During a security presentation at Apple’s Worldwide Developers’ Conference, the company revealed the deadline for all apps in its App Store to switch on an important security feature called App Transport Security — January 1, 2017.
“Today, I’m proud to say that at the end of 2016, App Transport Security is becoming a requirement for App Store apps,” Apple’s head of security engineering and architecture, Ivan Krstic, said during a WWDC presentation. “This is going to provide a great deal of real security for our users and the communications that your apps have over the network.”
App Transport Security, or ATS, is a feature that Apple debuted in iOS 9. When ATS is enabled, it forces an app to connect to web services over an HTTPS connection rather than HTTP, which keeps user data secure while in transit by encrypting it.
The “S” in HTTPS helpfully stands for secure and you’ll often see it appear in your browser when logging into your banking or email accounts. But mobile apps often aren’t as transparent with users about the security of their web connections, and it can be hard to tell whether an app is connecting via HTTP or HTTPS.
Enter ATS, which is enabled by default for iOS 9. However, developers can still switch ATS off and allow their apps to send data over an HTTP connection — until the end of this year, that is. (For technical crowd: ATS requires TLS v 1.2, with exceptions for already encrypted bulk data, like media streaming.)
At the end of 2016, Apple will make ATS mandatory for all developers who hope to submit their apps to the App Store. App developers who have been wondering when the hammer would drop on HTTP can rest a little easier now that they have a clear deadline, and users can relax with the knowledge that secure connections will be forced in all of the apps on their iPhones and iPads.
In requiring developers to use HTTPS, Apple is joining a larger movement to secure data as it travels online. While the secure protocol is common on login pages, many websites still use plain old HTTP for most of their connections. That’s slowly changing as many sites make the arduous transition to HTTPS (Wired has been particularly good at documenting the process).
Facebook is notoriously bad for reminding you of the things you’ve posted in the past.
If you’re like me, you probably have quite a few posts lurking in the dark history of your Timeline that you completely forgot about. It’s time to delete those from once and for all, and I’m going to show you how.
First and foremost, make sure you know what your Timeline looks like to public users (anyone who is not your Facebook friend). To do this, go to your Timeline, click on the three dots to the right of the Activity Log button, choose “View as…,” and you should see this:
Take a good look through, and anything you don’t like, click on the date under your name, click on the little globe icon, and change “Public” to “Friends,” “Only Me,” or “Custom.” Alternatively, you can delete the post completely by clicking on the ‘X’ button.
Hide old Public posts
If you have lots of Public posts that you want to hide, believe it or not, Facebook has a tool for that. This is the best way to fix the issue you’ve been experiencing today.
Click on the security lock in the top-right on Facebook, choose ‘See More Settings’, and click on Limit Past Posts. You should see the following message popup; click on the blue “Limit Old Posts” button to change the visibility of all your old posts to just “Friends”:
Fix your Timeline settings
Next up, let’s make sure your Timeline settings are what you want them to be. Once again, click on the security lock in the top-right on Facebook and click on Timeline and Tagging Settings in the left pane.
Make sure the first, fourth, fifth and seventh options are set to “Friends,” or whatever you personally prefer:
Deep Facebook cleaning
If these tips didn’t do the trick for your yet, there’s also the option to work with a Chrome extension like Facebook Post Manager. However, these tend to be a little bit aggressive — so watch out when you’re using them.
There you go — that’s it!
You’ve cleaned your Facebook Timeline from old, forgotten posts. You can now go on and live your life without having to worry someone runs into an embarrassing picture or status update from 2009.
Today, half of America’s internet shut down when hackers unleashed a large distributed denial of service (DDoS) attack on the servers of Dyn, a major DNS host. It’s still unclear exactly who carried out the attack and why, but regardless, the event served as a demonstration of how easily large swaths of the web can be wiped out if attacked by determined hackers.
Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.
It’s horrific to know that major websites like Twitter, Spotify, Reddit, Etsy, Wired, and PayPal can all be taken offline in an instant. The exact process hackers used is so far unknown—aside from the DDoS detail—but it’s important for every internet user to understand because it has to do with how exactly the internet works. With that in mind, here is how some of the most popular websites in the world can be taken offline in a flash.
What is the technology?
Domain Name Servers (DNS) act as the internet’s phone book and facilitate requests to specific webpages. They make sure you end up in the right place every time you type a website into your browser. Hackers will occasionally attack DNS providers in order to bring down the sites they are serving. Today, that happened to be Twitter, Reddit, PayPal and more.
That’s a really basic overview. But if you really want to understand how DNS works at a deeper level, you have to follow the complete order of operations. A typical internet user starts at one of many computers in a large network connected through underground cables (such as your laptop). The individual nodes on these networks communicate by referring to each other with numbers known as IP addresses. DNS is used to translate a request like a URL into an IP address.
When you enter a URL—such as www.Gizmodo.com—your browser starts trying to figure out where that website is by pinging a series of servers. It’s very detailed, and we won’t bore you with the complete chain of events. There are resolving name servers, authoritative name servers, domain registrars, and so on. The system is precisely configured to get you from browser bar to website seamlessly. The process is a little crazy, but perhaps the most insane part is that it all happens almost instantly. Anytime you’re browsing the web, opening dozens of tabs, requesting a bunch of different websites, your computer is pinging servers around the world to get you the right info. And it just works—until it doesn’t.
How does it break?
A DDoS attack is a common hack in which multiple compromised computers are used to attack a single system by overloading it with server requests. In a DDoS attack, hackers will use often use infected computers to create a flood of traffic originating from many different sources, potentially thousands or even hundreds of thousands. By using all of the infected computers, a hacker can effectively circumvent any blocks that might be put on a single IP address. It also makes it harder to identify a legitimate request compared to one coming from an attacker.
In the case of this morning’s attack, hackers brought down the servers of Dyn, a hugely popular DNS host that manages sites like Basecamp, CNN, Etsy, Github, Grubhub, HBO Now, Imgur, Paypal, Playstation Network, Reddit, Squarespace, and Twitter.
When the servers of Dyn were taken down, browsers essentially couldn’t figure out where to go to find the information to load on the screen. This type of attack happens every so often when hackers create a little army of private computers infected with malicious software known as a Botnet. The people that are often participating in the attack don’t realize their computer has been compromised and is part of a zombie army of attackers. In 2014, a hacker group called Lizard Squad shut down the Playstation Network and Xbox Live using this method. In 2015, a trojan virus called XOR DDoS helped hackers create a powerful botnet capable of taking down almost any server or website.
Defending servers against DDoS attacks can be difficult, but there are ways to prevent outages. According to Network World, one of the most common methods used is flow sampling, in which the system samples packets and identifies trends in network traffic. A flow analytics device evaluates traffic streams and identifies potentially bad traffic.
How do we protect ourselves?
Looking ahead, one big question stands out. How can we avoid attacks like this stealing internet access away from millions of Americans and losing companies millions of dollars in revenue?
The answer is complicated. As soon as security companies come up with new ways to protect companies like Dyn, hackers come up with new ways to attack them. In the case of DNS infrastructure, however, many point out that the best way for a website to avoid getting brought down by an attack on one host is simply to subscribe to multiple hosts. This is called DNS redundancy, and it’s probably the reason that some sites (like Pornhub) survived the attack unscathed.
In the case of the Dyn servers, it’s unclear exactly how they solved the problem, but the company is now reporting the issue resolved—about one hour after the problem started.
SAN FRANCISCO — At the annual San Francisco WordCamp, WordPress creator Matt Mullenweg told the audience a fascinating stat about the service.
In a talk that also included details on the next two versions of WordPress, Mullenweg said, “We’re now up to 18.9 percent of the web running WordPress. … We’re going to see the number of people who have WordPress as part of their daily habits grow exponentially.”
Around 66 percent of those sites and blogs are in English. Monthly pageviews for all WordPress sites and blogs rose to a massive 4 billion in 2013.
Mullenweg also said around 30 percent of respondents in a recent survey from WP Engine were aware of WordPress as an entity or brand.
The service just celebrated its tenth anniversary in May, and parent company Automattic took a sizable $50 million funding round, also in May.
Microsoft’s Windows 8.1 update will end up in the hands of PC manufacturers by August, reports All Things D. Microsoft made the announcement today at its partner conference, and makes the timing right for inclusion on computers shipping out over the holiday season.
The update will be free, and includes a bunch of fixes for issues that people had with Windows 8.
All told, Windows 8.1 is a worthy and welcome upgrade, and one that stands up to testing. However, it isn’t perfect, and doesn’t correct all the flaws of its ancestor.
The update is available now for download in preview form, if you’re the type who doesn’t mind trying the latest version of an operating system, and all of the bugs commensurate with that.
Microsoft has taken most of the wrapping off of the coming update to Windows 8. Codenamed ‘Blue,’ the formally monikered Windows 8.1 update arrived in preview form on June 26th, a date that coincided with the company’s Build developer event in San Francisco.
The era of Windows 8 is upon us. With more than 100 million licenses for the new operating system sold thus far, and the end of Windows XP support rapidly approaching, Microsoft’s newest OS isn’t simply what’s next.
Is it ready? Windows 8 at launch was a quirky affair, with new user interface elements and features that, while occasionally individually compelling, came together disjointedly where at all. Microsoft had a bucket of parts, but not so much a finished product.
It was a shame, frankly, that Windows 8 on the day of its general availability wasn’t Windows 8.1. It would have spared it much of the public criticism that it has endured thus far in its short, seven-month life. Windows 8.1 is a material improvement on its predecessor. To call it a new operating system would be a mistake, but Windows 8.1 is certainly a reformed, better evolved creature.
Cray’s Titan supercomputer has snatched the title of world’s fastest from the National Nuclear Security Administration’s Sequoia—and it’s cray fast, as you might expect.
Powered by a mixture of CPUs and GPUs, Titan is home to 18,688 nodes, each of which contains an AMD 16-core Opteron and a NVIDIA Tesla K20X GPU accelerator. All told, that’s a whopping 560,640 processors, which are capable of 17.59 quadrillion operations per second. For perspective, Sequoia snatched the top spot back in June with a mere 16.32 quadrillion.
And what the hell is all that computational crunching power used for? Well, Titan is housed at Oak Ridge National Laboratory, where it’s used to perform calculations for materials research, nuclear energy research, and analysis of techniques which can make combustion engines more efficient. As well as dabbling in climate modeling. No biggy, then, obviously. [Top 500 via Forbes]
According to the latest data from web application performance management firm New Relic, Microsoft’s Internet Explorer 10 on Windows 8 currently has the fastest response time of any browser on Windows, leading the company – and Microsoft – to conclude that IE10 is currently the fastest browser on Windows. Looking at the 40 billion web pageviews it monitors every month, New Relic’s data shows that IE9 comes in second, followed by Firefox 15, Safari 5 and Chrome 21.
On the Mac, interestingly, an older version of Chrome (19) showed a faster average response time than any of the newer versions (New Relic’s data doesn’t include measurements from Chrome 23, though, as it was only released today).
As Hurricane Sandy delivers a glancing blow to New York City, the power company pulls the plug on parts of lower Manhattan, and some Web sites without redundant servers go down.
Power outages caused by Hurricane Sandy show why it’s good to have a duplicate Web server located somewhere far away from New York City right now.
The local power company, Consolidated Edison shut down power to portions of lower Manhattan this evening in an effort to prevent damage to underground equipment.
That coincided with when Gawker.com and Gizmodo.com went offline. In a Twitter update at 4:21 p.m. PT, Gizmodo said: “We’ll be back soon! There was a data center battery failure after the power went down in Lower Manhattan. Generators powering up.”
Buzzfeed.com is also down, saying: “Our site is down. Problems with NY-area servers due to Sandy.” Livestream.com says it’s experiencing “a major outage.”