Tag: linkedin

Cisco Subdomain Private Key Found in Embedded Executable

Earlier this month, a developer accidentally discovered the private key of a Cisco subdomain. An anonymous reader shares the post: Last weekend, in an attempt to get Sky’s NOW TV video player (for Mac) to work on my machine, I noticed that one of the Cisco executables contains a private key that is associated with the public key in a trusted certificate for a cisco.com sub domain. This certificate is used in a local WebSocket server, presumably to allow secure Sky/NOW TV origins to communicate with the video player on the users’ local machines. I read the Baseline Requirements document (version 1.4.5, section 4.9.1.1), but I wasn’t entirely sure whether this is considered a key compromise. I asked Hanno Bock on Twitter, and he advised me to post the matter to this mailing list. The executable containing the private key is named ‘CiscoVideoGuardMonitor’, and is shipped as part of the NOW TV video player. In case you are interested, the installer can be found here (SHA-256: 56feeef4c3d141562900f9f0339b120d4db07ae2777cc73a31e3b830022241e6). I would recommend to run this installer in a virtual machine, because it drops files all over the place, and installs a few launch items (agents/daemons). The executable ‘CiscoVideoGuardMonitor’ can be found at ‘$HOME/Library/Cisco/VideoGuardPlayer/VideoGuardMonitor/ VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor’. Certificate details: Serial number: 66170CE2EC8B7D88B4E2EB732E738FE3A67CF672, DNS names: drmlocal.cisco.com, Issued by: HydrantID SSL ICA G2. The issuer HydrantID has since communicated with the certificate holder Cisco, and the certificate has been revoked. Read more of this story at Slashdot.

Link:
Cisco Subdomain Private Key Found in Embedded Executable

NASA Finds Evidence Of 10 New Earth-sized Planets

NASA said Monday it has found new evidence of 219 planets outside our Solar System. Ten of those exoplanets appear to be similar to the size of the Earth and orbit their stars in the habitable zone. From a report: The new planets’ existence must still be double-checked. But Kepler’s latest haul — which includes a planet that is only slightly larger than Earth and receives the same amount of energy from its sun as Earth — is the latest triumph for Kepler, which has spotted roughly 80 percent of the planets orbiting stars other than our sun. Because of their potential for hosting life, the 10 Earth-size planets are the most glamorous of the newly announced planets from Kepler. But those 10 were joined by an additional 209 more garden-variety planets that are unlikely to be hospitable to life because they are too gassy, too hot, too cold or otherwise unlike the only known planet to host life: Earth. Read more of this story at Slashdot.

Link:
NASA Finds Evidence Of 10 New Earth-sized Planets

Microsoft Will Disable WannaCry Attack Vector SMBv1 Starting This Fall

An anonymous reader writes: Starting this fall, with the public launch of the next major Windows 10 update — codenamed Redstone 3 — Microsoft plans to disable SMBv1 in most versions of the Windows operating systems. SMBv1 is a three-decades-old file sharing protocol that Microsoft has continued to ship “enabled by default” with all Windows OS versions. The protocol got a lot of attention recently as it was the main infection vector for the WannaCry ransomware. Microsoft officially confirmed Tuesday that it will not ship SMBv1 with the Fall Creators Update. This change will affect only users performing clean installs, and will not be shipped as an update. This means Microsoft decision will not affect existing Windows installations, where SMBv1 might be part of a critical system. Read more of this story at Slashdot.

More:
Microsoft Will Disable WannaCry Attack Vector SMBv1 Starting This Fall

Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain

An anonymous reader writes: Samsung cellphones used to have a stock app called S Suggest. The company apparently discontinued the app recently, and then forgot to renew a domain that was used to control it. This snafu left millions of smartphone users vulnerable to hackers who could’ve registered the domain and installed malicious apps on the phones. Read more of this story at Slashdot.

Originally posted here:
Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain

Netflix Has More American Subscribers Than Cable TV

According to Leichtman Research estimates from the first quarter of 2017, there are more Netflix subscribers in the U.S. (50.85 million) than there are customers for major cable TV networks (48.61 million). While it doesn’t mean Netflix is bigger than TV because it doesn’t account for the 33.19 million satellite viewers, it represents a huge milestone for a streaming service that had half as many users just 5 years ago. Engadget reports: The shift in power comes in part through Netflix’s ever-greater reliance on originals. There’s enough high-quality material that it can compete with more established networks. However, it’s also getting a boost from the decline of conventional TV. Those traditional sources lost 760, 000 subscribers in the first quarter of the year versus 120, 000 a year earlier. Leichtman believes a combination of cord cutters and reduced marketing toward cost-conscious viewers is to blame. Cable giants might not be in dire straits, but they’re clearly focusing on their most lucrative customers as others jump ship for the internet. Read more of this story at Slashdot.

Visit site:
Netflix Has More American Subscribers Than Cable TV

Intel Announces X299, Skylake-X, and Kaby Lake-X Release Schedule

Ian Cutress, writing for AnandTech: At Computex a couple of weeks ago, Intel announced its new Basin Falls platform, consisting of the X299 chipset with motherboards based on it, a pair of Kaby Lake-X processors, and a set of Skylake-X processors going all the way up to eighteen cores, denoting the first use of Intel’s enterprise level high core-count silicon in a consumer product. As part of Intel’s E3 press release, as well as their presentations at the show, the new Core i9 processors were discussed, along with Intel’s continued commitment towards eSports. Intel gave the dates for the new platform as the following: 4, 6, 8 and 10-core parts available for pre-order from June 19th; 4, 6, 8 and 10-core parts shipping to consumers from June 26th; 12-core parts expected to ship in August; and 14, 16 and 18 core parts expected to ship in October. Read more of this story at Slashdot.

Read More:
Intel Announces X299, Skylake-X, and Kaby Lake-X Release Schedule

No, Your Phone Didn’t Ring. So Why Voice Mail From a Telemarketer?

Slashdot reader midwestsilentone tipped us off to a growing problem. Lifehacker reports: New technology allows telemarketers to leave ringless voicemail messages, and it’s a method that’s gaining traction. While there are laws to regulate businesses when they call consumers, some groups argue that ringless voicemail shouldn’t count. The New York Times reports, “ringless voicemail providers and pro-business groups…argue that these messages should not qualify as calls and, therefore, should be exempt from consumer protection laws that ban similar types of telephone marketing”… After receiving a petition from a ringless voicemail provider, the Federal Trade Commission has started to collect public comments on this issue. So what can you do about it? First, you can head here to leave your public comment and if you’re getting these voicemails, you can file a complaint with the FCC here. Presumably that only applies if you’re in the U.S. But I’d be curious to hear how many Slashdot readers have experienced this. Read more of this story at Slashdot.

Read More:
No, Your Phone Didn’t Ring. So Why Voice Mail From a Telemarketer?

It’s Been So Windy in Europe That Electricity Prices Have Turned Negative

An anonymous reader writes: It’s been very windy across Europe this week. So much so, in fact, that the high wind load on onshore and offshore wind turbines across much of the continent has helped set new wind power records. For starters, renewables generated more than half of Britain’s energy demand on Wednesday — for the first time ever. In fact, with offshore wind supplying 10 percent of the total demand, energy prices were knocked into the negative for the longest period on record. The UK is home to the world’s biggest wind farm, and the largest wind turbines, so it’s no surprise that this was an important factor in the country’s energy mix. “Negative prices aren’t frequently observed, ” Joel Meggelaars, who works at renewable energy trade body WindEurope, told Motherboard over the phone. “It means a high supply and low demand.” Read more of this story at Slashdot.

Continued here:
It’s Been So Windy in Europe That Electricity Prices Have Turned Negative

Verizon Expected To Cut Up To 1,000 Yahoo, AOL Jobs After Acquisition

Verizon’s acquisition and merger of AOL and Yahoo will result in many job cuts. According to Recode, up to 1, 000 AOL and Yahoo jobs are expected to take place across the two companies as the merger is completed. From the report: This action is not unexpected, given that both companies have a lot of redundancies, including in human resources, finance, marketing and general administration. The merger between the two companies — after Verizon bought both in succession to add tech and content to its mobile services — is expected to be completed in the next week. The shareholder meeting to approve the deal takes place tomorrow. Plans to combine both companies have been in the works for a while, as the pair attempt to make a cohesive unit out of two entities that have multiple assets and also multiple problems. It will be headed by AOL CEO Tim Armstrong, who will become the CEO of Oath, the new name for the Verizon subsidiary. Read more of this story at Slashdot.

See the article here:
Verizon Expected To Cut Up To 1,000 Yahoo, AOL Jobs After Acquisition

Russian Malware Communicates Using Britney Spears’s Instagram Account

JustAnotherOldGuy writes: A key weakness in malicious software is the “Command and Control” (C&C) system — a central server that the malware-infected systems contact to receive updates and instructions, and to send stolen data. Anti-malware researchers like to reverse engineer malicious code, discover the C&C server’s address, and then shut it down. Turla is an “advanced persistent threat” hacking group based in Russia with a long history of attacking states in ways that advance Russian state interests. A new analysis by Eset shows that Turla is solving its C&C problems by using Britney Spears’ Instagram account as a cut-out for its C&C servers. Turla moves the C&C server around, then hides the current address of the server in encrypted comments left on Britney Spears’s image posts. The compromised systems check in with Spears’ Instagram whenever they need to know where the C&C server is currently residing. Read more of this story at Slashdot.

Continue reading here:
Russian Malware Communicates Using Britney Spears’s Instagram Account