Memcached abuse opens door to massive DDoS attacks

A new reflection attack was unveiled today which can increase the size of a DDoS attack by 51,000-fold.  It uses memcached, an object caching system designed to speed up web applications, to amplify attacks against a target.  This represents a substantial increase from previous attacks, which have used network time servers to amplify attacks 58-fold

New Apache Web Server bug can reveal server memory to attackers

Another day, another vulnerability in a widely-used software package.  Today’s bug (dubbed Optionsbleed by Hanno Böck, the journalist who documented the vulnerability) can reveal passwords and other pieces of vital information to attackers.  While not as big of a threat as Heartbleed, a similar bug which allowed attackers to snag private encryption keys for servers (which

New WordPress Vulnerability Results in ~2 Million Defaced Sites

The vulnerability was patched in WordPress v4.7.2 two weeks ago, but millions of sites haven’t yet updated.  This leaves them open to a vulnerability in the WordPress REST API, which can allow malicious actors to edit any post on a site. Ars Technica has a very nice writeup on the effects of the exploit, which

Is it time to abandon antivirus software?

I’ve noticed a growing trend in more advanced computer users lately: some of them have begun advocating against using antivirus software.  Instead, they suggest using browser extensions like uBlock Origin (which I use and recommend), combined with safe browsing practices, to remove the need for antivirus software altogether.  Ars Technica did a very nice write-up on this trend today,

New Host!

I’ve finally moved to a VPS on DigitalOcean, from my previous (free) shared hosting.  I did this for a couple of reasons: first, while my hosting was free for a year with my domain name, that year was almost up.  To renew my hosting for the second+ year, I would have needed to pay $38.88/year;

Uncertainty, the Fed, and the Economy

The New York Times published this opinion piece recently, discussing the Fed’s continuing decision to delay raising rates.  While the entire article is interesting, I believe that the final paragraph is the most insightful: Adding to the frustration is that Fed policy is not to blame for the economy’s underperformance. Congress bears much of the blame because of

Hacking the Hackers

Have you ever heard of Hacking Team?  It’s an Italian company specializing in “digital infiltration” products for governments, law enforcement agencies, and large corporations.  Simply put, they sell hacking tools. You might think, given their business model, that they would monitor their own security religiously.  Last year, however, they were hacked.  Majorly hacked.  “Hundreds of Gb” of their internal

What is asymmetric cryptography?

Whitfield Diffie and Martin Hellman were jointly awarded the 2015 ACM A.M. Turing Award today.  Their 1976 paper, New Directions in Cryptography, essentially created asymmetric cryptography.  Today, asymmetric cryptography secures our online communications—from PGP-secured texts, emails, and files, to TLS and SSL-secured websites (including this one).  So how does asymmetric cryptography work, and how is the Diffie-Hellman key