COMPUTERS/INTERNET/SECURITY | WHAT REALLY HAPPENED


COMPUTERS/INTERNET/SECURITY

Nov 09 10:34

BIG DATA MEETS BIG BROTHER AS CHINA MOVES TO RATE ITS CITIZENS

Imagine a world where many of your daily activities were constantly monitored and evaluated: what you buy at the shops and online; where you are at any given time; who your friends are and how you interact with them; how many hours you spend watching content or playing video games; and what bills and taxes you pay (or not). It’s not hard to picture, because most of that already happens, thanks to all those data-collecting behemoths like Google, Facebook and Instagram or health-tracking apps such as Fitbit. But now imagine a system where all these behaviours are rated as either positive or negative and distilled into a single number, according to rules set by the government. That would create your Citizen Score and it would tell everyone whether or not you were trustworthy.

Webmaster's Commentary: 

Such a system will be coming to this country over time; and to those who scoff at such a system being introduced in this country; just wait.

Nov 09 10:12

Hypocrisy Exposed: The FBI Blindly Hacked Computers In Russia, China And Iran

As we've said before, US accusations that countries like China and Russia run sophisticated hacking operations designed to infiltrate sensitive US networks are often hypocritical. After all, we do the exact same thing.

Today, the Daily Beast reported on newly unsealed documents that show the FBI blindly hacked into computers in Russia, China and Iran during a wide ranging investigation that lead to the bust of a global child pornography operation and the liberation of sexual abuse victims.

Webmaster's Commentary: 

I don't have a problem when the US hacks into computers to find real criminals, especially these slimeballs.

Nov 09 09:25

CIA wrote code 'to impersonate' Russia’s Kaspersky Lab anti-virus company, WikiLeaks says

WikiLeaks says it has published the source code for the CIA hacking tool ‘Hive,’ which indicates that the agency-operated malware could mask itself under fake certificates and impersonate public companies, namely Russian cybersecurity firm Kaspersky Lab.

Nov 09 09:17

‘Zero evidence’ that Russia hacked DNC, says NSA whistleblower (VIDEO)

During the meeting, Binney shared test findings gleaned on the transfer rate of data, which he said “clearly showed that it was a local download and not an international hack.”

“It was very clear it was a local download, because of the speeds and all,” Binney said, explaining how his colleagues set up a test between a data center in New Jersey and another in the UK, and could not reproduce the download that took place on July 5, 2016.

The approximately 16GB of data was downloaded in two bursts, totaling 87 seconds, with a 12-minute pause between them.

“It had to be done locally,” Binney told RT America.

The data logs and the speed test were the only concrete evidence available for examination, he pointed out. “Everything else is speculation, and agenda- and emotionally-driven assertions.”

If the intelligence community had some factual evidence proving Russian hacking, that would be another matter, the NSA whistleblower said, but “so far they’ve produced nothing.”

Webmaster's Commentary: 

So, to be the very most generous, CIA chief Mike Pompeo is a total idiot, and we should not have idiots running the CIA!

Nov 09 09:14

Self-driving bus crashes two hours after launch in Las Vegas

A driverless shuttle bus crashed less than two hours after it was launched in Las Vegas on Wednesday.

The city's officials had been hosting an unveiling ceremony for the bus, described as the US' first self-driving shuttle pilot project geared towards the public, before it crashed with a semi-truck.

Nov 09 08:50

Reddit is just now learning that climate change conspiracy-theorist Bill Nye is a totally clueless loser.

SAD!

Bill Nye had an AMA today...or I should say his farewell AMA today.

Gets shredded on AMA today and doesn't answer any questions!

Nov 09 07:51

Intel's management engine - in most CPUs since 2008 - can be p0wned over USB

Positive Technologies, which in September said it has a way to attack the Intel Management Engine, has dropped more details on how its exploit works.

The firm has already promised to demonstrate God-mode hack in December 2017, saying the bug “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard”.

For some details, we'll have to wait, but what's known is bad enough: Intel Management Engine (IME) talks to standard Joint Test Action Group (JTAG) debugging ports. As does does USB, so Positive Technologies researchers put the two together and crafted a way to access IME from the USB port.

Nov 08 16:29

Marissa Meyer apologizes for Yahoo hacks and claims no company is immune - nine months after leaving company with $209million golden parachute

Former Yahoo CEO Marissa Mayer apologized for the Yahoo hacks and claimed no company is immune from them, while testifying to lawmakers on Wednesday.

Mayer left her position in January with a $23million severance package along with $186million in stock options after hackers stole information from billions of Yahoo users including names, email addresses, phone numbers, birth dates and security questions and answers.

The 42-year-old, who testified before the Senate Commerce Committee on Capitol Hill in Washington on Wednesday, said the thefts occurred during her nearly five-year tenure and she wants to 'sincerely apologize to each and every one of our users.'

Nov 08 14:59

Qatar Airways plane forced to land after wife discovers husband's affair midflight

A Qatar Airways plane has been forced to land midflight after a woman who used her sleeping husband’s thumb to unlock his smartphone discovered he was having an affair.

The couple and their child were flying to Bali, Indonesia, for a holiday after boarding in Doha. The woman repeatedly hit her husband after learning of his infidelity and the captain was forced to make an unscheduled stop in Chennai, India, when the cabin crew was unable to restore order.

The family was then taken to a detention centre at the airport as they did not have an Indian visa before being put on a flight to Kuala Lumpur.

Nov 08 14:27

KILLER ROBOTS will be weapons of mass destruction; one programmer will be able to control a whole army

And one hacker could change the outcome of the war!

Nov 08 12:17

Two big decisions examine web blocking in the USA

In the space of under a week there have been two big cases in the JUSA looking at web blocking - and with differing results.

Nov 08 11:12

CIA director 'stands by' belief Russia hacked DNC after meeting skeptic at Trump's urging

CIA Director Mike Pompeo still believes Russia was responsible for hacking the Democratic National Committee, the agency said Tuesday amid reports that Pompeo met a skeptic at President Trump’s urging.

William Binney, who worked more than three decades at the National Security Agency before stepping down as technical director in 2001, met with Pompeo on Oct. 24 to discuss a July report he co-authored suggesting DNC emails were leaked, rather than hacked.

“I thought it was a pretty good hourlong meeting,” Binney told the Washington Examiner. “He said that the president said I should talk to you for facts.”

Binney believes U.S. spy agencies “took a wild ass guess” in January when they blamed Russia for hacking the DNC and that "if they had any evidence, they would show it." The report he co-authored says download speeds make it likely someone leaked DNC files after downloading them locally, rather than hacked them over the internet.

Nov 08 10:44

Tech Execs Explain Bill of Rights to Moronic Congressmen Demanding Censorship

Last Wednesday Rep. Adam Schiff (D, CA), Rep. Trey Gowdy ( R, SC), Sen. Dianne Feinstein (D, CA), Sen. Mark Warner (D, VA), Rep. Jackie Speier (D, CA), Sen. Tom Cotton (R , AR ), and Rep. Joaquin Castro (D, TX) tried to intimidate executives from Facebook, Twitter, and Google into blocking all digital dissent to the anti-Trump/Russian line taken by the DNC and military/security complex and to serve as spy agencies for the CIA.

Two of the above—Gowdy and Cotton—are Republicans who have aligned themselves with the attack on Russia and Republican President Trump.

What unites the members of the two parties is that they want a police state.

Nov 08 10:18

Facebook asks users for nude photos in project to combat revenge porn

Facebook is asking users to send the company their nude photos in an effort to tackle revenge porn, in an attempt to give some control back to victims of this type of abuse.

Individuals who have shared intimate, nude or sexual images with partners and are worried that the partner (or ex-partner) might distribute them without their consent can use Messenger to send the images to be “hashed”. This means that the company converts the image into a unique digital fingerprint that can be used to identify and block any attempts to re-upload that same image.

Webmaster's Commentary: 

Somehow I don't think this will get a huge response.

Nov 08 09:32

Netflix WARNING - Scam e-mail tries to steal YOUR credit card details

NETFLIX users have been warned about an e-mail targeting millions of subscribers that says their membership has been suspended, but it’s a scam

Nov 07 19:23

Wasserman Schultz In Hot Seat After Confession Most Wikileaks Emails Sent AFTER DNC Realized They Were Being Hacked

In yet another head-scratching move, a new report says Democrat operatives sent thousands of emails, many of which were published by WikiLeaks at a later date, despite knowing the DNC was under cyber attack from alleged ‘Russian hackers.’

...

“The fact that newly-written emails continued to be captured weeks after the DNC’s top staff was well aware it had been breached raises questions about why Wasserman Schultz and Dacey did not turn to the FBI, and whether the FBI could have immediately stemmed the flow,” writes Daily Caller report Luke Rosiak.

Nov 07 16:51

Don't worry about those 40 Linux USB security holes. That's not a typo

The Linux kernel USB subsystem has more holes than a donut shop. On Monday, Google security researcher Andrey Konovalov disclosed 14 Linux USB flaws found using syzkaller, a kernel fuzzing tool developed by another Google software engineer, Dmitry Vyukov.

That's just the tip of the iceberg. In an email to The Register, Konovalov said he asked for CVEs for another seven vulnerabilities on Tuesday, and noted there are something like 40 that have not been fixed or triaged.

Konovalov downplayed the risk posed by the flaws, based on the fact that physical access is a prerequisite to an attack.

Nov 07 16:50

Google's answer to the Pixel 2 XL CRT-style screen burn in: Lower the brightness

To address the burn-in problem, Google is lowering the overall display brightness by 50 nits, and tweaked the always-on navigation bar. The bar now fades after a short period of inactivity. Both of these measures should reduce burn-in, fingers crossed. A new saturated color mode has been added, again to compensate for display quality issues.

However, “this does not address the real problem: you’re blaming user preference rather than the simple fact the Pixel 2 XL is not calibrated properly,” tech journo and phone pundit Gordon Kelly pointed out.

Nor does the navigation bar fading fully address the issue of burn-in long term. “The elephant in the room is Google's insistence on not having hardware navigation buttons, certainly the [non-XL] Pixel 2 has more than enough bezel space for them!” complained one fandroid. In other words, Google could have had actual touch-sensitive buttons on the handset but went with an on-screen nav bar that is burned into displays over time.

Nov 07 16:48

Parity calamity! Wallet code bug destroys $280 MEEELLION in Ethereum

There's a lot of hair-pulling among Ethereum alt-coin hoarders today – after a programming blunder in Parity's wallet software let one person bin $280m of the digital currency belonging to scores of strangers, probably permanently.

Parity, which was set up by Ethereum core developer Gavin Woods, admitted today that a user calling themselves devops199 had "accidentally" triggered a bug in its multi-signature wallets that hold Ethereum coins. As a result, wallets created after July 20 are now locked down and inaccessible, quite possibly permanently, thus nuking $90m of Woods' own savings.

Nov 07 15:51

MINIX: ?Intel's hidden in-chip operating system

Buried deep inside your computer's Intel chip is the MINIX operating system and a software stack, which includes networking and a web server. It's slow, hard to get at, and insecure as insecure can be.

Nov 07 09:47

Why Apple’s iPhone X is bad — for the environment

There have been 7.1 billion smartphones manufactured since 2007, according to Greenpeace — enough to equip nearly every person in the world with a device. Yet, new devices like the iPhone X continue to be produced as consumers seek out new and improved models.

“It’s magnifying the problem very significantly,” said Alex Sebastian, co-founder of Orchard, a Canadian company that resells smartphones. “If you look at a computer, most people use it until it’s unusable. But people have gotten used to new updates to the phone every one to two years.”

Nov 07 09:30

Let's get ready to grumble! UFC secretly choke slams browsers with Monero miners

Yet another website has been caught secretly running Coin Hive's JavaScript that silently pressgangs visitors' computers into mining the Monero digital currency.

On Monday, it was the turn of Ultimate Fighting Championship's pay-per-view ufc.tv site, which streams mixed martial arts battles in which men and women in tight outfits beat the crap out of each other in a cage.

What's super rude is that this is the website people pay good money to watch fights, and yet it was quietly using viewers' PCs to generate alt-coins, making whoever put the code there a fast buck on the side.

Nov 07 09:29

It's 2017 and you can still pwn Android gear with Wi-Fi packets – so get patching now

In an effort similar to Gal Beniamini's work scrutinizing Broadcom's insecure wireless technology, Bauer went looking for low-level remote-code-execution vulnerabilities in Google-powered gadgets, found them, and reported them so they can be addressed.

The result of that effort is some juicy security fixes that were released on Monday by Google. These need to be installed on vulnerable Android devices to protect them from attacks leveraging the now-documented bugs.

Essentially, it is possible vulnerable Android gizmos can be secretly commandeered by nearby hackers via Wi-Fi due to flaws in the aforementioned wireless driver code, originally developed by Qualcomm Atheros. So check for updates from Google, via the Settings app, and install this month's Android security updates if or when they are available for your devices.

Nov 07 09:27

HOW A TINY ERROR SHUT OFF THE INTERNET FOR PARTS OF THE US

A YEAR AGO, a DDoS attack caused internet outages around the US by targeting the internet-infrastructure company Dyn, which provides Domain Name System services to look up web servers. Monday saw a nationwide series of outages as well, but with a more pedestrian cause: a misconfiguration at Level 3, an internet backbone company—and enterprise ISP—that underpins other big networks. Network analysts say that the misconfiguration was a routing issue that created a ripple effect, causing problems for companies like Comcast, Spectrum, Verizon, Cox, and RCN across the country.

Nov 07 09:24

Would insurance firms pay out if your driverless car got hacked?

Legal academics from Exeter University warned that a mass hack scenario, where a group of the same cars is hacked by malicious actors and used to cause mayhem, may not be covered by insurers. Making certain that insurance companies pay out for driverless car accidents, instead of individual drivers and owners, is the whole point of the AEV Bill.

Nov 07 09:22

Oh Brother: Hackers can crash your unpatched printers – researchers

Security researchers have said they've uncovered a new way for hackers to crash Brother printers.

More specifically, they've put out an advisory saying a vulnerability in the web front-end of Brother printers (the Debut embedded http server) allows an attacker to launch a Denial of Service attack. The attack might be carried out simply by sending a single malformed HTTP POST request, they claim.

“The attacker will receive a 500 error code in response, the web server is rendered inaccessible and all printing will cease to function,” Trustwave explains. “This vulnerability appears to affect all Brother printers with the Debut web front-end.”

Nov 07 09:19

Built-in Keylogger Found in MantisTek GK2 Keyboards—Sends Data to China

The popular 104-key Mantistek GK2 Mechanical Gaming Keyboard that costs around €49.66 has allegedly been caught silently recording everything you type on your keyboard and sending them to a server maintained by the Alibaba Group.

Nov 06 16:42

Schools Installing Cameras In High School Bathrooms; Parents Outraged Over Disgusting Privacy Violation

By Aaron Kesel

Windsor Charter Academy in Colorado is under fire by parents of students for its decision to install cameras in its high school bathrooms, KDVR Fox reported.

Windsor Charter Academy executive director Rebecca Teeples stated that the installation of cameras “improves safety for students while helping secure the building.”

The stalls in the bathroom go from the floor to the ceiling but many worry that it’s still a violation of privacy to put a camera into a bathroom...

Nov 06 15:49

Paradise Papers reveal how iPhone giant Apple set up secretive new offshore structure to avoid billions in taxes after Irish crackdown

But after the EU announced a probe into the tax arrangements in 2013, Apple was forced to find an offshore base that would serve as a tax residency for its subsidiaries in Ireland.

The leaked Paradise Papers revealed that the following year Apple's legal advisers sent documents to law firm Appleby asking for a recommendation on which jurisdiction would be best.

...

Competition Commissioner Margrethe Vestager said the maker of iPhones paid just 1 per cent tax on its European profits in 2003 and 0.005 per cent in 2014.

Ms Vestager said Apple was paying just €50 in tax on every €1million of profit it made in 2014.

At the time a spokesman for the firm said: 'Apple follows the law and pays all of the taxes we owe wherever we operate. We will appeal and we are confident the decision will be overturned.'

Nov 06 13:57

A New Level Of Twitter Censorship

Twitter no longer believes in “speaking truth to power,” according to its latest rules update in the midst of US lawmakers’ frantic hunt for “Russian meddling” in social media.

Nov 06 10:41

iPhone users fume over letter 'i' bug

Some iPhone users have been left frustrated after an update to the iOS operating system started inexplicably auto-correcting the letter "i" to a capital "a" and a question mark.

The affected version of iOS, 11.1, is available on iPhones and iPads.

"I have a $1,150 [£877] telephone that can't read the letter 'i'," wrote Mike Murphy, a technology reporter for news website Quartz, on Twitter.

Apple has described a temporary fix for the problem on its website.

Nov 05 19:19

Three-Star General Wants AI in Every New Weapon System

“The Department of Defense should never buy another weapons system for the rest of its natural life without artificial intelligence baked into it,” Shanahan said.

Nov 05 19:16

Don't Pay Verizon's $10 'Premium Video' Upcharge

Verizon did not response to an inquiry as to whether guaranteed frame rates. But it did acknowledge, again, that most people won't get much, if anything, out of the hi-def up-charge.

...

All in all, Premium Video adds up to a raw deal. Don’t pay for it. But do get frustrated at the gall of Verizon to throttle video in the first place, and then to charge for what amounts to thin air. Actually scratch that; air you can at least get some use out of.

Nov 05 19:03

Google can read your corporate data. Are you OK with that?

On Halloween, Google told its Google G Suite users that “this morning, we made a code push that incorrectly flagged a small percentage of Google Docs as abusive, which caused those documents to be automatically blocked. A fix is in place and all users should have full access to their docs.”

That misfire reminded everyone that cloud providers have access to all your data. Many people worried that Google was scanning users’ documents in real time to determine if they’re being mean or somehow bad. You actually agree to such oversight in Google G Suite’s terms of service.

Those terms include include personal conduct stipulations and copyright protection, as well as adhering to “program policies.” Who knows what made the program that checks for abuse and other violations of the G Suite terms of service to go awry. But something did.

Nov 05 18:56

DoS scum attacked one-third of the 'net between 2015 and 2017

One-third of Internet hosts with IPv4 addresses were subject to denial of service attacks in the last two years.

Nov 05 18:55

Fake WhatsApp On Google Play Store Downloaded By Over 1 Million Android Users

Yesterday some users spotted a fake version of the most popular WhatsApp messaging app for Android on the official Google Play Store that has already tricked more than one million users into downloading it.

...

Google has now removed the fake WhatsApp Android app from its official Play Store, but this incident once again marked the tech giant's failure to spot the scam on its app platform—even for the program that had more than a million downloads.

It is an unfortunate truth that even after so many efforts by Google (even recently launched Bug Bounty Program), malicious apps continuously somehow managed to fool its Play Store's security mechanism and infect millions of Android users.

Nov 05 18:47

Intel ME: The Way of Static Analysis

In short, ME is a separate processor embedded in the chipset of any modern computer with an Intel CPU. ME runs even when the computer is sleeping or powered off (as long as it is plugged in to a power outlet). ME can access any part of RAM, but the RAM region used by ME is not accessible from the OS. What’s more, ME is capable of out-of-band access to the network adapter.

Nov 05 18:33

Intel's Management Engine is a security hazard, and users need a way to disable it

Since 2008, most of Intel’s chipsets have contained a tiny homunculus computer called the “Management Engine” (ME). The ME is a largely undocumented master controller for your CPU: it works with system firmware during boot and has direct access to system memory, the screen, keyboard, and network. All of the code inside the ME is secret, signed, and tightly controlled by Intel. Last week, vulnerabilities in the Active Management (AMT) module in some Management Engines have caused lots of machines with Intel CPUs to be disastrously vulnerable to remote and local attackers. While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one.

Nov 05 18:28

MINIX — The most popular OS in the world, thanks to Intel

According to Google, which is actively working to remove Intel’s Management Engine (MINIX) from their internal servers (for obvious security reasons), the following features exist within Ring -3:

Full networking stack
File systems
Many drivers (including USB, networking, etc.)
A web server

That’s right. A web server. Your CPU has a secret web server that you are not allowed to access, and, apparently, Intel does not want you to know about.

Why on this green Earth is there a web server in a hidden part of my CPU? WHY?

The only reason I can think of is if the makers of the CPU wanted a way to serve up content via the internet without you knowing about it. Combine that with the fact that Ring -3 has 100 percent access to everything on the computer, and that should make you just a teensy bit nervous.

The security risks here are off the charts — for home users and enterprises. The privacy implications are tremendous and overwhelming.

Nov 05 17:25

The AI Robot is Here

Nov 05 09:57

Google buries 'Clinton body count': Search engine accused of hiding negative stories during Hillary's campaign 

Google has been accused of burying internet searches about an infamous list of mysterious deaths and murders of people allegedly connected to the Clintons.

The search engine altered an algorithm to prevent searches for 'Clinton body count' from auto-completing, InfoWars reports.

Yet when internet users begin to enter the phrase on the likes of Bing or Yahoo search engines, the phrase auto-completes as the top result.

On Google, stories about the Clinton body count are buried under the top results about car repair shops in Clinton.

Webmaster's Commentary: 

For those of you still using Google, here is the Clinton Body Count!

Spread it far and wide!

Nov 04 09:15

FLASHBACK - Pentagon buys social networking 'spy software'

The Pentagon has purchased a pioneering software programme that creates fake identities on social media websites, in an attempt to infiltrate and influence suspected terrorists and extremists overseas.

Nov 02 21:18

Twitter silences Trump! President's account is DEACTIVATED for 11 minutes by a rogue employee on their last day - sending social media into a frenzy

President Donald Trump's Twitter account disappeared for 11 minutes on Thursday evening after the rogue employee at the social networking company removed the entire profile.

The sabotage took place shortly before 7 p.m. on Thursday when social media reports surfaced that the president's personal account @realdonaldtrump was unavailable, providing the error message that the user 'does not exist.'

After a brief investigation Twitter owned up and took responsibility for the outage.

In a tweeted statement, the company said Trump's account was 'inadvertently deactivated due to human error' by one of its employees.

Nov 02 21:14

Is Facebook Secretly Listening to Your Conversations? This Video Says Yes

One married couple claims to have conducted an experiment and reached a harrowing conclusion. They say Facebook is listening to our conversations and adjusts their ads accordingly.

With phones close, the couple talked incessantly about cat food for an entire day in July.

“The cat is almost out of food,” they said. “We should buy some cat food.”

Here’s the thing. They don’t have a cat and claim to have never searched the Internet for feline-related content.

Two days later, according to the video, Facebook began showing them ads for cat food and similar products.

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA