In addition to his role with the site, agents had identified OxyMonster as a major seller of Oxycontin and crystal meth. "OxyMonster's vendor profile featured listings for Schedule II controlled substances Oxycontin and Ritalin," testified DEA agent Austin Love. "His profile listed 60 prior sales and five-star reviews from buyers. In addition, his profile stated that he ships from France to anywhere in Europe." Investigators discovered OxyMonster's real identity by tracing outgoing Bitcoin transactions from his tip jar to wallets registered to Vallerius. Agents then checked his Twitter and Instagram accounts, where they found many writing similarities, including regular use of quotation marks, double exclamation marks, and the word "cheers," as well as intermittent French posts. The evidence led to a warrant being issued for Vallerius' arrest.
U.S. investigators had been monitoring the site for nearly two years, but got their break when Vallerius flew to the U.S. for a beard-growing competition in Austin, Texas. He now faces a life sentence for conspiracy to distribute controlled substances.
What is the worst "you can't do" or "you must do" that you've been subjected to in a security review? A fictitious example would be: you must authenticate all clients with a client certificate, plus basic auth, plus MFA token. Tell your story here, omitting incriminating details.
According to ICANN, between 6% to 8% of ISPs did not install the new KSK key to replace the one issued in 2010. The organization says that if it had gone forward with the original KSK Rollover plan, over 60 million Internet users would have been unable to make DNS requests. For the vast majority, ICANN blames lazy ISPs, which failed to update their existing keys. ICANN also believes that many ISPs may not be aware they had not installed the latest KSK. ICANN also distributed software to automatically pull down and install the new KSK. Some ISPs opted to use this software, which apparently had some bugs and failed to download and install the new KSK, in some situations.
Because of this, ICANN announced this week it would delay the KSK Rollover final step — of removing and revoking the original KSK key -- to the first quarter of 2018. ICANN has not decided yet on a precise date.
For example, if a security researcher finds a security vulnerability on a website, he can access the site's security.txt file for information on how to contact the company and securely report the issue. According to the current security.txt IETF draft, website owners would be able to create security.txt files that look like this:
#This is a comment
The idea is that anyone in the world can send heavy workloads over the cloud to a Q.rad and have it render the task and heat a person's home in the process. The two industries that are targeted by Qarnot include movies studios for 3D rendering and VFX, and banks for risk analysis. Qarnot is opting in for Ryzen Pro processors over Intel i7 processors due to the performance gain and heat output. According to Qarnot, they "saw a performance gain of 30-45% compared to the Intel i7." They also report that the Ryzen Pro is "producing the same heat as the equivalent Intel CPUs" they were using -- all while providing twice as many cores.
While it's neat to see a company convert what would otherwise be wasted heat into a useful asset that heats a person's home, it does raise some questions about the security and profitability of their business model. By using Ryzen Pro's processors, OS independent memory encryption is enabled to provide additional security layers to Qarnot's heaters. However, Q.rads are naturally still going to be physically unsecured as they can be in anyone's house.
Further reading: The Mac Observer, TechRepublic
The award ceremony will be held the evening of September 14 at Delancey Street's Town Hall Room in San Francisco. The keynote speaker is Emmy-nominated comedy writer Ashley Nicole Black, a correspondent on Full Frontal with Samantha Bee who uses her unique comedic style to take on government surveillance, encryption, and freedom of information.
The EFF describes Chelsea Manning as "a network security expert, whistleblower, and former U.S. Army intelligence analyst whose disclosure of classified Iraq war documents exposed human rights abuses and corruption the government kept hidden from the public." Their annoncement also notes that Annie Game has led the IFEX network of 115+ journalism and civil liberties groups around the world for over 10 years, and that Mike Masnick coined the term "The Streisand Effect" -- and is currently being sued by that man who claims he invented email.
Microsoft has joined [Mozilla, Google and Apple] in abandoning trust in their certificates. A Microsoft representative wrote: "Microsoft has concluded that the Chinese CAs WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Observed unacceptable security practices include back-dating SHA-1 certificates, mis-issuances of certificates, accidental certificate revocation, duplicate certificate serial numbers, and multiple CAB Forum Baseline Requirements (BR) [issuance and management rules for public certificates] violations." Microsoft will start "the natural deprecation of WoSign and StartCom certificates by setting a 'NotBefore' date of 26 September 2017. This means all existing certificates will continue to function until they self-expire. Windows 10 will not trust any new certificates from these CAs after September 2017."
This move will also affect for Android 4.3 users or stock MS-Windows 7/IE users (which has TLS 1.2 switched off in Internet Options.) Not to mention all the mail servers out there running outdated crypto.
While the conventional wisdom is that data storage is cheap, it is not free. And with companies turning to more expensive flash storage, it saves money to remove redundant data, said Richard Fichera, vice president and principal analyst at Forrester Research... Red Hat, which sells a version of the Linux operating system used by many Fortune 500 companies, also offers its own storage software. And, it wants to become a more formidable challenger in data storage, a goal that can be furthered by buying Permabit's technology, Fichera said.
Slashdot reader See Attached points out that this week Red Hat also released RHEL 7.4, which introduces support for Network Bound Disk Encryption (NBDE) and system protection against intrusive USB devices.