Slashdot security articles

Syndicate content Slashdot: Generated for TarPitt (217247)
News for nerds, stuff that matters: Generated for TarPitt (217247)
Updated: 20 hours 55 min ago

Judge Rules Edward Snowden Can't Profit From His Book

Wed, 12/18/2019 - 16:02
A federal judge in Virginia ruled Tuesday that whistleblower Edward Snowden will not be allowed to profit from sales of his memoir Permanent Record. The reason? He didn't receive approval from the CIA and NSA. Gizmodo reports: Permanent Record, which was released in September, tells the story of Snowden's decision to become a whistleblower and expose the ways that the U.S. government was spying on Americans in the late 2000s and early 2010s. Snowden fled the U.S. in 2013 after several new stories were written based on documents he leaked and now lives in Moscow, Russia. Snowden didn't seek approval from the national security agencies where he had signed secrecy agreements before publication, and while the government didn't move to stop the book from being published, it does want any money he makes from the endeavor. Snowden's U.S.-based publishers, MacMillan and Holtzbrinck, are also named in the lawsuit. "Snowden's publication of Permanent Record without prior submission for prepublication review breached the CIA and NSA Secrecy agreement and the attendant fiduciary duties set forth in those agreements," federal judge Liam O'Grady wrote in his 14-page decision. "According to government filings, Snowden signed three Secrecy Agreements with the CIA in November of 2005, August of 2006, and April of 2009. He also signed three NSA Secrecy Agreements in July of 2005, May of 2009, and March of 2013. All of those agreements were unambiguous, according to the judge, and required Snowden to get a prepublication review before the book came out. "During each of [Snowden's public talks via video link at a TED conference and various universities], Snowden caused to be displayed and discussed, among other things, at least one slide which was marked classified at the Top Secret level, and other intelligence-related activities of the CIA and NSA," the judge wrote. "He never submitted any materials or slides to the CIA or NSA for prepublication review, and never received written authority to make his public remarks or publish his slides." It's unclear if Snowden will appeal the ruling.

More than 38,000 People Will Stand in Line this Week To Get a New Password

Wed, 12/18/2019 - 13:25
A non-standard and somewhat weird password reset operation is currently underway at a German university, where more than 38,000 students and staff were asked this week to stand in line with their ID card and a piece of paper to receive new passwords for their email accounts. From a report: All of this is going on at the Justus Liebig University (JLU) in Gieben, a town north of Frankfurt, Germany. The university suffered a malware infection last week. While the name or the nature of the malware strain was not disclosed, the university's IT staff considered the infection severe enough to take down its entire IT and server infrastructure. The university's network has been down since December 8, and all computers have been isolated and disconnected from each other. For the past days, IT staff have used antivirus scanners loaded on more than 1,200 USB flash drives to scan each JLU computer for malware.

Vladimir Putin 'Still Uses Obsolete Windows XP' Despite Hacking Risk

Wed, 12/18/2019 - 12:45
Speaking of Russia, whose agents have been accused of worldwide hacking operations, but someone at the Kremlin has apparently forgotten to inform Vladimir Putin of the importance of cyber-security. From a report: Putin, 67, appears to have the obsolete Microsoft Windows XP operating system installed on computers in his office at the Kremlin and at his official Novo-Ogaryovo residence near Moscow, according to images released by his press service. Both computers have the Kremlin towers set as their desktop backgrounds. [...] Moscow is gradually phasing out Microsoft and Google on government computers in favour of Russia's Astra Linux operating system software and domestic browsers such as Yandex. Dmitry Peskov, the Kremlin spokesman, did not comment when asked why Putin continues to use an antiquated Microsoft operating system.

Engineer Says Google Fired Her For Browser Pop-Up About Worker Rights

Tue, 12/17/2019 - 15:20
An anonymous reader quotes a report from Ars Technica: Another former employee has accused Google of violating federal labor law by firing her for activities related to labor organizing. In a Tuesday blog post, Kathryn Spiers says Google terminated her after she created a browser tool to notify employees of their organizing rights. Spiers says she worked on a Google security team that was focused on how Google employees used Chrome within the company. Part of her job was to "write browser notifications so that my coworkers can be automatically notified of employee guidelines and company policies while they surf the Web." So when Google hired a consulting company known for its anti-union work, Spiers wrote a notification that would appear whenever Google employees visited the firm's website. The notification stated that "Googlers have the right to participate in protected concerted activities." That's a legal term of art for worker organizing efforts. It also included a link to the worker rights notification mandated by the NLRB settlement. Google responded swiftly and harshly, according to Spiers. She was suspended from her job pending an investigation. Spiers writes that Google officials "dragged me into three separate interrogations with very little warning each time. I was interrogated about separate other organizing activities, and asked (eight times) if I had an intention to disrupt the workplace." She says she wasn't allowed to consult with a lawyer. Two weeks later, on December 13, Spiers was fired. She was told that she had violated Google's policies but couldn't get more details about which policies she had violated. In an email shared with several media outlets, Google executive Royal Hansen said: "[Spiers] misused a security and privacy tool to create a pop-up that was neither about security nor privacy. She did that without authorization from her team or the Security and Privacy Policy Notifier team, and without a business justification. And she used an emergency rapid push to do it." Hansen argued that the firing had nothing to do with the content of the message. "The decision would have been the same had the pop-up message been on any other subject," he argued.

Mozilla To Add Second DNS-over-HTTPS (DoH) Provider in Firefox

Tue, 12/17/2019 - 11:30
Mozilla has announced that NextDNS would be joining Cloudflare as the second DNS-over-HTTPS (DoH) provider inside Firefox. From a report: The browser maker says NextDNS passed the conditions imposed by its Trusted Recursive Resolver (TRR) program, and can now be added as a second option for DoH inside Firefox. These conditions include (1) limiting the data NextDNS collects from the DoH server used by Firefox users; (2) being transparent about the data they collect; and (3) promising not to censor, filter, or block DNS traffic unless specifically requested by law enforcement. DNS-over-HTTPS, or DoH, is a new feature that was added to Firefox last year. When enabled, it encrypts DNS traffic coming in and out of the browser. DNS traffic is not only encrypted but also moved from port 53 (for DNS traffic) to port 443 (for HTTPS traffic), effectively hiding DNS queries and replies inside the browser's normal stream of HTTPS content. This encrypted DNS traffic reaches a so-called DoH resolver. Here, the DoH traffic is decrypted and the DoH resolver makes the DNS query on the user's behalf, receives the result, encrypts it, and sends it back to the user's browser -- also disguised inside encrypted HTTPS content.

Microsoft: We Never Encourage a Ransomware Victim To Pay

Tue, 12/17/2019 - 06:43
An anonymous reader shares a report: Ever since ransomware became a top threat in the mid-2010s, people have been arguing about the proper way of dealing with a ransomware attack and the merits of paying or not paying a ransom demand. A big point of contention has been "the official advice" that various companies or government agencies give out to victims. For example, in late 2015, the FBI found itself in the middle of a controversy when one of its agents publicly admitted that the bureau was, in many cases, recommending that victims pay ransom demands. At the time, many were shocked to find out that the FBI was telling victims to pay ransomware demands, and helping criminal gangs boost their profits. The Bureau changed its official stance a few months later, in 2016, after US senators sent letters asking why the agency was helping out criminals. Since then, the FBI's official position has been to defer the decision to pay a ransom to the victim, with no formal advice. [...] In a blog post today, Microsoft, for the first time, revealed its stance on the matter. "We never encourage a ransomware victim to pay any form of ransom demand," said Ola Peters, Senior Cybersecurity Consultant for Microsoft Detection and Response Team (DART), the OS maker's official incident response team. "Paying a ransom is often expensive, dangerous, and only refuels the attackers' capacity to continue their operations," Peters added.

Visa Warns That Hackers Are Scraping Card Details From Gas Pumps

Mon, 12/16/2019 - 17:20
Visa has issued a statement warning consumers that cybercriminals are actively exploiting a weakness in gas station point-of-sale (POS) networks to steal credit card data. Engadget reports: The company's fraud disruption teams are investigating several incidents in which a hacking group known as Fin8 defrauded fuel dispenser merchants. In each case, the attackers gained access to the POS networks via malicious emails and other unknown means. They then installed POS scraping software that exploited the lack of security with old-school mag stripe cards that lack a PIN code. The hack doesn't appear to affect more secure chip-and-pin cards, but not all consumers have those, so service stations often work with mag stripe readers, too. The data is apparently sent in an unencrypted form to the vendor's main network, where the thieves have figured out how to intercept it. The other problem is that the POS systems aren't firewalled off from other, less critical parts of the network, allowing thieves to gain lateral access once the network is breached. There's not much cardholders can do to avoid the attacks, but Visa has advised fuel merchants to encrypt data while it's transferred or use a chip-and-PIN policy.

New Jersey's Largest Hospital System Pays Up In Ransomware Attack

Mon, 12/16/2019 - 16:50
New Jersey's largest hospital system said that it has paid hackers a ransom after a ransomware attack disrupted its services earlier this month. Threatpost reports: Hackensack Meridian Health, a $6 billion non-profit health provider system based in Edison, N.J., operates 17 hospitals, nursing homes and outpatient centers, as well as psychiatric facility Carrier Clinic. The hospital system told media outlets on Friday that it was targeted by a cyberattack on Dec. 2, crippling its computer software systems for nearly five days. "Our network's primary clinical systems are operational, and our IT teams continue working diligently to bring all applications back online safely," according to a statement issued to media, Friday. "Based on our investigation to date, we have no indication that any patient or team-member information has been subject to unauthorized access or disclosure." The attack affected the hospital's computer software systems, from scheduling and billing systems to labs and radiology, according to reports. Consequently, the ransomware attack forced the hospitals that were part of Hackensack Meridian Health system to reschedule around 100 non-emergency appointments and surgeries earlier in December. The hospital system did not clarify how much ransom it paid, or whether its data has since been recovered. It also did not give further indication about how systems were first infected and what data was affected.

Controversial Sale of<nobr> <wbr></nobr>.Org Domain Manager Faces Review At ICANN

Mon, 12/16/2019 - 14:10
An anonymous reader quotes a report from Ars Technica: ICANN is reviewing the pending sale of the .org domain manager from a nonprofit to a private equity firm and says it could try to block the transfer. The .org domain is managed by the Public Internet Registry (PIR), which is a subsidiary of the Internet Society, a nonprofit. The Internet Society is trying to sell PIR to private equity firm Ethos Capital. ICANN (Internet Corporation for Assigned Names and Numbers) said last week that it sent requests for information to PIR in order to determine whether the transfer should be allowed. "ICANN will thoroughly evaluate the responses, and then ICANN has 30 additional days to provide or withhold its consent to the request," the organization said. ICANN, which is also a nonprofit, previously told the Financial Times that it "does not have authority over the proposed acquisition," making it seem like the sale was practically a done deal. But even that earlier statement gave ICANN some wiggle room. ICANN "said its job was simply to 'assure the continued operation of the .org domain' -- implying that it could only stop the sale if the stability and security of the domain-name infrastructure were at risk," the Financial Times wrote on November 28. In its newer statement last week, ICANN noted that the .org registry agreement between PIR and ICANN requires PIR to "obtain ICANN's prior approval before any transaction that would result in a change of control of the registry operator." The registry agreement lets ICANN request transaction details "including information about the party acquiring control, its ultimate parent entity, and whether they meet the ICANN-adopted registry operator criteria (as well as financial resources, and operational and technical capabilities)," ICANN noted. ICANN's 30-day review period begins after PIR provides those details. ICANN said it will apply "a standard of reasonableness" when determining whether to allow the change in control over the .org domain, but it "might ultimately have to be determined by the courts," notes Domain Name Wire.

Economists Got the Decade All Wrong. They're Trying To Figure Out Why.

Mon, 12/16/2019 - 12:50
The U.S. has enjoyed its longest economic expansion on record without triggering inflation as interest rates remain historically low [Editor's note: the link may be paywalled]. From a report: [...] So in 2013 Larry Summers, a former top adviser to Presidents Bill Clinton and Barack Obama and now an economist at Harvard University, advanced an alternative explanation: "secular stagnation." He borrowed the phrase from an earlier Harvard economist, Alvin Hansen who used it in 1938 to describe the Great Depression's persistently weak growth and high unemployment. Mr. Hansen tied it to weak investment due to slow population growth: Businesses had less need to invest when there were fewer new workers and customers and when aging households bought fewer big-ticket products like houses. Slow population growth is once again weighing on growth and interest rates, Mr. Summers noted, and he added several other factors: the fastest-growing businesses, such as social-media platforms, invest little of their rich profits. Higher inequality meant more income flows to the high-saving, low-spending rich. Though initially skeptical of Mr. Summers's thesis, many economists have since warmed to it, at least for other parts of the world, if not the U.S. In some countries like Germany a persistent excess of savings manifests itself as a trade surplus which flows into other countries' bonds, holding down interest rates around the world. Secular stagnation has several profound implications. First, with interest rates closer to zero, central banks are less able to combat future recessions. Second, a structural shortage of private borrowing means governments can run big deficits without pushing up interest rates. Indeed, given central banks' lack of ammunition, governments should run deficits, or the economy will stagnate. Reducing entitlements such as future Social Security benefits in the name of fiscal prudence may worsen the problem by encouraging households to save more.

Fake Princesses, Pulled Teeth, and a Whole Lot of IP Infringement

Mon, 12/16/2019 - 08:50
Apple says it goes out of its way to protect the safety and security of its young users. The App Store of 2019 tells a different story. Laura June, writing for InputMag: One of the most insidious forms of abuse on modern content platforms is the way unknown creators can co-opt well-known characters. Off-brand Spider-Man and fake Elsa and Anna pop up all over YouTube. I discovered this the hard way two years ago, when I found my daughter watching fake Peppa Pig videos on YouTube, many of them horrific and violent, and preying on the very young (Peppa Pig is a very popular television show for preschoolers). But YouTube, unlike Apple's App Store, is a platform where pretty much anyone can upload anything. And Google, which owns YouTube, doesn't peacock on stage like Tim Cook does, looking down his nose at Facebook and other companies for their lax attitudes on user safety. Given Apple's reputation, it was with some surprise that I found myself in a very similar position several weeks ago, while browsing Apple's App Store for games for my nearly 6-year-old daughter. [...] Keep in mind, I was not looking for fakes. I fully expected to find only official apps for these company's characters. I didn't expect to find Paw Puppy Smashy Patrol in the store above the official Nickelodeon app PAW Patrol Pup Rescue Pack. Some apps boldly use the official Disney characters in their titles, literally advertising themselves with the copyrighted, intellectual property of a currently airing Disney show. But even the ones that aren't using Disney names in their titles depict characters that look nearly identical to Vampirina, Elsa and Anna, Sofia the First, and so on. The quality of the design varies, but some of them really do feature characters who look exactly like the ones you've come to know and trust (even if they've not-so-cleverly disguised themselves with names like Paw Puppy Smashy Patrol and Ice Queen Adventure). The apps are designed to fool you; fooling you is the goal. They're designed to make you think, "Oh right, Disney! We love Disney, we trust Disney. Let me download that for you, kid!"

Fake Princesses, Pulled Teeth, and a Whole Lot of IP Infringement

Mon, 12/16/2019 - 08:50
Apple says it goes out of its way to protect the safety and security of its young users. The App Store of 2019 tells a different story. Laura June, writing for InputMag: One of the most insidious forms of abuse on modern content platforms is the way unknown creators can co-opt well-known characters. Off-brand Spider-Man and fake Elsa and Anna pop up all over YouTube. I discovered this the hard way two years ago, when I found my daughter watching fake Peppa Pig videos on YouTube, many of them horrific and violent, and preying on the very young (Peppa Pig is a very popular television show for preschoolers). But YouTube, unlike Apple's App Store, is a platform where pretty much anyone can upload anything. And Google, which owns YouTube, doesn't peacock on stage like Tim Cook does, looking down his nose at Facebook and other companies for their lax attitudes on user safety. Given Apple's reputation, it was with some surprise that I found myself in a very similar position several weeks ago, while browsing Apple's App Store for games for my nearly 6-year-old daughter. [...] Keep in mind, I was not looking for fakes. I fully expected to find only official apps for these company's characters. I didn't expect to find Paw Puppy Smashy Patrol in the store above the official Nickelodeon app PAW Patrol Pup Rescue Pack. Some apps boldly use the official Disney characters in their titles, literally advertising themselves with the copyrighted, intellectual property of a currently airing Disney show. But even the ones that aren't using Disney names in their titles depict characters that look nearly identical to Vampirina, Elsa and Anna, Sofia the First, and so on. The quality of the design varies, but some of them really do feature characters who look exactly like the ones you've come to know and trust (even if they've not-so-cleverly disguised themselves with names like Paw Puppy Smashy Patrol and Ice Queen Adventure). The apps are designed to fool you; fooling you is the goal. They're designed to make you think, "Oh right, Disney! We love Disney, we trust Disney. Let me download that for you, kid!"

Npm Team Warns of New 'Binary Planting' Bug

Mon, 12/16/2019 - 06:50
The team behind npm, the biggest package manager for JavaScript libraries, issued a security alert yesterday, advising all users to update to the latest version (6.13.4) to prevent "binary planting" attacks. From a report: Npm (Node.js Package Manager) devs say the npm command-line interface (CLI) client is impacted by a security bug -- a combination between a file traversal and an arbitrary file (over)write issue. The bug can be exploited by attackers to plant malicious binaries or overwrite files on a user's computer. The vulnerability can be exploited only during the installation of a boobytrapped npm package via the npm CLI. "However, as we have seen in the past, this is not an insurmountable barrier," said the npm team, referring to past incidents where attackers planed backdoored or boobytrapped packages on the official npm repository. Npm devs say they've been scanning the npm portal for packages that may contain exploit code designed to exploit this bug, but have not seen any suspicious cases. "That does not guarantee that it hasn't been used, but it does mean that it isn't currently being used in published packages on the [official npm] registry," npm devs said.

Is Microsoft's Chromium Edge Browser Better Than Firefox and Chrome?

Sun, 12/15/2019 - 12:49
Android Authority argues that the new Microsoft Chromium Edge browser "is full of neat tricks" and "packs more features than Firefox": The final major feature is called Apps. Essentially, Apps allows you to download and install web pages and web apps for use without the Edge browser. Previously, you had to find these dedicated web apps via the Microsoft Store, but now Edge handles downloading and managing web apps all in the browser. For example, you can download the Twitter web app via Edge just by visiting the Twitter website and clicking "install this site as an app" from the settings menu. Once installed, you can run the webpage as an app directly from your desktop, taskbar, or start menu like any other piece of software. It's like saving links only better, as some web apps can run offline too. Alternatively, you can install the Android Authority webpage and run it as an app to catch up with the latest news without having to boot up Edge each time. It's pretty neat and something that I intend to use more often. Overall, Edge offers everything you'll want in a web browser and more. Microsoft finally feels on the cutting edge of the internet. The browser does have a smaller range of supported extensions, but you can also manually install Chrome extensions, according to the article. It adds that Microsoft Edge Chromium "typically uses just 70 to 75 percent of the RAM required by Chrome [and] is even more lightweight than Firefox." And while acknowledging that Microsoft's Windows 10 "has its share" of telemetry issues, the article adds that "at no point during my couple of weeks with Edge have I noticed it thrashing my hard drive. "Chrome has a habit of scanning various files on my computer, despite opting out of all the available data sharing options. This isn't great for system performance and raises obvious security questions."

Someone Stole Facebook Payroll Data For Thousands of Employees

Fri, 12/13/2019 - 15:30
mschaffer writes: Apparently Facebook had a recent privacy problem of a different kind. A thief broke into an employee's car and stole equipment -- including hard drives that contained unencrypted personal data of former Facebook employees. "Out of abundance of caution," Facebook alerted their current and former employees about the theft. "The hard drives, which were unencrypted, included payroll data like employee names, bank account numbers and the last four digits of employees' social security numbers," reports Bloomberg. "The drives also included compensation information, including salaries, bonus amounts, and some equity details. In total, the drives contained personal data for about 29,000 U.S. employees who worked at Facebook in 2018." "We worked with law enforcement as they investigated a recent car break-in and theft of an employee's bag containing company equipment with employee payroll information stored on it," the spokeswoman said in a statement shared with Bloomberg. "We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information."

New Orleans City Government Shuts Off Computers After Cyberattack

Fri, 12/13/2019 - 14:50
New submitter tubajock writes: According to NOLA.com, New Orleans City Hall workers were told by a PA system broadcast to immediately unplug all computer systems from the network [following a cyberattack that struck the city government]. The city website is also down and the city has implemented its Emergency Operations Center as well as contacted state and federal authorities for help. Beau Tidwell, a spokesman for Mayor LaToya Cantrell, said the cyberattack started sometime after 11 a.m. In addition to city hall workers, the New Orleans Police Department has also been told to shut down their computers and remove everything from the network. Thankfully, 9-1-1 and 3-1-1 calls are not impacted by the attack and residents can still access the online 3-1-1 systems through its site, nola311.org.

Windows 10 Mobile Reaches End of Support

Fri, 12/13/2019 - 08:10
We've known Windows 10 Mobile has been a dead platform for years now. Even Microsoft themselves have been telling people they need to switch to Android or iOS. But yesterday, we saw the final blow to Microsoft's mobile OS -- it officially reached its end of life and is no longer supported. From a report: There is some good news for the two of you still running Windows 10 Mobile though. The platform's office apps will receive updates and security patches until January 12, 2021. This includes Microsoft Word, Excel, PowerPoint, and OneNote. That means you still have a little more time before you absolutely need to migrate to another mobile platform if you just can')t break your Windows 10 Mobile addiction. Though we still recommend you take the leap as soon as possible.

Mozilla To Force All Add-on Devs To Use 2FA To Prevent Supply-Chain Attacks

Fri, 12/13/2019 - 06:50
Mozilla announced this week that all developers of Firefox add-ons must enable a two-factor authentication (2FA) solution for their account. From a report: "Starting in early 2020, extension developers will be required to have 2FA enabled on AMO [the Mozilla Add-Ons portal]," said Caitlin Neiman, Add-ons Community Manager at Mozilla. "This is intended to help prevent malicious actors from taking control of legitimate add-ons and their users," Neiman added. When this happens, hackers can use the developers' compromised accounts to ship tainted add-on updates to Firefox users. Since Firefox add-ons have a pretty privileged position inside the browser, an attacker can use a compromised add-on to steal passwords, authentication/session cookies, spy on a user's browsing habits, or redirect users to phishing pages or malware download sites. These types of incidents are usually referred to as supply-chain attacks.

Cisco Outlines Silicon, Software Roadmap For Next Generation Internet

Thu, 12/12/2019 - 16:10
An anonymous reader writes: Cisco on Wednesday outlined new details behind its strategy to build next-generation internet technology. As a set up for what it dubs its 'Internet for the Future' strategy, the networking giant announced a multi-year plan for building and investing in 5G internet technology, including silicon, optics and software. On the silicon side, Cisco announced Silicon One, a new switching and routing applications specific integrated circuit (ASIC) for the 5G internet era. The programmable networking chip is designed to provide significant improvements to performance, bandwidth, power efficiency, scalability and flexibility, according to Cisco. Cisco said the first first generation of the chip, Q100, surpassed the 10 Tbps routing milestone for network bandwidth. In addition to the silicon, Cisco also outlined its focus on the optics space. As port rates increase from 100G to 400G, optics become a larger portion of the cost to build and operate internet infrastructure. To account for that, Cisco said its qualification program tests its optics and non-Cisco optics to comply with industry standards, and invests organically to make sure that its router and switch ports rates continue to increase. Cisco also announced plans to offer flexible consumption models for Silicon One that were first established with its optics portfolio, followed by the disaggregation of the Cisco IOS XR7 software. The Silicon One architecture will integrate into its new 8000 series carrier class routers, which is powered by Cisco's new IOS XR7 operating system. The OS will provide faster download speeds and security improvements, Cisco said. According to the report, Cisco is currently working with Comcast and NTT Communications on ongoing deployments and trials of the 8000 series.

Inside the Podcast that Hacks Ring Camera Owners Live on Air

Thu, 12/12/2019 - 12:05
In the NulledCast podcast hackers livestream the harassment of Ring camera owners after accessing their devices. Hundreds of people can listen. From a report: A blaring siren suddenly rips through the Ring camera, startling the Florida family inside their own home. "It's your boy Chance on Nulled," a voice says from the Ring camera, which a hacker has taken over. "How you doing? How you doing?" "Welcome to the NulledCast," the voice says. The NulledCast is a podcast livestreamed to Discord. It's a show in which hackers take over people's Ring and Nest smarthome cameras and use their speakers to talk to and harass their unsuspecting owners. In the example above, Chance blared noises and shouted racist comments at the Florida family. "Sit back and relax to over 45 minutes of entertainment," an advertisement for the podcast posted to a hacking forum called Nulled reads. "Join us as we go on completely random tangents such as; Ring & Nest Trolling, telling shelter owners we killed a kitten, Nulled drama, and more ridiculous topics. Be sure to join our Discord to watch the shows live." Software to hack Ring cameras has recently become popular on the forum. The software churns through previously compromised email addresses and passwords to break into Ring cameras at scale. This has led to a recent spate of hacks that have occurred both during the podcast and at other times, several of which have been covered by local media outlets. In Brookhaven a hacker shouted at a sleeping woman through her hacked Ring camera to wake-up. In Texas, a hacker demanded a couple pay a bitcoin ransom. Hackers targeted a family in DeSoto County, Mississippi, and spoke through the device to one of the young children.