Cyber Security July 2018

This posting is here to collect security alert news in July 2018.

I post links to security vulnerability news to comments of this article.

194 Comments

  1. Tomi Engdahl says:

    LTE Network Protocol exists flaw that hacker can be hijacked remotely
    https://www.digitalmunition.me/2018/07/lte-network-protocol-exists-flaw-hacker-can-hijacked-remotely/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+digitalmunition%2FUHtl+%28DigitalMunition%29

    security developers have recently found deficiencies in the LTE network, allowing attackers to send malicious sites to users near the base station and to understand the site history users visit

    This is due to the vulnerability of the LTE standard itself, and the systematic attack is effective. The most critical shortcoming of LTE is that the form of encryption does not protect the integrity of the data. Lack of data authentication allows an attacker to manipulate the IP address in an encrypted packet secretly.

    The attack technology is called aLTEr, and security researchers can already let terminal phones access malicious DNS servers, and even redirect users to malicious servers that pretend to be HotMail.

    researchers said that as long as about $4,000 equipment is available, they can attack end-users with a target range of approximately one mile

    Reply
  2. Tomi Engdahl says:

    Researchers Create Attacks That Compromise LTE Data Communication
    https://www.securityweek.com/researchers-create-attacks-compromise-lte-data-communication

    Newly devised attacks on the Long Term Evolution (LTE) high-speed wireless standard break the confidentiality and privacy of communication, a team of researchers claim.

    In a newly published paper (PDF), researchers from Ruhr-University Bochum and New York University Abu Dhabi present a set of attacks against LTE’s data link layer (layer two) protocols, which could be used to identify mobile users within a cell, learn what websites the user visits, and even modify the message payload.

    A stealthy attacker, the researchers say, could perform an identity mapping attack and map the user’s temporary network identity (TMSI) to the temporary radio identity (RNTI). Both pieces of information are previously unknown to the attacker but are both contained in the radio packets.

    “More specifically, we demonstrate how an attacker can precisely localize and identify a user within the cell, distinguish multiple transmission streams, and use this information as a stepping stone for subsequent attacks,” the researchers note.

    Breaking LTE on Layer Two
    https://alter-attack.net/media/breaking_lte_on_layer_two.pdf

    n this paper, we present a comprehensive layer two security
    analysis and identify three attack vectors. These attacks impair
    the confidentiality and/or privacy of LTE communication.

    we first present a passive identity mapping attack

    Second, we demonstrate
    how a passive attacker can abuse the resource allocation as
    a side channel to perform website fingerprinting that enables
    the attacker to learn the websites a user accessed. Finally, we
    present the
    A
    LTE
    R
    attack that exploits the fact that LTE user
    data is encrypted in counter mode (AES-CTR) but not integrity
    protected, which allows us to modify the message payload.

    protected, which allows us to modify the message payload.
    As a proof-of-concept demonstration, we show how an active
    attacker can redirect DNS requests and then perform a DNS
    spoofing attack.

    Reply
  3. Tomi Engdahl says:

    Mozilla Announces Root Store Policy Update
    https://www.securityweek.com/mozilla-announces-root-store-policy-update

    Mozilla announced on Monday that its Root Store Policy for Certificate Authorities (CAs) has been updated to version 2.6.

    CAs need to periodically obtain certain audits for their root and intermediate certificates in order to remain in the root store. Mozilla now requires auditors to provide reports written in English.

    The new policy also states that starting with January 1, 2019, CAs will be required to create separate intermediate certificates for S/MIME and SSL certificates.

    Another new requirement is that root certificates must have complied with the Mozilla Root Store Policy from the moment they were created.

    Reply
  4. Tomi Engdahl says:

    Typeform Data Breach Hits Many Organizations
    https://www.securityweek.com/typeform-data-breach-hits-many-organizations

    Typeform, a Spain-based software-as-a-service (SaaS) company that specializes in online forms and surveys, has suffered a security breach that resulted in the data collected by its customers getting stolen.

    According to a notice posted on its website, Typeform identified the breach on June 27 and addressed its cause roughly half an hour later. The company says an attacker has managed to download a backup file dated May 3 from one of its servers.

    What happened and was I affected?
    https://www.typeform.com/data-breach-june-2018/#section_a61e8de4d5c2842f2de14bb016c32e6d

    On June 27, 2018, our engineering team became aware that an unknown third party gained access to our server and downloaded certain information. As a result of this breach, some data was compromised.

    Reply
  5. Tomi Engdahl says:

    Malware Authors Seem Intent on Weaponizing Windows SettingContent-ms Files
    https://www.bleepingcomputer.com/news/security/malware-authors-seem-intent-on-weaponizing-windows-settingcontent-ms-files/

    Malware authors are frantically trying to weaponize a new infection vector that was revealed at the start of June.

    The trick relies on using Windows Settings (.SettingContent-ms) shortcut files in order to achieve code execution on Windows 10 PCs.

    Ever since SpecterOps security researcher Matt Nelson published his research on the matter three weeks ago, malware authors have been playing around with proof-of-concept code in attempts of crafting an exploit that can deploy weaponized malware on a victim’s system.

    Windows Settings Shortcuts Can Be Abused for Code Execution on Windows 10
    https://www.bleepingcomputer.com/news/security/windows-settings-shortcuts-can-be-abused-for-code-execution-on-windows-10/

    A new file type format added in Windows 10 can be abused for running malicious code on users’ computers, according to Matt Nelson, a security researcher for SpecterOps.

    The file type is “.SettingContent-ms”, a file format introduced in Windows 10 in 2015. This file format is used to create shortcuts to Windows 10 settings pages, which Microsoft created as an alternative to classic Control Panel options.

    Reply
  6. Tomi Engdahl says:

    CoinHive URL Shortener Abused to Secretly Mine Cryptocurrency Using Hacked Sites
    https://thehackernews.com/2018/07/coinhive-shortlink-crypto-mining.html

    Security researchers have been warning about a new malicious campaign that leverages an alternative scheme to mine cryptocurrencies without directly injecting the infamous CoinHive JavaScript into thousands of hacked websites.

    Coinhive is a popular browser-based service that offers website owners to embed JavaScript code that utilizes their website visitors’ CPUs power in order to mine the Monero cryptocurrency for monetization.

    Reply
  7. Tomi Engdahl says:

    Beware! Fortnite Cheat Hijacks Gamers’ PCs to Intercept HTTPS Traffic
    https://thehackernews.com/2018/07/fortnite-v-bucks-cheat.html

    If you are looking for Fortnite v-bucks generator, aimbot or any other game cheats—then beware—you might end up installing malware on your PC!

    Web-based game-streaming platform Rainway is reporting that tens of thousands of Fortnite players have inadvertently infected their systems with a piece of malware that hijacks their encrypted HTTPS web sessions to inject fraudulent ads into every website they visit.

    According to a blog published by Rainway CEO Andrew Sampson, the company began receiving hundreds of thousands of error reports from its server logs last week, and after investigating, the team found that the systems of their users were attempting to connect with various ad platforms.

    How We Discovered a Virus Infecting Tens of Thousands of Fortnite Players
    https://blog.rainway.io/how-we-discovered-a-virus-infecting-tens-of-thousands-of-fortnite-players-e5dd6fe1ff55?gi=6b9ae47234a6

    Fortnite is the most popular game right now; it’s a genuine cultural phenomenon that is sweeping the world. Sadly, where there is a popular channel there will always be malicious actors. Today we want to diverge from our usual tech and vision blogs and share with you a journey of something surreal.

    Reply
  8. Tomi Engdahl says:

    Tech’s ‘Dirty Secret’: The App Developers Sifting Through Your Gmail
    https://www.wsj.com/articles/techs-dirty-secret-the-app-developers-sifting-through-your-gmail-1530544442

    Software developers scan hundreds of millions of emails of users who sign up for email-based services

    Google said a year ago it would stop its computers from scanning the inboxes of Gmail users for information to personalize advertisements, saying it wanted users to “remain confident that Google will keep privacy and security paramount.”

    Reply
  9. Tomi Engdahl says:

    Gentoo Publishes Incident Report After GitHub Hack
    https://www.securityweek.com/gentoo-publishes-incident-report-after-github-hack

    Maintainers of the Gentoo Linux distribution published an incident report on Wednesday after someone hijacked one of the organization’s GitHub accounts and planted malicious code.

    The attack started on June 28 and the hacker (or hackers) not only changed content in compromised repositories, but also locked out Gentoo developers from the targeted GitHub account. This made the attack “loud” – Gentoo believes the hackers could have maintained access longer had they been quieter.

    Hackers Plant Malicious Code on Gentoo Linux GitHub Page
    https://www.securityweek.com/hackers-plant-malicious-code-gentoo-linux-github-page

    Reply
  10. Tomi Engdahl says:

    Israel Accuses Hamas of Targeting Soldiers With World Cup App
    https://www.securityweek.com/israel-accuses-hamas-targeting-soldiers-world-cup-app

    Tel Aviv – Israeli military intelligence on Tuesday accused Hamas hackers of creating a World Cup app and two online dating sites to tempt soldiers into downloading spyware onto their phones.

    Reply
  11. Tomi Engdahl says:

    Iranian Hackers Impersonate Israeli Security Firm
    https://www.securityweek.com/iranian-hackers-impersonate-israeli-security-firm

    A group of Iranian hackers focused on cyber-espionage recently built up a website to impersonate ClearSky Cyber Security, the Israeli firm that exposed their activities not long ago.

    The hackers, tracked as APT35 and also known as NewsBeef, Newscaster, and Charming Kitten, have been active since at least 2011, with their activities detailed for the first time several years ago.

    In December 2017, ClearSky Cyber Security published a report detailing the group’s activities during the 2016-2017 timeframe. The security firm not only described the actor’s infrastructure, but also provided information on DownPaper, a new piece of malware the hackers had been using.

    Roughly half a year after the report was published, the security firm announced on its Twitter account that the hackers built their own site impersonating ClearSky.

    Reply
  12. Tomi Engdahl says:

    Flaws Expose Siemens Central Plant Clocks to Attacks
    https://www.securityweek.com/flaws-expose-siemens-central-plant-clocks-attacks

    Siemens informed customers on Tuesday that some of its SICLOCK central plant clocks are affected by several vulnerabilities, including ones that have been rated “critical.”

    Siemens SICLOCK devices are used to synchronize time in industrial plants. The central plant clock ensures stability in case of a failure or loss of reception at the primary time source.

    According to the German industrial giant, SICLOCK systems are affected by a total of six vulnerabilities. The security holes have been assigned the CVE identifiers CVE-2018-4851 through CVE-2018-4856.

    Three of the flaws have been classified as critical. One of them allows an attacker with access to the network to cause the targeted device to enter a denial-of-service (DoS) condition – and possibly reboot – by sending it specially crafted packets.

    Reply
  13. Tomi Engdahl says:

    Tenable officially announces IPO
    https://www.cyberscoop.com/tenable-ipo-s1/

    Tenable announced on Friday that it has officially submitted plans to become a publicly traded company.

    The Columbia, Maryland, company filed its registration statement with the Securities and Exchange Commission to begin the initial public offering process.

    The company will be listed on the Nasdaq under the ticker TENB.

    Tenable is one of the most well-funded cybersecurity companies, having raised more than $300 million from private investors, according to Crunchbase.

    mong competitors listed in the S-1 are IBM, Qualys, Rapid7, Tanium and CrowdStrike.

    Reply
  14. Tomi Engdahl says:

    UK researcher says one line of code caused Ticketmaster breach
    https://www.itwire.com/security/83416-uk-researcher-says-one-line-of-code-caused-ticketmaster-breach.html

    Well-known British security researcher Kevin Beaumont says the breach of the British operations of American multinational ticket sales and distribution company Ticketmaster, that has led to the possible leak of tens of thousands of credit card details, was caused by the incorrect placement of a single line of code.

    Inbenta, in turn, said that the breach had been caused by Ticketmaster directly applying a customised piece of JavaScript without notifying its (Inbenta’s) team.

    Beaumont said Inbenta was providing a chat bot for website developers “by providing a single line of HTML which calls a JavaScript from Inbenta’s Web server. JavaScript allows controlled code execution via a website, for example to redirect traffic from forms, or run a chatbot assistant”.

    the ticketing company had placed this chatbot code on its payment processing website without informing Inbenta it had done so.

    “This means that Inbenta’s webserver was placed in the middle of all Ticketmaster credit card transactions, with the ability to execute JavaScript code in customer browsers,” Beaumont said.

    Reply
  15. Tomi Engdahl says:

    Cyberboffins drill into World Cup cyber honeypot used to lure Israeli soldiers
    Israel claiming it was Hamas
    https://www.theregister.co.uk/2018/07/05/world_cup_mobile_malware_trick/?utm_source=dlvr.it&utm_medium=facebook

    Security researchers have unpicked mobile apps and spyware that infected the mobile devices of Israeli military personnel in a targeted campaign which the state has claimed Hamas was behind.

    Earlier this week, Israeli military security officials revealed that hackers whom they claim were Hamas-affiliated* had installed spyware on Israeli soldiers’ smartphones.

    About 100 individuals fell victim to the attack that came in the form a malicious World Cup score tracking app and two fake online dating apps.

    Reply
  16. Tomi Engdahl says:

    Joseph Cox / Motherboard:
    Israeli indictment says an employee allegedly stole source code of NSO Group’s powerful smartphone hacking tools before attempting to sell it for $50M — NSO sells its potent iPhone malware to governments, including Mexico and the United Arabs Emirates. But according to a newly released indictment …

    NSO Group Employee Allegedly Stole Company’s Powerful Spyware for Personal Profit
    https://motherboard.vice.com/en_us/article/9km99z/nso-group-employee-stole-code-sell-dark-web-50-million

    NSO sells its potent iPhone malware to governments, including Mexico and the United Arabs Emirates. But according to a newly released indictment, a disgruntled employee stole the company’s code and tried to sell it for $50 million worth of cryptocurrency.

    Reply
  17. Tomi Engdahl says:

    Vietnam Activists Flock to ‘Safe’ Social Media After Cyber Crackdown
    https://www.securityweek.com/vietnam-activists-flock-safe-social-media-after-cyber-crackdown

    Tens of thousands of Vietnamese social media users are flocking to a self-professed free speech platform to avoid tough internet controls in a new cybersecurity law, activists told AFP.

    The draconian law requires internet companies to scrub critical content and hand over user data if Vietnam’s Communist government demands it.

    The bill, which is due to take effect from January 1, sparked outcry from activists, who say it is a chokehold on free speech in a country where there is no independent press and where Facebook is a crucial lifeline for bloggers.

    The world’s leading social media site has 53 million users in Vietnam, a country of 93 million.

    Many activists are now turning to Minds, a US-based open-source platform, fearing Facebook could be complying with the new rules.

    Reply
  18. Tomi Engdahl says:

    Ex-NSO Employee Accused of Stealing Spyware Source Code
    https://www.securityweek.com/ex-nso-employee-accused-stealing-spyware-source-code

    A former employee of Israel-based cyber arms dealer NSO Group has been accused of stealing spyware source code from the company and attempting to sell it for $50 million, Israel’s Justice Ministry announced this week.

    Reply
  19. Tomi Engdahl says:

    Data Security Startup Enveil Unveils Homomorphic Encryption Platform
    https://www.securityweek.com/data-security-startup-enveil-unveils-homomorphic-encryption-platform

    Enveil’s New “ZeroReveal” Platform Enables Homomorphic Encryption to Secure Data in Use

    Sensitive data exposure is classified by OWASP as the third most critical web application vulnerability. Encryption is the primary solution. But encryption is only generally available for data at rest and data in transit — leaving the third state of data (data in use) potentially exposed. Bank card details, for example, can be stored encrypted and can be transmitted encrypted — but they currently must be decrypted and exposed at the point of processing.

    Finding some way for data to remain encrypted and secure even during processing is considered the holy grail of encryption. One method, homomorphic encryption, was first mooted in 1978; but initially without any clear proof that it was possible. Today, start-up firm Enveil has launched the first practical and scalable commercial homomorphic encryption platform, ZeroReveal.

    “Continued reports of chip flaws [eg, Spectre and Meltdown] and data breaches in recent months make it clear that encrypting data at rest and in transit isn’t good enough in today’s volatile security environment. Organizations must eliminate the data in use security gap and do so in a way that won’t negate investments in existing systems and protocols,” explains Williams. “We allow you to securely use data where it is and as it is today, delivering nation-state level security — no system overhaul required.”

    When people use data, it is typically undertaken by running a search or analytic over the data. Enveil concentrates on the security posture of that search or analytic as it is being performed.

    “We have two-party form factor,” Williams told SecurityWeek. “From a technology standpoint, it means that we can take a search or analytic that folks will want to perform over data, and we can encrypt that, and then we can run that encrypted search over massive amounts of data anywhere, without ever decrypting anything. We never decrypt the search itself, and if the underlying data also happens to be encrypted, we don’t have to decrypt that either. We accomplish this through the ZeroReveal Compute Fabric where we can encrypt the search, send that out to the data location, and that can be processed there without ever being decrypted.”

    https://www.enveil.com/products/

    Reply
  20. Tomi Engdahl says:

    Gentoo Publishes Incident Report After GitHub Hack
    https://www.securityweek.com/gentoo-publishes-incident-report-after-github-hack

    Maintainers of the Gentoo Linux distribution published an incident report on Wednesday after someone hijacked one of the organization’s GitHub accounts and planted malicious code.

    The attack started on June 28 and the hacker (or hackers) not only changed content in compromised repositories, but also locked out Gentoo developers from the targeted GitHub account. This made the attack “loud” – Gentoo believes the hackers could have maintained access longer had they been quieter.

    GitHub could not be used by Gentoo for a total of five days as a result of the incident.

    The attacker also attempted to wipe users’ files by adding “rm-rf” to some repositories, but Gentoo believes this method was unlikely to work due to “various technical guards.”

    The GitHub account was compromised after the hacker gained access to an admin account that had a predictable password.

    “Evidence collected suggests a password scheme where disclosure on one site made it easy to guess passwords for unrelated webpages,” Gentoo wrote in its incident report.

    The incident report summarizes the lessons learned by Gentoo following the incident and the actions taken or planned in response. These actions include making frequent backups, requiring the use of two-factor authentication (2FA) and introducing support for hardware-based 2FA, reducing the number of users with elevated privileges, auditing logins, publishing password policies, and suggesting the use of password managers.

    Gentoo is also working on an incident response plan, particularly for sharing information about a security incident with users.

    https://wiki.gentoo.org/wiki/Github/2018-06-28

    Reply
  21. Tomi Engdahl says:

    To crypt, or to mine – that is the question
    https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/

    Way back in 2013 our malware analysts spotted the first malicious samples related to the Trojan-Ransom.Win32.Rakhni family. That was the starting point for this long-lived Trojan family, which is still functioning to this day. During that time the malware writers have changed:

    the way their Trojans get keys (from locally generated to received from the C&C);
    the algorithms used (from using only a symmetric algorithm, through a commonly used scheme of symmetric + asymmetric, to 18 symmetric algorithms used simultaneously);
    the crypto-libraries (LockBox, AESLib, DCPcrypt);
    the distribution method (from spam to remote execution).

    Now the criminals have decided to add a new feature to their creation – a mining capability. In this article we describe a downloader that decides how to infect the victim: with a cryptor or with a miner.

    Reply
  22. Tomi Engdahl says:

    First-Ever Person Sentenced for Malicious Use of Coinhive Library
    https://www.bleepingcomputer.com/news/security/first-ever-person-sentenced-for-malicious-use-of-coinhive-library/

    Authorities in Japan have sentenced a man for the first time for using the Coinhive JavaScript library for malicious purposes.

    According to local news outlet Kahoku, a judge from the city of Amagasaki sentenced a 24-year-old man named Masato Yasuda to one year in prison but suspended the sentence for three years. This means the man will remain free, but if he breaks the law in the following three years, he’ll go to prison for one year.

    The accused made only $45

    Yasuda embedded the Coinhive JavaScript library inside a game cheat tool he later offered for download.

    Authorities say the tool was downloaded over 90 times and helped Yasuda make 5,000 yen worth of Monero cryptocurrency, which is around $45.

    “The defendant regretted what he did, learning information ethics and other matters,” said the judge

    Japan clamping down on the abusive use of Coinhive

    The use of the library is contentious, especially if site owners don’t request permission from users, and the library has become a favorite among malware authors who often deploy it on hacked sites.

    While Yasuda didn’t use the library on a site, he is the first ever person to be sentenced for using it.

    Other sentences are most likely to follow because last month, Japanese authorities from 10 prefectures arrested 16 individuals suspected of involvement in cryptojacking, a term used to describe the practice of secretly adding Coinhive to a site.

    Reply
  23. Tomi Engdahl says:

    Gentoo GitHub repo hack made possible by these 3 rookie mistakes
    Weak password, no 2FA, loose policies … and only luck limited the damage
    http://www.theregister.co.uk/2018/07/05/gentoo_github_hack_weak_password_no_2fa/

    The developers of Gentoo Linux have revealed how it was possible for its GitHub organization account to be hacked: someone deduced an admin’s password – and perhaps that admin ought not to have had access to the repos anyway.

    The distro’s wiki has added a page describing the SNAFU.

    It describes the root cause of the cockup as follows:

    The attacker gained access to a password of an organization administrator. Evidence collected suggests a password scheme where disclosure on one site made it easy to guess passwords for unrelated webpages.

    Oops! Sounds like someone has a core password with predictable variations!

    The wiki page also reveals that the project got lucky. “The attack was loud; removing all developers caused everyone to get emailed,” the wiki reveals. “Given the credential taken, its likely a quieter attack would have provided a longer opportunity window.”

    https://wiki.gentoo.org/wiki/Github/2018-06-28

    Reply
  24. Tomi Engdahl says:

    http://www.etn.fi/index.php/13-news/8166-uusi-tekniikka-tekee-kyberhyokkaykset-mahdottomiksi
    QNRG-piirin ansiosta esimerkiksi Blockchain-sovelluksen tietoturvasta saadaan täysin murtumaton.

    Reply
  25. Tomi Engdahl says:

    Britain’s tax authority reports takedown of record 20,000 fake sites
    https://www.welivesecurity.com/2018/07/03/britains-tax-authority-takedown-record-20000-fake-sites/

    Her Majesty’s Revenue & Customs (HMRC) is “consistently the most abused government brand”, according to the National Cyber Security Centre (NCSC)

    “Despite a record number of malicious sites being removed, HMRC is warning the public to stay alert as millions of taxpayers remain at risk of losing substantial amounts of money to online crooks,” according to HMRC.

    Most commonly, fraudsters seek to con people out of money via the age-old tax refund scam. This involves sending out emails or text messages that attempt to bamboozle the taxpayers into believing that they are due a tax rebate. The missives will normally include links to websites that collect the targets’ personal information or bank account details, or spread malicious software.

    HMRC reminded people that genuine organizations such as itself or banks never make uninvited approaches via emails or texts to ask for people’s PIN, password or bank details.

    Reply
  26. Tomi Engdahl says:

    Iranian APT Poses As Israeli Cyber-Security Firm That Exposed Its Operations
    https://www.bleepingcomputer.com/news/security/iranian-apt-poses-as-israeli-cyber-security-firm-that-exposed-its-operations/

    An Iranian cyber-espionage group attempted to pose as one of the cyber-security firms that exposed its previous hacking campaigns in an effort to spear-phish people interested in reading reports about it.

    The group —also known as an advanced persistent threat (APT) in infosec jargon— is known by security experts under the codenames of Charming Kitten, Newscaster, or Newsbeef.
    Iranian APT registered lookalike domain

    “Charming Kitten built a phishing website impersonating our company,” ClearkSky said yesterday. “They copied pages from our public website and changed one of them to include a ‘sign in’ option with multiple services.”

    Reply
  27. Tomi Engdahl says:

    Tech’s ‘Dirty Secret’: The App Developers Sifting Through Your Gmail
    Software developers scan hundreds of millions of emails of users who sign up for email-based services
    https://www.wsj.com/articles/techs-dirty-secret-the-app-developers-sifting-through-your-gmail-1530544442

    Reply
  28. Tomi Engdahl says:

    Those Harder to Mitigate UPnP-Powered DDoS Attacks Are Becoming a Reality
    https://www.bleepingcomputer.com/news/security/those-harder-to-mitigate-upnp-powered-ddos-attacks-are-becoming-a-reality/

    Security researchers are continuing to see DDoS attacks that leverage the UPnP features of home routers to alter network packets and make DDoS attacks harder to detect and mitigate with classic solutions.

    The UPnP port masking technique is a new one and was first detailed last month by security researchers from Imperva.

    Imperva staff reported that some DDoS botnets had started using the UPnP protocol found on home routers to bounce DDoS traffic off the router, but alter the traffic’s source port to a random number.

    Reply
  29. Tomi Engdahl says:

    DECEIVED BY DESIGN
    How tech companies use dark patterns to discourage us from
    exercising our rights to privacy
    https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf

    Reply
  30. Tomi Engdahl says:

    Karl Bode / Techdirt:
    Uganda pressures ISPs to ban VPNs in an effort to force users to pay a social media tax meant to combat what the president calls “gossip”

    Uganda Bans VPNs To Prevent Users From Dodging Its Absurd New Social Media Tax
    https://www.techdirt.com/articles/20180702/12431840157/uganda-bans-vpns-to-prevent-users-dodging-absurd-new-social-media-tax.shtml

    Countries around the world continue to wage their not so subtle war on the use of virtual private networks (VPNs) and encryption. In Russia, the government has all but banned the use of VPNs by layering all manner of obnoxious restrictions and caveats on VPN operators. The goal, as we’ve seen in China and countless other countries, is to ban VPN use without making it explicitly clear you’re banning VPN use. The deeper goal is always the same: less privacy and online freedom for users who use such tools to dodge surveillance or other, even dumber government policies.

    Case in point: Uganda recently decided it would be a great idea to impose a new 200 Uganda shilling ($0.05) tax on the use of social networking websites. President Yoweri Museveni pushed for the changes to combat what he calls “gossip,” and now users have to pay the 200 shilling fee each day just to access websites and services like Facebook, Whatsapp, and Twitter.

    Reply
  31. Tomi Engdahl says:

    Penny Crosman / American Banker:
    CipherTrace: the amount of cryptocurrencies stolen from exchanges tripled to $761M in the first half of 2018 compared to all of 2017, may reach $1.5B this year

    Crypto money laundering up threefold in 2018: Report
    https://www.americanbanker.com/news/crypto-money-laundering-rose-3x-in-first-half-2018-report

    Three times more cryptocurrency was stolen from exchanges in the first half of 2018 than all of 2017, with a corresponding boost in money laundering related to crypto, according to a report released Tuesday by CipherTrace.

    Reply
  32. Tomi Engdahl says:

    Timothy McLaughlin / Wired:
    How Facebook became synonymous with the internet in a newly democratic Myanmar and ended up relying on civil society groups for help in policing rumors — The riots wouldn’t have happened without Facebook. — ON THE THE evening of July 2, 2014 a swelling mob of hundreds …

    How Facebook’s Rise Fueled Chaos and Confusion in Myanmar
    https://www.wired.com/story/how-facebooks-rise-fueled-chaos-and-confusion-in-myanmar/

    The social network exploded in Myanmar, allowing fake news and violence to consume a country emerging from military rule.

    Reply
  33. Tomi Engdahl says:

    Attackers Test New Document Attack Vector That Slips Past Office Defenses
    https://securityboulevard.com/2018/07/attackers-test-new-document-attack-vector-that-slips-past-office-defenses/

    The new attack vector was first documented last month by Specter Ops researcher Matt Nelson and relies on embedding special settings files into Word documents. Technically this is also done through OLE, but the settings file format identified by Nelson is not on the blacklist Microsoft added to Office 2016 to prevent OLE abuse.

    Reply
  34. Tomi Engdahl says:

    Temporal side-channels and you: Understanding TLBleed
    https://www.redhat.com/en/blog/temporal-side-channels-and-you-understanding-tlbleed?sc_cid=7016000000127ECAAY#

    Recent news reports speak of a new security vulnerability known as “TLBleed”, a novel form of timing side-channel attack exploiting the tightly-coupled nature of the shared resources found in some high-performance microprocessors that implement Symmetric MultiThreading (SMT). As reported, Intel’s implementation of SMT, commonly known as “Hyper-Threading” is exploited in order to observe the activity of a sibling hyperthread running code vulnerable to timing analysis through its activity in a common data-side Translation Lookaside Buffer (TLB) shared by peer threads.

    Reply
  35. Tomi Engdahl says:

    https://www.longplay.fi/sivuäänet/suomalainen-fitness-sovellus-paljastanut-satojen-sotilaiden-liikkeita

    Suomalaisen Polarin fitness-sovellus Flow on paljastanut käyttäjiensä arkaluontoisia sijaintitietoja. Long Playn, hollantilaisen De Correspondentin ja Bellingcatin tutkimuksissa selvisi, että datan avulla on mahdollista selvittää satojen sotilaiden ja tiedustelutyöntekijöiden kotiosoitteet.

    Reply
  36. Tomi Engdahl says:

    Fitness App Polar Exposed Locations of Spies and Military Personnel
    https://m.slashdot.org/story/343118

    A popular fitness app that tracks the activity data on millions of users has inadvertently revealed the locations of personnel working at military bases and intelligence services. The app, Polar Flow, built by its eponymous company Polar, a Finnish-based fitness tracking giant with offices in New York, allowed anyone to access a user’s fitness activities over several years — simply by modifying the browser’s web address.

    Not only was it possible to see exactly where a user had exercised, it was easy to pinpoint exactly where a user lived

    it was possible for anyone — including malicious actors or foreign intelligence services — to scrape the fitness activity data on millions of users

    Fitness app Polar exposed locations of spies and military personnel
    https://www.zdnet.com/article/fitness-app-polar-exposed-locations-of-spies-and-military-personnel/

    Location data revealed the home addresses of intelligence officers — even when their profiles were set to private.

    Reply
  37. Tomi Engdahl says:

    Foeke Postma / bellingcat:
    Analysis: fitness tracking website Polar Flow exposed info like names and home addresses of ~6500 military, FBI, NSA, and other staffers at 200+ sensitive sites — Polar, a fitness app, is revealing the homes and lives of people exercising in secretive locations, such as intelligence agencies …

    After Strava, Polar is Revealing the Homes of Soldiers and Spies
    https://www.bellingcat.com/resources/articles/2018/07/08/strava-polar-revealing-homes-soldiers-spies/

    Polar, a fitness app, is revealing the homes and lives of people exercising in secretive locations, such as intelligence agencies, military bases and airfields, nuclear weapons storage sites, and embassies around the world, a joint investigation of Bellingcat and Dutch journalism platform De Correspondent reveals.

    Reply
  38. Tomi Engdahl says:

    Paul Mozur / New York Times:
    How China’s drive for a surveillance state is fueling an investment boom in surveillance firms and can instill mass obedience regardless of the tech’s efficacy — ZHENGZHOU, China — In the Chinese city of Zhengzhou, a police officer wearing facial recognition glasses spotted a heroin smuggler at a train station.

    Inside China’s Dystopian Dreams: A.I., Shame and Lots of Cameras
    https://www.nytimes.com/2018/07/08/business/china-surveillance-technology.html

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*