Archive

Posts Tagged ‘ip address’

Home networking explained, Part 9: Access your home computer remotely

February 22nd, 2014 No comments


LAN vs. WAN

Knowing the difference between LAN and WAN will do you a lot of good.


(Credit:
Dong Ngo)

Editors’ note: This post is part of an ongoing series, check Related Stories below for the previous parts.

If you’ve been following this series, you’ll know that I explained the LAN and WAN ports on a home router in part 1. And now, I need to tell you how you can use this information to remotely access your device at home. For example, if you know how to use Remote Desktop, a built-in feature of Windows, to control a computer in a different room of your home, how about doing that from somewhere away from home, and save yourself from having to pay for similar services such as Logmein or GotoMyPC?

That and a lot more are totally possible if you know how to configure your home router. And to do that, there are a few things that you need to understand, including, WAN, LAN, Dynamic DNS, and Port forwarding (aka Virtual Server). While all this might seem overwhelming and technical, it’s quite easy if you’re familiar with a router’s Web interface. Indeed, it makes a great weekend project and the result is rewarding. Just make sure you always back up your router’s settings before making any changes.


Its easier to access your home computer remotely than you might have thought.

It’s easier to access your home computer remotely than you might have thought.


(Credit:
Dong Ngo/CNET)

WAN
WAN stands for Wide Area Network and is the IP address giving to you by the Internet service provider. This address is unique on the Internet at any given time. At home, when you have a home network with multiple devices, such as
tablets, computers and so on, the WAN IP address is signed to your router, which explains why all routers have a WAN (or Internet port). This the port that takes in the WAN address. So in other words, the WAN address is unique for each home (or office) network. In most cases, for a home or an office, a computer doesn’t get to use the WAN IP address, which stays with the router.

Note: it’s IPv4, I’m talking about here. While IPv6 is available, virtually all consumer-grade Internet applications and services still use or support IPv4. And this is going to be the way things are for the foreseeable future.

LAN
In order for each device, such as a computer, to connect to the router (hence the Internet) it has to have an IP address of its own. This IP address is a LAN (or Local Area Network) address that the router has assigned to the connected devices. The router retains the WAN IP for itself and shares that Internet connection to all devices connected to it. It does it using a function called NAT (or network address translation). You don’t need to know about NAT, it’s just a methodology primary used today to conserve the limited amount of IP addresses of the IPv4. With NAT, a home router can use just one WAN IP address to bring the Internet to up to 254 clients.

To understand the different between a WAN and a LAN IP address, just imagine WAN is the street number of an apartment building and LAN is the apartment number of a home within that building. Different apartments can have the same numbers, but their street addresses (WAN) are always unique.

Dynamic DNS
If you are at home right now, from your computer go to whatismyipaddress.com — what you see there is your WAN IP address. Now if you travel away from home, that IP address what you can use to access your home. In fact if you have your router’s remote management feature turned on, that IP address is what you need to access your router remotely.

Note: For security reasons, if you decide to turn on the remote management feature of your home router (also known as Web Access from WAN), which is generally accessible in the Administration or System part of a router’s Web interface, make sure you change the default admin password to something secure, and also consider changing the port number to something other than the default (which is 8080).

Now remembering that WAN IP address is not easy, and on top of that, most residential broadband plans come with a dynamic WAN IP address that changes periodically. It’s better to translate that address into somethingconstant and easy to remember. To do this, you use a Dynamic DNS (DynDNS or DDNS) service. A lot of vendors, such as Asus, Synology offer this service for free and it can be activated from within their networking devices. You can always use DynDNS.org, too.


Its easy to associate a Dynamic DNS to your home network, router such as this this one from Asus even includes free Dynamic DNS service.

Dynamic DNS from Asus


(Credit:
Dong Ngo/CNET)

A DynDNS service allows you to create a custom domain, such as myhome.homefpt.net or cnettemp.homeip.net, something much easier to remember than a string of numbers and dots. The actual name of this domain depends on availability and, like all domains, once created is unique on the Internet. After a custom domain has been created, there are a few ways you can associate it to a WAN IP address: by running a DynDSN client on a computer within your home network; attaching it to a NAS server within your home network; or assigning it to the home router. Most, if not all, home routers come with the ability to host a Dynamic DNS address, which can be managed using its Web interface (for more, check out part 5.)

That said, for example, if you have picked myhome.homefpt.net as your DynDNS address and use the 8080 port for your router management feature. When you’re away from home, you can just point a browser to myhome.homefpt.net:8080 to access your router’s Web interface and mange your home network remotely. This works with almost all home routers, except for those from Apple.


When configured properly with a Dynamic DNS service, you can remotely access your home computer as though you were at home in the same local network.

configured properly with a Dynamic DNS service


(Credit:
Dong Ngo/CNET)

Port forwarding
Now that you can access your home router, the second part is going past the router and accessing a particular client on your home network (i.e., a computer). In reality, this means remotely accessing a service hosted by that. To do this, first you need to activate that service on the particular computer (that is, make sure the Remote Desktop feature is enabled on the computer), and then configure the router to forward that service’s port to that computer involved. Most services have their own default port. As mentioned above, the default port number of a router remote management is 8080. Similarly, the default port for the Remote Desktop service is 3389.

In many routers, the port forwarding feature is also called Virtual Server. It basically require you to type in the computer’s local IP address, the port number (or port range) and save that configuration. To continue with our example of Remote Desktop, if your Windows computer has the local IP address of 192.168.1.100, then forwarding the port 3389 to this IP address will allow you to control it using Remote Desktop from anywhere in the world, using the DynDNS address the router has been associated with. Note that while the Remote Desktop client software is available for all Windows (and downloadable for Macs), only machines running the Pro, Business or Ultimate editions of Windows can be used as the target for a Remote Desktop connection.


Heres a typical example of the Port forwarding setting for Remote Desktop within a routers Web interface.

Here’s a typical example of the Port forwarding setting for Remote Desktop within a router’s Web interface.


(Credit:
Dong Ngo/CNET)

That said, with DynDNS, you can run a lot of services from home. Here are a few default ports and their services: 80 (HTTP, for a web server), 3389 (Remote Desktop), 21 (FTP, for a FTP server).

Note that, a computer’s local IP (LAN) address can also change after a restart. To make it remains the same, you can use the IP (or DHCP) Reservation feature of the router.

That’s it for now. If you have more questions, send them to me via Facebook, Twitter, or just post them in the comments section below.

Article source: http://feedproxy.google.com/~r/cnet/pRza/~3/EdNp7dUMA38/

Time Lord cats, drones: Tumblr’s newly updated policies entertain

February 6th, 2014 No comments

Tumblr warns bloggers not to mislead readers with tags about Doctor Who and cats unless it is indeed both, perhaps like this Doctor Mew art by Jenny Parks.

Tumblr warns bloggers not to mislead readers with tags about Doctor Who and cats unless a post indeed relates to both, perhaps like this Doctor Mew art by Jenny Parks.


(Credit:

Jenny Parks
)

Blogging communities are often full of trolls and ruiners-of-fun, so legal documents like terms of service, community guidelines, and privacy policies are standard not only to protect users, but also to protect companies from an army of lawyers descending on their doorsteps.

Popular blogging site Tumblr is no different in that it posts these documents and updates them regularly, just as any community-driven site would. However, they also reflect the personalities of their users in the most entertaining way possible.

Tumblr’s privacy policy, terms of service, and community guidelines, modified on January 27, are not only informative but also full of funny advice and positive affirmation for Tumblr users.

The humor begins in Tumblr’s terms of service document, which hilariously reminds users that they actually do have to be a certain age to use the site. Under “eligibility” the site says: “You have to be at least 13 years old to use Tumblr. We’re serious: it’s a hard rule, based on U.S. federal and state legislation. ‘But I’m, like, 12.9 years old!’ you plead. Nope, sorry. If you’re younger than 13, don’t use Tumblr. Ask your parents for a
PlayStation 4, or try books.”

Tumblr’s updated community guidelines contain a warning, under “spam,” not to mislead readers into reading a blog about cats by luring them in with “Doctor Who” hashtags.

“Don’t spam people. Don’t make spammy posts, don’t post spammy replies, don’t send people spammy messages. Be a regular human. Don’t put tags on your posts that will mislead or deceive searchers. For example, don’t tag a photo of your cat with ‘doctor who’ unless the name of your cat is actually Doctor Who, and don’t overload your posts with #barely #relevant #tags.”

Even drones get an ominous mention in the Tumblr privacy policy under “location information”: “Tumblr may determine your location by using drone technology and live video feeds. Ha ha, no, we just check out your IP address or any location data you attach to a post. Normal stuff.”

Most notably in Tumblr’s community guidelines, there’s a funny shout-out to British actor Benedict Cumberbatch, whose fans often dominate Tumblr with blogs dedicated to everything from Cumberbatch and otters to Cumberbatch running away from laser cats — (the latter of which, full disclosure, I actually run.)

Here’s what it says on Tumblr’s community guidelines under “confusion or impersonation”: “Don’t do things that would cause confusion between you or your blog and a person or company, like registering a deliberately confusing URL. Don’t impersonate anyone. While you’re free to ridicule, parody, or marvel at the alien beauty of Benedict Cumberbatch, you can’t pretend to actually be Benedict Cumberbatch.”

Blog all you want about quot;Sherlockquot; actor Benedict Cumberbatch all your want on Tumblr, just don't pretend to be him.

Blog all you want about “Sherlock” actor Benedict Cumberbatch all your want on Tumblr, just don’t pretend to be him.


(Credit:
BBC One)

But it’s not all about geeky references to Time Lords, cats, Cumberbatch, and drones. Tumblr wants to suggest we all be better people and proudly show off our interests, no matter how nerdy.

Under “native actions” in its privacy policy, Tumblr writes: “Reblogs, Likes, and Replies are a matter of public record, so if you’re truly ashamed of your desires it’s best to keep them to yourself. But why? Be proud of who you are. You’re beautiful. We’re looking you in the eyes and telling you how beautiful you are.”

Lastly, under “Non-Genuine Social Gesture Schemes” in its community guidelines, Tumblr even offers some advice we should all remember.

“Don’t participate in schemes to drive up non-genuine Follows, Likes, Reblogs, etc. Don’t orchestrate or engage in ‘follow trains,’ where users are encouraged to follow lists of other users to gain more followers for themselves. Don’t make bulk or indiscriminate use of messaging features, like Fan Mail or Asks, to, for example, bait Reblogs/Follows or drive traffic to your blog or website. If you want people to like you, just play it cool and be yourself.”

(Via Whoviam-i-kidding Tumblr Blog)

Article source: http://feedproxy.google.com/~r/cnet/pRza/~3/ElboJ0MSuow/

Pogoplug launches Tor-powered Safeplug

November 25th, 2013 No comments

Pogoplug launches Tor-powered Safeplug

The Safeplug, Pogoplug’s latest low-power Linux-based network appliance, is designed to route all internet access over the anonymising Tor network.


Pogoplug, famous for its self-hosted cloud devices, has thrown its hat into the security and privacy ring with the launch of the Tor-powered Safeplug network appliance.

Powered by an embedded Linux installation, as with the company’s eponymous Pogoplug cloud storage products, the Safeplug is designed to be connected to a home network router in order to encrypt and transmit all software across the Tor network. Also known as The Onion Router Project, Tor aims to improve privacy by causing a user’s web traffic to appear to originate from random IP addresses using a network of peer-to-peer nodes.

The technology isn’t without its flaws, with traffic vulnerable to being spied upon by a malicious network exit node if full end-to-end encryption is not in use, but is generally considered to be a useful means of improving privacy online – especially in nations like China, where it can be used to evade state monitoring and censorship.

Setting Tor up on a desktop or laptop isn’t terribly difficult for a reasonably technical-minded user, but support for the burgeoning smart devices market is less common. That’s where Pogoplug’s Safeplug comes in: connected to the router and correctly configured, the device sends all network traffic – regardless of originating device – over the Tor network invisibly and silently. Whether it’s a desktop, a smartphone or even a network-connected TV or Blu-ray player, the system will route its traffic via Tor – and, in a move that’s likely to garner criticism, also filter out web-based advertising as an added bonus. For those who wish to expand the Tor network, the Safeplug can also be configured as an exit node – with the warning that some exit node operators have had their equipment seized by law enforcement officials during investigations into illegal material transmitted over the Tor network.

Most users who write reviews, share information about their work place, or post responses to blog posts do not realise that their IP address is the only information needed to pinpoint their exact physical location with a shocking degree of accuracy,‘ claimed Daniel Putterman, Pogoplug’s co-founder and chief executive, in a somewhat over-zealous sales pitch at the launch. ‘Consumers have a right to keep their home addresses and browsing details private, especially from unknown agencies. Safeplug is the first plug-and-play product that instantly protects consumers by restoring web and location privacy.

The company is currently selling the Safeplug directly from its website in the US for $49 (around £30 excluding taxes) with no word yet as to UK availability.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/Bol6S9TevyE/1

Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/0qTlpk0sZTc/

Miss Teen US named in sextortion case

September 27th, 2013 No comments

(CNN) — A college student was arrested Thursday for allegedly hijacking the webcams of young women — among them reigning Miss Teen USA Cassidy Wolf — taking nude images, then blackmailing his victims to send him more explicit material or else be exposed.

Jared James Abrahams, a 19-year-old computer science student from Temecula, California, surrendered on Thursday to the FBI on federal extortion charges, the agency announced. Authorities say he victimized young women surreptitiously, by taking control of their computers then photographing them as they changed out of their clothes.

Abrahams appeared in court later in the day, then was released “on intensive pretrial supervision and home detention with electronic monitoring” after his parents signed bond agreements totaling $50,000, FBI spokeswoman Lourdes Arocho said. U.S. District Judge Jean Rosenbluth ruled that he could use a single desktop computer at his parents’ home for school only, albeit only after monitoring software is applied.

When he admitted what he’d done in June, Abrahams said he had 30 to 40 “slave computers” — or other people’s electronic devices he controlled — and has had as many as 150 total, according to a criminal complaint.

His arrest came six months after a teenager identified in court documents as C.W. alerted authorities. She has since publicly identified herself as Cassidy Wolf, the recently crowned Miss Teen USA. She touted news reports of her alleged tormenter’s arrest on her Twitter feed.


How easy are you making it for hackers?

At the time she contacted police, in March, Wolf was not a national figure — even though she was Miss Teen California — and lived in an apartment and attended Orange Coast College in Costa Mesa.

Wolf got a Facebook alert that someone had tried to change her password to the social networking site, then noticed other passwords had been changed and that her Twitter avatar was now a half-nude picture of herself.

A short time later, she received what would be the first of many messages, this one featuring pictures of Wolf at her Riverside County address and others apparently taken months earlier when she lived in Orange County, says the criminal complaint. The message explained “what’s going to happen” if Wolf didn’t send pictures or videos or “do what I tell you to do” in a five-minute Skype videoconference, according to the criminal complaint.

“Either you do one of the things listed below or I upload these pics and a lot more (I have a LOT more and those are better quality) on all your accounts for everybody to see and your dream of being a model will be transformed into a pornstar (sic),” he wrote.

Recalling that day, Wolf told NBC’s “Today” show she started “screaming (and) bawling my eyes out.”

“I wasn’t sure what to do,” she said in August, shortly after her Miss Teen USA win. “So it was terrifying.”

The messenger had taken great efforts to hide his online identity. But investigators were eventually able to find corresponding e-mails, IP addresses and other communications they linked to Abraham. They also tied him to online forums asking about malware, how to control webcams, and hacking into Facebook accounts.

Investigators also linked him to at least eight other young women — some of them, like Wolf, from Southern California, though others were from as far away as Moldova. The victims told authorities similar stories: of a person they did not know saying, and in some cases proving, he had nude images and making demands as a result.

The stalker claimed to have 1,000 photographs of one woman, the complaint said. When she asked, “Why are you doing this to me?” the response was, “I told you I’ll answer any questions after you Skype.”

As an FBI agent was speaking by phone to this young woman, she logged onto her Instagram account to find it populated by nude pictures of her, the complaint said.

A few young women apparently complied with the demands for a Skype session. The man promised not to record the sessions and he made it look like he was erasing the nude pictures of them. One such session was found on the suspect’s phone, police said.

Foul-mouthed hacker hijacks baby monitor

Investigators examining e-mail exchanges found one in which an alleged victim wrote she was downloading Skype and pleading, “Please remember im only 17. Have a heart.”

“I’ll tell you this right now! I do NOT have a heart!!!” he wrote back, per the complaint. “However I do stick to my deals! Also age doesn’t mean a thing to me.”

Authorities executed a search warrant at Abrahams’ home on June 4, at which time he “voluntarily agreed to speak” with a pair of FBI agents. Describing himself in that interview as a college freshman who was good with computers, the complaint said, he admitted using malware and his expertise to “watch his victims change their clothes and … use the photographs against them.”

Abrahams further admitted the e-mail accounts, VPN, domain names or other pieces of the electronic puzzle that investigators used to build a case were his, according to the criminal complaint.

Outside the court Thursday, Abrahams’ lawyer Alan Eisner said that his client’s family feels “profound regret and remorse” over what happened. He told CNN affiliate KTLA that Abrahams is autistic.

“The family wants to apologize for the consequences of his behavior to the families who were affected,” Eisner said.

As to the now 19-year-old Wolf, she is juggling her studies at the New York Film Academy with duties tied to being Miss Teen USA.

A lifelong dancer and aspiring model, Wolf is using her platform to promote a number of initiatives — including, given her personal experience, the issue of cyberstalking.

“It does happen,” she said in an interview with CNN affiliate WPIX. “And there are ways to prevent it.”

Naked scammers seduce, blackmail men on Web

CNN’s Joseph Netto contributed to this report.


Article source: http://edition.cnn.com/2013/09/26/justice/miss-teen-usa-sextortion/index.html?eref=edition

Article source: http://feedproxy.google.com/~r/NewsRipplesWeb/~3/cqVHtRFQ_Wo/miss-teen-us-named-in-sextortion-case

Arrest in Miss Teen USA ‘sextortion’

September 27th, 2013 No comments

(CNN) — A college student was arrested Thursday for allegedly hijacking the webcams of young women — among them reigning Miss Teen USA Cassidy Wolf — taking nude images, then blackmailing his victims to send him more explicit material or else be exposed.

Jared James Abrahams, a 19-year-old computer science student from Temecula, California, surrendered on Thursday to the FBI on federal extortion charges, the agency announced. Authorities say he victimized young women surreptitiously, by taking control of their computers then photographing them as they changed out of their clothes.

Abrahams appeared in court later in the day, then was released “on intensive pretrial supervision and home detention with electronic monitoring” after his parents signed bond agreements totaling $50,000, FBI spokeswoman Lourdes Arocho said. U.S. District Judge Jean Rosenbluth ruled that he could use a single desktop computer at his parents’ home for school only, albeit only after monitoring software is applied.

When he admitted what he’d done in June, Abrahams said he had 30 to 40 “slave computers” — or other people’s electronic devices he controlled — and has had as many as 150 total, according to a criminal complaint.

His arrest came six months after a teenager identified in court documents as C.W. alerted authorities. She has since publicly identified herself as Cassidy Wolf, the recently crowned Miss Teen USA. She touted news reports of her alleged tormenter’s arrest on her Twitter feed.


How easy are you making it for hackers?

At the time she contacted police, in March, Wolf was not a national figure — even though she was Miss Teen California — and lived in an apartment and attended Orange Coast College in Costa Mesa.

Wolf got a Facebook alert that someone had tried to change her password to the social networking site, then noticed other passwords had been changed and that her Twitter avatar was now a half-nude picture of herself.

A short time later, she received what would be the first of many messages, this one featuring pictures of Wolf at her Riverside County address and others apparently taken months earlier when she lived in Orange County, says the criminal complaint. The message explained “what’s going to happen” if Wolf didn’t send pictures or videos or “do what I tell you to do” in a five-minute Skype videoconference, according to the criminal complaint.

“Either you do one of the things listed below or I upload these pics and a lot more (I have a LOT more and those are better quality) on all your accounts for everybody to see and your dream of being a model will be transformed into a pornstar (sic),” he wrote.

Recalling that day, Wolf told NBC’s “Today” show she started “screaming (and) bawling my eyes out.”

“I wasn’t sure what to do,” she said in August, shortly after her Miss Teen USA win. “So it was terrifying.”

The messenger had taken great efforts to hide his online identity. But investigators were eventually able to find corresponding e-mails, IP addresses and other communications they linked to Abraham. They also tied him to online forums asking about malware, how to control webcams, and hacking into Facebook accounts.

Investigators also linked him to at least eight other young women — some of them, like Wolf, from Southern California, though others were from as far away as Moldova. The victims told authorities similar stories: of a person they did not know saying, and in some cases proving, he had nude images and making demands as a result.

The stalker claimed to have 1,000 photographs of one woman, the complaint said. When she asked, “Why are you doing this to me?” the response was, “I told you I’ll answer any questions after you Skype.”

As an FBI agent was speaking by phone to this young woman, she logged onto her Instagram account to find it populated by nude pictures of her, the complaint said.

A few young women apparently complied with the demands for a Skype session. The man promised not to record the sessions and he made it look like he was erasing the nude pictures of them. One such session was found on the suspect’s phone, police said.

Foul-mouthed hacker hijacks baby monitor

Investigators examining e-mail exchanges found one in which an alleged victim wrote she was downloading Skype and pleading, “Please remember im only 17. Have a heart.”

“I’ll tell you this right now! I do NOT have a heart!!!” he wrote back, per the complaint. “However I do stick to my deals! Also age doesn’t mean a thing to me.”

Authorities executed a search warrant at Abrahams’ home on June 4, at which time he “voluntarily agreed to speak” with a pair of FBI agents. Describing himself in that interview as a college freshman who was good with computers, the complaint said, he admitted using malware and his expertise to “watch his victims change their clothes and … use the photographs against them.”

Abrahams further admitted the e-mail accounts, VPN, domain names or other pieces of the electronic puzzle that investigators used to build a case were his, according to the criminal complaint.

Outside the court Thursday, Abrahams’ lawyer Alan Eisner said that his client’s family feels “profound regret and remorse” over what happened. He told CNN affiliate KTLA that Abrahams is autistic.

“The family wants to apologize for the consequences of his behavior to the families who were affected,” Eisner said.

As to the now 19-year-old Wolf, she is juggling her studies at the New York Film Academy with duties tied to being Miss Teen USA.

A lifelong dancer and aspiring model, Wolf is using her platform to promote a number of initiatives — including, given her personal experience, the issue of cyberstalking.

“It does happen,” she said in an interview with CNN affiliate WPIX. “And there are ways to prevent it.”

Naked scammers seduce, blackmail men on Web

CNN’s Joseph Netto contributed to this report.


Article source: http://edition.cnn.com/2013/09/26/justice/miss-teen-usa-sextortion/index.html?eref=edition

Article source: http://feedproxy.google.com/~r/NewsRipplesWeb/~3/RuR55suO-x4/arrest-in-miss-teen-usa-sextortion

NY Times outage linked to Syria

August 29th, 2013 No comments


The New York Times was forced to publish news via Twitter during a website outage Tuesday.

(CNN) — The New York Times website was still experiencing some issues late Wednesday afternoon following Tuesday’s widespread outage. Evidence continued to mount that it was the result of an attack by the Syrian Electronic Army.

The group, loyal to Syrian President Bashar Al-Assad, has been behind multiple attacks on media websites in recent months and, on Twitter, took credit for a sophisticated hack that had hobbled the Times’ news site for roughly 20 hours.

“The @nytimes attack was going to deliver an anti-war message but our server couldn’t last for 3 minutes,” the group posted on its Twitter feed at about 9:40 Wednesday morning.

The attack came as governments in several countries considered military action in light of reports that Al-Assad has used chemical weapons against his own people in an effort to quell an uprising calling for his ouster.

“Our website and domain are now down, but it was worth the attempt, for #Syria and world peace,” the group wrote later.

What is the Syrian Electronic Army?

The group said their site was taken down because they violated their registration agreement.

People on Twitter began reporting the New York Times site was down as early as 3 p.m. ET Tuesday. Some users also reported difficulty accessing the Times’ mobile site and apps.

The newspaper posted a message on its Facebook page about 5 p.m. ET that said, “Many users are having difficulty accessing The New York Times online. We are working to fix the problem. Our initial assessment is the outage is most likely the result of a malicious external attack.”

New York Times chief information officer Marc Frons sent the same update internally to employees at 4:20 p.m. and advised them not to send out sensitive emails “until this situation is resolved,” according to a statement from the New York Times. The outage was the result of an attack on the company’s domain name registrar, Melbourne IT.

The hackers gained access to a Melbourne IT reseller account using a phishing email and proceeded to change the DNS records of multiple domains, including NYTimes.com, according to the company.

“We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies,” said Melbourne IT’s Tony Smith in a statement.

Twitter also was hampered briefly by a similar attack.

Several Twitter users posted screenshots of a “Hacked by SEA” message they said they received when they went to the New York Times homepage.

The Syrian Electronic Army has frequently targeted the U.S. news media. The group has hacked into the Twitter feeds of the Associated Press and The Washington Post, and on August 15 they briefly hacked the websites of several major news organizations redirecting them to a SEA page. CNN.com has been the target of similar attacks.

Frons said Tuesday’s attack was more sophisticated than previous SEA hacks.

“It’s sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of Web sites,” said Frons in the New York Times.

While the site was down, the New York Times continued to post articles at its numerical IP address, 170.149.168.130 and at news.nytco.com.

Tuesday’s episode was the Times’ second sustained website outage this month. The newspaper’s site also went down August 14 for several hours, an outage the newspaper blamed on “an internal issue.”

In an update on a company blog, Twitter confirmed that there was a DNS issue with one of the domains used to host images. “Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for twimg.com was restored. No Twitter user information was affected by this incident,” said the post.

CNN’s Doug Gross contributed to this report.


Article source: http://edition.cnn.com/2013/08/27/tech/web/new-york-times-website-attack/index.html?eref=edition

Article source: http://feedproxy.google.com/~r/NewsRipplesWeb/~3/BpgAAskF5aU/ny-times-outage-linked-to-syria

Syrian group cited for NY Times outage

August 29th, 2013 No comments


The New York Times was forced to publish news via Twitter during a website outage Tuesday.

(CNN) — As an outage of the New York Times website stretched into its second day Wednesday for many users, evidence continued to mount that it was the result of an attack by the Syrian Electronic Army.

The group, loyal to Syrian President Bashar Al-Assad, has been behind multiple attacks on media websites in recent months and, on Twitter, took credit for a sophisticated hack that had hobbled the news site for roughly 20 hours.

“The @nytimes attack was going to deliver an anti-war message but our server couldn’t last for 3 minutes,” the group posted on its Twitter feed at about 9:40 Wednesday morning.

The attack came as governments in several countries considered military action in light of reports that Al-Assad has used chemical weapons against his own people in an effort to quell an uprising calling for his ouster.

“Our website and domain are now down, but it was worth the attempt, for #Syria and world peace,” the group wrote later.

The group said their site was taken down because they violated their registration agreement.

People on Twitter began reporting the New York Times site was down as early as 3 p.m. ET Tuesday. Some users also reported difficulty accessing the Times’ mobile site and apps.

The newspaper posted a message on its Facebook page about 5 p.m. ET that said, “Many users are having difficulty accessing The New York Times online. We are working to fix the problem. Our initial assessment is the outage is most likely the result of a malicious external attack.”

New York Times chief information officer Marc Frons sent the same update internally to employees at 4:20 p.m. and advised them not to send out sensitive emails “until this situation is resolved,” according to a statement from the New York Times. The outage was the result of an attack on the company’s domain name registrar, Melbourne IT.

Twitter also was hampered briefly by a similar attack.

Several Twitter users posted screenshots of a “Hacked by SEA” message they said they received when they went to the New York Times homepage.

The Syrian Electronic Army has frequently targeted the U.S. news media. The group has hacked into the Twitter feeds of the Associated Press and The Washington Post, and on August 15 they briefly hacked the websites of several major news organizations redirecting them to a SEA page. CNN.com has been the target of similar attacks.

Frons said Tuesday’s attack was more sophisticated than previous SEA hacks.

“It’s sort of like breaking into the local savings and loan versus breaking into Fort Knox. A domain registrar should have extremely tight security because they are holding the security to hundreds if not thousands of Web sites,” said Frons in the New York Times.

While the site was down, the New York Times continued to post articles at its numerical IP address, 170.149.168.130 and at news.nytco.com.

Tuesday’s episode was the Times’ second sustained website outage this month. The newspaper’s site also went down August 14 for several hours, an outage the newspaper blamed on “an internal issue.”

In an update on a company blog, Twitter confirmed that there was a DNS issue with one of the domains used to host images. “Viewing of images and photos was sporadically impacted. By 22:29 UTC, the original domain record for twimg.com was restored. No Twitter user information was affected by this incident,” said the post.

CNN’s Doug Gross contributed to this report.


Article source: http://edition.cnn.com/2013/08/27/tech/web/new-york-times-website-attack/index.html?eref=edition

Article source: http://feedproxy.google.com/~r/NewsRipplesWeb/~3/G5jbxfNkcPA/syrian-group-cited-for-ny-times-outage-2

US court rules proxies, IP switching illegal

August 21st, 2013 No comments

US court rules proxies, IP switching illegal

Even using a service like Google Translate could translate to a criminal offence, thanks to a new ruling on the CFAA by a US court.


A US court has ruled that simply changing one’s IP address is enough to fall foul of the Computer Fraud and Abuse Act, if done to circumvent a deliberate block on accessing a site or service.

Introduced back in 1986 to replace 18 USC § 1030 – the snappily-titled Fraud and Related Activity in Connection with Computers – the CFAA was designed to limit federal involvement in cases unless there was a particular nationwide interest, such as an attack on a major financial institution or that crosses multiple state lines. Despite numerous amendments – six so far, with the latest being the introduction of the Identity Theft Enforcement and Restitution Act in 2008 – there are still legal niggles that lawyers use in their arguments.

It’s one of these niggles that has been ruled by a court to come down hard against those who make use of proxy servers, or even who just manually change their IP address, to access systems from which they have been blocked on a previous IP.

A ruling by Northern District of California Judge Breyer suggests that such activity constitutes ‘unauthorised access‘ as enshrined in the CFAA, and leaves the perpetrator open to potential legal action. Spotted by Orin Kerr of The Volokh Conspiracy, the ruling could have serious consequences for some very common usage scenarios.

The details of the case are, naturally, complex: a company called 3taps had been scraping content from online classifieds specialist Craigslist in order to direct traffic to its own sites. Craigslist, naturally, was unhappy, and blocked 3taps’ IP addresses from accessing its servers following the submission of a cease and desist notice – at which point 3taps started to use proxy servers and new IP addresses to continue to scrape the content.

Craigslist sued, arguing that the cease and desist coupled with the blocking of IP addresses assigned to the 3taps was a clear revocation of the company’s right to access Craigslist servers. 3taps raised a counterargument that a given company has no right to revoke the general authorisation for an individual to access an otherwise publicly-available website.

On the face of it, it’s clear that the judge’s decision to back Craigslist is a positive: banning users from sites is a common way of dealing with abuse, from denial of service attacks and spam to forum users who flout the rules. Removing this ability and forcing sites to continue permitting access to all without restriction would be a terrible move.

But by stating outright that the simple changing of an IP address is abuse under the CFAA, it’s possible the judge has opened the floodgates for common, everyday activities to be rendered illegal. Many users, for example, still have dynamic IP addresses that change every time a router is rebooted – which, if it allows them access to a previously-banned site, could be argued as circumvention. Using a service like Google Translate, too, will see a user’s traffic originating from a different IP – and, again, could bypass blocks put in place to prevent access.

Kerr argues that an IP address block is so easily circumvented – even by accident, as with the above examples – that it should not be considered a technological barrier under the CFAA. The CFAA itself, meanwhile, is up for revision in response to the death of free data activist Aaron Swartz who committed suicide following his prosection under a particularly vaguely-worded passage.

Article source: http://feedproxy.google.com/~r/bit-tech/news/~3/CovzG1_Kt6k/1


Article source: http://feedproxy.google.com/~r/GamingRipplesWeb/~3/2RcUF4W_prg/

"New chapter" in U.S.-China ties?

Hong Kong (CNN) — Thorny issues of unbalanced trade, cyber security and intellectual property rights stand stark in the spotlight at this year’s U.S.-China Strategic Economic Dialogue now underway in Washington, D.C.

Top officials from both sides, including co-chairs U.S. Secretary of State John Kerry and China’s State Councilor Yang Jiechi, have expressed tempered optimism for “a new chapter” in bilateral ties — despite recent stumbles.

The U.S. has slammed China on unfair subsidies on solar panels and the theft of secrets owned by U.S. technology companies. China has returned its own complaints — most recently after NSA leak Edward Snowden alleged Washington has been hacking Chinese computers.

Yet leaders of both the U.S. and China — the world’s two largest economies — know their nations are mutually dependent, especially on economy and foreign policy. Should either party try to distance itself from the other, the result would be mutually detrimental, analysts say.


In China, economics influences politics


Walking the line with China


Economist: U.S. will stay on top


Saddle up! Wild West goes to China

“For the United States, the biggest issue is market access to China and making sure American companies have a level playing field,” says Fred Neumann, HSBC Co-head of Asian Economics and Managing Director in Hong Kong.

In March, the U.S. Commerce Department attempted to balance the field on the issue of solar panels. Washington slapped tariffs on Chinese-made panels in response to alleged subsidies by Beijing. Under the ruling, Chinese panels were hit with tariffs from 2.9% to 4.7%, echoing similar spats between China and Europe over solar panels and European wines.

The biggest technological thorn in U.S.-China ties is “the respect for intellectual property created by U.S. firms” — and lack thereof, says Chris Bronk, IT Policy Fellow at Rice University’s James A. Baker Institute.

This includes “everything from pirated movies and software to RD and corporate strategy documents” because “losses will cut into the capacity for additional development if the return on investment is insufficient.”

In June, the U.S. Department of Justice charged one of China’s biggest wind turbine makers, Sinovel, with stealing source codes from a U.S. competitor and manufacturing new machines. American Superconductor Corporation claims Sinovel’s theft resulted in $800 million in losses.

The United States loses some $300 billion each year mostly because of Chinese intellectual property theft, said former U.S. ambassador to China John Huntsman to CNN in June.

In addition to IP theft, U.S.-China cyber security issues have come to the fore in the past month after NSA leak Edward Snowden alleged U.S. intelligence agents have been hacking hundreds of Chinese computers since at least 2009.

China claimed Snowden’s revelations would “test developing Sino-US ties” and exacerbate an already “soured relationship” on cybersecurity. Snowden’s assertions, on top of alleged Chinese hacking of U.S. firms, depict a clear degree of mutual mistrust. The majority of headlines in China since then have referenced “strain,” “tension,” and even “anger” between the U.S. and China.

The potential and ease for cyber attacks between the U.S. and China will continue to grow, says Andy Mok, managing director of Beijing-based Red Pagoda and former technology researcher for RAND Corporation.

“When every physical object has an IP address … the return on malicious behavior becomes much higher. So on both sides — China and the U.S. — the targets are increasingly attractive.”

National electrical grids and transportation networks are some of the most attractive marks in each country, adds Mok.

“That said, the sky is not falling and I don’t believe we are weeks or months away from a cyberwar with China that will leave the U.S. power grid in tatters and the whole country sitting in the dark for months or years.”

The chances of direct conflict are low, agree analysts. Economic, military, and technological disparity between the U.S. and China is too great. China is not ready for a clash to occur. And the U.S. — still on the mend from the 2008 financial crisis — is unlikely to instigate a conflict with China because of its own fiscal binds to China.

Sentiment from top officials appeared to underline this. U.S. Treasury Secretary Jack Lew told CNN’s Fareed Zakaria China’s pace toward market-oriented reforms “will probably be slower than we would like” but expects reforms to clearly proceed.

Chinese Vice-Premier Wang Yang penned a positive editorial in the Washington Post hoping the U.S. and China would “forge a more cooperative relationship.

He noted that 70% of U.S. companies operating in China made a profit in 2012, the 1,500 McDonalds in China have outperformed outlets elsewhere in the world and a flight between the U.S. and China now takes off once every 24 minutes.


Article source: http://rss.cnn.com/~r/rss/edition_business/~3/3peqlJKfVUE/index.html

Article source: http://feedproxy.google.com/~r/NewsRipplesWeb/~3/lNJwmaSpjJY/new-chapter-in-u-s-china-ties

"New chapter" in U.S.-China relations?

Hong Kong (CNN) — Thorny issues of unbalanced trade, cyber security and intellectual property rights stand stark in the spotlight at this year’s U.S.-China Strategic Economic Dialogue now underway in Washington, D.C.

Top officials from both sides, including co-chairs U.S. Secretary of State John Kerry and China’s State Councilor Yang Jiechi, have expressed tempered optimism for “a new chapter” in bilateral ties — despite recent stumbles.

The U.S. has slammed China on unfair subsidies on solar panels and the theft of secrets owned by U.S. technology companies. China has returned its own complaints — most recently after NSA leak Edward Snowden alleged Washington has been hacking Chinese computers.

Yet leaders of both the U.S. and China — the world’s two largest economies — know their nations are mutually dependent, especially on economy and foreign policy. Should either party try to distance itself from the other, the result would be mutually detrimental, analysts say.


In China, economics influences politics


Walking the line with China


Economist: U.S. will stay on top


Saddle up! Wild West goes to China

“For the United States, the biggest issue is market access to China and making sure American companies have a level playing field,” says Fred Neumann, HSBC Co-head of Asian Economics and Managing Director in Hong Kong.

In March, the U.S. Commerce Department attempted to balance the field on the issue of solar panels. Washington slapped tariffs on Chinese-made panels in response to alleged subsidies by Beijing. Under the ruling, Chinese panels were hit with tariffs from 2.9% to 4.7%, echoing similar spats between China and Europe over solar panels and European wines.

The biggest technological thorn in U.S.-China ties is “the respect for intellectual property created by U.S. firms” — and lack thereof, says Chris Bronk, IT Policy Fellow at Rice University’s James A. Baker Institute.

This includes “everything from pirated movies and software to RD and corporate strategy documents” because “losses will cut into the capacity for additional development if the return on investment is insufficient.”

In June, the U.S. Department of Justice charged one of China’s biggest wind turbine makers, Sinovel, with stealing source codes from a U.S. competitor and manufacturing new machines. American Superconductor Corporation claims Sinovel’s theft resulted in $800 million in losses.

The United States loses some $300 billion each year mostly because of Chinese intellectual property theft, said former U.S. ambassador to China John Huntsman to CNN in June.

In addition to IP theft, U.S.-China cyber security issues have come to the fore in the past month after NSA leak Edward Snowden alleged U.S. intelligence agents have been hacking hundreds of Chinese computers since at least 2009.

China claimed Snowden’s revelations would “test developing Sino-US ties” and exacerbate an already “soured relationship” on cybersecurity. Snowden’s assertions, on top of alleged Chinese hacking of U.S. firms, depict a clear degree of mutual mistrust. The majority of headlines in China since then have referenced “strain,” “tension,” and even “anger” between the U.S. and China.

The potential and ease for cyber attacks between the U.S. and China will continue to grow, says Andy Mok, managing director of Beijing-based Red Pagoda and former technology researcher for RAND Corporation.

“When every physical object has an IP address … the return on malicious behavior becomes much higher. So on both sides — China and the U.S. — the targets are increasingly attractive.”

National electrical grids and transportation networks are some of the most attractive marks in each country, adds Mok.

“That said, the sky is not falling and I don’t believe we are weeks or months away from a cyberwar with China that will leave the U.S. power grid in tatters and the whole country sitting in the dark for months or years.”

The chances of direct conflict are low, agree analysts. Economic, military, and technological disparity between the U.S. and China is too great. China is not ready for a clash to occur. And the U.S. — still on the mend from the 2008 financial crisis — is unlikely to instigate a conflict with China because of its own fiscal binds to China.

Sentiment from top officials appeared to underline this. U.S. Treasury Secretary Jack Lew told CNN’s Fareed Zakaria China’s pace toward market-oriented reforms “will probably be slower than we would like” but expects reforms to clearly proceed.

Chinese Vice-Premier Wang Yang penned a positive editorial in the Washington Post hoping the U.S. and China would “forge a more cooperative relationship.

He noted that 70% of U.S. companies operating in China made a profit in 2012, the 1,500 McDonalds in China have outperformed outlets elsewhere in the world and a flight between the U.S. and China now takes off once every 24 minutes.


Article source: http://rss.cnn.com/~r/rss/edition_business/~3/3peqlJKfVUE/index.html

Article source: http://feedproxy.google.com/~r/NewsRipplesWeb/~3/I4oEBnosK0k/new-chapter-in-u-s-china-relations