Xfinity waited 13 days to patch critical Citrix Bleed 0-day. Now it’s paying the price

Data for almost 36 million customers now in the hands of unknown hackers.

A parked Comcast service van with the

Enlarge / A Comcast Xfinity service van in San Ramon, California on February 25, 2020. (credit: Getty Images | Smith Collection/Gado )

Comcast waited 13 days to patch its network against a high-severity vulnerability, a lapse that allowed hackers to make off with password data and other sensitive information belonging to 36 million Xfinity customers.

The breach, which was carried out by exploiting a vulnerability in network hardware sold by Citrix, gave hackers access to usernames and cryptographically hashed passwords for 35.9 million Xfinity customers, the cable TV and Internet provider said in a notification filed Monday with the Maine attorney general’s office. Citrix disclosed the vulnerability and issued a patch on October 10. Eight days later, researchers reported that the vulnerability, tracked as CVE-2023-4966 and by the name Citrix Bleed, had been under active exploitation since August. Comcast didn’t patch its network until October 23, 13 days after a patch became available and five days after the report of the in-the-wild attacks exploiting it.

“However, we subsequently discovered that prior to mitigation, between October 16 and October 19, 2023, there was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability,” an accompanying notice stated. “We notified federal law enforcement and conducted an investigation into the nature and scope of the incident. On November 16, 2023, it was determined that information was likely acquired.”

Read 6 remaining paragraphs | Comments

MSI Prestige 13 AI Evo is a 2.2 pound Meteor Lake laptop with a 2.8K OLED display

Intel’s new Meteor Lake chips are designed for laptops, mini PCs, and other small computers. But the new MSI Prestige 13 AI Evo may be one of the thinnest, lightest Meteor Lake laptops announced to date. It measures just 16.9mm (0.67 inches) thi…

Intel’s new Meteor Lake chips are designed for laptops, mini PCs, and other small computers. But the new MSI Prestige 13 AI Evo may be one of the thinnest, lightest Meteor Lake laptops announced to date. It measures just 16.9mm (0.67 inches) thick and weighs just 990 grams (2.2 pounds), but supports up to an Intel […]

The post MSI Prestige 13 AI Evo is a 2.2 pound Meteor Lake laptop with a 2.8K OLED display appeared first on Liliputing.

Blue Origin’s suborbital rocket flies for first time in 15 months

An engine failure destroyed a New Shepard rocket on its previous flight.

Blue Origin's New Shepard booster comes in for landing in West Texas at the conclusion of Tuesday's suborbital flight.

Enlarge / Blue Origin's New Shepard booster comes in for landing in West Texas at the conclusion of Tuesday's suborbital flight. (credit: Blue Origin)

With redesigned engine components, Blue Origin's New Shepard rocket took off from West Texas and flew to the edge of space on Tuesday with a package of scientific research and technology demonstration experiments.

This was the first flight of Blue Origin's 60-foot-tall (18-meter) New Shepard rocket since September 12, 2022, when an engine failure destroyed the booster and triggered an in-flight abort for the vehicle's pressurized capsule. There were no passengers aboard for that mission, and the capsule safely separated from the failed booster and parachuted to a controlled landing.

The flight on Tuesday also didn't carry people. Instead, Blue Origin, Jeff Bezos's space company, lofted 33 payloads from NASA, research institutions, and commercial companies. Some of these payloads were flown again on Tuesday's launch after failing to reach space on the failed New Shepard mission last year. Among these payloads were an experiment to demonstrate hydrogen fuel cell technology in microgravity and an investigation studying the strength of planetary soils under different gravity conditions.

Read 15 remaining paragraphs | Comments

Blue Origin’s suborbital rocket flies for first time in 15 months

An engine failure destroyed a New Shepard rocket on its previous flight.

Blue Origin's New Shepard booster comes in for landing in West Texas at the conclusion of Tuesday's suborbital flight.

Enlarge / Blue Origin's New Shepard booster comes in for landing in West Texas at the conclusion of Tuesday's suborbital flight. (credit: Blue Origin)

With redesigned engine components, Blue Origin's New Shepard rocket took off from West Texas and flew to the edge of space on Tuesday with a package of scientific research and technology demonstration experiments.

This was the first flight of Blue Origin's 60-foot-tall (18-meter) New Shepard rocket since September 12, 2022, when an engine failure destroyed the booster and triggered an in-flight abort for the vehicle's pressurized capsule. There were no passengers aboard for that mission, and the capsule safely separated from the failed booster and parachuted to a controlled landing.

The flight on Tuesday also didn't carry people. Instead, Blue Origin, Jeff Bezos's space company, lofted 33 payloads from NASA, research institutions, and commercial companies. Some of these payloads were flown again on Tuesday's launch after failing to reach space on the failed New Shepard mission last year. Among these payloads were an experiment to demonstrate hydrogen fuel cell technology in microgravity and an investigation studying the strength of planetary soils under different gravity conditions.

Read 15 remaining paragraphs | Comments

PornHub Sister Company Seeks Piracy Blocking Order & $21m Damages

Pornhub sister company MG Premium hopes to shut down the copyright-infringing tube site Goodporn. Following a bizarre court battle, the company is requesting a default judgment of more than $21 million. MG Premium also seeks an injunction that would require hosting companies, search engines, and other intermediaries to block the site’s domain names.

From: TF, for the latest news on copyright battles, piracy and more.

dollarsThe name ‘Aylo’ might not ring a bell with many people but it is one of the leading players in the adult entertainment industry.

Formerly known as MindGeek, and Manwin before that, the company conquered the online adult market over the past decade by offering free porn to the masses.

With help from user-uploaded videos, the company built massive databases of adult entertainment, much to the frustration of incumbent adult industry companies that, in the past, often found pirated copies of their content on MindGeek-operated sites.

This bold business model paid off with billions of visits that provided a sizable revenue stream through sites such as Pornhub, YouPorn, Redtube, Tube8, and dozens of others. And as MindGeek’s stature rose, the company transformed into a major rightsholder which today operates under Aylo branding.

This imperium also controls a lot of copyrighted content. Aylo subsidiary MG Premium, for example, which owns various brands including Brazzers, has more than 40,000 works registered at the US Copyright Office which it actively protects.

Aylo’s subsidiary regularly files lawsuits against ‘pirate’ tube sites and users of peer-to-peer networks. The most impressive numbers come from its DMCA takedown campaign, targeting close to 900 million URLs through Google alone.

Goodporn Lawsuit

One stand-out lawsuit targets the tube site Goodporn. MG Premium sued the platform for widespread copyright infringement, hoping to shut it down, but after two years that is yet to happen.

Instead, Goodporn owner Amrit Kumar fought back hard. Among other things, he allegedly signed a contract to obtain the rights to MG Premium’s content in 2019, leading him to accuse his accusers of copyright infringement.

This counterclaim was eventually dismissed by the court during the summer. In addition, the court granted MG Premium’s motion for summary judgment for inducement of copyright infringement and contributory copyright infringement.

It’s almost impossible to summarize the entire case, which comprises hundreds of filings. For example, it also includes Lizette Lundberg and Emile Brunn as defendants, who stood accused of working with Kumar and submitting inaccurate DMCA counternotices.

Ultimately, however, the court entered summary judgment and a default for inducement of copyright infringement and contributory copyright infringement against all Goodporn defendants.

$21 million damages

With the default in hand, MG Premium is hoping to finalize the case. A few days ago it submitted a motion for default judgment, pointing out that Kumar continues to profit from the infringing activities to this day.

“As this case has proceeded for two years, Defendant ‘Amrit Kumar’ continued to reap profit from this scheme,” MG Premium writes.

“Operating covertly behind proxy internet protocol addresses, anonymous email servers, and fake physical addresses, Kumar adopted the guise of a ‘pro per’ litigant while engaging ghostwriters, dodging depositions, eschewing telephone or video communication with counsel, and submitting falsified evidence of copyright ownership.”

MG Premium claims to have lost many millions of dollars and seeks substantial damages as compensation. At the maximum of $150,000 per work, it can request up to $216 million. However, following the lower bar set in the Yespornplease case, a tenth of that is sufficient; $21.6 million.

21m

Proposed Blocking Order

In addition to damages, MG Premium also requests a broad permanent injunction, ordering domain registries and registrars to sign over all infringing Goodporn domain names.

While these targeted requests are not uncommon, the proposed injunction goes further than that. It also requires search engines, hosting and Internet service providers, domain registrars, domain registries and other service providers to block the site’s domain names.

According to MG Premium, these companies should be ordered…

“To block or use reasonable efforts to attempt to block access by United States users of the Goodporn Websites by blocking or attempting to block access to all domains, subdomains, URLs, and/or IP Addresses that have as its sole or predominant purpose to enable to facilitate access to the Goodporn Websites”

block

Not Over Yet…

The motion for default judgment has yet to be signed off by the court. The blocking measures are targeted at services that act “in concert or participation” with Goodporn. It’s not clear against which companies it will be enforced.

It’s clear that Pornhub’s sister company is eager to get this case over with. However, history has shown that nothing in the proceeding is straightforward.

Earlier this week, Defendant Kumar submitted a motion to set aside the default judgment, citing Visa restrictions, limited familiarity with U.S. legal proceedings, and other reasons for his earlier lack of appearance. Whether that will be granted remains to be seen.

A copy of MG Premium’s motion for a default judgment is available here (pdf) and the proposed order can be found here (pdf)

From: TF, for the latest news on copyright battles, piracy and more.

Wolverine-developer Insomniac Games sees 1.67TB of secrets leaked in data breach

Future Ratchet & Clank, X-Men, and Spider-Man games exposed—but it gets worse.

Wolverine sits at a bar in a game screenshot

Enlarge / An officially released image for Insomniac Games' upcoming game Wolverine. (credit: Insomniac Games)

Acclaimed Sony-owned game development studio Insomniac Games became the victim of a large-scale ransomware attack this week, as initially reported by Cyber Daily. Ransomware group Rhysida dumped 1.67TB of data, including assets and story spoilers from unreleased games, a road map of upcoming titles, internal company communications, employees' personal data such as passport scans and compensation figures, and much more.

The gang said it chose Insomniac because, as a large and successful studio, it made an attractive target for a money grab. The ransom was $2 million, and Insomniac refused to pay it.

As a result, a trove of emails, Slack messages, slideshow presentations, and more hit the web. Notably, these included screenshots and assets from the studio's upcoming Wolverine game, as well as confirmation that Wolverine is planned to be the first in a trilogy of games starring X-Men characters. The materials also revealed that the company is working on another Ratchet & Clank game and a new Spider-Man sequel.

Read 7 remaining paragraphs | Comments

Beeper’s esoteric fix for iMessage access suggests why it’s pushing politically

Beeper’s iMessage access could depend on both Mac data and DOJ action.

An M1 Mac Mini, held in hand.

Enlarge / If you have one of these, or another Mac handy, you should soon be able to access Beeper on Android and desktop platforms. You'll just need to grab its "registration data" every so often. (credit: Samuel Axon)

Beeper's Android app, which initially promised iMessage support with just a phone number, lost that connection once Apple started openly pushing back on it less than a week after it launched. Beeper has kept revising its approach, and its newest method—involving regular access to a physical Mac—suggests why the company has added a political component to its efforts.

Beeper started pushing back after its initial blockage, both through continued development and through media and political messaging. After a second, if smaller, Apple crackdown, co-founder Eric Migicovsky welcomed CBS Mornings into his garage, where he advanced his argument that Beeper was turning grossly insecure SMS messages between iPhone and Android users into secure, end-to-end encrypted chats. (CBS also interviewed James Gill, the 16-year-old whose work connecting to iMessage, using reverse-engineering methods, is the foundation of Beeper's iMessage tech).

CBS Mornings' interview with Beeper co-founder Eric Migicovsky and James Gill, a teenage coder.

That interview lined up with another development: a bi-partisan foursome of US lawmakers, including Senator Amy Klobuchar (D-Minn.), sending a letter to the Department of Justice regarding "Apple's potential anti-competitive treatment of the Beeper Mini messaging application." Apple's actions toward Beeper, the letter suggests, could "eliminate choices for consumers," "discourage future innovation and investment" in messaging, and make Apple a "digital gatekeeper," suggesting a need for review by the DOJ's Antitrust Division. The move follows, and seems to echo, similar efforts by EU regulators to open up iMessage, which have been stalled so far.

Read 6 remaining paragraphs | Comments

Microsoft releases downloadable tool to fix phantom HP printer installations

Windows 10 and 11 users noticed this bug earlier this month.

The HP LaserJet M106w is one of the printer models that is mysteriously appearing for some users in Windows 10 and 11.

Enlarge / The HP LaserJet M106w is one of the printer models that is mysteriously appearing for some users in Windows 10 and 11. (credit: HP)

Earlier this month, Microsoft disclosed an odd printer bug that was affecting some users of Windows 10, Windows 11, and various Windows Server products. Affected PCs were seeing an HP printer installed, usually an HP LaserJet M101-M106, even when they weren’t actually using any kind of HP printer. This bug could overwrite the settings for whatever printer the user actually did have installed and also prompted the installation of an HP Smart printer app from the Microsoft Store.

Microsoft still hasn't shared the root cause of the problem, though it did make it clear that the problem wasn't HP's fault. Now, the company has released a fix for anyone whose PC was affected by the bug, though as of this writing it requires users to download and run a dedicated troubleshooting tool available from Microsoft's support site.

The December 2023 Microsoft Printer Metadata Troubleshooter Tool is available for all affected Windows versions, and it will remove all references to the phantom HP LaserJet model (as long as you don't actually have one installed, anyway). The tool will also remove the HP Smart app as long as you don't have an HP printer attached and the app was installed after November 25, presumably the date that the bug began affecting systems. These steps should fix the issue for anyone without an HP printer without breaking anything for people who do use HP printers.

Read 2 remaining paragraphs | Comments

Tangara is an open source, iPod-inspired portable music player (crowdfunding)

If you have a smartphone then you have a portable music player in your pocket, which is probably one of the reasons why the Apple iPod and similar devices have fallen by the wayside in recent years. But sometimes you don’t want the distractions …

If you have a smartphone then you have a portable music player in your pocket, which is probably one of the reasons why the Apple iPod and similar devices have fallen by the wayside in recent years. But sometimes you don’t want the distractions of a modern, internet-connected device with a touchscreen color display, so there […]

The post Tangara is an open source, iPod-inspired portable music player (crowdfunding) appeared first on Liliputing.

Human brain cells put much more energy into signaling

Signaling molecules help modulate the brain’s overall activity.

Image of a person staring pensively, with question marks drawn on the wall behind him.

Enlarge (credit: Westend61)

Indian elephants have larger brains than we do (obviously). Mice have a higher brain-to-body mass ratio, and long-finned pilot whales have more neurons. So what makes humans—and more specifically, human brains—special?

As far as organs go, human brains certainly consume a ton of energy—almost 50 grams of sugar, or 12 lumps, every day. This is one of the highest energy demands relative to body metabolism known among species. But what uses up all of this energy? If the human brain is the predicted size and has the predicted number of neurons for a primate of its size, and each individual neuron uses comparable amounts of energy to those in other mammals, then its energy use shouldn’t be exceptional.

The cost of signaling

A group of neuroscientists speculated that maybe the amount of signaling that takes place within the human brain accounts for its heightened energy needs. A consequence of this would be that brain regions that are more highly connected and do more signaling will use more energy.

Read 6 remaining paragraphs | Comments