NSA hacked? Top cyber weapons allegedly go up for auction
An anonymous group claims to have stolen hacking tools
that might belong to the National Security Agency and is auctioning them off to
the highest bidder.
The files were allegedly stolen from the Equation
Group, a top cyberespionage team that may have links to the NSA.
Interesting how useful this would be for intelligence
agencies. It could flag anyone who
contacts known terrorists, for example.
Linux bug leaves 1.4 billion Android users vulnerable to
hijacking attacks
An estimated 80 percent of Android phones contain a
recently discovered vulnerability that allows attackers to terminate
connections and, if the connections aren't encrypted, inject malicious code or
content into the parties' communications, researchers from mobile security firm
Lookout said Monday.
As Ars reported
last Wednesday, the flaw first appeared in version 3.6 of the Linux
operating system kernel, which was introduced in 2012. In a blog
post published Monday, Lookout researchers said that the Linux flaw appears
to have been introduced into Android version 4.4 (aka KitKat) and remains
present in all future versions, including the latest developer preview of
Android Nougat. That tally is based on
the Android
install base as reported by statistics provider Statista, and it would mean
that about 1.4 billion Android devices, or about 80 percent of users, are
vulnerable.
… The vulnerability makes it possible for anyone with an
Internet connection to determine whether any two parties are communicating over
a long-lived transport
control protocol connection, such as those that serve Web mail, news feeds,
or direct messages. In the event the
connections aren't encrypted, attackers can then inject malicious code or
content into the traffic. Even when the
connection is encrypted, the attacker may still be able to determine a channel
exists and terminate it. The
vulnerability is classified as CVE-2016-5696.
(Related) spying without a designed bug.
Three Surprising Ways Your Smartphone Can Be Used to Spy On
You
… you might not
know that your photos, Bluetooth, and even smartphone battery could be used to
spy on you…
They can’t do it domestically, but they want to exercise
the tools so they reach out to law enforcement in other countries?
Australian Authorities Hacked Computers in the US
Australian authorities hacked Tor users in the US as part
of a child pornography investigation, Motherboard has learned.
The contours of this previously-unreported hacking
operation have come to light through recently-filed US court documents. The case highlights how law enforcement around
the world are increasingly pursuing targets overseas using hacking tools,
raising legal questions around agencies’ reach.
In one case, Australian authorities remotely hacked a
computer in Michigan to obtain the suspect’s IP address.
“I think that's problematic, because they've got no
jurisdiction,” Greg Barns, an Australian barrister who practices criminal and
human rights law who's also a former national president of the Australian
Lawyers Alliance, told Motherboard in a phone call.
… “The person
would have to have a link to the jurisdiction,” Barns, from Stawell Chambers,
wrote in an email.
He added that authorities might be able to argue that
because the site's owner was Australian, that gives them the greenlight to
conduct overseas searches for other suspects. At one point, The Love Zone server was also reportedly
moved to Brisbane, giving Task Force Argos, the Queensland Police Service
unit that took over the site, access to every private message on the site.
“But they can't simply wander around the world, assisting
other law [enforcement], saying, ‘We're here to help,’” Barns said.
How are we ever going to keep up with all the hacks?
Thousands of Soros docs released by alleged Russian-backed
hackers
Hackers believed to be backed by Russia this weekend
publicly released more than 2,000 documents connected to billionaire Democratic
donor George Soros and his Open Society Foundations.
The documents
detail the ins and outs of Soros’s groups, which have funded a slew of public
health, human rights and education programs around the globe, while also
mounting opposition to hard-right conservatives in the U.S.
Interesting, but I would add a few more criteria. (Maybe just tweaks to the wording?) Similarity to recent hacks in the
industry. Missing “Best Practice”
defense.
Dan Munro had an interesting conversation with Jeff
Williams of Contrast Security at BlackHat, which led to a draft scoring system
for data breaches and corporate responses:
- Tone – Is the announcement apologetic and not blaming? Does it acknowledge that there should have been better defenses and that the breach should have been detected and been able to stop the attack?
- Timeline – When was the initial break-in? When was it discovered? How long to disclose?
- Scope – What information was stolen and what control was lost?
- Size – How many people were affected? How many servers?
- Root Cause – What was the underlying vulnerability that was exploited? What defenses are in place and how did the attack bypass the defenses?
- Discovery – Who discovered it? Victims? Security firm? Why didn’t you know earlier?
- Remedy – Are you really making victims whole? For how long? [Personal Health Information – PHI is literally lifelong]
- Future – What are going to do to prevent future/similar attacks?
- Blame – Did you state or imply that the attack was “sophisticated” or “advanced?” Did you provide any evidence of that?
- Oddities – Were there any oddities to the timeline not making sense – or details that stretch credulity?
Read more on Forbes.
How Big Brotherly of them. Everyone should be as handicapped as the EUs’ telecoms?
EU plans to extend some telecom rules to web-based providers
The European Union is planning to extend telecom rules
covering security and confidentiality of communications to web services such as
Microsoft's Skype and Facebook's WhatsApp which could restrict how they use
encryption.
The rules currently only
apply to telecoms providers such as Vodafone and Orange.
… "Unlike
telcos, OTT (web-based) are global players that are allowed to commercially
exploit the traffic data and the location data they collect," telecoms
group Orange said in a response to the EU's public consultation on the reform
proposals.
Under the existing
"ePrivacy Directive", telecoms operators have to protect users'
communications and ensure the security of their networks and may not keep
customers' location and traffic data.
This is interesting.
Think it could become popular here in the US?
theguardian – Police to hire law firms to tackle cyber
criminals in radical pilot project
by Sabrina
I. Pacifici on Aug 15, 2016
“Private law firms will be hired by
police to pursue criminal suspects for profit, under a radical new scheme
to target cyber criminals and fraudsters. In a pilot project by the City of London
police, the lead force on fraud in England and Wales, officers will pass details of suspects and cases to law firms, which will
use civil courts to seize the money. The force says the scheme is a way of more
effectively tackling fraud – which is now the biggest type of crime, estimated
to cost
£193bn a year. It is overwhelming
police and the criminal justice system. The experiment, which is backed by the
government and being closely watched by other law enforcement agencies, is
expected to lead to cases reaching civil courts this year or early next year. Officers will use the private law firms to
attempt to seize suspects’ assets. If
unsuccessful, police could decide to leave it at that or pursue the case
themselves through the criminal courts…”
If you do gather data, is it the right data?
Are You Collecting the Right Data? Lessons from American
Apparel
How many Facebook likes and Instagram followers does your
company have? How about memberships, or
downloads? As these numbers grow from
hundreds to thousands to millions, you may assume that your business is riding
high. Apparently your customers love
you, and there are many more to come.
But according to Thoryn Stephens, the chief digital
officer at American Apparel, measurements like these can constitute what he
calls “fake or false metrics.” They may
be distracting you from underlying problems, or untapped potential. Instead,
businesses need to focus on “the true metrics
that drive value,” he said at the recent Wharton Customer Analytics
Initiative Conference.
We should be watching start-ups in India closely.
India’s WhatsApp rival Hike raises $175M led by Tencent at a
$1.4B valuation
India has a new tech unicorn. Hike,
a four-year-old messaging app, today announced that it has closed $175 million
in funding led by new investors Chinese internet giant Tencent and
manufacturing firm Foxconn. The Series D
round values the company at $1.4 billion, founder and CEO Kavin Bharti Mittal
confirmed to TechCrunch.
… Born out of a joint-venture between Bharti and
SoftBank, Hike includes standard messaging app features you’d
expect, alongside free voice calling and a few other twists. It has put emphasis on local
users with features that include a privacy option to hide chat
messages, in case a nosey relative gets hold of your phone as can happen in
India, and the
ability to send messages via SMS to friends who aren’t using the Hike app,
another foreseeable usecase in the country.
… “Every market has two messaging apps that do well,”
[Not sure I’d agree with that. Bob]
he said in an interview with TechCrunch.
“There’s one that replaces SMS and one that does a lot more than
that. Hike doesn’t even compete with WhatsApp today, it is used
very actively in addition to other apps.”
(Related) Same for
Russia.
The Top 8 Russian Social Networks (And What Makes Them Great)
… This difference
in social media use is of huge importance for brands who use social media sites
for advertising, as it can completely change a marketing strategy that is used
in other parts of the world. That aside, it’s also just interesting to see how
online communication can differ in different parts of the world!
Another point of view on BitChain. Not sure I like where this one is going. (Not all Americans are evil.)
UNRISD – Development Finance: Can Bitcoin play a role in
social finance?
by Sabrina
I. Pacifici on Aug 15, 2016
The United Nations Research Institute for Social
Development (UNRISD) – The United Nations Research Institute for Social
Development has released a new paper that explores the potential for digital
currency Bitcoin to facilitate what author Brett Scott describes as ‘truly
empowering social and solidarity-based finance’. “Bitcoin has been ambivalently received by
many in international development circles,” the report states. “Despite this, the question of whether
Bitcoin can be harnessed to build [a] new means of solidarity-based finance
remains unanswered. This paper sketches
out some key issues practitioners should consider when thinking about
cryptocurrency technology.”
- Read the full article here.
- Access also UNRISD Working Paper “How Can Cryptocurrency and Blockchain Technology Play a Role in Building Social and Solidarity Finance?“
Amusing, but he has a point. (Several, actually.)
The Big Tech Election Stories No One Else Is Covering
… In the case of
both the Clinton email scandal and the DNC email leak -- not to mention the
various whistle-blower events -- what interests me isn't what's been covered
but what hasn't been covered. I'll shine
a light on some of the huge misses from a tech perspective.
If I know when the light will change, my self-driving car
can time itself to hit the intersection at the full (legal) speed!
Audi Traffic Light Timer Tech Counts Down To Green, Further
Enables Texting Road Warriors
… Traffic light
information is an Audi PRIME feature and will allow vehicles to communicate
with the infrastructure in select metropolitan areas throughout the United
States. The service connects to the
internet via LTE to
Traffic Technology Services servers. The
feature will inform drivers of how much time there is left until a light turns
green.
Face to face with my students? That’s another reason to never own a
smartphone!
Google's new video-chatting app is finally here, but the best
feature doesn't work for iPhone users
… The tech giant
first announced the app, Google Duo, at Google IO in May. It's a simple, one-to-one messaging app that
doesn't come with a lot of fanfare — you simply scroll through your contacts to
see who has the app, click, and connect. But as Nick Fox, vice president of Google's
communications division, told Business Insider, that was intentional.
Illustrating why Hillary thought she could not trust the
State Department?
No comments:
Post a Comment