Technology

Google announced Wednesday that it’s investing in a new subsea cable system that will run between Australia and Asia. The investment is Google’s latest move to strengthen its ties to the APAC region.

Called Indigo, the cable will connect Perth, Sydney, and Singapore, with a branch to Jakarta. To build the cable, Google is partnering with AARNet, Indosat Ooredoo, Singtel, SubPartners and Telstra, while Alcatel Submarine Networks will construct the cable. Span approximately 9,000km, it’s expected to be completed by mid-2019.

Indigo will initially have two fibre pairs with a design capacity of around 18 terabits per second — enough capacity for people in Singapore and Sydney to join 8 million simultaneous high-definition Google Hangout video conference calls — via redwolf.newsvine.com

CAPTCHA’s are an irritating but necessary evil. The system that is used to verify whether or not a user is human has been around a while and it had to evolve because machines were getting better at reading the text than humans. With its latest iteration, Google says you’ll no longer have to input anything at all.

Invisible CAPTCHA’s are the latest development in the Completely Automated Public Turing test to tell Computers and Humans Apart. Google acquired reCaptcha back in 2009. It updated the system in 2013 to allow for the ubiquitous I’m not a robot checkbox that’s all over the internet. That version worked by determining the user’s humanity through their clicking style. If the click seemed fishy, a more elaborate test would be offered. But the Invisible CAPTCHA is able to recognize that a user is not a bot simply by analysing their browsing behaviour — via redwolf.newsvine.com

Wikipedia editors have voted to ban the Daily Mail as a source for the website in all but exceptional circumstances after deeming the news group generally unreliable.

The move is highly unusual for the online encyclopaedia, which rarely puts in place a blanket ban on publications and which still allows links to sources such as Kremlin backed news organisation Russia Today, and Fox News, both of which have raised concern among editors.

The editors described the arguments for a ban as centred on the Daily Mail’s reputation for poor fact checking, sensationalism and flat-out fabrication.

The Wikimedia Foundation, which runs Wikipedia but does not control its editing processes, said in a statement that volunteer editors on English Wikipedia had discussed the reliability of the Mail since at least early 2015.

It said: Based on the requests for comments section [on the reliable sources noticeboard], volunteer editors on English Wikipedia have come to a consensus that the Daily Mail is generally unreliable and its use as a reference is to be generally prohibited, especially when other more reliable sources exist — via redwolf.newsvine.com

For the better part of a day, KrebsOnSecurity, arguably the world’s most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn’t like a recent series of exposés reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet.

The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. A third post in the series is here.

On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. That staggering amount of data is among the biggest ever recorded. Krebs was able to stay online thanks to the generosity of Akamai, a network provider that supplied DDoS mitigation services to him for free. The attack showed no signs of waning as the day wore on. Some indications suggest it may have grown stronger. At 4.00pm, Akamai gave Krebs two hours’ notice that it would no longer assume the considerable cost of defending KrebsOnSecurity. Krebs opted to shut down the site to prevent collateral damage hitting his service provider and its customers.

It’s hard to imagine a stronger form of censorship than these DDoS attacks because if nobody wants to take you on then that’s pretty effective censorship, Krebs told Ars on Friday. I’ve had a couple of big companies offer and then think better of offering to help me. That’s been frustrating.

Until recently, a DDoS attack in excess of 600Gb was nearly impossible for all but the most sophisticated and powerful actors to carry out. In 2013, attacks against anti-spam organization Spamhaus generated headlines because the 300Gb torrents were coming uncomfortably close to Internet-threatening size. The assault against KrebsOnSecurity represents a much greater threat for at least two reasons. First, it’s twice the size. Second and more significant, unlike the Spamhaus attacks, the staggering volume of bandwidth doesn’t rely on misconfigured domain name system servers which, in the big picture, can be remedied with relative ease — via redwolf.newsvine.com

It’s no secret. We’re really bad at passwords. Nevertheless, they aren’t going away any time soon.

With so many websites and online applications requiring us to create accounts and think up passwords in a hurry, it’s no wonder so many of us struggle to follow the advice of so-called password security experts.

At the same time, the computing power available for password cracking just gets bigger and bigger.

OK, so I started with the bad news, but this cloud does have a silver lining.

It doesn’t need to be as hard as we make it and the government is here to help.

That’s right, the United States National Institute for Standards and Technology (NIST) is formulating new guidelines for password policies to be used in the whole of the US government (the public sector).

Why is this important? Because the policies are sensible and a great template for all of us to use within our own organisations and application development programs.

Anyone interested in the draft specification for Special Publication 800-63-3: Digital Authentication Guidelines can review it as it evolves over on Github or in a more accessible form on NIST’s website.

For a more human approach, security researcher Jim Fenton did a presentation earlier this month at the PasswordsCon event in Las Vegas that sums up the changes nicely — via redwolf.newsvine.com