Welcome to NexusFi: the best trading community on the planet, with over 150,000 members Sign Up Now for Free
Genuine reviews from real traders, not fake reviews from stealth vendors
Quality education from leading professional traders
We are a friendly, helpful, and positive community
We do not tolerate rude behavior, trolling, or vendors advertising in posts
We are here to help, just let us know what you need
You'll need to register in order to view the content of the threads and start contributing to our community. It's free for basic access, or support us by becoming an Elite Member -- see if you qualify for a discount below.
-- Big Mike, Site Administrator
(If you already have an account, login at the top of the page)
Finally, in what may be the pinnacle fo practicality over stupidity, Germans are particularly focused on safes because they prefer cash to plastic. “Only cash is real,” goes an old saying.
Well, yes, until it is confiscated as sad Harvard economists have been urging in recent months.
Unlike their more "hip" Scandinavian peers, roughly 80% of German retail transactions are in cash, almost double the 46% rate of cash use in the U.S., according to a 2014 Bundesbank survey. Germans also keep more cash in their wallets and visit ATMs more often, withdrawing on average $256 at a time, the study found. Americans withdraw $103 on average.
Germany’s love of cash is driven largely by its anonymity. One legacy of the Nazis and East Germany’s Stasi secret police is a fear of government snooping, and many Germans are spooked by proposals of banning cash transactions that exceed €5,000. Many Germans think the ECB’s plan to phase out the €500 bill is only the beginning of getting rid of cash altogether.
And they are absolutely right; we can only wish more Americans showed the same foresight as the ordinary German.
Meanwhile, the WSJ concludes, Ms. Metzger is a member of an activist group demanding the existence of cash be guaranteed in Germany’s constitution. "I don’t want to become completely transparent,” she says.”I don’t want everyone to know whether I buy chocolate, strawberries or mangoes at the store.”
The Truth Emerges: EIA Admits It "Overestimated" Crude, Gasoline Demand In The First Half By 16%
by Tyler Durden
Aug 31, 2016 11:21 AM
One of the recurring peculiarities of oil complex data as reported by the EIA was how, during a time of an unprecedented crude glut by OPEC and pronounced economic weakness in the US, was overall US demand of various petrochemical products as strong as the DOE reported on a weekly basis. To be sure, the alleged increase in demand was one of the major catalysts that prompted rising oil prices together with relentless jawboning by OPEC members about a "production freeze" that would never materialize, in turn spurring not one but two record short squeeze across the commodity complex.
We now know the answer.
In a note released moments ago by the EIA, whose bias to keeping prices as high as possible is no secret, admitted that "over the first six months of 2016, EIA weekly estimates underestimated total crude oil, petroleum, and biofuel exports by an average of 16%, compared with final data published in the PSM."
graph of monthly total crude oil, petroleum products, and biofuels exports, as explained in the article text
This underestimation of exports "led to the overestimation of total consumption" by a similar amount. The new methodology using near-real-time data from Customs significantly reduces the difference between weekly estimates and the actual data for total exports shown in the PSM during the first half of 2016.
So time to fix the mistake then, and as a result, the EIA said that starting with today's release of the Weekly Petroleum Status Report (WPSR), EIA is now publishing weekly petroleum export and consumption estimates based on near-real-time export data provided by U.S. Customs and Border Protection (Customs). EIA previously relied on weekly export estimates based on monthly official export data published by the U.S. Census Bureau roughly six weeks following the end of each reporting month. This new methodology is expected to improve weekly estimates of petroleum consumption (measured as product supplied) by improving estimates of weekly exports of crude oil, petroleum products, and biofuels, which increased from 1 million barrels per day (b/d) in 2004 to nearly 5 million b/d in 2015.
DEUTSCHE FEARS: There was continuing unease in Europe over the health of Deutsche Bank after the German magazine Focus said Deutsche Bank said the bank won't get a government bailout if it asks for one. Focus said the German government also won't help Deutsche Bank by intervening with U.S. officials who want it to pay $14 billion to end an investigation into its sale of mortgage-backed securities. Deutsche shares were down a further 3 percent on Tuesday.
THE QUOTE: "There is a distinct probability the bank may well have to raise extra capital and, given current circumstances, who in their right minds would look to do that?" said Michael Hewson, chief market analyst at CMC Markets.
From my brief reading a number of devices are currently hijacked, mainly routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords and websites using Wordpress. They get in through default passwords (or hardware passwords - didn't see how you fix this .Futher down is an F-secure online router checker.
I hope it helps
-----------
The Mirai malware is a DDoS Trojan and targets Linux systems and, in particular, IoT devices. A botnet formed using the malware was used to blast junk traffic at the website of security researcher Brian Krebs last month in one of the largest such attacks ever recorded.
The powerful zombie network that spawned a 620Gbps DDoS was created by relying on factory default or hard-coded usernames and passwords to compromise embedded devices. The availability of the Mirai source code makes it much easier for other hackers to take advantage of insecure routers, IP cameras, digital video recorders and other IoT devices to launch similar attacks.“If all it took to create biggest recorded DDoS attack in history was a telnet scanner and 36 weak credentials the net has a huge IoT problem
----- https://www.google.ca/url?q=www.theregister.co.uk/2016/10/03/iot_botnet/&sa=U&ved=0ahUKEwjkocPF9cPPAhUi2oMKHShHC70QqQIIITAA&usg=AFQjCNEbzPZb9skv6TB81E4Iz7o4zktmcA
----------
The source code that powers the “Internet of Things” (IoT) botnet responsible for launching the historically large distributed denial-of-service (DDoS) attack against KrebsOnSecurity last month has been publicly released, virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices.
The leak of the source code was announced Friday on the English-language hacking community Hackforums. The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords.
Vulnerable devices are then seeded with malicious software that turns them into “bots,” forcing them to report to a central control server that can be used as a staging ground for launching powerful DDoS attacks designed to knock Web sites offline.
The Hackforums user who released the code, using the nickname “Anna-senpai,” told forum members the source code was being released in response to increased scrutiny from the security industry.
“When I first go in DDoS industry, I wasn’t planning on staying in it long,” Anna-senpai wrote. “I made my money, there’s lots of eyes looking at IOT now, so it’s time to GTFO [link added]. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.”
Sources tell KrebsOnSecurity that Mirai is one of at least two malware families that are currently being used to quickly assemble very large IoT-based DDoS armies. The other dominant strain of IoT malware, dubbed “Bashlight,” functions similarly to Mirai in that it also infects systems via default usernames and passwords on IoT devices.
According to research from security firm Level3 Communications, the Bashlight botnet currently is responsible for enslaving nearly a million IoT devices and is in direct competition with botnets based on Mirai.
“Both [are] going after the same IoT device exposure and, in a lot of cases, the same devices,” said Dale Drew, Level3’s chief security officer.
Infected systems can be cleaned up by simply rebooting them — thus wiping the malicious code from memory. But experts say there is so much constant scanning going on for vulnerable systems that vulnerable IoT devices can be re-infected within minutes of a reboot. Only changing the default password protects them from rapidly being reinfected on reboot.
My guess is that (if it’s not already happening) there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth. On the bright side, if that happens it may help to lessen the number of vulnerable systems.
On the not-so-cheerful side, there are plenty of new, default-insecure IoT devices being plugged into the Internet each day. Gartner Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected each day, Gartner estimates.
-----------
We recently shared a post on a CCTV-based botnet used to initiate large-scale application-level DDoS attacks against websites. We also shared insights into how unsuspecting WordPress sites can form a malicious botnet to perform DDoS attacks via the XMLRPC feature. In both cases, attackers gain enough computing and networking power to send more requests than victim sites can handle. This forces the victim to add more computing and networking power to fight off attacks, which is highly unrealistic for most website owners.
Routers being targeted by attackers is nothing new. Over the years there has been a lot of discussion in the community over the inherent risks they introduce to networks, along with other “plug-and-forget” devices (ex. WAPs, modems). Most notably, routers have been used for things like DNS hijacking, distribution of malware, and even vigilante malware (e.g., Linux.Wifatch).
Huawei Routers
The largest number of routers being exploited came from Huawei-based routers. They varied between versions: HG8245H, HG658d, HG531, etc.
We identified at least 6,015 compromised devices (51%). It’s difficult to know exactly how they were exploited, but a good place to start is with the brand’s security advisory page. RouterOS Devices
Mikro RouterOS was the second most popular router behind this attack with 2,119 devices (18%).
AirOS Routers
Third place goes to AirOS, a Ubiquiti Networks device with 245 home routers.
These were not the only routers being used. The rest were distributed across a number of different providers including NuCom 11N Wireless Routers, Dell SonicWalls, VodaFone, Netgear, and Cisco-IOS routers.
If you want to check if your router is compromised, F-Secure has a great online scanner that remotely checks for any external issues. While it won’t address all issues, it will look for things like potential DNS-hijacking.
---------
s I noted in a November 2015 story, The Lingering Mess from Default Insecurity, one basic step that many ISPs can but are not taking to blunt these attacks involves a network security standard that was developed and released more than a dozen years ago. Known as BCP38, its use prevents insecure resources on an ISPs network (hacked servers, computers, routers, DVRs, etc.) from being leveraged in such powerful denial-of-service attacks.
Using a technique called traffic amplification and reflection, the attacker can reflect his traffic from one or more third-party machines toward the intended target. In this type of assault, the attacker sends a message to a third party, while spoofing the Internet address of the victim. When the third party replies to the message, the reply is sent to the victim — and the reply is much larger than the original message, thereby amplifying the size of the attack.
BCP38 is designed to filter such spoofed traffic, so that it never even traverses the network of an ISP that’s adopted the anti-spoofing measures. However, there are non-trivial economic reasons that many ISPs fail to adopt this best practice. This blog post from the Internet Society does a good job of explaining why many ISPs ultimately decide not to implement BCP38.
A research experiment by the Center for Applied Internet Data Analysis (CAIDA) called the “Spoofer Project” is slowly collecting this data, but it relies on users voluntarily running CAIDA’s software client to gather that intel. Unfortunately, a huge percentage of the networks that allow spoofing are hosting providers that offer extremely low-cost, virtual private servers (VPS). And these companies will never voluntarily run CAIDA’s spoof-testing tools.
On the economic and market side of the equation, the source of risks has shifted. Since the 2008 financial panic, banks are more highly regulated, hold more capital, and do less proprietary trading. Does this mean financial risks are lower? Probably not. Risks have just been shifted to the non-bank sector. The risks in the asset management and Exchange-Traded Funds (ETF) sector revolve around liquidity. As asset managers and their investors have gone on a major search for yield, they have been driven by central bank policies into much less liquid portfolios. If there is any event which causes investors to become even a little more cautious, the run for the narrow door could easily spiral into a liquidity crisis resulting in considerable market volatility. Timing is everything, though, and while the probability of volatility-inducing events is certainly rising, timing is quite uncertain.
