News & Updates

The newly released Mint 18 is a major upgrade. Not only has the Linux Mint project improved Mint’s dueling desktops (Cinnamon and MATE), but the group’s latest work impacts all underlying systems. With Mint 18, Linux Mint has finally moved its base software system from Ubuntu 14.04 to the new Ubuntu 16.04.

Upgrading to the latest long-term support (LTS) release of Ubuntu means, as with the Mint 17.x series, the Mint 18.x release cycle is now locked to its base for two years. Rather than tracking alongside Ubuntu, Mint 18 and all subsequent releases will stick with Ubuntu 16.04. Mint won’t necessarily get as out of date as Ubuntu LTS releases tend to by the end of their two-year cycle, but this setup does mean nothing major is going to change for quite a while.

If the Mint 17.x release series is anything to judge by, that’s a good thing. Stability allows Mint to focus on its own projects rather than spending development time creating patches for every Ubuntu update. That should be especially good news for the 18.x series since Ubuntu plans to make some major changes in the next two years: moving to a new display server (Mir) and updating its own Unity desktop to Unity 8 are chief among the priorities. Many of those initiatives will impact components that affect downstream users like Mint.

Read 40 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

(credit: Strava)

It’s no secret that apps and programs on your smartphone have a lot of information about you, and now some of them are letting you broadcast some of that information to the world. Facebook Live is a good example of this friendly, social intrusion, but it wasn’t the first example of this, and it certainly won’t be the last. But rather than just exploiting the social aspect of these features, some companies are figuring out how to make broadcasting personal information work for the broadcaster. Strava is the latest company to do this with a new feature called Strava Beacon, which lets athletes share their real-time location with anyone they want.

This is mostly a safety feature—when Beacon is activated, users can go into the Strava app and select three contacts they want to send a notification text to with their location. The contacts can be anyone in their smartphone, so you’re not limited to just Strava user friends. Once selected, a text message will form, either with Strava’s default language or your own custom message, with a link to a real-time map of your location. The link leads to a page on Strava’s website where the people you sent the link to can see where you are as you move throughout your run or ride.

The link will always open in a browser, so your recipients don’t need to have the Strava app—or even be a Strava user—to see your location. This will come in handy for those parents and relatives who aren’t into fitness or who aren’t too tech savvy. The link also isn’t limited to the three contacts you choose within the Strava Beacon feature. You can copy and paste the link anywhere you want, but Strava advises caution when doing this. Common sense is key—if you don’t want strangers seeing where you are, maybe don’t post the link to Facebook or Twitter.

Read 2 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

If you think that the HTTP/2 protocol is more secure than the standard HTTP (Hypertext Transfer Protocol), then you might be wrong, as it took researchers just four months to discover four flaws in the HTTP/2 protocol.

HTTP/2 was launched properly just in May last year after Google bundled its SPDY project into HTTP/2 in February in an effort to speed up the loading of web pages as well as


Source: http://feeds.feedburner.com/TheHackersNews

The Israeli intelligence firm Intsights has breached a Telegram ISIS group, members shared info on US bases in Kuwait, Bahrain, Saudi Arabia.

The Israeli security firm Intsights claims to have breached a Telegram group run by jihadists that were planning to attack a list of US bases in Kuwait, Bahrain, Saudi Arabia.

The company announced to have hacked into a Telegram group on the dark web operated by ISIS members for propaganda and to plan operations. According to a report published by Channel 10, the group is composed of 500 leading activists.

Telegram ISIS

It is a closed group and new members must be introduced by old ones. The group is used by Islamic State members who in turn introduce fellow Islamic State members

“I need to know someone who can vouch for me that I’m cleared for the group, and only then can I join.” said Alon Arvatz, Intsights Co-Founder.

Recently some of the targets have been hit by alleged members of the Islamic State, including the church in the town of Saint-Etienne-du-Rouvray, in Normandy, France. According to Arvatz, the call to organize an attack in Normandy was issued via the Telegram group a few months ago.

The company conducted HUMINT operations by infiltrating the Telegram Groups managed by the IS. On Monday the experts noticed that members of the group were sharing a list of “extremely specific targets” , “with a call to attack them.”

“Telegram is completely encrypted and there’s no fear (among its users) that someone will intercept the messages and understand what you wrote,” said Intsight.

The group it hacked is accessed by Islamic State members who in turn introduce fellow Islamic State members, he said. “I need to know someone who can vouch for me that I’m cleared for the group, and only then can I join.”

Obviously, the group would be closed down following the disclosure of the news.

A Channel 10 TV screenshot ISIS Telegram group

A Channel 10 TV screenshot of the ISIS Telegram group

A Channel 10 TV screenshot apparently showing Islamic State’s Telegram internet group (Channel 10 screenshot)

It is curious to highlight that today I posted another news on Telegram and alleged security issues affecting it. Hackers accessed Telegram accounts in Iran and a security duo investigated the security breach, they will present its findings at the Black Hat Conference.

Arvatz explained that this week a member of the group uploaded a list of American air bases in the Persian Gulf and around the globe inviting other ISIS militants to attack these targets.

“A map uploaded to the Telegram group pinpoints air force bases in the United States, Canada, United Kingdom and other countries of Western Europe, as well as Israeli air force bases.” reported the Times Of Israel.

“Among the high priority targets were air bases in Bahrain and Kuwait being used by the American-led coalition to strike Islamic State targets in Syria and Iraq.”

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Telegram, ISIS)

The post ISIS members shared a list of targets in Kuwait, Bahrain, Saudi Arabia on a Telegram group appeared first on Security Affairs.

Source: Security affairs

Hackers accessed Telegram accounts in Iran, a security duo investigated the security breach and will present its findings at the Black Hat Conference.

15 million Iranian Telegram accounts have been compromised, users have reportedly had their personal information exposed (phone number, Telegram ID).

The security researchers Collin Anderson and Claudio Guarnieri have investigated the case, more than a dozen Telegram accounts were compromised and 15 million Iranian users’ telephone numbers were identified.

On Thursday at the Black Hat conference, the security duo will present a paper related their analysis.

The alleged hack would have compromised the communications of sensitive people in Iran, including activists and journalists.

“Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system” reported the Reuters.

“The attacks, which took place this year and have not been previously reported, jeopardized the communications of activists, journalists and other people in sensitive positions in Iran, where Telegram is used by some 20 million people, said independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, who have been studying Iranian hacking groups for three years.”

According to the Reuters, the attackers exploited a security issue in the way Telegram verify user’s identity by using SMS messages. When users want to log on to Telegram from a new device, Telegram sends them the authorization codes via SMS. Unfortunately, this SMS could be intercepted by the Telco company that could provide it to the attackers.

We saw something of similar when we discussed another way to obtain the authorization code by exploiting SS7 vulnerabilities.

“Telegram’s vulnerability, according to Anderson and Guarnieri, lies in its use of SMS text messages to activate new devices. When users want to log on to Telegram from a new phone, the company sends them authorization codes via SMS, which can be intercepted by the phone company and shared with the hackers, the researchers said.” wrote the Reuters.

telegram

“We have over a dozen cases in which Telegram accounts have been compromised, through ways that sound like basically coordination with the cellphone company,” Anderson explained to the Reuters.

Of course, Telegram has promptly denied any serious security issue in its application. The company explained that anyone can check whether a certain number is registered for any similar messaging service (e.g. WhatsApp, Messenger).

Telegram also added that it has introduced this year significant improvements to avoid such kind of problems.

“The automated API-based checks that were apparently used in this incident “are no longer possible since we introduced some limitations into our API this year.””

Today Telegram, admitted the security breach explaining that it was the victim of a “massive hacker attack” that originated in Iran.

The messaging app company downgraded the problem explaining that the hack was not as severe as one might think because only publicly available data was exposed.

“Certain people checked whether some Iranian numbers were registered on Telegram and were able to confirm this for 15 million accounts. As a result, only publicly available data was collected and the accounts themselves were not accessed. Such mass checks are no longer possible since we introduced some limitations into our API this year.” reported Telegram in an official statement.

“However, since Telegram is based on phone contacts, any party can potentially check whether a phone number is registered in the system. This is also true for any other contact-based messaging app (WhatsApp, Messenger, etc.).”

Who is behind the massive hack?

It’s been claimed that the Iranian APT group known as Rocket Kitten was behind the attack.

The Rocket Kitten group has been suspected to be active since 2011 and have been increasing their activity since 2014. Its targets are mainly based in the Middle East, and it seems that they are involved in policy research, diplomacy and international affairs like policy research, diplomacy and international affairs.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – Telegram, Hacking)

UPDATE from Telegram:

Telegram accounts

Certain people checked whether some Iranian numbers were registered on Telegram and were able to confirm this for 15 million accounts. As a result, only publicly available data was collected and the accounts themselves were not accessed. Such mass checks are no longer possible since we introduced some limitations into our API this year.

However, since Telegram is based on phone contacts, any party can potentially check whether a phone number is registered in the system. This is also true for any other contact-based messaging app (WhatsApp, Messenger, etc.).

SMS codes

As for the reports that several accounts were accessed earlier this year by intercepting SMS-verification codes, this is hardly a new threat as we’ve been increasingly warning our users in certain countries about it. Last year we introduced 2-Step Verificationspecifically to defend users in such situations.

If you have reasons to think that your mobile carrier is intercepting your SMS codes, use2-Step Verification to protect your account with a password. If you do that, there’s nothing an attacker can do.

 

The post Telegram massive hack in Iran, what is happened? appeared first on Security Affairs.

Source: Security affairs

Oliver Stone warns moviegoers about leaving phones on—and not just while watching movies.

We’re all used to warnings and promos ahead of films, from candy-filled “let’s all go to the lobby” sequences to a polite-yet-firm reminder to power phones off. Sometimes, those sequences get a cute touch-up (my favorite is probably this wild, vulgar parody from the Aqua Teen Hunger Force film), but starting this week, moviegoers can expect something a little darker—as in, a harrowing warning that sounds like it might have been written by Edward Snowden.

It wasn’t, however. Instead, the message was written, and is delivered, by Snowden film director and script co-writer Oliver Stone.

The Oscar winner appears in the one-minute clip, seated in a lovely den—complete with decadent furniture and giant bottles of assumedly fine liquors—with a smartphone in his hand. He starts describing the many things “this amazing little device” can do, from mass communication to cat-video streaming (and we’re shown a few kitties briefly to make the point).

Read 4 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Telsa Model Ses in the company’s European production center in Tilburg, Netherlands. (credit: Getty Images | Jasper Juinen/Bloomberg)

In Tesla’s Q2 2016 financial statement released today, the company reported a net loss of $293 million (~£220 million) for the quarter, making it Tesla’s 13th straight quarterly loss. (By Generally Accepted Accounting Principles, or GAAP, the company lost only $150 million. GAAP standards account for certain things on a car company’s balance sheet, like leased vehicles, differently than non-GAAP bookkeeping does.)

Despite the loss, revenue for the company was up 31 percent year-over-year, with GAAP revenue coming in at $1.3 billion (~£1 billion) for Q2 and non-GAAP revenue at $1.6 billion.

Still, during Tesla’s Q4 2015 earnings call, Tesla CEO Elon Musk promised that the electric vehicle company would be profitable before summer. But production issues have continued to plague the company, although Musk and Telsa Vice President of Finance Jason Wheeler were adamant that the company is out of the woods on production issues, despite missing production goals in Q2.

Read 11 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Republican presidential nominee Donald Trump leaves after speaking during his campaign event on August 3, 2016 in Daytona, Florida. (credit: Getty Images)

During a brief, unofficial Reddit AMA one week ago, the Republican nominee for president of the United States, Donald Trump, had kind words for NASA and US space policy. “Honestly I think NASA is wonderful! America has always led the world in space exploration,” Trump responded to a question on NASA’s role in his administration.

Evidently Trump no longer feels that way. During a “town hall” Wednesday in Daytona Beach, Florida, about 75 miles up the coast from Kennedy Space Center, the presidential candidate offered some extemporaneous remarks (see video) about America’s progress in space. “By the way, look at your space program, look at what’s going on there,” he said. “Somebody just asked me backstage, ‘Mr. Trump, will you get involved in the space program?’ Look what’s happened with your employment. Look what’s happened with our whole history of space and leadership. Look what’s going on folks. We’re like a third world nation.”

Somehow during the last week, when NASA demonstrated progress with its SLS rocket, a US company received a license to make the first-ever private launch to the Moon, SpaceX successfully tested a rocket that landed on a boat, and NASA’s Juno spacecraft reached the halfway point of its first orbit around Jupiter, America’s space enterprise has gone from always leading the world to being worthy of a developing country.

Read 1 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

This is the SFW version of the spin-off’s card selection.

Board game smash hit Codenames has earned countless accolades and awards since its 2015 launch due to its ease of play, surprising depth, and family friendliness. The game revolves around giant packs of words, which means a simple “add some more words” offshoot or expansion was inevitable, but the game’s first official follow-up wastes no time erasing the phrase “family friendly” from the recommendation list.

Codenames: Deep Undercover began appearing at Target shops in late July, and this week it finally officially launched at more Targets (and will, for now, remain an exclusive at the US big-box chain) for $20. The 200-card set only differs from the core game in one key aspect: dirty words. Players split into two teams, and they’re each led by a “spymaster” who must help his or her teammates figure out which face-up words on a table belong to their team—and must do so with one-word clues, which makes the clue-giving process pretty tricky.

But while the original game’s word list mostly consisted of neutral words and proper nouns, C:DU takes the blue route, consisting mostly of sexual words (squirt, vibrator), slurs (bitch, slut), and double entendres (clam, pickle). The game also comes with Codenames‘ first official set of blank cards, on which players can write their own vulgar or gross words of choice, along with more stylized versions of its “bystander” cards.

Read 4 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/