Despite being full of techies and people doing interesting things with portable devices, you don’t want to have an active radio on you within a quarter-mile of DEFCON. The apps on your phone leak personal data onto the Internet all the time, and the folks at DEFCON’s Wall Of Sheep were very successful in getting a few thousand usernames and passwords for email accounts.
Blackphone is designed to be the solution to this problem, so when we ran into a few members of the Blackphone crew at DEFCON, we were pretty interested to take a quick peek at their device.
The core functionality for the Blackphone comes from its operating system called PrivatOS. It’s a fork of Android 4.4.2 that is supposed to seal up the backdoors found in other mobile phones. There’s also a bundle of apps from Silent Circle that give the Blackphone the ability to make encrypted phone calls, texts (with file sharing), and encrypted and password protected contact lists.
The hardware for the Blackphone is pretty impressive; a quad-core Nvidia Tegra provides all the power you need for your apps, video, and playing 2048, a 2000mAh battery should provide enough juice to get you through a day or two (especially since you can turn off cores), and the usual front/rear cameras, GPS, 802.11bgn and GSM and HSPA+/WCDA radios means this phone will be useable on most networks.
Based on data gathered over the first six months of 2014, security researchers from IBM X-Force predict that the number of publicly reported vulnerabilities will drop to under 8,000 this year, a first since 2011.
While the majority of flaws disclosed so far fall into the medium-risk category, the IBM researchers said that the widely used system to rate their severity often fails to reflect the real risk they pose to users.
Over the first half of the year, the IBM X-Force team collected reports about 3,900 security vulnerabilities from advisories published by software vendors, security industry mailing lists and other sources. If vulnerability disclosures continue at the same rate, the number of flaws reported in 2014 will fall under 8,000, several hundred less than in each of the previous two years, the team said in a report released this week.
Earlier this month we reported how media conglomerate ABS-CBN is going after several website owners who link to pirated streams of its programming.
The Philippines-based company filed a lawsuit at a federal court in Oregon looking for millions of dollars in damages from two local residents. The court case has barely started but that didn’t prevent ABS-CBN from using its journalistic outlet to taint public opinion.
In a news report released by its American branch, the company slams the defendants who they align with hardcore criminals.
The coverage is presented as news but offers no balance. Instead it frames online piracy as a threat to everyone, with billions of dollars in losses that negatively impact America’s education and health care budgets.
But it gets even worse. It’s not just public services that are threatened by online piracy according to the news outlet, national security is at stake as well.
“Piracy actually aids and abets organized crime. Gangs and even terrorist groups have reportedly entered the piracy market because the penalties are much lighter than traditional crimes such as drug dealing – and the profit could be much higher,” ABS-CBN’s senior reporter Henni Espinosa notes.
It’s not the first time that we have heard these allegations. However, for a news organization to present them without context to further its own cause is a line that not even the MPAA and RIAA would dare to cross today.
The Los Angeles County Sheriff’s Department, on the other hand, has also noticed the link with organized crime and terrorism.
“[Piracy is] supporting their ability to buy drugs and guns and engage in violence. And then, the support of global terrorism, which is a threat to everybody,” LA County Assistant Sheriff Todd Rogers tells the new outlet.
Los Angeles County police say that piracy is one of their top priorities. They hope to make the local neighborhoods a little safer by tracking down these pirates and potential terrorists.
“To identify bad guys that we need to take out of the community so the rest of the folks can enjoy their neighborhood and their families,” Rogers concludes.
Since the above might have to sink in for a moment, we turn to the two Oregon citizens who ABS-CBN based the report on. Are Jeff Ashby and his Filipina wife Lenie Ashby really hardcore criminals?
Based on public statistics the five sites they operated barely had any visitors. According to Jeff he created them for his wife so she could enjoy entertainment from her home country. He actually didn’t make any copies of the media but merely provided links to other websites.
‘I created these websites for my wife who is from the Philippines, so she and others who are far from the Philippines could enjoy materials from their culture that are otherwise unavailable to them, Jeff Ashby wrote to the court.
“Since these materials were already on the web, we did not think there would-be a problem to simply link to them. No content was ever hosted on our server,” he adds.
The websites were all closed as soon as the Oregon couple were informed about the lawsuit. They regret their mistake and say they didn’t know that it could get them into trouble, certainly not $10 million worth of it.
So are these really the evil drug lords or terrorists the Los Angeles County Sheriff’s Department and ABS-CBN are referring to?
I made it back from DEFCON with both my phone and tablet intact, but I’m happy I didn’t bring a light bulb. You see, if had brought a light bulb, and that light bulb was a smart LED bulb running Linux, it might be running someone else’s software by now.
Right now, there are hundreds of companies churning out “Internet of Things” (IoT) devices as fast as they can. The people slapping these devices together are often doing things on a shoestring budget, with an incomplete understanding of the full potential of their components, and rarely any eye toward security.
Some visitors to several high-profile websites last week were redirected to browser exploits that installed malware on their computers because of malicious advertisements on those sites.
The attack affected visitors to Java.com, Deviantart.com, TMZ.com, Photobucket.com, IBTimes.com, eBay.ie, Kapaza.be and TVgids.nl between Aug. 19 and Aug. 22, according to researchers from Dutch security firm Fox-IT.
"These websites have not been compromised themselves, but are the victim of malvertising," the researchers said Wednesday in a blog post. "This means an advertisement provider, providing its services to a small part of a website, serves malicious advertisement aimed at infecting visitors with malware."
We’ve written many great articles that detail time. We talked about how we know it exists, its function in entropy, when it came into being etc. However, one theory suggests that time doesn’t exist at all. This hypothesis postulates that instead of time being an absolute part of the spacetime continuum, or the “fourth dimension,” time is a needless and arbitrary human construct.
Similarly, proponents of this theory believe that the natural world can better be explained if we remove time from the equation and start thinking of it as the numerical order of change instead. This idea is favorable to a lot of laypeople, but most scientists generally dismiss the notion without much thought.
In this video, New Scientist discusses time and how it operates in relation to space and the physics of our universe (what we understand and what we are still missing). Ultimately, in order to understand the laws that govern our universe, and develop a valid “theory of everything,” we need to understand the true nature of time. So take a moment to get to know it a little better:
Watch: Why Space and Time Have A Secret Connection
A relative latecomer to The Hackaday Prize, [AltMarcxs] has nevertheless come up with a very interesting tool for fabrication, the likes of which no one has ever seen before. It’s a rotating laser soldering paste applicator, meant to be an add-on to a CNC machine. What does it do? RIght now it looks extremely cool while being an immense time sink for [AltMarcxs], but the potential is there for being much more than that, ranging from a pick and place machine that also dispenses solder paste, to the closest thing you’ll ever get to a carbon fiber printer.
[AltMarcxs]‘s build consists of two 3W laser diodes focused just beyond the tip of the syringe. The syringe dispenses solder paste, and rotating the diodes around, [Alt] is able to put a melted solder blob anywhere on a piece of perfboard. He put up a reasonably well focused video demonstrating this.
With a few homebrew pick and place machines making the semifinalist cut for The Hackaday Prize, it’s easy to see the utility of something like this: Putting a board in a machine, pressing a button, and waiting a bit for a completely populated and soldered board is a dream of the electronic hobbyist rivaled only by a cheap and easy way to make PCBs at home. [AltMarxcs]‘s machine could be one step on the way to this, but there are a few other ideas he’d like to explore first.
The build also has wire feeders that allow a bit of copper wire to be soldered to the newly formed metal blob. There are plans to replace this with a composite fiber, replace the paste in the syringe with a UV resin, cut the fiber and cure the resin with the laser, and build something much better than other carbon fiber 3D printers we’ve seen before.
CSO is conducting its annual “State of the CSO” survey with the objective of defining the security agenda for the coming year as the role of the security professional continues to evolve in today’s business climate. Please take a few minutes to share your opinions and sign up to receive a summary report of the survey results when completed.
Results will be published in an upcoming article on CSOonline.com. Your answers are confidential and will only be reported in combination with those of other survey respondents.
When it comes to the heated piracy debate the opinions of Hollywood are usually spoken in clear terms, with all the big companies singing from the same sheet. Piracy is universally bad, the studios chant in unison, a line from which few dare to deviate.
However, when someone in Hollywood does break ranks, it’s always worth listening to what they have to say.
Just recently movie director Lexi Alexander has been shaking things up with comments not only supporting jailed Pirate Bay founder Peter Sunde, but also those that blame studio bosses for leaks of movies such as The Expendables 3.
Today Alexander has delivered perhaps her most controversial revelation yet, news which suggests that direct leverage of piracy helped a major network get its own streaming services off the ground with much reduced costs.
The report comes from a contact of Alexander’s working in the industry. She’s keeping his identity a secret so as not to jeopardize his career, but his revelations are quite an eye opener.
“Many years ago, I was employed at one of the Major Networks in an R&D capacity. What our team was tasked with was figuring out how to build streaming networks. Building a parallel to the broadcast networks where a program could be digitized and then never go back to the analog world again,” he told Alexander.
“[W]hen you’re working at the level of a network, there’s too much to be done by hand, and you have to design systems. For digitizing. Transcoding. Asset management. Dealing with different audio mixes. Subtitles. Error correction. Multi-bit rate streaming for a wide variety of clients. Evolving formats and containers.”
Clearly the job of transitioning to the digital domain presented significant challenges that needed to be overcome. However, R&D workers needed experience to solve these problems and according to the insider that was obtained in a most unorthodox fashion.
“We were all pirates. I’m not saying we leaked material to the internet – nobody was that crazy. But everyone illegally downloaded media. We traded tips on our setups, best practices, the most efficient tools and workflows. Everyone was downloading illegally. The VPs. The head of content security. EVERYONE.”
Of course, any major expenditure such as creating new networks would have to be passed off by the powers that be, something that could take years. But while those holding the purse-strings were deep in thought, time wasn’t being wasted down in R&D. In the pirate world, experiments were taking place.
“We honed our skills, our design ideas, our workflow concepts in illegal waters. So when we finally got the greenlight to build something, we knew what we were doing. We were fluent,” the insider said.
This unofficial training led to huge savings for the network, slashing R&D costs while bringing products more quickly to market. Alexander’s contact notes that these savings as a result of piracy are a far cry from the losses Hollywood prefers to talk about.
“So when I look at all the complaints about piracy costing corporations billions of dollars, all I can think about is the billions of free R&D the corporations have received from the pirate economy. Of all the money and resources we were not given by our bosses, which led us to solve problems with the tools that were available to us,” he concludes.
Finally, it appears that Lexi Alexander isn’t done yet. She’s now inviting others to come forward with their own anonymous “anti-piracy hypocrisy stories”. Better get the popcorn, this could get interesting.
At present we don't know who the girl is, or where she's from. Or how she picked up such rude language. It seems a safe bet she's from the Midlands, and as you can see from the comments in this thread, probably the Black Country rather than Birmingham.
Routers manufactured by Netcore and sold worldwide under Netis brand have a wide-open backdoor that can be fairly easily exploited by threat actors.
Experts at TrendMicro discovered that routers manufactured by Chinese security vendor and sold under the brand name Netcore in China have a hard-coded password. The hard-coded password allows attackers to access user’s traffic with a backdoor, the Netcore routers are also sold in other countries, including South Korea, Taiwan, Israel and United States, under the brand Netis.
Netis routers provide the best wireless transfer speed up to 300Mbps, offering a better performance for different applications like video streaming and VoIP phone calling.
As explained in the blog post published by Tim Yeh, Threat Researcher at Trend Micro, bad actors could exploit the backdoor to bypass router security and to run malicious code on device or change settings.
“This backdoor is “protected” by a single, hardcoded password located in the router’s firmware. Netcore/Netis routers appear to all have the same password. This “protection” is essentially ineffective, as attackers can easily log into these routers and users cannot modify or disable this backdoor. Almost all Netcore/Netis routers appear to have this vulnerability, based on the information we examined.”states the post.
The backdoor discovered by experts is an open UDP port, accessible from the WAN side of the router, listening at port 53413. The presence of the backdoor allows attackers to compromise the Netcore router if it is accessible from the Internet just knowing the password hardcoded into the firmware. This attack scenario is common for almost all residential and SMB users, exploiting the backdoor the threat actors could upload or download malicious code, change device settings, run a man-in-the-middle (MitM) attack to eavesdrop the user’s internet communication and steal sensitive information.
In the following image is reported the output Netstat tool which reports the Local addressed for the web admin and backdoor ports.
Netcore – Netis routers are known for providing the best wireless transfer speed up to 300Mbps, offering a better performance on online gaming, video streaming, and VoIP phone calling.
An additional element of concern it that Netcor – Netis routers have all the same password and the backdoor cannot be changed or disable. The security issue has an impact on millions of devices worldwide, this is the number of routers discovered online with a large scale scanning. It is quite easy to discover vulnerable Netcore – Netis routers with an ordinary port scan searching for the above UDP port open.
“Using ZMap to scan vulnerable routers, we found more than two million IP addresses with the open UDP port,” “Almost all of these routers are in China, with much smaller numbers in other countries, including but not limited to South Korea, Taiwan, Israel, and the United States.” Yeh wrote in the post.
Experts at Trend Micro also discovered that a configuration file containing the credentials for the web-based administration panel on the router is stored in clear text and for accessible to attackers.
The post closes with a bad news for Netcore – Netis owners as explained by Yeh:
“Users have relatively few solutions available to remedy this issue. Support for Netcore routers by open source firmware like dd-wrt and Tomato is essentially limited; only one router appears to have support at all. Aside from that, the only adequate alternative would be to replace these devices,”
Artist rendering of WISE J0855-0714 (Image Credit: Rob Gizis, Cuny, BMCC)
Life, as we’ve seen, is an extraordinarily rare thing. So rare, in fact, that out of the thousands of exoplanets we’ve found, not a single one of them could indisputably host our kind of life. However, the prerequisites are kind of simple on the surface. Carbon-based lifeforms clearly demand carbon and the presence of liquid water as well, yet, for something so incredibly prevalent on Earth, water is a scarce resource out in the cosmos. In fact, only a small number of planets have trace amounts of it at all.
If a new discovery is confirmed, it would be one heck of an important milestone for astronomers. The world this find revolves around, called WISE J0855-0714, is situated approximately 7.3 light-years from Earth (within spitting distance, cosmologically speaking, of course). It’s not your average, run-of-the-mill planet, but a brown dwarf (or a “failed star”). These heavy weights are too massive to qualify as planets, but not massive enough to collapse under their own gravity, or sustain nuclear fusion within the core.
Oddly enough, our brown dwarf isn’t a new discovery per se, but one that was dug out of the archives of NASA’s Wide-field Infrared Survey Telescope (known as ‘WISE’ for short). You might remember it as the “star” about ten times more massive than Jupiter that’s so cold, it’s not only the coldest star ever found, it’s a smidge colder than ice.
An Oasis in a Cosmic Desert?
Reports have emerged that astronomers could have detected water within the tumultuous clouds of this neighboring brown dwarf’s atmosphere, which is a first. The find was made using the 6.5-meter Magellan Baade telescope located in Chile. Jacqueline Faherty — an astronomer from the Carnegie Institution for Science in Washington, D.C — gathered over 151 images of the lone star at near-infrared wavelengths. Then, she compared those images to atmospheric models that deal with the inner-workings of brown dwarfs, specifically looking at the radiation they emit, which ultimately brought up the tantalizing possibility that this object might harbor a decent concentration of water.
Artist impression of a storm brewing in the clouds of a brown dwarf. (Art by Jon Lomberg)
“It’s incredibly interesting,” said Jonathan Fortney of the University of California, Santa Cruz, an astronomer who played a crucial role in the development of the brown dwarf models used by Faherty. “It’s tentative,” he clarified in an interview with Science News, “but it’s the first evidence for water clouds outside our solar system.”
Now, it’s important to make the distinction that we HAVE found water before in the atmosphere of a planet beyond our local neighborhood, but not water in the normal sense. Rather, we’ve found exoplanets with water vapor (another planet has water in plasma form). This time, the water lies within the clouds themselves. Fortney asserts that the clouds might even be situated in the atmosphere in a manner similar to Earth, with mostly clear skies and patches of clouds scattered throughout.
What the Future Holds:
As sophisticated as current telescopes are, they still aren’t powerful enough to acquire a closer look at the spectra of WISE J0855-0714 to confirm the tentative findings, but we CAN be certain about one thing.. and that one thing is that WISE J0855-0714 isn’t remotely habitable, even if it does have water. Not only is it mostly a big ball of gas, with pressures strong enough to kill a human, but its weather patterns would also make Jupiter’s Great Red Spot seem like an idea vacation destination.
An artist’s rendition of the weather on a brown dwarf. (Credit: NASA/JPL-Caltech/University of Western Ontario/Stony Brook University)
By mapping the variations in the faint light such objects emit (most of it can only be seen in the infrared portion of the electromagnetic spectrum), we’ve been able to deduce that, on some brown dwarfs, there might be “rain” composed of sand and salts, perhaps even molten iron (add some lightning to the equation and you get Dante’s 9th circle of hell). Traditional rain is pretty much out of the question though. Given how hot the temperatures would be (generally speaking, not in the case of THIS particular dwarf star) in most upper atmospheres, water-based weather is rendered implausible, if not entirely impossible.
In 2018, Hubble’s successor, the James Webb Telescope, is set to take to the skies. Being that it will be the most powerful telescope ever hoisted into space, it could help shed further light on this object.
The research has been published in the Astrophysical Journal Letters.
We recently saw the expiration of Windows XP come and go. Now it is time for system admins to start thinking about the eventual demise of Windows 2003. When might you ask is that going to happen? In 322 days from now support for this platform will end on July 14, 2015.
I remember when Windows 2003 first started to roll out in enterprises. Here we are 11 years later and I can safely imagine that there will be a far worse situation than the one that we witnessed with the end of support for Windows XP. Think about it for a moment. It is fairly simple by comparison to move a desktop operating system to something new but, moving a server takes a little more effort.
What’s involved to move your application to a new platform? Will your application be supported on the new platform? Have you considered regression testing? What kind of workload do your applications generate? And more importantly, what are the security implications of moving your application to a new operating system?