Bug in French government’s WhatsApp replacement let anyone join Élysée chats

Researcher found bug in email validation that let him log in and join “rooms” in Tchap app.

Rows of people in uniform march into a palace.

Enlarge / Around the same time French President was greeting firefighters who saved Notre Dame Cathedral from fire, a security researcher was burning a new "secure" chat application for French government officials intended to keep them off WhatsApp and Telegram. (credit: Christian Böhmer/picture alliance via Getty Images)

On April 17, the French government introduced an Android application meant to be used by government employees as an internal secure channel for communications. Called Tchap, it was touted as a replacement for WhatsApp and Telegram, providing (in theory) both group and private messaging channels to which only people with government email addresses could join.

Tchap is not intended to be a classified communications system—it runs on regular Android phones and uses the public Internet. But as the DINSIC, the French inter-ministry directorate for information systems that runs Tchap put it, Tchap "is an instant messenger allowing government employees to exchange real-time information on everyday professional issues, ensuring that the conversations remain hosted on the national territory." In other words, it's to keep official government business off of Facebook's and Telegram's servers outside France.

Based on the Riot.im chat application from the open source project Matrix, Tchap is officially still in "beta," according to DINSIC. And that beta test is getting off to a rough start. Within two days, French security researcher Baptiste Robert—who goes by the Twitter handle @fs0c131y (aka Elliot Alderson)—had tapped into Tchap and subsequently viewed all of the internal "public" discussion channels hosted by the service.

Read 10 remaining paragraphs | Comments

Loose online lips sink hack targeting governments and embassies

“EvaPiks” spills code and techniques used in ongoing hack campaign.

The word

Enlarge (credit: Frank Lindecke / Flickr)

Security researchers gave mixed grades to a recently discovered hacking campaign targeting government finance authorities and embassies. On the one hand, the attacks used carefully crafted decoy documents to trick carefully selected targets into installing malware that could gain full control of computers. On the other, a developer involved in the operation sometimes discussed the work in public forums.

The campaign has been active since at least 2018 when it sent Excel documents claiming to contain top-secret US data to people inside governments and embassies in Europe, security firm Check Point reported in a post published Monday. Macros in the documents would send a screenshot and user details of the target’s PC to a control server and then install a malicious version of TeamViewer that claimed to offer additional functionality. The trojan would then gain complete control over the infected computer.

A poorly secured control server allowed Check Point researchers to periodically see screenshots that were uploaded from infected computers, at least until the server was locked down. Most of the targets had a connection to public finance and government officials from revenue authorities. Using the intercepted images and telemetry data, Check Point researchers compiled a partial list of countries where targets were located. It included:

Read 5 remaining paragraphs | Comments

Millimeter-wave 5G will never scale beyond dense urban areas, T-Mobile says

T-Mobile CTO says 5G’s high-frequency spectrum won’t cover rural America.

T-Mobile CTO Neville Ray stands in front of a backdrop that says,

Enlarge / T-Mobile CTO Neville Ray. (credit: T-Mobile)

5G mobile networks have started arriving but only in very limited areas and amidst misleading claims by wireless carriers.

While all four major nationwide carriers in the United States have overhyped 5G to varying degrees, T-Mobile today made a notable admission about 5G's key limitation. T-Mobile Chief Technology Officer Neville Ray wrote in a blog post that millimeter-wave spectrum used for 5G "will never materially scale beyond small pockets of 5G hotspots in dense urban environments." That would seem to rule out the possibility of 5G's fastest speeds reaching rural areas or perhaps even suburbs.

Ray made his point with this GIF, apparently showing that millimeter-wave frequencies are immediately blocked by a door closing halfway while the lower 600MHz signal is unaffected:

Read 17 remaining paragraphs | Comments

17.5 inch Samsung Galaxy View tablet with a kickstand on the way? (leaks)

Three and a half years after after introducing an 18.4 inch Android tablet (or “mobile entertainment device”) called the Samsung Galaxy View, it looks like Samsung may be ready to offer a follow-up. SamMobile has published a set of leaked p…

Three and a half years after after introducing an 18.4 inch Android tablet (or “mobile entertainment device”) called the Samsung Galaxy View, it looks like Samsung may be ready to offer a follow-up. SamMobile has published a set of leaked photos and some specs for a device that the website says is the Samsung Galaxy […]

The post 17.5 inch Samsung Galaxy View tablet with a kickstand on the way? (leaks) appeared first on Liliputing.

Now you can use more Samsung phones, tablets as Linux desktop PCs

Samsung’s Linux on DeX software lets you use a Samsung smartphone or tablet as a Linux desktop computer by connecting an external display, mouse, and keyboard and running the app. When the software launched last year it was only compatible with t…

Samsung’s Linux on DeX software lets you use a Samsung smartphone or tablet as a Linux desktop computer by connecting an external display, mouse, and keyboard and running the app. When the software launched last year it was only compatible with two devices — the Samsung Galaxy Note 9 and Galaxy Tab S4. Now Samsung […]

The post Now you can use more Samsung phones, tablets as Linux desktop PCs appeared first on Liliputing.

Microsoft pulls the plug on Sets, the tabbed UI for Windows 10

Microsoft announced plans in 2017 to bring a new feature to Windows 10 called Sets. It was going to basically bring support for tabs to the user interface — you know how you can open multiple tabs in a web browser and flip between them without op…

Microsoft announced plans in 2017 to bring a new feature to Windows 10 called Sets. It was going to basically bring support for tabs to the user interface — you know how you can open multiple tabs in a web browser and flip between them without opening a new window? Imagine that… but with the […]

The post Microsoft pulls the plug on Sets, the tabbed UI for Windows 10 appeared first on Liliputing.

Faltbares Smartphone: Samsung sagt Start des Galaxy Fold ab

Samsung steht vor einem Foldgate: Der südkoreanische Hersteller hat den Marktstart des faltbaren Smartphones Galaxy Fold vorerst abgesagt. Nachdem die Testgeräte einiger Journalisten auch ohne ihr Zutun kaputt gegangen sind, soll das Gerät noch einmal …

Samsung steht vor einem Foldgate: Der südkoreanische Hersteller hat den Marktstart des faltbaren Smartphones Galaxy Fold vorerst abgesagt. Nachdem die Testgeräte einiger Journalisten auch ohne ihr Zutun kaputt gegangen sind, soll das Gerät noch einmal gründlich untersucht werden. (Samsung, Smartphone)

ACE Sees “Piracy Reduction” Efforts Pay Off, But Work is Not Done Yet

The Alliance for Creativity and Entertainment (ACE), the global anti-piracy coalition which includes the major Hollywood studios, plus Netflix, Amazon and others, is keeping the pressure on. The group recently managed to shut down another group of Kodi add-ons and builds. According to ACE, this is part of a broader “piracy reduction plan,” which is starting to pay off.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

During the summer of 2017, several of the largest entertainment industry companies in the world teamed up to create a new anti-piracy coalition.

The Alliance for Creativity and Entertainment (ACE) brought together well-known Hollywood outfits including Disney, Warner Bros, NBCUniversal, media giants such as Sky and BBC, as well as the streaming-based newcomers Amazon, Netflix, and Hulu.

This is without a doubt one of the most prominent copyright enforcement groups in history and one with a clear mission. ACE wants to bring a halt to all forms of piracy but with a specific focus on online streaming, which it sees as a major threat to its industry.

The organization has filed several lawsuits in the US, for example, targeting vendors of pirate streaming boxes. This has been quite effective so far, with Dragon Box settling for $14.5 million TickBox TV agreeing to pay $25 million in damages.

However, behind the scenes, there have been many less visible enforcement efforts as well. ACE regularly reaches out to developers who create ‘add-ons’ and ‘builds’ that are specifically designed to access pirated content through streaming boxes, including those running Kodi.

These efforts are not made public by ACE, but the targeted developers sometimes speak about them in public. Last week, for example, when the Hydra9 repository was targeted, among others. 

“Some in the community got served ACE letters yesterday, including myself. My letter specifically mentions most of my builds, and the Hydra9 repo,” developer ‘Terror’ informed people on Telegram, sharing a cease and desist letter. 

“I have made so many friends in this community and the Hydra9 team has been the highlight of my time making builds. I will likely continue as a skinner/teacher only, after I’m done dealing with ACE,” he added.

The letter in question is similar to those that have gone out to many other developers since 2017. As can be seen below, it comes with a rather impressive list of logos from entertainment industry companies, to which Discovery Inc., Channel 5, and Telefe have yet to be added.

It appears that these efforts have been quite successful but thus far ACE hasn’t said much about them in public. To find out more, we asked the organization whether it could share any data on how many of these requests it has sent out over the past two years. 

While we didn’t get any exact figures from ACE, which clearly doesn’t want to give away too much, the group said that a “significant” number of developers and site operators cooperated after being notified. 

“ACE has sought and obtained voluntary cooperation from a significant number of owners, operators, and developers of sites, add-ons, and services that facilitate piracy,” ACE spokesperson Richard VanOrnum told us. 

ACE targets people throughout the world and says it prioritizes voluntary measures over lawsuits. Through these efforts, it hopes to boost the legal market. Thus far, the media companies behind the group are happy with the results.

“Our members are pleased that the overwhelming majority of owners, operators, and developers of sites, add-ons, and services that facilitate copyright theft voluntarily comply with copyright law upon contact with ACE representatives,” VanOrnum tells us.

“We will execute more planned global actions along these lines and look to continue our success protecting creators around the world,” he adds.

If a cease and desist order is ignored, legal action remains an option. While ACE hasn’t shied away from that in the past, it aims to address issues out of court where possible.

Cease and desist letters are only part of its strategy though. ACE also seeks cooperation from many other players in the ecosystem, including advertising networks, payment processors, cyberlockers, domain name registrars and registries, search engines, online marketplaces, and social media services, to name a few.

ACE hopes to promote legally available content while addressing illegal add-ons and streaming boxes. However, it also has its eyes set on other streaming services, including apps and websites. 

“We are continuously reviewing our strategy and will consider new outreach and enforcement efforts where appropriate,” VanOrnum tells us, again, without giving away any concrete targets.

The group does explain that it has a comprehensive “piracy reduction plan” which tries to incorporate all the major streaming threats.

While the early signs suggest that this plan is paying off, work is far from done yet. New investigations are being launched on a regular basis, which means that the cease and desist letter Hydra9 received, was certainly not the last.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Time travel and Black Lives Matter mix in new trailer for See You Yesterday

Director Stefon Bristol: “I don’t want the conversation on police brutality to slow down.”

High school BFFs C.J. and Sebastian build a backpack to travel through time in the Spike Lee-produced See You Yesterday.

Two teenaged science nerds in the Flatbush neighborhood of Brooklyn build a makeshift time machine to right a tragic wrong in See You Yesterday, a new film from Spike Lee's 40 Acres and a Mule Filmworks. It's director Stefon Bristol's first feature film, based on a 2017 short film co-written by Fredrica Bailey and featured at the American Black Film Festival.

Here's the official synopsis:

High school best friends and science prodigies C.J. and Sebastian spend every spare minute working on their latest homemade invention: backpacks that enable time travel. But when C.J.'s older brother Calvin dies after an encounter with police officers, the young duo decide to put their unfinished tech to use in a desperate bid to save Calvin. From director Stefon Bristol and producer Spike Lee comes See You Yesterday, a sci-fi adventure grounded in familial love, cultural divides, and the universal urge to change the wrongs of the past.

The trailer is equally straightforward. We see C.J. (Eden Duncan-Smith) and Sebastian (Dante Crichlow) geeking out over their science experiment, excited about what it would mean for their college prospects should they actually get their time travel device to work. There's the obligatory shout-out to Einstein, whose general theory of relativity at least offers the (highly improbable) possibility of traveling back in time. Even if that were somehow possible, and with a portable device that fits in a backpack, there's still the question of whether it's possible to change the past. (Lost had it right: "Whatever happened, happened.")

Read 4 remaining paragraphs | Comments

Tesla has three of the 11 most popular cars shared on Turo

EV supply grew 1.6x faster than hybrid or internal combustion engine vehicles in 2018.

Tesla has three of the 11 most popular cars shared on Turo

Enlarge (credit: Turo)

In honor of Earth Day, the folks at Turo got in touch to tell me about the rising popularity of electric vehicles on the car sharing platform. For the uninitiated, Turo is a site that lets people rent out their vehicles when they're not using them—and yes, it includes insurance in case the renter does something they're not supposed to do. And increasingly, the vehicles that people are looking for, and the vehicles they're sharing, are electric. In fact, the supply of EVs on Turo grew by 1.5 times the rate of hybrids or conventionally powered vehicles in 2017 and 1.6 times in 2018. The growth in demand is lagging a little, but demand for EVs still grew at 1.4 times the rate of hybrids and conventionally powered vehicles in 2017 and 1.5 times in 2018.

There are no prizes for guessing that much of this growth was from people adding Teslas to the platform and people correspondingly looking to rent Teslas. In 2014, there were just 67 Teslas for rent on Turo. At the time of writing, the company tells me that there are now 6,000 Teslas on the site.

(credit: Turo)

As we discovered in January, the most popular car to rent on Turo last year was the Jeep Wrangler, and for 2018 none of the top five most rented cars were battery EVs. But the Model S was in sixth place back then, with the Model X in tenth and the new Model 3 just one spot behind. "It's fascinating to see how popular EVs have become over the last year," explained Andre Haddad, Turo's CEO. "The Model 3 only showed up last spring, then started to take off in the summer as more people got their cars. And in Q4 2018, the Model 3 had overtaken the Model X." (Haddad also owns a Model S, Model X, and Model 3, all of which he rents out on the platform.)

Read 2 remaining paragraphs | Comments