Tag: feeds

After FBI briefly ran Tor-hidden child-porn site, investigations went global

(credit: Andrew ) In 2015, the FBI seized a Tor-hidden child-porn website known as Playpen and allowed it to run for 13 days so that the FBI could deploy malware in order to identify and prosecute the website’s users. That malware, known in FBI-speak as a “network investigative technique,” was authorized by a federal court in Virginia in February 2015. In a new revelation, Vice Motherboard has now determined that this operation had much wider berth. The FBI’s Playpen operation was effectively transformed into a global one, reaching Turkey, Colombia, and Greece, among others. Motherboard’s Joseph Cox wrote on Twitter on Friday that he was able to find a document describing this infiltration as something called “Operation Pacifier” by using creative “Google-fu.” Read 11 remaining paragraphs | Comments

Read the article:
After FBI briefly ran Tor-hidden child-porn site, investigations went global

Media devices sold to feds have hidden backdoor with sniffing functions

(credit: AMX) A company that supplies audio-visual and building control equipment to the US Army, the White House, and other security-conscious organizations built a deliberately concealed backdoor into dozens of its products that could possibly be used to hack or spy on users, security researchers said. Members of Australia-based security firm SEC Consult said they discovered the backdoor after analyzing the AMX NX-1200 , a programmable device used to control AV and building systems. The researchers first became suspicious after encountering a function called “setUpSubtleUserAccount” that added an highly privileged account with a hard-coded password to the list of users authorized to log in. Unlike most other accounts, this one had the ability to capture data packets flowing between the device and the network it’s connected to. “Someone with knowledge of the backdoor could completely reconfigure and take over the device and due to the highest privileges also start sniffing attacks within the network segment,” SEC Consult researcher Johannes Greil told Ars. “We did not see any personal data on the device itself, besides other user accounts which could be cracked for further attacks.” Read 4 remaining paragraphs | Comments

See the original article here:
Media devices sold to feds have hidden backdoor with sniffing functions

Apple releases OS X 10.11.3 with fixes for bugs and security [Updated]

(credit: Andrew Cunningham) Today Apple released OS X 10.11.3, the third major update for El Capitan since the operating system was released to the public in September. You can grab it now through the Update tab of the Mac App Store, or you can manually download and install the Combo Update version from Apple’s support site. As with the iOS 9.2.1 update, Apple’s release notes are unusually light, and the more detailed release notes aren’t available on Apple’s support site as of this writing (they will be posted  here when they’re ready). The security release notes detail a handful of fixes for El Capitan and one for the still-supported Mavericks and Yosemite, most of which have been resolved thanks to memory handling improvements. Update : The general release notes are live. 10.11.3 fixes a pair of edge cases: One where a Mac connected to a 4K display wouldn’t wake from sleep, and one where “third-party .pkg file receipts stored in /var/db/receipts are now retained when upgrading from OS X Yosemite.” Read 1 remaining paragraphs | Comments

Read the article:
Apple releases OS X 10.11.3 with fixes for bugs and security [Updated]

Rightscorp agrees to pay $450,000 for illegal robocalls

(credit: SRU.edu ) Online copyright enforcer Rightscorp has agreed to pay $450,000 to end a lawsuit accusing the company of making illegal calls to cell phones. Morgan Pietz, an attorney who played a key role in bringing down Prenda Law, sued Rightscorp in 2014 , saying that the company’s efforts to get settlements from alleged pirates went too far. Rightscorp’s illegal “robocalls” violated the Telephone Consumer Protection Act (TCPA), a 1991 law that limits how automated calling devices are used. The class-action lawsuit claimed that some Rightscorp targets were receiving one robocall on their cell phone per day. It’s generally illegal to have automated devices call cell phones. Earlier this week, Pietz and his co-counsel filed court papers outlining the settlement. Rightscorp will pay $450,000 into a settlement fund, which will be paid out to the 2,059 identified class members who received the allegedly illegal calls. Each class member who fills out an “affidavit of noninfringement” will receive up to $100. The rest of the fund will pay for costs of notice and claim administration (about $25,000) and attorneys’ fees and costs, which cannot exceed $330,000. Rightscorp will also “release any and all alleged claims” against the class members. The company had accused the 2,059 class members of committing 126,409 acts of copyright infringement. Read 5 remaining paragraphs | Comments

Original post:
Rightscorp agrees to pay $450,000 for illegal robocalls

Autonomous car makers hand over data on glitches and failures to California DMV

Delphi’s autonomous vehicle. (credit: Delphi ) If you want to build a self-driving car and test it on public roads in California, the state’s Department of Motor Vehicles says that every year you have to submit a disengagement report—basically a list of every time the human driver had to take over for the car. This year, Bosch, Delphi, Google, Nissan, Mercedes-Benz, Tesla, and Volkswagen Group were required to submit disengagement reports, and the results are largely what you’d expect from a novel and complicated technology. Google, as the company that’s driven the most miles on public roads in California, said it experienced 341 significant disengagement events over 424,000 miles of driving  (PDF). Similarly, Nissan reported that it drove 1,485 miles on public roads in California and it experienced 106 disengagements. Delphi’s two autonomous vehicles drove 16,662 miles and the company reported 405 disengagements. Tesla, for its part, reported no disengagements  (PDF) from fully-autonomous mode from the time it was issued a permit to test self-driving cars in California. While it’s tempting to use those numbers as a comparison point as to how good a company’s autonomous vehicles are, there are many variables that could obscure an otherwise accurate comparison. The numbers only reflect miles driven on California roads and disengagements that happen in that state. If a company primarily tests its public road driving in another state, those numbers won’t be reflected in these reports. Read 8 remaining paragraphs | Comments

More:
Autonomous car makers hand over data on glitches and failures to California DMV

Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears

(credit: Fortinet) Less than a month after Juniper Network officials disclosed an unauthorized backdoor in the company’s NetScreen line of firewalls , researchers have uncovered highly suspicious code in older software from Juniper competitor Fortinet. The suspicious code contains a challenge-and-response authentication routine for logging into servers with the secure shell (SSH) protocol . Researchers were able to unearth a hard-coded password of “FGTAbc11*xy+Qqz27” (not including the quotation marks) after reviewing this exploit code posted online on Saturday . On Tuesday, a researcher posted this screenshot purporting to show someone using the exploit to gain remote access to a server running Fortinet’s FortiOS software. This exploit code provides unauthorized SSH access to devices running older versions of FortiOS. (credit: Full Disclosure mailing list ) This partially redacted screenshot purports to show the exploit in action. (credit: @dailydavedavids ) Ralf-Philipp Weinmann, a security researcher who helped uncover the innerworkings of the Juniper backdoor , took to Twitter on Tuesday and repeatedly referred to the custom SSH authentication as a “backdoor.”  In one specific post , he confirmed he was able to make it work as reported on older versions of Fortinet’s FortiOS. Read 4 remaining paragraphs | Comments

Taken from:
Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears

This New Incandescent Bulb Uses Nano Mirrors to Match LED Bulb Efficiency

Energy-saving bulbs may have some competition in the shape of an ageing technology. Scientists have developed a new kind of incandescent light bulb that uses modern science to ramp up its efficiency, almost matching that of commercial LED bulbs. Read more…

View article:
This New Incandescent Bulb Uses Nano Mirrors to Match LED Bulb Efficiency

iOS 9.3 brings multi-user mode to iPads, along with more features and fixes

(credit: Apple) Apple has just released the first beta of iOS 9.3 to its public beta testers and developers. The company regularly releases beta versions of its operating systems, but this update is unique because Apple has put together several pages extensively detailing its new features , something we normally don’t get until we see the release notes posted with the final version of the update. Collectively, this list of new features will make 9.3 the biggest release since iOS 9.0 . The first and most significant is a multi-user mode for iPads, aimed primarily at schools where buying a single iPad for each student is too expensive or otherwise undesirable. From Apple’s description, it sounds as though each student will have a roaming user profile that follows them from iPad to iPad so they can access the same apps and data no matter which iPad they use to login. User content can be cached so that students who regularly use the same iPad won’t have to wait for data to download each time they log in. These new user profiles are just one part of a larger group of features meant to make the iPad more appealing for schools. The “classroom” app gives teachers a bird’s-eye view of their students and what apps they’re using. The app can be used for screen sharing to help students out when they need it or to lock students out of specific apps when they’re not supposed to be using them. The Apple School Manager can be used by administrators to create Apple IDs, purchase apps, and manage devices. And a new type of Apple ID, the “Managed Apple ID,” can be created and assigned by schools independently of students’ normal Apple IDs. Read 5 remaining paragraphs | Comments

Continue Reading:
iOS 9.3 brings multi-user mode to iPads, along with more features and fixes

Five years later, Thunderbolt is finally gaining some traction in PCs

Walking around Pepcom at CES 2016, putting our hands on some laptops and plenty of other things. Video shot by Nathan Fitch and Jennifer Hahn, edited by Jennifer Hahn. (video link) For many years, it looked like Thunderbolt was destined to be a modern version of FireWire: faster and smarter than contemporary USB interfaces, but so rare outside of Macs that we haven’t seen a very wide range of Thunderbolt accessories beyond adapters and external hard drives. Thunderbolt versions 1 and 2 are available in most Macs sold between 2011 and now, but it has been included in just a handful of PC laptops and high-end motherboards. Thunderbolt 3 is turning that around. The port is suddenly beginning to show up in high-end offerings from just about every major PC OEM, starting with some Lenovo workstation laptops and Dell’s new XPS lineup and continuing in laptops and convertibles from HP , Acer , Intel , and others . Read 11 remaining paragraphs | Comments

Read More:
Five years later, Thunderbolt is finally gaining some traction in PCs

Latest tech support scam stokes concerns Dell customer data was breached

Enlarge (credit: Jjpwiki ) Tech-support scams, in which fraudsters pose as computer technicians who charge hefty fees to fix non-existent malware infections, have been a nuisance for years . A relatively new one targeting Dell computer owners is notable because the criminals behind it use private customer details to trick their marks into thinking the calls come from authorized Dell personnel. “What made the calls interesting was that they had all the information about my computer; model number, serial number, and notably the last item I had called Dell technical support about (my optical drive),” Ars reader Joseph B. wrote in an e-mail. “That they knew about my optical drive call from several months prior made me think there was some sort of information breach versus just my computer being compromised.” He isn’t the only Dell customer reporting such an experience. A blog post published Tuesday reported scammers knew of every problem the author had ever called Dell about. None of those problems were ever discussed in public forums, leading the author to share the suspicion that proprietary Dell data had somehow been breached. Read 7 remaining paragraphs | Comments

Read more here:
Latest tech support scam stokes concerns Dell customer data was breached