A search reveals the address used in an attack on Tor users’ privacy referenced an IP address belonging to the NSA, routed through SAIC. Malware planted on the servers of Freedom Hosting — the “hidden service” hosting provider on the Tor anonymized network brought down late last week—may have de-anonymized visitors to the sites running on that service. This issue could send identifying information about site visitors to an Internet Protocol address that was hard-coded into the script the malware injected into browsers. And it appears the IP address in question belongs to the National Security Agency (NSA). This revelation comes from analysis done collaboratively by Baneki Privacy Labs , a collective of Internet security researchers, and VPN provider Cryptocloud . When the IP address was uncovered in the JavaScript exploit —which specifically targets Firefox Long-Term Support version 17, the version included in Tor Browser Bundle—a source at Baneki told Ars that he and others reached out to the malware and security community to help identify the source. The exploit attacked a vulnerability in the Windows version of the Firefox Extended Support Release 17 browser —the one used previously in the Tor Project’s Tor Browser Bundle (TBB). That vulnerability had been patched by Mozilla in June, and the updated browser is now part of TBB. But the TBB configuration of Firefox doesn’t include automatic security updates, so users of the bundle would not have been protected if they had not recently upgraded. Read 6 remaining paragraphs | Comments
View post:
Update: Researchers say Tor-targeted malware phoned home to NSA
On Saturday, the Obama Administration vetoed the International Trade Commission’s potential ban on a few models of older Apple phones and tablets. Samsung opened the case against Apple with the ITC in 2011, and the commission decided in June that Apple had, in fact, infringed upon a Samsung patent, US Patent No 7, 706, 348 . The decision garnered attention because the patent is considered essential to industry standards, meaning Samsung is required to license the patent (rather than sit on it, or refuse license it to some competitors). The ITC ended up recommending a ban be placed on the infringing products brought forward in the case, which included AT&T models of the iPhone 4, the iPhone 3GS, iPhone 3, iPad 3G, and iPad 2 3G. In June of 2013, Ars wrote of the ITC’s ban: ”The decision can only be appealed to the US Court of Appeals for the Federal Circuit, the nation’s top patent court. Theoretically, the President can also block an ITC-ordered import ban, but that hasn’t happened since the 1980s.” Read 4 remaining paragraphs | Comments 
A Bitcoin startup based in Thailand now says that it has suspended all operations because the Bank of Thailand has effectively banned bitcoins in the southeast Asian country. As Bitcoin Co. Ltd. reports: At the conclusion of the meeting, senior members of the Foreign Exchange Administration and Policy Department advised that due to lack of existing applicable laws, capital controls, and the fact that Bitcoin straddles multiple financial facets the following Bitcoin activities are illegal in Thailand: – Buying bitcoins – Selling bitcoins – Buying any goods or services in exchange for bitcoins – Selling any goods or services for bitcoins – Sending bitcoins to anyone located outside of Thailand – Receiving bitcoins from anyone located outside of Thailand This appears to be the first time that any country has outright banned the digital crypto currency . Further, it remains unclear exactly how Thailand would even enforce such a ban. Ars has been unable to confirm the ban with the Bank of Thailand , when this ban goes into effect, and how this decision came about. Bank representatives did not immediately respond to Ars’ request for comment. Read 1 remaining paragraphs | Comments 
A man who has won about $1.5 million in poker tournaments has been arrested and charged with running an operation that combined spam, Android malware, and a fake dating website to scam victims out of $3.9 million, according to Symantec. Symantec worked with investigators from the Chiba Prefectural Police in Japan, who earlier this week “arrested nine individuals for distributing spam that included e-mails with links to download Android.Enesoluty —a malware used to collect contact details stored on the owner’s device, ” Symantec wrote in its blog . Android.Enesoluty is a Trojan distributed as an Android application file. It steals information and sends it to computers run by hackers. It was discovered by security researchers in September 2012. Read 4 remaining paragraphs | Comments 
The British government has announced that it will approve testing of driverless cars on public roads in the United Kingdom before the end of 2013. According to a new 80-page report published on Tuesday entitled “Action for Roads: A network for the 21st century, ” a team at Oxford University and Nissan have already begun work but have only been testing in private areas. The plan comes less than a year after Florida , California , and Nevada have approved similar testing. Michigan is not far behind, either. Read 3 remaining paragraphs | Comments