P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 18-07-20, 06:35 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - July 18th, ’20

Since 2002































July 18th, 2020




Saudi Authorities Close 231 Broadcast Piracy Websites

MBC Group commends the decisive measures by Saudi authorities in protecting intellectual property rights (IPR) and combating piracy

MBC has lauded the efforts of the Saudi Authority for Intellectual Property (SAIP), the Communications and Information Technology Commission (CITC), and the General Commission of Audiovisual Media (GCAM), for their collaborative efforts in combating copyright piracy in the Kingdom of Saudi Arabia (KSA).

In an ongoing mission the SAIP, in coordination with the other agencies involved, was successful in closing 231 illegally-run websites that were pirating and streaming content, including that owned by MBC.

The websites had originated from both inside and outside of KSA.

A number of decisive measures have been announced pertaining to the closure, by CITC, of the latest group of illegally-run websites, including but not limited to suspension or blocking of websites; removal of encroachments; financial penalties or imprisonment of offenders.

During the investigations, it emerged that some of the illegally-run websites included those charging subscriptions for content they do not own, as well as streaming satellite TV channels via Internet Protocol television (IPTV). Others used other illegally sourced content, including media and music.

In a press statement MBC said that forging closer ties with telecommunications regulators and other entities is an effective way to tackle content piracy. The broadcasters also affirmed that one if its key pillars is to protect producers, writers, content creators and others in the sector.

The statement said: “Copyright piracy is a serious problem that affects the media and broadcast industry – including film, cinema, television, sports licensing and music – one that undermines the progress of a healthy content production ecosystem. It has a negative effect on media companies’ ability to invest in and monetise its content, and in turn thrive and develop. In Saudi Arabia, piracy is classified as theft. In sum, these strategic IP protection measures contribute to consolidating the media and entertainment industry – thus building knowledge economies, attracting investments, producing more premium content and creating hundreds of thousands of jobs.”
https://securitymiddleeast.com/saudi...racy-websites/





Biden FCC Would Restore Net Neutrality Rules
John Eggerton

Joe Biden has signaled that if he becomes President, his FCC will restore the net neutrality rules and FCC oversight authority the Republican FCC jettisoned in the Restoring Internet Freedom Order, as well as working to undo state laws blocking municipal broadband and invest even more in those projects.

The FCC is an independent agency, but Biden would get to choose the chairman and have the majority, so it is likely the pendulum would indeed swing back toward the net neutrality rules pushed by President Barack Obama, Biden's former boss.

That came among a raft of policy proposals, including on broadband, rolled out this week ahead of the Democratic National Convention and billed as coming from both Biden and the man he defeated for the nomination, Sen. Bernie Sanders (I-Vt.).

Under the broadband heading--Biden has already committed to a $20 billion investment in rural broadband--the proposals included that "Democrats will restore the FCC's clear authority to take strong enforcement action against broadband providers who violate net neutrality principles through blocking, throttling, paid prioritization, or other measures that create artificial scarcity and raise consumer prices for this vital service."

That last part getting at other measures could either be the return of the general conduct standard that allowed the FCC to go beyond the bright-line rules against blocking, throttling and paid prioritization to get at other conduct it concluded would interfere with the virtuous internet cycle. ISPs were particularly unhappy with that vague standard. It could also refer to the usage-based pricing or bandwidth carve-outs for some video services that the FCC did not explicitly prohibit in the Open Internet Freedom order, which established the rules and classified internet access as a telecom service subject to common carrier access mandates (the Republicans reclassified it as an information service not subject to common carrier regs).

Biden also signaled he would not only fight state efforts that "block municipalities and rural co-ops from building publicly-owned broadband networks" but invested federal funds in muni broadband and for the Lifeline Universal Service Fund subsidy that goes to low-income residents "so children and families can fully participate in school, work, and life from their homes."

"As millions of Americans have stayed at home to prevent the spread of the pandemic, it is plain to see that in the 21st century, the Internet is not optional: It is a vital tool for participating in the economy, and all Americans need access to high-speed, affordable broadband service," the campaign said.

The net neutrality rules have been careening from FCC to the courts for years, with all sides recognizing congressional action is needed to establish just what internet regulatory authority the FCC does or doesn't have. But the issue has been too hot for a deeply partisan Congress to handle.
https://www.multichannel.com/news/bi...utrality-rules





Free Movie Screenings Brought To Consumers Safely At Home
Mike Vorhaus

We are now in the very heart of the summer movie extravaganza - at least that would have been true in past summers. But now, across America movie theatres are closed, openings are being pushed back and films are languishing unreleased or pushed out of the in-theatre queue to be released digitally. The Covid-19 pandemic has almost entirely shut down the film industry worldwide.

Despite the massive economic and safety challenges for movie makers and for film attenders, Screen Engine/ASI, a growing movie, TV, digital and entertainment research and strategy company based in Los Angeles, has announced the launch of a new digital, Internet-based product providing a promotional marketing tool for film, TV and video production companies in the era of a stay-at-home society.

Traditionally, movie companies have used “test” screenings and “buzz” screenings to assure the quality of the movies and to create excitement around the upcoming launch of the movies, particularly in key markets. Now, of course, the studios have lost their access to the movie theatres where traditionally hundreds of thousands of consumers have gathered annually to watch movies free for testing or marketing purposes.

Screen Engine/ASI has released the “Virtual Screening Room” so movie and TV studios can still host “word-of-mouth screenings” and create buzz for upcoming movies, but safely and remotely in movie fans’ homes.

Running these promotional screenings online, vs. inside the confines of a theatre, however, raises worries about security, particularly the pirating or copying of films before they are released. The Virtual Screening Room has been designed to provide security safeguards against such problems, according to Screen Engine/ASI.

Andrew Ly, founder of ticktBox, which was bought by Screen Engine/ASI last year said in an interview with The Hollywood Reporter, "We’ve built a one of a kind cross promotional and marketing platform for studios to run their promotional screenings all within one suite in response to the social changes resulting from the virus outbreak, while eliminating the health concerns of attendees being physically present.” Ly said the new product from Screen Engine/ASI will be used by a number of studios to aid their film marketing, including a premium video-on-demand title coming out later this summer.

TicktBox’s parent company Screen Engine, is one of Hollywood's leading research and data firms, and is backed by the prominent NYC-based private equity firm, The Wicks Group. Screen Engine has been hiring numerous big names from the TV and movie industries to drive their expansion, including the hiring of Bruce Friend, as Chief Product and Innovation Officer last year, who has lead numerous research companies, as well as being the executive in charge of research at a number of big studios. Screen Engine also quietly hired the former head of TV station research and consulting at Magid Associates, Steve Ridge, to expand Screen Engine’s work with TV stations. A source who asked to remain anonymous, said that the appointment will be formally announced in the weeks ahead, along with key new clients.

Kevin Goetz, Founder and CEO, Screen Engine/ASI, in an exclusive interview with me, said that he has been building a firm “with the best minds and connections in the industry.” He went to say. “I am thrilled to lead the launch of our groundbreaking virtual, word-of-mouth geographic targeting for entertainment marketing. Our goal is to work with clients and their agencies to optimize their marketing spend by ensuring they are targeting and reaching audiences that are most likely to drive positive word-of-mouth, and in turn, realize full market potential for entertainment IP. In the next few months, our new market targeting solution will expand to allow clients to build customized targets for specific genres and franchises.”

William Shatner Celebrates Priceline.com's 20th Anniversary

William Shatner, one of the great icon pop culture figures of our time, from Star Trek to pitching Internet company, Priceline, once said, “I love to go to a movie, get a Diet Coke and a barrel of popcorn.” We will be waiting to see if the movie industry can send us all popcorn (buttered or not as you please) alongside our digital content.
https://www.forbes.com/sites/mikevor.../#498b37833295





Special Report: Drug Cartel ‘Narco-Antennas’ Make Life Dangerous for Mexico’s Cell Tower Repairmen
Julia Love

The young technician shut off the electricity at a cellular tower in rural Mexico to begin some routine maintenance.

Within 10 minutes, he had company: three armed men dressed in fatigues emblazoned with the logo of a major drug cartel.

The traffickers had a particular interest in that tower, owned by Boston-based American Tower Corp (AMT.N), which rents space to carriers on its thousands of cellular sites in Mexico. The cartel had installed its own antennas on the structure to support their two-way radios, but the contractor had unwittingly blacked out the shadowy network.

The visitors let him off with a warning.

“I was so nervous... Seeing them armed in front of you, you don’t know how to react,” the worker told Reuters, recalling the 2018 encounter. “Little by little, you learn how to coexist with them, how to address them, how to make them see that you don’t represent a threat.”

The contractor had disrupted a small link in a vast criminal network that spans much of Mexico. In addition to high-end encrypted cell phones and popular messaging apps, traffickers still rely heavily on two-way radios like the ones police and firefighters use to coordinate their teams on the ground, six law enforcement experts on both sides of the border told Reuters.

Traffickers often erect their own radio antennas in rural areas. They also install so-called parasite antennas on existing cell towers, layering their criminal communications network on top of the official one. By piggybacking on telecom companies’ infrastructure, cartels save money and evade detection since their own towers are more easily spotted and torn down, law enforcement experts said.

The practice has been widely acknowledged by telecom companies and Mexican officials for years. The problem persists because the government has made inconsistent efforts to take it on, and because companies have little recourse to stop it, experts on law enforcement and Mexican society said.

“There is a sense of powerlessness” in Mexico, said Duncan Wood, director of the Wilson Center’s Mexico Institute in Washington. He said companies feel they “cannot respond to issues like this because (they) are afraid of the consequences from groups that essentially enjoy impunity.”

Mexico’s Defense Ministry said it provides security for federal agencies that request its help in dismantling “parasitic equipment” installed by cartels on cell towers.

The nation’s Attorney General’s office did not respond to a request for comment about criminal activity at these sites. The Federal Telecommunications Institute, Mexico’s telecom and broadcasting regulator, said its compliance unit had not received reports of parasite antennas from any companies under its jurisdiction.

Reuters has provided the first in-depth account of how traffickers exploit Mexico’s telecom infrastructure and the toll it takes on workers. The news organization interviewed 14 current and former telecom workers about the interactions that they and their colleagues have had with criminal groups at cell towers.

Twelve of them said they had seen parasite antennas on towers belonging to Telesites SAB de CV (SITESB1.MX), a tower rental company in which the family of Mexican billionaire Carlos Slim is a major shareholder; as well as American Tower, U.S. carrier AT&T Corp, Spain’s Telefonica SA (TEF.MC) and Mexico’s Axtel SAB de CV (AXTELCPO.MX).

Reuters is omitting the technicians’ names, details of where they work and most names of cartels they encounter for the workers’ protection. Two technicians shared texts they exchanged with colleagues regarding on-the-job run-ins with organized crime at the cell towers, and one of them shared a photo of an illicit device he discovered in the course of his work. The incidents the 12 workers recounted occurred between 2015 and 2020 in several Mexican states.

Most of the technicians said they encounter the devices, known colloquially as narco-antennas, just a few times a year. But one engineer who spoke with Reuters estimated that parasite antennas are present on roughly 20% of towers where his firm works, while another said about 30% of his sites had them when local criminals were particularly active in his area in 2018.

Their No. 1 rule when discovering cartel equipment on a tower is simple: Don’t touch it.

Dealing with gangsters in person is trickier, they said, requiring diplomacy and a cool head. Some said their interactions have been cordial, bordering on friendly. Others said they have been threatened, detained and at times fearful for their lives.

The traffickers “convey their superiority, ...it’s like when someone wants to mark their territory,” one technician said. “I can’t get nervous because they pick up on when someone is secure and when someone is very afraid.”

‘SECURITY’ PAYMENTS

Cartels and other criminal groups sometimes demand telecom workers pay “security payments” or “quotas” in order to perform maintenance on towers and other tasks, according to five contract laborers who have worked on projects involving America Movil SAB de CV (AMXL.MX), Slim’s telecommunications firm, as well as American Tower and AT&T.

These people said the best strategy is to be polite, stay calm and pay up immediately. Those costs get passed along to their employers; laborers for subcontractors said their firms often charge the big telecom companies higher rates for working in dicey areas.

A spokesman for America Movil and Telesites declined to comment. Axtel, which sold some of its telecom towers in 2017, said it had not received any reports of incidents on its remaining infrastructure. AT&T said that “under no circumstances” does it “tolerate or authorize payments outside of those established by law.”

An American Tower spokesman said “we have not received any credible reports” of parasite antennas or other cartel activities at the company’s Mexican sites. He said the firm alerts local authorities immediately if a site is vandalized, and that “the safety of those who work on our towers, as well as the towers’ continued secure operation, are our top priorities.”

Guillermo Ramos, Telefonica’s director of security in Mexico, said the company has not received any reports of parasite antennas over at least the past year.

Narco-antennas are just one aspect of telecom companies’ headaches in Mexico. Criminals raid their infrastructure for batteries and copper cables to resell on the black market, executives in the sector told Reuters.

Stories like this are unfolding in industries across Mexico as criminal groups branch out far beyond drugs. Cartels have siphoned millions of dollars’ worth of fuel from Mexican state oil company Petróleos Mexicanos or Pemex in recent years; they steal cargo and pilfer lumber. The tentacles of organized crime extend even into Mexico’s avocado growing regions, where gangs extort farmers and hijack loads of the green fruit.

Mexican President Andres Manuel Lopez Obrador took office in 2018 advocating a softer approach to his predecessors’ war on drugs with the motto “hugs, not bullets.” The cartels’ encroachment on legitimate businesses did not start on his watch. But the change in strategy has left companies with nowhere to turn, said Mike Vigil, a former chief of international operations for the U.S. Drug Enforcement Administration (DEA).

“Lopez Obrador has sent a message to all of Mexico, including the private sector... that he doesn’t want a confrontational situation with the cartels,” Vigil said. “Telecom companies are caught between a rock and a hard spot.”

Lopez Obrador’s office did not respond to requests for comment. The president previously has insisted that Mexico must tackle poverty and other factors that drive crime, in addition to using law enforcement.

“We must continue confronting organized crime... There is no longer protection for anyone, as there was before,” Lopez Obrador said in early June. “We are committed to achieving peace and we have made progress in combating, in reducing, crime.”

AN OLD-SCHOOL TOOL

Radios are an indispensable tool for cartels and part of their lore. One classic narco-ballad or “corrido” celebrating the notorious Zetas syndicate depicts members speaking over their two-way handsets.

When it comes to communicating in real-time with large groups, radio is tough to beat. These networks are often encrypted and, unlike cellular networks, the location of someone using a radio can’t easily be pinpointed, said Paul Craine, a former director of the DEA’s operations in Mexico and Central America.

A vast web of antennas is necessary to power those networks, and Mexico’s thousands of cellular towers, many tucked away in rural areas, provide ready-made places to install them. Craine said he consistently observed cartels latching onto cellular towers while working in Mexico from 2012 to 2018.

To a trained eye, cartel equipment sticks out like a sore thumb. At the foot of the tower, criminals place a base station, which generates the radio waves, often tucked into a suitcase or picnic cooler for protection from the sun, according to Craine and the technicians who spoke with Reuters. Higher up they install parasite antennas to project the signal.

Gangs typically don’t bother with camouflage. The Zetas are particularly brash, Craine said. He recalled seeing coolers emblazoned with their logo: the letter Z. A former engineer for Huawei Technologies Co, the Chinese telecom vendor, told Reuters that one of the workers he supervised sent him a photo of a device on a Telesites tower in early 2018 with a sign that read: “This antenna belongs to the Zetas. If any problems arise, please call…,” followed by a phone number.

Cesar Funes, a vice president of institutional relations for Huawei in Latin America, said he had not received any reports of parasite antennas. Telesites declined to comment.

The equipment persists on companies’ networks, industry executives and law enforcement experts said, due to the difficulty of rooting out the devices across far-flung towers, and the risks that removal might pose to engineers in the field, many of whom don’t report them out of fear.

Telecom companies quietly have acknowledged the cartels’ presence in meetings with Mexican government officials. Gerardo Sanchez Henkel, a former director of compliance for telecom regulator IFT, told Reuters he discussed the issue of parasite antennas regularly in meetings with companies before leaving government in late 2015.

The IFT said it did not know whether Sanchez Henkel had discussed the issue with companies during his time in government.

Marco Galvan, who was a senior director for telecom trade group GSMA in Mexico until February, said companies often lamented theft and the presence of unauthorized devices on their towers.

“It was an issue that was frequently cited by all the operators as something that inhibited investment,” he said.

The National Association of Telecommunications (ANATEL), a trade group representing players including America Movil, AT&T and Telefonica, said companies it surveyed reported 62 parasite antennas from 2017 through mid-2018, the most current data available. Nearly 3,000 batteries were stolen from cell towers over the same period, it said.

ANATEL CEO Gabriel Szekely said he had no more information to provide on the phenomenon. He told the Mexican newspaper Reforma in 2018 it was clear that criminal groups were capitalizing on what companies had built.

“Suddenly you find devices that are not yours, they belong to organized crime,” Szekely told Reforma. “And there are places where they do not even let you in to maintain your own facilities.”

‘GENTLEMAN’S AGREEMENT’

In the worst criminal hot spots, maintaining towers often comes at a price.

The five telecom workers who told Reuters that they or their colleagues had been forced to pay up said those encounters typically involved groups of armed men confronting them at the towers. The workers are sometimes unsure of exactly who they are dealing with. In some parts of rural Mexico, self-defense organizations have emerged to fill the vacuum left by the state, with these vigilantes often running elaborate extortion schemes to fund their operations, security analysts said.

Two people who work for an AT&T subcontractor said there are a number of towers where they routinely pay 500 to 1,000 pesos ($22.34 to $44.67) any day they want to perform maintenance. One of the people estimated the number of towers at 11.

Reuters could not independently confirm those payments.

Sometimes the demands are larger. In 2017, a group demanded a payment of about $1,000 from subcontractors working on a large project for America Movil involving multiple towers, according to an engineer who was involved. The criminals called a representative of Huawei, which was overseeing the job, to escalate the threat, the person said.

The engineer said the criminal group was courteous throughout the negotiations, addressing workers as “usted,” a Spanish pronoun that conveys respect. The telecom crew had no trouble after they paid.

“It was a gentleman’s agreement,” the engineer said.

America Movil declined to comment. Reuters could not independently confirm the payment.

That worker said Huawei pays subcontractors more to work in high-risk areas, which enabled the crew to recover what it paid. He showed Reuters a copy of a contract that included an “allowance for site in dangerous city.” Two other subcontractors told Reuters that allowance has helped them cover the cost of extortion payments.

Funes, the Huawei executive, denied the company pays criminal groups for access to its sites, and said Huawei does not permit subcontractors to do so either. He said the company sometimes pays higher rates in smaller markets where it is more difficult to find engineers.

A spokesman for Huawei said the company could not comment on specific allowances, citing the confidentiality of its contracts with suppliers and employees.

“We will never pay anything that is (beyond) the scope of the contract,” Funes said.

RULES FOR SURVIVAL

Technicians who work in dangerous parts of Mexico say making nice with drug traffickers is a crucial part of the job.

One subcontractor said traffickers stick close to his crews to ensure workers don’t touch cartel antennas, and to be certain they are not enemies who have come to spy on them.

“You work with a narco-escort,” the subcontractor said.

Cartels have kidnapped technicians doing maintenance on cellular towers to make them fix their networks, people working in the sector said. The technicians usually are released after a few days, if not sooner. Still, those who spoke with Reuters said they live in fear of being forced by traffickers to do such work, lest they be killed for knowing too much, or become targets of authorities or rival criminal groups for being complicit. Whenever possible, they said, they downplay their expertise.

After traumatic run-ins with cartels, some technicians refuse to go into the field or have left the industry entirely, people working in the sector said.

One subcontractor estimated that 10 workers, primarily new recruits, quit his company over the past year due to security concerns.

Even old hands can run into trouble. In 2016, a technician working for an America Movil supplier learned his colleagues had been turned away from a site in a cartel stronghold.

Determined to finish the job, the engineer headed to the tower alone. He was quickly surrounded by five men armed with long guns and dressed in clothing bearing the cartel’s initials. They forced him into their vehicle and took him to a house in town, where their boss was waiting.

The engineer said he reverted to his security training, resolving not to show fear. When the cartel boss complained that his antennas had been failing, the captive seized an opening.

“It’s in all our interest that the tower is working,” he recalls saying. “Just let us work, and we won’t interfere with your equipment… On the contrary, we’ll check it for you.”

The cartel agreed, driving the engineer back to the tower. He said he re-established service at the tower and made a perfunctory check of the illicit antennas. He tried to head off any requests for additional help, saying he was a supervisor whose technical skills were rusty.

Throughout the encounter, the engineer maintained his composure. But when he returned to his hotel room that evening, he said his body shook with such force that he thought he might be having a breakdown.

“In the moment, I was fine, I just trusted in God,” he said. “My nerves got me afterwards.”

The young technician who accidentally disrupted a cartel’s communications at an American Tower site told Reuters he knows the risk he’s taking. But he said he has a family to support and earns a premium for working in a territory that many peers wouldn’t touch.

After a few years working the area, he said he has established a rapport with gang members, who often let him pass to the job site with little more than a wave hello.

He has learned from his early mistake. Now, before he cuts the power, he first connects any parasite antennas to a generator to ensure the cartel’s network keeps humming.

Reporting by Julia Love; Additional reporting by Drazen Jorgic in Mexico City and Tarmo Virki in Tallinn, Estonia; Editing by Marla Dickerson
https://www.reuters.com/article/us-m...-idUSKCN24G1DN





I Know What You Download! Muwahahah!!!

Sorry – js.





“Zero Logs” VPN Exposes Millions of Logs Including User Passwords, Claims Data is Anonymous

UFO VPN exposed millions of log files about users of its service, including their account passwords and IP addresses, despite claiming that it keeps no logs.
Paul Bischoff

Hong Kong-based VPN provider UFO VPN exposed a database of user logs and API access records on the web without a password or any other authentication required to access it. The exposed information includes plain text passwords and information that could be used to identify VPN users and track their online activity.

Bob Diachenko, who leads Comparitech’s security research team, uncovered the exposure, which affects both free and paid users of UFO VPN. He immediately alerted the company upon discovering the exposed data on July 1, 2020.

It’s not clear how many users are affected, but our findings suggest that potentially all users who connected to UFO VPN at the time of exposure could be compromised. UFO VPN claims to have 20 million users on its website, and the database exposed more than 20 million logs per day.

More than two weeks after we sent a disclosure to UFO VPN, the company shut down the database and responded by email, “Due to personnel changes caused by COVID-19, we’ve not found bugs in server firewall rules immediately, which will lead to the potential risk of being hacked. And now it has been fixed.”

“We don’t collect any information for registering,” the spokesperson said. “In this server, all the collected information is anonymous and only be used for analyzing the user’s network performance & problems to improve service quality. So far, no information has been leaked.” [sic]

But based on some sample data, we do not believe this data to be anonymous. We are in contact with UFO VPN to verify our findings and will update this article accordingly.

We recommend UFO VPN users change their passwords immediately, and the same goes for any other accounts that share the same password.

Timeline of the exposure

The database was exposed for almost three weeks in total. Here’s what we know:

• June 27, 2020: The server hosting the data was first indexed by search engine Shodan.io
• July 1, 2020: Diachenko discovered the exposed data and immediately notified UFO VPN
• July 14, 2020: Diachenko notified the hosting provider
• July 15, 2020: The database was secured.

We do not know if any unauthorized parties accessed the data while it was exposed. Our own research shows that hackers can find and attack databases within hours of being made vulnerable.

What data was exposed?

894 GB of data was stored in an unsecured Elasticsearch cluster. UFO VPN claimed the data was “anonymous”, but based on the evidence at hand, we believe the user logs and API access records included the following info:

• Account passwords in plain text
• VPN session secrets and tokens
• IP addresses of both user devices and the VPN servers they connected to
• Connection timestamps
• Geo-tags
• Device and OS characteristics
• URLs that appear to be domains from which advertisements are injected into free users’ web browsers

Much of this information appears to contradict UFO VPN’s privacy policy, which states:

“We do not track user activities outside of our Site, nor do we track the website browsing or connection activities of users who are using our Services.”

See UFO VPN’s privacy policy here.

Dangers of exposed data

If bad actors managed to get their hands on the data before it was secured, it could pose several risks to UFO VPN users.

The plain-text passwords are the most clear and direct threat. Hackers could not only use them to hijack UFO VPN accounts, but might also be able to carry out credential stuffing attacks on other accounts. If the same password is used across multiple accounts, they could all be compromised.

IP addresses could be used to discern users’ whereabouts and corroborate their online activity. VPNs are often used to hide users’ real locations and online activity.

The session secrets and tokens could be used to decrypt session data that an attacker might have captured. For example, if an attacker intercepted encrypted data being sent through the VPN on a compromised wi-fi network, they could conceivably decrypt that data with this information.

Email addresses could be used to target users with tailored phishing messages and scams.

This exposure demonstrates why we routinely encourage readers to avoid free VPN services, which tend to have subpar security and privacy standards. Ideally, a VPN service should keep no logs including IP addresses.

About UFO VPN

UFO VPN is a Hong Kong-based VPN provider that says it serves 20 million users on its website. It claims to have a zero log policy and “bank grade protection,” though that is arguably not the case.

The company offers both free and paid plans.

The focus of UFO VPN’s marketing is unblocking content. It promises access to blocked websites, apps, and region-locked streaming services like Netflix.

How and why we reported this exposure

Security researcher Bob Diachenko heads up Comparitech’s security research team to find and report incidents in which personal data has been exposed on the web. When we come across unsecured data, we immediately take steps to notify the owner so it can be secured as soon as possible.

We investigate data incidents like these to learn to whom the data belongs, who might be impacted, what information is exposed, and what consequences might come as a result. Once the data has been secured, we publish a report like this one to inform users who might be affected and raise awareness.

Our goal is to curb malicious access and abuse of personal data. We hope our report can raise cybersecurity awareness and minimize harm that might come to end users.

Previous data incident reports

Comparitech and Diachenko have teamed up to report on several data exposure incidents, including:

• French Civic Service exposes 1.4 million user records
• 42 million Iranian “Telegram” phone numbers and user IDs were breached
• Details of nearly 8 million UK online purchases leaked
• 250 million Microsoft customer support records were exposed online
• More than 260 million Facebook credentials were posted to a hacker forum
• Almost 3 billion email address leaked, many with corresponding passwords
• Detailed information on 188 million people was held in an unsecured database
• K12.com exposed 7 million student records
• MedicareSupplement.com made 5 million personal records publicly available
• Over 2.5 million CenturyLink customer records were leaked
• Choice Hotels leaks records of 700,000 customers

https://www.comparitech.com/blog/vpn...data-exposure/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

July 11th, July 4th, June 27th, June 20th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 30th, '11 JackSpratts Peer to Peer 0 27-07-11 06:58 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 05:46 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)