COMPUTERS/INTERNET/SECURITY | WHAT REALLY HAPPENED


COMPUTERS/INTERNET/SECURITY

Nov 17 15:50

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

Chinese drone maker DJI left the private key for its dot-com's HTTPS certificate exposed on GitHub for up to four years, according to a researcher who gave up with the biz's bug bounty process.

DJI also exposed customers' personal information – from flight logs to copies of government ID cards – to the internet from misconfigured AWS S3 buckets.

By leaking the wildcard SSL cert private key, which covers *.dji.com, DJI gave miscreants the information needed to create spoof instances of the manufacturer's website with a correct HTTPS certificate, and silently redirect victims to the malicious forgeries and downloads via standard man-in-the-middle attacks. Hackers could also use the key to decrypt and tamper with intercepted network traffic to and from its web servers.

Nov 17 15:48

Massive US military social media spying archive left wide open in AWS S3 buckets

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest.

The archives were found by veteran security breach hunter UpGuard's Chris Vickery during a routine scan of open Amazon-hosted data silos, and these ones weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive.

Nov 17 15:47

Banking Trojan Gains Ability to Steal Facebook, Twitter and Gmail Accounts

Security researchers have discovered a new, sophisticated form of malware based on the notorious Zeus banking Trojan that steals more than just bank account details.

Dubbed Terdot, the banking Trojan has been around since mid-2016 and was initially designed to operate as a proxy to conduct man-in-the-middle (MitM) attacks, steal browsing information such as stored credit card information and login credentials and injecting HTML code into visited web pages.

However, researchers at security firm Bitdefender have discovered that the banking Trojan has now been revamped with new espionage capabilities such as leveraging open-source tools for spoofing SSL certificates in order to gain access to social media and email accounts and even post on behalf of the infected user.

Nov 17 13:28

PENTAGON MASS SURVEILLANCE SLURPED UP THE WORLD'S SOCIAL MEDIA TRAFFIC; THEN THEY DUMPED IT ON A PUBLICLY ACCESSIBLE AMAZON CLOUD SERVER

The Upguard Cyber Risk Team has found three Department of Defense mass-storage "buckets" on Amazon that are world-viewable, containing 1.8 billion of social media posts that the DoD scraped from social media over 8 years as part of its global surveillance program.

Nov 17 11:32

VW to invest about $40 billion in electric cars

Volkswagen AG plans to invest around $40 billion over the next five years to develop electric vehicles, self-driving cars and Uber-like mobility app services in the clearest sign yet that auto makers are betting the future of their industry on the new technology.

Volkswagen's drive to produce electric cars and self-driving vehicles comes as the entire industry pivots from a century-old business model of building gas-powered cars for the family to producing fleets of electric cars that in just a few years are expected to drive themselves and be part of roaming robot taxi services.

Nov 17 11:00

Ex-Google Engineer Says He’s ‘In The Process Of Raising A Robot GOD’ That Will Take Charge Of Humans

An ex-Google engineer who has registered the first church of AI says he is ‘raising a god’ that will that charge of humans.

Nov 17 08:57

Another preinstalled app found on OnePlus that could collect user data

A couple of days ago it was reported that an IT security researcher Robert Baptiste who goes by the handle of Elliot Alderson on Twitter had discovered a pre-installed backdoor application called “EngineerMode” on OnePlus smartphones including its 5, 3, 3T models and OxygenOS for OnePlus 1.

Now, the same researcher has found another preinstalled app in OnePlus devices sold to customers around the world. Dubbed OnePlusLogKit by researchers, the app runs with system privileges and has access to user’s GPS logs, WiFI data, Bluetooth, NFC, photos, videos, and list of the running processes – All that without the user’s permission or knowledge.

This means while EngineerMode allowed an attacker to root the device; OnePlusLogKit lets attackers access personal data of OnePlus users. However, in this case, an attacker has to have physical access to the targeted device and then dial *#800# – click on “Get Wireless log.”

Nov 17 07:38

Why People Will Happily Line Up to be Microchipped Like Dogs

So...some people actually want to be microchipped like a dog. They're lining up for it. They're having parties to get it done. It if isn't available to them, they're totally bummed out.

I'm not even going to venture into the religious aspect of having a microchip inserted into a human being. Let's just talk about the secular ramifications.

Nov 17 06:57

Amazon Key door-entry flaw: No easy fix to stop rogue couriers burgling your place unseen

Amazon has pushed out an emergency security update to its door-unlocking system called Key – which is used by couriers to let themselves into people's homes to drop off packages inside when folks are out.

Delivery workers show up at a home, and use a smartphone to temporarily disable the lock on the front door so they can pop in. As part of the system, a Wi-Fi-connected webcam watches the door from the inside to record any theft or other mischief.

One little flaw: if you flood the camera off the wireless network with deauthorization packets – and an attacker doesn't need to know your Wi-Fi password to do this – it effectively freezes the equipment and prevents the door from being locked. The camera stops streaming its video feed across the internet to Amazon's cloud, so anyone monitoring the scene from Amazon's app will just see a still image: the last shot received.

Nov 17 06:55

Windows Update borks elderly printers in typical Patch Tuesday style

Microsoft's latest batch of software updates for Windows has been blamed for a mysterious ailment befalling some poor old Epson dot-matrix printers.

Reg readers let us know that, after installing this week's Patch Tuesday payload from Redmond, their Windows boxes no longer work with Epson's dot matrix printers (which are still a thing, apparently, especially among those working with accounting software like Sage).

"I had two clients today whose Epson dot matrix printers stopped working after applying this month’s cumulative update on Windows 10 and Windows 7," one tipster told us. "It just seems to eat the print job."

Nov 17 06:50

Kaspersky: NSA Worker's Computer Was Already Infested With Malware

Refuting allegations that its anti-virus product helped Russian spies steal classified files from an NSA employee's laptop, Kaspersky Lab has released more findings that suggest the computer in question may have been infected with malware.

Moscow-based cyber security firm Kaspersky Lab on Thursday published the results of its own internal investigation claiming the NSA worker who took classified documents home had a personal home computer overwhelmed with malware.

According to the latest Kaspersky report, the telemetry data its antivirus collected from the NSA staffer's home computer contained large amounts of malware files which acted as a backdoor to the PC.

The report also provided more details about the malicious backdoor that infected the NSA worker's computer when he installed a pirated version of Microsoft Office 2013 .ISO containing the Mokes backdoor, also known as Smoke Loader.

Nov 16 16:30

BOSTON DYNAMICS' ATLAS ROBOT DOES BACKFLIPS NOW AND IT'S FULL-TILT INSANE

ATLAS, THE HULKING humanoid robot from Boston Dynamics, now does backflips. I’ll repeat that. It’s a hulking humanoid that does backflips.

Nov 16 15:01

White House Releases Rules On Reporting Cybersecurity Flaws

After a hacker stole cyber tools from an NSA “stockpile” to carry out the WannaCry cyberattack, the White House is now revealing how and when the government decides to disclose vulnerabilities or keep them secret.

On Wednesday, the White House published a charter that details the Vulnerabilities Equities Process (VEP), which was established under former President Barack Obama to determine whether disclosing a vulnerability was in the government’s best interest.

Nov 16 11:39

Hackers Obtained Access to NSA Employee’s Home Computer, Kaspersky Lab Reveals

Kaspersky IT security company has announced that access to information on the home computer of the employee of the US National Security Agency (NSA) could have been obtained by an unknown number of hackers.

According to the Kaspersky Lab probe that is linked to media reports about the company’s software allegedly having been used to search and download classified information from the home computer of a NSA employee, the user’s computer was infected with Mokes backdoor, a malware that allows the hackers to obtain access to a device.

"The malware… was a full blown backdoor which may have allowed third parties access to the user’s machine," the Kaspersky Lab has stated.

Nov 16 11:35

Firm’s Voice Assistant Records And Keeps Conversations You’re Having Around Your Phone When You Least Expect It

You would be forgiven for thinking that your private conversations were just that, but Google’s Voice Assistant could be recording everything you say. 

Nov 16 10:46

Surprise: Unanimous FEC to push for Internet regulation

In a major shift, Republicans on the Federal Election Commission plan to join Democrats Thursday in calling for new Internet regulations on paid digital political ads.

Nov 16 09:57

Researcher Finds Just 400 Tweets From Russia Aimed At Brexit Vote

The claims around alleged Russian meddling in British politics has been stirred by allegations that fake Twitter accounts attempted to influence the Brexit vote. But while the mere suggestion was enough to make mainstream headlines, little was said about the “infinitesimal” quantity of tweets involved.

According to Sky News, fake Twitter accounts created by an outlet known as the Russian Internet Research Agency have been accused of carrying out a “determined, coordinated attempt to interfere during the EU referendum.”

Nov 16 08:17

How China is defining the way governments manipulate their people via the internet

CHINA’S army of keyboard propagandists have set the standard for manipulating public opinion online — and a growing number of countries are trying the emulate the model.
The iconic image of a man holding his shopping while obstructing the path of a tank in China’s Tiananmen Square in 1989 became the defining image of China’s censorial government. But in the age of the internet, social media has become the front line in the Communist Party’s battle to control and suppress dissent.
The goverment’s so called keyboard army overwhelms social media sites with positive stories about the Communist Party — described by researchers as “cheerleading content” — to control the message and drown out criticism and negative stories about the regime.
The unofficial wing of the Chinese government responsible for the program is known as The 50 Cent Party. It allows just enough critical content to maintain the illusion of dissent while diverting attention towards positive propaganda.

Webmaster's Commentary: 

And the US government doesn't do this?!?

Pot...Kettle...black!!

Nov 16 06:53

How to Instantly Prove (Or Disprove) Russian Hacking of U.S. Election

It’s newsworthy that CIA head Mike Pompeo recently met with Bill Binney – who designed the NSA’s electronic surveillance system – about potential proof that the DNC emails were leaked rather than hacked.

It’s also noteworthy that the usual suspects – Neocon warmongers such as Max Boot – have tried to discredit both Binney and Pompeo.

But there’s a huge part of the story that the entire mainstream media is missing …

Specifically, Binney says that the NSA has long had in its computers information which can prove exactly who hacked the DNC … or instead prove that the DNC emails were leaked by a Democratic insider.

Remember – by way of background – that the NSA basically spies on everyone in America … and stores the data long-term.

Nov 16 06:03

Video and Photo Evidence Now Even More Easily Faked and Fabricated

Photo evidence and video evidence has been relied on in academia, science, courts of law and elsewhere to prove or refute facts and theories – but those days are coming to an end. We live in an historic era. Technological advances in the realm of computers and AI are taking place so rapidly that our world is being changed overnight. Now, software has been written that allows computers to create new faces that look like normal unique people but which are actually composite amalgams; to literally create and fabricate objects (from a basic sketch) and render them so lifelike that you won’t be able to tell the difference between the fabricated ones and the real ones; and to remove entire objects from video footage in real-time, and render in the empty space so well that it is undetectable to the eye. The days of being able to trust photo evidence and video evidence are disappearing – and the implications for human knowledge are far reaching.

Nov 15 15:50

Robot Apocalypse: “With Artificial Intelligence We Are Summoning the Demon”

Have you noticed all of the news lately about artificial intelligence and robotics, including some things that sound like absolutely terrible ideas? It's like scientists are deliberately trying to bring on a robot apocalypse. They clearly don't watch the same movies that I do.

People are getting more and more onboard with this type of technology. From Alexa to Siri, humans are interacting with artificial intelligence on a regular basis. Siri makes jokes, making the voice from your phone seem more human. It all seems so non-threatening until you look a little deeper.

But if an EMP doesn't get us first, it seems like the apocalypse that preppers need to get ready for could look a lot like The Terminator franchise.

Nov 15 13:09

Teen Killer Boasted On Facebook About Plans To Murder Schoolteacher

A schoolboy who murdered his teacher boasted that he would kill her “for £10” on Facebook, an inquest into her death has heard. Will Cornick, now 19, is serving a minimum 20-year sentence for stabbing Ann Maguire during a Spanish lesson.

Nov 15 11:49

CNN Facts First Chatter

Nov 15 11:47

Boeing 757’S Flight Controls Are HACKED Remotely While On The Runway

A group of security researchers has remotely hacked a Boeing 757 aircraft without the knowledge of the pilots, a US government official has claimed.

Nov 15 08:59

Austrian activist told he can't bring class action case against Facebook

Austrian activist Max Schrems cannot bring a class action against Facebook for privacy breaches, although he is allowed to sue the US social media giant on a personal basis, the adviser to the EU's top court said on Tuesday.

Schrems had lodged cases in an Austrian court on behalf of seven other users in Austria, Germany and India against Facebook's Irish division for various alleged rights violations involving personal data.

Facebook had argued that people can only sue as individual consumers, not as groups -- and moreover that Schrems's professional activities on his account meant he was no longer a private consumer in any case.

Nov 15 08:48

NEW ZIO APP VIRTUALLY DESTROYS THE DOME OF THE ROCK IN JERUSALEM

A smartphone app promoted by a Zionist organization allows visitors to Jerusalem to virtually destroy the Dome of the Rock and the al-Aqsa mosque and replace them with a Jewish temple.

Nov 15 08:02

A Windows 10 alternative: Microsoft should embrace, extend Linux on the desktop

I get it. The PC is too expensive to replace and you don't want Windows 10. Let me suggest another solution.

Nov 14 16:57

Cookie Consent Script Drops In-Browser Cryptocurrency Miner

A free-to-use script that helps website owners show EU cookie consent popups is dropping an in-browser cryptocurrency miner on websites that use it.

The hidden miner came to light today when Dutch security researcher Willem de Groot discovered it on the website of Albert Heijn, the biggest supermarket chain in the Netherlands.

At a closer look at the site's JavaScript files, de Groot tracked the infection to a file named "cookiescript.min.js," loaded from cookiescript.info. This domain is registered to the Cookie Consent service, a website that allows site owners to quickly put together a cookie consent popup that adheres to the EU's annoying cookie law.

The Cookie Consent service generates a block of code that webmasters must embed in their sites.

One of the cookie consent JavaScript files loaded through this service contained a copy of Crypto-Loot, an in-browser Monero miner.

Nov 14 16:31

Shocked mother finds her 10-year-old son's face can unlock her iPhone X

There are countless reasons you might not want a 10-year-old to have access to your new $1000 smartphone.

And, after setting up Apple’s FaceID, Staten Island mom Sana Sherwani joked there was ‘no way’ her son could get into it now.

Unfortunately, however, the authentication system didn’t work as planned.

In a video posted to YouTube, the shocked parents have revealed how Apple’s FaceID registers both Sherwani's face and that of her son Ammar, allowing the fifth-grader instant access to his mom’s phone.

Nov 14 15:00

Boeing 757’S Flight Controls Are HACKED Remotely While On The Runway

A group of security researchers has remotely hacked a Boeing 757 aircraft without the knowledge of the pilots, a US government official has claimed.

Nov 14 10:35

OnePlus Left A Backdoor That Allows Root Access Without Unlocking Bootloader

Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets.

A Twitter user, who goes by the name "Elliot Anderson" (named after Mr. Robot's main character), discovered a backdoor (an exploit) in all OnePlus devices running OxygenOS that could allow anyone to obtain root access to the devices.

The application in question is "EngineerMode," a diagnostic testing application made by Qualcomm for device manufacturers to easily test all hardware components of the device.

This APK comes pre-installed (accidentally left behind) on most OnePlus devices, including OnePlus 2, 3, 3T, and the newly-launched OnePlus 5. We can confirm its existence on the OnePlus 2, 3 and 5.

Nov 14 10:19

Privacy Fears Over Artificial Intelligence As Crimestopper

Police in the US state of Delaware are poised to deploy “smart” cameras in cruisers to help authorities detect a vehicle carrying a fugitive, missing child or straying senior.

Nov 14 10:14

FDA approves 'trackable' pill

US regulators have approved the first pill that can be digitally tracked through the body.

The Abilify MyCite aripiprazole tablets - for treating schizophrenia and manic episodes - have an ingestible sensor embedded inside them that records that the medication has been taken.

A patch worn by the patient transmits this information to their smartphone.

The information can also be sent to the prescribing doctor, if the patient consents to this.

Nov 14 10:12

Connected toys have ‘worrying’ security issues

Consumer watchdog Which? has called on retailers to stop selling some popular toys it says have "proven" security issues.

Those toys include Furby Connect, the i-Que robot, Cloudpets and Toy-fi Teddy.

Which? found that there was no authentication required between the toys and the devices they could link with via Bluetooth.

Two of the manufacturers said they took security very seriously.

The lack of authentication meant that, in theory, any device within physical range could link to the toy and take control or send messages, the watchdog said.

Nov 14 09:26

China overtakes US in TOP500 list of world's fastest supercomputers

According to the TOP500 list, China is beating the US in total number of ranked systems and in aggregate performance.

Nov 14 08:42

Firefox add-on armageddon arrives: How to see if you are going to be hit

Firefox 57 is set to bring the biggest shake-up that Mozilla's browser ecosystem has seen in quite some time, and the simple reason is that a huge number of extensions and add-ons are set to stop working.

Appearing on November 14, Firefox Quantum brings together a number of long-running programs to speed up the browser -- including using its C++ alternative language Rust and multi-process functionality -- but it comes at the cost of Firefox's best feature, its extensibility.

This is far from a surprise, with the switch from XUL to WebExtensions first signalled in mid-2015, but it is a hard break with the past.

Many popular extensions have already been ported to the new framework, but due to extra restrictions imposed by WebExtensions, some existing add-ons are simply unable to do what they once did.

Nov 14 08:11

In major policy change YouTube is now taking down more videos of known extremists

A spokeswoman told us it has broadened its policy for taking down extremist content: Not just removing videos that directly preach hate or seek to incite violence but also removing other videos of named terrorists, unless the content is journalistic or educational in nature -- such as news reports and documentaries.

Nov 13 18:33

Researchers find almost EVERY computer with an Intel Skylake and above CPU can be owned via USB

Fortunately, this particular attack vector only affects Skylake and above CPUs, although, like I said, pretty much every Intel CPU released after 2008 includes the Intel Management Engine.

This isn’t the first time that researchers have uncovered substantial security issues in the IME. This time around, the main issue is that it’s exploitable via USB, which is a common attack vector. The Stuxnet malware, for example, which was credited with temporarily interfering with Iran’s nuclear program, was initially spread via infected USB sticks deliberately dropped on the ground.

Here, we can perceivably imagine an adversary gaining “godmode” on a computer by using the same tactic — because, let’s face it, if someone finds a flash drive on the floor, they’ll probably plug it in.

Nov 13 18:24

DHS Team Hacks a Boeing 757

A team of academics and private industry experts, led by DHS officials, remotely hacked a Boeing 757 airplane parked at an airport in Atlantic City, New Jersey.

The hack took place in September 2016 and was part of a controlled experiment. DHS owned the plane the hack was attempted on, and pilots had no knowledge that the research team was trying to break into the plane.

The DHS-led team said they didn't have physical access to interact with any system on the plane and all was done remotely via "radio frequency communications." The team needed only two days to come up with the hack and execute it.

Nov 13 18:18

Flashback: Your employer may share your salary, and Equifax might sell that data

The Equifax credit reporting agency, with the aid of thousands of human resource departments around the country, has assembled what may be the most powerful and thorough private database of Americans’ personal information ever created, containing 190 million employment and salary records covering more than one-third of U.S. adults.

Some of the information in the little-known database, created through an Equifax-owned company called The Work Number, is sold to debt collectors, financial service companies and other entities.

"It's the biggest privacy breach in our time, and it’s legal and no one knows it’s going on," said Robert Mather, who runs a small employment background company named Pre-Employ.com. "It's like a secret CIA."

Nov 13 18:15

The next generation of HomePods could have Face ID

The first generation of HomePods, Apple’s intelligent speaker, isn’t shipping until December, but according to a report by Nikkei, Apple supplier Inventec Appliances is already making projections that future models might have facial and image recognition.

Nov 13 18:08

Huddle's 'highly secure' work tool exposed KPMG and BBC files

The BBC has discovered a security flaw in the office collaboration tool Huddle that led to private documents being exposed to unauthorised parties.

A BBC journalist was inadvertently signed in to a KPMG account, with full access to private financial documents.

Huddle is an online tool that lets work colleagues share content and describes itself as "the global leader in secure content collaboration".

The company said it had fixed the flaw.

Its software is used by the Home Office, Cabinet Office, Revenue & Customs, and several branches of the NHS to share documents, diaries and messages.

"If somebody is putting themselves out there as a world-class service to look after information for you, it just shouldn't happen," said Prof Alan Woodward, from the University of Surrey.

"Huddles contain some very sensitive information."

Nov 13 18:04

NSA rocked after The Shadow Brokers Breach

The stolen data included agency’s cyberweapons and exploits that were later used in large-scale ransomware attacks including WannaCry, Petya, and BadRabbit. All three ransomware attacks targeted Europe and the United States, infecting millions of computers causing businesses billions in damages.

While The Shadow Brokers are still mocking the agency and posting download links to its stolen hacking tools, authorities in the United States are still clueless about the culprits. According to the Times, in order to identify people behind the breach or their links to the hacking group “NSA employees have been subjected to polygraphs and suspended from their jobs.”

According to Jake Williams, a cybersecurity specialist and former member of the NSA’s hacking unit “It’s a disaster on multiple levels,” Williams NYT. “It’s embarrassing that the people responsible for this have not been brought to justice.”

Nov 13 15:56

Facebook Founder Warns “God Only Knows What It’s Doing To Kids’ Brains”

38-year-old founding president of Facebook, Sean Parker, was uncharacteristically frank about his creation in an interview with Axios. So much so in fact that he concluded, Mark Zuckerberg will probably block his account after reading this.

Nov 13 15:01

North Korean Radio Hacked to Play 'The Final Countdown ...

Allegedly the North Korean short-wave radio station “6400kHz” had been hacked and began blasting out The Final Countdown by the Swedish cheese-rock 80’s legends Europe.

Nov 13 11:58

News nanny: The race to censor Internet news

How can you tell that Internet censorship is really taking off? Easy. It’s becoming a business model.

Steven Brill is raising $6 million to launch News Guard. This new service will rate news sites on their trustworthiness from green to red. Forget politically unbiased algorithms. The ratings will be conducted by “qualified, accountable human beings” from teams of “40 to 60 journalists.” Once upon a time, journalism meant original writing. Now it means deciding which original writing to censor.

“Can trust be monetized?” The Street’s article on News Guard asks. But it isn’t really trust that’s being monetized. It’s censorship. It’s doing the dirty work that Google and Facebook don’t want to do.

Nov 13 10:46

Hackers 'fool' Apple's iPhone X Face ID with a simple £100 mask just a week after the handset's release

It's one of the most wanted features in the iPhone X, but it seems that Face ID may not be as safe as Apple thinks.

Cyber-security researchers claim they have fooled the face recognition technology with a mask that costs just £114 ($150) to make.

The findings suggest that face recognition is not yet mature enough to guarantee security for computers and smartphones, according to the researchers.

Nov 13 10:09

Lovense sex toy app recorded and stored nearby sounds

A smart sex toy-maker has acknowledged that a bug with its app caused handsets to record and store sounds made while its vibrators were in use.

Nov 13 08:32

The great data science hope: Machine learning can cure your terrible data hygiene

Will there ever be a technology that can fix decades of poor data hygiene? Probably not, but that isn't going to stop technology vendors from trying. The good news: Machine learning may come closest to saving your data management hide.

Data hygiene isn't easy. You can't hire enough interns to even come close to rectifying past mistakes. The reality is enterprises haven't been creating data dictionaries, meta data and clean information for years. Sure, this data hygiene effort may have improved a bit, but let's get real: Humans aren't up for the job and never have been. ZDNet's Andrew Brust put it succinctly: Humans aren't meticulous enough. And without clean data, a data scientist can't create algorithms or a model for analytics.

Nov 13 07:35

Internet Shutdowns Show Physical Gold Is Ultimate Protection

Internet shutdowns (116 in two years) show physical gold is ultimate protection
– Number of internet shutdowns increased in 2017 as 30 countries hit by shutdowns
– Democratic India experienced 54 internet shutdowns in last two years; Brazil 2

Nov 13 07:23

‘Incredibly Damaging’: US Cyber Security Ranks Vacant After Massive Hacks

Many top cybersecurity top posts remain empty, according to White House cybersecurity coordinator Rob Joyce, as the NSA reports disastrous leaks of key assets.

Many top cybersecurity and technology positions remain vacant 10 months into the Trump administration, according to White House cybersecurity coordinator Rob Joyce, cited by Defense One.

The key positions remaining empty are a federal chief information officer, a federal chief information security officer, a chief for the Homeland Security Department's cybersecurity and infrastructure protection division, and numerous agency CIOs and CISOs.

Nov 12 20:07

Samsung’s Linux on Galaxy software will bring full-fledged Ubuntu desktop to your phone (with an external display)

While Samsung seems to be showing off the developer-friendly features of Linux on Galaxy right now, theoretically non-developers could use the Linux environment to run desktop apps rather than Android apps when a phone is docked. For instance, this could open the door to desktop versions of Chrome, Firefox, LibreOffice, GIMP, or other popular GNU/Linux applications… although it’s worth noting that Samsung hasn’t shown any of those programs working yet, so it’s not clear how easy it would be to install them or how well they would run.

Nov 11 12:34

U.S. Senator Wants Google, Facebook And Twitter To Censor Political Speech

Are the days of the free and open Internet numbered?

The Internet is certainly used for all sorts of horrible things, but it has also allowed ordinary people to communicate on a mass scale that would have been unimaginable decades ago.

Nov 11 10:30

Facebook Was Built To Exploit ‘Psychological Vulnerability’ – Founding Pres.

Sean Parker, the founding president of Facebook, says the company was designed to “consume as much of your time and conscious attention as possible” and warns the platform could affect developing minds in negative ways.

Nov 11 09:31

The Kids Are Not Alright

Nov 11 08:42

Encryption is Dead: China Performs Quantum Messaging Over Longer Distances

Quantum-encrypted data cannot be eavesdropped because a third party tampering with the communication channel causes a quantum message to change, and both the recipient and the sender will know that someone is attempting an intercept. Due to the nature of quantum physics, any observation using our large-scale instruments influences — and so alters — the object of observation, an effect known as the Heisenberg Uncertainty Principle.

Nov 11 08:36

THE NATIONAL GUARD AND LAW ENFORCEMENT USE SECRET PLANES TO SPY ON OUR CELL PHONES

A recent article in the Texas Observer, revealed that the National Guard is using multi-protocol scanners and receivers to spy on everyone.

The National Guard and the DEA, recently purchased two DRT 1301C portable receiver systems from Digital Receiver Technology Inc., (DRT).

DRT's or 'dirt boxes' allow the National Guard and DEA to secretly listen to 10,000 cell phones at once.

According to an article in the Columbia Journalism Review (CJR) the National Guard and law enforcement use front companies like Air Cereberus and Eagle Eye Investigations to secretly spy on everyone.

CJR used an algorithm called "random forest" to reveal the identities of secret surveillance planes run by the National Guard, DHS and law enforcment.

Webmaster's Commentary: 

I have to laugh, to think that Mike and I would be considered "spy worthy" of listening in to our conversations; but then again, even in one's home, there is no protection against surveillance in this country in the 21st century.

And hey, DHS, I will give it to you straight; I am a Christian pacifist activist, who is constantly, peacefully entreating her government to resolve its geopolitical differences through moral negotiations, rather than through bombs and bullets.

I am a composer and conductor of two church choirs at a small Methodist church close to where I live, and should, at every level, be the absolute least of your problems.

But with all this high tech stuff you are flaunting, why do you have such a pathological inability to catch so few of the really bad guys?!? Why can you not protect Americans from hijackware and malware on our computers?!? Wouldn't this be a higher, and better use of your time than just spying on everyone, hoping you'll get lucky?!?

I'm just saying.......

Nov 11 08:24

HIVE: CIA INFRASTRUCTURE TO CONTROL ITS MALWARE

9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.

Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.

The documentation for Hive is available from the WikiLeaks Vault7 series.

Nov 11 08:19

Chinese theft of sensitive US military technology is still a 'huge problem,' says defense analyst

As President Donald Trump uses his meeting with Chinese President Xi Jinping to address trade and North Korean issues, he also may bring up China's theft of American intellectual property.

Nov 10 16:35

Four years later, Yahoo still doesn't know how 3 billion accounts were hacked

When pressed about how Yahoo failed to recognize that 3 billion accounts — and not 500 million as first reported — were compromised in what was later revealed to be a state-sponsored attack by Russia, former Yahoo CEO Marissa Mayer admitted that the specifics of the attack still remain unknown.

Nov 10 16:32

Chrome will start blocking annoying website redirects

As part of Google’s ongoing effort to make ad-ridden websites more bearable, the company is introducing some new protections to Chrome. Over the next couple months, the browser will start blocking various types of annoying, unwanted redirects, where a website or ad suddenly loads a new page, either because it’s been hijacked by a bad ad or because it intentionally wants to force visitors to see one.

Nov 10 16:28

Equifax CEO: Under current laws, we own your data

The interim CEO of the credit reporting company Equifax testified before a Senate Commerce Committee hearing on security breaches Wednesday. In one exchange, Paulino do Rego Barros Jr. told Sen. Cory Gardner (R-CO) that under currently regulatory framework, companies like Equifax own consumers' data and there is no way to get them to delete your file.

Nov 10 15:47

Hive: CIA Infrastructure to Control Its Malware

9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware. Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.

Nov 10 14:50

Facebook Was Built To Exploit ‘Psychological Vulnerability’ – Founding Pres.

Sean Parker, the founding president of Facebook, says the company was designed to “consume as much of your time and conscious attention as possible” and warns the platform could affect developing minds in negative ways.

Nov 10 14:23

U.S. Senator Al Franken Wants Google, Facebook And Twitter To Censor Political Speech

Are the days of the free and open Internet numbered?

The Internet is certainly used for all sorts of horrible things, but it has also allowed ordinary people to communicate on a mass scale that would have been unimaginable decades ago.

Nov 10 13:51

U.S. Senator Al Franken Wants Google, Facebook And Twitter To Censor Political Speech

Are the days of the free and open Internet numbered? 

The Internet is certainly used for all sorts of horrible things, but it has also allowed ordinary people to communicate on a mass scale that would have been unimaginable decades ago. 

Nov 10 13:26

Ex-Facebook President Sean Parker Says Social Media Site Exploits Human Weakness

One of the biggest names in Silicon Valley criticized Facebook and other social media sites in an interview with Axios earlier this week.

Nov 10 11:08

Confirmed Health Harms from Microwaves In Smart Meters And Other Smart Devices

By Catherine J. Frompovich

Have you ever wondered what the real deal is regarding RF EMFs from cell phones, Wi-Fi, all smart devices, but specifically from AMI Smart Meters being forced upon everyone’s utilities?...

Nov 10 10:24

Facebook was built to exploit ‘psychological vulnerability’ – founding pres.

Sean Parker, the founding president of Facebook, says the company was designed to “consume as much of your time and conscious attention as possible” and warns the platform could affect developing minds in negative ways.

At an Axios event Wednesday, Parker, 38, the billionaire co-founder of Napster and an early investor in Facebook, confessed that he has become “something of a conscientious objector” to social media, despite the fact that he made most of his $2.6 billion fortune from Facebook.

Nov 10 10:16

‘Kaspersky Lab in crosshairs since exposing US & Israeli spies behind Stuxnet’ – fmr MI5 agent

The campaign to discredit Kaspersky Lab dates back to 2010, when the Russian-based cybersecurity firm uncovered the origin of the Stuxnet malicious computer worm which ruined Iran's nuclear centrifuges, experts in the field told RT.

Kaspersky Lab, founded in Moscow in 1997, has been a world leader in cybersecurity for decades, taking pride in working outside of any government’s sphere of influence. US intelligence agencies, however, seem to consider the Russian firm a competitive challenge, cybersecurity experts say.

Nov 10 09:44

Google: Our hunt for hackers reveals phishing is far deadlier than data breaches

Phishing attackers love using Gmail.

Nov 10 09:04

Google Working To Remove MINIX-Based ME From Intel Platforms

As we hear so often now, though, no system is ever truly secure. There will always be bugs and creative people who can exploit those bugs. An OS full of latent capabilities to access hardware is just giving those people more room to be creative. The possibilities of what could happen if attackers figure out how to load their own software onto the ME’s OS are endless. Minnich and his team (and a number of others) are interested in removing ME to limit potential attackers’ capabilities.

Nov 10 08:46

Send scam emails to this chatbot and it’ll waste their time for you

Chatbots. They’re usually a waste of your time, so why not have them waste someone else’s instead? Better yet: why not have them waste an email scammer’s time.

That’s the premise behind Re:scam, an email chatbot operated by New Zealand cybersecurity firm Netsafe. Next time you get a dodgy email in your inbox, says Netsafe, forward it on to me@rescam.org, and a proxy email address will start replying to the scammer for you, doing its very utmost to waste their time.

Nov 10 08:29

'Eavesdropper' app error leaves 180 MILLION cellphone owners at risk of having their text messages and calls intercepted by hackers

The vulnerability only affects calls and texts made inside of apps that use messaging services from Twilio, including some business apps for recording phone calls, according to Appthority's report.

This includes up to 180 million smartphone owners.

In a survey of 1,100 apps, Appthority found 685 problem apps that were linked to 85 affected Twilio accounts.

That suggests the theft of credentials for one app's Twilio account could pose a security threat to all users of as many as eight other apps.

Developers mistakenly coded credentials for accessing services provided by Twilio Inc.

Hackers could access those credentials by reviewing the code in the apps, then gain access to data sent over those services.

Nov 09 14:16

WikiLeaks Vault 8 Part 1: CIA Wrote Code To Impersonate Russian Anti-Virus Company Kaspersky

By Aaron Kesel

WikiLeaks has released part 1 of its new Vault 8 series following its popular and widely distributed Vault 7 series which exposed CIA spyware and malware capabilities.

The new release “will enable investigative journalists, forensic experts, and the general public to better identify and understand covert CIA infrastructure components,” the international whistleblower coalition wrote...

Nov 09 10:34

BIG DATA MEETS BIG BROTHER AS CHINA MOVES TO RATE ITS CITIZENS

Imagine a world where many of your daily activities were constantly monitored and evaluated: what you buy at the shops and online; where you are at any given time; who your friends are and how you interact with them; how many hours you spend watching content or playing video games; and what bills and taxes you pay (or not). It’s not hard to picture, because most of that already happens, thanks to all those data-collecting behemoths like Google, Facebook and Instagram or health-tracking apps such as Fitbit. But now imagine a system where all these behaviours are rated as either positive or negative and distilled into a single number, according to rules set by the government. That would create your Citizen Score and it would tell everyone whether or not you were trustworthy.

Webmaster's Commentary: 

Such a system will be coming to this country over time; and to those who scoff at such a system being introduced in this country; just wait.

Nov 09 10:12

Hypocrisy Exposed: The FBI Blindly Hacked Computers In Russia, China And Iran

As we've said before, US accusations that countries like China and Russia run sophisticated hacking operations designed to infiltrate sensitive US networks are often hypocritical. After all, we do the exact same thing.

Today, the Daily Beast reported on newly unsealed documents that show the FBI blindly hacked into computers in Russia, China and Iran during a wide ranging investigation that lead to the bust of a global child pornography operation and the liberation of sexual abuse victims.

Webmaster's Commentary: 

I don't have a problem when the US hacks into computers to find real criminals, especially these slimeballs.

Nov 09 09:25

CIA wrote code 'to impersonate' Russia’s Kaspersky Lab anti-virus company, WikiLeaks says

WikiLeaks says it has published the source code for the CIA hacking tool ‘Hive,’ which indicates that the agency-operated malware could mask itself under fake certificates and impersonate public companies, namely Russian cybersecurity firm Kaspersky Lab.

Nov 09 09:17

‘Zero evidence’ that Russia hacked DNC, says NSA whistleblower (VIDEO)

During the meeting, Binney shared test findings gleaned on the transfer rate of data, which he said “clearly showed that it was a local download and not an international hack.”

“It was very clear it was a local download, because of the speeds and all,” Binney said, explaining how his colleagues set up a test between a data center in New Jersey and another in the UK, and could not reproduce the download that took place on July 5, 2016.

The approximately 16GB of data was downloaded in two bursts, totaling 87 seconds, with a 12-minute pause between them.

“It had to be done locally,” Binney told RT America.

The data logs and the speed test were the only concrete evidence available for examination, he pointed out. “Everything else is speculation, and agenda- and emotionally-driven assertions.”

If the intelligence community had some factual evidence proving Russian hacking, that would be another matter, the NSA whistleblower said, but “so far they’ve produced nothing.”

Webmaster's Commentary: 

So, to be the very most generous, CIA chief Mike Pompeo is a total idiot, and we should not have idiots running the CIA!

Nov 09 09:14

Self-driving bus crashes two hours after launch in Las Vegas

A driverless shuttle bus crashed less than two hours after it was launched in Las Vegas on Wednesday.

The city's officials had been hosting an unveiling ceremony for the bus, described as the US' first self-driving shuttle pilot project geared towards the public, before it crashed with a semi-truck.

Nov 09 08:50

Reddit is just now learning that climate change conspiracy-theorist Bill Nye is a totally clueless loser.

SAD!

Bill Nye had an AMA today...or I should say his farewell AMA today.

Gets shredded on AMA today and doesn't answer any questions!

Nov 09 07:51

Intel's management engine - in most CPUs since 2008 - can be p0wned over USB

Positive Technologies, which in September said it has a way to attack the Intel Management Engine, has dropped more details on how its exploit works.

The firm has already promised to demonstrate God-mode hack in December 2017, saying the bug “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard”.

For some details, we'll have to wait, but what's known is bad enough: Intel Management Engine (IME) talks to standard Joint Test Action Group (JTAG) debugging ports. As does does USB, so Positive Technologies researchers put the two together and crafted a way to access IME from the USB port.

Nov 08 16:29

Marissa Meyer apologizes for Yahoo hacks and claims no company is immune - nine months after leaving company with $209million golden parachute

Former Yahoo CEO Marissa Mayer apologized for the Yahoo hacks and claimed no company is immune from them, while testifying to lawmakers on Wednesday.

Mayer left her position in January with a $23million severance package along with $186million in stock options after hackers stole information from billions of Yahoo users including names, email addresses, phone numbers, birth dates and security questions and answers.

The 42-year-old, who testified before the Senate Commerce Committee on Capitol Hill in Washington on Wednesday, said the thefts occurred during her nearly five-year tenure and she wants to 'sincerely apologize to each and every one of our users.'

Nov 08 14:59

Qatar Airways plane forced to land after wife discovers husband's affair midflight

A Qatar Airways plane has been forced to land midflight after a woman who used her sleeping husband’s thumb to unlock his smartphone discovered he was having an affair.

The couple and their child were flying to Bali, Indonesia, for a holiday after boarding in Doha. The woman repeatedly hit her husband after learning of his infidelity and the captain was forced to make an unscheduled stop in Chennai, India, when the cabin crew was unable to restore order.

The family was then taken to a detention centre at the airport as they did not have an Indian visa before being put on a flight to Kuala Lumpur.

Nov 08 14:27

KILLER ROBOTS will be weapons of mass destruction; one programmer will be able to control a whole army

And one hacker could change the outcome of the war!

Nov 08 12:17

Two big decisions examine web blocking in the USA

In the space of under a week there have been two big cases in the JUSA looking at web blocking - and with differing results.

Nov 08 11:12

CIA director 'stands by' belief Russia hacked DNC after meeting skeptic at Trump's urging

CIA Director Mike Pompeo still believes Russia was responsible for hacking the Democratic National Committee, the agency said Tuesday amid reports that Pompeo met a skeptic at President Trump’s urging.

William Binney, who worked more than three decades at the National Security Agency before stepping down as technical director in 2001, met with Pompeo on Oct. 24 to discuss a July report he co-authored suggesting DNC emails were leaked, rather than hacked.

“I thought it was a pretty good hourlong meeting,” Binney told the Washington Examiner. “He said that the president said I should talk to you for facts.”

Binney believes U.S. spy agencies “took a wild ass guess” in January when they blamed Russia for hacking the DNC and that "if they had any evidence, they would show it." The report he co-authored says download speeds make it likely someone leaked DNC files after downloading them locally, rather than hacked them over the internet.

Nov 08 10:44

Tech Execs Explain Bill of Rights to Moronic Congressmen Demanding Censorship

Last Wednesday Rep. Adam Schiff (D, CA), Rep. Trey Gowdy ( R, SC), Sen. Dianne Feinstein (D, CA), Sen. Mark Warner (D, VA), Rep. Jackie Speier (D, CA), Sen. Tom Cotton (R , AR ), and Rep. Joaquin Castro (D, TX) tried to intimidate executives from Facebook, Twitter, and Google into blocking all digital dissent to the anti-Trump/Russian line taken by the DNC and military/security complex and to serve as spy agencies for the CIA.

Two of the above—Gowdy and Cotton—are Republicans who have aligned themselves with the attack on Russia and Republican President Trump.

What unites the members of the two parties is that they want a police state.

Nov 08 10:18

Facebook asks users for nude photos in project to combat revenge porn

Facebook is asking users to send the company their nude photos in an effort to tackle revenge porn, in an attempt to give some control back to victims of this type of abuse.

Individuals who have shared intimate, nude or sexual images with partners and are worried that the partner (or ex-partner) might distribute them without their consent can use Messenger to send the images to be “hashed”. This means that the company converts the image into a unique digital fingerprint that can be used to identify and block any attempts to re-upload that same image.

Webmaster's Commentary: 

Somehow I don't think this will get a huge response.

Nov 08 09:32

Netflix WARNING - Scam e-mail tries to steal YOUR credit card details

NETFLIX users have been warned about an e-mail targeting millions of subscribers that says their membership has been suspended, but it’s a scam

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA