Tag: digest-golf

New Linux worm targets routers, cameras, “Internet of things” devices

Wesley Fryer Researchers have discovered a Linux worm capable of infecting a wide range of home routers, set-top boxes, security cameras, and other consumer devices that are increasingly equipped with an Internet connection. Linux.Darlloz , as the worm has been dubbed, is now classified as a low-level threat, partly because its current version targets only devices that run on CPUs made by Intel, Symantec researcher Kaoru Hayashi wrote in a blog post published Wednesday . But with a minor modification, the malware could begin using variants that incorporate already available executable and linkable format (ELF) files that infect a much wider range of “Internet-of-things” devices, including those that run chips made by ARM and those that use the PPC, MIPS, and MIPSEL architectures. “Upon execution, the worm generates IP addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability,” Hayashi explained. “If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target. Currently, the worm seems to infect only Intel x86 systems, because the downloaded URL in the exploit code is hard-coded to the ELF binary for Intel architectures.” Read 4 remaining paragraphs | Comments        

More:
New Linux worm targets routers, cameras, “Internet of things” devices

Always-on voice search from your desktop: “Ok Google” comes to Google.com

Google Smartphones have changed the computing landscape quite a bit, and it often seems like desktop computers and laptops get left behind. “Always-on” voice search is going to completely change the way we interact with computers, but, until now, it has been strictly-mobile only. Today, Google released a Chrome extension that enables always-on voice search from a desktop. With the extension installed, voice search works just like it does on the Nexus 5. When Google.com is open, just say “Ok Google” and then your search term. This happens when you say “Ok Google” from the search results. Google The hotword even works when you’re already on a search page. You can just say “Ok Google” again and search for something else. It all feels like a step closer to the Star Trek future Google keeps promising us . Read 1 remaining paragraphs | Comments        

Original post:
Always-on voice search from your desktop: “Ok Google” comes to Google.com

Alleged Windows support scammer forfeits money earned by “fixing” PCs

Well, maybe this guy wasn’t quite as smart as Heisenberg. AMC A man accused of tricking PC users into thinking they had viruses and then offering to “fix” their perfectly fine computers has agreed to pay back every penny he allegedly received in the scam. Navin Pasari is a defendant in one of six complaints that the Federal Trade Commission filed in September 2012 against people and entities accused of leading Windows tech support scams.”According to the complaint against Pasari and his co-defendants, the defendants placed ads with Google, which appeared when consumers searched for their computer company’s tech support telephone number,” the FTC noted in an announcement today . “After getting consumers on the phone, the defendants’ telemarketers allegedly claimed they were affiliated with legitimate companies, including Dell, Microsoft, McAfee, and Norton, and told consumers they had detected malware that posed an imminent threat to their computers. The scammers then offered to rid the computer of the non-existent malware for fees ranging from $139 to $360.” Pasari did not admit wrongdoing but agreed to a proposed  final judgment and order  in which he will forfeit $14,369, “which is the amount of money Mr. Pasari received from the other Defendants,” the document states. The money is being held in escrow and will be transferred to the FTC, assuming the order is approved by a US District Court judge. Read 11 remaining paragraphs | Comments        

Visit link:
Alleged Windows support scammer forfeits money earned by “fixing” PCs

GitHub resets user passwords following rash of account hijack attacks

GitHub is experiencing an increase in user account hijackings that’s being fueled by a rash of automated login attempts from as many as 40,000 unique Internet addresses. The site for software development projects has already reset passwords for compromised accounts and banned frequently used weak passcodes, officials said in an advisory published Tuesday night . Out of an abundance of caution, site officials have also reset some accounts that were protected with stronger passwords. Accounts that were reset despite having stronger passwords showed login attempts from the same IP addresses involved in successful breaches of other GitHub accounts. “While we aggressively rate-limit login attempts and passwords are stored properly, this incident has involved the use of nearly 40K unique IP addresses,” Tuesday night’s advisory stated. “These addresses were used to slowly brute force weak passwords or passwords used on multiple sites. We are working on additional rate-limiting measures to address this. In addition, you will no longer be able to login to GitHub.com with commonly used weak passwords.” Read 3 remaining paragraphs | Comments        

See the article here:
GitHub resets user passwords following rash of account hijack attacks

Feds arrest ATM thieves after discovering $800,000 stuffed in a suitcase

Noah Coffey Federal authorities have arrested five more men accused of taking part in a 21st-century bank heist that siphoned a whopping $45 million out of ATMs around the world in a matter of hours. Prosecutors said the men charged on Monday were members of the New York-based cell of a global operation and contributed to the $45 million theft by illegally withdrawing $2.8 million from 140 different ATMs in that city. The arrests came after the defendants sent $800,000 in cash proceeds in a suitcase transported by bus to a syndicate kingpin located in Florida, US Attorney for the Eastern District of New York Loretta E. Lynch said . Photos seized from one defendant’s iPhone showed huge amounts of cash piled on a hotel bed and being stuffed into luggage, she said. The heists took place during two dates in December 2012 and targeted payment cards issued by the National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman respectively. Prosecutors dubbed the heists “unlimited” operations because they systematically removed the withdrawal limits normally placed on debit card accounts. These restrictions work as a safety mechanism that caps the amount of loss that banks normally face when something goes wrong. The operation removed the limits by hacking into two companies that processed online payments for the two targeted banks, prosecutors alleged in earlier indictments. Prosecutors didn’t identify the payment processors except to say that one was in India and the other was in the United States. Read 3 remaining paragraphs | Comments        

Visit link:
Feds arrest ATM thieves after discovering $800,000 stuffed in a suitcase

Qualcomm’s Toq wants to be your platform-agnostic color smartwatch

Qualcomm Qualcomm became a surprise entrant in the wearable computing race when it announced its Toq smartwatch. Designed as a showcase for some of Qualcomm’s latest technology, the $349.99 Toq will go on sale on December 2nd through its own portal. From a function perspective, Toq follows somewhat worn paths with notifications sent from your phone, music playback controls, and additional data pushed from an on-phone app. Where Toq differs is less in interactions than hardware features. The display Qualcomm chose is its own Mirasol MEMS-based display. In effect, Mirasol is like a mash-up of E Ink and LCD displays, providing a low-power, static color image where appropriate, with video and animation capabilities that exceed those of traditional E Ink displays. Charging your Toq occurs through Qualcomm’s own WiPower LE wireless charging protocol, and the included charger serves as a case as well. Most smartwatches connect primarily through Bluetooth LE; Qualcomm’s Toq also includes access to its open source AllJoyn protocol, which offers a platform-agnostic approach to device-to-device communications. AllJoyn-enabled devices and software can interact with your Toq over WiFi-Direct or Bluetooth. Read 1 remaining paragraphs | Comments        

View original post here:
Qualcomm’s Toq wants to be your platform-agnostic color smartwatch

Password hack of vBulletin.com fuels fears of in-the-wild 0-day attacks

János Pálinkás Forums software maker vBulletin has been breached by hackers who got access to customer password data and other personal information, in a compromise that has heightened speculation there may be a critical vulnerability in the widely used program that threatens websites that use it. “Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password,” vBulletin Technical Support Lead Wayne Luke wrote in a post published Friday evening . “Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password.” The warning came three days after user forums for MacRumors—itself a user of vBulletin—suffered a security breach that exposed cryptographically hashed passwords for more than 860,000 users . When describing the attack, MacRumors Editorial Director Arnold Kim said the compromise in many ways resembled the July hack of the Ubuntu user forums , which also ran on vBulletin. Read 9 remaining paragraphs | Comments        

Read the original:
Password hack of vBulletin.com fuels fears of in-the-wild 0-day attacks

In 6 months, US law enforcement asked Google for data on 21,000 users

Google Google and other tech companies have been actively fighting at the Foreign Intelligence Surveillance Court in an attempt to tell the public more about the types of US law enforcement orders that they must comply with. While that case continues, Google announced on Thursday that US government (local, state, federal) requests for data has reached 21,683 users between January through June 2013. By comparison, the company’s previous reporting period (July through December 2012) saw 8,438 user data requests from US authorities—a jump of about 32 percent. Again, the United States remains at the top of this list by a wide margin. India, Germany, France and the United Kingdom round out the next four positions, respectively. Read 5 remaining paragraphs | Comments        

Visit link:
In 6 months, US law enforcement asked Google for data on 21,000 users

Google Books ruled legal in massive win for fair use

Moyan Brenn A long-running copyright lawsuit between the Authors’ Guild and Google over its book-scanning project is over, and Google has won on the grounds that its scanning was “fair use.” In other words, the snippets of books that Google shows for free don’t break copyright, and it doesn’t need the authors’ permission to engage in the scanning and display of short bits of books. On the fair use factor that’s often the most important—whether or not the fair use of a work hurts the market for the original work—US District Judge Denny Chin seemed to find the plaintiffs’ ideas both nonsensical and ignorant of the limits on the Google Books software: Read 1 remaining paragraphs | Comments        

See the original post:
Google Books ruled legal in massive win for fair use

Hack of MacRumors forums exposes password data for 860,000 users

MacRumors MacRumors user forums have been breached by hackers who may have acquired cryptographically protected passwords belonging to all 860,000 users, one of the top editors of the news website said Tuesday evening. “In situations like this, it’s best to assume that your MacRumors Forum username, e-mail address and (hashed) password is now known,” Editorial Director Arnold Kim wrote in a short advisory . He went on to advise users to change their passwords for their MacRumors accounts and any other website accounts that were protected by the same passcode. The MacRumors intrusion involved “a moderator account being logged into by the hacker who then was able to escalate their privileges with the goals of stealing user login credentials,” Kim said. The company is still investigating how the attacker managed to compromise the privileged account. Read 5 remaining paragraphs | Comments        

Follow this link:
Hack of MacRumors forums exposes password data for 860,000 users