linkedin – Page 190

CCTV DVR Vulnerabilities Traced To Chinese OEM Which Spurned Researchers’ Advice

An anonymous reader writes: RSA security researcher Rotem Kerner has identified a common vulnerability in the firmware of 70 different CCTV DVR vendors, which allows crooks to execute code and gain root privileges on the affected devices. The problem was actually in the firmware of just one DVR sold by Chinese firm TVT. The practice of “white-labeling” products helped propagate this issue to other “manufacturers” who did nothing more than to buy a non-branded DVR, tweaked its firmware, slapped their logo on top, and sold it a their own, vulnerability included. Read more of this story at Slashdot.

View article:
CCTV DVR Vulnerabilities Traced To Chinese OEM Which Spurned Researchers’ Advice

Radio Attack Lets Hackers Steal 24 Different Car Models

An anonymous reader writes from a Wired article: A group of German vehicle security researchers has released new findings about the extent of a wireless key hack, and their work ought to convince hundreds of thousands of drivers to keep their car keys next to their Pudding Pops. The Munich-based automobile club ADAC recently made public a study it had performed on dozens of cars to test a radio ‘amplification attack’ that silently extends the range of unwitting drivers’ wireless key fobs to open cars and even start their ignitions (in German). The ADAC researchers say that 24 different vehicles from 19 different manufacturers were all vulnerable, allowing them to not only reliably unlock the target vehicles but also immediately drive them away. “This clear vulnerability in [wireless] keys facilitates the work of thieves immensely, ” reads the post. “The radio connection between keys and car can easily be extended over several hundred meters, regardless of whether the original key is, for example, at home or in the pocket of the owner.” Here’s the full list of vulnerable vehicles from their findings, which focused on European models: the Audi A3, A4 and A6, BMW’s 730d, Citroen’s DS4 CrossBack, Ford’s Galaxy and Eco-Sport, Honda’s HR-V, Hyundai’s Santa Fe CRDi, KIA’s Optima, Lexus’s RX 450h, Mazda’s CX-5, MINI’s Clubman, Mitsubishi’s Outlander, Nissan’s Qashqai and Leaf, Opel’s Ampera, Range Rover’s Evoque, Renault’s Traffic, Ssangyong’s Tivoli XDi, Subaru’s Levorg, Toyota’s RAV4, and Volkswagen’s Golf GTD and Touran 5T. Read more of this story at Slashdot.

See the original article here:
Radio Attack Lets Hackers Steal 24 Different Car Models

Bitcoin Trading Platform Announces Huge Downtime Following Cyber-Attack

An anonymous reader writes: BitQuick, a US-based Bitcoin trader has announced that it will shut down its platform for up to 2 to 4 weeks following a cyber-attack this week. The platform took this step because it has not yet identified how the hackers infiltrated their systems. It is unusual for companies to take down their systems for weeks, but after the recent Cryptsy and LoanBase hacks, the company is not willing to lose millions of dollars worth of Bitcoin. BitQuick announced clients of the incident, and 97% already withdrew their funds from the platform. Read more of this story at Slashdot.

More:
Bitcoin Trading Platform Announces Huge Downtime Following Cyber-Attack

Millions of Android Devices Vulnerable To New Stagefright Exploit

An anonymous reader writes: Security researchers have found yet another flaw in Android’s Stagefright. The researchers were able to remotely hack an Android phone by exploiting the bugs. According to their estimation, the flaw exposes devices running Android software version between 5.0-5.1, or 36% of 1.4 billion, to security attacks. “I would be surprised if multiple professional hacking groups do not have working Stagefright exploits by now. Many devices out there are still vulnerable, so Zimperium has not published the second exploit in order to protect the ecosystem, ” Zuk Avraham, chairman of Zimperium, the firm which found the first Stagefright exploit told Wired. Read more of this story at Slashdot.

View post:
Millions of Android Devices Vulnerable To New Stagefright Exploit

DOJ Threatens To Seize iOS Source Code

An anonymous reader writes from an article posted on iDownloadBlog: The DoJ is demanding that Apple create a special version of iOS with removed security features that would permit the FBI to run brute-force passcode attempts on the San Bernardino shooter’s iPhone 5c. Meanwhile, President Barack Obama has made public where he stands on the Apple vs. FBI case, which has quickly become a heated national debate. In the court papers, DoJ calls Apple’s rhetoric in the San Bernardino standoff as “false” and “corrosive” because the Cupertino firm dared suggest that the FBI’s court order could lead to a “police state.” Footnote Nine of DoJ’s filing reads: For the reasons discussed above, the FBI cannot itself modify the software on the San Bernardino shooter’s iPhone without access to the source code and Apple’s private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers. As Fortune’s Philip-Elmer DeWitt rightfully pointed out, that’s a classic police threat. “We can do this [the] easy way or the hard way. Give us the little thing we’re asking for — a way to bypass your security software — or we’ll take [the] whole thing: your crown jewels and the royal seal too, ” DeWitt wrote. “With Apple’s source code, the FBI could, in theory, create its own version of iOS with the security features stripped out. Stamped with Apple’s electronic signature, the Bureau’s versions of iOS could pass for the real thing, ” he added. Read more of this story at Slashdot.

Read the article:
DOJ Threatens To Seize iOS Source Code

YouTube Shows Adblock Plus Users an Error Message Instead of Ads

An anonymous reader writes: Do you use YouTube with Adblock Plus? Some users have been getting the following message instead of ads: “An error occurred. Please try again later.” The error message is only shown for the duration of the ad, meaning Adblock Plus is still technically getting the job done. But adblocking extensions typically block ads as well as remove them: For banner ads that means gaining back screen real estate on the webpage while for videos that means the content starts playing right away. Read more of this story at Slashdot.

Linux Kernel 4.5 Officially Released

prisoninmate writes: Yes, you’re reading it right, after being in development for the past two months, Linux kernel 4.5 is finally here in its final production version. It is internally dubbed “Blurry Fish Butt” and received a total of seven RC builds since January 25, 2016. Prominent features of Linux kernel 4.5 include the implementation of initial support for the AMD PowerPlay power management technology, bringing high performance to the AMDGPU open-source driver for Radeon GPUs, scalability improvements in the free space handling of the Btrfs file system, and better epoll multithreaded scalability. The sources are now available for download from kernel.org. Update: 03/14 13:24 GMT by T : Reader diegocg lists some other notable features (A new copy_file_range() system call that allows to make copies of files without transferring data through userspace; support GCC’s Undefined Behavior Sanitizer (-fsanitize=undefined); Forwarded Error Correction support in the device-mapper’s verity target; support for the MADV_FREE flag in madvise(); the new cgroup unified hierarchy is considered stable; scalability improvements for SO_REUSEPORT UDP sockets; scalability improvements for epoll, and better memory accounting of sockets in the memory controller), and links to an explanation of the changes at Kernel Newbies. Read more of this story at Slashdot.

Read the original:
Linux Kernel 4.5 Officially Released

Intel’s Optane SSD Compatible With NVMe; Could Boost MacBook Storage Speeds By 1000x

More details have emerged about Intel’s Optane, a new kind of memory and SSD that utilizes 3D Xpoint. The upcoming 3D Xpoint technology, which is supposedly 10 times denser than DRAM and 1, 000 times faster than flash storage, will be compatible with NVMe, a storage protocol that allows an SSD to make effective use of a high-speed PCIe. Several MacBook Pro models already support NVMe technology. Apple is often among the first companies to adopt emerging standards and technologies, which has led many to believe that the Cupertino-based company might leverage Intel’s Optane solid state drives for super fast performance speeds in its next batch of laptops. Apple is expected to announce the refreshed MacBook lineup sporting Intel Skylake processor later this year. Read more of this story at Slashdot.

Hertz Had Sheriffs On Hand the Day It Cut IT

dcblogs writes: About 300 Hertz IT employees, most located in Oklahoma City, are being impacted [by] a decision to expand its outsourcing to IBM. About 75 will be hired by IBM and those workers [are expected] to receive offers this week while others are facing layoffs. The news was a shock for IT employees. There was “anger, resentment, ” especially by employees who “sacrificed that work/life balance to keep things going here, ” said one employee. Hertz took precautions. On the day that IT employees learned that their work was shifting to IBM, employees noticed Oklahoma sheriff patrol vehicles in the building’s parking lot. They believed plainclothes officers were inside the building. “We consider the safety and security of our people whenever there are circumstances or events that could increase the risk of a disturbance or some form of workplace violence, ” said Bill Masterson, a Hertz spokesman. “Knowing that this was a difficult announcement, we had additional security on hand, ” said Masterson. “Going forward, Hertz IT resources will be focused on development of future products and services for customers, ” he said. The majority of services will be cloud-based. According to the Computerworld article, along with severance pay, benefits also include three months of outplacement assistance. IT employees can receive up to $4, 000 toward retraining or skill certification, said Masterson. IBM India Private Limited, a IBM subsidiary, has filed paper for H-1B visa workers for Hertz Technology offices. Read more of this story at Slashdot.

More here:
Hertz Had Sheriffs On Hand the Day It Cut IT

Wi-Fi Hotspot Blocking Persists Despite FCC Crackdown

An anonymous reader writes: An examination of consumer complaints to the FCC over the past year and a half shows that the practice of Wi-Fi hotspot device blocking continues even though the agency has slapped organizations such as Marriott and Hilton more than $2 million in total for doing this. Venues argue they need to block hotspots for security reasons, but the FCC and consumers say the organizations are doing this to force people to pay for pricey Internet access. “Consumers who purchase cellular data plans should be able to use them without fear that their personal Internet connection will be blocked by their hotel or conference center, ” FCC Enforcement Bureau chief Travis LeBlanc said in a statement. “It is unacceptable for any hotel to intentionally disable personal hotspots while also charging consumers and small businesses high fees to use the hotel’s own Wi-Fi network. This practice puts consumers in the untenable position of either paying twice for the same service or forgoing Internet access altogether.” Consumers have filed many complaints about Wi-Fi hotspot blocking to the FCC. Read more of this story at Slashdot.

Read the original post:
Wi-Fi Hotspot Blocking Persists Despite FCC Crackdown

Ken May

Tag: linkedin