COMPUTERS/INTERNET/SECURITY | WHAT REALLY HAPPENED


COMPUTERS/INTERNET/SECURITY

Nov 24 16:43

Warnings over net-connected Christmas gadgets

Net-connected toys and gadgets bought as Christmas gifts could put the privacy and safety of children at risk, warns the UK's data regulator.

Many toys have poor security, easy to guess passwords and cannot be updated to fix bugs, said deputy information commissioner Steve Wood.

Some are so poorly protected that they could be used by hackers as a route into a home network, he said.

He urged parents to take care when buying the smart devices.

Nov 24 16:32

There's Some Intense Web Scans Going on for Bitcoin and Ethereum Wallets

With both Bitcoin and Ethereum price hitting all-time highs in the past seven days, cyber-criminals have stepped up efforts to search and steal funds stored in these two cryptocurrencies.

These mass Internet scanning campaigns have been recently picked up by various honeypots installed by security researchers across the Internet.

Nov 24 16:28

Staggering Variety of Clandestine Trackers Found In Popular Android Apps

Researchers at Yale Privacy Lab and French nonprofit Exodus Privacy have documented the proliferation of tracking software on smartphones, finding that weather, flashlight, rideshare, and dating apps, among others, are infested with dozens of different types of trackers collecting vast amounts of information to better target advertising.

Exodus security researchers identified 44 trackers in more than 300 apps for Google’s Android smartphone operating system. The apps, collectively, have been downloaded billions of times. Yale Privacy Lab, within the university’s law school, is working to replicate the Exodus findings and has already released reports on 25 of the trackers.

Yale Privacy Lab researchers have only been able to analyze Android apps, but believe many of the trackers also exist on iOS, since companies often distribute for both platforms.

Nov 24 16:26

BLACK FRIDAY NIGHTMARE: Furious customers are complaining that Macy's won't let them pay as system glitches

Customers are complaining about Macy's credit card systems failing across the country on Black Friday.

"Macys credit card system down nationwide," Kenn White tweeted at 1:29 p.m. ET on Friday. "They are not informing shoppers standing in long lines. Getting ugly out there."

Many other people reported similar problems on social media.

Nov 24 16:23

Linus Torvalds on security: 'Do no harm, don't break users'

Torvalds' post explained his view that “... the number one rule of kernel development is that 'we don't break users'.”

“Because without users, your program is pointless, and all the development work you've done over decades is pointless.”

“Because in the end, those users really do matter. Without those users, your system may be 'secure', but all your security work was still just masturbation. You didn't do anything useful at all in the end.”

Nov 22 09:04

Microsoft says Win 8/10's weak randomisation is 'working as intended'

Microsoft has rebutted analysis that suggested its Address Space Layout Randomisation (ASLR) technology could be exploited.

Redmond's response, posted here, was that ASLR is working as intended, and that the lack of randomisation discovered by Will Dormann - with assistance from Matt Miller of Microsoft - was a feature, not a bug.

Nov 22 08:59

'Urgent data corruption issue' destroys filesystems in Linux 4.14

Using bcache to speed Linux 4.14? Stop if you want your data to live

Nov 22 08:17

Building our own system of internet is possible - and it may be the counter the federal government wasn’t prepared for

The Federal Communications Commission will announce a full repeal of net neutrality protections Wednesday, according to the New York Times and several other media outlets. It is possible that a committee of telecom industry plutocrats who have from the outset made it their mission to rollback regulations on the industry will bow to public pressure before Wednesday, but let’s not count on it.

Nov 22 07:54

The Book Of Broken Promises: $400 Billion Broadband Scandal And Free The Net

By the end of 2014, America will have been charged about $400 billion by the local phone incumbents, Verizon, AT&T and CenturyLink, for a fiber optic future that never showed up. And though it varies by state, counting the taxes, fees and surcharges that you have paid every month (many of these fees are actually revenues to the company or taxes on the company that you paid), it comes to about $4000-$5000.00 per household from 1992-2014, and that’s the low number.

You were also charged about nine times to wire the schools and libraries via state and federal plans designed to help the phone and cable companies.

Nov 22 07:54

The U.S. ranks 28th in the world in mobile internet speeds

The U.S. lags behind much of the rest of the developed world in mobile internet speeds, ranking 28th.

The U.K. has the fastest mobile speeds, with an average of 26 megabits per second, according to the latest State of the Internet Report by content delivery company Akamai. Among the 62 countries Akamai measured, the U.S. isn’t even in the Top 25, at 10.7 Mbps. (The U.S. ranks 10th in the world for average wireline internet speed.)

Measuring mobile internet speeds is increasingly more important as mobile takes up a bigger share of our overall internet usage and as people increasingly use phones as their main source of internet.

Nov 22 07:50

Google: 'No Concrete Plans' to De-Rank Content of Russian Media

Schmidt did not comment on whether engineering a software to hide information could be seen as amounting to censorship. Giving insight on the capabilities of the new algorithm, the official did merely indicate that it would be able to detect "repetitive, exploitative, false, and weaponized" information.

In the meantime, a representative of Google has told Sputnik that tech giant had no concrete plans to de-rank Russian media, including the RT and Sputnik news outlets.

Nov 22 07:32

Samsung all-but confirms foldable Galaxy X smartphone in devastating new leak

SAMSUNG appears to have all-but confirmed the existence of its long-rumoured Galaxy X smartphone, which is tipped to launch alongside the Galaxy S9 and S9 Plus and feature a foldable OLED display.

Nov 22 06:12

No, you’re not being paranoid. Sites really are watching your every move

If you have the uncomfortable sense someone is looking over your shoulder as you surf the Web, you're not being paranoid. A new study finds hundreds of sites—including microsoft.com, adobe.com, and godaddy.com—employ scripts that record visitors' keystrokes, mouse movements, and scrolling behavior in real time, even before the input is submitted or is later deleted.

Nov 21 16:58

Google’s Eric Schmidt Says Americans Too Dumb To Detect Fake News, Plans to “Derank” Russian News

By Derrick Broze

Eric Schmidt has made news with his latest announcement that Google is working on ways to “derank” Russian media in the search engine’s results. But it won't end there...

Nov 21 16:48

Killer robots which use facial recognition before slaughtering people 'will be devastating to humankind'

Killer robots capable of using facial recognition before slaughtering people 'will be devastating to humankind', a top professor warned.

Professor Stuart Russell, a leading artificial intelligence (AI) expert at the University of California, said allowing machines to kill humans would endanger freedom and security.

Nov 21 16:44

Uber Paid Hackers to Delete Stolen Data on 57 Million People

Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

Nov 21 12:39

Google’s Eric Schmidt, arbiter of news, has long history with Obama & Clinton

Eric Schmidt, the executive chairman of Google's parent company Alphabet, announced that his company will 'de-rank' RT's articles online, calling them propaganda. Is he concerned for the integrity of news, or are his motives more partisan?

The 62-year-old, with an estimated wealth of $11.1 billion, has never hidden his political leanings, jumping straight into Hillary Clinton's presidential campaign long before she officially announced her candidacy. In one of John Podesta's leaked emails, the long-time Clinton confidant and chairman of her presidential campaign told her soon-to-be campaign manager Robby Mook that he had met with Schmidt in April 2014, more than a year before Clinton told the American public that she was hoping to become their next president.

Nov 21 12:03

GOOGLE ADMITS IT TRACKED USER LOCATION DATA EVEN WHEN THE SETTING WAS TURNED OFF

Android phones gather your location data and send it to Google, even if you’ve turned off location services and don’t have a SIM card, Quartz reported today.

Nov 21 11:31

The FCC is trying to roll back net neutrality.

Join Tulsi and stand in opposition to the FCC’s decision to get rid of net neutrality. The FCC is a government entity obligated to the serve the public interest - however, their decision to repeal net neutrality serves corporate interests, and must be stopped. Add your name if you agree.

Nov 21 10:19

An Ethereum Startup Just Vanished After People Invested $374K

A startup on the Ethereum platform vanished from the internet on Sunday after raising $374,000 USD from investors in an Initial Coin Offering (ICO) fundraiser.

Confido is a startup that pitched itself as a blockchain-based app for making payments and tracking shipments. It sold digital tokens to investors over the Ethereum blockchain in an ICO that ran from November 6 to 8. During the token sale, Confido sold people bespoke digital tokens that represent their investment in exchange for ether, Ethereum’s digital currency.

But on Sunday, the company unceremoniously deleted its Twitter account and took down its website.

Nov 21 10:03

Your every keystroke is recorded by more than 400 of the world's most popular websites, including Spotify and Skype, to log your private data

Some of the web's most popular sites could be tracking your every move, a shocking new study has found.

Hundreds of homepages, including those of Microsoft, Adobe and Wordpress, use secret code, called 'session replay' scripts, to monitor your online activity.

Hidden strings of data are used to record everything you do while visiting a page, including what you type and where you move your mouse.

This could be used by third parties to reveal everything from credit card details to medical complaints, as well as putting you at risk of identity theft and online scams.

Data release: list of websites that have third-party “session replay” scripts:

https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_...

Nov 21 09:57

It was El Reg wot won it: Bing banishes bogus Brit bank banner ad

Microsoft has axed a Bing search result advert that masqueraded as a legit online banking website – but was in fact a sophisticated phishing operation.

Searching for "TSB" – as in the UK's TSB Bank – on the Great Britain edition of Bing would bring up, right at the top of the page, a search ad for a phishing website described as "TSB – Welcome to TSB UK – Online Personal Account". Clicking on the link would direct marks to a phishing page pretending to be the bank's login portal, we're told.

A Reg reader told us he tried to report the fraudulent ad to Microsoft, and to TSB, yet the advert remained on search result pages. So he turned to us, we prodded Redmond, and over the weekend, the ad and the account that created it were black holed. Hooray.

Nov 21 09:56

Windows 8 broke Microsoft's memory randomisation

A Carnegie-Mellon CERT researcher has discovered that Microsoft broke some use-cases for its Address Space Layout Randomisation (ASLR), designed to block code-reuse attacks.

The bug is simple: as of Windows 8, a bug in Microsoft's system-wide mandatory ASLR implementation meant applications were allocated addresses with zero entropy – in other words, they weren't randomised. Windows 10 has the problem, too.

Nov 21 09:47

Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable

The most severe vulnerability (CVE-2017-5705) involves multiple buffer overflow issues in the operating system kernel for Intel ME Firmware that could allow attackers with local access to the vulnerable system to "load and execute code outside the visibility of the user and operating system."

The chipmaker has also described a high-severity security issue (CVE-2017-5708) involving multiple privilege escalation bugs in the operating system kernel for Intel ME Firmware that could allow an unauthorized process to access privileged content via an unspecified vector.

Systems using Intel Manageability Engine Firmware version 11.0.x.x, 11.5.x.x, 11.6.x.x, 11.7.x.x, 11.10.x.x and 11.20.x.x are impacted by these vulnerabilities.

Webmaster addition: Flaws, or NSA-mandated back doors?

Nov 21 09:24

No, you’re not being paranoid. Sites really are watching your every move

If you have the uncomfortable sense someone is looking over your shoulder as you surf the Web, you're not being paranoid. A new study finds hundreds of sites—including microsoft.com, adobe.com, and godaddy.com—employ scripts that record visitors' keystrokes, mouse movements, and scrolling behavior in real time, even before the input is submitted or is later deleted.

Nov 21 08:31

Google Executive Says New Algorithm Will Hide RT, Sputnik Articles

Eric Schmidt, the executive chairman of Google's parent company, Alphabet, announced Saturday that the company will "engineer" algorithms that will make it harder for articles from Sputnik News and RT to appear on the Google News service.

Webmaster's Commentary: 

Stop using Google News service.

Nov 21 08:18

Amazon launches ‘Secret Region’ cloud service for US intel agencies

Amazon announced it has launched a “Secret Region” on its cloud computing service for use by US intelligence and other government agencies. The provider is now able to store government information classified as “Top Secret.”

Nov 21 08:06

POLICE ARE USING DNA MUGSHOTS TO ARREST INNOCENT PEOPLE

A recent Washington Times article, boasts that Texas law enforcement used predictive DNA imaging or 'Phenotyping' to guess what a suspect’s physical characteristics might be. This is not a joke, this is actually happening in police departments across the country.

Nov 20 17:53

Intel fixes critical holes in secret Management Engine hidden in desktop, server chipsets

Intel advises Microsoft and Linux users to download and run the Intel-SA-00086 Detection tool to determine whether their systems are vulnerable. If you are at risk, you must obtain firmware updates from your computer's manufacturer. Lenovo was quick off the mark with patches for its gear.

We'll give you a roundup of fixes as soon as we can. It's not thought Apple x86 machines are affected as they do not ship with Intel's ME, as far as we can tell.

Nov 20 12:28

STUDY OF 500,000 TEENS SUGGESTS ASSOCIATION BETWEEN EXCESSIVE SCREEN TIME AND DEPRESSION

It’s a cultural stereotype as old as the landline: teenagers love their phones. But for North American teen girls, especially, increasing smartphone use could have a darker side. Depression and suicide rates in teenagers have jumped in the last decade—doubling between 2007 and 2015 for girls—and the trend suspiciously coincides with when smartphones became their constant companions. A recent study places their screen time around nine hours per day.

Nov 20 10:34

Ex-Google Engineer Says He’s ‘In The Process Of Raising A Robot GOD’ That Will Take Charge Of Humans

An ex-Google engineer who has registered the first church of AI says he is ‘raising a god’ that will that charge of humans.

The robot god will head a religion called Way Of The Future (WOTF), which will eventually have a gospel called ‘The Manual’, rituals and even a physical place of worship.

Nov 20 09:20

Android Bug Lets Attackers Record Audio & Screen Activity on 3 of 4 Smartphones

Android smartphones running Lolipop, Marshmallow, and Nougat, are vulnerable to an attack that exploits the MediaProjection service to capture the user's screen and record system audio

Based on the market share of these distributions, around 77.5% of all Android devices are affected by this vulnerability.

Nov 19 14:30

Detecting Disinformation Agents

There are several types of disinformation agents, from high-profile ones who gain a lot of publicity and promote well-crafted stories, to low-level ones who serve to flood the Internet with less reputable claims. This document deals primarily with the former.

The ultimate purpose of a disinformation agent is three-fold:

a) to create a sense of ridicule about anything that they include in their story so that even what is true will be not be believed by intelligent people,

b) to mislead those who are gullible enough to believe their story, and

c) to divert the efforts of those who seek to know the truth through further investigation.

Although disinformation agents are used to cover up the truth, their claims should not be written off completely, since they can still teach us something about the underlying truth that they’re meant to cover up.

Nov 19 09:08

UC Berkeley professor's 'Slaughterbots' video goes viral

Stuart Russell and the Future of Life Institute created this eerie video that depicts a future in which humanity develops lethal drones. Media: Future of Life Institute

Nov 18 22:37

A Boeing 757 was hacked and now DHS is worried more planes could be at risk

A Department of Homeland Security official admitted that the agency was able to remotely hack into a Boeing 757 during a test in 2016.
The DHS official indicated that he and his team were able to do so without having any direct contact with the aircraft or using any materials that would be flagged by security.
While the exact details of the hack are confidential, Boeing insists that the hackers were not able to take control of the aircraft's flight systems.

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA