Piracy

Pirate Bay Browser Streaming Technology Is a Security and Privacy Nightmare (softpedia.com) 32

An anonymous reader writes: Last week the Pirate Bay added support for streaming video torrents inside the browser in real-time. Kickass Torrents followed the next week. The technology they used is called Torrents Time. A security researcher has discovered that this technology which is a mix of client and server side code is actually a security and user privacy disaster. Attackers can carry out XSS attacks on TPB and KAT, the app runs on Mac as root, attackers can hijack downloads and force malicious code on the user's PC, and advertisers can collect info on any user that has Torrents Time installed.
Networking

UCL Scientists Push 1.125Tbps Through a Single Coherent Optical Receiver 13

Mark.JUK writes: A team of researchers working in the Optical Networks Group at the University College London in England claim to have achieved the "greatest information rate ever recorded using a single [coherent optical] receiver", which was able to handle a record data speed of 1.125 Terabits per second (Tbps). The result, which required a 15 sub-carrier 8GBd DP-256QAM super-channel (15 channels of data) and total bandwidth of 121.5GHz, represents an increase of 12.5% relative to the previous record (1Tbps). Now they just need to test it using some long fibre optic cable because optical signals tend to become distorted when they travel over thousands of kilometers.
Firefox

Pwn2Own 2016 Won't Attack Firefox (Because It's Too Easy) (eweek.com) 106

darthcamaro writes: For the last decade, the Pwn2own hacking competition has pitted the world's best hackers against web browsers to try and find zero-day vulnerabilities in a live event. The contest, which is sponsored by HPE and TrendMicro this year, is offering over half a million dollars in prize money, but for the first time, not a penny of that will directed to Mozilla Firefox. While Microsoft Edge, Google Chrome and Apple Safari are targets, Firefox isn't because it's apparently too easy and not keeping up with modern security: "'We wanted to focus on the browsers that have made serious security improvements in the last year,' Brian Gorenc, manager of Vulnerability Research at HPE said."
Security

ZDNet Writer Downplays Windows 10's Phoning-Home Habits 238

jones_supa writes: Gordon F. Kelly of Forbes whipped up a frenzy over Windows 10 when a Voat user found out in a little experiment that the operating system phones home thousands of times a day. ZDNet's Ed Bott has written a follow-up where he points out how the experiment should not be taken too dramatically. 602 connection attempts were to 192.168.1.255 using UDP port 137, which means local NetBIOS broadcasts. Another 630 were DNS requests. Next up was 1,619 dropped connection attempts to address 94.245.121.253, which is a Microsoft Teredo server. The list goes on with NTP, random HTTP requests, and various cloud hosts which probably are reached by UWP apps. He summarizes by saying that a lot of connections are not at all about telemetry. However, what kind of telemetry and data-mined information Windows specifically sends still remains largely a mystery; hopefully curious people will do analysis on the operating system and network traffic sent by it.
Security

Cisco ASA Firewall Has a Wormable Problem — And a Million Installs (csoonline.com) 72

itwbennett writes: Cisco has published an advisory for a vulnerability with a CVSS (Common Vulnerability Scoring System) score of 10 that was discovered by researchers from Exodus Intelligence. According to the advisory, 'a vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.' As CSO's Dave Lewis points out, 'the part of this that is most pressing is that Cisco claims that there are over a million of these deployed.'
And attackers have not been sitting on their thumbs.
Encryption

US Encryption Ban Would Only Send the Market Overseas (dailydot.com) 147

Patrick O'Neill writes: As U.S. legislatures posture toward legally mandating backdoored encryption, a new Harvard study suggests that a ban would push the market overseas because most encryption products come from over non-U.S. tech companies. "Cryptography is very much a worldwide academic discipline, as evidenced by the quantity and quality of research papers and academic conferences from countries other than the U.S.," the researchers wrote.
Bitcoin

Researchers Discover a Cheap Method of Breaking Bitcoin Wallet Passwords (softpedia.com) 92

An anonymous reader writes: Three researchers have published a paper that details a new method of cracking Bitcoin "brain wallet passwords," which is 2.5 times speedier than previous techniques and incredibly cheap to perform. The researcher revealed that by using a run-of-the-mill Amazon EC2 account, an attacker would be able to check over 500,000 Bitcoin passwords per second. For each US dollar spent on renting the EC2 server, an attacker would be able to check 17.9 billion password strings. To check a trillion passwords, it would cost the attacker only $55.86 (€49.63). In the end, they managed to crack around 18,000 passwords used for real accounts.
Networking

Facebook Developing Radio Wave Mesh To Connect Offline Areas (thestack.com) 44

An anonymous reader writes: As part of its wider Internet.org initiative to deliver connectivity to poor and rural communities, Facebook is actively developing a new network technology which uses millimetre wave bands to transmit data. Facebook engineer Sanjai Kohli filed two patents which outlined a 'next generation' data system, which would make use of millimetre wave technology deployed as mesh networks. Kohli's patents detailed a type of centralised, cloud-based routing system which 'dynamically adjusts route and frequency channel assignments, transmit power, modulation, coding, and symbol rate to maximize network capacity and probability of packet delivery, rather than trying to maximize the capacity of any one link.'
Open Source

LibreOffice 5.1 Officially Released 181

prisoninmate writes: After being in development for the last three months or so, LibreOffice 5.1 comes today to a desktop environment near you with some of the most attractive features you've ever seen in an open-source office suite software product, no matter the operating system used. The release highlights of LibreOffice 5.1 include a redesigned user interface for improved ease of use, better interoperability with OOXML files, support for reading and writing files on cloud servers, enhanced support for the ODF 1.2 file format, as well as additional Spreadsheet functions and features. Yesterday, even with the previous version, I was able to successfully use a moderately complex docx template without a hitch — the kind of thing that would have been a pipe-dream not too long ago.
Security

Trane Takes 2 Years To Remove Hard-Coded Root Passwords From IoT Thermostat (softpedia.com) 75

An anonymous reader writes: It took 22 months for Trane to patch three security bugs in its ComfortLink II XL950 smart Wi-Fi thermostat product, the ComfortLink II XL950, a modern IoT device along the lines of Google Nest, which offers a simple way to manage your apartment's or building's internal temperature. Researchers contacted Trane about their three issues in April 2014, the company fixed the RCE flaws in April 2015 and recently released a firmware update at the end of January to fix the last issue. During all this time, the company barely answered emails and continued to sell an exposed product.
Encryption

Federal Bill Could Override State-Level Encryption Bans (thestack.com) 136

An anonymous reader writes: A new bill has been proposed in Congress today by Representatives Ted Lieu (D-Calif.) and Blake Farenthold (R-Tex.) which looks to put a stop to any pending state-level legislation that could result in misguided encryption measures. The Ensuring National Constitutional Rights of Your Private Telecommunications Act of 2016 comes as a response to state-level encryption bills which have already been proposed in New York state and California. These near-identical proposals argued in favour of banning the sale of smartphones sold in the U.S. that feature strong encryption and cannot be accessed by the manufacturer. If these bills are passed, current smartphones, including iPhone and Android models, would need to be significantly redesigned for sale in these two states. Now Lieu and Farenthold are making moves to prevent the passing of the bills because of their potential impact on trade [PDF] and the competitiveness of American firms.
Privacy

Most IT Pros Have Seen Embarrassing Information About Their Colleagues 142

An anonymous reader writes: Often working in isolation, IT teams are still considered to be supporting players in many workplaces, yet the responsibility being placed on them is huge. In the event of a cyber attack, network outage or other major issue, they will typically drop everything to fix the problem at hand. Almost all the respondents (95%) to a new AlienVault survey said that they have fixed a user or executive's personal computer issue during their work hours. In addition, over three-quarters (77%) said that they had seen and kept secret potentially embarrassing information relating to their colleagues' or executives' use of company-owned IT resources.
Facebook

French Gov't Gives Facebook 3 Months To Stop Tracking Non-User Browsers 174

Reader iamthecheese writes RT reports that France's National Commission of Information and Freedoms found Facebook tracking of non-user browsers to be illegal. Facebook has three months to stop doing it. The ruling points to violations of members and non-members privacy in violation of an earlier ruling. The guidance, published last October, invalidates safe harbor provisions. If Facebook fails to comply the French authority will appoint someone to decide upon a sanction. Related: A copy of the TPP leaked last year no longer requires signing countries to have a safe harbor provision.
Crime

Hearthstone Cheats and Tools Spiked With Malware (csoonline.com) 41

itwbennett writes: Cheating at the online card game Hearthstone (which is based on Blizzard's World of Warcraft) can get you banned from the game, but now it also puts you at risk of 'financial losses and system ruin,' writes CSO's Steve Ragan. Symantec is warning Hearthstone players about add-on tools and cheat scripts that are spiked with malware. 'In one example, Hearth Buddy, a tool that allows bots to play the game instead of a human player (which is supposed to help with rank earnings and gold earning) compromises the entire system,' says Ragan. 'Another example, are the dust and gold hacking tools (Hearthstone Hack Tool), which install malware that targets Bitcoin wallets.'
Security

President Obama Unveils $19 Billion Plan To Overhaul U.S. Cybersecurity 185

erier2003 writes: President Obama on Tuesday unveiled an expansive plan to bolster government and private-sector cybersecurity by establishing a federal coordinator for cyber efforts, proposing a commission to study future work, and asking Congress for funds to overhaul dangerously obsolete computer systems. His newly signed executive orders contain initiatives to better prepare college students for cybersecurity careers, streamline federal computer networks, and certify Internet-connected devices as secure. The Cybersecurity National Action Plan also establishes a Federal Privacy Council (to review how the government stores Americans' personal information), creates the post of Chief Information Security Officer, and establishes a Commission on Enhancing National Cybersecurity.

Slashdot Top Deals