Monthly Archives: December 2015

Cox Is Liable for Pirating Subscribers, Ordered to pay $25 million

Posted on by
Reply

Internet provider Cox Communications is responsible for the copyright infringements of its subscribers, a Virginia federal jury has ruled. The ISP is guilty of willful contributory copyright infringement and must pay music publisher BMG $25 million in damages.

cox-logoToday marks the end of a crucial case that will define how U.S. Internet providers deal with online piracy in the future.

Following a two-week trial a Virginia federal jury reached a verdict earlier today (pdf), ruling that Cox is guilty of willful contributory copyright infringement.

The case was initiated by BMG Rights Management, which held the ISP responsible for tens of thousands of copyright infringements that were committed by its subscribers.

During the trial hearings BMG revealed that the tracking company Rightscorp downloaded more than 150,000 copies of their copyrighted works directly from Cox subscribers.

It also became apparent that Cox had received numerous copyright infringement warnings from Rightscorp which it willingly decided not to act on.

The case was restricted to 1,397 copyrighted works and a six-person jury awarded #25 million in damages. The award is lower than the statutory maximum, which would have been over $200 million.

Source: Cox Is Liable for Pirating Subscribers, Ordered to pay $25 million – TorrentFreak

Apart from the sum, which is amazing, the way the information was collected (downloading directly from subscribers) is in itself a form of piracy and therefore this evidence, being illegal, must be inadmissable?

Ted Cruz campaign using firm that harvested data on millions of unwitting Facebook users

Posted on by
Reply

Ted Cruz’s presidential campaign is using psychological data based on research spanning tens of millions of Facebook users, harvested largely without their permission, to boost his surging White House run and gain an edge over Donald Trump and other Republican rivals, the Guardian can reveal.

A little-known data company (Cambridge Analytica), now embedded within Cruz’s campaign and indirectly financed by his primary billionaire benefactor, paid researchers at Cambridge University to gather detailed psychological profiles about the US electorate using a massive pool of mainly unwitting US Facebook users built with an online survey.
Facebook
Twitter
Pinterest
Watch the Guardian’s sit-down interview with Ted Cruz: ‘Minorities suffer when police are vilified’

As part of an aggressive new voter-targeting operation, Cambridge Analytica – financially supported by reclusive hedge fund magnate and leading Republican donor Robert Mercer – is now using so-called “psychographic profiles” of US citizens in order to help win Cruz votes, despite earlier concerns and red flags from potential survey-takers.

Source: Ted Cruz campaign using firm that harvested data on millions of unwitting Facebook users

MIT Creates messaging system which becomes unsniffable through chaffing data: Vuvuzela

Posted on by
Reply

Vuvuzela relies on dummy traffic to hide the real connections

Before it’s decided where to store its content, the message goes through different servers, which send out dummy traffic to all interconnected users.

The server notifies the recipient that there’s a message for them, the user then goes to retrieve it, also passing through different mailboxes to get at the message’s location. When a connection is made through one of these mailboxes by a recipient searching for their message, each of these servers sends out dummy network packets on the network.

With so much fake traffic, and with senders and recipients moving past their destinations to intentionally create even more fake traffic after they’ve left or retrieved the actual message, you can only imagine how much data an attacker would have to sniff out before getting a clue of who’s talking to whom.

MIT researchers claim that attackers can even infiltrate more than half of its mailbox network, but if at least one mailbox server is left intact, users will be able to safely communicate because of all the fake traffic.

Source: MIT Creates Untraceable Anonymous Messaging System Called Vuvuzela

Latest Philips Hue update closes the system, makes it impossible to connect other ZigBee lights

Posted on by
Reply

Haven’t they learned from Apple? Closing your system makes users run for more open products. Not a good idea, Philips, I’m not buying this anymore!

De laatste firmware-update voor de Philips Hue bridge brengt een onaangekondigde wijziging. Slimme lampen van andere fabrikanten kunnen niet langer gekoppeld

Source: Philips Hue wordt een gesloten systeem

UK citizens may soon need licenses to photograph some stuff they already own

Posted on by
Reply

Copyright strikes again, with photographers and publishers hit particularly hard.

Changes to UK copyright law will soon mean that you may need to take out a licence to photograph classic designer objects even if you own them. That’s the result of the Enterprise and Regulatory Reform Act 2013, which extends the copyright of artistic objects like designer chairs from 25 years after they were first marketed to 70 years after the creator’s death. In most cases, that will be well over a hundred years after the object was designed. During that period, taking a photo of the item will often require a licence from the copyright owner regardless of who owns the particular object in question.

Source: UK citizens may soon need licenses to photograph some stuff they already own

What is with these people? Are they determined to kill creativity and innovation? How can they possibly justify these kinds of period? Really? After the creator’s death? Why doesn’t the creator have to work daily like the rest of us? 5 years max, please. Nutters. This is an agenda being pushed by rich people who want to keep getting richer without having to do anything for it.

Kazakhstan may enact law to install false national security certificate on PCs – brouhaha

Posted on by
Reply

There is a lot of this on the internet but I’m not sure it’s true as it’s all based on something that was posted on a telcos site and removed, so all the sources link to a google cache site. It’s not clear how this would be implemented and whether users would somehow be forced to use this certificate and how that would work. How do you get all the clients to do it? I’m doubtful.

Source: Kazakhstan’s New Encryption Law Could Be a Preview of U.S. Policy

Hundreds of thousands of engine immobilisers hackable over the net

Posted on by
Reply

Kiwi hacker Lachlan Temple has found holes in a popular cheap car tracking and immobilisation gadget that can allow remote attackers to locate, eavesdrop, and in some cases cut the fuel intake to hundreds of thousands of vehicles, some while in motion.

the flaws allow attackers who log into any account — including a universal demonstration account – to log into any of the 360,000 units ThinkRace claims it sold without need of a password.

Source: Hundreds of thousands of engine immobilisers hackable over the net

Basically he increments the cookie.

First ever EU rules on cybersecurity

Posted on by
Reply

Transport and energy companies will have to ensure that the digital infrastructure that they use to deliver essential services, such as traffic control or electricity grid management, is robust enough to withstand cyber-attacks, under new rules provisionally agreed by internal market MEPs and the Luxembourg Presidency of the EU Council of Ministers on Monday.
[…]
Moreover this directive marks the beginning of platform regulation
[…]
MEPs put an end to current fragmentation of 28 cybersecurity systems by listing sectors – energy, transport, banking, financial market, health and water supply – in which critical service companies will have to ensure that they are robust enough to resist cyber-attacks. These companies must also be ready to report serious security breaches to public authorities.

Member states will have to identify concrete “operators of essential services” from these sectors using certain criteria: whether the service is critical for society and the economy, whether it depends on network and information systems and whether an incident could have significant disruptive effects on its provision or public safety.

In addition, some internet services providers, such as online marketplaces (e.g. eBay, Amazon), search engines (e.g. Google) and clouds, will also have to ensure the safety of their infrastructure and to report on major incidents. Micro and small digital companies will get an exemption, the deal says.

In addition, a network of Computer Security Incidents Response Teams (CSIRTs), set up by each member state to handle incidents, will have to be established to discuss cross border security incidents and identify coordinated responses.

Source: First ever EU rules on cybersecurity

This does give member states a large amount of power over sectors they deign to call essential – they can burden these companies with huge administrative overhead and crush them that way, with the only recourse being the expensive EU courts.

AVG, McAfee, Kaspersky Fix Common Vulnerability in Their Antivirus Products

Posted on by
Reply

The security bug relates to the fact that the AVG antivirus creates a memory space with full RWX (read-write-execute) privileges where it normally runs. For that particular version of the AVG antivirus, this memory space was not randomized and was often shared with other applications, like, for example, Acrobat Reader or the enSilo product that collided with the antivirus.

If an attacker knew about the antivirus’ predictable behavior and where this address space was, they could force their malicious code to execute inside that memory address and have the same privileges as the antivirus process (which is system-level).

Source: AVG, McAfee, Kaspersky Fix Common Vulnerability in Their Antivirus Products

77000 Valve accounts get hacked per month

Posted on by
Reply

We see around 77,000 accounts hijacked and pillaged each month. These are not new or naïve users; these are professional CS:GO players, reddit contributors, item traders, etc. Users can be targeted randomly as part of a larger group or even individually. Hackers can wait months for a payoff, all the while relentlessly attempting to gain access. It’s a losing battle to protect your items against someone who steals them for a living.

Source: News – Security and Trading

Why people think total nonsense is really deep

Posted on by
Reply

The precise reasons that people see profundity in vague buzzwords or syntactic but completely random sentences are unknown. Some people might not realize the reason they don’t understand something is simply because there is nothing to understand. Or they might just approach things they hear and read less skeptically.

There are also a few characteristics that seem to correlate with those who are more prone to pseudo-profound language. Specifically, the researchers tested willingness to accept pseudo profound statements along with a host of other personality characteristics. As they describe:

Those more receptive to bull**** are less reflective, lower in cognitive ability (i.e., verbal and fluid intelligence, numeracy), are more prone to ontological confusions [beliefs in things for which there is no empirical evidence (i.e. that prayers have the ability to heal)] and conspiratorial ideation, are more likely to hold religious and paranormal beliefs, and are more likely to endorse complementary and alternative medicine.

Source: Why people think total nonsense is really deep – The Washington Post

GCHQ can hack your systems at will – thanks to ‘soft touch’ oversight, judges not needed thanks

Posted on by
Reply

Privacy International battle exposes ‘bulk’ warrants

Documents released by GCHQ to the Investigatory Powers Tribunal suggest the agency may be allowed to hack multiple computers in the UK under single “thematic” or “class” warrants.

Responding to complaints brought by Privacy International and seven global internet and communication service providers, the British spy agency told the tribunal it was applying for bulk hacking warrants from secretaries of state and then deciding internally whether it was necessary and proportionate to hack the individuals targeted.

Source: GCHQ can hack your systems at will – thanks to ‘soft touch’ oversight

Physicists make transparent conductors by means of stamping and growing

Posted on by
Reply

The researchers based the new process on a combination of two existing techniques. Using the stamping technique ‘Substrate Conformal Imprint Lithography’, which originates from a collaboration between Philips and AMOLF, they stamped a pattern in a thin layer of plastic on top of a glass substrate. The result looks much like a nanoscale landscape: a surface that is crisscrossed with interconnecting channels. The researchers subsequently filled the minuscule channels with silver using a chemical process known as the ‘Tollens’ reaction’. After removing the plastic, a conductive silver grid remains on the glass substrate. The patterns of this conductor are smaller than the wavelength of light; as a result, they do not reflect any colours from the visible spectrum. This property makes the conductor transparent. […] the technique has a conductivity three times as high as a conventional method based on the evaporation of metals

Source: Physicists make transparent conductors by means of stamping and growing

Epic failure of Phone House & Dutch telecom providers to protect personal data: How I could access 12+ million records #phonehousegate

Posted on by
Reply

A litany of unsecured portals with generic usernames, sometimes no passwords at all, personnel allowing views of unencrypted Google docs with passwords…

Source: Epic failure of Phone House & Dutch telecom providers to protect personal data: How I could access 12+ million records #phonehousegate | Weblog | Sijmen Ruwhof

Hacker Leaks Customer Data After a United Arab Emirates Bank Fails to Pay Ransom

Posted on by
Reply

A hacker is releasing customer records after a bank in the United Arab Emirates refused to pay a ransom of $3 million in bitcoins.

Most of the bank’s customers, however, did not learn that their data had been stolen and published online until the newspaper contacted them.

Files purporting to come from the hacker, and viewed by WIRED, appear to show bank customer credit card transactions for purchases made at retailers and restaurants around the world, including the US. The records include the credit card number, amount of purchase and authorization code, though not the customer name. Other files purport to show the balances on 50,000 bank cards. Some of the files are Excel spreadsheets; others appear to be entire SQL databases stolen by the hacker.

Source: Hacker Leaks Customer Data After a United Arab Emirates Bank Fails to Pay Ransom

Uruguay makes dramatic shift to nearly 95% electricity from clean energy

Posted on by
Reply

now that renewables provide 94.5% of the country’s electricity, prices are lower than in the past relative to inflation. There are also fewer power cuts because a diverse energy mix means greater resilience to droughts.It was a very different story just 15 years ago. Back at the turn of the century oil accounted for 27% of Uruguay’s imports and a new pipeline was just about to begin supplying gas from Argentina.Which countries are doing the most to stop dangerous global warming?Now the biggest item on import balance sheet is wind turbines, which fill the country’s ports on their way to installation.Biomass and solar power have also been ramped up. Adding to existing hydropower, this means that renewables now account for 55% of the country’s overall energy mix (including transport fuel) compared with a global average share of 12%.

Source: Uruguay makes dramatic shift to nearly 95% electricity from clean energy | Environment | The Guardian