God Jul og Godt Nyttår! Vi i Staben i Norbits vil ønske alle en Gledelig Jul og et Godt Nytt år! Årets julegave freeleech hele julehelgen. 4 dager. Freeleech avsluttes på 3. juledag (27. desember) Men det stopper ikke der... Etter den 27. desember er det fortsatt freeleech på alle torrents fra 2005, 2006, 2007, 2008, 2009 og 2010. Samt 50% rabatt på torrents fra 2011. Det er bare de 3 siste års torrents (torrents fra 2012 og nyere) som teller med 100% på nedlastning. Freeleech-reglene er altså som følger etter 27. desember: /pic/freeleech.png Freeleech på alle torrents fra 2005, 2006, 2007, 2008, 2009 og 2010. /pic/freeleech-50.png 50% rabatt (halfleech) på torrents fra 2011. /pic/freeleech-50.png 50% rabatt (halfleech) på alle BluRays. /pic/freeleech-90.png 90% rabatt på alle torrents over 30GB. Ha en hyggelig julefeiring med familie og venner og se om dere ikke finner noen godbiter her på NorBits også. /Staben Translate Merry Christmas and Happy New Year! We in staff in Norbit will wish everyone a Merry Christmas and a Happy New Year! This year's Christmas freeleech whole Christmas weekend. 4 days. Freeleech ends at 3. Christmas Day (December 27) But it does not stop there ... After the 27th of December is still freeleech on all torrents from 2005, 2006, 2007, 2008, 2009 and 2010. All 50% off torrents from 2011. It is only the last 3 years of torrents (torrents from 2012 and newer) that counts with 100% of download. Freeleech rules are thus as follows on December 27: /pic/freeleech.png Freeleech on all torrents from 2005, 2006, 2007, 2008, 2009 and 2010. /pic/freeleech-50.png 50% rabatt (halfleech) på torrents fra 2011. /pic/freeleech-50.png 50% rabatt (halfleech) på all BluRays. /pic/freeleech-90.png 90% rabatt på alle torrents over 30GB. Have a nice Christmas celebration with family and friends and see if you find no one treats here on Norbit too. / Staff

Happy Holidays and Bot Talk It has been fairly quiet here this month of December, with our attack behind us, we are still hammering issues out and working towards some exciting new features on ScienceHD. That is why you haven't seen a banner contest (like previous years) and other holiday activities like we've had in the past. No we aren't going anywhere, we will just like to have a working site versus a half broken 504/502 error site. In other news, I’m sure many of you are aware of who SciBorg is; for those of you that don't hang out in our super cool IRC channels, SciBorg was the resident bot who did a lot of work announcing and keeping things tidy in our irc channels. As time passed we came to the realization that SciBorg needed to go (Fuzzy has a strong hatred for incompetence). So over the course of this year our other bot (Xen) was given a major upgrade of robot parts to enable him to perform SciBorg’s duties, finally last month we received a phone call from the Robot God and he requested SciBorg. That being said, SciBorg has officially gone up to Robot Heaven. In honor of SciBorg retiring and the holiday season we will have a Freeleech until 2016 starting on Friday December 25th and ending Friday January 1st or whenever Fuzzy gets done celebrating and can sit down for a few minutes. ScienceHD staff would like to wish you all a happy and safe holiday season! Spend some time away from the computer with family and friends. We will see you all in 2016! Staff

To all of you, we wish you peace, love and friendship this holiday season. We wish to thank you for your support this past year and encourage you to be yourself without fear! Be a beacon of hope to others as they search for themselves. Be grateful for the peace you may live, as there are many of our brethren that must live in unsafe xenophobic environments. To those who have "No Place to Go". . . be strong, remember you are not alone and it gets better! Life is to be enjoyed as we never know what tomorrow holds. Merry XXX-mas to all and be safe!

Tracker Name :- HDArea is Open for Limited Signup Genre :- Movies Signup Link :- HDArea :: 注册 High Definition Area - Powered by NexusPHP Closing Date :- N/A Additional comments :- Open for Limited Signup

Tracker Name :- Avistz.to Genre :- General Signup Link :- Register - AvistaZ Site Statistics :- Users :-112,743 Torrents :- 30,514 Movies :- 9,672 TV-Shows :- 2,928 Music :- 513 Seeds :- 221,403 Leeches :- 7,668 Peers :- 229,071 Current Download :- 78.42 TB Current Upload :- 379.00 TB Total Download :- 8.30 PB Total Upload :- 106.66 PB Additional comments :- AvistaZ (AsiaTorrents) is an ASIAN Private Torrent Tracker for ASIAN MOVIES / TV / GENERAL AvistaZ is the internal tracker for multiple internal release groups

Tracker Name :- PrivateHD ( PrivateHD beta (previously PublicHD ) Genre :- General Signup Link :- Register - PrivateHD Site Statistics :- Users :- 64,965 Torrents :- 3,865 Movies :- 1,724 TV-Shows :- 384 Music :- 253 Seeds :- 17,950 Leeches :- 764 Peers :- 18,714 Current Download :- 47.53 TB Current Upload :- 188.86 TB Total Download :- 2.85 PB Total Upload :- 4.11 EB Additional comments :- PrivateHD is a Private Torrent Tracker for HD MOVIES / TV PrivateHD is the internal tracker for multiple internal release groups

Tracker Name :- Eutorrents ( EUT ) Genre :- General Signup Link :- Register - EuTorrents Site Statistics :- Users :- 22,747 Torrents :- 6,972 Movies :- 9,821 TV-Shows :- 73 Music :- 284 Seeds :- 24,293 Leeches :- 2,244 Peers :- 26,537 Current Download :- 1.86 TB Current Upload :- 8.29 TB Total Download :- 312.85 TB Total Upload :- 1.15 PB Additional comments :- EUTorrents (EUT) is a Private Torrent Tracker for EUROPEAN MOVIES / MUSIC

Tracker Name :- TorrentBytes (TBy) Genre :- General Signup Link :- Torrentbytes Site Statistics :- Registered users :- 33864 Active Users :- 584 Unconfirmed users :- 7 Torrents :- 124789 Peers :- 190,943 Seeders :- 184,168 Leechers :- 6,775 Seeder/leecher ratio :- 2718% Additional comments :-TorrentBytes (TBy) is a Private Torrent Tracker for 0DAY / GENERAL

Users that did registered earlier and did see Newbie assessment on your account and you don't want to take the assessment please reply: I WANT TO DISABLE THE NEWBIE ASSESSMENT in this posts and we'll manually disable for you. Or if you like the challenge and take the newbie assessment is totally up to you.

Merry Christmas to All and a Happy New Year! To the non Christians Happy Holidays and a Happy New Year! To the Pagans, Just don't get caught!

Holiday Bonus 3 The 3rd and final holiday bonus has now been activated: I have boosted the number of torrents that you can earn seed points on at once. Non donors can now earn seed points on up to 6 torrents at once (Normally 4). Donors can now earn seed points on up to 16 torrents at once (Normally 12). Still not enough? Okay I've also boosted the number of seed points earned per hour as well: Non donors will now earn an additional seed point to 3 seed points per hour instead of 2. Donors will now earn an additional 2 seed points on top of the already boosted amount to 10 seed points per hour instead of 6. If you have a considerable number of hit and runs then now is the best time to get them cleared quickly, especially with the first 2 bonuses in effect as well. All the holiday bonuses will remain activated until just after the New Year so make the most of them. I would like to thank all our members for making BCG what is is today, we would be nothing without yourselves. If you would like to discuss this announcement please click here. Happy Holidays!

Limited Time Christmas invitation notice Merry Christmas you pro special limited time offer to invite three (extras can send oh) passing through not to miss the deadline for at 0:00 on the 27th the whole , I wish you a happy Christmas - do not forget we agreed to January 1, 2016

The Pirate Bay co-founder Peter Sunde has invented a “Kopimashin” that will cripple the music industry. The co-founder of Pirate Bay Peter Sunde has been in trouble for the last couple of years for his connections with the site, that’s the reason he owes a large amount of money to entertainment giants. But if you think he has learnt his lesson or he is giving up then you are wrong because he just built an awesome copying gadget which is bad news for the music industry. The invention is known as “Kopimashin,” built with the help of a Raspberry Pi, some Python code (which he wants to keep secret) and an LCD display that calculates a running tally of the damages he’s inflicted upon the record industry through its use. The 8,000,000 copies it makes every day costs the record industry $10m/day in losses. At that rate, they’ll be bankrupt in a few weeks at most. This machine can make 100 copies per second of Gnarls Barkley’s “Crazy,” storing them in /dev/null (that means they won’t be stored on a permanent basis). Sunde told TF that “I want to show the absurdity on the process of putting a value to a copy. The machine is made to be very blunt and open about the fact that it’s not a danger to any industry at all.” “But following their rhetoric and mindset it will bankrupt them. I want to show with a physical example – that also is really beautiful in its own way – that putting a price to a copy is futile.” Peter has contacted the Guinness Book of Records for recognition of his device and his application is currently under review.

Tracker's Name : BTSCHOOL Genre : HD Sign-up Link : http://pt.btschool.net/signup.php Closing date : N/A

Security researchers believe they have finally solved the mystery around how a sophisticated backdoor embedded in Juniper firewalls works. Juniper Networks, a tech giant that produces networking equipment used by an array of corporate and government systems, announced on Thursday that it had discovered two unauthorized backdoors in its firewalls, including one that allows the attackers to decrypt protected traffic passing through Juniper’s devices. The researchers’ findings suggest that the NSA may be responsible for that backdoor, at least indirectly. Even if the NSA did not plant the backdoor in the company’s source code, the spy agency may in fact be indirectly responsible for it by having created weaknesses the attackers exploited. Evidence uncovered by Ralf-Philipp Weinmann, founder and CEO of Comsecuris, a security consultancy in Germany, suggests that the Juniper culprits repurposed an encryption backdoor previously believed to have been engineered by the NSA, and tweaked it to use for their own spying purposes. Weinmann reported his findings in an extensive post published late Monday. Security experts say the attack on Juniper firewalls underscores precisely why they have been saying for a long time that government backdoors in systems are a bad idea—because they can be hijacked and repurposed by other parties. They did this by exploiting weaknesses the NSA allegedly placed in a government-approved encryption algorithm known as Dual_EC, a pseudo-random number generator that Juniper uses to encrypt traffic passing through the VPN in its NetScreen firewalls. But in addition to these inherent weaknesses, the attackers also relied on a mistake Juniper apparently made in configuring the VPN encryption scheme in its NetScreen devices, according to Weinmann and other cryptographers who examined the issue. This made it possible for the culprits to pull off their attack. Weinmann says the Juniper backdoor is a textbook example of how someone can exploit the existing weaknesses in the Dual_EC algorithm, noting that the method they used matches exactly a method the security community warned about back in 2007. The new information about how the backdoor works also suggests that a patch Juniper sent to customers last week doesn’t entirely fix the backdoor problem, since the major configuration error Juniper made still exists. “One [more] line of code could fix this,” Weinmann says. He’s not sure why Juniper didn’t add this fix to the patch it sent to customers last week. Although the party behind the Juniper backdoor could be the NSA or an NSA spying partner like the UK or Israel, news reports last week quoted unnamed US officials saying they don’t believe the US intelligence community is behind it, and that the FBI is investigating the issue. Other possible culprits behind the sophisticated attack, of course, could be Russia or China. If someone other than the US did plant the backdoor, security experts say the attack on Juniper firewalls underscores precisely why they have been saying for a long time that government backdoors in systems are a bad idea—because they can be hijacked and repurposed by other parties. How the Backdoor Works According to Weinmann, to make their scheme work, the attackers behind the Juniper backdoor altered Juniper’s source code to change a so-called constant or point that the Dual_EC algorithm uses to randomly generate a key for encrypting data. It’s assumed the attackers also possess a second secret key that only they know. This secret key, combined with the point they changed in Juniper’s software, the inherent weaknesses in Dual_EC, and the configuration error Juniper made, would allow them to decrypt Juniper’s VPN traffic. The weaknesses in Dual_EC have been known for at least eight years. In 2007, a Microsoft employee named Dan Shumow gave a five-minute talk at a cryptography conference in California discussing discoveries that he and a Microsoft colleague named Niels Ferguson had made in the algorithm. The algorithm had recently been approved by the National Institute of Standards and Technology, along with three other random number generators, for inclusion in a standard that could be used to encrypt government classified communication. Each of the four approved generators are based on a different cryptographic design. The Dual_EC is based on elliptic curves. The NSA had long championed elliptic curve cryptography in general and publicly championed the inclusion of Dual_EC specifically for inclusion in the standard. Random number generators play a crucial role in creating cryptographic keys. But Shumow and Ferguson found that problems with the Dual_EC made it possible to predict what the random number generator would generate, making the encryption produced with it susceptible to cracking. But this wasn’t the only problem. The NIST standard also included guidelines for implementing the algorithm and recommended using specific constants or points—static numbers—for the elliptic curve that the random number generator relies on to work. These constants serve as a kind of public key for the algorithm. Dual_EC needs two parameters or two points on the elliptic curve; Shumow and Ferguson referred to them as P and Q. They showed that if Q is not a true randomly generated point, and the party responsible for generating Q also generates a secret key, what they referred to as “e”, then whoever has the secret key can effectively break the generator. They determined that anyone who possessed this secret key could predict the output of the random number generator with only a very small sample of data produced by the generator—just 32 bytes of output from it. With that small amount, the party in possession of the secret key could crack the entire encryption system. No one knew who had produced the constants, but people in the security community assumed the NSA had produced them because the spy agency had been so instrumental in having the Dual_EC algorithm included in the standard. If the NSAdid produce the constants, there was concern that the spy agency might have also generated a secret key. Cryptographer Bruce Schneier called it “scary stuff” in a piece he wrote for WIRED in 2007, but he said the flaws must have been accidental because they were too obvious—therefore developers of web sites and software applications wouldn’t use it to secure their products and systems. The only problem with this is that major companies, like Cisco, RSA, and Juniper did use Dual_EC. The companies believed this was okay because for years no one in the security community could agree if the weakness in Dual_EC was actually an intentional backdoor. But in September 2013, the New York Times seemed to confirm this when it asserted that Top Secret memos leaked by Edward Snowden showed that the weaknesses in Dual_EC were intentional and had been created by the NSA as part of a $250-million, decade-long covert operation to weaken and undermine the integrity of encryption systems in general. Despite questions about the accuracy of the Times story, it raised enough concerns about the security of the algorithm that NIST subsequently withdrew support for it. Security and crypto companies around the world scrambled to examine their systems to determine if the compromised algorithm played a role in any of their products. In an announcement posted to its web site after the Times story, Juniper acknowledged that the ScreenOS software running on its NetScreen firewalls does use the Dual_EC_DRBG algorithm. But the company apparently believed it had designed its system securely so that the inherent weakness in Dual_EC was not a problem. Juniper wrote that its encryption scheme does not use Dual_EC as its primary random number generator and that it had also implemented the generator in a secure way so that its inherent vulnerabilities didn’t matter. It did this by generating its own constant, or Q point, to use with the generator instead of the questionable one that had been attributed to the NSA. Juniper also used a second random number generator known as ANSI X.9.31. The Dual_EC generated initial output that was supposed to then be run through the ANSI generator. The output from the second random generator would theoretically cancel out any vulnerabilities that were inherent in the Dual_EC output. Except Juniper’s system contained a bug, according to Willem Pinckaers, an independent security researcher in the San Francisco area who examined the system with Weinmann. Instead of using the second generator, it ignored this one and used only the output from the bad Dual_EC generator. “What’s happening is they managed to screw it up in all the firmware, such that the ANSI code is there but it’s never used,” Weinmann told WIRED. “That’s a catastrophic fail.” This put the output at risk of being compromised if an attacker also possessed a secret key that could be used with the Q point to unlock the encryption. Weinmann and others discovered that the attackers altered Juniper’s Q and changed it to a Q they had generated. The attackers appear to have made that change in August 2012—at least that’s when Juniper started shipping a version of its ScreenOS firmware with a Q point that was different than previous versions used. So essentially, although Juniper used its own Q point instead of using the one allegedly generated by the NSA, in an effort to make the Dual_EC more secure, the company hadn’t anticipated that attackers might break into Juniper’s network, gain access to critical systems used to build its source code, and change the Q again to something of their own choosing. And presumably, they also possess the secret key that works with the Q to unlock the encryption, otherwise they would not have gone to the trouble of changing Q. “It stands to reason that whoever managed to slip in their own Q [into the software] will also know the corresponding e,” Weinmann says. This would not have been enough to make the backdoor work, however, if Juniper had indeed configured its system the way it said it did—using two random number generators and relying only on the second one, the ANSI generator, for the final output. But we now know it failed to do that. The backdoor remained undetected for at least three years, until Juniper recently discovered it during a code review. Matthew Green, a cryptographer and professor at Johns Hopkins University, says that the ANSI failure raises additional questions about Juniper. “I don’t want to say that Juniper did this on purpose. But if you wanted to create a deliberate backdoor based on Dual_EC and make it look safe, while also having it be vulnerable, this is the way you’d do it. The best backdoor is a backdoor that looks like a bug, where you look at the thing and say, ‘Whoops, someone forgot a line of code or got a symbol wrong.’ … It makes it deniable. But this bug happens to be sitting there right next to this incredibly dangerous NSA-designed random number generator, and it makes that generator actually dangerous where it might not have been otherwise.” The evidence that someone intentionally changed the Q parameter in Juniper’s software confirms what Shumow and Ferguson had warned: The inherent weaknesses in Dual_EC provide the perfect backdoor to the algorithm. Even if the algorithm was not intended to create a backdoor for the NSA, it made it possible for someone to piggyback on its weaknesses to turn it into a backdoor for themselves. Even more worrisome is that Juniper systems are still essentially insecure. Juniper didn’t patch the problem by removing Dual_EC altogether or by altering the configuration so that the VPN encryption scheme relies on output from the ANSI generator; instead Juniper patched it simply by changing the Q point back to what the company originally had in the system. This leaves the firewalls susceptible to attack again if attackers can change the points a second time without Juniper detecting it. The company, Weinmann says, should at least issue a new patch that makes the system use the ANSI generator and not the Dual_EC one. “It would take one line of code to fix this,” he says. And there’s another problem, he notes. Juniper admitted that it had generated its own Q for Dual_EC, but it has not revealed how it generated Q—so others can’t verify that Juniper did it in a truly random way that would ensure its security. And in generating its own Q, it raises questions about whether Juniper also generated its own secret key, or “e” for the generator, which would essentially give Juniper a backdoor to the encrypted VPN traffic. This should worry customers just as much as the NSA holding a key to the backdoor, Weinmann says. “It now depends on whether you trust them to have generated this point randomly or not. I would probably not do that at this point,” he says, given the other mistakes the company made. Green says because of the weakness inherent in Dual_EC, Juniper should have removed it back in 2013 after the Times story published and should do so now to protect customers. “There’s no legitimate reason to put Dual_EC in a product,” he says. “There never was. This is an incredibly powerful and dangerous code and you put it in your system and it creates a capability that would not have been there otherwise. There’s no way to use it safely.”

EVERY YEAR HACK attacks seem to get worse—whether in their sophistication, breadth, or sheer brazenness. This year was no different. Big hacks hit a range of high-profile targets, from the web’s leading adultery website to the federal Office of Personal Management. We’re also ending 2015 with a doozy of a hack mystery: Juniper Networks discovered two unauthorized backdoors in its NetScreen firewalls, one of which would allow the unknown hackers to decrypt protected traffic passing through the firm’s VPN/firewall. Juniper Networks found the backdoors at an apropos time—US officials are aggressively pressing US tech companies to install backdoors in their systems to let the government access protected communications for criminal and terrorist investigations. But opponents have long argued that a backdoor for the government would create a vulnerability that bad guys could exploit as well. Juniper’s hack illustrates this point perfectly. The hidden VPN backdoor in the Juniper systems exploits weaknesses that the NSA is believed to have previously built into the encryption algorithm the Juniper systems—and the systems of some other security vendors—rely on to secure communications. Just as predicted, the attackers in this case essentially hijacked one alleged backdoor to create their own—earning them this year’s award for the most ingenious and brazen attack. Here’s WIRED’s look back at the biggest hacks in 2015. OPM The prize for the biggest hack of 2015 goes to OPM—the federal Office of Personnel Management. The hackers, reportedly from China, maintained their stealth presence in OPM’s networks for more than a year before being discovered. When the breach was finally uncovered, initial estimates placed the number of victims at 4 million. But that number soon ballooned to more than 21 million, including some 19 million people who had applied for government security clearances and undergone background investigations, as well as an additional 1.8 million spouses and live-in partners of these applicants. The hackers got their hands on a trove of sensitive data, including the SF-86 forms of people who applied for clearances. The forms can contain a wealth of sensitive data not only about the workers seeking a security clearance, but also about their friends, spouses, and other family members. If this wasn’t bad enough, the agency eventually admitted that the hackers also gained access to the fingerprint files of some 5.6 million federal employees, many of whom hold classified clearances and use their fingerprints to gain access to secured facilities and computers. Juniper NetScreen Firewalls System administrators who planned to attend the Star Wars: The Force Awakens premier probably had their plans wrecked when Juniper Networks announced on December 17 that it had found two backdoors installed in certain versions of its ScreenOS software. This is the operating system that runs on the company’s NetScreen VPN/firewalls, which are used by government agencies and corporations around the world. As administrators scrambled to apply patches Juniper released, they learned that one of the unauthorized backdoors consisted of a hardcoded master password the attackers had surreptitiously embedded in the software’s source code. The password would essentially allow attackers to take complete control of any vulnerable NetScreen device connected to the internet. The second backdoor was just as bad, but in a different way. This one appears to undermine the encryption algorithm known as Dual_EC that Juniper uses to encrypt traffic passing through the NetScreen VPN. The backdoor is the kind that a nation-state intelligence agency would love to have to give it the ability to intercept and decrypt large amounts of VPN traffic. But what makes the backdoor even more interesting and notable is the fact that it appears to be based on another backdoor the NSA allegedly created years ago in the Dual_EC algorithm for its own secret use, all of which underscored the risks of letting the government install backdoors in tech products. Ashley Madison Unlike the stealth OPM hack, the breach of AshleyMadison.com, a site that touted itself as the premier platform for married individuals seeking partners for affairs, was loud and flashy and deserves the award for brazenness. Exactly one month after their hack of the cheating site went public, the hacker or hackers behind the breach made good on a threat to release sensitive company data, dropping more than 30 gigabytes of internal company emails and documents, as well as details and log-in credentials for some 32 million accounts with the social networking site. The data included names, passwords, addresses, and phone numbers submitted by users of the site. Although many of the personal account details were fabricated by users to remain anonymous, the hackers also released seven years worth of credit card and other payment transaction details, which exposed the real names and address of many customers. Reality TV star Josh Duggar was among those exposed by the breach. The company has been hit with several lawsuits from irate customers who accused the cheating site of being negligent in protecting their data. Gemalto Nation-state hacks connected to the NSA and the British intelligence agency GCHQ were in the news again this year. This time the victim was Gemalto, a Dutch firm that is one of the leading makers of mobile phone SIM cards. Although the attack was disclosed this year, it actually struck Gemalto in 2010 and 2011, according to The Intercept, which broke the story. The attackers targeted the company’s huge cache of cryptographic keys, but Gemalto says they didn’t succeed. If the hackers did obtain the keys, the hack has huge implications. Gemalto’s SIM cards and cryptographic keys are used to help secure the phone communications of billions of customers of AT&T, T-Mobile, Verizon, Sprint, and more than 400 other wireless carriers in 85 countries. Stealing the crypto keys would have allowed the spy agencies to wiretap and decipher encrypted phone communications between mobile handsets and cell towers. Kaspersky Lab Another serious nation-state hack targeted the Moscow-based antivirus firm Kaspersky Lab. The attackers, believed to be some of the same group that created Stuxnet andDuqu, breached the security firm’s networks in 2014 to gather intelligence about nation-state attacks the company is investigating. In 2010 Kaspersky researchers had helped decipher and expose Stuxnet, a digital weapon created by the US and Israel to sabotage Iran’s nuclear program and in 2011 had also helped decipher Duqu, a spy tool that struck targets in Iran and elsewhere. The attackers were apparently concerned about other attacks of theirs that the Kaspersky researchers might be working to expose. But the intruders, who used a malicious tool against Kaspersky that the security firm dubbed “Duqu 2.0,” weren’t just looking for information about attacks Kaspersky was investigating—they also wanted to learn how Kaspersky’s detection software worked so they could devise ways to bypass it and avoid getting caught on the machines of Kaspersky customers. Hacking Team Nation-state hackers themselves suffered a blow this year when the Italian hacking firm Hacking Team had a massive breach. The company sells surveillance software to law enforcement and intelligence agencies around the world, including oppressive regimes. Its software, which the company claims bypasses antivirus and other security protections to operate stealthily on a victim’s machine, has reportedly been used against activists and political dissidents in Morocco, the United Arab Emirates, and elsewhere. Hacking Team is even suspected of selling a tool to someone in Turkey who used it against a woman in the US. The firm doesn’t publicly identify its customers and generally sidesteps questions about its questionable buyers. But the hacker or hackers who breached the company’s network dumped 400 gigabytes of company emails and documents online, including correspondence that exposed employees discussing the sale of their software to Syria and Turkey. CIA Director John Brennan In a world where security and surveillance companies like Kaspersky Lab and Hacking Team get hacked, no one is secure. But CIA Director John Brennan apparently thought his personal AOL account was safe—that’s where a group of young hackers discovered he was storing the sensitive SF-86 application he’d filled out to obtain his top-secret government security clearance. Who needs OPM to store, and leak, your secrets when AOL will do just fine? As one of the hackers told WIRED, they didn’t actually breach AOL’s network or Brennan’s computer to get into the spy chief’s email account. They used the oldest form of hacking available—social engineering—to trick a Verizon worker into revealing Brennan’s personal information so they could reset the password to his email account and take control of it. Experian’s T-Mobile Customers Although this breach targeted T-Mobile customers, T-Mobile wasn’t the target of the hack. Experian, the credit reporting agency, sheepishly disclosed to the mobile phone carrier this year that hackers had broken into its network to steal data on 15 million T-Mobile customers. T-Mobile had sent the data to Experian to conduct credit checks on new customers signing up for its services. The exposed data included names, addresses, birth dates, encrypted Social Security numbers, drivers’ license ID numbers, and passport numbers. The hack is a reminder that even if a company takes care to protect the data of its customers, third-party companies and contractors who do business with them also have to carefully guard that data. LastPass If you want to steal money, you rob banks. If you want to steal passwords, you hack a password manager. That’s exactly what intruders did this year when they breached the network of LastPass, a service that offers users a one-stop shop to store their passwords. LastPass said the hackers accessed email addresses, encrypted master passwords, and the reminder words and phrases that users designated they wanted the site to ask them if they forgot their master passwords. LastPass said it used strong “hashing” and “salting” functions to secure the master passwords customers choose to lock the vaults where their plain-text passwords are stored, but the company admitted that if customers used simple master passwords, the attackers might be able to crack them. Let’s hope that LastPass customers weren’t using 12345 for their master keys and that other password services are using strong methods similar to LastPass to secure customer data. IRS The US Internal Revenue Service is not new to hacking. The federal agency, which processes the annual tax returns that individuals and businesses file each year, has been hit before. Initial reports indicated that the hackers this timeaccessed some 100,000 tax returns. But like the OPM hack, those numbers grew as the investigation deepened. Eventually authorities determined that the thieves accessedmore than 300,000 taxpayer accounts. The hackers targeted the site’s Get Transcript feature, which allows taxpayers to view and download copies of the tax returns they filed with the agency—which include sensitive information such as their Social Security numbers and incomes. Although tax filers have to answer multiple identity verification questions to access their files, the hackers apparently came armed with information they had gathered from other sources to correctly answer questions. Anthem Health insurance providers have suffered a wave of attacks in the last couple of years. One of the biggest targets hit this year was Anthem, billed as the second largest health insurance company in the country. Hackers reportedly had access to data on some 80 million current and former customers, including names, Social Security numbers, birth dates, addresses, and income data. “Safeguarding your personal, financial and medical information is one of our top priorities,” the company said in a statement after the hack, “and because of that, we have state-of-the-art information security systems to protect your data.” But apparently that state-of-the-art security system didn’t involve encrypting or otherwise masking Social Security numbers. It’s not clear if the attackers were after the data to commit identity theft or insurance fraud. But at least one security firm foundsimilarities between the OPM and Anthem hacks, suggesting the same hackers, reportedly from China, targeted them.

Five pirates responsible for releasing thousands of movies online have been sentenced to a total of 17 years in the United Kingdom. The members of release groups were accused of "putting at risk" over £52 million in Hollywood revenues. Almost three years ago, police raided 5 of the UK’s most prolific online movie pirates in the wake of an investigation by the local Federation Against Copyright Theft. All of them were arrested and by the beginning of this year had pleaded guilty to charges of conspiracy to defraud. The anti-piracy outfit claimed that the infringement was huge – the groups had released over 9,000 movies online resulting in 5m unauthorized downloads. The defendants finally admitted causing the movie industry over £5 million in losses, about £1 million each. As a result, they were sentenced to 4 years and 6 months, 4 years and 2 months, twice 3 years and 6 months, and a 2 year suspended sentence. One of them aggravated his circumstances by continuing to pirate even while being on bail. Moreover, the sentences would’ve been greater had the men not pleaded guilty early. Besides, there was also a penalty for the defendants who didn’t accept FACT’s version of events right away. It became known that the pirates who did not dispute anything would receive 1/3 knocked off their sentence, while the others would receive only 1/4. 2 of the pirates already had criminal records, but the others could eventually be moved to a low security prison. This is the most aggressive private prosecution of the FACT to date, and it welcomed the court ruling. The outfit hopes that the result of the case sends out a serious message to other online pirates.

According to statistics, Google has made political donations to 162 members of the US Congress in the latest election cycle, which triggered concerns over the company’s lobbying influence in Washington. It was recently revealed that Google enlisted US politicians whose election campaigns it had funded in order to pressure the EU to drop a €6bn antitrust case that threatens its business in the region. It looks like over the last three years, Google spent more money on federal lobbying than any other company. For example, it has given donations between $1,000 and $10,000 to 34 senators and 128 members of the House of Representatives in the 2016 election cycle. In the Senate, $78,500 went to Republicans and $46,500 to Democrats; in the House, $126,250 went to Republicans and $131,500 to Democrats. 15 years ago, Microsoft’s wings were clipped by a lengthy antitrust law case that accused the young tech company of becoming a monopoly. Google chose a different path and made friends and influenced people on Capitol Hill. The concerns are that the company is amassing greater political power than ever, ranking first in lobbying spending over the first 3 quarters of 2014, and going to invest $18.2 million on federal lobbying this year. It should be noted that of a hundred lobbyists Google has hired or retained in 2014, 80% previously held government jobs. At the same time, more and more Google employees have been appointed to high-ranking government jobs, which means that Google’s influence in national affairs rapidly grows. Three years ago, the US Federal Trade Commission was going to investigate Google under antitrust laws, but the case was dropped, allegedly due to Google’s hold over politicians.

Despite having about 4.5m subscribers in the UK, Netflix paid no corporation tax in 2014. According to reports, the service generated about £200m of revenue in the UK in 2014 but any profits from the United Kingdom last year were booked overseas. The investigation doesn’t suggest that the company has broken the law. Netflix features award-winning series like Orange is the New Black or House of Cards and sells its subscription for a minimum of £5.99 a month. According to reports, Luxembourg-based Netflix International BV showed a net turnover of £415m and profits of £11.3m last year, and UK subscribers made up most of turnover. Netflix paid income tax in Luxembourg at a rate of about 5%. In response, the service explained that it was in “expansion” mode, suffering overall losses on its international operation. Neflix said its British subsidiary employs only a dozen people and will pay some corporation tax in 2015, assuring the investigators that the company fully complies with all applicable rules. Earlier this year, it was reported that despite accounting for over 65m subscriptions worldwide, the cost of 3rd-party content on the service was $7.7bn, about 4.6 times its net revenue. The United Kingdom is estimated to be Netflix’s biggest market outside the United States, where it accounts for over 40m subscribers. The industry watchers predict the number of UK subscribers to reach 9.5m by the end of the decade. In the meantime, Netflix has been facing increasing competition from rivals like Amazon, Hulu and HBO in the United States. As for the United Kingdom, Neflix considers Amazon Prime to be its closest rival in this country.

Sky broadband announced that it would automatically block adult content by default for new customers from the beginning of 2016. Its Broadband Shield filtering system for adult and malicious content is now optional for subscribers, but from 2016 it will come by default for new subscribers. The system is programmed automatically to block content unsuitable for underage until 9pm. It is also noted that the users can personalize this setting as they wish. The British ISP promised to send out notifications to all existing customers asking them if they would like the filter to be switched on. If the subscribers reply nothing, the ISP will turn on the filter automatically, like it did following a similar email sent a year ago, when all customers who joined prior to November 2013 were contacted. The industry experts explain that it is part of a system to create an “unavoidable decision”, where users who don’t want a filter must take some action to be heard. The broadband giant believes that such “default on” approach will encourage a greater use of home filters and ensure a safer online experience for users. This move is taken in order to meet the Prime Minister’s objective of providing more protection for children on the Internet. The government supports Sky’s plans, saying that family filters are an extremely helpful tool for parents to protect children from age-inappropriate material, and the approach of the Internet service provider can be a perfect example of how industry is exploring various technologies to help keep children safe on the Internet. According to official statistics, by June 2015 Sky subscribers were the most active in using content filters – for example, about 1/3 of them left content filters switched on. For comparison, Sky’s rivals – BT, Virgin Media and TalkTalk – managed to reach only 15%. Besides, 2/3 of Sky’s customers who had received “unavoidable decision” notification had kept some form of parental control turned on. On the other hand, some groups criticize this approach, claiming that the broadband provider was not giving customers an informed choice about filters by turning them on by default. They also insist that parents should not be lulled into a false sense of security by filters, but rather educate their kids how to safely use the worldwide web

The UK health secretary promised to provide free Wi-Fi in all NHS buildings in order to “improve medical treatment and patient experience”. The money will come from a £1bn technology fund in a bid to improve a patchy service. At the moment, some hospitals charge for Internet access, while others do not provide Wi-Fi at all. It is currently unknown how many NHS facilities already provide free Wi-Fi. Besides, no deadline has been set for it to be available throughout the NHS. The changes were suggested in a report on improving the use of online technology in the health service, which was commissioned by the government. Access to Wi-Fi will allow British patients to stay in contact with family and friends more easily and entertain themselves. In addition, the government believes that the use of technologies will also allow to greatly cut paperwork and errors and help alert doctors and nurses to medical problems. Already, in some hospitals you can see how mobile clinical systems and tablets are replacing paper charts. This approach allows to quickly spot and act on potentially problematic changes in vital signs and share data around the building. According to the government, greater use of e-prescribing allows to halve medication errors. Finally, patients will also be able to wear monitors in order to alert medical staff to issues – this approach could help more than 20% of diabetics who have experienced a “largely avoidable” hypoglycemic episode while in hospital. The UK health secretary claimed that everyone using the National Health Service expects it to be a world leader in digital healthcare. Therefore, free Wi-Fi should be an essential part of making that a reality. It will give patients and staff the ability to access the required services and free up clinical time while reducing overall costs.

The tech giant has announced that it would detect and remove insecure adware from its computers in 2016. Such approach could prevent a repeat of Lenovo’s embarrassing self-inflicted security flaw dated March 2015, by making it mandatory for any advertising-based software to only use a web browser’s official methods for any actions, like installation, execution, disabling and removal. Microsoft has revealed its new policy, which targets software like Superfish – the adware shipped by Lenovo pre-installed on its own laptops in 2014 and 2015. Superfish simply hijacked a user’s Internet connection through a so-called “man in the middle” attack and displayed advertising – even on webpages that were not supposed to have them. According to Microsoft, such kinds of techniques intercept communications between the worldwide web and the personal computer in order to inject ads and promotions into webpages from outside, without the control of the web browser. So, Microsoft is going to keep the user in control of their browsing experience, while such methods reduce that control. Aside from the loss of control (and the relevant suboptimal user experience of using a PC stuffed with unwanted ads), such adware also poses a security risk for users, said Microsoft. For instance, in the case of Superfish, the software hijacked the security system that delivered encrypted webpages in order to insert advertisements in Google search pages. The problem is that such activity also posed a serious risk for any user viewing sensitive information like a bank account or ecommerce website using a public Wi-Fi connection. So, in a bid to solve the problem with such software, the tech giant has announced that from April 2016, it will allow to use software creating advertisements in browsers only through the browsers’ supported extensibility model for any actions, including installation, execution, disabling, and removal. This means that the programs will be installed as plugins to the web browsers, easily removable in the same way. In Lenovo’s case, even if a user managed to uninstall Superfish from their laptop, the security flaw it opened up remained active – this was a cause for concern until the computer maker apologized and provided a removal tool.

According to the reports, two years ago the Iranian hackers have breached the control system of a dam not far from New York City, raising concerns about the security of the US infrastructure as a whole. This reportedly occurred at the Bowman Avenue dam in Rye, New York – a small structure used for flood control. It turned out that the hackers gained access to the dam 20 miles away from New York City via a cellular modem, according to an unclassified DHS summary of the incident that didn’t mention the type of infrastructure. Actually, the dam is really very small – it is a 20-foot-tall concrete slab across Blind Brook, about 5 miles from Long Island Sound. The FBI agents visited the dam two years ago to question the city’s information-technology manager about a hacking incident. Perhaps, such attention was due to the fact that the dam breach was difficult to pin down, and federal investigators might have thought the hackers originally targeted a much larger dam in Oregon. The incident took place when hackers linked to the Iranian government were attacking American bank websites in retaliation to the US spies damaging an Iranian nuclear facility with the Stuxnet worm. Overall, the security breach fuelled concerns about many of the old computers controlling infrastructure, and the US government was notified of the infiltration. According to the reports, there are more than 57,000 industrial control systems connected to the Internet in the US, so such concerns are not without a reason. In the meantime, Homeland Security representative would not confirm the hack, only saying that the department’s 24-hour cybersecurity information-sharing hub and an emergency response team cover the threats and vulnerabilities in critical infrastructure.

Site-wide freeleech until the 3rd of January

Free Leech to 05-01-2016 00:00:00