hypothetical scenario and definitely not what happened to me in my first and second lives.

Learning how to cope in this extremely harsh environment is a big factor in what makes DayZ so compelling. So is learning how to navigate it. Modern games are obsessed with keeping the player oriented, ensuring they always know where they are and where they are going, and there’s something about the challenge of being lost in a wilderness that is paradoxically liberating. The moment you first find a map in an abandoned car or inside a petrol station is breathlessly exciting. Then comes the puzzle of figuring out where you are on it, googling the Russian alphabet so you can translate the town signs written in Cyrillic to match them with the map names scribed in English.

DayZ Standalone Early Access Review DayZ Early Access Review

It helps that Chernarus is an incredible foundation for a game like this. Its sweeping vistas, highly realistic terrain, foreboding climate and dilapidated Baltic settlements all contribute to the sense that this is a world where nature has wrested control back from humanity, but also as a place where hope still lingers. Trekking through one of DayZ’s many forests, watching the sunlight shaft through the canopy, listening to your plodding footfall and the twittering birds in the trees is an oddly relaxing experience, providing relief between frantic zombie combat and tense encounters with other survivors.

Article source:

Article source:

NSA denies prior knowledge of Heartbleed vuln

NSA denies prior knowledge of Heartbleed vuln

The US National Security Agency has denied any knowledge of the OpenSSL Heartbleed vulnerability prior to it going public, stating it is biased towards responsible disclosure.

The US National Security Agency (NSA) has denied claims that it knew about the Heartbleed vulnerability in OpenSSL before it was made public, claiming that it is biased towards seeing such flaws fixed for the greater good than keeping its knowledge a secret to further its intelligence gathering programmes.

The NSA has been in the limelight of late thanks to revelations by former contractor turned whistleblower Edward Snowden, the source of evidence showing the NSA has been overreaching its charter with massive surveillance programmes against both US and foreign nationals. Documents leaked by Snowden included claims that the NSA works closely with major companies to gain back-door access to code and data, and even works to weaken commercial security products by recommending known-weak ciphers and random number generators.

When news of the Heartbleed vulnerability in popular cryptography library OpenSSL broke last week, many wondered if the NSA was aware of the flaw. Present in the OpenSSL codebase since 2011 and in the wild since 2012, the Heartbleed vulnerability has been proven to leak private keys – allowing the decryption of encrypted traffic, something the NSA captures and stores for several years as part of its intelligence activities.

Many in the industry had wondered why the NSA captured and stored encrypted traffic with no known way to decrypt it, but the Heartbleed bug means that the NSA – or any other attacker – could easily retrieve the private keys required to unlock the encrypted traffic. Suddenly, the NSA’s trove of scrambled data made a lot of sense – leading many to claim on sites like Bloomberg that the NSA knew of Heartbleed and had been exploiting the vulnerability for years.

The NSA has, naturally, denied this. ‘Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong,‘ the Office of the Director of National Intelligence has stated. The denial has been followed by claims made to The New York Times that the NSA and other US intelligence agencies follow a process ‘biased toward responsibly disclosing such vulnerabilities.

The same article, however, quotes officials as admitting that while President Barack Obama has instructed the NSA and other agencies to follow responsible disclosure practices when flaws are found, there exists a loophole which allows vulnerabilities to be withheld for future exploitation if there is a ‘clear national security or law enforcement need‘ – something critics claim could well have applied to knowledge of the Heartbleed vulnerability, given the NSA’s corpus of encrypted data.

The Heartbleed vulnerability is still being patched, with sites affected by the flaw having to upgrade to a newer release of OpenSSL and revoke and replace their certificates before users can safely change their passwords and, where available, enable two-factor authentication.

Article source:

Article source:

Web hit by OpenSSL ‘Heartbleed’ vulnerability

Web hit by OpenSSL 'Heartbleed' vulnerability

Versions of cryptographic library OpenSSL since 2012 are vulnerable to the ‘Heartbleed Bug,’ which allows an attacker to silently steal the contents of system memory.

Security researchers have released details of a serious vulnerability in the popular OpenSSL cryptographic library which exposes encrypted internet services to information disclosure attacks.

Continuing a terrible year for information security, what with the verification flaw in GnuTLS and Apple’s infamous goto fail bug, the OpenSSL project has confirmed that versions of its software since 2011 have held a serious vulnerability which has been dubbed the ‘Heartbleed Bug,’ and which can be used to read a system’s memory remotely – gathering secret keys which can then be used to decrypt previously-transmitted information.

It’s a serious flaw; OpenSSL is the standard library for driving SSL and TLS encryption in a variety of software packages and information appliances; Apache and nginx, two of the most popular server packages around accounting for an estimated 66 per cent of all web servers, use OpenSSL; the library is also commonly used in other encrypted systems such as virtual private network (VPN) appliances, point-of-sale (PoS) systems and messaging servers.

The Heartbleed Bug works by exploiting the heartbeat extension of the Transport Security Layer (TLS) protocol; attackers are able to read unlimited system memory in 64KB chunks, with exploitation leaving no trace on the system. These memory chunks can be reassembled and analysed to gather usernames, passwords, encryption keys, and other privileged information which should not be exposed to the public.

The OpenSSL project has confirmed that the code responsible for the flaw has been present in its software since 2011 and available to the public since the release of OpenSSL 1.0.1 in March 2012. Since then, the 1.0.1 branch has become widespread, shipping by default with numerous operating systems including Ubuntu Linux and OpenBSD. While the project has released a fixed version, OpenSSL 1.0.1g, this will take time to distribute – leaving servers with less proactive admins vulnerable to attack.

Ironically, those who have not upgraded in a while may be protected against the flaw: the older OpenSSL 1.0.0 and 0.9.8 branches are unaffected, having been frozen before the bug was introduced.

More details of the flaw are available at

Article source:

Article source:

Microsoft warns of Word zero-day vulnerability

Microsoft warns of Word zero-day vulnerability

Microsoft Word’s handling of rich-text files (RTFs) has been found to have a serious code execution flaw which is under active attack, with no true patch yet available.

Microsoft has warned customers of an as-yet unpatched zero-day vulnerability in its Microsoft Word and Outlook packages, which is under active attack to take control of targeted systems.

The flaw, described in Security Advisory 2953095, relates to how both Word and Outlook deal with rich-text format (RTF) content. Typically safe from the malware and viruses that have plagued the company’s own .DOC format, ne’er-do-wells have discovered a means of embedded executable code within an RTF which is then run under the privilege level of the currently logged-in user when the file is opened in Word or automatically loaded in the preview pane of Outlook.

That latter functionality is what gives real cause for concern: because Outlook versions since 2007 automatically parse RTF content and display it in-line within the preview pane, users can be exploited simply by opening an email – bypassing the usual need for the user to manually open the attached file. This does, however, only work if the system is configured to use Microsoft Word as the email viewer.

At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010,‘ Microsoft’s Dustin Childs has confirmed in a statement to users. ‘We continue to work on a security update to address this issue. We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect our global customers.

Although the targeted attacks currently concentrate on Word 2010, Microsoft has confirmed that the flaw exists in Word 2003, 2007, 2010, 2013, 2013 RT, Word Viewer, the Office Compatibility Pack, Office for Mac 2011, the Word Automation Services plugin for SharePoint Server 2010 and 2013, and Office Web Apps 2010 and 2013. The chances of anyone in an office environment not having one or more of the above installed, then, are slim – making this a serious issue.

Currently, there is no patch available. To keep users protected while a more permanent fix is developed, Microsoft has released a Fix It which disables the loading of RTF content into Microsoft Word – closing the hole, but also making it impossible to work with the cross-platform document standard until the flaw is fixed properly.

Article source:

Article source:

Corsair Raptor K40 Review

Corsair Raptor K40

Manufacturer: Corsair
UK Price: £52.99
US Price: $49.99

Although mechanical keyboards have dropped in price significantly in recent years, you still have to pay quite a premium for one with backlighting and other ‘gaming’ features. That’s where the likes of the Corsair Raptor K40 come in. This keyboard eschews mechanical keys in favour of multi-colour backlighting, extra programmable keys and multimedia keys, all while keeping the price just a speck over £50.

Corsair Raptor K40 Review
The Corsair Raptor K40 may look just like its more expensive siblings, the Corsair Vengeance K90, K70 and K65, with its black base, non-sunken keys and silver trim, but it’s different in one crucial way: it doesn’t feature any aluminium in its construction. The Vengeance line incorporate, to various degrees, hefty slices of brushed aluminium to give a nice premium feel. In contrast the K40 is all plastic, with its silver section being painted on.

Otherwise it’s a smart-looking well put together keyboard. The black and silver combination looks great and there’s a nice consistency to the matt finishes used – fingerprints on shiny surfaces won’t be a problem here. There’s a bit of flex if you pick it up and twist it but set flat on a table or lap it provides a secure typing surface.

Corsair Raptor K40 Review
The K40’s cable is 2m long, which is plenty, but isn’t braided and there are no routing options, with it projecting straight out the middle of the back. Meanwhile underneath there are the standard pair of extendable feet for raising the keyboard’s angle of attack. No wrist rest – squishy or otherwise – is included.

In terms of features you’ve got pretty much everything here. There are six dedicated macro/gaming keys, full adjustable backlighting that can be set to one of 16.8million colours and of course there are multimedia controls too.

Corsair Raptor K40 Review
The macro keys are ranged down the left edge, where they’re reasonably convenient. We sometimes find that we place our hands incorrectly when extra keys are added here – after all, by habit the pinky always goes on the bottom left most key – and so it is with this keyboard but with practice you learn to avoid this.

The backlighting is very good quality. Corsair has managed to ensure there is absolutely no backlight bleed from this keyboard, which makes for a very neat effect. In contrast the backlighting from, in particular, most mechanical-switch keyboards tends to flood out from underneath the keys, illuminating the base of the keyboard. This somewhat dents the visual appeal of them. This is something that particularly effected the stealthy credentials of the CM Storm Quick Fire TK Stealth for instance.

Corsair Raptor K40 Review
You can of course adjust the backlighting too. There’s a button on the top right edge of the keyboard for adjust intensity, with it cycling through four different levels, including off. For changing the colour you’ll have to download, install and open up the driver.

The 16.8 million colours can be adjusted via RGB sliders, picking from a selection of eight predefined colours or using the full colour chart. There’s also the option to have the ‘true colour’ or the nearest equivalent with maximum brightness. The lighting can also be set to pulse on and off or cycle through the colours, with a further option to have these come on only when the keyboard is idling. It’s an impressively comprehensive selection of options, though the one obvious missing feature is individual or zonal lighting – here it’s all or nothing.

Corsair Raptor K40 Review

We do have one further complaint about the backlighting, which is that it isn’t all that bright, particularly when viewed from a slight angle (i.e. the angle you type at). It’s sufficient for most scenarios but is noticeably dimmer than, for instance, the Logitech G710+. Not that we can think of a circumstance where this would be much of a problem but the point stands.

Article source:

Article source:

May the ‘Star Wars’ March Madness be with you!

Yoda, R2-D2, Darth Vader, Chewbacca, and Boba Fett return to compete in This is Madness: The Star Wars Character Tournament 2014.

Screenshot by Leslie Katz/CNET)

Yoda triumphed last year as the most popular “Star Wars” character, but who will win this year’s geekiest bracket tournament in the galaxy? Darth Vader, R2-D2, Admiral Ackbar, Princess Leia, Han Solo, Chewbacca, Yoda, and other fan favorites compete for fan votes in This is Madness: The Star Wars Character Tournament 2014, which started earlier this month and runs through April 7.

Upgrades to this year’s online competition include real-time voting results, social-media sharing functionality, and new character divisions such as Rebels, Jedi, Scoundrels, Republic, Empire Separatists, Sith, Bounty Hunters, and Underworld. There’s also an “Attack of the Play-Ins” round, which allows four wild cards to enter the main tournament.

To kick off this year’s fan-voted competition, Jedi Master Yoda spoke exclusively with ESPN SportsNation’s Max Kellerman about his championship win last year, his thoughts on this year’s tournament, and more.

“Excited I am, to defend my title,” Yoda said of this year’s competition. “New divisions and entrants there are. Make the tournament even better, they will. Fun, it will be, to see who wins.”

Fans can visit This is Madness: The Star Wars Character Tournament 2014 daily to vote on new matchups. May the best character prevail.

Article source:

High-tech electronic headband may help prevent migraines

While the manufacturer has not yet released a price point for the US, the device will set you back $300 in Canada.


If you’re among the roughly 10 percent of people who suffer from migraines, there’s a new device on the market that could help prevent those debilitating headaches in the first place.

Made by Cefaly Technology in Belgium, the device, simply called Cefaly, is an electronic headband that sits over the ears and across the forehead, just above the eyes. A self-adhesive electrode sends an electric current to the skin and the tissue just beneath it to stimulate a nerve (the trigeminal) that Cefaly says has been associated with migraines.

Though the Food and Drug Administration just approved the device today, to be used by prescription only and for no more than 20 minutes a day, it’s already available in other countries — including Canada, where it costs $300.

The FDA says it approved Cefaly because of a clinical trial in Belgium showing that, of the 67 participants who suffered through migraines at least twice a month and hadn’t taken meds for the headaches in the three months leading up to the study, those who used Cefaly spent “significantly fewer” days dealing with migraines than those using a placebo device.

Cefaly Technology also points to a study it conducted involving 2,300 users in Belgium and France, in which it found that 53 percent of participants reported being satisfied enough to buy one. And while a coin toss may not seem terribly impressive, and some users complained of sleepiness during the treatments and headaches after, it’s no small feat that more than half the participants liked it enough to want to buy it.

Perhaps the best finding is that no serious side effects have yet to be associated with the headband.

“This device is a promising step forward in treating migraine headaches, as it addresses an important part of what we believe triggers and maintains a migraine attack,” Dr. Myrna Cardiel, a clinical associate professor of neurology at NYU Langone Medical Center and NYU School of Medicine, told HealthDay. She added that the 53 percent positive rating is on par with “most oral migraine preventive medications.”

Cefaly Technology should be coming out with more purchasing details soon. Meanwhile, check out the device in action in the promo video below:


Article source:

Return to Jedi Academy in Jeffrey Brown’s new ‘Star Wars’ book

In Jedi Academy: Return of the Padawan, best-selling author and artist Jeffrey Brown shows us what student life is like in a middle school in a galaxy far, far away.

In “Jedi Academy: Return of the Padawan,” best-selling author and artist Jeffrey Brown shows us what student life is like in a middle school in a galaxy far, far away.

Scholastic Books)

Gamorrean Guards serving school lunch? Students trying to master the Force? Alien poetry tests? Writer and artist Jeffrey Brown’s New York Times best-seller “Jedi Academy” gets a sequel with “Jedi Academy: Return of the Padawan” from Scholastic, due to hit stores on July 29.

When the book’s main character, student Roan Novachez, returns to Jedi Academy for a second year, he thought it would be easier. But his problems are just starting. He’s not the expert pilot he hoped he’d be. He’s feeling more distant from his friends. And when bullies decide to let him into their inner circle, he wonders if that’s a good thing or a something much worse. Not all the lessons learned at Jedi Academy are about lightsabers.

In this book cover reveal, one thing is clear. No one wants a school lunch that looks like it might attack at any moment. According to the book’s description on, fans can look forward to a food fight in the book. Hopefully, the students win and not their lunches.

“Jedi Academy: Return of the Padawan” encompasses what it’s like to be an awkward kid in middle school with a sense of humor, as well as Brown’s popular sketches, comics, and illustrations.

Brown is also known for his best-selling “Star Wars” kids books “Darth Vader and Son” and “Vader’s Little Princess,” and the upcoming book “Goodnight Darth Vader.”

Article source:

Outrun daleks in the Doctor Pacman Flash game

Screenshot by Leslie Katz/CNET)

Play a Time Lord version of Pac-Man complete with a pixilated bow tie in this fan-made Flash game Doctor Pacman — made by Ruben P. Vargas from Rarity Workshop. Ghosts Blinky, Pinky, Inky, and Clyde (renamed Caan, Thay, Jast, and Seec) are replaced with their corresponding colored daleks.

As Doctor Pacman, you must gobble the sonic screwdriver to disable the daleks and make them vulnerable to attack. When the daleks are in attack mode again, they chant “exterminate” over and over as they chase your Time Lord, who runs around the Tardis, just like in “Doctor Who.”

The game isn’t fancy, but it does use Pac-Man sound effects as well as a nifty 8-bit “Doctor Who” theme song.

Play the game and see if you can outrun the daleks before it’s too late. Once you’ve mastered Doctor Pacman, try another fan-made “Doctor Who” game, Dalek Invaders.

(Via Cult Box)

Article source:

Categories: News Tags: , , , , , , , , ,