msm1267 (2804139) writes with this excerpt from Threatpost Up until a few weeks ago, the number of people outside of North Korea who gave much thought to the Internet infrastructure in that country was vanishingly small. But the speculation about the Sony hack has fixed that, and now a security researcher has taken a hard look at the national browser used in North Korea and found more than a little weirdness. The Naenara browser is part of the Red Star operating system used in North Korea and it's a derivative of an outdated version of Mozilla Firefox. The country is known to tightly control the communications and activities of its citizens and that extends online, as well. Robert Hansen, vice president of WhiteHat Labs at WhiteHat Security, and an accomplished security researcher, recently got a copy of Naenara and began looking at its behavior, and he immediately realized that every time the browser loads, its first move is to make a request to a non-routable IP address, http://10.76.1.11./ That address is not reachable from networks outside the DPRK.

"Here's where things start to go off the rails: what this means is that all of the DPRK's national network is non-routable IP space. You heard me; they're treating their entire country like some small to medium business might treat their corporate office," Hansen wrote in a blog post detailing his findings. "The entire country of North Korea is sitting on one class A network (16,777,216 addresses). I was always under the impression they were just pretending that they owned large blocks of public IP space from a networking perspective, blocking everything and selectively turning on outbound traffic via access control lists."

On WTU this week from CES in Las Vegas Sony debuts 4K for $1K, Intel squeezes a computer into a button and Toyota's fuel cell car is ready to hit the road. Follow host Nick Barber on Twitter @nickjb

An anonymous reader writes "The FBI launched a PR counterattack against skeptics of the assertion by the US government that North Korean hackers were responsible for anonymous threats received by Sony before its scheduled premiere of the film The Interview. Sony initially cancelled the Christmas day release, but later relented after receiving extensive criticism. In a speech at a New York City cybersecurity conference hosted by Fordham University, FBI Director James Comey said that while the attackers concealed their identify by using proxy servers, on occasion they "got sloppy" and made direct connections, exposing their true IP addresses; these indicated a North Korea origin. Comey also mentioned additional corroborative evidence, including patterns matching those seen in previous attacks known to have come from North Korea, but was guarded on details. Also at the Fordham conference, US Director of National Intelligence James Clapper mentioned recently meeting the Kim Yong Chol, the North Korean general in charge of cyberwarfare. Clapper emphasized Kim's belligerence and lack of a sense of humor, implying that an advance screening of "The Interview" would likely have enraged and provoked the North Korean brass."

Sony's new AX43 camcorder shoots in 4K video with impressive image stabilization for $1,000.

The prototype glasses overlay navigation information at a CES demonstration.

Airdog uses a GoPro or Sony action cam and follows its users in action sports.

Sony's new Walkman the ZX2 is designed to play high quality audio, but at $1,120 it's not for the casual listener.

An anonymous reader writes: The Walkman is one of the most recognizable pieces of technology from the 1980s. Unfortunately for Sony, it didn't survive the switch to digital, and they discontinued it in 2010. Last year, they quietly reintroduced the Walkman brand as a "high-resolution audio player," supporting lossless codecs and better audio-related hardware. At $300, it seemed a bit pricey. But now, at the Consumer Electronics Show, Sony has loudly introduced its high-end digital Walkman, and somehow decided to price it at an astronomical $1,200.

What will all that money get you? 128GB of onboard storage and a microSD slot to go with it. There's a large touchscreen, and the device runs Android — but it uses version 4.2 Jelly Bean, which came out in 2012. It also supports Bluetooth and NFC. Sony claims the device has 33 hours of battery life when playing FLAC files, and 60 hours when playing MP3s. They appear to be targeting audiophiles — their press release includes phrasing about how pedestrian MP3 encoding will "compromise the purity of the original signal."

An anonymous reader notes that Sony is offering deals to make up for the downtime over Christmas. "PlayStation Network gamers didn't have such a happy holiday thanks to the reported handiwork of some hackers, so Sony is hoping to appease users of its online gaming service with promises of deals and discounts. For Playstation Plus subscribers, Sony is offering a 5-day membership extension, and for all members, a 10 percent discount at the PlayStation store, according to a blog post published Thursday. The PlayStation Network is Sony's online service for its PlayStation game console. Both PSN and Microsoft's online gaming service, Xbox Live, were intermittently offline beginning on Christmas Eve and Christmas Day. Xbox Live came back online first, with PSN following Saturday night."

An anonymous reader writes The Oculus Kickstarter breathed new life into consumer virtual reality when it raised more than $2.4 million just three years ago. Now, at the onset of 2015, some of the world's biggest tech companies have a vested interest in the growing consumer virtual reality industry. Road to VR takes a look back at VR in 2014 and the path that lead these tech giants to start taking it seriously.

wiredmikey writes: The United States imposed financial sanctions Friday on North Korea and several senior government officials in retaliation for a cyber attack on Sony Pictures. President Obama said he ordered the sanctions because of "the provocative, destabilizing, and repressive actions and policies (PDF) of the Government of North Korea, including its destructive, coercive cyber-related actions during November and December 2014." The activities "constitute a continuing threat to the national security, foreign policy, and economy of the United States," he added, in a letter to inform congressional leaders of his executive order. The new measures allow the Treasury Department "to apply sanctions against officials of the Government of North Korea and the Workers' Party of Korea, and persons determined to be owned or controlled by, or acting for or on behalf of" these bodies.

An anonymous reader writes Coming on the heels of the UK arrest of Vinnie Omari, Yle reports that Finnish police have interviewed "Ryan", the Finland-based hacker reportedly responsible for hacking the PlayStation and Xbox networks on Christmas day, but have not arrested him — contrary to reports in the international media (such as Washington Post). Lizard Squad had tweeted that the Finland-based hacker had been detained. Chief Inspector Tero Muurman of Keskusrikospoliisi (Finnish National Bureau of Investigation) confirmed Yle that reports of "Ryan" having been detained were wide of the mark. He had been interviewed at the start of the week, but then released. Finnish police are continuing their probe and co-operating closely with the FBI.

An anonymous reader writes Neowin.net is reporting the arrest of one Vincent Omari, a UK citizen [see also this Daily Mail story from a few days ago mentioning Omari], in the Christmas Day DDoS attacks on Sony's PSN and Microsoft's XBL systems: "In documents sent to Neowin, Vinnie Omari has been accused of 'hacking of the Playstation Network and Xbox Live systems over the Christmas Period'... While this is the first arrest related to the recent service disruptions, it may not be the last... In further conversations with those who are familiar with the investigation and the arrest, Omari believes that the police will not find anything of substance on his computers. His alleged crime is that he helped coordinate the DDOS attack on the service."

Dangerous_Minds writes Last week, Sony threatened legal action against users spreading information obtained through the e-mails that were leaked as a result of the Sony hack. Sony has begun carrying through with those threats. Twitter, after resisting demands that a user account be suspended for publishing leaked e-mails, has received a DMCA notice saying that the e-mails are, weirdly enough, copyrighted.

Siddharth Srinivas writes Park Sang Hak, a North Korean democracy activist, said he will start dropping 100,000 DVDs and USBs with Sony's The Interview by balloon in North Korea as early as late January. He's partnering with the U.S.-based non-profit Human Rights Foundation, which is financing the making of the DVDs and USB memory sticks of the movie with Korean subtitles.

blottsie writes The devastating Christmas Day attacks against the gaming networks of Sony and Microsoft were a marketing scheme for a commercial cyberattack service, according to the hackers claiming responsibility for the attacks. Known as Lizard Squad, the hacker collective says it shut down the PlayStation Network (PSN) and Xbox Live network on Dec. 25 using a distributed denial-of-service (DDoS) attack, a common technique that overloads servers with data requests. The powerful attacks rendered the networks unusable for days, infuriating gamers around the world and causing yet-untold losses of revenue. Now, members of Lizard Squad say the group is selling the DDoS service they used against Sony and Microsoft to anyone willing to pay.

blottsie writes The FBI is actively investigating a member of the hacker collective that claimed responsibility for recent high-profile cyberattacks on Microsoft and Sony properties, according to multiple sources with knowledge of the investigation and the attacks. A member of the Lizard Squad hacking group, who goes by the alias "ryanc" or Ryan, allegedly garnered the attention of a special agent with the Federal Bureau of Investigation after speaking with the media about Lizard Squad's Christmas-day attacks on Xbox Live and the PlayStation Network.

chicksdaddy writes Alternative theories of who is responsible for the hack of Sony Pictures Entertainment have come fast and furious in recent weeks -- especially since the FBI pointed a finger at the government of North Korea last week. But Norse Security is taking the debate up a notch: saying that they have conclusive evidence pointing to group of disgruntled former employees as the source of the attack and data theft. The Security Ledger quotes Norse Vice President Kurt Stammberger saying that Norse has identified a group of six individuals — in the U.S., Canada, Singapore and Thailand — that it believes carried out the attack, including at least one 10-year employee of SPE who worked in a technical capacity before being laid off in May. Rather than starting from the premise that the Sony hack was a state sponsored attack, Norse researchers worked their investigation like any other criminal matter: starting by looking for individuals with the "means and motive" to do the attack.

HR files leaked in the hack provided the motive part: a massive restructuring in Spring, 2014, in which many longtime SPE employees were laid off. After researching the online footprint of a list of all the individuals who were fired and had the means to be able to access sensitive data on Sony's network, Norse said it identified a handful who expressed anger in social media posts following their firing. They included one former employee — a 10-year SPE veteran who he described as having a "very technical background." Researchers from the company followed that individual online, noting participation in IRC (Internet Relay Chat) forums where they observed communications with other individuals affiliated with underground hacking and hacktivist groups in Europe and Asia. According to Stammberger, the Norse investigation was eventually able to connect an individual directly involved in conversations with the Sony employee with a server on which the earliest known version of the malware used in the attack was compiled, in July, 2014.

An anonymous reader writes with this excerpt from Tech Dirt: For years, we've pointed out that the giant 'settlements' that the MPAA likes to announce with companies it declares illegal are little more than Hollywood-style fabrications. Cases are closed with big press releases throwing around huge settlement numbers, knowing full well that the sites in question don't have anywhere near that kind of money available. At the end of 2013, it got two of these, with IsoHunt agreeing to 'pay' $110 million and Hotfile agreeing to 'pay' $80 million. In both cases, we noted that there was no chance that those sums would ever get paid. And now, thanks to the Sony hack, we at least know the details of the Hotfile settlement. TorrentFreak has been combing through the emails and found that the Hotfile settlement was really just for $4 million, and the $80 million was just a bogus number agreed to for the sake of a press release that the MPAA could use to intimidate others.

jfruh (300774) writes Sony's PlayStation Network, brought down in a Christmas Day hacking attack, now seems to be back online. Of course, Sony also said the same thing on Saturday, but outages and problems lingered. From the article: At around 1 a.m. U.S. Eastern Time on Sunday, Sony declared its online gaming platform fixed and, as it had done the day before, blamed the problems on a distributed denial of service (DDoS) attack. ... The company jumped the gun early Saturday when it trumpeted that the PlayStation Network was gradually getting back to normal, announcing the good news at around 4 a.m. via its Ask PlayStation Twitter account and triumphantly changing the PlayStation Network status to “online” in the support website a few hours later.