News & Updates

A fuel-sipping uber-luxo SUV? Not quite. A technological marvel? Not exactly. If one definition of luxury is the lack of worry, then this Land Rover Range Rover Td6 achieves it, but for an unexpected reason.

Range Rovers have long been the manifold destiny of the modest-yet-moneyed equine set—those who want to slog through unpaved slop to reach the perfect lake or meadow. And nobody driving one has failed to make it anywhere due to shortcomings off-road; Land Rovers and Range Rovers are the virtual poster dogs for exploring the wooded backlands. But until now, no Land Rover has beached itself onto American shores with diesel power, even though diesel has been an option in Europe for more than 30 years. It’s been all-gasoline Range Rovering in the US, be it with a V8 or a supercharged V6.

However, the upper-crustiest party segment of SUVing has been crashed recently with Bentley’s splash into the vat of beluga caviar with the Bentayga. It’s another leather-lined and hyper-coiffed dreadnought SUV that won’t get out of bed for less than $231,825—the base Range Rover tips the finance scale at just $85,945. The HSE Td6 diesel logs a comparative pittance at a base price of just $94,445, even though the two Brits don’t really compete directly for the same demographic. The uppermost Range Rover—aside from the Holland & Holland Edition, with its outdoor picnic seating and ability to do your taxes—is the V8 Supercharged SV Autobiography long wheelbase model at $200,490.

Read 12 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Democratic National Committee Chair Rep. Debbie Wasserman Schultz (D-Fla.) addresses a campaign rally for Hillary Clinton on Saturday. Wasserman Schultz has said she’ll resign after the Democratic convention. (credit: GASTON DE CARDENAS/AFP/Getty Images)

Late Friday, WikiLeaks published 20,000 internal e-mails from the Democratic National Committee acquired in a hacking attack last month. The dumped messages, including some that had a derisive tone toward primary candidate Bernie Sanders, roiled the Democratic Party on the eve of its convention and led to the resignation yesterday of DNC chief Debbie Wasserman Schultz.

The DNC hack was discovered on June 14, and soon after, some evidence of a Russian connection was found. Now, the belief that the hack was sponsored by the Russian government on some level has been explicitly endorsed by Hillary Clinton’s campaign. Yesterday on CNN’s “State of the Union,” Clinton’s campaign manager, Robby Mook, said Russian hackers are explicitly trying to get Clinton’s opponent, Donald Trump, elected in November.

“I don’t think it’s coincidental that these e-mails were released on the eve of our convention here, and I think that’s disturbing,” Mook told program host Jake Tapper. The leak took place just after the Republican Party changed its platform “to make it more pro-Russian,” Mook added.

Read 11 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

If you’re not interested in the upcoming Xbox One S and its 4K and HDR color capabilities, now might be the perfect time to pull the trigger on the standard, bulkier edition of the Xbox One. As part of a limited time “Summer Sale,” Microsoft is now offering the console at $249 with a 500GB hard drive and your choice of one of a number of games, including Gears of War: Ultimate Edition, Quantum Break, Forza Motorsport 6, Rise of the Tomb Raider, or Rare Replay.

This is actually the third time that the Xbox One has seen its price drop in the last two months. Microsoft lowered the asking price to $299 in late May, just weeks before E3 (though that price had been offered a few times before). Then, during E3, the company announced a new “promotional” price of $279 that was supposed to last through October 1.

This weekend’s additional price drop, coming so soon after E3, could be seen as an indication that the “legacy” consoles aren’t selling so well now that the redesigned and slightly more powerful Xbox One S is about to hit stores. That redesigned system will launch August 2 in a $399 edition sporting a 2TB hard drive. Versions with 1TB and 500GB hard drives will be available for $349 and $299, respectively, at a later date.

Read 2 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Preventable medical error leads to an estimated 200,000 deaths per year in the US, and many of these deaths are caused by mistaken diagnoses. Clearly, making it easier for doctors to avoid errors should be a priority.

One promising avenue could be collective decision-making: pooling the diagnoses of various doctors and using their joint wisdom to hit on the most likely answer. According to a paper in this week’s PNAS, though, this method is only likely to work if all the doctors in the group have the same level of skill.

Obviously, ethics committees are unlikely to allow a team of researchers to toy with patients’ potentially life-or-death diagnoses. So in order to figure out whether collective decision-making would help with the problem, the team combined real-world data with a computer simulation.

Read 11 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

(credit: BBC)

Briton Lauri Love is expected to learn on September 16 whether a judge will rule in favour of his extradition to the US to face charges of alleged hacking, Westminster Magistrates’ Court has heard.

According to his legal representative, Love—who faces charges of hacking as part of the Anonymous collective in 2013—could serve up to 99 years in prison in the US. He is accused of using a security flaw in ColdFusion to gain administrator-level access to servers.

Love is alleged to have been involved in the hack known as #OpLastResort, which targeted the US Army, the US Federal Reserve, the FBI, NASA, and the Missile Defense Agency in retaliation over the suicide, while awaiting trial, of Aaron Swartz.

Read 6 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

A team of researchers has found a couple of critical flaws in PHP and exploited them to hack PornHub, on one of the most popular adult websites.

Diclaimer: This article is written to discuss the security implications and technical aspects of a hack that was recently done. If you by anyway are offended by the topic please feel free move on to other articles. The article is written with an information security perspective with stats and data relating to use keeping in mind professionals are going to read it. It has no explicit content whatsoever.

Pornhub or what many of us may have known as Sex Education 101, had recently organised a bug bounty competition and hence paid three highly dedicated security researchers to find  two major zero-day vulnerabilities.

Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide), discovered two use-after-free vulnerabilities (CVE-2016-5771 and CVE-2016-5773) in PHP’s garbage collection algorithm when it interacts with other PHP objects.

“It all started by auditing Pornhub, then PHP and ended in breaking both…

  • We have gained remote code execution on pornhub.com and have earned a $20,000 bug bounty on Hackerone.
  • We have found two use-after-free vulnerabilities in PHP’s garbage collection algorithm.
  • Those vulnerabilities were remotely exploitable over PHP’s unserialize function.
  • We were also awarded with $2,000 by the Internet Bug Bounty committee (c.f.Hackerone).

wrote Habalov.

Back to how to hack PornHub, the duo used PHP’s unserialize function on the website that handles data uploaded by users, mainly NSFW pictures or videos on paths including :

The zero-day flaw allowed the researchers to reveal the server’s POST data, allowing them to plant a malicious payload and thereby executing it to gainRemote Code Execution (RCE) capability on PornHub’s server.

“It is well-known that using user input on unserialize is a bad idea. In particular, about 10 years have passed since its first weaknesses have become apparent. Unfortunately, even today, many developers seem to believe that unserialize is only dangerous in old PHP versions or when combined with unsafe classes. We sincerely hope to have destroyed this misbelief,” added Habalov.

The flaw allowed them to hack PornHub, they gained a view of the path “/etc/passwd file” that allowed them to execute commands and make PHP run malicious syscalls.

Pornhub paid the team $20,000 for their incredible efforts, and the Internet Bug Bounty HackerOne also awarded the researchers an additional $2,000 for discovering the PHP zero-days.

“Now why this sort of vulnerability matters to me ? ” , will definitely be a question you may ask yourself . Lets answer this “Sanskari “[cultured] side of you with some statistics.

 

hack PornHub

Pornhub is one of the biggest free porn sites on the surface web which got 21.2 billion visits in 2015, with 2.5 million visits per hour, 40,000 visits per minute and 6700 visits per second. It streams 75 GB per second of content and has a bandwidth use of 1892 PETABYTES.

That means one of us has definitely used it for “research” purposes at one point or another. Now how does this matter to the Internet ?

Well according to experts 37% the Internet is porn, which was quoted in 2010 and the number has gotten bigger with Mobile computing and Cloud getting in the mix. In fact, the numbers are so gargantuan that such domains have their own extensions like “.XXX “.

For those who still don’t believe me, please check out this article by Julie Ruvolo on Forbes.

And for those people who still question these numbers feel free to read  Ogi Ogas, one of the amazingly nerdy neuroscientists behind Billion Wicked Thoughts. He and co-author Sai Gaddam are sitting on what they think is “the most comprehensive collection of porn-use stats on the web.”

Happy Researching !!

About the Author: Joshua Bahirvani

Joshua Bahirvani 2Cyber Security Enthusiast and believer of Privacy in this Digital Age.

LinkedIn : https://in.linkedin.com/in/jbahirvani15

Peerlyst: https://www.peerlyst.com/users/joshua-bahirvani

Twitter : @B15joshua

Medium : @jbahirvani15

 

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – hack PornHub, hacking)

The post Researchers exploited PHP Zero-Days to Hack PornHub appeared first on Security Affairs.

Source: Security affairs

Microsoft’s Terry Myerson details the Windows 10 Anniversary Update. (credit: Microsoft)

The final build of the Windows 10 Anniversary Update is build 14393. The update, which provides a range of new features and improvements, represents Microsoft’s last big push to get Windows 7 and 8.1 users to upgrade to Windows 10.

The update is available right now to those who have opted in to the Windows Insider program, and it will be pushed out to Windows 10 users on the current branch on August 2. The free upgrade offer from Windows 7 and 8.1 to Windows 10, however, ends on July 29, leaving Microsoft hoping that the promise of the new update will be enough to get people to make the switch.

For consumers, the big Anniversary Update improvements are in stylus support and Cortana. For as long as Microsoft has been pushing pen interfaces on Windows—the specs for Windows XP Tablet edition came out about 15 years ago—the company has done so as a mouse alternative, with the only major pen-specific feature being handwriting recognition. This never worked well. Finger-based touch interfaces dominated with the rise of the iPhone, but Windows has always retained its pen support, with devices like the Surface Pro 4 and Surface Book shipping with pens.

Read 8 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Transistors will stop shrinking after 2021, but Moore’s law will probably continue, according to the final International Technology Roadmap for Semiconductors (ITRS).

The ITRS—which has been produced almost annually by a collaboration of most of the world’s major semiconductor companies since 1993—is about as authoritative as it gets when it comes to predicting the future of computing. The 2015 roadmap will however be its last.

The most interesting aspect of the ITRS is that it tries to predict what materials and processes we might be using in the next 15 years. The idea is that, by collaborating on such a roadmap, the companies involved can sink their R&D money into the “right” technologies.

Read 11 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

(credit: Clever Cupcakes)

Verizon has confirmed earlier reports that it will buy ailing Internet pioneer Yahoo in an all-cash deal with a price tag of nearly £3.7 billion (~$4.8 billion).

The sale doesn’t include Yahoo’s shares in Alibaba, Verizon said. Yahoo’s Japan shares, its non-core patents, and minority investments are also set to be cut loose from the planned takeover.

Those assets will form part of a new publicly traded company that will be spun out of Yahoo as a separate business. It’s unclear who will head up that firm, however.

Read 7 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/