Jump to content

NewsBot

Editor
  • Content Count

    901
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by NewsBot

  1. Data thieves used a massive “botnet” against professional networking site LinkedIn and stole member’s personal information, a new lawsuit reveals. The Mountain View firm filed the federal suit this week in an attempt to uncover the perpetrators. “LinkedIn members populate their profiles with a wide range of information concerning their professional lives, including summaries (narratives about themselves), job histories, skills, interests, educational background, professional awards, photographs and other information,” said the company’s complaint, filed in Northern California U.S. District Court. “During periods of time since December 2015, and to this day, unknown persons and/or entities employing various automated software programs (often referred to as ‘bots’) have extracted and copied data from many LinkedIn pages.” View the full article
  2. Google has been hit by a $6.75 million antitrust fine in Russia for requiring phone manufacturers to preinstall its apps on Android mobile devices. The majority of smartphones and tablets solid in Russia run on Android, and domestic search engine rival Yandex filed a complaint last year that the US company was abusing its position. The fine itself is small — less than what the company makes in an hour, notes Recode — but the decision shows increasing enmity to Google in Europe. One of the many antitrust complaints currently being levied against Google by the EU focuses on the same issue: accusing the company of abusing its dominant position in the market by forcing manufacturers to preinstall its services on Android devices. Unlike the rest of Europe, though, Russia has a viable competitor to Google — Yandex has about 60 percent of the search market in the country. With the shift to mobile, though, the company seems worried it's being out-maneuvered by Google for the future of search. View the full article
  3. Another day, another case of Facebook disappearing a video that it should have left up. A politician in Hong Kong says that Facebook banned him from the site for 24 hours for a "terms of service violation" after he posted a video of him confronting men who had been following him around for weeks. That seems like a valuable and important video in the public interest. But Facebook didn't think so. View the full article
  4. It’s been a rough few days for people looking for alternatives to their current internet providers. Last week, the Federal Communications Commission issued a report documenting what many of you already know: You don’t have much choice when it comes to broadband. In fact, most of you have only one or no companies selling high-speed internet. Then on Wednesday, a court ruling held the FCC can’t override state laws restricting cities and towns from launching their own broadband services to increase their residents’ provider options. Neither development should have been that much of a surprise. View the full article
  5. On August 9th 2016, Facebook issued a press release stating they intend to change the way they deal with adblocking on their web site. Andrew Bosworth, VP of Ads & Business Platform for Facebook states: (Emphasis added) However, In February this year, we obtained a letter from the European Commission stating that such activites in Europe would be a breach of Regulation 2002/58/EC (known as the ePrivacy Directive). The letter was in response to questions we asked the European Commission specifically with regards to the detection and circumvention of adblocking tools and whether or not such activities would be lawful under European laws and regulations. View the full article
  6. Adblock Plus launched a workaround to Facebook’s ad block bypass today that ham-handedly removes posts from friends and Pages, not just ads, according to a statement provided by Facebook to TechCrunch. That “plan to address the issue” is coming quick. A source close to Facebook tells me that today, possibly within hours, the company will push an update to its site’s code that will nullify Adblock Plus’ workaround. Apparently it took two days for Adblock Plus to come up with the workaround, and only a fraction of that time for Facebook to disable it. View the full article
  7. In a very quick turnaround, the Adblock Plus community has already blocked the intrusive Facebook ads. Yesterday we posted a story that Facebook was going to force using on desktops to see ads whether they had an adblocker or not. We promised that the open source community would have a solution very soon, and, frankly, they’ve beaten even our own expectations. A new filter was added to the main EasyList about 15 minutes ago. You’ll just need to update your filter lists (see below for how). If you want to manually add the filter, here is the code you need: facebook.com##DIV[id^="substream_"] ._5jmm[data-dedupekey][data-cursor][data-xt][data-xt-vimpr="1"][data-ftr="1"][data-fte="1"] As many of your know, the filter lists that “tell” Adblock Plus what to block are in fact the product of a global community of web citizens. This time that community seems to have gotten the better of even a giant like Facebook. View the full article
  8. Facebook is making the HTML of its web ads indistinguishable from organic content so it can slip by adblockers. But in exchange for taking away this option for controlling ads from people, its allowing them to opt-out of ad targeting categories and Custom Audience customer lists uploaded by advertisers. Today all desktop users will see an announcement atop the News Feed explaining that while web adblockers may no longer work, they can visit their Ad Preferences settings to block ads from particular businesses. Facebook commissioned research firm Ipsos to investigate why reports say 70 million Americans and nearly 200 million people worldwide use adblockers. It found that “The main reasons cited for using ad blockers include avoiding disruptive ads (69%), ads that slow down their browsing experience (58%) and security / malware risks (56%).” Privacy wasn’t the top answer. So Facebook thinks if its can make its ads non-interruptive, fast, and secure, people won’t mind. View the full article
  9. Researchers at the University of California, Riverside have identified a weakness in the Transmission Control Protocol (TCP) of all Linux operating systems since late 2012 that enables attackers to hijack users’ internet communications completely remotely. Such a weakness could be used to launch targeted attacks that track users’ online activity, forcibly terminate a communication, hijack a conversation between hosts or degrade the privacy guarantee by anonymity networks such as Tor. Led by Yue Cao, a computer science graduate student in UCR’s Bourns College of Engineering, the research will be presented on Wednesday (Aug. 10) at the USENIX Security Symposium in Austin, Texas. The project advisor is Zhiyun Qian, an assistant professor of computer science at UCR whose research focuses on identifying security vulnerabilities to help software companies improve their systems. While most users don’t interact directly with the Linux operating system, the software runs behind-the -scenes on internet servers, android phones and a range of other devices. To transfer information from one source to another, Linux and other operating systems use the Transmission Control Protocol (TCP) to package and send data, and the Internet Protocol (IP) to ensure the information gets to the correct destination. View the full article
  10. Security experts have discovered a malware platform that's so advanced in its design and execution that it could probably have been developed only with the active support of a nation-state. The malware—known alternatively as "ProjectSauron" by researchers from Kaspersky Lab and "Remsec" by their counterparts from Symantec—has been active since at least 2011 and has been discovered on 30 or so targets. Its ability to operate undetected for five years is a testament to its creators, who clearly studied other state-sponsored hacking groups in an attempt to replicate their advances and avoid their mistakes. State-sponsored groups have been responsible for malware like the Stuxnet- or National Security Agency-linked Flame, Duqu, and Regin. Much of ProjectSauron resides solely in computer memory and was written in the form of Binary Large Objects, making it hard to detect using antivirus. Because of the way the software was written, clues left behind by ProjectSauron in so-called software artifacts are unique to each of its targets. That means that clues collected from one infection don't help researchers uncover new infections. Unlike many malware operations that reuse servers, domain names, or IP addresses for command and control channels, the people behind ProjectSauron chose a different one for almost every target. View the full article
  11. Google has shared more details of its plan to replace Flash with HTML5 by default in Chrome. In September 2016, Chrome will block Flash content that loads behind the scenes, which the company estimates accounts for more than 90 percent of the Flash on the web. In December, Chrome will make HTML5 the default experience for central content, such as games and videos, except on sites that only support Flash. Flash has been on its way out for years. Not only is the tool a security nightmare, with new vulnerabilities popping up regularly, the market has been slowly but surely moving away from plugins in favor of HTML5. Chrome and Flash, in particular, have had a complicated relationship. While Flash is included in Google’s browser by default, it has been slowly but surely de-emphasized. In September 2015, Chrome 45 began automatically pausing less-important Flash content (ads, animations, and anything that isn’t “central to the webpage”). View the full article
  12. Hulu will be ending its free, ad-supported service and go to an entirely subscription model. In its place, Yahoo is picking up the slack. Yahoo on Monday announced the launch of Yahoo View, a new platform that will host free, ad-supported TV episodes as Hulu once did. It's the end of an era for Hulu, which had been moving toward a premium service for a while by slowly amassing a respectable amount of exclusive rights as well as developing original series. View the full article
  13. With the Windows 10 Anniversary Update, aka Windows 10 version 1607, released earlier this week, it's time to look forward to what's next. Windows 10 has multiple release tracks to address the needs of its various customer types. The mainstream consumer release, the one that received the Anniversary Update on Tuesday, is dubbed the Current Branch (CB). The Current Branch for Business (CBB) trails the CB by several months, giving it greater time to bed in and receive another few rounds of bug fixing. Currently the CBB is using last year's November Update, version 1511. In about four months, Microsoft plans to bump CBB up to version 1607, putting both CB and CBB on the same major version. The Long Term Servicing Branch, an Enterprise-only version that will receive security and critical issue support for 10 years, will also be updated. Currently, Windows 10 LTSB is essentially the Windows 10 RTM release with certain features such as the Edge browser and Windows Store permanently removed. On October 1, a new Windows 10 LTSB build will be released, starting another 10-year support window. View the full article
  14. CCleaner has been a widely used disk cleanup program to help tidy up your computer and free up disk space. At one time it was a go-to application for many to clean things up quickly and efficiently, recommended by many. Sadly, their programs quality went downhill substantially over the years. Bug reports would often go ignored for months at a time. I can recall using it in the tech shop where I worked. Even then, it caused problems on a few machines we worked on. Those were mainly due to the registry cleaner. It should be common knowledge by now that registry cleaners do nothing to improve performance. Now, CCleaner is known to break Cortana, indexing, caused Blue Screens with the November Update, vital Windows components, issues with Steam's VAC, and the list goes on and on. Many of these are simple to find just by doing a search for what CCleaner breaks. This once great program for quickly cleaning a computer has since become more of both a problem and a security risk than what it's really worth. The time where CCleaner was a quality program is no more. Just a few years ago I discussed changing over to BleachBit. In this discussion I covered several areas of concern, though a major one was how CCleaner adds a CCleanerSkipUAC task into your Task Scheduler Library. The problem with this is that they are bypassing a security check because CCleaner needs permission to access your hard drive and registry as well. So, why add in this CCleanerSkipUAC task? That's where many problems begin is because CCleaner is setting cleaning options and more to be enabled for things that should never be touched. There is an option in CCleaner that was added back in May 2012 to skip the UAC check, but the major problem here is that it too is enabled by default. Users should opt-in to this, not have to opt-out. Many users have no idea this option even exists! You can even see for yourself the task that is added without a user's knowledge in our screenshot below. CCleanerSkipUAC task in Windows 7 A thread on reddit discussing the Windows 10 Anniversary Update covers numerous user questions and concerns. In this thread they explicitly say to avoid using CCleaner and to instead use the built-in Windows Disk Cleanup tool. The built in Windows Disk Cleanup tool is far safer and still removes temp files. Many threads can be found on reddit discussing why people should avoid CCleaner entirely. It seems over the years the number of problems this program causes have grown and have not been properly addressed by the developers. Due to the high number of issues CCleaner has been found to cause, Lunarsoft will no longer be recommending CCleaner as a recommended or useful program. Stay safe, uninstall CCleaner and let the Windows Disk Cleanup tool do it's job. It works just fine and won't put you at a high risk of causing problems on your Windows install. View the full article
  15. Firefox (referred to as Fx) is an open source browser developed by Mozilla. A very popular and customizable browser, Firefox features a customizable user interface that allows you to enhance it using custom themes and Personas. Personas change the appearance of the user interface without rearranging the elements. Themes however, can completely change the UI ranging from the types of buttons to the color sceme used. Add-ons allow you to customize Firefox to your liking to make a more enjoyable web surfing experience. Some examples of popular add-ons that you can use to customize Firefox are AdBlock Plus, SessionManager, TabMixPlus and many more. Firefox has tabbed browsing, bookmarks, a built in session manager, private browsing, personas, themes, add-ons and more. Firefox does not use ActiveX which helps make it a more secure browser. Firefox does make use of many plugins to enhance your web experience. From Shockwave, Flash, Quicktime and more; your browsing experience reaches new levels with the Firefox browser. Downloads: Firefox 48 (64 bit) - Firefox 48 (32 bit) | All builds View: Release Notes Homepage: Firefox View the full article
  16. Starting today the Windows 10 Anniversary Update will begin rolling out for our customers around the world. The Windows 10 Anniversary Update is full of new features and innovations that bring Windows Ink and Cortana to life; a faster, more accessible and more power-efficient Microsoft Edge browser; advanced security features; new gaming experiences and more. The Windows 10 Anniversary Update will start rolling out to Windows 10 Mobile phones in the coming weeks. The Windows 10 Anniversary Update is being rolled out to Windows 10 PCs across the world in phases starting with the newer machines first. You don’t have to do anything to get the Windows 10 Anniversary Update, it will roll out automatically to you through Windows Update if you’ve chosen to have updates installed automatically on your device. However, if you don’t want to wait for the update to roll out to you, you can manually get the update yourself on your personal PC. If you’re using a Windows 10 PC at work, you will need to check with your IT administrator for details on your organization’s specific plans to update. View the full article
  17. The Windows 10 Anniversary Update – the largest update to the PC operating system since its big revamp in 2015 – began rolling out to consumers on Tuesday. More than 350m devices have been upgraded since Windows 10 was released in a Microsoft campaign that bombarded computer owners with invitations to get the new version for free, pushed it out to computers automatically and installed it without users realising. The Anniversary Update sees Microsoft’s virtual assistant Cortana become more central, being used as part of any search, while a new feature called Windows Ink enables users to annotate on their screens more freely, and across different apps, with a stylus. View the full article
  18. The creators of Pokémon Go have responded to criticism from fans after a recent update to the app crippled or removed a number of popular features. The latest version of the app, released this weekend, removed a (partly broken) pokémon-tracking tool, as well as a battery-saving mode and support for third-party pokémon maps. The game's developers have given a number of reasons for these changes, saying that the tracking feature was "confusing" and that third-party apps interfered with the company's ability to "maintain quality of service" and bring the game to new markets. Basically, too many unofficial apps were putting undue stress on the game's servers. "We have read your posts and emails and we hear the frustration from folks in places where we haven’t launched yet, and from those of you who miss these features," says the post. "We want you to know that we have been working crazy hours to keep the game running as we continue to launch globally. If you haven’t heard us Tweeting much it’s because we’ve been heads down working on the game." View the full article
  19. In 2015, the two SySS employees Matthias Deeg and Gerhard Klostermeier started a research project about the security of modern wireless desktop sets using AES encryption, as there was no publicly available data concerning... Read more about Wireless keyboards and mice vulnerable on Lunarsoft. View the full article
  20. Microsoft's year-long offer of a free upgrade to Windows 10 has now finished, albeit with a couple of loopholes still to be closed. Since the deal was launched last year there are now more than 350 million devices running the new operating system, mostly thanks to the offer. It's not especially surprising that users have quicker to upgrade to Windows 10 than earlier versions: Microsoft was giving it away for free, after all. Microsoft's offer was, to an extent, bowing to the inevitable: since the rise of the smartphone with regular free mobile OS upgrades, consumers increasingly expect to get new desktop OS upgrades for free (indeed, Mac users have done since 2013). The touch-centric look-and-feel that arrived with Windows 8, which confused and upset many users, was onther reason for the Windows 10 offer. Giving Windows 10 away for free helped Microsoft put that painful negative reception behind it, and in the process got rid of much of the Windows 8 installed base still out there (has any version of Windows appeared and disappeared so quickly?). View the full article
  21. Networking hardware vendor TP-Link today admitted violating US radio frequency rules by selling routers that could operate at power levels higher than their approved limits. In a settlement with the Federal Communications Commission, TP-Link agreed to pay a $200,000 fine, comply with the rules going forward, and to let customers install open source firmware on routers. The open source requirement is a unique one, as it isn't directly related to TP-Link's violation. Moreover, FCC rules don't require router makers to allow loading of third-party, open source firmware. In fact, recent changes to FCC rules made it more difficult for router makers to allow open source software. The TP-Link settlement was announced in the midst of a controversy spurred by those new FCC rules. The new rules for the 5GHz band require router makers to prevent third-party firmware from changing radio frequency parameters in ways that could cause interference with other devices, such as FAA Doppler weather radar systems. View the full article
  22. In 2015, the two SySS employees Matthias Deeg and Gerhard Klostermeier started a research project about the security of modern wireless desktop sets using AES encryption, as there was no publicly available data concerning security issues in current wireless mice and keyboards. Thus, the two IT security consultants have been analyzing modern wireless desktop sets with AES encryption of the manufacturers Microsoft, Cherry, Logitech, Fujitsu, and Perixx for security vulnerabilities during the last couple of months. Up to now, several and partly critical security vulnerabilities have been found and were reported to affected manufacturers in the course of the SySS responsible disclosure program. The found security vulnerabilities can be exploited within different attack scenarios from different attacker's perspectives. On the one hand, there are security issues which require one-time physical access to a keyboard or a USB dongle, for example to extract cryptographic keys which can be used in further attacks or to manipulate the firmware. On the other hand, there are security issues that can be exploited remotely via radio communication, for example replay or keystroke injection attacks due to insecure implementations of the AES encrypted data communication. During this research project, SySS built a proof-of-concept device that can be used to remotely attack a computer system that is operated with an affected wireless desktop set via radio signals. The combination of replay and keystroke injection attack, for instance, allows an attacker from a safe distance to remotely attack computer systems with an active screen lock, for example in order to install malware when the target system is unattended. So far, the fourteen reported security advisories concerning modern wireless desktop sets with advertised AES encryption of different manufacturers deal with the following security vulnerability types: Unencrypted data communication Insufficient protection of code (firmware) and data (cryptographic key) Missing protection against replay attacks Insufficient protection against replay attacks Cryptographic issues allowing for keystroke injection attacks As the responsible disclosure process of eight of the reported security issues is completed according to our responsible disclosure policy, we publish the first results of our research project in form of the following eight security advisories concerning wireless desktop sets of the manufacturers Microsoft, Cherry, Logitech and Perixx: SYSS-2016-031: CHERRY B.UNLIMITED AES - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks SYSS-2016-032: CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) SYSS-2016-038: CHERRY B.UNLIMITED AES - Cryptographic Issues (CWE-310), Keystroke Injection Vulnerability SYSS-2016-044: Logitech K520 (Keyboard of Wireless Combo MK520) - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks SYSS-2016-045: Perixx PERIDUO-710W - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) SYSS-2016-046: Perixx PERIDUO-710W - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks SYSS-2016-047: Perixx PERIDUO-710W - Cryptographic Issues (CWE-310), Keystroke Injection Vulnerability SYSS-2016-059: Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack The other six security advisories, which amongst others affect a product of the manufacturer Fujitsu, will be publicly disclosed this August and September. Moreover, further results of our research project and technical details will be presented at the IT security conference Ruxcon (22./23. October 2016) and at the Handelsblatt Jahrestagung Cybersecurity 2016 (21./22. November 2016). Source: Syss View the full article
  23. Chat logs from WhatsApp linger on your phone even after you’ve deleted them, according to new research published by iOS expert Jonathan Zdziarski. Forensic traces of chats linger on the phone even after a user archives or deletes them, Zdziarski found, and could be accessed by someone with physical access to the device or by law enforcement issuing a warrant to Apple for iCloud backups. Although the data is deleted from the app, it is not overwritten in the SQLite library and therefore remains on the phone. “I installed the app and started a few different threads,” Zdziarski wrote in a blog post. “I then archived some, cleared, some, and deleted some threads. I made a second backup after running the ‘Clear All Chats’ function in WhatsApp. None of these deletion or archival options made any difference in how deleted records were preserved. In all cases, the deleted SQLite records remained intact in the database.” View the full article
  24. A year after Microsoft introduced its free upgrade offer to Windows 10 for PCs running Windows 7 or Windows 8, the company finally put an end to this year-long opportunity last Friday. Microsoft’s significant upgrade push didn’t avoid some controversy during the past year, as many users complained that its Windows 10 upgrade prompts have been too aggressive and confusing, but there is no denying that the Windows 10 launch has been an overall success for the company. On June 29, the Redmond giant announced that Windows 10 was already running on 350 million devices (including PCs, phones, Xbox One gaming consoles and more), which was 50 million more devices than the previous milestone announced by the company on May 5. As we’re now just one day from the release of the Windows 10 Anniversary Update, we expect the company to release an update on the number of devices running the latest OS pretty soon. View the full article
  25. Gawker Media Chief Executive Nick Denton filed for personal bankruptcy protection on Monday, according to court documents that name his largest creditor as Hulk Hogan, a former professional wrestler who won a $140 million court judgment against the news website over a sex tape it posted. Denton listed assets of $10 million to $50 million and liabilities of $100 million to $500 million in his Chapter 11 petition filed at the U.S. Bankruptcy Court for the Southern District of New York. Earlier on Monday, he tweeted that he wanted to protect colleagues from a "vendetta" by tech billionaire Peter Thiel, who funded Hogan's Florida lawsuit. Gawker Media filed for bankruptcy in June after Hogan won the judgment. The wrestler had accused the site of violating his privacy by posting a sex tape featuring Hogan having sex with the wife of his then-best friend, the radio shock jock Bubba the Love Sponge Clem. View the full article
×
×
  • Create New...