A potent botnet is exploiting a critical router bug that may never be fixed

With Internet stability hanging in the balance, router maker maintains radio silence.

A Dasan Networks router similar to this one is under active exploit by the potent Satori botnet. (credit: Dasan Networks)

A fast-moving botnet that turns routers, cameras, and other types of Internet-connected devices into potent tools for theft and destruction has resurfaced again, this time by exploiting a critical vulnerability that gives attackers control over as many as 40,000 routers. Despite the high stakes, there's no indication that the bug will be fixed anytime soon, if at all.

Satori, as the botnet has been dubbed, quickly made a name for itself in December, when it infected more than 100,000 routers in just 12 hours by exploiting critical vulnerabilities in two models, one made by Huawei and the other by RealTek. Last month, Satori operators released a new version that infected devices used to mine digital coins, a feat that allowed the attackers to mine as much as $3,000 worth of Etherium, based on prices the digital coin was commanding at the time.

In recent days, Satori has started infecting routers manufactured by Dasan Networks of South Korea. The number of daily infected routers is about 13,700, with about 82 percent of them located in Vietnam, a researcher from China-based Netlab 360 told Ars. Queries on the Shodan search index of Internet-connected devices show there are a total of more than 40,000 routers made by Dasan. The company has yet to respond to an advisory published in December that documented the code-execution vulnerability Satori is exploiting, making it possible that most or all of the devices will eventually become part of the botnet.

Read 8 remaining paragraphs | Comments

Microsoft’s compiler-level Spectre fix shows how hard this problem will be to solve

Investigation of Microsoft’s compiler changes show that much of the time, they won’t fix Spectre.

Enlarge (credit: Aurich Lawson / Getty Images)

The Meltdown and Spectre attacks that use processor speculative execution to leak sensitive information have resulted in a wide range of software changes to try to limit the scope for harm. Many of these are operating system-level fixes, some of which depend on processor microcode updates.

But Spectre isn't a simple attack to solve; operating system changes help a great deal, but application-level changes are also needed. Apple has talked about some of the updates it has made to the WebKit rendering engine, used in its Safari browser, but this is only a single application.

Microsoft is offering a compiler-level change for Spectre. The "Spectre" label actually covers two different attacks. The one that Microsoft's compiler is addressing, known as "variant 1," concerns checking the size of an array: before accessing the Nth element of an array, code should check that the array has at least N elements in it. Programmers using languages like C and C++ often have to write these checks explicitly. Other languages, like JavaScript and Java, perform them automatically. Either way, the test has to be done; attempts to access array members that don't exist are a whole class of bugs all on their own.

Read 23 remaining paragraphs | Comments

US Senator demands review of loot box policies, citing potential harm

New Hampshire’s Hassan says FTC action may be necessary if industry doesn’t respond.

Enlarge / Sen. Hassan urged the ESRB to review "the board’s ratings process and policies as they relate to loot boxes." (credit: US Senator Maggie Hassan of New Hampshire)

Sen. Maggie Hassan (D-N.H.) sent an open letter to the Entertainment Software Rating Board (ESRB) today urging the industry's self-regulatory body to "review the completeness of the board's ratings process and policies as they relate to loot boxes and to take into account the potential harm these types of micro-transactions may have on children."

Loot boxes—which offer randomized in-game rewards, often in exchange for real money— concern Hassan for the "psychological principles and enticing mechanics that closely mirror those often found in casinos and games of chance," as the letter reads. While acknowledging "robust debate over whether loot boxes should be considered gambling," Hassan argues that "they are both expensive habits and use similar psychological principles" and thus deserve extra scrutiny. "The potential harm is real."

Hassan urged the ESRB in the letter to examine whether loot boxes are being marketed "in an ethical and transparent way that adequately protects the developing minds of young children from predatory practices." She also asked the board to "collect and publish data" on how developers and players use loot boxes.

Read 7 remaining paragraphs | Comments

More nightmare fuel: Bedbugs create cesspool of poop and histamine in your bed

Histamine levels in infested homes were 20X higher than normal.

Enlarge / A typical bed bug aggregation showing blood-fed and unfed bed bugs and fecal spots that contain histamine (photo credit: Matt Bertone) (credit: DeVries et al.)

It’s official: pooping the bed is not the worst thing you can do. Letting bedbugs do it is worse.

As the creepy critters bite you while you slumber, they also squeeze out poops loaded with histamine, a chemical that our own bodies push out during an inflammatory response to allergens. Histamine can trigger itchiness, watery eyes, sneezing, trouble breathing, headaches, and asthma attacks, among other problems. Homes with bedbug infestations can become histamine Dutch ovens, according to a new study led by entomologists and health experts at North Carolina State University. The researchers found that histamine levels in infested homes were at least 20-times higher than levels in bed-bug free homes.

And that’s not all. Researchers writing in PLOS ONE also found that those histamine levels linger. In infested homes that were heat treated—which involves circulating hot air (~50 ̊C) into a home to wipe out the bugs—histamine levels remained high for months afterward.

Read 13 remaining paragraphs | Comments

Apple’s $350 HomePod may damage wood furniture, but at least it sounds good

The Apple HomePod is a premium wireless speaker with support for Siri, Apple Music, and… not much else at the moment. The HomePod started shipping last week, and most early reviewers agree that it’s one of the best sounding wireless speakers on the mar…

The Apple HomePod is a premium wireless speaker with support for Siri, Apple Music, and… not much else at the moment. The HomePod started shipping last week, and most early reviewers agree that it’s one of the best sounding wireless speakers on the market, but that it’s not as “smart” as an Amazon Echo or […]

Apple’s $350 HomePod may damage wood furniture, but at least it sounds good is a post from: Liliputing

European bankers scoff at bitcoin for its risk, huge energy inefficiency

Top officials from Bundesbank, ECB push for the necessity of fiat currency.

Enlarge / Deutsche Bundesbank President Jens Weidmann during a keynote speech at the Bundesbank European money and finance forum in Frankfurt, Germany, on February 8, 2018. (credit: Krisztian Bocsi/Bloomberg via Getty Images)

On Wednesday, a top German central banker told a conference in Frankfurt that replacing cash with bitcoin and similar cryptocurrencies is too risky and inefficient to be an effective medium of exchange.

"For a stable monetary and financial system, we need no crypto-tokens, but rather central banks obligated to price stability and effective banking regulation, and we have both in the eurozone," Jens Weidmann, the head of the Bundesbank, said.

His remarks (German) come as other top European bankers are making aligned public statements expressing skepticism about bitcoin and related digital currencies. On Tuesday, the ECB put out a graphic dubbing bitcoin not a currency but a "speculative asset."

Read 8 remaining paragraphs | Comments

How to read EPUB books with an Kindle

Amazon’s Kindle line of devices are some of the most popular E Ink gadgets for reading eBooks, and for good reason. They’re relatively inexpensive, have good displays, offer long battery life, and make reading books from Amazon’s Kindle store super eas…

Amazon’s Kindle line of devices are some of the most popular E Ink gadgets for reading eBooks, and for good reason. They’re relatively inexpensive, have good displays, offer long battery life, and make reading books from Amazon’s Kindle store super easy. But what about books you didn’t buy from Amazon? Kindles can support books that […]

How to read EPUB books with an Kindle is a post from: Liliputing

SpaceX hits two milestones in plan for low-latency satellite broadband

SpaceX got good news from the FCC and will launch two demo satellites Saturday.

Enlarge (credit: Getty Images | Olena_T)

SpaceX's satellite broadband plans are getting closer to reality. The company is about to launch two demonstration satellites, and it is on track to get the Federal Communications Commission's permission to offer satellite Internet service in the US.

Neither development is surprising, but they're both necessary steps for SpaceX to enter the satellite broadband market. SpaceX is one of several companies planning low-Earth orbit satellite broadband networks that could offer much higher speeds and much lower latency than existing satellite Internet services.

Today, FCC Chairman Ajit Pai proposed approving SpaceX's application "to provide broadband services using satellite technologies in the United States and on a global basis," a commission announcement said. SpaceX would be the fourth company to receive such an approval from the FCC, after OneWeb, Space Norway, and Telesat. "These approvals are the first of their kind for a new generation of large, non-geostationary satellite orbit, fixed-satellite service systems, and the Commission continues to process other, similar requests," the FCC said today.

Read 11 remaining paragraphs | Comments

Deals of the Day (2-14-2018)

This Valentine’s Day, why not give the gift of reading? Amazon’s running a sale on all of its Kindle eReaders and offering up to 80 percent off select eBooks. Prefer to avoid Amazon’s ecosystem? The Kobo Aura Edition 2 eReader is also on sale for $20 o…

This Valentine’s Day, why not give the gift of reading? Amazon’s running a sale on all of its Kindle eReaders and offering up to 80 percent off select eBooks. Prefer to avoid Amazon’s ecosystem? The Kobo Aura Edition 2 eReader is also on sale for $20 off today. And Google is offering $3 off the […]

Deals of the Day (2-14-2018) is a post from: Liliputing

‘Pirate’ Kodi Addon Devs & Distributors Told to Cease-and-Desist

The Alliance For Creativity and Entertainment, which counts major Hollywood studios, Netflix and Amazon among its members, has reportedly launched a new offensive against elements of the Kodi-addon community. Cease and desist letters have been sent to several individuals, from those maintaining builds and repositories to people publishing how-to videos on YouTube.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Last November, following a year of upheaval for third-party addon creators and distributors, yet more turmoil hit the community in the form of threats from the world’s most powerful anti-piracy coalition – the Alliance for Creativity and Entertainment (ACE).

Comprised of 30 companies including the studios of the MPAA, Amazon, Netflix, CBS, HBO, BBC, Sky, Bell Canada, CBS, Hulu, Lionsgate, Foxtel, Village Roadshow, and many more, ACE warned several developers to shut down – or else.

The letter: shut down – or else

Now it appears that ACE is on the warpath again, this time targeting a broader range of individuals involved in the Kodi addon scene, from developers and distributors to those involved in the production of how-to videos on YouTube.

The first report of action came from TVAddons, who noted that the lead developer at the Noobs and Nerds repository had been targeted with a cease-and-desist notice, adding that people from the site had been “visited at their homes.”

As seen in the image below, the Noobs and Nerds website is currently down. The site’s Twitter account has also been disabled.

Noobs and Nerds – gone

While TVAddons couldn’t precisely confirm the source of the threat, information gathered from individuals involved in the addon scene all point to the involvement of ACE.

In particular, a man known online as Teverz, who develops his own builds, runs a repo, and creates Kodi-themed YouTube videos, confirmed that ACE had been in touch.

An apparently unconcerned Teverz….

“I am not a dev so they really don’t scare me lmao,” he added.

Teverz claims to be from Canada and it appears that others in the country are also facing cease and desist notices. An individual known as Doggmatic, who also identifies as Canadian and has Kodi builds under his belt, says he too was targeted.

Another target in Canada

Doggmatic, who appears to be part of the Illuminati repo, says he had someone call the people who sent the cease-and-desist but like Teverz, he doesn’t seem overly concerned, at least for now.

“I have a legal representative calling them. The letters they sent aren’t legal documents. No lawyer signed them and no law firm mentioned,” Doggmatic said.

But the threats don’t stop there. Blamo, the developer of the Neptune Rising addon accessible from the Blamo repo, also claims to have been threatened.

SpinzTV, who offers unofficial Kodi builds and an associated repository, is also under the spotlight. Unlike his Canadian counterparts, he has already thrown in the towel, according to a short announcement on Twitter.

For SpinzTV it’s all over…

TorrentFreak contacted the Alliance for Creativity and Entertainment, asking them if they could confirm the actions and provide any additional details. At the time of publication they had no information for us but we’ll update if and when that comes in.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons