Web App Security

  • Most Topular Stories

  • Dharma

    Mozilla Security Blog
    Christoph Diehl
    29 Jun 2015 | 10:54 am
    As soon as a developer at Mozilla starts integrating a new WebAPI feature, the Mozilla Security team begins working to help secure that API. Subtle programming mistakes in new code can introduce annoying crashes and even serious security vulnerabilities that can be triggered by malformed input which can lead to headaches for the user and security exposure. WebAPIs start life as a specification in the form of an Interface Description Language, or IDL. Since this is essentially a grammar, a grammar-based fuzzer becomes a valuable tool in finding security issues in new WebAPIs because it ensures…
  • Stepto Rising

    Liquidmatrix Security Digest
    Bill Brenner
    15 Jun 2015 | 5:05 am
    Like many of you, I was shocked last week to hear that Stephen “Jamie” Toulouse (@Stepto) had fallen into a deep coma. Family members took to social media to say that his prognosis wasn’t looking good; that he wasn’t expected to survive. But thanks to excellent medical care, prayer and what is surely a strong will to live, Stepto — director of hacker success at HackerOne — seems to have made it through the storm. Saturday, his family posted an update saying he was awake and breathing without help from a tube. “Although he is very weak, he has been…
  • Potentially Painful Programs Promising Pirated Products

    Zscaler Research
    Chris Mannon
    26 Jun 2015 | 3:46 pm
    A major source of PC compromise doesn't come from targeted APT campaigns or Exploit Kits, but user's clicking things that they simply shouldn't. A common practice for adware and spyware writers is hosting large numbers of seemingly legitimate files that users might trust from an unknown source. Users know trusted download locations for common packages like Flash Player or Skype, but when
  • New IE mutation vector

    The Spanner
    Gareth Heyes
    17 Jun 2015 | 1:27 pm
    I was messing around with a filter that didn’t correctly filter attribute names and allowed a blank one which enabled me to bypass it. I thought maybe IE had similar issues when rewriting innerHTML. Yes it does of course The filter bypass worked like this: <img ="><script>alert(1)</script>"> The filter incorrectly assumed it was still inside an attribute and therefore allowed raw html to be injected and the various browsers treat it as an invalid attribute and execute the script. I then decided to fuzz the attribute name to see what characters are allowed.
  • How fast are web workers?

    Mozilla Hacks - the Web developer blog
    Guillaume Cedric Marty
    2 Jul 2015 | 4:08 pm
    The next version of Firefox OS, the mobile operating system, will unleash the power of devices by taking full advantage of their multi-core processors. Classically, JavaScript has been executed on a single thread, but web workers offer a way to execute code in parallel. Doing so frees the browser of anything that may get in the way of the main thread so that it can smoothly animate the UI. A brief introduction to web workers There are several types of web workers: Web workers Shared workers Service workers They each have specific properties, but share a similar design. The code running in a…
  • add this feed to my.Alltop

    Mozilla Security Blog

  • Dharma

    Christoph Diehl
    29 Jun 2015 | 10:54 am
    As soon as a developer at Mozilla starts integrating a new WebAPI feature, the Mozilla Security team begins working to help secure that API. Subtle programming mistakes in new code can introduce annoying crashes and even serious security vulnerabilities that can be triggered by malformed input which can lead to headaches for the user and security exposure. WebAPIs start life as a specification in the form of an Interface Description Language, or IDL. Since this is essentially a grammar, a grammar-based fuzzer becomes a valuable tool in finding security issues in new WebAPIs because it ensures…
  • Changes to the Firefox Bug Bounty Program

    rforbes
    9 Jun 2015 | 11:53 am
    The Bug Bounty Program is an important part of security here at Mozilla.  This program has paid out close to 1.6 million dollars to date and we are very happy with the success of it.  We have a great community of researchers who have really contributed to the security of Firefox and our other products. Those of us on the Bug Bounty Committee did an evaluation of the Firefox bug bounty program as it stands and decided it was time for a change. First, we looked at how much we award for a vulnerability.  The amount awarded was increased to $3000 five years ago and it is definitely time for…
  • MozDef: The Mozilla Defense Platform v1.9

    Jeff Bryner
    20 May 2015 | 3:26 pm
    At Mozilla we’ve been using The Mozilla Defense Platform (lovingly referred to as MozDef) for almost two years now and we are happy to release v1.9. If you are unfamiliar, MozDef is a Security Information and Event Management (SIEM) overlay for ElasticSearch. MozDef aims to bring real-time incident response and investigation to the defensive tool kits of security operations groups in the same way that Metasploit, LAIR and Armitage have revolutionized the capabilities of attackers. We use MozDef to ingest security events, alert us to security issues, investigate suspicious activities,…
  • May 2015 CA Communication

    kwilson
    12 May 2015 | 12:13 pm
    Mozilla has sent a Communication to the Certification Authorities (CAs) who have root certificates included in Mozilla’s program. Mozilla’s CA Certificate Program governs inclusion of root certificates in Network Security Services (NSS), a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of applications. The CA Communication has been emailed to the Primary Point of…
  • Deprecating Non-Secure HTTP

    rbarnes
    30 Apr 2015 | 3:24 pm
    Today we are announcing our intent to phase out non-secure HTTP. There’s pretty broad agreement that HTTPS is the way forward for the web.  In recent months, there have been statements from IETF, IAB (even the other IAB), W3C, and the US Government calling for universal use of encryption by Internet applications, which in the case of the web means HTTPS. After a robust discussion on our community mailing list, Mozilla is committing to focus new development efforts on the secure web, and start removing capabilities from the non-secure web.  There are two broad elements of this plan:…
 
  • add this feed to my.Alltop

    Liquidmatrix Security Digest

  • Stepto Rising

    Bill Brenner
    15 Jun 2015 | 5:05 am
    Like many of you, I was shocked last week to hear that Stephen “Jamie” Toulouse (@Stepto) had fallen into a deep coma. Family members took to social media to say that his prognosis wasn’t looking good; that he wasn’t expected to survive. But thanks to excellent medical care, prayer and what is surely a strong will to live, Stepto — director of hacker success at HackerOne — seems to have made it through the storm. Saturday, his family posted an update saying he was awake and breathing without help from a tube. “Although he is very weak, he has been…
  • The Way Forward for Chris Roberts, One World Labs

    Bill Brenner
    18 May 2015 | 4:42 am
    The plight of One World Labs Founder Chris Roberts has been picked to death on social media this past week. There’s all the trouble he’s in with the FBI for his airplane-hacking claims. There’s the hit to his company, which had to let a lot of good security talent go last week. Some shake their heads in disbelief because he apparently spoke to the FBI about his activities without a lawyer present. Others saw this saga as an example of hackers shooting off their mouths without the scruples to back it up. Me? I’m looking at this and seeing a way forward for Chris…
  • “Equal Respect” at ‪#‎RSAC

    Bill Brenner
    21 Apr 2015 | 9:06 am
    Some folks in the security industry see me as a member of the “Equal Respect” movement against so-called booth babes at conferences. Not exactly. I certainly respect the opinion of people attached to the cause, and good for them, fighting for what they believe in. But for me, this has never been about equal respect among the genders. It’s never been about whether women who work as booth babes are being exploited sexually. For me, it’s been about holding vendors’ feet to the fire and making them work harder to build an exhibit off the strength of the products. To…
  • In the end, @Sidragon1’s Tweet was the problem

    Bill Brenner
    21 Apr 2015 | 6:24 am
    At RSA Conference 2015 here in San Francisco, there’s a lot of discussion about weaknesses to the electrical and wifi systems aboard airplanes. The discussion often turns to the case of hacker Chris Roberts (@Sidragon1 on Twitter). There’s been a lot of strong reaction to news of Roberts being pulled from a plane for jokingly tweeting that he might mess around with the plane’s electronic systems. There’s a lot of overreaction to this story. The TSA and feds certainly overreacted. But those who hold Roberts up as a victim of government oppression are overreacting, too.
  • Videos from #BSidesSF

    Bill Brenner
    21 Apr 2015 | 5:49 am
    If you missed BSidesSF, you now have a chance to see everything that happened there, thanks to the efforts of @irongeek_adc. He has already posted a full plate of videos from BSidesSF. Go to his website for the full index of videos, which capture the presentations given over the last two days. Our thanks to @irongeek_adc for all the great work. The post Videos from #BSidesSF appeared first on Liquidmatrix Security Digest.
  • add this feed to my.Alltop

    Zscaler Research

  • Potentially Painful Programs Promising Pirated Products

    Chris Mannon
    26 Jun 2015 | 3:46 pm
    A major source of PC compromise doesn't come from targeted APT campaigns or Exploit Kits, but user's clicking things that they simply shouldn't. A common practice for adware and spyware writers is hosting large numbers of seemingly legitimate files that users might trust from an unknown source. Users know trusted download locations for common packages like Flash Player or Skype, but when
  • Gamarue dropping Lethic bot

    Amandeep Kumar
    11 Jun 2015 | 12:02 pm
    The Gamarue (aka Andromeda) botnet is a highly modular botnet family that allows attackers to take complete control of an infected system and perform a range of malicious activity by downloading additional payloads. In this blog, we will cover a recent Gamarue infection that we looked at, which downloads and installs the Lethic bot on an infected system. The Lethic botnet has been known to
  • Signed CryptoWall 3.0 variant delivered via MediaFire

    Deepen Desai
    4 Jun 2015 | 12:48 pm
    Introduction Ransomware has evolved immensely over the past few years, with CryptoLocker being the ground breaking strain reaping huge profits for cybercriminals. According to a report in December 2013, the CryptoLocker malware authors collected 27 million USD worth of bitcoins from their victims over a period of 3 months. Looking at the success enjoyed by the CryptoLocker strain, it's not
  • More Porn clicker malware masquerading as Dubsmash on Google Play store

    viral
    1 Jun 2015 | 1:27 pm
    Introduction Dubsmash is a mobile app to create short "selfie" videos dubbed with famous sounds. It is extremely popular and is currently ranked #10 under Top free Android apps. The users of this app include many well known celebrities who eventually post the dubbed videos on popular social networking platforms like Facebook and Twitter. The popularity of this app has caught the attention of
  • Android Ransomware - Porn Droid

    viral
    28 May 2015 | 11:19 am
    Recently, we came across a new variant of Porn Droid - an Android ransomware variant claiming to be from the FBI, which accuses people of watching child porn and then demands a fine of USD 500. File information: Dropped URL : hxxp://sbqujqosyw[.]offer-mobi.com/mmesuofyqq1/pornvideo[.]apk MD5 : 857b887982f11493b4a1db953161e627 Virustotal Detection : 5/56 It initially appears to the user
 
  • add this feed to my.Alltop

    The Spanner

  • New IE mutation vector

    Gareth Heyes
    17 Jun 2015 | 1:27 pm
    I was messing around with a filter that didn’t correctly filter attribute names and allowed a blank one which enabled me to bypass it. I thought maybe IE had similar issues when rewriting innerHTML. Yes it does of course The filter bypass worked like this: <img ="><script>alert(1)</script>"> The filter incorrectly assumed it was still inside an attribute and therefore allowed raw html to be injected and the various browsers treat it as an invalid attribute and execute the script. I then decided to fuzz the attribute name to see what characters are allowed.
  • How I smashed MentalJS

    Gareth Heyes
    3 May 2015 | 9:08 am
    I’m proud to introduce a guest blogger on The Spanner. Jann Horn is a IT Security student in fourth semester and works for Cure53. He has found security issues in a bunch of open source projects, including OpenSSH(CVE-2014-2532), Chromium(CVE-2014-1726,CVE-2015-1247), Android(CVE-2014-7911) and Angular. He’s also a member of the university CTF team FluxFingers. Jann has been testing my MentalJS project and found some really cool flaws… MentalJS vuln writeup This is a writeup about three somewhat similar ways to escape the MentalJS sandbox (and two bugs that didn’t lead…
  • MentalJS DOM bypass

    Gareth Heyes
    6 Mar 2015 | 1:16 pm
    Ruben Ventura (@tr3w_) found a pretty cool bypass of MentalJS. He used insertBefore with a null second argument which allows you to insert a node into the dom and bypass my sandboxing restrictions. The vector is below:- _=document x =_.createElement('script'); s =_.createElement('style') s.innerHTML = '*/alert(location)//' t=_.createElement('b') t.textContent = '/*' x.insertBefore(t.firstChild, null); x.insertBefore(s, null) _.body.appendChild(x) x =_.createElement('script'); s =_.createElement('style') s.innerHTML = _.getElementsByTagName('script')[2].textContent x.insertBefore(s.firstChild,…
  • Another XSS auditor bypass

    Gareth Heyes
    19 Feb 2015 | 11:50 am
    This bug is similar to the last one I posted but executes in a different context. It requires an existing script after the injection because we use it to close the injected script. It’s a shame chrome doesn’t support self closing scripts in HTML or within a SVG element because I’m pretty sure I could bypass it without using an existing script. Anyway the injection uses a data url with a script. In order to bypass the filter we need to concat the string with the quote from the attribute or use html entities such as &sol;&sol;. The HTML parser doesn’t care how…
  • XSS Auditor bypass

    Gareth Heyes
    10 Feb 2015 | 11:56 am
    XSS Auditor is getting pretty good at least in the tests I was doing however after a bit of testing I found a cool bypass. Without studying the code it seems that it checks for valid JavaScript within the vector, I thought I could use this to my advantage. I came up with the idea of using an existing script block to smuggle my vector and reusing the closing script on the page. The page contains a script block like this: <script>x = "MY INJECTION"</script> As every XSS hacker knows you can use a “</script>” block to escape out of the script block and inject a HTML…
  • add this feed to my.Alltop

    Mozilla Hacks - the Web developer blog

  • How fast are web workers?

    Guillaume Cedric Marty
    2 Jul 2015 | 4:08 pm
    The next version of Firefox OS, the mobile operating system, will unleash the power of devices by taking full advantage of their multi-core processors. Classically, JavaScript has been executed on a single thread, but web workers offer a way to execute code in parallel. Doing so frees the browser of anything that may get in the way of the main thread so that it can smoothly animate the UI. A brief introduction to web workers There are several types of web workers: Web workers Shared workers Service workers They each have specific properties, but share a similar design. The code running in a…
  • Streaming media on demand with Media Source Extensions

    Nick Desaulniers
    1 Jul 2015 | 3:38 pm
    Introducing MSE Media Source Extensions (MSE) is a new addition to the Web APIs available in all major browsers.  This API allows for things like adaptive bitrate streaming of video directly in our browser, free of plugins. Where previously we may have used proprietary solutions like RTSP (Real Time Streaming Protocol) and Flash, we can now use simpler protocols like HTTP to fetch content, and MSE to smoothly stitch together video segments of varied quality. All browsers that support HTMLMediaElements, such as audio and video tags, already make byte-range requests for subsequent segments of…
  • Trainspotting: Firefox 39

    Potch
    30 Jun 2015 | 9:24 am
    Note: Firefox 39 has been delayed due to a last-minute stability issue. It will be released later this week. We’ll update this post when the release occurs. Stay tuned! Trainspotting is a series of articles highlighting features in the lastest version of Firefox. A new version of Firefox is shipped every six weeks – we at Mozilla call this pattern “release trains.” A new version of Firefox is here, and with it come some great improvements and additions to the Web platform and developer tools. This post will call out a few highlights. For a full list of changes and…
  • Performance Testing Firefox OS With Raptor

    Eli Perelman
    26 Jun 2015 | 12:42 pm
    When we talk about performance for the Web, a number of familiar questions may come to mind: Why does this page take so long to load? How can I optimize my JavaScript to be faster? If I make some changes to this code, will that make this app slower? I’ve been working on making these types of questions easier to answer for Gaia, the UI layer for Firefox OS, a completely web-centric mobile device OS. Writing performant web pages for the desktop has its own idiosyncrasies, and writing native applications using web technologies takes the challenge up an order of magnitude. I want to introduce…
  • ES6 In Depth: Collections

    Jason Orendorff
    19 Jun 2015 | 9:46 am
    ES6 In Depth is a series on new features being added to the JavaScript programming language in the 6th Edition of the ECMAScript standard, ES6 for short. Earlier this week, the ES6 specification, officially titled ECMA-262, 6th Edition, ECMAScript 2015 Language Specification, cleared the final hurdle and was approved as an Ecma standard. Congratulations to TC39 and everyone who contributed. ES6 is in the books! Even better news: it will not be six more years before the next update. The standard committee now aims to produce a new edition roughly every 12 months. Proposals for the 7th Edition…
 
  • add this feed to my.Alltop

    Didier Stevens

  • base64dump.py Version 0.0.1

    Didier Stevens
    5 Jul 2015 | 7:54 am
    A new tool, a new video: base64dump_V0_0_1.zip (https) MD5: 350C12F677E08030E0DD95339AC3604D SHA256: 1F8156B43C8B52B7E5620B7A8CD19CFB48F42972E8625994603DDA47E07C9B35
  • Update: oledump.py Version 0.0.17 – ExitCode

    Didier Stevens
    26 Jun 2015 | 2:44 am
    Here is a new version of oledump with a couple of bugfixes and a new feature: ExitCode. The ExitCode of the Python program running oledump.py is 0, except if the analyzed file contains macros, then it is 1. You can’t use options if you want the ExitCode. Thanks Philippe for the idea. oledump_V0_0_17.zip (https) MD5: 5AF76C638AA300F6703C6913F80C061F SHA256: A04DDE83621770BCD96D622C7B57C424E109949FD5EE2523987F30A34FD319E1
  • Metasploit Meterpreter Reverse HTTPS Snort Rule

    Didier Stevens
    16 Jun 2015 | 3:00 pm
    Emerging Threats and Snort released my Snort rule to detect Metasploit Meterpreter Reverse HTTPS traffic. More details about the rule in an upcoming blogpost.
  • pcap-rename.py

    Didier Stevens
    8 Jun 2015 | 5:00 pm
    pcap-rename.py is a program to rename pcap files with a timestamp of the first packet in the pcap file. The first argument is a template of the new filename. Use %% as a placeholder for the timestamp. Don’t forget the .pcap extension. The next arguments are the pcap files to be renamed. You can provide one or more pcap files, use wildcards (*.pcap) and use @file. @file: file is a text file containing filenames. Each file listed in the text file is processed. Example to rename pcap files: pcap-rename.py server-%%.pcap *.pcap Output: Renamed: capture1.pcap ->…
  • Regular Expressions With Comments

    Didier Stevens
    4 Jun 2015 | 1:01 pm
    Many flavors of regular expressions support comments now. You can make your regular expression a bit more readable by adding comments. Like in programming languages, where a comment does not change the behavior of the program, a regular expression comment does not change the behavior of the regular expression. A regular expression comment is written like this: (?#comment) where comment can be any text, as long it is not ). Here is an example of a regular expression for a simple email address: [A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,6} And here is the same regular expression with a comment (bold):…
  • add this feed to my.Alltop

    CERIAS Combined Feed

  • Reframing What We Think We Know About Privacy and Risk (Pt. 2)

    CERIAS Webmaster
    25 Jun 2015 | 1:49 pm
    More information »
  • The Intersection Between Privacy and Risk Communication and InfoSec

    CERIAS Webmaster
    19 Jun 2015 | 7:26 am
    CERIAS Ph.D. candidate, Kelley Misata, spoke with SecurityIntelligence.com the topics of privacy and risk management communication. More information »
  • Proposed Changes in Export Control

    Gene Spafford
    11 Jun 2015 | 11:15 pm
    The U.S. limits the export of certain high-tech items that might be used inappropriately (from the government’s point of view). This is intended to prevent (or slow) the spread of technologies that could be used in weapons, used in hostile intelligence operations, or used against a population in violation of their rights. Some are obvious, such as nuclear weapons technology and armor piercing shells. Others are clear after some thought, such as missile guidance software and hardware, and stealth coatings. Some are not immediately clear at all, and may have some benign civilian uses too,…
  • Déjà Vu All Over Again: The Attack on Encryption

    Gene Spafford
    6 Jun 2015 | 9:32 am
    Preface by Spaf Chair, ACM US Public Policy Council (USACM) About 20 years ago, there was a heated debate in the US about giving the government mandatory access to encrypted content via mandatory key escrow. The FBI and other government officials predicted all sorts of gloom and doom if it didn’t happen, including that it would prevent them from fighting crime, especially terrorists, child pornographers, and drug dealers. Various attempts were made to legislate access, including forced key escrow encryption (the “Clipper Chip”). Those efforts didn’t come to pass because eventually…
  • Teaching Information Security

    Gene Spafford
    2 Jun 2015 | 9:08 pm
    Let me recommend an article in Communications of the ACM, June 2015, vol 6(2), pp. 64-69. The piece is entitled PLUS ÇA CHANGE, PLUS C’EST LA MÊME CHOSE, and the author is the redoubtable Corey Schou. Corey has been working in information security education as long (and maybe longer) than anyone else in the field. What’s more, he has been involved in numerous efforts to help define the field, and make it more professional. His essay distills a lot of his thinking about information security (and its name), its content, certification, alternatives, and the history of educational efforts…
  • add this feed to my.Alltop

    Security Bloggers Network

  • Avast CEO speaks out about U.S. and U.K. spy agencies

    Deborah Salmi
    26 Jun 2015 | 2:07 pm
    For as long as there have been governments, there have been spy agencies, and for as long as there have been spy agencies, they’ve done spying. Spy agencies are always looking for ways to get information. Information is valuable, always has been, always will be. ~Avast CEO Vince Steckler New documents from the many that […]
  • Anesthetized by Data Breaches

    Norm Laudermilch
    26 Jun 2015 | 12:42 pm
    Anyone following the news over the past few years has n […] The post Anesthetized by Data Breaches appeared first on Invincea.
  • SBN Sponsor Post

    Kevin Riggins
    26 Jun 2015 | 12:00 pm
  • FBI Fraud Alert, Adobe Emergency Patch, Theme Park Breach Investigation and more | TWIC – June 26, 2015

    Lindsey Havens
    26 Jun 2015 | 10:30 am
    Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
  • Some phone scam statistics

    David Harley
    26 Jun 2015 | 10:20 am
    I’ve just added a link to one of my articles for ESET to the AVIEN scam resources page. The article is not primarily about support scams (unlikely nearly all the other links on that page), but looks at interesting data from reports by the Consumer Sentinel Network Data Book for January-December 2014 and Pindrop Security – The State of Phone Fraud 2014-2015: […]
 
  • add this feed to my.Alltop

    blog.hotspotshield.com

  • Top Websites to Access Free Ebooks and Audiobooks

    Peter Nguyen
    26 Jun 2015 | 8:05 am
    I’ve always known that reading is one of the best ways to acquire knowledge. The good news for bookworms like me is that there are now lots of sites where you can access ebooks and audiobooks for free. Once downloaded, you can access the content anywhere you go on any of your device. Here’s my top 10 list of sites for ebooks & audiobooks: Amazon.com – Amazon has a large collection of ebooks organized by categories that you can access for free. To access ebooks from Amazon, you can use their Kindle device or their free Kindle Reading app (if you do not own a Kindle device).
  • Tips to Prevent Being Tracked

    Robert Siciliano
    25 Jun 2015 | 8:13 am
    You worry about being hacked, but what about being tracked? Yes, there are hackers and then there are trackers. Internet tracking namely refers to the user’s browsing habits being followed. But there are ways to make the trackers harder to tag behind you. Duhh, a fake name. What an innovative idea! It’s amazing how many people have their real name splashed all over cyberspace. Sure, you should use it for LinkedIn, and also Facebook if you want your childhood classmates to find you. But do you really need to use it for accounts like Disqus that allow you to post comments to articles? If…
  • 3 Big Major League Baseball Games You Should Stream Online

    Levent Sapci
    23 Jun 2015 | 8:07 am
    With opening day in the distant past and the 2015 Major League Baseball season now in full swing, baseball fans have their calendars full. Nearly every night of the week, fans have their pick of MLB games, no matter which team they’re rooting for. Since you can’t be at home in front of the TV every night, though, it’s time to upgrade your tech and stream the games online. Read on for some of the biggest Major League Baseball (MLB) games of the season and how to stream them online, no matter where you are. How to Stream MLB Games From Anywhere Like many professional sports, baseball…
  • 4 Reasons You Shouldn’t Worry About the Netflix VPN Ban

    Levent Sapci
    22 Jun 2015 | 8:17 am
    As of the end of 2014, Netflix had more than 57 million subscribers worldwide. While well over half of those subscribers are in the U.S., the entertainment service has followers in roughly 40 countries. However, Netflix’s international numbers may undergo a change if the company follows through with what some Hollywood studios want them to do — that is, ban VPN users from accessing their content. Will Netflix give in to the pressure? It doesn’t seem likely. Here’s why we think there is no reason to worry. Netflix Already Changed Their Terms and Conditions Some of Netflix’s content…
  • Top Movies & TV Shows for Kids

    Peter Nguyen
    21 Jun 2015 | 8:08 am
    Whether you’re babysitting someone else’s kids, traveling with your kids out of the country, or just want to watch a good movie or show with your kids, here is a list of top movies and shows to keep them entertained. All of these shows and movies are available to watch on demand from streaming service providers such as Netflix and Amazon. I’m sure adults will find some of these hits to be entertaining too! 1) A Cat in Paris A Cat in Paris is a touching and uplifting animated movie about a cat who leads a double life. In the daytime, Dino, the cat, lives with Zoe, a mute girl whose…
Log in