18.4 C
London
Monday, August 21, 2017
Home Tags Vimeo

Tag: Vimeo

Patent for "CD-Rs by mail" service—perhaps inspired by old-school Netflix—used to sue.
WordPress developers are encouraging users of the content management system to apply a new update, pushed this week, to resolve eight security issues, including a handful of cross-site scripting (XSS) and cross-site request forgery (CSRF) bugs. Aaron D.

Campbell, a WordPress core contributor announced the release, 4.7.1, Wednesday afternoon. WordPress 4.7.1 Security and Maintenance Release https://t.co/Qxgd132Dw9 — WordPress (@WordPress) January 11, 2017 One of the XSS vulnerabilities could be triggered via the plugin name or version header on update-core.php, another could be exploited via theme name fallback, according to the release notes. One of the CSRF bugs, identified by Abdullah Hussam, an Iraqi security researcher who’s previously found bugs in Vine, Twitter, and Vimeo, could lead to a bypass if a specific Flash file was uploaded.

Another CSRF bug, discovered by Danish developer Ronni Skansing, was tied to how WordPress handled accessibility mode in widget editing.
Skansing has found several bugs in WordPress over the years. Last February he found a server side request forgery (SSRF) vulnerability in WordPress 4.4.1.

An attacker could have exploited the bug by making it appear that the server was sending certain requests, possibly bypassing access controls. Another issue in WordPress’ REST API could have exposed user data for any users who “authored a post of a public post type.” The issue, jointly uncovered by Brian Krogsgard, who runs the WordPress news site Post Status, and Chris Jean, a WordPress developer for iThemes, was fixed by limiting which posts are seen within the API. WordPress have now fixed my vuln on relation to weak crypto https://t.co/899unBLnKn — linkcabin (@LinkCabin) January 11, 2017 The update also fixes what WordPress calls “weak cryptographic security” in the way it handles multisite activation keys, in addition to 62 smaller bugs that have popped up over the last month or so since the release of version 4.7. Lastly it appears 4.7.1 includes an updated version of the email sending library PHPMailer. While Campbell claims “no specific issue appears to affect WordPress or any of the major plugins” he and other WordPress contributors investigated, they decided to update the library “out of an abundance of caution.” Developers with PHPMailer updated the library to version 5.2.21 two weeks ago to mitigate a remote code execution vulnerability discovered by Dawid Golunski of Legal Hackers.

Golunski warned that an attacker could exploited the vulnerability by targeting website components that use the library, like contact/registration forms, email password reset forms, and so on.

Join the IoT Home Inspector Challenge to provide a technical solution to Internet of Things vulnerabilities.

The Internet of Things isn't exactly a secure platform: Baby monitors, Wi-Fi routers, and refrigerators can expose homeowners to malicious attacks.

But while industry giants fight for better safeguards, the government is turning to its constituency to help save the day.

The Federal Trade Commission invites members of the public to create a technical solution to protect consumers and their homes from IoT security vulnerabilities. In return, there's cash on offer.

Submissions to the IoT Home Inspector Challenge must provide a technical solution (as opposed to a policy or legal fix), that works on existing devices and protects information collected "in transit and at rest."

The tool could be a physical device, an app or cloud-based service, or user interface. According to the Challenge website, it would, "at a minimum, help protect consumers from security vulnerabilities caused by out-of-date" software and firmware.

Proposals should address how the tool "will avoid or mitigate any additional security risks that [it] might introduce into the consumer's home," the FTC's criteria summary said. Submission should include an abstract (a title and brief description), short video demonstration (via YouTube or Vimeo), and detailed written explanation of the tool.

Five judges will assess each entry based on how well it works (60 points out of 100 total score), how user-friendly it is (20 points), and how scalable it is (20 points). For an additional 10 points, folks can address other ways to help guard against broader IoT security vulnerabilities.

Ideas will be accepted until 12pm Eastern on May 22. For more information on the judges and the complete rules, visit the FTC's Challenge website.

Prize winners can earn up to $25,000 for their idea; $3,000 will be available for each honorable mention; the FTC expects to announce victors in July.

The Broadband Internet Technical Advisory Group in November published a plan to help boost the security of the millions of devices that make up the IoT. Google, T-Mobile, Cisco, and several other tech companies called for a major shift in the way manufacturers approach security: They should be "restrictive instead of permissive," the advisory group said. So, instead of automatically allowing Internet traffic—in some cases without a password or firewall—IoT devices of the future should be inaccessible to inbound connections by default.

It rubs the lotion on its skin, repeatedly it seems Exclusive An unpleasant Monday morning kicked off when my personal email account popped up a message of thanks for joining YouTube rival Vimeo.
Seven minutes later, I visited the website, where I was confronted by a sexually explicit video stating I was a pedophile. The video depicted a bearded young man lying back on a bed, pleasuring himself rather vigorously in front of an iPhone.
It was title "Iain Thomson masturbates on webcam in front of 15 year old girl." As someone who has never exposed their shortcomings in such a way, nor looks anything like the aforementioned chap with his chap out on show, the video itself wasn't immediately worrying, although it was worth digging into. Interesting; a @vimeo user has just set up an account in my name and uploaded an obscene clip.

This could make a good article... — Iain Thomson (@iainthomson) May 2, 2016 After discussing the situation with Vimeo, it appears that I'd been caught up in an increasingly common practice of blackmailing people online using embarrassing videos. Sextortion Sexual extortion is happening all the time on the internet: typically, a victim is tricked into performing sex acts on webcam by someone pretending to be a potential paramour.

The blackmail then threatens to leak the compromising images to friends, family and colleagues unless more acts are performed or money is paid. More often than not, such extortion is devastating for the victim and can lead to further abuse.

The Feds have been taking an increasing interest in such cases and tough sentences are being handed out to perpetrators: Karen "Gary" Kazaryan was threatened with 105 years in the big house after getting caught, although he got away with just five years inside. More recently Interpol has warned that organized crime is getting in on the sextortion racket.
Victims are identified via social media, dating, webcam or adult pornography sites, recorded, and then warned to pay up if they don’t want their family and friends to find out what they were up to – sometimes in an email purporting to come from the police themselves. It is, by some accounts, quite a money spinner, and is becoming an increasing problem – not least because victims are unlikely to go to the police.

That's particularly true if the video alleges serious criminal behavior, as the one thrown at me did. However, as a tech journalist I know people at Vimeo, and so I went to the company to find out what was going on.

A technical team within the biz trawled through server logs and appeared to find a first for the New York City-based outfit. Under Vimeo's terms and conditions, videos can be uploaded to an account without any activation by the holder of the email address associated with the account.

Activation of an account opens up messaging services and other goodies, but videos can be posted regardless of whether the account's email address has been validated. This allowed the perp to publish a stranger's private video under my name, using my email address – a stranger who happened to share the same name as me. He is the real victim in this case, wherever in the world he may be: the blackmailer's next step would have been to extort the bloke, or publicly shame him, using the uploaded video.

The vid was removed in less than 24 hours. What to do in these situations If you are the victim of this kind of sextortion attack there are a number of steps to take that will minimize harm. Firstly, be open about it to break the blackmailer's hold. When the video upload notification came up with a screenshot, I thought it was a joke of some kind and showed it to my editor and the other hacks in Vulture West.
It was only when I got home and actually viewed the video on a secure machine that the pedophilia accusation was seen and things got serious. Since there's no way this person could be mistaken for me (I've never worn a beard, am considerably slimmer than the victim, and have never owned an iPhone) I wasn't too worried.

But once something goes online there's always a fear that it could be used to try and trash an online reputation. Secondly, victims should go to the video hosting company and the police if they are being extorted.
Vimeo and others want no part of this kind of traffic and are generally pretty good about taking down videos, and the police are more clued in than they used to be. Paying up will most likely lead to demands for more money. Crucially, don’t destroy the evidence.
Vimeo were able to sort this out so quickly since I'd backed up all the emails but if you are being extorted make sure to keep everything, even logs of the conversations which prompted the original unwise activity. Finally, just don’t do this kind of online sex unless you are 100 per cent certain that the person on the other end is who they say they are, and even then I'd advise against doing it.

Even if you are convinced the person at the other end is real, there's no telling what they could do if the relationship breaks down, as revenge porn sites have shown. Back in the dawn of the World Wide Web, Bruce Schneier gave some excellent advice in the first interview I had with him: never write or post anything online that you couldn’t justify publishing in your local paper.
It was good advice then and still holds true today. ®
ISO 14001 and 50001 certifications make British cloud and network provider one of the most highly certified technology companiesLondon, U.K., 30 June, 2016 – British cloud and networking provider, Exponential-e, has been awarded two ISO (International Organisation for Standardisation) certifications recognising energy and environmental management across its business.

Between May 2015 and May 2016, Exponential-e reduced its carbon footprint by a total of 68%.

The ISO 14001 and ISO 50001 Standards are an addition to Exponential-e’s five existing certifications across security, business continuity, quality and service management, making the company one of the only technology providers to hold this many ISO certificates. “With new figures published by British Gas revealing that the UK is still amongst the top 20 countries emitting the largest amount of carbon, British businesses need to urgently review their energy and environmental policies in order to remain globally competitive,” said Jitesh Bavisi, Director of Compliance at Exponential-e. “Although we’ve always taken pride in our Corporate Social Responsibility, these certifications prove our achievements in carbon footprint reduction. We’ve made significant investment into upgrading our facilities, which now reflect a responsible future-focused organisation, and we will continue to work on minimising our long-term environmental impact. We’re delighted to reveal that our energy bill has gone down significantly even though we’ve gained 34 new employees in the past 5 months.” Achievement of the ISO 14001 Environmental Management Standard, is based on the company’s ability to reduce costs in waste, recycling and consumption, as well as manage environmental risks.
ISO 50001 Energy Management Standard shows Exponential-e’s energy efficiency across the business, including raising employee awareness and working towards a more secure long-term energy supply.
Implementing the two standards and maintaining an integrated approach will help Exponential-e’s long-term commitment to reducing its environmental impact. This certification also ensures Exponential-e’s compliance with the Environment Agency’s Energy Savings Opportunity Scheme (ESOS), which identifies areas of energy savings available across the organisation. Examples of Exponential-e’s energy and environmental initiatives include installation of £30,000 worth of motion sensors across its offices that manage light usage, and replacement all its plasma screens, which hold C or D energy consumption ratings, with more environmentally-friendly LEDs, which hold A+ ratings. “With technology being a sector that is traditionally energy intensive, a reduction of 68% is significant.

As we develop and evolve our offering at Exponential-e, we’ll continue to maintain our audits and look to build around our standards frameworks for managing quality, security, business continuity, service and now environmentally friendly policies. We no longer have an area of our business that’s not assessed by a third party, and we’re proud to be one of the few technology companies holding seven ISO certificates,” concludes Bavisi. Toni Allen, UK Head of Client Propositions, BSI comments: “Achieving certification to both ISO 14001 and ISO 50001 demonstrates Exponential-e’s commitment to being a more sustainable organisation.
Implementing these management systems will enable them to control their environmental and energy impact and continually improve their performance.” -ENDS- About Exponential-eExponential-e is a British cloud and connectivity pioneer with a difference.
Its cloud services do not traverse the public Internet.
Instead, they reside (logically) on a customer's LAN, on the clean side of the firewall so security and privacy concerns are negated.

Exponential-e wholly owns a super-fast 100 Gigabit Ethernet Layer 2 VPLS Network that guarantees a superior level of resilience, reliability and performance.

Exponential-e also integrates with third party providers and bespoke applications for both the Enterprise and SMEs with an end-to-end SLA.That’s why it’s trusted by over 2,800 customers, boasts 96% customer reference-ability, features in the London Stock Exchange's Top 1000 Companies to Inspire Britain, included in Investec’s Top 100 fastest growing UK Mid-Market companies and ranked number 16 in the Megabuyte50, which lists the best performing, privately-owned technology companies in the UK.Exponential-e's services are delivered down one pipe, enabling 100% network visibility and control.

The company has demonstrated the highest levels of compliance with industry standards and has been awarded seven ISO accreditations including the highly coveted cloud Security Alliance STAR.

Exponential-e’s product portfolio includes services for cloud & IT, Voice, Networking, Data Centres and Professional Services. Connect with Exponential-e:Twitter: https://twitter.com/Exponential_eLinkedIn: https://www.linkedin.com/company/29666Vimeo: https://vimeo.com/exponentiale
Dennis SkleyA federal appeals court ruled Thursday that ISP's such as video-sharing sites like Vimeo are protected by the Digital Millennium Copyright Act for pre-1972 musical recordings uploaded by their users. The record labels had sued the YouTube-like site and successfully convinced a district court judge that, because pre-1972 recordings fell under state laws and not federal copyright law, the DMCA didn't apply.

The 2nd US Circuit Court of Appeals reversed that decision, and also overturned the lower court that ruled the DMCA didn't grant so-called safe-harbor passage to ISPs whose employees saw infringements on their platforms uploaded by their users. The decision once again affirms that the DMCA extends immunity to Internet Service Providers for the infringement of their customers if an ISP removes material at the request of the right holder.

The decision was akin to an earlier and popular decision called Viacom v. YouTube, which the record labels said was off base in the case against Vimeo. In the case decided Thursday, the court ruled that a "showing by plaintiffs of no more than that some employee of Vimeo had some contact with a user-posted video that played all, or nearly all, of a recognizable song is not sufficient to satisfy plaintiffs’ burden of proof that Vimeo forfeited the safe harbor by reason of red flag knowledge with respect to that video." The ruling added that a "service provider's personnel are under no duty to 'affirmatively seek' indications of infringement." Regarding the pre-1972 recordings, the court ruled: To construe § 512(c) as leaving service providers subject to liability under state copyright laws for postings by users of infringements of which the service providers were unaware would defeat the very purpose Congress sought to achieve in passing the statute.
Service providers would be compelled either to incur heavy costs of monitoring every posting to be sure it did not contain infringing pre-1972 recordings, or incurring potentially crushing liabilities under state copyright laws.
It is not as if pre-1972 sound recordings were sufficiently outdated as to render the potential liabilities insignificant. "Today's ruling by the Second Circuit is a significant win for not just Vimeo, but all online platforms that empower creators to share content with the world," said Michael Cheah, Vimeo's general counsel.

The case was brought in 2009 by Capitol Records and Sony, which did not immediately respond for comment. The Electronic Frontier Foundation applauded the ruling. "The Court held that (1) there was no duty to monitor for infringement, (2) that suspicion of infringement wasn’t enough unless infringement was obvious, and (3) a few sporadic videos out of millions where Vimeo employees “inappropriately” encouraged users to post infringing videos was insufficient to remove the DMCA safe harbor protections," the group said.
Mozilla, reddit, others to display the "spinning wheel of death" next week.
No. 1-selling software for running Windows applications on a Mac becomes an even easier choice for millions of consumers and IT professionals worldwide with this most powerful version of the software to dateLONDON, UK - August 20, 2014 - Parallels® today launched Parallels Desktop® 10 for Mac (www.parallels.com/uk/upgradepd10) and Parallels Desktop 10 for Mac Enterprise Edition, the industry-leading software for running Windows applications on Macs. New built-in intelligence and support for Apple's latest operating systems - including OS X Yosemite[1] - greatly improves ease-of-use for both business users and consumers, allowing them to forget about the operating system and focus on the task at hand. Starting Aug. 20th, current users can upgrade to Parallels Desktop 10 for Mac at www.parallels.com/uk/upgradepd10. For new customers, Parallels Desktop 10 will be available for purchase at retail and online stores worldwide and via the Parallels website starting Aug. 26th."Millions of Parallels Desktop for Mac customers have come to expect ingenuity, ease of use and speed from Parallels and they will not be disappointed with Parallels Desktop 10," said Parallels President Jack Zubarev. "With Parallels Desktop 10 customers can enjoy new levels of productivity without having to worry about whether the app they need is available on a specific operating system — Parallels creates a world of compatibility at home, work and on the road." Parallels Desktop 10 will bring many of the announced features of Mac OS X Yosemite[1] to Windows and Windows applications, supporting iCloud Drive, iMessages and SMS text sharing from Windows, and control of virtual machines from Spotlight preview and Finder QuickLook. New ease-of-use improvements include Wizards that guide users through optimising their experience, improved performance and battery life, and improved usability between operating systems so that people can complete tasks more quickly. Parallels Desktop 10 gets out of the way so customers can think less about the tools being used and more about what's important. It also offers the choice and freedom to use whatever operating system fits your needs - including OS X Yosemite, OS X Mavericks, Mac OS X Mountain Lion, Windows 8, Windows 7, Chrome OS, Android and a number of Linux operating systems - all on one computer."Today we are seeing a shift in consumer behaviour. Users' expectations are that they should be able to simply run any application they need regardless of operating system," said Laura DiDio, ITIC Consulting. "Parallels Desktop 10 for Mac is helping customers realise this goal by offering best-in-class virtualisation software and cross-platform access tools for consumer, SMB and enterprise users."Parallels Desktop for Mac Enterprise EditionParallels is also updating Parallels Desktop® for Mac Enterprise Edition — the best way to provide Windows applications on Macs in a corporate environment. Now IT managers can support Windows applications for Mac users with a configurable, policy-compliant solution that easily fits into existing IT business processes. New features allow administrators to select and enforce a USB device policy, install OS X guests using a NetBoot image from a server on the corporate network, encrypt OS X virtual machines with the help of the FileVault encryption feature built into OS X, and check the status of licenses and reclaim seats directly. Built upon the world's best-selling Mac desktop virtualisation solution, it adds centralised administration and management capabilities as well as enhanced security to keep IT in control of virtual machines.New Features and ImprovementsRegardless of whether it's ease-of-use, increased productivity, or better performance, Parallels Desktop 10 for Mac offers improvements across all fronts:Performance and Optimisation:Users can now open Windows documents up to 48 percent fasterBattery life is extended by up to 30 percent giving people additional work time when they need it mostVirtual machines use up-to 10 percent less Mac memoryNew virtual machines with default settings launch Office 2013 applications up to 50 percent fasterVirtual machine only takes as much disk space on the Mac hard drive as it needs. Real-time optimisation automatically compacts virtual disk eliminating the need for periodic manual compacts. Free Disk Space Wizard allows users to review and clean up space used by Parallels Desktop and Virtual MachinesEasy to get started:Now with one click users can select from a number of choices to optimise their virtual machine based on what their primary usage is: productivity, games, design or development The new Parallels Control Centre is a one-stop-shop for managing Parallels Desktop; it allows users to manage all their virtual machines and configuration settings from a single placeWindows installation has been streamlined, with new ways to configure virtual machinesRegional settings from the Mac are now set by default in Windows virtual machinesSeamless integration for best user experience: Users can share files, text or web pages from Windows using Internet accounts configured on their Mac such as Twitter, Facebook, Vimeo, Flickr; or send them via email, AirDrop and Messages. When users install a new Windows application, its icon will automatically be added to the OS X LaunchpadThe unread email indicator on Outlook lets users see at a glance the number of unread emails in Outlook, just like with Apple MailUsers can drag and drop files to the virtual machine icon in the Dock to open in WindowsUsers also have the ability to easily restore any setting to its default value by clicking the Restore Defaults button in the Virtual Machine Configuration windowUsers can drag and drop files to Mac OS X virtual machinesWhat Customers are Saying About Parallels Desktop 10 for Mac"Parallels Desktop 10 is - quite simply - remarkable. I've been a user of Parallels Desktop since version six," said Steven Z."I installed OS X Yosemite Developer Preview as a virtual machine (VM) within Parallels Desktop 10. It works like a dream. I like the idea and ability to configure before launching a VM. I love the Parallels Desktop Control Centre - it looks elegant. I especially like the option to use compact or expanded views. Installation and integration is seamless. I installed Windows 7 and this worked flawlessly within Parallels Desktop," said Mike B."Parallels Desktop 10 running Windows 7 Ultimate is running great! I love the smooth interface between Windows on Parallels Desktop and going to my Mac OS," said Roland S.Availability and PricingParallels Desktop 10 for Mac is available beginning Aug. 20th, as an upgrade for current Parallels Desktop for Mac users. The full version will be available to new customers on www.parallels.com/products/desktop starting Aug. 26th. Packaged software will also be available worldwide starting on Aug. 26th. The standard retail price (SRP) of Parallels Desktop 10 for Mac is £64.99, and the Student Edition is available for £32.95. Upgrades for existing Parallels Desktop 8 or 9 for Mac customers are £34.99. Parallels Desktop 10 for Mac customers receive a complimentary three-month subscription to the Parallels Access app (www.parallels.com/products/access) for up to 5 Macs and PCs and an unlimited number of iOS and Android mobile devices.Parallels Desktop for Mac Enterprise Edition software is available via www.parallels.com/products/business. Parallels Mac Management (http://www.parallels.com/products/mac-management) plugin for Microsoft System Centre Configuration Manager (SCCM) extends your existing SCCM infrastructure to discover, enrol and manage Macs just like you do PCs, through a single pane of glass. From deploying Mac OS X images to managing virtual machines running in Parallels Desktop for Mac Enterprise Edition, it's everything you need to be a Mac management expert.About ParallelsParallels is a global leader in hosting and cloud services enablement and cross platform solutions. Parallels began operations in 2000 and is a fast-growing company with more than 900 employees in North America, Europe, Australia and Asia. Visit http://www.parallels.com/ for more information.Stay connected with Parallels and our online communities: Like us on Facebook at www.facebook.com/parallelsdesktop, follow us on Twitter at www.twitter.com/parallelsmac, and visit our blog at http://blogs.parallels.com/consumertech. Media Contacts:John Uppendahl, Vice President of Communications, juppendahl@parallels.com, 425.282.1734Keely Hopkins, Bite Communications for Parallels, keely.hopkins@bitecommunications.com, 415.365.0361[1] Parallels Desktop 10 for Mac and Parallels Desktop 10 for Mac Enterprise Edition has experimental support for many of the features of OS X Yosemite Developer Preview, bringing them to Windows and Windows applications. However, we do not provide technical support for it at this time. Parallels plans to fully support OS X Yosemite in Parallels Desktop 10 when Yosemite becomes commercially available.Parallels and the Parallels logo are registered trademarks of Parallels IP Holdings GmbH in the United States and/or other countries. All other trademarks are the property of their respective owners.Source: RealWire
Copyright housekeeping adds fuel to the Google buyout rumors.
Firm says "fingerprinting” system balances self-expression, copyright laws.
If you don't know of Mavis Batey, you should.

Her work cracking the Enigma machine's coded messages was crucial to the success of D-Day landings during WWII. November 14, 2013 7:49 PM PST (Credit: Vimeo screenshot) Cracking one of the most compl...
The video details how the hacker scans and manipulates someone's fingerprint to fool the Touch ID on the iPhone 5S. September 25, 2013 7:28 AM PDT (Credit: Screenshot by Lance Whitney/CNET/Vimeo) One of the hackers who recently tricked Apple's f...