Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites
#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.
LOOKING FOR HIGH QUALITY SEEDBOX? LOOK NO MORE! EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | INSTANT SETUP & TONS OF FREE APPS | STARTING AT $5.00/MONTH!
Search the Community
Showing results for tags 'exploited'.
Found 1 result
The PR disaster for geo-unblocking software Hola has deepened with a report from cybersecurity firm Vectra. In addition to revealing a console within the software that allows an attacker to "accomplish almost anything", Vectra has discovered that Hola had already been exploited by "bad guys" before reports surfaced against the company last week. After a flurry of reports, last week the people behind geo-unblocking software Hola were forced to concede that their usersâ€™ bandwidth is being sold elsewhere for commercial purposes. But for the Israel-based company, that was the tip of the iceberg. Following an initial unproofed report that the software operates as a botnet, this weekend researchers published an advisory confirming serious problems with the tool. â€œThe Hola Unblocker Windows client, Firefox addon, Chrome extension and Android application contain multiple vulnerabilities which allow a remote or local attacker to gain code execution and potentially escalate privileges on a userâ€™s system,â€ the advisory reads. Yesterday and after several days of intense pressure, Hola published a response in which it quoted Steve Jobs and admitted that mistakes had been made. Hola said that it would now be making it â€œcompletely clearâ€ to its users that their resources are being used elsewhere in exchange for a free product. Hola also confirmed that two vulnerabilities found by the researchers at Adios-Hola had now been fixed, but the researchers quickly fired back. â€œWe know this to be false,â€ they wrote in an update. â€œThe vulnerabilities are *still* there, they just broke our vulnerability checker and exploit demonstration. Not only that; there werenâ€™t two vulnerabilities, there were six.â€ With Hola saying it now intends to put things right (it says it has committed to an external audit with â€œone of the big 4 auditing companiesâ€) the company stood by its claims that its software does not turn usersâ€™ computers into a botnet. Today, however, an analysis by cybersecurity firm Vectra is painting Hola in an even more unfavorable light. In its report Vectra not only insists that Hola behaves like a botnet, but itâ€™s possible it has malicious features by design. â€œWhile analyzing Hola, Vectra Threat Labs researchers found that in addition to behaving like a botnet, Hola contains a variety of capabilities that almost appear to be designed to enable a targeted, human-driven cyber attack on the network in which an Hola userâ€™s machine resides,â€ the company writes. â€œFirst, the Hola software can download and install any additional software without the userâ€™s knowledge. This is because in addition to being signed with a valid code-signing certificate, once Hola has been installed, the software installs its own code-signing certificate on the userâ€™s system.â€ If the implications of that arenâ€™t entirely clear, Vectra assists on that front too. On Windows machines, the certificate is added to the Trusted Publishers Certificate Store which allows *any code* to be installed and run with no notification given to the user. That is frightening. Furthermore, Vectra found that Hola contains a built-in console (â€œzconsoleâ€) that is not only constantly active but also has powerful functions including the ability to kill running processes, download a file and run it whilst bypassing anti-virus software, plus read and write content to any IP address or device. â€œThese capabilities enable a competent attacker to accomplish almost anything. This shifts the discussion away from a leaky and unscrupulous anonymity network, and instead forces us to acknowledge the possibility that an attacker could easily use Hola as a platform to launch a targeted attack within any network containing the Hola software,â€ Vectra says. Finally, Vectra says that while analyzing the protocol used by Hola, its researchers found five different malware samples on VirusTotal that contain the Hola protocol. Worryingly, they existed before the recent bad press. â€œUnsurprisingly, this means that bad guys had realized the potential of Hola before the recent flurry of public reports by the good guys,â€ the company adds. For now, Hola is making a big show of the updates being made to its FAQ as part of its efforts to be more transparent. However, items in the FAQ are still phrased in a manner that portrays criticized elements of the service as positive features, something that is likely to mislead non-tech oriented users. â€œSince [Hola] uses real peers to route your traffic and not proxy servers, it makes you more anonymous and more secure than regular VPN services,â€ one item reads. How Hola will respond to Vectraâ€™s latest analysis remains to be seen, but at this point there appears little that the company can say or do to pacify much of the hardcore tech community. That being said, if Joe Public still canâ€™t see the harm in a free â€œcommunityâ€ VPN operating a commercial division with full access to his computer, Hola might settle for that. https://torrentfreak.com/hola-vpn-already-exploited-by-bad-guys-security-firm-says-150602/