Day: November 3, 2016

Hackers hijack a Philips Hue lights with a drone

Surprise! The Internet of Things is a security nightmare. Anyone who was online a few weeks ago can attest to that. The massive internet blackout was caused by connected devices , and new research from white-hat hackers expounds upon those types of vulnerabilities. The target? Philips Hue smart lightbulbs. While they’ve been hacked in the past , Philips was quick to point out that it happening in a real-world situation would be pretty difficult. Digital intruders would need to already be on your home network with a computer of their own — the company claimed that directly attacking the lightbulbs wasn’t exactly feasible. But this new attack doesn’t require that sort of access. In fact, all it takes is tricking the bulbs into accepting a nefarious firmware update. By exploiting a weakness in the Touchlink aspect of the ZigBee Light Link system ( again! ), the hackers were able to bypass the built-in safeguards against remote access. From there, they “extracted the global AES-CCM key” that the manufacturer uses to encrypt and authenticate new firmware, the researchers write (PDF). “The malicious firmware can disable additional downloads, and thus any effect caused by the worm, blackout, constant flickering, etc.) will be permanent.” What’s more, the attack is a worm, and can jump from connected device to connected device through the air. It could potentially knock out an entire city with just one infected bulb at the root “within minutes.” “There is no other method of reprogramming these devices without full disassemble (which is not feasible). Any old stock would also need to be recalled, as any devices with vulnerable firmware can be infected as soon as the power is applied.” The result is that the hackers were able to turn lights on and off both from a van driving by a house and a drone flying outside an office building. For the home, the team was 70 meters (229.7 feet) away and caused lights to go on and off individually. The office building houses a few security companies including Oracle, and was hacked from 350 meters (1, 148 feet; about a quarter of a mile), and once under control, the lights started signaling “S.O.S.” in Morse code. “We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates.” Not terrifying at all, right? The researchers say that they’ve contacted Philips and included all the details needed for a fix. Philips has confirmed the weaknesses and issued firmware updates to hopefully guard against this ever happening. Via: New York Times Source: Eyalro (1) , (2) (PDF)

See the article here:
Hackers hijack a Philips Hue lights with a drone

Vimeo is working on a subscription streaming service

Vimeo plans to start a new Netflix-type streaming service and develop its own content, but its won’t spend Netflix dollars. Rather, the site (owned by Barry Diller’s IAC) will help its creator community develop original content and supplement it with licensed programming. “Vimeo has the once-in-a-generation opportunity to, following in Netflix’s footsteps, deliver compelling subscription viewing experiences for consumers in the market for pay TV, ” CEO Joey Levin said in a shareholder letter Levin didn’t give any specifics, but said that Vimeo will experiment with proprietary subscription services. To get the required content, the company will lean on its pro subscribers, who are often emerging filmmakers, directors and producers. He points out that High Maintenance , for instance, aired for two seasons on Vimeo before HBO picked it up, and that three of four Oscar-nominated shorts come from Vimeo directors. The site already offers video streaming services via its On Demand service, with content from independent producers and major studios like Lionsgate . However, users must purchase videos à la carte , whereas the new streaming service would be on a subscription basis. We will supplement our creators with original and licensed programming, and can fill out a robust slate of programming for tens of millions, not billions, of dollars. “[We] can fill out a robust slate of programming for tens of millions, not billions of dollars, ” Levin said. Noting that the site has 240 million monthly viewers “with a strong propensity to spend, ” he adds that “if we can convert just a small portion of our audience, we have a very large business.” Levin acknowledges that Vimeo is in tough against established sites like Netflix, Amazon and Hulu, and notes that the site is still losing money. But he said that profitability is not the near-term goal, and that the service has a unique niche. “It’s the combination of both the tools and the audience in one platform — a one-stop shop for creators to bypass the entire existing media infrastructure, ” he said. Of course, Barry Diller tried to beat the existing broadcast infrastructure with Aereo, and that didn’t work out so well. Via: Variety Source: Vimeo (shareholder letter)

See more here:
Vimeo is working on a subscription streaming service

Hacker sentenced to 29 months in devious Photobucket image plot

Enlarge (credit: Bill Hinton via Getty Images) A 41-year-old Colorado hacker was sentenced Tuesday to 29 months in prison for selling code enabling blackmailers and others to scan Photobucket’s 10 billion images. Some of those images are of nude Photobucket customers who thought their content was stored privately. Photobucket is an image and video hosting service with as many as 100 million users who keep their content in either public or private accounts. The company is headquartered in Denver. “I don’t think you really understand what you did to other people,” US District Judge Wiley Y Daniel said before sentencing defendant Brandon Bourret. “You reveled in what you did.” Read 5 remaining paragraphs | Comments

Read this article:
Hacker sentenced to 29 months in devious Photobucket image plot

Dell takes on Surface Studio with its dual-screen Smart Desk concept – it even has a dial

 Microsoft impressed a lot of people last week with its announcement of the Surface Studio, a desktop-tablet hybrid with a clever and elegant dial interface. Apparently Dell has been thinking along the same lines, because they just teased something very, very similar — right down to the dial. Read More

Excerpt from:
Dell takes on Surface Studio with its dual-screen Smart Desk concept – it even has a dial