News & Updates

Enlarge (credit: Yale University Press)

In February 2003, the largest demonstration in Britain’s history saw two million people march across London to protest the approaching Iraq War. Dozens of other cities across the world saw similar events, and yet.

Why did politicians feel safe ignoring the millions who participated in those marches—yet stand down after the protests against the proposed intellectual property laws SOPA and PIPA? Why did Occupy apparently vanish while the Tea Party has embedded itself into US national electoral politics? How much did Facebook really have to do with the Arab Spring? How—and this is the central question technosociologist Zeynep Tufecki considers in her new book, Twitter and Tear Gas: The Power and Fragility of Networked Protest—do digital media change the reality and effectiveness of social protest?

Over the quarter-century since the Internet went mainstream, much has been written and argued about digital technologies’ ability to transform disparate individuals into a movement. Dismissives argue that social media-fueled movements are too fragile and their participants too uncommitted to achieve much. (Writing in Slate, Tufecki found that tone in Evgeny Morozov’s The Net Delusion, despite broad agreement that oppressive governments are sufficiently smart and motivated to harness these technologies for self-preservation.) Online-protest optimists saw the Arab Spring as evidence that these enabling tools create democratic change. And there are those who presume that governments will never be digitally literate or quick enough to take advantage, an early example being John Perry Barlow’s 1996 essay A Declaration of the Independence of Cyberspace.

Read 10 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

The Emmy-nominated showrunners of The Americans, Joel Fields (L) and Joe Weisberg (R), sat down with Ars at ATX Television Fest 2017. One of ’em is a regular reader who enjoys our iOS and macOS reviews (but will revert to a flip phone when the show isn’t in production). (video link)

Warning: This post contains mild spoilers from the first five seasons of The Americans.

AUSTIN, Texas—On its surface, FX’s The Americans is a sleeper-cell spy drama set in DC during the Cold War. But fans will quickly tell you the show’s more about relationships and the difficulties of family and marriage; the show’s creators echo this sentiment, too.

“If you really look at the show honestly, the picture it paints of marriage is that there’s a lot of ups, a lot of downs, and it’s not an easy road,” showrunner Joe Weisberg says to fellow showrunner Joel Fields. The duo met up with Ars during this summer’s ATX Television Festival, and this author’s recent wedding comes up pre-interview. “He’s right at the beginning; he just got married. I don’t know if I want to lay out for him what’s really ahead.”

Read 20 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / These bikes have not been thrown into the Puget Sound… yet. (credit: Sam Machkovech)

SEATTLE—Let’s say you want to whisk across a city’s downtown at a pace somewhere between walking and taxiing, and you’re not interested in bus waits or looking like a dork on a hoverboard. How about a bike? How about a bike that you can pick up on practically any street corner, then leave behind in the same fashion when you’re done?

That’s the promise of not one but two bike-sharing efforts (Spin and LimeBike) that launched in Seattle this week. They differ largely from another former Seattle bike-sharing program, Pronto, in that they don’t require any official docks. Take a bike; leave a bike. It’s the two-wheeled equivalent of app-powered, car-sharing services like Daimler AG’s Car2Go and BMW’s ReachNow, only with a much cheaper rate of $1 per half hour of use.

Upon hearing about these services launching in my town, I got excited. Hop from place to place with shared bikes and my phone? Cool! But a few days of intermittent use—and some very odd encounters—have cooled my pedaling heels.

Read 20 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Yes, folks, this was once a revolutionary experience in gaming.

In the early 1950s, just as rock ‘n’ roll was hinting at social change, the first video games were quietly being designed in the form of technology demonstrations—and a scientist was behind it. In October 1958, Brookhaven National Laboratory physicist William Higinbotham created Tennis for Two. Despite graphics that are ridiculously primitive by today’s standards, it has been described as the first video game in history.

Higinbotham was inspired by the government research institution’s Donner Model 30 analog computer, which could simulate trajectories with wind resistance, and the game was designed for display at an annual public exhibition. Although his purpose in creating the game was rather academic, Tennis for Two turned out to be a hit at the three-day exhibition, with thousands of students lining up to see the game.

At first glance, today’s video gamers and scientists might appear to be worlds apart. But starting with Tennis for Two, video games have quietly and consistently been within the purview of academic study. Each generation of gamers has seen new titles created at various research institutions in order to explore programming, human-computer interaction, and algorithms. Lesser-known chapters of history reveal these two worlds are not as far apart as you might think.

Read 24 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

It is good news for ‘Fifty Shades Darker’ stars, Jamie Dornan & Dakota Johnson. The movie is rapidly moving to the top of the DVD and Blu-ray chart in the UK. Also in a recent interview, the Irish actor talked about his innermost fears and the reason behind them. Check out in detail! “Fifty Shades […]

The post Jamie Dornan and Dakota Johnson ‘Fifty Shades Darker’ is on Top; Irish Actor Fears Losing Life appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

The security researcher Vikas Anil Sharma exploited an unrestricted File Upload vulnerability in a PayPal Server to remotely execute code.

The security researcher Vikas Anil Sharma has found a remote code execution vulnerability in a PayPal server.

The expert was visiting the PayPal Bug Bounty page using the Burp software, below the response obtained opening the page http://paypal.com/bugbounty/.

PayPal server hack

The expert focused his analysis on the list of PayPal’s domains mentioned in “Content Security Policy:” Response Header, in particular, the “https://*.paypalcorp.com.

In this first phase, the hacker was interested in finding as much possible valid sub domains to exploit in the attack, tools like Subbrute , Knockpy , enumall, are useful when performing such kind of analysis.

“these are the tools which i normally use , but being lazy on the weekend i made use of VirusTotal this time to enumerate the sub domains you can get the list here :

https://www.virustotal.com/en/domain/paypalcorp.com/information/

Copied the subdomain’s list locally & ran “dig -f paypal +noall +answer” to checkout where all the subdomains are actually pointing to in a neat way” wrote the researcher.

The expert noticed that the domain “brandpermission.paypalcorp.com” was pointing to “https://www.paypal-brandcentral.com/” that is a site hosting an Online Support Ticket System for PayPal Vendors, Suppliers, and Partners where they request for PayPal Brand Permissions.

The website allows users to upload the mockups of the logos and any graphics related to the brand along. The expert decided to create a ticket by uploading a simple image and analyze the folder destination of the picture.

“So, I first created a ticket by uploading a simple image file named “finished.jpg” which got stored as ” finished__thumb.jpg ” in directory :

“/content/helpdesk/368/867/finishedthumb.jpg” “finished _thumb.jpg” was the new file created in the directory “/867/” i quickly checked whether the actual file which we uploaded exists in the directory or not, luckily (You’ll know why later in the post ) “finished.jpg” also existed in the same directory. Cool stuff ;)” continue the bug hunter’s post.

Vikas discovered that the above link includes the ticket number, in the specific case the number of the ticket he has created is “368,” meanwhile “867” is the folder’s id where all the files related to the tickets are stored, including the Mockup files.

The researcher created a new ticket and discovered that ticket id and file id numbers are generated in serial manner. The expert uploaded a “.php” extension file instead of an image and discovered that the application did not validate file type, content, etc.

“As soon as i saw 302 Response , i ran towards opening the ticket & doing a simple right click copy link shit like i was able to do when uploading a image file . But,here in this case if you upload a php file as mock up you can’t see the path of the php file uploaded only thing which is visible is the ticket number.” wrote the expert.

Differently, from the uploading of image files, the expert noticed that it was not possible to discover the folder used to store mockup files.

The expert uploaded a file named success.php,” so for a similarity with the image uploading, he assumed that the file was stored as the success_thumb.php.

At this point, he decided to brute force the folder id for files.

PayPal server hack

Once discovered the folder id for files, the researcher tried to execute the code:
https://www.paypal-brandcentral.com/content/_helpdesk/366/865/success.php?cmd=uname-a;whoami

“Some cat+/etc/passwd magic to make myself beleive that i have actually found a RCE ;)” he wrote.

PayPal server 3

Below the timeline for the vulnerability:

  • Jul 08, 2017 18:03 – Submitted
  • Jul 11, 2017 18:03 – Fixed
medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs –  (PayPal server, hacking)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post Expert exploited an unrestricted File Upload flaw in a PayPal Server to remotely execute code appeared first on Security Affairs.

Source: Security affairs

Brad Pitt and Angelina Jolie are leading separate lives and one of the biggest reasons for their separation was the 53-year-old actor’s addiction to alcohol and drugs. He has been going through a lot of trouble in his personal life. His addiction and his behavior towards their kids caused Angie to take the final call and […]

The post Brad Pitt’s ‘Back To Party Ways’ And Sienna Miller Romance Rumors May Make Him Lose Custody Battle appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

One Piece chapter 873 is out and fans are currently eagerly waiting for the chapter 874 to arrive. The previous few chapters of the series have been really exciting as they have focused on how the alliance managed to escape from the Big Mom Pirates. Although they still haven’t properly escaped as the Big Mom […]

The post One Piece Chapter 874 Release Date And Spoilers: How Will The Sanji Retrieval Team Manage To Escape From Big Mom appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

In a major crackdown, the US Department of Justice (DoJ), along with the Europol, have shut down Hansa and AlphaBay, two of the three largest dark web markets. It is estimated that both these marketplaces collectively catered to hundreds of thousands of users who were keen on buying or selling illegal goods including drugs and […]

The post Feds Take Down AlphaBay Dark Web Market | Hansa Market Down Too After Police Covertly Operated it for a Month appeared first on MobiPicker.

Source: http://www.mobipicker.com/feed/

Enlarge (credit: European Network on Invasive Alien Species)

Across the globe, invasive species have caused no end of trouble. Their populations can explode because they have no natural predators. Or they are predators themselves who push native species to the brink of extinction. They can upset ecosystems that had evolved a fine balance.

But, according to a new study published this week in PNAS, not every invasive species is a negative. In some cases where we’ve wiped out a key component of the local ecosystem, an invasive species can take its place. The study’s example? An invasive algae can restore lost habitat to coastal ecosystems, providing a nursery for species like crab and shrimp.

The work that led to this conclusion took place in tidal flats on the coast of North Carolina. Normally, this type of geography is broken up by distinct habitats provided by different organisms: coral reefs, beds of sea grass, and oyster reefs. The habitats formed by these species provide shelter for other species, allowing entire ecosystems to develop. But, over the last century or so, many of these habitats have been wiped out, leaving bare sediment behind.

Read 10 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/