Tag: advertising

Pwnd Aethra Routers Used To Brute-Force WordPress Sites

An anonymous reader writes: Security researchers found around 8, 000 Aethra routers (with no admin passwords) as part of a botnet that attacked WordPress sites, trying to brute-force admin accounts. Most routers were deployed in enterprise networks in Italy. Each device could have be used to launch DDoS attacks with a capability between 1 to 10 Gbps for each device, based on the company’s bandwidth. Things could be worse, though: Additional investigation also revealed that some of the routers were also susceptible to various reflected XSS and CSRF attacks that would also allow attackers to take control of the device, even if using different login credentials. Using Shodan, a search engine for locating Internet-connected devices, researchers found over 12, 000 of Aethra routers around the world, 10, 866 in Italy alone, and over 8, 000 of these devices were of the model detected in the initial brute-force attack (Aethra Telecommunications PBX series). At that time, 70% of these Aethra routers were still using their default login credentials Read more of this story at Slashdot.

Read the article:
Pwnd Aethra Routers Used To Brute-Force WordPress Sites

Analyzing the US Air Force’s New "Portable Hobby Drone Disruptors" Solicitation

Lauren Weinstein writes: The U.S. Air Force has just issued a solicitation for a radio-based ‘Portable Anti Drone Defense’ system — essentially a remote drone disruption device that can be easily used by someone familiar with — well — shooting guns. The Air Force wants three units to start with. Delivery required 30 days after awarding of the contract. It does indeed make for interesting reading, and I thought it might be instructive to dig into the technical details a bit … Read more of this story at Slashdot.

Visit site:
Analyzing the US Air Force’s New "Portable Hobby Drone Disruptors" Solicitation

Google Joins Mozilla, Microsoft In Pushing For Early SHA-1 Crypto Cutoff

itwbennett writes: Due to recent research showing that SHA-1 is weaker than previously believed, Mozilla, Microsoft and now Google are all considering bringing the deadline forward by six months to July 1, 2016. Websites like Facebook and those protected by CloudFlare have implemented a SHA-1 fallback mechanism. Both companies have argued that there are millions of people in developing countries that still use browsers and operating systems that do not support SHA-2, the replacement function for SHA-1, and will therefore be cut off from encrypted websites that move to SHA-2 certificates. Read more of this story at Slashdot.

Read More:
Google Joins Mozilla, Microsoft In Pushing For Early SHA-1 Crypto Cutoff

Juniper’s Backdoor Password Disclosed, Likely Added In Late 2013

itwbennett writes: In a blog post on Rapid7’s community portal Sunday, HD Moore posted some notes on the Juniper ScreenOS incident, notably that his team discovered the backdoor password that enables the Telnet and SSH bypass. Quoting: “Although most folks are more familiar with x86 than ARM, the ARM binaries are significantly easier to compare due to minimal changes in the compiler output. … Once the binary is loaded, it helps to identify and tag common functions. Searching for the text “strcmp” finds a static string that is referenced in the sub_ED7D94 function. Looking at the strings output, we can see some interesting string references, including auth_admin_ssh_special and auth_admin_internal. … The argument to the strcmp call is

Continue Reading:
Juniper’s Backdoor Password Disclosed, Likely Added In Late 2013

Facebook Replaces Flash With HTML5 For Videos

An anonymous reader writes: Facebook announced that it officially replaced Flash with HTML5 for its video player. They made the change because of security reasons, but developers also found it easier to work with — it led to quicker turnarounds for site-wide changes, and had better integration with code testing platforms. Facebook reports that user engagement has gone up since the switch was made. Read more of this story at Slashdot.

More here:
Facebook Replaces Flash With HTML5 For Videos

Femto Fairy Lights – Touchable Holograms

mikejuk writes with this story about a Japanese team working on creating touchable holograms. I Programmer reports: “One method of creating a volumetric, i.e. true 3D, display, is to use a high power laser and focus it on a small spot in space. The air in that spot will be heated to the point where it ionizes and glows with a bright blue light. Scan the laser really fast and you can make a full 3D arrangement of glowing points of light — not exactly a hologram but as good as. Of course, the big problem is that you have a lot of energy being focused on small areas and human interaction could be a problem. You might well get burned by the laser if you attempted to touch or interact with the display. The solution is to use a really fast laser, a femtosecond laser, that heats a small spot to a high temperature but only for a very short time. This is much safer because the total energy involved is smaller. This is the reason you can touch sparks without getting burned.” Read more of this story at Slashdot.

More:
Femto Fairy Lights – Touchable Holograms

Wine 1.8 Released

An anonymous reader writes: Wine 1.8.0 is now the latest stable release of Wine Is Not An Emulator and available from WineHQ.org. Wine 1.8 features include support for DirectWrite, Direct2D support, very limited Direct3D 11 support, simple application support of DIrect3D 10, support for process jobs, 64-bit architecture support on OS X, networking updates, and over 13, 000 other individual changes. Read more of this story at Slashdot.

View article:
Wine 1.8 Released

LifeLock Agrees To Pay $100 Million Fine In Settlement With FTC

New submitter dasgoober writes: Lifelock has agreed to pay $100 million to settle charges that it failed to properly protect user data, the F.T.C. announced on Thursday. This is the second settlement between the company and federal authorities. In 2010, the F.T.C. charged the company with failing to provide strong security measures for personal data. “This settlement demonstrates the Commission’s commitment to enforcing the orders it has in place against companies, including orders requiring reasonable security for consumer data, ” F.T.C .Chairwoman Edith Ramirez said in a statement. “The fact that consumers paid Lifelock for help in protecting their sensitive personal information makes the charges in this case particularly troubling.” Read more of this story at Slashdot.

Excerpt from:
LifeLock Agrees To Pay $100 Million Fine In Settlement With FTC

‘Unauthorized Code’ In Juniper Firewalls Could Decrypt VPN Traffic

m2pc writes: Ars Technica reports that Juniper Networks firewalls have been discovered to include “unauthorized code” inserted into their ScreenOS software. Juniper has has published an advisory addressing the matter, with instructions to patch the affected devices. From the Ars article: “NetScreen firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected and require immediate patching. Release notes published by Juniper suggest the earliest vulnerable versions date back to at least 2012 and possibly earlier. … The first flaw allows unauthorized remote administrative access to an affected device over SSH or telnet. Exploits can lead to complete compromise. ‘The second issue may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic, ‘ the advisory said.” The rogue code was discovered during a recent internal source code review conducted by Juniper. Read more of this story at Slashdot.

View original post here:
‘Unauthorized Code’ In Juniper Firewalls Could Decrypt VPN Traffic

iPhone Hacker Geohot Builds Self-Driving Car AI

An anonymous reader writes: George Hotz, known for unlocking early iPhones and the PlayStation 3, has developed an autonomous driving system in his garage. “Hotz’s approach isn’t simply a low-cost knockoff of existing autonomous vehicle technology. He says he’s come up with discoveries—most of which he refuses to disclose in detail—that improve how the AI software interprets data coming in from the cameras.” The article has a video with Hotz demonstrating some basic autonomous driving similar to what Tesla rolled out earlier this year. He’s clearly brimming with confidence about what the system can accomplish with more training. Read more of this story at Slashdot.

See more here:
iPhone Hacker Geohot Builds Self-Driving Car AI