Jump to content

Search the Community

Showing results for tags 'users'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 6 results

  1. The National Security Agency has been trying to crack the online anonymity provided by Tor, a US-funded Internet tool designed to keep Net activity private and said to be widely used by dissidents in oppressive countries, as well as by terrorists. That's according to the latest secret intelligence documents drawn from the cache leaked by Edward Snowden and published by the UK's Guardian newspaper. The NSA hasn't been able to crack Tor outright, but through various means it's been able to "de-anonymize a very small fraction of Tor users," says an internal NSA document quoted by the Guardian. The news of the agency's interest in Tor follows a report last month on the NSA's efforts to circumvent privacy-ensuring encryption of all kinds. The New York Times said the agency has sidestepped common Net encryption methods in a number of ways, including hacking into the servers of private companies to steal encryption keys, collaborating with tech companies to build in back doors, and covertly introducing weaknesses into encryption standards. The revelations are all part of the outcry over surveillance that's been kicked up by the Snowden leaks. Tor -- originally TOR, or "The Onion Router" -- was first developed by the US Naval Research Laboratory and is currently funded in part by the US State Department and Department of Defense. To put it simply, Tor facilitates anonymous Web surfing, forum posting, instant messaging, and other Internet communication by wrapping signals in layers of encryption and then sending them on an unpredictable path through a network of routers. Each router peels off one "skin" of encryption to send the signal along, but no one router has access to all the details -- thus the signal can't be traced back to its sender. US government funding is based, in part, on the desire to help Internet users in a country like China, say, access restricted sites or communicate about prohibited subjects without fear of reprisal. But Tor might also be used by journalists (in the US and elsewhere; Americans use Tor as well) -- who are looking to protect communications. It might even be used, the Tor Project site says, "for socially sensitive communication: chat rooms and Web forums for rape and abuse survivors, or people with illnesses." Law enforcement agencies say Tor is also used by terrorists, drug dealers, and child pornographers. The newly published NSA documents say the agency will "never be able to de-anonymize all Tor users all the time" and that it's also had "no success de-anonymizing a user in response" to a specific request. But the Guardian reports that the agency secretly tries to "direct traffic toward NSA-operated servers," that it measures "the timings of messages going in and out of the [Tor] network to try to identify users," that it "attempts to degrade or disrupt" Tor so people will stop using it, and that it has implanted "malicious code on the computers of Tor users who visit particular Web sites." One NSA technique, code-named EgotisticalGiraffe, took advantage of a flaw in a version of the Firefox browser that was packaged by the Tor Project with other software designed to let people easily get up and running with the service. If people using that software bundle visited particular Web sites, the NSA placed malware on their machines that let the agency access their files and monitor their keystrokes and Web activity. That flaw has since been fixed in more recent versions of Firefox. The NSA justified its actions, in general terms, in a statement sent to the Guardian: In carrying out its signals intelligence mission, NSA collects only those communications that it is authorized by law to collect for valid foreign intelligence and counter-intelligence purposes, regardless of the technical means used by those targets or the means by which they may attempt to conceal their communications. NSA has unmatched technical capabilities to accomplish its lawful mission. As such, it should hardly be surprising that our intelligence agencies seek ways to counteract targets' use of technologies to hide their communications. Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human traffickers and others use technology to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that. But a representative for the Electronic Frontier Foundation, a past Tor Project funder and a self-described defender of free speech and privacy in the realm of technology, was troubled by the revelations. Citing the example of a battered woman who might use Tor to hide her visits to an online help service from her attacker, as well as uses by dissidents, EFF Legal Director Cindy Cohn told CNET, "Of course the government should get to go after bad guys, but they shouldn't be able to break the security and trust promises of the Internet to do that." You can read the Guardian's package of stories about the NSA and Tor here. Update, 1:21 p.m. PT: The Director of National Intelligence has responded to the Tor news. In a post on the "IC on the Record" blog James Clapper says, in part, "the articles fail to make clear that the Intelligence Community's interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies." You can read Clapper's statement in full here. Original Article: http://news.cnet.com/8301-13578_3-57606133-38/nsa-sought-to-unmask-users-of-net-privacy-tool-tor-says-report/
  2. Later today, eBay will begin asking all of its 112 million customers to change their passwords, in the wake of a newly discovered database breach. The breach compromised a database containing a list of encrypted passwords that, once released in the wild, could potentially be decrypted through publicly available tools. As a result, eBay is asking users to change passwords as soon as possible. Officials say no financial data was implicated, and the company hasn't found any evidence of unauthorized activity resulting from breach. The attack itself took place some time between late February and early March, when attackers obtained a group of employee log-in credentials, allowing access to the larger database. Even after the attack, eBay wasn't aware of the compromise until two weeks ago, and it took detailed forensic analysis to implicate the password database, resulting in today's announcement. In addition to passwords, the database contained basic login information like name, email, phone number, address and date of birth, but officials stressed that no confidential or personal information was included in the breach. Paypal was not involved in the breach, as PayPal data is kept on a separate network with higher levels of encryption. Still, a site-wide password reset is generally seen as the best response to this kind of breach. eBay also reminded users to make the change at any other sites where they had used the same password, a bad security practice that is nonetheless widespread. Source
  3. Google will add a "Privacy practices" section on each Chrome extension's Web Store page listing what data they collect from users and what the developer plans to do with it. Google said today it plans to add a new section on the Chrome Web Store where extension developers will be able to disclose what user data they're collecting from users and what they plan to do with the information. The new section is set to go into effect on January 18, 2021, and will appear as a "Privacy practices" button on each extension's Web Store listing. To aid the process, Google has added a new section today in the Web Store dashboard where extension developers will be able to disclose what data they collect from their users and for what purposes. Google's new "data usage" dashboard will ship with a limited set of preset options, which will effectively prohibit Chrome developers from certain data practices, such as: The bulk sale of user data by ensuring the use or transfer of user data is for the primary benefit of the user and in accordance with the stated purpose of the extension. The use or transfer of user data for personalized advertising. The use or transfer of user data for creditworthiness or any form of lending qualification and to data brokers or other information resellers. Google's new "data disclosure" policy is not unique. At the WWDC 2020 developer conference in June this year, Apple announced that all App Store app listings will soon be required to include a "privacy prompt (label)" that will list all the data points apps collect from users and which data points are used to track users across apps. Apple's privacy labels are scheduled to go live on December 8, next month. Google said it plans to show notices to all developers in the Web Store developer dashboards and prompt extension makers to set up a "privacy practices" section. Source
  4. Accounts of some Reddit users have been locked out or suspended due to irregular behavior that could suggest unauthorized access. The Reddit security team has stated that they plan on allowing affected users to perform a password reset in a few hours time. The suspected cause for the unusual activity seen from the locked accounts is a credential stuffing attack, which takes advantage of users’ practice of reusing the same login password for multiple websites and online services. Recycling credentials is a dangerous habit because it presents a hacker with the opportunity to test stolen username/password across other services. If they work, the attacker gains access to other accounts with minimum effort. Unauthorized access spotted in some cases Some users are not convinced that a credential stuffing attack is a possible explanation for the precautionary measure, saying that their Reddit credentials were unique and sufficiently strong. One member suggested a “check for reddit data/security leaks instead of only user-errors.” Another suggested a large scale account hijacking scenario, similar to what happened recently to 50 million Facebook accounts due to a vulnerability that allowed the stealing of access tokens. However, multiple users reported that the activity log for their account showed that it had been accessed from different countries (Italy, Brazil, Russia, Bangladesh, Thailand). One of them admitted to having a simple password. Users slowly regaining access to their accounts It is unclear how many accounts have been locked, but in a post a few hours ago, Reddit admin Sporkicide refers to “a large group of accounts.” Reddit is working on establishing normal access conditions and affected users with an email address associated to the Reddit account should receive a notification to reset their password. However, access to Reddit is possible without a password, and Sporkicide says that users falling in this category should try the login page until they are able to gain access again; this does not mean, though, that you should constantly refresh the page until access is permitted. Another way to receive the notification is if you have added an email address to any support ticket you sent in. A user stated they received the password notification below after initially being delivered a note informing that their account had been permanently suspended for breaking the rules. He claims he had done nothing wrong to get the suspension. “It may be a little while before you receive your notice, but please be patient. There’s no need to file additional support tickets or send messages to the admins at this time,” Sporkicide says. At the moment, some users have regained access to their Reddit account, but others are still waiting for the password reset notification. Sporkicide urges users to choose strong, unique passwords and encourages adding a valid email address to the account and turning on two-factor authentication (2FA) protection. The recommendation from Reddit’s security team is to use at least 12 characters for the password, or, better yet, a short sentence. Source
  5. Misconfigured Jira servers from big names in the tech industry exposed information about internal projects and users that could be accessed by anyone with a good command of advanced search operators. Jira is a popular solution for project management, developed by Atlassian for agile teams. It is used by Fortune 500 companies for easy tracking the progress of various tasks and issues. Organizations like Google, Yahoo, NASA, Lenovo, 1Password, Zendesk, as well as governing bodies across the world left unprotected private details that could have jeopardized their developments. Some entities continue to unwittingly expose to the public the names, roles, and email addresses of employees involved in various projects of the organization, along with the current stage and development of those activities. Definitely a visibility problem This information becomes public when a setting is used for controlling the visibility of filters and dashboards for projects on Jira servers, says Avinash Jain, the security engineer that discovered the problem. Jain told BleepingComputer that when a new filter and dashboard is created in Jira Cloud, the default visibility setting is "all" and this is understood as 'all within the organization' but it refers to everyone on the internet. Projects on Jira Cloud can be set up for anonymous access, which does not require a user to log in. One of the sharing options for filters and dashboards is called Public and comes with a warning: "If a filter or dashboard is shared with Public, the name of the filter or dashboard will be visible to anonymous users." Jira Cloud documentation. A broader setting is from the Global Permissions menu, where the admin can choose "Anyone" from the drop-down list to grant access to users that are not logged in. This is not recommended for "systems that can be accessed from the public Internet such as Cloud." Jira has a user picker functionality that allows retrieving a complete list of usernames and email addresses on the misconfigured exposed servers. Finding misconfigured servers Using specific search operators (Google Dorks), Jain was able to identify the machines configured to allow access to information about users and related projects. When BleepingComputer tried them we could easily find government domains that were affected as well as private companies and educational institutions. Depending on the organization, these details are valuable for reconnaissance operations before planning an attack or for spying on the competition. "Thousands of companies filters, dashboards and staff data were publicly exposed," says the researcher. "I have discovered several such misconfigured JIRA accounts in hundreds of companies. Some of the companies were from Alexa and Fortune top list including big giants like NASA, Google, Yahoo, etc and government sites." - Avinash Jain The researcher reported some of his findings to affected parties and was recognized for his role in improving their security protocols. One of the organizations is the United Nations; another recognition was for CODIX - a financial solution used by the European Union institutions and agencies. Last year, Jain found and reported responsibly to NASA a misconfigured Jira server that exposed details (names and email addresses) of 1,000 users. Source
  6. Spotify added 8 million subscribers in the quarter that ended in June, slightly below the estimated 8.5 million figure, the streaming giant reported today. The top music streamer said it had amassed 232 million monthly active users and 108 million paying subscribers at the end of June, up from 217 million users and 100 million subscribers in the quarter that ended in March. Monthly active users include paying subscribers and non-paying users. “We missed on subs… That’s on us,” the company said. Paying subscribers include users who are enjoying the 30-day trial Spotify offers. Additionally, Spotify recently kickstarted a biannual campaign, which offered customers access to the premium service for $1. This, among other factors, has pushed its average revenue per user to €4.86 ($5.42) — down 1% since last quarter — the company said, adding that it expects the decline to continue in the low single digits for the rest of the year. Image and data: Spotify In comparison, Apple Music had 60 million paying subscribers as of June this year. (This also includes users who are part of Apple Music’s three-month free trial.) On the business side, Spotify said its quarterly revenue rose 31% from the same period last year to $1.86 billion, while operating expenses increased 4%. Its operating loss narrowed to $3.34 million, the company said — better than estimations of analysts who expected Spotify to lose about $62 million on sales of $1.83 billion. Additionally, Spotify revealed that it has reached an agreement with two of the four major record labels for licenses and is in active talks with the other two. It did not identify the labels. Spotify’s future profits — and losses — will depend on how its existing margins change during the negotiations with the music labels. The bulk of the revenue Spotify generates goes to the music labels. Every few years, they all meet to renew their agreements. The music streaming service, which has ramped up its podcast offerings with the acquisition of Gimlet Media, Anchor and Parcast, said its podcast audience is up 50% since the last quarter. Barry McCarthy, CFO of Spotify, said the company is still open to acquiring more podcasting businesses. Spotify, which earlier this year filed a complaint in Europe accusing Apple of stifling competition, did not talk about the iPhone-maker today. (Apple has refuted the accusation.) The company also did not speak much about India, where it launched its music streaming service in February. In late April, Spotify said it had amassed 2 million users in India. “Our newest market, India, performed well and in line with expectations,” it said today. Source
×
×
  • Create New...