Hackers take control of 300,000home router

A world-spanning network of hijacked home routers has been uncovered by security researchers. The network involves more than 300,000 routers in homes and small businesses that have been taken over through loopholes in their core software. Discovered by researchers at Team Cymru, the network is thought to be one of the biggest involving such devices. It is not yet clear what the people behind the attack intend to do with the collection of compromised routers. In a research paper describing its findings, Team Cymru said it had first seen routers from several different manufacturers being compromised in January 2014.

These first victims had been in Eastern Europe, but now most of the machines were in Vietnam with the rest scattered around Europe as well as a couple of other countries, said Team Cymru. Once routers were taken over, internal instructions were changed so they no longer asked servers at their owner's ISP for help looking up the location of websites they regularly visit. This would mean that the attackers could re-direct people to anywhere they wanted, inject their own adverts into web pages people visitor poison the search results they get. Instead, these queries were routed through two IP addresses overseen by a hosting company in south London. That company has yet to respond to a request for comment.

Team Cymru researcher Steve Santorelli said the reason for creating the network of hijacked routers was still "mysterious" as the attackers did not seem to have abused their control for malicious ends. The attack had some similarities with an incident seen in Poland, which involved hijacked home routers being re-directed to malicious websites controlled by hi-tech thieves keen to grab online bank login credentials, said Mr Santorelli. "It's a definite evolution in technology - going after the internet gateway, not the end machine," Mr Santorelli told the BBC in an email. "We see these leaps in concepts every few years in cybercrime." Team Cymru had contacted law enforcement about the attack and informed ISPs with a lot of compromised customers, he said.

source:- BBC News

Kickstarter pledges cross $1bnmark

The Pebble smartwatch was one of the most strongly backed projects on Kickstarter Online crowdfunding website Kickstarter has passed $1bn (£599m) in pledges, nearly five years after its launch. The site said more than half of that amount was pledged in just the last 12 months. Donors from the US led the pledges, offering more than $663m, followed by UK with more than $54m. Kickstarter is one of the leading crowdfunding websites - sites that allow people raise money from donors to fund various projects. The developers of the Pebble smartwatch are among those who secured big pledges. The project debuted on Kickstarter in April 2012 seeking $100,000 (£62,000) to complete development of the device. By the end of its 38-day funding drive it had raised more than $10m and had almost 70,000 backers. The 'mid' factor Crowdfunding platforms are becoming increasingly popular. More than 5.7 million people have backed projects listed on Kickstarter , with nearly 1.7 million of them backing more than one project. Kickstarter also gave quirky details about the trends in pledges. According to the firm's data, Wednesday is the most popular day for people to pledge cash, and the middle of the month is also the most productive when it comes to pledges. The day with most pledges was 13 March last year with 54,187 backers pledging more than $4m to 1,985 projects.

Source:- BBC News

Apple issues fix to reported OS X security hole

Apple has issued a fix to a flaw in its OS X operating system which previously left users vulnerable to security breaches while browsing online.

The flaw could have enabled hackers to impersonate a website and intercept and capture data en route

A software update was released last week to iPhone, iPad and iPod owners to protect users from "an attacker" who may "capture or modify data".

It was later discovered that the problem also existed on Apple laptops and desktop computers running OS X.

On Tuesday, Apple issue a security fix through its software update service.

The problem was first spotted on Apple's mobile devices which run the iOS 7 operating system. It related to the way secure connections are made between Apple's safari browser and websites, including banking sites, Google and Facebook.

These sites have digital security certificates that allow an encrypted connection to be established between a user's computer and the website. This means any data that is sent over the connection should be secure.

Dropped the ball

However, a vulnerability in the code for Apple's iOS and OS X operating systems meant the security certificates were not being checked properly. This meant hackers could impersonate a website and capture the data that was being sent over the connection before letting it continue its journey to the real website.

A security fix has already been issued for users of iPads, iPhones and iPods

The fix was released on Tuesday.Apple released a fix for mobile devices running iOS 7 last week but a spokesperson issued the following statement about OS X: "We are aware of this issue and already have a software fix that will be released very soon."

According to researchers the security flaw had existed for months but no-one had reported it publicly.

Graham Cluley, a security analyst, said it was a failing by the company that it had not been identified earlier.

"It's pretty bad what Apple have done, they've seriously dropped the ball. How much the problem has been exploited is hard to say. Hackers may now be trying to take advantage while users wait for the security fix."

Source: BBC

Facebook quietly ends email address system

Facebook has quietly closed its three-year-old email service that gave users "@facebook.com" email addresses.

Facebook founder Mark Zuckerberg announced the launch of email in 2010.

Continue reading the main story

From now on, emails sent to an "@facebook.com" address will be forwarded to the personal email address from which the member signed up for the site.

"We're making this change because most people haven't been using their Facebook email address," said a Facebook spokesperson.

The change will happen in early March.

The service was launched in November 2010 and billed as a way to streamline users' communication by providing a single inbox that could receive Facebook messages, SMS texts, and conventional emails.

It came under fire in 2012 when Facebook replaced users' published email addresses with their "@facebook.com" email on their profile.

The company later reversed course.

The move comes just a few days after Facebook's surprise purchase of messaging app WhatsApp for $19bn (£11.4bn).

Source: BBC NEWS