HTCS Blogs

now browsing by category

 

#cybersecurity | #hackerspace | DEF CON 27 Monero Village – Jeremy Gillula PhD: ‘Encrypting The Web Isn’t Enough’

Source: National Cyber Security – Produced By Gregory Evans

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via the DEF CON Conference YouTube Channel for all to see, enjoy and learn.

Permalink

The post DEF CON 27 Monero Village – Jeremy Gillula PhD: ‘Encrypting The Web Isn’t Enough’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> DEF CON 27 Monero Village – Jeremy Gillula PhD: ‘Encrypting The Web Isn’t Enough’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | 10 of the UK’s best spring walks | Travel

Source: National Cyber Security – Produced By Gregory Evans

Land of poems and stories: the Cotswolds

“If ever I heard blessing it is there. Where birds in trees that shoals and shadows are.” In April and May the Cotswold landscape still speaks in the soft, calm tones of Laurie Lee. For a first-time visitor it can take a while to tune into the hard, spare, wall-bound fields of the Cotswold plateau. Yet in the valleys and on the scarp edges, there are bluebells and wood anemones, clear spring-fed streams and a soundtrack of willow warblers and blackcaps, fresh back from their winter travels.

The deep valleys around Stroud hold hanging woods, filled in April with the scent of wild garlic. At the National Trust-maintained Woodchester Park, where the half-completed Victorian manor stands mysterious in the valley bottom, it feels as though the clock has stopped and no one has yet arrived to restart it.

Further north, in my home patch, the same timeless feel pervades Hailes Abbey, with, above it, a monument marking Thomas Cromwell’s seat, from which it is said he watched the Abbey burn almost 500 years ago. From here you can walk a couple of miles along the Cotswold Way to Winchcombe.

Spring is a wonderful time to explore smaller towns and villages, many of which are the subject of poems and stories. For me, each name conjures a memory: a village cricket match in April snow at Guiting Power; my childhood love of Bibury, with its row of ancient cottages, river, watermill and trout farm. The trout leaping for dancing mayflies in the spring.

Today, an April treat is a long run or walk to listen to yellowhammers and skylarks along the Cotswolds’ western edge, from Winchcombe to Broadway. Here twisted elephant-bark beech trees mark the boundaries and the distant Malverns rise from the vale.
Andy Beer, whose book, Every Day Nature: How Noticing Nature Can Quietly Change Your Life, is out on 2 April (Pavilion Books, £12.99)

Marooned on holy island: Lindisfarne

Coves Haven Beach, Lindisfarne.



Coves Haven Beach, Lindisfarne. Photograph: Alamy

A few miles off the Northumberland coast, close to Berwick-upon-Tweed and the border with Scotland, lies the mystical island of Lindisfarne. Just getting there is an adventure, as you are sometimes in a race against the incoming tide. For one of the great joys of being on Lindisfarne is that when the three-mile-long causeway closes (for around 10 hours a day) no one can get on or off.

Tourists and pilgrims head to the medieval priory ruins or Lindisfarne Castle, but it’s the island’s expansive beauty, tranquillity and coastal walks that draw me here. When the tide starts coming in and the daytrippers scuttle back to the mainland, I stay on and pretend that I’m a local.

I first visited five years ago, on a cold winter’s eve, but I resolved to return and have done three times since.

In spring (May is best) the island is quieter than in crowded high summer, the wildflowers are beginning to burst into colour – look out for golden marsh-marigolds, lilac lady’s smock and pale blue forget-me-nots. Seabirds reel about in the sky, and you’ll hear the song of tiny meadow pipits and long-tailed pied wagtails.

This is the time when I, too, like to shake off my hibernal self and walk, in glorious solitude, past the harbour and castle, up the east coast path to Emmanuel Head, and then turn west to the wild, windy three-mile strip of sand that is North Shore.

If I set out before the causeway opens – the route via the castle up to the North Shore is along higher ground and not affected by the tides – I have this perfect walk to myself. Along the way, it’s a joy to meander down into the coves and beaches.

Coves Haven beach, which sits just past Sandham Bay, is my favourite place to pause for a sandwich or sip from my flask of tea.

At this time of year, I’m buoyed by the air that is less bite and more caress, the sun, surprisingly strong when it’s out, the swaying of the marram grass, the ghostly cry of the seals and the eider ducks – which sound as though you’ve just told them a filthy joke.

Fair weather or not, Lindisfarne is very special, a place I go to dive into peace and listen deeply to nature, alive in the salty, sea air.
Jini Reddy, whose new book, Wanderland, is out on 30 April (Bloomsbury, £16.99)

‘My whole being relaxes’: Rathlin Island, Co Antrim

Church bay, Rathlin Island.



Church Bay, Rathlin Island. Photograph: Andrea Ricordi, Italy/Getty Images

My first visit to Rathlin Island was a birthday celebration. I had turned 14, it was early spring, and this wild initiation deeply affected the way I experienced the natural world. Watching the web of life resurge in spring on Rathlin is a rare and unique awakening. Catching the ferry from Ballycastle, you land on an island that is hardly changed by time. Our world is spinning, seemingly uncontrollably, but on arriving somewhere like Rathlin Island, the uncoiling is instant. The reconnection with nature and ourselves, the unburdening, is hard to avoid here.

A fulmar off the cliffs of Rathlin Island.



A fulmar off the cliffs of Rathlin Island. Photograph: Getty Images

The island, shaped like a sycamore seed, lies off the north-east coast of Northern Ireland. Its rugged cliffs are home to the largest sea bird colony in the north of the island of Ireland, and of course, this was why I first begged to go. I longed to see the spring abundance, the birds arriving from sea to breed. Thousands of beating wings. Heart-splitting symphonic sound. The West Light Seabird Observatory, managed by the Royal Society for the Protection of Birds, is where you go to view the clamouring. Fulmars, guillemots, razorbills and gannets congregate in spring, and in early summer puffins join the colony. The cascading movement of birds and waves draws out all the cumbersome weight of the world.

My whole being relaxes on Rathlin. The east of the island smells of salted dry wood, like an old ship hauled up on to horseshoe-shaped Church Bay. The community shop and little museum are crammed with wonderful island remnants.

Looking out to sea from Church Bay, you might see the surface perforated by surging seals. From the surrounding meadows and farmland, you might hear the bubbling of lapwings, mewing buzzards, the nightly winnowing of a snipe. In Kebble nature reserve in the west of the island you can, in spring, spot the unusual pyramidal bugle, one of the rarest wildflowers in the British Isles. Then, out of the corner of your eye, you may see a sprite of light: a golden, blue-eyed Irish hare, the will-o-the-wisp of the island. This heady wild wonderland is magnetic: if you visit once, it will reel you back in.
Dara McAnulty, 15, author of Diary of a Young Naturalist, out 5 June (Little Toller, £16)

England’s loneliest hike: Dengie peninsula, Essex

The Saxon chapel of Saint Peter-on-the-Wall at Bradwell-on-Sea.



The Saxon chapel of Saint Peter-on-the-Wall at Bradwell-on-Sea. Photograph: Tim Grist/Getty Images

Bradwell-on-Sea on the Dengie peninsula is my favourite place in spring: it’s 27 miles from my home, 43 minutes via country lanes in full blossom to this 30 acres of shell beach awash with ghosts and calm – plus we can take the dog.

I feel the past the moment we arrive. The seventh-century chapel, St Peter-on-the-Wall, overlooks the cockleshell dunes where late-pagan Britons were converted to Christianity. The occasional Thames barge floats by like a ghost ship.

Everything here seems slow. Oystercatchers beat in noisy circles, two at a time. Wind turbines fan hedgerows and fields of corn. I’m cautious around the beach edges. I’ve seen adders here: spring, when they wake from hibernation, is the best time to see them (but it’s rare so don’t let that put you off). They’re beautiful, and slide through wild crops of edible purslane like liquid silver falling down a plughole.

We look for fossils, pick the first shoots of samphire, and take afternoon swims. It’s about warm enough for the hardy from April – just. Mostly, if we’re feeling lazy, we just sit, drink coffee and watch the Blackwater ebb and flood.

Sometimes we walk. The best spring walk is southward, along the seawall to Burnham-on-Crouch. That 14 miles is the loneliest hike in England – you’re unlikely to see a soul, just nesting terns, flowering white sea kale and mewing buzzards.
Stephen Neale, author of The England Coast Path (Bloomsbury, £18.99)

Tides and treasure hunts: Dee estuary, Merseyside

Thurstaston beach, with views across the River Dee to North Wales.



Thurstaston beach, with views across the River Dee to North Wales. Photograph: Getty Images

Four times a year – in spring, summer, autumn and winter – I come with my family for a day of walking the banks of the Dee. Fifteen miles from my home town of Liverpool, the Dee is a river border between Wales and the Wirral peninsula, and the small towns and beaches on its banks give it the feel of a secret island.

Spring has a particular magic. We’ll walk along the sandstone prom in the village of Parkgate, buy an ice-cream from Nicholls and eat it on a bench watching the ever-changing estuary. This was once an embarkation point for Ireland but, by the mid-1800s, as the estuary silted up, Parkgate’s maritime days were over. Today it’s the salt marshes that make Parkgate a special place: it’s a breeding ground for skylarks, redshanks and egrets, and a hunting ground for peregrines and marsh harriers. Time it right and you might witness a rare visit from the tide as it swallows up the marsh and overlaps the promenade wall. As the seawater flushes out water voles, shrews and harvest mice, in come the kestrels, merlins and sparrowhawks as marsh reverts to sea.

Further along the coast is Thurstaston beach, a haunt of mine since childhood. A site of special scientific interest for its constantly eroding cliffs, Thurstaston is a strange landscape, a churning and collapsing place where my 14-year-old daughter and I hunt for precious stones: quartz and granite treasure glittering in the sunlight, occasionally a fossil, transported here from Scotland and the Lake District by ice-age glaciers.

At West Kirby we walk at low tide across the sands to Hilbre Island, an archipelago cut off from the mainland for four hours out of every 12. Check the BBC tide tables before setting out, and keep to the recommended route across the sand. Good boots or wellies are essential.

It takes an hour to reach Hilbre via smaller isles Little Eye and Middle Eye – and it’s vital to start your return three hours before high tide. In April, I have seen sandwich terns, Manx shearwaters and dunlins here. Sometimes there are fulmars and Arctic skuas. The old lifeboat station ruins are a good place for watching grey seals.

Above all, from anywhere along the Dee, watch and wait for sunset’s spectacular displays of changing light.
Jeff Young, whose latest book, Ghost Town, A Liverpool Shadowplay, is out now (Little Toller, £16)

‘Spring is not gentle here’: Treshnish Isles, Hebrides

Puffins on Lunga, one of the Treshnish Isles.



Puffins on Lunga, one of the Treshnish Isles. Photograph: Getty Images

I grew up in tropical Papua New Guinea, where there were only two seasons: the dry season and the monsoon. When I arrived in Scotland as a teenager I was mesmerised by its four seasons, especially spring, which navigates that precarious space between darkness and light – a faerie child creeping out from beneath the dark skirts of winter.

Spring has drawn me again and again to Lunga, one of the small islands and skerries that make up the Treshnish Isles, west of Mull and part of the Inner Hebrides. A site of special scientific interest, it is home to huge colonies of puffins (best seen from mid-April), razorbills, fulmars and shags, and is an important breeding area for grey seals.

Spring is not gentle here; new life is profuse but so is danger. The hares come out boxing, thousands of guillemots cling to sheer rock and cry a deafening “arrr, arrr”, and the puffins, which have come in off the Atlantic to lay their eggs in rabbit burrows, welcome humans, whose presence keeps away the skuas and gulls.

The weather is mercurial. Even landing is precarious. There is no beach – the boat sidles up to a profusion of boulders washed smooth by the Atlantic, and you jump across the divide, but the smell of gorse, camomile and salt as you climb the steep path to the plateau clears away the dregs of winter. From here you might spot minke whales, porpoises, basking sharks and sea eagles, and when the boat returns two hours later, it will seem too soon.

I base myself on Mull, in Tobermory, with its seafront cottages in spring-like shades of primrose, rose campion and bluebell. From here, boat trips by Staffa Tours (check if still running: 07831 885985) run to both Lunga and nearby Staffa. On my first visit 15 years ago, a thick veil of mist covered the sea as we headed out towards Lunga, and when it finally lifted we found a great basking shark travelling alongside us.
Kirstin Zhang, winner of Stanford’s New Travel Writer of the Year 2020 award

Strictly for the birds: Avalon Marshes, Somerset

Reeded pools and lakes at Avalon Marshes, with Glastonbury Tor in distance.



Reeded pools and lakes at Avalon Marshes. Photograph: David Dennis/Alamy

For a spring weekend seeking out some of Britain’s rarest breeding birds, Somerset’s Avalon Marshes are pretty hard to beat. Over the past 30 years, these former peat diggings have been transformed from unsightly holes in the ground into one of Britain’s top birding spots. It’s a linked series of nature reserves, and each has a mixture of open water and reedbeds. They are all crossed by a disused railway line giving easy access to viewpoints and hides. And for a break from the wildlife, Glastonbury, Wells, Cheddar Gorge and the charming village of Wedmore are all within easy reach.

When I moved here with my young family just over a decade ago, many of the birds I now see regularly were either absent or very rare. Since then, climate change and habitat creation have allowed several species from continental Europe to colonise these marshes. They include little, great white and now cattle egrets – the birds we usually only see perched on the backs of big African mammals in wildlife documentaries.

Great white egrets – the tallest member of their family – are easy to spot at the RSPB’s Ham Wall reserve, in the shadow of Glastonbury Tor, and at the nearby Somerset Wildlife Trust’s Catcott Lows, also a regular site for cattle egrets.

At this time of year, I always try to get out before breakfast to catch the end of the dawn chorus. This is also the best time to hear one of our most elusive birds, the bittern, whose loud, booming call sounds like someone blowing across the top of a milk bottle. I don’t see bitterns very often, but on fine spring days they sometimes fly up from their reedbed hideaways – looking, as one young visitor suggested, like a “toasted heron”.

Birds of prey include buzzards, sparrowhawks and marsh harriers, which float low over the reeds, occasionally rising high into the sky to display. From late April, hobbies chase flying insects, while the reedbeds and adjacent vegetation are home to chiffchaffs, blackcaps, whitethroats, and several warbler species.

Other migrant visitors such as swallows, sand martins and swifts catch flying insects over the open water, and one of my favourite birds – the great crested grebe – performs its famous courtship display, the male and female rising up in the water to wave weed at one another in a bizarre gesture of affection.

On sunny spring days, hairy dragonflies and orange-tip butterflies are on the wing, and there is always a slim chance that you might stumble across an otter. And wherever I go, I look out for that unmistakable flash of blue as a kingfisher whizzes by.

For me, on a fine spring day there’s simply no better place to be than on the marshes.
Stephen Moss, whose latest book, The Accidental Countryside, is out now (Guardian Faber, £16.99). He also leads tours for Somerset Birdwatching Holidays

A great swoosh of green: Dwyryd valley, Gwyneth

Clear rippled water of the River Dwyryd flowing across a meadow



Clear rippled water of the River Dwyryd flowing across meadow

The clear, rippled water of the River Dwyryd flowing across meadows in Snowdonia National Park. Photograph: Steve_Bramall/Getty Images/iStockphoto

I have been to the Dwyryd valley many times: it’s a magical place for me, a great swoosh of everything that’s green and great about north Wales. And spring is absolutely the best time to go – be it early in the season, when the verges are sprung with primroses and crocuses, and the cries of new lambs fill the air, or a little later, when the hawthorns turn the hedgerows white and the woods are overflowing with bluebells.

My first encounter with this beautiful vale was a stay on a campsite near the quaint village of Maentwrog, as part of a trip to interview land artist David Nash, who is based up in Blaenau Ffestiniog – Mordor to Maentwrog’s Shire.

For several mornings, as I walked up to see David in his chapel workshop, the day dawning choral all about me, golden sun made the fresh-sprung grass and bronze-purple stones of the field walls shine. It was here, in 1978, that David set his wonderful work of land art, Wooden Boulder, in motion.

The huge rough-hewn sphere of heartwood fell into a stream when he was trying to move it to the chapel and slowly – buoyed, bounced and buffeted by hectic stream spate and lazy summer drift – meandered its way to the saltmarsh maze of the Dwyryd’s estuary.

Another springtime, drawn by memories of train songs and half-glimpsed smoke, I set off north up the valley, zigzagged my way up steepening slopes in clouds of pollen and heather fug, and emerged on a fir-tree’d ridge.

I found a path that led to a small sturdy cottage, in front of which curved a set of narrow-gauge railway tracks. There, I found a tiny platform. A painted sign read Coed y Bleiddiau (Wood of the Wolves). Hearing a distant huff and chuff, I saw a red locomotive approaching. I held out an arm and was overjoyed to see the train slow. It drew up before me, a steaming crimson and copper wonder.

I climbed aboard and the train began to trundle down to Porthmadog – ghosting above the Dwyryd river through ancient woodland and cuttings spangled with late snowdrops and daffodils. Over stone embankments, viaducts and bridges, past gardens strung with immaculate washing, through level crossings manned by fellows who wave, it slowly descended towards the bright estuary flats, Wooden Boulder and the Irish Sea. Coed y Bleiddiau has been my Ffestiniog outpost ever since.
The Ffestiniog Railway usually runs to Coed y Bleiddiau twice daily from the end of March to the beginning of November (though it was suspended until further notice this week).
Dan Richards, author of travel memoir Outpost, out in paperback on 2 April (Canongate, £9.99)

Pack for all weathers: Cornwall

View from the dunes at Porthkidney Sands.



View from the dunes at Porthkidney Sands. Photograph: Ian Woolcock/Alamy

There is a knack to packing for a trip to Cornwall in springtime: take everything. Some days you will be lucky, greeted by bright skies that make it impossible not to run headfirst into the waves. On others, the rain will so blur the landscape that it is hard to hold on to any discrete shape of the coast beneath it. This changeability is a large part of why I love England’s southernmost county at this time of year.

Lelant, the village where my mother and grandmother grew up, is on the quiet north coast of West Penwith, the region of Cornwall towards Land’s End. Lelant’s beach, Porthkidney Sands, occupies the same yawning bay as St Ives. Unlike St Ives, though, it has no car parks, cafes, or rows of toilets lined up before the sea like so many nervous swimmers. Instead you are met with an endless empty beach, where sandpipers hop in and out of the foam left by departing waves.

Virginia Woolf called it “vast & melancholy”, but since I was a child, it has been on this beach that I have felt most free. We’ll often stride out west along the coastal path from Lelant to Zennor, stopping briefly in St Ives to visit the bronze abstract figures in Barbara Hepworth’s sculpture garden, prettily framed by blossoming trees. Zennor is a village set atop a wild stretch of granite cliffs, which erupts with lavender-coloured spikes of squill and pink tufts of thrift in spring.

Zennor’s church, St Senara, is home to the “Mermaid Chair”, a 600-year-old pew with a mermaid combing her hair carved into its side. There’s a famous folktale attached to this pew, telling how a young man followed a mermaid over the cliffs and never returned.
Lamorna Ash, whose first book, Dark, Salt, Clear: Life in a Cornish Fishing Town is out on 2 April (Bloomsbury, £16.99)

Big skies and salty air: Suffolk coast

The River Blyth, with Blythborough church in the distance.



The River Blyth, with Blythborough church in the distance. Photograph: Sid Frisby/Alamy

The rich coastal landscape of Suffolk has inspired scores of composers, artists and writers, not least Benjamin Britten and the German writer WG Sebald, whose Rings of Saturn takes readers on a pilgrimage deep into the human soul. My own quest to understand why so many of us embark on pilgrimages began here, one April, as I set Sebald’s book down and turned my gaze out to sea.

With big skies and salty air, and hedgerows bursting with blossom and birdsong, spring here offers a tonic for mind and body; it feels like you can step out of time into a simpler world. I love to amble along the footpath by the River Blyth – starting from Walberswick. With marsh harriers circling overhead, waders calling and the song of larks ascending, your heart lifts.

In the opposite direction is a circular trail along wooden causeways through marshes where, by May, reed warblers will be busy building nests and cuckoos calling to their mates as they have done since time immemorial. For a fee of £1, the Walberswick ferry, a traditional rowing boat, will take you across the river to Southwold, and back to the 21st century.

Another favourite in spring, a little further up the coast, is the walk from Pakefield into Lowestoft, whose promenade and beach offer plenty of space. Inland, the 12 acres of formal gardens at Somerleyton Hall (check that it is open first) present lots of ideas for spring planting. It is one of the finest gardens in East Anglia, with areas from a walled garden to an arboretum. The rhododendron walk is amazing in May.
Victoria Preston, author of We Are Pilgrims – Journeys in Search of Ourselves, out on 9 April (£14.99, Hurst)

This article contains affiliate links, which means we may earn a small commission if a reader clicks through and makes a purchase. All our journalism is independent and is in no way influenced by any advertiser or commercial initiative. By clicking on an affiliate link, you accept that third-party cookies will be set. More information.

Source link
——————————————————————————————————

The post #deepweb | <p> 10 of the UK’s best spring walks | Travel <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Iditarod Teams Yet To Reach Nome Face Overflow, Three Mushers and Their Dogs Rescued – KNOM Radio Mission

Source: National Cyber Security – Produced By Gregory Evans

Earlier today Sean Underwood, Tom Knolmayer, and Matthew Failor requested assistance from race staff after they went through a section of trail with deep overflow from the Solomon River, outside of Nome.

According to Chas St. George, COO of Iditarod, the incident
occurred sometime last night, but the group of teams didn’t activate their
emergency beacons until about 9am this morning.

“Once that was set off, we immediately tried to find out exactly what was happening out there and that led us to realize, a few texts were exchanged and that led us to realize we needed to get in there and get them out of the situation they were in.”

A minimal statement from the Iditarod says Underwood, Knolmayer, and Failor were rescued by helicopter from a section of trail outside of Safety Roadhouse. Safety is the final checkpoint in the 1,000 mile race, which mushers normally cruise through before finishing in Nome. Local Search and Rescue officials confirm the three men were rescued by air guard and brought into town around 1pm.

The mushers were checked into Norton Sound Regional Hospital in Nome and evaluated for precautionary measures. As far as St. George knows, Underwood, Knolmayer, and Failor are doing fine.

“From our periphery they’re okay, and that’s what counts. And also of course, again, the dogs who are first and foremost in this whole equation are doing just fine as well. So everybody should be reunited in Nome in the not too distant future.”

The COO says the plan is to keep the three dog teams,
totaling 28 four-legged athletes, at Safety Roadhouse until Iditarod staff can determine
if they will snowmachine the dogs to Nome or transport them by some other
means.

With temperatures warming up to the mid-30s, melting snow, and high winds in the Nome area within the last 24 hours, water overflow is expected to linger near Safety and even closer to Nome’s shoreline.

Iditarod musher Tim Pappas navigates his team and sled through a strip of overflow just outside of Nome on Thursday afternoon. Photo from JoJo Phillips, KNOM (2020)

According to St. George, the Iditarod will reroute the existing
trail so the last 11 teams, who are all currently resting in Elim, can avoid this
dangerous area.

“We’re actually going to put in a trail that’s just adjacent to the trail that exists already. That looks like there is no overflow in that area, and we’re just going to bypass it basically. That will be done well before the next wave of mushers head up the trail.”

Each of the latest four Iditarod teams to finish in Nome yesterday afternoon told KNOM about their struggles going through other ledes of open water during their run in from Safety to the finish line. So far, 23 out of 37 remaining teams have completed this year’s Iditarod race.

One particularly challenging are of overflow is located at the bottom of a local snow ramp, which mushers use to access Front street and cross into the city for their race-finish in Nome. Iditarod staff have since setup an alternate overland section of trail that avoids that area.

KNOM’s JoJo Phillips also contributed to this report.

Source link
——————————————————————————————————

The post #deepweb | <p> Iditarod Teams Yet To Reach Nome Face Overflow, Three Mushers and Their Dogs Rescued – KNOM Radio Mission <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Signal Sciences Introduces Advanced Rate Limiting for Fast, Easy Protection Against Advanced Web Attacks

Source: National Cyber Security – Produced By Gregory Evans

Signal Sciences is excited to announce the availability of new advanced rate limiting features that extend our customers’ ability to detect and stop abusive behavior at the application and API layer.

Over the past several weeks as part of our early access program, we piloted advanced rate limiting in real-world production environments and stopped major attacks for customers from major retailers with large-scale e-commerce operations, financial services firms with mission-critical applications to major online media companies that stream video content to hundreds of millions of users monthly.

The Value of Intelligent Rate Limiting to Protect Applications

The primary objective of rate limiting is to prevent apps, APIs and infrastructure from being exploited by abusive request traffic, much of it originating from automated bot operators. Stopping this traffic from reaching your app and API endpoints means availability, reliability and a satisfying customer experience.

Up to this point, customers have used the Advanced Rules capability of our next-gen WAF to monitor and block web request traffic that attempts to carry out application denial-of-service attacks, brute-force credential stuffing, content scraping or API misuse.

Advanced rate limiting from Signal Sciences stops abusive malicious and anomalous high volume web and API requests and reduces web server and API utilization while allowing legitimate traffic through to your applications and APIs.

With our new advanced rate limiting capability, Signal Sciences customers can leverage the ease of use, effective defense and precise blocking they’ve come to expect from our next-gen WAF and RASP solution. In addition to out-of-the-box protection, they also gain immediate insight and understanding of the traffic origins and can take granular custom actions by:

  • Creating application-specific rules to prevent app and API abuse
  • Defining custom conditions to block abusive requests
  • Identifying and responding to a real-time list of IPs that have been rate limited
  • Taking action on the identified source IP addresses with one click

How Signal Sciences Advanced Rate Limiting Works

Leveraging our award-winning app and API web protection technology, advanced rate limiting provides intelligent controls to reduce the number of requests directed at key web application functions such as credit card validation forms, forgot password fields, email subscription sign-ups, gift card balance checkers and more.

Signal Sciences makes it easy to create application-specific rate limiting rules. One-click actions enable further control over automated volumetric web requests.

Our technical approach for this new capability was informed by the expertise our company has gained from protecting over a trillion web requests monthly. This experience shows us that web requests that result in application abuse can blend in with legitimate traffic. Signal Sciences advanced rate limiting is designed to identify such traffic and prevent individual IPs from causing app abuse.

Take the next step and effectively stop and manage abusive traffic

We invite you to learn about other common attack scenarios that customers use advanced rate limiting to thwart and how easy it makes stopping and managing the attack origin traffic: download the rate limiting data sheet or request a demo today.

The post Signal Sciences Introduces Advanced Rate Limiting for Fast, Easy Protection Against Advanced Web Attacks appeared first on Signal Sciences.

*** This is a Security Bloggers Network syndicated blog from Signal Sciences authored by Brendon Macaraeg. Read the original post at: https://www.signalsciences.com/blog/signal-sciences-introduces-advanced-rate-limiting-protection-against-advanced-web-attacks/

Source link

The post #cybersecurity | #hackerspace |<p> Signal Sciences Introduces Advanced Rate Limiting for Fast, Easy Protection Against Advanced Web Attacks <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Norwegian Cruise Line Suffers Data Breach

Source: National Cyber Security – Produced By Gregory Evans

A major cruise operator has suffered a data breach as the travel industry battles the storm created by the COVID-19 outbreak.

Information from a database belonging to Norwegian Cruise Line was discovered on the dark web by an intelligence team at DynaRisk on March 13. 

Data exposed in the incident included clear text passwords and email addresses used to log in to the Norwegian Cruise Line travel agent portal by agents working for companies including Virgin Holidays and TUI. 

DynaRisk said data relating to 29,969 travel agents was breached from the portal on the agents.ncl.eu website on March 12.

“After verifying that the data records are legitimate credentials, we notified a Norwegian Cruise Line representative immediately. Despite opening our message later that day, we received no response. After five days a representative responded to our team to discuss the breach,” said a DynaRisk spokesperson.

DynaRisk said that the incident left agents who were “already vulnerable at this time” at higher risk of cybercrime. 

A DynaRisk spokesperson said: “They are now exposed to account takeovers on numerous platforms, sophisticated phishing emails and fraud, which could put further pressure on large travel agents or worse still, put smaller agents out of business.”

Norwegian Cruise Lines told Infosecurity Magazine: “It has recently come to our attention that the agents.ncl.eu website may have been compromised. In an abundance of caution, we are in the process of asking certain travel partners that may have been affected to change their password for the site and any site for which they may have used the same password, and to remain vigilant of any suspicious activity or emails. 

“We believe limited personal information was involved, specifically names of travel agencies and business contact information such as business addresses and email. This appears to be a unique and isolated incident that involved only a regional travel partner portal which houses marketing materials and educational information and did not involve guest data. We are deeply committed to protecting the security and confidentiality of information and regret any concern this matter may have caused.” 

Norwegian is the third cruise line this month to hit the cybersecurity headlines. Princess Cruises and Holland America Line both reported being hacked on March 2.   

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Norwegian Cruise Line Suffers Data Breach appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Weibo Confirms 538 Million User Records Leaked, Listed For Sale on Dark Web

Source: National Cyber Security – Produced By Gregory Evans

Rumors have spread after Wei Xingguo (Yun Shu), CTO of Chinese Internet security company Moresec and former chief of Alibaba’s Security Research Lab posted on Weibo that millions of Weibo users’ data had been leaked on March 19. Wei claimed that his own phone number was leaked through Weibo and had received WeChat friend requests based on “phone number search.”

In the comment section, netizens claimed that they found 538 million user records including user IDs, number of Weibo posts, number of followers, gender and geographic location available for purchase on the dark web. Among all the user records, 172 million had basic account information, all of which was available for sale for 0.177 Bitcoin.

Luo Shiyao, Weibo’s Security Director responded on Weibo that the Internet security community was merely “overreacting.” “Phone numbers were leaked due to brute-force matching in 2019 and other personal information was crawled on the Internet,” adding that “When we found the security vulnerability we took measures to fix it.” Luo stated that this is likely another “dictionary attack” instead of a direct drag from Weibo’s database.

Both Wei’s thread and Luo’s Weibo post have been deleted.

Flow chart of the information purchase process (Source: Phala Network)

Weibo responded to media admitting that the data leak is true, while no users’ passwords or ID numbers were under threat. Weibo also claimed that its security policy has since been strengthened and is under continuous optimization. The company also stated that the leak traced back to an attack on Weibo in late 2018, when hackers used brute force data through the Weibo interface, that is, using the address book matching interface to find user nicknames through the enumeration segment. Weibo concluded that no other information besides users’ IDs was leaked and its normal services would not be affected.

However, according to Phala Network‘s research, users’ ID numbers, emails, real names, phone numbers and related QQ numbers can all be obtained through the Weibo information leak on the dark net. One search costs approximately 10 RMB. According to TMT Post, a source had purchased their own personal information including name, email, home address, mobile phone number, Weibo account number and password on the dark web and confirmed it to be accurate. Another source revealed to TMT Post that even some user’s license plate numbers and previous passwords could be found. Chat app Telegram is a major platform where transactions for the leaked data are conducted.

Source link
——————————————————————————————————

The post #deepweb | <p> Weibo Confirms 538 Million User Records Leaked, Listed For Sale on Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Google develops Linux tool that tackles USB keystroke injection attacks

Source: National Cyber Security – Produced By Gregory Evans

‘Voight kampff test’ provides warnings about thumb drive malfeasance

Google has developed a tool for Linux machines that combats USB keystroke injection attacks by flagging suspicious keystroke speeds and blocking devices classified as malicious.

Keystroke injection attacks can execute malicious commands via a thumb drive connected to a host machine, by running code that mimics keystrokes entered by a human user.

In a post on the Google Open Source blog, Google security engineer Sebastian Neuner explained Google’s tool uses two heuristic variables – KEYSTROKE_WINDOW and ABNORMAL_TYPING – to distinguish between benign and malicious inputs.

Measuring the time between two keystrokes, KEYSTROKE_WINDOW can generate false positives if users hit two keys almost simultaneously, although accuracy rises along with the number of keystrokes logged.

ABNORMAL_TYPING specifies the ‘interarrival time’ – or gap – between keystrokes.

The heuristic works because automated keystroke inputs are typically faster than those of humans, among other factors.

Neuner advises users to recalibrate the default parameters by gauging their own typing speed using online utilities whilst running the Google tool in ‘monitoring’ mode.

Done over several days or even weeks, this should gradually lower the false positive rate until eliminated, he explained.

The process trains the system to recognise the normal typing pattern of a user thereby helping it to reduce the number of false alarms, instances where genuine user input is incorrectly flagged up as malign.

Simple, inexpensive, widely available

Keystroke injection tools are relatively inexpensive and widely available online, noted Neuner.

Darren Kitchen, founder of pen test tool developer Hak5, is well placed to comment. He invented keystroke injection in 2008 and pioneered the first tool to simulate attacks: the USB Rubber Ducky, which featured in the iconic hacker TV Series Mr. Robot.

“Keystroke injection attacks are popular because they’re simple – the barrier to entry is extremely low,” Kitchen, also founder and host of the popular Hak5 Podcast, told The Daily Swig. “I developed the now de facto language, Ducky Script, so anyone can learn it in a minute or two.”

Keystroke injection attacks are also difficult to detect and prevent, according to Neuner, since they’re delivered via the most widely used computer peripheral connector: the humble USB.

Keystrokes are also sent “in a human eyeblink while being effectively invisible to the victim” sitting at the computer, he said. Kitchen pointed out that the “USB Rubber Ducky can type over 1,000 words per minute with perfect accuracy and never needs a coffee break”.

Kitchen recounts how he developed keystroke injection to “automate my then mundane IT job – fixing printers in the terminal with one-liners”, before realizing that it “violated the inherent trust computers have in humans.

“That’s a flaw that’s hard to fix,” he continued, “because we want computers to trust us, and the way we speak to them (Alexa notwithstanding) is by keystrokes.”

‘Hacking the Gibson’

However, the attack is “only as powerful as the user that logged in”, said Kitchen, adding that he probably wouldn’t be “hacking the Gibson” since his machines are restricted in what the ordinary user can do.

“On the other hand, if you’re in an organization that has ignored security best practices over the past decade, and all of your ordinary users have administrative privileges, then yeah – keystroke injection attacks are a problem (and you probably have many more).”

Neuner, who posted two videos demonstrating an attack against a machine with and without the tool installed, advised against viewing Google’s utility as a comprehensive fix.

“The tool is not a silver bullet against USB-based attacks or keystroke injection attacks, since an attacker with access to a user’s machine (required for USB-based keystroke injection attacks) can do worse things if the machine is left unlocked,” he said.

The security engineer added that Linux tools like fine-grained udev rules or open source projects like USBGuard, through which users can define policies and block specific or all USB devices while the screen is locked, can add further protection.

Matthias Deeg, head of research and development at German pen testing firm SySS GmbH, said it remained to be seen how effective Google’s tool would prove.

“In my opinion, this new tool is interesting and may actually help preventing automated keystroke injection attacks, for instance via bad USB devices,” Deeg, who has researched wireless input devices, including their use for keystroke injection attacks, told The Daily Swig.

“However, we have not yet tested this tool and its implemented heuristics used for detecting automated keystroke injection attacks, and thus cannot say how easily it can be bypassed by tweaking the keystroke injection behavior of the attacker tool. This appears to be a good old cat-and-mouse game.”

A Github README for the Google tool includes a step-by-step setup and operation guide. The utility is run as a systemd daemon, which is enabled on reboot.

RELATED WHID Elite: Weaponized USB gadgets boast multiple features for the stealthy red teamer

Source link

The post #hacking | Google develops Linux tool that tackles USB keystroke injection attacks appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Rogers’ vendor leaves database open

Source: National Cyber Security – Produced By Gregory Evans

A third-party service provider to Rogers Communications left open a database used for marketing purposes, exposing customer PII.

The Canadian telecom provider did not name the firm involved, nor the number of people affected, but reported that the incident was uncovered on Feb. 26, 2020 and involved the service provider leaving a database open to the public for an unspecified amount of time.

The third-party vendor, which handles promotional offer fulfillment for Rogers, exposed customer names, addresses, account numbers, email addresses and telephone numbers. No payment card information nor login credentials were involved.

The data that was exposed can cause a great deal of harm to its owners as cybercriminals can use it to create well-crafted phishing emails from which they may be able to extract even more valuable personal data.

Original Source link

The post #cybersecurity | hacker | Rogers’ vendor leaves database open appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | DEF CON 27 Monero Village – Daniel Kim’s ‘Keynote Speech: Monero Introduction And Investor Perspective’

Source: National Cyber Security – Produced By Gregory Evans

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via the DEF CON Conference YouTube Channel for all to see, enjoy and learn.

Permalink

The post DEF CON 27 Monero Village – Daniel Kim’s ‘Keynote Speech: Monero Introduction And Investor Perspective’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> DEF CON 27 Monero Village – Daniel Kim’s ‘Keynote Speech: Monero Introduction And Investor Perspective’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | VPNs: Not a cybersecurity slam dunk for telecommuters in the age of COVID-19

Source: National Cyber Security – Produced By Gregory Evans

CISOs and cybersecurity teams around the world are watching their threat surface multiply as millions of staffers find themselves working from home for the first time in order to help constrain the spread of Coronavirus.

The removal of these people from the safe and controlled working environment found in their offices and tossing them into the wild, so to speak, means a greater dependence on VPNs, which may prove problematical as most large enterprises are not prepared to host the majority of their workforce online, and smaller companies may not be set up at all for this type of access.

Then there is the additional threat posed by workers operating outside the direct oversight of IT and security teams possibly making catastrophic decisions that could endanger the entire organization.

Stan Lowe, global CISO for Zscaler, noted that most businesses have enough VPN hardware to generally handle between 20 percent and 30 percent of their workforce working remotely. However, now that entire corporations have been forced to send their employees home with their laptops this is proving not to be anywhere near enough.

It is also no simple nor inexpensive matter to go out and purchase additional equipment, at least the type needed by larger firms that require a high degree of security, Lowe said. Zscaler is a provider of a cloud-based, remote access software.

“If you need more equipment, it takes time—you have to buy it, wait for it to ship and arrive then deploy it, update the hardware and keep it updated. And that’s just the VPN stack. Trying to scale VPNs and other legacy remote access technology, adding tens of thousands of users, can take months and break a corporate network,” he said, adding three to five months is a good guesstimate for such an upgrade.

For those companies that cannot increase their VPN capacity it might become necessary to put their workers onto shifts so the VPN capability that is on hand is spread out, Lowe said.

Even companies well-equipped to handle an influx in VPN usage face the daunting task of bringing those who normally occupy office space up to speed on how to use their VPN and make sure their home network can handle the added bandwidth.

“IT must be sure to educate their users, so they are aware of the impact on everyone and to limit their bandwidth-heavy activity, like Netflix streaming, to outside of office hours. This will ensure that productivity doesn’t drop and that users don’t try to forgo the VPN altogether, which could have dire consequences for the security of the business,” said Justin Jett, director of audit and compliance for Plixer.

Another unique situation that needs to be addressed, Jett said, is that not only are employees at home, but so is the rest of their family. A person attempting to do work at the kitchen table is competing with their spouse who is working from the den and their kids who may be gaming or streaming video in another room. All of these demands need to be balanced so work can get done, perhaps requiring the kiddies to limit themselves to board games during the day and steaming when office hours are over.

Then there is the cybersecurity aspect of this new reality. Using a VPN does not by itself make working from home more secure. Lowe pointed out that with people linking in from all over the world, possibly through an insecure router, a company’s attack surface is vastly increased. Even those with a safe connection can cause problems as cybercriminals are working overtime right now to come up with new phishing lures designed to grab login credentials from all the individuals who are now telecommuting full time.

“A VPN only secures the communication channel between the employee’s workstation and the corporate network. However, as a massive amount of home workers now start to use their personal workstations to access corporate assets, it’s only a matter of time until we see a soaring number of cyberattacks that originate from these personal devices that can be easily breached,” said Tal Zamir, co-founder and CTO of Hysolate.

If just one person makes a mistake a malicious actor could gain the information needed to access a corporate network. Placing even more pressure on the individual is the fact that there is nobody from the company’s IT department or security team within earshot to ask if an email is malicious or legit.

“If devices are infected with malware, even workers who use a VPN client cannot evade attackers who can ride their VPN connection to raise havoc in enterprise networks. The more users are working from home, the greater the risk. Organizations should instruct employees to use trusted dedicated workstations to access sensitive corporate assets and avoid using their multi-purpose personal devices,” Tamir said.

A VPN breach is about as bad as you can get, the ability for someone to travel internally from VPN infrastructure into sensitive data is extremely easy, said Aaron Zander, Head of IT at HackerOne.

Companies able to add VPN capacity are not safe but must takes several extra measures to ensure errors are not made in their haste to deploy the new hardware.

“Triple check all of your network configurations, ACL’s, firewall rules, etc. Without a doubt in 9 months from now, we’ll be looking at news stories about two impacts resulting from COVID-19 — all the babies being born, and all the breaches that have happened because of negligent infrastructure,” Zader said.

Original Source link

The post #cybersecurity | hacker | VPNs: Not a cybersecurity slam dunk for telecommuters in the age of COVID-19 appeared first on National Cyber Security.

View full post on National Cyber Security