Connect with us

Identity Theft

United Airlines: Free Means Install Our DRM

Published

on

united-airlines-wifi-entertainment-requires-drm-digital-rights-management

Registered Trademark of United Airlines

// -- Discuss and ask questions in our community on Workplace.

In yet another episode of an airline running afoul of a technologist, United Airlines is now outed as demanding the user install DRM software just to watch a movie while flying with them.

Part of their in-flight “free” entertainment package, United requests the user install DRM in order to view a movie on their laptop. In a previous generation of flight service, the passenger wouldn’t even require a laptop to watch a movie.

Entrepreneur Brian Fitzpatrick found the ransom pop-up much to his dismay, and by all indications declined to install a patch to his browser for the sole benefit of a single flight. Instead, he took to Twitter, saying:united-airlines-wifi-entertainment-requires-drm-digital-rights-management-spyware-bad-customer-service

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The security-minded will have already reached the logical conclusion: Fitzpatrick could be the exception. Many users might gladly install the extension to watch the video, and never uninstall it.

Also read: Steven Spielberg Joins Hollywood Virtual Reality Company

There’s no telling how secure such an extension is; its popularity is not predicated on competition, but rather on how strong the user’s desire to watch the movie is or isn’t. The company’s system also reminds a wise user, who may have removed Flash in the wake of the recent Hacking Team dump and its disclosures, that he has no Flash, and offers to install it for the user.

What do you think? Is United Airlines overstepping its bounds? Would you install the plugin? Comment below.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Click to comment

You must be logged in to post a comment Login

Leave a Reply

Cybersecurity

Spotting a Well-Made Investment Scam

Published

on

For every reasonably safe investment, there are 1000 scams and 10,000 reasonably toxic investments. Self-served advertising via social media and search engines exacerbates the problem – people sometimes click ads they think were search results, or, as humans are intended to, simply consumes the content on the screen instead of paying attention to where they’re being redirected to.

// -- Discuss and ask questions in our community on Workplace.

In this article we will review a recent example of a well-executed investment scam.

The intended victim, who did not actually get scammed but alerted this author to the hustle, was led to believe that the above image was redirecting to a CNN news article. This is the actual URL the link went to:

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

http://cnn.com-cat.press/anonymous-is-going-after-global-stock-market/?aref=http%3A%2F%2Ftrck.anony.trade%2Fsite%2Fredirectpage%3Fsid%3D99462%26hv%3Dgjalu5988de395a461839785307%26hid%3D264193#!

Now if you visit com-cat.press, all you see is a directory listing. This site’s entire purpose is to make people believe they are visiting legitimate .com websites, when in fact they are visiting others. It doesn’t always have to be a scam, sometimes it is simple an advertisement, but often enough it is a definite funnel to a scam. In this case, here’s where you wind up, at a place that looks an awful lot like CNN Money:

Again, this is not a real article on CNN. This is promotion for 10Markets.eu.

10Markets.eu is extremely professional looking. The platform looks to capture your details even just for demo trading. Most traders expect hurdles, so one can imagine tons of phone numbers and e-mail addresses entered:

The demo trading screen never loaded for this analyst, but the phone number is fake anyway. Took it from a coffee shop in Germany. Funnily, it appears the German exchange code is 030 in the first place, but you can’t edit that part. They also don’t allow you to visit the site at all if you’re in North America.

The tipster was clever enough to find out if 10Markets.eu was a registered broker or not. They’re not. According to ForexBrokerz.com:

10Markets is a forex and CFD broker that is headquartered in Scotland [sic] and supports the popular MetaTrader 4 platform. It is not licensed by any authority and there is not much information about the trading conditions on its website. What is worse, this broker is present in the warning lists of UK’s FCA, Australia’s ASIC and Cyprus’ CySEC, so we don’t recommend doing business with 10Markets.

There are review websites which help. Regarding 10Markets, we came up with this one.

The tipster happens to have been our own Jonas Borchgrevink. He is equipped with years of experience in website publishing, and this is why he quickly noticed that he was not reading a CNN article. The sad fact is that a high percentage of people who read that article believe it to be real, and a percentage of those people end up getting scammed. As such, here is a checklist for new trading outfits that you haven’t used or heard about before:

  • Always try to get phone support right away. Before creating an account. If no one answers or there is anything suspicious, this is a scam.
  • Always search for “[EXCHANGE NAME]” + “scam,” and read carefully any results that come up. Most scams could stop at one person if others listened to that one.
  • In the US, you can use FINRA to check the legitimacy of an exchange or broker. In the UK, you have FCA. Many countries have sites like these, and it’s important to check the one from the country where the broker does business.
  • Use ad blockers at least when legitimately searching for financial solutions.
  • Check the URL! For every legitimate exchange website, there are a few fake ones designed to steal your account information.

In The Event That You Spot A Scam

Tattle! Spread the word far and wide, not just so others don’t get scammed, but also to give authorities the jump on the thieves. Otherwise, they may exit and get away with all the money before anyone stops them.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Breaches

The Largest Breach of 2016: 412 Million FriendFinder Accounts Exposed

Published

on

 

// -- Discuss and ask questions in our community on Workplace.

 

FriendFinder Networks, the parent company behind the likes of AdultFriendFinder, Cams, Penthouse, iCams and Stripshow has been hacked, with six databases from the company compromised, according to breach notification website LeakedSource.

A Local File Inclusion (LFI) exploit was all it took for server breaches that led to a mammoth 412,214,295 user-accounts’ credentials to leak online. Alarmingly, 99% of all available passwords gathered from the breach, are visible in plaintext.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

CSOOnline reveals that information from the breached databases was circulating online since their compromise in October 2016. The incident itself is likely to have occurred before October 20, 2016 with the last login timestamps for user accounts occur on October 17.

As the publication reports, one researcher identified the LFI flaw and warned AdultFriendFinder about the vulnerability. More specifically, the LFI was discovered in a module on AdultFriendFinder’s production servers. While the researcher followed up the public reveal of the vulnerabilities with a post noting that the issue was resolved, the reality could not have been starker.

The severity of the breach saw the leak of FriendFinder Networks’ source code and public/private key-pairs alongside the databases – which contained email addresses and passwords, stored in plain text or hashed using SHA1 with pepper.

The bemusing and weak encryption habit deployed means that 99% of all websites gained from the FriendFinder Networks databases have been cracked.

Furthermore, LeakedSource was able to determine that a notable number of users had an email in the form of ‘[email protected]@deleted1.com’, a clear indicator that the user associated with the account sought to delete the account, while AdultFriendFinder tagged these to-be-deleted accounts with “@deleted.com.” A mammoth 16,766,727 so-called deleted accounts were discovered in total.

LeakedSource lays out the startling numbers. The websites that have been targeted, along with the number of compromised user accounts.

  • Adultfriendfinder .com – 339,774,493 users
  • Cams .com – 62,668,630 users
  • Penthouse .com – 7,176,877 users
  • Stripshow .com – 1,423,192 users
  • iCams .com – 1,133,731 users
  • An unknown domain – 35,372 users

Altogether, that’s over a staggering 400 million user accounts or 20 years of customer data leaked during the breach, making it the largest recorded breach this year, firmly scaling the MySpace breach which saw 360 million compromised user accounts. By way of comparing, this particular breach makes the infamous Ashley Madison breach meagre in comparison.

Image from AdultFriendFinder.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Anonymous

Anonymous India: Mobile Network Reliance Jio is Sharing Call Data with Advertisers

Published

on

Anonymous

The hacking group Anonymous is accusing the telecom network, Reliance Jio, of sharing its call data with advertisers in the U.S. and Singapore.

// -- Discuss and ask questions in our community on Workplace.

In a recent blog post, Anonymous India exposes how Reliance Jio has been sharing customers’ call data with foreign companies. Anonymous India also provide steps to see how Reliance Jio are sharing the data.

It said:

A year ago we had posted about how Reliance Jio was sharing user location data with China. One year on and nothing has changed.

In the blog post, Anonymous India claims that data from Reliance Jio’s My Jio and Jio Dialer apps are being sent to an advertiser called Mad.Me. It further adds that Reliance Jio is utilizing a third-party software development kit and is failing to verify what data is being sent and collected through it.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Reliance Jio Accused a Second Time

This, however, isn’t the first time that Anonymous India has accused Reliance Jio.

Last year the hacker activist group highlighted in another blog post that Reliance Jio had security flaws in its RJio chat app.

According to the 2015 post, data was being sent to a Chinese IP without encrypting it beforehand. This meant that while data was being leaked to the Chinese, anyone who wanted to could easily look into a conversation and know what was being shared or discussed, making it vulnerable to hackers.

Anonymous Never Forgets

When it comes to bringing the wrongs of others to light, the hacker activist group, Anonymous, are not afraid of standing up to the challenge.

At the beginning of the year, Anonymous targeted Thai police after protesting the conviction of two Burmese men who faced a death sentence in connection to two murdered British backpackers.

In May, Hacked reported that Anonymous had played a significant role in the target of financial institutions such as Greece’s central bank, which was targeted in a DDoS attack. According to the report, Anonymous consider central banks around the world as a ‘global banking cartel.’

In a bid to target those that it believes should be targeted, bringing greater awareness to the public, it seems that the hacktivist collective Anonymous won’t be stopping anytime soon.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Trending