Linux How-Tos and Linux Tutorials: Linux Support for Digital Video Broadcasting

This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: LWN. Original post: at Linux How-Tos and Linux Tutorials

Mauro Carvalho Chehab, the maintainer of the kernel’s media subsystem, has posted the first two in a series of articles on digital video broadcasting support in Linux. Part 1 gives an overview of how the devices and protocols work, while part 2 looks at digital TV network interface use. “Supporting embedded Digital TV hardware is complex, considering that such hardware generally has multiple components that can be rewired in runtime to dynamically change the stream pipelines and provide flexibility for things like recording a video stream, then tuning into another channel to see a different program. This article describes how the DVB pipelines are setup and the needs that should be addressed by the Linux Kernel.

Read more at LWN

LWN.net: Linux support for digital video broadcasting

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

Mauro Carvalho Chehab, the maintainer of the kernel’s media subsystem, has
posted the first two in a series of articles on digital video broadcasting
support in Linux. Part 1
gives an overview of how the devices and protocols work, while part 2
looks at digital TV network interface use. “Supporting embedded
Digital TV hardware is complex, considering that such hardware generally
has multiple components that can be rewired in runtime to dynamically
change the stream pipelines and provide flexibility for things like
recording a video stream, then tuning into another channel to see a
different program. This article describes how the DVB pipelines are setup
and the needs that should be addressed by the Linux Kernel.

LWN.net: Announcing GitTorrent: A Decentralized GitHub

This post was syndicated from: LWN.net and was written by: n8willis. Original post: at LWN.net

At his blog, Chris Ball announcesGitTorrent,” his new project designed to let developers host Git repositories on BitTorrent. The system takes advantage of Git’s ability to run over arbitrary network protocols. “We ask for the commit we want and connect to a node with BitTorrent, but once connected we conduct this Smart Protocol negotiation in an overlay connection on top of the BitTorrent wire protocol, in what’s called a BitTorrent Extension. Then the remote node makes us a packfile and tells us the hash of that packfile, and then we start downloading that packfile from it and any other nodes who are seeding it using Standard BitTorrent. We can authenticate the packfile we receive, because after we uncompress it we know which Git commit our graph is supposed to end up at; if we don’t end up there, the other node lied to us, and we should try talking to someone else instead.” The project is, obviously, a new one that still has important ground to cover—such as dealing with comments or pull requests—but there are interesting ideas to consider already.

TorrentFreak: MPAA Threats Shut Down Popular Torrent Site BT-Chat

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

btchat Over several years the Canada-based torrent index BT-Chat has grown to become one of the most popular among TV and movie fans.

The site was founded over a decade ago and has been running without any significant problems since. Starting a few days ago, however, the site’s fortunes turned.

Without prior warning or an official explanation the site went offline. Instead of listing the latest torrents, an ominous message appeared with a broken TV signal in the background.

“Error 791-the internet is shutdown due to copyright restrictions,” the mysterious message read.

chatdown

Initially is was unclear whether the message hinted at hosting problems or if something more serious was going on. Many of the site’s users hoped for the former but a BT-Chat insider informs TF that the site isn’t coming back anytime soon.

The site’s operators have decided to pull the plug after receiving a hand delivered letter from the Canadian MPA, which acts on behalf of its American parent organization the MPAA.

In the letter, shown below, Hollywood’s major movie studios demand that the site removes all infringing torrents.

“We are writing to demand that you take immediate steps to address the extensive copyright infringement of television programs and motion pictures that is occurring by virtue of the operation of the Internet website www.BT-Chat.com.”

MPAA-CAN

The MPAA makes its case by citing U.S. copyright law, and states that linking to unauthorized movies and TV-shows constitutes contributory copyright infringement.

Referencing the isoHunt case the movie studios explicitly note that it’s irrelevant whether or not a website actually hosts infringing material.

“It makes no difference that your website might not have infringing content on it, or only links to infringing content,” the letter says.

The threats from Hollywood have not been taken lightheartedly by the BT-Chat team. While giving up a site that they worked on for more than a decade is not easy, the alternative is even less appealing.

In the end thry decided that it would be for the best to shut the site down, instead of facing potential legal action.

And so another popular site bites the dust…

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Backblaze Blog | The Life of a Cloud Backup Company: Katherine with a K – Our Newest Intern

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

katherine

The summer months are upon us and that means it’s time for Backblaze to get a whole new set of interns! The first one to join us is Katherine! She’s a JRPG playing Swarthmore Pheonix that’s joining our engineering team to help on some back-end projects they’ve been working on. Let’s get to know her a bit better shall we?

What is your Backblaze Title?
Engineering Intern

Where are you originally from?
Seattle, Washington

What attracted you to Backblaze?
After taking introductory CS classes at school, I was really interested in the field of computer engineering-specifically software engineering! So I wanted to get a feel for what it’s like to work in the field, and learn some applicable skills.

What do you expect to learn while being at Backblaze?
I hope to learn about web development, as well as ways to make my code run more efficiently.

Where else have you worked?
My longest stint was as a math tutor. I gave up when I had to teach times tables.

Where did you go to school?
I’m going to Swarthmore College. It’s a small liberal arts school in Pennsylvania.

Favorite place you’ve traveled?
Istanbul! The weather was amazing, the city was beautiful (both the old and new areas of the city), I could go on about it for a while! [Editor’s note: Instabul is great!]

Favorite hobby?
I really like playing JRPGs! I’m a big fan of Atlus games in general.

Of what achievement are you most proud?
I once at five rice puddings in one sitting to procrastinate doing my homework. It was pretty incredible, if I may say so myself.

Favorite food?
It used to be rice pudding.

We feel you on that rice pudding, and we’re sorry that you burned out on it! Seriously though, 5 rice puddings in a single sitting is pretty darn impressive. We’re lucky to have you aboard!

The post Katherine with a K – Our Newest Intern appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

LWN.net: Friday’s security updates

This post was syndicated from: LWN.net and was written by: n8willis. Original post: at LWN.net

Debian has updated virtualbox (privilege escalation).

Debian-LTS has updated clamav (multiple vulnerabilities), postgresql-8.4 (multiple vulnerabilities), and tomcat6 (multiple vulnerabilities).

Beyond Bandwidth: Swipe At Your Own Risk: What you need to know to combat Point of Sale malware PoSeidon

This post was syndicated from: Beyond Bandwidth and was written by: Level 3 Threat Research Labs. Original post: at Beyond Bandwidth

If you use a credit card to make purchases at your local retailer, gas station, restaurant or bar, it can be compromised – if it isn’t already. Black market demand for user and credit card data has made Point of Sale (PoS) system compromise a lucrative business, leaving breached retailers to fight a war of…

The post Swipe At Your Own Risk: What you need to know to combat Point of Sale malware PoSeidon appeared first on Beyond Bandwidth.

TorrentFreak: Advocate General Doubts Legality of Pirate Bay Blockade

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate bayEarly last year The Court of The Hague handed down its decision in a long running case which had previously forced two Dutch ISPs, Ziggo and XS4ALL, to block The Pirate Bay.

The Court ruled against local anti-piracy outfit BREIN, concluding that the blockade was ineffective and restricted the ISPs’ entrepreneurial freedoms.

Responding to the verdict the two ISPs quickly unblocked the site and various other Dutch ISPs followed suit.

Meanwhile, the Hollywood-backed group took its case all the way to the Supreme Court and today Advocate General Van Peursem published his conclusion after a careful review.

The Advocate General advises the Supreme Court to stay the proceedings between BREIN and the Internet providers in order to seek clarification from the EU Court of Justice on several matters.

The first question that requires a European review is whether The Pirate Bay is actually communicating illegal content to the public. If this isn’t the case then the EU Court should rule whether ISPs can be ordered to block the site on other grounds.

A decision at the European level will be important, as it may also affect court orders in other countries, such as the UK, Italy and Belgium.

When the questions are resolved at the EU Court, the Advocate General advises to redo the entire trial noting that The Court of The Hague was too strict when it concluded that the blockade was ineffective and disproportional.

The Advocate General’s advice is not binding so it’s not yet certain whether the case will be referred to the EU Court of Justice. However, in most cases the recommendations are followed by the Supreme Court.

The Supreme Court is expected to release its verdict on October 9th.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Schneier on Security: UN Report on the Value of Encryption to Freedom Worldwide

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

The United Nation’s Office of the High Commissioner released a report on the value of encryption and anonymity to the world:

Summary: In the present report, submitted in accordance with Human Rights Council resolution 25/2, the Special Rapporteur addresses the use of encryption and anonymity in digital communications. Drawing from research on international and national norms and jurisprudence, and the input of States and civil society, the report concludes that encryption and anonymity enable individuals to exercise their rights to freedom of opinion and expression in the digital age and, as such, deserve strong protection.

Here’s the bottom line:

60. States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate. States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. In addition, States should refrain from making the identification of users a condition for access to digital communications and online services and requiring SIM card registration for mobile users. Corporate actors should likewise consider their own policies that restrict encryption and anonymity (including through the use of pseudonyms). Court-ordered decryption, subject to domestic and international law, may only be permissible when it results from transparent and publicly accessible laws applied solely on a targeted, case-by-case basis to individuals (i.e., not to a mass of people) and subject to judicial warrant and the protection of due process rights of individuals.

One news report called this “wishy-washy when it came to government-mandated backdoors to undermine encryption,” but I don’t see that. Government mandated backdoors, key escrow, and weak encryption are all bad. Corporations should offer their users strong encryption and anonymity. Any systems that still leave corporations with the keys and/or the data — and there are going to be lots of them — should only give them up to the government in the face of an individual and lawful court order.

I think the principles are reasonable.

SANS Internet Storm Center, InfoCON: green: Trust But Verify, (Fri, May 29th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Beintentionalabouthowyouspendyour time.I believe thatevery person can incrementally improve their security program by being intentional about how they spend their time.One method is to be intentional about checking several items for compliance each and every month. While not intended to replace the value of an auditor, this approach can generate incremental value from the overall compliance process. If you have the requirement to be in compliance with PCI, you are in luck! You could easily create a table that pairs one of the 12 categories with one of the 12 months in a calendar year. Inside each month, you could list several items that are important to verify. When printed out and kept nearby, it can serve as a reminder to be diligent about tracking progress over time.Compare this table year over year and look for trends that will help identify the sometimes small areas to focus on that can make a big impact.
I have used this approach to expect more out of myself and to set the bar just a little bit higher. I found success in showing this matrix to outside auditors and received positive feedback. There was nothing magic about this table, it just forced me to be intentional each and every month. Using this approach, unexpected compliance drift can be identified and remediated on a much more timely basis. This approach can be used inside several of the regulatory compliance requirements.If you do not have one, ask friends and colleagues who do to learn what they find beneficial in their respective environments.As always, a great place to start is with the 20 Security Controls.
Can you make it easier on yourself to do the right thing by being intentional?It believe it is absolutely possible to leverage systems like this to make it easier to do the right thing.
What systems do you use to force you to be intentional? Please use the comments section to share what works for you.
Russell Eubanks
@russelleubanks

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Raspberry Pi: Hollywood, now with added Pi

This post was syndicated from: Raspberry Pi and was written by: Liz Upton. Original post: at Raspberry Pi

We had mail this morning suggesting we watch the trailer for the new Point Break reboot closely. (Keep your eyes peeled at 1:23.)

When we started the Raspberry Pi Foundation in 2012, we thought we’d just be teaching kids to code. It’s kind of discombobulating to find that we’ve been making movie props too. (If that clip makes you crave a tiny TFT screen for your own Pi, you can find the ones the film-makers used at Adafruit.)

We’ve found a couple of other recent appearances of the Pi in odd places. Here is a Pi which, we’re told, has been used to do awful, villainous things to a subway train and a rollercoaster in the new CSI: Cyber.

csicyber

csicyber1

Looking at those mangled GPIO pins gives me the yips.

Best of all, though, is this still that somebody captured from Big Hero 6 and sent to us. Look closely at what’s in the background of the shot.

bighero6

Hollywood, we salute your fabulous taste. Keep it up.

 

The post Hollywood, now with added Pi appeared first on Raspberry Pi.

Linux How-Tos and Linux Tutorials: How to Theme GNOME Shell 3.16 (In Five Simple Steps)

This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Falko Timme. Original post: at Linux How-Tos and Linux Tutorials

So, you have installed your brand new GNOME Shell desktop environment and it certainly looks indisputably cool as it is. Using it for quite some time though may make this sexy top panel look dull and your icon set look dusty. These are signs that it is time for a change, so here’s a guide on how to quickly (and easily) change the appearance of your GNOME Shell desktop using refreshing theming.

Read more at HowtoForge

TorrentFreak: UN: Encryption and Anonymity Must Be Protected

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

spyFor the past several years and particularly in the wake of the Edward Snowden revelations, interest in encrypted and anonymous communications has spread to a much wider audience.

More than ever before the ability to send and receive information both privately and anonymously is viewed as crucial in the digital age, enabling all corners of society – especially those most persecuted – to exercise their right to freedom of opinion and expression.

On the other hand, however, there are those who abuse those freedoms and the rights of others. And then, rightly or wrongly, there are those who communicate privately in order to undermine their governments. This leads some nations to restrict or even ban encryption, while others seek to introduce laws which allow law enforcement to tap into citzens’ communications.

A new report from David Kaye, a UN special rapporteur on freedom of expression, seeks to shine light on these complex issues by asking two questions:

– Do the rights to privacy and freedom of opinion and expression protect secure online communication, specifically by encryption or anonymity?
– Assuming an affirmative answer, to what extent may Governments, in accordance with human rights law, impose restrictions on encryption and anonymity?

Acknowledging that some states impose draconian measures to restrict citizens’ abilities to send and impart knowledge without fear, Kaye says that journalists and activists often need specialist tools to make their voices heard.

“A VPN connection, or use of Tor or a proxy server, combined with encryption, may be the only way in which an individual is able to access or share information in such environments,” Kaye says.

Noting that individuals should be able to send and receive information beyond their borders, the rapporteur states that some member states act to deny those freedoms by restricting communications using aggressive filtering.

“Encryption enables an individual to avoid such filtering, allowing information to flow across borders. Moreover, individuals do not control — and are usually unaware of — how or if their communications cross borders. Encryption and anonymity may protect information of all individuals as it transits through servers located in third countries that filter content,” Kaye writes.

Of course, in the online environment encryption and anonymity are often spoken of in the same breath, and just as encryption can often beat the censors, in some cases staying anonymous is vital to continued freedom of expression.

“Anonymity has been recognized for the important role it plays in safeguarding and advancing privacy, free expression, political accountability, public participation and debate,” Kaye writes.

“Some States exert significant pressure against anonymity, offline and online. Yet because anonymity facilitates opinion and expression in significant ways online, States should protect it and generally not restrict the technologies that provide it.”

Kaye notes that several states have attempted to combat anonymity tools such as TOR, VPNs and proxies, with Russia even offering significant cash bounties for techniques which would enable it to unmask TOR users. However, due to their human rights value, use of such tools should actually be encouraged.

“Because such tools may be the only mechanisms for individuals to exercise freedom of opinion and expression securely, access to them should be protected and promoted,” Kaye advises.

“States should revise or establish, as appropriate, national laws and regulations to promote and protect the rights to privacy and freedom of opinion and expression.”

In respect of encryption and anonymity, Kaye says that member states should adopt policies of “non-restriction or comprehensive protection”, and only introduce restrictions on a proportional, court-order supported, case-by-case basis.

Adding that states and companies alike should actively promote strong encryption and anonymity, Kaye says that measures that weaken individual’s online security, such as backdoors, weak encryption standards and key escrows, should be avoided.

Finally, Kaye advises member states to not only encourage the use of encryption, but also make it the norm.

“The Special Rapporteur, recognizing that the value of encryption and anonymity tools depends on their widespread adoption, encourages States, civil society organizations and corporations to engage in a campaign to bring encryption by design and default to users around the world and, where necessary, to ensure that users at risk be provided the tools to exercise their right to freedom of opinion and expression securely,” the report concludes.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

SANS Internet Storm Center, InfoCON: green: ISC StormCast for Friday, May 29th 2015 http://isc.sans.edu/podcastdetail.html?id=4505, (Fri, May 29th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

LWN.net: [$] LWN.net Weekly Edition for May 29, 2015

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The LWN.net Weekly Edition for May 29, 2015 is available.

xkcd.com: The BDLPSWDKS Effect

This post was syndicated from: xkcd.com and was written by: xkcd.com. Original post: at xkcd.com

This well-known effect has of course been replicated in countless experiments.

Schneier on Security: Ransomware as a Service

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Tox is an outsourced ransomware platform that everyone can use.

LWN.net: LibreOffice Viewer for Android released

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The Document Foundation has announced the availability of the LibreOffice
viewer for Android systems. And it’s not just for viewing:
LibreOffice Viewer also offers basic editing capabilities, like
modifying words in existing paragraphs and changing font styles such as
bold and italics.

Editing is still an experimental feature which has to be enabled
separately in the settings, and is not stable enough for mission
critical tasks.”

TorrentFreak: Hola VPN Sells Users’ Bandwidth, Founder Confirms

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

hola-logoFaced with increasing local website censorship and Internet services that restrict access depending on where a user is based, more and more people are turning to specialist services designed to overcome such limitations.

With prices plummeting to just a few dollars a month in recent years, VPNs are now within the budgets of most people. However, there are always those who prefer to get such services for free, without giving much consideration to how that might be economically viable.

One of the most popular free VPN/geo-unblocking solutions on the planet is operated by Israel-based Hola. It can be added to most popular browsers in seconds and has an impressive seven million users on Chrome alone. Overall the company boasts 46 million users of its service.

Now, however, the company is facing accusations from 8chan message board operator Fredrick Brennan. He claims that Hola users’ computers were used to attack his website without their knowledge, and that was made possible by the way Hola is setup.

“When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this,” Brennan says.

This means that rather than having their IP addresses cloaked behind a private server, free Hola users are regularly exposing their IP addresses to the world but associated with other people’s traffic – no matter what that might contain.

hola-big

While this will come as a surprise to many, Hola says it has never tried to hide the methods it employs to offer a free service.

Speaking with TorrentFreak, Hola founder Ofer Vilenski says that his company offers two tiers of service – the free option (which sees traffic routed between Hola users) and a premium service, which operates like a traditional VPN.

However, Brennan says that Hola goes a step further, by selling Hola users’ bandwidth to another company.

“Hola has gotten greedy. They recently (late 2014) realized that they basically have a 9 million IP strong botnet on their hands, and they began selling access to this botnet (right now, for HTTP requests only) at https://luminati.io,” the 8chan owner says.

TorrentFreak asked Vilenski about Brennan’s claims. Again, there was no denial.

“We have always made it clear that Hola is built for the user and with the user in mind. We’ve explained the technical aspects of it in our FAQ and have always advertised in our FAQ the ability to pay for non-commercial use,” Vilenski says.

And this is how it works.

Hola generates revenue by selling a premium service to customers through its Luminati brand. The resources and bandwidth for the Luminati product are provided by Hola users’ computers when they are sitting idle. In basic terms, Hola users get their service for free as long as they’re prepared to let Hola hand their resources to Luminati for resale. Any users who don’t want this to happen can buy Hola for $5 per month.

Fair enough perhaps – but how does Luminati feature in Brennan’s problems? It appears his interest in the service was piqued after 8chan was hit by multiple denial of service attacks this week which originated from the Luminati / Hola network.

“An attacker used the Luminati network to send thousands of legitimate-looking POST requests to 8chan’s post.php in 30 seconds, representing a 100x spike over peak traffic and crashing PHP-FPM,” Brennan says.

Again, TorrentFreak asked Vilenski for his input. Again, there was no denial.

“8chan was hit with an attack from a hacker with the handle of BUI. This person then wrote about how he used the Luminati commercial VPN network to hack 8chan. He could have used any commercial VPN network, but chose to do so with ours,” Vilenski explains.

“If 8chan was harmed, then a reasonable course of action would be to obtain a court order for information and we can release the contact information of this user so that they can further pursue the damages with him.”

Vilenski says that Hola screens users of its “commercial network” (Luminati) prior to them being allowed to use it but in this case “BUI” slipped through the net. “Adjustments” have been made, Hola’s founder says.

“We have communicated directly with the founder of 8Chan to make sure that once we terminated BUI’s account they’ve had no further problems, and it seems that this is the case,” Vilenski says.

It is likely the majority of Hola’s users have no idea how the company’s business model operates, even though it is made fairly clear in its extensive FAQ/ToS. Installing a browser extension takes seconds and if it works as advertised, most people will be happy.

Whether this episode will affect Hola’s business moving forward is open to question but for those with a few dollars to spend there are plenty of options in the market. Until then, however, those looking for free options should read the small print before clicking install.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Krebs on Security: Phishing Gang is Audacious Manipulator

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Cybercriminals who specialize in phishing — or tricking people into giving up usernames and passwords at fake bank and ecommerce sites — aren’t generally considered the most sophisticated crooks, but occasionally they do exhibit creativity and chutzpah. That’s most definitely the case with a phishing gang that calls itself the “Manipulaters Team”, whose Web site boasts that it specializes in brand research and development.

I first learned about the Manipulaters from a source at an Australian bank who clued me in to a phishing group that specializes in targeting Apple’s iCloud services and a whole mess of U.S., European and Asian banks. For whatever reason (probably because they’re proud of their work), these guys leave a calling card of sorts in the WHOIS Web site registration records for most of the phishing domains that they register: According to Domaintools.com, some 329 domains are registered to “admin@manipulaters[dot]com” (complete list of domains: in PDF and CSV).

The Web site for the "Manipulaters Team," a phishing gang that brazenly advertises a specialization in "brand research."

The Web site for the “Manipulaters Team,” a phishing gang that brazenly advertises a specialization in “brand research.”

Manipulaters[dot]com is a pretty amusing site all around. Their home page advises that Mainpulaters “is an institute that caters to brand research & development. We have studied computer related products immensely, and are confident that we can get the job done. The learning never stops for us though, as we are always looking for ways to improve.” Brand research. Yeah, right.

“Our goal is to help each business and brand reach their ultimate potential,” explains the “Our Members” section of the site. “We have contracts with our members that allows us to have guidelines for them to follow on their path to success. We have put these in place for a reason. This provides the stability and direction that companies/brands need to succeed.” Points for brazenness.

Their site advises that interested parties can “become a member” of the Manipulaters Team just by paying a one-time membership fee of $15, and providing a driver’s license/ID card plus a phone or electricity bill. Ah, there’s nothing quite like phishers phishing phishers.

The scary aspect of this fraud gang is that they appear to play in the Web hosting space as well. Most of their phishing pages are in fact hosted on Internet address space that is assigned to Manipulaters[dot]com: Incredibly, the group is listed as the current occupants of an entire Class C range of Internet addresses, from 167.160.46.0 to 167.160.46.255.

One common name across most of the online properties erected by the Manipulators Team is Madih-ullah Riaz, a resident of Pakistan who appears to manage this phishing empire out of a high-rise apartment building in Karachi. Interestingly, Riaz’s email address — madihrb@hotmail.com — was among those listed as a user of BestRecovery, a phishing and malware deployment service whose user database was hacked last year. Mr. Riaz did not respond to requests for comment.

In fact, Mr. Riaz is listed as the founding member on the “About Us” page of the Manipulaters Team, along with a guy named Omer Fareed. Both men also are listed as founders of a software company called Posting Kit, which is a company included in the job history on Riaz’s LinkedIn profile.

The Manipulaters Team likes to use domain name service (DNS) settings from another blatantly fraudulent service called “FreshSpamTools[dot]eu”, a scammer-friendly service offered by a fellow Pakistani that also conveniently sells phishing toolkits targeting a number of popular brands. Manipulators indeed.

LWN.net: A security study of Docker images

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

The folks at Banyan have looked into the
security state
of the images stored on Docker Hub and published their
results. “More than a third of all images have high
priority vulnerabilities and close to two-thirds have high or medium
priority vulnerabilities. These statistics are especially troublesome
because these images are also some of the most downloaded images (several
of them have hundreds of thousands of downloads).

Raspberry Pi: SamplerBox – drop-and-play sampler

This post was syndicated from: Raspberry Pi and was written by: Liz Upton. Original post: at Raspberry Pi

Massive thanks to Clive for babysitting this blog (he’s been both writing and editing) while I was away. Any relaxation I was still feeling from the vacation evaporated the moment I saw my inbox. It was good while it lasted.

Regular readers will know that my favourite Raspberry Pi projects are often the musical ones. So I was really pleased to find a message from Joseph Ernest at SamplerBox bobbing up among the top few hundred emails of that inbox this morning. SamplerBox is an open-source, sub-€99 sampler in a box (hence the name), and it’s beautifully simple: drop samples onto the SD card, hook up a MIDI keyboard, and you’ll end up with something like this:

SamplerBox has more than 128 voices of polyphony (which sounds like way too much until you consider things like sustain pedals on pianos), and can load sample sets up to 1GB. Plus, it comes in a really cute laser-cut wooden box.

Setup’s as easy as…Pi.

samplerbox

This isn’t a project to buy: it’s open source, and made for you to build. Which is something I’ll be doing as soon as Joseph’s finished his instructions – I’m already scoping out boxes. Thanks Joseph!

 

 

The post SamplerBox – drop-and-play sampler appeared first on Raspberry Pi.

LWN.net: Security updates for Thursday

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Arch Linux has updated curl
(information leak).

Debian-LTS has updated dulwich
(code execution), eglibc (code execution),
exactimage (denial of service), and libnokogiri-ruby (information disclosure from 2012).

Fedora has updated ca-certificates (F20: CA update),
hostapd (F21; F20: denial of service), java-1.8.0-openjdk (F20: insecure tmp file
use), LibRaw (F21: denial of service), mingw-LibRaw (F21: denial of service), openslp (F20: two denial of service flaws, one
from 2010, one from 2012), php (F21;
F20: multiple vulnerabilities), postgresql (F22: three vulnerabilities), and
rawtherapee (F22: denial of service).

Mageia has updated fuse
(privilege escalation), kernel-linus
(denial of service), and kernel-tmb (denial of service).

openSUSE has updated glibc,
glibc-testsuite, glibc-utils, glibc.i686
(13.2, 13.1: two vulnerabilities).

SUSE has updated firefox (SLE12:
multiple vulnerabilities).

Schneier on Security: MOOC on Cybersecurity

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

The University of Adelaide is offering a new MOOC on “Cyberwar, Surveillance and Security.” Here’s a teaser video. I was interviewed for the class, and make a brief appearance in the teaser.

LWN.net: [$] SourceForge replacing GIMP Windows downloads

This post was syndicated from: LWN.net and was written by: n8willis. Original post: at LWN.net

In 2013, we reported that SourceForge.net had started to redirect
the download links clicked on by some users, providing those users with an
installer program that bundled in not just the software the user had
requested, but a set of side-loaded “utilities” as well. The practice
raised the ire of many in the community, even though it was an
optional service that SourceForge offered to project owners. Matters
may have changed recently, however, as the GIMP project discovered that
“GIMP for Windows” downloads had suddenly become side-loading
installers—and that the project could no longer access the SourceForge
account that was used to distribute them.