Amazon has gone to war on multiple fronts, and is asking for you to enlist. But we’ll cut through the crap and discuss what’s really at play. Plus Xiaomi gets caught red handed spying on their users, the Bitcoin hijack that’s super impressive & more!

Direct Download:

MP3 Audio | OGG Audio | Video | HD Video | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | Torrent Feed

Become a supporter on Patreon:

Show Notes:

Xiaomi phones send user data to remote servers: F-Secure

At first, F-Secure did not configure an Mi Cloud (Xiaomi’s equivalent of Apple’s iCloud that stores user data) account and simply inserted a sim card, connected the phone to Wi-Fi, turned on GPS, added a contact and made and received a call and exchanged messages. The company found that the phone number of contacts added to the phone book and from SMS messages received were also forwarded. The phone follows a similar pattern even when one configures an Mi Cloud account.

“Next we connected to and logged into Mi Cloud, the iCloud-like service from Xiaomi. Then we repeated the same test steps as before. This time, the IMSI details were sent to api.account.xiaomi.com, as well as the IMEI and phone number,” writes F-Secure in its blog.

Xiaomi Makes its iMessage-Like Service Optional

Xiaomi is making the cloud messaging service that is automatically activated on its devices optional for user

• As a Google+ update from Hugo Barra, the former Google executive who is Xiaomi’s Global VP, explained:

These concerns refer to the MIUI Cloud Messaging service described above. As we believe it is our top priority to protect user data and privacy, we have decided to make MIUI Cloud Messaging an opt-in service and no longer automatically activate users. We have scheduled an OTA system update for today (Aug 10th) to implement this change.

After the upgrade, new users or users who factory reset their devices can enable the service by visiting “Settings > Mi Cloud > Cloud Messaging” from their home screen or “Settings > Cloud Messaging” inside the Messaging app — these are also the places where users can turn off Cloud Messaging.

Amazon wants you to ask Hachette’s CEO for lower e-book prices

• An Important Kindle request

Amazon Gets Increasingly Nervous

John Scalzi on Amazon/Hachette

John Scalzi:

Amazon is not your friend. Neither is any other corporation. It and they do what they do for their own interest and are more than willing to try to make you try believe that what they do for their own benefit is in fact for yours. It’s not. In this particular case, this is not about readers or authors or anyone else but Amazon wanting eBooks capped at $9.99 for its own purposes. It should stop pretending that this is about anything other than that. Readers, authors, and everyone else should stop pretending it’s about anything other than that, too.

Disney Disc Preorders Disappear From Amazon

Hacker Redirects Traffic From 19 Internet Providers to Steal Bitcoins

Researchers at Dell’s SecureWorks security division say they’ve uncovered a series of incidents in which a bitcoin thief redirected a portion of online traffic from no less than 19 Internet service providers, including data from the networks of Amazon and other hosting services like DigitalOcean and OVH, with the goal of stealing cryptocurrency from a group of bitcoin users.

Though each redirection lasted just 30 second or so, the thief was able to perform the attack 22 times, each time hijacking and gaining control of the processing power of a group of bitcoin miners, the users who expend processing power to add new coins to the currency’s network.

The attacker specifically targeted a collection of bitcoin mining “pools”

The redirection technique tricked the pools’ participants into continuing to devote their processors to bitcoin mining while allowing the hacker to keep the proceeds. At its peak, according to the researchers’ measurements, the hacker’s scam was pocketing a flow of bitcoins and other digital currencies including dogecoin and worldcoin worth close to $9,000 a day.

The Dell researchers believe the bitcoin thief used a technique called BGP hijacking, which exploits the so-called border gateway protocol, the routing instructions that direct traffic at the connection points between the Internet’s largest networks. The hacker took advantage of a staff user account at a Canadian internet service provider to periodically broadcast a spoofed command that redirected traffic from other ISPs, starting in February and continuing through May of of this year.

In fact, the BGP bitcoin-stealing exploits represent less of a new vulnerability in bitcoin than the persistent fragility of the internet itself, Dell’s researchers say. If one Canadian ISP can be used to redirect large flows of the Internet to steal a pile of cryptocurrency, other attackers could just as easily steal massive drifts of Internet data for espionage or pure disruption. The Dell researchers suggest that companies set up monitoring through a service like BGPmon, which can detect BGP hijacking attacks. B

Dutch government funds safe Dorpbox alternative Localbox

submitted by clementl

This links to a page where you can download the server. It’s written in PHP with Symfony.

The downside is that there are only clients for Windows, Android and iOS. They are planning to release the source of those in this fall.