18.7 C
Saturday, August 19, 2017
Home Tags Hulu

Tag: hulu

How many people really want cable TV with no live sports?
Fitness with Kevin Hart, behind-the-scenes with Ellen, and more.
And it includes Hulu's regular subscription content, too.
Also, it’s weirdly funny.

And that’s why you need to watch it right now.
Episode will repeat online until Adult Swim shuts the stream off.

Get to watchin'!
The streaming service has dramatically changed how Americans watch TV.
Netflix, Hulu, Amazon reportedly in talks for Switch versions.
Google entered TV streaming with a feature-rich service at an aggressive price.
New hire brings years of experience at Amazon, Roku, Netflix, and more.
NordVPN gives you a private and fast path through the public Internet.

All of your data is protected every step of the way using revolutionary 2048-bit SSL encryption even a supercomputer can’t crack.

Access Hulu, Netflix, BBC, ITV, Sky, RaiTV and much more from anywhere in the world. Unmetered access for 6 simultaneous devices. You're sure to find dozens of good uses for a VPN.

Take advantage of the current 72% off deal that makes all of this available to you for just $3.29/month (access deal here).

This is a special deal available for a limited time. This story, "Get 72% off NordVPN Virtual Private Network Service For a Limited Time - Deal Alert" was originally published by TechConnect.
A month before Apple is expected to enforce stricter security requirements for app communications in iOS, enterprise developers don’t seem ready to embrace them, a new study shows. The study was performed by security firm Appthority on the most common 200 apps installed on iOS devices in enterprise environments.

The researchers looked at how well these apps conform to Apple’s App Transport Security (ATS) requirements. ATS was first introduced and was enabled by default in iOS 9.
It forces all apps to communicate with Internet servers using encrypted HTTPS (HTTP over SSL/TLS) connections and ensures that only industry-standard encryption protocols and ciphers without known weaknesses are used.

For example, SSL version 3 is not allowed and neither is the RC4 stream cipher, due to known vulnerabilities. Before ATS, app developers implemented HTTPS using third-party frameworks, but configuring SSL/TLS properly is hard so implementation errors were common.

These weakened the protection that the protocol is supposed to provide against traffic snooping and other man-in-the-middle attacks. Currently iOS provides a method for apps to opt out of ATS entirely or to use it only for specific connections, but Apple wants to change that.

At its Worldwide Developers’ Conference in June, the company announced that it will require all apps published on the App Store to turn on ATS by the end of this year. The requirement won’t be enforced at the OS level, but through the App Store review process. Using some of the ATS exceptions will still be possible, but developers will have to provide a “reasonable justification” for using them if they want their apps to be approved. During their study, the Appthority researchers found that 97 percent of the analyzed apps—193 out of 200—used exceptions and other settings that weakened the default ATS configuration. “Among the top 200 iOS apps that we analyzed, 166 apps (83 percent) bypass at least some ATS requirements by setting ‘NSAllowsArbitraryLoads’ attribute to ‘true’ in their Info.plist files,” the Appthority researchers said in their report. “However, not all of them bypass ATS requirements for all network connections.

For instance, a company can still support ATS requirements for network connections with its domain, while allowing ATS to bypass all other connections.” Among the apps that didn’t use HTTPS for all of their connections were popular ones like Facebook, Twitter, LinkedIn, Facebook Messenger, Skype, Viber, WhatsApp, Fox News, CNN, BBC, Netflix, ESPN, Hulu, Pandora, Amazon Cloud Player, Word, Excel, PowerPoint, and OneNote, but also utility apps like Flashlight, QR code readers and games. While it could be argued that some connections don’t need HTTPS because they aren’t used to transfer sensitive data, the Appthority researchers found 10 applications that did send device IDs, email addresses, physical addresses, zip codes, geolocation information and even passwords or secret keys over unencrypted HTTP links. There are many reasons why developers can’t turn on ATS for all connections and are likely to request ATS exceptions during the app review process.

For example, many apps don’t talk only to their developers’ servers, but also to third-party advertising, market research, analytics and image or video hosting services.

The use of HTTPS on these external services are out of app developers’ control. ATS provides fine-grained exceptions like “NSAllowsArbitraryLoadsInMedia,” which can, for example, be used to allow the streaming of video or audio content over HTTP, while encrypting all other connections. However, based on Appthority’s analysis, it seems that so far developers have preferred using the more generic “NSAllowsArbitraryLoads” which disables ATS for all connections, when dealing with such problems. The company didn’t find any app that used the “NSAllowsArbitraryLoadsInMedia” or the “NSAllowsArbitraryLoadsInWebContent” attributes to limit the scope of ATS exceptions.
It hopes that Apple’s new requirements will change that. Many apps that do use ATS disable some of its security features.

For example, none of the apps analyzed by Appthority used Certificate Transparency, which is available in ATS. Furthermore, seven of them disabled SSL certificate validation and 46 didn’t use certificate pinning.

Thirty-eight apps disabled Forward Secrecy and eight apps set the allowed TLS protocol version to 1.0 or 1.1, even though the secure default in ATS is TLS 1.2. “We still expect iOS apps with unencrypted data in enterprise environments, even after January 1,” the Appthority researchers said. “When Apple approves such apps for the App Store, there will still be the security risks associated with unencrypted data for some connections, so it’s important for enterprises to have visibility into and management of the risks related to apps with those exceptions.”
Aurich Lawsonreader comments 36 Share this story The Federal Communications Commission has reached a preliminary conclusion that AT&T is violating net neutrality rules by using data cap exemptions to favor DirecTV video on its mobile network. The FCC yesterday also expressed concerns to Verizon about that carrier's similar data cap exemption policies, but the examination of Verizon is in a slightly earlier stage. The FCC first raised the issue with AT&T a few weeks ago, and AT&T defended its practices in a response. But rather than satisfying the commission's concerns, AT&T's response "tends to confirm our initial view that the Sponsored Data program strongly favors AT&T's own video offerings while unreasonably discriminating against unaffiliated edge providers and limiting their ability to offer competing video services to AT&T's broadband subscribers on a level playing field," said a letter to AT&T yesterday from Jon Wilkins, chief of the FCC's Wireless Telecommunications Bureau. With Sponsored Data, AT&T charges other companies for the right to bypass customers' data caps on AT&T's wireless network. At the time same, AT&T lets its subsidiary DirecTV stream on the mobile network without counting against data caps. DirecTV technically pays AT&T for the privilege, but the money is just shifting hands from one part of AT&T to another. AT&T is using DirecTV's data cap exemption to market the new DirecTV Now streaming service. Data cap exemptions are also known as "zero-rating." While the FCC's net neutrality rules don't ban all forms of zero-rating, the FCC evaluates specific implementations on a case-by-case basis to determine whether they harm competitors or consumers. This would be a violation of the so-called "general conduct" rule that covers anti-competitive or anti-consumer behavior not explicitly banned in the core net neutrality rules against blocking, throttling, and paid prioritization. The FCC said it has "reached the preliminary conclusion that [AT&T's] practices inhibit competition, harm consumers, and interfere with the 'virtuous cycle' needed to assure the continuing benefits of the Open Internet." Commission staff is concerned about the prices AT&T charges companies for data cap exemptions. The FCC apparently doesn't have exact numbers from AT&T, but it made a conservative estimate based on AT&T's statement that its Sponsored Data rates are similar to the discounted wholesale rates paid by major wireless resellers. "We estimate for purposes of illustrating our concerns that an unaffiliated mobile video service provider would have to pay AT&T $16 a month to offer zero-rated service to a customer who uses just 10 minutes of LTE video per day, increasing to $47 for a customer using 30 minutes per day," the FCC wrote. "These costs alone would represent 46 percent to 134 percent of DirecTV Now's $35 retail price, against which third parties will be competing for AT&T Mobility customers, and would be borne in addition to all other costs of providing service by the unaffiliated provider." The FCC asked AT&T to respond to one more set of questions by December 15 "in order to finalize the Bureau's review of this matter." Among other things, the FCC wants information on average and median usage of DirecTV streaming compared to competing services like Netflix, Hulu, and Sling; the names of companies that have purchased data cap exemptions from AT&T or are negotiating with AT&T for exemptions; and more specific answers to questions about the Sponsored Data rates that AT&T charges other companies. Previously, AT&T argued that it treats its subsidiary DirecTV the same as other video providers and that DirecTV streaming without caps on AT&T's network is a pro-consumer challenge to the cable TV industry. AT&T provided a statement to Ars today, saying, “These are incredibly popular free services available to millions of customers. Once again, we will provide the FCC with additional information on why the government should not take away a service that saves consumers money.” AT&T may not have much to worry about. President-elect Donald Trump, an opponent of net neutrality rules, can appoint a new FCC chairperson when he takes office on January 20. While the net neutrality rules would still be in effect, a Republican-led FCC could simply choose to drop the AT&T investigation and in the long run might overturn the rules entirely. Verizon data cap charges harming open Internet, FCC says Separately, Wilkins sent a letter to Verizon yesterday about the company's FreeBee Data 360 program, which also charges online service providers for data cap exemptions. The FCC's wireless bureau "believes that the FreeBee Data 360 offering to edge providers unaffiliated with Verizon, combined with Verizon's current practice of zero-rating its affiliated edge services for Verizon subscribers, has the potential to hinder competition and harm consumers." The "primary participant" in Verizon's zero-rated data program is Go90, a video service offered by Verizon itself, the FCC said. Ars wrote about Verizon's treatment of Go90 compared to competing video services 10 months ago. Verizon's position that competitors are offered data cap exemptions on the same terms as Go90 "fails to take account of the notably different financial impact on unaffiliated edge providers," the FCC wrote. "For example, while there is no cash cost on a consolidated basis for Verizon to zero-rate its own affiliated edge service, an unaffiliated edge provider's FreeBee Data 360 payment to Verizon is a true cash cost that could be significant. Unaffiliated edge providers not purchasing FreeBee Data 360 would likewise face a significant competitive disadvantage in trying to serve Verizon's customer base without zero-rating." The FCC's letter to Verizon is similar to the initial letter sent to AT&T a few weeks ago. Verizon seems to be "acting in ways that may harm the open Internet, such as preferring [its] own or affiliated content [and] demanding fees from edge providers," the FCC wrote. The commission wants a response by December 15. Verizon provided a statement to Ars, saying, "We will review and respond to the inquiry as requested. In the meantime, we remain quite confident that our practices are good for consumers, non-discriminatory and are consistent with current rules."