11.5 C
London
Sunday, October 22, 2017
Home Tags Mountains

Tag: mountains

The Carboniferous period was notable for its lack of carbon in the atmosphere.
The largest group of fishes may be 40 million years younger than we thought.
Park Service relented despite initial rejection based on geologists' reviews.
Being a malware researcher means you are always busy with the struggle against mountains of malware and cyberattacks around the world. Over the past decade, the number of daily new malware findings raised up to unimaginable heights: with hundreds of thousands of malware samples per day!
"In the space exploration business, as you may know, cameras rule."
Humans start fire when lightning wouldn't, making for a much longer risk season.
Enterprises don't seem to be getting any better at figuring out Hadoop, but that hasn't stopped them from dumping ever-increasing mountains of cash into it. By Gartner's preliminary estimates, 2016 spend on Hadoop distributions reached $800 million...
'Tor pedo' torpedo torpedoed In a surprising and worrying move, the FBI has dropped its case against a man accused of downloading child sex abuse images, rather than reveal details about how they caught him. Jay Michaud, a middle school teacher in Vancouver, Washington, was arrested in July last year after visiting the Playpen, a dark web meeting place tens of thousands of perverts used to swap mountains of vile underage porn. Unbeknown to him at the time, the FBI were, for about a fortnight, running the site after taking over its servers, and managed to install a network investigative technique (NIT) on his computer to get his real public IP address and MAC address. The Playpen was hidden in the Tor anonymizing network, and the spyware was needed to unmask suspects – about 1,300 public IP addresses were collected by agents during the operation. According to the prosecution, a police raid on his home revealed a substantial hoard of pictures and video of child sex abuse on computer equipment. But now, guilty or not, he's now off the hook after the FBI filed a motion to dismiss its own case [PDF] late last month. Why? Because Michaud's lawyer insisted that the FBI hand over a sample of the NIT code so it could be checked to ensure that it didn't breach the terms of the warrant the FBI obtained to install the malware, and to check that it wouldn't throw up any false positives. US District Judge Robert Bryan agreed, saying that unless the prosecution turned over the code, he'd have to dismiss the charges. The FBI has since been arguing against that, but has now decided that it's better to drop the case than reveal its techniques. The Playpen affair has proved to be a legal minefield in more ways than one. For a start, the admission that the FBI had been distributing such images and videos online troubled many. But the agency also only sought a single warrant to distribute its NIT internationally, which may have been illegal at the time. That's no longer the case, since a change in Rule 41 of the Federal Rules of Criminal Procedure was nodded through by the US Supreme Court and came into effect on December 1 last year. Judges in Playpen cases – there have been hundreds of prosecutions similar to Michaud's lined up by the Feds – haven't always agreed that the FBI had the right to introduce evidence gathered without a local warrant. In the past the FBI has dropped cases rather than reveal their investigation techniques, particularly with its cellphone-tracking Stingray equipment. But those were minor cases – nothing so serious as child abuse. ® Sponsored: Customer Identity and Access Management
You must be prepared for foreseeable attacks as well as the ones that sneak up on you. Organizations deal with two types of cyberthreats: hurricanes and earthquakes. Hurricanes are those attacks you can see coming; earthquakes, you can't. Both are inevitable, and you need to plan and take action accordingly. This starts with an understanding of what threat intelligence is and how to make it relevant and actionable. Threat intelligence can help you transition from constantly reacting to being proactive. It allows you to prepare for the hurricanes and respond to the earthquakes with an efficient, integrated approach.   Eliminate Noise Mention threat intelligence and most organizations think about multiple data feeds to which they subscribe — commercial sources, open source, and additional feeds from security vendors — each in a different format and most without any context to allow for prioritization. This global threat data gives some insight into activities happening outside of your enterprise — not only attacks themselves, but how attackers are operating and infiltrating networks. The challenge is that most organizations suffer from data overload. Without the tools and insights to automatically sift through mountains of disparate global data and aggregate it for analysts and action, this threat data becomes noise: you have alerts around attacks that aren't contextualized, relevant, or a priority. To make more effective use of this data, it must be aggregated in one manageable location and translated into a uniform format so that you can automatically get rid of the noise and focus on what's important. Focus on Threats With global threat data organized, you can focus on the hurricanes and earthquakes that threaten your organization. Hurricanes are the threats you know about, can prepare for, protect against, and anticipate based on past trends. For example, based on research, say that we know a file is malware. This intelligence should be operationalized — turned into a policy, a rule, or signature and sent to the appropriate sensor — so that it can prevent bad actors from stealing valuable data, creating a disruption, or causing damage. As security operations become more mature, you can start to get alerts on these known threats in addition to automatically blocking them so you can learn more about the adversary. This allows you to focus on the attacks that really matter. Earthquakes are unknown threats, or threats that you may not have adequate countermeasures against, that have bypassed existing defenses. Once they're inside the network, your job is to detect, respond, and recover. This hinges on the ability to turn global threat data into threat intelligence by enriching that data with internal threat and event data and allowing analysts to collaborate for better decision making. Threat intelligence helps you better scope the campaign once the threat is detected, learn more about the adversary, and understand affected systems and how to best remediate. By correlating events and associated indicators from inside your environment (e.g., SIEM alerts or case management records) with external data on indicators, adversaries, and their methods, you gain the context to understand the who, what, when, where, why, and how of an attack. Going a step further, applying context to your business processes and assets helps you assess relevance. Is anything the organization cares about at risk? If the answer is "no," then what you suspected to be a threat is low priority. If the answer is "yes," then it's a threat. Either way, you have the intelligence you need to quickly take action. Make Intelligence Actionable Intelligence has three attributes that help define "actionable." Accuracy: Is the intelligence reliable and detailed? Relevance: Does the intelligence apply to your business or industry? Timeliness: Is the intelligence being received with enough time to do something? An old industry joke is that you can only have two of the three, so you need to determine what's most important to your business. If you need intelligence as fast as possible to deploy to your sensors, then accuracy may suffer and you might expect some false positives. If the intelligence is accurate and timely, then you may not have been able to conduct thorough analysis to determine if the intelligence is relevant to your business. This could result in expending resources on something that doesn't present a lot of risk. Ultimately, the goal is to make threat intelligence actionable. But actionable is defined by the user. The security operations center typically looks for IP addresses, domain names, and other indicators of compromise — anything that will help to detect and contain a threat and prevent it in the future. For the network team, it's about hardening defenses with information on vulnerabilities, signatures, and rules to update firewalls, and patch and vulnerability management systems. The incident response team needs intelligence about the adversary and the campaigns involved so they can investigate and remediate. And the executive team and board need intelligence about threats in business terms — the financial and operational impact — in order to increase revenue and protect shareholders and the company as a whole. Analysts must work together and across the organization to provide the right intelligence in the right format and with the right frequency so that it can be used by multiple teams. Operationalizing threat intelligence takes time and a plan. Many organizations are already moving from a reactive mode to being more proactive. But to make time to look out at the horizon and see and prepare for hurricanes while also dealing with earthquakes, organizations need to move to an anticipatory model with contextual intelligence, relevance, and visibility into trends in the threat landscape. Related Content: As Senior VP of Strategy of ThreatQuotient, Jonathan Couch utilizes his 20+ years of experience in information security, information warfare, and intelligence collection to focus on the development of people, process, and technology within client organizations to assist in ... View Full Bio More Insights
An avid audiophile might pore through mountains of specifications looking for the very best in every component category. Why not? But looking for the best antivirus, best firewall, and so on just doesn't sound like much fun, especially when you can't be sure they'll all play nicely together.

Getting your security in the form of an integrated suite is both easier and smarter. You don't have to scour the Internet for multiple components, and your all-in-one suite causes less of a performance hit than an unrelated gaggle of separate tools. The top security vendors offer security suites that integrate a variety of features.
Some stick to the basics, while others pile on tons of useful extras. Just read through PCMag's reviews of security suites and select one that has the features you need.
I've rounded up a collection of top-notch suites, varied enough that one should be just right for you. This article briefly mentions the many tests we use to evaluate security suites and determine which ones are best.
If you want more details on the torture tests we perform on every product we review, please read the full explanation of how we test security software. Basic and Advanced Security Suites Most security vendors offer at least three levels of security products, a standalone antivirus utility, an entry-level security suite, and an advanced suite with additional features. Most entry-level suites include antivirus, firewall, antispam, parental control, and some sort of additional privacy protection such as protection against phishing sites, those frauds that try to steal your passwords.

The advanced "mega-suite" typically adds a backup component and some form of system tune-up utility, and some also add password managers and other security extras. When a new product line comes out, I start by reviewing the antivirus.
In my review of the entry-level suite, I summarize results from the antivirus review and dig deeper into the suite-specific features.

And for a mega-suite review, I focus on the advanced features, referring back to the entry-level suite review for features shared by both. Your choice of a basic or advanced security suite depends entirely on what features matter to you. Symantec is an exception to this pattern. Previously the company offered various antivirus and suite products for PC, Mac, and Mobile.

All the standalone Norton products you may remember were retired a couple years ago, rolled into Symantec Norton Security. However, Symantec recently brought back a standalone antivirus product, Norton AntiVirus Basic. One more thing: The suites we've rounded up here are aimed at protecting consumers, for the most part. You can definitely use any of them in a small business, but as your company grows you may need to switch to a SaaS endpoint protection system.

This type of service lets an administrator monitor and manage security for all your company's computers. Core Antivirus Protection Antivirus is the heart of a security suite; without an antivirus component, there's no suite. Naturally you want a suite whose antivirus is effective. When evaluating an antivirus, I look for high marks from the independent antivirus testing labs.

The fact that the labs consider a product important enough to test is a vote of confidence in itself.

The very best antivirus products get high ratings from many labs. I also perform my own hands-on testing.

For one test I use a relatively static set of malware samples that's replaced once per year.
I note how the antivirus reacts when I try to launch those samples and score it on how well it protects the test system.

For another, I try to download very new malicious files from URLs no more than a few days old. Lab test results, my own test results, and other aspects like ease of use go into my antivirus rating. Firewall Choices A typical personal firewall offers protection in two main areas. On the one hand, it monitors all network traffic to prevent inappropriate access from outside the network. On the other, it keeps a watchful eye on running applications to make sure they don't misuse your network connection.

The built-in Windows Firewall handles monitoring traffic, but doesn't include program control.

A few security suites skip the firewall component, figuring that Windows Firewall already does the most essential firewall tasks. The last thing you want is a firewall that bombards you with incomprehensible queries about online activity.
Should OhSnap32.exe be allowed to connect with 111.222.3.4 on port 8080? Allow or Block? Modern firewalls cut down the need for these queries by automatically configuring permissions for known programs.

The very best ones also handle unknown programs by monitoring them closely for signs of improper network activity and other suspicious behaviors. Have Some Spam These days, most of us hardly ever see spam messages in our inboxes because your email provider filters them out.
If you don't get this service from your provider, it can be hard to even find your valid mail amid all the offers of male enhancements, Russian brides, and quick-money schemes. If your provider doesn't squelch spam, it's smart to choose a suite that has spam filtering built in. Look for one that integrates with your email client.

Client integration lets it divert spam into its own folder, and sometimes let you train the spam filter by flagging any spam messages that get through or, worse, valid messages that wound up in the spam pile. Privacy Protection The best antivirus in the world can't help you if a fraudulent website tricks you into giving away your security credentials. Phishing sites masquerade as bank sites, auction sites, even online game sites. When you enter your username and password, though, your account is instantly compromised.
Some clever ones will even pass along your credentials to the real site, to avoid raising suspicions. Steering users away from phishing sites definitely helps protect privacy, but that's not the only way suites can keep your private information out of the wrong hands.
Some offer specific protection for user-defined sensitive data, credit cards, bank accounts, that sort of thing.

Any attempt to transmit sensitive data from your computer sets of an alarm.
Some contract with third-party vendors to offer credit protection.

And some supply a hardened browser that lets you do online banking in an environment isolated from other processes. What About Parental Control? I don't penalize a suite for omitting parental control. Not everyone has kids, and not every parent feels comfortable about controlling and monitoring their children's computer use. However, if parental control is present, it has to work. Blocking inappropriate websites and controlling how much time the child spends on the Internet (or on the computer) are the core components of a parental control system.
Some suites add advanced features like instant message monitoring, limiting games based on ESRB ratings, and tracking the child's social networking activity. Others can't even manage the basics successfully. Don't Bog Me Down One big reason to use a security suite rather than a collection of individual utilities is that the integrated suite can do its tasks using fewer processes and a smaller chunk of your system's resources. Or at least, that's what ought to happen.

Few modern suites have an appreciable effect on performance. For a hands-on measure of just what effect installing a particular suite has, I time three common system actions with and without the suite installed, averaging many runs of each test. One test measures system boot time, another moves and copies a large collection of files between drives, and a third zips and unzips that same file collection repeatedly.
Suites with the very lightest touch have almost no effect on the time required. Backup and Tune-Up Utilities In a sense, having a backup of all your files is the ultimate security.

Even ifransomware destroys your data, you can still restore from backup.
Some vendors reserve backup for their mega-suite offering, while others include it in the entry-level suite. Read my reviews carefully, as backup capabilities vary wildly.

At the low end, some vendors give you nothing you couldn't get for free from Mozy, IDrive, or another online backup service.

At the high end you might get 25GB of online storage hosted by the vendor, along with the ability to make local backups. Tuning up your system performance has no direct connection with security, unless it serves to counteract the security suite's performance drag. However, tune-up components often include privacy-related features such as clearing traces of browsing history, wiping out temporary files, and deleting lists of recently used documents.

For a dedicated system-cleaning app, read our roundup of the Best Tune-Up Utilities. What's Not Here We have more high-scoring suites than can fit in a top-ten chart, so a few had to be cut.
Symantec Norton Security Deluxe is identical to Symantec Norton Security Premium, except with half as many licenses and no online backup; that was an easy choice. McAfee Total Protection and McAfee LiveSafe differ only in their selection of high-end bonus features; unusual biometrically secured storage won LiveSafe a spot in the top ten. Then there's Webroot SecureAnywhere Internet Security Plus (2016), which lacks the backup and tune-up components found in Webroot SecureAnywhere Internet Security Complete (2016). Naturally I gave the nod to the more complete suite. What's the Best Security Suite? The chart at top details ten security suites that we definitely recommend, including multi-device suites, mega-suites, and entry-level suites.
If you're looking for a suite that covers the basics without getting in the way, Bitdefender Internet Security and Kaspersky Internet Security are our Editors' Choice winners.
In the mega-suite range, Editors' Choice goes to Bitdefender Total Security and Kaspersky Total Security, with more features than you can imagine.
Symantec Norton Security Premium protects up to 10 devices, and McAfee LiveSafe doesn't put any limit on the number of devices—these two are our Editors' Choice products for cross-platform multi-device security suite. With one of these powerful tools protecting your devices, you can relax and enjoy some time off. FEATURED IN THIS ROUNDUP
reader comments 89 Share this story Investigators have little doubt that a National Security Agency contractor arrested in August hoarded mountains of classified material, but so far they've found no evidence that he leaked anything to anyone, The New York Times reported Friday. Still, even if Harold T. Martin III didn't intentionally leak anything, federal officials remain highly concerned. Martin's home computers had "minimal security protection," leaving open the possibility, however remote, that hackers broke in and stole data that could compromise vital national security programs.

As the NYT reported: "Let’s just say he’s only a psycho hoarder and he keeps this stuff with his old copies of National Geographic and his collection of lunchboxes," said an administration official, who also asked not to be named. "That’s still extremely troubling to anyone in national security, because people like that don’t keep track of where things are or with whom they are talking." In Mr. Martin’s case, the official said, the sloppy handling "is particularly worrisome—we are talking sources and methods, tactics, techniques and procedures.

Those are the things we guard most closely." On seven occasions in the last three years, top-secret information has leaked from the NSA, raising concerns that leakers remain at large in a post-Edward Snowden agency. Martin's former wife portrayed her ex-husband, a former Navy officer, as a loyal US patriot who probably took the material so he could work on it at home.

The hoarding occurred over years.

At first, material was snuck out on paper, then on CDs, and eventually on thumb drives. A former PhD mentor at the University of Maryland, Baltimore County, where Martin was a PhD candidate, also portrayed Martin as dedicated and thoughtful.

But the mentor also said Martin seemed to believe his research into offensive computer security was under-appreciated on a campus where students and faculty had little understanding of the military. Over the past few years, two leaks in particular have concerned officials. One involved techniques the NSA uses to penetrate targeted computers even when they're not connected to the Internet.

Another published by WikiLeaks identified eavesdropping targets and included transcripts of intercepted communications from American allies.
So far, investigators are skeptical that the information came from Martin, but they are continuing to look for connections. Listing image by NSA
Enlarge / Jennifer Youngman, 65, used a .410 gauge shotgun like this to take out a drone.Big Swede Guy reader comments 76 Share this story With a single shotgun blast, a 65-year-old woman in rural northern Virginia recently shot down a drone flying over her property. The woman, Jennifer Youngman, has lived in The Plains, Virginia, since 1990.

The Fauquier Times first reported the June 2016 incident late last week. It marks the third such shooting that Ars has reported on in the last 15 months—last year, similar drone shootings took place in Kentucky and California. Youngman told Ars that she had just returned from church one Sunday morning and was cleaning her two shotguns—a .410 and a .20 gauge—on her porch.
She had a clear view of the Blue Ridge Mountains and neighbor Robert Duvall’s property (yes, the same Robert Duvall from The Godfather). Youngman had seen two men set up a card table on what she described as a “turnaround place” on a country road adjacent to her house. “I go on minding my business, working on my .410 shotgun and the next thing I know I hear ‘bzzzzz,’" she said. "This thing is going down through the field, and they’re buzzing like you would scaring the cows." Youngman explained that she grew up hunting and fishing in Virginia, and she was well-practiced at skeet and deer shooting. “This drone disappeared over the trees and I was cleaning away, there must have been a five- or six-minute lapse, and I heard the ‘bzzzzz,’" she said, noting that she specifically used 7.5 birdshot. “I loaded my shotgun and took the safety off, and this thing came flying over my trees.
I don’t know if they lost command or if they didn’t have good command, but the wind had picked up.
It came over my airspace, 25 or 30 feet above my trees, and hovered for a second.
I blasted it to smithereens.” When the men began to walk towards her, she told them squarely: “The police are up here in The Plains and they are on their way and you need to leave.” The men complied. “They got in their fancy ostentatious car—I don’t know if it was a Range Rover or a Hummer—and left,” she said. The Times said many locals believe the drone pilots may have been paparazzi or other celebrity spotters flying near Duvall's property. Youngman said that she recycled the drone but managed to still be irritated by the debris left behind. "I’ve had two punctures in my lawn tractor," she said. The Fauquier County Sheriff’s Office said it had no record of anyone formally complaining about this incident. When Ars asked if the office had heard of any other similar incidents in the region, Sgt. James Hartman replied: "It's happened around the country but not in this region to my knowledge." A gray zone For now, American law does not recognize the concept of aerial trespass.

But as the consumer drone age has taken flight, legal scholars have increasingly wondered about this situation.

The best case-law on the issue dates back to 1946, long before inexpensive consumer drones were technically feasible.

That year, the Supreme Court ruled in a case known as United States v.

Causby
that a farmer in North Carolina could assert property rights up to 83 feet in the air. In that case, American military aircraft were flying above his farm, disturbing his sleep and upsetting his chickens.

As such, the court found he was owed compensation. However, the same decision also specifically mentioned a "minimum safe altitude of flight" at 500 feet—leaving the zone between 83 and 500 feet as a legal gray area. "The landowner owns at least as much of the space above the ground as he can occupy or use in connection with the land," the court concluded. Last year, a pilot in Stanislaus County, California, filed a small claims lawsuit against a neighbor who shot down his drone and won. However, it is not clear whether the pilot managed to collect.
Similarly, a case ensued in Kentucky after a man shot down a drone that he believed was flying above his property.

The shooter in that case, William Merideth, was cleared of local charges, including wanton endangerment. But earlier this year, the Kentucky drone's pilot, David Boggs, filed a lawsuit asking a federal court in Louisville to make a legal determination as to whether his drone’s flight constituted trespassing.

Boggs asked the court to rule that there was no trespass and that he is therefore entitled to damages of $1,500 for his destroyed drone.

The case is still pending. Youngman said she believed in 2nd Amendment rights and also was irritated that people would try to disturb Duvall. “The man is a national treasure and they should leave him the fuck alone,” she said.