casac8 writes: "The Pirate Bay torrent site has been booted from Norway and is moving its traffic to North Korea, where it has been granted virtual asylum. "Today we can reveal that we have been invited by the leader of the republic of Korea, to fight our battles from their network," an official TPB press release issued Sunday from Pyonyang, the capital of the North Korea, stated. "This is truly an ironic situation. We have been fighting for a free world, and our opponents are mostly huge corporations from the United States of America, a place where freedom and freedom of speech is said to be held high.""
Gunkerty Jeb writes: In a project that found more than 80 million unique IP addresses responding to Universal Plug and Play (UPnP) discovery requests, researchers at Rapid7 were shocked to find that somewhere between 40 and 50 million of those are vulnerable to at least one of three known attacks.
A Rapid7 white paper enumerated UPnP-exposed systems connected to the Internet and identified the number of vulnerabilities present in common configurations. Researchers found that more than 6,900 product models produced by 1,500 different vendors contained at least one known vulnerability, with 23 million systems housing the same remote code execution flaw.
"This research was primarily focused on vulnerabilities in the SSDP processor across embedded devices," Rapid7' CSO HD Moore told Threatpost. "The general process was to identify what was out there, make a list of the most commonly used software stacks, and then audit those stacks for vulnerabilities. The results were much worse than we anticipated, with the most commonly used software stack (libupnp) also being the most vulnerable."
Universal Plug and Play (UPnP) is a set of networking protocols that allows communication between computers and network-enabled devices. It is enabled by default on millions of devices, from routers to printers to IP cameras and network storage servers. UPnP support is also enabled by default on Microsoft Windows, Mac OS X and many distributions of Linux.
In its research, Rapid7 declares (PDF) that the UPnP protocol "suffers from a number of basic security problems" ranging from a lack of authentication implemented by device manufacturers to privileged common programming flaws plague common UPnP software implementations. These issues, the report notes, are endemic across UPnP-enabled applications and network devices.
According to Rapid7's HD Moore, the two most commonly used UPnP software libraries both contained remotely exploitable vulnerabilities. "In the case of the Portable UPnP SDK, over 23 million IPs are vulnerable to remote code execution through a single UDP packet," Moore noted. "All told, we were able to identify over 6,900 product versions that were vulnerable through UPnP. This list encompasses over 1,500 vendors and only took into account devices that exposed the UPnP SOAP service to the internet, a serious vulnerability in of itself."
from the check-the-long-form-certificate-to-be-sure dept.
Reader Tom Hudson, and now several others, have submitted the news that Osama Bin Laden is reportedly dead, and that his body is in the hands of the US military. A statement from President Obama is expected shortly. Watch this space for more details. Update: 05/02 04:01 GMT by T: More coverage at ABC News, at CNN, and at Al Jazeera. The reports say that Bin Laden was actually killed about a week ago by a bomb in Pakistan, and the time taken to confirm his identity via DNA testing helped delay the news. In downtown Austin, Texas, in the time since the story broke I've heard what sound like numerous celebratory gunshots.