Attack code was published on Friday that exploits a critical vulnerability in Magento e-commerce platform, all bug guaranteeing it will be used to plant payment card skimmers on sites that have yet to install a recently released patch.
PRODSECBUG-2198 is a SQL injection vulnerability that attackers can exploit with no authentication required. Hackers could exploit the flaw to take administrative control of administrator accounts, assuming the hackers can download user names and password hashes and crack the hashes. From there, attackers could install the backdoors or skimming code of their choice. A researcher at Web security firm Sucuri said Thursday that company researchers reverse-engineered an official patch released Tuesday and successfully created a working proof of concept exploit.
The U.S. is recommending a 12.5 year prison sentence for Paul Hansmeier, one of the lead attorneys of the controversial law firm Prenda. The Pirate Bay played a crucial role in the case, since it’s where Prenda uploaded porn movies to extract settlements from alleged pirates. Hansmeier admitted his wrongdoing but is requesting a more lenient prison sentence of little over 7 years.
Over the past several years, so-called copyright trolls have been accused of various dubious schemes and actions, but one firm crossed into criminal territory.
The now-defunct Prenda Law repeatedly deceived courts, obtaining millions of dollars in dubious piracy settlements, while using sham companies as clients.
Most controversial was the shocking revelation that Prenda uploaded their own torrents to The Pirate Bay, creating a honeypot for the people they later sued over pirated downloads.
The accusation was first published here on TorrentFreak. While some disregarded it as a wild conspiracy theory, the US Department of Justice took it rather seriously. These and other allegations ultimately resulted in a criminal indictment, which was filed in 2016.
The US Government accused two leading Prenda lawyers of various crimes, including money laundering, perjury, mail, and wire fraud. Since then both defendants, attorneys Paul Hansmeier and John Steele, have both signed plea agreements.
Last summer, Hansmeier admitted that he is guilty of conspiracy to commit mail fraud and wire fraud, as well as conspiracy to commit money laundering. With the final decision coming up, the Government and the defendant have now issued their sentencing recommendations.
According to the Government, it is clear that Hansmeier was the driving force behind the entire scheme. He came up with the settlement scheme, drafted nearly all paperwork that was used to deceive judges, and directed his brother to upload torrents to lure pirates.
“Hansmeier instructed his brother, Peter Hansmeier, to upload ‘torrent files’ to BitTorrent websites such as the Pirate Bay, affirmatively to induce people to steal his clients’ copyrighted pornographic movies,” the Government writes.
“Paul Hansmeier selected the pornographic movies for his brother to upload based upon how attractive they would be to BitTorrent users, thus deliberately encouraging the piracy Hansmeier pretended to hate.”
Hansmeier’s brother uploaded several torrents under the username Sharkmp4, many of which remain online today.
Sharkmp4
With the IP-addresses that were obtained through this honeypot scheme, Prenda requested subpoenas to obtain the names and addresses of Internet subscribers. These people were then threatened into settling for figures up to $3,000. Whether they were guilty or not appeared to be irrelevant.
“Hansmeier was generally content to take this step without investigating whether the subscriber was, in fact, the infringer. Hansmeier thus inflicted plenty of pain on persons who did not, in fact, download his pornographic bait,” the Government writes.
In total, Prenda Law generated roughly $3,000,000 from the fraudulent copyright lawsuits they filed at courts throughout the United States.
While it is by no means illegal to go after file-sharers, the Prenda attorneys crossed a line by repeatedly lying to or misleading the courts. Hansmeier also filmed and produced many videos himself, leading the court to believe that these were from a third-party company.
Hansmeier argued that the videos were from a company called “Ingenuity 13,” for example, but didn’t mention that he was the driving force behind it. Also, the court was led to believe that pirates caused financial damage, even though the videos were never commercially distributed.
Based on these and other allegations, the U.S. prosecution has reached a rather damning conclusion.
“In summary, Hansmeier was greedy, arrogant, devious, mendacious, and consistently positioned other people to be damaged by his conduct, even as he enjoyed the proceeds of the scheme he orchestrated,” it writes.
As such, the Government is recommending that the court sentences Hansmeier to 150 months in prison, which is believed to be within the guidelines for this specific case.
150 months
The attorney for Hansmeier disagrees with this recommendation. The defense has several objections to the presentence investigation report. It, therefore, calls for a lower sentence of no more than 87 months followed by three years of supervision.
Hansmeier’s attorney also requests the court not to issue a fine, as restitution will be paid to those that were damaged by the settlement scheme.
Either way, it is clear that the Prenda attorney will likely spend several years in prison.
The other defendant, John Steele, has also pleaded guilty but the Government is much more positive about his conduct following the indictment.
“Steele has not shied away from the ugly truth of his crimes and the significant consequences that he faces. Unlike codefendant Hansmeier and many other similarly situated defendants, Steele has not tried to evade or minimize the extent and impact of his crimes.
“Shortly after being charged, Steelemet with the government, provided a truthful and complete rendition of his misconduct, and since that time has stood ready to testify against Hansmeier if called upon to do so,” the prosecution adds.
Unlike Hansmeier, Steele did not fight the case. While he deserves a prison sentence, this cooperative stance should be taken into account. The Government says it will issue a more specific recommendation for Steele in the future.
Both Prenda defendants will be sentenced at a later date.
—
A copy of the US Government’s sentence recommendation for Paul Hansmeier is available here (pdf) and the Government’s position on Steele’s sentencing can be found here (pdf).
The failures may be uncommon, but third time isn’t the charm for this design.
Enlarge/ The 2017 and 2018 15-inch MacBook Pros side-by-side. Each has a butterfly keyboard. (credit: Samuel Axon)
Apple has again acknowledged failures in MacBook butterfly keyboards and apologized. The apology was included in a Wall Street Journal report by prominent tech journalist Joanna Stern pointing out that, like some others, she encountered a keyboard failure in her 2018 MacBook Air.
Stern published the following statement sent to her by an Apple spokesperson:
We are aware that a small number of users are having issues with their third-generation butterfly keyboard and for that we are sorry. The vast majority of Mac notebook customers are having a positive experience with the new keyboard.
The spokesperson also advised users to contact Apple customer support if they had a problem with the keyboards, Stern wrote.
Both FCC and FTC fail to collect vast majority of robocall fines, WSJ reports.
Enlarge/ FCC Chairman Ajit Pai on December 14, 2017, in Washington DC, the day of the FCC's vote to repeal net neutrality rules. (credit: Getty Images | Alex Wong )
The Federal Communications Commission has issued $208.4 million in fines against robocallers since 2015, but the commission has collected only $6,790 of that amount. That's because the FCC lacks authority to enforce the penalties, according to an investigation by The Wall Street Journal.
The Journal learned of the $6,790 figure by making a Freedom of Information Act request. "An FCC spokesman said his agency lacks the authority to enforce the forfeiture orders it issues and has passed all unpaid penalties to the Justice Department, which has the power to collect the fines," the Journal report said. "Many of the spoofers and robocallers the agency tries to punish are individuals and small operations, [the spokesman] added, which means they are at times unable to pay the full penalties."
Calif. bill would require state-level approval of every medical vaccine exemption.
Enlarge/ Dr. Robert Sears examines 2-mo-old twins. Sears is among the doctors who have been found to have issued fraudulent medical vaccination exemptions. (credit: Getty | Don Bartletti)
California state lawmakers this week introduced a bill that would grant the state's health department the power to approve all medical exemptions for childhood vaccinations, revoke fraudulent exemptions, and maintain a database of exemptions and the physicians who issue them.
The bill, SB 276, is designed to thwart the state's recent problem of "unethical" doctors exempting children from mandatory vaccinations based on dubious or outright bogus medical grounds—often for fees.
Medical exemptions are intended to only be given to children who have legitimate medical conditions that prevent them from receiving vaccines. That includes children who are taking immune-suppressing drugs, such as cancer and transplant patients, and those with life-threatening allergies to vaccines. Yet sham medical exemptions have been on the rise since lawmakers banned exemptions based on personal beliefs in 2015 (SB 277). Since then, the number of kindergarteners with medical exemptions in the state has tripled, bringing the kindergartener exemption rate to 0.7 percent.
As Amazon Prime's annual cost has grown over the years, so has its spread of perks, and that's particularly true for video game fans who claim its attached "Twitch Prime" subscription bonus. Weirdly, paying Amazon's subscription fee sometimes results in vouchers for other services' subscription fees, primarily in the form of free-trial offers to paid MMOs.
On Thursday, Amazon went one bigger by allying with its first-ever console maker in order to create a pretty solid perk. If you own a Nintendo Switch and pay for Amazon Prime, you can now claim a combined 12 months of free Nintendo Switch Online access (a $20 USD value) through a Twitch Prime perks page.
If you've already pre-paid for a full 12 months of Nintendo Switch Online (which includes access to online multiplayer modes and a selection of classic NES games), you're still in luck. This new Twitch Prime offer logs you into your NSO account, then stacks your new free months on top of any NSO period you've already paid for. (To confirm when your existing NSO subscription is going to end, you can check your account here.)
The trailer and stage presentation highlighted the sheer number of Borderlands fan-favorite characters coming back for this sequel. Moxxi, Claptrap, and an older, redesigned Tiny Tina join Vaughn from Tales of the Borderlands, Aurelia from Borderlands: The Pre-Sequel, and almost everyone in between in making an appearance. The main exception is Borderlands 2 antagonist Handsome Jack: "He's dead... you killed him," Gearbox CEO Randy Pitchford said onstage.
We saw very little of this futuristic city.
From the quick-cut snippets shown, the game itself looks familiar. Up to four players loot a promised "over one billion guns" (including "guns with legs") to shoot all manner of humans, skags, and mechanical foes in a variety of post-apocalyptic environs, with the help of desert-compatible vehicles and mech suits for good measure. No release date or platform information is available yet, but the studio promises more information on April 3.
Both the Java and the console versions of the game have been updated.
Every Minecraft player's worst nightmare. (credit: Kyle Orland)
Microsoft has removed a trio of references to Markus "Notch" Persson, the creator of Minecraft, from the game's opening menu screen. Random messages known as "splash text" are printed in yellow on this screen, and they used to include "Made by Notch!", "The Work of Notch", and "110813!" (a reference to the day Persson got married), but now all three mentions are gone. Notch is still included in the game's credits, but the change means that Minecraft players will no longer be randomly referenced.
Persson first released the blocky building game in 2009. Five years later, after the game had become a global smash hit, he sold his company Mojang to Microsoft for $2.5 billion, giving Redmond ownership of Minecraft. The references to Notch have remained a feature until their removal in this latest patch. They're reported to have been removed both from the original Java edition played on PCs and the legacy console edition used on PlayStation 4.
No official rationale has been offered for the change, but Persson has become something of a polarizing figure on Twitter. Recent tweets include such family-friendly fodder as "I'd rather be a fascist cunt than have a feminine dick" (since deleted) and endorsements of both the Pizzagate and QAnon conspiracy theories. He's also propagated the false claim that people face fines for "using the wrong pronouns" to refer to trans people. Additionally, Persson has also offered a range of racial commentary, such as "It's ok to be white," and he's said that anyone who recognizes systemic racial biases and imbalance within Western society is racist.
The LG G8 ThinQ smartphone features a Qualcomm Snapdragon 855 processor, a 6.1 inch, 3120 x 1440 pixel OLED display, 6GB of RAM, and 128GB of storage. Basically, the phone has everything you’d expect from a flagship Android phone in 2019. But whe…
The LG G8 ThinQ smartphone features a Qualcomm Snapdragon 855 processor, a 6.1 inch, 3120 x 1440 pixel OLED display, 6GB of RAM, and 128GB of storage. Basically, the phone has everything you’d expect from a flagship Android phone in 2019. But when LG unveiled the phone in February, the company also introduced a few […]
Computers with AMD Ryzen computes tend to be more affordable than models with roughly equivalent Intel processors. But even so, I was a bit surprised to see that Lenovo is selling a Ryzen-powered Lenovo 720s laptop for just $495 today. For that price, …
Computers with AMD Ryzen computes tend to be more affordable than models with roughly equivalent Intel processors. But even so, I was a bit surprised to see that Lenovo is selling a Ryzen-powered Lenovo 720s laptop for just $495 today. For that price, you get a 2.4 pound laptop with a 13.3 inch full HD […]
Over the past several years, so-called copyright trolls have been accused of various dubious schemes and actions, but one firm crossed into criminal territory.
You must be logged in to post a comment.