Home Tags Minecraft

Tag: Minecraft

How Microsoft is future-proofing for Xbox’s “multi-generational” future

Phil Spencer hints that the Xbox platform could become more like the PC.

How zombie cameras took down Netflix… and an entire country’s internet

Here's how the Internet of Things botnet went from being Minecraft server nuisances to a billion dollar threat that disabled a country's internet infrastructure

Operator of DDoS protection service named as Mirai author

Krebs says he's fingered author of epic IoT web assault code The author of the massive distributed denial-of-service attack malware Mirai, which ropes infected routers and internet of things devices into remotely controlled armies, is a New Jersey man, according to journo Brian Krebs. On his website this week, Krebs names a chap called Para Jha, owner of a distributed denial-of-service (DDoS) attack mitigation company ProTraf Solutions, for the creation and dissemination of the Mirai software nasty. Mirai is one of the worst DDoS botnets ever to grace the internet and is fingered for fingered for downing large chunks of the internet, including record-breaking attacks on Krebs' own site. Previous analyses have suggested the malware was penned by a person named "Anna-Senpai". Krebs builds a case to link Anna-Senpai to Jha and says that he, along with other players, built the Miari code and used it to attack Minecraft servers to lure disgruntled customers. He tells of how Jha contacted upstream providers to have command and control servers of rival IoT shut down, and how the hacker built malcode into his botnet that eliminated rival Qbot botnets. Those upstream providers that ignored Jha's requests were also subject to large DDoS attacks. Mirai evolved from earlier incarnations of botnet code designed for DDoS attacks.
In 2014 an earlier variant was used to launch DDoS attacks against Minecraft servers which can generate up to US$50,000 a month. Krebs found that Jha lists the same skills on his LinkedIn page as on HackForums, a large marketplace where low level grey hat activities, cybercrime, and bragging takes place. He details many other compelling links between Jha's older identities he used online while learning to code, including 'OG_Richard_Stallman', and his recent aliases including Anna-Senpai. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub

4chan is running out of money—and Martin Shkreli wants to help...

Louis Lanzano/Bloomberg via Getty Imagesreader comments 70 Share this story 4chan, the infamous message board whose users once labelled it "the asshole of the Internet," is nearly out of money and will have to take drastic action if it wants to survive, according to its new owner. Meanwhile, the notorious hedge fund manager Martin Shkreli has offered to help out. The site, which hosts notoriously racist and sexist message boards, and which in the form of its /b/ board launched 1,000 unpleasant trolling campaigns, has long suffered money troubles, with users unwilling to subscribe and legitimate advertisers put off by unpalatable content.
Its founder, Christopher "Moot" Poole, sold up in January 2015 to Hiroyuki Nisimura, the man who founded the board that inspired 4chan, Japan's almost equally unpleasant 2Channel. In a post on Sunday, entitled "Winter is Coming," Nisimura wrote that he "had tried to keep 4chan as is.

But I failed.
I am sincerely sorry." He added: Some notice there are no more middle ads and bottom ads on 4chan. Ads don't work well.
So we reduced advertisement servers cost. 4chan can't afford infrastructure costs, network fee, servers cost, CDN and etc, now. He went on to describe three options to cut costs, none of which is likely to impress the site's fractious users.

To stay afloat, the site apparently would need to halve traffic costs by closing some boards, limiting image sizes, and using slower servers; or have more pop-up or even "malicious" ads; or have more paying users. However, an unlikely saviour has seemingly emerged.
Shkreli—who erupted to notoriety of his own last year when his company, Turing Pharmaceuticals, acquired the manufacturing licence to the antiparasitic drug Daraprim and jacked its price up by 5,556 percent, from $13.5 to $750 per tablet (£10.60 to £588)—tweeted Nisimura to indicate that he would be "open to joining the Board of Directors of 4chan." Nisimura replied, and the two apparently took the discussions away from public view. Shkreli is currently on bail, pending a trial over federal charges for alleged securities fraud, after his arrest by the FBI in December last year. He also recently offered people the chance to punch him in the face for $50,000 for charity, to support the young son of his former PR guy Mike Kulich, who passed away suddenly a few weeks ago. It looks like 4chan still has a few allies in the tech world, despite its unpleasant reputation.
In a now-deleted but still-cached tweet, billionaire Minecraft founder Marcus "Notch" Persson apparently also expressed an interest in helping the site, writing: "Assuming it's not too expensive, and assuming I don't have to do any actual work myself, I'm in." Poole, meanwhile, has scored himself a job at Google, where he is "building online communities." This post originated on Ars Technica UK

Happy VXers get 400 enterprise-popping apps hosted on Google Play

Up to half a million downloads clocked for one poision app. More than 400 malicious apps from a single attacker have been successfully uploaded to the Google Play store, with one downloaded up to half a million times, Trend Micro malware researcher Echo Duan says. The malware is disguised as various games, phone boosters, and themes that when executed can compromise devices and connected networks, download additional payloads, and enslave handsets into botnets. Such malware is usually barred from the Google Play store thanks to security analysis checks Mountain View runs to determine apps that steal user data, spam with advertisements, or adversely impact privacy. The prolific authors who have created some 3000 variants of the DressCode malware have had a significant win in breaching Google's defences since apps hosted on the Play store are considered and marketed as safe. Duan says the malware attempts to gain a foothold on any networks the compromised handsets are connected to making it a threat to to enterprises and small businesses. This malware gives attackers an avenue into internal networks which compromised devices are connected to—a notable risk if the device is used to connect to company networks. "If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard," Duan says. "With the growth of bring your own device programs, more enterprises are exposing themselves to risk via care-free employee mobile usage. "[The installed SOCKS proxy] can be used to turn devices into bots and build a botnet." DressCode and you.
Image: Trend Micro. Duan says the malicious code was a small fraction of the total app codebase making it "difficult" for Google to detect. One app offering a Grand Theft Auto theme for Minecraft clocked between 100,000 and 500,000 downloads according to Google Play's metric bands. Compromising modern Android handsets is increasingly difficult for regular malware players thanks to big leaps in defensive upgrades, but most phone users run old, unsupported, and dangerously exposed versions of the mobile operating system. Some 35 percent of Android users operate version five (Lollipop) of Google's platform released in 2014, while about 25 percent run ancient version 4.4 (Kitkat) published in 2013. Fewer than 10 percent run Android version six (Marshmallow) released last year and virtually no one other than owners of Nexus 6P devices sports version seven (Nougat) published last month. Outside of the Nexus line, handsets everywhere are locked into custom vendor ROMs and as such must reply on manufacturers to push through Google's security updates and patches. Trend Micro says it flagged some 16.6 million malware detections as of August, 40 per cent up on January figures. ®

More than 400 malicious apps infiltrate Google Play

EnlargeCurious Expeditions reader comments 4 Share this story Google Play was recently found to be hosting more than 400 apps that turned infected phones into listening posts that could siphon sensitive data out of the protected networks they connected to, security researchers said Thursday. One malicious app infected with the so-called DressCode malware had been downloaded from 100,000 to 500,000 times before it was removed from the Google-hosted marketplace, Trend Micro researchers said in a post. Known as Mod GTA 5 for Minecraft PE, it was disguised as a benign game, but included in the code was a component that established a persistent connection with an attacker controlled server.

The server then had the ability to bypass so-called network address translation protections that shield individual devices inside a network.

Trend Micro has found 3,000 such apps in all, 400 of which were available through Play. Enlarge "This malware allows threat actors to infiltrate a user's network environment," Thursday's report stated. "If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard." The report continued: The malware installs a SOCKS proxy on the device, building a general purpose tunnel that can control and give commands to the device.
It can be used to turn devices into bots and build a botnet, which is essentially a network of slave devices that can be used for a variety of schemes like distributed denial-of-service (DDoS) attacks—which have become an increasingly severe problem for organizations worldwide—or spam email campaigns.

The botnet can use the proxied IP addresses also generated by the malware to create fake traffic, disguise ad clicks, and generate revenue for the attackers. Google representatives didn't immediately respond to e-mail seeking comment for this post. Trend Micro's report comes three weeks after researchers from separate security firm Checkpoint said they detected 40 DressCode-infected apps in Google Play. Trend said that only a small portion of each malicious app contained the malicious functions, a feature that makes detection difficult.
In 2012, Google introduced a cloud-based security scanner called Bouncer that scours Play for malicious apps.
Since then, thousands of malicious apps have been detected by researchers.

This raises a question: if outside parties can find them, why can't Google find them first?

Armies of hacked IoT devices launch unprecedented DDoS attacks

Security researchers have been warning for years that poor security for internet of things devices could have serious consequences. We're now seeing those warnings come true, with botnets made up of compromised IoT devices  capable of launching distributed denial-of-service attacks of unprecedented scale. Octave Klaba, the founder and CTO of French hosting firm OVH, sounded the alarm on Twitter last week when his company was hit with two concurrent DDoS attacks whose combined bandwidth reached almost 1 terabit per second. One of the two attacks peaked at 799Gbps alone, making it the largest ever reported. According to Klaba, the attack targeted Minecraft servers hosted on OVH's network, and the source of the junk traffic was a botnet made up of 145,607 hacked digital video recorders and IP cameras. With the ability to generate traffic of 1Mbps to 30Mbps from every single Internet Protocol (IP) address, this botnet is able to launch DDoS attacks that exceed 1.5Tbps, Klaba warned. The OVH incident came after krebsonsecurity.com, cybersecurity journalist Brian Krebs' website, was the target of a record DDoS attack that flooded the site at a rate of 620Gbps. The attack eventually forced content delivery and DDoS mitigation provider Akamai to suspend its pro bono service to Krebs, pushing the site offline for several days. According to Krebs, the attack was nearly twice the size of largest attack Akamai had seen before, and would have cost the company millions of dollars if it had been allowed to continue. "There is every indication that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called 'Internet of Things,' (IoT) devices -- mainly routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords," Krebs said in a blog post after his website came back online under the protection of Google Project Shield. On Thursday, antivirus and security vendor Symantec published a report warning that insecure IoT devices are increasingly hijacked and used to launch DDoS attacks. The company has seen the number of cross-platform DDoS malware programs that can infect Linux-based systems soar in 2015 and continue this year. These threats are designed to run on Linux-based firmware for CPU architectures commonly used in embedded and IoT devices. Symantec's data shows that most of these systems are not compromised through sophisticated or device-specific vulnerabilities, but due to a lack of basic security controls. Attackers typically scan the internet for devices with open Telnet or SSH ports and try to log-in with default administrative credentials. That's unfortunately all it takes today to build a large IoT botnet. And while IoT-powered DDoS attacks have now reached unprecedented size, there have been warning signs for several years that they were coming. In October 2015, security firm Incapsula mitigated a DDoS attack launched from around 900 closed-circuit television (CCTV) cameras and in June DDoS protection provider Arbor Networks warned that there are over 100 botnets built using Linux malware for embedded devices.

Nintendo’s DMCA-backed quest against online fan games

Enlarge / A scene from Another Metroid 2 Remake, one of many fan games recently taken offline by Nintendo DMCA requests.reader comments 41 Share this story Online game distributor Game Jolt has removed over 500 fan games from its public pages after it says it received a DMCA request from Nintendo, highlighting a more-focused crackdown on such games from the 3DS and Wii U maker. The DMCA request, which has been republished by Game Jolt in the name of transparency, focuses on fan games that use the characters, names, and locations of the Mario, Zelda, and Pokemon franchises.

The list of affected games ranges from standard copyright and trademark infringement like Mario Minecraft and Pokemon: PewdiePie Edition to more explicitly brand-damaging titles like Mario on Drugs and Pokemon: Death Version. Game Jolt says affected titles will still be accessible by the creators in a "locked" mode, to ensure no one loses access to their own data.

A Nintendo representative was not immediately available to respond to a request for comment from Ars. Game makers using legal requests to take down fan-made homages is nothing new in the industry; many such games are halted by cease-and-desist letters before they can even be released, in fact. Nintendo alone has issued takedown requests for dozens of fan games in the last few years, including an intriguing HD remake of Super Mario 64. But the wide-ranging Game Jolt DMCA notice follows a couple of other takedowns for especially high-profile and anticipated Nintendo-based fan games in recent weeks.

They also come on top of a hardline stance from Nintendo on other uses of its games online, from strict limits on monetization of its games on YouTube to exerted authority over use of its titles in public tournaments. Last month, Nintendo took action to shut down Pokemon Uranium, a fan game that had just been released after nine years of community effort. "After receiving more than 1,500,000 downloads of our game, we have been notified of multiple takedown notices from lawyers representing Nintendo of America," the creators said in a statement. "While we have not personally been contacted, it’s clear what their wishes are, and we respect those wishes deeply." At a glance, Pokemon Uranium is pretty hard to distinguish from an official Nintendo release. Also last month, Another Metroid 2 Remake (AM2R) was finally released online a full eight years after it was first announced. Just a few days later, the game's creator was hit with DMCA requests on all of his official download hosts (though the game can still be found elsewhere online). Despite that request, AM2R's creator, who goes by DoctorM64 online, said he was committed to continuing to update the game for people who did manage to download a copy.
In fact, he had already made one such update available through his website.

But today, after a further DMCA request sent to his personal e-mail, DoctorM64 announced that "there will be no more AM2R updates and no more releases under any platform." Speaking to Ars Technica, DoctorM64 said that while he "knew that any form of legal action was a possibility" during his years working on the game, he was still surprised when his hosts got hit with DMCA requests so soon after the long-awaited initial release. "The game became very popular in 2008, and I expected a similar amount of attention upon release.
I also expected the same amount of legal issues as in 2008: none." DoctorM64 told Ars he's considering using the knowledge gained from AM2R to work on a completely new, non-infringing project.

And despite the headaches from Nintendo, DoctorM64 said he harbors no ill will toward a company that he says is just protecting its work. "Please, don't hate Nintendo for all of this," he wrote in a blog post. "It's their legal obligation to protect their IP." "Nintendo is a company with a very orthodox view on IP management," DoctorM64 told Ars. "I like to think that some day, Nintendo might realize how fans and YouTubers can be beneficial for their brands."

71,000 Minecraft World Map accounts leaked online after ‘hack’

Dumped creds have been exposed since January Some 71,000 user accounts and IP addresses have been leaked from Minecraft fan website Minecraft World Map. The dumps, reported by Australian security researcher Troy Hunt, include email addresses, IP address data, usernames, and passwords for popular site Minecraft World Map. Login passwords were salted and hashed, and further details were not disclosed. More than half of the breached accounts were already breached and listed in Hunt's Haveibeenpwned breach credential repository. The hack, which occurred in January this year, appears to have gone unreported. "In approximately January 2016, the Minecraft World Map site designed for sharing maps created for the game was hacked and over 71k user accounts were exposed," Hunt wrote on the breach site. "The data included usernames, email and IP addresses, along with salted and hashed passwords." The site is popular with Minecraft gamers who use the web property to share their in-game developed worlds. Users should reset affected passwords reused on other sites. Password best practice is subject to debate. If advice from boffins at Microsoft and Google is followed, passwords should be pronounceable, rather than set to the typically-recommended jumble of numbers, special characters, and letters, which are difficult for users to recall. It is okay for users to reuse passwords on sites they do not care for, Microsoft academics have said, provided they set strong logins for critical sites. Britain's GCHQ spy agency also weighed in on the password best practice debate, advising admins to stop punishing users with regular password resets, which is said to lead to weaker combinations being set over time. Docker's security lead, Diogo Mónica, (@diogomonica) said that debate on password choice and complexity is off the mark, and should instead focus on convincing users to run password managers to set unique jumbled credentials for all sites. ® Sponsored: 2016 Cyberthreat defense report

Small users in a big network

Children use the Internet for schoolwork, socializing, watching films and cartoons, playing games and much more.

But, as we all know, browsing the web can be an unsafe business.
In order to control their children’s online activity many parents use specialized software – so-called parental control. This software is usually capable of controlling the amount of time a child spends online or using the computer, which apps can be launched and what personal data can be disclosed. One of the most important features of a parental control product, however, is the ability to restrict access to web resources containing undesirable content. This article examines the statistics of visits by children to websites with specific categories of content.

For this we will use Kaspersky Security Network (KSN) statistics based on notifications by the Parental Control module in Kaspersky Lab products.

These statistics will allow us to estimate which categories of undesirable websites children visit most often. How the statistics are collected Kaspersky Lab’s Parental Control module scans the content of the webpage that a child is trying to visit.
If the site belongs to one of the 14 categories listed in the module, it notifies KSN (no personal data is involved and the user’s confidentiality is respected). Access to that webpage is only denied if the parents have selected the appropriate category in the product settings.

The statistics are collected anonymously, regardless of whether the parents have selected the appropriate category (i.e., whether or not that category is blocked by Parental Control). It should be noted that these statistics do not include mobile device statistics. At the current time, web filtration is carried out for the following content categories: Internet communication media (social media, instant messaging, chats and forums) Adult content Alcohol, tobacco, narcotics Violence Weapons, explosives, pyrotechnics Profanity Gambling, lotteries, sweepstakes Computer games Electronic commerce Software, audio, video HTTP query redirection Recruitment Religions, religious associations News media We selected the first 12 categories for analysis. We decided to omit “Religion” and “News media” as these categories were only introduced recently and sufficient statistics have not yet been collected. The global picture First of all, let’s look at the global statistics. Distribution of Parental Control notifications between the 12 website categories globally, April 2015 – April 2016. We can see from this diagram that children around the world spend most time on social networking sites and instant messengers, playing computer games, and, while online, repeatedly encounter the themes of alcohol, tobacco and drugs. Less frequently, children and teenagers visit online stores, watch videos and listen to music online, sometimes encounter obscene language and occasionally visit (perhaps accidentally) porn sites. These are the average statistics for the entire world.

But are they the same for all regions or countries? It turns out that they aren’t. Regional differences For our comparison, we selected the top five website categories from the global ranking and looked at how they differed across five regions: North America (US and Canada) Western Europe (Austria, Belgium, UK, Germany, Denmark, Ireland, Spain, Italy, Liechtenstein, Luxembourg, Monaco, Portugal, France, Switzerland, Sweden) CIS (Russia, Kazakhstan, Belarus, Ukraine) Latin America (Argentina, Brazil, Mexico) Far East (China, Singapore, Hong Kong, Macao, Taiwan, Japan, South Korea). The results of the comparison are shown below: Proportion of Parental Control notifications for Top 5 categories in different regions In North America, children visit social media websites, use instant messaging systems, chats and forums less frequently than the world average, although they show more interest in computer games, alcohol and online shopping. The situation in Western Europe is very similar to that in North America. In the CIS, children and teenagers are less interested in online shopping than in other regions. In Latin America, as well as in the CIS, Internet communication media are very popular with kids and teens, while computer games are played less frequently than in other regions. The situation is different in the Far East.
Social networks are almost as popular there as they are in western countries, but kids and teens don’t spend as much time playing online computer games (which may be due to the popularity of game consoles).
Instead, they spend more time visiting online shops, such as the Japanese Rakuten, amazon.co.jp, Uniqlo, and Taobao in China. Differences between countries We found that even between countries within the same region there are differences in the popularity of the website categories.

For the purposes of comparing the situations in different countries, we added the “Adult content” category to the top five. Let’s begin with that category. Adult content When we speak of children’s safety online, it’s impossible to avoid the topic of pornography – this is the worst nightmare for millions of parents.

For quite some time, this category was at the top of the ratings, but we now have some good news! According to Kaspersky Lab’s Parental Control statistics, children from around the world are visiting pornographic and erotic websites, adult dating sites and online sex shops less and less. Popularity of the “Adult content” category around the world, Jan 2015 – Apr 2016, according to Kaspersky Lab’s Parental Control module statistics However, we cannot rule out the possibility that children visit adult content websites from their mobile devices: for them, it is easier to watch porn on their phone, with no parental control tools installed, than it is on a computer that is closely watched by their parents. Children in China show the most interest in adult content sites.

Children in the UK, US and Russia visit such sites less often. Popularity of the “Adult content” category in different countries, April 2015 – April 2016, according to Kaspersky Lab’s Parental Control module statistics According to Kaspersky Lab’s Parental Control statistics, the adult content website www.xvideos[.]com is the most popular in all regions.
If the Parental Control module is configured to block access to adult content sites, then a child’s attempt to visit this site will finish with a warning screen being displayed.
It should be noted that Safe Kids, Kaspersky Lab’s new product, works on mobile devices as well: Safe Kids notification on a mobile device If you want to reliably safeguard your child from adult content, make sure you block this category in the parental control module. Internet Communication media 67% of all visits were to websites belonging to the “Internet communication media” category, which includes social networks, instant messengers, chats and forums. Unsurprisingly, social networks are the most popular sites with children throughout the world – these sites allow them to talk to their friends, keep a kind of diary, share photos and videos, as well as shop online, play games, and watch cartoons or films.

As well as all that, there is a lot of content that children shouldn’t be seeing: on some social networks you can find pornography, purchase drugs. The most frequently visited sites in this category are Facebook, Twitter, YouTube and Pinterest.

To a lesser extent children also visit Instagram and the web-based version of the WhatsApp messenger. According to KSN data, over the last year and a half children and teenagers have been spending less time chatting with their friends online from their computers. Popularity of the “Internet communication media” category worldwide, Jan 2015 – Apr 2016, according to Kaspersky Lab’s Parental Control statistics We presume that this is due to the growing popularity of mobile Internet.

Today, mobile devices are being used more and more for online communications, especially in developed countries.

This is beyond the scope of this analysis, however, as we are looking at the statistics of Parental Control module detections on computers; these statistics don’t take into account how many times a day children and teenagers visit their social media accounts from mobile devices.

Also, IM services such as Telegram or Viber are primarily accessed from mobile devices.
In other words, children, and especially teenagers, are far more active than these statistics suggest when it comes to both types of online communications (i.e. mobile- and computer-based). Popularity of the “Internet communication media” category in different countries, April 2015 – April 2016, according to Kaspersky Lab’s Parental Control statistics Internet communication media are most popular in Mexico, Brazil, Russia and Italy, and least popular in China, Germany and the UK. We presume that for China, this is due to the state’s Internet censorship practices, while in Germany and the UK it is related to the widespread use of mobile technologies and smartphones in the everyday lives of schoolchildren. This is all well and good – technologies make our world more convenient, and talking to someone face-to-face on the other side of the planet can seem like magic! But any magic has a dark side to it.

Child molesters, fraudsters, trolls, perverts and other nefarious characters can spoil the life of a child or teenager who doesn’t stick to the rules of conduct on social networks. Read more here about how children and teenagers should behave on the social networks to protect themselves from malicious users. Computer games Children have always played games. However, in recent decades real-life games have been almost completely superseded by computer games. Today’s computer games are products of advanced technologies; they are realistic, social, absorbing, spectacular creations by designers and script writers.
It comes as a little surprise that gaming sites around the world come second in terms of popularity among children and teenagers. Popularity of the “Internet communication media” category in different countries, April 2015 – April 2016, according to Kaspersky Lab’s Parental Control statistics Computer games are least popular in Japan, Italy and Mexico. However, in these countries there are different reasons for this.

Game consoles such as Sony PlayStation and Nintendo are widespread in Japan, where they are manufactured.
In Mexico and Italy, judging by our statistics, kids and teens simply prefer social networks to computer games. Steam is one of the gaming sites most often visited by children and teenagers.
It is in fact more than a mere online gaming store – it is a large gaming community where kids and teens can talk to fellow gamers, find new friends, read news and, naturally, purchase games and share their in-game achievements. Steam’s homepage As can be seen in the statistics of websites visited by children, Minecraft is another gaming website that children and teens often visit. Minecraft can be seen as an educational (edutainment) game, and in some countries it is even part of the school curriculum, within the framework of the MinecraftEdu project. The time that your child spends playing computer games needs to be regulated. Overindulging in games can lead to a dependence.

This is especially relevant for so-called infinite games that are limited to one game plot and do not have a beginning or end. Massively multiplayer online role-playing games (MMORPG) fall under this category.

Cases are known when overuse of MMORPG has led to psychological harm, gaming addictions and even to death by exhaustion. Parents should also take note of what games their child is playing, the age ratings and the contents of the game, as well as the kind of skills they develop. Computer games are not bad, but it’s better for children to spend their time productively. Alcohol, tobacco, narcotics The popularity of websites in the “Alcohol, tobacco, narcotics” category came as a bit of a surprise.

Children in Germany (22.79%) and the UK (25.37%) show most interest in this topic. Popularity of the “Alcohol, tobacco and narcotics” category in different countries, April 2015 – April 2016, according to Kaspersky Lab’s Parental Control statistics However, a child can encounter this topic just about anywhere on the Internet.

For example, in all types of teenager blogs it is not uncommon to see a picture of a girl with a bong, or pictures glorifying vodka. Publications in social media promoting the consumption of alcohol, tobacco or drugs Similar messages often occur on different entertainment sites, such as 9gag. Images published on the website 9gag In recent years, “legal highs” have become widespread, and can be easily purchased online.

The authorities in different countries have trouble keeping up and block hundreds of new legal high websites that appear online every day.
Social media also contains numerous offers to buy “legal” narcotics. Online shop selling “legal highs” Synthetic drugs are by no means legal, let alone safe.

The effect of consuming “spice” and “salts” is unpredictable and can lead to serious harm. Electronic commerce The popularity of this category shows just how interested children are in online shopping. Popularity of the “Electronic commerce” category in different countries, April 2015 – April 2016, according to Kaspersky Lab’s Parental Control statistics As we can see, children and teenagers in China, Japan and the US visit online shops more frequently than others. Judging by the list of websites most often reported by the Parental Control module, the most popular online shops are Taobao in China, Uniqlo in Japan, and Amazon in the US. Software, audio and video An interesting trend can be seen in the “Software, audio, video” category. Over the last year and a half, visits by children and teenagers to visit websites where they can download or watch films, cartoons or listen to music have doubled. Popularity of the “Software, audio, video” category in different countries, January 2015 – April 2016, according to Kaspersky Lab’s Parental Control statistics On the face of it, this website category doesn’t seem to be a big deal. However, you shouldn’t forget about illegal software and malware – it may not hurt your child, but could cause quite a bit of damage to your computer. Popularity of the “Software, audio, video” category in different countries, April 2015 – April 2016, according to Kaspersky Lab’s Parental Control statistics Children in Japan watch cartoons and listen to music online more often than their peers in other countries.

The figures for Russia and Mexico are the lowest.
In Russia, this may be due to the fact that most young users listen to music on the VKontakte social network. According to Kaspersky Lab’s Parental Control statistics, YouTube is the most popular website in this category. Conclusion The popularity of certain types of websites among children in different countries could be linked to each country’s cultural peculiarities and economic conditions. If we look at the entire global picture, there is a downward trend in the popularity of Internet communication media among children and teenagers.

The underlying reason is the increasing use of mobile technologies and the availability of smartphones in developed countries, the emergence of convenient mobile social media and Internet communication apps, and the fact that users can always stay online thanks to their mobile devices. However, in those countries where smartphones are less prevalent, children tend to use computers more often for online communications. Interestingly, the lower the “Internet communication media” index is for a specific country, the more popular computer games are: Popularity of the “Internet communication media” and “Computer games” categories in different countries, April 2015 – April 2016, according to Kaspersky Lab’s Parental Control statistics It’s interesting to see that children are becoming increasingly self-sufficient online: they choose which music they want to listen to, which films or cartoons they watch, and which products they want to – possibly – purchase. Self-reliance is a positive trait for your child, but you still need to keep tabs on what they are doing online, just like in real life. Parental control software may just be an aid to safeguard your child from undesirable content, but it could well come in very handy – so don’t just dismiss it out of hand.

For example, Kaspersky Lab’s product Safe Kids not only blocks undesirable sites but also notifies the parents of any alarming search requests that a child makes, and about their activities on social media.
Since Safe Kids operates on mobile devices as well, parents can also get information about where their child is. For today’s children, and especially teenagers, the Internet is their natural habitat. We do everything we can to keep it safe.

LinkedIn mass hack reveals … yup, you're all still crap at...

'Linkedin'? 'P4ssw0rd'? '123456'? Come on, people Analysis of passwords from the LinkedIn leak has revealed, should there be any doubt, that users remain terrible at choosing secure login credentials. Last week a black hat hacker using the nickname Peace was revealed as attempting to sell 117 million LinkedIn users' emails and passwords on the dark web. "Peace" wants 5 BTC for the stash, delayed fruits of a well-publicised LinkedIn breach back in 2012. LinkedIn said there is "no indication that this is result of a new security breach" even though the exposure of credentials has increased from a previously admitted 6.5 million records leak to a 117 million torrent.

The business-focused social network said it intended to apply a password reset to potentially compromised accounts and urged users to enable two-step verification to further protect their LinkedIn accounts. Login credentials - especially to social media sites - are a valuable commodity for black hat hackers.

A new password hash dump analysis on the LinkedIn breach from password recovery Kore Logic has revealed that many use easily cracked login IDs. 123456 linkedin password 123456789 12345678 “123456” appears more than a million times (1,135,936 to be precise) in the dump, a long way clear of second-placed LinkedIn (207k).

The most common "base word" used in the passwords is, unsurprisingly “LinkedIn”. Even outside the obvious security slip-up of using “123456”, “LinkedIn” or “password” as an, er, password, not enough users are using complex passwords capable of resisting brute force attacks. By Friday, Kore Logic had recovered 48,520,000 unique passwords from the LinkedIn hash dump.

Four in five (78 per cent) of the unique hashes have cracked at this point. Kore Logic has already recovered the passwords for six in seven (86 per cent) of all LinkedIn.com users in the dump. LinkedIn evidently hashed passwords using SHA-1 without using salting, a combination of weak crypto and poor methodology that made it straightforward to crack the leaked password database.

All manner of mischief has ensued. Some reports suggest that seemingly benign hackers have begun to hijack the profiles of big name personalities using info gleaned from the dump.

Twitter co-founder Biz Stone (here), Minecraft creator Markus “Notch” Persson and others have had their profile hijacked by a group called OurMine Team, Vice reports. In related news, black hats have reduced the price of the LinkedIn credential dump (which started off retailing at 5 BTC or $2,200) and used media coverage of credentials being exploited in order to push sales. ® Sponsored: Rise of the machines

Circle With Disney

How many connected devices do your kids use? You had to stop and count up all the laptops, tablets, smartphones, game consoles, and such, didn't you? Installing parental control software on every one of those devices would be difficult, maybe even impossible.

That's where Circle with Disney comes in.

This little box can manage every device on your network, filtering out unwanted content and applying a variety of time limits.
It does what it promises, with a few minor rough edges, but its protection applies only when the kids are at home.The device goes for a one-time price of $99, and the iOS app that lets you manage it is free.

That's a good deal. You'd pay $79.99 each year for a family-pack license of ContentWatch Net Nanny 7, for example.

And Net Nanny manages Windows, Mac OS, and Android, but not iOS, gaming consoles, or any other platform. Clean Router controls and monitors all devices on your system, by replacing your existing router. OpenDNS Home VIP gets the same effect by taking over handling of your networks Domain Name System connections.

Circle doesn't force you to replace your router, and it's extraordinarily easy to set up and manage. Getting Started With CircleThe Circle device is a small white cube with a micro USB port for charging and a covered Ethernet port on one side. Other than that, it's pretty much featureless.

To get started, you simply plug it into a power source and wait for the light to start blinking.

As for that Ethernet port, you won't use it unless instructed to by tech support.

For testing, I installed the app on Apple iPhone 6. All setup and configuration occurs through Circle's mobile app which, for now, is iOS-only (Android support is due this summer).
It's a clean and attractive app; if appearance and simplicity were the only criteria it would be sure to win a place in our list of 100 best iPhone apps. When you launch the app, it walks you through the configuration process step by step. To start, you open Wi-Fi settings on your iOS device and connect to the Circle device's hotspot, using the password supplied by the app. Next, you log into your regular Wi-Fi through Circle, and then connect your phone back to your regular Wi-Fi.

That's it.

Circle is now paired with your network. Note that Circle will only pair to a 2.4GHz connection. Once paired, however, it should be able to manage all network devices—including those connected via 5GHz and Ethernet. How does it work? The technology is called ARP (Address Resolution Protocol) spoofing.
If you Google it, you'll come up with a lot of pages about ARP spoofing as a network attack.

Don't be alarmed; Circle isn't attacking you. Note, too, that all of its content filtering and other activity happens right on the device. Nothing is sent to the cloud. Continuing the setup process, you create a Circle account using your email address, and add your mobile phone number.

Entering a passcode sent to the phone completes the verification process. To complete the setup process, you configure settings for your own Circle profile. You choose one of five filter levels: Pre-K, Kid, Teen, Adult, or None. Of course, you should choose either Adult or None for yourself, and skip the option to limit time on the Internet. Now comes the tough part; identifying your own devices, and determining which devices shouldn't be managed.  Device Name DilemmaOn my own home network, Circle initially found two dozen devices.

That number kept rising as more devices connected.

Every connected smart home device, including my connected doorbell and garage door, showed up on the list.

And the majority of them had uninformative names.
Sure, I know which one is the Roku Device, and I have only one Dell computer, so Dell Device is pretty clear.

But there were three titled Cisco Device, and others were similarly unhelpful, including one called simply The Device. Knowing which is which can be important. You wouldn't want to accidentally put your connected garage door to sleep at a child's bedtime! For actual computers and mobile devices, there's a handy way to figure out which is which. You browse to a Circle-related website on the device and note the name that Circle gives the device. Now that you've identified it, you can change it to something more informative in the Circle app. Of course, if there are multiple devices starting off with the same name, you'll need to check that Web page again to make sure you got the right one. Tapping a device in the list gets more information, including the device-specific MAC address.
If for some reason you can't identify the device using the technique above, you can check its MAC address and flip through the list looking for a match. During setup, Circle suggested a number of devices that should be left unmanaged.
I took that a bit further, adding every device to the unmanaged list except those whose identity I had verified. Kids and DevicesNow it's time to configure Circle for each of your family members and their devices. You also create a profile called Home that applies to all devices that are neither assigned to a family member nor listed as unmanaged. When a new device connects to the network, it's covered by the Home profile by default. Assuming you've figured out which device is which in Circle's list, you associate each with the family member who owns it. Yes, you'll want to include devices belonging to adults as well, setting them to Adult or None as the filter level.

That way they won't be affected by the Home profile. Your settings for each family member apply to all of the devices associated with that profile. Note that Circle assumes every device is used by only one child, even desktops and laptops.

That could be awkward if the device is shared by kids and adults, or kids of wildly different ages. Mobicip and Net Nanny, among others, can associate child profiles with specific user accounts. Qustodio Parental Control 2015 swings either way, meaning you can associate the entire device or just one user account with the child's profile. This is a very visually oriented product, so you'll almost certainly want to add a photo for each child. You can take one directly from within the program or use a photo from your camera roll, and you can move the photo around to get the face positioned correctly. Blocking PlatformsChoosing the filter level for a child preconfigures which platforms and categories will be blocked. Platforms refers to a list of popular Internet-aware apps.

At the Teen level, HBO, Meerkat, Periscope, Reddit, Snapchat, and Tumbler are blocked; there's no platform blocking at the Adult level. At the Kid level, you see a different set of platforms, with only Club Penguin, Disney, Minecraft, and PBS permitted. Parents can choose to enable a handful of others, among them Cartoon Network, Netflix, and Nickelodeon.

At the Pre-K level, things are even more limited. Content Filtering CategoriesCircle identifies 30 content categories that parents can choose to allow or block.

Even at the Adult filtering level, five of these are blocked: Dating, Explicit Content, Gambling, Mature, and VPN & Proxies.
If you've selected the Teen level, those same five are always blocked; there's no option to unblock them.

Choosing Kid-level filtering adds Social Media to the always-blocked list.

And at the Pre-K level, the only sites permitted are those in the Kids category. In testing, I found the settings very responsive.

Changes took effect immediately.

And I couldn't find any sites that should have been blocked but weren't.
Since Circle blocks proxies by default, the trick of using a secure anonymizing proxy to evade monitoring and control didn't work.

Being device-independent, Circle is naturally also browser-independent. Privacy and SafetyIn addition to limiting your child's access to specific platforms and content categories, Circle offers a handful of privacy and safety settings.

For Teen users, it forces Safe Search in Google.

At the Kid level, it also enables YouTube restrictions.
Shifting down to Pre-K removes your ability to change these restrictions; they're always on. You can also turn on ad blocking, if you wish.

This feature seemed to work fine, removing ads without wrecking page layouts. Of course, if everyone blocked ads then websites that rely on advertising for revenue might have to start charging for access. Time Limits, Bedtime, and PauseCircle doesn't let you create a weekly hour-by-hour Internet schedule the way Mobicip, Symantec Norton Family Premier, Net Nanny, and many other competitors do, but it does have some useful time-control features.

For starters, you can set a daily maximum for Internet access that applies across all of the child's devices. You can also set a time limit on any of the platforms and content categories.
Sure, your child can watch Netflix, but only two hours a day—no binge-watching Orange is the New Black! Social media? Fine, but limited to one hour.

And so on.

Time limits are off by default. Circle can't make your kids go to bed when they should, but it can remove the distraction of online activities.
If you enable the bedtime feature for a child, Internet access on all of that child's devices will cut off at the specified time, and resume at the specified wakeup time. Of course, this doesn't affect use of the device for games and activities that don't require Internet access. Here's a feature Circle's website touts proudly—you can pause the Internet! Tap the big pause button on the app's home screen to pause access for all managed devices. You can also pause just one child's devices, or just one specific device.

Anyone trying to connect will just see a screen proclaiming that access is paused. Hands On with CircleI set up the Circle device on my home network and assigned devices to a couple of imaginary children.

Then I started experimenting. I realized right away that I'd be happier controlling Circle from my iPad than my iPhone. Making that happen was a snap.
I simply installed the app on the iPad and launched it.

The app sent a four-digit code to my phone. Once I entered the code, boom! I had control of Circle from the iPad. The Circle app's big main window shows all of your family members' pictures, each inside a circle. When you launch the app, they spin into place, arranged evenly around a central circle that represents the home.

Tapping a picture goes to that family member's settings.

Tapping the central circle lets you configure default settings for devices in your home.

A simple menu lets you add more family members, track and configure devices, and make some simple configuration settings. As noted, I couldn't find any sites that should have been blocked but weren't.

A child who tries to visit a blocked site gets redirected to a page that simply says, "Looks like you've been filtered." There's no detail about precisely why, nor any option to ask a parent for permission to visit the site, like you get with Norton, Microsoft Family Safety for Windows 10, and others.
I prefer these approaches to Circle's laconic block message, but at least it does the job.  This page displays a breakdown of the child's time online, with a chart showing the most-visited categories.
It also displays any time limits, including how much time is left, in 5-minute increments.

The rest of the page is an endlessly scrolling collection of Disney-related content.
Images, icons, tweets, animated GIFs, links, quizzes…you name it! When Circle blocks access to a site, it makes sure your child has alternatives, specifically Disney alternatives. Tapping Insight on a child's profile page in the app gets you a very simple report.

Circle doesn't list the sites or categories that it filters out; it doesn't even report the number.
It does tell you how many minutes the child spent on each platform or category.

Tapping a category opens a list of matching sites. You can set Circle to report activity for the current or previous day, week, or month. Some Rough EdgesThis product is slick and professional, but I did encounter some rough edges.

A child who tries to access the Internet after bedtime just sees a message saying, "Looks like it's past your bedtime." However, trying to access Google at that time instead got a big, confusing error message stating that "Attackers might be trying to steal your information." Even during time when the Internet was supposed to be available, I got a similar result trying to make a Yahoo search.

The Yahoo page appeared just fine, but instead of the results page I got that same scary error message.

That error also occurred when I tried to visit a secure anonymizing proxy. Eventually I realized that every time Circle tried to swap in its own message on a secure (HTTPS) site, it triggered that error.
Since ARP spoofing is used in actual network attacks, this isn't entirely unreasonable, but I wish Circle's FAQ included an explanation. During this evaluation, I went to the product's FAQ page online for details frequently. Quite a few times I got the message, "This website is under heavy load (queue full)."  That's not something you often see.
I hope they'll work on adding server capacity. Home Is Where the Control IsPausing the Internet sounds pretty cool…but it's limited.

To escape all control by Circle, a child with a smartphone need only switch from Wi-Fi to cellular data. Mooching a neighbor's Wi-Fi is another possibility.

And of course if the child isn't in your home, but rather using Wi-Fi at school, or at a friend's house, Circle is powerless. According to the company's press release, that's going to change soon.

A mobile parental control app called Circle Go will extend coverage to all iOS devices even when they're outside the home.

There's no word as yet about a version for Android, or for Mac or Windows laptops. An Interesting VariationCircle with Disney is an interesting variation on typical software-based parental control systems.
It effortlessly manages every single device on your home network, including new ones that join.

And it proved effective at blocking access to specific content categories in testing. However, its capabilities end the moment your child leaves the house. If you opt to buy this device, consider backing up its protection with a more traditional parental control product, at least on your children's most-used devices.

A family license for ContentWatch Net Nanny 7 handles up to 10 children on any number of devices. Qustodio Parental Control 2015 manages five children and five devices.

And Symantec Norton Family Premier doesn't apply any limits at all.

All three are Editors' Choice products for parental control.