Uncategorized

(credit: Patreon)

Patreon, the website that allows people to maintain regular donations to a website, an artist, or project, announced late Wednesday that it had sustained a security breach.

The site said some registered names, e-mail addresses, and mailing addresses were accessed after someone managed to access a “debug version of our website” that at the time was accessible to the public.

Jack Conte, the co-founder and CEO, wrote in a statement:

(credit: Jason Farrar)

The Federal Communications Commission is poised to cap the rates charged for phone calls made to and from prisons, saying inmate calling services are overcharging prisoners, their families, and attorneys.

“Just how high are these rates? A pro bono attorney paid $14 a minute to speak to an incarcerated client,” FCC Commissioner Mignon Clyburn said in a speech last week. “Families write explaining how they are making extraordinary sacrifices by paying $400-$500 a month to hear their loved one’s voice. The endless array of new and increasing fees can add nearly 40 percent to costs—fees as high as $9.50 to open a new account, $4.75 to add money to an account, and $2.99 a month for the account maintenance fee. These rates and fees would be difficult for any family to bear, but if you were already struggling to stay afloat, you are now foregoing basic necessities like food and medicine just to make a phone call. No family should be forced to make this choice.”

Studies have shown that contact between inmates and families during incarceration reduces the risk of recidivism, the FCC said.

US authorities want to put RFID chips in driver’s licenses for the stated goal of speeding up US border-crossing lines in Mexico and Canada. Privacy experts caution that these spy-friendly forms of ID likely will evolve into something more nefarious. Pictured above: Border crossing from Tijuana, Mexico, to San Ysidro, California. (credit: Richard Masoner)

Radio frequency identification chips are everywhere—in passports, library and payment cards, school ID cards, and even in NFL players’ uniforms.

So why not put RFID chips in driver’s licenses? California Gov. Jerry Brown has a bill awaiting his veto or signature that would do just that. The states of Washington, New York, Michigan, and Vermont already have adopted the spy-friendly, voluntary program that links your license with the Department of Homeland Security. For the moment, the cards are designed to be used instead of passports at US land borders in a bid to speed up the entrance lines from Mexico and Canada.

But the more states that sign on, the more likely such cards could become mandatory across the country. That’s why privacy advocates are urging the governor to veto the measure. The American Civil Liberties Union, for instance, is decrying the move to RFID chips in driver’s licenses as a “civil liberties nightmare.”

(credit: Dominik Meissner)

A mobile operator called Digicel announced yesterday that it plans to block advertisements at the network level—unless Google and other companies pay the carrier to let their ads through.

Such a scheme would likely violate network neutrality rules in the United States, but the Jamaica-based Digicel operates in the Caribbean and South Pacific. That means ads will be blocked on mobile devices starting “in the coming months” even if customers haven’t installed ad-blocking software themselves. But ads will get through if ad-serving companies are willing to pay Digicel.

“Digicel is looking to companies like Google, Yahoo and Facebook to enter into revenue sharing agreements with it so that this money in turn can be reinvested in network deployment,” Digicel wrote. “Currently, these companies do not pay to make use of the network and the services they provide on it suck up bandwidth to make money for themselves through advertising while putting no money in.”

Enlarge (credit: Ron Amadeo)

There’s a new round of Stagefright vulnerabilities that allows attackers to execute malicious code on more than one billion phones running ancient as well as much more recent versions of Google’s Android operating system.

Stagefright 2.0, as it’s being dubbed by researchers from security firm Zimperium, is a set of two bugs that are triggered when processing specially designed MP3 audio or MP4 video files. The first flaw, which is found in the libutils library and is indexed as CVE-2015-6602, resides in every Android version since 1.0, which was released in 2008. The vulnerability can be exploited even on newer devices with beefed up defenses by exploiting a second vulnerability in libstagefright, a code library Android uses to process media files. Google still hasn’t issued a CVE index number for this second bug.

When combined, the flaws allow attackers to used booby-trapped audio or video files to execute malicious code on phones running Android 5.0 or later. Devices running 5.0 or earlier can be similarly exploited when they use the vulnerable function inside libutils, a condition that depends on what third-party apps are installed and what functionality came preloaded on the phone. In a blog post published Thursday, Zimperium researchers wrote: