Tag: facebook

Cisco Subdomain Private Key Found in Embedded Executable

Earlier this month, a developer accidentally discovered the private key of a Cisco subdomain. An anonymous reader shares the post: Last weekend, in an attempt to get Sky’s NOW TV video player (for Mac) to work on my machine, I noticed that one of the Cisco executables contains a private key that is associated with the public key in a trusted certificate for a cisco.com sub domain. This certificate is used in a local WebSocket server, presumably to allow secure Sky/NOW TV origins to communicate with the video player on the users’ local machines. I read the Baseline Requirements document (version 1.4.5, section 4.9.1.1), but I wasn’t entirely sure whether this is considered a key compromise. I asked Hanno Bock on Twitter, and he advised me to post the matter to this mailing list. The executable containing the private key is named ‘CiscoVideoGuardMonitor’, and is shipped as part of the NOW TV video player. In case you are interested, the installer can be found here (SHA-256: 56feeef4c3d141562900f9f0339b120d4db07ae2777cc73a31e3b830022241e6). I would recommend to run this installer in a virtual machine, because it drops files all over the place, and installs a few launch items (agents/daemons). The executable ‘CiscoVideoGuardMonitor’ can be found at ‘$HOME/Library/Cisco/VideoGuardPlayer/VideoGuardMonitor/ VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor’. Certificate details: Serial number: 66170CE2EC8B7D88B4E2EB732E738FE3A67CF672, DNS names: drmlocal.cisco.com, Issued by: HydrantID SSL ICA G2. The issuer HydrantID has since communicated with the certificate holder Cisco, and the certificate has been revoked. Read more of this story at Slashdot.

Link:
Cisco Subdomain Private Key Found in Embedded Executable

You Can Hack Some Mazda Cars With a USB Flash Drive

An anonymous reader writes: “Mazda cars with next-gen Mazda MZD Connect infotainment systems can be hacked just by plugging in a USB flash drive into their dashboard, thanks to a series of bugs that have been known for at least three years, ” reports Bleeping Computer. “The issues have been discovered and explored by the users of the Mazda3Revolution forum back in May 2014. Since then, the Mazda car owner community has been using these ‘hacks’ to customize their cars’ infotainment system to tweak settings and install new apps. One of the most well-designed tools is MZD-AIO-TI (MZD All In One Tweaks Installer).” Recently, a security researcher working for Bugcrowd has put together a GitHub repository that automates the exploitation of these bugs. The researcher says an attacker can copy the code of his GitHub repo on a USB flash drive, add malicious scripts and carry out attacks on Mazda cars. Mazda said the issues can’t be exploited to break out of the infotainment system to other car components, but researchers disagreed with the company on Twitter. In the meantime, the car maker has finally plugged the bugs via a firmware update released two weeks ago. Read more of this story at Slashdot.

See the original article here:
You Can Hack Some Mazda Cars With a USB Flash Drive

Team Collaboration App Slack, Valued at $9 Billion, Draws Attention of Amazon

Amazon is in the running among a handful of companies looking to acquire the popular chatroom startup, reports Bloomberg. From the article: San Francisco-based Slack could be valued at at least $9 billion in a sale, the people said. An agreement isn’t assured and discussions may not go further, said the people. Buying Slack would help Seattle-based Amazon bolster its enterprise services as it seeks to compete with rivals like Microsoft and Alphabet’s Google. The company’s cloud-hosting unit, Amazon Web Services, in February unveiled a paid-for video and audio conferencing service — Amazon Chime — that lets users chat and share content. Kara Swisher, reporting for Recode: Slack, the popular business communications company, is in the midst of raising $500 million at a $5 billion post-money valuation, an effort that has attracted several potential buyers interested in taking out the company ahead of the funding. Those include Amazon, Microsoft, Google and Salesforce, several of which have previously shown interest in acquiring Slack. Bloomberg reported the interest by Amazon today, with a $9 billion sales price. Read more of this story at Slashdot.

Continue reading here:
Team Collaboration App Slack, Valued at $9 Billion, Draws Attention of Amazon

Man faces three years in prison for sharing Deadpool on Facebook

Enlarge (credit: 20th Century Fox ) A California man who shared a copy of the movie Deadpool on Facebook has been arrested and charged with criminal copyright infringement. If convicted, he faces a penalty of up to three years in prison. Trevon Maurice Franklin, 21, of Fresno, California, allegedly uploaded the movie to his Facebook page eight days after its US theatrical release in February 2016. Franklin went by the name “Tre-Von M. King” on Facebook. Franklin was arrested on Tuesday morning and brought to US District Court in Fresno. The court docket indicates he was brought into court in leg shackles. Franklin was advised of his rights and the charges, and he pleaded not guilty. He was assigned a federal public defender as an attorney and has a subsequent court appearance on June 27 in Los Angeles. Read 3 remaining paragraphs | Comments

See more here:
Man faces three years in prison for sharing Deadpool on Facebook

NSA Links WannaCry To North Korea

An anonymous reader quotes a report from The Washington Post: The National Security Agency has linked the North Korean government to the creation of the WannaCry computer worm that affected more than 300, 000 people in some 150 countries last month, according to U.S. intelligence officials. The assessment, which was issued internally last week and has not been made public, is based on an analysis of tactics, techniques and targets that point with “moderate confidence” to North Korea’s spy agency, the Reconnaissance General Bureau, according to an individual familiar with the report. The assessment states that “cyber actors” suspected to be “sponsored by” the RGB were behind two versions of WannaCry, a worm that was built around an NSA hacking tool that had been obtained and posted online last year by an anonymous group calling itself the Shadow Brokers. Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other Western spy agencies. It states that the hackers behind WannaCry are also called “the Lazarus Group, ” a name used by private-sector researchers. Read more of this story at Slashdot.

Visit link:
NSA Links WannaCry To North Korea

Wind, Solar Surpassed 10 Percent of US Electricity In March, Says EIA

According to the Energy Department’s Energy Information Administration, wind and solar produced 10 percent of the electricity generated in the U.S. for the first time in March. The Hill reports: The Energy Information Administration’s (EIA) monthly power report for March found that wind produced 8 percent of the electricity produced in the U.S. that month, with solar producing 2 percent. The two sources combined to have their best month ever in terms of percentage of overall electricity production, EIA said. The agency expects the two sources topped 10 percent again in April but forecasts that their generation will fall below that mark during the summer months. Due to the way geographic wind patterns affect the generation of electricity, the two sources typically combine for their best months in the spring and fall. Annually, wind and solar made up 7 percent of electric generation in 2016, EIA said. Read more of this story at Slashdot.

View article:
Wind, Solar Surpassed 10 Percent of US Electricity In March, Says EIA

Firefox 54 Arrives With Multi-Process Support For All Users

An anonymous reader writes: Mozilla today launched Firefox 54 for Windows, Mac, Linux, and Android. The new version includes the next major phase of multi-process support, which streamlines memory use, improving responsiveness and speed. The Electrolysis project, which is the largest change to Firefox code ever, is live. Firefox now uses up to four processes to run webpage content across all open tabs. This means that complex webpages in one tab have a much lower impact on responsiveness and speed in other tabs, and Firefox finally makes better use of your computer’s hardware. Read more of this story at Slashdot.

Continued here:
Firefox 54 Arrives With Multi-Process Support For All Users

Cook Says Apple Is Focusing on Making an Autonomous Car System

An anonymous reader shares a Bloomberg report: After years toiling away in secret on its car project, Apple Chief Executive Officer Tim Cook has for the first time laid out exactly what the company is up to in the automotive market: It’s concentrating on self-driving technology. “We’re focusing on autonomous systems, ” Cook said in an interview on Bloomberg Television. “It’s a core technology that we view as very important. We sort of see it as the mother of all AI projects, ” Cook said in his most detailed comments to date on Apple’s plans in the car space. “It’s probably one of the most difficult A.I. projects actually to work on.” “There is a major disruption looming there, ” Cook said on Bloomberg Television, citing self-driving technology, electric vehicles and ride-hailing. “You’ve got kind of three vectors of change happening generally in the same time frame.” Cook was also bullish about the prospects for electric vehicles, a market which last week helped Tesla become the world’s fourth-biggest carmaker by market capitalization, even as it ranks well outside the top 10 by unit sales.”It’s a marvelous experience not to stop at the filling station or the gas station, ” Cook said. Read more of this story at Slashdot.

Visit site:
Cook Says Apple Is Focusing on Making an Autonomous Car System

Hackers Can Spoof Phone Numbers, Track Users Via 4G VoLTE Mobile Technology

An anonymous reader writes: “A team of researchers from French company P1 Security has detailed a long list of issues with the 4G VoLTE telephony, a protocol that has become quite popular all over the world in recent years and is currently in use in the US, Asia, and most European countries, ” reports Bleeping Computer. Researchers say they identified several flaws in the VoLTE protocol (a mixture of LTE and VoIP) that allow an attacker to spoof anyone’s phone number and place phone calls under new identities, and extract IMSI and geo-location data from pre-call message exchanges. These issues can be exploited by both altering some VoLTE packets and actively interacting with targets, but also by passively listening to VoLTE traffic on an Android device. Some of these flaws don’t even need a full call/connection to be established between the victim and the target for the data harvesting operation to take place. Additionally, another flaw allows users to make calls and use mobile data without being billed. The team’s research paper, entitled “Subscribers remote geolocation and tracking using 4G VoLTE enabled Android phone” was presented last week at SSTIC (Symposium sur la Securite des Technologies de l’Information et des Communications), a security conference held each year in Rennes, France. Read more of this story at Slashdot.

More:
Hackers Can Spoof Phone Numbers, Track Users Via 4G VoLTE Mobile Technology

Developer Accidentally Deletes Production Database On Their First Day On The Job

An anonymous reader quotes Quartz: “How screwed am I?” asked a recent user on Reddit, before sharing a mortifying story. On the first day as a junior software developer at a first salaried job out of college, his or her copy-and-paste error inadvertently erased all data from the company’s production database. Posting under the heartbreaking handle cscareerthrowaway567, the user wrote, “The CTO told me to leave and never come back. He also informed me that apparently legal would need to get involved due to severity of the data loss. I basically offered and pleaded to let me help in someway to redeem my self and i was told that I ‘completely fucked everything up.'” The company’s backups weren’t working, according to the post, so the company is in big trouble now. Though Qz adds that “the court of public opinion is on the new guy’s side. In a poll on the tech site the Register, less than 1% of 5, 400 respondents thought the new developer should be fired. Forty-five percent thought the CTO should go.” Read more of this story at Slashdot.

More here:
Developer Accidentally Deletes Production Database On Their First Day On The Job