background propaganda

A security flaw in popular photo filter and sharing app Instagram could allow hackers to steal user accounts, after it was discovered that certain cookies are sent in plain-text rather than secured. The exploit, discovered by Carlos Reventlov and apparently flagged to the Instagram team in early November, relies on the fact that while log-in and profile editing is done over encrypted links, Computerworld reports, a plain-text cookie is sent to the Instagram servers when the app is loaded. If the hacker intercepts that cookie – among other criteria – they can subsequently gain access to the account and lock out the legitimate user.

“Once the attacker gets the cookie” Reventlov says, “he is able to craft special HTTP requests for getting data and deleting photos.” The flaw was identified and repeated using the latest version of the Instagram app for iOS, v3.1.2, on the iPhone 4, and relies on the fact that the company does not use HTTPS for API requests, Reventlov points out.

For the exploit to work, however, both the hacker and the legitimate Instagram user must be connected on the same LAN. That’s obviously not going to be the case if the Instagramer is using their mobile data connection, but if they’re on the same WiFi hotspot then it leaves them potentially susceptible.

If compromised, the hacked account can give up not only whatever user details have been stored, but access to the photo streams of any friends on the service. It’s also possible to change the password and lock the proper owner out, as well as delete photos that the user has taken.

According to Reventlov, the Instagram team is yet to respond to his comments on the insecurity. It’s unclear if the Android version of the app is susceptible to the same exploit.

Instagram exploit could see accounts stolen is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

SOURCE SlashGear

An anonymous reader writes “A Tor Exit node owner is being prosecuted in Austria. As part of the prosecution, all of his electronics have been held by the authorities, including over 20 computers, his cell phone and hard disks. ‘During interview with police later on Wednesday, Weber said there was a “more friendly environment” once investigators understood the Polish server that transmitted the illegal images was used by Tor participants rather than by Weber himself. But he said he still faces the possibility of serious criminal penalties and the possibility of a precedent that Tor operators can be held liable if he’s convicted.’ This brings up the question: What backup plan, if any, should the average nerd have for something like this?”

Read more of this story at Slashdot.

Trailrunner7 writes “A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for 64-bit Linux systems, and while it has some interesting features, it does not appear to be the work of a high-level programmer or be meant for use in targeted attacks. The Linux rootkit does not appear to be a modified version of any known piece of malware and it first came to light last week when someone posted a quick description and analysis of it on the Full Disclosure mailing list. That poster said his site had been targeted by the malware and some of his customers had been redirected to malicious sites.”

Read more of this story at Slashdot.

Eighteen months before Megaupload’s operators were indicted in the United States, the company complied with a secret U.S. search warrant targeting five of its users who were running their own file-sharing service using Megaupload’s infrastructure, according to interviews and newly …

SOURCE Threat Level

Netflix is up and running on Ubuntu – albeit unofficially, and via the familiar crutch of WINE. 

Developer Erich Hoover, and Ubuntu blogger David Andrews have worked together to bring the worlds most popular movie streaming service to the Linux desktop.

The service has, until now, been confined to Windows, OS X, ChromeOS, Android and iOS platforms.

But by bundling together a Windows build of Firefox, the Microsoft Silverlight plugin required by Netflix, and adding some additional vital tweaks to make things work properly, these two developers have created a standalone ‘desktop app’ for Ubuntu that finally lets Linux-using Netflix subscribers play back movies and tv shows on their OS of choice.

But will there ever be official support?

Over the last year or so we have spoken to Netflix on numerous occasions to try and find out whether they have plans to officially provide Linux users with their service. Despite a heartening promises now and then, the answer has always turned out to be a firm, resolute ‘no’.

Their loss.

Install Netflix Desktop in Ubuntu

The Linux community is nothing if not resourceful. If there’s something we don’t have or can’t use we find a way around it. And thus Netflix Desktop was born.

To install the app bundle you will first need to add the following PPA. Bear in mind that as this is not officially supported by Netflix, WINE or Silverlight, you add it at your own risk.

In a new Terminal window enter:

• sudo apt-add-repository ppa:ehoover/compholio
• sudo apt-get update && sudo apt-get install netflix-desktop

To launch the application open the Unity Dash and search for ‘netflix’. 

Using Netflix Desktop in Ubuntu

When first launching the application a number of small prompts will appear asking you to install a few extra pieces that are required to get the app up and running. Agree to  all of these, then, once finished, re-launch the Netflix Desktop app.

The application should launch fullscreen. Login to your Netflix account to be taken to the library. When you attempt to first play a title you will get another prompt – this time a Silverlight DRM one:

You have to agree to enable playback of restricted content inorder to use Netflix on Linux.

Once done your programme or film will begin playing back fullscreen.

The ‘app’ itself is actually nothing more than Firefox, so to exit the full-screen mode just tap F11.

Netflix Linux Performance

Okay, now for the drawbacks. Playback performance may vary from’okay’ to  ’just acceptable’ to ‘frustratingly woeful’.

For me, on an Intel i5 Quad Core @ 2.6Ghz, with 8GB of RAM, performance was, at best, passable. There were plenty of skips, lags, sync-issues and crashes to entertain me when the content wasn’t.

The good news is that others have reported much better success – even on more modest single-core hardware. So the rule here is to try it out for yourself.

Don’t forget that to use Netflix you do need to have an active account, or details on hand to sign up for a free month’s trial.

SOURCE OMG! Ubuntu!

another random user sends this excerpt from the BBC:

“U.S. net firm Verizon has declared war on illegal downloaders, or pirates, who use technologies such as BitTorrent to steal copyrighted material. Verizon has said it will first warn repeat offenders by email and voicemail. Then it will restrict or ‘throttle’ their internet connection speeds. Time Warner Cable, another U.S. internet service provider pledging to tackle piracy, says it will use pop-up warnings to deter repeat offenders. After that it will restrict subscribers’ web browsing activities by redirecting them to a landing page. The Electronic Frontier Foundation, which campaigns for digital freedom, is highly critical of the imminent campaign, saying: ‘Big media companies are launching a massive peer-to-peer surveillance scheme to snoop on subscribers.’ ISPs will be acting as ‘Hollywood’s private enforcement arm,’ it added.”

Read more of this story at Slashdot.

New submitter Escape From NY writes “3.6 million Social Security numbers and 387,000 credit and debit card numbers were stolen from the SC Department of Revenue. Most of the credit and debit card numbers were encrypted — all but about 16,000. There were several different attacks, all of which originated outside the country. The first they’re aware of happened on August 27, and four more happened in September. Officials first learned of the breach on October 10, and the security holes were closed on October 20. This is still a developing story, but anyone who filed a SC state tax return since 1998 my be at risk. Governor Nikki Haley today signed an executive order (PDF) to beef up the state’s IT security.”

Read more of this story at Slashdot.

North Korea threatens to open fire on South Korean territory if activists send propaganda leaflets across the border next week.

SOURCE BBC News – Asia

Thanks for the $14.99. Enjoy this blank screen.

Imagine if you bought a DVD of a movie and then one day when you go to play it, you get a message saying “Sorry, but the studio has decided you can’t watch this movie for the foreseeable future.” It sounds ridiculous, but that’s what can happen to customers who try to stream the movies they buy from Amazon.

Consumerist reader Rebecca found this out the hard way, when she purchased Puss In Boots for $14.99 from Amazon, believing that, per Amazon’s marketing, she would be able to watch the movie when she wanted and for as many times as she wanted.

Well, that would be true if she only wanted to watch the animated flick on her Kindle Fire or other device that allows her to actually download the movie. Unfortunately, she and her daughter preferred to stream the movie straight through their TV.

And all was going well for a few weeks until Rebecca went to stream Puss In Boots and instead saw a message stating that the film was no longer available for viewing.

So she contacted Amazon and got the following response:

Due to licensing restrictions, videos can become temporarily unavailable for viewing or downloading. The video will automatically be made available again once that restriction ends.

Availability of videos for purchase, re-download, or access from a backup copy is determined by the owners of the content. On very rare occasions, a video you previously purchased may become unavailable.

This restriction isn’t mentioned on the purchase page of the movie, nor is the customer given any such warning during the buying process. It’s not even directly mentioned on the “Amazon Instant Video Usage Rules” page, which states:

Viewing Period: Indefinite — you may watch and re-watch your purchased videos as often as you want and as long as you want (subject to the limitations described in the Amazon Instant Video Terms of Use).

So you then have to go that page and scour through more than 2,000 words to find:

Purchased Digital Content will generally continue to be available to you for download or streaming from the Service, as applicable, but may become unavailable due to potential content provider licensing restrictions and for other reasons, and Amazon will not be liable to you if Purchased Digital Content becomes unavailable for further download or streaming. You may download and store your own copy of Purchased Digital Content on a Compatible Device authorized for such download so that you can view that Purchased Digital Content if it becomes unavailable for further download or streaming from the Service.

Given that streaming video is quickly becoming the popular option for watching a movie, be warned that the people actually responsible for streaming that video to you may pull the plug at any time.

We’ve written Amazon to ask why they do not make this restriction more clear during the purchasing process. If the company replies — we’re not holding our breath on this one — we will update.

SOURCE The Consumerist

It seems like companies are doing everything they can to squeeze extra revenue out of their customers these days by taking advantage of the personal usage data they collect. Google (GOOG) and Facebook (FB) are likely the two tech companies that are most often associated with turning usage data into dollars — Google isn’t even shy about it anymore — but plenty of other companies collect data from their users and use it to make money in a variety of ways. Two such companies, as it turns out, are Verizon Wireless (VZ) and AT&T (T).

UPDATE: A Verizon Wireless spokesperson contacted BGR to confirm that data collected is “anonymous and aggregated,” and to note that users have 30 days from the date they activate a new phone to make an initial decision, but they can then change their privacy settings later at any time.

Mobile developer Ben Clark took a look through Verizon’s privacy policy recently and discovered that the nation’s top carrier takes a number of liberties with user data. Among the data collected and possibly pawned off is “the quantity, technical configuration, type, destination, location and amount of use of the telecommunications services you purchase,” according to Verizon’s terms.

While the data may or may not be made anonymous — Verizon’s verbiage is unclear — the more disheartening fact is that the carrier uses an opt-out policy, meaning it will share your data unless you take action and request that the company keep your info private. Worse still, users only have 30 days from the time they activate a new smartphone to opt out of having their usage data shared.

Of course, Verizon doesn’t go out of its way to make this policy known to customers.

If you purchased a new iPhone 5 or any other smartphone in the past 30 days and you want to stop Verizon from sharing your usage data with advertisers and other companies, simply visit the privacy management page on the carrier’s account management site and select “Don’t Share” for each option that is presented.

AT&T has a similar opt-out policy, but the carrier does not appear to require users to opt out within 30 days of a new activation. AT&T also doesn’t sell the data it collects to outside companies, but instead uses it to “offer you products and services, packages, discounts and promotions from the AT&T companies, such as High Speed DSL Internet access, wireless service and U-verse TV services, which may be different from the types of services you already purchase.”

AT&T customers can still restrict the ways this data is used by visiting this page.

[Via TheNextWeb]

Read

SOURCE Boy Genius Report