Pulse Wave Techniques Allow Cybercriminals to Quickly Ramp Up DDoS Attacks

By Shane Schick
What used to be a gradual buildup of botnet traffic in distributed denial-of-service (DDoS) attacks has morphed into a series of pulses that spray at different targets like a water cannon, security experts have learned.
A blog post from security firm Imperva Incapsula looked at attacks that have taken place so far this year. Whereas cybercriminals traditionally use an army of bots to force a website offline, the researchers discovered pulses of activity that seemingly come out of nowhere with peak impact. In other words, rather than switching on the bots and creating a slow but steady wave, threat actors are now keeping them on at all times but distributing them differently.

An Instant Crescendo of Malicious Traffic

Companies have tried to mitigate the effects of the attacks by shifting traffic from an on-premises environment to a cloud-based failover area, according to Naked Security. But the near instant crescendo of traffic during these attacks means that those traditional defenses may not work anymore. It also shows how many networks are vulnerable to malicious traffic.
The pulse wave attacks suggest that cybercriminals are being far more strategic and sophisticated in how they carry out their efforts, Tom’s Hardware reported. For instance, the ability to divert malicious traffic from one spot to another could fool an organization into thinking a DDoS assault is over when, in reality, another wave is on its way.

Pulse DDoS Attacks Widen Their Range of Targets

Some of the most likely targets for DDoS attacks include financial technology companies and gaming sites, Imperva Incapsula reported. Organizations of this nature are probably targeted because they deal in lucrative transactions and host personal information about their customers. If pulse wave DDoS becomes popular, there’s a greater possibility that such attacks will be aimed at many other sectors.
Although CSO Online suggested that Imperva Incapsula has a vested interest in encouraging companies to move away from appliance-first hybrid products to mitigate DDoS threats, there’s no question that pulse wave attacks deserve further study as other cybercriminals learn to make use of them.

Researchers Show Danger of DNA Data Paired With Malware-Infected Strand

Security flaws in bioinformatics software have allowed researchers to demonstrate how DNA data could be injected with malicious code to disrupt police forensic investigations or steal intellectual property.

Lab Analysis Tools at Risk

A group of academics from the University of Washington used the 2017 USENIX Security Symposium to present their findings, which exposed vulnerabilities in the applications that are often used to analyze DNA data after it has been sequenced. In a paper, titled, “Computer Security, Privacy and DNA Sequencing: Compromising Computers With Synthesized DNA, Privacy Leaks and More,” the researchers discussed how they not only made use of a bug in a processing program, but also injected malware directly into a strand of DNA.
As Infosecurity Magazine explained, the executable file was launched as the DNA data was being sequenced by the bioinformatics tool, allowing the researchers complete access to the systems running it. The technique is powerful enough that if cybercriminals were to use it, they could probably steal information or compromise a variety of applications, including those used by law enforcement to conduct critical forensic analysis.

Malware Replication in Synthetic DNA Data

The Atlantic pointed out that the composition of DNA data actually looks a lot like the binary structure that makes up the fundamental core of application development. But instead of ones and zeroes, strands use the letters A, C, G and T. Sophisticated cybercriminals could theoretically replicate malicious code as a way to target victims, particularly if the software systems in question aren’t properly patched.
It’s not as though DNA data is being actively used in code injection attacks today, but the University of Washington’s teamwork demonstrated that it could be a credible threat vector at some point. The Verge noted that other scientists conducted an experiment not long ago where living bacteria was embedded with a GIF file showing a horse. That makes stuffing DNA with malware a lot less of a stretch.
There is some level of awareness about the risks in DNA data today already. According to Wired, scientists routinely make sure sequencing doesn’t produce diseases that could infect other living things. But the University of Washington’s research is more of a lesson to IT security experts that the traditional way of monitoring the perimeter may not be enough if a strand of DNA becomes a new endpoint.

Industrial Cobots, Researchers Warn

A robotic machine in a manufacturing setting.
A string of security weaknesses in areas such as default configurations, authentication mechanisms and open source components could enable cybercriminals to easily take over robots used in industrial settings, researchers warned.
An analysis of major industrial and collaborative robots, or cobots, by IOActive revealed close to 50 vulnerabilities that, if exploited, could harm the people who work with them. The firm created a series of videos to demonstrate what tampering with cobots could look like, including swinging robotic arms that have had safety features and emergency settings disabled.

Industrial Cobots Put Workers at Risk

The general public might not be familiar with cobots, but they are far more advanced than you might expect. Companies such as Rethink Robotics, Baxter/Sawyer and Universal Robots have designed cobots to assist human employees with various tasks, using microphones and cameras to see and hear, SecurityWeekreported. That potentially makes them even more dangerous if threat actors hijack them for malicious purposes.
Some of the biggest security holes the researchers discovered involve the way industrial cobots communicate, according to The Daily Mail, as well as poor password protection and lack of authentication. The research concluded that, in some cases, cybercriminals could gain remote access privileges with relative ease, giving them the ability to crush human skulls with a mechanical arm, for example.

Protecting Cobots From Cybercriminals

Bloomberg contacted several of the cobot manufacturers called out in the research, some of which said they were aware of the findings and were already working on fixes. A few did not respond or were unable to confirm whether all the potential holes had been patched. Given how widely cobots are being deployed in many industrial environments, however, there may be more pressure from customers to ensure that they’re safe from cybercriminals.
Even if cobots aren’t manipulated to attack human beings, they could also be used to spy on organizations, Threatpost suggested. Of course, there have been no reports of any such incidents yet.
As more companies are starting to pay attention to security risks associated with the Internet of Things (IoT), cobots may become another endpoint that requires increased vigilance as threat actors learn more about the potential to turn them to their advantage.

Scientists Show How Speech Recognition Software Can Be Compromised via Ultrasounds

Consumers love the convenience of virtual assistants such as Siri, Alexa and Cortana, but a group of researchers has discovered an easy way to compromise the software behind them by using ultrasounds that are inaudible to the human ear.

DolphinAttack Experiment Breaches Speech Recognition Software

Six scientists from Zhejiang University in China posted a video that showed how these inaudible voice commands can occur. The researchers dubbed their experiment the “DolphinAttack” because of the way dolphins seem to communicate without making noises. By using simple off-the-shelf hardware that costs only $3, they were able to breach speech recognition software from Apple, Google, Amazon and others. Turning voice commands into ultrasound frequencies allowed them to take over smartphones, speakers and even a smart car model from Audi.
Although most of what the researchers did was fairly innocuous, such as launching music or video calling applications, malicious actors could turn to DolphinAttacks for far more nefarious purposes, Bleeping Computer pointed out. Speech recognition software could be used to spy on device users, force their browser toward malware-laden URLs or even control where a smart car moves.
As security expert Tavish Vaidya told New Scientist, security is such an issue because voice assistants are capable of much more nowadays than setting an alarm or playing music. The DolphinAttack technique has emerged at a time when speech recognition software is available in a wide variety of applications designed with convenience in mind. Besides looking up information online, for example, many people can now use tools such as Google Now or Siri to manage digital accounts for payments and other transactions.

Attack Limitations and Remaining Threats

Fortunately, there are some limitations to a DolphinAttack. Would-be threat actors would have to be only a few feet away from a device, and the attack might not work if the surrounding environment is very loud, The Vergereported. While the audio equipment used to break into the speech recognition software was cheap, it might need to be customized for a specific device based on the ideal frequencies a particular microphone might pick up. Of course, savvy consumers could also notice the attacks and might need to confirm a command or unlock their device before anything bad could happen.
Still, the researchers were even able to demonstrate how recording a potential victim’s voice could be used to override controls on speech recognition software, such as Siri, that is tailored to a specific user. The Hacker News suggested the best way to prevent a DolphinAttack is to turn off voice commands or wait for vendors to ensure ultrasounds can’t be turned against their customers.

Display Widgets Plug-In Conducted Malware Attack Across 200,000 WordPress Sites

Approximately 200,000 websites running WordPress have been affected by a malware attack from a plug-in that installed a backdoor, allowing a malicious actor to publish spam, collect IP addresses and more.
Wordfence, a security firm that focuses on the popular content management system, said in a blog post that the malware attack has been traced to a plug-in called Display Widgets, which was purportedly designed to manage the way other plug-ins are displayed on WordPress sites. Though it has recently been removed, the threat actor behind the malicious activity did not give up easily.
According to SecurityWeek, the original creator of Display Widgets sold it in late June, after which it was almost immediately updated with a backdoor. David Law, a freelance SEO consultant, noticed the initial malware attack and informed Wordfence, which removed it from the WordPress plug-in repository.
Just a few days later, however, Display Widgets emerged again, this time with an additional file called geolocation.php that could perform the same kind of malware attack, Bleeping Computer reported. When site owners looked at their WordPress admin panels, though, the malicious content was invisible; again, Law detected the malicious activity by tracking visits to an external server by the plug-in.
History then seemed to repeat itself in July and even earlier this month, an article on SC Magazine said, with the Display Widgets owner even making it obvious that the plug-in was being refined to continue launching the same kind of malware attack. In total, the plug-in was made available at least four times before it was pulled for good.
Law has since published his own account of the Display Widgets story. In the post, he provided an overview of the various versions involved and suggested deleting the plug-in. WordPress, meanwhile, banned the developer from its platform following the malware attack and issued critical alerts each time Display Widgets was removed.
Though the extent of the damage may have been limited to spamming various websites, the story illustrates how persistent cybercriminals can be, even in the face of repeated retaliatory action by companies the size of WordPress. It’s also a cautionary tale about the relative ease with which plug-ins can be bought, sold and repurposed for uses the original creators probably never would have imagined.

vmware

  • 5A02H-AU243-TZJ49-GTC7K-3C61N
  • 1F04Z-6D111-7Z029-AV0Q4-3AEH8
  • GV7R8-03G44-4855Y-7PWEE-NL8DA
  • CV79K-8ZD0Q-0807Z-KZQGT-WG8W0
  • YY5M8-89W4P-489FQ-XNNNX-Q2AXA
  • ZF55H-ARG0N-M89QY-FZPZZ-ZKRUA
  • GY7EA-66D53-M859P-5FM7Z-QVH96
  • UC3WA-DFE01-M80DQ-AQP7G-PFKEF
  • CC15K-AYF01-H897Q-75Y7E-PU89A
  • ZA1RA-82EDM-M8E2P-YGYEZ-PC8ED
  • VF1N2-8DX1K-M8D0P-6FZG9-NVKZ4
  • UV31K-2NG90-089XP-UZP7G-YAHU2
  • CA5MH-6YF0K-480WQ-8YM5V-XLKV4
  • UZ1WH-0LF5K-M884Z-9PMXE-MYUYA
  • FV3TR-4RWEM-4805P-6WYEV-QF292
  • FV30R-DWW1H-08E6P-XDQNC-MC2RF
  • ZZ10H-4MGEK-489AY-74WNX-MQ2A4

win keys(only setup )

Windows 10 Home
  • TX9XD-98N7V-6WMQ6-BX7FG-H8Q99
  • WNCQP-HKJCQ-TPYT6-KWQ93-C37X7
Windows 10 Home Single Language7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH
Windows 10 Home Country Specific (CN)PVMJN-6DFY6-9CCP6-7BKTT-D3WVR
Windows 10 Home N3KHY7-WNT83-DGQKR-F7HPR-844BM
Windows 10 Professional
  • W269N-WFGWX-YVC9B-4J6C9-T83GX
  • VK7JG-NPHTM-C97JM-9MPGT-3V66T
  • 8N67H-M3CY9-QT7C4-2TR7M-TXYCV
  • R7VPR-RNR68-DD9GD-DH4HX-XKX2P
Windows 10 Professional N
  • MH37W-N47XK-V7XM9-C7227-GCQG9
  • 2B87N-8KFHP-DKV6R-Y2C8J-PKCKT
Windows 10 Enterprise
  • NPPR9-FWDCX-D2C8J-H872K-2YT43
  • XGVPP-NMH47-7TTHJ-W3FW7-8HV2C
  • CKFK9-QNGF2-D34FM-99QX3-8XC4K
Windows 10 Enterprise N
  • DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4
  • WGGHN-J84D6-QYCPR-T7PJ7-X766F
Windows 10 Enterprise SFWN7H-PF93Q-4GGP8-M8RF3-MDWWW
Windows 10 Education
  • NW6C2-QMPVW-D7KKK-3GKT6-VCFB2
  • YNMGQ-8RYV3-4PGQ3-C8XTP-7CFBY
  • GNGHJ-7RCT8-K2WJV-96284-844BY
Windows 10 Education N
  • 2WH4N-8QGBV-H22JP-CT43Q-MDWWJ
  • 84NGF-MHBT6-FXBX8-QWJK7-DRR8H
Windows 10 Enterprise 2015 LTSBWNMTR-4C88C-JK8YV-HQ7T2-76DF9
Windows 10 Enterprise 2015 LTSB N2F77B-TNFGY-69QQF-B8YKP-D69TJ
Windows 10 CoreKTNPV-KTRK4-3RRR8-39X6W-W44T3
Windows 10 Core Single Language
  • BT79Q-G7N6G-PGBYW-4YWX6-6F4BT
  • JPYNJ-XTFCR-372YJ-YJJ4Q-G83YB
  • JPYNH-XTFCR-372YJ-YJJ3Q-G83YB
  • R3BYW-CBNWT-F3JTP-FM942-BTDXY (CN)
ESD ISO6P99N-YF42M-TPGBG-9VMJP-YKHCF

vs keys

Visual Studio 2017201715.0Professional:
  • KBJFW-NXHK6-W4WJM-CRMQB-G3CDH
Enterprise:
  • NJVYC-BMHX2-G77MM-4XJMR-6Q8QF
Visual Studio 2015201514.0Professional:
  • HMGNV-WCYXV-X7G9W-YCX63-B98R2
Enterprise:
  • HM6NR-QXX7C-DFW2Y-8B82K-WTYJV
  • 2XNFG-KFHR8-QV3CP-3W6HT-683CH
Team Foundation Server:
  • PTBNK-HVGCM-HB2GW-MXWMH-T3BJQ
Visual Studio 2013201312.0Professional:
  • XDM3T-W3T3V-MGJWK-8BFVD-GVPKY
Premium:
  • FBJVC-3CMTX-D8DVP-RTQCT-92494
Ultimate:
  • BWG7X-J98B3-W34RT-33B3R-JVYW9
Team Foundation Server:
  • MHG9J-HHHX9-WWPQP-D8T7H-7KCQG
Visual Studio 2012201211.0Professional:
  • 4D974-9QX42-9Y43G-YJ7JG-JDYBP
Premium:
  • MH2FR-BC9R2-84433-47M63-KQVWC
Ultimate:
  • YKCW6-BPFPF-BT8C9-7DCTH-QXGWC
  • RBCXF-CVBGR-382MK-DFHJ4-C69G8
  • YQ7PR-QTHDM-HCBCV-9GKGG-TB2TM
  • MMVJ9-FKY74-W449Y-RB79G-8GJGJ
  • YCFHQ-9DWCY-DKV88-T2TMH-G7BHP
Team Foundation Server:
  • BVGTF-T7MVR-TP46H-9Q97G-XBXRB
Visual Studio 2010201010.0Professional/Ultimate (built-in or below):
  • YCFHQ-9DWCY-DKV88-T2TMH-G7BHP
Visual Studio 200820079.0Express: Not required
Professional:
  • XMQ2Y-4T3V6-XJ48Y-D3K2V-6C4WT
  • WPX3J-BXC3W-BPYWP-PJ8CM-F7M8T
  • PYHYP-WXB3B-B2CCM-V9DX9-VDY8T
  • WPDW8-M962C-VJX9M-HQB4Q-JVTDM
Visual Studio 200520058.0Express: Not required
Standard: Not required
Professional:
  • KGR3T-F2C26-RRTGT-D6DQT-QBBB3
Visual Studio 6.019986.0
  • 111-1111111
  • 0123456789
  • 1234567890

Introduction to Poetry

I ask them to take a poem
and hold it up to the light
like a color slide
                  
or press an ear against its hive.
                
I say drop a mouse into a poem
and watch him probe his way out,
or walk inside the poem's room
and feel the walls for a light switch.
                  
I want them to waterski
across the surface of a poem
waving at the author's name on the shore.
                 
But all they want to do
is tie the poem to a chair with rope
and torture a confession out of it.
                 
They begin beating it with a hose
to find out what it really means.
—Billy Collins
src:http://www.loc.gov/poetry/180/001.html
change /001-180 to read other poems

The Summer Day

The Summer Day

Who made the world?
Who made the swan, and the black bear?
Who made the grasshopper?
This grasshopper, I mean-
the one who has flung herself out of the grass,
the one who is eating sugar out of my hand,
who is moving her jaws back and forth instead of up and down-
who is gazing around with her enormous and complicated eyes.
Now she lifts her pale forearms and thoroughly washes her face.
Now she snaps her wings open, and floats away.
I don't know exactly what a prayer is.
I do know how to pay attention, how to fall down
into the grass, how to kneel down in the grass,
how to be idle and blessed, how to stroll through the fields,
which is what I have been doing all day.
Tell me, what else should I have done?
Doesn't everything die at last, and too soon?
Tell me, what is it you plan to do
with your one wild and precious life?
—Mary Oliver



source =http://www.loc.gov/poetry/180/133.html

wifi driver rtl8192 fix ubuntu

First step

You need to get a few things installed. Those are:
  kernel headers
  build tools (gcc, make, etc)
  dkms
  git

You can obtain them by executing following commands:

For Debian/Ubuntu (and other systems equipped with apt tool)

apt-get install --reinstall linux-headers-$(uname -r) linux-headers-generic build-essential dkms git

For Fedora (and other systems equipped with yum tool)

yum install kernel-devel gcc dkms git

For Fedora versions from 23 up, use the following command
dnf install kernel-devel gcc dkms git

Second step

Obtain the fixed drivers:

git clone https://github.com/pvaret/rtl8192cu-fixes.git

Third step

Build and install a DKMS module. Execute this command without leaving the current directory!

dkms add ./rtl8192cu-fixes && dkms install 8192cu/1.10 && depmod -a

Fourth step

Block the native (and broken) drivers:

cp ./rtl8192cu-fixes/blacklist-native-rtl8192.conf /etc/modprobe.d/

Fifth step

The last step is to execute following command and enjoy your working WLAN!
may need reboot

modprobe 8192cu


src==https://adamscheller.com/systems-administration/rtl8192cu-fix-wifi/

vpn not use

United States, United Kingdom, Australia, New Zealand, Canada, Denmark, France, Netherlands, Norway, Belgium, Germany, Italy, Spain, Israel...