[Most Recent Entries] [Calendar View]
Monday, August 3rd, 2015
| Time | Event | ||||||||||||||||||||||||||||||||||||||||||||||||
| 7:47a | Top 10 Most Pirated Movies of The Week – 08/03/15
Hot Pursuit is the most downloaded movie. The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are BD/DVDrips unless stated otherwise. RSS feed for the weekly movie download chart.
Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services. | ||||||||||||||||||||||||||||||||||||||||||||||||
| 8:32a | The Pirate Bay Will Be Blocked in Austria
Courts all around the world have ordered Internet providers to block subscriber access to the torrent site and the list continues to expand. The latest blocking order was issued right before the weekend in Austria. Following a complaint from copyright holders the Commercial Court of Vienna ordered local ISP A1 Telekom to block subscribers access to The Pirate Bay. In addition to the notorious torrent site, the court order also requires the Internet provider to block three other “structurally infringing” sites; Isohunt.to, 1337x.to and h33t.to. The court allows the ISP to choose how to implement the blockade on a technical level but it is likely to involve DNS-blocking, an IP-address blacklist or a combination of both. If A1 Telekom chooses a DNS blockade then users can easily circumvent the measures by using a non-ISP DNS server. A combination of a DNS and IP-address block is generally more effective, but with the wide availability of proxy sites and VPN services that’s not airtight either. Franz Medwenitsch, managing director of the Austrian music industry association IFPI, welcomes the court order and notes that they are happy to assist with the implementation of the blockades. “For the further development of the online music market it is a very gratifying decision. We call on the Internet providers to work together towards a legally compliant and straightforward implementation of site-blocking,” Medwenitsch says. The current court order follows hot on the heels of another major blocking case in Austria, which came to an end last month. After a round of appeals the Supreme Court ordered several leading Austrian ISPs to block the major streaming sites Movie4K.to and Kinox.to. The Court further rules that the Internet providers will have to pay the costs for future blockades. Given the recent successes, it wouldn’t be a surprise if more blocking requests will follow during the months to come. Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services. | ||||||||||||||||||||||||||||||||||||||||||||||||
| 1:29p | India’s Porn Block Targets Torrent Sites, CollegeHumor and 9Gag
On Friday the Government ordered local Internet providers to block access to a list of 857 websites, including many of the top porn sites. “Your requested URL has been blocked as per the directions received from Department of Telecommunications, Government of India,” was the warning many got to see instead. The move has sparked outrage among the public, who condemn the Government for censoring the Internet without proper cause. According to the court order the sites are being blocked because they threaten the morality and decency of Indians, which a local official has now confirmed. “Free and open access to porn websites has been brought under check. We don’t want them to become a social nuisance,” a spokesman at the Department of Telecommunications told Reuters. The Government order is quite broad, and not just because of the high number of domain names involved. A leaked copy which list all of the affected domains reveals some unsuspected entries. For example, the list contains two of the largest torrent sites, Kickass.to and H33t.to. The first is now operating under the new Kat.cr domain name and the latter site is down, so the effects of the blockade are minimal.
The same goes for Liveleak, which has plenty of ‘immoral’ videos but isn’t really known for its vast amounts of porn. Finally, the list also includes nonvegjokes.com, a site specializing in dirty jokes. The blocking order was issued under Rule 12 of the local Information Technology Rules, which allows the Government to block access to sites that are deemed to violate the integrity or security of India. The Government still has to justify its blocking request before the end of the month. If those arguments prove insufficient, the court order may be overturned again. In the meantime, the interest in circumvention tools such as VPN services and proxy sites is expected to skyrocket. Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services. | ||||||||||||||||||||||||||||||||||||||||||||||||
| 7:26p | Popcorn Time Vulnerable to Hack Attacks, Researcher Says
Millions of people use multiple variants of the Netflix-style tool everyday, with ease of use and wide content availability proving a hit with users old and new. Popcorn Time’s success has also made it a target for anti-piracy companies desperate to shut it down, but today the software finds itself under attack of a different kind. Antonios Chariton, aka ‘DaKnOb’, describes himself as a Security Engineer & Researcher. Currently in Greece studying for his B.Sc. in Computer Science, Chariton informs TorrentFreak that he’s discovered some serious security vulnerabilities in at least one fork of Popcorn Time. “There are two reasons that made me look into Popcorn Time. First of all, I know many people who have installed this application on their personal computers and use it, and second of all, by pure accident: I was setting up my computer firewall when I noticed the network traffic initiated by Popcorn Time,” Chariton says. The researcher says that the problems begin with “a really smart” technique that Popcorn Time uses to bypass ISP-level blocking in the UK. By utilizing Cloudflare infrastructure for part of its setup, it’s difficult to block Popcorn Time by DNS without banning the Cloudflare website, Chariton notes. But cleverness aside, this is where the problems begin. “First of all, the request to Cloudflare is initiated over plain HTTP. That means both the request and the response can be changed by someone with a Man In The Middle position (Local Attacker, Network Administrator, ISP, Government, etc.),” Chariton explains. “The second mistake is that there is no input sanitization whatsoever. That means, there are no checks in place to ensure the validity of the data received. The third mistake is that they make the previous two mistakes in a NodeJS application.” As shown in the image below, Chariton says he was able to perform a “content spoofing” attack, in which he gave the movie Hot Pursuit the title of “Hello World” instead.  The researcher says that while he could’ve changed any other information in the Popcorm Time application, that wouldn’t be “exactly much fun”. So, to get pulses racing, he launched an XSS attack instead. As shown in the image below, Cross-Site Scripting (XSS) attacks allow for potentially malicious scripts to be injected into other web applications.
“We have injected malicious JavaScript and the client application executed the code. Using this attack we can show fake messages or even do something smarter. Since the application is written in NodeJS, if you find an XSS vulnerability, you are able to control the entire application,” Chariton explains. “This essentially is Remote Code Execution on the computer that runs Popcorn Time. You can do anything the computer user could do.” That’s obviously a pretty serious issue but Chariton does have some advice for the developers. “HTTP is insecure. There’s nothing you can do to change this. Please, use HTTPS everywhere, especially in applications that don’t run inside a web browser. Second, sanitize your input. Even if you receive something over TLS v1.2 using a Client Certificate, it still isn’t secure! Always perform client-side checks of the server response,” he notes. “Last but not least, just because something is Open Source doesn’t mean it’s audited and secure. Discovering and exploiting this vulnerability was literally one hour of work, including the time to write all the JavaScript payloads and come up with cool stuff to do,” Chariton concludes. Making the situation more complex is the number of Popcorn Time forks in circulation. Chariton told us that he carried out his tests on the variant available at PopcornTime.io but it’s certainly possible that the same issues exist elsewhere on lesser-used forks. That being said, the developers behind the variant available at Popcorn-Time.se inform TorrentFreak that their version isn’t vulnerable to these exploits. “These security issues don’t refer to Popcorn-time.se since we built Popcorn Time from scratch in C++,” the devs explain. “We don’t use Node Webkit which is known for having security issues, but chose the longer route of building our platform on our own from the ground up to avoid just these kind of issues.” Chariton has raised the issue here and it’s currently under discussion. Update: Popcorntime.io have now responded. “This attack requires that the attacker is either inside the local network, inside the host machine, or has poisoned the DNS servers,” the team explain. “In any case, there are far more valuable attacks than simply hitting Popcorn Time. Especially because it does not run with elevated privileges and won’t let the attacker install new programs for example.” The team have a longer article published here. Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services. | ||||||||||||||||||||||||||||||||||||||||||||||||
This week we have three newcomers in our chart. 
As the bastion of online piracy, The Pirate Bay has become one of the most censored websites on the Internet in recent years.
This weekend millions of Indian Internet users started to notice that their favorite websites were no longer accessible. 
While blocking these torrent sites may be justified as both sites do link to pornographic content, the same can’t really be said for CollegeHumor and 9Gag, which are also on the blacklist. 
Almost 18 months since it burst onto the scene in 2014 and Popcorn Time is still one of the most popular file-sharing applications on the market.
| << Previous Day |
2015/08/03 [Calendar] |
Next Day >> |