OZnzb Heartbleed Security Update

In a moment we’ll share a security update from OZnzb in response to the Heartbleed bug.  Whether you are a member of OZnzb or other indexers I agree with their recommendation of updating your credentials.  Especially if you share passwords between sites.  Heartbleed hit over half the worlds websites.  Usenet providers NNTP servers are safe from Heartbleed but your indexer may very well be affected.  Ask them if you are unsure.

OZnzb Heartbleed security update

Here is the Heartbleed update OZnzb shared earlier this morning:

URGENT SECURITY UPDATE

After consultation with some external security experts we have taken the following steps to protect our users privacy and security.

1. Affective today we have reset ALL users API / RSS security keys, if you are using our RSS services or Automation with an API key you will need to update your programs with the new keys. they are located in your profile https://www.oznzb.com/profile

2. All users are urged to change your passwords ASAP, to change your password go to you profile https://www.oznzb.com/profile click on the orange edit button and type in new password, repeat the password in the confirm password field and then scroll to the bottom and click save profile.

If you have accounts on other indexers then we would strongly recommend that you also reset these credentials on those sites.

Our experts have confirmed that any site that was vulnerable to the Heartbleed SSL bug (which most indexers were and 60% of the worlds websites), anyone who had exploited this bug could have access to your accounts.

We apologise for any inconvenience this may cause you, however we believe this is a necessary step in protecting our users.

:ugeek:

More information about the Heartbleed bug

Heartbleed is not a virus, but rather a mistake written into OpenSSL— open-source software for SSL implementation across the Web. It is a security vulnerability in OpenSSL software that may affect nearly two-thirds of websites online and allow hackers to access data servers that may contain username, password and other sensitive information.

With the disclosure of a bug in OpenSSL’s implementation of heartbeat, it is no longer necessary for cybercriminals to hack into the server to steal the credentials or private keys. An easy execution of a small code will provide them with wealth of information just by exploiting the vulnerability in OpenSSL. While this is happening, the server admin will never know that their server has been exploited and how much of the information has been leaked by the exploit.

Security researchers found out that an encryption technology SSL/TLS that helps in providing communication security and privacy over the network for various applications viz. web-based applications, email and VPN had this security flaw. This encryption technology that used to safely transmit e-commerce transactions, email, social networking data and other Internet traffic was affected by Heartbleed and this security flaw was enough for hackers to access user’s sensitive personal information.

This vulnerability allows anyone to steal the information which under normal circumstances is protected, by the SSL/TLS encryption. Therefore, attackers can steal a server’s digital key which is used to encrypt data and get easy access to an organization’s sensitive documents.

Security researchers also add that this newly discovered security vulnerability is extremely dangerous as it remained undiscovered for more than two years. However, Wolfgang Kandek, chief technology officer for Redwood City security company Qualys said that, it still remains unclear if hackers have taken advantage of the flaw to steal sensitive data from vulnerable sites.

Researchers at Codenomicon say that OpenSSL is used by two of the most widely used Web server software, Apache and nginx. This means a lot of internet sites would possibly have this vulnerability.

Kandek added, many affected websites will now have to have their encryption keys recertified as safe. That’s because even after fixing the flaw in their software, unsafe keys can easily allow hackers to steal sensitive personal information.

Moreover, every website / server / service admin, who uses OpenSSL should be concerned about this vulnerability as it breaks everything for which SSL encryption was deployed in the first place.

NZBroyalty Closed : Find Alternatives

NZBRoyalty shut down hours ago after receiving a cease and desist notice from FACT.  To be honest this is the first we’ve heard of the site.  From what we’ve read and heard that’s how they wanted it to be.  NZBroyalty wasn’t trying to be the next NZBMatrix.  It appears they had a community of members that enjoyed the site and it’s features.  We’re not sure of the circumstances around the site’s closure beyond the notice they posted.

NZBroyalty closed

Here’s the message that was posted on NZBroyalty.com on Feb. 12th:

What a sad sad day 🙁 I’m really sorry for this news.
With great sadness and regret we have had to close the forum.

F.A.C.T have today 12/02/2014 @ 4.15PM contacted us with a Cease & Desist notification.

Here is the email with a PDF attached…. (I’ve not included the ref case number as I have not received permission
at the time this went live. If I get permission I will include it (awaiting on an email reply) )

——————

Date: 12/02/2014
Method of contact: via e-mail to copyright@fact-uk.org.uk

CEASE & DESIST NOTIFICATION
RE:      UNAUTHORISED DISTRIBUTION OF TELEVISION CONTENT SUBJECT TO COPYRIGHT

INVOLVING: http://www.nzbroyalty.com

To the domain registrants and administrators of the website detailed above.

Investigators at FACT have been examining your site and have noted that it is predominantly infringing TV content that is being made available.

You will no doubt be aware of the conviction of Anton Vickerman, the administrator of surfthechannel.com, at Newcastle Crown Court. Vickerman was sentenced to a four year term of imprisonment. This case has clearly demonstrated that online copyright infringement is a crime and that the courts take a very serious view of those who persistently offend.

FACT requests that you desist from this activity immediately. Failure to do so will result in further investigation which may result in criminal prosecution.

Please contact us at the above listed address or by replying to this e-mail should you have any questions, quoting the above reference number in the subject line of all correspondence.

Thank you in anticipation of your cooperation in this matter.

Yours sincerely

Peter O’Rourke
Director of Investigations and Intelligence

———————-

We asked what content we needed to remove in order to conform.
But much like the same situation with nzb matrix it was far to much for us to filter with the staff we have.
As per… http://www.fact-uk.org.uk/about/members/
When you look at the list. It is ALLOT of content.
And leaving anything behind is just far to much a risk or even to control.
We are no longer under the radar. And there for we also need to dip out. Remember we have lives and families.
None of this was intended to bring problems and nzbroyalty was set up to deal with DMCA requests as per the instruction
while ever what was being asked, was realistic. Unfortunately this was not. So we needed to make the right decision.
We was ordered to conform to their demands as quickly as possible.

Sorry folks. Hope you all understand that this is out of our hands.

To all our loyal / frequent members. It was fun while it lasted…
It was nice knowing you all.. on behalf of the nzbroyalty staff team!

GOOD-BYE 🙁

For those unfamiliar with NZBroyalty (we fall into that category) they appeared not to be a Newznab style indexer.  Instead of automatic indexing they offered a forum where members could add their own nzb files.  That likely made it more difficult to comply with the demands FACT placed on them.  While they mentioned having a DMCA procedure in place it apparently wasn’t going to be enough.  We wish the site admins the best in any future endeavors.  For members seeking alternatives we keep a list of open NZB sites.  Most run on Newznab.

NZBSooti Testing nZEDb Platform

NZBSooti is transitioning from Newznab over to the nZEDb platform.  Rather then freaking everyone out with the new interface they are beta testing the new nZEDb at http://beta.nzbsooti.sx.  Current members are all invited to test the new beta.  Just realize you’ll need to reset your password.  To do so click on “recover password” and enter your email.  The site will send you a message.  Remember that the new interface is in beta.

NBSooti

Don’t have an NZBSooti account?  You can learn more about the beta in this Reddit post.  The admin mentions giving a few invites for those willing to test.  This is a good opportunity to join the site and share your input on the nZEDb interface.  Here are some new features available on the beta site:

  • 5 second Video and screenshot preview (VIP Only)
  • Much more content thanks to the superior nzedb engine
  • Better predb engine that uses a huge selection of pre sites to match to nzbs and rename if needed

Cheers and best of luck to NZBSooti as they transition to the new platform.  We hope you’ll join them in testing.  Just remember it’s a beta so you should expect some issues including menus that aren’t yet setup.

SABnzbd users will be glad to know that the new interface works just fine for api calls.  You can use http://beeta.nzbsooti.sx/api to test it out.  We look forward to spending some time on the new site.  NZBSooti will keep the existing Newznab in place until the new platform is fully tested.

Visit Newsgroup Reviews to compare Usenet providers and NZB sites.  Join us on Twitter @NewsgroupRevs.

NZBFinder.ws Server Upgrade

Fans who regularly use NZB Finder ran into some issues a few days ago when the NZBFinder.ws site and services were down due to an operating system issue.  We’re happy to share that not only is the site back online, the NZB Finder team upgraded to a new server with double the RAM and loads of storage.  We checked out the site earlier and it’s working great.  You can visit their site at http://www.nzbfinder.ws to see for yourself.

NZBFinder.ws

There are a lot of indexing options out there.  Our personal favorites include DOGnzb and Nzb.su.  Both of which are private.  Keep an eye on our NZB site invites post for openings as DOGnzb has been offering new users the chance to sign up for accounts every so often.  We’re not trying to sell you on NZBFinder in this post but we do think the site offers some nice features.  Both in terms of free and premium access to the site.

Here’s a quick breakdown of the different access levels that NZBFinder offers:

  • Free (no cost) – limited to 10 API hits and 3 NZB downloads per 24 hours
  • VIP (€10 a year) – 5,000 API hits and 5,000 NZB downloads a day
  • Premium (20 a year) – 20,000 API hits and 20,000 NZB downloads a day
  • Elite (35 a year) – unlimited API hits and NZB downloads along with Spotweb access

You can sign up for a free account and test out the site.  You can always upgrade to a paid account at any time.  As for payment options they accept Bitcoin through Mt. Gox. along with Visa and MasterCard via Paymill.  One of the things we like most about NZBFinder is their involvement in the Usenet community.  You’ll find a team member regularly posting in Reddit Usenet discussions.  Answering inquiries about their site as well as general Usenet questions.  With the recent server upgrades we look forward to their continued growth.

Usenet Automation Tools

As Usenet continues to evolve a number of developers are working on projects to automate the process of finding and downloading content from newsgroups.  The thought of piecing together all the tools needed for the perfect setup can be daunting.  We’ve kept an eye on a number of automation tools over time and would like to share some of the most popular choices.  The tools are free to use.  All you need is reliable Usenet access.

Usenet automation

There are two ways to automate your Usenet experience.

Premium Clients with Auto-Search Features

The first method of automating your Usenet downloads involves using one of the popular premium Usenet clients on the market.  If you’ve been around newsgroups for awhile you’re probably familiar with Newshosting.  They run a great Usenet service and also provide client software with auto-searh to their users as part of their membership.  You can enjoy automated search and unlimited Usenet access for just $9.99 a month.

A second option is NewsLeecher with their SuperSearch engine and SuperLeech feature.  Try saying that line ten times fast.  With the combination of SuperSearch and SuperLeech you can also find content fast and automate your search queries.  NewsLeecher offers the client and premium features along with unlimited Usenet access for $11.99 a month.  They also offer the client without Usenet access for $3.99 a month.

We’re also quite fond of Newsbin Pro.  With the Newsbin client you can add their Internet (Usenet) Search service.  Then make use of their watch to help you find and download content faster.  Newsbin doesn’t offer Usenet service.  You’ll need to get that elsewhere.  The best deal for new customers is definitely their year of search + license for $30.  That gives you full access to the client and all future updates including betas.

Free Open-Source Client with Add-Ons

If you’ve been anxiously waiting for us to mention some free options for automating your Usenet downloads then you’ll like this section.  Not to confuse anyone though.  You’ll still need a Usenet provider to connect and download content from newsgroups.  From there you will want to grab SABnzbd.  The client is compatible with Windows, Mac and Linux.  You can visit sabnzbd.org to learn more and grab the latest release.

SABnzbd will run through your web browser.  The client is very popular.  With over 6.75 million downloads.  Given their mass appeal, a number of developers have written add-ons and services to work along with SABnzbd.  You can visit their forum to learn more about the various add-ons.  You’ll find help connecting with mobile devices along with other programs and scripts to make the most of the open-source client.

When it comes to Usenet automation tools for SABnzbd there are a few that stand out.  We suggest you check out Sick Beard, Couch Potato and Headphones.  All three apps are free.  You just need to configure them to work with a compatible Usenet search engine along with SABnzbd.  You’ll find help on the sites along with a helpful community on the SABnzbd forum.  From there you can tweak things to best meet your needs.

Which Site is the Next NZBMatrix?

It’s been nearly a year since Newzbin2 and NZBMatrix called it quits.  Since then we’ve seen a lot of new search sites pop up.  Most of which are built on Newznab.  With a few custom developed projects.  The question is who will be the next Newzbin / NZBMatrix?  Right now the Usenet community is fragmented when it comes to searching newsgroups.  We could really use another large site with open registration and low VIP cost.

NZBMatrix.com

We were very sorry to see the large sites close up last year.  Since then a number of other options have grown.  Including embedded search inside clients like Newshosting, Newsbin and NewsLeecher.  Along with a number of new NZB sites.  We’re fond of several sites and have been happy to see some of our favorites (DOGnzb and NZB.su) open for registration at times over the last couple months.  Yet we still lack a clear leader.

It’s not bad having lots of options to search for Usenet content.  The downside is that there isn’t a really large community sharing comments and ideas like they did on NZBMatrix.  Instead you are left without some of the advantages of a very large and active user base.  I think a few of the current projects have the chance to become the next go to site for Usenet fans.  As the choice becomes clear we’ll be happy to help promote their growth.

In the meantime check out our NZB site post where we track some of the leading sites with open registration.  You can also view our Usenet search guide for more suggestions.  Let us know what you think.  You can hit us up on Twitter or via email.  If you run a site and think you’re poised to be the next leader in the space please let us know.  We’ll help share news and updates so that our visitors can enjoy the latest search innovations.

FTD World Closed : Find Alternatives

Those familiar with the Dutch Usenet scene will be surprised to hear that FTD World is calling it quits.  They weren’t chased down to otherwise forced to close the site.  Instead the team is busy with other projects so they have decided to shot down FTDWorld.net.  We shared a list of alternatives when Newzbin 2 and NZBMatrix closed so we’d like to do the same for FTD World members.  Hopefully this will help you find another fine site.

FTD World / ftdworld.net

We’ll start with a recommendation from the FTD World team.  They are trusting the team at DUT Planet to help their members moving forward.  While we don’t have any experience with the site, FTD World has shared ideas with them to help recreate a new home for their members.  You can visit the site at DUTPlanet.net.

With the closure of so many Usenet indexing sites over the last year we’re starting to favor newsreaders with built-in search engines.  Newshosting is our favorite since they have a search feature built into their free client.  It’s available for Windows, Mac and Linux.  Newshosting offers unlimited Usenet access along with the free client for $9,99 a month or $99 a yearEasynews is another provider that offers all-in-one service..  Members use their web interface to search, preview and download.  Easynews offers new users a 14 day free trial.

You can also look to some of the leading third-party clients that offer search engines.  There is some added cost for the software and search but they are convenient and easy to use.  Newsbin Pro and Newsleecher are two of our favorites.  Each newsreader has good Usenet search features and costs $4 to $5 a month.

There are still some free search engines and indexing sites out there.  The list continues to shorten as more and more sites like FTD World close.  You can still access Binsearch, Nzb.cc and Nzbindex.

Visit Newsgroup Reviews to learn more about Usenet.  Follow us @NewsgroupRevs for the latest news.

Search and Preview with UsenetHub

UsenetHub is a new project that takes indexing newsgroups a step further.  Their moderators are working to create a full featured site that downloads a portion of each set of content to weed out fakes, viruses and password protected files.  When searching their site you can preview the content.  Including thumbnails, full images and 30 second video clips.  You can search for content and save the related NZB files for free.

usenethub

UsenetHub is not a replacement for your Usenet provider or newsreaeder.  While you can search and preview content, you’ll still need to have both a newsgroup service and client software to download the files.  UsenetHub is sponsored by GetNZB so they link to them from each post.  You can also click on Open NZB to save or open the NZB file in your favorite client.  Just like you are accustomed to doing for other Usenet search engines.

Keep in mind that UsenetHub is new.  They are working hard to add more and more content to the site.  We thought about waiting a few weeks to allow for more content but decided to go ahead and share our first impressions.  When you visit Usenethub.com you’ll be presented with their general search engine.  Those seeking adult content can click on adult at the top of the page.  Functionality is the same throughout the site.

For the purposes of this post we’ll stick with their general content.  Over time we’ve tested hundreds of Usenet providers and search sites.  UsenetHub does a nice job of combining the functionality of both sides.  Giving you the ability to search and preview content.  A great feature that will help you avoid downloading fakes, viruses, passworded files, etc.  Along with avoiding low quality content.  Let’s take a look at an image preview:

UsenetHub thumbnail preview

We chose some pics from alt.binaries.pictures.autos to test UsenetHub.  They were presented as one of the samples on their homepage.  When you click into an image set you’ll notice a collection of thumbnails like the ones above.  This particular post included hundreds of thumbnail images.  Clicking on any of them will bring up a larger version of the image along with the option to view the original size.  Here’s an example:

UsenetHub image

For videos you can preview a 30 second clip along with smaller thumbnails.  The search and preview functionality is similar to Easynews web browser.  Though Easynews takes it further.  They provide advanced search features along with preview and the option to stream full videos through your web browser.

We enjoyed testing out the new UsenetHub site and look forward to the continued growth of the project.  You can jump on over to usenethub.com to try it out for yourself.  Just remember to click on “Open NZB”  to download or open the NZB file.  If you click on “Download” instead it will take you to the GetNZB site and download their client.  Since GetNZB is a paid service it would be nice if UsenetHub could make that clear to users.

Is Newzbin Coming Back?

If you visit the original Newzbin domain (newzbin.com) you’ll notice a message stating that the Newzbin1 team is coming back later this year.  The site claims they are working on some new, legal, services and to stay tuned for more details. That seems kind of odd for a number of reasons.  The first of which is a denial on the Newzbin IRC channel.  Along with the domain being hosted in Germany now.  We’ll keep an eye out though.

Here’s the message currently displayed on newzbin.com:

Newzbin.

The Newzbin1 team are coming back later this year!

We will have some new, legal, services.

Stay tuned for further announcements.

Along with a who.is search for the domain:

domain:                       newzbin.com
expiration_date:              2014-05-08 23:55:07
last_update:                  2013-06-11 14:05:11

nameserver:                   dns1.pointhq.com
nameserver:                   dns2.pointhq.com
nameserver:                   dns3.pointhq.com
nameserver:                   dns4.pointhq.com
nameserver:                   dns5.pointhq.com

registrant-organization:      WCIS Limited
registrant-type:              ORG
registrant-address:           Victoria House
registrant-postcode:          Mahe 000 000
registrant-city:              Victoria
registrant-country:           SC

admin-c-name:                 Marcus Dodds
admin-c-type:                 PERSON
admin-c-address:              Victoria House
admin-c-postcode:             Mahe 000 000
admin-c-city:                 Victoria
admin-c-country:              SC
admin-c-phone:                +248284110
admin-c-email:                Email Masking Image@googlemail.com

tech-c-name:                  Marcus Dodds
tech-c-type:                  PERSON
tech-c-address:               Victoria House
tech-c-postcode:              Mahe 000 000
tech-c-city:                  Victoria
tech-c-country:               SC
tech-c-phone:                 +248284110
tech-c-email:                 Email Masking Image@googlemail.com

zone-c-name:                  Marcus Dodds
zone-c-type:                  PERSON
zone-c-address:               Victoria House
zone-c-postcode:              Mahe 000 000
zone-c-city:                  Victoria
zone-c-country:               SC
zone-c-phone:                 +248284110
zone-c-email:                 Email Masking Image@googlemail.com

Information Updated: Mon, 8 Jul 2013 01:24:32 UTC

You can decide whether or not to believe the message on the site.  We will remain cautiously optimistic that the Newzbin team will find a way to return in the future.  Visit Reddit for more discussion on the topic.

nzbX to Open Source Indexer Code

Lemon at nzbX.co has been looking for someone to take over the site due to health related issues.  He is currently recovering from a hearth attack and was looking for others to manage the site.  It looks like that plan has changed.  Instead of keeping nzbX open, Lemon is going to provide the open source index code for anyone to use in future projects.  It will be interesting to see how many new indexers launch on the nzbX code.

nzbX open source

Here’s the full message Lemon posted on nzbX.co:

So, things are going to be changing around here. How and why? Well, let’s start with the how…

How
nzbX as an index will be closing down, and instead – will become an open source software package that lets people easily run their own indexing software, whilst allowing for the option to sync releases, ratings and community metadata with other installations. Neat, right? The index will cease to exist as of now, and at some point in the very near future a countdown will appear on the site, when the countdown expires – super shiny sexy software release! As I can’t really do anything at the moment, making code tweaks from a machine not designed for it is my plan (when I’m awake).

Why
Well, first and foremost – I (Lemon) am recovering from a heart attack (at the ripe old age of 26) which I sustained a few weeks ago. My health complications from last year have made a comeback, and they’ve done it with a vengeance. I do not have the time or energy to maintain running an index or fight any legal battles which could arise from doing so (as per below).

Today, whilst I was half comatose – I received a visit from a member of FACT (Federation Against Copyright Theft) who attempted to pressure, threaten and harass me (and failed) to hand over control of the domains (presumably so they could use it as a honeypot), as well as making references to the criminal prosecution of the administrator of a video streaming site. That’s good, I’ll keep that in mind if I ever set one up in Antigua. After this, whilst I felt relatively calm – I experienced crippling chest pains and my heart rate was surging fairly high in comparison to what it should be.

The couple I was intending to hand over control of nzbX to backed out, and I decided to enact my alternative plan (as per the “how” section) in order to protect the state of my health and the confidentiality of my users. At 6PM tomorrow, every trace of the user database will be wiped out – don’t worry, the location of the origin server is a big secret and there’s no way anybody could have got your information.

Contact
Feel free to email hello@nzbx.co for a chat, though responses may be extremely slow due to the fact the bulk of my time is dedicating to sleeping and attempting to recover. I do like emails though!

Anyway, so long – and thanks for all the fish!

Keep an eye on the site for the release of the nzbX code.  If you need an alternative take a look here.