Tag: hash

California top court says red light camera photos are evidence

A red light camera at the intersection of Sylvan and Coffee in Modesto, California. Cyrus Farivar On Thursday, the California Supreme Court upheld the admissibility of images taken from red light cameras as evidence of traffic violations in the Golden State. The unanimous decision in the case, known as The People of California v. Goldsmith , marks the end of a five-year-old legal odyssey. Fines issued as the result of a red light camera in California are by far the highest nationwide ($436 in this case)—typically they’re in the $100 range in the rest of the country. The decision  (PDF) comes amid a flurry of challenges to the red light cameras before other state high courts: the Louisiana Supreme Court recently declined to hear such a case, letting stand a lower court ruling that challenged cameras in New Orleans. The Illinois Supreme Court heard oral arguments against  such cameras in Chicago in May 2014. A decision in a similar case currently before the Ohio Supreme Court is expected before the end of the year. Read 11 remaining paragraphs | Comments

See more here:
California top court says red light camera photos are evidence

Comcast charged $2,000 for alarm system that didn’t work—for 7 years

Houston resident Lisa Leeson says she paid Comcast nearly $2,000 over seven years for an alarm system, only to find out that it never worked. Comcast, it turns out, installed the alarm system improperly. Even though the alarm made a sound indicating that it was active when Leeson and her family set it each day, “It was unable… to actually call the police and/or Comcast once it was activated,” Leeson told KPRC Local 2 Houston . What did Comcast do after the problem was finally discovered? At first, the company offered only a $20 credit, before eventually agreeing to refund all of the money. “When Davis called Comcast’s corporate office, a spokesman apologized, but not before he pointed to a line in Leeson’s alarm agreement where she agreed to ‘test her system’ on ‘a regular basis,'” the news station reported. “Chances are your alarm company requires the same, putting the onus back on you to make sure your system is functioning properly.” Read 5 remaining paragraphs | Comments

Continue Reading:
Comcast charged $2,000 for alarm system that didn’t work—for 7 years

Bugs in widely used WordPress plug-in leave sites vulnerable to hijacking

Security researchers have discovered vulnerabilities in a widely used WordPress extension that leaves sites susceptible to remote hijacking. WordPress-powered sites that use the All in One SEO Pack should promptly install an update that fixes the privilege escalation vulnerabilities, Marc-Alexandre Montpas, a researcher with security firm Sucuri wrote in a blog post published Saturday . Administrators can upgrade by logging in to the admin panel, selecting plug-ins, and choosing the All in One title. The just-released version that fixes the vulnerabilities is 2.1.6. The worst of the attacks made possible by the bugs can allow attackers to inject malicious code into the admin control panel, Montpas warned. Malicious hackers could then change an admin’s password or insert backdoor code into the underlying websites. People could also remotely tamper with a site’s search engine optimization settings. To exploit the bugs, attackers need only an unprivileged account on the site, such as one for posting reader comments. In some cases, the privilege escalation and cross-site scripting bugs in All in One SEO are combined with another vulnerability that Montpas didn’t elaborate on. Read 2 remaining paragraphs | Comments

View article:
Bugs in widely used WordPress plug-in leave sites vulnerable to hijacking

Meet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks

A packet capture showing Cupid attacking a wireless network. SysValue It just got easier to exploit the catastrophic Heartbleed vulnerability against wireless networks and the devices that connect to them thanks to the release last week of open source code that streamlines the process of plucking passwords, e-mail addresses, and other sensitive information from vulnerable routers and connected clients. Dubbed Cupid, the code comes in the form of two software extensions. The first gives wireless networks the ability to deploy “evil networks” that surreptitiously send malicious packets to connected devices. Client devices relying on vulnerable versions of the OpenSSL cryptography library can then be forced to transmit contents stored in memory. The second extension runs on client devices. When connecting to certain types of wireless networks popular in corporations and other large organizations, the devices send attack packets that similarly pilfer data from vulnerable routers. The release of Cupid comes eight weeks after the disclosure of Heartbleed , one of the most serious vulnerabilities to ever hit the Internet. The flaw, which existed for more than two years in OpenSSL, resides in “heartbeat” functions designed to keep a transport layer security (TLS) connection alive over an extended period of time. Read 5 remaining paragraphs | Comments

See more here:
Meet “Cupid,” the Heartbleed attack that spawns “evil” Wi-Fi networks

TrueCrypt security audit presses on, despite developers jumping ship

ZEISS Microscopy TrueCrypt, the whole-disk encryption tool endorsed by National Security Agency leaker Edward Snowden and used by millions of privacy and security enthusiasts around the world, will receive a second round of safety audits despite being declared unsafe and abruptly abandoned by its anonymous developers two days ago. Phase II of the security audit was already scheduled to commence when Wednesday’s bombshell advisory dropped on the TrueCrypt SourceForge page. After 24 hours to reflect on the unexpected move, an organizer with the Open Crypto Audit Project said he saw no reason to scrub those plans. Online fundraisers to bankroll the project have raised about $70,000, well past the $25,000 organizers had initially aimed for . “We have conferred and we are firmly going forward on schedule with the audit regardless of yesterday’s circumstances,” Kenn White, a North Carolina-based computer scientist and audit organizer told Ars Thursday. “We don’t want there to remain all sorts of questions or scenarios or what ifs in people’s minds. TrueCrypt has been around for 10 years and it’s never received a proper formal security analysis. People are going to continue to use it for better or worse, and we feel like we owe the community the proper analysis.” Read 5 remaining paragraphs | Comments

More:
TrueCrypt security audit presses on, despite developers jumping ship