Monthly Archives: September 2018

Quantifying a firm’s security levels may strengthen security over time

Cyberattacks grow in prominence each and every day; in fact, 2017 was the worst year to-date for data breaches, with the number of cyber incidents targeting businesses nearly doubling from 2016 to 2017. Now, new research from the UBC Sauder School of Business has quantified the security levels of more than 1,200 Pan-Asian companies in order to determine whether increased awareness of one’s security levels leads to improved defense levels against cybercrime. The study found … More

The post Quantifying a firm’s security levels may strengthen security over time appeared first on Help Net Security.

Explosion of look-alike domains aims to steal sensitive data from online shoppers

Venafi released research on the explosion of look-alike domains, which are routinely used to steal sensitive data from online shoppers. Venafi’s research analyzed suspicious domains targeting the top 20 retailers in five key markets: the U.S., U.K., France, Germany and Australia. As the rate of online shopping increases, customers are being targeted through look-alike domains. Cyber attackers create these fake domains by substituting a few characters in the URLs. Because they point to malicious online … More

The post Explosion of look-alike domains aims to steal sensitive data from online shoppers appeared first on Help Net Security.

Top Skills Next-level InfoSec Pros Should Have

In today’s digital world, infosec professionals need to be on top of their skills to protect themselves and their company’s assets online. There are numerous training paths and a large series of practical training courses that can teach you the right skills and hands-on know-how, but whether you are on the defensive or offensive side, here are the top skills next-level infosec pros should have:

1. Threat Analysis & Classification

✔ WHAT IS IT?

Threat analysis & classification is the act of detecting potential attacks in an attempt to protect sensitive corporate data over a length of time.

✔ WHY IS IT IMPORTANT?

Data analysis and classification is the first step to building a secure organization. Data should be based on nominal values according to their sensitivity, such as ‘Public’, ‘Internal’, ‘Confidential’, ‘Top Secret’, etc. High-risk data, typically classified “Confidential”, requires a greater level of protection, while lower risk data, possibly labeled “internal” requires proportionately less protection.

2. Auditing & Penetration Testing

✔ WHAT IS IT?

A penetration test (or pentest) evaluates the security of assets by running a series of planned attacks with the goal of finding and exploiting vulnerabilities. Auditing is a systematic, measurable technical assessment of how the organization’s security policy is employed.

✔ WHY IS IT IMPORTANT?

With cyber attacks happening every single day, it is more important than ever to undertake regular pentests in order to identify your company’s vulnerabilities and ensure on a regular basis that everything is under control. Security audits are also important because they help make more informed decisions on how to allocate budgets and resources to better manage risks.

3. Vulnerability Assessment

✔ WHAT IS IT?

A vulnerability assessment is aimed at building a list of all the vulnerabilities present on a target’s systems.

✔ WHY IS IT IMPORTANT?

A thorough vulnerability assessment will provide you and your organization with the knowledge, awareness, and background necessary to understand potential threats and react accordingly.

4. Reverse Engineering

✔ WHAT IS IT?

Reverse-engineering is the process of taking software or hardware and understanding its functions and information flow, through detailed analysis of a human-readable representation.

✔ WHY IS IT IMPORTANT?

Through reverse-engineering, IT security professionals can analyze critical software or hardware components/functions that would be otherwise invisible and that could lead to the identification of vulnerabilities. In addition, reverse-engineering is a critical skill to have in order to perform in-depth debugging.

5. Risk Assessment

✔ WHAT IS IT?

A risk assessment identifies the gaps in an organization’s critical risk areas and determines actions to close those gaps.

✔ WHY IS IT IMPORTANT?

Risk assessments are very important as they help to create awareness and identify who and/or what may be at risk in your organization.

Aspiring to build your career as a professional pentester? Download our free whitepaper “How to Become a Penetration Tester”
GET FREE WHITEPAPER

Sources: Intigrow | Mass.Gov

Connect with us on Social Media:

Twitter | Facebook | LinkedIn | Instagram

Security Affairs: Telegram CVE-2018-17780 flaw causes the leak of IP addresses when initiating calls

CVE-2018-17780 – Security researcher Dhiraj Mishra discovered that Telegram default configuration would expose a user’s IP address when making a call.

Strangely tdesktop 1.3.14 and Telegram for windows (3.3.0.0 WP8.1) leaks end-user private and public IP address while making calls.

Telegram is supposedly a secure messaging application, but it forces clients to only use P2P connection while initiating a call, however this setting can also be changed from “Settings > Privacy and security > Calls > peer-to-peer” to other available options.

The tdesktop and telegram for windows breaks this trust by leaking public/private IP address of end user and there was no such option available yet for setting “P2P > nobody” in tdesktop and telegram for windows.

PS: Even telegram for Android will also leak your IP address if you have not set “Settings > Privacy and security > Calls > peer-to-peer >nobody” (But Peer-to-Peer settings for call option already exists in Telegram for android).

To view this in action in tdesktop:

1. Open tdesktop,
2. Initiate a call to anyone,
3. You will notice the end user IP address is leaking.
cve-2018-17780 telegram

Other scenario:
1. Open tdesktop in Ubuntu and login with user A

2. Open telegram in windows phone login with user B
3. Let user B initiate the call to user A
4. While user A access log will have public/private IP address of user B.

cve-2018-17780 telegram 2

Not only the MTProto Mobile Protocol fails here in covering the IP address, rather such information can also be used for OSINT. This issue was fixed in 1.3.17 beta and v1.4.0 which have an option of setting your “P2P to Nobody/My contacts”, Later CVE-2018-17780 was assign to this vulnerability.

CVE-2018-17780 Telegram

This bug was awarded €2000 by Telegram security team. (Sweeet..)

About the Author: Security Researcher Dhiraj Mishra ()

Original post at https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html

Pierluigi Paganini

(Security Affairs – Telegram CVE-2018-17780 flaw, data leak)

The post Telegram CVE-2018-17780 flaw causes the leak of IP addresses when initiating calls appeared first on Security Affairs.



Security Affairs

Telegram CVE-2018-17780 flaw causes the leak of IP addresses when initiating calls

CVE-2018-17780 – Security researcher Dhiraj Mishra discovered that Telegram default configuration would expose a user’s IP address when making a call.

Strangely tdesktop 1.3.14 and Telegram for windows (3.3.0.0 WP8.1) leaks end-user private and public IP address while making calls.

Telegram is supposedly a secure messaging application, but it forces clients to only use P2P connection while initiating a call, however this setting can also be changed from “Settings > Privacy and security > Calls > peer-to-peer” to other available options.

The tdesktop and telegram for windows breaks this trust by leaking public/private IP address of end user and there was no such option available yet for setting “P2P > nobody” in tdesktop and telegram for windows.

PS: Even telegram for Android will also leak your IP address if you have not set “Settings > Privacy and security > Calls > peer-to-peer >nobody” (But Peer-to-Peer settings for call option already exists in Telegram for android).

To view this in action in tdesktop:

1. Open tdesktop,
2. Initiate a call to anyone,
3. You will notice the end user IP address is leaking.
cve-2018-17780 telegram

Other scenario:
1. Open tdesktop in Ubuntu and login with user A

2. Open telegram in windows phone login with user B
3. Let user B initiate the call to user A
4. While user A access log will have public/private IP address of user B.

cve-2018-17780 telegram 2

Not only the MTProto Mobile Protocol fails here in covering the IP address, rather such information can also be used for OSINT. This issue was fixed in 1.3.17 beta and v1.4.0 which have an option of setting your “P2P to Nobody/My contacts”, Later CVE-2018-17780 was assign to this vulnerability.

CVE-2018-17780 Telegram

This bug was awarded €2000 by Telegram security team. (Sweeet..)

About the Author: Security Researcher Dhiraj Mishra ()

Original post at https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html

Pierluigi Paganini

(Security Affairs – Telegram CVE-2018-17780 flaw, data leak)

The post Telegram CVE-2018-17780 flaw causes the leak of IP addresses when initiating calls appeared first on Security Affairs.

New tools from IBM and Google reveal it’s hard to build trust in AI

The unseen dangers inherent in artificial intelligence (AI) are proving the importance of IBM and Google’s diverse approach to this multifaceted problem. Brad Shimmin and Luciano C. Oviedo offer their perspective on this important issue. Brad Shimmin, Service Director at GlobalData Artificial Intelligence (AI) has already changed the way consumers interact with technology and the way businesses think about big challenges like digital transformation. In fact, GlobalData research shows that approximately 50% of IT buyers … More

The post New tools from IBM and Google reveal it’s hard to build trust in AI appeared first on Help Net Security.

Betelgeuse in fiction – Wikipedia

en.wikipedia.org - The planetary systems of stars other than the Sun, such as Betelgeuse, are a staple element in much science fiction. Betelgeuse (Alpha Orionis) is a bright red star in the constellation Orion frequen…


Tweeted by @Tetracarbon https://twitter.com/Tetracarbon/status/1046624747952324608

/r/netsec – Information Security News & Discussion: The /r/netsec Monthly Discussion Thread – October 2018

Overview

Questions regarding netsec and discussion related directly to netsec are welcome here.

Rules & Guidelines
  • Always maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.
  • Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.
  • If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.
  • Avoid use of memes. If you have something to say, say it with real words.
  • All discussions and questions should directly relate to netsec.
  • No tech support is to be requested or provided on /r/netsec.

As always, the content & discussion guidelines should also be observed on /r/netsec.

Feedback

Feedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.

submitted by /u/AutoModerator
[link] [comments]

/r/netsec - Information Security News & Discussion

Gov. Jerry Brown Signs Bill To Restore Net Neutrality in California; the Trump Administration is Already Trying To Block It

California Gov. Jerry Brown signed into law on Sunday a bill to restore net neutrality protections that President Donald Trump's Federal Communications Commission killed late last year. From a report: The new law prohibits internet service providers, or ISPs, from blocking or slowing access to legal online content, demanding special fees from websites to prioritize their traffic or charging customers for special exemptions to caps on their data use. Brown signed the measure without comment, setting up almost certain showdowns with both ISPs and the FCC, which barred states from setting their own rules in its repeal last December of protections instituted during the administration of President Barack Obama. The U.S. Justice Department quickly filed a federal action in U.S. District Court in Sacramento to block the new law Sunday night. In a statement, Attorney General Jeff Sessions said: "Under the Constitution, states do not regulate interstate commerce -- the federal government does. Once again the California legislature has enacted an extreme and illegal state law attempting to frustrate federal policy." Brown also signed A.B. 1999, which makes it easier for local governments to build community broadband and offer competitive high-speed fiber.

Read more of this story at Slashdot.

Gov. Jerry Brown Signs Bill To Restore Net Neutrality in California

California Gov. Jerry Brown signed into law on Sunday a bill to restore net neutrality protections that President Donald Trump's Federal Communications Commission killed late last year. From a report: The new law prohibits internet service providers, or ISPs, from blocking or slowing access to legal online content, demanding special fees from websites to prioritize their traffic or charging customers for special exemptions to caps on their data use. Brown signed the measure without comment, setting up almost certain showdowns with both ISPs and the FCC, which barred states from setting their own rules in its repeal last December of protections instituted during the administration of President Barack Obama. The U.S. Justice Department quickly filed a federal action in U.S. District Court in Sacramento to block the new law Sunday night. In a statement, Attorney General Jeff Sessions said: "Under the Constitution, states do not regulate interstate commerce -- the federal government does. Once again the California legislature has enacted an extreme and illegal state law attempting to frustrate federal policy." Brown also signed A.B. 1999, which makes it easier for local governments to build community broadband and offer competitive high-speed fiber.

Read more of this story at Slashdot.

Gelson Merísio poderia ter morrido no voo da Chape. Com uma rede oculta de hidrelétricas, ele quer governar Santa Catarina.

Esta reportagem foi financiada por nossos leitores

No dia 23 de abril de 2013, o deputado estadual Gelson Merísio, hoje um dos favoritos para vencer as eleições ao governo de Santa Catarina, levou um empresário ao gabinete de seu cunhado e então secretário estadual da Fazenda, Antonio Gavazzoni. O empresário era Márcio Vaccaro e estava interessado em incentivos fiscais para instalar uma nova unidade de sua fábrica de sacarias, a Rafitec, que faz embalagens de grande porte, como as usadas para ração e cimento.

Da esquerda para a direita: Neimar Brusamarello (aliado do deputado), Gelson Merísio, Antonio Gavazzoni (cunhado e antigo secretário da Fazenda) e o empresário Márcio Vaccaro na reunião que selou uma amizade profunda.

Da esquerda para a direita: Neimar Brusamarello (aliado do deputado), Gelson Merísio, Antonio Gavazzoni (cunhado e antigo secretário da Fazenda) e o empresário Márcio Vaccaro na reunião que selou uma amizade profunda.

A reunião foi um marco na relação entre Merísio, Vaccaro e Gavazzoni. Anos depois, não só uma nova fábrica da Rafitec foi instalada na cidade de Xanxerê – a 45 km de Chapecó, berço político do deputado – como os caminhos do deputado, do burocrata e do empresário convergiram para uma parceria controversa, com potencial de gerar dezenas de milhões de reais aos três nos próximos anos. Para isso, Merísio precisa ser eleito governador. Para turbinar a campanha, nessa semana, o deputado, que é filiado ao Partido Social Democrático, trocou o apoio a Geraldo Alckmin, estagnado nas pesquisas, por uma declaração pública para o líder das pesquisas ao Planalto: Jair Bolsonaro.

O Intercept descobriu que Merísio mantém uma rede de negócios que estava oculta até agora, com indício de uso de laranjas, e que, na prática, dá para sua mulher, seus filhos e seus aliados a participação em ao menos oito pequenas centrais hidrelétricas. Pelo menos duas PCHs, como são chamadas, são beneficiadas por incentivos fiscais milionários assinados pelo cunhado enquanto era secretário da Fazenda de Santa Catarina. Seus grandes aliados ocultos nos negócios são justamente os Vaccaro. Caso Merísio seja eleito, as empresas também podem se beneficiar da sua influência na liberação de licenças ambientais e nas negociações com o governo federal no mercado de energia.

1 PCH Bom Retiro Energética Ltda.

2 Foz do Uva Energética Ltda – PCH Panapaná.

3 PCH Águas do Rio Irani Energética.

4 PCH Barra das Águas.

5 PCH das Pedras.

6 PCH Salto do Soque.

7 PCH Salto do Soque (PCH Rio das Tainhas).

8 Ribeirão Manso Energética Ltda (PCH Itapocuzinho II).

Caption TKTKTKTK

Hidrelétricas ligadas a Gelson Merísio.

O desastre da LaMia

Merísio é apadrinhado pelo ex-governador, Raimundo Colombo, que deixou o cargo em fevereiro para se candidatar ao Senado, e está tecnicamente empatado com seus dois principais adversários: Mauro Mariani, do MDB, e o petista Décio Lima, todos na casa dos 20%.

A trajetória política do candidato de 52 anos foi meteórica. Em 2004, se elegeu deputado estadual e, de lá pra cá, ocupou a presidência da Assembleia em três oportunidades. Em 2014, foi reeleito para o segundo mandato com a maior votação da história do estado – 119 mil votos. A seta apontava para cima quando ele escapou da morte. Por pouco o acidente aéreo que matou quase toda a equipe de futebol da Chapecoense não vitimou Merísio. Então presidente da Assembleia Legislativa, ele estava confirmado no voo que acabou caindo por falta de combustível na Colômbia.

Desistiu de última hora. Seu nome estava na lista de passageiros, e ele chegou a ser dado como morto nas primeiras notícias. “Deus nos permitiu continuar”, diz ao falar sobre a tragédia, em tom messiânico. Ele não embarcou porque foi convidado para um jantar com o ministro Teori Zavascki, do STF, que viria a morrer num acidente aéreo quase dois meses depois. O acidente com a Chapecoense lhe rende mídia até hoje. Ele deu entrevistas para jornais nacionais e internacionais e participou da organização das homenagens aos mortos na tragédia.

Então presidente da Assembleia Legislativa, Merísio estava confirmado no voo do time da chapecoense que acabou caindo por falta de combustível na Colômbia.

Então presidente da Assembleia Legislativa, Merísio estava confirmado no voo do time da chapecoense que acabou caindo por falta de combustível na Colômbia.

Facebook/Gelson Merísio

Hoje, 15 partidos apoiam sua tentativa de comandar o estado. O abandono de Alckmin era esperado, já que o PSDB não faz parte de sua coligação, mas o fato de o capitão da reserva ser líder isolado em pesquisas em Santa Catarina fez dele o puxador de votos que Merísio precisava na reta final.

Na declaração de bens entregue por ele ao TSE, presume-se que a única atividade empresarial do candidato seja uma participação em uma empresa de materiais de construção. Mas o centro dos negócios não declarados de Merísio é uma empresa de participações, aberta em nome da mulher e de dois de seus filhos, um deles menor de idade. Só o capital social da empresa (R$ 5,67 milhões) é quase oito vezes superior ao que Merísio declarou ao TSE este ano. A firma chama-se MANG, as iniciais da mulher (Márcia), dos filhos (Arthur,19, e Nicole, 10) e um G final, de Gelson. O endereço é o mesmo do escritório político de Merísio em sua cidade natal e, conforme apuramos, o local onde Merísio “mora” quando está em Xanxerê.

Três em empresas em 36 dias

A MANG Participações e Agropecuária Ltda foi criada em dezembro de 2013, mas as movimentações mais relevantes da empresa familiar dos Merísio começaram em 2015. Em 28 de abril daquele ano, a MANG abriu a PCH Águas do Rio Irani Energética Ltda, em sociedade com Márcio Vaccaro. Na época, Merísio era o presidente da Assembleia Legislativa de Santa Catarina. Nos dois anos anteriores, foi integrante da comissão interna responsável pela análise e fiscalização de assuntos energéticos.

Pouco mais de um mês depois, a MANG e Márcio Vaccaro abriram mais uma firma, a PCH Bom Retiro Energética Ltda. Ambas estão registradas numa sala no mesmo endereço da sacaria Rafitec, da reunião de 2013.

Parte do sucesso de Merísio com as hidrelétricas se deve ao apoio do cunhado Antonio Gavazzoni, antigo secretário estadual da Fazenda de SC.

Parte do sucesso de Merísio com as hidrelétricas se deve ao apoio do cunhado Antonio Gavazzoni, antigo secretário estadual da Fazenda de SC.

Foto: Divulgação/DN

Uma terceira sala na Rafitec foi ocupada pela PCH Pesqueira Energética, criada também em maio de 2015, essa sem participação oficial da MANG. No entanto, a usina mudou de nome e de atividade depois de criada – passou a se chamar Vaccaro Empreendimentos Imobiliários. Em agosto deste ano, Vaccaro e sua empresa imobiliária viraram alvo de uma representação criminal pelo Ministério Público catarinense, por poluição. O caso está sendo investigado pela promotoria.

A abertura de três empresas dedicadas a explorar pequenas centrais hidrelétricas num intervalo de 36 dias aconteceu ao mesmo tempo que Antonio Gavazzoni, o cunhado de Merísio e então secretário da Fazenda, preparava um dos mais anunciados planos de estímulo econômico de Santa Catarina. No mês seguinte à abertura das empresas, mais precisamente em 24 de junho de 2015, o plano SC+Energia foi anunciado publicamente pelo governo. Mais de R$ 5 bilhões em incentivos fiscais seriam concedidos para empreendimentos de energia limpa – as pequenas centrais hidrelétricas entre elas.

Salário de 5 mil, hidroelétrica de 600 mil

Muita coisa aconteceu desde aquela reunião de abril de 2013 entre Merísio, Vaccaro e Gavazzoni. O cunhado se afastou do comando da economia catarinense no ano passado, depois de ser citado em delação da JBS como cúmplice de pagamento de propina ao governador Raimundo Colombo (a notícia criminal foi rejeitada pelo Tribunal de Justiça de Santa Catarina). O empresário e parceiro Vaccaro viu seu pai ser preso por crime ambiental no Pará, onde a família mantém a maior plantação de açaí do mundo. Oriundos da mesma região de Merísio, os Vaccaro não têm somente a fábrica de sacos – eles também são donos da Açaí Amazonas, a maior produtora global de açaí, com uma área de 1.400 campos de futebol lotada de palmeiras. Essa atividade rendeu aos Vaccaro duas ações penais e uma ação civil pública relacionadas a crimes ambientais. O patriarca teve seus bens bloqueados pela Justiça.

Márcio Vaccaro

O empresário Márcio Vaccaro tornou-se sócio de Merísio em diversos empreendimentos.

Instagram/Márcio Vaccaro

Enquanto Vaccaro e Gavazzoni andavam às voltas com os tribunais, Merísio continuou se movendo na máquina pública, inflando os negócios da família e pavimentando seu caminho ao governo estadual.

Um funcionário de seu gabinete na Assembleia Legislativa há 13 anos é sócio de uma terceira empresa hidroelétrica, a Foz do Uvá Energética. Manoel Mario de Jesus mora numa casa simples em São José, região metropolitana de Florianópolis. A empresa dele está sediada num escritório de contabilidade em uma avenida residencial de Chapecó, a 553 quilômetros da capital. Para entrar na sociedade, ele teve de colocar R$ 600 mil. Seu salário mensal é de R$ 5 mil.

O funcionário de Merísio não está sozinho na Foz do Uvá, aberta em 2010, quando Gelson Merísio era o presidente do Legislativo catarinense. O empreendimento parece suprapartidário. A sociedade é composta, entre outros, também por uma empresa controlada pelo chefe da Casa Civil de Florianópolis e filho do deputado federal Jorginho Mello (candidato ao Senado pelo PR); por um suplente de vereador na Câmara de Chapecó; e pela mulher de um ex-deputado estadual do PT que teve os direitos políticos cassados por irregularidades praticadas quando prefeito do município de Rio do Sul (SC). Procurado pelo Intercept, Filipe Mello, filho de Jorginho, disse que comprou uma “cota” do projeto, mas que ele nunca foi efetivado.

facebook-cancun-1538173260

Facebook/Rozangela Vaccaro

E foram todos pra Cancún

A associação com os Vaccaro rendeu à MANG, de Merísio, outras duas participações importantes no setor energético – uma delas, a mais vistosa até aqui. A Rio Tainhas Geração de Energia Ltda foi aberta em 2008, no mesmo endereço que depois serviria de caixa postal para as demais PCHs. A Rio Tainhas já tem autorização para operar a PCH Salto do Sóque e está expandindo seus negócios. No meio do caminho, a PCH Águas do Rio Irani, que tem a firma familiar de Merísio na sua fundação, virou sócia da Rio Tainhas, com 50% do capital. Um outro sócio da Rio Tainhas é Neimar Brusamarello, ex-secretário municipal em Xanxerê. Ele é a quarta pessoa na foto daquela reunião de 2013 com Merísio, Vaccaro e Gavazzoni.

‘Vaccaro também é sócio de aliados de Merísio.’

O outro presente para a família Merísio veio no mês passado, durante a campanha eleitoral. A Rafitec tinha a autorização do governo para explorar a PCH Barra das Águas. Mas, em 7 de agosto, a Agência Nacional de Energia Elétrica deu sinal verde para que Vaccaro transferisse a licença da pequena central hidrelétrica para a PCH Águas do Rio Irani – da qual a família Merísio tem sociedade. A capacidade total da usina, ainda em construção, será de 8.500 kW. Tomando por base um preço conservador de R$ 200 por mWh, conforme praticado em leilões de energia da Aneel, se a usina comercializar toda a energia que é capaz de produzir, o faturamento bruto dessa PCH chegaria a R$ 15 milhões anuais.

Vaccaro também é sócio de aliados do homem que quer governar Santa Catarina. A PCH das Pedras, que já conseguiu garantia de venda de energia via leilão da Aneel, é um exemplo. Os sócios do amigo empresário são o amigo do deputado Neimar Brusamarello e o ex-prefeito de Xanxerê, e agora secretário-executivo da unidade local da Agência de Desenvolvimento Regional de Santa Catarina, Ademar Gasparini.

Vaccaro ainda tem participação na Primaleste Geração de Energia Elétrica Ltda e na Ribeirão Manso Energética Ltda. Em ambas, tem como parceiro Neimar Brusamarello. Ele e Vaccaro são grandes amigos. Em 2016, levaram suas famílias a Cancún para comemorarem seus respectivos aniversários.

Investimento de longo prazo

Gelson Merísio disse, em nota enviada por sua assessoria, ter concedido à família os direitos sobre seus bens, numa “organização de sua situação patrimonial”. “A situação do candidato é absolutamente legal”, pontua a nota.

Sobre as sociedades nas pequenas centrais hidrelétricas, Merísio diz que “não há interesse familiar”. “Os investimentos são em projetos ainda não implantados, os quais, se realizados, poderão garantir um planejamento para o futuro, mesmo na ausência do deputado”.

Merísio não comentou sua relação com Márcio Vaccaro.

Sobre o funcionário de seu gabinete que também tem participação em uma outra empresa de energia, o candidato a governador disse que “sobre a vida privada e pessoal do servidor, não compete ao deputado se pronunciar”.

Vaccaro foi contatado pela reportagem, mas até o momento não respondeu aos questionamentos.

Semana passada o Ministério Público Federal em Chapecó começou uma investigação sobre o enriquecimento de Merísio. Os procuradores chegaram até o candidato graças a uma denúncia feita no dia 21 de setembro por um advogado da cidade, que citou a participação de Merísio na MANG.

The post Gelson Merísio poderia ter morrido no voo da Chape. Com uma rede oculta de hidrelétricas, ele quer governar Santa Catarina. appeared first on The Intercept.

The State of Security: Why Your SOC Needs More Than a SIEM Tool

Cybercrime is becoming more sophisticated by the day. Meanwhile, the price for a breach due to damage and disruption, ransom payments and regulatory fines, is increasing. No wonder there’s more of a need than ever for companies to set up a dedicated SOC using SIEM to identify threats and raise the alarm. But is that […]… Read More

The post Why Your SOC Needs More Than a SIEM Tool appeared first on The State of Security.



The State of Security

Why Your SOC Needs More Than a SIEM Tool

Cybercrime is becoming more sophisticated by the day. Meanwhile, the price for a breach due to damage and disruption, ransom payments and regulatory fines, is increasing. No wonder there’s more of a need than ever for companies to set up a dedicated SOC using SIEM to identify threats and raise the alarm. But is that […]… Read More

The post Why Your SOC Needs More Than a SIEM Tool appeared first on The State of Security.

Stasis For Bitcoin and Alts; New Foundations or Calm Before the Storm?

The cryptocurrency market has ended the weekend in a state of relative stability. Bitcoin and the majority of major altcoins ended Sunday in much the same manner as they started, and now move into October with the possibility of having found some new foundations. Done With Yearly Lows? Bitcoin’s yearly low of $5,984 on August […]

The post Stasis For Bitcoin and Alts; New Foundations or Calm Before the Storm? appeared first on Hacked: Hacking Finance.

User Data and Cookie Consent

nymag.com - We use cookies to give you the best online experience. Their use improves our sites’ functionality and enables our partners to advertise to you. By continuing to use our website or checking the I agr…


Tweeted by @MattErikFischer https://twitter.com/MattErikFischer/status/1046557641328259072

Cloudflare Launches a Low-Cost Domain Registrar, Which Will Also Offer Free Privacy To Customers

Cloudflare, which is celebrating its eighth birthday has announced yet another service: an at-cost domain registrar. From a report: While Cloudflare had already been handling domain registration through the company's Enterprise Registrar service, that service was intended for some of Cloudflare's high-end customers who wanted extra levels of security for their domain names. The new domain registrar business -- called Cloudflare Registrar -- will eventually be open to anyone, and it will charge exactly what it costs for Cloudflare to register a domain. As Cloudflare CEO Matthew Prince wrote in a blog post this week, "We promise to never charge you anything more than the wholesale price each TLD charges." That includes the small fee assessed by ICANN for each registration. Prince said that he was motivated to take the company into the registrar business because of Cloudflare's own experience with registrars and by the perception that many registrars are in the business mostly to up-sell things that require no additional effort. "All the registrar does is record you as the owner of a particular domain," Prince said. "That just involves sending some commands to an API. In other words, domain registrars are charging you for being a middle-man and delivering essentially no value to justify their markup." Charging overhead for that sort of service, Prince said, "seemed as nutty to us as certificate authorities charging to run a bit of math." (Cloudflare also provides free SSL certificates.)

Read more of this story at Slashdot.

Fedora 29: elfutils Security Update

LinuxSecurity.com: Fixes CVE-2018-16062, CVE-2018-16402 and CVE-2018-16403. unstrip: Handle SHT_GROUP sections. strip: Handle mixed (out of order) allocated/non-allocated sections. elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. libelf, libdw and all tools now handle extended shnum and shstrndx correctly.

Artificial Intelligence in Security Market By Application (Intrusion Detection, Web Filtering, Anomaly Detection, Firewall, Data Loss Prevention, Distributed Denial of Services); By Technology (Speech Recognition, Machine Learning, Image Processing, Natural Language Processing); By Service Type (Cloud Security, Data Security, Network Security, Identity & Access Security) and by Regional Analysis – Global Forecast by 2017 – 2024

marketresearchengine.com - Artificial intelligence in cyber security will increase efficiency and precision of the system to observe any potential threat in organization’s system. Organizations increasing their horizon to comp…


Tweeted by @odscai https://twitter.com/odscai/status/1046527863460122625

Physicists Investigate Why Matter and Antimatter Are Not Mirror Images

An anonymous reader shares a report: As mismatches go, it's a big one. When physicists bring the Standard Model of particle physics and Einstein's general theory of relativity together they get a clear prediction. In the very early universe, equal amounts of matter and antimatter should have come into being. Since the one famously annihilates the other, the result should be a universe full of radiation, but without the stars, planets and nebulae that make up galaxies. Yet stars, planets and nebulae do exist. The inference is that matter and antimatter are not quite as equal and opposite as the models predict. This problem has troubled physics for the past half-century, but it may now be approaching resolution. At CERN, a particle-physics laboratory near Geneva, three teams of researchers are applying different methods to answer the same question: does antimatter fall down, or up? Relativity predicts "down", just like matter. If it falls up, that could hint at a difference between the two that allowed a matter-dominated universe to form.

Read more of this story at Slashdot.

Crypto Market Update: Japan’s Self-Regulatory Group (JVCEA) Readying Tighter Rules on Digital Assets

A group of cryptocurrency exchange operators in Japan is readying to tighten up measures following recent cyber breach. Action follows reported hack earlier in the month; cryptocurrency exchange Zaif lost an estimated $59.67 million. Self-Regulatory Group Set To Tighten Rules The Japan Virtual Currency Exchange Association (JVCEA) is exploring new rules to safeguard against cyber […]

The post Crypto Market Update: Japan’s Self-Regulatory Group (JVCEA) Readying Tighter Rules on Digital Assets appeared first on Hacked: Hacking Finance.

Mutagen Astronomy – Linux Vulnerability Hits CentOS, Debian, and Red Hat Distros

Researchers have discovered a critical vulnerability that allegedly affects multiple Linux distros. The vulnerability named Mutagen Astronomy allows an attacker

Mutagen Astronomy – Linux Vulnerability Hits CentOS, Debian, and Red Hat Distros on Latest Hacking News.

FBI’s Crime Data Explorer: What the Numbers Say about Cybercrime

What do the numbers say about Cybercrime?  Not much.  No one is using them.  

There is a popular quote often mis-attributed to the hero of Total Quality Management, Edward Deming:  "If you can't measure it, you can't manage it."Its one of the first things I think about every year when the FBI releases their annual Crime Statistics Report, as they just did for 2017.   (The "mis-attributed" is because for all the times he has been quoted, Deming actual said almost the exact opposite.  What he actually said, in "The New Economics," was:  "It is wrong to suppose that if you can’t measure it, you can’t manage it – a costly myth.")

Despite being a misquote, I've used it often myself.  There is no way to tell if you are "improving" your response to a crime type if you don't first have valid statistics for it.  Why the quote always pops to mind, however, is because, in the case of cybercrime, we are doing a phenomenal job of ignoring it in official police statistics.  This directly reflects the ability and the practice of our state and local law enforcement agencies to deal with online crime, hacking, and malware cases.  Want to test it yourself?  Call your local Police Department and tell them your computer has a virus.  See what happens.

It isn't for lack of law!  Every State in the Union has their own computer crime law, and most of them have a category that would be broadly considered "hacking."  A quick reference to all 50 states computer crime laws is here:  State Computer Crime Laws - and yet with a mandate to report hacking to the Department of Justice, almost nobody is doing it.

You may be familiar with the Uniform Crime Report, which attempts to create a standard for measurement of crime data across the nation.  UCR failed to help us at all in Cybercrime, because it focused almost exclusively on eight major crimes that were reported through the Summary Reporting System (SRS):

murder and non-negligent homicide, rape, robbery, aggravated assault, burglary, motor vehicle theft, larceny-theft, and arson.

The data for calendar year 2017 was just released this week and is now available in a new portal, called the Crime Data Explorer.  Short-cut URL:  https://fbi.gov/cde



To capture other crime types, the Department of Justice has been encouraging the adoption of the NIBRS - the National Incident-Based Reporting System.  This system primarily focuses on  52 crime categories, and gathers statistics on several more.  Most importantly for us, it includes several categories of "Fraud Crimes"

  • 2 / 26A / False Pretenses/Swindle/Confidence Game
  • 41 / 26B / Credit Card/ATM Fraud
  • 46 / 26C / Impersonation
  • 12 / 26D / Welfare Fraud
  • 17 / 26E / Wire Fraud
  • 63 / 26F / Identity Theft
  • 64 / 26G / Hacking/Computer Invasion

Unfortunately, despite being endorsed by most every major law enforcement advocacy group, many states, including my own, are failing to participate.  The FBI will be retiring SRS in 2021, and as of September 2018, many states are not projected to make that deadline:
https://www.fbi.gov/file-repository/ucr/nibrs-countdown-flyer.pdf
In the just-released 2017 data, out of the 18,855 law enforcement agencies in the United States, 16,207 of them submitted SRS "old-style" UCR data.  Only 7,073 (42%) submitted NIBRS-style data.

Unfortunately, the situation when it comes to cybercrime is even worse.  For SRS-style reporting, all cybercrimes are lumped under "Fraud".  In 2016, SRS reported 10.6 Million arrests.  Only 128,531 of these were for "Fraud" of which cybercrime would be only a tiny portion.

Of those eight "fraud type" crimes, the 2017 data is not yet available for detailed analysis  (currently most of state data sets, released September 26, 2018, limit the data in each table to only 500 rows.  Since, as an example, Hoover, Alabama, the only city in my state participating in NIBRS, has 3800 rows of data, you can see how that filter is inadequate for state-wide analysis in fully participating states!

Looking at the NIBRS 2016 data as a starting point, however, we can still see that we have difficulty at the state and local police level in understanding these crimes.  In 2016, 6,191 law enforcement agencies submitted NIBRS-style data.  Of those 5,074 included at least some "fraud type" crimes.  Here's how they broke down by fraud offense.  Note, these are not the number of CRIMES committed, these are the number of AGENCIES who submitted at least one of these crimes in 2017:

type - # of agencies - fraud type description
==============================================
 2 - 4315 agencies -  False Pretenses/Swindle/Confidence Game
41 - 3956 agencies -  Credit Card/ATM Fraud
46 - 3625 agencies - Impersonation
12 - 328 agencies - Welfare Fraud
17 - 1446 agencies - Wire Fraud
63 - 810 agencies - Identity Theft
64 - 189 agencies - Hacking/Computer Invasion

Only 189 of the nation's 18,855 law enforcement agencies submitted even a single case of "hacking/computer invasion" during 2016!  When I asked the very helpful FBI NIBRS staff about this last year, they confirmed that, yes, malware infections would all be considered "64 - Hacking/Computer Invasion".  To explore on your own, visit the NIBRS 2016 Map.  Then under "Crimes Against Property" choose the Fraud type you would like to explore.  This map shows "Hacking/Computer Intrusion."  Where a number shows up instead of a pin, zoom the map to see details for each agency.

Filtering the NIBRS 2016 map for "Hacking/Computer Intrusion" reports
 As an example, Zooming the number in Tennessee, I can now see a red pin for Nashville.  When I hover that pin, it shows me how many crimes in each NIBRS category were reported for 2017, including 107 cases of Wire Fraud, 34 cases of Identity Theft, and only 3 cases of Hacking/Computer Invasion:

Clicking on "Nashville" as an example

I have requested access to the full data set for 2017.  I'll be sure to report here when we have more to share.






FBI Solves Mystery Surrounding 15-Year-Old Fruitfly Mac Malware Which Was Used By a Man To Watch Victims Via their Webcams, and Listen in On Conversations

The FBI has solved the final mystery surrounding a strain of Mac malware that was used by an Ohio man to spy on people for 14 years. From a report: The man, 28-year-old Phillip Durachinsky, was arrested in January 2017, and charged a year later, in January 2018. US authorities say he created the Fruitfly Mac malware (Quimitchin by some AV vendors) back in 2003 and used it until 2017 to infect victims and take control off their Mac computers to steal files, keyboard strokes, watch victims via the webcam, and listen in on conversations via the microphone. Court documents reveal Durachinsky wasn't particularly interested in financial crime but was primarily focused on watching victims, having collected millions of images on his computer, including many of underage children. Durachinsky created the malware when he was only 14, and used it for the next 14 years without Mac antivirus programs ever detecting it on victims' computers. [...] Describing the Fruitfly/Quimitchin malware, the FBI said the following: "The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches." In other words, Durachinsky had used a technique know as port scanning to identify internet or network-connected Macs that were exposing remote access ports with weak or no passwords.

Read more of this story at Slashdot.

Decoding cyber threats

straitstimes.com - The wars of tomorrow will not be entirely fought on the battlefield. Rather, they will also be fought in cyberspace. In the virtual battlefields of the 21st century, the keyboard and mouse will be ju…


Tweeted by @CYSPA_Alliance https://twitter.com/CYSPA_Alliance/status/1046511272609689600

Wikimedia Endowment Gets New $1 Million Backing From Amazon

Amazon has donated $1 million to the Wikimedia Endowment, a fund supporting Wikipedia, the e-commerce giant said this week. From a report: The gift was intended to support Wikipedia and its nonprofit parent Wikimedia, which Amazon relies on for answers on its Alexa voice assistant. It was Amazon's first ever to the free online information and education organization. "We are grateful for Amazon's support, and hope this marks the beginning of a long-term partnership to supporting Wikipedia's future," Wikipedia founder Jimmy Wales said in a statement.

Read more of this story at Slashdot.

CVE-2018-17798

An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

CVE-2018-17796

An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The WebParam.java file directly accepts the FIELD_T parameter in a request and uses it as a hash of SQL statements without filtering, resulting in a SQL injection vulnerability in getChannel() in the ChannelService.java file.

CVE-2018-17795

The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.

CVE-2018-17797

An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

Weekly Forecast: Crypto Markets Show Poise as Bitcoin Dominance Rate Falls Below 51%

Low volumes and tight trading ranges characterized the cryptocurrency market this weekend, as major assets consolidated after last week’s sharp recovery. XRP was the notable exception, as prices returned above $0.60 on positive news concerning commercialization and political advocacy. Traditional markets fared better than expected in September – a historically volatile month for stocks – […]

The post Weekly Forecast: Crypto Markets Show Poise as Bitcoin Dominance Rate Falls Below 51% appeared first on Hacked: Hacking Finance.

Ubuntu Linux 18.10 Cosmic Cuttlefish Beta Now Available For Desktop, Cloud and Server Versions

Roughly three weeks ahead of the scheduled release of Ubuntu Linux 18.10 "Cosmic Cuttlefish", the latest major update for the popular Linux distro, beta of all of its flavors -- desktop, cloud and server -- is now available for download. From a report: Codenamed 'Cosmic Cuttlefish,' 18.10 continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, introducing new features and fixing bugs," says Adam Conrad, Software Engineer, Canonical. Conrad further says, "This beta release includes images from not only the Ubuntu Desktop, Server, and Cloud products, but also the Kubuntu, Lubuntu, Ubuntu Budgie, UbuntuKylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu flavours. The beta images are known to be reasonably free of showstopper CD build or installer bugs, while representing a very recent snapshot of 18.10 that should be representative of the features intended to ship with the final release expected on October 18th, 2018." Further reading: Canonical Shares Desktop Plans For Ubuntu 18.10.

Read more of this story at Slashdot.

May refuses to apologise for ‘hostile environment’ immigration policies that led to Windrush scandal – Politics live

theguardian.com - When Andrew Marr interviewed Jeremy Corbyn in Liverpool last week, he devoted much of it to antisemitism and invited Corbyn (without much success) to deliver some form of mea culpa on air to the Jewi…


Tweeted by @andyjameshicks https://twitter.com/andyjameshicks/status/1046481364495867904

Week in review: First-ever UEFI rootkit, Apple DEP vulnerability, new tactics subvert traditional security measures

Here’s an overview of some of last week’s most interesting news and articles: What do you mean by storage encryption? Depending on the threat context and how you define “storage encryption,” it can be a highly effective control or a complete waste of resources. Phorpiex bots target remote access servers to deliver ransomware Threat actors are brute-forcing their way into enterprise endpoints running server-side remote access applications and attempting to spread the GandCrab ransomware onto … More

The post Week in review: First-ever UEFI rootkit, Apple DEP vulnerability, new tactics subvert traditional security measures appeared first on Help Net Security.

5 Things To Watch Next Week

US Stocks Continue rally 10 years After The Bloody October? S&P 500 Index Futures, 4-Hour Chart Analysis 10 years ago the major stock markets crashed in October across the board, with the financial crisis, which has been under way for quite a while entering its “mainstream” phase. Today, stock markets are in a very different […]

The post 5 Things To Watch Next Week appeared first on Hacked: Hacking Finance.

Linux Kernel Finally Nearing Support For The Apple Magic Trackpad 2, Thanks To a Google Employee

Michael Larabel, writing for Phoronix: Apple announced the Magic Trackpad 2 almost three years ago to the day while the mainline Linux kernel will finally be supporting this multi-touch device soon. The Magic Trackpad 2 is a wired/wireless touchpad with haptic feedback support and is a much larger touchpad compared to the original Magic Trackpad. There unfortunately hasn't been any mainline Linux kernel support for the Magic Trackpad 2, but some out-of-tree options. [...] However, as seen by this bug report there have been plenty of people since 2015 interested in using the Magic Trackpad 2 on Linux. Fortunately, Sean O'Brien of Google's Chrome OS team has been working on Magic Trackpad 2 support with a focus on getting it mainlined. The patch, which was also reviewed by other Google/ChromeOS developers, is now up to its third and perhaps final revision.

Read more of this story at Slashdot.

Tron Latest Update: Justin Sun Delivers Promising News On the Platform’s Development and Progress

Justin Sun conducted a live stream to update viewers on the latest happenings with the Tron network. TRX/USD edges over vital descending trend line, further cementing the current recovery trend. Tron’s Superiority vs. Other Blockchains Justin Sun, as promised via his Twitter account, held a live-steam to update the community where he providing pleasant insight […]

The post Tron Latest Update: Justin Sun Delivers Promising News On the Platform’s Development and Progress appeared first on Hacked: Hacking Finance.

Security Affairs: Estonia sues Gemalto for 152M euros over flaws in citizen ID cards issued by the company

Estonian sues Gemalto for 152 million euros following the security flaws in the citizen ID cards issued by the company that caused their recall in 2017.

Estonian authorities sue the security firm Gemalto for 152 million euros following the security flaws in the citizen ID cards issued by the company that caused their recall in 2017.

“Estonian police are seeking to recover 152 million euros ($178 mln) in a lawsuit filed on Thursday against digital security firm Gemalto, following a recall last year when security flaws were found in citizen ID cards produced by the firm.” reported the Reuters.

“The vulnerabilities to hacker attacks found in government- issued ID cards supplied by the Franco-Dutch company marked an embarrassing setback for Estonia, which has billed itself as the world’s most digitalised “e-government”.”

In November 2017, Estonia announced that it would suspend security digital certificates for up to 760,000 state-issued electronic ID-cards that are using the buggy chips to mitigate the risk of identity theft.

The decision comes after IT security researchers recently discovered a vulnerability in the chips used in the cards manufactured by the Gemalto-owned company Trub AG that open the doors to malware-based attacks.

Estonia cyber

At the time, Estonia had issued 1.3 million electronic ID cards offering citizens online access to a huge number of services through the “e-government” state portal. The Estonian electronic ID cards have been manufactured by the Swiss company Trub AG and its successor Gemalto AG since 2001.

According to Estonia’s Police and Border Guard Board (PPA), Gemalto failed to protect private keys with card’s chip exposing the government IDs vulnerable to cyber attack.

“It turned out that our partner had violated this principle for years, and we see this as a very serious breach of contract,” said PPA’s deputy director-general Krista Aas.

Estonia replaced Gemalto and its predecessor for the supply of ID cards since 2002, with the company Idemia.

“The PPA also said it planned to file separate claims for other breaches of the contract. Estonia had used Gemalto and its predecessor for its ID cards since 2002, but replaced the manufacturer with Idemia after it found serious security flaws last year.“continues the Reuters.

Gemalto hasn’t yet commented the news.

Pierluigi Paganini

(Security Affairs – electronic ID-cards, Estonia)

The post Estonia sues Gemalto for 152M euros over flaws in citizen ID cards issued by the company appeared first on Security Affairs.



Security Affairs

Estonia sues Gemalto for 152M euros over flaws in citizen ID cards issued by the company

Estonian sues Gemalto for 152 million euros following the security flaws in the citizen ID cards issued by the company that caused their recall in 2017.

Estonian authorities sue the security firm Gemalto for 152 million euros following the security flaws in the citizen ID cards issued by the company that caused their recall in 2017.

“Estonian police are seeking to recover 152 million euros ($178 mln) in a lawsuit filed on Thursday against digital security firm Gemalto, following a recall last year when security flaws were found in citizen ID cards produced by the firm.” reported the Reuters.

“The vulnerabilities to hacker attacks found in government- issued ID cards supplied by the Franco-Dutch company marked an embarrassing setback for Estonia, which has billed itself as the world’s most digitalised “e-government”.”

In November 2017, Estonia announced that it would suspend security digital certificates for up to 760,000 state-issued electronic ID-cards that are using the buggy chips to mitigate the risk of identity theft.

The decision comes after IT security researchers recently discovered a vulnerability in the chips used in the cards manufactured by the Gemalto-owned company Trub AG that open the doors to malware-based attacks.

Estonia cyber

At the time, Estonia had issued 1.3 million electronic ID cards offering citizens online access to a huge number of services through the “e-government” state portal. The Estonian electronic ID cards have been manufactured by the Swiss company Trub AG and its successor Gemalto AG since 2001.

According to Estonia’s Police and Border Guard Board (PPA), Gemalto failed to protect private keys with card’s chip exposing the government IDs vulnerable to cyber attack.

“It turned out that our partner had violated this principle for years, and we see this as a very serious breach of contract,” said PPA’s deputy director-general Krista Aas.

Estonia replaced Gemalto and its predecessor for the supply of ID cards since 2002, with the company Idemia.

“The PPA also said it planned to file separate claims for other breaches of the contract. Estonia had used Gemalto and its predecessor for its ID cards since 2002, but replaced the manufacturer with Idemia after it found serious security flaws last year.“continues the Reuters.

Gemalto hasn’t yet commented the news.

Pierluigi Paganini

(Security Affairs – electronic ID-cards, Estonia)

The post Estonia sues Gemalto for 152M euros over flaws in citizen ID cards issued by the company appeared first on Security Affairs.

MX Player, a Video App Used By More Than 175 Million Users, Debuts OTT Service. Android Enthusiasts Express Concern.

MX Player, a video app which has been downloaded more than 500 million times across the globe, kickstarted its OTT (online video streaming) service in India, one of its largest markets, this week. MX Player, which is popular worldwide, has earned a loyal user base over the years for being the app that can run any video file you throw at it, even if your smartphone, tablet, or Android TV box doesn't have high-end specs or updated software. It was acquired by Times Internet, an India-based conglomerate this June, and now the big giant is beginning to show what it intends to do with the app. From a report: [...] All of these titles, including those produced by Times Internet, are now available to MX Player users in India at no charge, Karan Bedi, CEO of MX Player, told VentureBeat in an interview. Like most of Times Internet's properties, which include several TV channels and newspapers, MX Player will count on ads to generate revenue. Betting on ad-driven business model, a popular path in developing markets, could help MX Player quickly convince its existing user base to give the streaming offerings a try as it begins to compete in the Indian market. Star India's ad-supported service Hotstar, which offers about 80 percent of its catalog to customers for free, currently leads the video streaming market in the country. Going forward, Bedi said, the company remains committed to making investments in what made MX Player so popular among customers: The ability to play a plethora of video files on low-end devices. The company won't be bringing its new streaming offerings to the paid version of the MX Player app, MX Pro, he said. Additionally, MX Player's streaming offerings are limited to India, one of its largest markets, for now, although Bedi said the company is working on the right content catalog for other regions. Over at Android sub-reddit, where this story has been discussed, dozens of users expressed their concerns on the direction MX Player appears to be headed.

Read more of this story at Slashdot.

Earn online

promo.expertoption.com - I earn at ExpertOption! I was searching for online income for years. I tried lots of brokers and finally has stopped with this website! After phone consulations and training I earned first good money…


Tweeted by @Homa96734058 https://twitter.com/Homa96734058/status/1046451195173359616

System76’s Much-Anticipated Open Source ‘Thelio’ Linux Computer Will Be Available To Pre-Order Starting Next Month, But Shipping Date and Specs Remain Unclear

Brian Fagioli, writing for BetaNews: When you buy a System76 computer today, you aren't buying a machine manufactured by the company. Instead, the company works with other makers to obtain laptops, which it then loads with a Linux-based operating system -- Ubuntu or its own Pop!_OS. There's nothing really wrong with this practice, but still, System76 wants to do better. The company is currently working to manufacture its own computers ("handcrafted") right here in the USA. By doing this, System76 controls the entire customer experience -- software, service, and hardware. This week, the company announces that the fruits of its labor -- an "open-source computer" -- will be available to pre-order in October. Now, keep in mind, this does not mean the desktop will be available next month. Hell, it may not even be sold in 2018. With that said, pre-ordering will essentially allow you to reserve your spot. To celebrate the upcoming computer, System76 is launching a clever animated video marketing campaign.

Read more of this story at Slashdot.

Apple DEP Authentication Flaw Leaves Devices Vulnerable To Malicious MDM Enrolling

Researchers discovered a vulnerability in the Apple’s Device Enrollment Program (DEP). This Apple DEP authentication flaw could allow potential attackers

Apple DEP Authentication Flaw Leaves Devices Vulnerable To Malicious MDM Enrolling on Latest Hacking News.

IOTA Price Analysis: New Proof of Stake Technology Improves the Case for an Imminent Breakout

IOTA announces a new proof of concept technology known as Tangle, promising to revolutionize the society. The price of IOTA has been narrowing, like several of its peers, a breakout could be near. IOTA announces new proof of concept technology The IOTA foundation recently had an event which was hosted by Arump, a global design […]

The post IOTA Price Analysis: New Proof of Stake Technology Improves the Case for an Imminent Breakout appeared first on Hacked: Hacking Finance.

Spotify Web Player- Listen Music Online In Browser

Spotify is possibly the most popular music streaming service. Spotify has a massive collection of songs with artists all across the globe. One of the major highlights of Spotify that is missing on other services like Apple Music is the ability to play music online via a web-browser.

Spotify Web Player eliminates the need of downloading and installing additional software to listen to music. So here’s everything you need to know about Spotify Web Player.

Spotify Web Player Login

You can use Spotify Web Player on any major browser like chrome, firefox, edge, opera and many more. It is worth noting that, as of 10th September 2017 Spotify’s Web Player no longer supports Safari. That said, you can still use Spotify on Mac computers using the Spotify application.

To use Spotify Web Player simply open the link play.Spotify.com and sign in with your Spotify account.

This Spotify browser-based web player offers almost every feature found on the Spotify app. Using Spotify web-player you can create playlists, browse featured recommendations, search for your favourite artists and songs, and even enjoy the Radio mode. Well, if you are using the free Spotify plan then occasional advertisements won’t annoy you.

Spotify Web Player Not Working

The Spotify web-payer can be considered as a full-fledged application that requires a decent amount of resources for its proper functioning. Well, if due to some reasons the UI of Spotify web-player is not responding or the songs are not playing, then you can try these three easy tricks.

1. Check Your Internet connection.

The first and foremost reason as to why Spotify is not working properly might be due to some issue in your Internet connection. Firstly, restart your router and if that doesn’t work contact your ISP for help.

2. Check anti-virus and firewall settings.

If you notice that Spotify is the only website that you can’t open, then there could be any anti-virus or firewall that is blocking you from accessing the service. Tweak the settings of your anti-virus and firewall, this may solve the issue.

3. Remove browser cache files.

A majority of modern browser cache images and web pages so that it seems that the website is loading faster. This cached data can sometimes cause errors. Consequently, clearing up all of your browsing data may solve many issues from your browser.

Spotify Web Player Mobile

Spotify has a very impressive smartphone application. That said, if you still want to use Spotify web player on mobile then there’s no way you can do so.

Well, if you open the Spotify web-page then you will be directed to Spotify application. Next up, if you open Spotify web-page switching to the desktop site mode, then you can open the log-in page. Once you log-in Spotify will detect that resolution of your device and redirect you to the application.

As Android is based on Linux, Spotify may even ask you to manually install the Spotify software on your Linux computer. Consequently, its impossible to run Spotify Web Player on mobile.

Spotify Web Player: Cons

There’s definitely some difference between Spotify web player and Spotify application. So these are three major issues or features that you will kiss-out on Spotify web player.

  • The quality or bit rate of music is comparatively low on Spotify web player. Well, Spotify web player offers 128kbps instead of 160kbps on Spotify desktop for free subscribers. While users premium subscribers get 256kbps instead of 320kbps. This won’t be an issue for casual users, but audio enthusiasts may not like this.
  • Spotify web player doesn’t support media playback controls on your computer, headphones, or Bluetooth devices.
  • Lastly, premium subscribers can’t download songs from Spotify web player.

Overall, in many instances, the Spotify web player is a good service. You can enjoy your personal favourite music if you are using someone’s else computer. Also, it’s good if your work revolves around a particular browser.

Do share your thoughts and opinions on Spotify web player in the comments section below.

The post Spotify Web Player- Listen Music Online In Browser appeared first on TechWorm.

New York’s Free LinkNYC Internet Kiosks Are Now Used By 5 Million Users, Who Have Participated in 1 Billion Sessions and Make 500,000 Phone Calls a Month

An anonymous reader shares a report: In 2014, in a bid to replace the more than 11,000 aging payphones scattered across New York City's pedestrian walkways with more functional fixtures, Mayor Bill de Blasio launched a competition -- the Reinvent Payphones initiative -- calling on private enterprises, residents, and nonprofits to submit designs for replacements. In the end, LinkNYC -- a plan proposed by consortium CityBridge -- secured a contract from the city, beating out competing proposals with electricity-generating piezoelectric pressure plates and EV charging stations. The plan was to spend $200 million installing as many as 10,000 kiosks, or Links, that would supply free, encrypted gigabit Wi-Fi to passers-by within 150 feet. They would have buttons that link directly to 911 and New York's 311 service and free USB charging stations for smartphones, plus wired handsets that would allow free calls to all 50 states and Washington, D.C. And perhaps best of all, they wouldn't cost the city a dime; advertising would subsidize expansion and ongoing maintenance. The Links wouldn't just get urbanites online and let them juice their phones, though. The idea was to engage users, too, principally with twin 55-inch high-definition displays and tethered Android tablets with map functions. Mike Gamaroff, head of innovation at Kinetic, characterized the Links in 2016 as "first and foremost a utility for the people of the city, that also doubles up as an advertising network." Two years after the deployment of prototypical kiosks in Manhattan, Intersection -- a part of the aforementioned CityBridge, which with Qualcomm and CIVIQ Smartscapes manages the kiosks -- is ready to declare them a success. The roughly 1,600 Links recently hit three milestones: 1 billion sessions, 5 million users, and 500,000 phone calls a month. Recommended reading: Free Municipal Wi-Fi May Be the Next Front In the War Against Privacy.

Read more of this story at Slashdot.

Google may pay $9 billion to remain default search engine on Apple’s Safari

Google could reportedly pay Apple $9 billion to stay Safari’s default search engine

Google is reportedly willing to pay Apple a whopping $9 billion in 2018 to keep its largest search engine running as default on iPhone and iPad’s Safari browser, according to Goldman Sachs analyst Rod Hall (via Business Insider).

“We believe this revenue is charged ratably based on the number of searches that users on Apple’s platform originate from Siri or within the Safari browser. We believe Apple is one of the biggest channels of traffic acquisition for Google,” Hall was quoted as saying by Business Insider. However, this number could increase to $12 billion in 2019, according to the Goldman analyst.

The payment of $9 billion is a huge figure considering that Google paid Apple around $1 billion in 2013 and 2014. In 2017, this figure was estimated to have swollen to $3 billion, according to analysts.

Even though neither Google nor Apple has ever shared the exact terms of their agreement, most analysts believe that the payments are billions of dollars per year.

While Apple uses Google as the default search engine in Safari on iOS devices such as iPhones and iPads, the Cupertino giant also uses Bing for other purposes such as searching the web through Siri.

Currently, the browser industry is dominated by Google Chrome dominates with 59.7 percent, while Safari comes in at second place with 14.5 percent in the browser category.

The post Google may pay $9 billion to remain default search engine on Apple’s Safari appeared first on TechWorm.

Tim Berners-Lee Announces Solid, an Open Source Project Which Would Aim To Decentralize the Web

Tim Berners-Lee, the founder of the World Wide Web, thinks it's broken and he has a plan to fix it. The British computer scientist has announced a new project that he hopes will radically change his creation by giving people full control over their data. Tim Berners-Lee: This is why I have, over recent years, been working with a few people at MIT and elsewhere to develop Solid, an open-source project to restore the power and agency of individuals on the web. Solid changes the current model where users have to hand over personal data to digital giants in exchange for perceived value. As we've all discovered, this hasn't been in our best interests. Solid is how we evolve the web in order to restore balance -- by giving every one of us complete control over data, personal or not, in a revolutionary way. Solid is a platform, built using the existing web. It gives every user a choice about where data is stored, which specific people and groups can access select elements, and which apps you use. It allows you, your family and colleagues, to link and share data with anyone. It allows people to look at the same data with different apps at the same time. Solid unleashes incredible opportunities for creativity, problem-solving and commerce. It will empower individuals, developers and businesses with entirely new ways to conceive, build and find innovative, trusted and beneficial applications and services. I see multiple market possibilities, including Solid apps and Solid data storage. Solid is guided by the principle of "personal empowerment through data" which we believe is fundamental to the success of the next era of the web. We believe data should empower each of us. Imagine if all your current apps talked to each other, collaborating and conceiving ways to enrich and streamline your personal life and business objectives? That's the kind of innovation, intelligence and creativity Solid apps will generate. With Solid, you will have far more personal agency over data -- you decide which apps can access it. In an interview with Fast Company, he shared more on Solid and its creation: "I have been imagining this for a very long time," says Berners-Lee. He opens up his laptop and starts tapping at his keyboard. Watching the inventor of the web work at his computer feels like what it might have been like to watch Beethoven compose a symphony: It's riveting but hard to fully grasp. "We are in the Solid world now," he says, his eyes lit up with excitement. He pushes the laptop toward me so I too can see. On his screen, there is a simple-looking web page with tabs across the top: Tim's to-do list, his calendar, chats, address book. He built this app -- one of the first on Solid -- for his personal use. It is simple, spare. In fact, it's so plain that, at first glance, it's hard to see its significance. But to Berners-Lee, this is where the revolution begins. The app, using Solid's decentralized technology, allows Berners-Lee to access all of his data seamlessly -- his calendar, his music library, videos, chat, research. It's like a mashup of Google Drive, Microsoft Outlook, Slack, Spotify, and WhatsApp. The difference here is that, on Solid, all the information is under his control. Every bit of data he creates or adds on Solid exists within a Solid pod -- which is an acronym for personal online data store. These pods are what give Solid users control over their applications and information on the web. Anyone using the platform will get a Solid identity and Solid pod. This is how people, Berners-Lee says, will take back the power of the web from corporations. Starting this week, developers around the world will be able to start building their own decentralized apps with tools through the Inrupt site. Berners-Lee will spend this fall crisscrossing the globe, giving tutorials and presentations to developers about Solid and Inrupt. "What's great about having a startup versus a research group is things get done," he says. These days, instead of heading into his lab at MIT, Berners-Lee comes to the Inrupt offices, which are currently based out of Janeiro Digital, a company he has contracted to help work on Inrupt. For now, the company consists of Berners-Lee; his partner John Bruce, who built Resilient, a security platform bought by IBM; a handful of on-staff developers contracted to work on the project; and a community of volunteer coders. Later this fall, Berners-Lee plans to start looking for more venture funding and grow his team. The aim, for now, is not to make billions of dollars. The man who gave the web away for free has never been motivated by money. Still, his plans could impact billion-dollar business models that profit off of control over data. It's not likely that the big powers of the web will give up control without a fight.

Read more of this story at Slashdot.

Trade Recommendation: Verge

The Verge/Bitcoin (XVG/BTC) pair came off lows of 0.00000165 on August 14, 2018. At this price, the pair has lost over 90% of its value from the 2018 high of 0.0000171. Like many altcoin pairs, however, XVG/BTC started to show signs of life just as the situation looked hopeless. The market climbed to as high […]

The post Trade Recommendation: Verge appeared first on Hacked: Hacking Finance.

Firefox Monitor Has Begun To Track Breached Email Addresses

Mozilla has finally launched Firefox Monitor a website that connects to the TroyHun’s Have I Been Pwned? (HIBP) one of

Firefox Monitor Has Begun To Track Breached Email Addresses on Latest Hacking News.

New Spray-On Coating Can Make Buildings, Cars, and Even Spaceships Cooler

Long-time Slashdot reader davidwr and Iwastheone both submitted this story about "a paint-like coating that facilitates what is known as 'passive daytime radiative cooling,' or PDRC for short...when a surface can efficiently radiate heat and reflect sunlight to a degree that it cools itself even if it's sitting in direct sunlight." BGR reports on research from the Columbia School of Engineering: Their newly-invented coating has "nano-to-microscale air voids that acts as a spontaneous air cooler," which is a very technical and fancy way of saying that the coating is great at keeping itself cool all on its own. "The air voids in the porous polymer scatter and reflect sunlight, due to the difference in the refractive index between the air voids and the surrounding polymer," Columbia writes in a post. "The polymer turns white and thus avoids solar heating, while its intrinsic emittance causes it to efficiently lose heat to the sky." It sounds great, but the best news is that it can be applied to just about anything, from cars to spaceships and even entire buildings. The team believes their invention would be an invaluable resource for developing countries in sweltering climates where air conditioning is impractical or unavailable.

Read more of this story at Slashdot.

liquid thoughts: Still Hope

As I sit here in our new home with my beautiful baby boy Edgar napping and my wonderful wife Emily working around the house, I am trying hard to put together another article describing why and how this text stuff needs to happen. I think there is still hope Doug.

I really hope Edgar will grow up with more powerful intellectual tools.

The article I am working on is called “In This Information War, Arm The Citizenry”. No link yet.

 

 



liquid thoughts

Crypto Update: Coins Drift Higher as Ripple Hits $0.60 Again

The major cryptocurrencies continued the relatively quiet weekend so far today, with only Ripple’s rally making headlines in the segment. Trading volumes are low, as is volatility, and most of the top coins are stuck in very narrow short-term ranges. The mixed short-term and bearish long-term outlook is intact, but Ripple’s strength led to an […]

The post Crypto Update: Coins Drift Higher as Ripple Hits $0.60 Again appeared first on Hacked: Hacking Finance.

Bitcoin Price Stabilizes Above $6,600; Bullish Bias Still Intact

Bitcoin held within a narrow range on Sunday, as markets eyed a bigger recovery following last week’s bullish crossover. The largest digital currency by market capitalization is once again showing signs of stability, which is a positive sign for long-term holders. BTC/USD Update Bitcoin’s price reached a high of $6,662.80 on Bitfinex Sunday, as calm […]

The post Bitcoin Price Stabilizes Above $6,600; Bullish Bias Still Intact appeared first on Hacked: Hacking Finance.