Friday, February 22, 2019

Facebook, Pulls Snoopy App, Onavo Protect VPN App, From Google Play Store.


Facebook has pulled its privacy-invading Onavo Protect VPN app off the Google Play store. According to Facebook, facebook will reportedly stop collecting data from users who still have the app on their devices.

Facebook "will immediately cease pulling in data from [Onavo] users for market research though it will continue operating as a Virtual Private Network in the short term to allow users to find a replacement," TechCrunch reported yesterday.

Facebook's Onavo website still exists, but links to the Android and iOS apps are both broken. Facebook pulled the app from the iPhone and iPad App Store in August 2018 after Apple determined that Onavo violated its data-collection rules. Facebook purchased Onavo, an Israeli company, in 2013.
Techcrunch

Multiple Critical Flaws in Drupal Discovered — Update Your Drupal Site ASAP!

Drupal Developer team has released the latest version of their software to patch a very critical vulnerability that could allow remote attackers to hack your site. Drupal, a popular open-source content management system software powers millions of websites, including two of ours.

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003

Project: 
Date: 
2019-February-20
Vulnerability: 
Remote Code Execution
CVE IDs: 
CVE-2019-6340
Description: 
Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
A site is only affected by this if one of the following conditions is met:
  • The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or
  • the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7.
(Note: The Drupal 7 Services module itself does not require an update at this time, but you should still apply other contributed updates associated with this advisory if Services is in use.)
Solution: 
Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.
To immediately mitigate the vulnerability, you can disable all web services modules, or configure your web server(s) to not allow PUT/PATCH/POST requests to web services resources. Note that web services resources may be available on multiple paths depending on the configuration of your server(s). For Drupal 7, resources are for example typically available via paths (clean URLs) and via arguments to the "q" query argument. For Drupal 8, paths may still function when prefixed with index.php/.
Reported By: 

Friday, February 01, 2019

Delft University of Technology Buys 14.4 petabytes of Internet bandwidth To Support Tribler Anonymous torrent client


Delft University of Technology Buys 14.4 petabytes of Internet bandwidth To Support Tribler Anonymous torrent client . This bandwidth, provided by Leaseweb, will be used to scale-up the Tor-like privacy protection.
The Tribler lab at Delft University of Technology was an early investor in Bitcoins and mined a hefty number of the virtual currency in the craze.  To support the current project has sold part of its Bitcoin stash to purchase bandwidth for its anonymous torrent client. The bandwidth will be managed by swarms of intelligent bots which can buy new exit-point servers, if required. Users themselves can also join in by "mining" bandwidth tokens.

Tribler has been around for while and has developed into the only truly decentralized BitTorrent client in existence. It is so well developed and maintained so that even if all torrent sites were shut down today, Tribler users would still be able to find and add new content.

The well-funded project is managed by dozens of academic researchers, which is a guarantee for continued development. One of the main challenges has been making and keeping Tribler anonymous.

Work on Tribler has been supported by multiple Internet research European grants. In total we received 3,538,609 Euro in funding for our open source self-organising systems research.
Roughly 10 to 15 scientists and engineers work on it full-time. Our ambition is to make darknet technology, security and privacy the default for all Internet users. As of 2017 we have received code from 56 contributors and 146.003 lines of code.
The Tribler team addressed the anonymity problem by adding a built-in Tor network to the Tribler client, routing all data through a series of peers. The latest Triber release, published today, aims to address these challenges in ways we’ve never seen before.

Professor Johan Pouwelse, leader and founder of the Tribler project, informs us that his lab at Delft University of Technology has bought 14.4 petabytes of Internet bandwidth. This bandwidth, provided by Leaseweb, will be used to scale-up the Tor-like privacy protection.

We are not done with Tribler firsts yet, it was the first torrent client to treat bandwidth as a currency. Tribler uses a blockchain to keeps track of people’s sharing habits and with the latest release users can now “mine” credits. The ultimate goal is to have a stable economy with users trading in bandwidth to ensure fast and anonymous downloads. To enhance the security, Tribler will deploy “token robots” that can manage the bandwidth and operate exit points making it easier for users to become anonymous and harder for those who are trying to look in.

“We create swarms of intelligent bots to manage bandwidth. These bots do as they are programmed, they can make smart decisions. We believe robots can’t be as easily corrupted as humans or forced to act against their own will. They can autonomously buy servers using Bitcoin, self-replicate, operate a Tor-like exit node, and sell Tribler bandwidth coins to survive another month” Pouwelse says.

If you are interested in learning (or helping the project) the open source project is on Github