57224349
submission
hypnosec writes:
Synology DiskStation Manager has a critical vulnerability wherein VPN module has a hard-coded password for root, which attackers can use to connect to Synology device and possibly other devices on the shared network. The hard-coded root password is ‘synopass’. Users will not be able to logon to the web interface of the device using the root:synopass combination; however, “when enabling the VPN server, root:synopass will get you authenticated and connected!”
57196963
submission
hypnosec writes:
The Raspberry Pi, which was first put up for sale on February 29, 2012, has completed two years and has sold over 2.5 million units during the period. Announcing the milestone and commemorating the two years, Founder and former trustee of the Raspberry Pi Foundation, Eben Upton announced a $10,000 competition wherein developers will be required to demonstrate a satisfactory Quake III gameplay at a playable framerate on the credit card sized computer using open source drivers.
57186077
submission
hypnosec writes:
European Commission is meeting with consumer protection authorities in the UK, Belgium, France, Italy and members of the Consumer Protection Cooperation (CPC) network responsible for enforcing consumer rights across the EU to discuss concerns raised by consumers of free-to-pay games. The Commissions notes that more than 50 percent of the games in the EU’s online marketplace are advertised as ‘free’; however, they often include costly in-app purchases. Some of the concerns raised by consumers about free-to-play games will include misleading tactics about 'free' games and the cost involved; exhortations or persuasion tactics to make in-app purchases; explicit authorisation during in-app purchases; and contact information in case consumers want to contact vendors or register complaints.
57149859
submission
hypnosec writes:
Github has introduced Atom, its new text editor that allows developers to write and edit code and which has been in development for more than six years. Atom will be available as a part of an invite-only beta program. GitHub revealed that through Atom it aims to create an editor "that will be welcoming to an elementary school student on their first day learning to code, but also a tool they won’t outgrow as they develop into seasoned hackers."
56923143
submission
hypnosec writes:
Twitter isn't allowing users to post a link to Kickass.to stating that the URL in the tweet 'appears to link to a page that has spammy or unsafe content.' I tried clicking on one of the URLs sent to me by one of our publishers who wanted to share with us a draft copy of the soon to be published book and as soon as I clicked on it I was greeted with a rather unfamiliar message on Twitter. 'The site you were trying to visit may be unsafe! This link has been flagged as potentially harmful.' This led me to try out a little test of linking a random Kickass.to link and Twitter blocked the request with a message: 'Oops! A URL in your Tweet appears to link to a page that has spammy or unsafe content.'
56852919
submission
hypnosec writes:
The Linux Foundations’ 2014 Linux Jobs Report reveals that Hiring managers are looking for professionals with Linux skills with increasing number of organisations the world over considering Linux as a core part of their businesses. The 2014 Linux Jobs Report provides a comprehensive view of career landscape in Linux right from business needs to personal incentives and job motivations that attract Linux professionals. The report comprises of views from 1,100 hiring managers and 4,000 Linux professionals. Seventy-seven percent of surveyed hiring managers have revealed that they are prioritising hires for those positions what involve Linux openings as compared to other jobs with 90 percent stating that they are planning to hire Linux professionals in the next six months. When it comes to Linux professionals, 86 percent of those surveyed revealed that Linux had helped them advance their careers. From the report it can be concluded that Linux jobs really are the best around.
55897765
submission
hypnosec writes:
A recent report from two Princeton researchers claimed that Facebook is like an infectious disease currently experiencing a spike before its decline and will lose 80 percent of its user base by 2017, which caught attention of Facebook and in its reply the social networking giant claimed that ‘Princeton may be in danger of disappearing entirely’. Facebook data scientists Mike Develin, Lada Adamic, and Sean Taylor used some of the same techniques used by Princeton researchers to arrive at their conclusion. The trio used parameters such as Facebook Likes, Percentage of Princeton papers in journals, student enrolment, and Google Trends.
55887753
submission
hypnosec writes:
Snapchat's security troubles continue as a security researcher has managed to hack its account registration CAPTCHA system with a program of less than 100 lines that took 30 minutes to develop. Steve Hickson, a computer engineer by education, wrote a small computer program with very little effort that identifies Snapchat’s ghost from the given set of images. Hickson equates Snapchat’s ghost very particular and calls it a template that can be matched easily using a computer program. Hickson used a combination of Open Source Computer Vision Library (OpenCV), SURF points and FLANN matching “with a uniqueness test to determine that multiple keypoints in the training image weren't being singularly matched in the testing image.”
55786503
submission
hypnosec writes:
Hortonworks has announced general availability of Hadoop 2.0 for Windows – three months after it did for the Linux operating system. Hadoop 2.0 for Windows is dubbed as a true multi-use data platform as it brings with it Apache Hadoop YARN enabling users to interact with all data in both real time as well as batch processing. Hadoop 2.0 for Windows brings with it high availability support for Hadoop Distributed File System (HDFS) NameNode; phase II of Stringer initiative; and Apache HBase NoSQL database release 0.96. Developers who are new to Hadoop or HDP for windows could start off with single-node version of HDP 2.0 for Windows that includes a Microsoft Installer based setup.
55689265
submission
hypnosec writes:
FreeBSD 10.0 is finally available for download after a series of delays and an additional rc build. From the looks of it FreeBSD 10.0 is currently available for all the four architectures, but the official release announcement is missing. Most of the ISOs have been either signed off on January 16 or 17 meaning that the builds have been ready since three days now.
55620723
submission
hypnosec writes:
Security researchers over at the Ben Gurion University (BGU), Israel claim to have discovered a vulnerability in Android that allows for interception of encrypted data travelling over a VPN in plain text. The researchers note that the vulnerability allows a malicious app to "bypass active VPN configuration" without requiring any ROOT permissions. The vulnerability, if exploited, allows for capture of data in clear text thereby leaving the information completely exposed. The researchers claim that they have tested multiple smartphones from different vendors before posting their claims. They have reported the vulnerability to Google and are awaiting the Android maker’s verdict on this.
55576225
submission
hypnosec writes:
China has revealed its own government-backed mobile operating system dubbed China Operating System (COS) to rival the mobile OS from Google and Apple. Developed jointly by China's Institute of Software at the Chinese Academy of Sciences (ISCAS) and Shanghai Liantong Network Communications Technology, the COS is based on Linux and resembles Android to a great extent. The COS is said to support smartphones, tablets, desktop PCs as well as set-top boxes and comes with support for HTML5 apps. Unsurprisingly, the COS is not open source because of ‘safety concerns’.
55246037
submission
hypnosec writes:
Anonymous is at it again and has defaced the Cogeneration project page of MIT on the anniversary of Aaron Swartz suicide. The project’s webpage is still defaced as of this writing and carries the title “THE DAY WE FIGHT BACK”. This day exactly a year ago Aaron Swartz committed suicide in New York city, which his family believes was because of MIT and an overzealous Department of Justice prosecution. Anonymous defaced the website as a part of Operation Last Resort, which is in retaliation for the suicide. “We decided to hack MIT again in 2014 on the anniversary with a second tribute to Aaron Swartz http://cogen.mit.edu/ #TheDayWefightback”, read a tweet from OpLastResort.
55125023
submission
hypnosec writes:
The Motion Pictures Association of America (MPAA) will now have a say in standards review process at the W3C – specifically the one that seeks to protect interests of copyright holders on the web — as it has joined the standards organization as its member. The membership was first announced by W3C through a tweet that read “Motion Picture Association of America, Inc. joined W3C”. Membership to the W3C will give MPAA early access to all W3C material it is made public. MPAA will be able to appoint a representative for the advisory committee and be a part of the standards review process.
