Latest news

An Egyptian security researcher has scooped the top payout for security bugs from PayPal for discovering a massive security flaw that exposed the accounts of over 150 million users.

Yasser Ali was able to get around PayPal's CSRF Prevention System and capture an authentication token that could be used to effect a customer's PayPal account. You could add, remove or confirm e-mail addresses, add fully privileged users to a business account, change security questions, billing info, shipping info, payment methods and so on.

He disclosed the bug to PayPal and received the firms top award incentive for bug hunters, pocketing $10,000 for his work.

He also detailed how he beat PayPal's security systems on his blog, and provided this proof of concept video.

A security firm has taken a look at offers of free codes for PlayStation Network and Steam spreading online to see what's really going on.

Nothing in the world is really free, and that applies as much to codes for PSN, Steam and other services as it does to any physical product. How many times did you see those "Get a free iPAD today!" or similar claims just browsing the web, or social media, or in your e-mail in recent years? It sounds so wonderful doesn't it? Just fill out some surveys and then recruit your friends to do the same and you get a free iPad, or some other seemingly incredible promotion.

(Image Credit: AVAST Blog)

As anybody over a certain age can testify from life experience, if something seems too good to be true it usually is. People are still going to be attracted to promotions and offers though, and sometimes we allow our critical thinking faculties to be numbed by emotion - we are human after all.

Avast decided to take a look at websites that claim to offer free codes for PSN and Steam to find out what really happens to those caught in the trap. The value of the codes being promised ranges from $20 to $50, and all you have to do is follow some steps to qualify.

An increase in the share of web traffic from Apple's iOS devices is likely down to the successful launch of the iPhone 6, while at the same time Android web traffic decreases.

Apple now claims a slightly larger piece of the mobile web traffic pie, increasing to a 61.4 percent share compared to 60.6 percent. The increase has been observed over the nine weeks since the launch of the iPhone 6 smartphone, and is at the expense of the share enjoyed by the Android mobile OS which decreased to 37.5 percent from 38.4 percent in the same time period.

The statistics were reported by Gene Munster, analyst at Piper Jaffray.

Munster identifies the popularity of the iPad as the likely reason why Android's dominance in hardware is not reflected in its share of web traffic. Additionally, the iPhone 6 threw Apple into the competition for larger screen smartphones, a space which had been dominated by Android devices previously.


Sources and Recommended Reading:
Apple's iOS outshines Android in US mobile Web traffic: www.cnet.com/news

As the investigation into the massive breach at Sony Pictures proceeds, North Korea is sticking to a claim of innocence but that hasn't stopped it from applauding the attack against the entertainment company.

Over 11TB of data was allegedly stolen by the hackers who crippled Sony Pictures' systems, and later on hoards of personal information of employees was spread online. High quality copies of several movies, including Fury, leaked onto the Internet too and were downloaded hundreds of thousands of times in a matter of days.

On Friday, it emerged that the FBI was looking into threats that had been made against Sony Pictures employees and their families too.

Amid the public humiliation of Sony Pictures, some experts started to point the finger at the mysterious state of North Korea - or the People's Democratic Republic of Korea - as a major suspect. Potential evidence that has been disclosed is really based on similarities between the Sony Pictures attack, and attacks against South Korean entities in 2013. Additionally, some clues were found in an analysis of malware used in the attack. You can read more details about it here.

Cox Communications was sued last week by two music publishers for not terminating customer accounts when they are declared repeat offenders by Rightscorp.

At the core of the lawsuit filed by BMG and Round Hill is the assertion that Cox has no protection under the safe harbor provisions of the Digital Millennium Copyright Act (DMCA) of 1998. The DMCA's safe harbor provisions protect intermediaries from some copyright litigation as long as procedures are followed to qualify for them.

From BMG and Round Hill's perspective, Cox is not following the procedures and therefore is not entitled to use the safe harbor provisions as protection.

What is Cox Communication's failure according to the lawsuit? It alleges that Cox has failed to terminate customers' accounts when Rightscorp accuses them of being repeat infringers of copyright. That, it alleges, makes Cox liable for copyright penalties and it wants a federal court to declare as much.

The Electronic Frontier Foundation (EFF) has analysed the lawsuit and finds it lacking merit, to say the least. DMCA safe harbor provisions do not require that ISPs terminate users based on a mere accusation of infringement, or indeed even many accusations, according to the EFF. Rightscorp, it said, does not provide any evidence of the customer being a repeat infringer of copyright, and it doesn't disclose the means by which it identified the user.

Clothing retailer Bebe is the latest company to confirm a data breach of sensitive customer information.

Bebe says attackers managed to steal customer names, card numbers, expiration dates and verification codes for cards swiped in stores between Novembr 8th and November 26th of this year in the U.S. and U.S. Virgin Islands.

Online, mobile and international orders were not affected, at least, added the company. Bebe has 174 retail stores and an additional 35 outlet stores.

Security expert Brian Krebs was first to note the hack, and says the hackers likely exploited vulnerabilities in the cash register system and installed malware to steal mag stripe data from millions of cards.

"Our relationship with our customers is of the highest importance," said Bebe CEO Jim Wiggett. "We moved quickly to block this attack and have taken steps to further enhance our security measures."

In the past year, personal data on over 200 million Americans has been compromised thanks to lax security within retailer's systems.

Source:
Krebs

The YouTube for Android app has been updated to include the Material Design interface overhaul of Android 5.0 Lollipop.

With the update, YouTube adds a white background, a full navigation drawer and a tabbed toolbar in bright red.

YouTube's launch icon has been updated as well with more vibrant colors that match Google's other new updates.

On the technical side, the app has added support for "advanced search," a welcome relief for heavy YouTube users.

Source:
AndroidPolice

The US Marshals Service has confirmed that only 11 bidders took part in their second Bitcoin auction for the currency seized from illegal online marketplace Silk Road.

In the first auction, 45 bidders took part in the auction, with a total of 63 bids. The latest auction may have reflected a lack of enthusiasm or an investor exhaustion, with only 27 total bids for the 50,000 coins with a dollar value of $19 million. The first auction was for 30,000 Bitcoins.

Last June, when the first auction concluded, there was only one winner: Thomas Draper, a venture capitalist. Draper is assumed to have paid above market price in order to win all the available coins, which at the time was $570. Draper has taken a wash in his investment so far, with prices down at about $370 as of writing.

In total, there were 173,991 Bitcoins seized from the Silk Road raid and from its alleged operator, Ross Ulbricht.

Source:
NYT

Yesterday, we reported that CBS pulled their content from Dish Network in 16 major metro cities after months of failed licensing negotiations between the two.

Today, the programming is back, as the companies have reached a "multi-year deal covering carriage payments, streaming rights" and ends the two's dispute over Dish's Hopper DVR and its ability to remove commercials.

The Hopper and its "AutoHop" feature was a big enough deal that CBS had sued Dish, and it seems that Dish has caved as part of the new deal. AutoHop is disabled for CBS programming for the first seven days after a program airs on CBS networks. Dish has long defended AutoHop, and its convenience for customers. The company says AutoHop does exactly what all TV watchers with DVR do anyway: fast forward through the commercials.

On Dish's end, the satellite TV company also gets rights to Showtime VOD content and Showtime Anytime, as well as all CBS programming and affiliate programming.

Source:
Deadline

2014 has undoubtedly been a year to forget for retailers and customer data, as many prominent companies have seen severe security breaches leading to the loss of names, addresses, credit card numbers and other sensitive information of hundreds of millions of Americans.

The related fraudulent charges and the costs to replace credit and debit cards has led banks to lose over $400 million on just one single scandal this year (Target), and thanks to a early court ruling, the banks can now move forward with lawsuits against retailers that have been negligent with their security.

In the Target incident, nearly 50 million cards were compromised and in the past the banks have borne the costs of replacements but until this year, the breaches have never been so large. The new ruling allows banks to sue the merchants if there is enough evidence to prove that the company was "negligent" in securing their networks and customer data.

In the case of Target, a number of banks sued claiming that Target "ignored security software alerts and disabled some of its security features" before they were attacked, and the judge agreed.

"Plaintiffs have plausibly alleged that Target's actions and inactions -- disabling certain security features and failing to heed the warning signs as hackers' attack began -- caused foreseeable harm to plaintiffs," Judge Magnuson wrote in his ruling. "Plaintiffs have also plausibly alleged that Target's conduct both caused and exacerbated the harm they suffered."

The Federal Bureau of Investigation is looking into threats received by employees of Sony Pictures claiming to be from the hackers that targeted the entertainment company.

The threats were e-mailed to Sony employees, allegedly sent by the "Guardian of Peace" - or GOP - which previously claimed responsibility for a devastating cyber attack on the entertainment firm starting in late November. It included the theft of 11TB of data and leaking of movies and personal information of employees.

The FBI said it is aware of the threatening e-mails that have been received by some employees. While the e-mail hasn't been released publicly, Bloomberg reports that it threatens the families of recipients if they don't "sign their names" to some e-mail address.

"We continue to investigate this matter in order to identify the person or group responsible," FBI spokesman Joshua Campbell said in an e-mailed statement to the press.

It is very likely that the e-mails didn't come from the attackers at all, and were sent by other parties that obtained the e-mail addresses from the data released online.

As is becoming standard procedure in the industry, CBS has pulled its programming from the Dish Network in 16 metro cities in the U.S., including NYC, LA and Chicago following failed licensing negotiations.

"Dish has dragged its feet at our many attempts to negotiate in good faith," said CBS in an official statement. "Behavior like this is why Dish has a long history of depriving customers of the programming they have paid for." Dish has lost programming from CNN and other large content providers over past disputes. A dispute with AMC left 'Walking Dead' fans without their show for over 9 months.

The two companies have been in negotiations for at least the last six months, and CBS offered two extensions in just the last week.

Dish was quick to respond: "CBS has chosen to black out their local channels, but remain optimistic that the channels will return quickly as both sides are continuing to work tonight to finalize an agreement."

According to a new report, Google will launch a second-generation model of the Google Glass headset next year, one that is powered by an Intel processor.

The new model will offer increased battery life compared to the current Explorer Edition model, and will likely see other upgrades, as well.

So far, Google has tweaked the glasses to include compatibility for prescription glasses and also to increase the RAM, but otherwise little else has changed.

Reportedly, the new Intel chip will come with a partnership that includes Google marketing Glass to "hospital networks and manufacturers, while developing new workplace uses for the device" as it appears that Intel is looking to promote the device in the workplace.

It is unclear which low-powered Intel chip will power the new device, but it will likely be similar to the chip powering the company's new MICA bracelets.

Twitch, the undisputed king of streaming video game gameplay, now has a big-time rival.

Valve, the company behind Steam, has unveiled Steam Broadcasting, allowing gamers to watch their friends (or strangers) play and to allow their friends to watch them play, all with just one simple click.

You can visit any gamer's profile, see what they are playing and start watching; as long as they have made their gaming public. You have the option to be public, completely private, or have it limited to your Steam friends.

The service is currently in open beta so you can try it out now.

According to a new report, both Sony and Microsoft had great Black Friday weeks, moving consoles at record paces.

Sony sold over 550,000 units for the week ended November 29th in the U.S., stronger than any Black Friday week its predecessor PS3 had.

Microsoft, thanks to bundles and a price cut across the board, sold a whopping 720,000 units in the U.S., easily outselling its rivals.

The Xbox One's sales set a record in the U.S., outselling every console in history for the Black Friday holiday week, according to the site. Keep in mind, VGChartz is normally very shaky with their information, and even the sourced article has errors and typos, but the news would not be shocking.

Microsoft dropped the price of their consoles by $50 to $349 MSRP, and that included bundles like Assassin's Creed. Some retailers even dropped the price to $329 to move units. The PS4 also saw some discounts, but nothing along the lines of those seen by the Xbox One.