Domain: securityandthe.net
Stories and comments across the archive that link to securityandthe.net.
Stories · 19
-
The Pirate Bay Ordered To Block Dutch Users
secmartin writes "In a totally unexpected ruling, a Dutch court has decided that The Pirate Bay should block visitors from the Netherlands within 10 days or face a fine of €30,000 per defendant per day. Peter Sunde has already announced that he will appeal the ruling. Even though the defendants sent a letter explaining that they were unable to come to the hearing and provided arguments in their favor, these were ignored by the judge because they failed to appear in his court. The full text of the ruling was just published (in Dutch, PDF) by Peter Sunde, and further coverage is available at Forbes." -
The Pirate Bay Ordered To Block Dutch Users
secmartin writes "In a totally unexpected ruling, a Dutch court has decided that The Pirate Bay should block visitors from the Netherlands within 10 days or face a fine of €30,000 per defendant per day. Peter Sunde has already announced that he will appeal the ruling. Even though the defendants sent a letter explaining that they were unable to come to the hearing and provided arguments in their favor, these were ignored by the judge because they failed to appear in his court. The full text of the ruling was just published (in Dutch, PDF) by Peter Sunde, and further coverage is available at Forbes." -
Would You Pay For YouTube Videos?
secmartin writes "A couple of weeks ago, Google's CEO mentioned to investors that they might start charging YouTube's users for viewing content: 'With respect to how it will get monetized, our first priority, as you pointed out, is on the advertising side. We do expect over time to see micro payments and other forms of subscription models coming as well. But our initial focus is on advertising. We will be announcing additional things in that area literally very, very soon.' With the recent Disney-Hulu deal, Google is under increasing pressure to generate more revenue and at the same time attract more premium content. That means we might see payment options coming even sooner than expected, with control over the pricing models being handed over to the studios providing that content, like the way Apple caved in over variable pricing on iTunes. This raises an important question: would you actually pay for premium content on YouTube and other sites, or will this draw viewers away to other video sites?" -
Would You Pay For YouTube Videos?
secmartin writes "A couple of weeks ago, Google's CEO mentioned to investors that they might start charging YouTube's users for viewing content: 'With respect to how it will get monetized, our first priority, as you pointed out, is on the advertising side. We do expect over time to see micro payments and other forms of subscription models coming as well. But our initial focus is on advertising. We will be announcing additional things in that area literally very, very soon.' With the recent Disney-Hulu deal, Google is under increasing pressure to generate more revenue and at the same time attract more premium content. That means we might see payment options coming even sooner than expected, with control over the pricing models being handed over to the studios providing that content, like the way Apple caved in over variable pricing on iTunes. This raises an important question: would you actually pay for premium content on YouTube and other sites, or will this draw viewers away to other video sites?" -
Dan Bernstein Confirms Security Flaw In Djbdns
secmartin writes "Dan Bernstein has just admitted that a security issue has been found in the djbdns software, one of most popular alternatives for the BIND nameserver. As part of the djbdns security guarantee, $1000 will be paid to Matthew Dempsky, the researcher that found the bug. The bug allows a nameserver running djbdns to be poisoned using just a single packet. Other researchers have found a separate issue that allows dnscache, the DNS cache that is also part of the djbdns package, to be poisoned within just 18 minutes when using the default configuration. Anyone using djbdns is strongly encouraged to patch their servers immediately." Reader emad contributes a link to the djbdns mailing list post containing both a patch and a sample exploit, and adds: "In the words of Dan Kaminsky (of recent DNS security fame): 'However, Dempsky's bug in djb's tinydns is way more surprising, if only because ... holy crap, he pulled an exploitable scenario out of THAT?!'" -
Dan Bernstein Confirms Security Flaw In Djbdns
secmartin writes "Dan Bernstein has just admitted that a security issue has been found in the djbdns software, one of most popular alternatives for the BIND nameserver. As part of the djbdns security guarantee, $1000 will be paid to Matthew Dempsky, the researcher that found the bug. The bug allows a nameserver running djbdns to be poisoned using just a single packet. Other researchers have found a separate issue that allows dnscache, the DNS cache that is also part of the djbdns package, to be poisoned within just 18 minutes when using the default configuration. Anyone using djbdns is strongly encouraged to patch their servers immediately." Reader emad contributes a link to the djbdns mailing list post containing both a patch and a sample exploit, and adds: "In the words of Dan Kaminsky (of recent DNS security fame): 'However, Dempsky's bug in djb's tinydns is way more surprising, if only because ... holy crap, he pulled an exploitable scenario out of THAT?!'" -
Researchers Warn of Possible BitTorrent Meltdown
secmartin writes "Researchers at Delft University warn that large parts of the BitTorrent network might collapse if The Pirate Bay is forced to shut down. A large part of the available torrents use The Pirate Bay as tracker, and other available trackers will probably be overloaded if all traffic is shifted there. TPB is currently using eight servers for their trackers. According to the researchers, even trackerless torrents using the DHT protocol will face problems: 'One bug in a DHT sorting routine ensures that it can only "stumble upon success", meaning torrent downloads will not start in seconds or minutes if Pirate Bay goes down in flames.'" -
Kaspersky Customer Database Exposed
secmartin writes "A hacker has managed to gain access to several databases via a SQL injection vulnerability on Kaspersky's US website. He has posted several screenshots and a list of available tables; judging from the table names, the information available includes data on bugs and user- and reseller accounts. The hacker has indicated that no confidential information will be posted on the Internet, but since a large part of the URLs used was visible in screenshots, it will only be a matter of time before somebody else manages to duplicate this." -
Kaspersky Customer Database Exposed
secmartin writes "A hacker has managed to gain access to several databases via a SQL injection vulnerability on Kaspersky's US website. He has posted several screenshots and a list of available tables; judging from the table names, the information available includes data on bugs and user- and reseller accounts. The hacker has indicated that no confidential information will be posted on the Internet, but since a large part of the URLs used was visible in screenshots, it will only be a matter of time before somebody else manages to duplicate this." -
Has HavenCo's Data Haven Shut Down?
secmartin writes "HavenCo, the self-proclaimed data haven located on the micronation Sealand, appears to be offline. Their website is down, and there have been no announcements from either HavenCo or Sealand. HavenCo has been covered here before; it was mostly known for offering hosting of content that might be illegal in other countries. Does anyone have news about what happened to them?" -
Has HavenCo's Data Haven Shut Down?
secmartin writes "HavenCo, the self-proclaimed data haven located on the micronation Sealand, appears to be offline. Their website is down, and there have been no announcements from either HavenCo or Sealand. HavenCo has been covered here before; it was mostly known for offering hosting of content that might be illegal in other countries. Does anyone have news about what happened to them?" -
AVG Virus Scanner Removes Critical Windows File
secmartin writes "The popular virus scanner AVG released an update yesterday that caused their software to mark user32.dll as a virus. Since this is a rather critical file, AVG's suggestion to remove it caused problems for users around the world who are now advised to restore the file through the Windows Recovery Console. AVG just posted an update about this (FAQ item 1574) in the support section of their site. Their forums are full of complaints." -
AVG Virus Scanner Removes Critical Windows File
secmartin writes "The popular virus scanner AVG released an update yesterday that caused their software to mark user32.dll as a virus. Since this is a rather critical file, AVG's suggestion to remove it caused problems for users around the world who are now advised to restore the file through the Windows Recovery Console. AVG just posted an update about this (FAQ item 1574) in the support section of their site. Their forums are full of complaints." -
Belgian ISP Scores Victory In Landmark P2P Case
secmartin writes "Belgian ISP Scarlet scored an important victory in the first major European test of copyright law. The interim decision forcing them to block transfers of copyrighted materials via P2P has been reversed, because the judge agreed with Scarlet that the measures the Belgian RIAA proposed to implement proved to be ineffective. A final decision is expected next year." -
Belgian ISP Scores Victory In Landmark P2P Case
secmartin writes "Belgian ISP Scarlet scored an important victory in the first major European test of copyright law. The interim decision forcing them to block transfers of copyrighted materials via P2P has been reversed, because the judge agreed with Scarlet that the measures the Belgian RIAA proposed to implement proved to be ineffective. A final decision is expected next year." -
Elcomsoft Claims WPA/WPA2 Cracking Breakthrough
secmartin writes "Russian security firm Elcomsoft has released software that uses Nvidia GPUs to speed up the cracking of WPA and WPA2 keys by a factor of 100. Since the software allows them to network thousands of PCs, this anouncement effectively signals the death of wireless networking in business networks; any network handling sensitive data should start using VPN encryption on machines connecting over Wi-Fi networks, or stop using these networks altogether." -
Elcomsoft Claims WPA/WPA2 Cracking Breakthrough
secmartin writes "Russian security firm Elcomsoft has released software that uses Nvidia GPUs to speed up the cracking of WPA and WPA2 keys by a factor of 100. Since the software allows them to network thousands of PCs, this anouncement effectively signals the death of wireless networking in business networks; any network handling sensitive data should start using VPN encryption on machines connecting over Wi-Fi networks, or stop using these networks altogether." -
"Iron Man" Release Brings Down Paramount's Servers
secmartin writes "Shortly after the release of Iron Man on Blu-ray on October 1, people started complaining of defective discs; the problem turned out to be that all the Blu-ray players downloading additional content brought down Paramount's BD-Live servers, causing delays while loading the disc. Which really makes you wonder what will happen when they decide to shut down this service in a couple of years." -
"Iron Man" Release Brings Down Paramount's Servers
secmartin writes "Shortly after the release of Iron Man on Blu-ray on October 1, people started complaining of defective discs; the problem turned out to be that all the Blu-ray players downloading additional content brought down Paramount's BD-Live servers, causing delays while loading the disc. Which really makes you wonder what will happen when they decide to shut down this service in a couple of years."