A vulnerability mostly affecting older versions of Google's Android operating system may make it possible for attackers to execute malicious code on end-user smartphones that use a wide variety of apps, researchers said.
- ad networks
- Android
- Android
- Android Market
- Ars Technica
- AVG
- banking
- Bloomberg
- carrier contracts
- cell phones
- Cloud clients
- communications channels
- Computing
- Dan Goodin
- Einar Otto Stangvik
- Elad Shapira
- Embedded Linux
- encryption protocol
- encryption protocol
- Google Chrome
- Google Chrome OS
- Indev
- internal network
- JavaScript
- JavaScript
- JavaScript
- Lookout
- MWR Labs
- Neiman Marcus
- Norway
- operating system
- Scripting languages
- sister protocol
- sister protocol
- smartphone
- smartphone software
- Smartphones
- smartphones
- SMS
- Software
- SSL
- Technology
- The Associated Press
- Tim Wyatt
- United Kingdom
- virtual machine
- web content
- web-based content
- Wi-Fi
- Actor model
- AJAX
- API
- bolt-on solutions
- C
- C++
- Christmas
- Computer programming
- Computing
- Concurrent computing
- Coroutine
- data centres using commodity hardware
- Erik Unger
- Erlang
- Gene Smith
- Guido van Rossum
- Java
- Java
- JSON
- Mark Summerfield
- MRI
- Negation
- Peter Bourgon
- Python
- Python
- Python
- real-time collaboration
- Robert Griesemer
- Ruby
- Ruby Conf
- Ruby on Rails
- Scripting languages
- SOA
- Software engineering
- Soundcloud
- Stack
- stack web application framework
- Subroutines
- Tobias Lütke
- Tony Arcieri
- Vimeo Channel
- virtual machine
- Web applications
- web components
- Web development
- web framework
- web requests
- Web Toolkit
- x86 dual-core chips
- YouTube
The Linux Foundation has taken control of the open source Xen virtualization platform and enlisted a dozen industry giants in a quest to be the leading software for building cloud networks.
The 10-year-old Xen hypervisor was formerly a community project sponsored by Citrix, much as the Fedora operating system is a community project sponsored by Red Hat. Citrix was looking to place Xen into a vendor-neutral organization, however, and the Linux Foundation move was announced today. The list of companies that will "contribute to and guide the Xen Project" is impressive, including Amazon Web Services, AMD, Bromium, Calxeda, CA Technologies, Cisco, Citrix, Google, Intel, Oracle, Samsung, and Verizon.
Amazon is perhaps the most significant name on that list in regard to Xen. The Amazon Elastic Compute Cloud is likely the most widely used public infrastructure-as-a-service (IaaS) cloud, and it is built on Xen virtualization. Rackspace's public cloud also uses Xen. Linux Foundation Executive Director Jim Zemlin noted in his blog that Xen "is being deployed in public IaaS environments by some of the world's largest companies."
- Amazon
- Amazon Web Services
- AMD
- Ars Technica
- Bromium
- Business Technology
- business technology
- CA Technologies
- Calxeda
- Cisco
- Citrix
- Citrix Systems
- Citrix XenServer
- Cloud infrastructure
- cloud networks
- Federal Communications Commission
- Hyper-V
- Hypervisor
- information technology
- Intel
- Jim Zemlin
- John Steele
- Jon Brodkin
- Kernel
- Kernel-based Virtual Machine
- kvm
- Linux
- Linux
- Linux Foundation
- open source cloud infrastructure software
- OpenNebula
- OpenStack
- operating system
- Oracle
- Rackspace
- Red Hat
- Samsung
- Software
- System software
- Technology
- Technology Lab
- Technology Lab
- University of Cambridge Computer Laboratory
- Verizon
- virtual machine
- Virtual machines
- virtualization
- VMware
- wireless technology
- wireless technology
- xen
- Xen
Original photo by Michael Kappel / Remixed by Aurich Lawson
Have a plan to steal millions from banks and their customers but can't write a line of code? Want to get rich quick off advertising click fraud but "quick" doesn't include time to learn how to do it? No problem. Everything you need to start a life of cybercrime is just a few clicks (and many more dollars) away.
Building successful malware is an expensive business. It involves putting together teams of developers, coordinating an army of fraudsters to convert ill-gotten gains to hard currency without pointing a digital arrow right back to you. So the biggest names in financial botnets—Zeus, Carberp, Citadel, and SpyEye, to name a few—have all at one point or another decided to shift gears from fraud rings to crimeware vendors, selling their wares to whoever can afford them.
In the process, these big botnet platforms have created a whole ecosystem of software and services in an underground market catering to criminals without the skills to build it themselves. As a result, the tools and techniques used by last years' big professional bank fraud operations, such as the "Operation High Roller" botnet that netted over $70 million last summer, are available off-the-shelf on the Internet. They even come with full technical support to help you get up and running.
- advertising click fraud
- advertising clicks
- Ars Technica
- Baltimore
- bank fraud operations
- botnet software
- botnets
- Botnets
- Computer crime
- Computer network security
- Computer security
- Computing
- Cyberwarfare
- DC
- Denial-of-service attack
- enterprise software
- Features
- Internet crime
- John Steele
- Law & Disorder
- Malware
- Maryland
- Max Goncharov
- Multi-agent systems
- network systems integrator
- Nicholas J. Percoco
- online fraud services
- Risk Assessment
- Sean Gallagher
- software updates
- Spamming
- swiss army
- Technology
- Trend Micro
- Trojan horse
- Trustwave
- virtual machine
- VPN
- Washington, DC
- web forums
- Zeus
MojoKid writes "There's no doubt that gaming on the Web has improved dramatically in recent years, but Mozilla believes it has developed new technology that will deliver a big leap in what browser-based gaming can become. The company developed a highly-optimized version of Javascript that's designed to 'supercharge' a game's code to deliver near-native performance. And now that innovation has enabled Mozilla to bring Epic's Unreal Engine 3 to the browser. As a sort of proof of concept, Mozilla debuted this BananaBread game demo that was built using WebGL, Emscripten, and the new JavaScript version called 'asm.js.' Mozilla says that it's working with the likes of EA, Disney, and ZeptoLab to optimize games for the mobile Web, as well." Emscripten was previously used to port Doom to the browser.
Read more of this story at Slashdot.
- ACs
- Android
- API
- Application programming interfaces
- C++
- Computing
- Cross-platform software
- Firefox
- Firefox
- flash
- genetic algorithms
- Google Chrome
- GPU
- JavaScript
- JavaScript
- killer 3D web application
- OpenGL
- p2p
- Shader
- Shading
- Software
- using genetic algorithms
- virtual machine
- Virtual reality
- WebGL
- William Shakespeare
- Yahoo!
Fifteen years ago, you weren't a participant in the digital age unless you had your own homepage. Even in the late 1990s, services abounded to make personal pages easy to build and deploy—the most famous is the now-defunct GeoCities, but there were many others (remember Angelfire and Tripod?). These were the days before the "social" Web, before MySpace and Facebook. Instant messaging was in its infancy and creating an online presence required no small familiarity with HTML (though automated Web design programs did exist).
Things are certainly different now, but there's still a tremendous amount of value in controlling an actual honest-to-God website rather than relying solely on the social Web to provide your online presence. The flexibility of being able to set up and run anything at all, be it a wiki or a blog with a tipjar or a photo hosting site, is awesome. Further, the freedom to tinker with both the operating system and the Web server side of the system is an excellent learning opportunity.
The author's closet. Servers tend to multiply, like rabbits. Lee Hutchinson
It's super-easy to open an account at a Web hosting company and start fiddling around there—two excellent Ars reader-recommended Web hosts are A Small Orange and Lithium Hosting—but where's the fun in that? If you want to set up something to learn how it works, the journey is just as important as the destination. Having a ready-made Web or application server cuts out half of the work and thus half of the journey. In this guide, we're going to walk you through everything you need to set up your own Web server, from operating system choice to specific configuration options.
- Apache
- Ars Technica
- Computing
- correct tool
- Debian
- dedicated server
- desktop virtualization product
- Features
- Gear & Gadgets
- gui
- hardening
- home server
- Houston
- HTML
- HTML
- Hyper-V
- instant messaging
- LAMP
- Lee Hutchinson
- Linux
- Linux
- Linux
- MySpace
- Nginx
- online presence
- Operating system
- operating system
- operating systems
- personal Web server
- photo hosting site
- RAM
- ready-made Web
- secure Web server
- server
- Server
- social web
- Software
- ssl
- standalone product
- System software
- Technology
- Technology Lab
- Texas
- ubuntu
- Ubuntu
- Unix
- virtual machine
- virtualization solution
- VMware
- VMware Fusion
- VMware Server
- VMware VSphere
- Web
- Web design programs
- Web hosting
- web hosts
- web server
- web server
- web server
- Web server side
- Web servers
- 1100 Scientific Information Processor
- Alan Kay
- alternatives solutions
- Bill Finzer
- Bob Flegal
- C dynamic memory allocation
- C++
- Computer programming
- Computing
- Dan Ingalls
- DEVS
- Diana Merry
- Garbage collection
- Glenn Krasner
- Haskell
- James Althoff
- Java
- Java
- John Carmack
- Kim McCall
- Larry Tesler
- Laura Gould
- LUA
- Marc Meyer
- Memory management
- Negation
- overall systems
- Peggy Asprey
- Peter Deutsch
- Region-based memory management
- Robert Flegal
- search parameters
- Simula
- simulation
- Smalltalk
- Smalltalk
- Smalltalk
- Smalltalk-80
- Software Concepts Group
- Software engineering
- Steve Putz
- Technology
- Ted Kaehler
- United Nations
- virtual machine
- virtual memory
- Xerox
Enlarge / A diagram of a side-channel attack on a virtual machine. Using a malicious VM running on the same hardware, scientists were able to recover a private encryption key.
Piercing a key defense found in cloud environments such as Amazon's EC2 service, scientists have devised a virtual machine that can extract private cryptographic keys stored on a separate virtual machine when it resides on the same piece of hardware.
The technique, unveiled in a research paper published by computer scientists from the University of North Carolina, the University of Wisconsin, and RSA Laboratories, took several hours to recover the private key for a 4096-bit ElGamal-generated public key using the libgcrypt v.1.5.0 cryptographic library. The attack relied on "side-channel analysis," in which attackers crack a private key by studying the electromagnetic emanations, data caches, or other manifestations of the targeted cryptographic system.
One of the chief selling points of virtual machines is their ability to run a variety of tasks on a single computer rather than relying on a separate machine to run each one. Adding to the allure, engineers have long praised the ability of virtual machines to isolate separate tasks, so one can't eavesdrop or tamper with the other. Relying on fine-grained access control mechanisms that allow each task to run in its own secure environment, virtual machines have long been considered a safer alternative for cloud services that cater to the rigorous security requirements of multiple customers.
- Amazon
- Ars Technica
- Bloomberg
- cloud services
- CPU cache
- cryptography
- Cryptography
- Dan Goodin
- EC2
- EC2 service
- encryption
- Hyper-V
- hypervisor
- Hypervisor
- Johns Hopkins University
- Libgcrypt
- Matthew Green
- multicore server
- North Carolina
- physical hardware
- private key
- processor
- Programming language implementation
- public key
- Public-key cryptography
- Risk Assessment
- RSA Laboratories
- secret key
- side-channel resistant algorithms
- side-channel resistant algorithms
- so-called processor
- Software
- System software
- Technology
- Technology Lab
- The Associated Press
- University of North Carolina
- University of Wisconsin
- virtual machine
- virtual machines
- Virtual machines
- VM
- Wisconsin
- Xen
First time accepted submitter anavictoriasaavedra writes "In October, two German computer security researchers created a map that allows you to see a picture of online cyber-attacks as they happen. The map isn't out of a techno-thriller, tracking the location of some hacker in a basement trying to steal government secrets. Instead, it's built around a worldwide project designed to study online intruders. The data comes from honeypots. When the bots go after a honeypot, however, they're really hacking into a virtual machine inside a secure computer. The attack is broadcast on the map—and the researchers behind the project have a picture of how a virus works that they can use to prevent similar attacks or prepare new defenses."
Read more of this story at Slashdot.