Jul 10 09:39

New Research Shows Guccifer 2.0 Files Were Copied Locally, Not Hacked

New meta-analysis has emerged from a document published today by an independent researcher known as The Forensicator, which suggests that files eventually published by the Guccifer 2.0 persona were likely initially downloaded by a person with physical access to a computer possibly connected to the internal DNC network.

Jul 10 08:55

New Report Shows Guccifer 2.0-DNC Files Were Copied Locally—Not Hacked

A mysterious IT specialist, who goes by the name The Forensicator, published a detailed report that appears to disprove the theory that the DNC was hacked by Russia.

Jul 10 08:15

A DRM standard has been approved for the web, and security researchers are worried

The new standard is called EME, or Encrypted Media Extensions, and it allows DRM systems to hook directly into your browser. That way, Netflix and other streaming video services can protect their shows and movies without making users install annoying, often insecure plugins like Flash or Silverlight. On that note, it’s a win. But in other ways, EME’s approval has a lot of people concerned.

Researchers and open web advocates worry that by approving this standard, W3C, the World Wide Web Consortium, is giving major browser developers and content providers too much power over what users and researchers can do. “This will break people, companies, and projects,” Cory Doctorow writes on the Electronic Frontier Foundation (EFF)’s blog.

Jul 10 08:10

MSM Runs with Claim of Russia Hacking Nuclear Plants Despite Admitting to Zero Evidence

By Aaron Kesel

MSM ran with a report about “Russians hacking nuclear plants” – there is just one problem, the report they are all citing explicitly states within the first paragraph that there is no evidence of hacking.

The report originating from the Washington Post ran the headline “U.S. officials say Russian government hackers have penetrated energy and nuclear company business networks,” the key problem is it’s absolute pure clickbait fake news that debunks itself as you read...

Jul 09 17:31

Facebook and WhatsApp HACK risk - Malware steals sensitive info from YOUR favourite apps

The SpyDealer malware has existed for almost TWO years and is capable of stealing information from 40 apps including Facebook, WhatsApp and Skype.

The trojan is capable of grabbing vast amounts of sensitive information from users, such as phone numbers, messages, contacts and call history.

It is even capable of finding out the location of the compromised device and - quite terrifyingly - recording any phone calls you make.

Any surrounding audio and video will be recorded, and Spydealer can also use the front and rear cameras of a device to take pictures.


Experts believe the malware was NOT spread through the Google Play store.

Instead, the three versions of SpyDealer that are being spread is via third party app stores disguised as ‘Google Update’ software.

Jul 09 16:57

GnuPG crypto library cracked, look for patches

Linux users need to check out their distributions to see if a nasty bug in libgcrypt20 has been patched.

The software fix, which has landed in Debian and Ubuntu, addresses a side-channel attack published last week.

Jul 09 16:56

Hard Rock hotels burgered up by Sabre breach

Two more hotel chains are warning customers they were caught by the breach of Sabre's "SynXis" hotel booking service that emerged earlier this year.

Last Thursday, the Hard Rock chain warned that customers of 11 of its properties may have been caught up in the breach.

According to Hard Rock's confession, Sabre advised it the system breach ran from August 2016 to March 2017.


Last week, Sabre issued a canned statement with the not-entirely-reassuring detail that the attackers only got full card information (customer, card number and security number) for some holiday-makers: “a large percentage of bookings were made without a security code being provided. Others were processed using virtual card numbers in lieu of consumer credit cards”.

Further: “Personal information such as social security, passport or driver’s license number was not accessed”.

Jul 09 13:09

Heads Up! Hackers Breached A Dozen US Nuclear Plants

Hackers breached at least a dozen US power plants in attacks in May and June, US media report, citing intelligence officials.
The targets included the Wolf Creek nuclear facility in Kansas, according to several reports.

Jul 09 08:20

The Age of No Privacy: The Surveillance State Shifts Into High Gear

The government has become an expert in finding ways to sidestep what it considers “inconvenient laws” aimed at ensuring accountability and thereby bringing about government transparency and protecting citizen privacy. Indeed, it has mastered the art of stealth maneuvers and end-runs around the Constitution.

Jul 08 15:26

Ethereum Mining Frenzy Leads To German Graphics Card Shortage, Retailer Pulls Cards

The problem lies with the growing popularity of Ethereum, a cryptocurrency whose price has risen to historic highs over the last few months. This has led many people to purchase graphics cards to mine Ether. It's kind of like a gold rush: Everyone's scrambling to get the tools they need to get rich quick (or at least attempt to do so), and that means you can't find a shovel, pickax, or bucket that doesn't cost far more than it usually would.

Just replace "shovel, pickax, or bucket" with "graphics card," and you have the gist of what cryptocurrency mining has done to the market.

Jul 08 15:21

New attack can now decrypt satellite phone calls in "real time"

Chinese researchers have discovered a way to rapidly decrypt satellite phone communications -- within a fraction of a second in some cases.

The paper, published this week, expands on previous research by German academics in 2012 by rapidly speeding up the attack and showing that the encryption used in popular Inmarsat satellite phones can be cracked in "real time."

Satellite phones are used by those in desolate environments, including high altitudes and at sea, where traditional cell service isn't available.

Jul 08 15:17

Ethereum And Bitcoin Energy Consumption Surpasses Entire Countries' Power Budgets

In addition to the hardware that you’ll need to purchase (or repurpose) for mining, there’s also energy consumption to keep in mind. Even though mining GPUs like the ASUS MINING P106 and Biostar Radeon RX 470D have been designed and optimized for efficiency, electrical consumption is still a big cost that must be factored into any calculations on profitability. And considering that the price of an Ethereum token has surged from $10 at the beginning of 2017 to as high as $300, an influx of amateur miners has entered the fray. That means more mining rigs and even higher energy consumption.

Power use is up so dramatically, in fact, that Ethereum (and Bitcoin) mining is consuming the same amount of electricity as a small country.

Jul 08 15:15

Private Decryption Key For Original Petya Ransomware Released

Rejoice Petya-infected victims!

The master key for the original version of the Petya ransomware has been released by its creator, allowing Petya-infected victims to recover their encrypted files without paying any ransom money.

But wait, Petya is not NotPetya.

Do not confuse Petya ransomware with the latest destructive NotPetya ransomware (also known as ExPetr and Eternal Petya) attacks that wreaked havoc across the world last month, massively targeting multiple entities in Ukraine and parts of Europe.

Jul 08 09:27

Putin and Trump discuss anti-terror efforts, cyber security, Ukrainian and Syrian crisesMore:

Russian President Vladimir Putin has said he discussed the Ukraine and Syria crises, the fight against terrorism and cybercrimes along with cyber security at his talks with US President Donald Trump.

"I have had a lengthy conversation with the US president. Loads of questions have accumulated including both Ukraine and Syria along with other issues, some bilateral issues," Putin said at his meeting with Japan’s Prime Minister Shinzo Abe. "We have returned to discussing the fight against terrorism and cybersecurity."

Putin apologized to Abe for making him wait for about an hour.
"Both I and he [US president] owe you an apology," he said.
The 135-minute meeting was held on the sidelines of the Group of Twenty summit in Germany’s Hamburg. Until today, the two leaders had had only telephone conversations.

At the beginning of the talks, Putin and Trump spoke in favor of dialogue. The meeting was held behind closed doors and was attended only by the two countries’ top diplomats.

Webmaster's Commentary: 

Somehow, the world seems just a little bit less on the keening edge of a world war than it did before these two gentlemen actually met, and talked.

I see reasons to be cautiously optimistic here.

Jul 08 09:14


The man who designed the NSA’s electronic intelligence gathering system (Bill Binney) sent us an affidavit which he signed on the Fourth of July explaining that the NSA is still spying on normal, every day Americans … and not focused on stopping terror attacks (I’ve added links to provide some background):

The attacks on September 11, 2001 completely changed how the NSA conducted surveillance …. the individual liberties preserved in the U.S. Constitution were no longer a consideration. In October 2001, the NSA began to implement a group of intelligence activities now known as the “President’s Surveillance Program.”

Jul 08 08:54


Carol McDaniel has a perennial challenge: Attracting highly specialized acute-care certified neonatal nurse practitioners to come work for Johns Hopkins All Children’s Hospital in St. Petersburg, Fla.

They are “always in short supply, high demand, and [it is a] very, very small group of people,” says McDaniel, the hospital’s recruitment director.

So, about six months ago, McDaniel says, the hospital started using a new recruitment tactic: It buys lists of potential candidates culled from online profiles or educational records. It then uses a technology to set up a wireless fence around key areas where the coveted nurses live or work. When a nurse with the relevant credentials enters a geofenced zone, ads inviting them to apply to All Children’s appear on their phones.

The system also automatically collects data from the user’s cellphone so it can continue to advertise to them, even after they leave the geofenced area.

Webmaster's Commentary: 

This technique has a very "minority report" effect to it, where science fiction rapidly becomes science fact.

Do you remember that scene in the mall where the Tom Cruz character gets inundated with specialised visual ads?!?

We're there, folks!!

Jul 07 13:49

Is California Setting Up Precedent For The 5G Wireless Takeover?

By Catherine J. Frompovich

Many people are concerned—seriously, too—about a bill introduced into the California State Legislature dealing with the placement of 5G Wireless towers on poles every so many feet.

“SB 649 is a bill that would eliminate local governments’ planning authority over wireless facilities on publicly-owned streets and properties, allowing the wireless industry to install 5G cell towers on every other power pole on your street,” according to Josh Hart at Stop Smart

Jul 07 12:30

Hackers Targeting Nuclear Power Plant Operators In US: Report

Since May, unidentified hackers have been breaking into computer networks of companies that operate American nuclear power stations, energy facilities and manufacturing plants, a report says.

Jul 07 10:38

DNC Server: Most Critical Evidence To Proving "Russian Hacking" Is Being Withheld From Mueller, Why?

If there were any actual crimes committed during the 2016 presidential election, then the origin of those crimes can be traced back to a single piece of hardware sitting at the DNC which housed the emails that were stolen and subsequently shared with WikiLeaks. Ironically, despite the fact that they're apparently sitting on perhaps the most critical evidence available to prove that Russia "hacked the election," an allegation that has been hammered 24/7 on CNN for the better part of a year now despite a lack of actual tangible evidence to support the allegation, the DNC has completely refused to cooperate with the FBI, the Department of Homeland Security and/or Robert Mueller's independent investigation. Which begs one very simple question, why?

Jul 07 08:28

This Android malware steals data from 40 apps, spies on messages and location

"SpyDealer" malware has been active since October 2015 and researchers still aren't sure how it infects victims.

Jul 07 06:58

Better than Bieber? AI musician composes its own songs in different genres after studying more than 2,000 tunes

It's already taking over our jobs, beating us at strategy games and creating 'art'.

Now artificial intelligence is set to conquer the world of music.

Swiss researchers say they have developed a computer algorithm that can generate new tunes in various musical genres after listening to more than 2,000 songs.

And while it isn't quite at the level of Justin Bieber or Adele, future versions of the system may be fine-tuned to create songs that rival those by today's musicians.

Jul 06 15:45

The US government is being sued for info on the secretive Five Eyes intelligence group

The Five Eyes surveillance cabal, established at the end of World War 2, includes the US, UK, Australia, Canada and New Zealand. The agreement covers how intelligence is shared. And that's about all we know about it.

But that could be about to change.

Jul 06 15:34

CopyCat Android Rooting Malware Infected 14 Million Devices

CopyCat disguises as a popular Android app that users download from third-party stores. Once downloaded, the malware starts collecting data about the infected device and downloads rootkits to help root the victim's smartphone.

After rooting the Android device, the CopyCat malware removes security defenses from the device and injects code into the Zygote app launching process to fraudulently install apps and display ads and generate revenue.

"CopyCat abuses the Zygote process to display fraudulent ads while hiding their origin, making it difficult for users to understand what's causing the ads to pop-up on their screens," Check Point researchers say.

"CopyCat also installs fraudulent apps directly to the device, using a separate module. These activities generate large amounts of profits for the creators of CopyCat, given a large number of devices infected by the malware."

Jul 06 15:29

Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs

WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors.

Secure Shell or SSH is a cryptographic network protocol used for remote login to machines and servers securely over an unsecured network.

Dubbed BothanSpy — implant for Microsoft Windows Xshell client, and Gyrfalcon — targets the OpenSSH client on various distributions of Linux OS, including CentOS, Debian, RHEL (Red Hat), openSUSE and Ubuntu.

Jul 06 15:25

Microsoft hits Alt-F4 on 3,000 global sales staff

Why employ people to flog software when you can just force feed people's computers with code anyway?

Jul 06 15:24

Google blows $800k on bots to flood the UK with 30,000 'articles' a month

Google has today awarded €706,000 ($800,000) to the UK’s Press Association to develop robot reporters that can crank out 30,000 articles a month for local newspapers and bloggers.

Jul 06 13:54

Facebook Tests Drone To Beam Internet To Everyone In The World

Solar-powered drones could one day provide 4 billion people in poorer parts of the world access to the internet, Facebook said after a “successful” test of its drone, Aquila. The internet company intends to share the blueprints for the technology.

Jul 06 09:27

After Failing To Prove "Trump-Russia Collusion", Dems Set Their Sights On "Pro-Trump Websites"

Having failed miserably to produce even one single shred of tangible evidence that Trump colluded with Russia to stage a coup in 2016's presidential election, Democrats, rather than simply admit that their entire crusade to prove a false narrative was nothing more than a charade designed to cover up their embarrassing defeat, have decided to shift the narrative to target "pro-Trump websites." You know, because a couple of websites sharing stories over Facebook clearly overshadowed the 24/7 Hillary Clinton cheerleading sessions on CNN, MSNBC, NBC, ABC, CBS, Washington Post, New York Times...

Jul 06 08:11


Two of the recurrent themes here on Techdirt recently are China's ever-widening surveillance of its citizens, and the rise of increasingly powerful facial recognition systems. Those two areas are brought together in a fascinating article in the Wall Street Journal that explores China's plans to roll out facial recognition systems on a massive scale. That's made a lot easier by the pre-existing centralized image database of citizens, all of whom must have a government-issued photo ID by the age of 16, together with billions more photos found on social networks, to which the Chinese government presumably has ready access.

Webmaster's Commentary: 

I would seriously doubt that the US government is very far behind the Chinese in these endeavors.

Jul 06 07:56

Petya ransomware: Companies count the cost of massive cyber attack

Reckitt Benckiser -- known for Dettol cleaning products, Nurofen tablets, Durex condoms and more -- has warned that falling victim to the Petya ransomware attack could cost it as much as £100m in lost revenue.

The health and consumer goods company fell victim to Petya on the day of the global ransomware attack, and a week later some key applications remain only partially operational and a number of facilities are still not fully operational.

While the attack was successfully contained, efforts to minimise its impact have disrupted manufacturing and ordering systems, impacting on the Reckitt Benckiser's ability to ship products, which the company predicts will cause a two percent drop in net revenue growth -- a figure which could work out to be around £100m.

However, the company believes it is making "good progress" in getting applications and systems back on track and will soon be "trading normally" with customers and partners.

Jul 06 07:13


Some of China's most creative minds fear they're next as an internet crackdown widens.New regulations require auditors to check all audiovisual content posted online for inappropriate content. explains who Beijing is keeping tabs on.

Jul 06 06:36

Nothing could protect Durex peddler from NotPetya ransomware

Reckitt Benckiser revenues wrecked by comp-wiping nasty

Jul 05 15:32

Raising Robots: Can Morals Be Taught To AI Through Parenting Skills?

It is a dimwitted fantasy to treat Artificial Intelligence and robots as sentient human beings, when they are not, nor can they ever be. Yet, as Japanese men are having sex with silicon dolls, others are trying to teach morals to robots using ‘parenting skills.’ ? TN Editor

Intelligent machines, long promised and never delivered, are finally on the horizon. Sufficiently intelligent robots will be able to operate autonomously from human control. They will be able to make genuine choices. And if a robot can make choices, there is a real question about whether it will make moral choices. But what is moral for a robot? Is this the same as what’s moral for a human?

Jul 05 15:30

Facebook Tests Drone To Beam Internet To Everyone In The World

Solar-powered drones could one day provide 4 billion people in poorer parts of the world access to the internet, Facebook said after a “successful” test of its drone, Aquila. The internet company intends to share the blueprints for the technology.

Facebook co-founder and CEO, Mark Zuckerberg, posted video of the drone which landed in Arizona after flying for an hour and 46 minutes over the desert. The previous test of Aquila in December resulted in a crash.

Jul 05 15:02

Virgin Media 'falling short' on broadband speeds

A BBC Watchdog investigation has found Virgin Media customers across the UK are receiving only a fraction of the broadband speed they were promised.

It found the company had been signing up too many customers in some areas, leading to issues relating to "over-utilisation".

Some customers were receiving just 3% of the speeds promised, it said.

Jul 05 14:40

Alibaba's Jack Ma declares war on Amazon in billionaire AI battle as firm unveils $70 'Genie' smart speaker in China

China's Alibaba Group Holding launched on Wednesday a cut-price voice assistant speaker, similar to Inc's 'Echo' and Google's Home, its first foray into artificially intelligent home devices.

Jul 05 14:35

If you want to remember your wallet or password put a RING on it! $250 accessory can be used to make payments, start your computer and even unlock your house

Researchers have created a new smart ring that allows users to make payments, start their computer and unlock their house with the wave of a finger.

Jul 05 14:24

Intel axes 140 IoTers in California, Ireland

Intel is shedding nearly 140 staff from its Internet of Things business lines.

The layoffs were probably inevitable, since during June, Intel discontinued three of its IoT product lines – the Joule, Edison and Galileo compute modules and boards.

Those three boards were once the flagships for Chipzilla's pitch to the wearable and maker markets.

Jul 05 14:20

Microsoft boasted it had rebuilt Skype 'from the ground up'. Instead, it should have buried it

Reviews of the Android and iOS versions of the app have been mostly terrible, and those posted to the Windows App Store have not been much better.

Chief among the issues is that the redesign imagines Skype as a youth-oriented social media app along the lines of Instagram or Snapchat, rather than a staid business communications tool.

"This new app is absolutely terrible," observes an individual posting to Google Play under the name Külli Kelder. "Skype is mostly used by people for professional use or for connecting with friends far away. This looks as far from simple and professional as it can be. Skype does NOT need to be Snapchat."

Jul 05 09:19

The ultimate 3500-word guide in plain English to understand Blockchain

Unless you’re hiding under the rock, I am sure you’d have heard of Bitcoins and Blockchain. After all, they are the trending and media’s favorite topics these days — the buzzwords of the year. Even the people who’ve never mined a cryptocurrency or understand how it works, are talking about it. I have more non-technical friends than technical ones. They have been bugging me for weeks to explain this new buzzword to them. I guess there are thousands out there who feel the same. And when that happens, there comes a time to write something to which everyone can point the other lost souls to — that’s the purpose of this post — written in plain english that any regular internet user understands.

Jul 05 09:14

Bizarre Computer Glitch Sends Technology Stocks All Crashing To Same Price

A bizarre computer glitch sent shares in dozens of US technology companies including Apple, Amazon and Microsoft to the same price on Tuesday morning, leading some to apparently lose billions in market value.

Jul 05 08:44

Ukrainian software firm suspected of spreading global virus, servers seized

Police in Ukraine have seized the servers of one of the largest accounting software firms in the country, after it was suspected that a malware virus which hit dozens of global enterprises last week had spread via its malicious update.

As part of an investigation into one of the largest recent cyber attacks, the servers of Ukraine's most popular accounting software, M.E.Doc were seized by Ukrainian police Tuesday, Reuters reported, citing the head of Ukraine's Cyber Police, Sergey Demedyuk.

Jul 05 07:05

This Indian ISP won’t let its users use 128 bit or 256 bit encryption

Per its terms and conditions, YOU Broadband, the fifth largest Indian internet service provider (ISP), doesn’t let its subscribers use strong encryption. The ISP does technically allow VPN and encryption use… but only “up to the bit length permitted by the Department of Telecommunications,” which is 40 bits. It was over twenty years ago in 1997 that Ian Goldberg won $1,000 from RSA for breaking 40 bit encryption in just a few hours. He famously said then:

“This is the final proof of what we’ve known for years: 40-bit encryption technology is obsolete.”

Yet YOU Broadband, and other Indian ISPs, still insist that their users can’t use anything stronger than a twenty-year-broken key size.

Jul 05 06:59

Largest Cryptocurrency Exchange Hacked! Over $1 Million Worth Bitcoin and Ether Stolen

One of the world's largest Bitcoin and Ether cryptocurrencies exchanges Bithumb has recently been hacked, resulting in loss of more than $1 Million in cryptocurrencies after a number of its user accounts compromised.

Bithumb is South Korea's largest cryptocurrency exchange with 20% of global ether trades, and roughly 10% of the global bitcoin trade is exchanged for South Korea's currency, the Won.

Bithumb is currently the fourth largest Bitcoin exchange and the biggest Ethereum exchange in the world.

Jul 04 14:19

Hate Speech Is Free Speech

Facebook announced last week it was hiring thousands of staffers for the sole purpose of hunting down hate speech on its platform.

This big move is a natural step for a company that is facing intense pressure from European countries to crack down on this phenomenon. But it begs the question: what does Facebook consider hate speech?

Jul 04 12:37

History Channel Tweets George Washington Fighting At Gettysburg

Amazingly, the tweet still remains three hours later despite the historical inaccuracy.

“Illustration is George Washington taking command of American Army in Cambridge 1775. We must restore teaching American history in schools,” tweeted Michael K in response.

In contrast, Gettysburg was a turning point of the American Civil War nearly 90 years later.

Jul 04 11:56

In Worrisome Move, Kaspersky Agrees to Turn Over Source Code to US Government

Over the last couple of weeks, there’s been a disturbing trend of governments demanding that private tech companies share their source code if they want to do business. Now, the US government is giving the same ultimatum and it’s getting what it wants.

On Sunday, the CEO of security firm Kaspersky Labs, Eugene Kaspersky, told the Associated Press that he’s willing to show the US government his company’s source code. “Anything I can do to prove that we don’t behave maliciously I will do it,” Kaspersky said while insisting that he’s open to testifying before Congress as well.

Webmaster's Commentary: 

I would find it highly unlikely that Kaspersky would put anything malicious in its code to suck up intel for Russia from American Defense Department servers; Mike has a great deal of respect for the software these people develop, and so do I.

Jul 04 11:24

Facebook OK To Track Users With Cookies, Judge Rules

Users who complained about Facebook tracking them across third-party websites should have done more to keep their browsing histories private, a federal judge in California has ruled, dismissing a privacy complaint against the social media giant.

Jul 04 11:04


Four billion people on the earth have no internet access. That will change if Facebook founder Mark Zuckerberg’s solar powered drone plan works.

A previous trial of his drone ended with a crash landing, but a May 2017 Test of the Aquila Drone was a huge success.

Facebook founder Mark Zuckerberg’s long-term plan for the drone, called Aquila, is to have it and others provide internet access to 4bn people around the world who are currently in the dark.

“When Aquila is ready, it will be a fleet of solar-powered planes that will beam internet connectivity across the world,” he wrote on Facebook.

The drone flew with more sensors, new spoilers and a horizontal propeller stopping system to help it better land after the crash in December. It was in the air for an hour and 46 minutes and reached 3,000 ft.

The drone weighs about 1,000 lbs and has a longer wingspan than a Boeing 747. It runs mostly on autopilot but there are manned ground crews to manage certain maneuvers.

Webmaster's Commentary: 

This is a very impressive feat of engineering, which I am sure will have other applications down the road.

Jul 04 10:38

SMART PHONES MAKING PEOPLE DUMB? Shocking Affects on The Human Brain

It's been 10 years since the first iPhone was sold in stores — and the millions of people who now own one likely won't dispute that having the internet, social media and countless apps at their fingertips can sometimes be a distraction.

Jul 04 10:07

DNC Refuses to Turn over Servers to FBI

Jul 04 06:58

Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library

Security boffins have discovered a critical vulnerability in a GnuPG cryptographic library that allowed the researchers to completely break RSA-1024 and successfully extract the secret RSA key to decrypt data.

Gnu Privacy Guard (GnuPG or GPG) is popular open source encryption software used by many operating systems from Linux and FreeBSD to Windows and macOS X.


Libgcrypt has released a fix for the issue in Libgcrypt version 1.7.8. Debian and Ubuntu have already updated their library with the latest version of Libgcrypt.

So, you are strongly advised to check if your Linux distribution is running the latest version of the Libgcrypt library.

Jul 03 18:59

A new Snapchat feature is a stalker's dream and a privacy nightmare

The geolocation tracking features on cellphones are a parent’s best friend. Moms and dads can digitally follow their kids to make sure they get where they’re going safely, and that teenagers are actually where they say they are.

And even though teens may feel their privacy is compromised because of this, parents praise the technology. But how would you feel about that same technology broadcasting your location (and your kids’ locations) to every person on your friends list every time you open the app? Does that make you uneasy? It should.

That is what Snapchat’s new feature, Snap Map, does if you opt in to share. Who would agree to that, you ask? The problem is that Snapchat doesn’t mention this will happen when you give permission to the new Snap Map feature.

Jul 03 18:45

NATO could be forced to respond to the Petya attack, says new report

In the wake of last week’s massive Petya ransomware attack in Eastern Europe, researchers are reaching consensus that the incident was a politically-motivated cyberattack. According to CNBC, the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) recently put out a statement claiming that the attack was like done by a state actor or a group with state approval. The development means that the cyberattack could be viewed as an act of war, triggering Article 5 of the Washington Treaty and compelling NATO allies to respond.

"As important government systems have been targeted, then in case the operation is attributed to a state this could count as a violation of sovereignty,” wrote Tomáš Minárik, a researcher at the CCD COE law branch, in the release. “Consequently, this could be an internationally wrongful act, which might give the targeted states several options to respond with countermeasures.”

Jul 03 18:31

UK Teenager, Aged 18, Charged With Running DDoS-For-Hire Service

A teenage student has been charged with running a supplying malware that was used for launching distributed denial of service (DDoS) attacks against websites of some of the world's leading businesses.

Jack Chappell, an 18-year-old teenager from Stockport, is accused of helping cyber criminals with his DDoS booter service (DDoS-for-hire service) to flood millions of websites around the world with the massive amount of data and eventually bring them down, making them unavailable to their users.

Among the victims that were allegedly attacked by Chappell's malware are the National Crime Agency (NCA), T-Mobile, O2, Virgin Media, the BBC, Amazon, Vodafone, BT, Netflix, and NatWest that had its online banking systems down in a 2015 cyber attack.

Jul 03 12:42

NHS patient information illegally shared with Google DeepMind

Data belonging to 1.6 million patients was illegally shared with Google after a National Health Service (NHS) trust tested a medical app with the tech giant. The Information Commissioner’s Office (ICO) ruled on Monday that the Royal Free NHS Foundation Trust had not complied with the Data Protection Act when it provided information to Google’s DeepMind program.

Jul 03 10:24

Five ways to minimize fileless malware infections

Learn how to protect against fileless malware infections, reduce exposure, and prevent the damage from spreading to other networked systems.

Jul 03 08:33

65% of major US banks have failed web security testing

Websites run by some of the largest banks in the US have scored the poorest in a new security and privacy analysis audit.

The non-profit Online Trust Alliance (OTA) Alliance anonymously audited more than 1,000 websites, ranking their security and privacy practices. None of the sites investigated knew about the test.

In the firm’s Online Trust Audit & Honor Roll for 2017 many US banks were among the worst for security and privacy. The industry had both the most failing grades and the least “Honor Roll” recipients.

Jul 02 10:31

Wikileaks Reveals CIA Malware that Hacks & Spy On Linux Computers

Although the installation and persistence method of the OutlawCountry tool is not described in detail in the document, it seems like the CIA hackers rely on the available CIA exploits and backdoors to inject the kernel module into a targeted Linux operating system.

However, there are some limitations to using the tool, such as the kernel modules only work with compatible Linux kernels.

"OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain," WikiLeaks says.

Jul 02 10:28

UK's 'extreme mass surveillance' web snooping powers face legal challenge

The High Court has granted Liberty permission to challenge part of the UK's "extreme mass surveillance regime", with a judicial review of the Investigatory Powers Act.

The law forces internet companies to keep logs of emails, phone calls, texts and web browsing histories and to hand them over to the state to be stored or examined. The civil liberties campaign group wants to challenge this mass collection, arguing that the measure breaches British people's rights.

In a separate case in December, the European Court of Justice ruled the same powers in the previous law governing UK state surveillance were unlawful.

Jul 02 10:25

Kaspersky willing to turn over source code to US government

Eugene Kaspersky is willing to turn over computer code to United States authorities to prove that his company's security products have not been compromised by the Russian government, The Associated Press reported early Sunday.

“If the United States needs, we can disclose the source code,” said the creator of beleaguered Moscow-based computer security company Kaspersky Lab in an interview with the AP.

“Anything I can do to prove that we don’t behave maliciously I will do it.”

Jul 02 10:23

WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack

A SQL Injection vulnerability has been discovered in one of the most popular Wordpress plugins, installed on over 300,000 websites, which could be exploited by hackers to steal databases and possibly hijack the affected sites remotely.

The flaw has been discovered in the highly popular WP Statistics plugin, which allows site administrators to get detailed information related to the number of users online on their sites, the number of visits and visitors, and page statistics.

Jul 02 08:44

Russia's Military Might Lies in Its Troll Armies, Says Pentagon

The Pentagon's new 'Russia Military Power' report pays considerable attention to the national security threat supposedly posed by Russia's non-military capabilities, including media, bots, and trolls on social media. Russian commentators couldn't contain their amusement over the DoD's claims about the mighty power of Russia's troll armies.

Jul 02 07:47

With a single wiretap order, US authorities listened in on 3.3 million phone calls

US authorities intercepted and recorded millions of phone calls last year under a single wiretap order, authorized as part of a narcotics investigation.

The wiretap order authorized an unknown government agency to carry out real-time intercepts of 3.29 million cell phone conversations over a two-month period at some point during 2016, after the order was applied for in late 2015.

The order was signed to help authorities track 26 individuals suspected of involvement with illegal drug and narcotic-related activities in Pennsylvania.

The wiretap cost the authorities $335,000 to conduct and led to a dozen arrests.

But the authorities noted that the surveillance effort led to no incriminating intercepts, and none of the handful of those arrested have been brought to trial or convicted.

The revelation was buried in the US Courts' annual wiretap report, published earlier this week but largely overlooked.

Webmaster's Commentary: 

Looks to me as though the 4th Amendment, prohibiting unreasonable search and seizure, is truly dead in this country.

And zero convictions, for all this surveillance?!? Absoflippinglutely unbelievable!! The people at the top of this drug ring had to be the "elite untouchables", with many, many friends in high places in this country.

Jul 01 11:22

Mystery Behind QuestionAnswr: Internet Riddle To Be Answered July 4th?

By Aaron Kesel

I have a secret, can you keep it? A cryptic riddle has been put out by Anonymous hacktivists indicating that a big revelation may be happening on Independence Day (July 4th).

“We have questions for you, and we want answers from you?” that’s the slogan for a new YouTube channel counting down to 0-day dubbed “Questionanswr.” But what is Questionanswr? Few days remain until “all cards will be opened” or July 4th, 2017 U.S. Independence Day...

Jun 30 16:25

Hackers Breach US Nuclear Power Plant's Network, And It Could Be A 'Big Danger'

Unidentified hackers recently breached at least one US nuclear power plant and the situation is being investigated by federal officials, sources familiar with the matter told ABC News on Wednesday.

Jun 30 10:39

CIA Can Geo-locate Your Computer by Listening to WiFi Signals

By Aaron Kesel

WikiLeaks Vault 7 has provided great insight into the CIA’s hacking capabilities. So far we have learned they can hack into various electronic devices such as smartphones, TVs, and computers. Some of the CIA’s tech revealed by Vault 7 is outdated and over-hyped, but the latest revelation called project Elsa seems frightening.

Elsa is the code name for the CIA’s geo-location malware for WiFi-enabled devices like laptops running the Microsoft Windows operating systems according to WikiLeaks...

Jun 30 10:17

Why is there no appeal from being blocked from posting? No customer support? Nothing.

I have been blocked for spamming people - I NEVER do - someone clicked to report me (presumably because they disagreed with me) and no I can't post for 60 days! Can't even post on my WIFE'S wall. This is ludicrous, and there is no one you can write to and ask for the decision to be reviewed. Anyone got any ideas, besides giving up on bloody Facebook altogether, I mean?

Jun 30 08:25

Five Eyes Unlimited: What A Global Anti-Encryption Regime Could Look Like

These capabilities alone already go far beyond the Nineties' dreams of a blanket ban on crypto. Under the IPA, the UK claims the theoretical ability to order a company like Apple or Facebook to remove secure communication a a feature from one of their products —while being simultaneously prohibited from telling the public about it.

Companies could be prohibited from fixing existing vulnerabilities, or required to introduce new ones in forthcoming products. Even incidental users of communication tech could be commandeered to become spies in her Majesty's Secret Service: those same powers also allow the UK to, say, instruct a chain of coffee shops to use its free WiFi service to deploy British malware on its customers. (And, yes, coffee shops are given by officials as a valid example of a "communications service provider.")

Jun 30 08:20

NASA tells Curiosity: quit showing off, no 'wheelies' please

After 18 months of testing, NASA's pushed a patch to the Mars Curiosity Rover – to extend its wheels' life, and eliminate over-exuberant climbs causing “wheelies”.

Written by NASA Jet Propulsion Laboratory's Jeff Biesiadecki and Olivier Toupet, the software update went live earlier this month, having been uploaded to the famous robot in March.

Jun 30 08:19

GitHub flub spaffs 8Tracks database, 18 million accounts leaked

A staffer of social music streaming site 8Tracks is having a really bad day: a bit of GitHub carelessness has leaked 18 million user accounts.

The good news: the service assures users passwords in the database were salted and hashed – however, the usual “don't re-use passwords” still applies.

People who signed up to 8Tracks via Google or Facebook aren't affected.

Jun 30 08:17

Leeds hack 'weaponising' Ubuntu for NHS Windows take out

A quiet revolution has been rumbling in Leeds. It may not seem revolutionary: a gathering of software developers is scarcely going to get people taking to the barricades in these uncertain times, but the results of this particular meetup could shape access to NHS PCs in the coming years.

The gathering in question was a hack week that ran until June 30 is to find a way to deploy NHSbuntu, a version of Ubuntu built for the NHS, on 750,000 smartcards used to verify clinicians accessing 80 per cent of applications – excluding those for clinical use – on millions of NHS PCs.

If successful, NHSbuntu would replace the current system using Windows. Ultimately, the aim is to replace Windows on the desktop, too. Smartcard recognition has been the huge barrier.

Jun 30 08:15

Windows 10 to Get Built-in Protection Against Most Ransomware Attacks

In the wake of recent devastating global ransomware outbreaks, Microsoft has finally realized that its Windows operating system is deadly vulnerable to ransomware and other emerging threats that specifically targets its platform.

To tackle this serious issue, the tech giant has introduced a new anti-ransomware feature in its latest Windows 10 Insider Preview Build (16232) yesterday evening, along with several other security features.

Microsoft is planning to introduce these security features in Windows 10 Creator Update (also known as RedStone 3), which is expected to release sometime between September and October 2017.

The anti-ransomware feature, dubbed Controlled Folder Access, is part of Windows Defender that blocks unauthorized applications from making any modifications to your important files located in certain "protected" folders.

Jun 30 07:39

Is Israel spying on your smartphone?

Mexican investigative journalists and human rights defenders were the targets of sophisticated attempts to spy on them by hacking their smartphones, an investigation by the press freedom group Article 19 and internet security researchers revealed earlier this month.

The system used in the attack is called Pegasus and it is made by a secretive Israeli company called NSO Group.

Jun 29 16:43 leaves data dashboard users' details on publicly accessible site

Users of the UK government’s data dashboard have been asked to change their passwords after their information was made public.

According to an email seen by The Register, a file containing the names, emails and hashed passwords for the site was left on a third-party system.

“A recent routine security review discovered a file containing some users’ names, emails and hashed passwords was publicly accessible on a third-party system,” the email from the Government Digital Service stated.

The email said that the file in question contained information on all users who registered on or before 20 June 2015.

Jun 29 16:39

Spies do spying, part 97: The CIA has a tool to track targets via Wi-Fi

The latest cache of classified intelligence documents dumped online by WikiLeaks includes files describing malware CIA apparently uses to track PCs via Wi?Fi.

The Julian Assange-led website claims the spyware, codenamed ELSA, infects a target's Windows computer and then harvests wireless network details to pinpoint the location of the machine. The software nasty is said to pull data from Google and Microsoft in order to pinpoint the real-world location of the infiltrated machine.

"ELSA is a geo-location malware for Wi?Fi enabled devices like laptops running the Microsoft Windows operating system," says Wikileaks.

"Once persistently installed on a target machine using separate CIA exploits, the malware scans visible Wi?Fi access points and records the ESS identifier, MAC address and signal strength at regular intervals."

Jun 29 13:50

Tox - alternative to Skype.

Whether it's corporations or governments, digital surveillance today is widespread. Tox is easy-to-use software that connects you with friends and family without anyone else listening in. While other big-name services require you to pay for features, Tox is completely free and comes without advertising — forever.

Jun 29 13:10

Shadow Brokers Threaten To Reveal Identity Of Ex-NSA Hacker

The mysterious Shadow Brokers hacking group threatened Wednesday to reveal the identity of an alleged former NSA hacker.

In a message posted online, the group – responsible for leaking the NSA exploits which powered the WannaCry and so-called Petnya ransomware outbreaks – accused the alleged hacker in broken English of “writing ugly tweet to theshadowbrokers” and of belonging to Equation Group, a highly sophisticated team suspected of NSA.

Jun 29 11:11

Cyber attack hits property arm of French bank BNP Paribas

A global cyber attack has hit the property arm of France's biggest bank BNP Paribas (BNPP.PA), one of the largest financial institutions known to be affected by an extortion campaign that started in Russia and Ukraine before spreading.

The worldwide attack has disrupted computers at Russia's biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that infected more than 300,000 computers last month.

The attack hit BNP's Real Estate subsidiary, a BNP Paribas spokeswoman told Reuters, after a person familiar with the matter had said that some staff computers were blocked on Tuesday due to the incident.

"The necessary measures have been taken to rapidly contain the attack," she said.

Jun 29 10:33

Global Cyberattack Spreads from Europe to America, Affecting Energy and Shipping

A new and highly virulent outbreak of data-scrambling software caused disruption across the world Tuesday. Following a similar attack in May , the fresh assault paralyzed some hospitals, government offices and major multinational corporations in a dramatic demonstration of how easily malicious programs can bring daily life to a halt.

Jun 29 10:22

US senators seek to bar Pentagon from using Kaspersky software, as FBI questions employees

Kaspersky Lab has slammed allegations of its ties with the Russian government, saying that it is unacceptable “when false and unfounded accusations, which are not supported by any facts, are laid against the company,” Interfax reports, citing the company. It also stated that it is ready to disclose its activities to any government agencies, as its will only prove that it is unbiased.

The cybersecurity firm has already insisted on having “no ties to any government,” according to a statement issued in May.

“For 20 years, Kaspersky Lab has been focused on protecting people and organizations from cyber threats, and its headquarters’ location doesn’t change that mission – just as a US-based cybersecurity company doesn’t allow access or send any sensitive data from its products to the U.S. government,” the statement reads.

Jun 29 10:12

Ransomware in disguise: Experts say Petya out to destroy not ransom

Security experts have said the Petya malware is out to irrecoverably wipe information, not hold to it to ransom.

Jun 29 09:48

Nato warns cyber attacks 'could trigger Article 5' as world reels from Ukraine hack

A cyber attack against any member state would trigger c - Nato's mutual defence clause - the alliance has warned after a massive computer hack paralysed government ministries and dozens of businesses in Ukraine before spreading around the world.

The latest global cyber attack is believed to have been designed to cause chaos rather than extort money. Ukrainian officials have pointed at Russia, which is fighting an undeclared war with Ukraine in the east of the country and has been blamed for previous cyber attacks on Kiev.

Jens Stoltenberg, the Nato secretary general, said alliance members agreed last year that a cyber attack could trigger Article 5 of the north Atlantic treaty in the same way as a conventional military assault and promised more help to Ukraine to bolster its own cyber defences.

Webmaster's Commentary: 

Secretary General Stoltenberg, a word, please: I would strongly suggest that you actually find the offending national actor which put this virus into play, rather than flippantly blaming Russia for it, as NATO seems to do for everything else these days, as a prelude to your much-lusted-after war against it.

Jun 29 09:35

Silicon Valley's Doomsday: Prepping For An Economic Apocalypse [Divided America, Pt. 1] | AJ+ Docs

As Silicon Valley works toward an automated future, many fear that the resulting unemployment will cause deep unrest, and soon. These survivalists are preparing themselves and their families to live out this technological apocalypse in style, complete with bunkers, off-grid homes and the guns to defend them.

Jun 29 09:16

Petya Cyber Attacks, how much money has been made?

On Tuesday (27 June), what first appeared to be a massive ransomware attack, hit victims in 25 countries across the world. The infosec community began racing to uncover more details about the attacks to help potential victims protect themselves from further assaults.

Jun 29 08:53


A country has the right to prevent the world’s Internet users from accessing information, Canada’s highest court ruled on Wednesday.
In a decision that has troubling implications for free expression online, the Supreme Court of Canada upheld a company’s effort to force Google to de-list entire domains and websites from its search index, effectively making them invisible to everyone using Google’s search engine

The case, Google v. Equustek, began when British Columbia-based Equustek Solutions accused Morgan Jack and others, known as the Datalink defendants, of selling counterfeit Equustek routers online. It claimed California-based Google facilitated access to the defendants’ sites. The defendants never appeared in court to challenge the claim, allowing default judgment against them, which meant Equustek effectively won without the court ever considering whether the claim was valid.

Jun 29 07:40

New Device Allows Cops to Download ALL Your Smartphone Activity In Seconds

That’s language from the text of a bill currently working its way through the New York state legislature. The legislation would allow cops to search through drivers’ cell phones following traffic incidents — even minor fender-benders — to determine if the person was using their phone while behind the wheel.

Jun 29 07:27

Are “Brain Drain” Cell Phones Making Us Dumber?

By Catherine J. Frompovich

Are you aware the more you depend upon your cell phone, especially ‘smart’ phones, the dumber you are most likely to become? A new study explains...

Jun 29 06:50

Virus (cough, cough, Petya) goes postal at FedEx, shares halted

FedEx has suspended trading of its shares on the New York stock exchange after admitting that its subsidiary TNT Express has been hit by "an information system virus."

The big package giant said no information had been stolen by the cyber-nasty and only some offices of TNT Express appear to have been disrupted. After yesterday's global NotPetya outbreak, it would be logical to assume the file-scrambling bastardware has claimed another victim. FedEx isn't responding to requests for comment.

Jun 29 06:47

NATO: 'Cyber' is a military domain

NATO Secretary-General Jens Stoltenberg has told a press conference ahead of a ministerial meeting tomorrow Brussels time that “cyber” is a “military domain” – and that a cyber-attack on one member can trigger NATO's Article 5.

Article 5 of the Washington Treaty that establishes NATO embodies the principle of collective defence – in other words, an attack on one is an attack on all, and that includes cyber-attacks.

Jun 29 06:41

Don't panic, but Linux's Systemd can be pwned via an evil DNS query

Systemd, the Linux world's favorite init monolith, can be potentially crashed or hijacked by malicious DNS servers. Patches are available to address the security flaw, and should be installed ASAP if you're affected.

Looking up a hostname from a vulnerable Systemd-powered PC, handheld, gizmo or server can be enough to trigger an attack by an evil DNS service: the software's resolved component can be fooled into allocating too little memory for a lookup response, and when a large reply is eventually received, this data overflows the buffer allowing the attacker to overwrite memory. This can crash the process or lead to remote code execution, meaning the remote evil DNS service can run malware on your box.

Jun 29 06:28

Was Petya Ransomware a DELIBERATE Cyberattack on Ukraine? Here’s How It Could Happen To Us

New evidence is pointing toward the Petya attack as something more sinister - a deliberate attempt to cause disruption and chaos.

What if the same thing happened here? What if it was some kind of dry run for an attack on the US? Let's wargame the scenario.

Jun 29 05:34


Insurance will soon be personal rather than product orientated. Driving cars has already become one of them. Technology will alert the insurance company what vehicle is being driven and how aggressively – or otherwise, determining the cost of each drive. The upside says the Times, is that these greater insights provided to insurance companies can reduce premiums to many careful people, but for those it decides are riskier, many may never get cover at all. Gene sequencing will quite likely be used to determine whether an individual is likely to get illnesses or calculate longevity that will price risk. Privacy and discrimination will be the battleground for civil liberty organisations who already know they lost that battle a few years ago.

Jun 28 19:04

New Invasive Measures Are Coming to Your Local Airport

By Derrick Broze

The federal government is going to begin searching through travelers’ books at the airport as airlines test out fingerprint scans.

Next time you choose to take a flight in the United States, you will not only be given the option of a free walk through the full body scanner or a complimentary rub down courtesy of the Transportation Security Administration. Your next flight might include a search of your laptop, books, and possibly a fingerprint scan...

Jun 28 17:07

Flashback: Ukraine Power Grid Hack, All May Not be What it Seems

We are now seeing the second twist in the story, challenging the implication of Russian state sponsored hackers. The implication of Russian state-sponsored hackers in this case has been on circumstantial evidence at best. It was seeded from the findings of ESET, an antivirus provider, who confirmed multiple power authorities suffered the “BlackEnergy” infection. BlackEnergy was discovered in 2007 and attributed by iSIGHT to a Russian hacking group dubbed the Sandworm gang a.k.a. Quedagh.

There is a problem with isolating a perpetrator by malware alone. Malware is often commercialised and picked up by more than one hacking group. Furthermore, malware is software open to being reverse engineered and repurposed, akin to firing a missile into enemy territory with the blueprints to its construction attached. We have seen this in the past with Stuxnet, Duqu and Flame.

Jun 28 16:47

The Petya ransomware is starting to look like a cyberattack in disguise

The broader political context makes Russia a viable suspect. Russia has been engaged in active military interventions in Ukraine since former president Viktor Yanukovych was removed from power in 2014. That has included the annexation of Crimea and the active movement of troops and equipment in the eastern region of the country, but also a number of more subtle activities. Ukraine’s power grid came under cyberattack in December 2015, an attack many interpreted as part of a hybrid attack by Russia against the country’s infrastructure. That hybrid-warfare theory extends to more conventional guerrilla attacks: the same day that Petya ripped through online infrastructure, Ukrainian colonel Maksim Shapoval was killed by a car bomb attack in Kiev.

All that evidence is still circumstantial...

Jun 28 14:46

Facebook starts forcing people to watch videos

Facebook is rolling out plans to start shouting at people as they scroll through their news feed.

The company is adding sound to its auto playing videos – meaning that as people scroll through the app, they’ll be subjected to all the noise from all the videos that are there, whether they like it or not.

Jun 28 14:22

Big Spectrum Service Outage May Be from a Cut Fiber Optic Cable

There are widespread reports of internet outages under the Spectrum Service.

Jun 28 10:12

Cyber Attack Disrupts Radiation Checks at Chernobyl

The Chernobyl nuclear power plant, where a huge meltdown occurred in 1986, has had its radiation monitoring equipment knocked out by the mass cyberattack sweeping Ukraine, though most other systems are functioning as normal.