Mar. 1st, 2017

charisstoma: (Default)
 ruins of a Zoroastrian fire temple in Esfahan, Iran. Credit: aaabbbccc/Shutterstock
Ruins of a Zoroastrian fire temple in Esfahan, Iran.
Credit: aaabbbccc/Shutterstock

Followers of Zoroastrianism, one of the world's oldest active religions, believe in an epic struggle between good and evil; they worship in temples where fires burn as symbols of divine light.
charisstoma: (Default)

It was the same temperature in Cairo and Antarctica today
3:44 p.m. ET

Jeff J Mitchell/Getty Images
If you're reading this from Antarctica, you're going to want to take off your coat. You'll probably want to change into a t-shirt and shorts, too. Heck, don a pair of flip-flops while you're at it — it's a sweltering 63.5 degrees Fahrenheit on the planet's southernmost continent today, Reuters reports.

To put that in perspective: At the time of publication, it is the same temperature in Cairo, Egypt.

Antarctica's record temperature was recorded at an Argentine research base, which sits at the northern tip of the continent's peninsula. The heat record for anywhere south of 60 degrees latitude is 67.6 degrees, recorded Jan. 30, 1982, on Signy Island in the southern Atlantic Ocean. The warmest it's ever been on the Antarctic plateau above 8,202 feet is 19 degrees, in 1980.

Antarctica more often sets the other kind of record: The coldest temperature n Earth was 128.6 degrees below zero, recorded at Vostok station in central Antarctica in 1983. Jeva Lange


Mar. 1st, 2017 10:15 pm
charisstoma: (default)
Here's What You Need to Know About the Massive 'Cloudbleed' Data Breach
Now's a good time to change some passwords.

A huge data breach that may have exposed users' private information and log-in details for thousands of websites was uncovered last week, in what looks to be the most significant internet leak of 2017 so far.

Dubbed 'Cloudbleed' in reference to the notorious 'Heartbleed' breach in 2014, the leak stems from a bug found in code operated by web infrastructure company Cloudflare, which provides security and hosting services for thousands of major internet sites.

Some of these clients are big-name web companies – including Uber, Yelp, Fitbit, and OkCupid – and due to a tiny but significant error in some of Cloudflare's code, sensitive user information from some of these sites was being randomly inserted into web pages when visited by other people.

"For example, you could have visited a page on, and a chunk of memory from a previous request/response to would be returned," security consultant Andrew Tierney from UK-based Pen Test Partners told Forbes.

"This sensitive data could have been returned to anyone. There was no need to carry out an active attack to obtain the data – my mum may have someone else's passwords stored in her browser cache just by visiting another Cloudflare-fronted site."

The leak was discovered on February 17 by security researcher Tavis Ormandy from Google's Project Zero bug-hunting team, who was sifting through publicly available website data to look for any errors in the code.

"It's not unusual to find garbage, corrupt data, mislabeled data, or just crazy non-conforming data… but the format of the data this time was confusing," Ormandy explained in a blog post detailing the issue.

"In fact, the data was bizarre enough that some colleagues around the Project Zero office even got intrigued."

What they found was evidence of snippets from user sessions on Cloudflare-hosted sites being randomly grabbed and replicated on other Cloudflare sites, including things like encryption keys, cookies, passwords, and other potentially sensitive information.

"I didn't realise how much of the internet was sitting behind a Cloudflare CDN [content delivery network] until this incident," Ormandy said on February 19.

"The examples we're finding are so bad… I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings."

Ormandy reached out to Cloudflare, which assembled an international team of engineers to fix the problem, and who were able to stop the bug in less than 7 hours.

It's great that the parsing error is no more, but that's not the end of the problem.

The leakage may have actually been active from as far back as 22 September 2016 – almost five months before Ormandy found it – and there's no way of knowing how many people's sensitive information was exposed in that time.

In a blog post last week, Cloudflare CTO John Graham-Cumming explained that they hadn't detected any malicious activity resulting from the bug, but with nearly five months of exposed data in the wild, it's difficult to say how many user credentials may have been leaked.

Adding to the problem, any exposed data could have been cached by search engine bots that index website code, meaning sensitive information could have been replicated far and wide, opening up even greater access to it.

According to Cloudflare, the peak of the bug occurred between February 13 and February 18, with around one in every 3,300,000 HTTP Cloudflare requests potentially resulting in data leakage.

That might sound like pretty good odds, but given the potential length of the leak – and that private data may have been cached elsewhere on the internet – now might not be a bad time to change some passwords if you think you may have been compromised.

While there isn't an official list of affected services, a huge number of notable sites were exposed, including Uber, Yelp, Fitbit, OkCupid, the Pirate Bay,, Feedly, 4chan, and many more.

You can search here to see if sites and services you use are on Cloudflare, and there's also an unofficial listing of the more than 4 million sites that could be affected here.

While the overall level risk to any particular user is probably very low, a lot of personal data could have been leaked here, so it's a good idea to change your passwords for any potentially compromised sites.

"Cloudflare has said the actual impact is relatively minor, so I believe only limited amounts of information were actually disseminated," security researcher and former Cloudflare employee Ryan Lackey wrote in a blog post.

"Regardless, unless it can be shown conclusively that your data was NOT compromised, it would be prudent to consider the possibility it has been compromised."

Of course, to minimise the potential risk of similar breaches (inevitably) happening in the future, make sure you don't use the same password across multiple sites.

Since it's impossible to remember a huge number of passwords – given how many digital services we all uses these days – consider a password manager like LastPass or 1Password.

Another good idea is to make sure you enable two-factor authentication on services that support it, which can protect your accounts even if your passwords do get out.
charisstoma: (default)
Accused of having an incorrect visa, Mem Fox detained by immigration officials at LA airport
DEBORAH BOGLE, Books Editor, The Advertiser
February 22, 2017 9:33pm

AUSTRALIA’S best-loved children’s author, Mem Fox, was left sobbing and shaken after being detained for two hours and aggressively interrogated by immigration officials at Los Angeles airport.

Fox says she’s unlikely to ever travel to the United States again after being made to feel like “a prisoner at Guantanamo Bay”.

President Donald Trump had created the climate for this sort of behaviour, she said, adding: “This is what happens when extremists take power.”

Mem Fox. Picture: Matt Turner
En route to Milwaukee for a conference on February 9, where she was to deliver the opening keynote address at a literacy conference, Fox was ushered into an airport holding room and told she was travelling on the wrong visa. This was incorrect and the US Embassy in Canberra has since apologised. Fox, 70, said that by the time she checked in to her hotel she was shaking and sobbing.

“I am old and white, innocent and educated, and I speak English fluently,” she said. “Imagine what happened to the others in the room, including an old Iranian woman in her 80s, in a wheelchair.

“The way I was treated would have made any decent American shocked to the core, because that’s not America as a whole, it really isn’t. It’s just that people have been given permission to let rip in a fashion that is alarming.”

The irony that the two most popular of her more than 25 books published in the US, Ten Little Fingers and Ten Little Toes and Whoever You Are, are both about diversity, was not lost on her. Nor was the fact that the theme of the conference she was attending was inclusivity and diversity.

Fox has visited the US more than 100 times since 1985, and is widely known there as an author and literacy educator.

After returning to Adelaide, she made a complaint to the US Embassy in Canberra, and received an emailed apology. An embassy spokeswoman told The Advertiser consular cases were not discussed with the media for privacy reasons.

Her experience has confirmed in Fox the importance of her new book, I’m Australian Too, about multiculturalism, illustrated by an Indian-born Australian, Ronojoy Ghosh. Fox wrote the book in late 2014 in response to what she saw as a rising tide of antagonism towards immigrants and refugees. “And it’s got worse since then,” she said. “I just feel that the hate speech that is going on is trying to change that aspect of our national character and it would be heartbreaking if that happened.”

Originally published as Mem detained in Trump’s America


charisstoma: (Default)

September 2017

      1 2
345678 9
1011 1213 1415 16
1718 19 20212223

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 21st, 2017 04:02 pm
Powered by Dreamwidth Studios