Blog

Read More

Enlarge / AT&T corporate offices on November 10, 2020, in El Segundo, California.

AT&T is killing off the online-video service formerly known as DirecTV Now and introducing a no-contract option for the newer online service that replaced it.

AT&T unveiled DirecTV Now late in 2016, the year after AT&T bought the DirecTV satellite company. Prices originally started at $35 a month for the live-TV online service, and it had signed up 1.86 million subscribers by Q3 2018. But customers quickly fled as AT&T repeatedly raised prices and cut down on the use of promotional deals, leaving the service with just 683,000 subscribers at the end of Q3 2020.

In 2019, AT&T changed the name from DirecTV Now to AT&T TV Now, creating confusion among customers and its own employees because the company simultaneously unveiled another online streaming service called AT&T TV.

AT&T TV was pitched as a more robust

Read More

Enlarge / Uberwachung, Symbolbild, Datensicherheit, Datenhoheit

Westend61 | Getty Images

Lawmakers and law enforcement agencies around the world, including in the United States, have increasingly called for backdoors in the encryption schemes that protect your data, arguing that national security is at stake. But new research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.

Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption. They also studied more than a decade’s worth of reports about which of these mobile security features law enforcement and criminals have previously bypassed, or can currently, using special hacking tools. The researchers have dug into the current mobile privacy state of affairs and provided

Read More

Getty Images

Last month, the makers of one of the most promising coronavirus vaccines reported that hackers stole confidential documents they had submitted to a European Union regulatory body. On Friday, word emerged that the hackers have falsified some of the submissions’ contents and published them on the Internet.

Studies of the BNT162b2 vaccine jointly developed by pharmaceutical companies Pfizer and BioNTech found it’s 95 percent effective at preventing COVID-19 and is consistently effective across age, gender, race, and ethnicity demographics. Despite near-universal consensus among scientists that the vaccine is safe, some critics have worried it isn’t. The hackers appear to be trying to stoke those unsupported worries.

Data unlawfully accessed by the hackers “included internal/confidential email correspondence dating from November, relating to evaluation processes for COVID-19 vaccines,” the European Medicines Agency based in Amsterdam said in a statement. “Some of the correspondence has been manipulated by the perpetrators

Read More

Getty Images

DNS over HTTPS is a new protocol that protects domain-lookup traffic from eavesdropping and manipulation by malicious parties. Rather than an end-user device communicating with a DNS server over a plaintext channel—as DNS has done for more than three decades—DoH, as DNS over HTTPS is known, encrypts requests and responses using the same encryption websites rely on to send and receive HTTPS traffic.

Using DoH or a similar protocol known as DoT—short for DNS over TLS—is a no brainer in 2021, since DNS traffic can be every bit as sensitive as any other data sent over the Internet. On Thursday, however, the National Security Agency said in some cases Fortune 500 companies, large government agencies, and other enterprise users are better off not using it. The reason: the same encryption that thwarts malicious third parties can hamper engineers’ efforts to secure their networks.

“DoH provides the benefit of

Read More

Google researchers have detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices.

Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by the targets of interest and lace the sites with code that installs malware on visitors’ devices. The boobytrapped sites made use of two exploit servers, one for Windows users and the other for users of Android.

Not your average hackers

The use of zero-days and complex infrastructure isn’t in itself a sign of sophistication, but it does show above-average skill by a professional team of hackers. Combined with the robustness of the attack code—which chained together multiple exploits in an efficient manner—the campaign

Read More
6/406