End of Biggest Torrent Search Engine - Torrentz.eu shutdowns Forever !

Over two weeks after the shutdown of Kickass Torrents and arrest of its admin in Poland, the world's biggest BitTorrent meta-search engine Torrentz.eu has apparently shut down its operation.

The surprise shutdown of Torrentz marks the end of an era.

Torrentz.eu was a free, fast and powerful meta-search engine that hosted no torrents of its own, but combined results from dozens of other torrent search engine sites including The Pirate Bay, Kickass Torrents and ExtraTorrent.

The meta-search engine has announced "farewell" to its millions of torrent users without much fanfare, suddenly ceasing its operation and disabling its search functionality.

At the time of writing, the Torrentz.eu Web page is displaying a message that reads in the past tense:

"Torrentz was a free, fast and powerful meta-search engine combining results from dozens of search engines."

When try to run any search or click any link on the site, the search engine refuses to show any search result, instead displays a message that reads:

"Torrentz will always love you. Farewell."

Launched back in 2003, Torrentz has entertained the torrent community for more than 13 years with millions of visitors per day.

However, today, the popular meta-search engine has shut down its operation from all Torrentz domains, including the main .EU domain (both HTTP and  HTTPS version) as well as other backups such as .ME, .CH, and .IN.

Although many copyright holders were not happy with the site with both RIAA and MPAA have reported the site to the U.S. Government in recent years, says TorrentFreak, there is no news of any arrest or legal takedown of the site in this case.

Still, it would be fair enough to wait for an official announcement from the site owners.

Yahoo Hacked ! Hackers Selling 200 Million Record on Dark Web

Hardly a day goes without headlines about any significant data breach. In the past few months, over 1 Billion account credentials from popular social network sites, including LinkedIn, Tumblr, MySpace and VK.com were exposed on the Internet.

Now, the same hacker who was responsible for selling data dumps for LinkedIn, MySpace, Tumblr and VK.com is now selling what is said to be the login information of 200 Million Yahoo! users on the Dark Web.

200 Million Yahoo! Logins for 3 BTC

The hacker, who goes by the pseudonym "Peace" or "peace_of_mind," has uploaded 200 Million Yahoo! credentials up for sale on an underground marketplace called The Real Deal for 3 Bitcoins (US$1,824).

Yahoo! admitted the company was "aware" of the potential leak, but did not confirm the authenticity of the data.

The leaked database includes usernames, MD5-hashed passwords and date of births from 200 Million Yahoo! Users. In some cases, there is also the backup email addresses used for the account, country of origin, as well as the ZIP codes for United States users.

Easily Crackable Passwords

Since the passwords are MD5-encrypted, hackers could easily decrypt them using an MD5 decrypter available online, making Yahoo! users open to hackers.

In a brief description, Peace says the Yahoo! database "most likely" comes from 2012, the same year when Marissa Mayer became Yahoo's CEO.

Just last week, Verizon acquired Yahoo! for $4.8 Billion. So, the hacker decided to monetize the stolen user accounts before the data lose its value.

When reached out, the company said in a statement:

"We are committed to protecting the security of our users' information and we take such claim very seriously. Our security team is working to determine the facts...we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms."

Use Password Managers to Secure Your Online Accounts

Although the company has not confirmed the breach, users are still advised to change their passwords (and keep a longer and stronger one using a good password manager) and enable two-factor authentication for online accounts immediately, especially if you are using the same password for multiple websites.

You can also adopt a good password manager that allows you to create complex passwords for different sites as well as remember them for you.

We have listed some best password managers here that could help you understand the importance of password manager and help you choose a suitable one, according to your requirement.

Google introduces new Alert Feature on Android - Login Activity Notification

Google has rolled out a new feature for Android users to keep its users account more secure: Native Android Push Notification when a new device accesses your Google account.

Google has already been offering email notification for newly added devices, but since people usually ignore emails, the tech giant will now send a push notification to your device screen, giving you a chance to change your password immediately before an intruder gets in.

Although it's a little change, the company believes people pay four times more attention on push notifications on their devices compared to email notification.

The new feature "increases transparency to the user of what actions they've performed and allows them to flag any suspicious activity they may be seeing on the device," the company says in its official blog post.

So, from now on, when a new device is added to your Google account, or, in other words, when a new device accesses your account, you will receive a push notification on your current Android device, asking:

"Did you just sign in?"

If yes, you can just ignore the notification. But if the activity appears suspicious, you just have to tap the "Review account activity" button to know about the details of the new device.

You can immediately change your password and add two-factor authorization (2FA) if you are worried someone else has accessed your account.

The new feature is rolling out to users gradually, and it may take over two weeks to reach all the users across the world.

Recently, Google is taking several measures to secure its users' account privacy. Google also introduced "Google Prompt" that makes 2-Step Verification (2FV) process much easier for you, allowing you to log in with just a single tap instead of typing codes.

Beware ! Advertisers are Tracking you via Mobile Battery Status

Is my smartphone battery leaking details about me?

Unfortunately, YES!

Forget about supercookies, apps, and malware; your smartphone battery status is enough to monitor your online activity, according to a new report.

In 2015, researchers from Stanford University demonstrated a way to track users' locations – with up to 90 percent accuracy – by measuring the battery usage of the phone over a certain time.

The latest threat is much worse.

Two security researchers, Steve Engelhard and Arvind Narayanan, from Princeton University, have published a paper describing how phone's battery status has already been used to track users across different websites.

The issue is due to the Battery Status API (application programming interface).

How Does Battery Status API Help Advertisers Track You?

The battery status API was first introduced in HTML5 and had already shipped in browsers including Firefox, Chrome, and Opera by August last year.

The API is intended to allow site owners to see the percentage of battery life left on a laptop, tablet, or smartphone in an effort to deliver an energy-efficient version of their sites.

However, researchers warned last year about the API’s potential threat that could turn your battery level into a "fingerprintable" tracking identifier.

The researchers found that a combination of battery life loss in seconds and battery life as a percentage offers 14 Million different combinations, potentially providing a pseudo-unique identifier for each device that can be used to pinpoint specific devices between sites they visit.

Now, the last year's research has grown into a proper threat.

Advertisers Are Tracking You via your Battery Status

One of those researchers named Lukasz Olejnik has published a blog post this week, saying that companies are currently leveraging the potential of this battery status information.

"Some companies may be analyzing the possibility of monetising the access to battery levels," he writes. "When a battery is running low, people might be prone to some - otherwise different - decisions. In such circumstances, users will agree to pay more for a service."

Olejnik underlined the latest research by Engelhard and Narayanan, who discovered two tracking scripts of shady code running on the Internet at large scale, which take advantage of battery status API and currently tracking users.

The duo explains that they observed the behavior of two actual scripts and suggested the companies and other entities are perhaps leveraging this technique for their own purposes.

"These features are combined with other identifying features used to fingerprint a device," the researchers write in their paper titled, "Online Tracking: A 1-million-site measurement and analysis."

For in-depth information, you can head on to the research paper [PDF].

Here's come the worst part of this attack:

There's hardly any way to mitigate against this attack. Nothing works: Deleting browser cookies or using VPNs and AdBlockers will not solve your problem.

The only option is to plug your smartphone into the mains.

"Some companies may be analyzing the possibility of monetising the access to battery levels," Olejnik writes.

Over two months ago, Uber's head of economic research Keith Chen said the company had been monitoring the battery life of its users, as it knows users are more likely to pay a much higher price to hire a cab when their phone's battery is close to dying.

FRANCE Warns Microsoft to stop collecting Windows 10 users Personal data

We have heard a lot about privacy concerns surrounding Windows 10 and accusations on Microsoft ofcollecting too much data about users without their consent.

Now, the French data protection authority has ordered Microsoft to stop it.

France's National Data Protection Commission (CNIL) issued a formal notice on Wednesday, asking Microsoft to "stop collecting excessive data" as well as "tracking browsing by users without their consent."

The CNIL, Commission Nationale de l’Informatique et des Libertés, ordered Microsoft to comply with the French Data Protection Act within 3 months, and if fails, the commission will issue a sanction against the company.

Moreover, the CNIL notified Microsoft that the company must also take "satisfactory measures to ensure the security and confidentiality" of its users' personal data.

The notice comes after a series of investigations between April and June 2016 by French authorities, revealing that Microsoft was still transferring data to the United States under the "Safe Harbor" agreement that a European Court court invalidated in October last year.

Allegations on Windows 10

The CNIL's list of complaints about Windows 10 does not end there, as it goes on to read:

• Microsoft is collecting data on "Windows app and Windows Store usage data," along with monitoring apps its user's download and time spent on each app, which according to the CNIL, is irrelevant and "excessive" data collection.
• Microsoft is also criticized for its lack of security, since there is no limit set on the number of guesses for entering the four-digit PIN used to protect your Microsoft account.
• After Windows 10 installation, Microsoft also activates a user's advertising ID by default, which enables Windows apps as well as other third-party apps to monitor user browsing history and to offer targeted ads "without obtaining users' consent."
• Windows 10 does not give you any option to block cookies.
• And as I mentioned above, Microsoft is transferring its users' personal data to the United States under the "Safe Harbor" agreement.

 In a statement, the CNIL said: "It has been decided to make the formal notice public due to, among other reasons, the seriousness of the breaches and the number of individuals concerned (more than ten million Windows users on French territory)."

Microsoft Response on the CNIL Notice

Microsoft has responded to the notice, saying the company is happy to work with the CNIL to"understand the agency's concerns fully and to work toward solutions that it will find acceptable." 

What's more interesting is that Microsoft does not deny the allegations set against it and does nothing to defend Windows 10 excessive data collection, as well as fails to address the privacy concerns the CNIL raises.

However, the tech giant does address concerns about the transfer of its users' personal data to the U.S. under the "Safe Harbor" agreement, saying that "the Safe Harbor framework is no longer valid for transferring data from European Union to the United States."

The company says it still complies with the Safe Harbor agreement up until the adoption of Privacy Shield.

"Microsoft has in fact continued to live up to all of its commitments under the Safe Harbor Framework, even as the European and US representatives worked toward the new Privacy Shield," says Microsoft. "We're working now toward meeting the requirements of the Privacy Shield."

Windows 10 Privacy concerns seem to be a never ending topic. Over the last year, Microsoft has annoyed users with a number of weird practices around Windows 10, including aggressive upgrades and transferring too much information about users back to Redmond.

Since there is the promise of a statement about privacy next week, let's see what happens next. You can read Microsoft's full statement, courtesy of David Heiner, vice president and deputy general counsel, on VentureBeat.