By its own logic, the government victimized children thousands of times.

As part of a recent child pornography investigation disconcertingly known as Operation Pacifier, the FBI ran a website that distributed photographs and videos of sexual abuse. Last year, the Seattle Times reports, “after arresting the North Carolina administrator of The Playpen, a ‘dark web’ child-pornography internet bulletin board, agents seized the site’s server and moved it to an FBI warehouse in Virginia.”

FBI’s massive porn sting puts internet privacy in crossfire
https://www.seattletimes.com/seattle-news/crime/fbis-massive-porn-sting-puts-internet-privacy-in-crossfire/

The FBI snared scores of people after taking over a child-pornography bulletin board and conducting a sting and computer-hacking operation. But there is a growing social and legal controversy over the bureau’s tactics and the impact on internet privacy.

This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they’re buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the feasibility of more widespread hardware backdoors.

Mozilla has announced that upcoming versions of Firefox will block all cross-site tracking, slow tracking scripts, and malicious miner and fingerprinting scripts by default. These new features will be rolled out over the coming months as part of three new initiatives.

The goals of these three initiatives is to protects a user’s privacy, block malicious scripts, and to decrease page loading times when browsing the web.

According to a study by Ghostery, a huge percentage of the time it takes to load a site is caused by tracking scripts.

“Tracking slows down the web. In a study by Ghostery, 55.4% of the total time required to load an average website was spent loading third party trackers,”

Richard wrote a quick diary yesterday about an interesting information that we received from one of our readers. It’s about a huge amount of OctoPrint interfaces that are publicly facing the Internet. Octoprint[1] is a web interface for 3D printers that allows to control and monitor all features of the printer. They are thousands of Octoprint instances accessible without any authentication reported by Shoda

Here is an example of a publicly open interface connected to an online printer (status is “operational”)

So, what can go wrong with this kind of interface? It’s just another unauthenticated access to an online device. Sure but the printer owners could face very bad situations.

The interface allows downloading the 3D objects loaded in the printer. Those objects are in G-code format

We are facing here the first issue: G-code files can be downloaded and lead to potentially trade secret data leak. Indeed, many companies R&D departments are using 3D printers to develop and test some pieces of their future product.

If the authentication is completely disabled, it is possible to upload G-code files and… print them! What if an anonymous person sends a malicious G-code file to the printer and instructs to print it while nobody is around? There were bad stories of low-cost 3D printers which simply burned!

Worse, what if the attacker downloads a G-code file, alters it and re-upload it. Be changing the G-code instructions, you will instruct the device to print the object but the altered one won’t have the same physical capabilities and could be a potential danger once used. Think about 3D-printer guns[4] but also 3D-printed objects used in drones. Drone owners are big fans of self-printed hardware.

Some PC owners may need to apply motherboard firmware updates in the near future to address two attacks on TPM chips detailed earlier this month by four researchers from the National Security Research Institute of South Korea.

Both attacks target computers that come equipped with a Trusted Platform Module (TPM). TPMs are dedicated microcontrollers (chips, cryptoprocessors) and they are usually deployed on high-value computers, such as those used in enterprise or government networks, but they are also used on personal computers as well.

The role of a TPM chip is to ensure hardware authenticity. A TPM uses RSA encryption keys to authenticate the hardware components involved in a computer’s boot-up process, but also its normal functioning.

The way a TPM works and how the TPM authenticates components part of the boot-up chain is dictated by the TPM 2.0 specification released in 2013.

TPM flaws allow attackers to hide tampered boot components

Since the major technology companies have a regular cadence for the release of patches, organizations can, in theory, better allocate resources, prepare to test software updates, and deploy fixes when ready. But when Microsoft patches dozens of bugs on the second Tuesday month after month, or Oracle fixes hundreds of bugs at a time on a quarterly basis, the temptation could arise to just patch it all, or at least rely on criticality scores and bleating pundits to guide your patch management efforts.

A high CVE score or a pithy quote from an expert, however, shouldn’t be the deciding factor as to whether an enterprise deploys every patch to every affected system. The discussion should center on risk, and it should land on the likelihood a vulnerability would be exploited on your network and what impact it will have to continuity, data integrity, and the bottom line. An approach aligned with Business Risk Intelligence (BRI) lends itself to informed decisions about patch management, and the right call could save your company precious time and money, and allow your internal experts to focus on what matters most to the business.

In early 2018 our mobile intruder-detection technology was triggered by a suspicious Android sample that, as it turned out, belonged to an unknown spyware family. Further investigation showed that the malware, which we named BusyGasper, is not all that sophisticated, but demonstrates some unusual features for this type of threat. From a technical point of view, the sample is a unique spy implant with stand-out features such as device sensors listeners, including motion detectors that have been implemented with a degree of originality. It has an incredibly wide-ranging protocol – about 100 commands – and an ability to bypass the Doze battery saver.