Trailrunner7 writes that researchers at Palo Alto Networks have found a backdoor in Android devices sold by Coolpad. “A popular Android smartphone sold primarily in China and Taiwan but also available worldwide, contains a backdoor from the manufacturer that is being used to push pop-up advertisements and install apps without users’ consent. The Coolpad devices, however, are ripe for much more malicious abuse, researchers at Palo Alto Networks said today, especially after the discovery of a vulnerability in the backend management interface that exposed the backdoor’s control system. Ryan Olson, intelligence director at Palo Alto, said the CoolReaper backdoor not only connects to a number of command and control servers, but is also capable of downloading, installing and activating any Android application without the user’s permission. It also sends phony over-the-air updates to devices that instead install applications without notifying the user. The backdoor can also be used to dial phone numbers, send SMS and MMS messages, and upload device and usage information to Coolpad.” Read more of this story at Slashdot.
See the original article here:
Manufacturer’s Backdoor Found On Popular Chinese Android Smartphone
Sometimes, you just need to quickly grab some free Wi-Fi while you’re walking through town. You probably know that nearby coffee shops offer Wi-Fi, but tons of retailers and restaurants offer it too—you just need to know where to look. Read more… 
First time accepted submitter catparty (3600549) writes An examination of what we can know about Facebook’s new machine learning News Feed algorithm. From the article: “Facebook’s current News Feed algorithm might be smarter, but some of its core considerations don’t stray too far from the groundwork laid by EdgeRank, though thanks to machine learning, Facebook’s current algorithm has a better ear for ‘signals from you.’ Facebook confirmed to us that the new News Feed ranking algorithm does indeed take 100, 000 weighted variables into account to determine what we see. These factors help Facebook display an average 300 posts culled from roughly 1, 500 possible posts per day, per user.” Read more of this story at Slashdot. 
MojoKid (1002251) writes The ongoing battle between Netflix and ISPs that can’t seem to handle the streaming video service’s traffic, boiled over to an infuriating level for Colin Nederkoon, a startup CEO who resides in New York City. Rather than accept excuses and finger pointing from either side, Nederkoon did a little investigating into why he was receiving such slow Netflix streams on his Verizon FiOS connection. What he discovered is that there appears to be a clear culprit. Nederkoon pays for Internet service that promises 75Mbps downstream and 35Mbps upstream through his FiOS connection. However, his Netflix video streams were limping along at just 375kbps (0.375mbps), equivalent to 0.5 percent of the speed he’s paying for. On a hunch, he decided to connect to a VPN service, which in theory should actually make things slower since it’s adding extra hops. Speeds didn’t get slower, they got much faster. After connecting to VyprVPN, his Netflix connection suddenly jumped to 3000kbps, the fastest the streaming service allows and around 10 times faster than when connecting directly with Verizon. Verizon may have a different explanation as to why Nederkoon’s Netflix streams suddenly sped up, but in the meantime, it would appear that throttling shenanigans are taking place. It seems that by using a VPN, Verizon simply doesn’t know which packets to throttle, hence the gross disparity in speed. Read more of this story at Slashdot. 
Trailrunner7 writes “A revamped early random number generator in iOS 7 is weaker than its vulnerable predecessor and generates predictable outcomes. A researcher today at CanSecWest said an attacker could brute force the Early Random PRNG used by Apple in its mobile operating system to bypass a number of kernel exploit mitigations native to iOS. ‘The Early Random PRNG in iOS 7 is surprisingly weak, ‘ said Tarjei Mandt senior security researcher at Azimuth Security. ‘The one in iOS 6 is better because this one is deterministic and trivial to brute force.’ The Early Random PRNG is important to securing the mitigations used by the iOS kernel. ‘All the mitigations deployed by the iOS kernel essentially depend on the robustness of the Early Random PRNG, ‘ Mandt said. ‘It must provide sufficient entropy and non-predictable output.'” Read more of this story at Slashdot. 
Whether you’re a huge geek or a total luddite, you’ve got to be excited when scientists invent a new kind of laser , especially one that stands to replace the one we’ve been using for fiber optic communications for the last 40 years. A team of CalTech researchers did just that . Be excited. Read more… 
An anonymous reader writes “Brian Krebs has a followup to this week’s 400 Gbps DDoS attack using NTP amplification. Krebs, as a computer security writer, has often been the target of DDoS attacks. He was also hit by a 200Gbps attack this week (apparently, from a 15-year-old in Illinois). That kind of volume would have been record-breaking only a couple of years ago, but now it’s just normal. Arbor Networks says we’ve entered the ‘hockey stick’ era of DDoS attacks, as a graph of attack volume spikes sharply over the past year. CloudFlare’s CEO wrote, ‘Monday’s DDoS proved these attacks aren’t just theoretical. To generate approximately 400Gbps of traffic, the attacker used 4, 529 NTP servers running on 1, 298 different networks. On average, each of these servers sent 87Mbps of traffic to the intended victim on CloudFlare’s network. Remarkably, it is possible that the attacker used only a single server running on a network that allowed source IP address spoofing to initiate the requests. An attacker with a 1 Gbps connection can theoretically generate more than 200Gbps of DDoS traffic.’ In a statement to Krebs, he added, ‘We have an attack of over 100 Gbps almost every hour of every day.'” Read more of this story at Slashdot. 