An anonymous reader writes: British telco BT is launching a free landline service for UK customers which promises to divert millions of unwanted calls. A dedicated team at BT will monitor calls made to UK numbers, across its network of over 10 million domestic landlines, to identify suspicious patterns, which could help to filter out nuisance callers. The flagged numbers will then be directed to a junk voicemail box. The company has estimated that the voicemail 'net' will catch up to 25 million cold calls every week. It explained that to achieve this success rate, it would be deploying enormous amounts of compute power to monitor and analyse large amounts of data in real-time.
An anonymous reader writes: The website of the British Association for Counseling & Psychotherapy has been hit by a variant of the CTB-Locker ransomware. While the ransomware proclaims itself to be CTB-Locker, there are a ton of clues that reveal this may be a fake and this is actually the first ever ransomware family created to target websites and not computers.
lightbox32 writes: Beware of a hoax circling the interwebs, which can be seen by setting your iPhone's date to January 1, 1970. Many people are reporting that doing so will brick the device. It's unclear what exactly causes the issue, but could be related to how iOS stores date and time formats. Jan. 1, 1970 is a value of zero or less than zero, which would make any process that uses a time stamp to fail. Apple is aware of the issue and is looking into it.
An anonymous reader writes: A security tribunal has just decreed that hacking by the UK security agency GCHQ is legal. [The case was launched after revelations by Edward Snowden about the extent of US and UK spying. Campaigners Privacy International claimed GCHQ's hacking operations were too intrusive]. The legal challenge that they were violating European law was rejected.
MojoKid writes: OCZ's Trion 150 SSD is an update to the company's Trion 100, which was the first drive from OCZ to feature TLC NAND and all in-house, Toshiba-built technology. As its branding suggests, the new Trion 150 kicks things up a notch over the Trion 100, thanks to some cutting-edge Toshiba 15nm NAND flash memory and a tweaked firmware, that combined, offer increased performance and lower cost over its predecessor. In testing, the Trion 150 hits peak reads and writes well north of 500MB/sec like most SATA-based SSDs but the kicker is, at its higher densities, the drive weighs in at about 28 cents per GiB. This equates to street prices of $70 for a 240GB drive, $140 for 480GB and $270 for a 960GB version. It's good to see mainstream solid state storage costs continuing to come down.
itwbennett writes: Trend Micro said Thursday that its latest technical research shows that the same malware — dubbed BlackEnergy and KillDisk — were likely used in attacks on a mining company and a railway operator that preceded the devastating power-company hacks and that those earlier attacks may have been test runs. 'The malware used in the attacks, known as Black Energy, has been linked by the security firm iSight Partners to a group nicknamed the Sandworm Team, which is suspected to be from Russia,' writes Jeremy Kirk.
An anonymous reader writes: Last week the Pirate Bay added support for streaming video torrents inside the browser in real-time. Kickass Torrents followed the next week. The technology they used is called Torrents Time. A security researcher has discovered that this technology which is a mix of client and server side code is actually a security and user privacy disaster. Attackers can carry out XSS attacks on TPB and KAT, the app runs on Mac as root, attackers can hijack downloads and force malicious code on the user's PC, and advertisers can collect info on any user that has Torrents Time installed.
Mark.JUK writes: A team of researchers working in the Optical Networks Group at the University College London in England claim to have achieved the "greatest information rate ever recorded using a single [coherent optical] receiver", which was able to handle a record data speed of 1.125 Terabits per second (Tbps). The result, which required a 15 sub-carrier 8GBd DP-256QAM super-channel (15 channels of data) and total bandwidth of 121.5GHz, represents an increase of 12.5% relative to the previous record (1Tbps). Now they just need to test it using some long fibre optic cable because optical signals tend to become distorted when they travel over thousands of kilometers.
darthcamaro writes: For the last decade, the Pwn2own hacking competition has pitted the world's best hackers against web browsers to try and find zero-day vulnerabilities in a live event. The contest, which is sponsored by HPE and TrendMicro this year, is offering over half a million dollars in prize money, but for the first time, not a penny of that will directed to Mozilla Firefox. While Microsoft Edge, Google Chrome and Apple Safari are targets, Firefox isn't because it's apparently too easy and not keeping up with modern security: "'We wanted to focus on the browsers that have made serious security improvements in the last year,' Brian Gorenc, manager of Vulnerability Research at HPE said."
jones_supa writes: Gordon F. Kelly of Forbes whipped up a frenzy over Windows 10 when a Voat user found out in a little experiment that the operating system phones home thousands of times a day. ZDNet's Ed Bott has written a follow-up where he points out how the experiment should not be taken too dramatically. 602 connection attempts were to 192.168.1.255 using UDP port 137, which means local NetBIOS broadcasts. Another 630 were DNS requests. Next up was 1,619 dropped connection attempts to address 220.127.116.11, which is a Microsoft Teredo server. The list goes on with NTP, random HTTP requests, and various cloud hosts which probably are reached by UWP apps. He summarizes by saying that a lot of connections are not at all about telemetry. However, what kind of telemetry and data-mined information Windows specifically sends still remains largely a mystery; hopefully curious people will do analysis on the operating system and network traffic sent by it.
itwbennett writes: Cisco has published an advisory for a vulnerability with a CVSS (Common Vulnerability Scoring System) score of 10 that was discovered by researchers from Exodus Intelligence. According to the advisory, 'a vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.' As CSO's Dave Lewis points out, 'the part of this that is most pressing is that Cisco claims that there are over a million of these deployed.'
And attackers have not been sitting on their thumbs.
And attackers have not been sitting on their thumbs.
Patrick O'Neill writes: As U.S. legislatures posture toward legally mandating backdoored encryption, a new Harvard study suggests that a ban would push the market overseas because most encryption products come from over non-U.S. tech companies. "Cryptography is very much a worldwide academic discipline, as evidenced by the quantity and quality of research papers and academic conferences from countries other than the U.S.," the researchers wrote.
An anonymous reader writes: Three researchers have published a paper that details a new method of cracking Bitcoin "brain wallet passwords," which is 2.5 times speedier than previous techniques and incredibly cheap to perform. The researcher revealed that by using a run-of-the-mill Amazon EC2 account, an attacker would be able to check over 500,000 Bitcoin passwords per second. For each US dollar spent on renting the EC2 server, an attacker would be able to check 17.9 billion password strings. To check a trillion passwords, it would cost the attacker only $55.86 (€49.63). In the end, they managed to crack around 18,000 passwords used for real accounts.
An anonymous reader writes: As part of its wider Internet.org initiative to deliver connectivity to poor and rural communities, Facebook is actively developing a new network technology which uses millimetre wave bands to transmit data. Facebook engineer Sanjai Kohli filed two patents which outlined a 'next generation' data system, which would make use of millimetre wave technology deployed as mesh networks. Kohli's patents detailed a type of centralised, cloud-based routing system which 'dynamically adjusts route and frequency channel assignments, transmit power, modulation, coding, and symbol rate to maximize network capacity and probability of packet delivery, rather than trying to maximize the capacity of any one link.'
prisoninmate writes: After being in development for the last three months or so, LibreOffice 5.1 comes today to a desktop environment near you with some of the most attractive features you've ever seen in an open-source office suite software product, no matter the operating system used. The release highlights of LibreOffice 5.1 include a redesigned user interface for improved ease of use, better interoperability with OOXML files, support for reading and writing files on cloud servers, enhanced support for the ODF 1.2 file format, as well as additional Spreadsheet functions and features. Yesterday, even with the previous version, I was able to successfully use a moderately complex docx template without a hitch — the kind of thing that would have been a pipe-dream not too long ago.
An anonymous reader writes: It took 22 months for Trane to patch three security bugs in its ComfortLink II XL950 smart Wi-Fi thermostat product, the ComfortLink II XL950, a modern IoT device along the lines of Google Nest, which offers a simple way to manage your apartment's or building's internal temperature. Researchers contacted Trane about their three issues in April 2014, the company fixed the RCE flaws in April 2015 and recently released a firmware update at the end of January to fix the last issue. During all this time, the company barely answered emails and continued to sell an exposed product.
An anonymous reader writes: A new bill has been proposed in Congress today by Representatives Ted Lieu (D-Calif.) and Blake Farenthold (R-Tex.) which looks to put a stop to any pending state-level legislation that could result in misguided encryption measures. The Ensuring National Constitutional Rights of Your Private Telecommunications Act of 2016 comes as a response to state-level encryption bills which have already been proposed in New York state and California. These near-identical proposals argued in favour of banning the sale of smartphones sold in the U.S. that feature strong encryption and cannot be accessed by the manufacturer. If these bills are passed, current smartphones, including iPhone and Android models, would need to be significantly redesigned for sale in these two states. Now Lieu and Farenthold are making moves to prevent the passing of the bills because of their potential impact on trade [PDF] and the competitiveness of American firms.
An anonymous reader writes: Often working in isolation, IT teams are still considered to be supporting players in many workplaces, yet the responsibility being placed on them is huge. In the event of a cyber attack, network outage or other major issue, they will typically drop everything to fix the problem at hand. Almost all the respondents (95%) to a new AlienVault survey said that they have fixed a user or executive's personal computer issue during their work hours. In addition, over three-quarters (77%) said that they had seen and kept secret potentially embarrassing information relating to their colleagues' or executives' use of company-owned IT resources.
Reader iamthecheese writes RT reports that France's National Commission of Information and Freedoms found Facebook tracking of non-user browsers to be illegal. Facebook has three months to stop doing it. The ruling points to violations of members and non-members privacy in violation of an earlier ruling. The guidance, published last October, invalidates safe harbor provisions. If Facebook fails to comply the French authority will appoint someone to decide upon a sanction. Related: A copy of the TPP leaked last year no longer requires signing countries to have a safe harbor provision.