55620723
submission
hypnosec writes:
Security researchers over at the Ben Gurion University (BGU), Israel claim to have discovered a vulnerability in Android that allows for interception of encrypted data travelling over a VPN in plain text. The researchers note that the vulnerability allows a malicious app to "bypass active VPN configuration" without requiring any ROOT permissions. The vulnerability, if exploited, allows for capture of data in clear text thereby leaving the information completely exposed. The researchers claim that they have tested multiple smartphones from different vendors before posting their claims. They have reported the vulnerability to Google and are awaiting the Android maker’s verdict on this.
55576225
submission
hypnosec writes:
China has revealed its own government-backed mobile operating system dubbed China Operating System (COS) to rival the mobile OS from Google and Apple. Developed jointly by China's Institute of Software at the Chinese Academy of Sciences (ISCAS) and Shanghai Liantong Network Communications Technology, the COS is based on Linux and resembles Android to a great extent. The COS is said to support smartphones, tablets, desktop PCs as well as set-top boxes and comes with support for HTML5 apps. Unsurprisingly, the COS is not open source because of ‘safety concerns’.
55246037
submission
hypnosec writes:
Anonymous is at it again and has defaced the Cogeneration project page of MIT on the anniversary of Aaron Swartz suicide. The project’s webpage is still defaced as of this writing and carries the title “THE DAY WE FIGHT BACK”. This day exactly a year ago Aaron Swartz committed suicide in New York city, which his family believes was because of MIT and an overzealous Department of Justice prosecution. Anonymous defaced the website as a part of Operation Last Resort, which is in retaliation for the suicide. “We decided to hack MIT again in 2014 on the anniversary with a second tribute to Aaron Swartz http://cogen.mit.edu/ #TheDayWefightback”, read a tweet from OpLastResort.
55125023
submission
hypnosec writes:
The Motion Pictures Association of America (MPAA) will now have a say in standards review process at the W3C – specifically the one that seeks to protect interests of copyright holders on the web — as it has joined the standards organization as its member. The membership was first announced by W3C through a tweet that read “Motion Picture Association of America, Inc. joined W3C”. Membership to the W3C will give MPAA early access to all W3C material it is made public. MPAA will be able to appoint a representative for the advisory committee and be a part of the standards review process.
55091283
submission
hypnosec writes:
Sony has sold a whopping 4.2 million PlayStation 4 units as of December 28, 2013 – outselling Microsoft Xbox One by over 1.2 million units. Andrew House, SCEA CEO, took the stage during Kaz Hirai’s CES 2014 keynote to announce the PlayStation 4 sales numbers. Microsoft on the other hand sold over 3 million units of Xbox One in just 40 days after the console was launched.
55071099
submission
hypnosec writes:
China has lifted the 13 year old gaming console ban, which it imposed back in 2000 as a way to protecting nation’s youth from unhealthy content that may adversely affect their mental health. The temporary lift of the ban, which was pronounced on Monday by the State Council of PCR, will make way for international console vendors including Microsoft, Sony and Nintendo to setup production facilities in the newly created Shanghai Free Trade Zone and sell their consoles throughout the country. The vendors will still have to go through local checks including the ones from the Cultural authorities to ensure that they don’t violate any of the rules set by them.
55048577
submission
hypnosec writes:
The Pirate Bay had a difficult domain hopping 2013, but team behind the torrent indexing site is steadily progressing towards its goals of beating censorship by circumventing IP and domain name blockades through a tool that will be based on p2p network. An insider has shed further light on the Pirate Bay’s plans revealing that TPB is working to create a standalone tool – a browser like client – that will make use of site’s indexed data available locally on users’ systems. The index data will be made available in the form of downloadable packages which users of the tool can download. The data will be shared locally on users’ systems thereby eliminating the need of a central server. Webkit will be used to render the pages while BitTorrent will be used to download the files.
55021201
submission
hypnosec writes:
Researchers have developed a ‘narrative authentication’ system that could put an end to the need of remembering complex passwords to logging onto computer systems. The new system has been developed by Carson Brown and his colleagues over at Carleton University in Ottawa, Canada. The main idea behind the system is to log a user’s activities on the system or any other device that he / she may be using and then ask questions about them as and when a user wants to logon to the system next time. Users can interact with the logging software and add their own events in the real world like wedding dates, holidays, travel dates, etc.
54912103
submission
hypnosec writes:
Eric S. Raymond, the co-founder of Open Source Initiative, has recommended that Emacs should move to another version control system like GitHub as bzr is dying. In a mailer, Raymond highlighted the key reasons why he believes that Emacs should move. Raymond said that bzr is moribund; its dev list has flatlined; and most of Canonical’s in-house projects have already abandoned bzr and moved to GitHub. Open Source Initiative co-founder believes that bzr’s codebase is sufficiently mature to be used as a production tool, but he does mention that continuing to use the revision control system will have "social and signaling effects damaging to Emacs’s prospects."
54869371
submission
hypnosec writes:
Just days after Australia-based Gibson Security disclosed two hacks in Snapchat that could allow hackers to gain access to personal data of its users, hackers have managed to get their hands onto basic information of 4.6 million Snapchat users and have leaked it online partially censored. The database dump is available on SnapchatDB and allows anyone to grab it as a SQL dump or CSV text file. The hackers have claimed that they managed to siphon off the data through a recently patched exploit and that they have leaked the details to raise awareness on the issue. “This information was acquired through the recently patched Snapchat exploit and is being shared with the public to raise awareness on the issue”, reads a statement on SnapchatDB.
54825041
submission
hypnosec writes:
Financial regulators of multiple countries have handed out warnings against the use of virtual currencies like Bitcoins and the latest the join the list is Taiwan. The country’s Financial Supervisory Commission (FSC) and Central Bank have warned citizens against the use of Bitcoin stating that the virtual currency is volatile and it doesn’t have any legal protection. In a joint statement [Google Translated] the FSC and Central Bank warned that Bitcoin hasn’t been issued by any monetary authority of any country and is not a legal tender. The FSC dubbed Bitcoin as highly speculative “virtual goods” and warned that users of the virtual currency should keep in mind risks such as large price fluctuations; theft; hacking of trading platforms; government shutdown; and lack of protection of proprietary risk while using Bitcoin.
54791695
submission
hypnosec writes:
Financial Crimes Enforcement Network (FinCEN), US has cleared up one issue that pertains to Bitcoin mining by siding Bitcoin miners ruling that those who mine it for their own purpose and not for the benefit of another are not an MSB (Money Services Business) under FinCEN’s regulations. The issue came up after miners raised concerns if they can mine Bitcoin for themselves and then trade them for cash at an exchange or spend them directly without being classified as an MSB. The concerns were further aggravated after Jerry Brito, FinCEN stated in a personal letter that Bitcoin miners will be required to register with FinCEN. The issue was taken up on a larger scale by Atlantic City Bitcoin, which operates multiple ASIC miners at its facility in New Jersey. Atlantic City asked FinCEN to clarify the rules and whether miners will be required to register as MSB. FinCen ruled, "To the extent that a user mines Bitcoin and uses the Bitcoin solely for the user’s own purposes and not for the benefit of another, the user is not an MSB under FinCEN’s regulations, because these activities involve neither “acceptance” nor “transmission” of the convertible virtual currency and are not the transmission of funds within the meaning of the Rule."
54741379
submission
hypnosec writes:
The Chinese government has officially banned Battlefield 4 stating that Electronic Arts has developed a game that not only threatens national security of the country, but is also a form of cultural invasion. The country’s Ministry of Culture has issued a notice banning all material retailed to the game in any form including the game itself, related downloads, demos, patches and even news reports. According to reports on PCGames.com.cn [Chinese language], Battlefield 4 has been characterized as illegal game on the grounds that the game endangers national security and cultural aggression.
54701627
submission
hypnosec writes:
Reserve Bank of India (RBI) has cautioned users of virtual currencies like Bitcoin, Litecoin, and Dogecoin on the risks associated with them and that it is looking at the use and trading of these currencies. India's central bank noted because of lack of any approval and authorization from a central authority or bank there are quite a few risks including theft of digital wallets that are used to store the digital currency; absence of any frameworks to tackle customer problems, disputes and charge backs; exposure to potential losses because of high volatility in value of the virtual currencies; legal and financial risks; and breach of anti-money laundering laws because of lack of complete information on counterparts in a peer-to-peer anonymous / pseudonymous systems.
