Innovative
hacking!
Snatch
ransomware reboots PCs in Windows Safe Mode to bypass antivirus apps
Unlike
most ransomware strains, the Snatch ransomware also steals files from
infected networks.
The
authors of the Snatch ransomware are using a never-before-seen trick
to bypass antivirus software and encrypt victims' files without being
detected.
The
trick relies on rebooting an infected computer into Safe Mode, and
running the ransomware's file encryption process from there.
The
reason for this step is that most antivirus software does not start
in Windows Safe Mode, a Windows state meant for debugging and
recovering a corrupt operating system.
All
encryption is breakable, given enough time. In theory, you could
break this key in only one hour, if you used 35 million computers.
Scientists
Break Largest Encryption Key Yet with Brute Force
The
key, only one-third the length of most commercial encryption keys,
took more than 35 million compute hours to break.
How
safe is "safe"? That's the question at the heart of
research into breaking encryption keys — research that has led a
team in France to the most complex encryption algorithm to date. At
240 characters long, the new record bests the old decryption record
by 8 characters, though it still falls far short of the complexity of
the algorithms used in commercial cryptography today.
In
order to break the encryption generated by the RSA algorithm,
researchers used a network of computers to deliver the 35 million
compute hours required to solve the problem. While mathematically
and computationally interesting, the result is not seen as a
harbinger of the end of effective encryption.
Beware of helpful sites?
Over
750,000 applications for US birth certificate copies exposed online
An online company that allows users to obtain a
copy of their birth and death certificates from U.S. state
governments has exposed a massive cache of applications — including
their personal information.
… The bucket wasn’t protected with a
password, allowing anyone who knew the easy-to-guess web address
access to the data.
Each application process differed by state, but
performed the same task: allowing customers to apply to their state’s
record-keeping authority — usually a state’s department of health
— to obtain a copy of their historical records. The applications
we reviewed contained the applicant’s name, date-of-birth, current
home address, email address, phone number and historical personal
information, including past addresses, names of family members and
the reason for the application — such as applying for a passport or
researching family history.
… Fidus and TechCrunch sent several emails
prior to publication to warn of the exposed data, but we received
only automated emails and no action was taken. We are not naming the
company. When reached, Amazon would not intervene but said it would
inform the customer.
One part GDPR, one part Big Brother? At least
they are honest: governments are not like the common people.
India
proposes new rules to access its citizens’ data
India
has proposed groundbreaking new rules that would require companies
to garner consent from citizens in the country before collecting and
processing their personal data. But at the same time, the new
rules also state that companies
would have to hand over “non-personal” data of their users to the
government, and New
Delhi would also hold the power to collect any data of its citizens
without consent, thereby bypassing the laws applicable to everyone
else, to serve sovereignty and larger public interest.
The
new rules, proposed in “Personal Data Protection Bill 2019,” a
copy of which leaked
on Tuesday,
would permit New Delhi to “exempt any agency of government from
application of Act in the interest of sovereignty and integrity of
India, the security of the state, friendly relations with foreign
states, public order.”
Another slice off the Internet. Has isolation
ever helped a government stay in power?
Iran's
internet freedom is on life support
In
November, Iran's government announced a price hike on oil, leading to
mass protests in Tehran. To quell the spreading unrest, the Iranian
government effectively
shut down the internet/
After a week of Iranian security forces cracking down on protesters,
including an
estimated death toll between 140 and 208,
internet access was gradually restored around the country. Judging by
statements made by President Hassan Rouhani, the internet shutdowns
could be a harbinger of more censorship in 2020 and beyond.
Iran's
intranet, known as the National Information Network, will be expanded
so "people
will not need foreign [networks] to meet their needs,"
President Rouhani said to Iran's parliament on Sunday, according
to Radio Farda.
Perspective. Jeff probably doesn’t like him
either.
Amazon
blames Trump for losing $10 billion JEDI cloud contract to Microsoft
… In
a heavily redacted, 103-page document made public Monday, Amazon Web
Services lays out why it’s protesting the Department of Defense’s
decision to award Microsoft the JEDI (Joint Enterprise Defense
Infrastructure) contract. AWS claims it didn’t win the JEDI
contract, which could be worth as much as $10 billion, as a result of
Trump’s repeated public and private attacks against Amazon and,
specifically, its CEO Jeff Bezos.
“The
question is whether the President of the United States should be
allowed to use the budget of DoD to pursue his own personal and
political ends,” the filing states. “DoD’s substantial and
pervasive errors are hard to understand and impossible to assess
separate and apart from the President’s repeatedly expressed
determination to, in the words of the President himself, ‘screw
Amazon.’ Basic justice requires re-evaluation of proposals and a
new award decision.”
No comments:
Post a Comment