Lululemon Athletica Inc. Website down for 24 hours

I have witnessed various retailers go down for half an hour or so (Bestbuy on Black Friday sales is very common), but never did I see a MAJOR retailer go down for 24 hours. The message that lululemon.com was showing for 24 hour span was:

We are usually awesome at this. Please don’t refresh your browser. You’ll be back in the flow shortly.

There was no word from the company on what exactly occurred. They use the largest CDN provider Akamai, the same provider that Apple uses. Akamai is known to be the top content delivery network provider, therefore I would assume that the issue was not with them. Even if your cloud storage or a dedicated server was to go down, recovering from back-up shouldn’t take longer than 30 minutes. The assumption here is that the dedicated server or cloud did go down and that the back-up they had was corrupt. Or they had major issues restoring form the original backup and had to resort to their secondary off-shore storage. I assume they have more than 1 backup location that they use. These are all assumption. Maybe their administrator went away for the long weekend. We really don’t know.

The moral of the story is, make sure your back-ups are not corrupt and that you are capable of recovering from a disaster within a 3o minute span especially in today’s technological advances of cloud storage.

 

WannaCry Ransomware received how many payments?

As everyone knows by now WannaCry / WanaCrypt0r ransomware would encrypt your hardrive, lock you out and simply ask for payment between $300.00 to $600.00 to restore access back. There are certainly users out there that paid, but how many paid and how much did WannaCry / WanaCryptor. According to ActualRansom

The three bitcoin wallets tied to #WannaCry ransomware have received 296 payments totaling 48.86359565 BTC ($99,448.11 USD).

It is a very impressive amount of money for a few days of work.

Google disciplines Symantec for mis-issuing 30,000 Certs

In a extreme rebuke of one of many largest suppliers of HTTPS credentials, Google Chrome builders introduced plans to drastically limit transport layer safety certificates offered by Symantec-owned issuers following the invention they’ve allegedly mis-issued greater than 30,000 certificates.

Chrome plans to cease recognizing the prolonged validation standing of all certificates issued by Symantec-owned certificates authorities, Ryan Sleevi, a software program engineer on the Google Chrome group, stated in a web-based discussion board. Prolonged validation certificates are supposed to supply enhanced assurances of a website’s authenticity by displaying the identify of the validated area identify holder within the tackle bar. Below the transfer introduced by Sleevi, Chrome will instantly cease displaying that data for a interval of no less than a 12 months. In impact, the certificates might be downgraded to less-secure domain-validated certificates.

Extra steadily, Google plans to replace Chrome to successfully nullify all at the moment legitimate certificates issued by Symantec-owned CAs. With Symantec certificates representing greater than 30 % of the Web’s legitimate certificates by quantity in 2015, the transfer has the potential to stop tens of millions of Chrome customers from with the ability to entry giant numbers of websites. What’s extra, Sleevi cited Firefox information that confirmed Symantec-issued certificates are answerable for 42 % of all certificates validations. To reduce the possibilities of disruption, Chrome will stagger the mass nullification in a approach that requires they get replaced over time. To do that, Chrome will steadily lower the “most age” of Symantec-issued certificates over a collection of releases. Chrome 59 will restrict the expiration to not more than 33 months after they had been issued. By Chrome 64, validity could be restricted to 9 months.

Announcement is just the most recent growth in Google’s 18-month critique of practices by Symantec issuers. In October 2015, Symantec fired an undisclosed variety of workers answerable for issuing check certificates for third-party domains with out the permission of the area holders. One of many extended-validation certificates coated google.com and www.google.com and would have given the particular person possessing it the flexibility to cryptographically impersonate these two addresses. A month later, Google pressured Symantec into performing a expensive audit of its certificates issuance course of after discovering the mis-issuances went nicely past what Symantec had first revealed.

In January 2017, an unbiased safety researcher unearthed proof that Symantec improperly issued 108 new certificates. Thursday’s announcement got here after Google’s investigation revealed that over a span of years, Symantec CAs have improperly issued greater than 30,000 certificates. Such mis-issued certificates symbolize a probably important menace to nearly all the Web inhabitants as a result of they make it attainable for the holders to cryptographically impersonate the affected websites and monitor communications despatched to and from the legit servers. They’re a serious violation of the so-called baseline necessities that main browser makers impose of CAs as a situation of being trusted by main browsers.

Mr. Sleevi wrote:

As captured in Chrome’s Root Certificate Policy, root certificate authorities are expected to perform a number of critical functions commensurate with the trust granted to them. This includes properly ensuring that domain control validation is performed for server certificates, to audit logs frequently for evidence of unauthorized issuance, and to protect their infrastructure in order to minimize the ability for the issuance of fraudulent certs.
On the basis of the details publicly provided by Symantec, we do not believe that they have properly upheld these principles, and as such, have created significant risk for Google Chrome users. Symantec allowed at least four parties access to their infrastructure in a way to cause certificate issuance, did not sufficiently oversee these capabilities as required and expected, and when presented with evidence of these organizations’ failure to abide to the appropriate standard of care, failed to disclose such information in a timely manner or to identify the significance of the issues reported to them.

These issues, and the corresponding failure of appropriate oversight, spanned a period of several years, and were trivially identifiable from the information publicly available or that Symantec shared.

The full disclosure of these issues has taken more than a month. Symantec has failed to provide timely updates to the community regarding these issues. Despite having knowledge of these issues, Symantec has repeatedly failed to proactively disclose them. Further, even after issues have become public, Symantec failed to provide the information that the community required to assess the significance of these issues until they had been specifically questioned. The proposed remediation steps offered by Symantec have involved relying on known-problematic information or using practices insufficient to provide the level of assurance required under the Baseline Requirements and expected by the Chrome Root CA Policy.

Symantec officials released an email statement:

As the world’s leading cyber security company and the market leading Certificate Authority, we understand the importance of the trust chain we provide for our customers and everyone who uses the Internet. We learned of Google’s proposal when they posted it on their blog today. Their communication was unexpected and their proposed action is irresponsible. Our SSL/TLS certificate customers and partners need to know that this does not require any action at this time.

Symantec’s repeated violations underscore one of many issues Google and others have in imposing phrases of the baseline necessities. When violations are carried out by issuers with a sufficiently big market share they’re thought-about too huge to fail. If Google had been to nullify all the Symantec-issued certificates in a single day, it would trigger widespread outages. The penalties outlined by Sleevi appear to be aimed toward minimizing such disruptions whereas nonetheless exacting a significant punishment.

The penalties instantly revoke solely the standing of prolonged validation certificates issued by Symantec, a transfer that’s more likely to be a serious annoyance to many Symantec prospects and their web site guests, however not make websites unavailable. The untrusting of all Symantec certificates, in the meantime, has a a lot increased potential of making Web-wide issues.

As Sleevi defined it: “By phasing such adjustments in over a collection of releases, we goal to attenuate the affect any given launch poses, whereas nonetheless frequently making progress in the direction of restoring the mandatory degree of safety to make sure Symantec-issued certificates are as reliable as certificates from different CAs.”

Update: Symantec has released additional information on their Blog.

Our customers don’t have to worry about the SSL issues you see above. We have always used Comodo SSL certificates.

Hackers want Ransom from Apple

It has been discovered mischievous group of hackers claiming to have entry to over 300 million iCloud accounts is threatening Apple to remotely wipe knowledge from these thousands and thousands of Apple gadgets until Apple pays it $75,000 in crypto-currency or $100,000 price of iTunes present playing cards.

The hacking group, who recognized themselves as ‘Turkish Crime Household,’ has demanded a ransom to be paid in Bitcoin or Ethereum, one other in style crypto-currency.

” the hacker instructed Motherboard.

Nonetheless, the story appears inconsistent, as on its Twitter account, the group claims to have entry to 200 million iCloud accounts, whereas in one of many emails, it says to entry 300 million Apple e mail accounts and in one other, the quantity will get nearly double to 559 million.

At the moment, it is vitally tough for even Apple to confirm the claims. Nonetheless, the corporate has warned the group saying that it doesn’t reward cyber criminals for breaking the legislation and asking them to take away the video because it was “searching for undesirable consideration.”

Does your 32-bit iOS application need to be updated?

Apple has all the earmarks of being wanting to drop bolster for 32-bit applications in a forthcoming form of iOS. The ready exchange displayed when propelling a 32-bit application on iOS 10.3 beta 1 now cautions clients that the application should be refreshed to keep taking a shot at future variants of iOS. This proposes iOS 11 expected in the not so distant future could be the principal adaptation to just support 64-bit applications.

Apple has upheld 64-bit applications on iOS since the dispatch of the iPhone 5s in September 2013. Apple has additionally required designers submit new applications with 64-bit bolster since February 2015 and application refreshes since June 2015.

While legacy 32-bit applications still in the App Store have kept on being upheld, iOS 9 incorporated a ready when first propelling 32-bit applications that told clients the legacy application may back off gadget execution.

Apple has changed the ready exchange on iOS 10.3 beta 1 to caution that support will be expelled in future iOS forms.

If you have a 32-bit application here is some of the messages your application might trigger.

From iOS 10.2.1:

“YOUR APP NAME” May Slow Down Your iPad

The developer of this app needs to update it to improve its compatibility.

And iOS 10.3 beta 1:

“YOUR APP NAME” Needs to Be Updated

This app will not work with future versions of iOS. The developer of this app needs to update it to improve its compatibility.

For applications that are still in the App Store, the ready exchange ought to put weight on application proprietors to get with the circumstances or face applications being expelled from the App Store.

Back in September, Apple point by point arrangements to start cleansing “problematic and abandoned apps” from the App Store in one of the principal moves to concentrate on application quality over list amount. The next month, Apple was said to have expelled about 50,000 applications from the App Store.

If you are require your application to be updated from 32-bit to 64-bit, we can certainly provide you with that service.

Project Zero Cloudflare Hack

On February 18, 2017 Tavis Ormandy, a research analyst with Google’s Project Zero, revealed delicate information spilling from sites utilizing Cloudflare’s proxy services, which are utilized for their content delivery network (CDN) and distributed denial-of-service (DDoS) mitigation services. Cloudflare gives an assortment of services to a ton of sites – to at least couple of million. Tavis informed Cloudflare promptly. A couple includes in Cloudflare’s intermediary services had been utilizing an imperfect HTML parser that spilled uninitialized memory from Cloudflare’s edge servers in some of their HTTP reactions. Helpless components in Cloudflare’s services were handicapped inside hours of accepting Tavis’ divulgence, and their services were completely fixed with every defenseless element completely re-empowered inside three days. Cloudflare has a point by point review about Cloudbleed’s basic issue and their reaction to it – Click here.

Should I be worried?

Not if you are hosted with Primary Technologies. We have NEVER endorsed third party CDN providers such as Cloudflare. If you are or been hosted elsewhere than your data may have been spilled. Any merchant’s site utilizing Cloudflare’s intermediary service could have uncovered your passwords, session treats, keys, tokens, and other touchy information. In the event that your association utilized this Cloudflare intermediary benefit between September 22, 2016 and February 18, 2017, your information and your clients’ information could have been spilled and stored via web crawlers.

Who is affected?

Prior to Tavis’ divulgence, information had been spilling for quite a long time. It’s too early to know the full extent of the information that was spilled and the locales and services that were influenced (in spite of the fact that we’re headed toward a nice begin). There is right now a decent lot of perplexity and misalignment on the status of different services.

iOS update might say a final goodbye to 32-bit applications

Beta forms of iOS 10.3, the first was issued a week ago, create cautioning messages when you attempt to run more seasoned 32-bit applications. The message, initially found by PSPDFKit CEO and application engineer Peter Steinberger, cautions that the applications “won’t work with future renditions of iOS” and that the application must be overhauled by its designer to keep running. The applications still keep running in iOS 10.3, yet it appears to be likely that iOS 11 will drop bolster for them totally.

In spite of the fact that the mistake message doesn’t expressly say the application’s 32-bit or 64-bit support, it’s certainly just more seasoned 32-bit applications that trigger the notice. Comparable messages that did expressly specify 64-bit support were available in the betas of iOS 10.0, yet they were evacuated in the last arrival of the product. Apple has required 64-bit bolster for all new application entries since February of 2015 and all application overhaul entries since June 2015, so any applications that are as yet tossing this blunder haven’t been touched by their engineer in no less than 18 months (designers could include 64-bit bolster as ahead of schedule as 2013, yet a large portion of them selected not to until it turned into a necessity).

To a limited extent in light of Apple’s aggregate control of its equipment, working framework, and application conveyance stage, iOS’ move from 32-bit programming to 64-bit programming has been exceptionally smooth and brisk. The initial 64-bit release of Windows was discharged in 2005, and however 64-bit Windows has more often than not been the default since the Windows 7 time, there’s still a 32-bit adaptation of Windows 10, despite everything it transports on some low-end equipment. Macintosh OS X (now macOS) started to incorporate 64-bit bolster with the OS beginning in 2003, a procedure that wasn’t finished until 2012; current variants of the OS can even now run 32-bit applications that aren’t generally inconsistent. Android’s 64-bit move is finished in the event that you have a more current telephone, yet some new telephones still ship with 32-bit Android, and more established telephones (even those that really get programming overhauls and have 64-bit equipment support) will keep on using 32-bit Android.

Expelling 32-bit bolster from iOS would likewise dovetail with another exertion Apple is making to expel old and unmaintained programming from the App Store so individuals can’t discover it in any case. Apple is endeavoring to contact application engineers so that any individual who needs to upgrade their applications still can, yet they won’t be permitted to remain up uncertainly. On the off chance that iOS 11 drops bolster for the 32-bit iPhone 5 and 5C and the fourth-era iPad, expelling 32-bit application support could likewise permit Apple to strip every one of the 32-bit code out of iOS completely.

Jailbreak 10.1.1

Project-zero has detailed instruction on a kernel exploit that is capable of jailbreaking iOS 10.1.1. Here’s a screenshot:

Jailbreak 10.1.1

Therefore, if you are looking to jailbreak manually, CLICK HERE. Instructions are detailed and if you follow them, you should be able to jailbreak your device.

As mentioned in our previous post, if you have updated to the latest iOS 10.2, this kernel exploit will not work. Please downgrade to 10.1.1 (still signed by Apple).

Register .org and .website cheap

We currently have a special for .org US$6.64 and .website US$4.96 for a limited time. Grab a domain name today or simply transfer at this promotional pricing. No coupons required.

REGISTER DOMAIN

iOS 10.2 Jailbreakers Avoid

According to multiple sources iOS 10.2 has closed all the kernel vulnerabilities that were available. If you have any hope to jailbreak your iDevice on iOS10, simply upgrade to the last version that appears to be jailbreakable which is 10.1.1. As of right now its still signed and its possible to downgrade if you made a mistake and jumped on 10.2.