COMPUTERS/INTERNET/SECURITY | WHAT REALLY HAPPENED


COMPUTERS/INTERNET/SECURITY

Jan 17 08:18

If you get this message, do NOT open it: Devastating Apple ChaiOS 'text bomb' can crash your iPhone or Mac with a single link

A devastating 'text bomb' that crashes Apple devices has been uncovered by researchers.

It works by sending iPhones, iPads and Macs into a frenzy after a malicious web address is opened in Apple's Message app.

The ChaiOS hack, which causes devices to crash and can delete all your messages, affects any device running iOS and Mac OS.

A fix for the issue, which is not the first text bomb to hit Apple, has not yet been created but is expected in future updates.

Jan 17 08:14

A password for the Hawaii emergency agency was hiding in a public photo, written on a Post-it note

On Saturday, people in Hawaii were awakened by a terrifying false alert about an inbound missile. Hawaii's Emergency Management Agency has said a worker clicked the wrong item in a drop-down menu and sent it, and that its system was not hacked.

"It was a mistake made during a standard procedure at the changeover of a shift, and an employee pushed the wrong button," Gov. David Ige said.

But an Associated Press photo from July that recently resurfaced on Twitter has raised questions about the agency's cybersecurity practices.

In it, the agency's operations officer poses in front of a battery of screens. Attached to one is a password written on a Post-it note.

Jan 17 08:11

YouTube tightens rules around what channels can be monetized

Channels will need 4,000 hours of annual viewing time and over 1,000 subscribers

Jan 17 08:08

Oracle says SPARCv9 has Spectre CPU bug, patches coming soon

Oracle has told users of its SPARC-powered platforms that they have the Spectre processor design flaw.

A support document buried in Oracle’s customers-only portal, but seen by The Register, states: “Oracle believes that certain versions of Oracle Solaris on SPARCv9 are affected by the Spectre vulnerabilities.”

The document, dated today, confirms “Oracle is working on producing the patches for all affected versions that are under Premier Support or Extended Support.”

Jan 17 08:07

Hospital injects $60,000 into crims' coffers to cure malware infection

A US hospital paid extortionists roughly $60,000 to end a ransomware outbreak that forced staff to use pencil-and-paper records.

The crooks had infected the network of Hancock Health, in Indiana, with the Samsam software nasty, which scrambled files and demanded payment to recover the documents. The criminals broke in around 9.30pm on January 11 after finding a box with an exploitable Remote Desktop Protocol (RDP) server, and inject their ransomware into connected computers.

Medical IT teams were alerted in early 2016 that hospitals were being targeted by Samsam, although it appears the warnings weren’t heeded in this case.

According to the hospital, the malware spread over the network and was able to encrypt “a number of the hospital’s information systems,” reducing staff to scratching out patient notes on pieces of dead tree.

Jan 17 08:01

Another round of click-fraud extensions pulled from Chrome Store

A security researcher has claimed that half a million Chrome users have been hit by four malicious browser extensions pushing click and SEO fraud.

Icebrg's Justin Warner and Mario De Tore spotted the extensions while investigating a spike in outbound traffic from a workstation in a customer's network. The company claims the four extensions had more than 500,000 downloads in all.

The extensions were Change HTTP Request Header (a legitimate capability is to hide browser type from trackers) and three apparently related to it: Nyoogle - Custom Logo for Google, Lite Bookmarks, and Stickies - Chrome's Post-it Notes.

Jan 17 08:00

Skygofree — Powerful Android Spyware Discovered

Security researchers have unveiled one of the most powerful and highly advanced Android spyware tools that give hackers full control of infected devices remotely.

Dubbed Skygofree, the Android spyware has been designed for targeted surveillance, and it is believed to have been targeting a large number of users for the past four years.

Since 2014, the Skygofree implant has gained several novel features previously unseen in the wild, according to a new report published by Russian cybersecurity firm Kaspersky Labs.

The 'remarkable new features' include location-based audio recording using device's microphone, the use of Android Accessibility Services to steal WhatsApp messages, and the ability to connect infected devices to malicious Wi-Fi networks controlled by attackers.

Jan 16 17:04

Is Your Child Smarter Or Dumber Because Of Microwave Technologies?

By Catherine J. Frompovich

Parents are overjoyed when their two-year-olds ‘master’ computer games and cell phones. They interpret that as “look how smart my kid is!” Well, that’s really not the take-away message parents should be coming up with. Maybe their youngsters inadvertently are becoming addicted to a tech-meme and device, which will damage them down the road, and very dramatically: dumb and cancer?...

Jan 16 16:00

Media Freaks Out About Facebook Changes; Maybe They Shouldn't Have Become So Reliant On Facebook

Last week, a large part of the media ecosystem seemed to totally flip out following Facebook's announcement that it was going to effectively de-prioritize news content in favor of content from friends and family. Facebook was pretty direct about how this will decrease traffic to many publishers:

Jan 16 13:23

Tillerson Breaks With White House, Rejects Freeze Of Military Exercises Near North Korea

In a direct reversal with the recently disclosed official White House policy, Secretary of State Rex Tillerson said the U.S. rejects a 'freeze for freeze' approach that would pause joint U.S./South Korean military drills in exchange for a pause to North Korea's nuclear program.

Speaking in Vancouver at a meeting with foreign ministers, Tillerson said that "we reject a 'freeze for freeze' approach, in which legitimate defensive military exercises are placed on the same level as the DPRK’s unlawful actions. The pressure campaign will continue until North Korea takes decisive steps to de-nuclearize."

Webmaster's Commentary: 

I am having a Jean-Luc Picard "double face palm", at warp speed, upon reading this.

Is it pathologically impossible for these to gentlemen to at least appear to be on the same page, regarding US foreign policy, for at least a millisecond?!?

This stuff is crazy-making; and I would like to believe that there is some kind of a strategy here, but for the life of me, I cannot see it!!

Jan 16 10:17

Revealed: How Twitter employees are paid to analyze your PRIVATE messages - as one staffer admits 'I've seen alot of d**k pics'

A video released by investigative journalist group Project Veritas shows Twitter employees expose top-secret details about their jobs.

Senior Network Security Engineer Clay Haynes is heard in the footage captured January 6 speaking openly about how he is paid to access and analyze users' personal information - which includes browsing through hundreds of obscene pictures and messages.

'There's teams dedicated to it. I mean, we're talking, we're talking three or four… at least, three or four hundred people… Yes, they're paid to look at d**k pics,' Haynes revealed in the shocking video.

Jan 16 09:21

Meltdown-Spectre: More businesses warned off patching over stability issues

Industrial companies are being told to avoid some Meltdown and Spectre fixes after reports of problems.

Jan 16 09:08

Amazon's creepy plan to put a camera and microphone in every BEDROOM with launch of its £120 Echo Spot 'smart alarm'

Amazon wants to put a camera and microphone in your bedroom with the UK launch of its latest Echo home device.

The camera on the £119.99 ($129) Echo Spot, which doubles up as a 'smart alarm', will probably be facing directly at the user's bed.

The device, which is already available in the US has such sophisticated microphones it can hear people talking from across the room - even if music is playing.

Jan 16 09:05

How your car is SPYING on you: Experts reveal how automakers can track everything from your weight to the food you eat using in-built sensors

Experts have revealed the myriad ways that your car can spy on your personal habits.

Automakers track your vehicle's location, how fast you drive, what entertainment you listen to, through internet-connected systems in modern cars.

Newer cars can even record a driver’s eye movements, the weight of people in the front seats, the weather on your street, and where you prefer to eat.

Companies use personal information collected from tens of millions of vehicles around the globe - and many keep tight-lipped about what they use the data for.

Jan 16 08:55

LeakedSource Founder Arrested for Selling 3 Billion Stolen Credentials

Canadian authorities have arrested and charged an Ontario man for operating a website that collected 'stolen' personal identity records and credentials from some three billion online accounts and sold them for profit.

According to the Royal Canadian Mounted Police (RCMP), the 27-year-old Jordan Evan Bloom of Thornhill is the person behind the notorious LeakedSource.com—a major repository that compiled public data breaches and sold access to the data, including plaintext passwords.

Launched in late 2015, LeakedSource had collected around 3 billion personal identity records and associated passwords from some of the massive data breaches, including LinkedIn, VK.com, Last.Fm, Ashley Madison, MySpace, Twitter, Weebly and Foursquare, and made them accessible and searchable to anyone for a fee.

LeakedSource was shut down, and its associated social media accounts have been suspended after the law enforcement raided its operator earlier last year.

Jan 16 08:53

Now Meltdown patches are making industrial control systems lurch

Patches for the Meltdown vulnerability are causing stability issues in industrial control systems.

SCADA vendor Wonderware admitted that Redmond's Meltdown patch made its Historian product wobble. "Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC," an advisory on Wonderware's support site explains.

Rockwell Automation revealed that the same patch had caused issues with Studio 5000, FactoryTalk View SE, and RSLinx Classic (a widely used product in the manufacturing sector). "In fairness [this] may be RPC [Remote Procedure Call] change related," said cybersecurity vulnerability manager Kevin Beaumont.

Jan 16 08:49

New Mirai botnet species 'Okiru' hunts for ARC-based kit

A new variant of the notorious Mirai malware is exploiting kit with ARC processors.

The nasty, dubbed Okiru, is the first capable of infecting devices running the ARC CPU, according to independent security researcher Odisseus.

RISC-based ARC embedded processors are used in a variety of internet-connected products including cars, mobiles, TVs, cameras and more. The discovery of malware capable of infecting such devices is troubling because of how much damage IoT botnets have caused in the past.

Jan 16 08:47

BitTorrent Client Transmission Suffers Remote Takeover Vulnerability

Transmission, one of the most used non-commercial BitTorrent clients, has a vulnerability that allows outsiders to gain control over people's computers. The flaw affects users who have remote control enabled with the default password. The vulnerability was revealed by a Google researcher, who plans to disclose similar remote code execution flaws in other torrent clients as well.

Jan 16 07:47

Windows 10 WARNING - Make sure you DON'T download this fake Meltdown and Spectre patch

WINDOWS 10 users have been put on alert after scammers started spreading fake security patches for Meltdown and Spectre that are filled with malware.

Jan 15 12:55

BREAKING: HUNDREDS of Twitter Employees Paid to View "Everything You Post," & Private "Sex Messages"

Webmaster's Commentary: 

Warning: Strong language. Snowflakes should turn back now!
:)

Jan 15 10:13

PLAYING LOW FREQUENCY NOISE TO DISRUPT HARD-DRIVES: DENIAL OF SERVICE FOR CCTVS, DATA-CENTERS, AND OTHER COMPUTING ENVIRONMENTS

A group of Princeton and Purdue researchers have demonstrated a successful acoustic attack against mechanical hard-drives where low-frequency noise keyed to the resonant frequency of the drive components is played nearby, causing the drive to vibrate so that the drive can neither be read nor written to.

The researchers demonstrated the attack under lab conditions, successfully preventing a CCTV's DVR from recording the camera signal and stopping a laptop from being able to use its operating system.

The attack is not ready for primetime yet, though: this preliminary work requires relative precision in speaker placement as well as knowledge of the make and model of the target drives. However, the researchers hypothesize that with some refinements, the attack could be carried out by, for example, tricking (or hacking) a victim into playing the correct tone through their computer or device speakers.

Jan 15 10:06

Corporate Powers Are Stealing Online Identities, Posting Fake Comments to Push for Consumer Law Repeals

Hundreds of thousands of comments, purportedly made by Americans, have come in over the electronic transom to at least five different federal agencies calling for an end to Obama-era consumer protections and other regulations that impede profits, a series of investigative reports by the Wall Street Journal found. Except, the people who supposedly sent these comments never did.

The latest example concerns the so-called "Fiduciary Rule," which originated in the Labor Department and was to talk effect in July 2019, to try to prevent conflicts of investment from investment advisers targeting retirees.

Jan 15 09:09

The Facebook drug dealers: How cannabis and cocaine is openly being peddled to children on social media

Drug dealers are openly using Facebook to target children, a Daily Mail investigation reveals.

Scores of criminals are freely touting for business on the site and other social media giants including Instagram and Twitter.

Many are offering cannabis for sale. One dealer, when contacted, offered to sell cocaine. A reporter posing as a teenage boy found dealers on Facebook willing to supply him with drugs even when they knew he was still at school.

Jan 15 09:05

Hawaiian fake nukes alert caused by fat-fingered fumble of garbage GUI

Hawaii's State government has explained, in a timeline [PDF] that the message was sent as part of a “routine internal test” at 8.05 AM on Saturday, January 13th. That test message went through the Hawaii Emergency Management Agency (HI-EMA) 8.07 am.

As the timeline shows, officials realised immediately that the message was a mistake – but did not post notifications the message was wrong until 8:20 AM, when the news hit Facebook and Twitter.

The Washington Post alleged (syndicated to the Chicago Tribune) that the alert was sent thanks to a poor user interface.

The Post reports that the messaging system offers a drop-down menu two options: "'Test missile alert' and 'Missile alert'." Whoever sent the message chose the latter instead of the former, with now-well-known results.

Jan 14 18:08

Intel AMT security locks bypassed on corp laptops – fresh research

Security shortcomings in Intel's Active Management Technology (AMT) can be exploited by miscreants to bypass login prompts on notebook computers.

Insecure defaults in Intel AMT allow an intruder to completely bypass user and BIOS passwords and TPM and Bitlocker PINs to break into almost any corporate laptop in a matter of 30 seconds or so, according to security biz F-Secure. The issue, which requires physical access to targeted computer to exploit, is unrelated to the recent Spectre and Meltdown vulnerabilities.

The problem potentially affects millions of laptops globally.

Jan 14 18:07

Dear US taxpayers, 4.5 BEEELLION of your dollars were blown on unapproved IT projects

American government agencies are spending billions of tax dollars on IT projects without getting the proper approval or oversight.

This is according to a report from the Government Accountability Office (GAO), which studied the IT spending of 22 agencies, and found that about $4.5bn of Uncle Sam's $19.2bn IT spending in fiscal 2016 was splurged on projects that were never properly reviewed.

The $4.5bn in unapproved spending – 23 per cent of the total IT cost – included 41,493 contracts that were awarded or changed without following purchasing guidelines laid out by the Office of Management and Budget (OMB), and in many cases without even getting approval from the agency's chief information officer (CIO).

Jan 13 09:42

NERD HARDER! FBI DIRECTOR REITERATES FAITH-BASED BELIEF IN WORKING CRYPTO THAT HE CAN BREAK

Working cryptography's pretty amazing: because of its fundamental theoretical soundness, we can trust it to secure the firmware updates to our pacemakers; the conversations we have with our loved ones, lawyers and business colleagues; the financial transactions the world depends on; and the integrity of all sorts of data, communications and transactions.

The FBI hates encryption, because they thought the digital world could be one where, for the first time in history, they'd be able to store and look through every conversation anyone has, anywhere, and crypto means that they can only spy on people with a warrant, using traditional techniques like hidden mics, informants, and subpoenas.

The FBI -- along with many other law enforcement and surveillance agents -- insists that it is possible to make crypto that will protect our devices, transactions, data, communications and lives, but which will fail catastrophically whenever a cop needs it to.

Webmaster's Commentary: 
Jan 12 15:44

More misery for Intel as firm says patches to solve its chip 'design flaws' have errors that could cause some systems to randomly reboot

The security fixes could cause computers using its older Haswell and Broadwell processors, created in 2013 and 2014, to reboot more often than normal.

Jan 12 15:20

'Mummy, what's felching?' Tot gets smut served by Android app

Researchers have found a batch of over 60 malware-carrying apps in Google's Play Store designed to rob mobile users or show them pornography, all with a kid-friendly theme.

The malware, dubbed AdultSwine by security shop Check Point, was found in apps like "Drawing Lessons Lego Star Wars", "Fidget spinner for Minecraft" and "Spinner Toy for Slither", along with a large number of Android games. The apps were downloaded between three and seven million times before the infection was caught.

One father complained to Google that the software had exposed his four-year-old son to "a bunch of thilthy (sic) hardcore porn pictures".

Jan 12 15:17

Intel’s Meltdown fix freaked out some Broadwells, Haswells

Intel has warned that the fix for its Meltdown and Spectre woes might have made PCs and servers less stable.

Chipzilla has slipped out a statement to the effect that “We have received reports from a few customers of higher system reboots after applying firmware updates.” The problems have hit “Broadwell and Haswell CPUs for both client and data center.”

Intel has said that if it needs to create a new fix, it will.

Jan 12 15:14

New Intel AMT Security Issue Lets Hackers Gain Full Control of Laptops in 30 Seconds

Researchers warn of a new attack which can be carried out in less than 30 seconds and potentially affects millions of laptops globally.

As Intel was rushing to roll out patches for Meltdown and Spectre vulnerabilities, security researchers have discovered a new critical security flaw in Intel hardware that could allow hackers to access corporate laptops remotely.

Finnish cyber security firm F-Secure reported unsafe and misleading default behaviour within Intel Active Management Technology (AMT) that could allow an attacker to bypass login processes and take complete control over a user's device in less than 30 seconds.

AMT is a feature that comes with Intel-based chipsets to enhance the ability of IT administrators and managed service providers for better controlling their device fleets, allowing them to remotely manage and repair PCs, workstations, and servers in their organisation.

Jan 12 15:12

Warning: New Undetectable DNS Hijacking Malware Targeting Apple macOS Users

A security researcher has revealed details of a new piece of undetectable malware targeting Apple's Mac computers—reportedly first macOS malware of 2018.

Dubbed OSX/MaMi, an unsigned Mach-O 64-bit executable, the malware is somewhat similar to DNSChanger malware that infected millions of computers across the world in 2012.

DNSChanger malware typically changes DNS server settings on infected computers, allowing attackers to route internet traffic through malicious servers and intercept sensitive information.

...

To check if your Mac computer is infected with MaMi malware, go to the terminal via the System Preferences app and check for your DNS settings—particularly look for 82.163.143.135 and 82.163.142.137.

...

You can also install a free open-source firewall for macOS named 'LuLu,' created by Patrick and available at GitHub, which blocks suspicious traffic and prevents OSX/MaMi's from stealing your data.

Jan 12 13:34

Researcher finds another security flaw in Intel management firmware

Meltdown and Spectre are not the only security problems Intel is facing these days. Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware—remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel.

Jan 12 09:15

The fatal flaw in the brain-computer interface

Kurzweil and others are also sure we’re about to uncover the “algorithm” that underlies all brain activity.

They couldn’t be more wrong. Neuroscience has barely scratched the surface of understanding how the brain operates. Cracking the code is not on the horizon.

Most importantly: how would a brain-computer interface work? Hook up your brain to a super-computer, and how does your brain absorb the computer’s data, and how does it make the data known to YOU, the user?

Jan 12 09:06

Spectre puts the brakes on CPU need for speed

Hallelujah! If any good is to come from the revelations of Meltdown and Spectre, it will be acknowledging that performance increases in silicon were made on a foundation of sand, and the security tide has come in.

Goodbye ridiculous comparisons made for spurious reasons in order to make new silicon that isn't much faster than last year's silicon appear much better.

Jan 12 08:11

Sr Network Security Engineer Reveals Twitter Ready to Give Trump's Private DMs to DOJ

Jan 12 08:10

BREAKING: Twitter Engineers To "Ban a Way of Talking" Through "Shadow Banning"

Jan 12 07:58

A new app is about to change the way we have sex — and it all has to do with the #MeToo movement

Inspired by the #MeToo movement and Sweden considering changes to its rape laws — where partners would have to get explicit consent via contracts before sexual contact — blockchain company LegalThings One came up with LegalFling, an app where people can quickly swipe to give consent.

The company specialises in smart contracts using blockchain technology — a form of public record that ensures everything the couple agree on and consent to cannot be digitally changed.

It’s labelled it a “smart solution” to the practical implications the law could have on people’s lives.

CEO of LegalThings and creator of LegalFling Rick Schmitz claims the app is the best and quickest way couples can legally give consent without killing the mood.

Webmaster's Commentary: 

This is getting silly.

Jan 12 07:10

Facebook makes ‘major changes' to YOUR News Feed so 'people spend LESS time online'

The company claims the News Feed will see alterations to focus on “meaningful” interactions - this means limiting the number of posts from “businesses, brands and media”, according to Mr Zuckerberg.

In a post, he wrote: “We’re making a major change to how we build Facebook.

“I’m changing the goal I give our product teams from focusing on helping you find relevant content to helping you have more meaningful social interactions.

Webmaster's Commentary: 

What if I want relevant content?

Jan 11 19:37

The Surveillance State In 2018

We’ve already been given an idea of some of the key surveillance threats to the public’s privacy and civil liberties to come over the next year: the Surveillance Camera Commissioner, Tony Porter, has published his Annual Report for 2016/17. The Surveillance Camera Commissioner’s Report reveals an expanding of both older and newer tools of the surveillance state, such as Automatic Number Plate Recognition (also known as ANPR) and Automated Facial Recognition (also known as AFR) by the police. While the Commissioner warns about some of the growing risks posed by emerging surveillance technologies, we would also like to see him take urgent action in these areas.

Jan 11 19:31

Fighting Fake News: Back Door Trick to Enact Censorship?

Fighting fake news is the new pretext given by the ruling cabal in many nations to enact censorship via the back door. Amid the rallying cries of “We must fight fake news!” both France (under would-be dictator Macron) and now Brazil are attempting to pass legislation to ban political content on the web that the government deems to be fake news. There is a theme to this, as it follows on from many acts of censorship in 2016 and 2017. Whether it’s Twitter shadowbanning, Facebook rolling our fake news checkers or deleting entire accounts, YouTube embarking upon soft censorship through forced sign-ins or hard censorship by deleting entire channels, Google’s search engine hiding websites (by de-ranking them) or – worst of all – Google demonetizing content and sites not to its liking, censorship is clearly getting worse and threatening to overtake a free and open internet.

Jan 11 18:09

Scientists warn we're entering a 'digital dark age'

"The early 20th century is still largely based on things like paper and film formats that are still accessible to a large extent; whereas, much of what we're doing now — the things we're putting into the cloud, our digital content — is born digital. It's not something that we translated from an analog container into a digital container, but, in fact, it is born, and now increasingly dies, as digital content, without any kind of analog counterpart."

Computer and data specialists refer to this era of lost data as the "digital dark ages." Other experts call the 21st century an "informational black hole," because the digital information we are creating right now may not be readable by machines and software programs of the future. All that data, they worry — our century's digital history — is at risk of never being recoverable.

Jan 11 18:07

‘Smart underwear’ is here, and it’s ridiculous

Now your skivvies have a higher IQ than you do.

Skiin’s “smart underwear” is taking the wearables game to a whole new region, Mashable reports. The high-tech underthings, unveiled at this year’s International Consumer Electronics Show, have six sensors woven into the bras and undies that can track heart rate, temperature, pressure, motion, body fat and hydration levels.

Sure, $349 for eight pairs of thongs (available for preorder here) might sound like a bit of a splurge, but what’s more important than your health?

Plus, you’ll never go commando again.

Jan 11 18:04

Spectre and Meltdown are just the beginning

While I do believe Intel, AMD, ARM, and other hardware powerhouses will get better at responding to problems as they emerge, I’m not of the opinion we should consider complex CPUs “secure” in the near future?—?certainly not ones from Intel. Most are developed in secret, tested behind closed doors, and not transparently reviewed by outside, independent experts.

Where there is one bug visible, many more lurk in the black boxes of silicon that power our devices. What has changed is that now, hackers know where to look. This is only the beginning.

Jan 11 17:58

Flashback: Intel CEO Refuses To Answer Questions On Whether NSA Can Access Processors

Last Summer, shortly after the Snowden leaks began to escalate, Steve Blank, recognized as one of Silicon Valleys leading experts, noted that he firmly believed NSA has backdoor access into Intel and AMD chips. He noted how the leaks highlighted how backdoor “hacking” is the NSA’s go to technique because it is much easier than trying to crack encryption.

“Perhaps the NSA – legally compelling the chip vendors and/or Microsoft, or working outside of them – have compromised the microcode updates that affect most computers.” Blank wrote at the time.

Jan 11 17:26

Intel top brass smacked with sueball for keeping schtum about chip flaws

An Intel stockholder filed a class-action lawsuit yesterday accusing the chipmaker of artificially inflating its stock prices by omitting to tell anyone about the Spectre and Meltdown flaws in its products.

The complaint, brought by Intel shareholder Elvis Alvira, pits investors who acquired Chipzilla's shares between July 27, 2017, and January 4, 2018, against the corporation, its chief exec Brian Krzanich, and chief financial officer Robert Swan.

The precise accusation is that Intel deliberately misled or failed to disclose important information to shareholders, that being the existence of design flaws in its processor circuitry, and the potential performance slowdown workarounds to correct the issue would cause. The secrecy of this information, the complaint stated, meant that Intel's share price was artificially inflated.

Jan 11 17:24

OnePlus Android mobes' clipboard app caught phoning home to China

OnePlus has admitted that the clipboard app in a beta build of its Android OS was beaming back mystery data to a cloud service in China.

Someone running the latest test version of OnePlus's Oreo-based operating system revealed in its support forums that unusual activity from the builtin clipboard manager had been detected by a firewall tool.

Upon closer inspection, the punter found that the app had been transmitting information to a block of IP addresses registered to Alibaba, the Chinese e-commerce and cloud hosting giant.

Jan 11 16:26

Google Sued Over “Open Hostility for Conservative Thought”

Last year, an engineer named James Damore blew a hole in Silicon Valley’s liberal bubble when he published a controversial 10-page memo blasting his employer, Google, for cultivating a culture of inane political correctness that was putting women’s “equality” ahead of basic common sense and wise business practices. In the memo, Damore made the argument that discrimination was not to blame (or at least, not entirely to blame) for the lopsided gender representation in the tech industry. Men, he argued, were more likely to be drawn into STEM fields and, as a whole, demonstrated greater aptitude for the work.

After his memo went viral, Damore was fired.

Now the young engineer is suing the search engine giant, claiming that he and others were regularly mocked and harassed for their conservative views.

Jan 11 12:03

[Bug] macOS High Sierra App Store Preferences Can Be Unlocked Without a Password

Yet another password vulnerability has been uncovered in macOS High Sierra, which unlocks App Store System Preferences with any password (or no password at all).

Jan 11 10:36

Lights out at CES: Giant trade show plunges into darkness, knocks out Samsung, LG, and other booths

CES officials say the power outage at the Las Vegas Convention Center Wednesday morning was a result of Tuesday’s rain storm.

Jan 11 10:25

House Extends Controversial Surveillance Measure For 6 Years Despite Bipartisan Resistance

By Derrick Broze

Representative Justin Amash and a bipartisan coalition of 42 lawmakers failed to block a six-year extension of a controversial spying measure.

Washington D.C. – On Thursday the U.S. House of Representatives voted in favor of a six-year extension of section 702 of the Foreign Intelligence Surveillance Act (FISA), a controversial law which allows the federal government to spy on American citizens. A bipartisan coalition of civil liberties advocates opposed the bill, but failed to stop the measure from passing with a vote of 256-164. Senator Rand Paul has now threatened a filibuster during the upcoming Senate vote...

Jan 11 09:53

Alt-Right Publisher Sues Twitter in Landmark Free Speech Case (Charles Johnson)

The lawsuit documents the social media giant’s unlawful censorship of Johnson – and the damages it caused Johnson – on several fronts. Johnson, who is represented by Robert E. Barnes of Barnes Law, details various causes of action demonstrating how Twitter’s actions violated the Unruh Civil Rights Act as well as the California and United States constitutions.

Johnson is seeking, among other relief, a declaratory judgment that Twitter has violated and continues to violate his free speech rights under the First Amendment of the US Constitution and/or Article I, section 2 of the California Constitution.

Jan 11 09:29

Google's Fact-Check Feature Targets Conservative Sites

The largest search engine in the world is now relying on hyper-partisan "fact checking" organizations such as Snopes and Politifact to provide disclaimers on articles primarily from conservative websites.

Jan 11 09:18

“The Internet’s Own Boy”

Nearly five years to the day of Swartz’s “suicide”, we are being told that his partner in programming James Dolan has “committed suicide” too.

Jan 11 09:11

Here's the deal with those robot pole dancers at CES 2018

The gist is that there's a strip club in Las Vegas where CES attendees are flocking to check out the novelty of robot pole dancers.

But the version of the story you're getting probably varies according to the source. You may have read that the robot dancers offer a glimpse into a future of robot-human cohabitation, when even the bedroom isn't off limits for automation. That narrative fits with the spate of recent news about new models of sex robots like Harmony. Indeed, if 2017 had been your typical humdrum anum, it might have been remembered as the year of the sex robot. (I have a hunch it will be remembered for other reasons.)

Jan 10 18:05

Cloud server giants mull dumping Intel after Spectre and Meltdown chip flaws found

Some of Intel Corp's data center customers, whose thousands of computers run cloud networks, are exploring using microchips from the market leader's rivals to build new infrastructure after the discovery of security flaws affecting most chips.

Whether Intel sees a slew of defectors or is forced to offer discounts, the company could take a hit to one of its fastest growing business units.

Intel chips back 98 percent of data center operations, according to industry consultancy IDC.

Jan 10 17:09

Why Is The FBI Afraid Of Encryption?

By Derrick Broze

FBI Director Christopher Wray declared the bureau’s inability to access encrypted electronic devices a “major public safety issue.”

New York City – On Tuesday the Director of the Federal Bureau of Investigations discussed the danger posed by encryption of electronic devices. Speaking at the International Conference on Cyber Security in New York, FBI Director Christopher Wray spoke about challenges that encryption presents to law enforcement...

Jan 10 13:22

The FBI Wants to Put You at Risk To Make Its Job Easier

The FBI doesn’t like encryption. They are concerned that they cannot properly investigate criminals.

Often they have enough evidence to justify a search of a suspect’s device. But they do not have the actual ability to search many encrypted smartphones and computers.

The only solution they can think of is to violate your rights, my rights, and the rights of tech companies. They want to force companies to make their products vulnerable to attacks, in order to make their investigations and prosecutions easier.

Jan 10 11:26

Police Drone Battle Continues After LAPD Approves New Purchase and Officer Training

By Nicholas West

The general concern over police spying continues to be addressed by the Los Angeles public. As I have been covering over the last several years, that concern heightened even further when the LAPD acquired drones from the Seattle PD and began to discuss guidelines for implementation. Despite assurances that any deployment would be only for extreme circumstances, a new donation of $31,500 by the Los Angeles Police Foundation has been approved, continuing the controversy over their eventual use...

Jan 10 10:47

CPU bug patch saga: Antivirus tools caught with their hands in the Windows cookie jar

The problem arises because the Meltdown patch involves moving the kernel into its own private virtual memory address space. Usually, operating systems such as Windows and Linux map the kernel into the top region of every user process's virtual memory space. The kernel is marked invisible to the running programs, although due to the Meltdown design oversight in Intel's modern chips, its memory can still be read by applications. This is bad because it means programs can siphon off passwords and other secrets held in protected kernel memory.

Certain antivirus products drill deep into the kernel's internals in order to keep tabs on the system and detect the presence of malware. These tools turn out to trash the computer if the kernel is moved out the way into a separate context.

In other words, Microsoft went to shift its cookies out of its jar, and caught antivirus makers with their hands stuck in the pot.

Jan 10 10:34

Microsoft: No more Windows patches at all if your AV clashes with our Meltdown fix

Your antivirus must be compatible with Microsoft's Meltdown-Spectre fixes for you to get patches this month or in future.

Jan 10 10:15

BREAKING: Sr Network Security Engineer Reveals Twitter Ready to Give Trump's Private DMs to DOJ

Jan 10 07:35

Heartless Apple investors claim kids getting hooked on iPhones could be a GOOD thing (for them) amid growing addiction row

Apple investors are shrugging off concerns raised by two shareholders about kids getting hooked on iPhones, saying that for now a little addiction might not be a bad thing for profits.

Hedge fund JANA Partners LLC and the California State Teachers' Retirement System (CalSTRS) pension fund said on Saturday that iPhone overuse could be hurting children's developing brains, an issue that may harm the company's long-term market value.

But some investors said the habit-forming nature of gadgets and social media are one reason why companies like Apple, Google parent Alphabet Inc and Facebook Inc added $630 billion to their market value in 2017.

Jan 10 07:33

Thousands of Netflix customers targeted by phishing fraudsters as streaming service warns users to check for VERY convincing scam email

Netflix customers have been warned not to fall for a sophisticated new scam targeting subscribers to the video streaming service.

New South Wales Police alerted social media users on Wednesday, posting a screengrab of a fake email used in the scam.

The email is sophisticated and well-designed, and aims to fool Netflix customers into handing over their credit card details.

Jan 10 07:20

More stuff broken amid Microsoft's efforts to fix Meltdown/Spectre vulns

More examples have emerged of security fixes for the Meltdown vulnerability breaking things.

Patching against CVE-2017-5753 and CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown) borks both the PulseSecure VPN client and Sandboxie, the sandbox-based isolation program developed by Sophos.

PulseSecure has come up with a workaround for affected platforms, which include Windows 10 and Windows 8.1 but not Windows 7.

Sandboxie has released an updated client to solve compatibility issues with an emergency fix from Microsoft, as explained here. We've asked Sophos for comment.

Jan 10 04:59

FBI chief calls unbreakable encryption 'urgent public safety issue'

- The inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an “urgent public safety issue,” FBI Director Christopher Wray said on Tuesday as he sought to renew a contentious debate over privacy and security.

Technology companies and many digital security experts have said that the FBI’s attempts to require that devices allow investigators a way to access a criminal suspect’s cellphone would harm internet security and empower malicious hackers. U.S. lawmakers, meanwhile, have expressed little interest in pursuing legislation to require companies to create products whose contents are accessible to authorities who obtain a warrant.

Wray’s comments at the International Conference on Cyber Security were his most extensive yet as FBI director about the so-called Going Dark problem, which his agency and local law enforcement authorities for years have said bedevils countless investigations. Wray took over as FBI chief in August.

Jan 09 19:33

Google’s New Fact-Check Feature Almost Exclusively Targets Conservative Sites

Google, the most powerful search engine in the world, is now displaying fact checks for conservative publications in its results.

No prominent liberal site receives the same treatment.

And not only is Google’s fact-checking highly partisan — perhaps reflecting the sentiments of its leaders — it is also blatantly wrong, asserting sites made “claims” they demonstrably never made.

Jan 09 16:27

Zero-day vulnerabilities hijack full Dell EMC Data Protection Suite

Security researchers have discovered a set of zero-day vulnerabilities within the Dell EMC Data Protection Suite Family products which allow attackers to fully hijack systems.

The Dell EMC Data Protection Suite (.PDF), a product set for enterprises to protect data and critical applications, was the subject of a routine check and scan by Digital Defense.

However, the company's Vulnerability Research Team (VRT) stumbled across a set of severe vulnerabilities which permitted attackers to compromise products including Dell EMC Avamar Server, NetWorker Virtual Edition, and Integrated Data Protection Appliance.

Jan 09 16:23

And we return to Munich's migration back to Windows - it's going to cost what now?! €100m!

Munich City officials could waste €100m reversing a 15-year process that replaced proprietary software with open source following an official vote last year.

Munich officials in 2003 voted to migrate to an in-house custom version of Ubuntu Linux called LiMux and tailor digital docs to be compatible with LibreOffice. Now the councillors have decided that Munich will switch some 29,000 PCs to Windows 10 and phase out Linux by early 2023.

The cost of the U-turn could be even more catastrophic if another council vote by the end of 2018 fails to take a more reasoned tally. An approval would replace the open-source office suite LibreOffice with Microsoft Office.

That decision will cost the city upwards of €50m plus another €50m to revert to Windows 10, according to reports. The bill results from a combination of buying Windows 10 licences and converting some 12,000 LibreOffice templates and macros along with developing a new templating system for Microsoft Office.

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA