Tag: fnself-program1

After FBI briefly ran Tor-hidden child-porn site, investigations went global

(credit: Andrew ) In 2015, the FBI seized a Tor-hidden child-porn website known as Playpen and allowed it to run for 13 days so that the FBI could deploy malware in order to identify and prosecute the website’s users. That malware, known in FBI-speak as a “network investigative technique,” was authorized by a federal court in Virginia in February 2015. In a new revelation, Vice Motherboard has now determined that this operation had much wider berth. The FBI’s Playpen operation was effectively transformed into a global one, reaching Turkey, Colombia, and Greece, among others. Motherboard’s Joseph Cox wrote on Twitter on Friday that he was able to find a document describing this infiltration as something called “Operation Pacifier” by using creative “Google-fu.” Read 11 remaining paragraphs | Comments

Read the article:
After FBI briefly ran Tor-hidden child-porn site, investigations went global

Media devices sold to feds have hidden backdoor with sniffing functions

(credit: AMX) A company that supplies audio-visual and building control equipment to the US Army, the White House, and other security-conscious organizations built a deliberately concealed backdoor into dozens of its products that could possibly be used to hack or spy on users, security researchers said. Members of Australia-based security firm SEC Consult said they discovered the backdoor after analyzing the AMX NX-1200 , a programmable device used to control AV and building systems. The researchers first became suspicious after encountering a function called “setUpSubtleUserAccount” that added an highly privileged account with a hard-coded password to the list of users authorized to log in. Unlike most other accounts, this one had the ability to capture data packets flowing between the device and the network it’s connected to. “Someone with knowledge of the backdoor could completely reconfigure and take over the device and due to the highest privileges also start sniffing attacks within the network segment,” SEC Consult researcher Johannes Greil told Ars. “We did not see any personal data on the device itself, besides other user accounts which could be cracked for further attacks.” Read 4 remaining paragraphs | Comments

See the original article here:
Media devices sold to feds have hidden backdoor with sniffing functions

Apple releases OS X 10.11.3 with fixes for bugs and security [Updated]

(credit: Andrew Cunningham) Today Apple released OS X 10.11.3, the third major update for El Capitan since the operating system was released to the public in September. You can grab it now through the Update tab of the Mac App Store, or you can manually download and install the Combo Update version from Apple’s support site. As with the iOS 9.2.1 update, Apple’s release notes are unusually light, and the more detailed release notes aren’t available on Apple’s support site as of this writing (they will be posted  here when they’re ready). The security release notes detail a handful of fixes for El Capitan and one for the still-supported Mavericks and Yosemite, most of which have been resolved thanks to memory handling improvements. Update : The general release notes are live. 10.11.3 fixes a pair of edge cases: One where a Mac connected to a 4K display wouldn’t wake from sleep, and one where “third-party .pkg file receipts stored in /var/db/receipts are now retained when upgrading from OS X Yosemite.” Read 1 remaining paragraphs | Comments

Read the article:
Apple releases OS X 10.11.3 with fixes for bugs and security [Updated]

Skylake users given 18 months to upgrade to Windows 10

Intel Skylake die shot. (credit: Intel) If you own a system with an Intel 6th generation Core processor—more memorably known as Skylake—and run Windows 7 or Windows 8.1, you’ll have to think about upgrading to Windows 10 within the next 18 months. Microsoft announced today that after July 17, 2017, only the “most critical” security fixes will be released for those platforms and those fixes will only be made available if they don’t “risk the reliability or compatibility” of Windows 7 and 8.1 on other (non-Skylake) systems. The full range of compatibility and security fixes will be published for non-Skylake machines for Windows 7 until January 14 2020, and for Windows 8.1 until January 10 2023. Next generation processors, including Intel’s ” Kaby Lake “, Qualcomm’s 8996 ( branded as Snapdragon 820 ), and AMD’s “Bristol Ridge” APUs (which will use the company’s Excavator architecture, not its brand new Zen arch) will only be supported on Windows 10. Going forward, the company says that using the latest generation processors will always require the latest generation operating system. Read 12 remaining paragraphs | Comments

View article:
Skylake users given 18 months to upgrade to Windows 10

Department of Transportation going full speed ahead on self-driving cars

The world as seen by a self-driving car. (credit: Jonathan Gitlin) We’ve been hitting the tech of self-driving cars pretty heavily this week, taking a look at what companies like Audi , BMW , Ford , QNX , and Tesla are doing in the field. But it’s looking more and more likely that it’s not going to be the technology itself that determines when  we’ll be able to buy a self-driving car for that morning commute. Instead, all the other stuff— regulations, laws, insurance questions, and society’s comfort level —appear ready to own the issue of timing. At this week’s North American International Auto Show in Detroit, Transportation Secretary Anthony Foxx announced that “i n 2016, we are going to do everything we can to promote safe, smart and sustainable, vehicles. We are bullish on automated vehicles.” Still, w orking out how to regulate self-driving cars is far from settled. Each state (well, OK maybe every state but Maryland) has a pretty good idea of how to test young drivers to determine whether they’re ready to mix it with the rest of us in traffic. Figuring out how to apply that to a car itself is proving to be more of a challenge. California, for instance, is about to hold a couple of public workshops to get input into its draft regulations on the the matter, and DMVs in other states are being told by their respective legislatures to start working on the problem. Today, there’s a real fear in the industry that we could end up with a patchwork of different state laws (something Cars Technica even talked about on the radio yesterday ). Then there’s the federal government, where crafting policies, regulations, and guidances can be slow work. Take recent advances in headlight technology for example. Over in Europe, you can now buy cars that use LED lasers to supplement their high-beams. Those lights are intelligent enough to avoid blinding other cars on the road, and they represent a significant safety advantage. But the Federal Motor Vehicle Safety Standards for headlights in the US went into effect in 1968 and haven’t been updated since. And because they don’t make any allowances for anything other than a high beam and a low beam, such systems are illegal here in the US. Read 4 remaining paragraphs | Comments

View original post here:
Department of Transportation going full speed ahead on self-driving cars

Security firm sued for filing “woefully inadequate” forensics report

(credit: ErrantX ) A Las Vegas-based casino operator has sued security firm Trustwave for conducting an allegedly “woefully inadequate” forensics investigation that missed key details of a network breach and allowed credit card thieves to maintain their foothold during the course of the two-and-a-half month investigation. In a legal complaint filed in federal court in Las Vegas, Affinity Gaming said it hired Trustwave in October 2013 to investigate and contain a network breach that allowed attackers to obtain customers’ credit card data. In mid January 2014, Trustwave submitted a report required under payment card industry security rules on all merchants who accept major credit cards. In the PCI forensics report, Trustwave said it had identified the source of the data breach and had contained the malware responsible for it. More than a year later after Affinity was hit by a second credit card breach, the casino operator allegedly learned from Trustwave competitor Mandiant that the malware had never been fully removed. According to the December, 2015 complaint : Read 4 remaining paragraphs | Comments

Read More:
Security firm sued for filing “woefully inadequate” forensics report

Rightscorp agrees to pay $450,000 for illegal robocalls

(credit: SRU.edu ) Online copyright enforcer Rightscorp has agreed to pay $450,000 to end a lawsuit accusing the company of making illegal calls to cell phones. Morgan Pietz, an attorney who played a key role in bringing down Prenda Law, sued Rightscorp in 2014 , saying that the company’s efforts to get settlements from alleged pirates went too far. Rightscorp’s illegal “robocalls” violated the Telephone Consumer Protection Act (TCPA), a 1991 law that limits how automated calling devices are used. The class-action lawsuit claimed that some Rightscorp targets were receiving one robocall on their cell phone per day. It’s generally illegal to have automated devices call cell phones. Earlier this week, Pietz and his co-counsel filed court papers outlining the settlement. Rightscorp will pay $450,000 into a settlement fund, which will be paid out to the 2,059 identified class members who received the allegedly illegal calls. Each class member who fills out an “affidavit of noninfringement” will receive up to $100. The rest of the fund will pay for costs of notice and claim administration (about $25,000) and attorneys’ fees and costs, which cannot exceed $330,000. Rightscorp will also “release any and all alleged claims” against the class members. The company had accused the 2,059 class members of committing 126,409 acts of copyright infringement. Read 5 remaining paragraphs | Comments

Original post:
Rightscorp agrees to pay $450,000 for illegal robocalls

Multi-gigabit cable modems ready to help you blow past your data cap

(credit: CableLabs ) Next-generation cable modems that can deliver multi-gigabit speeds have been certified by CableLabs, the cable industry’s research and development lab. The new modems use version 3.1 of DOCSIS (the Data Over Cable Service Interface Specification), cable’s answer to fiber Internet speeds. The first DOCSIS 3.1 certifications were earned by Askey, Castlenet, Netgear, Technicolor, and Ubee Interactive, according to the announcement by CableLabs . The group’s testing confirms that the modems comply with the new DOCSIS spec. DOCSIS 3.1 reduces network latency and will enable “high-speed applications including Virtual and Augmented Reality, advanced video technologies such as Ultra High Definition 4K television, tele-existence and medical imaging, and gaming,” CableLabs said. Read 3 remaining paragraphs | Comments

More:
Multi-gigabit cable modems ready to help you blow past your data cap

David Bowie’s ISP, as remembered by the guy who helped create “BowieNet”

David Bowie. (credit: davidbowie.com ) When David Bowie became an Internet service provider in 1998, a man named Ron Roy helped him start the business. Now, three days after the legendary musician’s death at age 69, we’ve interviewed Roy about how “BowieNet” came to life and why it was so important to the artist. “David was tremendously involved from day one,” Roy told Ars via e-mail. Roy appeared in some of the first press releases that followed BowieNet’s US and UK launches; we tracked him down at his current business, Wines That Rock . It was a lot easier to become an Internet service provider in 1998 than it is today. Instead of the enormous expense of  deploying fiber or cable throughout a city, ISPs could spring to life by selling dial-up connections to anyone with a telephone line. BowieNet’s dial-up service sold full access to the Internet for $19.95 a month (or £10.00 in the UK), but it was also a fan club that provided exclusive access to David Bowie content such as live video feeds from his studio. Customers who already had a dial-up Internet provider and didn’t want to switch could buy access to BowieNet content separately for $5.95 a month. BowieNet had about 100,000 customers at its peak, Roy said. Read 10 remaining paragraphs | Comments

Taken from:
David Bowie’s ISP, as remembered by the guy who helped create “BowieNet”

Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears

(credit: Fortinet) Less than a month after Juniper Network officials disclosed an unauthorized backdoor in the company’s NetScreen line of firewalls , researchers have uncovered highly suspicious code in older software from Juniper competitor Fortinet. The suspicious code contains a challenge-and-response authentication routine for logging into servers with the secure shell (SSH) protocol . Researchers were able to unearth a hard-coded password of “FGTAbc11*xy+Qqz27” (not including the quotation marks) after reviewing this exploit code posted online on Saturday . On Tuesday, a researcher posted this screenshot purporting to show someone using the exploit to gain remote access to a server running Fortinet’s FortiOS software. This exploit code provides unauthorized SSH access to devices running older versions of FortiOS. (credit: Full Disclosure mailing list ) This partially redacted screenshot purports to show the exploit in action. (credit: @dailydavedavids ) Ralf-Philipp Weinmann, a security researcher who helped uncover the innerworkings of the Juniper backdoor , took to Twitter on Tuesday and repeatedly referred to the custom SSH authentication as a “backdoor.”  In one specific post , he confirmed he was able to make it work as reported on older versions of Fortinet’s FortiOS. Read 4 remaining paragraphs | Comments

Taken from:
Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears