entertainment – Page 161 – Tech Today w/ Ken May

Russian Hackers Stole $5 Million Per Day From Advertisers With Bots and Fake Websites

Russian hackers have used fake websites and bots to steal millions of dollars from advertisers. According to researchers, the fraud has siphoned more than $180 million from the online ad industry. CNNMoney reports: Dubbed “Methbot, ” it is a new twist in an increasingly complex world of online crime, according to White Ops, the cybersecurity firm that discovered the operation. Methbot, so nicknamed because the fake browser refers to itself as the “methbrowser, ” operates as a sham intermediary advertising ring: Companies would pay millions to run expensive video ads. Then they would deliver those ads to what appeared to be major websites. In reality, criminals had created more than 250, 000 counterfeit web pages no real person was visiting. White Ops first spotted the criminal operation in October, and it is making up to $5 million per day — by generating up to 300 million fake “video impressions” daily. According to White Ops, criminals acquired massive blocks of IP addresses — 500, 000 of them — from two of the world’s five major internet registries. Then they configured them so that they appeared to be located all over the United States. They built custom software so that computers (at those legitimate data centers) acted like real people viewing those ads. These “people” even appeared to have Facebook accounts (they didn’t), so that premium ads were served. Hackers fooled ad fraud blockers because they figured out how to build software that mimicked a real person who only surfed during the daytime — using the Google Chrome web browser on a Macbook laptop. Read more of this story at Slashdot.

Barnes & Noble’s Latest Tablet Is Running Spyware From Shanghai

Long-time Slashdot reader emil writes about how ADUPS, an Android “firmware provisioning” company specializing in both big data collection of Android usage and hostile app installation and/or firmware control, has been found pre-loaded on Barnes and Noble’s new $50 tablet: ADUPS was recently responsible for data theft on BLU phones and an unsafe version of the ADUPS agent is pre-loaded on the Barnes and Noble BNTV450. ADUPS’ press releases claim that Version 5.5 of their agent is safe, but the BNTV450 is running 5.2. The agent is capable of extracting contacts, listing installed apps, and installing new apps with elevated privilege. Azzedine Benameur, director of research at Kryptowire, claims that “owners can expect zero privacy or control while using it.” Read more of this story at Slashdot.

More:
Barnes & Noble’s Latest Tablet Is Running Spyware From Shanghai

Nigerian Man Charged in Hacking of Los Angeles County Emails

A ‘mere’ 10.8% phishing success rate has forced Los Angeles County to notify approximately 756, 000 individuals that their personal information may have been compromised. The attack occurred on May 13, 2016 when 1, 000 County employees received phishing emails. 108 employees were successfully phished. A Nigerian national has been charged in connection with the hack. From a report on The Guardian: Many large organizations would welcome a 10% success rate in their internal anti-phishing training sessions, with 30% and above being common. The 2016 Verizon DBIR suggests that 30% of all phishing emails are opened. The high number of individuals affected from a relatively low number of successes in LA County demonstrates how dangerous phishing attacks can be. The nature of the potentially compromised information is also concerning. “That information may have included first and last names, dates of birth, Social Security numbers, driver’s license or state identification numbers, payment card information, bank account information, home addresses, phone numbers, and/or medical information, such as Medi-Cal or insurance carrier identification numbers, diagnosis, treatment history, or medical record numbers, ” said the County of Los Angeles Chief Executive Office in a statement. Read more of this story at Slashdot.

See more here:
Nigerian Man Charged in Hacking of Los Angeles County Emails

Amazon Is Secretly Building an ‘Uber For Trucking’ App, Setting Its Sights On a Massive $800 Billion Market

Amazon is building an app that matches truck drivers with shippers, a new service that would deepen its presence in the $800 billion trucking industry, a person with direct knowledge of the matter told Business Insider. From the report: The app, scheduled to launch next summer, is designed to make it easier for truck drivers to find shippers that need goods moved, much in the way Uber connects drivers with riders. It would also eliminate the need for a third-party broker, which typically charges a commission of about 15% for doing the middleman work. The app will offer real-time pricing and driving directions, as well as personalized features such as truck-stop recommendations and a suggested “tour” of loads to pick up and drop off. It could also have tracking and payment options to speed up the entire shipping process. Read more of this story at Slashdot.

Continue Reading:
Amazon Is Secretly Building an ‘Uber For Trucking’ App, Setting Its Sights On a Massive $800 Billion Market

India Just Flew Past Us In the Race To E-Cash

New submitter mirandakatz writes: Since India’s prime minister banned 86 percent of the rupee notes in circulation last month, citizens have been waiting in hours-long lines for ATMs. But these circumstances have also created an unexpected progression: a burgeoning cashless economy. At Backchannel, Lauren Razavi explores how India is now beating many Western countries in adopting mobile payments, and how demonetization has triggered a radical shift toward reimagining India’s enormous informal economy as a data-driven digital marketplace. From the report: “Before last month, Paytm, a mobile app that allows users to pay for everything from pizza to utility bills, saw steady business — it was processing between 2.5 and 3 million transactions a day. Now, usage of the app has close to doubled. 6 million transactions a day is common; 5 million is considered a bad day. Rather than being forced to idle away time in excruciatingly long lines, ‘people are proactively exploring other ways to settle payments besides cash, ‘ says Deepak Abbot, senior vice president at Paytm. ‘Now people are realizing they don’t need to really line up, because merchants are starting to accept other forms of payment.’ All of this has created a newfound system that practically incentives mobile payment. With so many people queuing up at banks every day — and a lot of Indian bureaucracy to wade through in order to open a traditional bank account or line of credit — the appeal of more convenient digital alternatives is easy to understand. According to a report in the Hindu Business Line, as many as 233 million unbanked people in India are skipping plastic and moving straight to digital transactions. ‘Cash has lost its credibility and payments are no longer perceived in the same way, ‘ says Upasana Taku, the cofounder of Indian mobile wallet company MobiKwik, which reported a 40 percent increase in downloads and a 7, 000 percent increase in bank transfers since demonetization. ‘There’s chaos at the moment but also relief that India will now be an improved economy, ‘ she says.” Read more of this story at Slashdot.

Taken from:
India Just Flew Past Us In the Race To E-Cash

First Version of Sandboxed Tor Browser Available

An anonymous reader writes: To protect Tor users from FBI hacking tools that include all sorts of Firefox zero-days, the Tor Project started working on a sandboxed version of the Tor Browser in September. Over the weekend, the Tor Project released the first alpha version of the sandboxed Tor Browser. “Currently, this version is in an early alpha stage, and only available for Linux, ” reports BleepingComputer. “There are also no binaries available, and users must compile it themselves from the source code, which they can grab from here.” The report notes: “Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can’t be leveraged to extend access to the underlying operating system. This is because the sandboxed application works with its own separate portion of disk and memory that isn’t linked with the OS.” Read more of this story at Slashdot.

Originally posted here:
First Version of Sandboxed Tor Browser Available

Disney IT Workers, In Lawsuit, Claim Discrimination Against Americans

dcblogs quotes a report from Computerworld: After Disney IT workers were told in October 2014 of the plan to use offshore outsourcing firms, employees said the workplace changed. The number of South Asian workers in Disney technology buildings increased, and some workers had to train H-1B-visa-holding replacements. Approximately 250 IT workers were laid off in January 2015. Now 30 of these employees filed a lawsuit on Monday in U.S. District Court in Orlando, alleging discrimination on the basis of national origin and race. The Disney IT employees, said Sara Blackwell, a Florida labor attorney who is representing this group, “lost their jobs when their jobs were outsourced to contracting companies. And those companies brought in mostly, or virtually all, non-American national origin workers, ” she said. The lawsuit alleges that Disney terminated the employment of the plaintiffs “based solely on their national origin and race, replacing them with Indian nationals.” The people who were laid off were multiple races, but the people who came in were mostly one race, said Blackwell. The lawsuit alleges that Disney terminated the employment of the plaintiffs “based solely on their national origin and race, replacing them with Indian nationals.” Read more of this story at Slashdot.

More:
Disney IT Workers, In Lawsuit, Claim Discrimination Against Americans

New Ransomware Offers The Decryption Keys If You Infect Your Friends

MalwareHunterTeam has discovered “Popcorn Time, ” a new in-development ransomware with a twist. Gumbercules!! writes: “With Popcorn Time, not only can a victim pay a ransom to get their files back, but they can also try to infect two other people and have them pay the ransom in order to get a free key, ” writes Bleeping Computer. Infected victims are given a “referral code” and, if two people are infected by that code and pay up — the original victim is given their decryption key (potentially). While encrypting your files, Popcorn Time displays a fake system screen that says “Downloading and installing. Please wait” — followed by a seven-day countdown clock for the amount of time left to pay its ransom of one bitcoin. That screen claims that the perpetrators are “a group of computer science students from Syria, ” and that “all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that’s the only way that we can keep living.” So what would you do if this ransomware infected your files? Read more of this story at Slashdot.

Link:
New Ransomware Offers The Decryption Keys If You Infect Your Friends

5-Year-Old Critical Linux Vulnerability Patched

msm1267 quotes Kaspersky Lab’s ThreatPost: A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years. Details on the vulnerability were published Tuesday by researcher Philip Pettersson, who said the vulnerable code was introd in August 2011. A patch was pushed to the mainline Linux kernel December 2, four days after it was privately disclosed. Pettersson has developed a proof-of-concept exploit specifically for Ubuntu distributions, but told Threatpost his attack could be ported to other distros with some changes. The vulnerability is a race condition that was discovered in the af_packet implementation in the Linux kernel, and Pettersson said that a local attacker could exploit the bug to gain kernel code execution from unprivileged processes. He said the bug cannot be exploited remotely. “Basically it’s a bait-and-switch, ” the researcher told Threatpost. “The bug allows you to trick the kernel into thinking it is working with one kind of object, while you actually switched it to another kind of object before it could react.” Read more of this story at Slashdot.

View original post here:
5-Year-Old Critical Linux Vulnerability Patched

‘Star In a Jar’ Fusion Reactor Works, Promises Infinite Energy

An anonymous reader quotes a report from Space.com: For several decades now, scientists from around the world have been pursuing a ridiculously ambitious goal: They hope to develop a nuclear fusion reactor that would generate energy in the same manner as the sun and other stars, but down here on Earth. Incorporated into terrestrial power plants, this “star in a jar” technology would essentially provide Earth with limitless clean energy, forever. And according to new reports out of Europe this week, we just took another big step toward making it happen. In a study published in the latest edition of the journal Nature Communications, researchers confirmed that Germany’s Wendelstein 7-X (W7-X) fusion energy device is on track and working as planned. The space-age system, known as a stellerator, generated its first batch of hydrogen plasma when it was first fired up earlier this year. The new tests basically give scientists the green light to proceed to the next stage of the process. It works like this: Unlike a traditional fission reactor, which splits atoms of heavy elements to generate energy, a fusion reactor works by fusing the nuclei of lighter atoms into heavier atoms. The process releases massive amounts of energy and produces no radioactive waste. The “fuel” used in a fusion reactor is simple hydrogen, which can be extracted from water. The W7-X device confines the plasma within magnetic fields generated by superconducting coils cooled down to near absolute zero. The plasma — at temperatures upwards of 80 million degrees Celsius — never comes into contact with the walls of the containment chamber. Neat trick, that. David Gates, principal research physicist for the advanced projects division of PPPL, leads the agency’s collaborative efforts in regard to the W7-X project. In an email exchange from his offices at Princeton, Gates said the latest tests verify that the W7-X magnetic “cage” is working as planned. “This lays the groundwork for the exciting high-performance plasma operations expected in the near future, ” Gates said. Read more of this story at Slashdot.