Tag: security

Advertiser That Tracked Around 100M Phone Users Without Consent Pays $950,000

Mobile advertising firm InMobi will be paying a fine of $950, 000 and revamp its services to resolve federal regulators’ claims that it deceptively tracked locations of hundreds of millions of people, including children. Ars Technica reports:The US Federal Trade Commission alleged in a complaint filed Wednesday that Singapore-based InMobi undermined phone users’ ability to make informed decisions about the collection of their location information. While InMobi claimed that its software collected geographical whereabouts only when end users provided opt-in consent, the software in fact used nearby Wi-Fi signals to infer locations when permission wasn’t given, FTC officials alleged. InMobi then archived the location information and used it to push targeted advertisements to individual phone users. Specifically, the FTC alleged, InMobi collected nearby basic service set identification addresses, which act as unique serial numbers for wireless access points. The company, which thousands of Android and iOS app makers use to deliver ads to end users, then fed each BSSID into a “geocorder” database to infer the phone user’s latitude and longitude, even when an end user hadn’t provided permission for location to be tracked through the phone’s dedicated location feature. Read more of this story at Slashdot.

View the original here:
Advertiser That Tracked Around 100M Phone Users Without Consent Pays $950,000

New ‘Hardened’ Tor Browser Protects Users From FBI Hacking

An anonymous reader quotes an article from Motherboard: According to a new paper, security researchers are now working closely with the Tor Project to create a “hardened” version of the Tor Browser, implementing new anti-hacking techniques which could dramatically improve the anonymity of users and further frustrate the efforts of law enforcement… “Our solution significantly improves security over standard address space layout randomization (ASLR) techniques currently used by Firefox and other mainstream browsers, ” the researchers write in their paper, whose findings will be presented in July at the Privacy Enhancing Technologies Symposium in Darmstadt, Germany. The researchers say Tor is currently field-testing their solution for an upcoming “hardened” release, making it harder for agencies like the FBI to crack the browser’s security, according to Motherboard. “[W]hile that defensive advantage may not last for too long, it shows that some in the academic research community are still intent on patching the holes that their peers are helping government hackers exploit.” Read more of this story at Slashdot.

Follow this link:
New ‘Hardened’ Tor Browser Protects Users From FBI Hacking

One Million IP Addresses Used In Brute-Force Attack On A Bank

Cisco says in just one week in February they detected 1, 127, 818 different IP addresses being used to launch 744, 361, 093 login attempts on 220, 758, 340 different email addresses — and that 93% of those attacks were directed at two financial institutions in a massive Account Takeover (ATO) campaign. An anonymous reader writes: Crooks used 993, 547 distinct IPs to check login credentials for 427, 444, 261 accounts. For most of these attacks, the crooks used proxy servers, but also two botnets, one of compromised Arris cable modems, and one of ZyXel routers/modems. Most of these credentials have been acquired from public breaches or underground hacking forums. This happened before the recent huge data breaches such as MySpace, LinkedIn, Tumblr, and VK.com. It’s apparently similar to the stolen-credentials-from-other-sites attack that was launched against GitHub earlier this week. Read more of this story at Slashdot.

Excerpt from:
One Million IP Addresses Used In Brute-Force Attack On A Bank

VLC 3.0 nightlies arrive with (sort of working) Chromecast support

Grab the latest build of VLC and you’ll see a “Render Output” option in the “Tools” menu. 6 more images in gallery Streaming online content to a Chromecast is fast and easy, but what if you have local files on your desktop that you want to get on the big screen? There are a few niche apps out there that will serve, but one of the biggest media players, VLC, is working on built-in support for Google’s Chromecast. Recently the nightly build servers started pumping out early, unstable builds of VLC with Chromecast support, so I gave it a try. You won’t find the familiar “cast” button that you see in many apps in this VLC build. Instead, the “Tools” menu has a new option called “Render Output”—this screen is for playing media on something other than the computer screen in front of you. It will detect and display Chromecasts on your local network, and the detection process seems to work great. You just pick the device you want to use and hit “OK.” If you’re playing media you’ll need to stop it, and then once you hit play the casting process should start. I got an “unknown certificate” error at first, but, after accepting it, the usual Chromecast stuff started to happen. My TV turned on and switched to the right input. A Chromecast logo appeared, the loading bar popped up—and then it failed. Read 1 remaining paragraphs | Comments

More:
VLC 3.0 nightlies arrive with (sort of working) Chromecast support

Access To Thousands Of Compromised Government Servers Selling For $6 On Black Market

An anonymous reader writes: Researchers have uncovered an underground market selling information of over 70, 000 compromised servers. Russia-based Kaspersky Lab revealed that the online forum, named xDedic, seems to be operated by a Russian-speaking organisation and allows hackers to pay for undetectable access to a wide range of servers, including those owned by government, corporate and academic groups in more than 170 countries. Access to a compromised server can be bought for as little as $6. This kit comes with relevant tools to instruct on launching denial-of-service attacks and spam campaigns on the targeted network, as well as allowing criminals to illegally produce bitcoin and breach online systems, such as retail payment platforms. Read more of this story at Slashdot.

Original post:
Access To Thousands Of Compromised Government Servers Selling For $6 On Black Market

Hacker Puts 51 Million iMesh Accounts For Sale On Dark Web

An anonymous reader shares a ZDNet report: User accounts for iMesh, a now-defunct file sharing service, are for sale on the dark web. The New York-based music and video sharing company was a peer-to-peer service, which rose to fame in the file sharing era of the early-2000s, riding the waves of the aftermath of the “dotcom” boom. LeakedSource, a breach notification site that allows users to see if their details have been leaked, has obtained the database. The group’s analysis of the database shows it contains a little over 51 million accounts. The database, of which a portion was shared with ZDNet for verification, contains user information that dates back to late-2005 when the site launched, including email addresses, passwords (which were hashed and salted with MD5, an algorithm that nowadays is easy to crack), usernames, a user’s location and IP address, registration date, and other information — such as if the account is disabled, or if the account has inbox messages. Read more of this story at Slashdot.

View the original here:
Hacker Puts 51 Million iMesh Accounts For Sale On Dark Web

China Plans Massive Sea Lab 10,000 Feet Underwater In the South China Sea

An anonymous reader writes: In an effort to hunt for materials, China is planning to build a manned deep-sea platform in the South China Sea. The lab may also serve for military purposes in the disputed waters as well. The lab would be located as much as 3, 000 meters (9, 800 ft) below sea level, according to a recent Science Ministry presentation viewed by Bloomberg. Bloomberg writes: “The project was mentioned in China’s current five-year economic plan released in March and ranked number two on a list of the top 100 science and technology priorities.” There are few public details specifying the timeline of the project, any blueprints, costs or where exactly it will be located. China’s President Xi Jinping considers more than 80 percent of the waters its sovereign territory. The country has even created several artificial islands in the South China Sea covering 3, 200 acres. Last year, the NYT posted a fascinated piece showing clear satellite imagery of the new islands being built. Read more of this story at Slashdot.

Link:
China Plans Massive Sea Lab 10,000 Feet Underwater In the South China Sea

North Korea Restarts Plutonium Production For Nuclear Bombs

New submitter ReginaldBryan45 quotes a report from Reuters: North Korea has restarted production of plutonium fuel, a senior State Department official said on Tuesday, showing that it plans to pursue its nuclear weapons program in defiance of international sanctions. The International Atomic Energy Agency (IAE) said on Monday that it had seen signs based on satellite imagery that show that the secretive country had re-activated the nuclear fuel production reactor at Yongbyon. The analysis by the IAEA pointed to “resumption of the activities of the five megawatt reactor, the expansion of centrifuge-related facility, [and] reprocessing — these are some of the examples of the areas [of activity indicated at Yongbyon].” U.S. Intelligence tried to infect the Yongbyon site with a variant of the Stuxnet malware last year but ultimately failed. Experts at the U.S.-Korea Institute at John Hopkins University’s School of Advanced International Studies in Washington predicted last year that the country’s nuclear arsenal could grow to as many as 100 bombs within five years, from an estimated 10 to 16. Naturally, this news is a cause for concern as North Korea had four (failed) test launches in the last two months. Read more of this story at Slashdot.

See the article here:
North Korea Restarts Plutonium Production For Nuclear Bombs

‘Alarming’ Rise In Ransomware Tracked

An anonymous reader quotes a report from BBC: Cyber-thieves are adopting ransomware in “alarming” numbers, say security researchers. There are now more than 120 separate families of ransomware, said experts studying the malicious software. Other researchers have seen a 3, 500% increase in the criminal use of net infrastructure that helps run ransomware campaigns. The rise is driven by the money thieves make with ransomware and the increase in kits that help them snare victims. Ransomware was easy to use, low risk and offered a high reward, said Bart Parys, a security researcher who helps to maintain a list of the growing numbers of types of this kind of malware. Mr Parys and his colleagues have now logged 124 separate variants of ransomware. Some virulent strains, such as Locky and Cryptolocker, were controlled by individual gangs, he said, but others were being used by people buying the service from an underground market. A separate indicator of the growth of ransomware came from the amount of net infrastructure that gangs behind the malware had been seen using. The numbers of web domains used to host the information and payment systems had grown 35-fold, said Infoblox in its annual report which monitors these chunks of the net’s infrastructure. A lot of ransomware reached victims via spear-phishing campaigns or booby-trapped adverts, he said, but other gangs used specialized “crypters” and “packers” that made files look benign. Others relied on inserting malware into working memory so it never reached the parts of a computer on which most security software keeps an eye. Ars Technica reports that drive-by attacks that install the TeslaCrypt crypto ransomware are now able to bypass Microsoft’s EMET. Read more of this story at Slashdot.

Read More:
‘Alarming’ Rise In Ransomware Tracked