59258935
submission
hypnosec writes:
Mozilla has announced a special $10,000 bug bounty for anyone who breaks its certification verification in upcoming Firefox 31 slated for a July 31 launch. Mozilla revealed its work on a new certification verification library for its products which it claims is more robust and maintainable. To ensure that its new code doesn’t meet with the same fate as Heartbleed and Apple’s #gotofail bug, Mozilla announced the special bug bounty to “make sure this code is rock solid before it ships to millions of Firefox users”. The non-profit organisation is interested in bugs through which the browser accepts fake untrustworthy certificate chains which otherwise should be rejected or something in the code that may lead to exploitable memory corruption. Mozilla also adds that a bug that causes Firefox to accept forged signed OCSP responses would also qualify as a bounty worthy bug under this program.
59182389
submission
hypnosec writes:
National Institute of Standards and Technology (NIST) has removed the much criticized Dual_EC_DRBG aka Dual Elliptic Curve Deterministic Random Bit Generator from its draft guidance on random number generators following a period of public comment period and review. The revised document retains three of the four previously available options for generating pseudorandom bits required to create secure cryptographic keys for encrypting data. NIST recommends that users using Dual_EC_DRBG should transition to one of the other three recommended algorithms as quickly as possible.
57382057
submission
hypnosec writes:
A new Ransomcrypt Trojan, detected recently, lets users request a decryption key without paying – that is if they wait for a month. The ransomware is no different from any other Trojan in the same family, but the authors of the Trojan claim that if users don’t wish to pay the ransom to get the unlock key they are entitled to a free unlock if they wait for a month from the day their personal files were encrypted. “P.S. Remember, we are not scammers. We don’t need your files” reads the ‘how to get data.txt’ file that comes along with the Trojan. "If you want, you can get a decryptor for free after a month. Just send a request immediately after infection. All data will be restored absolutely. Your warranty – decrypted samples and positive feedbacks from previous users."
57300993
submission
hypnosec writes:
Microsoft has decided to continue supporting Windows XP in China unlike rest of the world where it will be pulling the plug on 14-year old operating system on April 8, 2014. Microsoft announced its decision through a post on its official Sina Weibo account on Sunday. Redmond will be partnering with local security vendors to continue supporting Windows XP. It is not yet clear how Microsoft will be chalking out the support strategy. It is not entirely clear why Microsoft is extending support for Windows XP in China as itself has noted that 70 percent of users in the country haven't updated their systems in the last 13 years.
57224349
submission
hypnosec writes:
Synology DiskStation Manager has a critical vulnerability wherein VPN module has a hard-coded password for root, which attackers can use to connect to Synology device and possibly other devices on the shared network. The hard-coded root password is ‘synopass’. Users will not be able to logon to the web interface of the device using the root:synopass combination; however, “when enabling the VPN server, root:synopass will get you authenticated and connected!”
57196963
submission
hypnosec writes:
The Raspberry Pi, which was first put up for sale on February 29, 2012, has completed two years and has sold over 2.5 million units during the period. Announcing the milestone and commemorating the two years, Founder and former trustee of the Raspberry Pi Foundation, Eben Upton announced a $10,000 competition wherein developers will be required to demonstrate a satisfactory Quake III gameplay at a playable framerate on the credit card sized computer using open source drivers.
57186077
submission
hypnosec writes:
European Commission is meeting with consumer protection authorities in the UK, Belgium, France, Italy and members of the Consumer Protection Cooperation (CPC) network responsible for enforcing consumer rights across the EU to discuss concerns raised by consumers of free-to-pay games. The Commissions notes that more than 50 percent of the games in the EU’s online marketplace are advertised as ‘free’; however, they often include costly in-app purchases. Some of the concerns raised by consumers about free-to-play games will include misleading tactics about 'free' games and the cost involved; exhortations or persuasion tactics to make in-app purchases; explicit authorisation during in-app purchases; and contact information in case consumers want to contact vendors or register complaints.
57149859
submission
hypnosec writes:
Github has introduced Atom, its new text editor that allows developers to write and edit code and which has been in development for more than six years. Atom will be available as a part of an invite-only beta program. GitHub revealed that through Atom it aims to create an editor "that will be welcoming to an elementary school student on their first day learning to code, but also a tool they won’t outgrow as they develop into seasoned hackers."
56923143
submission
hypnosec writes:
Twitter isn't allowing users to post a link to Kickass.to stating that the URL in the tweet 'appears to link to a page that has spammy or unsafe content.' I tried clicking on one of the URLs sent to me by one of our publishers who wanted to share with us a draft copy of the soon to be published book and as soon as I clicked on it I was greeted with a rather unfamiliar message on Twitter. 'The site you were trying to visit may be unsafe! This link has been flagged as potentially harmful.' This led me to try out a little test of linking a random Kickass.to link and Twitter blocked the request with a message: 'Oops! A URL in your Tweet appears to link to a page that has spammy or unsafe content.'
56852919
submission
hypnosec writes:
The Linux Foundations’ 2014 Linux Jobs Report reveals that Hiring managers are looking for professionals with Linux skills with increasing number of organisations the world over considering Linux as a core part of their businesses. The 2014 Linux Jobs Report provides a comprehensive view of career landscape in Linux right from business needs to personal incentives and job motivations that attract Linux professionals. The report comprises of views from 1,100 hiring managers and 4,000 Linux professionals. Seventy-seven percent of surveyed hiring managers have revealed that they are prioritising hires for those positions what involve Linux openings as compared to other jobs with 90 percent stating that they are planning to hire Linux professionals in the next six months. When it comes to Linux professionals, 86 percent of those surveyed revealed that Linux had helped them advance their careers. From the report it can be concluded that Linux jobs really are the best around.
55897765
submission
hypnosec writes:
A recent report from two Princeton researchers claimed that Facebook is like an infectious disease currently experiencing a spike before its decline and will lose 80 percent of its user base by 2017, which caught attention of Facebook and in its reply the social networking giant claimed that ‘Princeton may be in danger of disappearing entirely’. Facebook data scientists Mike Develin, Lada Adamic, and Sean Taylor used some of the same techniques used by Princeton researchers to arrive at their conclusion. The trio used parameters such as Facebook Likes, Percentage of Princeton papers in journals, student enrolment, and Google Trends.
55887753
submission
hypnosec writes:
Snapchat's security troubles continue as a security researcher has managed to hack its account registration CAPTCHA system with a program of less than 100 lines that took 30 minutes to develop. Steve Hickson, a computer engineer by education, wrote a small computer program with very little effort that identifies Snapchat’s ghost from the given set of images. Hickson equates Snapchat’s ghost very particular and calls it a template that can be matched easily using a computer program. Hickson used a combination of Open Source Computer Vision Library (OpenCV), SURF points and FLANN matching “with a uniqueness test to determine that multiple keypoints in the training image weren't being singularly matched in the testing image.”
55786503
submission
hypnosec writes:
Hortonworks has announced general availability of Hadoop 2.0 for Windows – three months after it did for the Linux operating system. Hadoop 2.0 for Windows is dubbed as a true multi-use data platform as it brings with it Apache Hadoop YARN enabling users to interact with all data in both real time as well as batch processing. Hadoop 2.0 for Windows brings with it high availability support for Hadoop Distributed File System (HDFS) NameNode; phase II of Stringer initiative; and Apache HBase NoSQL database release 0.96. Developers who are new to Hadoop or HDP for windows could start off with single-node version of HDP 2.0 for Windows that includes a Microsoft Installer based setup.
55689265
submission
hypnosec writes:
FreeBSD 10.0 is finally available for download after a series of delays and an additional rc build. From the looks of it FreeBSD 10.0 is currently available for all the four architectures, but the official release announcement is missing. Most of the ISOs have been either signed off on January 16 or 17 meaning that the builds have been ready since three days now.
