Home Tags Peer-to-peer

Tag: peer-to-peer

Destiny 2 moves to a more server-centric networking model

"Hybrid" approach mixes dedicated servers and some peer-to-peer communication.

Dridex: A History of Evolution

In the several years that the Dridex family has existed, there have been numerous unsuccessful attempts to block the botnetrsquo;s activity.

The ongoing evolution of the malware demonstrates that the cybercriminals are not about to bid farewell to their brainchild, which is providing them with a steady revenue stream.

“Android Go” will strip Android down for ultra-low-budget phones

Android Go extends and continues past efforts to reduce resource usage.

Kiosk delivers pirated movies to USB sticks in the middle of...

“Maintenance” man torrents all day, then sells movies for 13 cents a pop.

Report: Apple wants to let you exchange money with your friends

First-party money transfer service would compete with Paypal, Google, and more.

Cybercriminals prefer to chat over Skype

Law enforcement and government officials don’t like encrypted peer-to-peer chat platforms such as WhatsApp and Jabber because it is harder to eavesdrop on what cybercriminals are planning.

But according to a recent study of global cybercriminal operations, the bulk of criminal discussions don’t happen over encrypted chat.
Skype is the preferred mode of communication among cybercrime gangs worldwide.Skype, owned by Microsoft and widely used by consumers and enterprises, doesn’t encrypt messaging end-to-end the way the secure messaging apps do.

But it is still popular among cybercrime gangs around the world, FlashPoint analysts found in a study of communications platforms used by financially motivated cybercriminals.To read this article in full or to leave a comment, please click here

Cybercriminals Mostly Prefer Skype Messaging

But cybercrime gangs worldwide are increasingly using encrypted peer-to-peer chat platforms for their communications outside online underground forums, new study finds.

Vigilante botnet infects IoT devices before blackhats can hijack them

Hajime battles with Mirai for control over the Internet of poorly secured things.

Merriam Webster updates tech word list—and you will believe which ones...

Includes "net neutrality" and "EpiPen"; still on the sidelines about how to say "GIF."

25% off ARRIS SURFboard SB6190 DOCSIS 3.0 Cable Modem – Deal...

The SURFboard SB6190 is the first Gigabit+ cable modem available in retail, and is compatible with major US Cable Internet Providers like Xfinity by Comcast, Time Warner, Cox, Brighthouse and many others, so you can ditch their cable modem (along with their rental fee) and regain control.
It harnesses the power of DOCSIS 3.0 technology to bond up to thirty two downstream channels and eight upstream channels--providing you advanced multimedia services with data rates up to 1.4 Gbps download and 131 Mbps upload depending on your Cable Internet provider service.

That makes streaming HD Video, gaming, shopping, downloading, working, high-quality voice and video conferencing, and peer-to-peer networking applications far more realistic, faster, and efficient than ever before.
It averages 4.5 out of 5 stars on Amazon from over 4,100 people (read reviews).
Its typical list price of $149.99 has been reduced 25% to $111.99.
See it now on Amazon.To read this article in full or to leave a comment, please click here

Researchers Find Security Flaws in IoT Cameras From Sony, Others

Security researchers discover significant vulnerabilities in two separate lines of surveillance video cameras that could allow them to be hacked or made part of an internet of things botnet, researchers say. Two security researchers working separately are warning consumers and enterprises that network-connected video cameras from different manufacturers may not be secure, after researchers found vulnerabilities and backdoor code in the devices that could allow attackers to create internet-of-things botnets or spy on the users.In a research note published on Dec. 6, security firm SEC Consult stated that 80 models of cameras sold under the Sony brand have a backdoor that could allow attackers to take complete control of the devices.
In a separate study published the same day, researchers for security firm Cybereason detailed their discovery of two zero-day vulnerabilities in white-box video cameras sold under various brand names on sites such as Amazon and eBay.Hundreds of thousands of devices connected directly to the Internet are vulnerable, and even more may be accessible through a peer-to-peer service, Amit Serper, principal security researcher with Cybereason, told eWEEK.“In about six hours, we came up with two zero-days that allow us to get the password for the camera, no matter how complex it was,” he said. “I’ve reversed engineered hundreds of these types of devices, and this is the worst that I’ve ever seen.” Serper and Cybereason have attempted to contact the manufacturer, but have not had any luck and there is no fix for the camera.

Cybereason recommends that users dispose of the devices instead of continuing to use them. The discoveries are the latest evidence highlighting the lack of security in connected devices.
Security researchers have warned the makers of internet-of-things devices that security has to be a greater priority. Numerous studies have found vulnerabilities in popular network-connected consumer devices that could leak information or, in the worst case, allow an attacker to take control of the devices.The state of IoT security, however, has taken on much greater meaning recently, after massive denial-of-service attacks that have emanated from botnets comprised of connected devices.
In September, security researcher and journalist Brian Krebs was the target of a massive denial-of-service attack produced by a program, named Mirai, which had infected a large number of digital video recorders and home routers.
In October, a similar attack disrupted domain-service provider Dyn and major internet services, such as Twitter and GitHub.The backdoor in Sony’s video cameras took the form of a hard-coded password for the root—or super-user—account on the devices.“We believe that this backdoor was introduced by Sony developers on purpose—maybe as a way to debug the device during development or factory functional testing—and not an ‘unauthorized third party’ like in other cases, (such as) the Juniper ScreenOS Backdoor,” SEC Consult stated in its research note.“We have asked Sony some questions regarding the nature of the backdoor, intended purpose, when it was introduced and how it was fixed, but they did not answer.”SEC Consult notified Sony of the issues, and the company has released updated firmware for the affected models, the security firm stated.

Researchers Show Even 'Smart' Light Bulbs Are Threatened on IoT

A team of academic researchers find a way to infect Internet of Things devices—in this case, smart light bulbs—to enable them to spread malicious code to other devices. A team of academic researchers demonstrated how even the simplest Internet of Things devices could be used to spread malicious code when they exploited a vulnerability in a popular smart light bulb to infect other devices.In a draft research paper, researchers from the Weizmann Institute of Science in Israel and Dalhousie University in Canada outlined their method of wresting control of Philips Hue smart lights from a home-automation network and then remotely updating the devices with malicious code.With just 15,000 randomly distributed smart lights in an urban area, a network worm could spread in a chain reaction throughout an entire city, the researchers concluded using a type of analysis known as percolation theory.“The attack can start by plugging in a single infected bulb anywhere in the city and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack,” the researchers said. Network-connected devices—from smart light bulbs to programmable thermostats to wireless video cameras—are the basic building blocks of the Internet of Things. An increasing number of devices are already connected to controllers and Internet-connected hubs, with as many as 50 billion expected to be in use by 2020. While some smart-device manufacturers have made security a priority, most have focused on getting their products to market, leaving the potential for significant vulnerabilities that could affect the products and their users.Unsecured webcams, for example, can allow attackers to see into consumers’ homes. And in September and October botnets using millions of IoT devices knocked many target websites off the Internet, including security journalist Brian Krebs and domain-name service Dyn.Unless more manufacturers and users consider the threats of the technology they are using every day, the risk of a major incident will only rise, the researchers said.“Without giving it much thought, we are going to populate our homes, offices, and neighborhoods with a dense network of billions of tiny transmitters and receivers that have ad-hoc networking capabilities,” they wrote in the paper.“These IoT devices can directly talk to each other, creating a new unintended communication medium that completely bypasses the traditional forms of communication such as telephony and the internet.”Philips had taken steps to secure the lights from hackers, including encrypting data and refusing to reset a connection unless a ZigBee controller is in close proximity to the bulb.However, the ZigBee chip used by Philips, and made by Atmel, had a major bug in its proximity test, the researchers found. As a result, a controller within 400 meters can initiate the factory reset procedure. The researchers tested the attack on lights distributed around their university campus, taking control of the Hue smart bulbs.The equipment needed to conduct the factory reset could be mounted on a drone for a remote attack, a technique known as war-flying.The attack could easily be undone, except that the researchers also reverse engineered older bulbs to extract the encryption key used to secure firmware updates. Using that key, they created new software to overwrite the code that manages the bulbs to spread to other bulbs.“A single infected lamp with a modified firmware, which is plugged-in anywhere in the city, can start an explosive chain reaction in which each lamp will infect and replace the firmware in all its neighbors within a range of up to a few hundred meters,” the researchers wrote.Unlike previous worms, the attack does not require any internet access or communications, relying on the ZigBee protocol to send the malicious code among the bulbs in a peer-to-peer network. A city the size of Paris, about 105 square kilometers, could be infected if 15,000 lights were installed in a random distribution across the urban area, the researchers calculated.“Since the Philips Hue smart lights are very popular in Europe and especially in affluent areas such as Paris, there is a very good chance that this threshold had in fact been exceeded, and thus the city is already vulnerable to massive infections via the ZigBee chain reaction described in this paper,” they wrote.