Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Evernote tries to recover from DDoS attack on its servers

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

June 11, 2014

Click here to order the best dedicated server and at a great price.

Mobile and online note taking application Evernote is trying as best as it can to recover from a DDoS (distributed denial of service attack) that took its service offline for several hours last evening.

The company was hit by the DDoS attack from around 10.45 PM last night, leaving folks unable to access their notes in the cloud or sync their files from one device to another.

The company said a few hours ago on Twitter that the service was back up and running, but warned its millions of users that there may still be some hiccups in its system over the next 24 hours or so.

However, the attack wasn't the first cyber issue for Evernote. Early in 2013, the firm was forced to implement a service-wide password reset after hackers managed to access user information.

The security breach affected user IDs, email addresses and passwords, although luckily passwords had been stored in hashes rather than plaintext.

Still, Evernote got its users to change their login credentials just in case the hackers managed to crack the encryption.

In other internet security news

The overall development of the fourth generation of PCI Express – unsurprisingly called PCIe 4.0 – is moving along nicely, but don't expect the final specification to be completed until at least the middle part of 2016.

That's the bad news. The good news is that moving up to the new 16 giga transfers-per-second standard – intended for such data-hungry applications as high-speed Ethernet and InfiniBand, plus HPC and high-end storage – promises to be a smoother transition than was the bump from PCIe 2.0 to PCIe 3.0 a while back.

"No funny encoding changes this time around, nothing new-– it's basically a straight-up 16-gig," PCI-SIG marketing workgroup chair Ramin Neshati told reporters at his organization's developers conference last week in Santa Clara, California.

"It's mostly a PHY evolutionary play at this point," Neshati added. "Very little in terms of protocol changes, very little in terms of link-level management changes. So, same equalization but no new back channel and all the various things that happened in PCI Express 3.0."

In keeping with the PCI-SIG's mandate, PCIe 4.0 will be fully backward compatible, both mechanically and electronically, and will require essentially the same amount of power as its predecessor.

As the PCI-SIG's president and chairman Al Yanes told us "compatibility is our bread and butter." You will, for example, be able to plug a PCIe 1.0 device into a PCIe 4.0 connector – and vice versa – and the system will detect and negotiate down to the lowest common denominator.

Backwards compatibility is an investment-saver, and the PCI-SIG is all about keeping costs down. For example, the doubling of the link bandwidth from PCIe's 8GT/sec won't require any exotic materials, Neshati said.

In keeping with the PCI-SIG's commitment to low-cost, high-volume deployments, PCIe 4.0 PHYs will still be fabricated using FR-4 glass epoxy electrical insulator as their foundation.

It's even possible to go faster than 16GT/sec – but not faster while remaining inexpensive, Neshati added.

"The technology's out there to go on copper to 32 gigs with short channels – maybe even higher. We are all about low-cost constrained environments. That's what we are targeting."

Speaking of short channels, PCIe 4.0 will operate over distances around half the length of a traditional server's 20-inch data paths. "The length – the channel run – for PCI Express 4.0 is targeted at 10 to 12 inches," Neshati said, "because at these rates with low-cost FR-4, you cannot drive a signal at 20 inches through two connectors."

That 20-inch run can be achieved – you'll just have to add a repeater in the middle of two 10-inch runs. "And guess what?" Neshati said. "We are already defining a retiming device spec – it's called a PCI Express retimer or retiming device. It came back from member review, and it's looking very healthy, and it should be published very soon."

And that mention of "member review" brings us back to why PCIe 4.0 devices are not likely to appear until the middle part of 2016.

As of today, the specification is at Rev 0.3, and Neshati told us that "0.3 of the PCIe 4.0, surprisingly, is a lot more detailed than 0.3 of PCI Express 3.0." With that solid foundation, Rev 0.5 is expected in the second half of this year.

However, there will need to be a lot of back-and-forth debate among the PCI-SIG and its member companies-- studies have to be done, experiments need to be run, simulations need to be conducted – if you've ever witnessed a standard being developed, you know how it's done.

"One company comes in and says, 'I ran these sims and I saw this and I saw that'," Neshati gave as an example. "Another company comes in and says, 'I ran the same sims and I saw this other thing.' Then you need to sit down and figure out who did pseudoscience and who did real science. All of that needs to get debated and vetted. It's a long process."

And after the specification gets to Rev 0.7, there's another issue to be contemplated-- an actual implementation, not just a simulation. "Between 0.7 and 0.9 we typically require some data – some test-chip data," Neshati said.

"Some company needs to come in and say, 'You know that 0.7? I actually implemented that and I saw this. And so you know all those parameters that you defined? I'm not seeing the same values here.' So then we have to debate, and discuss, and fine-tune," he added.

But actual physical testing of an actual physical chip before the spec goes final, Neshati said, not only ensures that all will work as promised, it also levels the playing field between those companies with deep pockets.

"I think 'big data' will like this more than others," Neshati said, "but you can go wide and speed for big data, and you can go narrow – like by-one – and speed for other client-like applications. Storage, graphics, whatever, can benefit from Gen 4."

"Graphics can surprisingly go with gen-3 for a long time," Neshati said, but added that if you want to narrow the number of lanes on a graphics card – perhaps simply to save money or to cluster a few cards onto the same multi-lane channel for an HPC installation – PCIe 4.0 can and will help.

You'll just need to wait for that help for a couple of years. But as Neshati assured us, "We're not holding things up for no reason. There's actual science going on. There's actual physics going on."

In other internet security news

The hacking and activist group Anonymous says it's currently threatening World Cup sponsors as its next hacking target.

Hacker 'Che Commodore' made the threat in solidarity with real-world protestors in Brazil who are enraged that funds are being funnelled into building white elephant stadiums for the soccer's showpiece event rather than much needed improvement to local infrastructure and transport systems.

"We have already conducted late-night tests to see which of the sites are more vulnerable," Commodore said. "We have a plan of attack, and we will attack."

"This time we are targeting the sponsors of the World Cup," he added in a Skype conversation from an undisclosed location in Brazil with the news agency. The hacker named potential targets as Adidas, the UA Emirates airline, Coca-Cola and Budweiser.

We suspect that 'Che Commodore' and a self-identified member of the Anonymous Brazil section are one in the same.

They are certainly fellow travellers because @CheCommodore links to an English language #OpHackingCup video by Anonymous.

Additionally, Jason Hart, vice president of cloud solutions at SafeNet, said that businesses, consumers and broadcasters will all be subjected to security threats of one type or another.

"This World Cup will be the most connected, technology-driven World Cup ever and therefore, will also be the subject of more hacks, security threats and data breaches than any sporting event since London 2012," Hart comments.

"Brazil’s ability to host a sporting event has been questioned and the readiness of its physical infrastructure, the IT and network infrastructure will also be tested to extreme degrees," he added.

Ashish Patel, regional director of network security at McAfee, suspects that cyber-saboteurs may already be at work.

Anonymous hackers may have been using stealth hacking tactics for weeks, laying malware traps in the sponsors' networks that can be triggered when the hacktivists decide to act.

"Anonymous’ threat towards World Cup sponsors is serious, and needs to be treated as such," Patel said.

The FIFA World Cup 2014 itself kicks off on June 12 Thursday with a game between Brazil and Croatia.

In other internet security news

Microsoft has reportedly left Windows 7 exposed by only applying patches to its newest operating systems, Windows 8.

Internet security researchers discovered the flaws after they scanned 900 Windows libraries and uncovered a variety of security functions that were updated in Windows 8 but not in Windows 7.

They said that the shortcoming could lead to the discovery of zero day security vulnerabilities.

The missing safe functions were part of Microsoft's dedicated libraries intsafe.h and strsafe.h that help developers combat various attacks.

Researcher Moti Joseph speculated that Microsoft had not applied the fixes to Windows 7 to save money.

"Why is it that Microsoft inserted a safe function into Windows 8 but not Windows 7? The answer is money-- Microsoft does not want to waste development time on older operating systems and they want people to move to higher operating systems," Joseph said in a presentation at the Troopers 2014 Conference.

Microsoft has been contacted for comment, and we are still waiting to hear from the company. Together with malware analyst Marion Marschalek, the two researchers developed a capable tool dubbed DiffRay which would compare Windows 8 with 7, and log any safe functions absent in the older platform.

"It was scary simple, Marschalek said, and it was also faster than finding security vulnerabilities by hand," he added.

Security technicians could then probe those functions to identify the vulnerabilities and various exploits that could be done by potential hackers.

In a demonstration of DiffRay, the researchers found four missing safe functions in Windows 7 that also were present in 8.

"If we get one zero-day from this project, it's worth it," Joseph said. Future work will extend DiffRay's capabilities to find potential security vulnerabilities in Windows 8.1, add intelligence to trace input values for various functions and then incorporate even more intelligent signatures used to find potential security flaws. Duplicates and abundant false positives in the current version would also be ironed out.

In other internet security news

Microsoft said earlier today that it's planning to deliver at least seven security updates June 10 in its scheduled Patch Tuesday update next week.

Microsoft has posted its advance notification for the upcoming security release, which it said will consist of two critical security bulletins and five others rated as important.

According to the software giant, the critical update will address a pair of remote code execution flaws and will be considered a top deployment priority for Windows, Windows Server, Internet Explorer, Office, and Lync.

The first bulletin addresses critical security issues in Internet Explorer, while the second addresses one or more flaws in Microsoft Office and Lync (excluding Lync Server).

As is usually the case, Microsoft does not post specific details on the security vulnerabilities until after the patches have been released.

All currently supported versions of both client-side Windows and Windows Server will receive at least one bulletin rated as critical, although the Internet Explorer bulletin is considered a lower priority on Server systems where the browser is less likely to be accessible to an attacker.

Users and system administrators running Windows Vista, Windows 7, 8, 8.1, and Windows RT should consider both bulletins critical fixes and top priorities for testing and deployment.

As usual, both patches will require a reboot after their installation. The five remaining bulletins will include security bug fixes for one or more remote code execution vulnerabilities in Office, an information disclosure flaw in Windows, information disclosure issues in Lync Server, a denial of service fix for Windows, and finally, what Microsoft described as a "tampering" vulnerability in Windows.

Microsoft said that it will post the June security updates on Tuesday, June 10 at approximately 10:00 PDT. Users who have automatic updates enabled will receive the security releases directly.

However, not listed in the update is Windows XP. Microsoft has ended security update support for that version of the OS, despite it's still running on more than 27.5 percent of all PCs.

While users in Germany have come with an expensive registry hack to keep XP systems receiving updates, most users would probably be better served updating their systems and getting the additional security protections of Windows 7, which has been around since October 2009.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: Evernote.

Click here to order the best dedicated server and at a great price.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Click here to order our special clearance dedicated servers.

Get your Linux or Windows dedicated server today.

Click here to order our special clearance dedicated servers.