<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Open Discussions &#8211; M.A.S. Electronics&#039; Blog</title>
	<atom:link href="https://blog.maselectronics.com/category/open/feed/" rel="self" type="application/rss+xml" />
	<link>https://blog.maselectronics.com</link>
	<description>A Great Place To Share Technical Ideas.</description>
	<lastBuildDate>Sat, 29 Apr 2017 15:09:10 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>
	<item>
		<title>Did You Know &#8211; They Are Recording Everything Now</title>
		<link>https://blog.maselectronics.com/did-you-know-they-are-recording-everything-now/</link>
					<comments>https://blog.maselectronics.com/did-you-know-they-are-recording-everything-now/#respond</comments>
		
		<dc:creator><![CDATA[mmessier]]></dc:creator>
		<pubDate>Sat, 29 Apr 2017 15:06:03 +0000</pubDate>
				<category><![CDATA[Open Discussions]]></category>
		<guid isPermaLink="false">https://blog.maselectronics.com/?p=5386</guid>

					<description><![CDATA[They Even Know Whats In This Post! If you don&#8217;t already know, the governments and ISP&#8217;s around the world are tightening their grasp and monitoring everything. The Trump administration just revoked the Internet Privacy act so now all the ISP&#8217;s can and are recording everything you do online.   They are logging everything, they are recording your Social Security Number, your health details, financial information as well as your browsing data and the contents of your emails! This is not...<p class="read-more"><a class="btn btn-default" href="https://blog.maselectronics.com/did-you-know-they-are-recording-everything-now/"> Read More<span class="screen-reader-text">  Read More</span></a></p>]]></description>
										<content:encoded><![CDATA[<table id="yui_3_16_0_ym19_1_1493477802031_2431" class="yiv4462942391wrapper" border="0" width="555" cellspacing="0" cellpadding="0" align="center" bgcolor="#ffffff">
<tbody id="yui_3_16_0_ym19_1_1493477802031_2430">
<tr id="yui_3_16_0_ym19_1_1493477802031_2461">
<td id="yui_3_16_0_ym19_1_1493477802031_2460" align="left" valign="top">
<table id="yui_3_16_0_ym19_1_1493477802031_2459" border="0" width="100%" cellspacing="0" cellpadding="0" align="center">
<tbody id="yui_3_16_0_ym19_1_1493477802031_2458">
<tr id="yui_3_16_0_ym19_1_1493477802031_2457">
<td id="yui_3_16_0_ym19_1_1493477802031_2456" class="yiv4462942391lh-1" align="left" valign="top">
<div id="yui_3_16_0_ym19_1_1493477802031_2455"><span id="yui_3_16_0_ym19_1_1493477802031_2454">They Even Know Whats In This Post!</span></div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr id="yui_3_16_0_ym19_1_1493477802031_2483">
<td id="yui_3_16_0_ym19_1_1493477802031_2482" align="left" valign="top">
<table id="yui_3_16_0_ym19_1_1493477802031_2481" border="0" width="100%" cellspacing="0" cellpadding="0" align="center">
<tbody id="yui_3_16_0_ym19_1_1493477802031_2480">
<tr id="yui_3_16_0_ym19_1_1493477802031_2479">
<td id="yui_3_16_0_ym19_1_1493477802031_2478" class="yiv4462942391lh-1" align="left" valign="top">
<div id="yui_3_16_0_ym19_1_1493477802031_2477">
<div id="yui_3_16_0_ym19_1_1493477802031_2476"><span id="yui_3_16_0_ym19_1_1493477802031_2475">If you don&#8217;t already know, the governments and ISP&#8217;s around the world are tightening their grasp and monitoring everything.<a href="http://affiliate.vpnpartner.com/a.php?id=294_3_1_76"><img fetchpriority="high" decoding="async" class="alignright wp-image-5388 size-full" src="https://blog.maselectronics.com/wp-content/uploads/2017/04/02-anon-1.png" alt="" width="160" height="600" srcset="https://blog.maselectronics.com/wp-content/uploads/2017/04/02-anon-1.png 160w, https://blog.maselectronics.com/wp-content/uploads/2017/04/02-anon-1-80x300.png 80w" sizes="(max-width: 160px) 100vw, 160px" /></a></span></div>
<div id="yui_3_16_0_ym19_1_1493477802031_2484"></div>
<div id="yui_3_16_0_ym19_1_1493477802031_2514"><span id="yui_3_16_0_ym19_1_1493477802031_2513">The Trump administration just <a title="" href="http://app.getresponse.com/click.html?x=a62b&amp;lc=44Dsw&amp;mc=JC&amp;s=iOxKT8&amp;u=B21e&amp;y=0&amp;" target="_blank" rel="nofollow noopener noreferrer">revoked the Internet Privacy act</a> so now all the ISP&#8217;s can and are recording everything you do online.  </span></div>
</div>
<div id="yui_3_16_0_ym19_1_1493477802031_2512"></div>
<div id="yui_3_16_0_ym19_1_1493477802031_2511"><span id="yui_3_16_0_ym19_1_1493477802031_2510">They are logging everything, they are recording your Social Security Number, your health details, financial information as well as your browsing data and the contents of your emails!</span></div>
<div></div>
<div id="yui_3_16_0_ym19_1_1493477802031_2509"><span id="yui_3_16_0_ym19_1_1493477802031_2508">This is not just limited to the USA. Australia, UK, Netherlands, France, Germany, heck the entire EU, Asia and most of the middle East have already done this.</span></div>
<div id="yui_3_16_0_ym19_1_1493477802031_2506"><span id="yui_3_16_0_ym19_1_1493477802031_2507"> </span></div>
<div id="yui_3_16_0_ym19_1_1493477802031_2486"><span id="yui_3_16_0_ym19_1_1493477802031_2485">You can get busted for things you do now, years in the future since it is all recorded and stored.</span></div>
<div id="yui_3_16_0_ym19_1_1493477802031_2489"></div>
<div id="yui_3_16_0_ym19_1_1493477802031_2488"><span id="yui_3_16_0_ym19_1_1493477802031_2487">Be vigilant with your online anonymity my friends. You should be doing the following</span></div>
<div id="yui_3_16_0_ym19_1_1493477802031_2493">
<ol id="yui_3_16_0_ym19_1_1493477802031_2492">
<li id="yui_3_16_0_ym19_1_1493477802031_2491"><span id="yui_3_16_0_ym19_1_1493477802031_2490">Always use a VPN. <a id="yui_3_16_0_ym19_1_1493477802031_2494" title="" href="http://app.getresponse.com/click.html?x=a62b&amp;lc=44D1T&amp;mc=JC&amp;s=iOxKT8&amp;u=B21e&amp;y=a&amp;" target="_blank" rel="nofollow noopener noreferrer">Get one here</a><br />
</span></li>
<li id="yui_3_16_0_ym19_1_1493477802031_2496"><span id="yui_3_16_0_ym19_1_1493477802031_2495">Encrypt private emails using <a id="yui_3_16_0_ym19_1_1493477802031_2497" title="" href="http://app.getresponse.com/click.html?x=a62b&amp;lc=44D30&amp;mc=JC&amp;s=iOxKT8&amp;u=B21e&amp;y=P&amp;" target="_blank" rel="nofollow noopener noreferrer">PGP</a>. </span></li>
<li id="yui_3_16_0_ym19_1_1493477802031_2503"><span id="yui_3_16_0_ym19_1_1493477802031_2502">Don&#8217;t post shit on Reddit unless the account is linked to an anonymous email and your using a VPN.</span></li>
<li id="yui_3_16_0_ym19_1_1493477802031_2504"><span id="yui_3_16_0_ym19_1_1493477802031_2505">Mix your bitcoins.</span></li>
</ol>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
]]></content:encoded>
					
					<wfw:commentRss>https://blog.maselectronics.com/did-you-know-they-are-recording-everything-now/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Your internet history is now for sale !</title>
		<link>https://blog.maselectronics.com/your-internet-history-is-now-for-sale/</link>
					<comments>https://blog.maselectronics.com/your-internet-history-is-now-for-sale/#respond</comments>
		
		<dc:creator><![CDATA[mmessier]]></dc:creator>
		<pubDate>Thu, 30 Mar 2017 13:17:11 +0000</pubDate>
				<category><![CDATA[Open Discussions]]></category>
		<guid isPermaLink="false">https://blog.maselectronics.com/?p=5368</guid>

					<description><![CDATA[Everyone, even people who aren&#8217;t skilled with computers, knows that browsing the web comes with certain privacy risks. The sites you visit, what you do while you&#8217;re there, where you&#8217;re physically located, and which internet-connected apps you use are all broadcast to your internet service provider (ISP). In October 2016 the FCC approved rules that would prevent ISPs from gathering that data and reselling it without consumer consent, and yesterday the US House of Representatives overturned those rules, The bill...<p class="read-more"><a class="btn btn-default" href="https://blog.maselectronics.com/your-internet-history-is-now-for-sale/"> Read More<span class="screen-reader-text">  Read More</span></a></p>]]></description>
										<content:encoded><![CDATA[<p>Everyone, even people who aren&#8217;t skilled with computers, knows that browsing the web comes with certain privacy risks. The sites you visit, what you do while you&#8217;re there, where you&#8217;re physically located, and which internet-connected apps you use are all broadcast to your internet service provider (ISP).</p>
<p>In October 2016 the FCC approved rules that would prevent ISPs from gathering that data and reselling it without consumer consent, and yesterday the US House of Representatives overturned those rules, The bill is now headed to the White House, where President Trump is expected to sign it.</p>
<p>Internet users are right to be concerned: Without those restrictions in place, everything you do on the web can be tracked, collected, stored, and sold without your permission. That isn&#8217;t just a problem for those tired of intrusive advertisements—it&#8217;s also a potential treasure trove for hackers.</p>
<h2>It can&#8217;t be that big a deal, right?</h2>
<p>Every time you open a browser window—incognito or not—your ISP knows what you&#8217;re doing. Each web request you make first goes through your ISP, giving them a record of every site you visit.</p>
<p>So, if you visit WebMD they know it. And if you navigate to the page on (insert embarrassing medical condition here) they know it. Suddenly you start seeing ads for creams, tinctures, and pills designed to treat that embarrassing condition everywhere you go, and guess what? It&#8217;s not a coincidence and it made someone money.</p>
<p>It&#8217;s alarming to think that your ISP is using your browsing history as a means to make more money, and it&#8217;s even more alarming to think what could happen to that data in the case of a data breach. Those advertisers just want to sell you embarrassing creams. Hackers want to trade your data for cases of the stuff.</p>
<h2>It&#8217;s easy to protect data on the web, right?</h2>
<p>Browsing the web is a lot like going out in public: There are certain things you simply can&#8217;t do without someone noticing. In this case the entity noticing is your ISP, and the things they notice are worth big dollars to other companies.</p>
<p>The most common method of anonymizing browsing habits is using a browser&#8217;s incognito mode, but that really isn&#8217;t hiding anything: All it does is prevent the computer you&#8217;re using from storing data-the traffic to and from your computer is fair game for anyone looking.</p>
<p>Ad blockers, script stoppers, and other plugins only protect your embarrassing browsing history from your friends and family. Your ISP still has access to everything you do. True protecting is difficult and comes with drawbacks but it is still possible.</p>
<h2>How to protect yourself from the prying eyes of your ISP</h2>
<p>There are a lot of reasons to want to anonymize your presence on the web, and not all of them are nefarious or illicit. If you want to stop your ISP from potentially selling your personal info here are a few things you can do.</p>
<ol>
<li><strong>Use ToR:</strong> There are many articles on Tor Browser and for good reason, it works. That doesn&#8217;t mean it&#8217;s easy to set up or get used to, though. One more reason not to rely on ToR for daily browsing is that <a href="https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor">lots of websites block ToR traffic</a> because it&#8217;s impossible to monetize.</li>
<li><strong>Use a VPN:</strong> Virtual private networks are sort of like ToR, in that they relay your traffic through a bunch of servers before spitting you out at your destination. The free ones aren&#8217;t that good, however, and the good ones are far from free. Expect slower browsing speeds too: All that rerouting takes precious milliseconds.</li>
<li><strong>Consider local ISPs:</strong> Some of the biggest lobbyists for the repeal of regulations protecting consumer data are ISPs like Comcast and Verizon—they stand to make billions in targeted ad deals. Some small-scale local ISPs have said they won&#8217;t collect or sell data, so take a look at them if you&#8217;re looking for a new provider.</li>
<li><strong>Research:</strong> If you&#8217;re curious about your ISP&#8217;s position on data gathering look into it. Call, email, or check out their website and if you don&#8217;t find an explicit statement saying they don&#8217;t collect or sell data it&#8217;s safe to assume they will.</li>
</ol>
<p>The safest way to browse the web is, unfortunately, not to do it. In today&#8217;s age that&#8217;s practically impossible, so until internet traffic is safe you&#8217;re going to be hard pressed to find easy ways to protect yourself.</p>
<h2>The three things you should consider:</h2>
<ol>
<li>The US House and Senate have both voted in favor of repealing regulations that prevent ISPs from recording and selling web browsing data and other personal customer information.</li>
<li>That information is sold to companies for targeted ad creation, but it could also be stolen by hackers.</li>
<li>Anonymizing your presence on the web and protecting your personal information is tough, but it can be done through the use of ToR, VPNs, and good research.</li>
</ol>
]]></content:encoded>
					
					<wfw:commentRss>https://blog.maselectronics.com/your-internet-history-is-now-for-sale/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Phishing gets more dangerous for 2016</title>
		<link>https://blog.maselectronics.com/phishing-gets-more-dangerous-for-2016/</link>
					<comments>https://blog.maselectronics.com/phishing-gets-more-dangerous-for-2016/#respond</comments>
		
		<dc:creator><![CDATA[mmessier]]></dc:creator>
		<pubDate>Tue, 29 Mar 2016 15:51:14 +0000</pubDate>
				<category><![CDATA[Open Discussions]]></category>
		<guid isPermaLink="false">http://blog.maselectronics.com/?p=5316</guid>

					<description><![CDATA[In January, Wombat Security Technologies released its 2016 State of the Phish report, detailing the current phishing landscape. The research report found that, while these phishing attacks are growing in sheer number, they are also growing in their complexity based on the practices used to implement them. To most enterprise professionals, especially those working in IT, it&#8217;s understood that phishing is still a common threat. However, 85% of those surveyed for this report said that they had been the victim...<p class="read-more"><a class="btn btn-default" href="https://blog.maselectronics.com/phishing-gets-more-dangerous-for-2016/"> Read More<span class="screen-reader-text">  Read More</span></a></p>]]></description>
										<content:encoded><![CDATA[<p>In January, Wombat Security Technologies released its 2016 State of the Phish report, detailing the current phishing landscape. The research report found that, while these phishing attacks are growing in sheer number, they are also growing in their complexity based on the practices used to implement them.</p>
<p>To most enterprise professionals, especially those working in IT, it&#8217;s understood that phishing is still a common threat. However, 85% of those surveyed for this report said that they had been the victim of a phishing attack in 2015, up 13% from the year prior. Additionally, 60% felt that the rate of phishing attacks had increased, on the whole.</p>
<p>Because of these attacks, 42% of those surveyed said they had suffered malware infections, while 22% suffered compromised accounts and 4% lost data. The most popular phishing campaigns were ones that employees expected to be in their inbox at work, like a document from HR. In fact, the report noted that an &#8220;urgent email password change request&#8221; had an average click rate of 28%. However, employees showed more caution with &#8220;consumer&#8221; emails for gift card offers or social network notifications.</p>
<p>The Wombat report also said that targeted phishing attacks, also known as &#8220;spear phishing&#8221; grew in 2015 as well. Of respondents, 67% reported experiencing spear phishing in 2015, up 22% from the year before. Compared to emails with no personalized present, emails with the employee&#8217;s first name had a click rate 19% higher, and those with an employee&#8217;s last name had a click rate of 17% higher.</p>
<p>So, which industries suffered the most? Telecommunications took the top spot with 24% click rate and professional services, which Wombat classified as consulting, law, and accounting, was a close second with a 23% click rate. Government came in third place with a 17% click rate for phishing attacks.</p>
<p>Plug-ins used by employees also increased the risk of attacks, due to the fact that many are often outdated. According to the report, here are the top four most outdated plug-ins:</p>
<ol>
<li>Adobe PDF (61%)</li>
<li>Adobe Flash (46%)</li>
<li>Microsoft Silverlight (27%)</li>
<li>Java (25%)</li>
</ol>
<p>To protect against attacks, 99% of respondent said they utilize email spam filters, 56% said they employed outbound proxy protection, 50% use advanced malware analysis, and 24% use URL wrapping. Additionally, 92% said they train their employees to recognize and avoid phishing.</p>
<p>Those familiar with the space will note that the report was previously put together by the company ThreatSim, who Wombat acquired late last year. This year&#8217;s report was compiled by both of the companies, who looked at millions of simulated phishing attacks sent through their platforms between October 1, 2014, and September 30, 2015.</p>
<p>The report also includes data gathered from a survey sent to Wombat&#8217;s list of security professionals (both customers and non-customers). While a specific number of responses wasn&#8217;t provided, the press release did mention that they received &#8220;several hundred responses.&#8221;</p>
<p>An <a href="http://info.wombatsecurity.com/cost-of-phishing" target="_blank">additional report</a> published by Wombat Security Technologies and The Ponemon Institute in 2015 put the total extrapolated cost of phishing at roughly $3.8 million for a 10,000 person company.</p>
<h2>Three big takeaways</h2>
<ol>
<li>Phishing continues to grow with 85% experiencing a phishing attack in 2015.</li>
<li>Phishing templates that look like a corporate email are more successful than those that look like consumer emails, and personalized emails get a higher click rate from employees.</li>
<li>Outdated plug-ins increase vulnerability to phishing, with the top culprits being PDF, Flash, Silverlight, and Java.</li>
</ol>
<p>What are your plans for dealing with phishing attacks?</p>
]]></content:encoded>
					
					<wfw:commentRss>https://blog.maselectronics.com/phishing-gets-more-dangerous-for-2016/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Expect massive spikes in global security threats for 2015</title>
		<link>https://blog.maselectronics.com/expect-massive-spikes-in-global-security-threats-for-2015/</link>
					<comments>https://blog.maselectronics.com/expect-massive-spikes-in-global-security-threats-for-2015/#respond</comments>
		
		<dc:creator><![CDATA[mmessier]]></dc:creator>
		<pubDate>Fri, 21 Nov 2014 12:10:07 +0000</pubDate>
				<category><![CDATA[Open Discussions]]></category>
		<guid isPermaLink="false">http://blog.maselectronics.com/?p=5212</guid>

					<description><![CDATA[Increases of global information security threats remain as much a certainty as death and taxes, at least according to the latest Information Security Survey from PWC. That report, which was published in October, highlights several troublesome trends and provides valuable information for those concerned with enterprise IT security. Nonetheless, interpreting the information delivered into applicable best practices remains a challenge for many IT security professionals. Especially those who will be assigned the task of keep their organizations from becoming one...<p class="read-more"><a class="btn btn-default" href="https://blog.maselectronics.com/expect-massive-spikes-in-global-security-threats-for-2015/"> Read More<span class="screen-reader-text">  Read More</span></a></p>]]></description>
										<content:encoded><![CDATA[<p>Increases of global information security threats remain as much a certainty as death and taxes, at least according to the latest <a href="http://www.pwc.com/gx/en/consulting-services/information-security-survey/assets/the-global-state-of-information-security-survey-2015.pdf">Information Security Survey from PWC</a>. That report, which was published in October, highlights several troublesome trends and provides valuable information for those concerned with enterprise IT security. Nonetheless, interpreting the information delivered into applicable best practices remains a challenge for many IT security professionals. Especially those who will be assigned the task of keep their organizations from becoming one of the latest statistics in the battle against cybercrime.</p>
<p>PWC rightly points out that cyber security has become a persistent business risk and that threats (both to the economy and intellectual property) are on the rise. The report goes on to identify some very troubling incidents, including:</p>
<ul>
<li>More than half (53%) of global securities exchanges have experienced a cyber attack (IOSCO Survey)</li>
<li>In South Korea, some 105 million payment card accounts were exposed in a security breach (Symantec Corp)</li>
<li>City officials in Verden, Germany announced the theft of 18 million email addresses, passwords and other information (TechWeek, Europe)</li>
<li>Cyber thieves stole more than $45 million from worldwide ATM accounts of two banks in the Middle East (CNet.com)</li>
</ul>
<p>While the above mentioned compromises prove to be just a small fraction of the security incidents that occurred in 2014, those incidents do reveal some of trends, namely that financial gain is a key motivator for attackers and that even the most secure organizations are still susceptible to threats, two realizations that should be game changers for those seeking to protect IT assets from cybercrime.</p>
<h2>Is the victim at fault?</h2>
<p>When it comes to cybercrime, the complacency of the victims is sometimes at fault. While that does not excuse the criminal nature of the attackers, it does highlight the need for organizations to be proactive in protecting their assets &#8211; after all, the law only comes into play after a crime has be committed, meaning that the numerous anti-cybercrime laws on the books hold little sway against determined cybercriminals.</p>
<p>In other words, organizations should be taking a defensive position and grid themselves for attack as inevitability and as not an exception to the rule. That ideology will prove to be a key factor in the paradigm shift needed to protect against the onslaught of attacks expected in 2015.</p>
<p>PwC is forecasting that global security incidents are on track to grow some 48% in 2015, which should strike a dissonant chord with the majority of security professionals.</p>
<h2>Is risk management the answer?</h2>
<p>With the idea of a security paradigm shift on the table, today&#8217;s cyber-defenders should be thinking in different terms than just traditional security initiatives, shifting their focus towards an ideology of &#8220;cyber risk management&#8221;, which is being fueled by an initiative founded by the NIST.</p>
<p>The NIST has set forth a security framework (<a href="http://www.nist.gov/cyberframework/">NIST Cybersecurity Framework</a>) that stresses management over technology and highlights several best practices that should help organizations defend against the imminent threats posed by increasing cyber-attacks. While some of the elements of the framework fit under the realm of accepted best practices and common sense, there are other elements that encompass a sea-change on how organizations deal with cyber threats, namely in the core ideology of five concurrent and continues functions that provide a strategic view into the lifecycle of an organization&#8217;s management of cyber security risk. Those functions include:</p>
<ul>
<li>Identify: Build an institutional understanding of cybersecurity risk to organizational systems, assets, data and capabilities</li>
<li>Protect: Develop and implement the appropriate safeguards, prioritized through an organization&#8217;s risk management process, to ensure delivery of critical IT capabilities without compromises</li>
<li>Detect: Build the appropriate systems and policies to identify the occurrence of a cybersecurity event</li>
<li>Respond: Create and implement the appropriate activities, policies and events that must occur if a cyber-security event occurs</li>
<li>Recover: Develop and implement the appropriate activities, prioritized through the organization&#8217;s risk management process, to restore the capabilities or critical infrastructure services that were impaired through a cybersecurity event.</li>
</ul>
<p>While the NIST states that its methodologies and best practices are optional, the organization does make a strong case for those looking to benefit from a holistic approach to cyber security, and at the very least, sheds some light on what should be an important conversation within any business relying on cyber capabilities to conduct business.</p>
<p>Those charged with the management of enterprise cyber security must delve deeper into what makes up an enterprise&#8217;s cyber security ideology and make appropriate adjustments before disaster strikes.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://blog.maselectronics.com/expect-massive-spikes-in-global-security-threats-for-2015/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Net Neutrality: What It Is and Why You Should Care</title>
		<link>https://blog.maselectronics.com/net-neutrality-what-it-is-and-why-you-should-care/</link>
					<comments>https://blog.maselectronics.com/net-neutrality-what-it-is-and-why-you-should-care/#respond</comments>
		
		<dc:creator><![CDATA[mmessier]]></dc:creator>
		<pubDate>Thu, 22 May 2014 15:38:31 +0000</pubDate>
				<category><![CDATA[Open Discussions]]></category>
		<guid isPermaLink="false">http://blog.maselectronics.com/?p=5161</guid>

					<description><![CDATA[Net neutrality is in the news again, but if you’re like most people, you aren’t even totally sure what it is. With a recent U.S. Court of Appeals decision on Net neutrality poised to change the face of the Internet, it’s worth addressing what exactly Net neutrality is and what it means to the average Internet user. What Is Net Neutrality? Net neutrality is the proposition that all data traveling through the Internet should be treated equally by all Internet...<p class="read-more"><a class="btn btn-default" href="https://blog.maselectronics.com/net-neutrality-what-it-is-and-why-you-should-care/"> Read More<span class="screen-reader-text">  Read More</span></a></p>]]></description>
										<content:encoded><![CDATA[<p>Net neutrality is in the news again, but if you’re like most people, you aren’t even totally sure what it is. With a recent <a href="http://news.cnet.com/8301-1035_3-57617242-94/why-you-should-care-about-net-neutrality-faq/">U.S. Court of Appeals</a> decision on Net neutrality poised to change the face of the Internet, it’s worth addressing what exactly Net neutrality is and what it means to the average Internet user.</p>
<p><strong>What Is Net Neutrality?</strong></p>
<p>Net neutrality is the proposition that all data traveling through the Internet should be treated equally by all Internet service providers. This means that no company should be allowed to pay for premium access, nor should any company be penalized for failing to pay for premium access.</p>
<p>This principle was enshrined in the early days of the Internet when massive bandwidth hogs like Netflix or Hulu didn’t even exist, and that’s why some Internet service providers want to change the rules. For example, some Internet service providers might want the ability to slow downloading times for content providers that are also a competitor of theirs. Still, Net neutrality has remained the unofficial law of the land even in an era when two services (Netflix and YouTube) account for <a href="http://bgr.com/2013/11/11/netflix-youtube-bandwidth-consumption/">nearly half of all Internet traffic</a>.</p>
<p><strong>So What’s Changed?</strong></p>
<p>Three years ago, Verizon Communications filed a suit against the Federal Communications Commission regarding a 2010 ruling that required broadband services to uphold Net neutrality. Verizon argued that the FCC had no authority to regulate Internet traffic in this way. The recent federal court ruling found that the FCC does have the authority to regulate Internet traffic, but that the FCC based its ruling on a law that doesn’t apply to broadband providers. Last month the FCC announced it will not appeal the case. Instead, it plans to create a new set of Net neutrality rules.</p>
<p>What does this mean for you? Perhaps nothing &#8212; at least in the short term. You can continue to use the Internet as you always have and anticipate that your content will be served up by your ISP without discrimination. But in the long term, the impact is unclear. In theory, broadband providers could start charging heavy bandwidth users like Google or Netflix to use their services. It also means that you might be able to buy premium Internet access that delivers content from these providers faster, with less buffering &#8212; but this is the access you currently have without paying extra.</p>
<p>For now, it’s a game of wait and see. Or, if you feel passionately about preserving Net neutrality, you can find ways to take action through the <a href="http://www.savetheinternet.com/net-neutrality-101">Save the Internet</a> initiative spearheaded by Freepress.net.</p>
<h2>What is your thought?</h2>
]]></content:encoded>
					
					<wfw:commentRss>https://blog.maselectronics.com/net-neutrality-what-it-is-and-why-you-should-care/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Google app Word Lens is free</title>
		<link>https://blog.maselectronics.com/google-app-word-lens-is-free/</link>
					<comments>https://blog.maselectronics.com/google-app-word-lens-is-free/#respond</comments>
		
		<dc:creator><![CDATA[mmessier]]></dc:creator>
		<pubDate>Wed, 21 May 2014 15:13:32 +0000</pubDate>
				<category><![CDATA[Open Discussions]]></category>
		<guid isPermaLink="false">http://blog.maselectronics.com/?p=5147</guid>

					<description><![CDATA[Google has purchased Word Lens, an impressive app that translates foreign languages in real time using the iPhone and Android smartphone built-in camera. It&#8217;s now free for a limited time. Back in 2010, a company called Quest Visual debuted a little app called Word Lens. It scarcely seemed possible, but the app translated a number of different languages in real time using just the smartphone&#8217;s camera. When traveling in a foreign country, Word Lens users would simply hold the phone...<p class="read-more"><a class="btn btn-default" href="https://blog.maselectronics.com/google-app-word-lens-is-free/"> Read More<span class="screen-reader-text">  Read More</span></a></p>]]></description>
										<content:encoded><![CDATA[<p>Google has purchased Word Lens, an impressive app that translates foreign languages in real time using the iPhone and Android smartphone built-in camera. It&#8217;s now free for a limited time.</p>
<p>Back in 2010, a company called <a href="http://questvisual.com" target="_blank">Quest Visual</a> debuted a little app called Word Lens. It scarcely seemed possible, but the app translated a number of different languages in real time using just the smartphone&#8217;s camera. When traveling in a foreign country, Word Lens users would simply hold the phone up to a sign and the camera would immediately translate it.</p>
<p>Currently, users can translate between English and Portuguese, German, Italian, French, Russian, and Spanish.</p>
<p>It&#8217;s easy to see why Google would want to own it &#8212; its stated mission is to make all the world&#8217;s information searchable in any language &#8212; and <a href="https://translate.google.com" target="_blank">Google Translate</a> generally does this quite well, at least for web pages.</p>
<p>With Word Lens, iPhone users can translate the world. Apple even featured the app in its recent &#8220;<a href="http://www.apple.com/iphone-5s/powerful/" target="_blank">Powerful</a>&#8221; television ad for the iPhone 5s, and it&#8217;s obvious why.</p>
<p>Even better, it doesn&#8217;t require a connection to the internet, which is another benefit for business travelers.</p>
<p>Word Lens isn&#8217;t perfect. It has trouble with particularly stylized text or handwriting, and the translations will make occasional mistakes. However, most of the time, it will at least get the point across.</p>
<p>No financial terms on the acquisition, which was announced on Quest Visual&#8217;s website, were disclosed. Neither company shared details on what the future holds for Word Lens either, other than the website saying that the app and language packs would be &#8220;free to download for a limited time,&#8221; while the Quest Visual team transitions to Google. Individual language packs previously cost $3 each.</p>
<p>The app itself is <a href="https://itunes.apple.com/us/app/word-lens/id383463868" target="_blank">free to download from the App Store</a> for both the iPhone and iPad, and I couldn&#8217;t recommend it more highly. The translations are available via an in-app purchase, though they are currently free. It&#8217;s also available on the <a href="https://play.google.com/store/apps/details?id=com.questvisual.wordlens.demo" target="_blank">Google Play Store</a> for Android users.</p>
<p>Word Lens is truly one of the killer apps for mobile, and it should be a staple on every phone.</p>
<p>Because we don&#8217;t know how long Word Lens will remain on the stores, I recommend that you pick it up as soon as possible, particularly if you travel internationally.</p>
<p><a href="http://blog.maselectronics.com/wp-content/uploads/2014/05/quest-visual-52014.png"><img decoding="async" class="alignleft size-full wp-image-5148" src="http://blog.maselectronics.com/wp-content/uploads/2014/05/quest-visual-52014.png" alt="quest-visual-52014" width="620" height="484" srcset="https://blog.maselectronics.com/wp-content/uploads/2014/05/quest-visual-52014.png 620w, https://blog.maselectronics.com/wp-content/uploads/2014/05/quest-visual-52014-300x234.png 300w" sizes="(max-width: 620px) 100vw, 620px" /></a></p>
<p>&nbsp;</p>
]]></content:encoded>
					
					<wfw:commentRss>https://blog.maselectronics.com/google-app-word-lens-is-free/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Down to the last IPv4 addresses</title>
		<link>https://blog.maselectronics.com/down-to-its-last-ipv4-addresses/</link>
					<comments>https://blog.maselectronics.com/down-to-its-last-ipv4-addresses/#respond</comments>
		
		<dc:creator><![CDATA[mmessier]]></dc:creator>
		<pubDate>Fri, 25 Apr 2014 21:08:51 +0000</pubDate>
				<category><![CDATA[Open Discussions]]></category>
		<guid isPermaLink="false">http://blog.maselectronics.com/?p=5137</guid>

					<description><![CDATA[Is your company ready to start using IPv6 addresses for its Internet addresses? You&#8217;d better be. The American Registry for Internet Numbers (ARIN) is down to its last allotment of old-style IPv4 addresses and the clock is counting down. In an announcement, Leslie Nobile, Registration Services Director for ARIN which oversees the assigning of Internet addresses for Canada, the United States, and much of the Caribbean, said, &#8220;ARIN is down to its final /8 of available space in its inventory and...<p class="read-more"><a class="btn btn-default" href="https://blog.maselectronics.com/down-to-its-last-ipv4-addresses/"> Read More<span class="screen-reader-text">  Read More</span></a></p>]]></description>
										<content:encoded><![CDATA[<p>Is your company ready to start using IPv6 addresses for its Internet addresses? You&#8217;d better be. The <a href="https://www.arin.net" target="_blank">American Registry for Internet Numbers (ARIN)</a> is <a href="https://www.arin.net/announcements/2014/20140423.html" target="_blank">down to its last allotment of old-style IPv4 addresses</a> and the clock is counting down.</p>
<p>In an announcement, Leslie Nobile, Registration Services Director for ARIN which oversees the assigning of Internet addresses for Canada, the United States, and much of the Caribbean, said, &#8220;ARIN is down to its final /8 of available space in its inventory and has moved into Phase Four of its IPv4 Countdown Plan. All IPv4 requests are now subject to Countdown Plan processes, so please review the following details carefully.&#8221;</p>
<p>What that means is if your company needs IPv4 addresses, you&#8217;d better request them sooner than later.</p>
<p>Nobile explained, &#8220;All IPv4 requests will be processed on a &#8220;first in, first out&#8221; basis; all requests of any size will be subject to team review; and requests for /15 or larger will require department director approval. ARIN&#8217;s resource analysts will respond to tickets as they appear chronologically in the queue. Each ticket response is treated as an individual transaction, so the completion time of a single request may vary based on customer response times and the number of requests waiting in the queue. Because each correspondence will be processed in sequence, it is possible that response times may exceed our usual two-day turnaround.&#8221; For more details on the process see the <a href="https://www.arin.net/resources/request/countdown_phase4.html" target="_blank">ARIN IPv4 Countdown – Phase 4 page</a>.</p>
<p>Even now you may not be able to get all the addresses you want, Nobile wrote. ARIN may experience situations where it can no longer fulfill qualifying IPv4 requests due to a lack of inventory of the desired block size. At that time, the requester may opt to accept the largest available block size or they may ask to be placed on the <a href="https://www.arin.net/resources/request/waiting_list.html" target="_blank">Waiting List for Unmet Requests.</a>&#8221;</p>
<p>When asked, Owen DeLong, ARIN advisory board member and major IPv6 ISP <a href="http://he.net/" target="_blank">Hurricane Electric</a> director what this all means. He explained that &#8221; 1 /8 in the free pool&#8221; means that there are now less than 16.7-million IPv4 addresses left for North America.</p>
<p>DeLong went on to say, &#8220;It means IPv6 deployment is now more urgent than it was yesterday, as it has been each day since over a decade ago we first realized we were going to run out of IPv4 addresses.&#8221; Further, &#8220;It means we are still on track for ARIN to likely run out of IPv4 addresses in the free pool by the end of this year, or possibly even sooner.&#8221;</p>
<p>There is some good, albeit not that good, news on the ever-shrinking IPv4 address pool. <a href="http://www.incognito.com" target="_blank">Incognito Software</a>, a global provider of broadband device provisioning and IP address management found in its recent <a href="http://www.incognito.com/resources/ipv6-readiness-in-the-communication-service-provider-industry" target="_blank">IPv6 Readiness survey</a> of ISPs that while only a small percentage, 14 percent, of respondents are IPv6-ready, while 41 percent are midway in their transition to IPv6. However, &#8220;even fewer are offering IPv6 to their end-users, due in large part to challenges operators face with infrastructure upgrades, compatible device support, and customer education.&#8221; Nevertheless, &#8220;the survey found that three-quarters of respondents do recognize the importance of IPv6 and have begun planning for it within their organizations.&#8221;</p>
<p><a href="http://www.akamai.com/" target="_blank">Akamai</a>, the major content delivery network (CDN) provider, stated in its Fourth Quarter, 2013 State of the Internet Report, that while the United States and some European countries continue to lead the world in terms of IPv6 adoption, and the rate of adoption was increasing, even the country that&#8217;s taken to IPv6 the quickest, Switzerland, only has 9.3 percent of its traffic on IPv6. The Untied States, which ranks number five in the world, only uses IPv6 for 5.2 percent of its overall Internet traffic.</p>
<p>In short, we&#8217;re running out of old-school IPv4 addresses faster than ever and the need to move to IPv6 has never been more urgent.</p>
<p><strong>In Closing:</strong></p>
<p>ARIN, which oversees the Internet addresses for Canada, the United States, and much of the Caribbean, is down to its last few IPv4 addresses. Are you ready to convert to IPv6? You&#8217;d better be. The IPv4 clock is ticking.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://blog.maselectronics.com/down-to-its-last-ipv4-addresses/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Giving Windows away for free?</title>
		<link>https://blog.maselectronics.com/giving-windows-away-for-free/</link>
					<comments>https://blog.maselectronics.com/giving-windows-away-for-free/#respond</comments>
		
		<dc:creator><![CDATA[mmessier]]></dc:creator>
		<pubDate>Thu, 13 Feb 2014 16:27:50 +0000</pubDate>
				<category><![CDATA[Open Discussions]]></category>
		<guid isPermaLink="false">http://blog.maselectronics.com/?p=5127</guid>

					<description><![CDATA[Microsoft is hard at work on Windows 9, while pleading with users to make a switch off of the archaic Windows XP. One way Microsoft can reduce friction and improve the adoption rate of new versions of Windows is to simply make the operating system free. With less than two months left until Microsoft officially ends support for Windows XP, the operating system still has nearly a third of the desktop market, according to NetMarketShare. What if cost wasn’t a...<p class="read-more"><a class="btn btn-default" href="https://blog.maselectronics.com/giving-windows-away-for-free/"> Read More<span class="screen-reader-text">  Read More</span></a></p>]]></description>
										<content:encoded><![CDATA[<p>Microsoft is hard at work on Windows 9, while pleading with users to make a switch off of the archaic Windows XP. One way Microsoft can reduce friction and improve the adoption rate of new versions of Windows is to simply make the operating system free.</p>
<p>With less than two months left until Microsoft officially ends support for Windows XP, the operating system still has nearly a third of the desktop market, according to NetMarketShare.</p>
<h2>What if cost wasn’t a factor?</h2>
<p>The most common way for businesses and individuals to get a new operating system is by purchasing a new PC. There are many updates and patches developed for the OS over the years, but when the next major version is developed, you traditionally either buy a new PC or pay for the new version of the operating system.</p>
<p>Two things have ruined that simple dynamic, and both of them are Apple’s fault. First, Apple started producing major updates to Mac OS X on an annual cycle, and it made the upgrade to the new version available for only $30. Meanwhile, Microsoft was still trying to convince users to pay $100 or more &#8212; offering a confusing array of options and licensing models &#8212; to do essentially the same thing with Windows. Predictably, Apple has a much higher success rate of moving users to the most current version of the OS, while Microsoft is still begging people to abandon Windows XP.</p>
<p>The second factor is the mobile revolution. Again, most people get a new mobile OS by acquiring a new mobile device. But, when a new version of the mobile OS is made available, it&#8217;s simply pushed out as an available update for all applicable devices. Because of interference from device manufacturers and wireless providers, it can still take months &#8212; or even years &#8212; for some Android devices to get the “latest” OS, but when Apple launches a new version of iOS, it&#8217;s very quickly embraced. As of January 2014, <a href="http://www.theinquirer.net/inquirer/news/2325416/ios-7-shames-android-44-kitkat-with-80-percent-adoption-rate" target="_blank">four out of five eligible devices</a> have made the switch to iOS 7 in a matter of just a few months.</p>
<p>Then, Apple dropped a bomb with the latest release of its desktop OS. It announced that Mac OS X 10.9&#8211; a.k.a. “Mavericks” &#8212; would also be available for free.</p>
<p>Microsoft offered a limited-time bargain for Windows 8 that users should have taken advantage of, but even that was still $40. Windows 8.1 was offered for free, but that&#8217;s an incremental update akin to Windows 8 Service Pack 1. The real test will be Windows 9.</p>
<p>Cost is not the only factor. In fact, users sticking with Windows XP noted other important factors, including “It works, so there’s no need to change” and “Crucial software depends on Windows XP.” Even if Microsoft gave away Windows 7 or Windows 8, it seems that roughly 80% of users surveyed would continue to use Windows XP.</p>
<p>Moving forward, though, the combination of ubiquitous mobile devices receiving free OS upgrades and Apple setting the precedent of free OS upgrades at the desktop level mean that Microsoft will essentially be obligated to follow that lead and make Windows 9 and subsequent operating systems free.</p>
<p>Granted, that means Microsoft would be giving up a major source of revenue. But giving the OS away for free will help Microsoft maintain its dominance of desktop OS market share and boost the Microsoft brand. Microsoft will just have to capitalize on that OS dominance to make up the difference in revenue from other products and services.</p>
<p>Do you think free software will help Microsoft maintain its dominance on the desktop? Share your thoughts in the discussion thread below.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://blog.maselectronics.com/giving-windows-away-for-free/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Denial of Service strike on Spamhaus</title>
		<link>https://blog.maselectronics.com/denial-of-service-strike-on-spamhaus/</link>
					<comments>https://blog.maselectronics.com/denial-of-service-strike-on-spamhaus/#respond</comments>
		
		<dc:creator><![CDATA[mmessier]]></dc:creator>
		<pubDate>Wed, 03 Apr 2013 14:08:38 +0000</pubDate>
				<category><![CDATA[Open Discussions]]></category>
		<guid isPermaLink="false">http://blog.maselectronics.com/?p=3849</guid>

					<description><![CDATA[On March 18, 2013, news went around the world about one of the biggest Distributed Denial of Service (DDoS) attacks in history, launched against a site called Spamhaus, in which attackers not only went after the organization’s website itself, but also its providers and some Tier 1 Internet exchanges as well, causing potential collateral damage. Since then however, the situation has only become more complex, with rumors flying around that the attack was not as bad as reported, and hints...<p class="read-more"><a class="btn btn-default" href="https://blog.maselectronics.com/denial-of-service-strike-on-spamhaus/"> Read More<span class="screen-reader-text">  Read More</span></a></p>]]></description>
										<content:encoded><![CDATA[<article>On March 18, 2013, news went around the world about one of the biggest Distributed Denial of Service (DDoS) attacks in history, launched against a site called Spamhaus, in which attackers not only went after the organization’s website itself, but also its providers and some Tier 1 Internet exchanges as well, causing potential collateral damage. Since then however, the situation has only become more complex, with rumors flying around that the attack was not as bad as reported, and hints on who might be behind it, along with what could be done to prevent future attacks.</p>
<h2>Why Spamhaus?</h2>
<p>Most people have no idea what the <a href="http://www.spamhaus.org/" target="_blank">Spamhaus Project</a> is. This group of security researchers and IT pros work in the background, alongside many Internet providers and network administrators, in an effort to cut down on email spam. According to its mission statements, Spamhaus was founded in 1998 as a nonprofit organization dedicated to fighting spam. It is run by volunteers and works alongside law enforcement agencies like the FBI, email providers, and networks around the world. In reality, the way they fight spam is by maintaining large blacklists. These are lists of source addresses such as mail servers and websites, where they believe spam is coming from. These blacklists use DNS to block access from these sources, and are updated in real time. Because so many networks and providers use those blacklists, over 1.4 billion people are affected by them. This means that if an IP address is added to a Spamhaus blacklist, a large percentage of the Internet users will instantly be unable to receive anything from that source address. Needless to say, this has huge consequences.</p>
<p>Spamhaus is loved by many, since they have succeeded in bringing down the levels of spam that travel through the Internet. However, it also has a lot of enemies, and is the center of many controversies. The reason is that they have final say on which sites appear in their database. If they decide one particular business is sending spam, and they add their server to the blacklist, that will greatly affect the company’s ability to do business. The site does offer ways to get a case reviewed and potentially get removed from the list, but many still feel that Spamhaus is acting as judge, jury and executioner. So as a result, Spamhaus is often the victim of attacks.</p>
<h3>How the attack happened</h3>
<p>Spamhaus already has a strong infrastructure that allows them to deal with normal attacks, but on March 18th they started to see a very large attack that they could not handle. So they contacted CloudFlare, a content delivery network that specializes in these types of attacks &#8211; since then, CloudFlare has <a href="http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet" target="_blank">published</a> an account of events. Basically, they used their worldwide Anycast network to spread the DDoS attack over a large number of data centers. Even though the total bandwidth from the attack reached close to 300 Gbps, which is massive and would bring down any normal network, they still managed to cope because of their redundancies. However, the attackers did not stop there.</p>
<p>Seeing that they could not bring down Spamhaus or CloudFlare, they decided to attack their providers, and then the nodes upstream. However, because CloudFlare is so big, those upstream nodes are actual Tier 1 Internet backbones, so in essence the attackers ended up flooding crucial Internet exchange points such as the London Internet Exchange, Amsterdam Internet Exchange, and Hong Kong Internet Exchange. These are the core exchange points of the Internet where all of the large networks peer with each other, and while those have enough bandwidth to cope with such an attack, if all of the traffic comes in through a single port, it can easily slow down access for customers, in this case millions of people.</p>
<h3>Controversy about the impacts felt</h3>
<p>After the attack and CloudFlare’s post, Gizmodo posted a fairly controversial post titled “<a href="http://gizmodo.com/5992652" target="_blank">That Internet War Apocalypse Is a Lie</a>.” Basically, they claimed that CloudFlare was greatly exaggerating their claims that this attack was seriously impacting the Internet backbone. They say the account of events was overly dramatic, perhaps made to sell CloudFlare’s DDoS protection services. They say that Internet charts do not show services being slow on that day, and talk about how Internet backbones can support Tbps of bandwidth, an order of magnitude higher than what was felt. Since then there have been backs and forths, with CloudFlare countering saying that because some Internet exchange IPs can be publicly known, such an attack could actually disrupt crucial switches, and so on.</p>
<h3>The problem of open resolvers</h3>
<p>Regardless of whether part of the Internet was disrupted, or this was just affecting a couple of companies, the fact remains that a 300 Gbps attack is really big, much bigger than what most companies can cope with. The reason that bad guys can create such massive attacks is because of a <em>specific flaw in how many DNS servers are configured</em>. By default, DNS can make use of something called a resolver, which will reply with information about a particular address, domain name or site name, and send that information back. Unfortunately, the Internet is filled with open resolvers, DNS servers that will return this information to anyone who asks. Add to that the fact that spoofing an IP address is trivial, and you have a massive issue.</p>
<p>The way the attack goes is that the attacker spoofs his or her originating IP to be the website they want to hit. Then, they ask many of these open resolvers for a lot of information. These servers will then return the information, but not to the attacker, instead to the site being attacked. In essence, you end up directing between ten times to a hundred times as much data as you are sending out. So to create a 300 Gbps attack you would only need 3 Gbps of bandwidth. The DNS servers across the Internet would do the rest, and your real IP would never be seen by the target, which is another plus for the bad guys. The <a href="http://openresolverproject.org/" target="_blank">Open Resolver Project</a> is attempting to bring light to this issue, and tracked over 27 million open resolvers across the Internet. The only real fix is for the administrators of all these servers to correctly secure them. There are tips and recommendations on the project’s website to help secure those servers.</p>
<h3>Who did this</h3>
<p>It is still unknown who is behind the SpamHaus attack, however the hosting provider Cyberpunker is suspected of having sponsored the attack after it was added to the blacklist. As for who did the actual flooding, the New York Times <a href="http://www.nytimes.com/2013/03/30/business/global/after-cyberattack-sven-olaf-kamphuis-is-at-heart-of-investigation.html" target="_blank">posted</a> about a potential suspect, Sven Olaf Kamphuis from Denmark, who has recently talked about his wish to bring SpamHaus down and describes himself as an Internet freedom fighter. He is described as the prince of spam, someone who hates authority, and former partners of his said he does not care about collateral damage at all. Since then, he has appeared on TV claiming that he is not behind the attack.</p>
<h3>Bottom line</h3>
<p>The authorities are now investigating the Spamhaus attack, but regardless of whether they manage to find the guilty party or not, there is no doubt that future attacks of this scale &#8211; or even bigger — will keep happening. The only true solution is for all of those DNS resolvers to be fixed, but in the meantime, redundant Internet connections, DDoS protection services, and content delivery networks are just some of the elements that can help a network cope with such an attack.</p>
</article>
]]></content:encoded>
					
					<wfw:commentRss>https://blog.maselectronics.com/denial-of-service-strike-on-spamhaus/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Should I stick with Windows XP: But how big a risk do you run?</title>
		<link>https://blog.maselectronics.com/should-i-stick-with-windows-xp-but-how-big-a-risk-do-you-run/</link>
					<comments>https://blog.maselectronics.com/should-i-stick-with-windows-xp-but-how-big-a-risk-do-you-run/#respond</comments>
		
		<dc:creator><![CDATA[mmessier]]></dc:creator>
		<pubDate>Mon, 01 Apr 2013 12:48:36 +0000</pubDate>
				<category><![CDATA[Open Discussions]]></category>
		<guid isPermaLink="false">http://blog.maselectronics.com/?p=3824</guid>

					<description><![CDATA[Some organizations intend to keep using Windows XP even in the post-apocalyptic world after Microsoft ends support in 12 months. It’s a calculated risk and one they should weigh up carefully. Even the spectre of security breaches and crashing apps is failing to convince some Windows XP-using organisations to abandon the OS before Microsoft cuts off support in a year’s time. Recent figures, suggest one in five companies using XP plans to stick with it despite the  April 8,2014 deadline,...<p class="read-more"><a class="btn btn-default" href="https://blog.maselectronics.com/should-i-stick-with-windows-xp-but-how-big-a-risk-do-you-run/"> Read More<span class="screen-reader-text">  Read More</span></a></p>]]></description>
										<content:encoded><![CDATA[<p>Some organizations intend to keep using Windows XP even in the post-apocalyptic world after Microsoft ends support in 12 months. It’s a calculated risk and one they should weigh up carefully.</p>
<p>Even the spectre of security breaches and crashing apps is failing to convince some Windows XP-using organisations to abandon the OS before Microsoft cuts off support in a year’s time.</p>
<p>Recent figures, suggest one in five companies using XP plans to stick with it despite the  April 8,2014 deadline, after which no new patches or bug fixes will be issued.</p>
<p>Those organizations may be taking a calculated risk and assume Windows XP’s longevity means major vulnerabilities have been identified and dealt with, but that assumption is misplaced.  It&#8217;s certainty that significant new vulnerabilities with XP will be uncovered in the future, if anyone wants to devote their time to it.</p>
<p>You’d be a fool to say every possible vulnerability has already been discovered and either mitigated or patched.  I agree that the amount of scrutiny and field-testing to which XP, first released to manufacturers in August 2001, has been subjected play in its favor. It should theoretically get progressively more difficult to uncover bugs in a system as widespread as XP. All that field-testing, all that field QA, are going to be far more extensive than anything you could have hoped to achieve in a QA lab pre-release. By the same token, because it represents a large target means it will be of continual interest to attackers and security researchers. With the sprawling amount of code that is Windows XP and its legacy nature &#8211; it’s not by any token a next-gen operating system &#8211; there is a lot of space for vulnerabilities or defects in the code still to exist.</p>
<h3>Application-level vulnerabilities</h3>
<p>Even if XP were secure, there might be application-level vulnerabilities.  It’s not just the operating system that’s going to be out of support. Almost every application running on it will also no longer be patched because it won’t be economically worthwhile for the application vendor.  When Microsoft drops support, so will the application vendors &#8211; if they haven’t already. If XP is no longer supported by Microsoft I’d be surprised &#8211; I’m not saying it’s not possible &#8211; to see many vendors offering updates. Do we see updates for Flash, or even most Anti-Virus software for Windows 95?, Nope !</p>
<p>In the age of targeted attacks, one of things attackers assess when doing reconnaissance are the operating systems and applications in use.  If you’re using something like Windows XP, it’s absolute gold to an attacker because they’ll know that any vulnerabilities that have been announced after a certain date.</p>
<h3>What can be done with continued XP use</h3>
<p>However, those planning to carry on using XP after the deadline can take certain steps to limit exposure to risk. I think it’s important to say there are things you can do if, as an organization, you need to continue using XP &#8211; whether it’s for cost or compatibility reasons with certain applications or even with certain hardware, there are some technologies you could deploy that will allow you to continue using legacy systems, because that is what XP is going to become, like NT has or Windows 2000 even. Probably one the most important of those is host-based intrusion prevention technology because that is effectively going to allow you to apply a virtual patch to those non-supported environments, It will be able to recognize that a vulnerability exists and make that vulnerability difficult or impossible to exploit even in the absence of a patch. So if you are going to carry on using XP, you will have to investigate mitigating technologies like host-based intrusion prevention.</p>
<p>&nbsp;</p>
]]></content:encoded>
					
					<wfw:commentRss>https://blog.maselectronics.com/should-i-stick-with-windows-xp-but-how-big-a-risk-do-you-run/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
