Data sitr


2020.06.07 14:57 Philosofen ERR_SSL_PROTOCOL_ERROR when on wifi.

I am working on setting up my website, and have been tinkering with the SSL certificate.
I am doing everything from android, and have no access to a mac or pc at the moment.
I am using Chrome, but have tried Samsung Internet, and Firefox as well. Same problem.
When I am on my apartment's wifi and enter the website, I get "This sitr can't provide a secure connection. X sent an invalid response. ERR_SSL_PROTOCOL_ERROR."
If I turn my wifi off, and use mobile data I can access the website with no problem, and it has the padlock.
I have tried flushing cache and history etc on Chrome, i have tried turning off the quic flag thingy, I have tried forgetting the wifi on my device and reconnect. Nothing works.
Anybody know what else I could do?
submitted by Philosofen to techsupport [link] [comments]

2019.09.20 01:32 acerod1 ‘Security’ Cameras Are Dry Powder for Hackers. Here’s Why

Researchers have long bemoaned the insecurity of certain “security” cameras. Ostensibly installed to deter and thwart intruders, many actually can be transformed into an arsenal that hackers use for Web warfare.
The latest cause for concern: A vulnerability that enables hackers to summon a firehose of network traffic from hundreds of thousands of such devices for “distributed denial of service” attacks, also known as “DDoS” attacks, that aim to knock targets offline—sometimes just for kicks and giggles, other times until a victim pays ransom. In a report published Wednesday, security researchers at “cloud” network firm Akamai called attention to the recently identified flavor of attack, warning that instances of it are likely to worsen, in coming weeks, in terms of severity and frequency.
“It’s just so easy to abuse,” says Chad Seaman, an Akamai engineer who worked on the report. “We know there’s an active marketplace for it where people are selling these [DDoS] services via stressors and booters,” industry jargon for hacking-for-hire, he says.
The new attack uses a novel method to achieve old aims. Previous victims of DDoS attacks include Github, the code collaboration site, which got hit with the largest ever recorded one last year. In 2016, an attack targeting Dyn, an Internet infrastructure firm, since absorbed by Oracle, suffered a DDoS strike, leading to widespread Internet outages.

How it works

This is a new type of digital cudgel. Observed since May, the attack involves misuse of a device-pinpointing protocol—called “web services dynamic discovery,” or “WS-Discovery”—which helps identify the whereabouts of machines on a network. PCs running Windows Vista software, or later versions of Microsoft’s operating system, come equipped with the technology, as do HP printers since 2008.
Many makers of closed-circuit television cameras, or CCTV cameras, use the protocol to allow them easily to establish connections on customers’ networks. Chinese manufacturers Hikvision and Dahua, and Brazil’s Intelbras, are among the makers of camera models vulnerable to exploitation, Seaman says.
When the devices, intended to remain on local area networks, become exposed to the public Internet, perhaps unintentionally through misconfigurations, that’s when problems arise. Hackers can send signals to vulnerable devices, provoking outsized responses, and then redirect the resulting data at targets, overwhelming them.
Because most makers of these security cameras have no way to update their products remotely, fixing the issue is complicated.

What’s so bad about the new attack

The new attack is troubling because it is unusually powerful and, moreover, it can tap the collective power of many exploitable devices.
In this case, one byte of inbound traffic, when routed to a vulnerable device, can generate 153 bytes of firepower directed toward a target of attackers’ choice. This “reflective” DDoS attack, so called because it reflects from a vulnerable device to another target, acts like a lever, amplifying small forces into far larger ones.
Compared to a list of other top DDoS methods published by US-CERT, a cybersecurity-focused subdivision of the U.S. Department of Homeland Security, this new method ranks fourth overall in relative strength.
Memcached,” the most powerful DDoS method known, can amplify the strength of attacks by tens of thousands. “NTP,” the No. 2 method, can multiply the force of attacks by more than 500. One of the most popular DDoS approaches, called “LDAP,” is weaker, magnifying attacks by about 50-times.
Scanning the Internet for devices vulnerable to “LDAP” hacking using Shadowserver, a search tool provided by a nonprofit security group of the same name, reveals nearly 15,000 devices ready for abuse. For WS-Discovery, the newly discovered attack method, more than 800,000 vulnerable devices appear to be open to abuse.
The size of that arsenal, plus the strength of the attack, worries security researchers. “What we’re really seeing here is that this has the potential to hit as hard, or harder [than LDAP attacks], but with a much larger pool” of vulnerable devices, Seaman says.
“That’s the point we’re trying to make here,” Seaman adds. “There’s a new kid on the block and you need to be aware of it because, chances are, it will be used against you in the near future.”
Hardik Modi, head of threat intelligence at NetScout, a cybersecurity firm that observed an early instance of the attack earlier this year, says his team has seen roughly 1,000 attacks using the method over the past three months. The issue “appears powerful and might yet grow legs,” he says.

What can be done about it

Perhaps the best way to fix this problem—not to mention, past, present, and future “botnet” threats—would be for device manufacturers to add an auto-update capability to their products. Then, as issues arise (as they inevitably do), companies can push out patches.
That’s not likely to happen anytime soon—and even if it does, there are still too many vulnerable devices already in circulation. Something else that could help: Manufacturers designing their products correctly, restricting devices’ responses to data packets originating only from trusted sources on local networks, rather than from anywhere online.
As word of this new kind of attack spreads, security-minded groups will likely look to persuade businesses and consumers in possession of vulnerable devices to update them (for the technically minded, that means blocking communications to “port 3702”). They may also recommend applying firewalls, or removing devices from the public Internet entirely. Ultimately, if the problem gets out of hand, Internet Service Providers could be drawn in, blocking suspicious traffic.
Seaman already sees hackers developing and posting tools related to the attack online. Because of that, he says you can expect an uptick in these kinds of attacks soon.
“Once open source tools pop up, that means even not very technical users can begin to build their lists of vulnerable boxes and leverage them for attacks,” he says.
* More Details Here
submitted by acerod1 to Business_Analyst [link] [comments]

2019.01.06 23:30 Alexinhow Il Modem di Tiscali (e probabilmente anche quelli di altri gestori) fornito con la gigabit (Genew HG326AC) è vulnerabile a una seria falla di sicurezza

Non sapendo dove scrivere ma volendo diffondere questa scoperta vista l'assenza di una qualsiasi fonte italiana sul web ho deciso di scrivere su questo subreddit
Qualche mese fa, smanettando tra le impostazioni del mio router visto il felice arrivo della Gigabit in terra sarda, notai tra le porte aperte nel NAT delle strane entrate chiamate "galletta silenciosa". Abbastanza insospettito, feci delle ricerche su internet che al tempo portarono praticamente al nulla. Queste porte puntavano vari dispositivi connessi alla mia rete, aprendo le porte utilizzate da SMB, un protocollo di condivisione di Windows. Al tempo non gli diedi tanto peso, essendo un qualcosa di già riscontrato (anche se minimamente) da altri utenti; le rimossi dalle porte aperte e dimenticai tutto.
Torniamo ad oggi: apro la pagina del router per impostare alcune cose e chi trovo? Ma ovviamente galletta silenciosa che mi apriva le medesime porte. Con una piccola differenza: adesso questo tipo di attacco (UPnProxy) è ben documentato come una clamorosa falla del sistema UPnP, utilizzato appositamente per aprire su richiesta esterna o interna le porte del router.
Questi sono i link in inglese che sicuramente riusciranno a darvi un insight più preciso e veritiero di un thread su reddit di un 18enne: LINK1 LINK2
A conti fatti (e a prescindere dal vostro operatore considerando la scarsa qualità di tutti i router forniti dalle aziende italiane) vi consiglio vivamente di controllare le porte aperte sui vostri router, rimuovendo eventuali porte aperte illecitamente e SOPRATTUTTO disabilitando l'UPnP, consiglio ormai ripetuto all'infinità fin da quando giocavo a pinball su XP.
Spero quantomeno di alzare un po di "cybersecurity awareness" vista la scarsa importanza data dai gestori italiani alla nostra sicurezza online, grazie ai pessimi e obsoleti router che ci vengono (forzatamente) appioppati.
submitted by Alexinhow to italy [link] [comments]

2018.09.25 09:55 LueLinks402 Rank your top 10 LOONA songs

Thank you everyone for participating!

*How this list was made: I created a spreadsheet to compile all of your rankings together. I assigned 10 points to #1 ranked songs, 9 points to #2, 8 points to #3, etc. For those who said their top 10 was not in any particular order, I assigned 5 points to each song. I also counted the following versions of songs as just one song to simplify things: ViViD/ViViD Acoustic ver., Girl/ODD Front, Everyday I Love/Need You, The Carol 1.0/2.0, and My Sunday/My Melody. So without further ado...

Here is your Official LOONA Top 10!

(# = total points received)
  1. Eclipse (155)
  2. Hi High (142)
  3. New (129)
  4. Egoist (122)
  5. Girl/ODD Front (117)
  6. Heart Attack (99)
  7. Stylish (92)
  8. Sweet Crazy Love (91)
  9. Uncover (85)
  10. Let Me In (77)
Honorable Mention: Love Cherry Motion (68), Singing in the Rain (67)
If you haven't participated yet, feel free to post your rankings now and I'll keep updating the list as needed!
Some other interesting data:
-This list was created based on the answers of 38 participants (so far).
-Eclipse was included in 23/38 lists, making it not only the #1 song in total points, but also the #1 song that appeared on individual top 10 lists regardless of rank.
-Of all the songs in the top 10, Egoist had the highest average point score of 6.778. It was included in 18/38 lists and was ranked #4 on average. Coincidentally that is exactly where it landed on the overall top 10!
-After the honorable mentions of LCM and SitR which would rank as #11 and #12, the next 4 songs are all extremely close: Heat (54), See Saw (51), Rosy (50), and love4eva (50). Heat, See Saw, and love4eva were each included in 10/38 lists, while Rosy was only in 7/38 lists. However, Rosy earned its points by having the highest average score/rank of ANY song that showed up on a top 10 list (with the exception of Starlight which only appeared on 2 lists, so I am excluding it due to small sample size). Of those 7 people who had Rosy on their list, 4 of you ranked it in your top 3 songs.
-I saved the best for last: If we exclude the subunit intros and alternate versions of songs, that leaves us with 43 unique LOONA songs. And guess what? 43/43 songs were included on at least one person's top 10 list!! Even better, all but one song were included in at least 2 people's list!! The fact that every single song in LOONA's discography is worthy of being in someone's top 10 favorites is AMAZING. Stan LOONA.
submitted by LueLinks402 to LOONA [link] [comments]

2017.04.01 23:37 pflurklurk More Conversation about Funds - Part 2 of the Q&A

By now you’ve read the first question and answer session but still want to know more.
Yes, I’ve done some research, I want to buy some funds, but…how exactly do I find what I’m looking for?
Unfortunately there isn’t a free, easy searchable list of all funds.
There are literally thousands of funds available for sale in the UK: - and you aren’t limited to buying just those!
There are companies that can help though, who offer easier interfaces.
A large provider of funds might also have an easy searchable list on their own website, or your broker might be helpful in helping you track one down.
Doesn’t everything you can invest in have its own serial number?
If you’re referring to ISINs - International Securities Identification Numbers - then, mostly yes, but you still need to know what you want in advance!
What if I want to buy something that isn’t based in the UK?
First, you need to see if you or your broker can actually get it.
Then, it’s just a matter of placing an order.
What should I look for then? They won’t be called the same things, right?
Of course. If you’re buying in the EU, you might see things called SICAVs - that is ICVC translated into Romance languages.
You read the first FAQ right?
Romance languages?
An Indo-European language family that evolved from Vulgar Latin in the 6th to 9th centuries.
Right. So, ICVCs in Europe pretty much the same as the UK. What about the US?
A mutual fund is one registered with the Securities and Exchange Commission.
They even have their own Q&A about funds.
Ok, I’ve found a fund I want to invest in. Now what?
You should look at the documentation that a fund provides - if it’s reputable and regulated by a competent authority, then it should provide at least something tell you about it.
If you’re a retail investor in the UK, this is where UCITS and NURS comes into play.
Just kidding. I have the fund documents now - what’s the difference between all of them?
It depends on what fund you are buying.
The FCA has specific rules about what information needs to be provided to each type of client. As a retail client, that means quite a lot of information in as simplified form as is reasonably possible.
The things you’ll most often encounter are:
If you invest in a UCITS the fund itself must by law (in the UCITS regulations) provide a KIID or a simplified prospectus, under the FCA handbook: -
Both a KIID and a Prospectus are supposed to give information in a standardised format so you can compare them with other UCITS funds.
A factsheet, on the other hand, is up to the fund itself - it has to be clear though, but is up to the fund manager how they want to present it.
So, what’s the difference between a prospectus and a factsheet
A prospectus is usually prepared on the company - ICVC level. It is quite complicated and the same for, say, a prospectus for an IPO. Only losers like me read these in full - and the unfortunate trainee lawyers who have to draft them.
For example, here’s sub-favourite Vanguard Lifestrategy Funds ICVC’s full prospectus - 79 pages long. It will tell you things such as all about the legal incorporation of the company, depositary, securities lending policies, etc. etc.
The factsheet for one of the sub-funds (e.g. Lifestrategy 100) is only 2 pages long - and is updated much more frequently, because it contains details about the size of the fund, what it’s invested in, the ISIN and other identifiers, etc.
You probably want to look at the factsheet more than the prospectus!
What about the KIID?
This is another regulatory document you need to read in conjunction with the factsheet - it contains, in no more than two pages:
You should always look at the KIID for a UCITS, as well as the factsheet - you can tell it’s regulatory because it’s in black and white.
I see this 1-7 risk scale on a KIID quite a lot - are they all the same?
In theory yes - the 1-7 risk scale is technically called the “Synthetic Risk and Reward Indicator” - and its calculation is prescribed by the European Securities and Markets Authority.
It is developed by the Committee of European Securities Regulators and is based on the volatility of the fund, specifically:
The SRRI should be based on the volatility of the returns (past performances) of the fund; these shall be the weekly past returns of the fund or, if this is not possible because of the limited NAV calculation frequency, the monthly returns of the fund.
In the cases where there is no past performance (or limited), it is based on benchmarks and models approved by regulators.
Can a fund ignore what it says in the KIID, like the investment objective?
In theory no - see q_pop’s answer:
Officially, no. Unofficially, the IA (formerly IMA) and regulators have been very slow to bite when funds break their objectives. The most serious "punishment" funds suffer is being kicked out from their preferred sector.
What about a NURS?
They don’t have to provide a KIID, but they still usually have to provide something called a NURS-KII: which is basically the same but with a bit more flexibility (to reflect the fact they can invest in more complex things than UCITS).
And a QIS?
Now you’re playing with the big boys and you don’t get as much (or any) handholding - you’ll still get a basic amount of critical information, but not much more. Good luck!
Don’t end up like these guys:
I heard something about the RDR and Clean Share Classes?
The Retail Distribution Review was an initiative by the Financial Conduct Authority to try and force greater transparency about charges - specifically how much brokers and advisers got in commissions from fees.
Before the RDR, some classes of shares in funds had a higher charges than others - and part of those charges went to the brokeadviser.
After the RDR, that was no longer allowed (essentially) - the annual management charge was “unbundled”. That is a “clean share class”.
These days you’ll invariably end up buying the “unbundled”/“clean” share class.
I’ve chosen my fund, but how does it work, exactly, when I buy?
Exactly depends on what fund you’ve bought and how you bought it.
If you tell your broker to get you a share of something that’s exchange traded, they will go out and try and find someone who is selling it for the price you set or better (a limit order) - friends don’t let friends place market orders - if someone is willing to make that exchange, then all you have to do is wait for the trade to be settled (your ownership is official at that point) and there you go.
Wait, what’s settled?
I thought you only wanted to know about funds - settlement is about exchanging the consideration involved in a transaction, or to fulfil contractual obligations.
Ok, carry on
If you are buying a normal ICVC, then if you bought it from your broker, it depends whether they’ve already bought a load of shares in the ICVC and are reselling them to you, or whether they need to go and place your order with the company.
In any case, eventually your money reaches the fund.
They decide to quote you a price - which we covered in the first question and answer session.
If you’re happy with that, then now you have a share (or fractional share) in the fund and the fund managers have your money.
Their own investment criteria means they have to do something with that cash. They are just like any other company: they will use their own brokers to buy and sell fund assets in the name of the fund.
That’s it?
That is basically it - but many funds will employ other strategies to measure and control risks, cut costs or try and make money to hit their targets by lending out securities.
What do you mean lending out securities?
Many funds engage in what’s called securities lending. You may have heard of shorting - where investors borrow assets to sell hoping the price drops so they can buy them back, as they have to give them back eventually.
Where do these assets come from? Big funds with lots of assets that just sit there. Vanguard and Blackrock, two of the biggest fund managers in the world, own 12% of the US stock market.
Most funds do it - yes, even sub-favourite Vanguard - and you can find their policy in the prospectus you didn’t read.
Isn’t that risky?
It’s risky in that there is non-zero risk, yes. However, counterparts need to put up collateral, in even in the last financial crisis where Lehman defaulted, most funds were able to liquidate the collateral and repurchase the missing securities themselves without any cost to them.
Here’s Blackrock’s take on the matter:
Of course, they might be a bit biased as they make money off it - or these days, do it to push down the OCF on funds to attract new money.
What about controlling risks?
As there’s all sorts of things a fund can invest in, there are also all sorts of risks out there that a fund, or its investors, might not want to get take on board when making their investment.
There is usually a whole department at any financial institution which manages internal risk - whether that’s counterparty risk, compliance risk, operational risk etc.
We’re going to talk about risks in the portfolio rather than all of those.
How you manage your risk depends on what you are investing in and what risks you want to hedge out.
For instance:
Really you’re switching out something uncertain for something fixed (maybe it’s for your internal profit models) - and paying for that.
Sometimes you want to swap out something fixed for something uncertain!
To do this, you use derivatives.
Derivatives - they are instruments whose value is derived from another asset.
Without going into too much detail, legally they are structured as contracts (usually from a large template such as the ISDA Master Agreement) and you are just betting between parties (called the counterparts).
You may have encountered them:
are all types of derivative.
You can pretty much invent any bet or insurance you want and it can be turned into a derivative. You can even make derivatives based on other derivatives.
All you need is someone willing to take the other side of that bet - that’s why people who come up with the prices and accurately model how they’ll behave if x,y,z happens, get paid the big bucks (quants).
So if something is in a different currency, it’s using derivatives?
No - but you can use derivatives if you want to limit the impact on performance of the fund due to foreign exchange movements: we call those “hedged” funds.
Wait, so a hedge fund is just a fund that uses derivatives?
No - a hedge fund is something different!
A hedged fund, is one where something, usually currency risk, is hedged.
Funds offer those to investors because some investors are concerned about the volatility of their currency when making international investments.
The underlying performance of the fund is what really matters - something that performs well doesn’t perform intrinsically differently because another currency was used to buy it, only that its purchasing power in the currency you want to use changed.
However, the trick is that when you want to come and liquidate the fund and use the money - after all, money is eventually meant to be exchanged for goods and services - you might be exposed to a currency fluctuation at that point: that’s volatility you might not want.
You can pay to remove that volatility by hedging - either buying a fund that has a hedged share class (they will use derivatives to hedge the value of that share against the value of underlying fund assets), or you can hedge it yourself by buying your own derivative (like a currency option or forward).
If you are going to ask about exchange rate movements though, don’t bother, as they are banned on this sub.
So hedging is more about your risk tolerance - or speculation on currency, depending on your perspective.
What’s a hedge fund then?
A hedge fund is meant to hedge against the markets as a whole - they are supposed to offer returns uncorrelated with anything else in your portfolio.
The term has expanded now more to refer to any kind of unregulated pool of capital managed to make maximum returns however possible.
For instance, as well as investing in assets, they also make use of various strategies such as:
If you want to invest in these, you’ll need to have a lot of money, pretty much waive any consumer protection and pay a lot in fees.
You might be able to find a fund of hedge funds though, but trading costs and middleman fees are going to be expensive.
I found these funds called Feeder funds, for hedge funds and some property funds. What’s the point of them?
It’s part of a distribution system called Master-Feeder. It’s a way of structuring your fund to that you can access a large pool of funding, but have lower compliance and administration costs.
Individual investors invest with the feeder funds, so the master fund which is actually doing the investment only has to deal with a few “clients”.
You usually see them in hedge funds and property funds because it allows you to very easily segregate clients based on things like their domicile or investor type (e.g. one can be for foreign investors only, one can be for retail clients, one for large institutions) - you can place more tailored restrictions on each type of client because that’s handled on the feeder fund level.
For instance, you see it with property a lot because property is quite illiquid - and can’t be held in a UCITS fund.
So, instead of a fund having to hold cash on hand at all times just in case people want to redeem, you can have your master fund allowing redemptions say, once a year, but your feeder funds allowing more frequent redemption. Your institutional clients might be happy with a less frequent redemption calendar, so they can go in a different fund - the master fund doesn’t have to deal with these problems and can put more of its assets to investment.
What about EIS/SEIS funds?
EIS (Enterprise Investment Scheme) and SEIS (Seed Enterprise Investment Scheme) are two tax-relief schemes.
When you invest in EIS/SEIS eligible companies, you get a certificate from that company in respect of your investment which you can then use on your Self Assessment to reduce either an income tax and/or capital gains tax bill.
So, when we talk about EIS/SEIS funds, the tax-treatment applies to the individual companies those funds invest in. The fund invests its money, then arranges for EIS/SEIS certificates to be issued to its shareholders, who then claim the tax treatment.
And VCT?
A VCT - Venture Capital Trust - is a closed-ended fund, like a normal investment trust.
They must be publicly listed - they then invest in unlisted companies. The fund prospectus and factsheets will tell you what kind of companies they invest in.
So, it’s the same as buying a share on an exchange for your portfolio.
It’s just that investments into these shares also qualify for tax relief via Self Assessment again.
What about SITR funds?
Social Investment Tax Relief funds work in the same way as EIS/SEIS funds at the moment. You join the fund, the fund invests, you get the certificate.
Ok. I think I get it a bit more - but I can’t buy the fund into my ISA or SIPP, but I can normally: what gives?
ISAs and SIPPs have legal rules about what type of investments you can put into them. For instance, QIS funds can’t be put in an ISA.
The more exotic, the less likely it can go into an ISA. SIPPs have broader rules but there are still rules.
Check with your broker - what’s legally permitted might not be permitted by your broker, as a broker must manage an ISA and pensions need a trustee (and you generally won’t be your own pension trustee unless you really, really want to).
Pension trustee?
That’s for someone else’s FAQ!
Happy Investing!
submitted by pflurklurk to UKPersonalFinance [link] [comments]

2016.10.28 21:15 KrishaCZ Ethernet not working, WiFi just fine

So last week, my sister's puppy bit the wire going from the antenna to the router. We had it fixed yesterday but since then, my PC has been acting weird. It sitrs right under the router had it's the only device in our house connected to it via a wire, all others are wireless. However, only my PC has been experiencing horrendous spikes in data transfer. The graph in task manager looks more like a plain with occasional mountain ranges.
Dad, who is a technician, said he doesn't know what is causing it. Does anybody here know? Could it just be a faulty wire?
submitted by KrishaCZ to techsupport [link] [comments]