Tag: password

Router company that threatened a reviewer loses Amazon selling license

The Medialink router that was reviewed. Mediabridge Update 5/8/2014 19:44 CT:  On Thursday, Mediabridge Products posted an official statement about this incident to its Facebook page, clarifying its position and saying that Amazon has revoked its selling privileges. (Thanks to PrimalxConvoy for the tip). In the statement, the company says that it did not actually sue the Amazon reviewer, but that it did insist that the reviewer’s “untrue, damaging, and disparaging statements” be taken down. “It’s our sincere belief that reasonable people understand that not only is it within our rights to take steps to protect our integrity, but that it should be expected that we would do so when it is recklessly attacked,” Mediabridge Products wrote. “The reviewer has since changed his review completely to remove the libelous statements, but unfortunately not before having an army attack us on the internet.” The company did not give any clue as to the terms of Amazon’s rescinding of Mediabridge’s selling license, but only said at the end of its statement “Unfortunately, as a result of our attempt to get this reviewer to do the right thing & remove his untrue statements about our company, Amazon has revoked our selling privileges. Many hard-working employees whose livelihood depended on that business will likely be put out of a job, by a situation that has been distorted & blown out of proportion.” Read 8 remaining paragraphs | Comments

Read More:
Router company that threatened a reviewer loses Amazon selling license

Four weeks on, huge swaths of the Internet remain vulnerable to Heartbleed

Aurich Lawson / Thinkstock More than four weeks after the disclosure of the so-called Heartbleed bug found in a widely used cryptography package , slightly more or slightly less than half the systems affected by the catastrophic flaw remain vulnerable, according to two recently released estimates. A scan performed last month by Errata Security CEO Rob Graham found 615,268 servers that indicated they were vulnerable to attacks that could steal passwords, other types of login credentials, and even the extremely sensitive private encryption keys that allow attackers to impersonate websites or monitor encrypted traffic. On Thursday, the number stood at 318,239. Graham said his scans counted only servers running vulnerable versions of the OpenSSL crypto library that enabled the “Heartbeat” feature where the critical flaw resides. A separate scan using slightly different metrics arrived at an estimate that slightly less than half of the servers believed to be vulnerable in the days immediately following the Heartbleed disclosure remain susceptible. Using a tool the researcher yngve called TLS Prober, he found that 5.36 percent of all servers were vulnerable to Heartbleed as of April 11, four days after Heartbleed came to light. In a blog post published Wednesday , he said 2.33 percent of servers remained vulnerable. It’s important to remember the results don’t include the number of Heartbleed-vulnerable servers providing services such a virtual private networks or e-mail. Read 3 remaining paragraphs | Comments

More:
Four weeks on, huge swaths of the Internet remain vulnerable to Heartbleed

ARM: The $20 smartphone will be possible “in the next few months”

Basic smartphones are cheap—and getting cheaper. ARM Smartphone prices have been creeping ever downward in the last few years, and ARM is betting that they’re going to go even lower. AnandTech is reporting from ARM’s Tech Day today , and one of the company’s slides predicts that the cost of a phone with a single-core Cortex A5 chip in it will go as low as $20 within the next few months. Of course, these ultra-low-cost phones won’t be devices tech enthusiasts lust after. ARM notes that even a $25 phone like the Firefox handsets announced at Mobile World Congress  have to cut down on RAM and other specs to hit that price point, and it’s unlikely that something with such low specs could run something like Android satisfactorily. More expensive phones like the $179 Moto G will still be necessary if you want that full smartphone experience on a budget. Still, for those ever-important emerging markets where the smartphone has yet to take off, any OEM that can provide a decent experience for this price is going to fill an important niche. In other news from ARM’s Tech Day, ARM shared some new performance estimates for its upcoming 64-bit Cortex A53 and A57 architectures. The company predicts that chips based on these architectures will be about 1.5 times as fast as the Cortex A7 and A15 architectures they replace when the SoCs are all built on the same 28nm manufacturing process. When moved to a newer 20nm or 16nm manufacturing process, though, the A57 in particular will supposedly be nearly twice as fast as the older A15. Read 1 remaining paragraphs | Comments

View article:
ARM: The $20 smartphone will be possible “in the next few months”

Level 3 claims six ISPs dropping packets every day over money disputes

Network operator Level 3, which has asked the FCC to protect it from ” arbitrary access charges ” that ISPs want in exchange for accepting Internet traffic, today claimed that six consumer broadband providers have allowed a state of “permanent congestion” by refusing to upgrade peering connections for the past year. Level 3 and Cogent, another network operator, have been involved in disputes with ISPs over whether they should pay for the right to send them traffic. ISPs have demanded payment in exchange for accepting streaming video and other data that is passed from the network providers to ISPs and eventually to consumers. When the interconnections aren’t upgraded, it can lead to congestion and dropped packets, as we wrote previously regarding a dispute between  Cogent and Verizon . In a blog post today , Level 3 VP Mark Taylor wrote: Read 4 remaining paragraphs | Comments

Read the article:
Level 3 claims six ISPs dropping packets every day over money disputes

Infecting DVRs with Bitcoin-mining malware even easier than you suspected

The dialog that appears when users want to manually change the default password on their EPCOM Hikvision S04 DVR. Sans Institute It took just one day for a low-end, Internet-connected digital video recorder to become infected with malware that surreptitiously mined Bitcoins on behalf of the quick-moving attackers. The feat, documented in a blog post published Monday by researchers at the security-training outfit Sans Institute, was all the more impressive because the DVR contained no interface for downloading software from the Internet. The lack of a Wget , ftp, or kermit application posed little challenge for the attackers. To work around the limitation, the miscreants used a series of Unix commands that effectively uploaded and executed a Wget package and then used it to retrieve the Bitcoin miner from an Internet-connected server. Monday’s observations from Sans CTO Johannes Ullrich are part of an ongoing series showing the increasing vulnerability of Internet-connected appliances to malware attacks. In this case, he bought an EPCOM Hikvision S04 DVR off eBay, put it into what he believes was its factory new condition, and connected it to a laboratory “honeypot” where it was susceptible to online attackers. In the first day, it was probed by 13 different IP addresses, six of which were able to log into it using the default username and password combination of “root” and “12345.” Read 4 remaining paragraphs | Comments

View article:
Infecting DVRs with Bitcoin-mining malware even easier than you suspected

High School senior charged with hacking report-card system

A high school senior in Miami has been arrested on charges claiming he illegally accessed his school’s online report card system and changed grades for him and at least four other students, according to a published report. Jose Bautista, 18, appeared in court Friday, according to WFOR . He reportedly faces charges of intellectual property offense, modifying programs, and an offense against computer users. The student allegedly approached fellow students and asked if they wanted him to change their grades. The principal of Dr. Michael M. Krop Senior High School, the school Bautista attended, said the student gave a written confession detailing the hacking. Bautista’s bond was set at $20,000. He is under house arrest with a GPS monitor. It’s unclear if he will be allowed to graduate or if the other students involved will face any punishment. Read on Ars Technica | Comments

Read this article:
High School senior charged with hacking report-card system

Maryland police to live-tweet prostitution sting

Elvert Barnes/Flickr Maryland’s Prince George’s Police Department (PGPD), which covers part of the Washington, DC metropolitan area, announced on various social media platforms that it will be live-tweeting a prostitution sting operation “sometime next week.” What could possibly go wrong? Despite a headline that reads as if it were written by The Onion —or perhaps its latest viral media parody spinoff Clickhole —the PGPD explains that its decision to employ this “unprecedented social media tactic” stems from the desire to shame prostitutes and others involved in “the oldest profession” and to let them know that “this type of criminal behavior is not welcome in Prince George’s County.” According to information provided on their Blogger, Twitter, and Facebook accounts, the PGPD will be documenting the planned takedown with frequent updates during the arrests, tweeting photos and arrestee information. The planned takedown in Maryland will target johns, not prostitutes themselves, and will be set up using online ads, according to the department. The PGPD elaborated: Read 4 remaining paragraphs | Comments

Link:
Maryland police to live-tweet prostitution sting

Cox plans gigabit Internet for residential customers this year

Cox Communications President Pat Esser said the cable company will roll out gigabit broadband to residential customers this year. During an interview with Bloomberg yesterday , Esser said: Delivering gigabit speeds to business service customers has always been a high priority to us, and for years we’ve delivered gigabit broadband to commercial customers across the country. We’re working on our roadmap now around the residential side of the business to bring gigabit speeds to customers this year. I’m talking about plans over time for all of our customers in all of our markets having residential gigabit broadband speeds available to them, and we’re excited about it. Over the next two to three weeks we’ll be announcing which markets we’re starting in. Esser didn’t mention whether this would be a fiber-to-the-home service, but at another point he noted, “We have this very robust network, fiber very deep in the network.” Cox offers fiber-to-the-premises for business customers needing 1Gbps or 10Gbps throughput. Read 6 remaining paragraphs | Comments

View article:
Cox plans gigabit Internet for residential customers this year

Hulu to launch free mobile content, new iOS app this summer

Free Hulu users will enjoy more full, ad-supported TV episodes this summer, and those ads will quite possibly force Pizza Hut pizza down their throats. Future app updates will add “extra cheese” as an option (we hope). This morning, Hulu CEO Mike Hopkins announced at a New York event that the streaming media service would begin offering select free content to mobile users “this summer.” Currently, Hulu requires a “Plus” subscription to watch its full-length TV and film content on anything other than a desktop Web browser, while non-paying app users are limited to brief video clips until they cough up $7.99 a month. Like Hulu’s free and paid content up until this point, the free-for-mobile summer content will remain advertising-backed. Though the free shows in question haven’t been announced, Hulu used the event to promote its next wave of internally produced programming, including new seasons of The Awesomes and Deadbeat , and it’s tempting to assume that the free mobile access will lean toward some of the only-on-Hulu selection. The move may very well have come in response to individual networks releasing more apps, particularly Comedy Central’s recent self-titled app that serves free, ad-supported episodes for all users (along with a deeper video selection after a user logs in with cable subscription information). Read 1 remaining paragraphs | Comments

More:
Hulu to launch free mobile content, new iOS app this summer

Zero-day Flash bug under active attack in Windows threatens OS X, Linux too

A fragment of the shellcode exploiting a critical vulnerability in Adobe Flash. Kaspersky Lab A day after reports that attackers are exploiting a zero-day vulnerability in Microsoft’s Internet Explorer browser , researchers warned of a separate active campaign that was targeting a critical vulnerability in fully patched versions of Adobe’s ubiquitous Flash media player. The attacks were hosted on the Syrian Ministry of Justice website at hxxp://jpic.gov.sy and were detected on seven computers located in Syria, leading to theories that the campaign targeted dissidents complaining about the government of President Bashar al-Assad, according to a blog post published Monday by researchers from antivirus provider Kaspersky Lab. The attacks exploited a previously unknown vulnerability in Flash when people used the Firefox browser to access a booby-trapped page. The attackers appear to be unrelated to those reported on Sunday who exploited a critical security bug in Internet Explorer, a Kaspersky representative told Ars. While the exploit Kaspersky observed attacked only computers running Microsoft Windows, the underlying flaw, which is formally categorized as CVE-2014-1776  and resides in a Flash component known as the Pixel Bender, is present in the Adobe application built for OS X and Linux machines as well. Adobe has updated all three versions to plug the hole. Because security holes frequently become much more widely exploited in the hours or days after they are disclosed, people on all three platforms should update as soon as possible . People using IE 10 and 11 on Windowws 8 will receive the update automatically, as will users of Google’s Chrome browser. It can sometimes take hours for the automatic updates to arrive. Those who are truly cautious should consider manually installing them. Read 4 remaining paragraphs | Comments

More here:
Zero-day Flash bug under active attack in Windows threatens OS X, Linux too