Tag Archives: report

Pirate Site Visits Lead to More Malware, Research Finds

Post Syndicated from Ernesto original https://torrentfreak.com/pirate-site-visits-lead-to-more-malware-research-finds-180318/

In recent years copyright holders have been rather concerned with the health of pirates’ computers.

They regularly highlight reports which show that pirate sites are rife with malware and even alert potential pirates-to-be about the dangers of these sites.

The recent “Meet The Malwares” campaign, targeted at small children, went as far as claiming that pirate sites are the number one way through which this malicious software is spread. We debunked this claim, but it’s hard to deny that pirate sites have their downsides.

While the operators of pirate sites are usually unaware, advertisers and malicious uploaders sometimes use their sites to distribute adware or malware. But does that put people at significant risk? Research from Carnegie Mellon University Professor Rahul Telang provides some further insight.

For a year, Telang observed the browsing and other computer habits of 253 people who took part in the Security Behavior Observatory. The results, published in a paper titled “Does Online Piracy make Computers Insecure?” show that there is a link between pirate site visits and malware.

“We find that more visits to infringing sites does lead to more number of malware files being downloaded on user machines. In particular doubling the amount of time spent on infringing sites cause a 20 percent increase in malware count,” Telang writes.

This effect was only visible for pirate sites, and not for other categories such as banking, gambling, gaming, shopping, social networking, and even adult websites.

Through the Security Behavior Observatory, all files on the respondents’ computers were scanned and checked against reports from Virustotal.com. This also includes adware, but even without this category, the results remain intact.

“Even after we classify malware files into adware and remove them from analysis, our results still suggest that there is a 20 percent increase in malware count due to visits to infringing sites. These results are robust to various controls and specifications.”

Interestingly, one would expect that people who frequently visit pirate sites are more likely to have anti-virus software installed. However, this was not the case.

“We also find that users who visit infringing sites do not take any more precautions than other users. In particular, we find no evidence that such users are more likely to install anti-virus software. If anything, we find that infringing users are more risk taking,” the paper reads.

A 20 percent increase in malware sounds dramatic, and while we don’t want to downplay these results or the risks involved, it’s worth highlighting the absolute numbers.

The research estimates that, when someone doubles the amount of traffic spent on a pirate site, this person adds an extra 0.05 of a piece of malware per month, with the average being 0.24. So, most people encounter no malware in a typical month. This means that pirate sites are an increased a risk, but it’s not as extreme as sometimes portrayed.

There is also no evidence that malware is predominantly spread through pirate sites. Looking at the total sample, the average number of malware files found on a pirate’s machine is 1.5, compared to 1.4 for those who never visit any pirate sites at all.

While there’s certainly some risk involved, it’s doubtful that the results will deter many people. Previous research revealed that the majority of all pirates are fully aware of the malware risks, but that they continue nonetheless.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Local Governments in Mexico Might ‘Pirate’ Dragon Ball

Post Syndicated from Andy original https://torrentfreak.com/local-governments-mexico-might-pirate-dragon-ball-180316/

When one thinks of large-scale piracy, sites like The Pirate Bay and perhaps 123Movies spring to mind.

Offering millions of viewers the chance to watch the latest movies and TV shows for free the day they’re released or earlier, they’re very much hated by the entertainment industries.

Tomorrow, however, there’s the very real possibility of a huge copyright infringement controversy hitting large parts of Mexico, all centered around the hugely popular anime series Dragon Ball Super.

This Saturday episode 130, titled “The Greatest Showdown of All Time! The Ultimate Survival Battle!!”, will hit the streets. It’s the penultimate episode of the series and will see the climax of Goku and Jiren’s battle – apparently.

The key point is that fans everywhere are going nuts in anticipation, so much so that various local governments in Mexico have agreed to hold public screenings for free, including in football stadiums and public squares.

“Fans of the series are crazy to see the new episode of Dragon Ball Super and have already organized events around the country as if it were a boxing match,” local media reports.

For example, Remberto Estrada, the municipal president of Benito Juárez, Quintana Roo, confirmed that the episode will be aired at the Cultural Center of the Arts in Cancun. The mayor of Ciudad Juarez says that a viewing will go ahead at the Plaza de la Mexicanidad with giant screens and cosplay contests on the sidelines.

Many local government Twitter accounts sent out official invitations, like the one shown below.

But despite all the preparations, there is a big problem. According to reports, no group or organization has the rights to show Dragon Ball Super in public in Mexico, a fact confirmed by Toei Animation, the company behind the show.

“To the viewers and fans of Dragon Ball. We have become aware of the plans to exhibit episode # 130 of our Dragon Ball Super series in stadiums, plazas, and public places throughout Latin America,” the company said in an official announcement.

“Toei Animation has not authorized these public shows and does not support or sponsor any of these events nor do we or any of our titles endorse any institution exhibiting the unauthorized episode.

“In an effort to support copyright laws, to protect the work of thousands of persons and many labor sectors, we request that you please enjoy our titles at the official platforms and broadcasters and not support illegal screenings that incite piracy.”

Armando Cabada, mayor of Ciudad Juarez, Chihuahua, was one of the first municipal officials to offer support to the episode 130 movement. He believes that since the events are non-profit, they can go ahead but others have indicated their screenings will only go ahead if they can get the necessary permission.

Crunchyroll, the US video-streaming company that holds some Dragon Ball Super rights, is reportedly trying to communicate with the establishments and organizations planning to host the events to ensure that everything remains legal and above board. At this stage, however, there’s no indication that any agreements have been reached or whether they’re simply getting in touch to deliver a warning.

One region that has already confirmed its event won’t go ahead is Mexico City. The head of the local government there told disappointed fans that since they can’t get permission from Toei, the whole thing has been canceled.

What will happen in the other locations Saturday night if licenses haven’t been obtained is anyone’s guess but thousands of disappointed fans in multiple locations raises the potential for the kind of battle the Mexican authorities can well do without, even if Dragon Ball Super thrives on them.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Deezer Piles Pressure on Pirates, Deezloader Reborn Throws in the Towel

Post Syndicated from Andy original https://torrentfreak.com/deezer-piles-pressure-on-pirates-deezloader-reborn-throws-in-the-towel-180315/

Spotify might grab most of the headlines in the world of music streaming but French firm Deezer is also growing in popularity.

Focused more on non-English speaking regions, the music service still has a massive selection of tens of millions of tracks. More importantly for pirates, it also has a loophole or two that allows users to permanently download songs from the service, a huge ‘selling’ point for the compulsive archiver.

One of the most popular third-party tools for achieving this was Deezloader but last year Deezer put pressure on its operators to cease-and-desist.

“On April 27, 2017 we received takedowns and threatened legal action from Deezer if we don’t shut down by April 29. So we decided to shut down Deezloader permanently,” the team announced.

Rather than kill the scene, the attack on Deezloader only seemed to spur things on. Many other apps underwent development in the months that followed but last December it became evident that Deezer (and probably the record labels supplying its content) were growing increasingly tired of these kinds of applications.

The company sent a wave of DMCA notices to developer platform GitHub, targeting several tools, claiming that they are “in total violation of our rights and of the rights of our music licensors.”

GitHub responded quickly by removing access to repositories referencing Deezloader, DeezerDownload, Deeze, Deezerio, Deezit, Deedown, and their associated forks. Deezer also reportedly modified its API, in order to stop or hinder apps already in existence.

However, pirates are a determined bunch and behind the scenes many sought to breathe new life into their projects, to maintain the flow of free music from Deezer. One of those that gained traction was the obviously-titled ‘Deezloader Reborn’ which enjoyed a new lease of life on both Github and Reddit after taking over from DeezLoader V2.3.1.

But in January 2018, Deezer turned up the pressure again, hitting Github with a wave (1,2) of takedown notices targeting various projects. On January 23, Deezer hit Deezloader Reborn itself with the notice detailed below.

The following project, identified in the paragraph below, makes available a hacked version of our Deezer application by describing methods to bypass Deezer’s security measures to unlawfully download its music catalogue, in total violation of our rights and of the rights of our music licensors (phonographic producers, performing artists, songwriters and composers):


I therefore ask that you immediately take down the project corresponding to the URL above and all of the related forks by others members who have had access or even contributed to such projects.

Not only did Github comply with Deezer’s request, Reddit did too. According to a thread still listed on the site, Reddit removed a post about Deezloader Reborn following a copyright complaint from Deezer.

Two days later Deezer targeted similar projects on Github but by this time, Deezloader Reborn already had new plans. Speaking with TF, project developer ExtendLord said that he wouldn’t be shutting down but would continue on code repository Gitlab instead. Now, however, those plans have also come to an abrupt end after Gitlab took the page down.

Deezloader Reborn – gone from Gitlab

A copy of the page available on Archive.org shows Deezloader Reborn at version 3.0.5 with the ability to download music ready-tagged and in FLAC quality. Links to newer versions are being shared on Reddit but it appears there is no longer a central trusted source for the application.

There’s no official confirmation yet but it seems likely that Deezer was behind the Gitlab takedown. TorrentFreak has contacted ExtendLord who linked us to this page which states that “DeezLoader Reborn is no longer maintained due to DMCA. [Version] 3.1.0 is the last update, no more updates will be made.”

So, at least for now, it appears that Deezloader Reborn will go the way of various other Deezer-reliant applications. That won’t be the end of the story though, that’s a certainty.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Tamilrockers Arrests: Police Parade Alleged Movie Pirates on TV

Post Syndicated from Andy original https://torrentfreak.com/tamilrockers-arrests-police-parade-alleged-movie-pirates-on-tv-180315/

Just two years ago around 277 million people used the Internet in India. Today there are estimates as high as 355 million and with a population of more than 1.3 billion, India has plenty of growth yet to come.

Also evident is that in addition to a thirst for hard work, many Internet-enabled Indians have developed a taste for Internet piracy. While the US and Europe were the most likely bases for pirate site operators between 2000 and 2015, India now appears in a growing number of cases, from torrent and streaming platforms to movie release groups.

One site that is clearly Indian-focused is the ever-popular Tamilrockers. The movie has laughed in the face of the authorities for a number of years, skipping from domain to domain as efforts to block the site descend into a chaotic game of whack-a-mole. Like The Pirate Bay, Tamilrockers has burned through plenty of domains including tamilrockers.in, tamilrockers.ac, tamilrockers.me, tamilrockers.co, tamilrockers.is, tamilrockers.us and tamilrockers.ro.

Now, however, the authorities are claiming a significant victory against the so-far elusive operators of the site. The anti-piracy cell of the Kerala police announced last evening that they’ve arrested five men said to be behind both Tamilrockers and alleged sister site, DVDRockers.

They’re named as alleged Tamilrockers owner ‘Prabhu’, plus ‘Karthi’ and ‘Suresh’ (all aged 24), plus alleged DVD Rockers owner ‘Johnson’ and ‘Jagan’ (elsewhere reported as ‘Maria John’). The men were said to be generating between US$1,500 and US$3,000 each per month. The average salary in India is around $600 per annum.

While details of how the suspects were caught tend to come later in US and European cases, the Indian authorities are more forthright. According to Anti-Piracy Cell Superintendent B.K. Prasanthan, who headed the team that apprehended the men, it was a trail of advertising revenue crumbs that led them to the suspects.

Prasanthan revealed that it was an email, sent by a Haryana-based ad company to an individual who was arrested in 2016 in a similar case, that helped in tracking the members of Tamilrockers.

“This ad company had sent a mail to [the individual], offering to publish ads on the website he was running. In that email, the company happened to mention that they have ties with Tamilrockers. We got the information about Tamilrockers through this ad company,” Prasanthan said.

That information included the bank account details of the suspects.

Given the technical nature of the sites, it’s perhaps no surprise that the suspects are qualified in the IT field. Prasanthan revealed that all had done well.

“All the gang members were technically qualified. It even included MSc and BSc holders in computer science. They used to record movies in pieces from various parts of the world and join [them together]. We are trying to trace more members of the gang including Karthi’s brothers,” Prasanathan said.

All five men were remanded in custody but not before they were paraded in front of the media, footage which later appeared on TV.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Microsoft: Poisoned Torrent Client Triggered Coin Miner Outbreak

Post Syndicated from Ernesto original https://torrentfreak.com/microsoft-poisoned-torrent-client-triggered-coin-miner-outbreak-180315/

First released in 2010, MediaGet has been around for a while. Initially, the torrent client was available in Russian only, but the team later expanded its reach across the world.

While it’s a relatively small player, it has been installed on millions of computers in recent years. It still has a significant reach, which is what Microsoft also found out recently.

This week the Windows Defender Research team reported that a poisoned version of the BitTorrent client was used to start the Dofoil campaign, which attempted to offload hundreds of thousands of malicious cryptocurrency miners.

Although Windows Defender caught and blocked the culprit within milliseconds, the team further researched the issue to find out how this could have happened.

It turns out that the update process for the application was poisoned. This then enabled a signed version of MediaGet to drop off a compromised version, as can be seen in the diagram below.

“A signed mediaget.exe downloads an update.exe program and runs it on the machine to install a new mediaget.exe. The new mediaget.exe program has the same functionality as the original but with additional backdoor capability,” Microsoft’s team explains.

The update poisoning

The malicious MediaGet version eventually triggered the mass coin miner outbreak. Windows Defender Research stresses that the poisoned version was signed by a third-party software company, not MediaGet itself.

Once the malware was launched the client built a list of command-and-control servers, using embedded NameCoin DNS servers and domains with the non-ICANN-sanctioned .bit TLD, making it harder to shut down.

More detailed information on the attack and how Dofoil was used to infect computers can be found in Microsoft’s full analysis.

MediaGet informs TorrentFreak that hackers compromised the update server to carry out their attack.

“Hackers got access to our update server, using an exploit in the Zabbix service and deeply integrated into our update mechanics. They modified the original version of Mediaget to add their functionality,” MediaGet reveals.

The company says that roughly five percent of all users were affected by the compromised update servers. All affected users were alerted and urged to update their software.

The issue is believed to be fully resolved at MediaGet’s end and they’re working with Microsoft to take care of any copies that may still be floating around in the wild.

“We patched everything and improved our verification system. To all the poisoned users we sent the message about an urgent update. Also, we are in contact with Microsoft, they will clean up all the poisoned versions,” MediaGet concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Dolby Labs Sues Adobe For Copyright Infringement

Post Syndicated from Andy original https://torrentfreak.com/dolby-labs-sues-adobe-for-copyright-infringement-180314/

Adobe has some of the most recognized software products on the market today, including Photoshop which has become a household name.

While the company has been subjected to more than its fair share of piracy over the years, a new lawsuit accuses the software giant itself of infringement.

Dolby Laboratories is best known as a company specializing in noise reduction and audio encoding and compression technologies. Its reversed double ‘D’ logo is widely recognized after appearing on millions of home hi-fi systems and film end credits.

In a complaint filed this week at a federal court in California, Dolby Labs alleges that after supplying its products to Adobe for 15 years, the latter has failed to live up to its licensing obligations and is guilty of copyright infringement and breach of contract.

“Between 2002 and 2017, Adobe designed and sold its audio-video content creation and editing software with Dolby’s industry-leading audio processing technologies,” Dolby’s complaint reads.

“The basic terms of Adobe’s licenses for products containing Dolby technologies are clear; when Adobe granted its customer a license to any Adobe product that contained Dolby technology, Adobe was contractually obligated to report the sale to Dolby and pay the agreed-upon royalty.”

Dolby says that Adobe promised it wouldn’t sell its any of its products (such as Audition, After Effects, Encore, Lightroom, and Premiere Pro) outside the scope of its licenses with Dolby. Those licenses included clauses which grant Dolby the right to inspect Adobe’s records through a third-party audit, in order to verify the accuracy of Adobe’s sales reporting and associated payment of royalties.

Over the past several years, however, things didn’t go to plan. The lawsuit claims that when Dolby tried to audit Adobe’s books, Adobe refused to “engage in even basic auditing and information sharing practices,” a rather ironic situation given the demands that Adobe places on its own licensees.

Dolby’s assessment is that Adobe spent years withholding this information in an effort to hide the full scale of its non-compliance.

“The limited information that Dolby has reviewed to-date demonstrates that Adobe included Dolby technologies in numerous Adobe software products and collections of products, but refused to report each sale or pay the agreed-upon royalties owed to Dolby,” the lawsuit claims.

Due to the lack of information in Dolby’s possession, the company says it cannot determine the full scope of Adobe’s infringement. However, Dolby accuses Adobe of multiple breaches including bundling licensed products together but only reporting one sale, selling multiple products to one customer but only paying a single license, failing to pay licenses on product upgrades, and even selling products containing Dolby technology without paying a license at all.

Dolby entered into licensing agreements with Adobe in 2003, 2012 and 2013, with each agreement detailing payment of royalties by Adobe to Dolby for each product licensed to Adobe’s customers containing Dolby technology. In the early days when the relationship between the companies first began, Adobe sold either a physical product in “shrink-wrap” form or downloads from its website, a position which made reporting very easy.

In late 2011, however, Adobe began its transition to offering its Creative Cloud (SaaS model) under which customers purchase a subscription to access Adobe software, some of which contains Dolby technology. Depending on how much the customer pays, users can select up to thirty Adobe products. At this point, things appear to have become much more complex.

On January 15, 2015, Dolby tried to inspect Adobe’s books for the period 2012-2014 via a third-party auditing firm. But, according to Dolby, over the next three years “Adobe employed various tactics to frustrate Dolby’s right to audit Adobe’s inclusion of Dolby Technologies in Adobe’s products.”

Dolby points out that under Adobe’s own licensing conditions, businesses must allow Adobe’s auditors to allow the company to inspect their records on seven days’ notice to confirm they are not in breach of Adobe licensing terms. Any discovered shortfalls in licensing must then be paid for, at a rate higher than the original license. This, Dolby says, shows that Adobe is clearly aware of why and how auditing takes place.

“After more than three years of attempting to audit Adobe’s Sales of products containing Dolby Technologies, Dolby still has not received the information required to complete an audit for the full time period,” Dolby explains.

But during this period, Adobe didn’t stand still. According to Dolby, Adobe tried to obtain new licensing from Dolby at a lower price. Dolby stood its ground and insisted on an audit first but despite an official demand, Adobe didn’t provide the complete set of books and records requested.

Eventually, Dolby concluded that Adobe had “no intention to fully comply with its audit obligations” so called in its lawyers to deal with the matter.

“Adobe’s direct and induced infringements of Dolby Licensing’s copyrights in the Asserted Dolby Works are and have been knowing, deliberate, and willful. By its unauthorized copying, use, and distribution of the Asserted Dolby Works and the Adobe Infringing Products, Adobe has violated Dolby Licensing’s exclusive rights..,” the lawsuit reads.

Noting that Adobe has profited and gained a commercial advantage as a result of its alleged infringement, Dolby demands injunctive relief restraining the company from any further breaches in violation of US copyright law.

“Dolby now brings this action to protect its intellectual property, maintain fairness across its licensing partnerships, and to fund the next generations of technology that empower the creative community which Dolby serves,” the company concludes.

Dolby’s full complaint can be found here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Numerous vulnerabilities in AMD processors

Post Syndicated from corbet original https://lwn.net/Articles/749191/rss

A company called CTS has disclosed a long
series of vulnerabilities
in AMD processors. “The chipset is a
central component on Ryzen and Ryzen Pro workstations: it links the
processor with hardware devices such as WiFi and network cards, making it
an ideal target for malicious actors. The Ryzen chipset is currently being
shipped with exploitable backdoors that could let attackers inject
malicious code into the chip, providing them with a safe haven to operate
” See the associated
white paper
for more details.

Update: there are a lot of questions circulating about the actual
severity of these vulnerabilities and the motivations of the people
reporting them. It may not be time to panic quite yet.

2018-03-13 китайски лаптоп

Post Syndicated from Vasil Kolev original https://vasil.ludost.net/blog/?p=3380

(те всичките лаптопи се правят в Китай вече, ама не ми хрумва как да го кръстя иначе)

Преди някакво време разбрах за един проект на ентусиасти от Китай за нови дъна за стари лаптопи. От много време ми липсваше 4:3 дисплея, T420 от време на време ми беше бавен (дори с 16GB памет и SSD), по-новите thinkpad-и са с гадна клавиатура, а Retro проекта в крайна сметка не беше customizable и не беше приемлив (с тая NVidia карта и широк дисплей, да не говорим за цената).

Поръчах си един t60p от ebay, и след като дойде тръгнах да си поръчвам дъното. От форума на хората и някаква facebook страница намерих контакти, писах си с един човек, който ми предложи директно лаптоп, но аз си поръчах само дъното (in hindsight, да си бях взел цял лаптоп). Няколко неща по темата с поръчването:
– опциите бяха SWIFT и western union. Не ми се разхождаше, та го направих по SWIFT, и там се оказа, че има допълнителни такси, които взимат от получателя (които не могат да вземат от мен);
– За освобождаване от митница ми поискаха следните неща: фактура (която поисках да ми издадат, щото нямаше) която включва и цената и транспортните разходи, EORI номер, пълномощно да ме представляват и документ за направеното плащане (изискване на митниците за стоки от Китай и Хонг Конг, пише “SWIFT или PayPal”);
– EORI номер може да си издадете безплатно, ако имате електронен подпис и търпение (бях си издал за нещо друго, отне около седмица);
– DHL могат да пратят как изглежда митническата декларация, да си я платите с един online превод и да си получите нещата (иначе искат 24 лв да направят превода те);

Дъното беше $780 и доставка, вариантът за това дъно с цял лаптоп (без памет) беше $980 за 1400×1050 матрица и $1100 с 1600×1200 матрица (нови, IPS, по думи на продавача).

Хората си имат и форум, в който има и инструкции за сглобяване (google translate е ваш добър приятел за тия страници). При мен сглобяването се забави, понеже се оказа, че има вариант на T60p, който е с 16:10 матрица, за който дъното не става, и аз съм взел точно такъв, та си поръчвах нов и чаках да пристигне.

Последва сглабянето с помощта на добрите хора от adsys (на които им отрових живота, щото се оказа доста пипкава работа):
– има малко рязане по кутията (има го описано във форума, със снимки);
– болтовете за закачане са по-малко, дупките на някои са запушени;
– на дъното до конектора за монитор има превключвател за типа на дисплея (1024×768 или по-голям);
– трябва ви DDR4 памет;
– най-вероятно wifi картата от преди няма да ви върши работа, аз си взех моята от T420-ката, и малко трябваше да се лепне с тиксо, понеже е половината слот и нямам преходник;
– CD-то от T60 няма да влезе, понеже е PATA, а конектора на дъното е SATA (не, че ползвам CD). Трябва да си измисля нещо за запушване на дупката;

Неща за дооправяне:
– поне за момента под linux GPU-то не работи (забива на boot), и за това си ползвам xfwm4 вместо compiz, submit-нал съм bug report;
– горните бутони на touchpad-а спират да работят след suspend/resume, направил съм един fix, ама трябва да събера желание да рестартирам.

Моята работна среда на 4:3 се усеща доста по-приятно и най-накрая мога да си пусна email клиента в режим като преди (отляво списък папки, отдясно разделено на две – отгоре списък писма, отдолу отвореното писмо, вместо три вертикални колони, дето едвам пасваха). Също така с тоя процесор вече firefox-а се движи почти прилично, като си оправя и GPU-то, вероятно всичко ще лети.

E-Mailing Private HTTPS Keys

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/03/e-mailing_priva.html

I don’t know what to make of this story:

The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec. It was sent to Jeremy Rowley, an executive vice president at DigiCert, a certificate authority that acquired Symantec’s certificate issuance business after Symantec was caught flouting binding industry rules, prompting Google to distrust Symantec certificates in its Chrome browser. In communications earlier this month, Trustico notified DigiCert that 50,000 Symantec-issued certificates Trustico had resold should be mass revoked because of security concerns.

When Rowley asked for proof the certificates were compromised, the Trustico CEO emailed the private keys of 23,000 certificates, according to an account posted to a Mozilla security policy forum. The report produced a collective gasp among many security practitioners who said it demonstrated a shockingly cavalier treatment of the digital certificates that form one of the most basic foundations of website security.

Generally speaking, private keys for TLS certificates should never be archived by resellers, and, even in the rare cases where such storage is permissible, they should be tightly safeguarded. A CEO being able to attach the keys for 23,000 certificates to an email raises troubling concerns that those types of best practices weren’t followed.

I am croggled by the multiple layers of insecurity here.

BoingBoing post.

Pirate Site Admins Receive Suspended Sentences, Still Face €60m Damages Claim

Post Syndicated from Andy original https://torrentfreak.com/pirate-site-admins-receive-suspended-sentences-still-face-e60m-damages-claim-180313/

After being founded in 2009, French site Liberty Land (LL) made its home in Canada. At the time listed among France’s top 200 sites, Liberty Land carried an estimated 30,000 links to a broad range of unlicensed content.

Like many other indexes of its type, LL carried no content itself but hosted links to content hosted elsewhere, on sites like Megaupload and Rapidshare, for example. This didn’t save the operation from an investigation carried out by rightsholder groups SACEM and ALPA, which filed a complaint against Liberty Land with the French authorities in 2010.

Liberty Land

In May 2011 and alongside complaints from police that the people behind Liberty Land had taken extreme measures to hide themselves away, authorities arrested several men linked to the site in Marseille, near Le Havre, and in the Paris suburb of Montreuil.

Despite the men facing a possible five years in jail and fines of up to $700,000, the inquiry dragged on for nearly seven years. The trial of its alleged operators, now aged between 29 and 36-years-old, finally went ahead January 30 in Rennes.

The men faced charges that they unlawfully helped to distribute movies, TV series, games, software, music albums and e-books without permission from rightsholders. In court, one defended the site as being just like Google.

“For me, we had the same role as Google,” he said. “We were an SEO site. There is a difference between what we were doing and the distribution of pirated copies on the street.”

According to the prosecution, the site made considerable revenues from advertising, estimated at more than 300,000 euros between January 2009 and May 2011. The site’s two main administrators reportedly established an offshore company in the British Virgin Islands and a bank account in Latvia where they deposited between 100,000 and 150,000 euros each.

The prosecutor demanded fines for the former site admins and sentences of between six and 12 months in prison. Last week the Rennes Criminal Court rendered its decision, sentencing the four men to suspended sentences of between two and three months. More than 176,000 euros generated by the site was also confiscated by the Court.

While the men will no doubt be relieved that this extremely long case has reached a conclusion of sorts, it’s not over yet. 20minutes reports that the claims for damages filed by copyright groups including SACEM won’t be decided until September and they are significant, totaling 60 million euros.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

U.S. Navy Under Fire in Mass Software Piracy Lawsuit

Post Syndicated from Ernesto original https://torrentfreak.com/u-s-navy-under-fire-in-mass-software-piracy-lawsuit-180312/

In 2011 and 2012, the US Navy began using BS Contact Geo, a 3D virtual reality application developed by German company Bitmanagement.

The Navy reportedly agreed to purchase licenses for use on 38 computers, but things began to escalate.

While Bitmanagement was hopeful that it could sell additional licenses to the Navy, the software vendor soon discovered the US Government had already installed it on 100,000 computers without extra compensation.

In a Federal Claims Court complaint filed by Bitmanagement two years ago, that figure later increased to hundreds of thousands of computers. Because of the alleged infringement, Bitmanagement demanded damages totaling hundreds of millions of dollars.

In the months that followed both parties conducted discovery and a few days ago the software company filed a motion for partial summary judgment, asking the court to rule that the US Government is liable for copyright infringement.

According to the software company, it’s clear that the US Government crossed a line.

“The Navy admits that it began installing the software onto hundreds of thousands of machines in the summer of 2013, and that it ultimately installed the software onto at least 429,604 computers. When it learned of this mass installation, Bitmanagement was surprised, but confident that it would be compensated for the numerous copies the Government had made,” the motion reads.

“Over time, however, it became clear that the Navy had no intention to pay Bitmanagement for the software it had copied without authorization, as it declined to execute any license on a scale commensurate with what it took,” Bitmanagement adds.

In its defense, the US Government had argued that it bought concurrent-use licenses, which permitted the software to be installed across the Navy network. However, Bitmanagement argues that it is impossible as the reseller that sold the software was only authorized to sell PC licenses.

In addition, the software company points out that the word “concurrent” doesn’t appear in the contracts, nor was there any mention of mass installations.

The Government also argued that Bitmanagement impliedly authorized it to install the software on hundreds of thousands of computers. This defense also makes little sense, the software company counters.

The Navy licensed an earlier version of the software for $30,000, which could be used on 100 computers, so it would seem odd that it could use the later version on hundreds of thousands of computers for only $5,490, the company argues.

“To establish that it had an implied license, the Government must show that Bitmanagement — despite having licensed a less advanced copy of its software to the Government in 2008 on a PC basis that allowed for installation on a total of 100 computers in exchange for $30,000 — later authorized the Government to make an unlimited number of installations of its advanced software product for $5,490.”

The full motion brings up a wide range of other arguments as well which, according to Bitmanagement, make it clear that the US Government is liable for copyright infringement. It, therefore, asks the court for a partial summary judgment.

“Bitmanagement respectfully requests that this Court grant summary judgment as to the Government’s liability for copyright infringement and hold that the Government copied BS Contact Geo beyond the limits of its license, on a scale equal to the hundreds of thousands of unauthorized copies of BS Contact Geo that the Government either installed or made available for installation,” the company concludes.

If the Government is indeed liable the scale of the damages will be decided at a later stage. The software company previously noted that this could be as high as $600 million.

This is not the first time that the U.S. military has been ‘caught’ pirating software. A few years ago it was accused of operating unlicensed logistics software, a case the Obama administration eventually settled for $50 million.

A copy of the motion for partial summary judgment is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Two New Papers on the Encryption Debate

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/03/two_new_papers_.html

Seems like everyone is writing about encryption and backdoors this season.

I recently blogged about the new National Academies report on the same topic.

Here’s a review of the National Academies report, and another of the East West Institute’s report.

EDITED TO ADD (3/8): Commentary on the National Academies study by the EFF.

McAfee Security Experts Weigh-in Weirdly With “Fresh Kodi Warning”

Post Syndicated from Andy original https://torrentfreak.com/mcafee-security-experts-weigh-in-weirdly-with-fresh-kodi-warning-180311/

Over the past several years, the last couple in particular, piracy has stormed millions of homes around the world.

From being a widespread but still fairly geeky occupation among torrenters, movie and TV show piracy can now be achieved by anyone with the ability to click a mouse or push a button on a remote control. Much of this mainstream interest can be placed at the feet of the Kodi media player.

An entirely legal platform in its own right, Kodi can be augmented with third-party add-ons that enable users to access an endless supply of streaming media. As such, piracy-configured Kodi installations are operated by an estimated 26 million people, according to the MPAA.

This popularity has led to much interest from tabloid newspapers in the UK which, for reasons best known to them, choose to both promote and demonize Kodi almost every week. While writing about news events is clearly par for the course, when one considers some of the reports, their content, and what inspired them, something doesn’t seem right.

This week The Express, which has published many overly sensational stories about Kodi in recent times, published another. The title – as always – promised something special.

Sounds like big news….

Reading the text, however, reveals nothing new whatsoever. The piece simply rehashes some of the historic claims that have been leveled at Kodi that can easily apply to any Internet-enabled software or system. But beyond that, some of its content is pretty weird.

The piece is centered on comments from two McAfee security experts – Chief Scientist Raj Samani and Chief Consumer Security Evangelist Gary Davis. It’s unclear whether The Express approached them for comment (if they did, there is no actual story for McAfee to comment on) or whether McAfee offered the comments and The Express built a story around them. Either way, here’s a taster.

“Kodi has been pretty open about the fact that it’s a streaming site but my view has always been if I use Netflix I know that I’m not going to get any issues, if I use Amazon I’m not going to get any issues,” Samani told the publication.

Ok, stop right there. Kodi admits that it’s a streaming site? Really? Kodi is a piece of software. It’s a media player. It can do many things but Kodi is not a streaming site and no one at Kodi has ever labeled it otherwise. To think that neither McAfee nor the publication caught that one is a bit embarrassing.

The argument that Samani was trying to make is that services like Netflix and Amazon are generally more reliable than third-party sources and there are few people out there who would argue with that.

“Look, ultimately you’ve got to do the research and you’ve got to decide if it’s right for you but personally I don’t use [Kodi] and I know full well that by not using [Kodi] I’m not going to get any issues. If I pay for the service I know exactly what I’m going to get,” he said.

But unlike his colleague who doesn’t use Kodi, Gary Davis has more experience.

McAfee’s Chief Consumer Security Evangelist admits to having used Kodi in the past but more recently decided not to use it when the security issues apparently got too much for him.

“I did use [Kodi] but turned it off as I started getting worried about some of the risks,” he told The Express.

“You may search for something and you may get what you are looking for but you may get something that you are not looking for and that’s where the problem lies with Kodi.”

This idea, that people search for a movie or TV show yet get something else, is bewildering to most experienced Kodi users. If this was indeed the case, on any large scale, people wouldn’t want to use it anymore. That’s clearly not the case.

Also, incorrect content appearing is not the kind of security threat that the likes of McAfee tend to be worried about. However, Davis suggests things can get worse.

“I’m not saying they’ve done anything wrong but if somebody is able to embed code to turn on a microphone or other things or start sending data to a place it shouldn’t go,” he said.

The sentence appears to have some words missing and struggles to make sense but the suggestion is that someone’s Kodi installation could be corrupted to the point that someone people could hijack the user’s microphone.

We are not aware of anything like that happening, ever, via Kodi. There are instances where that has happened completely without it in a completely different context, but that seems here nor there. By the same count, everyone should stop using Windows perhaps?

The big question is why these ‘scary’ Kodi non-stories keep getting published and why experts are prepared to weigh-in on them?

It would be too easy to quickly put it down to some anti-piracy agenda, even though there are plenty of signs that anti-piracy groups have been habitually feeding UK tabloids with information on that front. Indeed, a source at a UK news outlet (that no longer publishes such stories) told TF that they were often prompted to write stories about Kodi and streaming in general, none with a positive spin.

But if it was as simple as that, how does that explain another story run in The Express this week heralding the launch of Kodi’s ‘Leia’ alpha release?

If Kodi is so bad as to warrant an article telling people to avoid it FOREVER on one day, why is it good enough to be promoted on another? It can only come down to the number of clicks – but the clickbait headline should’ve given that away at the start.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Spanish Netflix Competitor Filmin Partnered With Leading Pirate Site

Post Syndicated from Ernesto original https://torrentfreak.com/spanish-netflix-competitor-partnered-leading-pirate-site-180310/

In 2011 Hollywood’s MPAA highlighted SeriesYonkis as one of the most prolific pirate sites on the Internet.

“With a worldwide Alexa rank of 855, Seriesyonkis.com is one the most visited websites in the world for locating and streaming unauthorized copies of motion picture and television content,” Hollywood’s industry group informed the US Government.

While the MPAA was calling for tough enforcement actions, film industry partners in Spain came up with a different plan. They signed an unprecedented deal with the pirate site in 2011, hoping to convert its users into paying customers.

The main figures in this unusual episode are Juan Carlos Tous, the founder of the legal streaming platform Filmin, and SeriesYonkis owner Alexis Hoepfner, who operated the pirate site under his company Burn Media.

With help from lawyer Andy Ramos they negotiated a unique deal that would ‘merge’ both businesses. According to local newspaper El Confidencial, which has seen a copy of the agreement, SeriesYonkis company would get a 23% stake in Filmin, on the condition that pirate links were replaced with legal ones within a set period.

The entire agreement was kept secret by a confidentiality clause, which worked well until a few days ago.

SeriesYonkis also made two loans of 250,000 euros available, which were convertible into shares. In addition to the above, Filmin also offered compensation for every pirate it converted, up to 10 euros per user that signed up for an annual subscription.

The agreement further stipulated that SeriesYonkis had to apologize for its pirate ways. Point five stressed that SeriesYonkis and other Burn Media sites had to “carry out communication and awareness actions so that the users of the websites understand the need to legally access audiovisual content.”

Interestingly, SeriesYonkis wasn’t planning to go down and let other pirate sites take its traffic. The agreement included a clause that obligated Filmin to spend 25,000 euros to shut down or reduce traffic to other pirate sites.

The episode took place when Spain was about to implement its Sinde law, which would make it hard for local pirate sites in a country that was considered a “safe haven” at the time. However, not everything went according to plan.

The Sinde law didn’t destroy all Spanish pirate sites and six months after signing the agreement, SeriesYonkis stopped deleting pirate links. Even worse, its owner launched several new pirate sites, such as SeriesCoco and SeriesKiwi.

Filmin’s founder was outraged and sent an email demanding answers.

“I would like to hear your opinion on the progress and explanation of your plan with SeriesCoco! I do not understand anything! I thought you were going to decrease, and I see that you are opening portals!! WTF!” Tous wrote.

The deal eventually fell apart. Filmin kept its shares and stopped paying for new referrals. SeriesYonkis’ company Burn Media filed a lawsuit to get back its money, but thus far that hasn’t happened.

According to an insider close to the deal, the idea was brilliant. SeriesYonkis reportedly earned millions of euros at the time, more than Filmin, and used this money to go legal and destroy the competition ahead of a tough new anti-piracy law.

“The pirate not only abandons its weapons, but is integrated into the industry, and uses capital earned from piracy to fight against it,” a source told El Confidencial.

“It was a winning deal for everyone,” another source added, regretting that it didn’t work out. “It was a very bold agreement, something unusual in this sector, that would have changed the scenario if it had worked.”

Today, roughly seven years after the agreement was set into motion, Filmin is one of the larger streaming platforms in Spain. SeriesYonkis is also still around, but was sold by Hoefner in 2016 and no longer links to pirated content.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

U.S. Border Seizures of DMCA Circumvention Devices Surges

Post Syndicated from Ernesto original https://torrentfreak.com/u-s-border-seizures-of-dmca-circumvention-devices-surges-180309/

In the United States, citizens are generally prohibited from tampering with DRM and other technological protection measures.

This means that Blu-ray rippers are not allowed, nor are mod chips for gaming consoles, and some pirate streaming boxes could fall into this category as well.

Despite possible sanctions, there are plenty of manufacturers who ship these devices to the US, often to individual consumers. To arrive at their destination, however, they first have to pass the border control.

Not all make it to their final destination. A new report released by Homeland Security shows that the number of “intellectual property” related seizures increased by 8%, from 31,560 in 2016 to 34,143 a year later.

The vast majority of these seized items are traditional counterfeit goods. This includes fake brand clothing, shoes, replica watches, toys, as well as consumer electronics.

What caught our eye, however, is a sharp increase in “circumvention devices” that were found to violate the DMCA. Last year, the number of these seized items U.S. Customs and Border Protection increased by 324%.

“CBP seized 297 shipments of circumvention devices for violations of the Digital Millennium Copyright Act (DMCA), a 324 percent increase from 70 such seizures in FY 2016,” the report reads.

While the relative increase is quite dramatic, the absolute numbers are perhaps not as impressive, with less than one seized device per day. The report gives no explanation for the surge, nor is there an estimate of how many devices slip through.

What we did notice is that the International Intellectual Property Alliance (IIPA) recently framed streaming boxes as possible circumvention tools. The strong enforcement focus of rightsholders on these devices may have been communicated to border patrols as well.

When we previously reached out to Customs and Border Protection (CBP) to find out more about what type of circumvention devices are seized under the DMCA, a spokesperson provided us with the following definition.

“[P]roducts, devices, components, or parts thereof that are primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner, and have only limited commercially significant purposes or uses other than to circumvent such protection measures.”

TorrentFreak reached out to CBP again this week to ask if streaming boxes are seen as circumvention devices, but at the time of writing, we have yet to receive a response.

In a press release commenting on the news, CBP Acting Commissioner Kevin McAleenan said that his organization is happy with last year’s results.

“The theft of intellectual property and trade in counterfeit and pirated goods causes harm to an innovation-based economy by threatening the competitiveness of businesses and the livelihoods of workers,” McAleenan said.

“Another record-breaking year of IPR seizures highlights the vigilance of CBP and ICE personnel in preventing counterfeit goods from entering our stream of commerce and their dedication to protecting the American people,” he added.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Streaming Link Search Engine Alluc Shuts Down

Post Syndicated from Ernesto original https://torrentfreak.com/streaming-link-search-engine-alluc-shuts-down-180309/

With 80 million streaming links to more than 700 video services, Alluc sold itself as the premier streaming link site.

It offered a wide variety of content and over the past thirteen years it grew out to become one of the largest sites of its kind. This week, however, Alluc surprised friend and foe by shutting down.

“The alluc search engine has been discontinued. After 13 years of alluc, we decided to take a break and focus on other projects,” a message posted on the site’s homepage reads.

That the site was popular is not a secret. People used it to find streaming links to nearly everything, from old movies to the latest hit series. The operators mention that they served a billion unique visitors over the past decade, which is an incredible achievement.

Alluc says farewell

What’s less clear, however, is why the site decided to stop now. In the past, we’ve reported on similar sites that threw in the towel because revenue was dwindling, but Alluc told us that is not the case here.

“The decision was not driven by monetary reasons. We started alluc when we were still in high-school and it became into something bigger and better than we could have ever imagined when we started it,” Alluc’s Sebastian tells us.

“But now it’s time for us to move on. We hope to have contributed a lot to the video space and to have helped out a lot of people during these 13 years of running alluc full time.”

While Alluc could be used to find both authorized and unauthorized content, the movie industry saw it as a blatant pirate site. This resulted in a site blocking request in Australia, among other things.

Alluc, however, always rejected the ‘pirate’ label and saw itself as an “uncensored” search engine. While they are shutting down now, they still see a future for similar services.

“There will always be a future for uncensored search and I hope us shutting down alluc can help to create the vacuum needed to incentivize new sites of similar quality and scope or even a decentralized solution to be created by others,” Sebastian tells us.

Time will tell whether another site will indeed jump in to fill the gap.

Alluc’s API, which is used by third-party apps and services to find streaming links, will remain available until the end of the month when it will shut down. Meanwhile, Alluc’s search engine framework lives on at pron.tv, an adult-themed site.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Needed: Sales Development Representative!

Post Syndicated from Yev original https://www.backblaze.com/blog/needed-sales-development-representative/

At inception, Backblaze was a consumer company. Thousands upon thousands of individuals came to our website and gave us $5/mo to keep their data safe. But, we didn’t sell business solutions. It took us years before we had a sales team. In the last couple of years, we’ve released products that businesses of all sizes love: Backblaze B2 Cloud Storage and Backblaze for Business Computer Backup. Those businesses want to integrate Backblaze into their infrastructure, so it’s time to expand our sales team and hire our first dedicated outbound Sales Development Representative!

Company Description:
Founded in 2007, Backblaze started with a mission to make backup software elegant and provide complete peace of mind. Over the course of almost a decade, we have become a pioneer in robust, scalable low cost cloud backup. Recently, we launched B2 — robust and reliable object storage at just $0.005/gb/mo. Part of our differentiation is being able to offer the lowest price of any of the big players while still being profitable.

We’ve managed to nurture a team oriented culture with amazingly low turnover. We value our people and their families. Don’t forget to check out our “About Us” page to learn more about the people and some of our perks.

We have built a profitable, high growth business. While we love our investors, we have maintained control over the business. That means our corporate goals are simple — grow sustainably and profitably.

Some Backblaze Perks:

  • Competitive healthcare plans
  • Competitive compensation and 401k
  • All employees receive option grants
  • Unlimited vacation days
  • Strong coffee
  • Fully stocked Micro kitchen
  • Catered breakfast and lunches
  • Awesome people who work on awesome projects
  • New Parent Childcare bonus
  • Normal work hours
  • Get to bring your pets into the office
  • San Mateo Office — located near Caltrain and Highways 101 & 280

As our first Sales Development Representative (SDR), we are looking for someone who is organized, has high-energy and strong interpersonal communication skills. The ideal person will have a passion for sales, love to cold call and figure out new ways to get potential customers. Ideally the SDR will have 1-2 years experience working in a fast paced sales environment. We are looking for someone who knows how to manage their time and has top class communication skills. It’s critical that our SDR is able to learn quickly when using new tools.

Additional Responsibilities Include:

  • Generate qualified leads, set up demos and outbound opportunities by phone and email.
  • Work with our account managers to pass qualified leads and track in salesforce.com.
  • Report internally on prospecting performance and identify potential optimizations.
  • Continuously fine tune outbound messaging – both email and cold calls to drive results.
  • Update and leverage salesforce.com and other sales tools to better track business and drive efficiencies.


  • Bachelor’s degree (B.A.)
  • Minimum of 1-2 years of sales experience.
  • Excellent written and verbal communication skills.
  • Proven ability to work in a fast-paced, dynamic and goal-oriented environment.
  • Maintain a high sense of urgency and entrepreneurial work ethic that is required to drive business outcomes, with exceptional attention to detail.
  • Positive“can do” attitude, passionate and able to show commitment.
  • Fearless yet cordial personality- not afraid to make cold calls and introductions yet personable enough to connect with potential Backblaze customers.
  • Articulate and good listening skills.
  • Ability to set and manage multiple priorities.

What’s it like working with the Sales team?

The Backblaze sales team collaborates. We help each other out by sharing ideas, templates, and our customer’s experiences. When we talk about our accomplishments, there is no “I did this,” only “we.” We are truly a team.

We are honest to each other and our customers and communicate openly. We aim to have fun by embracing crazy ideas and creative solutions. We try to think not outside the box, but with no boxes at all. Customers are the driving force behind the success of the company and we care deeply about their success.

If this all sounds like you:

  1. Send an email to jobscontact@backblaze.com with the position in the subject line.
  2. Tell us a bit about your sales experience.
  3. Include your resume.

The post Needed: Sales Development Representative! appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Some notes on memcached DDoS

Post Syndicated from Robert Graham original http://blog.erratasec.com/2018/03/some-notes-on-memcached-ddos.html

I thought I’d write up some notes on the memcached DDoS. Specifically, I describe how many I found scanning the Internet with masscan, and how to use masscan as a killswitch to neuter the worst of the attacks.

Test your servers

I added code to my port scanner for this, then scanned the Internet:
masscan -pU:11211 –banners | grep memcached
This example scans the entire Internet (/0). Replaced with your address range (or ranges).
This produces output that looks like this:
Banner on port 11211/udp on [memcached] uptime=230130 time=1520485357 version=1.4.13
Banner on port 11211/udp on [memcached] uptime=3935192 time=1520485363 version=1.4.17
Banner on port 11211/udp on [memcached] uptime=230130 time=1520485357 version=1.4.13
Banner on port 11211/udp on [memcached] uptime=399858 time=1520485362 version=1.4.20
Banner on port 11211/udp on [memcached] uptime=29429482 time=1520485363 version=1.4.20
Banner on port 11211/udp on [memcached] uptime=2879363 time=1520485366 version=1.2.6
Banner on port 11211/udp on [memcached] uptime=42083736 time=1520485365 version=1.4.13
The “banners” check filters out those with valid memcached responses, so you don’t get other stuff that isn’t memcached. To filter this output further, use  the ‘cut’ to grab just column 6:
… | cut -d ‘ ‘ -f 6 | cut -d: -f1
You often get multiple responses to just one query, so you’ll want to sort/uniq the list:
… | sort | uniq

My results from an Internet wide scan

I got 15181 results (or roughly 15,000).
People are using Shodan to find a list of memcached servers. They might be getting a lot results back that response to TCP instead of UDP. Only UDP can be used for the attack.

Other researchers scanned the Internet a few days ago and found ~31k. I don’t know if this means people have been removing these from the Internet.

Masscan as exploit script

BTW, you can not only use masscan to find amplifiers, you can also use it to carry out the DDoS. Simply import the list of amplifier IP addresses, then spoof the source address as that of the target. All the responses will go back to the source address.
masscan -iL amplifiers.txt -pU:11211 –spoof-ip –rate 100000
I point this out to show how there’s no magic in exploiting this. Numerous exploit scripts have been released, because it’s so easy.

Why memcached servers are vulnerable

Like many servers, memcached listens to local IP address for local administration. By listening only on the local IP address, remote people cannot talk to the server.
However, this process is often buggy, and you end up listening on either (all interfaces) or on one of the external interfaces. There’s a common Linux network stack issue where this keeps happening, like trying to get VMs connected to the network. I forget the exact details, but the point is that lots of servers that intend to listen only on end up listening on external interfaces instead. It’s not a good security barrier.
Thus, there are lots of memcached servers listening on their control port (11211) on external interfaces.

How the protocol works

The protocol is documented here. It’s pretty straightforward.
The easiest amplification attacks is to send the “stats” command. This is 15 byte UDP packet that causes the server to send back either a large response full of useful statistics about the server.  You often see around 10 kilobytes of response across several packets.
A harder, but more effect attack uses a two step process. You first use the “add” or “set” commands to put chunks of data into the server, then send a “get” command to retrieve it. You can easily put 100-megabytes of data into the server this way, and causes a retrieval with a single “get” command.
That’s why this has been the largest amplification ever, because a single 100-byte packet can in theory cause a 100-megabytes response.
Doing the math, the 1.3 terabit/second DDoS divided across the 15,000 servers I found vulnerable on the Internet leads to an average of 100-megabits/second per server. This is fairly minor, and is indeed something even small servers (like Raspberry Pis) can generate.

Neutering the attack (“kill switch”)

If they are using the more powerful attack against you, you can neuter it: you can send a “flush_all” command back at the servers who are flooding you, causing them to drop all those large chunks of data from the cache.
I’m going to describe how I would do this.
First, get a list of attackers, meaning, the amplifiers that are flooding you. The way to do this is grab a packet sniffer and capture all packets with a source port of 11211. Here is an example using tcpdump.
tcpdump -i -w attackers.pcap src port 11221
Let that run for a while, then hit [ctrl-c] to stop, then extract the list of IP addresses in the capture file. The way I do this is with tshark (comes with Wireshark):
tshark -r attackers.pcap -Tfields -eip.src | sort | uniq > amplifiers.txt
Now, craft a flush_all payload. There are many ways of doing this. For example, if you are using nmap or masscan, you can add the bytes to the nmap-payloads.txt file. Also, masscan can read this directly from a packet capture file. To do this, first craft a packet, such as with the following command line foo:
echo -en “\x00\x00\x00\x00\x00\x01\x00\x00flush_all\r\n” | nc -q1 -u 11211
Capture this packet using tcpdump or something, and save into a file “flush_all.pcap”. If you want to skip this step, I’ve already done this for you, go grab the file from GitHub:
Now that we have our list of attackers (amplifiers.txt) and a payload to blast at them (flush_all.pcap), use masscan to send it:
masscan -iL amplifiers.txt -pU:112211 –pcap-payload flush_all.pcap

Reportedly, “shutdown” may also work to completely shutdown the amplifiers. I’ll leave that as an exercise for the reader, since of course you’ll be adversely affecting the servers.

Some notes

Here are some good reading on this attack:

[$] Supporting virtual reality displays in Linux

Post Syndicated from jake original https://lwn.net/Articles/748208/rss

At linux.conf.au (LCA) 2017 in Hobart, Tasmania, Keith Packard talked with
kernel graphics
Dave Airlie about how virtual reality devices should be hooked up to
Linux. They both thought it would be pretty straightforward to do, so it
would “only take a few weeks”, but Packard knew
“in reality it would take a lot longer”. In a
talk at LCA 2018 in Sydney, Packard reported back on the progress he has
made; most of it is now in the upstream kernel.

Welte: Report from the Geniatech vs. McHardy GPL violation court hearing

Post Syndicated from corbet original https://lwn.net/Articles/748761/rss

Harald Welte attended a hearing in one of the Patrick McHardy GPL cases and
wrote up
what he saw

I’m not arguing for a “too soft” approach. It’s
almost 15 years since the first court cases on license violations on
(embedded) Linux, and the fact that the problem still exists today clearly
shows the industry is very far from having solved a seemingly rather simple

On the other hand, such activities must always be oriented to compliance,
and compliance only. Collecting huge amounts of contractual penalties is
questionable. And if it was necessary to collect such huge amounts to
motivate large corporations to be compliant, then this must be done in the
open, with the community knowing about it, and the proceeds of such
contractual penalties must be donated to free software related entities to
prove that personal financial gain is not a motivation.