THIS DANGER DRONE IS LOADED WITH SOFTWARE CAN HACK WIFI NETWORK

With networks accessible through some physical opening on a system somewhere. Thanks to WiFi, our cyberpunk reality isn’t quite as wired as they conceived.

But WiFi has a limited range, so sometimes breaking into a network means getting a computer close enough to catch that signal. For the canny hacker who wants to crack a network while staying far away, why not put a computer on a drone?

That’s the idea behind the Danger Drone, which will be demonstrated next week at the Black Hat conference in Las Vegas. Made by Fran Brown and David Latimer, who work for security consulting firm Bishop Fox, Danger Drone is a flying hacking machine.

 Image courtesy of Bishop Fox

Danger Drone --The name is a little misleading. It's the computer, really, and not the drone that is the danger.

From Motherboard:

“Attacks that before people might not have done because people didn’t want to put themselves personally at risk of getting caught—this kinda removes that,” Brown said. “Now you can be a lot more brazen in your attacks, because you’re not as worried about getting caught and going to jail.”

The computer that does the hacking is a cheap Raspberry Pi, loaded up with the software hackers typically use to crack into a network. The rest of the drone is a kit-built body, and altogether the Danger Drone cost just $500 to put together. The drone has over a mile of range using normal radio control, but could be configured to fly using signals from cell towers.

How best to demonstrate that Danger Drone's broken into a network? By rickrolling people through their own TV. 

From eWeek:

While the Danger Drone is intended to be used for real penetration testing purposes, it can also be used to annoy victims by "rickrolling" vulnerable Chromecast devices. At the Black Hat USA 2014 event, Bishop Fox researcher Dan Petro demonstrated a Raspberry Pi-based tool called the Rickmote (see the eWEEK video on the Rickmote here). Petro's device streamed Rick Astley's "Never Going to Give You Up" music video in an attack known as rickrolling, though Petro noted that any content could be sent.

The Danger Drone has been enabled with Rickmote capabilities, and Petro noted that Chromecast devices in 2016 are still vulnerable to the same attack. He added that he has come across many corporate boardrooms that have Chromecasts in use.

Why make a device like this? A big part of security consulting is testing existing defenses, to make sure they still work. The idea of a hacking drone is hardly new. Boeing was reportedly in talks to develop a drone that could crack into surveillance networks from the sky. In 2011, another pair of cybersecurity consultants built a “Wireless Aerial Surveillance Platform,” or hacker drone, for a cost of merely $6,200. Danger Drone is an order of magnitude cheaper, and it exists for the same purpose: by testing weaknesses in networks now, it’s easier to protect those networks from future threats.

source: eWeek, Motherboard

Read More

INSTA360 NANO-NEW IPHONE ACCESSORY ALLOWS YOU TO RECORD 360-DEGREE VIDEOS SUPPORTS LIVESTREAMING

It’s almost certain that you’ve seen a 360-degree video show up on your timeline like NATGEO. Now, you can record your own videos with a new iPhone attachment called Insta360 Nano, which starts at $199 on Amazon.

The Insta360 Nano plugs into the lightning jack of your iPhone, and you record by holding your phone upside down and using a free app that comes with the camera. It has the ability to livestream the video and to record them on a microSD card.
Right now, only iPhone 6’s and 6 plus’s are compatible with the Insta360 Nano, which is available now on Amazon.

The attachment has two fisheye lenses, which is basically like having two GoPros attached to your phone, that shoot at 3k resolution and 30 frames per second. You can use both cameras simultaneously to capture 360-degree video with it, or you can opt to use only one camera at a time, if that tickles your fancy, to create “tiny planet” videos.



So far, the Insta360 company has created a few 360-degree videos and posted them to their YouTube channel, which you can check out here. The videos are fairly simple; you can watch a go kart race from the helmet of a driver or watch a drone fly into a graduation ceremony.

Read More

SwiftKey third-party keyboard's cloud sync service leaked user email addresses as text predictions

The new SwiftKey glitch turned out to be sort of alarming. For the last week, some SwiftKey users have been offered predictive text for slang they've never used before, words in other foreign languages and, most concerning, email addresses and phone numbers they've never seen.

The trouble, it seems, was with the third-party keyboard's cloud sync service. Users were somehow receiving data from other user's SwiftKey language models -- providing them with text entry predictions intended for someone else entirely. On a surface level, the glitch sounds harmless enough, but commonly used contact information can wind up in your Swiftkey database. Users on Reddit reported finding email addresses they weren't familiar with offered to them on login pages, and some users even received phone calls from folks who found their number through SwiftKey's predictive text. That's a really weird way to have your contact information leaked.

SwiftKey says that the issue only affected a small number of its customers, and has temporarily disabled its cloud sync service and removed email address predictions from its apps. The company asks users who think they may still be experiencing the problem to contact them at reviews@swiftkey.com. 

source: Reddit, Engadget

Read More

Google is strengthen its data encryption by turning on HSTS encryption on its domain

While most of Google's data is already encrypted, Google's utilization of HTTP Strict Transport Security (HSTS). goes a step further by preventing users from mistakenly heading to HTTP URLs by converting potentially unsafe HTTP URLs into more secure HTTPS URLs. For instance, you might accidentally type in a URL without protocols and find yourself redirected to an unsafe destination. HSTS help curb those issues, especially among less internet-savvy users.

Google is looking to deploy the changes as soon as possible, but there's still some additional work to be done before it's ready to go. HSTS is now active for Google's domain, however, in the meantime. It will be extended to additional domains and Google products soon.

source:  Google

Read More

Chernobyl could be turned into one of the world’s largest solar farms

The contaminated nuclear wasteland around Chernobyl could be turned into one of the world’s largest solar farms, producing nearly a third of the electricity that the stricken plant generated at its height 30 years ago, according to the Ukrainian government.

In a presentation sent to major banks and seen by The Guardian, 6,000 hectares of “idle” land in Chernobyl’s 1,000 square km exclusion zone, which is considered too dangerous for people to live in or farm, could be turned to solar, biogas and heat and power generation.

End game … an abandoned theme park in Pripyat, inside the Chernobyl exclusion zone. Photograph: Timothy Swope/Alamy

“There has been a change in the perception of the exclusion zone in Ukraine. Thirty years after the Chernobyl tragedy [it] reveals opportunities for development. A special industrial area is to be created in compliance with all rules and regulations of radiation safety within the exclusion zone,” says the presentation.

Tens of thousands of people in Ukraine, Belarus and south Russia were evacuated immediately after the 1986 accident from a wide area around the nuclear plant and places where the radioactive plume descended. A few hundred people still live in 11 semi-deserted villages close to Chernobyl.

There is “about 6,000 hectares of idle land, some of which can be used for placement of electrical generation facilities, and some for energy crops”, according to the presentation.

The Ukrainian government said more than 1,000MW of solar and 400MW of other renewable energy could be generated. The nuclear plant had an installed capacity of around 4,000MW.

The advantage of generating renewable power at the site of the world’s worst nuclear accident is that the land is cheap and plentiful, and the sunshine is as strong as in southern Germany. In addition, the grid infrastructure and high-voltage power lines needed to transmit electricity to the national grid remain intact, the presentation added.

The European Bank for Reconstruction and Development (EBRD) this week indicated it would be prepared to lend money for the renewable energy plan. The EBRD has already provided more than $500m (£379m) to build a large stainless steel “sarcophagus” over the destroyed reactor, which will remain dangerous for thousands of years.

“The EBRD may consider participating in the project so long as there are viable investment proposals and all other environmental matters and risks can be addressed to the bank’s satisfaction,” said a spokesman.

The move to solar reflects a new energy reality involving plunging renewable energy costs and escalating costs of nuclear power. Hours of sunshine in the Chernobyl area compare favourably with southern Germany, one of the largest solar producers in the world.

Meanwhile in Belarus, just 20 miles from Chernobyl, a 22.3MW solar plant is already under construction in Brahin district, around 20 miles from Chernobyl. The district was one of the most contaminated by Chernobyl’s fallout and the land where the plant is to be built is not suitable for agriculture.


Source: The Guardian,

Read More

LG Display invests $1.7 billion on flexible OLED phone screens

LG Display will spend around $1.7 billion to build a new production line for making flexible OLED smartphone screens. Flexible smartphone screens, which go into phones like the curved Galaxy S7 Edge, are becoming increasingly popular, and they seem likely to become a dominant style in a few years. The investment is meant to let LG become a leader in this display tech — it may have buyers lined up already, or LG could be planning to use the displays itself.

Dr. Sang-Beom Han, CEO and Vice Chairman of LG Display, said “A paradigm shift to OLED represents both a challenge and an opportunity for the display industry.” He added, “LG Display is determined to become the leader in the fast-growing OLED market through timely investments to maximize efficiency.”
 
The production line will be installed at the same OLED display factory that LG announced plans to build, for around $8.9 billion, last November. It's been speculated that the plant will be used to make screens for future iPhones, as Apple is expected to switch from LCD displays to OLED displays starting in 2018.

There have been rumors that an iPhone with curved sides could come along as well, so LG may be gearing up for that, too. LG says its flexible OLED line should start production in the second half of 2018, so we may see the first fruits of this investment come then or early the following year.

LG Display was the first to introduce the era of large-size OLED TVs with its world’s first 55-inch OLED TV display in January 2013. It also introduced the era of flexible OLED displays with the world’s first plastic substrate-based 6-inch flexible OLED display for smartphones in October 2013 and the world’s first 1.3-inch circular flexible OLED display in September 2014. LG Display has established an industry reputation for its recognized expertise and knowledge of flexible OLED displays.

According to IHS DisplaySearch, a global market research firm, the flexible OLED market is expected to grow rapidly with shipments increasing from 59 million in 2016 to 416 million in 2020.

source: LG,

Read More

Minecraft will support VR Gear Oculus Rift

In a blog post celebrating the first anniversary of Minecraft Windows 10 Edition Beta, Microsoft announced that support for the Oculus Rift will be coming “in the next few weeks” as a free update to existing users. People who want to get in on the action have until tomorrow to download the Beta if they want to enjoy the free upgrade.

Microsoft has been pushing Minecraft gameplay in virtual reality pretty hard lately. A few months back, the company launched Minecraft Pocket Edition support for the Gear VR. While the experience itself was just okay, Oculus has really been pushing it as one of the few AAA full experiences available in the Oculus Home store at the moment. Rift support has been just around the corner for quite a while, and it seems that Microsoft is finally ready to unveil what it’s been working on.

The Minecraft VR site is interestingly showing off the Oculus Touch motion controller and advertising “a new perspective” for the game, but there’s no detail on how exactly the game will be implementing Touch controls.


The VR version for the Rift will feature all of the major methods of gameplay available on desktop, including multiplayer, Creative and Survival modes. Again, no word on an exact release date.

Read More

The Moto360 is available in the Philippines through MSI-ECS

Moto360 is here. It’s time to switch.

The best android wearable in the market is available now through MSI-ECS.

If you find yourself wondering on what is the best wearable to get out of all the hundreds in the market today, consider getting yourself a smartwatch that highlights the perfect mix of fashion and function – the Moto360. 

The first Android Wear device to have a round face, the Moto360 2nd Gen still lives up to the promise of looking and feeling like a real watch. But with the function of a smartwatch. The Moto360 lets you stay in the moment, thanks to the Android Wear™ feature; you can read messages and notifications without even lifting your phone. You can sync your Goggle Play music playlist straight to Moto360, allowing you to listen to your favorite playlist while on the go. 

Combining an edge-to-edge glass with an exceptionally thin, polished bezel, the new Moto360 is the wearable made with sophistication. Whether your color of choice is rose gold, black or silver, you can make sure the case is precision-crafted from aircraft-grade stainless steel matched with uncompromised quality metals and leathers material. It supports classic designs yet highly customizable. Personalize your own look with its tool-less band removal in the Moto Maker site. 

Moto360 lets you monitor your key health and wellbeing performance. It’s your personalized, built-in fitness coach that keeps track of all your steps, calories and heart rate while on your wrist. It features ANYLIGHT Hybrid Display, GPS and Barometer, and silicon rubber that allow you to use it all day, every day.

The Moto360 is available in the Philippines and distributed by MSI-ECS. To know more about its specs and pricing, email inquiry@msi-ecs.com.ph or call (02) 688- 3501 or 3512.


MSI-ECS PHILS., INC.
MSI-ECS COMPLEX
M. Eusebio Avenue, San Miguel
Pasig City, Metro Manila, Philippines 1600
Mobile: +63977 672 4519 | +63995 840 3306
DL: (+632) 688  3512
Email: renoc@msi-ecs.com.ph

Read More

Scientists Discovered a New Natural Antibiotics in the Human Nose

The human nose is packed with bacteria. Some of its inhabitants can sicken us, but yet other nose-dwellers may hold the key to fighting them off. Today, scientists announced the discovery of a new antibiotic produced by bacteria in human noses. Called lugdunin, the compound can combat Methicillin-Resistant Staphylococcus aureus (MRSA). MRSA can cause a potentially life-threatening infection, and is resistant to some antibiotics.

COULD LEAD TO ANTIBIOTICS FOR SOME DRUG-RESISTANT BACTERIA
 
Scientists ID’d the new antibiotic after swabbing people’s noses and culturing the different strains of bacteria they found. Among their menagerie were both MRSA (which lives in about 30 percent of people’s noses) and another bacterium (Staphylococcus lugdunensis) that killed it when the two were introduced. Its weapon, the team discovered, was lugdunin, which is the first member of a new class of antibiotics.

Lugdunin was effective against MRSA infections in mice, and rarely co-occurred with MRSA in people’s noses, the scientists reported in Nature. They did not see MRSA develop any resistance to lugdunin, although this would probably happen eventually. This doesn’t mean that lugdunin wouldn’t have its uses, and its discovery indicates that the human microbiome may be home to other new antibiotics.

Source: TheVerge,

Read More

Yahoo launches its new Messenger app for desktops

The internet pioneer has released its long-in-development redesign of Yahoo Messenger for the desktop, giving the software both a much fresher look and a handful of big new features that you don't always see in personal chat clients.

You can unsend messages, for example -- good for those overly hasty reactions or correcting mistakes. You can also search for GIF replies (much like you might in Slack), like posts and share numerous photos at once just by dragging them into the conversation.

Want to share photos from your latest vacation or simply spice up a message? Save precious time with our drag and drop feature to share multiple photos at once. Then, spread the love by “liking” any posts or images that stand out to you. If you’d rather reply with a GIF, you can easily search and send GIFs to your heart’s content. Pro tip: play GIF roulette and type /gif + any search term.

With Messenger’s desktop notifications, you can multitask at your computer without having to worry about missing an important message from family, friends, or coworkers again.


Both Mac and Windows users can download the new app today. And if you depend on an official, native messaging app on your PC, you'll want to get it quickly. By August 5 as the legacy Yahoo Messenger app will no longer function as we move forward!, so you won't have much choice but to embrace modernity (or at least, find a third-party client) in the days ahead.

You can download  here!

Source: YahooMessengerTumblr,

Read More

THE ICE BUCKET CHALLENGE FUNDS NEW ALS GENE DISCOVERY

Two years after millions of people dumped ice over their heads, the money they raised for the nerve disease amyotrophic lateral sclerosis (ALS) has funded a new discovery. Scientists used donations from the ice bucket challenge to identify a new gene associated with ALS called NEK1. Variations of this gene are involved in three percent of ALS cases, the team reported Monday in Nature Genetics.

Some of the $100 million-plus in donations from the Ice Bucket Challenge (the viral video-fueled awareness campaign for ALS, aka Lou Gehrig's Disease) fully funded Project MinE, a medical research effort that just identified a gene linked with some ALS cases.

Yes, that clip you shared with your Facebook friends may have given scientists the cash they needed to finish their work -- in this case, sequencing the genomes of 15,000 people with ALS to help pinpoint relevant genes.



NEK1 helps nerve cells maintain their shape and repairs DNA, among other roles. When any of these cellular functions are thrown off kilter, people have an increased risk of ALS. The NEK1 discovery was found through an ALS Association effort called Project MinE, which sequences the genomes of 15,000 global citizens who have the disease.

ALS, which causes people to gradually lose control of their muscles, can be either hereditary or appear in people with no family history. The new research indicates that NEK1 can play a role in both forms of the disease, and offers a target for new treatments.

It's important not to oversell the impact of the Ice Bucket Challenge. Some of those donations came from ALS Association state chapters, for one thing. Moreover, there was a real concern that the original awareness message got lost in the shuffle. While there's no question that the fundraising was wildly successful, there were likely some who didn't realize that it was connected to ALS at all -- the internet's tendency to dilute information might have worked against the campaign. On the balance, though, the discovery stands as proof that the buzz created by social networks can accomplish great things.

Source: TheGuardian,

Read More

Xiaomi's announced the Redmi Pro featuring an OLED display plus a dual-camera

Today, the Chinese company announced the Redmi Pro which is the latest smartphone in its entry-level portfolio. As suggested by the name, this Android 6.0 device packs some surprising features that make it stand out from its predecessors: This is the first time that Xiaomi's featuring an OLED display plus a dual-camera setup on a device, which is a surprising move given that these are headed to the affordable Redmi line instead of the flagship Mi line. The price is From 1,499 yuan which is about $225.

The Redmi Pro comes in a gold- or silver-colored brushed metallic unibody -- a real bonus at this price point -- and packs a 5.5-inch 1080p OLED display (with full NTSC gamut), a fingerprint reader plus a 5-megapixel selfie camera on the front side. Flip it over and you'll find a Mi 5-like curved back sans glass, along with a dual camera featuring a 13-megapixel Sony IMX258 main sensor plus a 5-megapixel Samsung assistive sensor for bokeh effects. Like many earlier dual-camera phones, here you can change the focus point on the image even after capturing; and there's a dual-tone LED flash, too. There's also a generous 4,050mAh battery inside -- similar to the one in the very recent Redmi 3S -- with fast charging via the USB Type-C port. Likewise, the Redmi Pro has the same IR blaster as the Redmi 3S which lets you control your TV and home appliances.

Given the base price point, it's no surprise that the Redmi Pro is powered by a MediaTek chipset --MediaTek Helio X20 / X25 - the world's first mobile processor with Tri-Cluster CPU architecture and ten processing cores (Deca-core). 

The base spec starts comes with three variants :

• 10 Core Helio X20 32GB storage 3GB of RAM (1,499 yuan/about $225)
• 10 Core Helio X25 64GB storage 3GB of RAM (1,699 yuan/about $255)
• 10 Core Helio X25 28GB storage 4GB of RAM (1,999 yuan/about $300)

As with most Chinese and Indian smartphones these days, the Redmi Pro is a dual-SIM 4G+ device (VoLTE supported), though you can also use the second SIM slot to add a microSD card instead. 

There's no word on when to expect the Redmi Pro to hit the markets outside China, but we're pretty sure it'll eventually land in India plus other developing markets. Or you can just fly yourself to China for a quick shopping trip.

Source: Xiaomi

Read More

Xiaomi's first laptop looks like a MacBook and is named like a Macbook Air

Xiaomi just announcing one product. In addition to the new Redmi Pro smartphone, the Chinese company threw in a huge surprise by launching its first-ever laptop line, the Mi Notebook Air, running on Windows 10. 

It comes in two sizes -- the powerful 13.3-inch and the portable 12.5-inch -- and both feature a slim body, a 1080p display with slim under-glass bezels (while still managing to fit in a 1-megapixel webcam), a backlit keyboard, a USB Type-C charging port plus a minimalistic metallic design -- in gold or silver, naturally -- with no logo on the outside. The best part of all? The top-spec model costs just 4,999 yuan or about $750.

The flagship 13.3-inch model comes in at just 14.8mm thick and 1.28kg heavy, which is pretty good given that you get an Intel Core i5-6200U "Skylake-U" processor (dual core, base frequency at 2.3GHz, turbo up to 2.7GHz) plus an NVIDIA GeForce 940MX GPU (with 1GB GDDR5 RAM). Of course, Xiaomi just had to point out that this is thinner and lighter than the 13-inch MacBook Air, though it doesn't use a wedge design so it's still bulkier. You also get 8GB of DDR4 RAM, 256GB of SSD via PCIe and one free SATA slot for expansion (but only serviced by Xiaomi). The 40Wh battery should be good for up to 9.5 hours, and it can go from zero to 50 percent in just half an hour using the bundled USB-C charger.

The smaller 12.5-inch model is even slimmer and lighter at 12.9mm and 1.07kg, respectively, but you'll have to make do with an Intel Core M3 CPU, no dedicated GPU, just 4GB of RAM and just a 128GB SSD via SATA -- though there's one free PCIe slot if  Xiaomi do the upgrade for you later. And instead of two USB 3.0 ports, you only get one here; but you still have an HDMI port. The upside of this model is that you get two more hours of battery life. The price is 3,499 yuan or about $520.

While it doesn't run on MIUI (Xiaomi's customized Android ROM), it does come with "Mi Sync" software (tentative name translated from Chinese) which should somewhat boost Mi Cloud usage. The laptop can also be automatically unlocked when your Mi Band is within a close proximity.


The Mi Notebook Air is launching in China on August 2nd. Again, there's no info regarding global availability for it just yet, so stay tuned for future updates.

source: Xiaomi

Read More

Jerusalem-based Lightricks, Enlight and also Facetune are the top photo app in the U.S

Jerusalem-based Lightricks knows what it takes to stand out amongst the thousands of photo apps. They’ve done it twice — with Enlight and also Facetune, which is currently the top photo app in the U.S. according to App Annie.

Facetune is a funny photo editor for making your selfies way more shiny and attractive. This is a highly complete application with plenty of tools to achieve the perfect result you were looking for.

Every photo could use a touch up. That’s why magazines use expensive, complicated tools like Photoshop to make people look their best. But now, there’s Facetune! Facetune provides easy-to-use, powerful tools (previously reserved only for the pros) to retouch and perfect every photo or selfie, making each one look like it came straight out of a high-fashion magazine.  

Lightricks “takes the retouching capabilities of Photoshop and makes them easy to use,” said CEO Zeev Farbman. He credits Facetune’s popularity to its simplicity.

How does it work? 
Select your preferred picture and try all the available tools to make your face brighter, remove those annoying spots and stand out whatever details you find beautiful. There are plenty of photo editors out there, but Facetune is probably one of the bests, ever. Everything you want, you will find.

Facetune, which costs $3.99 or  Php150.00 on both iOS and Android, evens out skin tone, whitens teeth and erases blemishes.

Another apps from Lightricks,  Enlight, which also costs $3.99, but is only available on iOS, is designed to make smartphone photography look professional. More than just filters, Enlight touts its precision in adjusting light and color, which can also be done by dragging one’s finger.

Enlight looks best for landscape or artistic photos. Enlight solve the issue having no mouse on editing via smartphone like erasing or blending  mixed photos...

You might also like: 
Prisma photo app arrives on Android: Turn your photos into awesome artworks 

Read More

You can download videos on the latest Opera Mini for Android

The Opera Mini browser for Android has a helpful new feature: video downloading. When you're at home or have solid WiFi, you can visit sites like Facebook, IMDB and GQ.com and download videos directly to your phone. Later, if you're without a signal or want to keep your cell bill down, you can watch the videos offline at your leisure.

The feature works with sites like Facebook that support native .mp4, .webm and other formats, but not with YouTube and others that use their own media players. You can download a video while you're watching it by hitting a button at the top right.

The feature should be handy for those of us who use the subway or drive in the country where cell connections are limited or nonexistent. But Opera is aiming it more at developing nations like India or Philippines, where cellular data can be dicey and prohibitively expensive.



Google recently did something similar with YouTube, offering an offline mode that allows you to schedule video downloads during periods where data is cheaper. 

Facebook is also testing an offline mode, letting users sync videos on WiFi and watch them in the app later on.

Read More

PornHub Pays Hackers $20,000 for its first Bounty Payout

The world's most popular pornography site has paid its first bounty payout. But how much?
US $20,000!- PornHub launched its bug bounty program two months ago to encourage hackers and bug bounty hunters to find and responsibly report flaws in its services and get rewarded.

PornHub has paid $20,000 bug bounty to a team of three researchers, who gained Remote Code Execution (RCE) capability on its servers using a zero-day vulnerability in PHP – the programming language that powers PornHub's website.

The team of three researchers, Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide), discovered two use-after-free vulnerabilities (CVE-2016-5771/CVE-2016-5773) in PHP's garbage collection algorithm when it interacts with other PHP objects.

One of those is PHP's unserialize function on the website that handles data uploaded by users, like hot pictures, on multiple paths, including:

• site/album_upload/create
• site/uploading/photo

This zero-day flaw let the researchers reveal the address of the server's POST data, allowing them to craft a malicious payload and thereby executing rogue code on PornHub's server.
The hack was complicated and required a massive amount of work that granted a "nice view of Pornhub’s /etc/passwd file," allowing the team to execute commands and make PHP run malicious syscalls.

The PHP zero-day vulnerabilities affect all PHP versions of 5.3 and higher, though the PHP project has fixed the issue.
The hack could have allowed the team to drop all Pornhub data including user information, track its users and observe behavior, disclose all source code of co-hosted websites, pivot deeper into the network and gain root privileges.

The Internet Bug Bounty HackerOne also awarded the researchers an additional $2,000 for discovering the PHP zero-days. 

The team has been explained technicalities of this attack in two highly detailed blog posts.

source: https://www.evonide.com

Read More

The Russia-linked election hack over DNC

WikiLeaks published a stolen archive of emails from the Democratic National Committee — and Washington spent the weekend trying to figure out if the dump was a normal political scandal or something far more sinister. The week before Hillary Clinton is expected to become the Democratic presidential candidate.
 
Over the weekend, a number of experts have raised suspicions that the email leak was carried out as part of an active campaign by Russian groups to sway the US election. The FBI is actively investigating the hack and the House Intelligence Committee has reportedly been briefed on it as well. If the reports are true, it would be a new level of involvement by a foreign power in a US election. And since the attack used many of the same tactics turned against Sony Pictures and Ashley Madison, it would also set a troubling precedent for how commonly available digital attacks could be used to subvert a national election.

WikiLeaks has published over 19,000 emails it says come from seven top Democratic National Committee figures. Among them are hundreds of messages that appear to hold personal information about donors, all part of what WikiLeaks calls an ongoing series of "Hillary Leaks."

RELEASE: 19,252 emails from the US Democratic National Committee https://t.co/kpFxYDoNyX #Hillary2016 #FeelTheBern pic.twitter.com/Pft8wnOujl

— WikiLeaks (@wikileaks) July 22, 2016

The DNC was first compromised in May of this year, and while attribution is always tricky, there’s ample evidence linking that attack to Russia. In a blog post in June, the firm Crowdstrike linked the DNC compromise to two different groups, dubbed "Cozy Bear" and "Fancy Bear." One had been linked to previous attacks on the State Department, and both were seen choosing targets "for the benefit of the government of the Russian federation," Crowdstrike CTO Dmitri Alperovitch wrote. Two separate firms later confirmed the finding, and crucially, both assessments were made over a month ago, long before the emails themselves were released. The report closed with an ominous prediction: "Attacks against electoral candidates and the parties they represent are likely to continue up until the election in November."

In the month since, the connection to Russia has only strengthened. A figure came forward taking credit for the hack, claiming to be a Romanian civilian acting alone — but in a pivotal Motherboard interview, he proved unable to converse in Romanian, and metadata for his site showed it had been modified by Russian users. In the wake of the email dump, other experts have piled on the Russian connection, with longtime Russia analyst Thomas Rid describing the evidence as "very strong."

Those leaks exposed genuinely powerful organizations at work, motivated by costly acts of individual principle. What we saw at the DNC was closer to a hit and run, striking a soft target with as little exposure as possible. This attack will always work better against civil society groups and small businesses — and as it becomes more common, those are the groups that will be hit the hardest.

It’s not clear how we avoid it. For better or worse, most of the world’s organizations run on email, and that leaves every message persistent and easily accessible on a server. It’s hard to imagine that will change, or that we’ll get any better at protecting those servers. More than a year and a half after the Sony leaks, we still have no better answer to the moral questions raised by that attack. The more urgent question is whether democratic institutions can withstand the pressure of digital attacks.  

Read More

Amazon partnership with the UK Government to test its Drones for delivery

This new partnership with the UK gives the company a chance to test its drones the way it can't in the US.
UK is allowing Amazon to deploy beyond line of sight tests in both rural and suburban areas. 

Unlike in the US, Amazon can only fly drones if they're within the pilot's line of sight, which makes it impossible to deliver parcels to farther locations.

The e-commerce company will also use this opportunity to make sure its UAVs' sensors can identify and avoid obstacles and to deploy operations wherein one person controls multiple highly automated drones.

The test flights will still be limited to an altitude of 400 feet and aren't allowed to operate near airports. They will also concentrate on ferrying packages weighing five pounds and below.

Amazon says the experiments they'll perform across the pond will give them a better understanding of how the flying machines can be used safely for Prime Air. Further, it will help them identify and conjure up the rules and safety regulations needed to "move the drone industry forward."


source: Amazon PR

Read More

Missile Sub vehicle for US Special Forces scuba divers

Lockheed Martin aerospace company's Submergence Group just announced a $166 million defense contract with the US Special Operations Command to build a new "missile sub" meant to carry Special Forces scuba divers into battle. Operated by a pilot and a navigator, the 30-ton Swimmer Delivery Vehicle will carry a team of six divers to an underwater location in a completely dry environment. Once the sub reaches its drop point, it can launch the dive team through an onboard airlock system.

According to the Daily Mail, Lockheed Martin is currently building three of the vehicles, which have a depth rating of 328 feet and a lock-out depth of 98 feet. With a top speed of 5 knots (or about 6 mph), it won't be the fastest thing underwater, but it offers an upgrade over the open, wet submersibles Special Forces teams currently use, and reduces a mission's overall swim time.

Keep those Navy SEAL divers warm and dry on the way to work and will deliver operators to their destination in better physical condition to complete a mission.


According to Lockheed Martin, the platform will be based on the existing S301i dry manned submersible and will include an Inertial Navigation System, Doppler Velocity Log for navigation support, an Underwater Telephone and UHF radio for communications, and an obstacle avoidance sonar and fathometer. The S302, as it is officially called, will also include support for additional sensors as specific missions require.

source: Daily Mail, Lockheed Martin

Read More

McDonald's Japan Collaborate with Pokemon GO

Mcdonald's Japan confirmed it's rumoured collaboration with Pokemon GO. 

Tech Crunch reported that the collaboration would involve transforming 3,000 of McDonald's Japan locations into Gyms, but they also reported that Pokemon GO would launch in Japan  (the launch has since been postponed). 

Hanke previously said that Niantic would augment the already significant revenue that the game is making from in-app purchases by allowing selective partners to become “sponsored locations” in the game.

A sponsor can create “gyms” — where Pokémon can be battled or trained by gamers — at their retail store or locations, a move that could drive real-world traffic and potential sales to their business.

So, for now, we'll let the speculation swirl.

Are we getting poke-themed menu items?  Maybe all McDonald's employees will have to dress up like Nurse Joy.

Japan will mark the first launch of Pokémon Go in Asia which, Australia and New Zealand aside, has been ignored as Niantic has focused on getting the game to market (and stable) in North America and Europe first. 

Further launches in Asian countries will happen this week and next, so there’s still lots more to come.

Read More