Malicious Subtitles Threaten Kodi, VLC and Popcorn Time Users

Millions of people risk having their devices and systems compromised by malicious subtitles, Check Point researchers revealed today. The threat comes from a previously undocumented vulnerability which affects users of popular streaming software, including Kodi, Popcorn-Time, and VLC. Developers of the applications have already applied fixes or will do so soon.
[…]
By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim’s machine, whether it is a PC, a smart TV, or a mobile device,

Source: Malicious Subtitles Threaten Kodi, VLC and Popcorn Time Users, Researchers Warn – TorrentFreak

Paul Allen Shows Off the World’s Largest Airplane For the First Time

The Stratolaunch has a wingspan of 385 feet (wider than the Spruce Goose), it uses six 747 jet engines, sits on 26 wheels, can carry 250,000 pounds of fuel and weighs half a million pounds without fuel. In order to take off, it needs about 12,000 feet of runway.

Source: Paul Allen Shows Off the World’s Largest Airplane For the First Time


In the US Net Neutrality race, fake comments are being placed in their thousands, supporting the inane idea of getting rid of net neutrality.

Fourteen Americans (with the help of an advocacy group) are complaining to the FCC that their names were used without permission to file fake comments on the proposed net neutrality overhaul.

A letter [PDF] sent to FCC Chairman Ajit Pai and signed by the 14 people claims that their names and addresses were used to post comments in support of the planned Title II elimination for ISPs.

“We are disturbed by reports that indicate you have no plans to remove these fraudulent comments from the public docket,” they write.

“Whoever is behind this stole our names and addresses, publicly exposed our private information without our permission, and used our identities to file a political statement we did not sign onto.”

The letter does not name any specific company or group as being behind the filings.

A quick check of the names on the letter with the FCC’s comment site found that nearly all were indeed used to file form comments. One of the signed names does not appear to be associated with any comments on file right now, while another name was connected with eight identical comments.

The letter is part of a campaign being conducted by digital rights group Fight for the Future to expose what it claims are hundreds of thousands of fake comments posted by or on behalf of telcos who support Ajit Pai’s planned overhauls.

Source: US citizens complain their names were used for FCC robo-comments • The Register

‘Do not tell Elon’: Ex-SpaceX man claims firm cut corners on NASA part tests

A fired SpaceX worker has accused the company of leaning on its employees to forge test records for parts destined for NASA.

Jason Blasdell told his wrongful firing court hearing in California that although he complained to the HR department about being pressured into creating false test passes, the company ignored him – and he even tried to take matters to CEO Elon Musk in person.

Blasdell told the Los Angeles court that he spoke to SpaceX HR manager Carla Suarez in early 2014 to say he was having problems with his immediate management.

“I told her that in the avionics test lab that managers had been pressuring us, pressuring me, to falsify test documents. And that management is trying to point to me as being the problem instead of acknowledging and discussing actual falsification of documents as being the real problem,” he said, as reported by legal website Law360.

The former US Marine, who was trained in aviation electronics in the service before spending four years at SpaceX, also said that his supervisors would “chastise” him for not signing off parts as having passed required testing in SpaceX’s avionics test lab.

SpaceX managers, his lawyer said, responded to his attempts to escalate his concerns by branding him a “chronic complainer”. In spite of this Blasdell managed to get a personal audience with the president of SpaceX, Gwynne Shotwell.

The technician testified that Shotwell’s response to his concerns was “Don’t tell Elon, do not tell Elon. If he finds out about this, we will all get fired.”

In return, SpaceX’s lawyers told the court that, over time, Blasdell became disrespectful towards colleagues and managers alike and that this made some “afraid for their safety”. The firm also suggested that amphetamines Blasdell was taking for attention deficit disorder may have affected his behaviour, as well as saying he was annoyed at being passed over for promotion.

The firm also stated that Blasdell’s safety-related complaints only emerged after he was fired, stating that until that point his complaints were all about the “inefficiency” of testing

Source: ‘Do not tell Elon’: Ex-SpaceX man claims firm cut corners on NASA part tests • The Register

Researchers Discover a Method That Could Triple Our Screen Resolutions

The researchers have outlined the technical details in a new study published in Nature. Basically, what they’ve done is figure out a method to control subpixels with voltage. Each pixel on an LCD screen contains three subpixels. Each of those subpixels handles one of three colors: red, green or blue. A white backlight shines through the pixel and the LCD shutter controls which subpixel is viewable. For instance, if the pixel should be blue, the LCD shutter will cover the red and green subpixels. In order to make purple, the shutter only needs to cover the green subpixel. The white backlight determines how light or dark the color will be.

The team at UCF’s NanoScience Technology Center has demonstrated a way of using an embossed nanostructure surface and reflective aluminum that could eliminate the need for subpixels entirely. On a test device, the researchers were able to control the color of each subpixel individually. Rather than one subpixel being dedicated to blue, it can produce the full range of color that the TV is capable of displaying. With each subpixel suddenly doing the work of three, the potential resolution of the device is suddenly three times as high. Additionally, this would mean that every subpixel (or in this case, a tinier pixel) would be on whenever displaying a color or white. That would lead to displays that are far brighter.

Source: Researchers Discover a Method That Could Triple Our Screen Resolutions

Refresh rates are a bit low, but the biggest hurdle will probably be your TV manufacturer refusing to incorporate this into a software update: they would much rather have you buy a new TV.

Leaked Documents Reveal Counterterrorism Tactics Used by private contractor on US soil, Standing Rock to “Defeat Pipeline Insurgencies”

A shadowy international mercenary and security firm known as TigerSwan targeted the movement opposed to the Dakota Access Pipeline with military-style counterterrorism measures, collaborating closely with police in at least five states, according to internal documents obtained by The Intercept. The documents provide the first detailed picture of how TigerSwan, which originated as a U.S. military and State Department contractor helping to execute the global war on terror, worked at the behest of its client Energy Transfer Partners, the company building the Dakota Access Pipeline, to respond to the indigenous-led movement that sought to stop the project.

Internal TigerSwan communications describe the movement as “an ideologically driven insurgency with a strong religious component” and compare the anti-pipeline water protectors to jihadist fighters. One report, dated February 27, 2017, states that since the movement “generally followed the jihadist insurgency model while active, we can expect the individuals who fought for and supported it to follow a post-insurgency model after its collapse.” Drawing comparisons with post-Soviet Afghanistan, the report warns, “While we can expect to see the continued spread of the anti-DAPL diaspora … aggressive intelligence preparation of the battlefield and active coordination between intelligence and security elements are now a proven method of defeating pipeline insurgencies.”

More than 100 internal documents leaked to The Intercept by a TigerSwan contractor, as well as a set of over 1,000 documents obtained via public records requests, reveal that TigerSwan spearheaded a multifaceted private security operation characterized by sweeping and invasive surveillance of protesters.

Source: Leaked Documents Reveal Counterterrorism Tactics Used at Standing Rock to “Defeat Pipeline Insurgencies”

It’s just like cowboys and indians again!

EU axes geo-blocking: Upsets studios, delights consumers

The European Parliament has approved a draft law that geo-blocking, the act of offering an online content service in one European Union (EU) country and that country alone, will be scrapped in the first half of next year.

Coupled with the recent law to end mobile roaming charges in the EU as of next month, the OTT industry as a whole stands to flourish in Europe over the next few years. However, the losers here will be the content creators, which argue that the removal of geo-blocking will weaken the financial value of content, as well as the pay TV operators, as the ruling will trigger a small spate of cord cutting for consumers with two or more properties in multiple EU countries. But the move is also a hammer blow to content pirates.

Source: EU axes geo-blocking: Upsets studios, delights consumers • The Register

There is a lot more worthwhile on the pros and cons – overall I am happy to see the digital single market catch up to the physical single market.

EU wants content filtering by entertainment industry on everything posted online

De Europese Commissie wil dat internetaanbieders en hostingpartijen, maar ook platformen zoals Facebook, monitoren wat hun gebruikers publiceren. Elke tekst, foto en filmpje dat gebruikers wil zetten zou dan eerst door een filter van de entertainmentindustrie gehaald moeten worden. Hoe zoiets in de praktijk zou moeten werken is volstrekt onduidelijk.

Source: Massaal verzet tegen omstreden EU contentfilters – Emerce

They want ISPs and hosts as well as content providers such as Facebook to filter all posted content through an entertainment industry filter before posting online. How this will work – technically as well as who has oversight over what the entertainment industry deems inappropriate – is unclear. This kind of censorship on a massive scale is exactly why we fought the Nazis and the Cold War: for a free and open society.

Supreme Court rules Lexmark sales exhausted patent rights domestically and internationally

When a patent owner sells a product the sale exhausted patent rights regardless of any restrictions the patentee attempts to impose on location of the sale.

Source: Supreme Court rules Lexmark sales exhausted patent rights domestically and internationally – IPWatchdog.com | Patents & Patent Law

Earlier this morning the United States Supreme Court issued an opinion in Impression Products, Inc. v. Lexmark International, Inc., a case requiring the Court to revisit the patent exhaustion doctrine. In an opinion authored by Chief Justice John Roberts, and joined by all members of the Court except Justice Ginsburg (concurring in part and dissenting in part) and Justice Gorsuch (taking no part in the case), the Supreme Court determined that when a patent owner sells a product the sale exhausted patent rights in the item being sold regardless of any restrictions the patentee attempts to impose on the location of the sale. In other words, a sale of a patented product exhausts all rights — both domestic and international.

– This is great news for innovation and companies that offer value on other companies’ products. It represents an almost unique show of sanity in patent law.

New Vampire Battery Technology Draws Energy Directly From Human Body

According to a research paper published earlier this month, the supercapacitor is made up by a device called a “harvester” that operates by using the body’s heat and movements to extract electrical charges from ions found in human body fluids, such as blood, serum, or urine.

As electrodes, the harvester uses a carbon nanomaterial called graphene, layered with modified human proteins. The electrodes collect energy from the human body, relay it to the harvester, which then stores it for later use.

Because graphene sheets can be drawn in sheets as thin as a few atoms, this allows for the creation of utra-thin supercapacitors that could be used as alternatives to classic batteries.

For example, the bio-friendly supercapacitors researchers created are thinner than a human hair, and are also flexible, moving and twisting with the human body.
[…]
Researchers argue that implantable medical devices using their supercapacitor could last a lifetime, and remove the need for patients to go through operations at regular periods to replace batteries, one of the main causes of complications with implantable medical devices.

Currently, the supercapacitor looks primed to be deployed with pacemakers, but researchers hope their technology could be used with other devices that stimulate other organs, such as the brain, the stomach, or the bladder.

Source: New Battery Technology Draws Energy Directly From Human Body

Code.gov – US government open source repo

Code.gov is a platform designed to improve access to the federal government’s custom-developed software.

Source: Code.gov

The US Government is committing to open source in a big way. This is where to find it.

Netgear ‘fixes’ Nighthawk router by adding phone-home features that record your IP and MAC address

Netgear NightHawk R7000 users who ran last week’s firmware upgrade need to check their settings, because the company added a remote data collection feature to the units.

A sharp-eyed user posted the T&Cs change to Slashdot.

Netgear lumps the slurp as routine diagnostic data.

“Such data may include information regarding the router’s running status, number of devices connected to the router, types of connections, LAN/WAN status, WiFi bands and channels, IP address, MAC address, serial number, and similar technical data about the use and functioning of the router, as well as its WiFi network.”

Much of this is probably benign, but posters to the Slashdot thread were concerned about IP address and MAC address being collected by the company.

The good news is that you can turn it off: the instructions are here.

Source: Netgear ‘fixes’ router by adding phone-home features that record your IP and MAC address

Arctic stronghold of world’s seeds flooded after permafrost melts

No seeds were lost but the ability of the rock vault to provide failsafe protection against all disasters is now threatened by climate change

Source: Arctic stronghold of world’s seeds flooded after permafrost melts

because global warming isn’t happening. NOT.

Lib Dems pledge to end ‘Orwellian’ snooping powers in manifesto

The Liberal Democrats have pledged to end the “Orwellian nightmare” of mass-snooping powers in the Investigatory Powers Act ahead of their manifesto launch.

They will propose to roll back state surveillance powers by ending the indiscriminate bulk collection of communications data and internet connection records.

The party also committed to fighting Conservative attempts to undermine encryption, which it warned will put people’s online security at risk.

It comes as a recent leaked draft document from the Home Office has revealed that government aims to be able to access anyone’s communications within 24 hours and to bring an end to encrypted messages under the recently passed Investigatory Powers Bill.

Under the plans, companies would be legally required to introduce a backdoor to their systems so authorities can read all correspondence if required.

Source: Lib Dems pledge to end ‘Orwellian’ snooping powers in manifesto

Finally someone who cares!

1.9 million Bell customer email addresses stolen by ‘anonymous hacker’

Bell is apologizing to its customers after 1.9 million email addresses and approximately 1,700 names and phone numbers were stolen from a company database.

The information appears to have been posted online, but the company could not confirm the leaked data was one and the same.

Bell, the country’s largest telecommunications company, attributed the incident to “an anonymous hacker,” and says it is working with the RCMP to investigate the breach.

“There is no indication that any financial, password or other sensitive personal information was accessed,” the company wrote in a statement. Bell said the incident was unrelated to the massive spike in ransomware infections that affected an estimated 200,000 computers in more than 150 countries late last week.

Source: 1.9 million Bell customer email addresses stolen by ‘anonymous hacker’

Google AI has access to 1.6m NHS patients data – without permission

The document – a data-sharing agreement between Google-owned artificial intelligence company DeepMind and the Royal Free NHS Trust – gives the clearest picture yet of what the company is doing and what sensitive data it now has access to.

The agreement gives DeepMind access to a wide range of healthcare data on the 1.6 million patients who pass through three London hospitals run by the Royal Free NHS Trust – Barnet, Chase Farm and the Royal Free – each year. This will include information about people who are HIV-positive, for instance, as well as details of drug overdoses and abortions. The agreement also includes access to patient data from the last five years.

Source: Revealed: Google AI has access to huge haul of NHS patient data | New Scientist

It goes beyond belief that this much patient data is given (sold?) to a commercial entity by the NHS without agreement from the people involved.

Bloke charged under UK terror law for refusing to cough up passwords without cause

British police have charged a man under antiterror laws after he refused to hand over his phone and laptop passwords.

Muhammad Rabbani, international director of CAGE, was arrested at Heathrow in November after declining to unlock his devices, claiming they contained confidential testimony describing torture in Afghanistan as well as information on high-ranking officials. CAGE positions itself as a non-profit organization that represents and supports families affected by the West’s TWAT (aka The War Against Terror).

On Wednesday this week, he was charged under Schedule 7 of the Terrorism Act 2000: specifically, he is accused of obstructing or hampering an investigation by refusing to cough up his login details.

“On 20 November 2016, at Heathrow Airport, he did willfully obstruct, or sought to frustrate, an examination or search under Schedule 7 of the Terrorism Act 2000, contrary to paragraph 18(1)(c) of that Schedule,” London’s Metropolitan Police alleged. “He is due to appear in Westminster Magistrates’ Court on 20 June.”

If found guilty, Rabbani could face up to three months in prison and a fine of £2,500 (US$3,242). He has said he will fight the case and is hopeful of winning. He claims he has been stopped under Schedule 7 about 20 times and has always refused to hand over his passwords. However, it appears that the Met is now ready to test this case in court, so formal charges have been brought.
[…]
What makes Schedule 7 rather tricksy is that no evidence is required to pull someone over for questioning under the law. Usually, Brit officers must have at least reasonable suspicion of a crime before collaring a suspect, but under these antiterror rules, they can hold and quiz people for up to nine hours with no evidence at all.

Source: Bloke charged under UK terror law for refusing to cough up passwords

Welcome to the Brexit concentration camp

Banking association calls for end of ‘screen-scraping’

The European Banking Federation (EBF) has asked the EU Commission to support a ban on “screen scraping”.

Screen-scraping services, seen as a first-generation direct access technology, allow third parties to access bank accounts on a client’s behalf using the client’s access credentials.

The Revised Directive on Payment Services (PSD2) introduces a general security upgrade for third-party access to a client’s data.

Earlier this month, 65 European fintech firms made their opposition to this known, stating in a manifesto (PDF) that “[T]he only functioning technology used for bank-independent [payment initiation services] and [account information services] must not be foreclosed.”

Privacy of client data, cybersecurity and innovation are all at risk if European Banking Authority (EBA) standards are dismissed and screen scraping continues, the EBF argues.

The proposal requires banks to opt for either creating a “dedicated interface” that lets third parties access bank accounts on behalf of clients, or to upgrade their client interface. The EBF wants to see PSD2 delivered within the framework of (EBA) standards and the end of screen-scraping.

The European Commission appears to be willing to go against the EBA advice and allow screen-scraping to continue.

Source: Banking association calls for end of ‘screen-scraping’

Then there is some ridiculous analogy to putting a diesel engine on an aircraft. Having to recode your fintech software to PSD2 – which may be incomplete and missing important functionality – is expensive and thus weeds out the crop of fintech companies. In my experience it’s usually better for customers to have large amounts of competing products than to be locked into a mono- or duopoly.

Real-Time User-Guided Image Colorization with Learned Deep Priors within minutes

We train on a million images, with simulated user inputs. To guide the user towards efficient input selection, the system recommends likely colors based on the input image and current user inputs. The colorization is performed in a single feed-forward pass, enabling real-time use. Even with randomly simulated user inputs, we show that the proposed system helps novice users quickly create realistic colorizations, and show large improvements in colorization quality with just a minute of use.

Source: Real-Time User-Guided Image Colorization with Learned Deep Priors. In SIGGRAPH, 2017.

Tesla factory workers reveal pain, injury and stress: ‘Everything feels like the future but us’

Ambulances have been called more than 100 times since 2014 for workers experiencing fainting spells, dizziness, seizures, abnormal breathing and chest pains, according to incident reports obtained by the Guardian. Hundreds more were called for injuries and other medical issues.
[…]
However, some Tesla workers argue the company’s treatment of injured workers discourages them from reporting their injuries. If workers are assigned to “light duty” work because of an injury, they are paid a lower wage as well as supplemental benefits from workers’ compensation insurance, a practice that Tesla said was in line with other employers and California law. Tesla said some injured employees are also able to undertake “modified work” on regular pay.

“I went from making $22 an hour to $10 an hour,” said a production worker, who injured his back twice while working at Tesla. “It kind of forces people to go back to work.”

Source: Tesla factory workers reveal pain, injury and stress: ‘Everything feels like the future but us’ | Technology | The Guardian

Uber Doesn’t Want You to See This Document About Its Vast Data Surveillance System

The ever-expanding operations of Uber are defined by two interlocking and zealously guarded sets of information: the things the world-dominating ride-hailing company knows about you, and the things it doesn’t want you to know about it. Both kinds of secrets have been in play in the Superior Court of California in San Francisco, as Ward Spangenberg, a former forensic investigator for Uber, has pursued a wrongful-termination lawsuit against the company.

Source: Uber Doesn’t Want You to See This Document About Its Vast Data Surveillance System

It’s a good rundown on the Uber stories and privacy invasions that have been happening recently.

Font sharing site DaFont has been hacked, exposing 699,464 accounts

A popular font sharing site DaFont.com has been hacked, exposing the site’s entire database of user accounts.Usernames, email addresses, and hashed passwords of 699,464 user accounts were stolen in the breach, carried out earlier this month, by a hacker who would not divulge his nameA popular font sharing site DaFont.com has been hacked, exposing the site’s entire database of user accounts.

Usernames, email addresses, and hashed passwords of 699,464 user accounts were stolen in the breach, carried out earlier this month, by a hacker who would not divulge his name.

The passwords were scrambled with the deprecated MD5 algorithm, which nowadays is easy to crack. As such, the hacker unscrambled over 98 percent of the passwords into plain text. The site’s main database also contains the site’s forum data, including private messages, among other site information. At the time of writing, there were over half-a-million posts on the site’s forums.

The hacker told ZDNet that he carried out his attack after he saw that others had also purportedly stolen the site’s database.

“I heard the database was getting traded around so I decided to dump it myself — like I always do,” the hacker told me. Asked about his motivations, he said it was “mainly just for the challenge [and] training my pentest skills.” He told me that he exploited a union-based SQL injection vulnerability in the site’s software, a flaw he said was “easy to find.

Source: Font sharing site DaFont has been hacked, exposing thousands of accounts | ZDNet

And why is it not mandatory to show what encryption scheme will be used to store your account details?!

Ubuntu: Guest session processes are not confined in 16.10

Processes launched under a lightdm guest session are not confined by the /usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10, Ubuntu 17.04, and Ubuntu Artful (current dev release). The processes are unconfined.

The simple test case is to log into a guest session, launch a terminal with ctrl-alt-t, and run the following command:

$ cat /proc/self/attr/current

Expected output, as seen in Ubuntu 16.04 LTS, is:

/usr/lib/lightdm/lightdm-guest-session (enforce)

Running the command inside of an Ubuntu 16.10 and newer guest session results in:

unconfined

Source: Bug #1663157 “Guest session processes are not confined in 16.10 …” : Bugs : lightdm package : Ubuntu

World’s thinnest hologram paves path to new 3D world – RMIT University

Now a pioneering team led by RMIT University’s Distinguished Professor Min Gu has designed a nano-hologram that is simple to make, can be seen without 3D goggles and is 1000 times thinner than a human hair.

“Conventional computer-generated holograms are too big for electronic devices but our ultrathin hologram overcomes those size barriers,” Gu said.

“Our nano-hologram is also fabricated using a simple and fast direct laser writing system, which makes our design suitable for large-scale uses and mass manufacture.

“Integrating holography into everyday electronics would make screen size irrelevant – a pop-up 3D hologram can display a wealth of data that doesn’t neatly fit on a phone or watch.
[…]
Dr Zengji Yue, who co-authored the paper with BIT’s Gaolei Xue, said: “The next stage for this research will be developing a rigid thin film that could be laid onto an LCD screen to enable 3D holographic display.

“This involves shrinking our nano-hologram’s pixel size, making it at least 10 times smaller.

“But beyond that, we are looking to create flexible and elastic thin films that could be used on a whole range of surfaces, opening up the horizons of holographic applications.”

Source: World’s thinnest hologram paves path to new 3D world – RMIT University

Wells Fargo fake accounts scandal appears far bigger than previously thought, attorneys say, may have opened 3.5 million accounts without customer consent

AN FRANCISCO — Wells Fargo may have opened as many as 3.5 million bogus bank accounts without its customers’ permission, attorneys for customers suing the bank have alleged in a court filing, suggesting the bank may have created far more fake accounts than previously indicated.

The plaintiffs’ new estimate of bogus bank accounts is about 1.4 million, or 67 percent, higher than the original estimate — disclosed last year as part of a settlement with regulators — that up to 2.1 million accounts were opened without customers’ permission.

In estimating the higher number of fake accounts, the plaintiffs’ attorneys examined a much longer time period than regulators and the bank had previously addressed, they said in court documents. The attorneys covered a period from 2002 to 2017, rather than the previously scrutinized five-year stretch from 2011 to some time in 2016 in which the bank acknowledged setting up unauthorized accounts. Scrutiny of bank employees’ activity during that five-year period led to the settlement last September, which required the bank to pay $185 million in fines.

Source: Wells Fargo fake accounts scandal appears far bigger than previously thought, attorneys say

What a world we live in – and the banks were too big to fail? Too corrupt to, I think.

 
Skip to toolbar