news.buyenne.com

(credit: Comcast)

A security vendor says it discovered a flaw in Comcast's home security system that could let criminals break into houses undetected by using radio jamming equipment. The vendor, Rapid7, says it alerted Comcast to the problem two months ago but never received a response from the company. However, Comcast told Ars that Rapid7 e-mailed the wrong address.

Though primarily known for its cable TV and broadband Internet services, Comcast also sells Xfinity-branded home security systems. Rapid7 found the flaw in Comcast's implementation of the ZigBee wireless protocol. Attackers armed with commodity radio-jamming equipment can "cause interference or deauthentication of the underlying ZigBee-based communications protocol," Rapid7 said. When this happens, sensors that detect motion or open doors and windows are unable to communicate with a base station hub in the home that controls the alarm system.

Rapid7 published details of the flaw in an advisory today, in accordance with its policy of giving companies at least 60 days to respond before making a security problem public. That's a pretty standard timeline used by other companies and security research organizations—though it seems Rapid7's attempt to contact Comcast went awry.

(credit: opensource.com)

Statistics released today show that 2015 saw more patent lawsuits filed than any other year save one. Buried beneath heaps of high-tech lawsuits—led as usual by "patent trolls," shell companies with no real assets other than patents—are strong trends pushing power away from patent-holders and toward the defendant companies they sue.

If one adds together district court cases with patent disputes that are resolved through the process of "inter partes review," or IPR, a proceeding involving the Patent Trademark and Appeals Board (PTAB) at the US Patent Office, then 2015 saw the most patent disputes in history. If only district court cases are measured, 2013 was the year with the most filings.

"This would indicate that activity has not decreased since the America Invents Act became law," said Kevin Jakel, CEO of United Patents.

Sign up to extort hapless Windows users over Tor for mere Bitcoins a month! (credit: Malware, based on Node.js desktop framework, offered up to would-be extortionists for fee.)

Malware researchers at the anti-virus company Emisoft have uncovered a new "ransomware" package that encrypts the files of victims and demands payment to restore them. Dubbed Ransom32, the malicious code is different from CryptoWall and many other previous ransomware variants in two key ways: it was coded using JavaScript, and it’s being offered to would-be cybercriminals as a paid service.

In a blog post, Emisoft Chief Technology Officer Fabian Wosar described the malware and its Tor-based administrative Web interface. Users of the service log in with their Bitcoin wallet addresses; once they're connected, they can configure features of the malware "client" for the service such as the messages displayed to victims during the malware installation and how much to demand in ransom for encryption keys. They can also track the payments already made and how many systems have become infected.

The Tor-based control panel for configuring Ransom32. Just click a few boxes, add some text, and you're ready to extort. (credit: Emsisoft)

The malware itself is based on NW.js, a framework based on Node.js that allows developers to write Windows applications in JavaScript. It is delivered, renamed as "chrome.exe," in a self-extracting archive along with a Tor client (renamed as "rundll32.exe") and a set of Visual Basic scripts used to display customized pop-up alert messages and perform some basic file manipulation. The malware is also packaged with a renamed version of the Optimum X Shortcut utility—software used to create and change Start menu items and desktop shortcuts. The entire payload is over 22 megabytes, which is huge in comparison to other crypto-ransomware packages.

(credit: Fitbit)

With all of the smartwatch and fitness tracker launches in 2015, one company was noticeably silent after releasing three activity-focused devices: Fitbit. The company had a huge year with the launch of its Charge, Charge HR, and Surge fitness trackers, and it also went public in June. Fitbit is back with its first new device of the year: the Blaze smartwatch. At $200, it sits in between the $150 Charge HR and the $250 Surge as a more stylish watch that can also track daily activity and intense workouts.

The Blaze is one of the more customizable devices in Fitbit's family. Its hexagonal module can be popped out of its band and inserted into others, and there are leather, silicone, and stainless steel options available. It's also the first Fitbit device to sport a color LCD touchscreen, positioning it against the Apple Watch more directly than any of the company's other devices.

Fitbit lists an ambient light sensor as part of the Blaze's specs, which could mean you have the option to keep the display always-on, making it a better timepiece. However, when compared to other devices that ape the appearance of analog watches, the Blaze certainly isn't the most fashionable device your money can buy.

Blighty’s slate grey skies may soon be peppered with DroneCops, after it was revealed by The Times that drones have been given the go ahead for “high-risk” criminal investigations by UK police.

More than a quarter of the 43 police forces in England and Wales are mulling whether to bring in drones to help them tackle burglaries and sieges, according to a report in the The Times—which was briefed on the plans.

However, the quadcopters could also be used by cops to, for example, allow them to eyeball protesters, in a move that is likely to raise concern among privacy campaigners.