Firefox 0day used against Tor users almost identical to one FBI used in 2013

There’s a zero-day exploit in the wild that’s being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser, officials of the anonymity service confirmed Tuesday. Word of the previously unknown Firefox vulnerability first surfaced in this post on the official Tor website.

visit Ars Technica

Notorious IoT botnets weaponize new flaw found in millions of home routers

Online criminals-at least some of them wielding the notorious Mirai malware that transforms Internet-of-things devices into powerful denial-of-service cannons-have begun exploiting a critical flaw that may be present in millions of home routers. Routers provided to German and Irish ISP customers for Deutsche Telekom and Eircom respectively have already been identified as being vulnerable, according to recently published reports from researchers tracking the attacks.

visit Ars Technica

Judge tosses lawsuit over 1-star review for overfeeding pet fish

A local Texas judge is tossing a $1 million lawsuit brought by a Dallas pet-sitting business that sued the owners of a pet fish for giving the company a 1-star Yelp review that complained that “Gordy” was overfed. Among other allegations, Prestigious Pets claimed (PDF) that a Plano couple violated its non-disparagement clause and defamed it on Yelp in last year’s review.

visit Ars Technica

FaceTime, iMessages hang in the balance after Apple loss to patent troll

Patent troll VirnetX, fresh on the heels of a $626 million FaceTime and iMessages patent victory over Apple, now wants a federal judge to permanently turn off those popular features. VirnetX on Wednesday also asked the judge presiding over the litigation to increase the damages the East Texas jury awarded in February by another $190 million or more.

visit Ars Technica

Google wins trial against Oracle as jury finds Android is “fair use”

SAN FRANCISCO-Following a two-week trial, a jury has found that Google’s Android operating system does not infringe Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by “fair use.” The verdict was reached after three days of deliberation. The verdict in Google’s favor ends the trial, which began earlier this month.

visit Ars Technica

Easily exploited bug exposes huge number of sites to code-execution attacks

A large number of websites are vulnerable to a simple attack that allows hackers to execute malicious code hidden inside booby-trapped images. The vulnerability resides in ImageMagick, a widely used image-processing library that’s supported by PHP, Ruby, NodeJS, Python, and about a dozen other languages.

visit Ars Technica

“Happy Birthday” is public domain, former owner Warner/Chapell to pay $14M

The public will soon be free to sing the world’s most famous song. Music publisher Warner/Chappell will no longer be allowed to collect licensing royalties on those who sing “Happy Birthday” in public and will pay back $14 million to those who have paid for licensing in the past, according to court settlement papers filed late Monday night.

visit Ars Technica

Teardown shows Nest Cam is “always-on” even when you think it’s off

It turns out your home security camera may see more of your home than you thought it did. In a teardown of the Nest Cam, a team at ABI Research found that even when “off,” the camera draws nearly the same amount of power as when it’s fully powered on, meaning it’s functional and running even when the indicator light claims otherwise.

visit Ars Technica

Drug with rage-inducing >5,000% price-hike now has $1/pill competitor

Turing Pharmaceuticals, the company that last month raised the price of the decades-old drug Daraprim from $13.50 a pill to $750, now has a competitor. Imprimis Pharmaceuticals, Inc., a specialty pharmaceutical company based in San Diego, announced today that it has made an alternative to Daraprim that costs about a buck a pill-or $99 for a 100-pill supply.

5,000% price-hike now has $1/pill competitor’>visit Ars Technica

SHA1 algorithm securing e-commerce and software could break by year’s end

SHA1, one of the Internet’s most crucial cryptographic algorithms, is so weak to a newly refined attack that it may be broken by real-world hackers in the next three months, an international team of researchers warned Thursday. SHA1 has long been considered theoretically broken, and all major browsers had already planned to stop accepting SHA1-based signatures starting in January 2017.

visit Ars Technica

0-day attack on Firefox users stole password and key data: Patch now!

A website in Russia has been caught exploiting a serious zero-day vulnerability in Mozilla’s Firefox browser, prompting the open-source developer to deliver an emergency update that fixes the flaw. The bug in a built-in PDF reader allowed attackers to steal sensitive files stored on the hard drives of computers that used the vulnerable Firefox version.

visit Ars Technica

So far, WordPress denied 43% of DMCA takedown requests in 2015

This week WordPress released the latest edition of its recurring transparency report, revealing 43 percent of the Digital Millennium Copyright Act (DMCA) takedown requests it received have been rejected in the first six months of 2015. It’s the lowest six-month period shown in the report, though it only dates back to 2014.

visit Ars Technica

Google to close Google Code open source project hosting

Google Code is to join the long list of Google projects that have been consigned to the dustbin of history. The open source project hosting service will no longer be accepting new project submissions as of today, will no longer be accepting updates to existing projects from August 24, and will be closed entirely on January 25, 2016.

visit Ars Technica

FCC votes for net neutrality, a ban on paid fast lanes, and Title II

The Federal Communications Commission today voted to enforce net neutrality rules that prevent Internet providers-including cellular carriers-from blocking or throttling traffic or giving priority to Web services in exchange for payment. Not the end of the world: What Tom Wheeler’s proposal will and won’t do.

visit Ars Technica

Blog at WordPress.com.

Up ↑

%d bloggers like this: