Tags Gaming Security Share your voice Comment Think of access tokens as authentication outside of passwords — they’re codes generated by platforms to keep you logged in so you don’t need to log in every time you visit a page. When hackers stole personal information on 29 million people on Facebook, they used access tokens to do it. The Fortnite vulnerability takes advantage of the many different ways you can log into your Epic Games account, using access tokens from Facebook, Google and Xbox accounts. The attacker would have to send the phishing link on the platform the victim logs into Fortnite from — so if you tied your Epic Games’ account to Facebook, the hack would have to go through the social network, said Eran Vaknin, a security researcher at Check Point.Once you click on the link, that data is extracted, even if the victim doesn’t type anything in. “The attack is happening automatically without any user interference,” Vaknin said. Because the compromised page had an Epic Games’ URL, it would appear less suspicious to victims, Vanunu said. It’s similar to a vulnerability that Check Point’s researchers discovered with accounts for DJI’s drones last March, which the company fixed in September. In that vulnerability, Vanunu was also able to inject malicious code on DJI’s own domain page to steal access tokens. “Even if you have a security product looking for anti-phishing, it wouldn’t catch it because it’s coming from a legitimate domain,” the security researcher said. He warned that as people become more aware of phishing attacks and more careful about typing passwords on suspicious pages, hackers would be targeting access tokens instead. Vanunu encouraged enabling two-factor authentication to protect your accounts — which Epic Games has made efforts to promote as well. “Token hijacking is something that is happening on all major platforms,” Vanunu said. “We are starting to see malicious attackers looking for tokens more.” Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night. Blockchain Decoded: CNET looks at the tech powering bitcoin — and soon, too, a myriad services that will change your life. 1 Security researchers found a vulnerability that hackers could use to take over Fortnite accounts. Epic Games Attention all epic Fortnite gamers: your accounts were in great danger. Security researchers from Check Point found vulnerabilities with Epic Games’ website, which allowed potential hackers to log into people’s Fortnite accounts without needing a password. Once they had access to the compromised accounts, the researchers found that you could listen in on friends’ conversations and use the victims’ credit card information to purchase in-game items. The researchers discovered the vulnerabilities in November, and it was fixed by January. “We were made aware of the vulnerabilities and they were soon addressed. We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not reusing passwords and using strong passwords, and not sharing account information with others,” an Epic Games spokesperson said. Fortnite had a breakthrough year in 2018, with nearly 80 million players. Its parent company, Epic Games, was estimated to profit $3 billion last year, and valued at more than $15 billion for the free game. With the game’s massive popularity comes security concerns. In August, Epic Games fixed a security flaw with its installer for Android devices, after researchers from Google disclosed a vulnerability that could have tricked victims into installing a fake version of the game. Because the game is so popular, security researchers have found that Fortnite is a major target of malware, with a surge of fake apps popping up online. “We started to hear there was a lot of abuse at Fortnite’s network,” said Oded Vanunu, Check Point’s head of products vulnerability research. “This is more than a game — this is a huge infrastructure that’s serving 80 million players, who are mostly kids.” Epic Games has attempted to address security concerns by encouraging its players to enable two-factor authentication through giveaways. Despite Fortnite’s security measures over the last year, it was an Epic Games page from 2004 that created a small opening for hackers to take over people’s accounts. Check Point’s researchers found an unsecured URL from over a decade ago, on ut2004stats.epicgames.com — a records page for Unreal Tournament, a first-person shooter that Epic Games first developed in 1998. The page, which has since been deactivated, was open to cross-site scripting attacks — when someone injects malicious code into a website. The researchers wrote code and injected it onto the webpage to redirect access tokens to Check Point’s servers instead of Epic Game’s.
By Stephen Janis and Taya Graham, Special to the AFROThe reception in Annapolis for Baltimore State’s Attorney Marilyn Mosby’s proposal that would give prosecutors more leeway in vacating wrongful convictions was chilly, to say the least.“As prosecutors, it is our affirmative obligation to rectify and to right the wrongs of the past, the present and the future,’ Mosby testified before the house judiciary committee in support of bill 874.Baltimore City State’s Attorney Marilyn Mosby recently testified in Annapolis regarding her office’s recent decision to cease prosecution of marijuana possession cases. (Photo Credit: Taya Graham)But shortly after the city’s top prosecutor finished her impassioned pleadings on the proposed measure that would allow state’s attorney to re-open tainted cases, pushback ensued.Testifying that the law would go too far, Caroline County State’s Attorney Joe Riley said the Maryland State’s Attorney’s Association would not support the bill.“If you as the legislature wish to vacate all previous applicable possession of marijuana and paraphernalia cases, then you should do so,” Riley told the committee. “To leave this to individual jurisdictions is to ensure that inconsistent vacature of these convictions occurs.”“It will assuredly politicize our discretion on the issue.”The conflict between arguably the state’s most high-profile law enforcement official battling to rectify what many believe to be a sullied criminal justice system, highlights one of the key obstacles to law enforcement reform in the state capital, observers say.In general, suburban more conservative districts tend to be skeptical of measures aimed to scrutinize policing and the laws that govern it in Baltimore. A long-standing tradition that coupled with the powerful influence of the police unions has made even incremental reform problematic.The bill Mosby was touting seemed relatively straightforward. It would allow prosecutors to petition a judge to start a proceeding to vacate any conviction deemed problematic.Currently, Mosby told the house judiciary committee that dozens of cases tainted by testimony from the corrupt Gun Trace Task Force are languishing because judges refuse to re-open standing convictions.The Gun Trace Task Force was a group of eight officers who were convicted of or plead guilty to robbing residents, dealing drugs, and stealing overtime. The fallout from the scandal and a variety of other police misconduct cases have promoted Mosby to review roughly 2,000 past convictions.“Prosecutors have the affirmative ethical and legal obligation to seek ‘justice over convictions,’ not only during the pre-trial stage and up to conviction but our ethical obligation also extends beyond a conviction to ensure the integrity of that conviction,” she said.“We can’t afford to wait while there are individuals that are sitting in jail or walking around suffering the collateral consequences of wrongful convictions where their life, liberty and freedom are in jeopardy.”The bill would also allow Mosby to clear past convictions for marijuana possession. Recently, she publicly vowed not to prosecute pot possession cases. It is a policy she argued was justified by the disproportionate application of pots laws against African-Americans.“Out of the citywide (marijuana) citations that they were issuing 42 percent of those citations that were issued came out of Western District. This is Penn North. This is Sandtown-Winchester, “she saidThe pushback came shortly after another indictment involving GTTF members was returned this week.Prosecutors allege former Baltimore Police Sgt. Keith Allen Gladstone planted a BB gun on a Baltimore resident after he was struck by vehicle driven by a member of the GTTF. The charges allege the scheme was concocted to cover-up the fact the GTTF member had intentionally hit the suspect.The Judiciary Committee has not yet voted on the measure.Leaders of a Beautiful Struggle (LBS), a Baltimore policy think tank, is part of the messaging campaign to explain the merits of the new policy to the community of Baltimore.“In terms of LBS, we’ve been supportive of it, in terms of the larger community, I think there are mixed reactions,” said Dayvon Love, the group’s director of public policy. “I think the mixture of reactions has to do with the notion that has been pretty commonplace that the ability to arrest and prosecute for drug crime were an important leg in public safety strategy. Part of the conversation has been about shifting people’s notion as to what is an effective public safety strategy away from the ‘cast a broad net’ to a more refined and really more humane approach to public safety that really focuses on the people that are the drivers of violence and crime.”Despite the guarantee of the State’s Attorney’s Office, the Baltimore Police Department (BPD) continues apace with arrests for marijuana possession.The BPD, the organization most directly involved in ameliorating the damage of dubious searches and reportedly pointless arrests, did not respond to the AFRO’s request for comment.
I’m in college. I’m deeply in love with a junior. She’s in 1st year. I don’t know how to express my feelings to her.Rajeev, HyderabadJust be brave enough to approach her and express. The age old ritual of a romantic love letter might also do the trick. Whatever way you adopt, I suggest, don’t waste time! Just express. Nothing to lose my dear. Woo her, make her feel special, gift her an orchid, take her out to movies, restaurants and just Bol Daalo! Best of luck!! Also Read – ‘Playing Jojo was emotionally exhausting’I have recently discovered that my younger brother is homosexual. My parents are not aware. I’m very nervous.Name withheld, DelhiSee my friend, don’t get nervous! Its fine! I understand, that ‘discovering’ this wasn’t a happy feeling but don’tcreate any situation that will lead your brother to take any drastic step or make him awkward. If he’s really young, there could be a chance that this ‘phase’ will pass. But, if it doesn’t, please be mature enough and make him comfortable as this is his ‘preference’ and this is not a crime! Live and let live. Also Read – Leslie doing new comedy special with NetflixI’m 14 years old. My parents have informed me that they are getting divorced. I have been asked to decide on which parent I choose to stay with. I’m shattered. Help!Neha, NoidaI’m really sorry to hear that but Neha, they must be having their reasons. You have to handle yourself with utmost care. Concentrate on activities that make you feel good – sport, friends, books. Think both from your head and heart and decide. Living with one doesn’t mean that you will be completely detached from the other. You can spend time with both parents. You can also opt for a residential school if you want. Cheer up girl, life is beautiful and I’m sure, you will be happy always. My husband can’t satisfy me sexually. I’ve got involved with his cousin who lives with us. I’m enjoying sex but feel scared. What should I do?Name withheld, HaryanaGood to hear that you are ‘enjoying’. But yes! This case of cousin living in the same house is definitely a reason to worry. I suggest, please be extra careful. Nobody should get to know. Temporary joy shouldn’t lead to permanent problems.Sex is important but not at the cost of your mental peace and long term happiness.Is masturbation bad for health? Please advise.Tinu, BarodaWell, you haven’t mentioned details hence I’m sharing a general view.Masturbation is a part of sexual practices. In fact, most doctors also recommend it, not only to improve sex life but to also promote general health. However, like most things in life, too much of a good thing can be bad. Excessive masturbation can lead to symptoms like stress, fatigue, and memory loss. Have a love or life query you cannot find an answer to? Send your questions to -firstname.lastname@example.org
Young people with good family relationships are more likely to intervene when they witness bullying or other aggressive behaviour at school and to step in if they see victims planning to retaliate, suggests new research. The findings, published in the Journal of Youth and Adolescence, found that kids who were already excluded, or discriminated against by peers or teachers, were less likely to stand up for victims of bullying. “There is a lot of research on bullying, but very little on the extent to which family factors affect whether bystanders will intervene if they see bullying,” said study lead author Kelly Lynn Mulvey, Assistant Professor at North Carolina State University in the US. Also Read – Add new books to your shelfPeer interventions are very effective at stopping bullying and preventing future aggressive behaviours. However, these interventions are fairly rare, according to Mulvey. For the study, the team examined 450 sixth grade students and 446 ninth grade students who completed a survey aimed at collecting data on their relationships with family, peers and teachers. They were also given six scenarios, each of which dealt with a specific aggressive act – physical aggression, cyberbullying, social exclusion, or rejection by a group, intimate partner violence, social aggression, such as teasing or mean-spirited gossip, and exclusion by a former friend. Also Read – Over 2 hours screen time daily will make your kids impulsiveFor each scenario, students were asked to rate the aggressive act on a six-point scale, from “really not OK” (1) to “really OK” (6). Students used the same scale to judge the acceptability of intervening. The results showed that the stronger a student reported ‘good family management,’ or positive family relationships, the more likely a student was to deem aggressive behaviour and retaliation unacceptable, and the more likely they were to intervene in either case. “The study tells us that both home and school factors are important for recognising bullying behaviour as inappropriate and taking steps to intervene. It highlights the value of positive school environments and good teachers, and the importance of family support, when it comes to bullying.”
On 3rd December, Stripe announced the open-sourcing of Skycfg which is a configuration builder for Kubernetes. Skycfg was developed by Stripe as an extension library for the Starlark language. It adds support for constructing Protocol Buffer messages. The team states that as the implementation of Skycfg stabilizes, the public API surface will be expanded so that Skycfg can be combined with other Starlark extensions. Benefits of Skycfg Skycfg ensures Type safety. It uses ‘Protobuf’ which has a statically-typed data model, and the type of every field is known to Skycfg when it’s building a configuration. Users are free from the risk of accidentally assigning a string to a number, a struct to a different struct, or forgetting to quote a YAML value. Users can reduce duplicated typing and share logic by defining helper functions. Starlark supports importing modules from other files. This can be used to share common code between configurations. These modules can protect service owners from complex Kubernetes logic. Skycfg supports limited dynamic behavior through the use of context variables, which let the Go caller pass arbitrary key:value pairs in the ctx parameter. Skycfg simplifies the configuration of Kubernetes services, Envoy routes, Terraform resources, and other complex configuration data. Here is what users are saying about Skycfg over at HackerNews: Head over to GitHub for all the code and supporting files. Read Next Google Kubernetes Engine was down last Friday, users left clueless of outage status and RCAIntroducing Alpha Support for Volume Snapshotting in Kubernetes 1.12‘AWS Service Operator’ for Kubernetes now available allowing the creation of AWS resources using kubectl