COMPUTERS/INTERNET/SECURITY | WHAT REALLY HAPPENED


COMPUTERS/INTERNET/SECURITY

Oct 07 07:35

Apple gave Uber ‘iPhone backdoor’ allowing covert screens & data access

Apple granted Uber’s iPhone app special privileges by giving the car-hailing service a potential ability to record their customers’ phone screens and access other personal data without their knowledge, cyber security experts say.

Webmaster's Commentary: 

What other apps has Apple given this "entitlement" to?

Oct 07 05:16

Kaspersky Lab Denies WSJ Allegations of Hacking NSA

Consistently at or near the top of security software maker rankings, Russian-based Kaspersky Lab continues to attract suspicion, based on little to no evidence, of being a “threat” to US national security.

This week, the allegations came out of the Wall Street Journal, which claimed that an NSA contractor who ran Kaspersky antivirus on his computer was hacked, and immediately concluded that Kaspersky hacked him to get NSA data for the Russian government.

Kaspersky founder Eugene Kaspersky mocked the claim as “like the script of a C movie.” He offered an alternate explanation for the data loss>>>

Oct 06 13:13

Holy Tasteless! New Batman Video Game Depicts Murdered Russian Diplomat’s Body

The newest video game from developer Telltale Games’ series “Batman: The Enemy Within” features a photo of the corpse of Russian Ambassador to Turkey Andrei Karlov, who was assassinated in December 2016.

Karlov, a veteran diplomat who at one point served as the director of the Russian Foreign Ministry's Department of Consular Affairs (which provides passport and visa services), was killed during a scheduled speech at an art exhibition celebrating Turkish-Russian friendship. He was shot in the back by Mevlüt Mert Alt?nta?, a Turkish police officer who yelled "Allahu Akbar" and "Do not forget Aleppo, do not forget Syria" before being gunned down himself by Turkish security forces.

Footage and photos of Altintas standing over Karlov's body, shouting and brandishing his pistol, widely circulated online. One picture, taken by Hasam Kilic, seems to have found its way into an unexpected place: a crime scene being investigated by Batman in a video game.

Webmaster's Commentary: 

Military/intelligence assets work hand in hand with the video/computer game industry every day.

So I have to wonder if the founders of this company, Dan Connors, Kevin Bruner and Troy Molander, are, perhaps, covert CIA/US military assets, who understand that if you are going to demonize a country (Let's say, for the sake of explanation, Russia) to your population, particularly to the young people who will be ultimately drafted to fight that country, you start with the young men, who are the primary players of computer games, to demonize that country which is ultimately going to be the recipient of an American military attack.

This has been rather recently released, so I wonder about the timing of an actual war with Russia, vis a vis the release of this video game, and how the owners of Telltale bet on the release of this game to continue the demonization in which the corporate presstitutes are collaborating so cheerfully.

Oct 06 12:38

Russian Hackers Win Again: John Kelly's Personal Cell Allegedly "Compromised" For Months

Is John Kelly the latest victim of the now infamous, pesky, yet extremely elusive, 'Russian hackers' that cost Hillary Clinton the 2016 election and are slowly taking over the world? According to Politico, he just might be...

White House officials believe that chief of staff John Kelly’s personal cellphone was compromised, potentially as long ago as December, according to three U.S. government officials.

The discovery raises concerns that hackers or foreign governments may have had access to data on Kelly’s phone while he was secretary of Homeland Security and after he joined the West Wing.

Tech support staff discovered the suspected breach after Kelly turned his phone in to White House tech support this summer complaining that it wasn’t working or updating software properly.

Kelly told the staffers the phone hadn’t been working properly for months, according to the officials.

Webmaster's Commentary: 

OK, let's track the logic; Kelly's personal phone misbehaves for months, and he doesn't have the horse sense to get it checked when it originally stopped working the way it should have?!?

And it is THIS guy who has the ear of the President of the United States?!?

Be afraid, people; be very afraid!!

Oct 06 12:21

YouTube revises search results following outrage over Las Vegas shooting conspiracy videos

YouTube is modifying its search algorithms to prevent conspiracy theories and fake news videos from making it to the top of its search results, following outrage over the high visibility of videos spreading misinformation about the Las Vegas mass shooting, the Wall Street Journal reports.

Webmaster's Commentary: 

"Misinformation" -> Anything that questions the official story.

Oct 06 09:39

PUTIN STRIKES AGAIN: RUSSIAN HACKERS REPORTEDLY STOLE NSA DATA ON CYBER DEFENSE

Looks like Russian President Vladimir Putin is back at it.

The Wall Street Journal reported Thursday that hackers working for the Russian government have stolen data describing how US intelligence agencies infiltrate foreign computer networks and how they defend against cyberattacks. The data was stolen after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to WSJ’s anonymous sources.

News of the hack, which hasn’t been exposed previously, explains the federal government’s abrupt crackdown on Moscow-based security firms Kaspersky Labs. As WSJ explains, the contractor may have been targeted after hackers identified the files thanks to the contractor’s use of a popular antivirus software created by Kaspersky.

Webmaster's Commentary: 

No sourcing?!?

Since, please, did WSJ get so completely sloppy in their "alleged" reporting?!?

And what moronic National Security Agency contractor would have been so completely stupid as to put sensitive material like that on their home computer?!?

Is the major prerequisite necessary to working for the NSA complete, and abysmal technological stupidity?!?

OK, WSJ: either source, and do what is supposed to be your job, or shut the flip up; this is simply more anonymous demonization of Russia, which we all understand is part of the prelude to a shooting war against it.

And to your Editor in Chief, Gerard Baker, a word, please, sir; whatever compensation you are getting, overtly or covertly, from elements of the Deep State in this country, desperate to see this country at war with Russia (and China) to cut off the rise of the ruble and yuan in international trade, it cannot possibly be enough!!

Oct 06 06:26

Secret backdoor in Uber's app granted by Apple lets the firm record your iPhone's screen without you knowing

An 'unprecedented' level of access granted to Uber's iPhone app means the firm could be watching your every move.

Apple has given the company special powers that could be used to record a user's screen and access other sensitive data without their knowledge or permission.

Experts have warned that the feature, which is not listed in any of Uber's public information, may be available even when the app is closed.

Oct 06 06:16

DO NOT CLICK: Ads Falsely Reporting Deaths Of Bill O'Reilly And Rush Limbaugh Likely Malware

The files to which the ads are linked are highly suspicious, so much so that I didn't run them even quarantined.

Screenshots of the ads are here, as well as links to the online tests. You can look at the embedded code yourself there, safely; it was labeled "suspicious," which seems to me to be very possibly an understatement.

Be safe, and

Be seeing you.

Oct 06 06:11

HPE server firmware update permanently bricks network adapters

Here's a fantastic fail: HPE's July ServicePack for ProLiant servers bricked some network adapters so badly they “must be replaced.”

An advisory issued late last week explained that the mess is triggered “when a driver upgrade is performed with … HPE QLogic NX2 1/10/20 GbE Multifunction Drivers for VMware vSphere 5.5, 6.0, and 6.5”.

The relevant drivers glory in the names “net-bnx2x_2.713.30.v55.7-1OEM.550.0.0.1331820” and “net-bnx2x_2.713.30.v60.7-1OEM.600.0.0.2494585” and were supposed to update HPE's Flex-10 530-series network adapters and FlexFabric 630-series kit.

Oct 05 09:54

Two New Montana Laws Take on Warrantless Electronic Data Collection

By Michael Maharrey

On Sunday, two Montana laws went into effect that work together to ban warrantless collection of cell phone data in most situations. These laws not only increase privacy protections in the state, they also hinder one practical impact of federal surveillance programs.

Rep. Daniel Zolnikov sponsored both House Bill 147 (HB147) and House Bill 148 (HB148). Working together, these two bills require government agencies to get a warrant before obtaining data from electronic devices such as smart phones, computers and tablets in most situations...

Oct 05 09:21

Snap, crackle ... patch! Apple kicks out iOS 11.0.2 to tackle crappy calls, fix email glitches

The iOS 11.0.2 release consists of a trio of fixes that were reported by fans shortly after the arrival of version 11.0 of the operating system and iPhone 8 and 8 Plus last month.

Most notably, the firmware update removes the "crackling" sound iPhone 8 and 8 Plus owners had been suffering on voice calls. Apple claimed the now-resolved noise problem only affected a "small number" of its latest handsets.

Also patched was an iOS 11 issue that would cause some photos to be erroneously marked as hidden, and separated from the main photo album, and a bug that had prevented users from opening some attachments in S/MIME encrypted email messages. This week's 11.0.2 update also includes the 11.0.1 bug fix that corrects connectivity issues between iThings and Microsoft-powered email systems, which were present in the 11.0 launch release.

Oct 05 07:30

IRS Awards Multi-Million Dollar Fraud-Prevention Contract To Equifax Who Was Hacked TWICE

By Aaron Kesel

You can’t make this up. The IRS awarded Equifax with a multi-million dollar fraud prevention no-bid contract despite that its own execs committed market fraud when they sold shares before telling the public they were hacked.

The IRS will pay Equifax $7.25 million to help verify taxpayer identities and prevent fraud under a no-bid contract issued last week...

Oct 04 09:57

The Largest Hack Ever? Yahoo Admits 2013 Data Breach Impacted All 3 Billion Accounts

Is it too late for Verizon to get some more of its money back?

After the entity responsible for selling Yahoo agreed to cut $350 million off the company’s sales price earlier this year following revelations that hackers had stolen sensitive account information of as many as 1.5 billion user accounts during two separate data breaches, the Wall Street Journal is now reporting that the scale of one of those intrusions was much larger than initially believed.

A 2013 data breach that was initially believed to have impacted 1 billion, actually impacted all of Yahoo's 3 billion user accounts, Verizon announced on Tuesday. Verizon’s acquisition of Yahoo formally closed in June after contentious negotiations that were complicated by the discovery of the hacks. The smaller of the two incidents, which took place in 2014, was first disclosed to the public last September. It reportedly involved 500 million user accounts. Three months later, in December, the company publicized the 2013 hack.

Oct 04 09:07

Watching terrorist propaganda online to become a criminal offence, says Tory Home Secretary Amber Rudd

Ms Rudd said: “I want to make sure those who view despicable terrorist content online including jihadi websites, far-right propaganda and bomb-making instructions face the full force of the law.

Webmaster's Commentary: 

"Far-right propaganda?!?" Does she mean ME?!?

Oct 04 09:00

Exposing 'In-Q --Tel': The CIA's Own Venture Capital Firm

VIDEO

Google, Facebook, the IT Sector and the CIA

In-Q-Tel was formed by the CIA in 1999 as a private, not-for-profit venture capital firm

Oct 04 08:48

Yahoo hack: Company leaked details of everyone who uses it!

Yahoo leaked the details of all the people who used it, it has said.

Some three billion accounts were compromised – the equivalent of half the people on Earth – in a 2013 hack. That accounts for everyone who used it at the time of the leak.

Yahoo had previously said that around one billion accounts were part of that hack when it disclosed it at the end of this year, already a unprecedentedly large leak of information. But it has now revised that total.

Oct 04 07:46

North Korea now has a second internet link through Russia

North Korea had previously gotten its internet through a hardwire to China, but that's no longer the case: Now, it has a second link to the world wide web through Russia cybersecurity firm FireEye told Bloomberg. This confirms an initial report by site 38 North that claimed the secondary connection went active on Sunday.

This gives North Korea an alternative method of accessing the internet -- which, aside from the obvious benefit of redundant access, might mitigate the damage from foreign attempts to block their service. A report on Sunday revealed that US Cybercommand had been harassing the North Korean government's hacking group with denial-of-service attacks for six months. It's unclear if their method would be as effective now that the East Asian country has a second line to the outside internet.

Webmaster's Commentary: 

Maybe I need a second line through Russia!

Oct 03 17:23

Yahoo just said every single account was affected by 2013 attack — 3 billion in all

In 2016, Yahoo disclosed that more than one billion of about three billion accounts had likely been affected by the hack. In its disclosure Tuesday, the company said all accounts were likely victimized.

Oct 03 17:14

Patch your WordPress plugins: Scum are right now hijacking blogs

Unless of course your site is so dull that a little hacker defacement will cheer it up

Oct 03 16:58

PA Attorney General Concerned About Equifax Cyberattack; Will U.S. Attorneys General Be Upset About Utility Smart Meters Hacking?

By Catherine J. Frompovich

According to news reports [1], Pennsylvania Attorney General Josh Shapiro is concerned about and investigating the credit bureau Equifax’s data breach affecting some 143 to 145 million Americans...

Consumers don’t know Equifax was collecting their important credit information and selling it to others! However, that’s the very same tactic/problem/issue that is being programmed to be done by and with AMI Smart Meters being retrofitted on to electric, natural gas and water utilities services nationwide by states’ utility commissions...

Oct 03 10:53

FLASHBACK - Rivero challenges the NSA

The US Government insists their demand for a ban on strong encryption or back doors into all of our electronic devices is to stop crime and terror.

But over the course of a year, as documented on this page, What Really Happened issued six encryption challenges based on systems of encryption created and programmed here on an air-gapped computer.

Now, I am not an encryption expert, and only a moderately decent programmer. The NSA would have a strong motive to break my codes to discourage others from creating their own systems of encryption.

None were ever solved.

If I can beat the NSA, it means real criminals and terrorists can defeat the NSA and keep their communications private.

Hence, the real agenda of the government is not to stop crime and terror but to monitor the American people to make sure they are not thinking those double-plus ungood thoughts about how this nation is being run!

Oct 03 08:53

Microsoft may have its groove back but it's binned 'Groove'

Ghost-of-Zune music subscription service retired, users shunted to Spotify

Oct 03 08:51

Commodore 64 makes a half-sized comeback

The Commodore 64 is coming back, in a form that owes a debt to both Nintendo's shrunken Mini SNES and thee Vega+ Sinclair ZX Spectrum reboot.

The due-in-early 2018 “C64 Mini” matches Nintendo's plan to shrink an old machine, in this case by 50 per cent. Like the Mini and the Vega+ the revived Commodore will pack in pre-loaded retro games, 64 of them to be precise. The device will also ship with a USB joystick boasting 80s styling, HDMI out so it can connect to modern tellies and USB-mini for power.

Oct 03 08:47

Google Finds 7 Security Flaws in Widely Used Dnsmasq Network Software

Security researchers have discovered not one or two, but a total of seven security vulnerabilities in the popular open source Dnsmasq network services software, three of which could allow remote code execution on a vulnerable system and hijack it.

Dnsmasq is a widely used lightweight network application tool designed to provide DNS (Domain Name System) forwarder, DHCP (Dynamic Host Configuration Protocol) server, router ads and network boot services for small networks.

Dnsmasq comes pre-installed on various devices and operating systems, including Linux distributions such as Ubuntu and Debian, home routers, smartphones and Internet of Things (IoT) devices. A shodan scan for "Dnsmasq" reveals around 1.1 million instances worldwide.

Oct 03 08:45

Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach

Credit rating agency Equifax says an additional 2.5 million U.S. consumers were also impacted by the massive data breach the company disclosed last month, bringing the total possible victims to 145.5 million from 143 million.

Oct 03 08:24

Mastermind Of $4 Billion Bitcoin Money Laundering Operation May Be Extradited To US

After being arrested over the summer in a sting that was orchestrated by US and European law-enforcement agencies, Russian-born Alexander Vinnick, the purported creator and operator of shadowy digital-currency exchange BTC-E, appeared in a Greek court late last week for the first of what could be several hearings to determine where he will ultimately stand trial, CoinDesk reported.

As we reported at the time of Vinnick’s arrest, the 38-year-old Russian man was wanted in the US on suspicion of masterminding a money laundering operation involving at least $4 billion in bitcoin transactions.

Oct 03 07:14

Google Admits Citing 4chan To Spread Fake Vegas Shooter News

Google News took the unusual step of confirming its use of the imageboard site 4chan as a news source on Monday. The admission followed Google News' propagation of an incorrect name as a potential shooter in the tragic Las Vegas shooting on Sunday night.

Oct 02 13:41

New Ghost Gun Update Allows 3D Printing of Untraceable Handgun

By Derrick Broze

The controversial organization Defense Distributed just made it easier to 3D print untraceable handguns.

On October 1, Cody Wilson and Defense Distributed began selling two of the most common handgun “80 percent” receivers. In addition to selling a $1,200 computer-numerically-controlled (CNC) mill which can complete unfinished lower receivers for AR-15 semi-auto rifles, Defense Distributed will now sell unfinished receivers for Glocks and single-stack M1911s.

Using Defense Distributed’s mill, known as the Ghost Gunner, anyone with $1,200 and some basic milling knowledge can create the lower receiver of an AR-15 rifle...

Oct 02 08:41

iPhone X: Sorry Apple, but I just can't face using Face ID

Apple promises that using facial recognition will be more secure than using a fingerprint.

"The probability that a random person in the population could look at your iPhone X and unlock it using Face ID is approximately 1 in 1,000,000 (versus 1 in 50,000 for Touch ID)," said Apple's security paper.

The use of the technology has worried some, but a few of the security concerns are perhaps a bit overblown: in the case of the iPhone X authentication system, there's no single database for hackers to steal because the biometric data is stored in encrypted form on the phone.

However, there are still a few things that make me reluctant to use it.

First, for a smartphone I'd argue that a fingerprint is actually the easiest replacement for the password: it's less controversial than using your face and probably even faster.

Oct 01 09:30

Amazon's Whole Foods Market Suffers Credit Card Breach In Some Stores

Another day, another data breach. This time Amazon-owned grocery chain has fallen victim to a credit card security breach.

Whole Foods Market—acquired by Amazon for $13.7 billion in late August—disclosed Thursday that hackers were able to gain unauthorized access to credit card information for its customers who made purchases at certain venues like taprooms and full table-service restaurants located within some stores.

Whole Foods Market has around 500 stores in the United States, United Kingdom, and Canada.

The company did not disclose details about the targeted locations or the total number of customers affected by the breach, but it did mention that hackers targeted some of its point-of-sale (POS) terminals in an attempt to steal customer data, including credit details.

The company also said people who only shopped for groceries at Whole Foods were not affected, neither the hackers were able to access Amazon transactions in the security breach.

Webmaster's Commentary: 

You can't hack cash. And until the government is able to deal with cyber-crime, it has no business pushing the cashless society agenda!

Sep 30 10:20

ARE YOU BEING WATCHED? FINFISHER GOVERNMENT SPY TOOL FOUND HIDING AS WHATSAPP AND SKYPE

Legitimate downloads of popular software including WhatsApp, Skype and VLC Player are allegedly being hacked at an internet service provider (ISP) level to spread an advanced form of surveillance software known as "FinFisher", cybersecurity researchers warn.

FinFisher is sold to global governments and intelligence agencies and can be used to snoop on webcam feeds, keystrokes, microphones and web browsing. Documents, previously published by WikiLeaks, indicate that one tool called "FinFly ISP" may be linked to the case.

The digital surveillance tools are peddled by an international firm called Gamma Group and have in the past been sold to repressive regimes including Bahrain, Egypt and the United Arab Emirates (UAE).

Sep 30 09:35

This Dumb Smart Fridge Shows Why the Internet of Things Will Break

If you think a smart fridge is a dumb idea, you’re not alone. When people started buzzing about the Internet of Things (4.9 billion connected devices and counting), lots of experts sent up warning flares. “If you think error messages and applications crashes are a problem now, just wait until the web is embedded in everything from your car to your sneakers,” Wired reporter Klint Finley cautioned in 2014.

We’ve worried in the past about how embedded electronics open up your teddy bears and cars to copyright restrictions, as well as about how they can shorten the lifespan of devices. For refrigerators, a shorter lifespan is a particularly big deal—appliances actually make up about 60% of global e-waste.

Refrigerators usually last about 14 years, a lifespan that has held pretty constant in the last few decades. But smart fridges threaten to shorten that lifespan significantly. In the software world, 14 years is practically an eternity.

Sep 30 09:30

New Montana Law Limits ALPR Use, Helps Block National License Plate Tracking Program

By Michael Maharrey

Tomorrow, a Montana law that limits the use of Automated License Plate Readers (ALPRs) in the state goes into effect. The new law will also place significant roadblocks in the way of a federal program using states to help track the location of millions of everyday people through pictures of their license plates.

Rep. Daniel Zolnikov (R-Billings) sponsored House Bill 149 (HB149). The legislation prohibits the use of ALPRs except for specified purposes, and also places limitations on the retention and sharing of data gathered by license plate readers.

The Montana Senate passed HB149 by a 48-1 vote. The House concurred with a 91-7 vote, With Gov. Steve Bullock’s signature the law goes into effect Oct. 1...

Sep 30 09:29

The Coming Software Apocalypse

“Computing is fundamentally invisible,” Gerard Berry said in his talk. “When your tires are flat, you look at your tires, they are flat. When your software is broken, you look at your software, you see nothing.”

“So that’s a big problem.”

Sep 29 17:53

Info on CCleaner Infections Lost Due To Malware Server Running Out of Disk Space

Avast's Threat Intelligence Team published new details today about the CCleaner malware incident that came to light on Monday.

According to Avast, the database where the CCleaner hackers were collecting data from infected hosts ran out of space and was deleted on September 12, meaning information on previous victims is now lost to investigators and the number of computers infected with the second-stage backdoor payloads may be larger than initially believed.

This means there could still be — and there certainly are — more large technology firms that currently have a backdoor on their network.

Sep 29 15:38

Amazon's Echo Spot is a sneaky way to get a camera into your bedroom

Amazon unveiled six new hardware products at its surprise event in Seattle yesterday, but the Echo Spot has everyone talking. Most people think the Echo Spot is cute; a little alarm clock that’s designed to sit next to your bed. While all the focus is on what the Echo Spot looks like, it’s important to remember that Amazon is using the Spot as a very clever way of making you comfortable with having a camera in your bedroom. It’s also a camera that will probably be pointing directly at your bed.

Sep 29 12:54

Julian Assange Says He Will Provide Evidence Russia Narrative Is False in Exchange for Pardon

WikiLeaks founder Julian Assange has offered to provide evidence that the Russian collusion narrative is false in exchange for a pardon from President Trump.

The president, apparently, has not yet gotten the message. On Saturday, President Trump told reporters that he has "never heard" of Assange's offer to make a deal.

Rep. Dana Rohrabacher (R-Calif.) told The Daily Caller that Trump is being blocked from knowing about the potential deal with Assange. “I think the president’s answer indicates that there is a wall around him that is being created by people who do not want to expose this fraud that there was collusion between our intelligence community and the leaders of the Democratic Party,” Rohrabacher said.

Sep 29 11:28

Gallery: 10 of the most dangerous malware threats on the internet today

You've probably heard of some, if not all, of the malware on this list. Most of it has been around for a while, staying alive through various incarnations thanks to the efforts of hackers. After all, why reinvent the wheel when you can just make tweak code that already works?

Webmaster's Commentary: 

Sep 29 08:51

Denuvo Crisis After Total Warhammer 2 Gets Pirated in Hours

Denuvo, the world's most feared gaming anti-piracy mechanism, was deployed yesterday on the brand new Total War: Warhammer 2. Instead of the months, weeks, or even days of protection usually offered by the system, the whole thing collapsed within hours.

Sep 29 08:32

Google warns that govt is demanding more of your private data than ever

And thousands more user accounts have been affected by US national security orders than previously reported.

Sep 29 07:01

BlackBerry touts shift to software as shares rise

BlackBerry has made a strategic pivot in recent years away from manufacturing its namesake smartphones to producing mainly software and services as its devices lost market share to Apple Inc. and Samsung Electronics Co.

BlackBerry's revenue for the three months ended Aug. 31 was $238-million, down from $334-million in last year's second quarter but up $3-million from the previous quarter ended May 31.

Sep 29 06:40

THE US MILITARY IS QUIETLY BUILDING SKYNET

The US’s military leaders have agreed on a strategy to guarantee the US military retains its global dominance during the twenty-first century: Connect everything with everything, as DefenseOne describes it. The result? An unimaginably large cephapoloidal nervous system armed with the world’s most advanced weaponry, and in control of all military equipment belonging to the world’s most powerful army.

Sound familiar? It should...

A networked military – an extreme take on the “internet of things” - would connect everything from F-35 jets to the Navy’s destroyers to the armor of the tanks crawling over the land to the devices carried by soldiers – every weapon would be connected. Every weapon, vehicle, and device connected, sharing data, constantly aware of the presence and state of every other node in a truly global network.

Webmaster's Commentary: 

What happens when one of the pieces of networked code in this 21st century Rube Goldberg contraption starts making autonomous decisions about how evil humankind has become, and decides to "cure the problem"?!?

Gee, what could go wrong?!? (other than everything)?!?

Sep 28 18:05

Airport Systems Crashed Worldwide, Could A Power Grid Failure Be Next?

Airport computer systems crashed around the globe today. The crash caused passenger delays, angst, and fright among travelers, but a more ominous question has arisen in light of this glitch. Could the next failure be a worldwide power grid outage?

Thousands of travelers were grounded today when a computer glitch took down check-in systems at more than 100 airports worldwide. The crash left passengers waiting in long lines at counters while trying to check-in for their flights. T Amadeus Alta, the company that provides the software, confirmed it is experiencing a “network issue that is causing disruption,” The Telegraph reported.

Webmaster's Commentary: 

What makes sense to me here is, this might be a test for some persons, or organizations, which want to create perhaps an even larger grid failure, and somehow profiting from the ensuing chaos; and grid security is something which has become the "soft, unprotected underbelly" of the entire wired system in this world.

Or, perhaps, a test for a coming false flag, to be blamed on the "usual suspects", and of course, we know who they are: Russia; China; Iran; North Korea Venezuela; and Syria, of course!

And what do these nations all have in common, in the eyes of those in the Bowels of Power in the Occupied, Unhinged, Surveilled States of Amerika?!? They are all countries the US government wants regime-changed, and soon!!

Sep 28 15:42

EU Proposes Take Down Stay Down Approach to Combat Online Piracy

The European Commission published a set of guidelines today outlining how online service providers should tackle illegal content, including piracy. The recommendation follows the notice-and-stay-down principle, proposing proactive automated filters and measures against repeat infringers.

Sep 28 15:21

IPhone X to use 'black box' anti-spoof Face ID tech

Even Apple will not be able to explain how its forthcoming iPhone X can spot some efforts to fool its facial recognition system.

The firm has released a guide to the Face ID system, which explains that it relies on two types of neural networks - one of which has been specifically trained to resist spoofing attempts.

But a consequence of the design is that it behaves like a "black box".

Its behaviour can be observed but the underlying processes remain opaque.

So, while Apple says Face ID should be able to distinguish between a real person's face and someone else wearing a mask that matches the geometry of their features, it will sometimes be impossible to determine what clues were picked up on.

Sep 28 10:07

Want a more powerful Raspberry Pi? Choose from these 20 alternatives

Some of these credit card-sized computers are starting to surpass the specs of the Pi 3, cramming in more memory, faster processors and additional features such as Gigabit Ethernet or support for 4K displays.

These extras come at a price, with most of these challengers costing more than the Pi 3, while also not sharing the Pi's extensive range of software, projects and community support.

But if you're looking for a more muscular alternative to the Pi, this is what's on offer, from the cheapest, through to premium single-board computers for those who prize power over price.

Sep 28 09:29

Conflict censorship? YouTube deletes footage of coalition airstrikes

Footage of coalition airstrikes against Islamic State (IS, formerly ISIS/ISIL) in Iraq has been removed and restricted by YouTube, sparking a furious censorship row for the video sharing site.

Sep 28 09:26

ECB President Admits Central Banks Have No Power To Regulate Bitcoin “It’s Outside Of Our Jurisdiction”

The president of the European Central Bank (ECB), Mario Draghi, admitted that Bitcoin and other cryptocurrencies used worldwide do not fall under the regulatory powers of the ECB.

“It Would Not Be Within Our Power to Prohibit or Regulate Bitcoin,” Mario Draghi, President of the European Central Bank said.

Draghi made the statement following a question from the European Parliament’s Committee on Economic and Monetary Affairs regarding whether or not the ECB plans to develop regulations pertaining to Bitcoin, and what risks cryptocurrencies may pose to the European economy...

Sep 28 08:52

'Momentary IT glitch' lasting just 15 MINUTES is blamed for chaos at airports worldwide as check-in desk computers crash leaving huge queues of furious passengers

Airline passengers are suffering major disruption at airports around the world after a computer programme which handles passenger check in systems crashed.

Queues formed at check-in desks worldwide this morning after the computer system used by more than 100 airlines crashed.

Problems have been reported at London's Heathrow and Gatwick airports, as well as Charles de Gaulle Paris, Washington DC, Baltimore, Melbourne, Changi in Singapore, Johannesburg and Zurich.

The check-in system which went down is run by Amadeus Altea, which services 64% of the Star Alliance flights, 75% of One World and 53% of the Sky Team, including BA, AirFrance, KLM and Lufthansa.

Sep 28 07:57

2-Year-Old Linux Kernel Issue Resurfaces As High-Risk Flaw

A bug in Linux kernel that was discovered two years ago, but was not considered a security threat at that time, has now been recognised as a potential local privilege escalation flaw.

Identified as CVE-2017-1000253, the bug was initially discovered by Google researcher Michael Davidson in April 2015.

Since it was not recognised as a serious bug at that time, the patch for this kernel flaw was not backported to long-term Linux distributions in kernel 3.10.77.

However, researchers at Qualys Research Labs has now found that this vulnerability could be exploited to escalate privileges and it affects all major Linux distributions, including Red Hat, Debian, and CentOS.

...

Linux distributions, including Red Hat, Debian, and CentOS, have released security updates to address the vulnerability.

Sep 27 14:52

DHS To Officially Require Immigrants' Files To Contain Social Media Info

It looks like being the wrong kind of American will result in the mandatory collection of social media account handles and aliases. New rules on social media snooping have been floated several times with varying degrees of sincerity, but this time the DHS actually means it.

Sep 27 12:32

Brevity No Longer The Soul Of Twit: Twitter To Double Character Limit

Twitter has started testing a new feature that would double the number of characters users can fit in a single post, from 140 to 280. However, the proposed expanded limit would only apply to users who tweet in certain languages.

Sep 27 09:47

Slow Wi-fi? Hackers may have turned your gadgets into 'zombie' botnets that conduct criminal activities without you knowing

Researchers from Norton Security compiled data from parent firm Symantec and found 6.7 million more bots joined the global botnet in 2016.

Bots are internet connected devices infected with malware that allow hackers to remotely take control of many devices at a time.

Whether it’s computers, smartphones, security cameras or home routers, many consumers are generally unaware their device may have been corralled into a bot master’s control.

Combined, these devices form powerful networks, called botnets, which can be used to wreak havoc online.

Sep 27 09:46

Ransomware is the top threat facing computer users as Interpol reveals massive 2017 cybercrime 'epidemic'

Ransomware eclipsed most other forms of cybercrime as on-line crime surged in 2017, European policing agency Europol said on Wednesday, citing high-profile attacks such as 'WannaCry' that reached millions of computers.

Europol coordinated several successful cross-border operations against cybercriminals last year.

But national authorities urgently need to devote more resources to targeting the developers of hacking tools, the agency's head said.

Sep 27 09:22

Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked'

Monday’s news that multinational consultancy Deloitte had been hacked was dismissed by the firm as a small incident.

Now evidence suggests it's no surprise the biz was infiltrated: it appears to be all over the shop, security wise.

On Tuesday, what seemed to be a collection of Deloitte's corporate VPN passwords, user names, and operational details were found lurking within a public-facing GitHub-hosted repository. These have since been removed in the past hour or so. In addition, it appears that a Deloitte employee uploaded company proxy login credentials to his public Google+ page. The information was up there for over six months – and was removed in the past few minutes.

Sep 27 09:16

Cisco polishes the axe for more HQ job cuts

Cisco is saying farewell to 310 more staff from its corporate HQ in California, according to a filing with the Worker Adjustment and Retraining Notification (WARN) system.

As part of its struggle to stay relevant in a world of cloud tech, the router and switch maker has spent the past seven years restructuring by removing people deemed to have the wrong skills and hiring new folk.

Back in May, Switchzilla confirmed its intent to chop 1,100 job worldwide, with 250 reductions earmarked for HQ in San Jose.

Sep 27 09:13

Google Researcher Publishes PoC Exploit for Apple iPhone Wi-Fi Chip Hack

You have now another good reason to update your iPhone to newly released iOS 11—a security vulnerability in iOS 10 and earlier now has a working exploit publicly available.

Gal Beniamini, a security researcher with Google Project Zero, has discovered a security vulnerability (CVE-2017-11120) in Apple's iPhone and other devices that use Broadcom Wi-Fi chips and is hell easy to exploit.

This flaw is similar to the one Beniamini discovered in the Broadcom WiFi SoC (Software-on-Chip) back in April, and BroadPwn vulnerability disclosed by an Exodus Intelligence researcher Nitay Artenstein, earlier this summer. All flaws allow a remote takeover of smartphones over local Wi-Fi networks.

The newly discovered vulnerability, which Apple fixed with its major iOS update released on September 19, could allow hackers to take control over the vi

Sep 27 08:08

Microsoft tries to stem its self-made collaboration-tool confusion

Microsoft is using this week's Ignite conference to try to help clarify its collaboration-tool strategy. Here's how SharePoint, Teams and Yammer figure in the mix.

Sep 27 08:07

Apple's first iOS 11 update: iPhone users get urgent fix for broken Microsoft email

Apple fixes an iOS 11 bug that stopped iPhone users sending email from Microsoft's email services.

Sep 27 07:33

‘Very troubling’: US asks China to hold off on cybersecurity law

Washington has asked Beijing to refrain from enforcing a new cybersecurity law that would require foreign and domestic companies to store user data in China and submit to security checks, saying such measures would damage global trade.

Webmaster's Commentary: 

Interesting. The US Government is moving to have the people store their data in large corporate-owned cloud servers, but when it comes to China, prefers to keep US data under their own control.

Sep 26 16:58

Another Appeals Court Rules Warrants Required for “Stingray” Cellphone Surveillance

By Derrick Broze

An appeals court in Washington has ruled that law enforcement must acquire a search warrant before employing cell phone surveillance tools often known as “Stingrays.”

On September 21, an appeals court in Washington issued a damning ruling regarding law enforcement use of cell phone surveillance tools without the use of a warrant. The appeals court became the fourth court to rule against the unrestricted use of the controversial cell site simulators, sometimes known as “Stingrays.” The issue could eventually make its way to the Supreme Court. Stingray is the brand name of a popular cell-site simulator manufactured by the Harris Corporation.

Sep 26 15:31

FLASHBACK - Panama Papers Data Leak : King of Saudi Arabia sponsored Netanyahu’s campaign

According to the Middle East Observer, Isaac Herzog, member of the Knesset and Chairman of the Israeli Labor party, revealed that Saudi King Salman bin Abdulaziz financed the election campaign of Israeli Prime Minister, Benjamin Netanyahu.

Sep 26 12:15

Fired Google Engineer Still Being Shamed, This Time By Netflix Executive

While the left is suddenly concerned with “freedom of expression” over KneeGatePaloozaGhazi, the right is quick to remind them, “Yeah, no you’re not.”

Sep 26 10:36

Are YOU having problems with iOS 11? Apple users complain the update drains their iPhone's battery and slows down apps

Some users claim that their phones 'just get stuck on apps' and that a hard reset is the only way to resolve the issue.

Apps including Reddit, Snapchat, Twitter, Facebook, Messenger, Safari, all appear to be affected.

For others the iOS update has drained their battery life - although there appears to be an explanation for this problem.

Wandera, a London-based mobile security company, found iPhones using iOS 11 took 96 minutes to empty their battery from 100 per cent charge.

Those on iOS 10 took longer, at 240 minutes.

Liana La Porta, head of content marketing at Wandera, conducted a study of 50,000 iPhones battery life.

The study found that battery drain may down to the iPhone's Spotlight app.

Sep 26 10:29

Man convicted of terror offence for refusing to give police phone and laptop password

The director of an advocacy group has been convicted of a terror offence after refusing to give police passwords to access his phone and laptop at Heathrow Airport.

Muhammad Rabbani vowed to appeal the first verdict of its kind after being handed a 12 month conditional discharge and ordered to pay £620 in costs at Westminster Magistrates' Court.

The director of Cage was stopped under the Terrorism Act on 20 November last year after returning home from a wedding in Doha, Qatar.

Officers demanded access to his phone and laptop under wide-ranging powers granted by Schedule 7 of the law.

It allows police and immigration officials to stop, search, question and detain anyone at British ports and airports to determine whether they were involved in the “commission, preparation or instigation of acts of terrorism” – with or without reasonable suspicion.

Webmaster's Commentary: 

Like all the other erosions of our civil liberties this law will do nothing to stop real terrorists, who know not to use the internet for communications or to keep sensitive data on their phones and laptops.

The above hollowed-out coin can hold a micro SD card. Micro SD cards can hold huge amounts of data, topping out at 400 Gbytes; more than a third of a terabyte.

Real criminals and terrorists will use devices like this to protect their secrets, while law abiding citizens who simply desire their right to privacy are harassed and, as in this case, arrested.

Sep 26 10:15

Source: Deloitte Breach Affected All Company Email, Admin Accounts

Deloitte, one of the world’s “big four” accounting firms, has acknowledged a breach of its internal email systems, British news outlet The Guardian revealed today. Deloitte has sought to downplay the incident, saying it impacted “very few” clients. But according to a source close to the investigation, the breach dates back to at least the fall of 2016, and involves the compromise of all administrator accounts at the company as well as Deloitte’s entire internal email system.

Sep 26 09:44

SPYING BICYCLES LET POLICE KNOW WHO AND WHERE YOU ARE

Can you recall when your parents bought your first bicycle? Can you recall how thrilled you were when you didn’t need training wheels? Those were great memories right? Now imagine a future, where parents are forced to buy a bicycle that uploads all your kids data to a NASA spy satellite that knows exactly where they are are at all times.

Sep 26 09:36

First Android Malware Found Exploiting Dirty COW Linux Flaw to Gain Root Privileges

The malware uses the Dirty COW exploit to root Android devices via the copy-on-write (COW) mechanism in Android's Linux kernel and install a backdoor which can then be used by attackers to collect data and generate profit through a premium rate phone number.

Trend Micro researchers detected the ZNIU malware in more than 1,200 malicious Android apps—some of which disguised themselves as pornography and gaming apps—alongside host websites containing malware rootkits that exploit Dirty Cow.

While the Dirty Cow flaw impacts all versions of the Android operating system, the ZNIU's Dirty Cow exploit only affects Android devices with ARM/X86 64-bit architecture. However, the recent exploit can be used to bypass SELinux and plant backdoors.

Sep 26 09:35

Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext

Apple yesterday rolled out a new version of its macOS operating system, dubbed High Sierra 10.13—a few hours before an ex-NSA hacker publicly disclosed the details of a critical vulnerability that affects High Sierra as well as all earlier versions of macOS.

Patrick Wardle, an ex-NSA hacker and now head of research at security firm Synack, found a critical zero-day vulnerability in macOS that could allow any installed application to steal usernames and plaintext passwords of online accounts stored in the Mac Keychain.

Sep 26 09:33

Insteon and Wink home hubs appear to have a problem with encryption

Which is to say neither do it

Sep 26 09:30

CBS's Showtime caught mining crypto-coins in viewers' web browsers

The websites of US telly giant CBS's Showtime contained JavaScript that secretly commandeered viewers' web browsers over the weekend to mine cryptocurrency.

The flagship Showtime.com and its instant-access ShowtimeAnytime.com sibling silently pulled in code that caused browsers to blow spare processor time calculating new Monero coins – a privacy-focused alternative to the ever-popular Bitcoin. The hidden software typically consumed as much as 60 per cent of CPU capacity on computers visiting the sites.

Sep 26 09:28

Researchers promise demo of 'God-mode' pwnage of Intel mobos

Security researchers say they've found a way to exploit Intel's accident-prone Management Engine, and will reveal the problem at Black Hat Europe in December.

Positive Technologies researchers say the exploit “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard via Skylake+”.

Intel Management Engine (ME), a microcontroller that handles much of the communication between the processor and external devices, hit the headlines in May 2017 due to security concerns regarding the Active Management Technology (AMT) that runs on top of the engine.

It later emerged that AMT had a simple authentication error: an attacker could login with an empty password field.

For those whose vendors haven't pushed a firmware patch for AMT, in August Positive Technologies discovered how to switch off Management Engine.

Sep 26 09:24

The next must-have smartphone upgrades: Components you can swap yourself, and a conscience

Fairphone's second-generation handset, which was released in 2015, made a virtue of having components that could be easily swapped out by the device's owners, even if they had no technical skills to speak of. By making a device with simple-to-replace parts, Fairphone hoped it could extend the lifetime of its smartphones: rather than buy a whole device when the screen breaks, you just buy a new screen instead.

Sep 26 09:23

Equifax chief executive steps down after massive data breach

The former chief executive made over $4 million in salary last year.

Sep 25 09:30

Cheat sheet: How to become a cybersecurity pro

If you are interested in pursuing a career in cybersecurity and don't know where to start, here's your go-to guide to salaries, job markets, skills, and common interview questions in the field.

Sep 25 09:28

FACEBOOK TO MONITOR EVERYWHERE USERS HAVE BEEN FOR HIGHLY TARGETED ADS

Advertisers can now target Facebook users based on where they’ve been in the real world. The social network is allowing thousands of companies to serve ads specifically to people who have walked into their physical stores, in order to get them to come back.

Sep 25 05:54

Guess – go on, guess – where a vehicle tracking company left half a million records

A US outfit that sells vehicle tracking services has been accused of leaving more than half a million records in a leaky AWS S3 bucket.

The Kromtech Security Centre, which has made belling this particular cat its hobby, says it found a total of 540,642 ID numbers associated with SVR Tracking, an outfit that uses GPS devices to track vehicles so they can be found if their owners fall into arrears on payments.

Kromtech says data left lying around includes “logins / passwords, emails, VIN (vehicle identification number), IMEI numbers of GPS devices and other data that is collected on their devices, customers and auto dealerships”.

Sep 24 07:11

U.S. Government Announces 21 States Had Hackers Target Their System – Leaves Out DHS Hackers

By Aaron Kesel

The federal government just announced on Friday that election officials in 21 states had hackers target their systems before last year’s presidential election according to the Associated Press. But what about the DHS’s own attempted meddling in the election, getting caught red-handed running unauthorized scans for vulnerabilities in voter databases in more than five states...

Sep 23 19:17

Chrome Extension Embeds In-Browser Monero Miner That Drains Your CPU

The authors of SafeBrowse, a Chrome extension with more than 140,000 users, have embedded a JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent.

The additional code drives CPU usage through the roof, making users computers sluggish and hard to use.

Sep 23 15:36

Former Congressman Warns That Foreign Countries Could Bribe The Feds To “Regulate Drudge”

Consider this. As the establishment media continues to push their 24/7 anti-Trump echo chamber, real dangers poised by other countries are going unchecked, with many in the media most likely on board with the idea that top conservative news outlets need to be censored. At this point one can’t help but wonder (and worry) that some form of political censorship of the internet is on the horizon which will most likely be attempted by connecting the amazing success of someone like Matt Drudge to supposed Russian propaganda operations – all in the name of censoring non leftist voices.

Sep 23 10:36

GCHQ Warns of Massive Looming Cyberattack That Will Demand ‘National Response’

UK intelligence agency GCHQ’s National Cyber Security Center has warned the UK will fall victim to a major “preventable” cyberattack, even more severe than the WannaCry strike.

GCHQ’s National Cyber Security Center (NCSC) has warned the UK should be prepared for a major “category one” cyberattack — a major escalation from May’s WannaCry ransomware assault, that hit government servers severely.

The NCSC is aware of connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors.

Webmaster's Commentary: 

Lemme guess; the hackers are from Iran, Russia, and North Korea.

Sep 22 15:32

Dear Apple, The iPhone X and Face ID are Orwellian and Creepy

For the company that famously used 1984 in its advertising to usher in a new era of personal computing, it is pretty ironic that 30+ years later they would announce technology that has the potential to eliminate global privacy.

Sep 22 15:16

NBD: Adobe just dumped its PRIVATE PGP key on the internet

It goes without saying that the disclosure of a private security key would, to put it mildly, ruin a few employees' Friday. Armed with the private key, an attacker could spoof PGP-signed messages as coming from Adobe. Additionally, someone (cough, cough the NSA) with the ability to intercept emails – such as those detailing exploitable Flash security vulnerability reports intended for Adobe's eyes only – could use the exposed key to decrypt messages that could contain things like, say, zero-day vulnerability disclosures.

Armed with that info, miscreants could exploit that information to infect victims with malware before Adobe had even considered deploying a patch.

Sep 22 12:49

Court rules Stingray use without a warrant violates Fourth Amendment

Today, the Washington DC Court of Appeals overturned a Superior Court conviction of a man who was located by police using a cell-site simulator, or Stingray, CBS News reports. The court ruled that the defendant's Fourth Amendment rights were violated when law enforcement tracked down the suspect using his own cell phone without a warrant.

Stingrays work by pretending to be a cell tower and once they're brought close enough to a particular phone, that phone pings a signal off of them. The Stingray then grabs onto that signal and allows whoever's using it to locate the phone in question. These sorts of devices are used by a number of different agencies including the FBI, ICE, the IRS as well as police officers.

Sep 22 09:05

One Simple Chart Proves That Facebook Thinks You're A Moron

The chart below demonstrates how the $50,000 worth of ad buys that 'MAY' have been purchased by Russian-linked accounts to run 'potentially politically related' ads compares to the $26.8 billion in ad revenue that Facebook generated in the U.S. over the same time period between 3Q 2015 and 2Q 2017....If $50,000 can swing an entire presidential election can you imagine what $26.8 billion can do?

Sep 22 08:55

Important Details About Situation With SouthFront’s YouTube Channel

Summing up the described events, it becomes clear that SouthFront has faced a preplanned illegal campaign launched by some persons from the YouTube internal team.

SouthFront is waiting results of the investigation of this case by the YouTube staff. We want to know who was responsible for re-uploading/restoration of the video “Foreign Policy Diary ‘War on Terror’ [remastered]”. How was the video restored?

This series of hostile and disingenuous actions, as well as prejudicial treatment of some members of the YouTube staff against SouthFront poses a real threat that SouthFront’s YouTube channel might soon be closed down or frozen. In this case, SouthFront informs that you can watch all SouthFront videos at the project’s website, http://southfront.org

Sep 22 08:43

Jailbreaking your connected coffee machine: The idiocy of things

Pretty much all these things -- with the exception of the Amazon Echo, which uses AWS for virtually everything -- can act as regular dumb devices that can be operated manually in the event they lose connectivity.

But, increasingly, I am starting to see smart devices that not only rely on connectivity for basic functionality but use networking and sensors in order to prevent end-users from actually getting the most out of their devices.

Specifically, I am talking about smart appliances that depend on refillable supplies. In information technology, the most notable offender is Hewlett-Packard small/home office printers, which not only use proprietary ink and toner cartridges that are specific to each model but employ validation technology to determine that the refills are in fact genuine OEM parts, and it will disable third-party cartridges if detected.

Sep 22 06:14

Harvard Study Proves Apple Slows Down old iPhones to Sell Millions of New Models

People have made the anecdotal observation that their Apple products become much slower right before the release of a new model.

Now, a Harvard University study has done what any person with Google Trends could do, and pointed out that Google searches for “iPhone slow” spiked multiple times, just before the release of a new iPhone each time.

The study was performed by student Laura Trucco. The study also compared the results to “Samsung Galaxy slow,” and found that the same spike in searches did not occur before the release of a new Samsung phone.

Sep 22 06:06

The award for worst ISP goes to... it starts with Talk and ends with Talk

Two other big brands, Sky and BT, also in the naughty corner

Sep 21 18:25

Attention adults working in the real world: Do not upgrade to iOS 11 if you use Outlook, Exchange

Kiss your Microsoft email goodbye, for now, if you update

Sep 21 18:20

ISPs May Be Helping Hackers to Infect you with FinFisher Spyware

When the target users search for one of the affected applications on legitimate websites and click on its download link, their browser is served a modified URL, which redirects victims to a trojanized installation package hosted on the attacker's server.

This results in the installation of a version of the intended legitimate application bundled with the surveillance tool.

"The redirection is achieved by the legitimate download link being replaced by a malicious one," the researchers say. "The malicious link is delivered to the user’s browser via an HTTP 307 Temporary Redirect status response code indicating that the requested content has been temporarily moved to a new URL."

This whole redirection process, according to researchers, is "invisible to the naked eye" and occurs without user's knowledge.

Sep 21 17:29

Stock Markets HACKED!

Sep 21 13:50

Computers Rule The Earth

Optional Banner: 
WRH Exclusive
Sep 21 10:28

Apple concedes new watch has connectivity glitch

Apple Inc on Wednesday conceded its latest smartwatch unveiled a week ago has problems with its most important feature: the ability to make phone calls and access data without an iPhone nearby.

Several prominent reviewers said Wednesday they could not recommend the device because of a wifi glitch that causes cellular connectivity problems.

Sep 21 10:24

Apple has confirmed that Bluetooth and Wi-Fi are not fully disabled when toggled off in Control Center on iOS 11.

Even when toggled off in Control Center on an iPhone, iPad, or iPod touch running iOS 11 and later, a new support document says Bluetooth and Wi-Fi will continue to be available for AirDrop, AirPlay, Apple Pencil, Apple Watch, Location Services, and Continuity features like Handoff and Instant Hotspot.

Toggling off Bluetooth or Wi-Fi in Control Center only disconnects accessories now, rather than disabling connectivity entirely.

...

iOS 11 users can still completely disable Wi-Fi and Bluetooth for all networks and devices by toggling them off in the Settings app.

Sep 21 10:05

Are you being watched? FinFisher government spy tool found hiding as WhatsApp and Skype

Legitimate downloads of popular software including WhatsApp, Skype and VLC Player have allegedly being hacked at an internet service provider (ISP) level to spread an dvanced form of surveillance software known as "FinFisher", cybersecurity researchers warn.

FinFisher is sold to global governments and intelligence agencies and can be used to snoop on webcam feeds, keystrokes, microphones and web browsing. Documents, previously published by WikiLeaks, indicate that one tool called "FinFly ISP" may be linked to case.

...

This week (21 September), experts from cybersecurity firm Eset claimed that new FinFisher variants had been discovered in seven countries, two of which were being targeted by "man in the middle" (MitM) attacks at an ISP level – packaging real downloads with spyware.

Companies being hit included WhatsApp, Skype, Avast, VLC Player and WinRAR, it said, adding that "virtually any application could be misused in this way."

Sep 21 09:54

Why didn’t Equifax protect your data? Because corporations have all the power.

The hack revealed how little control consumers have these days.

Sep 21 09:52

More data lost or stolen in first half of 2017 than the whole of last year

More data records were leaked or stolen by miscreants during the first half of 2017 (1.9 billion) than all of 2016 (1.37 billion).

Digital security company Gemalto's Breach Level Index (PDF), published Wednesday, found that an average of 10.4 million records are exposed or swiped every day.

During the first half of 2017 there were 918 reported data breaches worldwide, compared with 815 in the last six months of 2016, an increase of 13 per cent. A total 22 breaches in Q1 2017 included the compromise, theft or loss of more than a million records.

Gemalto estimates less than 1 per cent of the stolen, lost or compromised data used encryption to render the information useless.

Sep 21 09:49

FedEx: TNT NotPetya infection blew a $300m hole in our numbers

FedEx has estimated this year's NotPetya ransomware outbreak cost it $300m in lost business and cleanup costs.

Sep 21 09:47

CCleaner targeted top tech companies in attempt to lift IP

Cisco's security limb Talos has probed the malware-laden CCleaner utility that Avast so kindly gave to the world and has concluded its purpose was to create secondary attacks that attempted to penetrate top technology companies. Talos also thinks the malware may have succeeded in delivering a payload to some of those firms targeted.

The malware that made its way into CCleaner gathers information about its host and sends it to what Talos calls the "C2 server". Whoever is behind the malware then reviews the hosts its code has compromised. It then tries to infect some of those hosts with what Talos characterises as "specialized secondary payloads".

Those payloads sometimes seek out top tech companies: Talos said its examination of code on the C2 server lists targets including Cisco, Microsoft, Sony, Intel, VMware, Samsung, D-Link, Epson, MSI, Linksys, Singtel and the dvrdns.org domain, which resolves to dyn.org.

Sep 21 09:45

You lost your ballpoint pen, Slack? Why's your Linux version unsigned?

Slack is distributing open Linux-based versions of its technology that are not digitally signed, contrary to industry best practice.

The absence of a digital signature creates a means for miscreants to sling around doctored versions of the software that users wouldn't easily be able to distinguish from the real thing.

El Reg learned of the issue from reader Trevor Hemsley, who reported the problem to Slack back in August and only notified the media after a promised fix failed to appear.

"Slack distribute Linux packages for their app and those packages come from a yum repository that does not have a GPG key and the packages are not signed," Hemsley explained.

Sep 21 09:21

Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server

A security researcher working for California-based cyber resiliency firm UpGuard has recently discovered a wide-open, public-facing misconfigured Amazon Web Server S3 cloud storage bucket containing roughly a gigabyte's worth of credentials and configuration files for the backend of dozens of Viacom properties.

These exposed credentials discovered by UpGuard researcher Chris Vickery would have been enough for hackers to take down Viacom's internal IT infrastructure and internet presence, allowing them to access cloud servers belonging to MTV, Paramount Pictures and Nickelodeon.

Among the data exposed in the leak was Viacom's master key to its Amazon Web Services account, and the credentials required to build and maintain Viacom servers across its many subsidiaries and dozens of brands.

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA