Search the Community
Showing results for tags 'warnings'.
Found 4 results
steven36 posted a topic in Security & Privacy NewsChrome to show warnings when accessing mistyped domains. The Google Chrome browser is set to add a feature that will warn users when accessing sites with domain names that look like authentic websites. The feature has been in the works for quite some time at Google and is a response to the practice of using typosquatted domains or IDN homograph attacks to lure users on websites they didn't intend to access. For example, crooks often register misspelled versions of popular domains, such as paypall.com, or they'd use domains with Unicode characters like coịnbạse.com to host phishing pages and steal users' credentials. But since the release of Chrome Canary 70, Google engineers have been testing a new feature called "Navigation suggestions for lookalike URLs." In Chrome Canary distributions --Google Chrome's testing ground for new features-- users can access the following URL to enable the feature: chrome://flags/#enable-lookalike-url-navigation-suggestions Once enabled, this new mechanism will show a dropdown panel under the Chrome address bar, asking the user if he really meant to type and access that URL, which Chrome deemed dangerous due to its close resemblance with a more legitimate site. This Chrome flag is also present in the stable version of Chrome, but in our tests, it failed to detect the same URLs that Canary picked up, meaning Google engineers are still fine-tuning their lookalike URL detection system before its official release. It is unclear when this feature will officially ship, but it must be really close to being finalized, seeing that a Google Chrome engineer gave a presentation about it yesterday, January 29, at the USENIX Enigma conference held in the US. Source
steven36 posted a topic in Security & Privacy NewsWordPress PHP minimum requirement to change to PHP 5.6 in April and PHP 7.0 in December. The WordPress open-source content management system (CMS) will show warnings in its backend admin panel if the site runs on top of an outdated PHP version. The current plan is to have the warnings appear for sites using a PHP version prior to the 5.6.x branch (<=5.6). The warnings will contain a link to a WordPress support page with information on how site owners can update their server's underlying PHP version. In instances where site owners are running their WordPress portals on top of tightly-controlled web hosting environments, the web host has the option to change this link with a custom URL pointing at its own support site. The warning will ship and start appearing with WordPress 5.1, scheduled for release early this spring. The decision to start showing this warning was taken in December 2018, after the release of the WordPress 5.0 branch. Upgrade statistics compiled days after the WP 5.0 release revealed that 85 percent of WordPress 5.0 users were running their sites on PHP versions of 5.6 and later, hence only a small subset of the active WordPress community will see these warnings in the first place. We said "active WordPress community" because there are still millions of sites running old WordPress versions, many of them abandoned or forgotten. The short-term plan is to migrate as many active users to more recent versions of PHP as possible so that the WordPress team can drop support for older PHP versions altogether. The WordPress team would like to officially modify the WordPress CMS minimum PHP version requirement from PHP 5.2 (the current) to PHP 5.6 by April 2019. A similar minimum requirement version bump is also planned for MySQL, with MySQL 5.5 becoming the new minimum requirement. The long-term plan is to have PHP 7.0 become the minimum PHP version needed to run a WordPress site by December 2019. Yesterday's announcement from the WordPress team came as a surprise for the WordPress community. The minimum PHP version needed to run a WordPress site hasn't been modified for years. The reason why the WordPress team wants to push site owners to update their underlying PHP servers is because the PHP team has recently dropped support for security fixes for the PHP 5.6.x and PHP 7.0.x branches. These older PHP servers are now vulnerable to attacks and mass-exploitation, as several security researchers have told ZDNet last fall. Around 66.7 percent of all Internet sites run an unsupported PHP version, according to W3Techs. Almost a quarter of all internet sites run on top of a WordPress CMS. The WordPress team is the first major CMS project to announce a concerted plan to migrate users towards currently-supported PHP versions. "The threshold for the PHP notice will increase granularly, with the goal to over time catch up with the actual PHP version progress," said Felix Arntz, a member of the WordPress open-source CMS team. Source
Sending out warnings is supposed to reduce the numbers of people using BitTorrent to obtain movies, TV shows and music without paying. It's far from clear how much difference they make but receiving one can't be the best of experiences for recipients. Some people, however, are receiving plenty of them yet still not changing their behavior. So just how many is enough? For the past several years, copyright holders in the US and Europe have been trying to reach out to file-sharers in an effort to change their habits. Whether via high-profile publicity lawsuits or a simple email, it’s hoped that by letting people know they aren’t anonymous, they’ll stop pirating and buy more content instead. Traditionally, most ISPs haven’t been that keen on passing infringement notices on. However, the BMG v Cox lawsuit seems to have made a big difference, with a growing number of ISPs now visibly warning their users that they operate a repeat infringer policy. But perhaps the big question is how seriously users take these warnings because – let’s face it – that’s the entire point of their existence. There can be little doubt that a few recipients will be scurrying away at the slightest hint of trouble, intimidated by the mere suggestion that they’re being watched. Indeed, a father in the UK – who received a warning last year as part of the Get it Right From a Genuine Site campaign – confidently and forcefully assured TF that there would be no more illegal file-sharing taking place on his ten-year-old son’s computer again – ever. In France, where the HADOPI anti-piracy scheme received much publicity, people receiving an initial notice are most unlikely to receive additional ones in future. A December 2017 report indicated that of nine million first warning notices sent to alleged pirates since 2012, ‘just’ 800,000 received a follow-up warning on top. The suggestion is that people either stop their piracy after getting a notice or two, or choose to “go dark” instead, using streaming sites for example or perhaps torrenting behind a decent VPN. But for some people, the message simply doesn’t sink in early on. A post on Reddit this week by a TWC Spectrum customer revealed that despite a wealth of readily available information (including masses in the specialist subreddit where the post was made), even several warnings fail to have an effect. “Was just hit with my 5th copyright violation. They halted my internet and all,” the self-confessed pirate wrote. There are at least three important things to note from this opening sentence. Firstly, the first four warnings did nothing to change the user’s piracy habits. Secondly, Spectrum presumably had enough at five warnings and kicked in a repeat-infringer suspension, presumably to avoid the same fate as Cox in the BMG case. Third, the account suspension seems to have changed the game. Notably, rather than some huge blockbuster movie, that fifth warning came due to something rather less prominent. “Thought I could sneak in a random episode of Rosanne. The new one that aired LOL. That fast. Under 24 hours I got shut off. Which makes me feel like [ISPs] do monitor your traffic and its not just the people sending them notices,” the post read. Again, some interesting points here. Any content can be monitored by rightsholders but if it’s popular in the US then a warning delivered via an ISP seems to be more likely than elsewhere. However, the misconception that the monitoring is done by ISPs persists, despite that not being the case. ISPs do not monitor users’ file-sharing activity, anti-piracy companies do. They can grab an IP address the second someone enters a torrent swarm, or even connects to a tracker. It happens in an instant, at a time of their choosing. Quickly jumping in and out of a torrent is no guarantee and the fallacy of not getting caught due to a failure to seed is just that – a fallacy. But perhaps the most important thing is that after five warnings and a disconnection, the Reddit user decided to take action. Sadly for the people behind Rosanne, it’s not exactly the reaction they’d have hoped for. “I do not want to push it but I am curious to what happens 6th time, and if I would even be safe behind a VPN,” he wrote. “Just want to learn how to use a VPN and Sonarr and have a guilt free stress free torrent watching.” Of course, there was no shortage of advice. “If you have gotten 5 notices, you really should of learnt [sic] how to use a VPN before now,” one poster noted, perhaps inevitably. But curiously, or perhaps obviously given the number of previous warnings, the fifth warning didn’t come as a surprise to the user. “I knew they were going to hit me for it. I just didn’t think a 195mb file would do it. They were getting me for Disney movies in the past,” he added. So how do you grab the attention of a persistent infringer like this? Five warnings and a suspension apparently. But clearly, not even that is a guarantee of success. Perhaps this is why most ‘strike’ schemes tend to give up on people who can’t be rehabilitated. torrentfreak
steven36 posted a topic in FileSharing NewsPeople who access Spotify using hacked apps that remove some of the restrictions placed on free accounts are receiving warning emails from the company. Noting that "abnormal activity" has been observed from the user's software, Spotify warns that future breaches could result in suspension or even termination of a user's account. Spotify is a fantastic music streaming service used by more than 159 million users around the world. Around 71m of those are premium subscibers according to figures released by the company last December. Given the above, 88 million Spotify members are using the free tier, meaning that they’re subjected to advertising and other limitations such as shuffle-only play and track skip restrictions. The idea is that the free user gets a decent level of service but is held back just enough with small irritations to make the jump to a premium subscription a logical step at some point. What millions of free users don’t know, however, is that there are modified Spotify apps out there that can remove many of these restrictions. All the user has to do is sign up to free Spotify account, download one of the many ‘hacked’ Spotify installation files out there, put in their username and password, and enjoy. How many people use these hacked versions of Spotify isn’t clear and up to now, it’s been somewhat of a mystery as to why Spotify itself hasn’t done something about them. During the past few days, however, there have been signs that a crackdown could be on the way. In an email sent to an unknown but significant number of people, Spotify informs users of modified apps that they’re on the company’s radar and there could be consequences for trying to subvert the system. “We detected abnormal activity on the app you are using so we have disabled it. Don’t worry – your Spotify account is safe,” the email from Spotify reads. “To access your Spotify account, simply uninstall any unauthorized or modified version of Spotify and download and install the Spotify app from the official Google Play Store. If you need more help, please see our support article on Reinstalling Spotify.” Users have been popping up on Spotify’s forums asking why they’ve received this email. Some seem to think they’ve done nothing wrong but most signs point to people using modified software. The warning email from Spotify. While the email signs off with a note thanking the recipient for being a Spotify user, there is also a warning. “If we detect repeated use of unauthorized apps in violation of our terms, we reserve all rights, including suspending or terminating your account,” Spotify writes. For people who used their real accounts along with modified apps this could be a problem but many people using hacked versions go in prepared with a secondary or temporary email address and false details. Quite how far Spotify will go to rid its service of this kind of a user remains unknown but at least for now, the actual effects of this early crackdown seemed mixed. TorrentFreak has spoken with users who have modified versions and have received the email, yet their installation still works just fine. Others report that they can no longer log in with their modified version. What is clear, however, is that Spotify has both modified apps and their creators on its radar. On March 1, 2018 the company wrote to Github demanding that a popular Spotify mod known as ‘Dogfood’ be taken down from the repository. Dogfood is done on Github The full takedown notice can be found here. It lists Dogfood itself plus a whole bunch of ‘forks’ which have also been taken down by Github. There were signs in January that the developer of Dogfood might have been under pressure to limit the effectiveness of his app. On January 18 he announced on XDA that some functionality would be removed moving forward. “In order to comply with XDA’s Rules and CoC, Spotify Dogfood has taken a new direction, and now offers *exclusively* Ad-free music playback,” he wrote. “Any other features won’t be included anymore in this mod. But, that doesn’t mean anything if you’re a true, a core user of this app, because there will still be regular updates to it, as there has been up until now.” Where that development will take place now isn’t clear but it clearly won’t be on Github. Indeed, even XDA has been targeted by Spotify, with the site receiving a DMCA notice from the company which required the removal of links and an apparent closure of the whole discussion. XDA DMCA takedown For now it seems that Spotify is playing nice, at least with users of modified apps. Whether it will continue with the same relaxed attitude is unclear but it’s hard not to connect the move with its intention to go public and its $23bn valuation. Still, the company should be more in tune with pirates than most given its history, so may yet have a decent plan up its sleeve. Source