COMPUTERS/INTERNET/SECURITY | WHAT REALLY HAPPENED


COMPUTERS/INTERNET/SECURITY

Nov 21 12:39

Google’s Eric Schmidt, arbiter of news, has long history with Obama & Clinton

Eric Schmidt, the executive chairman of Google's parent company Alphabet, announced that his company will 'de-rank' RT's articles online, calling them propaganda. Is he concerned for the integrity of news, or are his motives more partisan?

The 62-year-old, with an estimated wealth of $11.1 billion, has never hidden his political leanings, jumping straight into Hillary Clinton's presidential campaign long before she officially announced her candidacy. In one of John Podesta's leaked emails, the long-time Clinton confidant and chairman of her presidential campaign told her soon-to-be campaign manager Robby Mook that he had met with Schmidt in April 2014, more than a year before Clinton told the American public that she was hoping to become their next president.

Nov 21 12:03

GOOGLE ADMITS IT TRACKED USER LOCATION DATA EVEN WHEN THE SETTING WAS TURNED OFF

Android phones gather your location data and send it to Google, even if you’ve turned off location services and don’t have a SIM card, Quartz reported today.

Nov 21 11:31

The FCC is trying to roll back net neutrality.

Join Tulsi and stand in opposition to the FCC’s decision to get rid of net neutrality. The FCC is a government entity obligated to the serve the public interest - however, their decision to repeal net neutrality serves corporate interests, and must be stopped. Add your name if you agree.

Nov 21 10:19

An Ethereum Startup Just Vanished After People Invested $374K

A startup on the Ethereum platform vanished from the internet on Sunday after raising $374,000 USD from investors in an Initial Coin Offering (ICO) fundraiser.

Confido is a startup that pitched itself as a blockchain-based app for making payments and tracking shipments. It sold digital tokens to investors over the Ethereum blockchain in an ICO that ran from November 6 to 8. During the token sale, Confido sold people bespoke digital tokens that represent their investment in exchange for ether, Ethereum’s digital currency.

But on Sunday, the company unceremoniously deleted its Twitter account and took down its website.

Nov 21 10:03

Your every keystroke is recorded by more than 400 of the world's most popular websites, including Spotify and Skype, to log your private data

Some of the web's most popular sites could be tracking your every move, a shocking new study has found.

Hundreds of homepages, including those of Microsoft, Adobe and Wordpress, use secret code, called 'session replay' scripts, to monitor your online activity.

Hidden strings of data are used to record everything you do while visiting a page, including what you type and where you move your mouse.

This could be used by third parties to reveal everything from credit card details to medical complaints, as well as putting you at risk of identity theft and online scams.

Data release: list of websites that have third-party “session replay” scripts:

https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_...

Nov 21 09:57

It was El Reg wot won it: Bing banishes bogus Brit bank banner ad

Microsoft has axed a Bing search result advert that masqueraded as a legit online banking website – but was in fact a sophisticated phishing operation.

Searching for "TSB" – as in the UK's TSB Bank – on the Great Britain edition of Bing would bring up, right at the top of the page, a search ad for a phishing website described as "TSB – Welcome to TSB UK – Online Personal Account". Clicking on the link would direct marks to a phishing page pretending to be the bank's login portal, we're told.

A Reg reader told us he tried to report the fraudulent ad to Microsoft, and to TSB, yet the advert remained on search result pages. So he turned to us, we prodded Redmond, and over the weekend, the ad and the account that created it were black holed. Hooray.

Nov 21 09:56

Windows 8 broke Microsoft's memory randomisation

A Carnegie-Mellon CERT researcher has discovered that Microsoft broke some use-cases for its Address Space Layout Randomisation (ASLR), designed to block code-reuse attacks.

The bug is simple: as of Windows 8, a bug in Microsoft's system-wide mandatory ASLR implementation meant applications were allocated addresses with zero entropy – in other words, they weren't randomised. Windows 10 has the problem, too.

Nov 21 09:47

Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable

The most severe vulnerability (CVE-2017-5705) involves multiple buffer overflow issues in the operating system kernel for Intel ME Firmware that could allow attackers with local access to the vulnerable system to "load and execute code outside the visibility of the user and operating system."

The chipmaker has also described a high-severity security issue (CVE-2017-5708) involving multiple privilege escalation bugs in the operating system kernel for Intel ME Firmware that could allow an unauthorized process to access privileged content via an unspecified vector.

Systems using Intel Manageability Engine Firmware version 11.0.x.x, 11.5.x.x, 11.6.x.x, 11.7.x.x, 11.10.x.x and 11.20.x.x are impacted by these vulnerabilities.

Webmaster addition: Flaws, or NSA-mandated back doors?

Nov 21 09:24

No, you’re not being paranoid. Sites really are watching your every move

If you have the uncomfortable sense someone is looking over your shoulder as you surf the Web, you're not being paranoid. A new study finds hundreds of sites—including microsoft.com, adobe.com, and godaddy.com—employ scripts that record visitors' keystrokes, mouse movements, and scrolling behavior in real time, even before the input is submitted or is later deleted.

Nov 21 08:31

Google Executive Says New Algorithm Will Hide RT, Sputnik Articles

Eric Schmidt, the executive chairman of Google's parent company, Alphabet, announced Saturday that the company will "engineer" algorithms that will make it harder for articles from Sputnik News and RT to appear on the Google News service.

Webmaster's Commentary: 

Stop using Google News service.

Nov 21 08:18

Amazon launches ‘Secret Region’ cloud service for US intel agencies

Amazon announced it has launched a “Secret Region” on its cloud computing service for use by US intelligence and other government agencies. The provider is now able to store government information classified as “Top Secret.”

Nov 21 08:06

POLICE ARE USING DNA MUGSHOTS TO ARREST INNOCENT PEOPLE

A recent Washington Times article, boasts that Texas law enforcement used predictive DNA imaging or 'Phenotyping' to guess what a suspect’s physical characteristics might be. This is not a joke, this is actually happening in police departments across the country.

Nov 20 17:53

Intel fixes critical holes in secret Management Engine hidden in desktop, server chipsets

Intel advises Microsoft and Linux users to download and run the Intel-SA-00086 Detection tool to determine whether their systems are vulnerable. If you are at risk, you must obtain firmware updates from your computer's manufacturer. Lenovo was quick off the mark with patches for its gear.

We'll give you a roundup of fixes as soon as we can. It's not thought Apple x86 machines are affected as they do not ship with Intel's ME, as far as we can tell.

Nov 20 12:28

STUDY OF 500,000 TEENS SUGGESTS ASSOCIATION BETWEEN EXCESSIVE SCREEN TIME AND DEPRESSION

It’s a cultural stereotype as old as the landline: teenagers love their phones. But for North American teen girls, especially, increasing smartphone use could have a darker side. Depression and suicide rates in teenagers have jumped in the last decade—doubling between 2007 and 2015 for girls—and the trend suspiciously coincides with when smartphones became their constant companions. A recent study places their screen time around nine hours per day.

Nov 20 10:34

Ex-Google Engineer Says He’s ‘In The Process Of Raising A Robot GOD’ That Will Take Charge Of Humans

An ex-Google engineer who has registered the first church of AI says he is ‘raising a god’ that will that charge of humans.

The robot god will head a religion called Way Of The Future (WOTF), which will eventually have a gospel called ‘The Manual’, rituals and even a physical place of worship.

Nov 20 09:20

Android Bug Lets Attackers Record Audio & Screen Activity on 3 of 4 Smartphones

Android smartphones running Lolipop, Marshmallow, and Nougat, are vulnerable to an attack that exploits the MediaProjection service to capture the user's screen and record system audio

Based on the market share of these distributions, around 77.5% of all Android devices are affected by this vulnerability.

Nov 19 14:30

Detecting Disinformation Agents

There are several types of disinformation agents, from high-profile ones who gain a lot of publicity and promote well-crafted stories, to low-level ones who serve to flood the Internet with less reputable claims. This document deals primarily with the former.

The ultimate purpose of a disinformation agent is three-fold:

a) to create a sense of ridicule about anything that they include in their story so that even what is true will be not be believed by intelligent people,

b) to mislead those who are gullible enough to believe their story, and

c) to divert the efforts of those who seek to know the truth through further investigation.

Although disinformation agents are used to cover up the truth, their claims should not be written off completely, since they can still teach us something about the underlying truth that they’re meant to cover up.

Nov 19 09:08

UC Berkeley professor's 'Slaughterbots' video goes viral

Stuart Russell and the Future of Life Institute created this eerie video that depicts a future in which humanity develops lethal drones. Media: Future of Life Institute

Nov 18 22:37

A Boeing 757 was hacked and now DHS is worried more planes could be at risk

A Department of Homeland Security official admitted that the agency was able to remotely hack into a Boeing 757 during a test in 2016.
The DHS official indicated that he and his team were able to do so without having any direct contact with the aircraft or using any materials that would be flagged by security.
While the exact details of the hack are confidential, Boeing insists that the hackers were not able to take control of the aircraft's flight systems.

Nov 17 15:50

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

Chinese drone maker DJI left the private key for its dot-com's HTTPS certificate exposed on GitHub for up to four years, according to a researcher who gave up with the biz's bug bounty process.

DJI also exposed customers' personal information – from flight logs to copies of government ID cards – to the internet from misconfigured AWS S3 buckets.

By leaking the wildcard SSL cert private key, which covers *.dji.com, DJI gave miscreants the information needed to create spoof instances of the manufacturer's website with a correct HTTPS certificate, and silently redirect victims to the malicious forgeries and downloads via standard man-in-the-middle attacks. Hackers could also use the key to decrypt and tamper with intercepted network traffic to and from its web servers.

Nov 17 15:48

Massive US military social media spying archive left wide open in AWS S3 buckets

Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest.

The archives were found by veteran security breach hunter UpGuard's Chris Vickery during a routine scan of open Amazon-hosted data silos, and these ones weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive.

Nov 17 15:47

Banking Trojan Gains Ability to Steal Facebook, Twitter and Gmail Accounts

Security researchers have discovered a new, sophisticated form of malware based on the notorious Zeus banking Trojan that steals more than just bank account details.

Dubbed Terdot, the banking Trojan has been around since mid-2016 and was initially designed to operate as a proxy to conduct man-in-the-middle (MitM) attacks, steal browsing information such as stored credit card information and login credentials and injecting HTML code into visited web pages.

However, researchers at security firm Bitdefender have discovered that the banking Trojan has now been revamped with new espionage capabilities such as leveraging open-source tools for spoofing SSL certificates in order to gain access to social media and email accounts and even post on behalf of the infected user.

Nov 17 13:28

PENTAGON MASS SURVEILLANCE SLURPED UP THE WORLD'S SOCIAL MEDIA TRAFFIC; THEN THEY DUMPED IT ON A PUBLICLY ACCESSIBLE AMAZON CLOUD SERVER

The Upguard Cyber Risk Team has found three Department of Defense mass-storage "buckets" on Amazon that are world-viewable, containing 1.8 billion of social media posts that the DoD scraped from social media over 8 years as part of its global surveillance program.

Nov 17 11:32

VW to invest about $40 billion in electric cars

Volkswagen AG plans to invest around $40 billion over the next five years to develop electric vehicles, self-driving cars and Uber-like mobility app services in the clearest sign yet that auto makers are betting the future of their industry on the new technology.

Volkswagen's drive to produce electric cars and self-driving vehicles comes as the entire industry pivots from a century-old business model of building gas-powered cars for the family to producing fleets of electric cars that in just a few years are expected to drive themselves and be part of roaming robot taxi services.

Nov 17 11:00

Ex-Google Engineer Says He’s ‘In The Process Of Raising A Robot GOD’ That Will Take Charge Of Humans

An ex-Google engineer who has registered the first church of AI says he is ‘raising a god’ that will that charge of humans.

Nov 17 08:57

Another preinstalled app found on OnePlus that could collect user data

A couple of days ago it was reported that an IT security researcher Robert Baptiste who goes by the handle of Elliot Alderson on Twitter had discovered a pre-installed backdoor application called “EngineerMode” on OnePlus smartphones including its 5, 3, 3T models and OxygenOS for OnePlus 1.

Now, the same researcher has found another preinstalled app in OnePlus devices sold to customers around the world. Dubbed OnePlusLogKit by researchers, the app runs with system privileges and has access to user’s GPS logs, WiFI data, Bluetooth, NFC, photos, videos, and list of the running processes – All that without the user’s permission or knowledge.

This means while EngineerMode allowed an attacker to root the device; OnePlusLogKit lets attackers access personal data of OnePlus users. However, in this case, an attacker has to have physical access to the targeted device and then dial *#800# – click on “Get Wireless log.”

Nov 17 07:38

Why People Will Happily Line Up to be Microchipped Like Dogs

So...some people actually want to be microchipped like a dog. They're lining up for it. They're having parties to get it done. It if isn't available to them, they're totally bummed out.

I'm not even going to venture into the religious aspect of having a microchip inserted into a human being. Let's just talk about the secular ramifications.

Nov 17 06:57

Amazon Key door-entry flaw: No easy fix to stop rogue couriers burgling your place unseen

Amazon has pushed out an emergency security update to its door-unlocking system called Key – which is used by couriers to let themselves into people's homes to drop off packages inside when folks are out.

Delivery workers show up at a home, and use a smartphone to temporarily disable the lock on the front door so they can pop in. As part of the system, a Wi-Fi-connected webcam watches the door from the inside to record any theft or other mischief.

One little flaw: if you flood the camera off the wireless network with deauthorization packets – and an attacker doesn't need to know your Wi-Fi password to do this – it effectively freezes the equipment and prevents the door from being locked. The camera stops streaming its video feed across the internet to Amazon's cloud, so anyone monitoring the scene from Amazon's app will just see a still image: the last shot received.

Nov 17 06:55

Windows Update borks elderly printers in typical Patch Tuesday style

Microsoft's latest batch of software updates for Windows has been blamed for a mysterious ailment befalling some poor old Epson dot-matrix printers.

Reg readers let us know that, after installing this week's Patch Tuesday payload from Redmond, their Windows boxes no longer work with Epson's dot matrix printers (which are still a thing, apparently, especially among those working with accounting software like Sage).

"I had two clients today whose Epson dot matrix printers stopped working after applying this month’s cumulative update on Windows 10 and Windows 7," one tipster told us. "It just seems to eat the print job."

Nov 17 06:50

Kaspersky: NSA Worker's Computer Was Already Infested With Malware

Refuting allegations that its anti-virus product helped Russian spies steal classified files from an NSA employee's laptop, Kaspersky Lab has released more findings that suggest the computer in question may have been infected with malware.

Moscow-based cyber security firm Kaspersky Lab on Thursday published the results of its own internal investigation claiming the NSA worker who took classified documents home had a personal home computer overwhelmed with malware.

According to the latest Kaspersky report, the telemetry data its antivirus collected from the NSA staffer's home computer contained large amounts of malware files which acted as a backdoor to the PC.

The report also provided more details about the malicious backdoor that infected the NSA worker's computer when he installed a pirated version of Microsoft Office 2013 .ISO containing the Mokes backdoor, also known as Smoke Loader.

Nov 16 16:30

BOSTON DYNAMICS' ATLAS ROBOT DOES BACKFLIPS NOW AND IT'S FULL-TILT INSANE

ATLAS, THE HULKING humanoid robot from Boston Dynamics, now does backflips. I’ll repeat that. It’s a hulking humanoid that does backflips.

Nov 16 15:01

White House Releases Rules On Reporting Cybersecurity Flaws

After a hacker stole cyber tools from an NSA “stockpile” to carry out the WannaCry cyberattack, the White House is now revealing how and when the government decides to disclose vulnerabilities or keep them secret.

On Wednesday, the White House published a charter that details the Vulnerabilities Equities Process (VEP), which was established under former President Barack Obama to determine whether disclosing a vulnerability was in the government’s best interest.

Nov 16 11:39

Hackers Obtained Access to NSA Employee’s Home Computer, Kaspersky Lab Reveals

Kaspersky IT security company has announced that access to information on the home computer of the employee of the US National Security Agency (NSA) could have been obtained by an unknown number of hackers.

According to the Kaspersky Lab probe that is linked to media reports about the company’s software allegedly having been used to search and download classified information from the home computer of a NSA employee, the user’s computer was infected with Mokes backdoor, a malware that allows the hackers to obtain access to a device.

"The malware… was a full blown backdoor which may have allowed third parties access to the user’s machine," the Kaspersky Lab has stated.

Nov 16 11:35

Firm’s Voice Assistant Records And Keeps Conversations You’re Having Around Your Phone When You Least Expect It

You would be forgiven for thinking that your private conversations were just that, but Google’s Voice Assistant could be recording everything you say. 

Nov 16 10:46

Surprise: Unanimous FEC to push for Internet regulation

In a major shift, Republicans on the Federal Election Commission plan to join Democrats Thursday in calling for new Internet regulations on paid digital political ads.

Nov 16 09:57

Researcher Finds Just 400 Tweets From Russia Aimed At Brexit Vote

The claims around alleged Russian meddling in British politics has been stirred by allegations that fake Twitter accounts attempted to influence the Brexit vote. But while the mere suggestion was enough to make mainstream headlines, little was said about the “infinitesimal” quantity of tweets involved.

According to Sky News, fake Twitter accounts created by an outlet known as the Russian Internet Research Agency have been accused of carrying out a “determined, coordinated attempt to interfere during the EU referendum.”

Nov 16 08:17

How China is defining the way governments manipulate their people via the internet

CHINA’S army of keyboard propagandists have set the standard for manipulating public opinion online — and a growing number of countries are trying the emulate the model.
The iconic image of a man holding his shopping while obstructing the path of a tank in China’s Tiananmen Square in 1989 became the defining image of China’s censorial government. But in the age of the internet, social media has become the front line in the Communist Party’s battle to control and suppress dissent.
The goverment’s so called keyboard army overwhelms social media sites with positive stories about the Communist Party — described by researchers as “cheerleading content” — to control the message and drown out criticism and negative stories about the regime.
The unofficial wing of the Chinese government responsible for the program is known as The 50 Cent Party. It allows just enough critical content to maintain the illusion of dissent while diverting attention towards positive propaganda.

Webmaster's Commentary: 

And the US government doesn't do this?!?

Pot...Kettle...black!!

Nov 16 06:53

How to Instantly Prove (Or Disprove) Russian Hacking of U.S. Election

It’s newsworthy that CIA head Mike Pompeo recently met with Bill Binney – who designed the NSA’s electronic surveillance system – about potential proof that the DNC emails were leaked rather than hacked.

It’s also noteworthy that the usual suspects – Neocon warmongers such as Max Boot – have tried to discredit both Binney and Pompeo.

But there’s a huge part of the story that the entire mainstream media is missing …

Specifically, Binney says that the NSA has long had in its computers information which can prove exactly who hacked the DNC … or instead prove that the DNC emails were leaked by a Democratic insider.

Remember – by way of background – that the NSA basically spies on everyone in America … and stores the data long-term.

Nov 16 06:03

Video and Photo Evidence Now Even More Easily Faked and Fabricated

Photo evidence and video evidence has been relied on in academia, science, courts of law and elsewhere to prove or refute facts and theories – but those days are coming to an end. We live in an historic era. Technological advances in the realm of computers and AI are taking place so rapidly that our world is being changed overnight. Now, software has been written that allows computers to create new faces that look like normal unique people but which are actually composite amalgams; to literally create and fabricate objects (from a basic sketch) and render them so lifelike that you won’t be able to tell the difference between the fabricated ones and the real ones; and to remove entire objects from video footage in real-time, and render in the empty space so well that it is undetectable to the eye. The days of being able to trust photo evidence and video evidence are disappearing – and the implications for human knowledge are far reaching.

Nov 15 15:50

Robot Apocalypse: “With Artificial Intelligence We Are Summoning the Demon”

Have you noticed all of the news lately about artificial intelligence and robotics, including some things that sound like absolutely terrible ideas? It's like scientists are deliberately trying to bring on a robot apocalypse. They clearly don't watch the same movies that I do.

People are getting more and more onboard with this type of technology. From Alexa to Siri, humans are interacting with artificial intelligence on a regular basis. Siri makes jokes, making the voice from your phone seem more human. It all seems so non-threatening until you look a little deeper.

But if an EMP doesn't get us first, it seems like the apocalypse that preppers need to get ready for could look a lot like The Terminator franchise.

Nov 15 13:09

Teen Killer Boasted On Facebook About Plans To Murder Schoolteacher

A schoolboy who murdered his teacher boasted that he would kill her “for £10” on Facebook, an inquest into her death has heard. Will Cornick, now 19, is serving a minimum 20-year sentence for stabbing Ann Maguire during a Spanish lesson.

Nov 15 11:49

CNN Facts First Chatter

Nov 15 11:47

Boeing 757’S Flight Controls Are HACKED Remotely While On The Runway

A group of security researchers has remotely hacked a Boeing 757 aircraft without the knowledge of the pilots, a US government official has claimed.

Nov 15 08:59

Austrian activist told he can't bring class action case against Facebook

Austrian activist Max Schrems cannot bring a class action against Facebook for privacy breaches, although he is allowed to sue the US social media giant on a personal basis, the adviser to the EU's top court said on Tuesday.

Schrems had lodged cases in an Austrian court on behalf of seven other users in Austria, Germany and India against Facebook's Irish division for various alleged rights violations involving personal data.

Facebook had argued that people can only sue as individual consumers, not as groups -- and moreover that Schrems's professional activities on his account meant he was no longer a private consumer in any case.

Nov 15 08:48

NEW ZIO APP VIRTUALLY DESTROYS THE DOME OF THE ROCK IN JERUSALEM

A smartphone app promoted by a Zionist organization allows visitors to Jerusalem to virtually destroy the Dome of the Rock and the al-Aqsa mosque and replace them with a Jewish temple.

Nov 15 08:02

A Windows 10 alternative: Microsoft should embrace, extend Linux on the desktop

I get it. The PC is too expensive to replace and you don't want Windows 10. Let me suggest another solution.

Nov 14 16:57

Cookie Consent Script Drops In-Browser Cryptocurrency Miner

A free-to-use script that helps website owners show EU cookie consent popups is dropping an in-browser cryptocurrency miner on websites that use it.

The hidden miner came to light today when Dutch security researcher Willem de Groot discovered it on the website of Albert Heijn, the biggest supermarket chain in the Netherlands.

At a closer look at the site's JavaScript files, de Groot tracked the infection to a file named "cookiescript.min.js," loaded from cookiescript.info. This domain is registered to the Cookie Consent service, a website that allows site owners to quickly put together a cookie consent popup that adheres to the EU's annoying cookie law.

The Cookie Consent service generates a block of code that webmasters must embed in their sites.

One of the cookie consent JavaScript files loaded through this service contained a copy of Crypto-Loot, an in-browser Monero miner.

Nov 14 16:31

Shocked mother finds her 10-year-old son's face can unlock her iPhone X

There are countless reasons you might not want a 10-year-old to have access to your new $1000 smartphone.

And, after setting up Apple’s FaceID, Staten Island mom Sana Sherwani joked there was ‘no way’ her son could get into it now.

Unfortunately, however, the authentication system didn’t work as planned.

In a video posted to YouTube, the shocked parents have revealed how Apple’s FaceID registers both Sherwani's face and that of her son Ammar, allowing the fifth-grader instant access to his mom’s phone.

Nov 14 15:00

Boeing 757’S Flight Controls Are HACKED Remotely While On The Runway

A group of security researchers has remotely hacked a Boeing 757 aircraft without the knowledge of the pilots, a US government official has claimed.

Nov 14 10:35

OnePlus Left A Backdoor That Allows Root Access Without Unlocking Bootloader

Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets.

A Twitter user, who goes by the name "Elliot Anderson" (named after Mr. Robot's main character), discovered a backdoor (an exploit) in all OnePlus devices running OxygenOS that could allow anyone to obtain root access to the devices.

The application in question is "EngineerMode," a diagnostic testing application made by Qualcomm for device manufacturers to easily test all hardware components of the device.

This APK comes pre-installed (accidentally left behind) on most OnePlus devices, including OnePlus 2, 3, 3T, and the newly-launched OnePlus 5. We can confirm its existence on the OnePlus 2, 3 and 5.

Nov 14 10:19

Privacy Fears Over Artificial Intelligence As Crimestopper

Police in the US state of Delaware are poised to deploy “smart” cameras in cruisers to help authorities detect a vehicle carrying a fugitive, missing child or straying senior.

Nov 14 10:14

FDA approves 'trackable' pill

US regulators have approved the first pill that can be digitally tracked through the body.

The Abilify MyCite aripiprazole tablets - for treating schizophrenia and manic episodes - have an ingestible sensor embedded inside them that records that the medication has been taken.

A patch worn by the patient transmits this information to their smartphone.

The information can also be sent to the prescribing doctor, if the patient consents to this.

Nov 14 10:12

Connected toys have ‘worrying’ security issues

Consumer watchdog Which? has called on retailers to stop selling some popular toys it says have "proven" security issues.

Those toys include Furby Connect, the i-Que robot, Cloudpets and Toy-fi Teddy.

Which? found that there was no authentication required between the toys and the devices they could link with via Bluetooth.

Two of the manufacturers said they took security very seriously.

The lack of authentication meant that, in theory, any device within physical range could link to the toy and take control or send messages, the watchdog said.

Nov 14 09:26

China overtakes US in TOP500 list of world's fastest supercomputers

According to the TOP500 list, China is beating the US in total number of ranked systems and in aggregate performance.

Nov 14 08:42

Firefox add-on armageddon arrives: How to see if you are going to be hit

Firefox 57 is set to bring the biggest shake-up that Mozilla's browser ecosystem has seen in quite some time, and the simple reason is that a huge number of extensions and add-ons are set to stop working.

Appearing on November 14, Firefox Quantum brings together a number of long-running programs to speed up the browser -- including using its C++ alternative language Rust and multi-process functionality -- but it comes at the cost of Firefox's best feature, its extensibility.

This is far from a surprise, with the switch from XUL to WebExtensions first signalled in mid-2015, but it is a hard break with the past.

Many popular extensions have already been ported to the new framework, but due to extra restrictions imposed by WebExtensions, some existing add-ons are simply unable to do what they once did.

Nov 14 08:11

In major policy change YouTube is now taking down more videos of known extremists

A spokeswoman told us it has broadened its policy for taking down extremist content: Not just removing videos that directly preach hate or seek to incite violence but also removing other videos of named terrorists, unless the content is journalistic or educational in nature -- such as news reports and documentaries.

Nov 13 18:33

Researchers find almost EVERY computer with an Intel Skylake and above CPU can be owned via USB

Fortunately, this particular attack vector only affects Skylake and above CPUs, although, like I said, pretty much every Intel CPU released after 2008 includes the Intel Management Engine.

This isn’t the first time that researchers have uncovered substantial security issues in the IME. This time around, the main issue is that it’s exploitable via USB, which is a common attack vector. The Stuxnet malware, for example, which was credited with temporarily interfering with Iran’s nuclear program, was initially spread via infected USB sticks deliberately dropped on the ground.

Here, we can perceivably imagine an adversary gaining “godmode” on a computer by using the same tactic — because, let’s face it, if someone finds a flash drive on the floor, they’ll probably plug it in.

Nov 13 18:24

DHS Team Hacks a Boeing 757

A team of academics and private industry experts, led by DHS officials, remotely hacked a Boeing 757 airplane parked at an airport in Atlantic City, New Jersey.

The hack took place in September 2016 and was part of a controlled experiment. DHS owned the plane the hack was attempted on, and pilots had no knowledge that the research team was trying to break into the plane.

The DHS-led team said they didn't have physical access to interact with any system on the plane and all was done remotely via "radio frequency communications." The team needed only two days to come up with the hack and execute it.

Nov 13 18:18

Flashback: Your employer may share your salary, and Equifax might sell that data

The Equifax credit reporting agency, with the aid of thousands of human resource departments around the country, has assembled what may be the most powerful and thorough private database of Americans’ personal information ever created, containing 190 million employment and salary records covering more than one-third of U.S. adults.

Some of the information in the little-known database, created through an Equifax-owned company called The Work Number, is sold to debt collectors, financial service companies and other entities.

"It's the biggest privacy breach in our time, and it’s legal and no one knows it’s going on," said Robert Mather, who runs a small employment background company named Pre-Employ.com. "It's like a secret CIA."

Nov 13 18:15

The next generation of HomePods could have Face ID

The first generation of HomePods, Apple’s intelligent speaker, isn’t shipping until December, but according to a report by Nikkei, Apple supplier Inventec Appliances is already making projections that future models might have facial and image recognition.

Nov 13 18:08

Huddle's 'highly secure' work tool exposed KPMG and BBC files

The BBC has discovered a security flaw in the office collaboration tool Huddle that led to private documents being exposed to unauthorised parties.

A BBC journalist was inadvertently signed in to a KPMG account, with full access to private financial documents.

Huddle is an online tool that lets work colleagues share content and describes itself as "the global leader in secure content collaboration".

The company said it had fixed the flaw.

Its software is used by the Home Office, Cabinet Office, Revenue & Customs, and several branches of the NHS to share documents, diaries and messages.

"If somebody is putting themselves out there as a world-class service to look after information for you, it just shouldn't happen," said Prof Alan Woodward, from the University of Surrey.

"Huddles contain some very sensitive information."

Nov 13 18:04

NSA rocked after The Shadow Brokers Breach

The stolen data included agency’s cyberweapons and exploits that were later used in large-scale ransomware attacks including WannaCry, Petya, and BadRabbit. All three ransomware attacks targeted Europe and the United States, infecting millions of computers causing businesses billions in damages.

While The Shadow Brokers are still mocking the agency and posting download links to its stolen hacking tools, authorities in the United States are still clueless about the culprits. According to the Times, in order to identify people behind the breach or their links to the hacking group “NSA employees have been subjected to polygraphs and suspended from their jobs.”

According to Jake Williams, a cybersecurity specialist and former member of the NSA’s hacking unit “It’s a disaster on multiple levels,” Williams NYT. “It’s embarrassing that the people responsible for this have not been brought to justice.”

Nov 13 15:56

Facebook Founder Warns “God Only Knows What It’s Doing To Kids’ Brains”

38-year-old founding president of Facebook, Sean Parker, was uncharacteristically frank about his creation in an interview with Axios. So much so in fact that he concluded, Mark Zuckerberg will probably block his account after reading this.

Nov 13 15:01

North Korean Radio Hacked to Play 'The Final Countdown ...

Allegedly the North Korean short-wave radio station “6400kHz” had been hacked and began blasting out The Final Countdown by the Swedish cheese-rock 80’s legends Europe.

Nov 13 11:58

News nanny: The race to censor Internet news

How can you tell that Internet censorship is really taking off? Easy. It’s becoming a business model.

Steven Brill is raising $6 million to launch News Guard. This new service will rate news sites on their trustworthiness from green to red. Forget politically unbiased algorithms. The ratings will be conducted by “qualified, accountable human beings” from teams of “40 to 60 journalists.” Once upon a time, journalism meant original writing. Now it means deciding which original writing to censor.

“Can trust be monetized?” The Street’s article on News Guard asks. But it isn’t really trust that’s being monetized. It’s censorship. It’s doing the dirty work that Google and Facebook don’t want to do.

Nov 13 10:46

Hackers 'fool' Apple's iPhone X Face ID with a simple £100 mask just a week after the handset's release

It's one of the most wanted features in the iPhone X, but it seems that Face ID may not be as safe as Apple thinks.

Cyber-security researchers claim they have fooled the face recognition technology with a mask that costs just £114 ($150) to make.

The findings suggest that face recognition is not yet mature enough to guarantee security for computers and smartphones, according to the researchers.

Nov 13 10:09

Lovense sex toy app recorded and stored nearby sounds

A smart sex toy-maker has acknowledged that a bug with its app caused handsets to record and store sounds made while its vibrators were in use.

Nov 13 08:32

The great data science hope: Machine learning can cure your terrible data hygiene

Will there ever be a technology that can fix decades of poor data hygiene? Probably not, but that isn't going to stop technology vendors from trying. The good news: Machine learning may come closest to saving your data management hide.

Data hygiene isn't easy. You can't hire enough interns to even come close to rectifying past mistakes. The reality is enterprises haven't been creating data dictionaries, meta data and clean information for years. Sure, this data hygiene effort may have improved a bit, but let's get real: Humans aren't up for the job and never have been. ZDNet's Andrew Brust put it succinctly: Humans aren't meticulous enough. And without clean data, a data scientist can't create algorithms or a model for analytics.

Nov 13 07:35

Internet Shutdowns Show Physical Gold Is Ultimate Protection

Internet shutdowns (116 in two years) show physical gold is ultimate protection
– Number of internet shutdowns increased in 2017 as 30 countries hit by shutdowns
– Democratic India experienced 54 internet shutdowns in last two years; Brazil 2

Nov 13 07:23

‘Incredibly Damaging’: US Cyber Security Ranks Vacant After Massive Hacks

Many top cybersecurity top posts remain empty, according to White House cybersecurity coordinator Rob Joyce, as the NSA reports disastrous leaks of key assets.

Many top cybersecurity and technology positions remain vacant 10 months into the Trump administration, according to White House cybersecurity coordinator Rob Joyce, cited by Defense One.

The key positions remaining empty are a federal chief information officer, a federal chief information security officer, a chief for the Homeland Security Department's cybersecurity and infrastructure protection division, and numerous agency CIOs and CISOs.

Nov 12 20:07

Samsung’s Linux on Galaxy software will bring full-fledged Ubuntu desktop to your phone (with an external display)

While Samsung seems to be showing off the developer-friendly features of Linux on Galaxy right now, theoretically non-developers could use the Linux environment to run desktop apps rather than Android apps when a phone is docked. For instance, this could open the door to desktop versions of Chrome, Firefox, LibreOffice, GIMP, or other popular GNU/Linux applications… although it’s worth noting that Samsung hasn’t shown any of those programs working yet, so it’s not clear how easy it would be to install them or how well they would run.

Nov 11 12:34

U.S. Senator Wants Google, Facebook And Twitter To Censor Political Speech

Are the days of the free and open Internet numbered?

The Internet is certainly used for all sorts of horrible things, but it has also allowed ordinary people to communicate on a mass scale that would have been unimaginable decades ago.

Nov 11 10:30

Facebook Was Built To Exploit ‘Psychological Vulnerability’ – Founding Pres.

Sean Parker, the founding president of Facebook, says the company was designed to “consume as much of your time and conscious attention as possible” and warns the platform could affect developing minds in negative ways.

Nov 11 09:31

The Kids Are Not Alright

Nov 11 08:42

Encryption is Dead: China Performs Quantum Messaging Over Longer Distances

Quantum-encrypted data cannot be eavesdropped because a third party tampering with the communication channel causes a quantum message to change, and both the recipient and the sender will know that someone is attempting an intercept. Due to the nature of quantum physics, any observation using our large-scale instruments influences — and so alters — the object of observation, an effect known as the Heisenberg Uncertainty Principle.

Nov 11 08:36

THE NATIONAL GUARD AND LAW ENFORCEMENT USE SECRET PLANES TO SPY ON OUR CELL PHONES

A recent article in the Texas Observer, revealed that the National Guard is using multi-protocol scanners and receivers to spy on everyone.

The National Guard and the DEA, recently purchased two DRT 1301C portable receiver systems from Digital Receiver Technology Inc., (DRT).

DRT's or 'dirt boxes' allow the National Guard and DEA to secretly listen to 10,000 cell phones at once.

According to an article in the Columbia Journalism Review (CJR) the National Guard and law enforcement use front companies like Air Cereberus and Eagle Eye Investigations to secretly spy on everyone.

CJR used an algorithm called "random forest" to reveal the identities of secret surveillance planes run by the National Guard, DHS and law enforcment.

Webmaster's Commentary: 

I have to laugh, to think that Mike and I would be considered "spy worthy" of listening in to our conversations; but then again, even in one's home, there is no protection against surveillance in this country in the 21st century.

And hey, DHS, I will give it to you straight; I am a Christian pacifist activist, who is constantly, peacefully entreating her government to resolve its geopolitical differences through moral negotiations, rather than through bombs and bullets.

I am a composer and conductor of two church choirs at a small Methodist church close to where I live, and should, at every level, be the absolute least of your problems.

But with all this high tech stuff you are flaunting, why do you have such a pathological inability to catch so few of the really bad guys?!? Why can you not protect Americans from hijackware and malware on our computers?!? Wouldn't this be a higher, and better use of your time than just spying on everyone, hoping you'll get lucky?!?

I'm just saying.......

Nov 11 08:24

HIVE: CIA INFRASTRUCTURE TO CONTROL ITS MALWARE

9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.

Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.

The documentation for Hive is available from the WikiLeaks Vault7 series.

Nov 11 08:19

Chinese theft of sensitive US military technology is still a 'huge problem,' says defense analyst

As President Donald Trump uses his meeting with Chinese President Xi Jinping to address trade and North Korean issues, he also may bring up China's theft of American intellectual property.

Nov 10 16:35

Four years later, Yahoo still doesn't know how 3 billion accounts were hacked

When pressed about how Yahoo failed to recognize that 3 billion accounts — and not 500 million as first reported — were compromised in what was later revealed to be a state-sponsored attack by Russia, former Yahoo CEO Marissa Mayer admitted that the specifics of the attack still remain unknown.

Nov 10 16:32

Chrome will start blocking annoying website redirects

As part of Google’s ongoing effort to make ad-ridden websites more bearable, the company is introducing some new protections to Chrome. Over the next couple months, the browser will start blocking various types of annoying, unwanted redirects, where a website or ad suddenly loads a new page, either because it’s been hijacked by a bad ad or because it intentionally wants to force visitors to see one.

Nov 10 16:28

Equifax CEO: Under current laws, we own your data

The interim CEO of the credit reporting company Equifax testified before a Senate Commerce Committee hearing on security breaches Wednesday. In one exchange, Paulino do Rego Barros Jr. told Sen. Cory Gardner (R-CO) that under currently regulatory framework, companies like Equifax own consumers' data and there is no way to get them to delete your file.

Nov 10 15:47

Hive: CIA Infrastructure to Control Its Malware

9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware. Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.

Nov 10 14:50

Facebook Was Built To Exploit ‘Psychological Vulnerability’ – Founding Pres.

Sean Parker, the founding president of Facebook, says the company was designed to “consume as much of your time and conscious attention as possible” and warns the platform could affect developing minds in negative ways.

Nov 10 14:23

U.S. Senator Al Franken Wants Google, Facebook And Twitter To Censor Political Speech

Are the days of the free and open Internet numbered?

The Internet is certainly used for all sorts of horrible things, but it has also allowed ordinary people to communicate on a mass scale that would have been unimaginable decades ago.

Nov 10 13:51

U.S. Senator Al Franken Wants Google, Facebook And Twitter To Censor Political Speech

Are the days of the free and open Internet numbered? 

The Internet is certainly used for all sorts of horrible things, but it has also allowed ordinary people to communicate on a mass scale that would have been unimaginable decades ago. 

Nov 10 13:26

Ex-Facebook President Sean Parker Says Social Media Site Exploits Human Weakness

One of the biggest names in Silicon Valley criticized Facebook and other social media sites in an interview with Axios earlier this week.

Nov 10 11:08

Confirmed Health Harms from Microwaves In Smart Meters And Other Smart Devices

By Catherine J. Frompovich

Have you ever wondered what the real deal is regarding RF EMFs from cell phones, Wi-Fi, all smart devices, but specifically from AMI Smart Meters being forced upon everyone’s utilities?...

Nov 10 10:24

Facebook was built to exploit ‘psychological vulnerability’ – founding pres.

Sean Parker, the founding president of Facebook, says the company was designed to “consume as much of your time and conscious attention as possible” and warns the platform could affect developing minds in negative ways.

At an Axios event Wednesday, Parker, 38, the billionaire co-founder of Napster and an early investor in Facebook, confessed that he has become “something of a conscientious objector” to social media, despite the fact that he made most of his $2.6 billion fortune from Facebook.

Nov 10 10:16

‘Kaspersky Lab in crosshairs since exposing US & Israeli spies behind Stuxnet’ – fmr MI5 agent

The campaign to discredit Kaspersky Lab dates back to 2010, when the Russian-based cybersecurity firm uncovered the origin of the Stuxnet malicious computer worm which ruined Iran's nuclear centrifuges, experts in the field told RT.

Kaspersky Lab, founded in Moscow in 1997, has been a world leader in cybersecurity for decades, taking pride in working outside of any government’s sphere of influence. US intelligence agencies, however, seem to consider the Russian firm a competitive challenge, cybersecurity experts say.

Nov 10 09:44

Google: Our hunt for hackers reveals phishing is far deadlier than data breaches

Phishing attackers love using Gmail.

Nov 10 09:04

Google Working To Remove MINIX-Based ME From Intel Platforms

As we hear so often now, though, no system is ever truly secure. There will always be bugs and creative people who can exploit those bugs. An OS full of latent capabilities to access hardware is just giving those people more room to be creative. The possibilities of what could happen if attackers figure out how to load their own software onto the ME’s OS are endless. Minnich and his team (and a number of others) are interested in removing ME to limit potential attackers’ capabilities.

Nov 10 08:46

Send scam emails to this chatbot and it’ll waste their time for you

Chatbots. They’re usually a waste of your time, so why not have them waste someone else’s instead? Better yet: why not have them waste an email scammer’s time.

That’s the premise behind Re:scam, an email chatbot operated by New Zealand cybersecurity firm Netsafe. Next time you get a dodgy email in your inbox, says Netsafe, forward it on to me@rescam.org, and a proxy email address will start replying to the scammer for you, doing its very utmost to waste their time.

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA