venerdì 30 agosto 2013

"Guardians Of The Galaxy" Officially Has The Strangest Comic Book Movie Cast Ever

http://www.buzzfeed.com/adambvary/guardians-of-the-galaxy-officially-has-the-strangest-comic-b

UPDATED: Bradley Cooper just joined Chris Pratt, Zoe Saldana, Glenn Close, John C. Reilly, Karen Gillan, Benicio Del Toro, and (maybe) Vin Diesel. This cast is really happening, folks.

marvel.com

UPDATED (AUG. 30, 2013): Marvel Studios has had a habit of occasionally casting out-of-the-box actors for its movies. Kat Dennings in Thor and Robert Redford in 2014's Captain America: The Winter Soldier aren't the sort of actors one might expect to see in a comic book movie. Most famously, pre-Iron Man Robert Downey, Jr. was a quirky character actor with zero box office cred.

With Guardians of the Galaxy, however, co-writer-director James Gunn (Slither) has apparently been given carte blanche to cast his movie pretty much entirely with actors you would never expect to see in a modern comic book movie — or, at least, never in the way he's cast them. With each new casting notice, this movie — which started production in July — just gets more and more koo-koo-brains exciting.

Bradley Cooper as Rocket Raccoon

Bradley Cooper as Rocket Raccoon

The latest addition to the cast would make a huge amount of sense as a superhero — just not this one. Cooper will lend his voice to play the genetically engineered talking raccoon who hails from a planet of the insane. Yup. Really. It's glorious.

Luke Macgregor / Reuters

Vin Diesel as Groot, maybe

Vin Diesel as Groot, maybe

The Fast & Furious star has been dropping a lot of contradictory hints as to who in the Marvel universe he may be playing soon, and the latest is that he's in talks to lend his unmistakable baritone to the tree creature Groot, one of the five main Guardians. Since all anyone usually can hear him say is "I am Groot," it shouldn't too taxing of a gig.

Mario Anzuoni / Reuters


View Entire List ›

Which Version Of Sherlock Holmes Is Your Favorite?

http://www.buzzfeed.com/donnad/which-version-of-sherlock-holmes-is-your-favorite

Use these handy diagrams to decide! Tumblr artist Baker took three popular versions of the British detective — Granada circa 1984, Robert Downey Jr. circa 2009, and BBC circa 2011 — and illustrated the differences.

bakerst.tumblr.com

bakerst.tumblr.com

bakerst.tumblr.com

bakerst.tumblr.com


View Entire List ›

Missy Elliott Releases A K-Pop Duet With G-Dragon

http://www.buzzfeed.com/kmallikarjuna/missy-elliott-releases-a-k-pop-duet-with-g-dragon

It’s called Niliria and it’s incredible.

G-Dragon and Missy premiered Niliria at KCON, the largest k-pop convention in the US.

G-Dragon and Missy premiered Niliria at KCON, the largest k-pop convention in the US.

Missy being the badass that she is was the only non-Asian performer to grace KCON's stage.

And as usual Missy was fierce as hell.

And as usual Missy was fierce as hell.

Everything from her gold mic to her neon hightops was perfection.

Everything from her gold mic to her neon hightops was perfection.

She and G-Dragon killed it.

She and G-Dragon killed it.


View Entire List ›

26 Signs You're Living Under A Dome

http://www.buzzfeed.com/louispeitzman/26-signs-youre-living-under-a-dome

If you can relate to this list, you’re probably a resident of Chester’s Mill. Sorry about that dome.

You're trapped by an invisible dome.

You're trapped by an invisible dome.

CBS

Like, you can't cross it at all.

Like, you can't cross it at all.

CBS

And it's actually THE WORST.

And it's actually THE WORST.

CBS

You've tried EVERYTHING.

You've tried EVERYTHING.

CBS


View Entire List ›

Anonymous Hacker Claims FBI Directed LulzSec Hacks


Sentencing for former LulzSec leader Hector Xavier Monsegur, better known as Sabu, has again been delayed.
Monsegur was scheduled to be sentenced Friday morning in New York federal court. But in a letter to the court, the U.S. attorney general's office requested that Monsegur's sentencing be delayed "in light of the defendant's ongoing cooperation with the government." His sentencing has now been rescheduled for Oct. 25. 

The requested delay has become a pattern, reflecting Monsegur's continued cooperation with the FBI since he was arrested in June 2011 and turned informer. "Since literally the day he was arrested, the defendant has been cooperating with the government proactively," U.S. district attorney James Pastore, the prosecuting lawyer, told a judge presiding over a secret August 2011 hearing into the 12 charges filed against Monsegur. "He has been staying up sometimes all night engaging in conversations with co-conspirators that are helping the government to build cases against those co-conspirators," Pastore added.
Monsegur, who faces up to 122.5 years in prison, avoided a trial by pleading guilty to all of the charges filed against him in federal court. Some of those charges relate to launching distributed denial of service (DDoS) attacks against PayPal, MasterCard and Visa, as well as accessing servers belonging to Fox, InfraGard Atlanta and PBS.  

On the eve of Sabu's scheduled sentencing last week, one of the hackers he helped bust -- Jeremy Hammond, who in May pleaded guilty to hacking intelligence service Stratfor, and who now faces up to 10 years in jail and $2.5 million in restitution -- alleged that the FBI used LulzSec and Anonymous as a private hacker army.
"Sabu was used to build cases against a number of hackers, including myself. What many do not know is that Sabu was also used by his handlers to facilitate the hacking of targets of the government's choosing -- including numerous websites belonging to foreign governments," claimed Hammond, who's himself due to be sentenced next month, and who offered no evidence to support his assertions. "What the United States could not accomplish legally, it used Sabu, and by extension, me and my co-defendants, to accomplish illegally."
The FBI didn't immediately respond to a request for comment on Hammond's allegations, but the bureau has previously been criticized for its failure to stop the Stratfor hacks and resulting data dump, which occurred after Sabu turned informer. Timing-wise, Hammond -- using the hacker handle "Sup_g" -- gave Sabu a heads-up on the planned intrusion on Dec. 6, 2011, then hacked into Stratfor on December 13. The next day, he informed Sabu about what he'd done, and Sabu, at the direction of the FBI, told him to upload the stolen data onto a server that was secretly controlled by the FBI. On Dec. 24, the hackers defaced the Stratfor site and published the stolen data. Two days later, Sabu tied Sup_g to another alias, "Anarchaos," that the bureau knew that Hammond used. But the FBI didn't arrest Hammond until three months later, which has led some conspiracy theorists to posit that the bureau had another agenda, such as building Sabu's bona fides to try to ensnare WikiLeaks chief Julian Assange.
The bureau has previously denied suggestions that it looked the other way during the Stratfor hack, perhaps as part of some larger agenda. "That's "patently false," an FBI official, speaking on condition of anonymity, told The New York Times last year. "We would not have let this attack happen for the purpose of collecting more evidence."
By some accounts, the FBI may have been overwhelmed with hacking-related intelligence, as Sabu received daily updates on multiple planned and executed attacks, as well as information on dozens of vulnerabilities that hackers reported to him directly. In addition, one legal expert told the Times that the paperwork required to arrest someone on hacking charges could easily take six months to prepare.
The ongoing legal drama involving Monsegur and Hammond stands in sharp contrast to the fate of LulzSec and Anonymous members in Britain that Sabu, after he turned snitch, apparently helped authorities identify and arrest. For example, Jake Davis, the former LulzSec spokesman Topiary, has now served his time and been released.
Davis, who as part of his parole is allowed to go online but not contact any of his former LulzSec or Anonymous comprades, recently said in an ongoing Ask.fm question-and-answer session that he pleaded guilty to charges against him so that he could move on with his life. Likewise, he said that when six plainclothes officers showed up in Scotland's remote Shetland Islands, where he lived, and announced that they were there to seize his computer equipment and arrest him on charges that he'd launched a DDoS attack against Britain's Serious Organized Crime Agency, he knew the jig was up. So that morning, when an officer requested the password to his encrypted drive, which contained evidence of his attacks, he divulged it.
"Why did you turn over your encryption keys to Scotland Yard?" asked one Ask.fm questioner. Davis defended his decision in no uncertain terms. "What, and be hunted/monitored mercilessly for the rest of my life by begrudging authorities with the power to flip the tables on your life with a few pieces of paper at any given turn?" he said.
"No thanks, I'll play ball with the encryption keys and say, 'you caught me, I wasn't good enough, fair play, let's get this over with.' And now it's over -- for me. Perhaps not for others. Probably the snitches," he said. "Ironic, isn't it?" 




mercoledì 28 agosto 2013

Twitter and New York Times clash with hackers for control of their sites

For a good chunk of Tuesday, website administrators at Twitter, The New York Times, and other high-profile media outlets appeared to be locked in a high-stakes battle with self-proclaimed Syrian hackers for control of their Internet domains. Just as quickly as twitter.co.uk, nytimes.com, and other domains were returned to their rightful owners, Internet records showed they'd be seized all over again and made to point to a Russian Web host known to cater to purveyors of drive-by malware exploits and other online nasties.
In between these dueling sides was Melbourne IT, an Australian domain registrar that managed the domain names not only for Twitter and the NYT, but also for The Huffington Post, which security researchers also said also experienced problems. Update: A spokesman for the company told The Australian Financial Review the outages were the result of a breach of its security. The login credentials of one of the company's resellers were compromised, allowing attackers to access servers and change settings that direct users to the correct servers.
One of the researchers following the clash was HD Moore, chief research officer of security firm Rapid7, who watched the struggle play out more or less in real time. At one point on Tuesday afternoon, his searches showed the official domain name servers for twitter.co.uk as being ns1.syrianelectronicarmy.com and ns2.syrianelectronicarmy.com. A half-hour later, the name servers had been changed back to the much more benign servers at a4.nstld.com, f4.nstld.com, g4.nstld.com, and l4.nstld.com.
The pattern repeated itself over and over, not just for the Twitter domain but for the addresses belonging to the NYT and The Huffington Post as well, he said. Compounding the turmoil was the time required for name-server changes to make their way to end users. Service providers often cache the records for high-traffic sites for as long as a day at a time. Since the name server is the mechanism that translates the human-friendly domain name into the network-routable IP address, there was no easy way for the legitimate operators to ensure their sites were available to everyone on the Internet.
"The scary thing about this is that once you've changed the DNS for the organization there's not much Twitter can do about it," Moore observed. "They have to wait to get the DNS reset to the previous value. If you watch the whois information right now, it's bouncing back and forth between the Syrian Electronic Army and The New York Times. The New York Times domains are constantly going back and forth and the SEA guys are trying to redirect the websites to a server they control."
At time of writing, both twitter.com and nytimes.com appeared to be under the control of their rightful owners, while twitter.co.uk remained unavailable. A whois search showed its name servers were still listed as ns1.syrianelectronicarmy.com and ns2.syrianelectronicarmy.com.
The fact that all of the affected domains were managed by Melbourne IT at the time that the attacks were initiated has led to speculation that the hacks are the result of some sort of breach at the Australian registrar and Web host. One possibility is that the hackers exploited a server flaw that allowed them to hijack a domain control panel that a Melbourne IT employee uses to change name-server settings and registration information. Indeed, security consultant Mark Burnett unearthed this Pastebin link, which appeared to show someone getting unauthorized terminal access to the company's servers. The more likely explanation—given the SEA's penchant for phishing attacks—is that the hackers were able to coax the log-in credentials from a privileged employee and the compromised credentials haven't been revoked yet.
Here's hoping the SNAFU gets resolved soon. The server to which the Syrian hackers' name servers are sending would-be visitors is located at the IP address 141.105.64.37—a known source of malware and phishing attacks. Someone at Melbourne IT should put out this fire promptly and then tell the rest of us exactly what's going on.

lunedì 26 agosto 2013

Hacked Feature Phone Can Block Other People’s Calls


Swapping software can give one GSM phone the power to prevent incoming calls and text messages from reaching other phones nearby.

By David Talbot on August 26, 2013

WHY IT MATTERS

Most of the world’s phones use the GSM standard.

By making simple modifications to common Motorola phones, researchers in Berlin have shown they can block calls and text messages intended for nearby people connected to the same cellular network. The method works on the second-generation (2G) GSM networks that are the most common type of cell network worldwide. In the U.S., both AT&T and T-Mobile carry calls and text messages using GSM networks.

The attack involves modifying a phone’s embedded software so that it can trick the network out of delivering incoming calls or SMS messages to the intended recipients. In theory, one phone could block service to all subscribers served by base stations within a network coverage area known as a location area, says Jean-Pierre Seifert, who heads a telecommunications security research group at the Technical University of Berlin. Seifert and colleagues presented a paper on the technique at the Usenix Security Symposium in Washington, D.C., last week. An online video demonstrates the attack in action.


Seifert’s group modified the embedded software, or “firmware,” on a chip called the baseband processor, the component of a mobile phone that controls how it communicates with a network’s transmission towers.

In normal situations, when a call or SMS is sent over the network, a cellular tower “pages” nearby devices to find the one that should receive it. Normally, only the proper phone will answer—by, in effect, saying “It’s me,” as Seifert puts it. Then the actual call or SMS goes through.

The rewritten firmware can block calls because it can respond to paging faster than a victim’s phone can. When the network sends out a page, the modified phone says “It’s me” first, and the victim’s phone never receives it.

“If you respond faster to the network, the network tries to establish a service with you as an attacker,” says Nico Golde, a researcher in Seifert’s group. That’s enough to stall communications in a location area, which in Berlin average 200 square kilometers in size. The group didn’t design the hack to actually listen to the call or SMS but just hijacked the paging process.

Traditionally, the details of how baseband processors work internally has been proprietary to makers of chips and handsets. But a few years ago, baseband code for a certain phone, the Vitelcom TSM30, leaked out. That enabled researchers to understand how baseband code works and spawned several open-source projects to study and tweak it.

The Berlin group used that open-source baseband code to write replacement software for Motorola’s popular C1 series of phones (such as the C118, C119, and C123). Those devices all use Texas Instruments’ Calypso baseband processor.

The researchers tested their attack by blocking calls and messages just to their own phones. However, they calculate that just 11 modified phones would be enough to shut down service of Germany’s third-largest cellular network operator, E-Plus, in a location area. “All those phones are listening to all the paging requests in that area, and they are answering ‘It’s me,’ and nobody in that cell will get an SMS or a phone call,” Seifert explains.

Jung-Min Park, a wireless-security researcher at Virginia Tech, says that although devising the attack requires detailed technical knowledge, once it is created, “if someone had access to the same code and hardware, repeating the attack should be possible for an engineer.”

Although carriers today mostly tout their 3G and 4G services, most networks around the world still use GSM networks. Around four billion people worldwide use GSM networks for calls, and carriers also use them for some machine-to-machine applications.

The problem could be fixed, but that would require changing GSM protocols to require phones to prove their identity through an additional exchange of encrypted codes. “The defense is expensive to deploy,” says Victor Bahl, principal researcher and manager of the mobility and networking research group at Microsoft. “I can only speculate that the cell network providers are reluctant to invest in mitigation strategies in the absence of an immediate threat.”

Seifert says the research of his group and others shows that basic aspects of mobile communications can no longer be assumed to be safe from hacking. “The answer of the carriers is: ‘It’s illegal—you are not allowed to do it,’” he says, “However, the implication is that the good old times, where you can assume that all the phones are honest and following the protocol, are over.”