The Phuctor, operated by No Such lAbs, has factored its hundredth modulus by using Euclid's Greatest Common Denominator algorithm. The Phuctor began digesting a dump of public keys from sks keyservers back in May. Less than two weeks later Phuctor had managed to factor a key attached to a key in the PGP strong set. Considering the way the news of Phuctor's first key factoring was handled all interested parties should examine the set of public keys factored for their own betterment.
US Standards Institute Moves From Timekeeping to Methamphetamine
An explosion this weekend at the United State's National Institute of Standards and Technology's Gaithersburg, Maryland complex appears to have resulted from the clandestine manufacture of crystal meth. A security guard was injured in connection with the explosion. NIST is most commonly known for their role as timekeeper for the United States Government.
Universal Shares Own Film With Pirates
On the 15th of this month Universal Pictures France filed a takedown request with Google (archived) demanding they remove from results sites hosting or linking pirated copies of Jurassic World. Among the addresses Universal demanded Google sanction was 127.0.0.1 which is the IP address a computer reserves for communicating with itself. This means that not only was Universal seeding its own film to pirates, it was likely doing so from the same machine used detect and prepare a report on infringement for Universal. Continue reading
Coin.mx Operators Arrested For Violating Anti Money Laundering Laws
Anthony Murgio and Yuri Lebedev operators of the Bitcoin/Fiat exchange Coin.mx were arrested by the FBI at their Florida homes last week and charges in the Southern District of New York by Preet Bharara's office were unsealed against them this week. The Feds accuse Coin.mx of trading roughly 1.8 million dollars worth of Bitcoin and Fiat using the pretext of a memorabilia collector's club to conceal their actual activities from their banks and later acquiring control of a small credit union for greater autonomy. Continue reading
Brute Force for keyboard-interactive OpenSSH Logins Discovered
There is a proof of concept which allows for an attacker to attempt to brute force OpenSSH servers with keyboard-interactive logins enabled. FreeBSD users are especially affected as FreeBSD allows keyboard-interactive OpenSSH logins by default. This brute force allows attempting up to 10,000 password entries at a time. For quite some time it has been known that all forms of password authentication over SSH are weaker by necessity than key based authentication which should be the only login method allowed on any machines over SSH. This is a rather minor enhancement to an existing protocol level vulnerability, but this incident should serve as a reminder that a well configured SSH server will by necessity only allow key based logins. A patch which corrects this issue has already been committed to the source tree and will be included with OpenSSH 7.0 which is due for release in a few weeks.
Counterfeit Coupon Dealer Pleads Guilty
A Louisiana man charged with conspiracy to commit wire fraud and conspiracy to commit trademark counterfeiting in May of this year has plead guilty (archive) to the charges. Beau Wattigney, better known on the PurpleLotus/GoldenLotus/MoxDiamond/NickMode sold counterfeit coupons on the Silk Road 1.0 and 2.0 which provided the bearer with significant discounts such as $50 Visa gift cards for $0.01 each.
Wattigney will be sentenced on October 28th, 2015.
Grooveshark Cofounder Dead at 28
Josh Greenberg a cofounder of the late music streaming service Grooveshark was found dead in his Florida home, and according to the BBC and his mother he had no ongoing health concerns. Grooveshark was founded in 2006 and closed this April after years of legal harassment by agents of the copyright regime culminating in a United States court finding Grooveshark liable for up to nearly three quarter of a billion dollars in damages. At its peak Grooveshark provided 145 people with employment.
"Entertainment System" Vulnerability Turns Vehicles Into Hot Death
Reports (video) are in that cybersecurity researchers Charlie Miller and Chris Valasek have demonstrated a potentially life-threatening1 security vulnerability in a raft of new cars and trucks with "connected" entertainment systems. Continue reading
Michael Hastings, anyone ? ↩
Bitcoin Group's IPO Hit With Stop Order By Australian Regulator
The Australian Securities and Investments Commission has issued an interim stop order on Sam Lee's Bitcoin Group IPO which intends to float on the Australian Stock Exchange later this year. After considerable delays, the Bitcoin Group lodged its prospectus late last month with the regulator issuing the interim stop order on the 13th of July1. At this time, ASIC provides no information as to why it has issued the interim stop order. ASIC describes a stop order as: Continue reading
Document #027846316 ↩
Microsoft Product Critical Vulnerability Week After Update End of Life
Microsoft has now announced a vulnerability in all of its Windows products a week after their Windows Server 2003 product has reached end of life for continued support. For what little it is worth Microsoft has issued an emergency patch to address this vulnerability in supported versions of their Windows family of products. The vulnerability exists in the way Microsoft products handle Microsoft's own "OpenType" format for fonts. This exploit via fonts affecting Windows desktops and servers follows an April exploit which rooted Windows servers using their flawed JPEG handling mechanisms. Microsoft stands to profit from users of Windows Server 2003 both upgrading to a supported version or opting for premium beyond end of life support contracts.