Home Tags Amazon.com

Tag: Amazon.com

Right Now Get a $20 Amazon Dash Wand With Alexa For...

Dash Wand is a wifi enabled kitchen assistant that helps you shop AmazonFresh and millions of everyday essentials on Amazon.com.

Essentially free, since right now you get a $20 Amazon credit when you register the device. How does it work? Just scan a barcode on an item you need, or press the button and say:"How many teaspoons in a tablespoon?”"How many calories are there in Greek yogurt?""Alexa, ask Pizza Hut to place an order."To read this article in full or to leave a comment, please click here

Spam and phishing in Q1 2017

Although the beginning of Q1 2017 was marked by a decline in the amount of spam in overall global email traffic, in March the situation became more stable, and the average share of spam for the quarter amounted to 55.9%.

The US (18.75%) remained the biggest source of spam, followed by Vietnam (7.86%) and China (7.77%).

AMD’s Radeon memory business is slowing down

AMD's Radeon memory business has slowed down, with fewer products available in the U.S. and no new product releases since the introduction of the Polaris GPUs last year.Products are not being sold by key partners like Newegg, Best Buy, or TigerDirec...

33% off H&R Block Tax Software Deluxe Federal and State 2016...

Step-by-step interviews guide you through a customized experience relevant to your tax situation.

Everything you need to prepare your federal and state taxes in one complete program.

Additionally, the H&R Block Refund Bonus program offers you the option of using some or all of your federal individual income tax refund to purchase electronic gift cards from Amazon.com, and as a special bonus they'll add up to 10% to your e-gift card.

The PC download is available on Amazon now for 33% off its retail price. Mac version available for the sale price as well.
See the popular tax software now on Amazon.To read this article in full or to leave a comment, please click here

AWS tries to protect its customers from DDoS attacks with new...

One of the big stories in security over the past year has been the rise of devastating distributed denial of service (DDoS) attacks that have hit sites and organizations like DNS provider Dyn, the BBC and the website of security journalist Brian Krebs. Amazon Web Services is trying to help protect its customers with a new service aimed at mitigating DDoS impacts. It’s called Shield, and the free entry-level tier is enabled by default for all web applications running on AWS, starting on Wednesday. Werner Vogels, the CTO of Amazon.com, unveiled the service at AWS’ re:Invent conference in Las Vegas. Automatically protecting its customers may help encourage businesses to pick Amazon’s cloud over others, or convince businesses to migrate their web applications to the cloud. It’s also a strike against companies like Cloudflare and Akamai, which offer DDoS mitigation services. Shield Standard is aimed at protecting web apps from the overwhelming majority of common DDoS attacks at no extra cost. (For the nerds out there, Vogels said that it would block volumetric attacks like NTP reflection attacks, and many state exhaustion attacks.) Companies that are concerned about more sophisticated attacks can pay for AWS’ Shield Advanced service, which gives them a number of advanced capabilities. First off, they get access to an always-available hotline that they can reach out to when they need help with a DDoS attack. That support will work with customers to develop custom mitigation for attacks that aren’t covered by the standard service. For customers of AWS’ load balancing and DNS services, the public cloud provider will also cap their costs while the attack is ongoing, so it’s easier for them to weather the storm. Shield is a part of the fleet of announcements coming out of re:Invent. Over the past week, Amazon has revealed a number of capabilities, including new infrastructure offerings, data analysis tools, AI-driven APIs and more.

Spam and phishing in Q3 2016

 Download the full report (PDF) Spam: quarterly highlights Malicious spam Throughout 2016 we have registered a huge amount of spam with malicious attachments; in the third quarter, this figure once again increased significantly.

According to KSN data, in Q3 2016 the number of email antivirus detections totaled 73,066,751. Most malicious attachments contained Trojan downloaders that one way or another loaded ransomware onto the victim’s computer. Number of email antivirus detections, Q1-Q3 2016 The amount of malicious spam reached its peak in September 2016.

According to our estimates, the number of mass mailings containing the Necurs botnet alone amounted to 6.5% of all spam in September.

To recap, this kind of malicious spam downloads the Locky malware to computers. Most emails were neutral in nature. Users were prompted to open malicious attachments imitating bills supposedly sent by a variety of organizations, receipts, tickets, scans of documents, voice messages, notifications from stores, etc.
Some messages contained no text at all.

All this is consistent with recent trends in spam: fraudsters are now less likely to try and impress or intimidate users to make them click a malicious link or open an attachment.
Instead, spammers try to make the email contents look normal, indistinguishable from other personal correspondence.

Cybercriminals appear to believe that a significant proportion of users have mastered the basics of Internet security and can spot a fake threat, so malicious attachments are made to look like everyday mail. Of particular note is the fact that spam coming from the Necurs botnet had a set pattern of technical email headers, while the schemes used by the Locky cryptolocker varied a lot.

For example, the five examples above contain the following four patterns: JavaScript loader in a ZIP archive loads and runs Locky. Locky is loaded using a macro in the .docm file. Archived HTML page with a JavaScript script downloads Locky. Archived HTML page with a JavaScript script downloads the encrypted object Payload.exe, which runs Locky after decryption. Methods and tricks: links in focus IP obfuscation The third quarter saw spammers continue to experiment with obfuscated links.

This well-known method of writing IP addresses in hexadecimal and octal systems was updated by scammers who began to add ‘noise’.

As a result, an IP address in a link may end up looking like this: HTTP://@[::ffff:d598:a862]:80/ Spammers also began to insert non-alphanumeric symbols and slashes in domain/IP addresses, for example: http://0122.0142.0xBABD/ <a href=/@/0x40474B17 URL shortening services Spammers also continued experimenting with URL shortening services, inserting text between slashes.

For example: Sometimes other links were used to add text noise: The use of search queries Some spammers have returned to the old method of hiding the addresses of their sites as search queries.

This allows them to solve two problems: it bypasses black lists and makes the links unique for each email.
In the third quarter, however, spammers went even further and used the Google option “I’m Feeling Lucky”.

This option immediately redirects users to the website that’s displayed first in the list of search results, and it can be activated simply by adding “&btnI=ec” to the end of the link.

Clicking on the link redirects users to the spammer’s site rather than to the page displayed in the Google search results.

The advertising site itself is obviously optimized to appear first in the search results.

There could be lots of similar queries within a single mass mailing. The example above involves yet another trick.

The search query is written in Cyrillic.

The Cyrillic letters are first converted to a decimal format (e.g., “авто” becomes “Авто”), and then the whole query in decimal format, including special symbols, are converted to a hexadecimal URL format. Imitations of popular sites The third quarter saw phishers trying to cheat users by making a link look similar to that of a legitimate site.

This trick is as old as the hills.
In the past, real domain names were distorted very slightly; now, cybercriminals make use of either subdomains imitating real domain names or long domains with hyphens.
So, in phishing attacks on PayPal users we came across the following domain names: Phishing attacks targeting Apple users included the following names: Spammers have also found help from new “descriptive” domain zones, where a fake link can seem more topical and trusted, for example: Testers required Q3 email traffic contained mass mailings asking users to participate in free testing of a product that they could then keep.

The authors of the emails we analyzed were offering popular goods such as expensive brand-name home appliances (coffee machines, robot vacuum cleaners), cleaning products, cosmetics and even food. We also came across a lot of emails offering the chance to test the latest models of electronic devices including the new iPhone that was released at the end of the third quarter.

The headers used in these mass mailings include: “Register to test & keep a new iPhone 7S! Wanted:! IPhone 7S Testers”.

The release of the latest iPhone was met with the usual surge of spam activity dedicated exclusively to Apple products. The largest percentage of spam in the third quarter – 61.25% – was registered in September #KLReport Tweet The people sending out these messages are in no way related to the companies whose products they use as bait. Moreover, they send out their mass mailings from fake email addresses or from empty, newly created domains. The senders promise to deliver the goods for testing by post, and using this pretext they ask for the recipient’s postal and email addresses as well as other personal information.

A small postal charge in is imposed on the user, but even if the goods are delivered, there is no guarantee they will be good quality.

There are lots of posts on the Internet by users saying they never received any goods, even after paying the postage costs.

This has an element of old-fashioned non-virtual fraud: the cybercriminals receive money transfers under the pretext of a postal charges and then disappear. Gift certificates to suit all tastes Spam traffic in Q3 included some interesting mailings using the common theme of fake gift certificates. Recipients were offered the chance to participate in an online survey in return for a certificate worth anything from ten to hundreds of euros or dollars.

They were led to believe that the certificates were valid for large international retail chains, online hypermarkets, grocery stores, popular fast-food chains as well as gas stations. In some cases, the senders of these fraudulent messages said they were carrying out a survey to improve the customer support services of the organizations that were allegedly behind these generous offers, as well as to improve the quality of their products.
In other cases, the message was described as a stroke of luck and that the recipient’s email address was randomly selected for a generous gift as a mark of appreciation for using the brand’s goods or services.

The messages were indeed randomly sent out to email addresses that had been collected by spammers, and did not necessarily belong to customers of the companies named in emails. To confirm receipt of the gift certificate, the user is asked to follow a link in the email which in fact leads to an empty domain with a descriptive name (e.g. “winner of the day”).

Then, via the redirect, the user ends up at a newly created site with a banner designed in the style of the brand that supposedly sent out the mailing.

The user is notified that the number of certificates is limited and that they have only 90 seconds to click on a link, thereby agreeing to receive the gift.

After completing a short survey asking things such as “How often do you use our services?” and “How are you planning to use the certificate?” the user is asked to enter their personal data in a form.

And finally the “lucky winner” is redirected to a secure payment page where they have to enter their bank card details and pay a minor fee (in the case we analyzed the sum was 1 krone). In Q3 2016 Germany (13.21%) remained the country targeted most by malicious mailshots #KLReport Tweet According to online reviews, some potential victims of this type of certificate fraud were asked to call a number to participate in a telephone survey rather than an online survey.

This type of fraudulent scheme is also quite common: the idea is to keep someone on the paid line for as long as possible until they give up on the promised reward. Like the offers to participate in the testing of goods, these themed messages were sent out from fake addresses with empty or newly created domains that had nothing to do with the organizations in whose name the cybercriminals were offering the certificates. Statistics Proportion of spam in email traffic Percentage of spam in global email traffic, Q2 and Q3 2016 The largest percentage of spam in the third quarter – 61.25% – was registered in September.

The average share of spam in global email traffic for Q3 amounted to 59.19%, which was 2 p.p. more than in the previous quarter. Sources of spam by country Sources of spam by country, Q3 2016 In Q3 2016, the contribution from India increased considerably – by 4 p.p. – and became the biggest source of spam with a share of 14.02%.
Vietnam (11.01%, +1 p.p.) remained in second place.

The US fell to third after its share (8.88%) dropped by 1.9 p.p. As in the previous quarter, fourth and fifth were occupied by China (5.02%) and Mexico (4.22%) respectively, followed by Brazil (4.01%), Germany (3.80%) and Russia (3.55%).

Turkey (2.95%) rounded off the TOP 10. Spam email size Breakdown of spam emails by size, Q2 and Q3 2016 Traditionally, the most commonly distributed emails are very small – up to 2 KB (55.78%), although the proportion of these emails has been declining throughout the year, and in Q3 dropped by 16 p.p. compared to the previous quarter. Meanwhile, the proportion of emails sized 10-20 KB increased considerably from 10.66% to 21.19%.

The other categories saw minimal changes. Malicious email attachments Currently, the majority of malicious programs are detected proactively by automatic means, which makes it very difficult to gather statistics on specific malware modifications.
So we have decided to turn to the more informative statistics of the TOP 10 malware families to trigger mail antivirus.
TOP 10 malware families Trojan-Downloader.JS.Agent (9.62%) once again topped the rating of the most popular malware families.

Trojan-Downloader.JS.Cryptoload (2.58%) came second.
Its share increased by 1.34 p.p.

As in the previous quarter, Trojan-Downloader.MSWord.Agent (2.34%) completed the top three. The popular Trojan-Downloader.VBS.Agent family (1.68%) fell to fourth with a 0.48 p.p. decline.
It was followed by Trojan.Win32.Bayrob (0.94%). TOP 10 malware families in Q3 2016 A number of newcomers made it into the bottom half of this TOP 10. Worm.Win32.WBVB (0.60%) in seventh place includes executable files written in Visual Basic 6 (in both P-code and Native modes) that are not recognized as trusted by KSN.

The malware samples of this family are only detected by Mail Anti-Virus.

For this type of verdict File Antivirus only detects objects with names that are likely to mislead users, for example, AdobeFlashPlayer, InstallAdobe, etc. In Q3 2016 India (14.02%) became the biggest source of spam #KLReport Tweet Trojan.JS.Agent (0.54%) came eighth.

A typical representative of this family is a file with .wsf, .html, .js and other extensions.

The malware is used to collect information about the browser, operating system and software whose vulnerabilities can be used.
If the desired vulnerable software is found, the script tries to run a malicious script or an application via a specified link. Yet another newcomer – Trojan-Downloader.MSWord.Cryptoload (0.52%) – occupied ninth place.
It is usually a document with a .doc or .docx extension containing a script that can be executed in MS Word (Visual Basic for Applications).

The script includes procedures for establishing a connection, downloading, saving and running a file – usually a Trojan cryptor. Trojan.Win32.Agent (0,51%), which was seventh in the previous quarter, rounded off the TOP 10 in the third quarter. Countries targeted by malicious mailshots Distribution of email antivirus verdicts by country, Q3 2016 Germany (13.21%) remained the country targeted most by malicious mailshots, although its share continued to decline – by 1.48 p.p. in Q3. Japan (8.76%), whose share increased by 2.36 p.p., moved up to second.

China (8.37%) in third saw its share drop by 5.23 p.p. In Q3 2016, fourth place was occupied by Russia (5.54%); its contribution increased by 1.14 p.p. from the previous quarter.
Italy came fifth with a share of 5.01%.

The US remained in seventh (4.15%).

Austria (2.54%) rounded off this TOP 10. Phishing In Q3 2016, the Anti-Phishing system was triggered 37,515,531 times on the computers of Kaspersky Lab users, which is 5.2 million more than the previous quarter. Overall, 7.75% of unique users of Kaspersky Lab products worldwide were attacked by phishers in Q3 2016. Geography of attacks China (20.21%) remained the country where the largest percentage of users is affected by phishing attacks.
In Q3 2016, the proportion of those attacked increased by 0.01 p.p. Geography of phishing attacks*, Q3 2016 *Number of users on whose computers the Anti-Phishing system was triggered as a percentage of the total number of Kaspersky Lab users in the country The percentage of attacked users in Brazil decreased by 0.4 p.p. and accounted for 18.23%, placing the country second in this rating. UAE added 0.88 p.p. to the previous quarter’s figure and came third with 11.07%.
It is followed by Australia (10.48%, -2.29 p.p.) and Saudi Arabia (10.13%, +1.5 p.p.). TOP 10 countries by percentage of users attacked: China 20.21% Brazil 18.23% United Arab Emirates 11.07% Australia 10.48% Saudi Arabia 10.13% Algeria 10.07% New Zealand 9.7% Macau 9.67% Palestinian Territory 9.59% South Africa 9.28% The share of attacked users in Russia amounted to 7.74% in the third quarter.
It is followed by Canada (7.16%), the US (6.56%) and the UK (6.42%). Organizations under attack Rating the categories of organizations attacked by phishers The rating of attacks by phishers on different categories of organizations is based on detections of Kaspersky Lab’s heuristic anti-phishing component.
It is activated every time a user attempts to open a phishing page while information about it has not yet been included in Kaspersky Lab’s databases.
It does not matter how the user attempts to open the page – by clicking a link in a phishing email or in a message on a social network or, for example, as a result of malware activity.

After the security system is activated, a banner is displayed in the browser warning the user about a potential threat.
In Q3 of 2016, the share of the ‘Financial organizations’ category (banks, payment systems, online stores) accounted for more than half of all registered attacks.

The percentage of the ‘Banks’ category increased by 1.7 p.p. and accounted for 27.13%.

The proportion of ‘Online stores’ (12.21%) and ‘Payment systems’ (11.55%) increased by 2.82 p.p. and 0.31 p.p. respectively. Distribution of organizations affected by phishing attacks by category, Q3 2016 In addition to financial organizations, phishers most often attacked ‘Global Internet portals’ (21.73%), ‘Social networking sites’ (11.54%) and ‘Telephone and Internet service providers’ (4.57%). However, their figures remained almost unchanged from the previous quarter – the change for each category was no more than a single percentage point. Hot topics this quarter Attacks on users of online banking The third quarter saw the proportion of attacked users in the ‘Banks’ category increase significantly – by 1.7 p.p.

The four banks whose clients were attacked most often are all located in Brazil.

For several years in a row this country has ranked among the countries with the highest proportion of users attacked by phishers, and occasionally occupies first place. Naturally, online banking users are priority targets for cybercriminals, since the financial benefits of a successful attack are self-evident. Links to fake banking pages are mostly spread via email. Example of a phishing email sent on behalf of a Brazilian bank.

The link in the email leads to a fake page that imitates the login page to the user’s banking account
‘Porn virus’ for Facebook users At the beginning of the previous quarter, Facebook users were subjected to phishing attacks.

Almost half a year later, the same scheme was used by fraudsters to attack users in Europe.

During the attack, a provocative adult video was used as bait.

To view it, the user was directed to a fake page (a page on the xic.graphics domain was especially popular) imitating the popular YouTube video portal. Example of a user being tagged in a post with the video This extension requested rights to read all the data in the browser, potentially giving the cybercriminals access to passwords, logins, credit card details and other confidential user information.

The extension also distributed more links on Facebook that directed to itself, but which were sent using the victim’s name. Phisher tricks Carrying on from the second quarter, we continue to talk about the popular tricks of Internet fraudsters.

The objectives are simple – to convince their victims that they are using legitimate resources and to bypass security software filters.
It is often the case that the more convincing the page is for the victim, the easier it is to detect with a variety of technologies for combating fraudsters. Nice domains We have already described a trick whereby spammers use genuine-looking links in emails to spread phishing content.

Fraudsters often resort to this technique regardless of how the phishing page is distributed.

They are trying to mislead users, who do actually pay attention to the address in the address bar, but who are not technically savvy enough to see the catch. The main domain of the organization that is being attacked might be represented, for example, by a 13th-level domain: Or might simply be used in combination with another relevant word, e.g., secure: These tricks help deceive potential victims, though they make it much easier to detect phishing attacks using security solutions. Different languages for different victims By using information about the IP address of a potential victim, phishers determine the country in which they are located.
In the example below, they do so by using the service http://www.geoplugin.net/json.gp?ip=. Depending on the country that has been identified, the cybercriminals will display pages with vocabulary in the corresponding language. Examples of files that are used to display a phishing page in a specified language The example below shows 11 different versions of pages for 32 different locations: Example of a script used by phishers to display the relevant page depending on the location of the victim TOP 3 attacked organizations Fraudsters continue to focus most of their attention on the most popular brands, enhancing their chances of a successful phishing attack. More than half of all detections of Kaspersky Lab’s heuristic anti-phishing component are for phishing pages hiding behind the names of fewer than 15 companies. The TOP 3 organizations attacked most frequently by phishers accounted for 21.96% of all phishing links detected in Q3 2016. Organization % of detected phishing links Facebook 8.040955 Yahoo! 7.446908 Amazon.com 6.469801 In Q3 2016, Facebook (8.1%, +0.07 p.p.) topped the ranking of organizations used by fraudsters to hide their attacks. Microsoft, the leader in the previous quarter, dropped out of the TOP 3.
Second place was occupied by Yahoo! (7.45%), whose contribution increased by 0.38 p.p.

Third place went to Amazon, a newcomer to the TOP 3 with 6.47%. Conclusion In the third quarter of 2016, the proportion of spam in email traffic increased by 2 p.p. compared to the previous quarter and accounted for 59.19%.

The largest percentage of spam – 61.25% – was registered in September.
India (14.02%), which was only fourth in the previous quarter, became the biggest source of spam.

The top three sources also included Vietnam (11.01%) and the US (8.88%). The top three countries targeted by malicious mailshots remained unchanged from the previous quarter.

Germany (13.21%) came first again, followed by Japan (8.76%) and China (8.37%). In Q3 2016, Kaspersky Lab products prevented over 37.5 million attempts to enter phishing sites, which is 5.2 million more than the previous quarter.

Financial organizations were the main target, with banks the worst affected, accounting for 27.13% of all registered attacks.

The most attractive phishing targets in Q3 2016 were clients of four banks located in Brazil.

Exclusive: Our Thai prison interview with an alleged top advisor to...

reader comments 7 Share this story BANGKOK, Thailand—Few people were watching when the prison truck doors swung open at Ratchada Criminal Court to reveal a 55-year-old Canadian inmate.

But there he was: Roger Thomas Clark, the man accused of being “Variety Jones,” notorious dope dealer and top advisor to Silk Road founder Ross “Dread Pirate Roberts” Ulbricht. Enlarge / Clark entering court. Clark did the perp-walk, shuffling unchained and unnoticed past the Bangkok press brigade, which was focused that day on the trial of an accused Spanish murderer.

Accompanied by a lone Thai corrections officer in a sand-coloured uniform, Clark was led to the eighth floor and was greeted by his team of lawyers and interpreters. Clark was here to battle extradition to America and a possible life sentence on charges of narcotics conspiracy and conspiracy to commit money laundering.

But face-to-face, whether in a Thai court or a prison, Clark appeared unfazed by the powerful forces seeking him for a trial on the other side of the planet. Though acknowledging that his odds of beating extradition are slim, Clark remained in high spirits during his July day-trip to the courthouse. He even slipped in a brag or two on the way. “Normally a senior person signs an extradition order, but my order was signed and stamped by John Kerry,” he said, adding that the order came with a blue silk ribbon. “Very few people ever have an extradition signed by John Kerry.” (In the past, Clark has proven to be an eccentric interviewee who has made bold, unsubstantiated claims, such as having access to helicopters and being guarded by members of the Thai Tourist Police, the Khmer Palace Guard, and the Vietnamese Special Forces.) Clark is fighting for his life any way he knows how.

But one thing he’s sure of: he won’t go down like Ulbricht, laptop open and unencrypted.

During a series of recent interviews from prison, Clark bragged about how his machines, when seized by Thai police last year, were all cryptographically secured. Enlarge / Bangkok Remand Prison, where Clark is being held as he awaits the outcome of his extradition hearing. Sam Cooley "They found my three notebooks closed and encrypted" Silk Road functioned for years as a sort of “Amazon.com for drugs.” Equipped with the proper software, users around the world could log into Silk Road and cruise through hundreds of drug listings, read reviews, and decide to purchase a kilogram of heroin off someone named “BigDaddy24”—all without leaving their bedrooms.

During its lifetime, from 2011 to 2013, Silk Road’s user base exploded. Ulbricht eventually had to hire administrators to keep things running smoothly—and Clark is believed to have been one of the most important. In 2013, Ulbricht was captured red-handed in a San Francisco library with his laptop open and logged into Silk Road—and on that laptop was a photograph of Clark. (To this day, the photograph functions as one of the few public pieces of evidence linking Clark to the “Variety Jones” name.) Also on Ulbricht’s computer was a 2011 journal entry paying tribute to Variety Jones’ influence on Silk Road. “He has helped me better interact with the community around Silk Road, delivering proclamations, handling troublesome characters, running a sale, changing my name, devising rules, and on and on,” Ulbricht wrote. “He also helped me get my head straight regarding legal protection, cover stories, devising a will, finding a successor, and so on. He’s been a real mentor.” This evidence, in part, led investigators to suggest that Clark was in fact Variety Jones and that he had advised Ulbricht “on all aspects of the [Silk Road], including how to maximize profits and use threats of violence to thwart law enforcement,” according to a press release issued after Clark’s arrest in Thailand. On the Internet, Variety Jones came across as a bit of a tough guy.

According to seized chat logs, Jones may have been instrumental to Ulbricht’s decision to commission the killing of one of his workers whom he believed had defected. (The “killing” was actually faked by a corrupt—and now-convicted—DEA agent.) That toughness came through in prison, where Clark periodically receives visitors. When the buzzers rang at the visitation segment of Bangkok Remand Prison this June, Clark took a seat at a row of telephones to discuss his predicament during a series of interviews with co-author Sam Cooley. (Disclosure: Cooley purchased two containers of Pringles and three cartons of soy milk for Clark before one interview.) “Guilt is a technical term,” Clark said, adding that he won’t be taken by the FBI the same way Ulbricht was in 2013. “They don’t have shit on me.
I’m not going [to the US].
It’s an impossible circumstance.” “They might have caught Ross with his notebook opened, as they claim, but they found my three notebooks closed and encrypted,” Clark added, claiming his home was raided without a warrant on the Thai island of Koh Chang in December 2015. “Forensics could spend 30 years trying to decrypt those hard drives and still not get anywhere; so in a way, those hard disks are a headache,” he said. “The longer they need to open them, the longer I can relax here in Bangkok.

They would rather deny that they seized all this evidence.” For the past 20 years, Clark says he’s been living internationally—though most recently on the concrete floor of the jail, where he’s been held for the past nine months. Clark shook his head when asked if he was mistreated. He laughed, saying the only people who complain about the conditions are foreigners—and that he wasn’t about to do so over a jail telephone. “My chances of survival are zero if I go to the US,” he added. Clark also repeated a previous claim to have knowledge about a so-far undiscovered dirty FBI agent—information which he said he’s keeping “under (his) hat” until the right opportunity presents itself. Enlarge / A Thai prison guard. Sam Cooley "39 words exactly" During Clark's July appearance at Ratchada court, an officer of Thailand’s Ministry of Foreign Affairs functioned as a liaison between the US government and its Thai counterparts. Discussion in court that day—all of it in Thai, which was interpreted into English by co-author Akbar Khan—revolved around domain registration and whether the prosecution could provide information about the official registrant of the Silk Road domain name.

Given the complexities of Silk Road’s operations, which formerly existed in the semi-public darknet, prosecutors were forced to concede they did not have a copy of the domain registry. Clark’s defence team responded by launching a barrage of strategic questions which could, at the least, prolong the extradition process.
Shortly afterwards, the court session concluded and Clark was shuffled back to prison. (The hearing was attended by only one other person, a slick-looking Chinese man who described himself as a law student.) As for Clark's newest gambit to save himself from extradition, it comes right out of a spy movie. He said that he recently requested a meeting with an intelligence official close to Thailand’s Prime Minister, Prayut Chan-ocha, because Clark has “top secret information” for the military government. “I am going to write (the information) on a piece of paper for them and hand it to them to read.
It’s not even going to be 40 words; it’s just going to be 39 words. 39 words exactly,” he told me. “The deal can only be done within six days after the verdict has been read, and I have no idea how long this is going to drag on for.” Freelance journalist Sam Cooley tweets at @samcooley. Listing image by Sam Cooley

Thales announces support for AWS Key Management Service

Cloud-based key management service helps businesses to retain control of critical assetsPlantation, FL – 12 August 2016 – Thales, leader in critical information systems, cyber security and data protection, announces support for AWS Key Management Service (KMS) with enhanced security and control through bring your own key (BYOK) with hardware key protection. With Thales hardware security modules (HSMs) and key management on premises, organizations can take control of the lifecycle of the keys they use in the cloud, and revoke or retire those keys as necessary.

This gives organizations flexibility in deploying applications in the cloud while retaining control of critical business operations in-house. Jon Geater, Chief Technology Officer at Thales e-Security says:“As organizations focus on moving their more sensitive data and applications to the cloud, sound encryption key management has become a more important consideration.

The ability to manage cryptographic keys in-house and release them to cloud providers only on a ‘need to use basis’ is becoming an increasingly powerful tool and one that Thales has the proven experience and expertise to deliver. Moreover, local control over the generation and storage of keys can help organizations meet the security and compliance requirements needed in order to run their most sensitive workloads in the cloud.” Find out more about AWS Key Management Service here https://aws.amazon.com/blogs/aws/new-bring-your-own-keys-with-aws-key-management-service/ For industry insight and views on the latest key management trends check out our blog www.thales-esecurity.com/blogs Follow Thales e-Security on Twitter @Thalesesecurity, LinkedIn, Facebook and YouTube About Thales e-SecurityThales e-Security + Vormetric have combined to form the leading global data protection and digital trust management company.

Together, we enable companies to compete confidently and quickly by securing data at-rest, in-motion, and in-use to effectively deliver secure and compliant solutions with the highest levels of management, speed and trust across physical, virtual, and cloud environments.

By deploying our leading solutions and services, targeted attacks are thwarted and sensitive data risk exposure is reduced with the least business disruption and at the lowest life cycle cost.

Thales e-Security and Vormetric are part of Thales Group. www.thales-esecurity.com About ThalesThales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 62,000 employees in 56 countries, Thales reported sales of €14 billion in 2015. With over 22,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements.
Its exceptional international footprint allows it to work closely with its customers all over the world. Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe’s leading players in the security market.

Thales solutions secure the four key domains considered vital to modern societies: government, cities, critical infrastructure and cyberspace. Drawing on its strong cryptographic capabilities, Thales is one of the world leaders in cybersecurity products and solutions for critical state and military infrastructures, satellite networks and industrial and financial companies. With a presence throughout the entire security chain, Thales offers a comprehensive range of services and solutions ranging from data protection and trust management, security consulting, intrusion detection and architecture design to system certification, development and through-life management of products and services, and security supervision with Security Operation Centres in France, the United Kingdom and The Netherlands. Press contactsThales, Media Relations SecurityDorothée Bonneil+33 (0)6 84 79 65 86dorothee.bonneil@thalesgroup.com Thales, Media Relations e-SecurityLiz Harris+44 (0)7973 903648liz.harris@thales-esecurity.com

Mozilla emits nightly builds of heir-to-Firefox browser engine Servo

Rust project still needs a lot of polish Mozilla has started publishing nightly in-development builds of its experimental Servo browser engine so anyone can track the project's progress. Executables for macOS and GNU/Linux are available right here to download and test drive even if you're not a developer.
If you are, the open-source engine's code is here if you want to build it from scratch, fix bugs, or contribute to the effort. Right now, the software is very much in a work-in-progress state, with a very simple user interface built out of HTML.
It's more of a technology demonstration than a viable web browser, although Mozilla has pitched Servo as a potential successor to Firefox's Gecko engine. Crucially, Servo is written using Rust – Mozilla's more-secure C-like systems programming language.
If Google has the language of Go, Moz has the language of No: Rust.
It works hard to stop coders making common mistakes that lead to exploitable security bugs, and we literally mean stop: the compiler won't build the application if it thinks dangerous code is present. Rust focuses on safety and speed: its security measures do not impact it at run-time as the safety mechanisms are in the language by design.

For example, variables in Rust have an owner and a lifetime; they can be borrowed by another owner. When a variable is being used by one owner, it cannot be used by another.

This is supposed to help enforce memory safety and stop data races between threads. It also forces the programmer to stop and think about their software's design – Rust is not something for novices to pick up and quickly bash out code on. This, hopefully, means fewer security bugs in Rust code, which for Servo means fewer exploitable holes in an application that has to deal with potentially hostile data every moment of the day.
Servo hopes to avoid the usual use-after-free() and buffer overflows bugs present in other software, particularly browsers and their plugins, and thus give users a more secure window to the internet. One little problem is that Servo relies on Mozilla's SpiderMonkey JavaScript engine, which is written in C/C++.
So while the HTML-rendering engine will run secured Rust code, fingers crossed nothing terrible happens within the JS engine. The daily Servo builds are available for macOS and Linux, with versions for Windows and Android due to be arriving soon. A preliminary Reg review has found the OS X version functional, though important features such as the buttons on the browser, key commands, and mildly popular sites YouTube and Facebook don't quite ... er ... work just yet. Mozilla will probably want to fix that before launch. The El Reg front page renders pretty much OK Our sister site The Next Platform looks fine, too The Rust Reddit page also renders as expected Amazon.com is completely screwed The New York Times homepage shows up looking normal although the browser couldn't seem to pull in every graphic needed for the page Ebay.com works surprisingly well Servo sport a rather handsome Shiba Inu "Doge" icon, so it at least has that going for it. Such pander.
Very bandwagon "Nightly builds of the Servo web rendering engine are now available," the project blogged at the end of last week. "To make the Servo engine easy to interact with, we are bundling an HTML-based browser UI. While our engine is not yet fully web compatible, we want to give a larger audience the chance to start experimenting with and contributing to Servo." ®