News & Updates

Appeals court that saw through Prenda Law “shell game” says John Steele must pay a sanction related to hiding assets from discovery. (credit: Getty Images)

The US Court of Appeals for the 7th Circuit has found for the second time that the mastermind of the Prenda Law “porno-trolling” scheme should be made to pay sanctions to a defendant.

In an opinion (PDF) published yesterday, a three-judge panel upholds most, but not all, of the lower court’s finding that John Steele, Paul Hansmeier, and Paul Duffy should pay more than $90,000 in sanctions. However, they also sided with Steele on one key issue.

Here’s a brief recap of the Lightspeed v. Smith case: in 2012, Prenda Law filed a bizarre anti-hacking lawsuit against Anthony Smith, then served subpoenas to ISPs asking for identifying information of more than 6,600 users, whom they dubbed “co-conspirators.” The ISPs did not comply, moved the case to federal court, and fought the subpoena.

Read 10 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

A California appeals court is upholding the juvenile-court conviction of a 16-year-old high school boy who uploaded a 10-second video to Snapchat of a fellow high school student who appeared to be masturbating in a bathroom stall.

“I think this dude is jacking off,” read the video’s caption.

The teen’s misdemeanor invasion of privacy charges stem from what he said was him merely playing a joke on another student “to get a laugh.” The boy on the receiving end was joking around, too, not really masturbating but pretending to, according to a juvenile witness. But in the end, that didn’t matter. The boy who was filmed by the mobile phone committed suicide two weeks later, leaving a note behind: “I can’t handle school anymore and I have no friends.”

Read 13 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: SpaceX)

With a number of successful Falcon booster landings behind it, SpaceX is getting ready to try something likely to be a bit more challenging: three nearly simultaneous landings. This doesn’t mean SpaceX is upping its launch schedule; instead, the three boosters will all be part of the planned Falcon Heavy vehicle.

Essentially three standard Falcons strapped together, the big rocket will be capable of lifting 54 metric tons into orbit. SpaceX is planning on the first Falcon Heavy test launch later this year. A video posted earlier this year made it clear that those plans include treating each of the three boosters as a regular Falcon once they’ve separated from the payload. That includes a return flight to Florida or a barge offshore.

An animation of the planned Falcon Heavy launch and recovery process.

Right, now, the company is using either the barge or an on-land site at Cape Canaveral to recover the boosters, with the choice depending on how high and far downrange they travel. And the company wants the option of returning all three to land if the opportunity arises (though two by land and one by sea might be an option). And so the company told The Orland Sentinel that it was asking the government for permission to build two more landing pads near its original facility.

Read 1 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Greetings, Arsians! Courtesy of our partners at TechBargains, we have a number of deals to share today. One of the best is a powerful Dell PC: now you can get the Skylake-powered Dell XPS 8700 desktop with 8GB of RAM and 1TB of storage for just $699. That’s a great price that won’t last long, so grab it while you can.

Check out the full list of deals below as well.

Featured

Read 6 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

The digital debut of Emily Carmichael’s short film Stryka, starring Aimee Mullins and Rupert Friend. (video link)

In just a few years, Emily Carmichael has gone from making an animated webseries for Penny Arcade to writing Pacific Rim: Maelstrom and directing Powerhouse, the next big project from Steven Spielberg. Today on Ars Technica, we’re proud to host the digital debut of Stryka, one of Carmichael’s short films that rocketed her from gamer geekdom to Hollywood. It’s the tale of a neurotic alien lizard living in Brooklyn, just trying to get by on small time heists. She has just one problem. Her partner in crime just isn’t bringing the zing anymore, and she’s been secretly doing jobs on the side with someone else.

What’s immediately apparent is that Carmichael has an uncanny ability to make a completely alien world feel familiar. Even though main character Stryka (Aimee Mullins) is covered in horns and speaks in clicks, her problems are relatable. She’s torn between two thieves, Callen (Homeland‘s Rupert Friend) and Peterson (John Behlmann), very different men who both want to work with her. Meanwhile her mother keeps calling to nag about what she’s doing with her life. The scenes with Stryka’s coin-op shrink give us the perfect window on the rather mundane inner life of a lizard thief.

Read 10 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: Lee Hutchinson)

Back in May, networking OEM Ubiquiti announced its new Ubiquiti Labs division and that division’s first product: a home mesh Wi-Fi system called Amplifi. With Amplifi, Ubiquiti intends to stretch its reach out of SMB/enterprise “lite” networking and into home territory—and not just the homes of crazies like me, either. Amplifi is targeted at the plug-and-play crowd for whom a single, central Wi-Fi base station doesn’t quite cut the mustard. It’s a market squarely occupied by Eero, Luma, and a few other players—home mesh Wi-Fi, where you throw down a few devices and every nook and cranny of your home gets solid coverage (in theory, at least).

Ubiquiti sent Ars a preproduction Amplifi unit last week, and I’ve spent the weekend getting some initial impressions. This isn’t going to be an exhaustive review, since I’ve only had a few days with the system, but my impressions so far are generally positive.

Specs at a glance: Ubiquiti Labs Amplifi
Standard LR HD
Wi-Fi standards (base/mesh) 802.11b/g/a/n/ac
802.11b/g/a/n
802.11b/g/a/n/ac
802.11b/g/a/n
802.11b/g/a/n/ac
802.11b/g/a/n/ac
Max TX power (base/mesh) 24 dBm
22 dBm
26 dBm
24 dBm
26 dBm
26 dBm
Radios (base/mesh) 4
4
4
4
6
6
MIMO chains (base) 10 10 18
MIMO (mesh) 2×2 2×2 3×3
Wi-Fi antennas (base) 3x (dual-band)
Max coverage 10,000 sqft (930 m2) 20,000 sqft (1,860 m2) 20,000 sqft (1,860 m2)
Ethernet interfaces 1x GbE WAN, 4x GbE LAN
CPU Qualcomm Atheros QCA956X
RAM 128 MB
Dimensions 99.5mm x 97.8mm x 99.6mm base
46mm x 195.7mm x 27mm mesh points (ea)
Weight 410g base
205g mesh points (ea)
Price $199 $299 $349
Release date July 20 (North America)

The quick takeaway

The Amplifi system isn’t something I’d buy for myself, but it is something I’d happily buy for my parents, who have a large home thanks to Houston’s absurdly cheap housing market and struggle to get solid Wi-Fi coverage throughout. Amplifi doesn’t support several features that I depend on (especially WPA2 Enterprise for 802.11x), but setup is painless, reasonably quick, and the handoff between the various mesh components works seamlessly. It’s also a competent router with an actual firewall (the device runs BusyBox and uses iptables under the hood). And, if you already have a router you’re happy with, it can function as a pure Wi-Fi access point and mesh network.

Read 19 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Today, it is a pleasure for me to interview an Italian colleague, Matteo Meucci, a great professional, a perfect mix of talent and discipline.

Enjoy the interview.

Matteo Meucci

 

Hi Matteo, you are one of the most respected Italian experts on cyber security. Could you tell me which his your technical background and when you started hacking? 

Thank you for the interview Pierluigi. I’m of ‘72, and as many of my current colleagues, I started programming BASIC with the Commodore VIC 20 in the early ‘80s. I started hacking for fun on TV screen in the first big supermarket in France that was controlled by a C-20… Then I studied Scientific High School with Informatics and Informatics Engineering at the University of Bologna to improve my technical background.

What was your greatest hacking challenge? 

From my perspective hacking and challenge are the same thing, so if I look behind me surely the challenge to start from scratch the new OWASP Testing Guide in 2005 represented for me the big project I ever did. In 3 months thanks to hundreds of people involved in the project, we wrote a new methodologies, that nowadays represent the standard de facto to perform a web application penetration testing https://www.owasp.org/index.php/OWASP_Testing_Project.

What are the 3 tools that cannot be missed in the hacker’s arsenal and why? 

The first great tool is our mind with all the mindset on to think out of the box, the second one is our eyes to identify the issues asap, third our hands to write tools to hack the specific scenario.

Joke at part I suggest to use the following:

–  OWASP Zap to navigate the web sites and find web vulnerabilities (see a basic example of how to find a very easy vulnerability in 2005 using an HTTP Proxy as Zap here: http://bit.ly/29Y8DYK);

– Wifi Pineapple to show the weakness of the today wireless model (see here a demonstration I did at the last Festival of Journalism: http://www.festivaldelgiornalismo.com/programme/2016/attacking-online-services)

– Finally, Kali Linux for sure is the best container of all the best hacking tools.

Which are the most interesting hacking communities on the web today? 

You know I’m involved in OWASP (The Open Web Application Security Project http://www.owasp.org) from 2001, so I see OWASP as one of the most interesting hacking communities world wide. Here you can find all the information, tools and methodologies to understand how to hack a web application and how to protect it.

Which is the industry (healthcare, automotive, telecommunication, banking, and so on) most exposed to cyber attacks and why? 

Nowadays all the industries are exposed to cyber attacks because they are part of the cyber space and anyone, from anywhere at any time can interact with their services. In the communities we are discussing about new attacking techniques, how to exploit new 0days but if we look at the last years we see a few very complex and innovative attacks to the industries; many attacks today rely on old techniques such as SQL injection, basic malware or the exploiting of old vulnerabilities that are not patched on critical systems. That said, we can affirm that the easiest way to attack a company nowadays it to send fake emails to exploit old vulnerabilities or hack the wifi network. The Companies are not ready to manage attacks with old techniques such as ransomware or pineapple wifi network: they do not understand they are under attack.

What scares you more on the Internet? 

I’m not scares of the Internet and no one should be scared about the freedom of the Net. I’m scared that many Companies are not ready to protect them from basic attacks that happens today.  The key points are to have an internal team and processes in place capable of fixing the vulnerabilities as soon as possible , to manage the possible attacks and to and to raise the awareness about cyber attacks in the  Company.

We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe concrete the risk of a major and lethal cyber attack against a critical infrastructure? Why and which are the most exposed CI?

Today it is very easy to hack networks that use old technologies: for example many companies are still using today Window XP and Internet Explorer 8. From an attacker point of view, there are a plethora of way to comprise successfully this scenario using old exploits that already work.

CI represent a collections of old technologies and we can affirm that the maturity regarding cyber risk is very low comparing to the IT of TELCO, Finance companies. So they are very exposed to possible cyber attacks, it is only a question of opportunity for the cyber criminals and time maybe…

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs –  Hacker, s1ege)

The post Hacker Interviews – Matteo Meucci appeared first on Security Affairs.

Source: Security affairs

(credit: Shawn Campbell)

Twitter confirmed it will allow all of its users to apply for “verified account” status on the same day that it permanently booted an outspoken conservative from its site amid claims of abusive tweets.

Up to now, the coveted blue tick badge was the preserve of celebrities, journalists, and high-profile users—some of whom run the risk of parody or fake accounts in their name.

However, while the online form to request verification on Twitter is now available to anyone, the micro-blogging site said that only accounts “determined to be of public interest” will receive the badge of honour.

Read 12 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

This critical flaw CVE-2016-4631 resides in the ImageIO and could be exploited by a remote attacker to steal sensitive information from Apple devices.

Apple fans, I have a bad news for you, just one specially-crafted message can expose your personal information, including your authentication credentials stored in the memory of your Apple device.

This means that your Wi-Fi passwords, login credentials, and email logins, could be easily compromised in the attack.
The CVE-2016-4631 flaw reminds us the dreaded Stagefright vulnerabilities that were affecting the Android OS, also in that case the attacker was able to spy on victims by using a specially-crafted text message.

This critical vulnerability (CVE-2016-4631) resides in the ImageIO, the API used to handle image data in almost every Apple operating system, including Mac OS X, watchOS, and tvOS.The CVE-2016-4631 vulnerability in the ImageIO was reported by the Cisco Talos senior security researcher Tyler Bohan.

The attack scenario is simple as efficient, the attacker just needs to send the malicious exploit code to the victim’s device via a multimedia message (MMS) or iMessage inside a Tagged Image File Format (TIFF).

When the victims will receive the malicious message, the exploit will be executed.

The exploit code could also be delivered through Safari, in this attack scenario the victim have to visit a website containing the malicious code that will be handled by the browser and executed.

In both attack scenarios, no explicit user interaction would be required because applications automatically handle the images when they are received by the targeted device.

Apple botnet

The bad news is that such kind of attack is very difficult to detect for the victim.

Bohan told Forbes that the issue in “an extremely critical bug, comparable to the Android Stagefright as far as exposure goes.” “The receiver of an MMS cannot prevent exploitation and MMS is a store and deliver mechanism, so I can send the exploit today and you will receive it whenever your phone is online,” he explained.

We have to make a further distinction on the attack that works differently on iOS and Mac OS X due to the presence of the sandbox protection.

iOS is protected from exploit codes by the sandbox mechanism, so an attacker needs a further iOS jailbreak or root exploit to take complete control of the mobile device.

On Mac OS X the attack is easier because the OS doesn’t use a sandbox protection.

According to the last Apple’s advisory, the critical flaw was already fixed in the last iOS version 9.3.3.

Now that you know the flaw allows hacking Apple devices, don’t waste time, patch your device to avoid ugly surprises.

Crooks will not take a long to find a way to exploit the CVE-2016-4631 vulnerability in the wild.

“Exploitation wise, Talos estimates there is about a two-week effort to get from the information we disclosed publicly to a fully working exploit with a decent amount of reliability,” Bohan added.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

(Security Affairs – hacking Apple devices, CVE-2016-4631)

The post Hacking Apple devices with just a Message exploiting the CVE-2016-4631 appeared first on Security Affairs.

Source: Security affairs