COMPUTERS/INTERNET/SECURITY | WHAT REALLY HAPPENED


COMPUTERS/INTERNET/SECURITY

Sep 28 15:21

IPhone X to use 'black box' anti-spoof Face ID tech

Even Apple will not be able to explain how its forthcoming iPhone X can spot some efforts to fool its facial recognition system.

The firm has released a guide to the Face ID system, which explains that it relies on two types of neural networks - one of which has been specifically trained to resist spoofing attempts.

But a consequence of the design is that it behaves like a "black box".

Its behaviour can be observed but the underlying processes remain opaque.

So, while Apple says Face ID should be able to distinguish between a real person's face and someone else wearing a mask that matches the geometry of their features, it will sometimes be impossible to determine what clues were picked up on.

Sep 28 10:07

Want a more powerful Raspberry Pi? Choose from these 20 alternatives

Some of these credit card-sized computers are starting to surpass the specs of the Pi 3, cramming in more memory, faster processors and additional features such as Gigabit Ethernet or support for 4K displays.

These extras come at a price, with most of these challengers costing more than the Pi 3, while also not sharing the Pi's extensive range of software, projects and community support.

But if you're looking for a more muscular alternative to the Pi, this is what's on offer, from the cheapest, through to premium single-board computers for those who prize power over price.

Sep 28 09:29

Conflict censorship? YouTube deletes footage of coalition airstrikes

Footage of coalition airstrikes against Islamic State (IS, formerly ISIS/ISIL) in Iraq has been removed and restricted by YouTube, sparking a furious censorship row for the video sharing site.

Sep 28 09:26

ECB President Admits Central Banks Have No Power To Regulate Bitcoin “It’s Outside Of Our Jurisdiction”

The president of the European Central Bank (ECB), Mario Draghi, admitted that Bitcoin and other cryptocurrencies used worldwide do not fall under the regulatory powers of the ECB.

“It Would Not Be Within Our Power to Prohibit or Regulate Bitcoin,” Mario Draghi, President of the European Central Bank said.

Draghi made the statement following a question from the European Parliament’s Committee on Economic and Monetary Affairs regarding whether or not the ECB plans to develop regulations pertaining to Bitcoin, and what risks cryptocurrencies may pose to the European economy...

Sep 28 08:52

'Momentary IT glitch' lasting just 15 MINUTES is blamed for chaos at airports worldwide as check-in desk computers crash leaving huge queues of furious passengers

Airline passengers are suffering major disruption at airports around the world after a computer programme which handles passenger check in systems crashed.

Queues formed at check-in desks worldwide this morning after the computer system used by more than 100 airlines crashed.

Problems have been reported at London's Heathrow and Gatwick airports, as well as Charles de Gaulle Paris, Washington DC, Baltimore, Melbourne, Changi in Singapore, Johannesburg and Zurich.

The check-in system which went down is run by Amadeus Altea, which services 64% of the Star Alliance flights, 75% of One World and 53% of the Sky Team, including BA, AirFrance, KLM and Lufthansa.

Sep 28 07:57

2-Year-Old Linux Kernel Issue Resurfaces As High-Risk Flaw

A bug in Linux kernel that was discovered two years ago, but was not considered a security threat at that time, has now been recognised as a potential local privilege escalation flaw.

Identified as CVE-2017-1000253, the bug was initially discovered by Google researcher Michael Davidson in April 2015.

Since it was not recognised as a serious bug at that time, the patch for this kernel flaw was not backported to long-term Linux distributions in kernel 3.10.77.

However, researchers at Qualys Research Labs has now found that this vulnerability could be exploited to escalate privileges and it affects all major Linux distributions, including Red Hat, Debian, and CentOS.

...

Linux distributions, including Red Hat, Debian, and CentOS, have released security updates to address the vulnerability.

Sep 27 14:52

DHS To Officially Require Immigrants' Files To Contain Social Media Info

It looks like being the wrong kind of American will result in the mandatory collection of social media account handles and aliases. New rules on social media snooping have been floated several times with varying degrees of sincerity, but this time the DHS actually means it.

Sep 27 12:32

Brevity No Longer The Soul Of Twit: Twitter To Double Character Limit

Twitter has started testing a new feature that would double the number of characters users can fit in a single post, from 140 to 280. However, the proposed expanded limit would only apply to users who tweet in certain languages.

Sep 27 09:47

Slow Wi-fi? Hackers may have turned your gadgets into 'zombie' botnets that conduct criminal activities without you knowing

Researchers from Norton Security compiled data from parent firm Symantec and found 6.7 million more bots joined the global botnet in 2016.

Bots are internet connected devices infected with malware that allow hackers to remotely take control of many devices at a time.

Whether it’s computers, smartphones, security cameras or home routers, many consumers are generally unaware their device may have been corralled into a bot master’s control.

Combined, these devices form powerful networks, called botnets, which can be used to wreak havoc online.

Sep 27 09:46

Ransomware is the top threat facing computer users as Interpol reveals massive 2017 cybercrime 'epidemic'

Ransomware eclipsed most other forms of cybercrime as on-line crime surged in 2017, European policing agency Europol said on Wednesday, citing high-profile attacks such as 'WannaCry' that reached millions of computers.

Europol coordinated several successful cross-border operations against cybercriminals last year.

But national authorities urgently need to devote more resources to targeting the developers of hacking tools, the agency's head said.

Sep 27 09:22

Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked'

Monday’s news that multinational consultancy Deloitte had been hacked was dismissed by the firm as a small incident.

Now evidence suggests it's no surprise the biz was infiltrated: it appears to be all over the shop, security wise.

On Tuesday, what seemed to be a collection of Deloitte's corporate VPN passwords, user names, and operational details were found lurking within a public-facing GitHub-hosted repository. These have since been removed in the past hour or so. In addition, it appears that a Deloitte employee uploaded company proxy login credentials to his public Google+ page. The information was up there for over six months – and was removed in the past few minutes.

Sep 27 09:16

Cisco polishes the axe for more HQ job cuts

Cisco is saying farewell to 310 more staff from its corporate HQ in California, according to a filing with the Worker Adjustment and Retraining Notification (WARN) system.

As part of its struggle to stay relevant in a world of cloud tech, the router and switch maker has spent the past seven years restructuring by removing people deemed to have the wrong skills and hiring new folk.

Back in May, Switchzilla confirmed its intent to chop 1,100 job worldwide, with 250 reductions earmarked for HQ in San Jose.

Sep 27 09:13

Google Researcher Publishes PoC Exploit for Apple iPhone Wi-Fi Chip Hack

You have now another good reason to update your iPhone to newly released iOS 11—a security vulnerability in iOS 10 and earlier now has a working exploit publicly available.

Gal Beniamini, a security researcher with Google Project Zero, has discovered a security vulnerability (CVE-2017-11120) in Apple's iPhone and other devices that use Broadcom Wi-Fi chips and is hell easy to exploit.

This flaw is similar to the one Beniamini discovered in the Broadcom WiFi SoC (Software-on-Chip) back in April, and BroadPwn vulnerability disclosed by an Exodus Intelligence researcher Nitay Artenstein, earlier this summer. All flaws allow a remote takeover of smartphones over local Wi-Fi networks.

The newly discovered vulnerability, which Apple fixed with its major iOS update released on September 19, could allow hackers to take control over the vi

Sep 27 08:08

Microsoft tries to stem its self-made collaboration-tool confusion

Microsoft is using this week's Ignite conference to try to help clarify its collaboration-tool strategy. Here's how SharePoint, Teams and Yammer figure in the mix.

Sep 27 08:07

Apple's first iOS 11 update: iPhone users get urgent fix for broken Microsoft email

Apple fixes an iOS 11 bug that stopped iPhone users sending email from Microsoft's email services.

Sep 27 07:33

‘Very troubling’: US asks China to hold off on cybersecurity law

Washington has asked Beijing to refrain from enforcing a new cybersecurity law that would require foreign and domestic companies to store user data in China and submit to security checks, saying such measures would damage global trade.

Webmaster's Commentary: 

Interesting. The US Government is moving to have the people store their data in large corporate-owned cloud servers, but when it comes to China, prefers to keep US data under their own control.

Sep 26 16:58

Another Appeals Court Rules Warrants Required for “Stingray” Cellphone Surveillance

By Derrick Broze

An appeals court in Washington has ruled that law enforcement must acquire a search warrant before employing cell phone surveillance tools often known as “Stingrays.”

On September 21, an appeals court in Washington issued a damning ruling regarding law enforcement use of cell phone surveillance tools without the use of a warrant. The appeals court became the fourth court to rule against the unrestricted use of the controversial cell site simulators, sometimes known as “Stingrays.” The issue could eventually make its way to the Supreme Court. Stingray is the brand name of a popular cell-site simulator manufactured by the Harris Corporation.

Sep 26 15:31

FLASHBACK - Panama Papers Data Leak : King of Saudi Arabia sponsored Netanyahu’s campaign

According to the Middle East Observer, Isaac Herzog, member of the Knesset and Chairman of the Israeli Labor party, revealed that Saudi King Salman bin Abdulaziz financed the election campaign of Israeli Prime Minister, Benjamin Netanyahu.

Sep 26 12:15

Fired Google Engineer Still Being Shamed, This Time By Netflix Executive

While the left is suddenly concerned with “freedom of expression” over KneeGatePaloozaGhazi, the right is quick to remind them, “Yeah, no you’re not.”

Sep 26 10:36

Are YOU having problems with iOS 11? Apple users complain the update drains their iPhone's battery and slows down apps

Some users claim that their phones 'just get stuck on apps' and that a hard reset is the only way to resolve the issue.

Apps including Reddit, Snapchat, Twitter, Facebook, Messenger, Safari, all appear to be affected.

For others the iOS update has drained their battery life - although there appears to be an explanation for this problem.

Wandera, a London-based mobile security company, found iPhones using iOS 11 took 96 minutes to empty their battery from 100 per cent charge.

Those on iOS 10 took longer, at 240 minutes.

Liana La Porta, head of content marketing at Wandera, conducted a study of 50,000 iPhones battery life.

The study found that battery drain may down to the iPhone's Spotlight app.

Sep 26 10:29

Man convicted of terror offence for refusing to give police phone and laptop password

The director of an advocacy group has been convicted of a terror offence after refusing to give police passwords to access his phone and laptop at Heathrow Airport.

Muhammad Rabbani vowed to appeal the first verdict of its kind after being handed a 12 month conditional discharge and ordered to pay £620 in costs at Westminster Magistrates' Court.

The director of Cage was stopped under the Terrorism Act on 20 November last year after returning home from a wedding in Doha, Qatar.

Officers demanded access to his phone and laptop under wide-ranging powers granted by Schedule 7 of the law.

It allows police and immigration officials to stop, search, question and detain anyone at British ports and airports to determine whether they were involved in the “commission, preparation or instigation of acts of terrorism” – with or without reasonable suspicion.

Webmaster's Commentary: 

Like all the other erosions of our civil liberties this law will do nothing to stop real terrorists, who know not to use the internet for communications or to keep sensitive data on their phones and laptops.

The above hollowed-out coin can hold a micro SD card. Micro SD cards can hold huge amounts of data, topping out at 400 Gbytes; more than a third of a terabyte.

Real criminals and terrorists will use devices like this to protect their secrets, while law abiding citizens who simply desire their right to privacy are harassed and, as in this case, arrested.

Sep 26 10:15

Source: Deloitte Breach Affected All Company Email, Admin Accounts

Deloitte, one of the world’s “big four” accounting firms, has acknowledged a breach of its internal email systems, British news outlet The Guardian revealed today. Deloitte has sought to downplay the incident, saying it impacted “very few” clients. But according to a source close to the investigation, the breach dates back to at least the fall of 2016, and involves the compromise of all administrator accounts at the company as well as Deloitte’s entire internal email system.

Sep 26 09:44

SPYING BICYCLES LET POLICE KNOW WHO AND WHERE YOU ARE

Can you recall when your parents bought your first bicycle? Can you recall how thrilled you were when you didn’t need training wheels? Those were great memories right? Now imagine a future, where parents are forced to buy a bicycle that uploads all your kids data to a NASA spy satellite that knows exactly where they are are at all times.

Sep 26 09:36

First Android Malware Found Exploiting Dirty COW Linux Flaw to Gain Root Privileges

The malware uses the Dirty COW exploit to root Android devices via the copy-on-write (COW) mechanism in Android's Linux kernel and install a backdoor which can then be used by attackers to collect data and generate profit through a premium rate phone number.

Trend Micro researchers detected the ZNIU malware in more than 1,200 malicious Android apps—some of which disguised themselves as pornography and gaming apps—alongside host websites containing malware rootkits that exploit Dirty Cow.

While the Dirty Cow flaw impacts all versions of the Android operating system, the ZNIU's Dirty Cow exploit only affects Android devices with ARM/X86 64-bit architecture. However, the recent exploit can be used to bypass SELinux and plant backdoors.

Sep 26 09:35

Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext

Apple yesterday rolled out a new version of its macOS operating system, dubbed High Sierra 10.13—a few hours before an ex-NSA hacker publicly disclosed the details of a critical vulnerability that affects High Sierra as well as all earlier versions of macOS.

Patrick Wardle, an ex-NSA hacker and now head of research at security firm Synack, found a critical zero-day vulnerability in macOS that could allow any installed application to steal usernames and plaintext passwords of online accounts stored in the Mac Keychain.

Sep 26 09:33

Insteon and Wink home hubs appear to have a problem with encryption

Which is to say neither do it

Sep 26 09:30

CBS's Showtime caught mining crypto-coins in viewers' web browsers

The websites of US telly giant CBS's Showtime contained JavaScript that secretly commandeered viewers' web browsers over the weekend to mine cryptocurrency.

The flagship Showtime.com and its instant-access ShowtimeAnytime.com sibling silently pulled in code that caused browsers to blow spare processor time calculating new Monero coins – a privacy-focused alternative to the ever-popular Bitcoin. The hidden software typically consumed as much as 60 per cent of CPU capacity on computers visiting the sites.

Sep 26 09:28

Researchers promise demo of 'God-mode' pwnage of Intel mobos

Security researchers say they've found a way to exploit Intel's accident-prone Management Engine, and will reveal the problem at Black Hat Europe in December.

Positive Technologies researchers say the exploit “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard via Skylake+”.

Intel Management Engine (ME), a microcontroller that handles much of the communication between the processor and external devices, hit the headlines in May 2017 due to security concerns regarding the Active Management Technology (AMT) that runs on top of the engine.

It later emerged that AMT had a simple authentication error: an attacker could login with an empty password field.

For those whose vendors haven't pushed a firmware patch for AMT, in August Positive Technologies discovered how to switch off Management Engine.

Sep 26 09:24

The next must-have smartphone upgrades: Components you can swap yourself, and a conscience

Fairphone's second-generation handset, which was released in 2015, made a virtue of having components that could be easily swapped out by the device's owners, even if they had no technical skills to speak of. By making a device with simple-to-replace parts, Fairphone hoped it could extend the lifetime of its smartphones: rather than buy a whole device when the screen breaks, you just buy a new screen instead.

Sep 26 09:23

Equifax chief executive steps down after massive data breach

The former chief executive made over $4 million in salary last year.

Sep 25 09:30

Cheat sheet: How to become a cybersecurity pro

If you are interested in pursuing a career in cybersecurity and don't know where to start, here's your go-to guide to salaries, job markets, skills, and common interview questions in the field.

Sep 25 09:28

FACEBOOK TO MONITOR EVERYWHERE USERS HAVE BEEN FOR HIGHLY TARGETED ADS

Advertisers can now target Facebook users based on where they’ve been in the real world. The social network is allowing thousands of companies to serve ads specifically to people who have walked into their physical stores, in order to get them to come back.

Sep 25 05:54

Guess – go on, guess – where a vehicle tracking company left half a million records

A US outfit that sells vehicle tracking services has been accused of leaving more than half a million records in a leaky AWS S3 bucket.

The Kromtech Security Centre, which has made belling this particular cat its hobby, says it found a total of 540,642 ID numbers associated with SVR Tracking, an outfit that uses GPS devices to track vehicles so they can be found if their owners fall into arrears on payments.

Kromtech says data left lying around includes “logins / passwords, emails, VIN (vehicle identification number), IMEI numbers of GPS devices and other data that is collected on their devices, customers and auto dealerships”.

Sep 24 07:11

U.S. Government Announces 21 States Had Hackers Target Their System – Leaves Out DHS Hackers

By Aaron Kesel

The federal government just announced on Friday that election officials in 21 states had hackers target their systems before last year’s presidential election according to the Associated Press. But what about the DHS’s own attempted meddling in the election, getting caught red-handed running unauthorized scans for vulnerabilities in voter databases in more than five states...

Sep 23 19:17

Chrome Extension Embeds In-Browser Monero Miner That Drains Your CPU

The authors of SafeBrowse, a Chrome extension with more than 140,000 users, have embedded a JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent.

The additional code drives CPU usage through the roof, making users computers sluggish and hard to use.

Sep 23 15:36

Former Congressman Warns That Foreign Countries Could Bribe The Feds To “Regulate Drudge”

Consider this. As the establishment media continues to push their 24/7 anti-Trump echo chamber, real dangers poised by other countries are going unchecked, with many in the media most likely on board with the idea that top conservative news outlets need to be censored. At this point one can’t help but wonder (and worry) that some form of political censorship of the internet is on the horizon which will most likely be attempted by connecting the amazing success of someone like Matt Drudge to supposed Russian propaganda operations – all in the name of censoring non leftist voices.

Sep 23 10:36

GCHQ Warns of Massive Looming Cyberattack That Will Demand ‘National Response’

UK intelligence agency GCHQ’s National Cyber Security Center has warned the UK will fall victim to a major “preventable” cyberattack, even more severe than the WannaCry strike.

GCHQ’s National Cyber Security Center (NCSC) has warned the UK should be prepared for a major “category one” cyberattack — a major escalation from May’s WannaCry ransomware assault, that hit government servers severely.

The NCSC is aware of connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors.

Webmaster's Commentary: 

Lemme guess; the hackers are from Iran, Russia, and North Korea.

Sep 22 15:32

Dear Apple, The iPhone X and Face ID are Orwellian and Creepy

For the company that famously used 1984 in its advertising to usher in a new era of personal computing, it is pretty ironic that 30+ years later they would announce technology that has the potential to eliminate global privacy.

Sep 22 15:16

NBD: Adobe just dumped its PRIVATE PGP key on the internet

It goes without saying that the disclosure of a private security key would, to put it mildly, ruin a few employees' Friday. Armed with the private key, an attacker could spoof PGP-signed messages as coming from Adobe. Additionally, someone (cough, cough the NSA) with the ability to intercept emails – such as those detailing exploitable Flash security vulnerability reports intended for Adobe's eyes only – could use the exposed key to decrypt messages that could contain things like, say, zero-day vulnerability disclosures.

Armed with that info, miscreants could exploit that information to infect victims with malware before Adobe had even considered deploying a patch.

Sep 22 12:49

Court rules Stingray use without a warrant violates Fourth Amendment

Today, the Washington DC Court of Appeals overturned a Superior Court conviction of a man who was located by police using a cell-site simulator, or Stingray, CBS News reports. The court ruled that the defendant's Fourth Amendment rights were violated when law enforcement tracked down the suspect using his own cell phone without a warrant.

Stingrays work by pretending to be a cell tower and once they're brought close enough to a particular phone, that phone pings a signal off of them. The Stingray then grabs onto that signal and allows whoever's using it to locate the phone in question. These sorts of devices are used by a number of different agencies including the FBI, ICE, the IRS as well as police officers.

Sep 22 09:05

One Simple Chart Proves That Facebook Thinks You're A Moron

The chart below demonstrates how the $50,000 worth of ad buys that 'MAY' have been purchased by Russian-linked accounts to run 'potentially politically related' ads compares to the $26.8 billion in ad revenue that Facebook generated in the U.S. over the same time period between 3Q 2015 and 2Q 2017....If $50,000 can swing an entire presidential election can you imagine what $26.8 billion can do?

Sep 22 08:55

Important Details About Situation With SouthFront’s YouTube Channel

Summing up the described events, it becomes clear that SouthFront has faced a preplanned illegal campaign launched by some persons from the YouTube internal team.

SouthFront is waiting results of the investigation of this case by the YouTube staff. We want to know who was responsible for re-uploading/restoration of the video “Foreign Policy Diary ‘War on Terror’ [remastered]”. How was the video restored?

This series of hostile and disingenuous actions, as well as prejudicial treatment of some members of the YouTube staff against SouthFront poses a real threat that SouthFront’s YouTube channel might soon be closed down or frozen. In this case, SouthFront informs that you can watch all SouthFront videos at the project’s website, http://southfront.org

Sep 22 08:43

Jailbreaking your connected coffee machine: The idiocy of things

Pretty much all these things -- with the exception of the Amazon Echo, which uses AWS for virtually everything -- can act as regular dumb devices that can be operated manually in the event they lose connectivity.

But, increasingly, I am starting to see smart devices that not only rely on connectivity for basic functionality but use networking and sensors in order to prevent end-users from actually getting the most out of their devices.

Specifically, I am talking about smart appliances that depend on refillable supplies. In information technology, the most notable offender is Hewlett-Packard small/home office printers, which not only use proprietary ink and toner cartridges that are specific to each model but employ validation technology to determine that the refills are in fact genuine OEM parts, and it will disable third-party cartridges if detected.

Sep 22 06:14

Harvard Study Proves Apple Slows Down old iPhones to Sell Millions of New Models

People have made the anecdotal observation that their Apple products become much slower right before the release of a new model.

Now, a Harvard University study has done what any person with Google Trends could do, and pointed out that Google searches for “iPhone slow” spiked multiple times, just before the release of a new iPhone each time.

The study was performed by student Laura Trucco. The study also compared the results to “Samsung Galaxy slow,” and found that the same spike in searches did not occur before the release of a new Samsung phone.

Sep 22 06:06

The award for worst ISP goes to... it starts with Talk and ends with Talk

Two other big brands, Sky and BT, also in the naughty corner

Sep 21 18:25

Attention adults working in the real world: Do not upgrade to iOS 11 if you use Outlook, Exchange

Kiss your Microsoft email goodbye, for now, if you update

Sep 21 18:20

ISPs May Be Helping Hackers to Infect you with FinFisher Spyware

When the target users search for one of the affected applications on legitimate websites and click on its download link, their browser is served a modified URL, which redirects victims to a trojanized installation package hosted on the attacker's server.

This results in the installation of a version of the intended legitimate application bundled with the surveillance tool.

"The redirection is achieved by the legitimate download link being replaced by a malicious one," the researchers say. "The malicious link is delivered to the user’s browser via an HTTP 307 Temporary Redirect status response code indicating that the requested content has been temporarily moved to a new URL."

This whole redirection process, according to researchers, is "invisible to the naked eye" and occurs without user's knowledge.

Sep 21 17:29

Stock Markets HACKED!

Sep 21 13:50

Computers Rule The Earth

Optional Banner: 
WRH Exclusive
Sep 21 10:28

Apple concedes new watch has connectivity glitch

Apple Inc on Wednesday conceded its latest smartwatch unveiled a week ago has problems with its most important feature: the ability to make phone calls and access data without an iPhone nearby.

Several prominent reviewers said Wednesday they could not recommend the device because of a wifi glitch that causes cellular connectivity problems.

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA