You are here

Tech/Science News

Piracy Phishing Scam Targets US ISPs and Subscribers

Slashdot - Fri, 06/24/2016 - 21:20
According to a report on TorrentFreak, an elaborate piracy phishing operating is tageting US ISPs and subscribers. Scammers are reportedly masquerading as anti-piracy company IP-Echelon and rightholders such as Lionsgate to send fake DMCA notices and settlement demands to ISPs. From the report:TorrentFreak was alerted to a takedown notice Lionsgate purportedly sent to a Cox subscriber, for allegedly downloading a pirated copy of the movie Allegiant. Under threat of a lawsuit, the subscriber was asked to pay a $150 settlement fee. This request is unique as neither Lionsgate nor its tracking company IP-Echelon is known to engage in this practice. When we contacted IP-Echelon about Lionsgate's supposed settlement offer, we heard to our surprise that these emails are part of a large phishing scam, which has at least one large ISPs fooled. "The notices are fake and not sent by us. It's a phishing scam," IP-Echelon informed TorrentFreak. For a phishing scam the fake DMCA notice does its job well. At first sight the email appears to be legit, and for Cox Communications it was real enough to forward it to their customers.U.S. law enforcement has been notified and is currently investigating the matter.

Read more of this story at Slashdot.

Categories: Tech/Science News

Russia Lawmakers Pass Spying Law That Requires Encryption Backdoors, Call Surveillance

Slashdot - Fri, 06/24/2016 - 20:40
A bill that was proposed recently in the Russian Duma to make cryptographic backdoors mandatory in all messaging apps, has passed. Patrick Howell O'Neill, reports for DailyDot:A massive surveillance bill is now on its way to becoming law in Russia. The "anti-terrorism" legislation includes a vast data-eavesdropping and -retention program so that telecom and internet companies have to record and store all customer communications for six months, potentially at a multitrillion-dollar cost. Additionally, all internet firms have to provide mandatory backdoor access into encrypted communications for the FSB, the Russian intelligence agency and successor to the KGB. The bill, with support from the ruling United Russia party, passed Friday in the Duma, Russia's lower legislative house, with 277 votes for, 148 against, and one abstaining. It now moves to Russia's Federal Council and the Kremlin, where it's expected to pass into law.

Read more of this story at Slashdot.

Categories: Tech/Science News

Net Neutrality Advocates To FCC: Put the Kibosh On Internet Freebies

Slashdot - Fri, 06/24/2016 - 20:00
An anonymous reader cites a CNET report:Net neutrality advocates demand action. Representatives from Fight the Future, the Center for Media Justice and Free Press on Friday hand-delivered a 6-foot tall package containing 100,000 letters of complaint to the Federal Communications Commission. They ask the agency to take action against AT&T, Comcast, T-Mobile and Verizon for violating the agency's Open Internet order by offering so-called zero-rating service plans. While the practice offers some benefits to customers, critics say it violates the agency's Net neutrality principles, which requires all services on the internet be treated the same. They claim it puts smaller competitors at a disadvantage and highlights the fact that data caps are unnecessary. Carriers say they are simply experimenting with new business models that will make their service more affordable for consumers.

Read more of this story at Slashdot.

Categories: Tech/Science News

In the Aftermath Of Brexit, Brits Google About Irish Passport, Meaning Of EU, and Why it All Happened

Slashdot - Fri, 06/24/2016 - 19:20
As the world makes peace with the news that the United Kingdom has voted to leave the European Union, people in the UK are increasingly trying to figure out what this means. Google noted on Twitter late Thursday that "What is the EU?" was the second top UK question on the EU since the news broke, with "Why did Britain leave the EU?" being the first. The questions also speak volume about the awareness of the issue among them. Understandably, some people also resorted to the search engine to look for Irish passports. "Getting an Irish passport" keywords saw a 100% surge.

Read more of this story at Slashdot.

Categories: Tech/Science News

FBI Is Classifying Its Tor Browser Exploit Because 'National Security'

Slashdot - Fri, 06/24/2016 - 18:40
Joseph Cox, reporting for Motherboard:Defense teams across the US have been trying to get access to a piece of malware the FBI used to hack visitors of a child pornography site. None have been successful at obtaining all of the malware's code, and the government appears to have no intention of handing it over. Now, the FBI is classifying the Tor Browser exploit for reasons of national security, despite the exploit already being used in normal criminal investigations well over a year ago. Experts say it indicates a lack of organization or technical capabilities within the FBI. "The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI's National Security Information Classification Guide," government attorneys wrote in a filing earlier this month. It came in response to the defense of Gerald Andrew Darby, who is charged with child pornography offenses.

Read more of this story at Slashdot.

Categories: Tech/Science News

Chrome Bug Makes It Easy To Download Movies From Netflix and Amazon Prime

Slashdot - Fri, 06/24/2016 - 18:00
A vulnerability found in Chrome by researchers allows people to save copies of movies and TV shows from streaming websites such as Netflix and Amazon Prime. From a Gizmodo report:The vulnerability, first reported by Wired (Editor's note: Wired blocks adblockers), takes advantage of the Widevine EME/CDM technology that Chrome uses to stream encrypted video from content providers. Researchers David Livshits from the Cyber Security Research Center at Ben-Gurion University and Alexandra Mikityuk of Telekom Innovation Laboratories discovered a way to hijack streaming video from the decryption module in the Chrome browser after content has been sent from services like Netflix or Amazon Prime. The researchers created a proof-of-concept (which is currently the only evidence of the exploit) to show how easily they could illegally download streaming video once CDM technology has decrypted it.Google was notified of the bug last month but is yet to patch it.

Read more of this story at Slashdot.

Categories: Tech/Science News

$4 Android Smartphone From India To Begin Shipping Next Week

Slashdot - Fri, 06/24/2016 - 17:20
Earlier this year, an Indian smartphone company called Ringing Bells unveiled the Freedom 251, an entry-level Android smartphone that was priced at Rs. 251 (roughly $3.7 USD). It didn't take long for the company to stir controversy -- soon after media got the device, they learned that Ringing Bells had disguised Adcom Ikon 4s (retail price: $60) as the Freedom 251 smartphone for marketing and media reviewing purposes. The company at the time noted that it was just a sample device. Furthermore, it was clear that components in the sample device alone would cost more than Rs. 2,000 ($30). Ringing Bells, standing by its earlier commitment, has now announced that it will begin shipping the Freedom 251 handset starting next week. The Freedom 251 unit which will ship to consumers reportedly features dual-SIM capability, 1GB of RAM, a 1.3GHz SoC from an unnamed chipset maker, 8GB of internal storage, an 8-megapixel rear camera, 3.2-megapixel front-facing shooter and a 1,800mAh battery. How did the company manage to get the price of the handset this cheap? In a separate interview with Times of India, the company noted that it has partnered with a number of software firms to pre-install their apps on the phone.

Read more of this story at Slashdot.

Categories: Tech/Science News

'Godless' Apps, Some Found In Google Play, Root 90% Of Android Phones

Slashdot - Fri, 06/24/2016 - 16:40
Dan Goodin, reporting for ArsTechnica:Researchers have detected a family of malicious apps, some that were available in Google Play, that contain malicious code capable of secretly rooting an estimated 90 percent of all Android phones. In a recently published blog post, antivirus provider Trend Micro said that Godless, as the malware family has been dubbed, contains a collection of rooting exploits that works against virtually any device running Android 5.1 or earlier. That accounts for an estimated 90 percent of all Android devices. Members of the family have been found in a variety of app stores, including Google Play, and have been installed on more than 850,000 devices worldwide. Godless has struck hardest at users in India, Indonesia, and Thailand, but so far less than 2 percent of those infected are in the US. Once an app with the malicious code is installed, it has the ability to pull from a vast repository of exploits to root the particular device it's running on. In that respect, the app functions something like the many available exploit kits that cause hacked websites to identify specific vulnerabilities in individual visitors' browsers and serve drive-by exploits.Affected apps that have been spotted in Google Play, Android's marquee app store, are largely flashlight, Wi-Fi apps, as well as copies of popular games.

Read more of this story at Slashdot.

Categories: Tech/Science News

Malware Can Use Fan Noise To Steal Data From Air-Gapped Systems

Slashdot - Fri, 06/24/2016 - 16:00
Reader Orome1 writes: For the last few years, researchers from Ben-Gurion University of the Negev have been testing up new ways to exfiltrate data from air-gapped computers: via mobile phones, using radio frequencies ("AirHopper"); using heat ("BitWhisper"), using rogue software ("GSMem") that modulates and transmits electromagnetic signals at cellular frequencies. The latest version of the data-exfiltration attack against air-gapped computers involves the machine's fans. Dubbed "Fansmitter," the attack can come handy when the computer does not have speakers, and so attackers can't use acoustic channels to get the info.An anonymous reader adds:Malicious applications use the noise emanated by a computer fan's speed to relay information to a nearby recording device and steal data from air-gapped, isolated systems. The attack relies on selecting a fan speed to represent binary "1" and another for binary "0". A specially crafted malware can alter the CPU, GPU or chassis fan speed between these two frequencies and provide a method to relay data from infected systems. Attackers can then place microphones or smartphones to record the sound coming from the infected machine and steal the data. The attack works for distances of one to four meters, and operates in the 100-600 Hz frequency that can be picked up by the human year. Choosing smaller fan speeds or fan speeds that are closer together can make the attack harder to pick up by a human, but also makes it susceptible to background noise.

Read more of this story at Slashdot.

Categories: Tech/Science News

Study Finds Password Misuse In Hospitals Is 'Endemic'

Slashdot - Fri, 06/24/2016 - 15:00
chicksdaddy writes from a report via The Security Ledger: Hospitals are pretty hygienic places -- except when it comes to passwords, it seems. That's the conclusion of a recent study by researchers at Dartmouth College, the University of Pennsylvania and USC, which found that efforts to circumvent password protections are "endemic" in healthcare environments and mostly go unnoticed by hospital IT staff. The report describes what can only be described as wholesale abandonment of security best practices at hospitals and other clinical environments -- with the bad behavior being driven by necessity rather than malice. "In hospital after hospital and clinic after clinic, we find users write down passwords everywhere," the report reads. "Sticky notes form sticky stalagmites on medical devices and in medication preparation rooms. We've observed entire hospital units share a password to a medical device, where the password is taped onto the device. We found emergency room supply rooms with locked doors where the lock code was written on the door -- no one wanted to prevent a clinician from obtaining emergency supplies because they didn't remember the code." Competing priorities of clinical staff and information technology staff bear much of the blame. Specifically: IT staff and management are often focused on regulatory compliance and securing healthcare environments. They are excoriated for lapses in security that result in the theft or loss of data. Clinical staff, on the other hand, are focused on patient care and ensuring good health outcomes, said Ross Koppel, one of the authors of the report, who told The Security Ledger. Those two competing goals often clash. "IT want to be good guys. They're not out to make life miserable for the clinical staff, but they often do," he said.

Read more of this story at Slashdot.

Categories: Tech/Science News

BlackBerry Remains Committed To Smartphone Business, Despite $670M Net Loss In Last Three Months

Slashdot - Fri, 06/24/2016 - 12:00
AchilleTalon writes: BlackBerry CEO John Chen refuses to give up on the company's hardware business despite lackluster sales of its first Android-powered smartphone, the Priv. The Canadian smartphone maker reported a $670 million net loss in the first quarter of its 2017 financial year, but said its recovery plan for the year remains on track. Chen, who has stated the company's No. 1 goal is to make its smartphone device business profitable this fiscal year, said he expects the company's new mobility solutions segment to break even or record a slight profit during the third quarter, which ends Nov. 30, 2016. During BlackBerry's first quarter -- second full quarter to include Priv sales -- the company sold roughly 500,000 devices at an average price of $290 each, he said, which is about 100,000 smartphones fewer than the previous quarter and about 200,000 fewer than two quarters earlier. Previously, the company said it needs to sell about three million phones at an average of $300 each to break even, though Chen indicated that may change as the software licensing business starts to contribute to revenue.

Read more of this story at Slashdot.

Categories: Tech/Science News

BBC: UK Votes To Leave The European Union

Slashdot - Fri, 06/24/2016 - 08:00
An anonymous reader quotes a report from the BBC: The UK has voted by 52% to 48% to leave the European Union after 43 years in a historic referendum, a BBC forecast suggests. London and Scotland voted strongly to stay in the EU but the remain vote has been undermined by poor results in the north of England. Voters in Wales and the English shires have backed Brexit in large numbers. The referendum turnout was 71.8% -- with more than 30 million people voting -- the highest turnout since 1992. London has voted to stay in the EU by around 60% to 40%. However, no other region of England has voted in favor of remaining. Britain would be the first country to leave the EU since its formation -- but a leave vote will not immediately mean Britain ceases to be a member of the 28-nation bloc. That process could take a minimum of two years, with Leave campaigners suggesting during the referendum campaign that it should not be completed until 2020 -- the date of the next scheduled general election. The prime minister will have to decide when to trigger Article 50 of the Lisbon Treaty, which would give the UK two years to negotiate its withdrawal. Once Article 50 has been triggered a country can not rejoin without the consent of all member states. British Prime Minister David Cameron is under pressure to resign as a result of the decision. UK Independence Party (UKIP) leader Nigel Farage called on him to quit "immediately." One labor source said, "If we vote to leave, Cameron should seriously consider his position." Several pro-Leave Conservatives including Boris Johnson and Michael Gove have signed a letter to Mr. Cameron urging him to stay no matter the decision. Mr. Cameron did say he would trigger Article 50 as soon as possible after a leave vote.

Read more of this story at Slashdot.

Categories: Tech/Science News

Apple Discontinues Thunderbolt Display

Slashdot - Fri, 06/24/2016 - 05:30
An anonymous reader writes: Apple has officially told several news sites that it plans to discontinue the Thunderbolt Display, which has been available online and in Apple retail stores since it was first introduced in 2011. "We're discontinuing the Apple Thunderbolt Display. It will be available through Apple.com, Apple's retail stores and Apple Authorized Resellers while supplies last. There are a number of great third-party options available for Mac users," said an Apple spokesperson. Rumors suggest that Apple will launch a new version of its Thunderbolt monitor later this year, featuring an upgraded 5K resolution and discrete GPU. The new Thunderbolt Display may even launch alongside next-generation Skylake Retina MacBook Pros, which too are rumored to be released later this year. fyngyrz writes: So, bought into the whole Thunderbolt monitor thing from Apple? Might want to collect a few right now, while you still can. It appears that the Thunderbolt monitor is going the way of the analog [headphone] jack over at Apple. Isn't it fun to be part of an unsuccessful experiment?

Read more of this story at Slashdot.

Categories: Tech/Science News

Comcast Admits It Incorrectly Debited $1,775 From Account, Tells Customer To Sort It Out With Bank

Slashdot - Fri, 06/24/2016 - 03:25
An anonymous reader writes from a report via The Consumerist: Consumerist reader Robert is fighting with Comcast over a $1,775 early termination fee that should not have been assessed after he tried to cancel his business-tier service with the company. Comcast itself has even admitted that the money should not have been debited from Robert's bank account, but now says it's his responsibility to sort the mess out with his bank. The Consumerist reports: "In an effort to save money in 2014, Robert called to have their service level downgraded to a more affordable rate. Shortly thereafter, correctly believing that he was out of contract, he cancelled his Comcast service. That should have been the end of the story, but only weeks after closing the Comcast account, the boys from Kabletown decided that Robert was not out of contract, debiting $1,775.44 from the checking account tied to the Comcast service. Skip forward to Jan. 2015 -- two months after being told he'd get made whole; still no check. Robert says that when he called Comcast, 'the rep actually laughed when I told her I didn't get a check yet. She said it would take three months.'" Two calls later, one in June 2015 and one in Jan. 2016, Robert still didn't receive the check even after being reassured it was coming. More recently, he received an email from someone at Comcast "Executive Customer Relations," saying: "I understand you're claiming that someone advised you Comcast would send a refund check for the last payment that was debited but this is generally not the way we handle these situations. [...] For your situation, you would have to dispute the payment with your bank." Good news: The Consumerist reached out to Comcast HQ and a Comcast rep wrote back. "More information just came in," reads the email, which explains that an ETF credit was applied to his account in Dec. 2014, but "through some error the refund check never generated." Comcast is reportedly sending the check for real this time.

Read more of this story at Slashdot.

Categories: Tech/Science News

Clinton's Private Email Was Blocked By Spam Filters, So State IT Turned Them Off

Slashdot - Fri, 06/24/2016 - 02:45
An anonymous reader quotes a report from Ars Technica: Documents recently obtained by the conservative advocacy group Judicial Watch show that in December 2010, then-U.S. Secretary of State Hillary Clinton and her staff were having difficulty communicating with State Department officials by e-mail because spam filters were blocking their messages. To fix the problem, State Department IT turned the filters off -- potentially exposing State's employees to phishing attacks and other malicious e-mails. The mail problems prompted Clinton Chief of Staff Huma Abedin to suggest to Clinton (PDF), "We should talk about putting you on State e-mail or releasing your e-mail address to the department so you are not going to spam." Clinton replied, "Let's get [a] separate address or device but I don't want any risk of the personal [e-mail] being accessible." The mail filter system -- Trend Micro's ScanMail for Exchange 8 -- was apparently causing some messages from Clinton's private server (Clintonemail.com) to not be delivered (PDF). Some were "bounced;" others were accepted by the server but were quarantined and never delivered to the recipient. According to the e-mail thread published yesterday by Judicial Watch, State's IT team turned off both spam and antivirus filters on two "bridgehead" mail relay servers while waiting for a fix from Trend Micro. There was some doubt about whether Trend Micro would address the issue before State performed an upgrade to the latest version of the mail filtering software. A State Department contractor support tech confirmed that two filters needed to be shut off in order to temporarily fix the problem -- a measure that State's IT team took with some trepidation, because the filters had "blocked malicious content in the recent past." It's not clear from the thread that the issue was ever satisfactorily resolved, either with SMEX 8 or SMEX 10.

Read more of this story at Slashdot.

Categories: Tech/Science News

HTML5 Ads Aren't That Safe Compared To Flash, Experts Say

Slashdot - Fri, 06/24/2016 - 02:05
An anonymous reader writes: [Softpedia reports:] "A study from GeoEdge (PDF), an ad scanning vendor, reveals that Flash has been wrongly accused as the root cause of today's malvertising campaigns, but in reality, switching to HTML5 ads won't safeguard users from attacks because the vulnerabilities are in the ad platforms and advertising standards themselves. The company argues that for video ads, the primary root of malvertising is the VAST and VPAID advertising standards. VAST and VPAID are the rules of the game when it comes to online video advertising, defining the road an ad needs to take from the ad's creator to the user's browser. Even if the ad is Flash or HTML5, there are critical points in this ad delivery path where ad creators can alter the ad via JavaScript injections. These same critical points are also there so advertisers or ad networks can feed JavaScript code that fingerprints and tracks users." The real culprit is the ability to send JavaScript code at runtime, and not if the ad is a Flash object, an image or a block of HTML(5) code.

Read more of this story at Slashdot.

Categories: Tech/Science News

Internet Trolls Hack Popular YouTube Channel WatchMojo

Slashdot - Fri, 06/24/2016 - 01:20
An anonymous reader writes: WatchMojo, one of the most popular channels of YouTube with over 12 million subscribers, has been hacked. Subscribers of one of YouTube's most popular channels, WatchMojo, were greeted with an unusual surprise on Wednesday evening, as a couple of hackers, known only as Obnoxious and Pein, hacked the lineup of the channel's videos. The two hackers then proceeded to rename almost all of WatchMojo's videos with the title "HACKED BY OBNOXIOUS AND PEIN twitter.com/poodlecorp." Since the channel was compromised, the hackers have uploaded two new videos, "Top 5 Facts About the Yakuza," and a video about Neanderthal myths. Apart from these, however, the hackers have not touched anything else on the channel. Though, most of WatchMojo's videos still remain hacked as of writing. The popular channel announced that it is fully aware of the hack. WatchMojo further stated that it has already contacted YouTube about the incident and that it is already starting to fix the changes to its videos.

Read more of this story at Slashdot.

Categories: Tech/Science News

SanDisk Made an iPhone Case With Built-In Storage

Slashdot - Fri, 06/24/2016 - 00:40
An anonymous reader writes: SanDisk has made its iXpand Memory Case to alleviate the problem that Apple creates when they release an iPhone in 2016 with only 16GB of on-board storage. The iXpand Memory Case is an iPhone case with flash storage built directly into the case itself that connects/charges via the Lightning port. You won't need a new phone and you won't need to carry around an extra charging dongle, which is the case for many other third-party cases and accessories. Since Apple doesn't make expanding your storage with third-party devices easy, you will need to download/install the companion SanDisk iXpand Memory Case app on your iPhone, which will automatically back-up your camera roll and password-protect your photos and files. If you need some extra juice, you can spend an extra $40 to receive a 1900mAh battery pack that attaches to the case. The iXpand Memory Case is only available with the iPhone 6 and 6s and is available with 32GB, 64GB, and 128GB of extra flash storage for $59, $99, and $129, respectively. Oh, and of course there are varying color options: Red, Grey, Sky and Mint. Maybe your phone battery is running low (God-forbid it is dead) and you just so happen to be nearby a KFC in Delhi or Mumbai, KFC has you covered. They have introduced a meal box that doubles as a smartphone charger.

Read more of this story at Slashdot.

Categories: Tech/Science News

Federal Court: The Fourth Amendment Does Not Protect Your Home Computer

Slashdot - Fri, 06/24/2016 - 00:00
An anonymous reader writes: The EFF reports that a federal court in Virginia today ruled that a criminal defendant has no "reasonable expectation of privacy" in his personal computer (PDF), located inside his home. The court says the federal government does not need a warrant to hack into an individual's computer. EFF reports: "The implications for the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all. To say the least, the decision is bad news for privacy. But it's also incorrect as a matter of law, and we expect there is little chance it would hold up on appeal. (It also was not the central component of the judge's decision, which also diminishes the likelihood that it will become reliable precedent.) But the decision underscores a broader trend in these cases: courts across the country, faced with unfamiliar technology and unsympathetic defendants, are issuing decisions that threaten everyone's rights.

Read more of this story at Slashdot.

Categories: Tech/Science News

Boston Dynamics' SpotMini Is All Electric, Agile, and Has A Capable Face-Arm

Slashdot - Thu, 06/23/2016 - 23:20
An anonymous reader writes: Boston Dynamics has shown the world their "fun-sizeified version of their Spot quadruped," the SpotMini robot. It's a quiet, all electric machine that features a googley-eyed face-arm. IEEE Spectrum notes some observations made from watching their YouTube video. First of all, the SpotMini appears to be waterproof and doesn't rely on hydraulics like the other more powerful robots of theirs. The SpotMini is likely operated by a human, and is not autonomous, though the self-righting could be an autonomous behavior. The video appears to show two separate versions of the SpotMini: an undressed and dressed variant (it's hard to tell if the "dressed" variant features differing components/abilities). There is a MultiSense S7 video camera on the front, some other camera-based vision system on the front, a butt-mounted Velodyne VLP-16 system, and what may be a small camera on the face-arm's mouth. One particularly noteworthy observation is that during much of the video, the SpotMini is traversing through a house. In other Boston Dynamics demo videos, the robots are outside. The author of the report says, "[...] it wouldn't surprise me if we're looking at an attempt to make an (relatively) affordable robot that can do practical things for people who aren't in the military."

Read more of this story at Slashdot.

Categories: Tech/Science News

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer