Year 2017 will not have any turn towards better data security. The internet is rife with such well-known than the unknown threats. The company’s systems are supposed to be protected.Hackers are going to continue to look for new ways to extort and steal information from businesses and organizations, which unfortunately means those businesses and organizations will have to continue to look for new ways to protect themselves.
Critical infrastructure cames under attack in 2017. Critical infrastructures must be better protected from criminals and terrorists who take advantage of modern technologies that are essential for the functioning of society and the economy. IT security functions of industrial control systems (ICS), energy grids and IoT networks needs to be improved in 2017.
There is push for better web security in 2017. Starting New Year’s Day, Google’s Chrome will begin labeling as “insecure” all websites that transmit passwords or ask for credit card details over plain text HTTP. Beginning in January 2017 (Chrome 56), HTTP sites that transmit passwords or credit cards are marked as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
SHA-1 is insecure. Starting on Jan 1, 2017, most CAs will migrate to SHA-2 certificates, and major browser makers have already announced plans to adopt the change, including Microsoft, Google, and Mozilla. Their browsers will no longer trust sites that use SHA-1 starting with that date, and they will mark these websites as insecure. 1/3 of Websites Use SHA-1 Certificates Despite Looming Deadline. SHA-1 will still hang around, like a fart in a spacesuit, for many years to come because some people are lazy enough not to make the change.
There will be changes in how security is viewed in 2017 by businesses. We will likely see cloud adoption continue to grow across the United States, network visibility will no longer just be an option, AI and machine learning will shake old security models, and IoT-powered attacks will continue to rise. All of this will factor into how businesses set up, monitor and secure their networks.
The Commoditization of Cyberattacks Will Make Them More Frequent in 2017. More and more companies suffer from disruption to business due to cyber attacks. Cyber-attacks cause companies significant financial losses, but the studies shows that companies are not prepared for attacks. According to Gartner, by 2018 only 40 per cent of large companies have official plans in case of cyber attacks. Last year, the percentage was zero.
Strap yourself in for a bumpy ride in 2017. 2016 sucked. 2017 won’t be much better, sorry. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. DDoS attack toolkits have been around for years, as have services that will enable you to pay for an attack. Expect to see more of them. It seems that 2017 promises to be the most dramatic year yet in DDoS conflict. Whale-sized DDoS attacks will increase, the IoT will become a bigger factor in DDoS and DDoS will overshadow ransomware attacks and is used for extortion. Expect to see the Internet of Things (IoT) and other connected devices play an important part in these attacks.
Biometric identification will become more common in 2017, but it will not replace passwords. Fingerprint identification has become increasingly common in smartphones and already the technology is fast and reliable. This year biometric identification devices were sold for 4.5 billion dollars (most of them go to smart phones and laptops). 91 percent of biometric sales were fingerprint sensors, four per cent of face detection and three per cent iris detection.
Biometrics Won’t Kill Passwords any time soon. Even though PIN codes and passwords are actually pretty lousy protection case against skilled cybercriminal, the password will never disappear entirely, as two per cent of the world’s population is persons with a fingerprint not suitable for biometric identifier to work. Other biometric identification systems have also similar limitations and/or are not yet commonly available at reasonable cost. While biometrics, including fingerprint-, face-, iris-, palm- and speech-recognition, will continue to grow as a more secure substitute for passwords, they will not render passwords obsolete. Until the other common biometrics become commonplace, passwords are here to stay until circa 2030.
Fights with encryption and backdoors for them is not over in 2017. Many public figures in law enforcement have consistently argued that device encryption presents a new threat to police powers of investigation. On the other side House Judiciary Committee’s Encryption Working Group report says encryption backdoors pose a security threat, siding with tech experts in their latest report . The problem is that any system allowing police to get into those encrypted system (let it be phone, computer or communications) could also be exploited by criminals. Any action in this space should weigh any short-term benefits against the longterm impacts. Many industry experts will rightly tell you there is no such thing as partial data encryption. You either have a fully capable system or none at all.
Given the security events of 2016, coupled with the rapid advancements and adoption of cloud computing, 2017 will be the year in which many finally accept that network infrastructure and security will have to be rethought from the ground up. In 2017 the cloud will become a risk for users: The cloud becoming insecure – extortion and IoT openings.
The rivalry between the network attacks and network security is in acceleration. Crippling Internet services with denial of service attacks are becoming more common throughout the world. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. IoT-powered attacks will continue to rise and stopping the attack is not easy. For most companies the key thing is that the attack traffic is stopped before it reaches the company’s Internet connection or servers (needs to use telecom operator and external services increase). In addition to service disturbion Denial of Service Attacks are often used as distraction during the actual data burglary.DDoS may take over from ransomware as a cause for concern.
In 2017 the IT and security professionals talk about more about business risks. Historically, firewalls, DLP, antivirus, SIEM and other technical point solutions have been the centerpiece of security conversations, but the mindset is slowly shifting from technology to risk. The goal of stopping all attacks and preventing all business impact has been recognized as a fool’s errand, and has shifted to measuring risk and minimizing business impacts. Cyber security is increasingly being viewed as a risk management problem.
In 2017 ‘Security’ Must be Added to our Existing Ethical and Philosophic Concerns Over Artificial Intelligence and Algorithms. Algorithms soon run the world. They present problems that are seriously questioned on both ethical and philosophic grounds; and they have become the basis of fictional Armageddons.
Cyber insurance will be more thoughs as on solution for handling cyber risks in 2017. The global cyber insurance market is expected to generate $14 billion by 2022, according to a new report published by Allied Market Research (AMR). That figure represents an impressive compound annual growth rate (CAGR) of nearly 28% from 2016 to 2022.
In 2017 Big Brother will be watching you 24/7.Those of you who’ve read George Orwell’s book 1984 or seen the movie ,will remember how the citizens of the fictitious totalitarian state of Oceana are constantly under surveillance by order of its dictator, Big Brother. So now swap your home desktop computer, laptop or smart phone for the fictitious telescreen and not only are you sitting in front of what is a modern day version of the Big Brother telescreen you are also walking around with one in your pocket or handbag. Sound a bit far fetched to you? Well it’s set to become a reality in many countries.
Users will want better security or at least to feell more secure in 2017. Many people are prepared to to extremes for better security. According to a recent survey of over 2,000 adults conducted by Harris Poll Nearly 40% of Americans Would Give Up Sex for a Year or eating their favourite food in Exchange for Better Online Securit, meant they’d never have to worry about being hacked. When you consider that 87 percent of U.S. adults use the internet, it makes sense that cyber security is one of the biggest concerns today. The single biggest thing people can do to help keep their online identity safe is probably the easiest – a solid password – and not giving it to other people. Still nearly 50% of people have shared a password to an e-mail account or to an account like Netflix.
Security Becomes A Multi-System Issue and more people talking about the issue. Design teams will have to bake strategies in from the start, no matter how insignificant the device.The good news is that it more people talking about the issue. The real challenge is packing enough security features into designs to prevent security breaches of every sort, including those that can come from other electronics that weren’t even considered as part of the design process. Just as devices get more sophisticated, so do hackers.The reality is that security breaches can even cause physical harm. It’s time to look at this at a multi-system, multi-disciplinary level. Otherwise, we literally could be playing with fire.
Block chains have been a big trend for several years. The block chain market is divided now when 2017 starts. During the autumn 2016, we have seen a number of initiatives on cooperation between the financial sector and consulting companies. Microsoft has chosen a platform for Ethereum-block chain and offers it to the Azure cloud service. IBM has jumped Hyperledger consortium bandwagon and offering their own block chains to Bluemix service. Google and Amazon still shine by their absence. Even banks may prefer to see the use of cloud for the block chains.
Other prediction articles worth to look:
What Lies Ahead for Cybersecurity in 2017?
Network Infrastructure, Visibility and Security in 2017
DDoS in 2017: Strap yourself in for a bumpy ride
Cybersecurity Industry Outlook: 2017 to 2021 | CSO Online
IBM’s Cybersecurity Predictions for 2017 – eForensics
https://eforensicsmag.com/ibms-cybersecurity-predictions-2017/
Top 5 Cybersecurity Threats to Watch Out for in 2017
Experts Hopeful as Confidence in Risk Assessment Falls
3,151 Comments
Tomi Engdahl says:
Free EternalBlue Vulnerability Scanner Released
http://www.securityweek.com/free-eternalblue-vulnerability-scanner-released
A free tool that can scan networks to discover computers that are vulnerable to the NSA-linked EternalBlue exploit is now available.
In addition to being fully ported to Metasploit, EternalBlue was one of the seven NSA exploits to have been included in a network worm dubbed EternalRocks. What made the exploit famous, however, was its use in the global WannaCry outbreak.
Weeks before WannaCry, however, a stealth Remote Access Trojan (RAT) was using the exploit to compromise systems. The cryptocurrency miner Adylkuzz was also abusing EternalBlue before WannaCry. Additionally, the UIWIX ransomware was using the exploit around the same time as WannaCry.
Over the past week, EternalBlue came into focus once again, as it started being used in yet another worldwide outbreak by the destructive NotPetya wiper.
Microsoft president and chief legal officer Brad Smith has already warned of the risks that stockpiling exploits brings along, and a bi-partisan group of lawmakers already announced the introduction of the ‘Protecting Our Ability to Counter Hacking Act of 2017′ — the PATCH Act.
This, however, does little to protect companies from attacks leveraging EternalBlue, especially if they are unaware of the existence of vulnerable machines within their networks. Dubbed Eternal Blues, the newly released free tool is meant to provide a helpful hand by scanning their network for computers that can be compromised via this exploit.
The developer also advises admins who find vulnerable computers using his tool to apply the necessary patches as soon as possible, and also to disable SMBv1, even on patched systems, considering that the protocol was written over three decades ago.
Tomi Engdahl says:
Microsoft Tackles Ransomware with Controlled Folder Access
http://www.securityweek.com/microsoft-tackles-ransomware-controlled-folder-access
In the wake of global malicious attacks such as WannaCry and NotPetya, Microsoft this week announced a new feature meant to keep users’ data safe from ransomware and other type of malware.
Dubbed Controlled folder access, the feature was included as a new option in the Windows Defender Security Center in Windows 10 Insider Preview Build 16232 for PC, and should become available for all users in the Windows 10 Fall Creators Update release, set to arrive sometime in October-November 2017.
This week, Microsoft also announced that the Fall Creators Update will make the Enhanced Mitigation Experience Toolkit (EMET) native to Windows 10, providing users with additional protection against exploits and other types of threats.
“In [Windows 10 Insider Preview Build 16232], we’re making it easier for you to protect valuable data from malicious apps and threats, such as ransomware. To enable the feature, search for and open the Windows Defender Security Center from Start, go to the Virus & threat protection settings section, and set the switch to On,” Dona Sarkar, Software Engineer, Windows and Devices Group, notes in a blog post.
The new feature, Sarkar explains, is meant to monitor the changes applications make to files in certain protected folders and blacklists any app that attempts to make such modifications, while also notifying the user on the action taken.
Tomi Engdahl says:
UK.gov accidental data leak. Users’ details left publicly accessible on a third-party site
http://securityaffairs.co/wordpress/60544/data-breach/uk-gov-data-leak.html
UK.gov leaves data dashboard users’ details on publicly accessible on a third-party system. Users are urge to reset their password.
“A recent routine security review discovered a file containing some users’ names, emails and hashed passwords was publicly accessible on a third-party system,” reads the email from the Government Digital Service.
The incident could have a severe impact on a large portion of Britons considering that the website Data.gov.uk was visited more than 200,000 times each month in 2017.
Tomi Engdahl says:
EternalPetya and the lost Salsa20 key
https://blog.malwarebytes.com/threat-analysis/2017/06/eternalpetya-lost-salsa20-key/
We have recently been facing a huge outbreak of a new Petya-like malware armed with an infector similar to WannaCry. The research is still in progress
The low-level attack works in the same style as the first Petya, described here. As before, the beginning of the disk is overwritten by the malicious Petya kernel and bootloader. When the malicious kernel is booted, it encrypts the Master File Table with Salsa20 and in this way, makes the disk inaccessible.
In the past, after paying the ransom, the Salsa key from the victim was restored and with its help, the Petya kernel was able to decrypt the Master File Table. Now, the necessary key seems to be lost for eternity.
The victim ID is generated randomly, BEFORE the random Salsa key is even made. So, in the current version, the relationship of the Salsa key and the victim ID is none. The victim ID is just trash.
According to our current knowledge, the malware is intentionally corrupt in a way that the Salsa key was never meant to be restored. Nevertheless, it is still effective in making people pay ransom.
Tomi Engdahl says:
French Privacy Watchdog Says Windows 10 Now Handles User Data Correctly
Windows 10 now complying with all regulations, it says
http://news.softpedia.com/news/french-privacy-watchdog-says-windows-10-now-handles-user-data-correctly-516751.shtml
French privacy watchdog CNIL has issued a press release to announce that Microsoft’s Windows 10 now complies with all of the country’s privacy regulations after the changes the software company implemented in the Creators Update.
CNIL was one of the organizations that expressed concerns regarding the amount of data Microsoft collects from Windows 10 computers, and even warned that the firm could be fined if it failed to comply with a series of regulations in the country.
But in a statement today, CNIL says that Microsoft has made several changes, bringing Windows 10 in line with the requirements that it issues earlier this year.
Specifically, CNL claims that Windows 10 has reduced by half the volume of the data it collects as part of the “basic” telemetry level, pointing out that only the most necessary information is now sent to the company’s servers.
Tomi Engdahl says:
Ukrainian officials: Hacked auto-updates spread ransomware infection across country
https://www.cyberscoop.com/petya-ransomware-medoc-hacked-auto-update/
As the whole world deals with another massive ransomware outbreak, it appears the variant may have spread in different ways among the various impacted countries.
In Ukraine, the hardest hit nation in Tuesday’s outbreak, the ransomware spread across government institutions, banks and even radiation monitoring at the Chernobyl nuclear facility. The initial attack vector has been attributed to a software update from accounting company MeDoc, which sent an infected file out to customers, according to Ukrainian officials as well as security researchers at Kaspersky and Cisco.
The infection vectors for other countries remains less clear. Rosneft, the giant Russian energy firm that was infected earlier on Wednesday, was likely not using the Ukrainian tax software.
Tomi Engdahl says:
Microsoft Introduces New Windows 10 Privacy Settings to Address Spying Claims
New privacy settings in Windows 10 set up experience
http://news.softpedia.com/news/microsoft-introduces-new-windows-10-privacy-settings-to-address-spying-claims-512328.shtml
Microsoft has often been criticized for the privacy settings it implemented in Windows 10, with many users and privacy advocates accusing the firm of trying to spy on its customers with the operating system.
Starting with Windows 10 Creators Update preview build 15019, Microsoft is introducing new options in the setup experience that are specifically supposed to address these claims, as part of a broader plan that was announced by Windows boss Terry Myerson earlier this month.
Specifically, the new privacy controls are displayed in the setup screen to give users more control over their privacy from the very beginning, with Microsoft aiming at offering a similar experience to everyone with the release of the Creators Update in April.
There are also other changes in terms of privacy coming to Windows 10, including a reduced amount of data that is being collected from computers running the operating system.
And last but not least, Microsoft is trying to simplify data collection by offering just two levels instead of three. The Enhanced mode is being removed, so users need to choose between Basic and Full.
Tomi Engdahl says:
Microsoft: Fully Up-To-Date Windows Secure Against Petya Ransomware
Redmond publishes in-depth analysis of the infection
http://news.softpedia.com/news/microsoft-fully-up-to-date-windows-secure-against-petya-ransomware-516715.shtml
In an in-depth analysis of the infection, Microsoft explains that the new ransomware is a form of the already-known Petya with worm capabilities, emphasizing that up-to-date Windows systems are fully secure.
Microsoft says that the modern variant of Ransom:Win32/Petya was first spotted in the software update process of MEDoc, a tax accounting software solution developed by a Ukrainian firm called M.E.Doc. Attackers managed to deliver the ransomware through the update process, and this explains why so many computers in Ukraine were affected, including those at hospitals, airports, and even at the Chernobyl plant.
New ransomware, old techniques: Petya adds worm capabilities
https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/
Tomi Engdahl says:
Pnyetya: Yet Another Ransomware Outbreak
Hiding the small movement inside the big movement
https://medium.com/@thegrugq/pnyetya-yet-another-ransomware-outbreak-59afd1ee89d4
a massive outbreak of not-really ransomware that has caused significant damage to both Ukrainian targets and strategic global logistics companies. The worm uses three different infection vectors:
ETERNALBLUE
Harvested password hashes
psexec
The code is well written, obfuscated to protect against AV detection using at least two techniques:
Fake Microsoft signature (apparently fools some AV)
XOR encrypted shellcode payload (to bypass signature checks)
Although the worm is camouflaged to look like the infamous Petya ransomware, it has an extremely poor payment pipeline.
Tomi Engdahl says:
Vernon Silver / Bloomberg:
Profile of Chaos Computer Club, a ~5,500-strong German hacker group founded in 1981, working on election information security, promoting hacking best practices
The Hackers Russia-Proofing Germany’s Elections
https://www.bloomberg.com/news/features/2017-06-27/the-chaos-computer-club-is-fighting-to-save-democracy
The Chaos Computer Club, a multigenerational army of activists, has made the country’s democracy a lot tougher to undermine
The hack began as trash talk. Germany’s voting computers were so vulnerable to tampering that they could be reprogrammed to play chess, the hackers boasted. But then the machines’ maker dared them to try. Bound by honor and curiosity, the hackers got their hands on one of the computers and had it playing chess after about a month. “We have to admit,” they later wrote, “that it does not play chess all that well.”
This wasn’t just a prank. The hackers, several of them associated with the Hamburg collective known as the Chaos Computer Club, or CCC, also proved they could manipulate votes that the computers had recorded. As a result, Germany’s Federal Constitutional Court struck down the nation’s use of voting computers, citing CCC by name in its ruling. Oh, and this was in 2006.
From imperfect voting machines to the fake news that chokes social media, the U.S., the U.K., and France are only beginning to wrestle with the ways in which democracy can be hacked. In Germany, which is heading to the polls in September, CCC has been paying closer attention
By exposing weaknesses in German banking, government, and other computer systems, CCC has helped make them more resistant to attack and contributed to a society that’s exceptionally careful about believing what it sees online.
“The only way to save a democracy is to explain the way things work,” says Linus Neumann, a CCC spokesman and information security consultant. “Understanding things is a good immunization.”
After the Berlin Wall came down, CCC went on to expose a series of major security flaws in other electronic systems, including early cell phone encryption and biometric identification.
“The CCC has greatly contributed to having an informed discussion on cybersecurity and internet governance in Germany,”
In 2011, more than a year before Edward Snowden revealed the scope of the National Security Agency’s internet monitoring, CCC exposed German government use of Trojan malware to spy on citizens’ computers, incidentally creating a new German word: Staatstrojaner.
WikiLeaks, for example, first gained traction as an idea at CCC’s annual conference in 2008, and a CCC-linked foundation continues to help fund it. WikiLeaks has made world politics more transparent, but it has also, perhaps inadvertently, given ammo to reactionary right-wing leaders around the world, including in the U.S.
As the CCC has demonstrated, skepticism is its strongest weapon.
Tomi Engdahl says:
Politico:
Trump voter-fraud panel’s data request made to all states is a gold mine for hackers, say infosec experts; 20+ states refuse, including Mississippi and Virginia
Trump voter-fraud panel’s data request a gold mine for hackers, experts warn
http://www.politico.com/story/2017/07/01/trump-voter-fraud-panel-hackers-240168
Cybersecurity specialists are warning that President Donald Trump’s voter-fraud commission may unintentionally expose voter data to even more hacking and digital manipulation.
Their concerns stem from a letter the commission sent to every state this week, asking for full voter rolls and vowing to make the information “available to the public.” The requested information includes full names, addresses, birth dates, political party and, most notably, the last four digits of Social Security numbers. The commission is also seeking data such as voter history, felony convictions and military service records.
Digital security experts say the commission’s request would centralize and lay bare a valuable cache of information that cyber criminals could use for identity theft scams — or that foreign spies could leverage for disinformation schemes.
“It is beyond stupid,”
“The bigger the purse, the more effort folks would spend to get at it,”
Indeed, by Friday night, over 20 states — from California to Mississippi to Virginia — had indicated they would not comply with the request, with several citing privacy laws and expressing unease about aggregating voter data.
Technical experts say the voter data that the commission wants to assemble would quickly become a single treasure trove for cyber criminals and foreign intelligence services. Identity thieves could use information such as addresses, birth dates and the last four digits of Social Security numbers for digital impersonations, and foreign spies could use it to fill out dossiers on Americans they hope to blackmail.
Specifically, researchers have shown that voter rolls are “the most useful external source of data” when fraudsters hope to identify people in anonymized health or medical records, Hall said.
The White House pushed back on these fears.
“Information being requested is already publicly available according to state law from which it would be released,” noted Marc Lotter, a spokesman for Vice President Mike Pence, who is leading the panel with Kobach.
“The federal government takes cybersecurity very seriously,” he added. “No publicly identifiable information will be released to the public and the information will be managed consistent with federal security guidelines.”
Experts also criticized the commission’s two options for states to submit their data: via a White House email address and a Pentagon-run file-hosting service.
“Email is the worst; it’s like sending all your postal mail using postcards instead of letters in envelope,” Hall said. “It’s one of the harder methods of communication to secure.”
The commission’s alternative option, a file-hosting service run by a branch of the Army, isn’t currently configured to properly encrypt web traffic, which Hall said was “a massive red flag for their ability to properly secure other forms of secure file transfer.”
Tomi Engdahl says:
Andy Greenberg / Wired:
Researchers discover major vulnerabilities at multiple wind farms, requiring just a Raspberry Pi and on-site access to halt operation and return false readings
Researchers Found They Could Hack Entire Wind Farms
https://www.wired.com/story/wind-turbine-hack
Tomi Engdahl says:
Tech giants team up to fight extremism following cries that they allow terrorism
https://www.theguardian.com/technology/2017/jun/26/google-facebook-counter-terrorism-online-extremism
Facebook, YouTube, Twitter and Microsoft announced Global Internet Forum to Counter Terrorism to focus on solutions, research and partnerships
Facebook, YouTube, Twitter and Microsoft have created a joint forum to counter terrorism following years of criticisms that the technology corporations have failed to block violent extremists and propaganda on their platforms.
The Silicon Valley companies announced the Global Internet Forum to Counter Terrorism on Monday, saying the collaboration would focus on technological solutions, research and partnerships with governments and civic groups.
The tech firms have long struggled to balance their missions of supporting free speech with the need to remove and prevent the spread of terrorist content.
Counter-terrorism was never meant to be Silicon Valley’s job. Is that why it’s failing?
https://www.theguardian.com/technology/2017/jun/29/silicon-valley-counter-terrorism-facebook-twitter-youtube-google?CMP=Share_iOSApp_Other
Extremist content is spreading online and law enforcement can’t keep up. The result is a private workforce that’s secretive, inaccurate and unaccountable
Tomi Engdahl says:
Britain prepared to use air strikes or send in troops as retaliation against future cyber attack
http://www.telegraph.co.uk/news/2017/06/27/cyber-attack-could-lead-military-retaliation-says-fallon/
Britain could launch military retaliation such as air strikes against a future cyber attack, the Defence Secretary has suggested.
Sir Michael Fallon warned potential attackers that a strike on UK systems “could invite a response from any domain – air, land, sea or cyberspace”.
The Defence Secretary said the UK’s ability to carry out its own cyber attacks against Islamic State in Iraq and Levant (Isil), also known as Daesh, had saved lives during the battle for Mosul in Iraq and the capability was also being used in the fight for Raqqa in Syria.
Tomi Engdahl says:
In attempt to achieve YouTube stardom, woman accidentally kills her boyfriend
According to Pedro Ruiz’ aunt, her late nephew told her: “We want to get famous.”
https://arstechnica.com/tech-policy/2017/06/in-attempt-to-achieve-youtube-stardom-woman-accidentally-kills-her-boyfriend/
Tomi Engdahl says:
Judges refuse to order fix for court software that put people in jail by mistake
Defender: Switch to Odyssey Court Manager remains at the heart of the problem.
https://arstechnica.com/tech-policy/2017/06/appeals-court-public-defender-lacks-standing-in-dispute-over-court-software/
The dispute is over allegedly flawed court software.
The public defender, Brendon Woods, has argued since December 2016 that a recent upgrade is inadequate for Alameda County and has resulted in many mistaken jailings.
“suffer harm or prejudice in a manner that cannot be corrected on appeal.”
“They also fail to show that they lack an adequate remedy at law, as they may move for correction of erroneous records at any time,” the 1st District continued.
Tomi Engdahl says:
Top Canadian Court Permits Worldwide Internet Censorship
https://www.eff.org/deeplinks/2017/06/top-canadian-court-permits-worldwide-internet-censorship
A country has the right to prevent the world’s Internet users from accessing information, Canada’s highest court ruled on Wednesday.
In a decision that has troubling implications for free expression online, the Supreme Court of Canada upheld a company’s effort to force Google to de-list entire domains and websites from its search index, effectively making them invisible to everyone using Google’s search engine
EFF intervened in the case, explaining [.pdf] that such an injunction ran directly contrary to both the U.S. Constitution and statutory speech protections. Issuing an order that would cut off access to information for U.S. users would set a dangerous precedent for online speech. In essence, it would expand the power of any court in the world to edit the entire Internet, whether or not the targeted material or site is lawful in another country.
The Supreme Court of Canada ignored those concerns. It ruled that because Google was subject to the jurisdiction of Canadian courts by virtue of its operations in Canada, courts in Canada had the authority to order Google to delete search results worldwide. The court further held that there was no inconvenience to Google in removing search results, and Google had not shown the injunction would offend any rights abroad.
Perhaps even worse, the court ruled that before Google can modify the order, it has to prove that the injunction violates the laws of another nation thus shifting the burdent of proof from the plaintiff to a non-party.
Tomi Engdahl says:
ReportsnReports.com predicts the IoT security market will increase from $6.62 billion this year to $29.02 billion by 2022, for a CAGR of 34.4% over five years.
Source: https://semiengineering.com/week-review-iot-4/
More:
Internet of Things (IoT) Security Market by Type (Network, Endpoint, Application and Cloud Security), Solution (Identity Access Management, Device Authentication and Management, Security Analytics, and IDS/IPS), Service, Application Area, and Region – Global Forecast to 2022
http://www.reportsnreports.com/reports/409771-internet-of-things-iot-security-market-by-technologies-network-cloud-and-application-security-identity-access-management-analytics-utm-ids-ips-device-management-encryption-industry-verticals-and-applications-global-forecast-to-2020.html
The Internet of Things (IoT) security market is expected to grow at a Compound Annual Growth Rate (CAGR) of 34.4% from 2017 to 2022, owing to the increasing need for security over IoT networks
The IoT security market size is expected to grow from USD 6.62 billion in 2017 to USD 29.02 billion by 2022, at a CAGR of 34.4% from 2017 to 2022.The growing instances of ransom are attacks on IoT networks, mandates the critical need for reliable IoT security solutions. IoT security is gaining importance due to increasing IoT deployments and thereby growing vulnerability of the network and devices to various cyber-attacks such as ransom are attacks. Today IoT has managed to be an integral part of day to day life and hence security aspect associated with it is important. Organizations with IoT deployments are implementing optimum security mechanisms to ensure confidentiality of the data. Today IoT security is important not only for data security of enterprises but also for crucial entities such as human lives and national intelligence.
Integration services among the professional services segment is expected to gain maximum traction during the forecast period
Installation and integration services play major role in ensuring security of the IoT network which comprises of numerous IoT devices, sensors and actuators by implementing security measures to system. Integration service providers help commercial clients implement a secure network across the deployed IoT system by integrating and ensuring that IoT security solutions are in line with the business processes.
Network security is estimated to have the largest market size in IoT security market during the forecast period
North America is estimated to have the largest market size and Asia Pacific (APAC)is projected to grow at the highest rate during the forecast period
The North American region have witnessed the significant adoption of IoT security services mainly in US and Canada. Enterprises have shown significant interest in deploying IoT technologies in their processes, which helps drive the growth of IoT security market in the region. In 2015, US government invested USD 160 million in smart city initiatives to leverage on big data and analytics to reduce traffic congestion, fight crime, spur economic growth, manage climate change and improve delivery of local services. Also, in 2016,the Department of Homeland Security (DHS) issued a set of principles for securing IoT networks which highlight approaches of IoT security to make responsible and risk-based security decisions. The US government is helping private sector to implement IoT in various businesses, this is evident by the fact that the government of US and ITIF has started working to provide assistance for IoT related issues.
The APAC region is expected to showcase significant growth and is expected to be the fastest-growing region in IoT security market.
Tomi Engdahl says:
Spies do spying, part 97: The CIA has a tool to track targets via Wi-Fi
http://www.theregister.co.uk/2017/06/29/last_wikileaks_dump_had_wifi_tracking_tool/
The latest cache of classified intelligence documents dumped online by WikiLeaks includes files describing malware CIA apparently uses to track PCs via Wi‑Fi.
The Julian Assange-led website claims the spyware, codenamed ELSA, infects a target’s Windows computer and then harvests wireless network details to pinpoint the location of the machine.
Tomi Engdahl says:
Russian Antivirus CEO: Here, Take My Source Code
Eugene Kaspersky willing to do what it takes to prove his firm has no dark ties to Kremlin
http://m.newser.com/story/245123/russian-antivirus-ceo-here-take-my-source-code.html?lipi=urn%3ali%3apage%3ad_flagship3_feed%3blyfrxjdzrqwlechy3niu%2ba%3d%3d
The chief executive of Russia’s Kaspersky Lab says he’ll turn over his source code to US government officials to dispel lingering suspicions about his company’s ties to the Kremlin. Eugene Kaspersky tells the AP that he’s ready to move part of his research work to the US. “Anything I can do to prove that we don’t behave maliciously I will do it,” he said
Tomi Engdahl says:
Jonathan Stempel / Reuters:
US privacy suit alleging Facebook tracked logged out users is dismissed; judge ruled users failed to show economic harm or a reasonable expectation of privacy
Facebook beats privacy lawsuit in U.S. over user tracking
http://www.reuters.com/article/us-facebook-decision-idUSKBN19O1Q4
A U.S. judge has dismissed nationwide litigation accusing Facebook Inc (FB.O) of tracking users’ internet activity even after they logged out of the social media website.
In a decision late on Friday, U.S. District Judge Edward Davila in San Jose, California said the plaintiffs failed to show they had a reasonable expectation of privacy, or that they suffered any “realistic” economic harm or loss.
Tomi Engdahl says:
Zoe Tillman / BuzzFeed:
Facebook is challenging a gag order from a DC court, which prevented it from notifying users about search warrants for their accounts
Facebook Is Fighting A Gag Order Over Search Warrants For User Account Information
https://www.buzzfeed.com/zoetillman/facebook-is-fighting-a-gag-order-over-search-warrants-for?utm_term=.cdRM7NZAdB#.ya9nmyaz4D
Tech companies and civil liberties groups are backing up Facebook in its challenge to a court order that bars it from notifying users about warrants for their information
Tomi Engdahl says:
Sam Shead / Business Insider:
UK’s data protection watchdog rules that Google DeepMind’s first deal with the NHS failed to comply with data protection law
Google DeepMind’s first deal with the NHS was illegal, UK data regulator rules
http://nordic.businessinsider.com/ico-deepmind-first-nhs-deal-illegal-2017-6?op=1&r=US&IR=T
The UK’s data protection watchdog has ruled that a deal between DeepMind and an NHS trust “failed to comply with data protection law.”
Tomi Engdahl says:
Linux Systemd Gives Root Privileges to Invalid Usernames
http://www.securityweek.com/linux-systemd-gives-root-privileges-invalid-usernames
A bug in Linux’s systemd init system causes root permissions to be given to services associated with invalid usernames, and while this could pose a security risk, exploitation is not an easy task.
A developer who uses the online moniker “mapleray” last week discovered a problem related to systemd unit files, the configuration files used to describe resources and their behavior. Mapleray noticed that a systemd unit file containing an invalid username – one that starts with a digit (e.g. “0day”) – will initiate the targeted process with root privileges instead of regular user privileges.
Systemd is designed not to allow usernames that start with a numeric character, but Red Hat, CentOS and other Linux distributions do allow such usernames.
While this sounds like it could be leveraged to obtain root privileges on any Linux installation using systemd, exploiting the bug in an attack is not an easy task. Geniar pointed out that the attacker needs root privileges in the first place to edit the systemd unit file and use it.
Systemd developers have classified this issue as “not-a-bug” and they apparently don’t plan on fixing it. Linux users are divided on the matter – some believe this is a vulnerability that could pose a serious security risk, while others agree that a fix is not necessary.
“It’s an obvious bug (at least on RHEL/CentOS 7), since a valid username does not get accepted by systemd so it triggers unexpected behaviour by launching services as root.
Tomi Engdahl says:
Chris Coulson, an engineer with Canonical, the developer of the Ubuntu Linux distribution, revealed last week that systemd is affected by an out-of-bounds write vulnerability (CVE-2017-9445) that can be triggered using a specially crafted TCP payload to crash the systemd-resolved daemon or execute arbitrary code in the context of the daemon process.
Source: http://www.securityweek.com/linux-systemd-gives-root-privileges-invalid-usernames
More:
CVE-2017-9445: Out-of-bounds write in systemd-resolved with crafted TCP payload
http://openwall.com/lists/oss-security/2017/06/27/8
I recently discovered an out-of-bounds write in systemd-resolved in
Ubuntu, which is possible to trigger with a specially crafted TCP payload.
Certain sizes passed to dns_packet_new can cause it to allocate a buffer
that’s too small.
Tomi Engdahl says:
Microsoft now reminds users to install latest Windows 10 version and review privacy settings
https://www.neowin.net/news/microsoft-now-reminds-users-to-install-latest-windows-10-version-and-review-privacy-settings
Privacy in Windows 10 has been a controversial subject ever since the advent of the operating system. The telemetry data that Microsoft collects from the OS has been viewed as the company “spying” on its customers by many regulators. In fact, France’s data protection commissioner criticized Microsoft for collecting excessive information last year, and only recently withdrew its complaint after the company made changes to its data collection practices.
Tomi Engdahl says:
Synthetic fingerprints make plastic particles tiny security keys
https://www.newscientist.com/article/2139349-synthetic-fingerprints-make-plastic-particles-tiny-security-keys/
Microscopic wrinkles squeezed onto the surface of tiny plastic particles could be used to create security keys that are impossible to duplicate.
The randomly-generated wrinkles are a lot like our own fingerprints, says Derek Breid at Saint Vincent College in Pennsylvania. Since each set is completely unique, the particles could be used to verify a person’s identity instead of them using a security card, or their own fingerprint. The particles could also be fixed to a priceless piece of art so people can be sure it’s the real deal.
Microscopic wrinkles squeezed onto the surface of tiny plastic particles could be used to create security keys that are impossible to duplicate.
The randomly-generated wrinkles are a lot like our own fingerprints, says Derek Breid at Saint Vincent College in Pennsylvania. Since each set is completely unique, the particles could be used to verify a person’s identity instead of them using a security card, or their own fingerprint. The particles could also be fixed to a priceless piece of art so people can be sure it’s the real deal.
Security keys made this way would be nearly impossible to clone, says Wook Park at Kyung Hee University in South Korea who developed the technique along with his colleagues.
Their method involves coating plastic particles with a thin sheet of silica, then soaking them in ethanol and leaving them to dry. As the particles dry, wrinkles form in the silica layer, creating a fingerprint-like structure.
Tiny irregularities in temperature, or the presence of dust or other particles influence the patterns to make them unique. “It’s a very chaotic process,” says Breid, which would make it almost impossible for anyone to accurately recreate a wrinkle pattern.
Creating them this way is much easier and cheaper than using a laser to etch in a specific maze of wrinkles. “It’s really useful not having expensive fabrication techniques,” he says.
Although the generation of the patterns is largely random, Park and his team developed a way of controlling where some of the wrinkles form. After they hardened parts of the plastic particles by exposing them to light, each hardened dot formed a “decision point” where the wrinkles either finish, bend or split.
Tomi Engdahl says:
Apple Tests 3-D Face Scanning To Unlock Next iPhone: Bloomberg
https://apple.slashdot.org/story/17/07/03/2016234/apple-tests-3-d-face-scanning-to-unlock-next-iphone-bloomberg
Five years ago, Apple made fingerprint scanners on smartphones popular. Now the company may have found a better technology to replace it. According to Mark Gurman of Bloomberg, the Cupertino-based company is exploring 3D facial detection as a replacement for Touch ID fingerprint authentication.
Apple Tests 3-D Face Scanning to Unlock Next iPhone
https://www.bloomberg.com/news/articles/2017-07-03/apple-said-to-test-3-d-face-scanning-to-unlock-next-iphone
Apple Inc. is working on a feature that will let you unlock your iPhone using your face instead of a fingerprint.
For its redesigned iPhone, set to go on sale later this year, Apple is testing an improved security system that allows users to log in, authenticate payments, and launch secure apps by scanning their face, according to people familiar with the product. This is powered by a new 3-D sensor, added the people, who asked not to be identified discussing technology that’s still in development. The company is also testing eye scanning to augment the system, one of the people said.
Tomi Engdahl says:
Medicare data leaks, but who was breached?
We care about your privacy…
https://www.theregister.co.uk/2017/07/04/medicare_data_leaks_but_who_was_breached/
Medicare numbers in Australia became a lot less useful as a proof-of-identity, with the Australian Federal Police investigating how an unknown number of records ended up for sale on a Tor site.
The report first surfaced via The Guardian’s Australian site, with journalist Paul Farrell reporting he purchased his own record for around AU$30 on the dark site, by providing his name and date of birth to a vendor.
The vendor claims to have found a vulnerability in the system, but it’s not known how many records “the Medicare machine” has accessed.
Medicare records aren’t held only on commonwealth computers: they’re all over the place, including general practitioner systems, state-operated and private hospitals, and much, much more – making any breach difficult to trace and verify.
The vendor, who The Graun reckons has sold 75 records since October 2016, claims to have real-time access to any Australian’s Medicare number.
Prominent computer scientist and cryptography specialist Dr Vanessa Teague of the University of Melbourne noted that such breaches emphasise the importance of providing better protection for citizens.
The Australian Federal Police has acknowledged that the breach is under investigation.
Tomi Engdahl says:
GnuPG crypto library cracked, look for patches
Boffins bust libgcrypt via side-channel
https://www.theregister.co.uk/2017/07/04/gnupg_crypto_library_cracked_look_for_patches/
Linux users need to check out their distributions to see if a nasty bug in libgcrypt20 has been patched.
The patch, which has landed in Debian and Ubuntu, is to address a side-channel attack published last week.
The researchers published their work at the International Association for Cryptologic Research’s e-print archive last week.
What they found is that the libgcrypt library used what’s called “sliding windows”, a method for carrying out the mathematics of cryptography – but one that’s known to leak data.
What they found was an unpleasant surprise: a complete break of the library’s RSA-1024: “We show for the first time that the direction of the encoding matters: the pattern of squarings and multiplications in left-to-right sliding windows leaks significantly more information about the exponent than right-to-left”.
https://eprint.iacr.org/2017/627
Tomi Engdahl says:
50th anniversary of the ATM opens debate about mobile payments
What’s the future of cash?
https://www.theregister.co.uk/2017/06/27/atm_at_50/
Today marks the 50th anniversary of the Automated Teller Machine (ATM), the first of which was installed outside Barclays Bank, Enfield Town in north London.
Actor Reg Varney from ’70s sitcom On the Buses was the first to use the cash machine. Fast forward half a century and cash machines have become a familiar high street sight with 70,000 in the UK alone and three million worldwide.
Originally designed as a way to get cash quickly, ATMs have evolved to become financial services service points with ability to pay bills, deposit checks, buy football tickets, print review investments and more.
The move towards a “cashless society” and mobile payments raises questions about whether ATMs will stand the test of time or decline, like coin-operated pay phones before them.
Research by global payment outfit PPRO Group suggests many Brits believe that within the next 10 years the country will be entirely cashless due the influx of alternative payment methods.
Despite this rise in mobile and contactless payments, 42 per cent of UK consumers still use ATMs just as much as they always have, according to a separate poll commissioned by ACI Worldwide. Around one in three (29 per cent) of UK respondents would like to see ATMs offer better and more secure means of authentication.
Cash machine security has always been a concern, with card skimming and more recently malware on compromised devices posing an increasing risk to ATM users. Some see incorporating biometrics into cash machines as a way of making transactions more secure.
“Of course, a big concern for ATMs is balancing convenience and security,”
Tomi Engdahl says:
WordPress Plugin Used by 300,000+ Sites Found Vulnerable to SQL Injection Attack
http://thehackernews.com/2017/06/wordpress-hacking-sql-injection.html?m=1
The flaw has been discovered in the highly popular WP Statistics plugin, which allows site administrators to get detailed information related to the number of users online on their sites, the number of visits and visitors, and page statistics.
Tomi Engdahl says:
EU anti-terror chief warns of ‘virtual caliphate’
Europol team has reported 30,000 illegal sites, according to Gilles de Kerchove.
http://www.politico.eu/article/eu-anti-terror-chief-warns-of-virtual-caliphate/
Tomi Engdahl says:
Connectivity’s value is almost erased by the costs it can impose
The internet made information flow on the cheap, but making it anti-fragile will cost plenty
https://www.theregister.co.uk/2017/06/13/mark_pesce_column/
The great advantage of a browser-based programming environment is that nothing gets lost – it’s all saved to the cloud as you type it in. But what happens when the link dies, or the cloud chokes?
Thankfully, my code reappeared within a few minutes. But my faith was shaken, and I’ve since taken to saving my Glitch programs into a text file on my local machine – once burned, twice shy.
Which got me thinking about the increasingly fragile nature of our connected culture.
Twenty-five years ago almost nothing was connected to the Internet. Today, many things are – at least some of the time – and it’s only when connected that they realise their full capacity. A smartphone shorn of network access cannot be an object of fascination. The network activates, piping intelligence into our toys, making them irresistible.
That intelligence comes with some costs; the most obvious is our increasing dependency on that connection. People get lost on hikes as they fall out of mobile range and lose the mapping apps that keep them oriented. We’ve come to expect intelligence with us all the time. Losing connectivity is coming to feel like losing a bit of our mind.
Another cost – and the bigger worry – is that this connected intelligence isn’t entirely benevolent. Every connection is a way into a device that may have something of value – credit card numbers, or passwords, or Bitcoins. The same intelligence that activates can also try to harvest that information, or even poison those devices, turning them against their owners.
We’ve reached a very delicate point, where the value of connected intelligence is almost entirely countered by the costs it can impose. If things become just a little more hostile out there (with four billion people using the Internet, that’s pretty much assured) the scales could tip in favour of disconnection, isolation, and a descent into a kind of stupidity we haven’t seen in many years.
There’s no easy answers for any of this. It’s unreasonable to expect that businesses will turn the clock back on the productivity gains made from connectivity, but it’s equally unreasonable to assume any of those businesses are prepared for an onslaught of connected hostility.
In this sort of high-pressure environment, where the wrong decision quickly becomes a fatal one, we have no choice but to evolve our responses, rapidly. It feels as though we got the benefits of connected intelligence for free; it’s only just now that we can see that bill is being presented – and it’s a whopper.
Tomi Engdahl says:
Facebook’s left hand is fighting for Americans’ right to privacy
The right hand? Go on, guess
https://www.theregister.co.uk/2017/07/05/facebooks_left_hand_is_fighting_for_americans_right_to_privacy/
Facebook’s lawyers are racking up the billable hours in the USA, with the company winning a lawsuit about tracking and privacy, but still doing battle against the American government over protecting users from government warrants.
In a privacy and wiretapping lawsuit, Northern California District Judge Edward Davila decided that although Facebook does indulge in tracking people on non-Facebook sites, the plaintiffs’ case failed.
The world at large has known about Facebook’s tracking habits ever since Nic Cubrilovic started watching how the company uses cookies.
Judge Davila agreed that wen other sites host the “Like” button, it gives Facebook a chance to plant a tracking cookie. However, he found the plaintiffs failed to prove that they’d suffered any “realistic” harm or loss, and furthermore, they didn’t prove they had a reasonable expectation of privacy while browsing the Internet.
Tomi Engdahl says:
Wall Street stock market view of “small” error – Amazon and Google crumbled 90%, mobile game company Zynga rose 3300%
Numerous technology shares listed on Nasdaq ended up on Wall Street’s secondary market on Monday at the same quotation, to $ 123.47.
According to Nasdaq, this was a technical error due to the “third party” test data coming to the right marketplace.
The problem concerned the data provided by Nasdaq and was thus reflected in, for example, Reuters and Bloomberg systems. There was no equivalent in the competitive NYSE trading data, the Financial Times says.
Incorrect quotes were still visible on Tuesday morning, for example, in Google Finance.
According to Nasdaq, the failure did not affect the fair trade. According to FT, extraordinary course reactions caused confusion in the Asian market.
Source: http://www.tivi.fi/Kaikki_uutiset/wall-streetin-porssinakymassa-pieni-virhe-amazon-ja-google-romahtivat-90-mobiilipeliyhtio-zynga-nousi-3300-6661627
More:
Financial Times (paywalled)
https://www.ft.com/content/fbb44c3e-6053-11e7-91a7-502f7ee26895
Tomi Engdahl says:
Germany sitting on cybersecurity time bomb, warns report
Reuters | Jul 4, 2017, 04.47PM IST
http://www.gadgetsnow.com/tech-news/germany-sitting-on-cybersecurity-time-bomb-warns-report/articleshow/59440845.cms
BERLIN: Germany is a big target of spying and cyber attacks by foreign governments such as Turkey, Russia and China, a government report said on Tuesday, warning of “ticking time bombs” that could sabotage critical infrastructure.
Industrial espionage costs German industry billions of euros each year, with small- and medium-sized businesses often the biggest losers, the BfV domestic intelligence agency said in its 339-page annual report.
The report mapped out a range of security threats, including Islamist militancy and increased far-right violence, but highlighted the growing incidence of cyber espionage.
It cited a “noticeable increase” in spying by Turkey’s MIT foreign intelligence agency in Germany in 2016, following the failed July 15 coup in Turkey, and said Russia was seeking to influence a parliamentary election on Sept. 24.
“The consequences for our country range from weakened negotiating positions to high material costs and economic damage all the way to impairment of national sovereignty,” it said.
Interior Minister Thomas de Maiziere said the government was working closely with industry to better protect German firms, with the most affected sectors being the weapons, space and aerospace and car industries, as well as research institutes.
Cyber attacks could not only lead to losses of information, but also, through delayed-action malware, trigger “silent, ticking digital time bombs” that could manipulate data and sabotage equipment, especially critical infrastructure, the report said.
Russia, China and Iran were the main countries spying on Germany, albeit for different reasons, it said.
Russia was also using so-called Internet trolls to influence public opinion and push pro-Russian views, the report said, citing a sharp increase in propaganda and disinformation campaigns using social and Russian-backed media.
Tomi Engdahl says:
Drone causes Gatwick Airport disruption
http://www.bbc.com/news/uk-40476264
A drone flying close to Gatwick Airport led to the closure of the runway and forced five flights to be diverted.
An airport spokesman said the runway had been closed for two periods on Sunday – of nine and five minutes – after the drone was sighted.
Easyjet said four of its flights were diverted, while British Airways said one aircraft was diverted to Bournemouth.
Other flights were put into holding patterns as a precaution.
Sussex Police is investigating.
Tomi Engdahl says:
Figures about online scams – 160,000 Finnish victims, more than a third of the people concerned
Nearly 160,000 Finns have been subjected to identity theft, MySafety tells the security and insurance company in their new research.
The most common forms of identity theft are, according to MySafeto, misuse of personal information, for example for online shopping, a loan, ie short-term take-off or other purchases. 37 percent of Finns are concerned about e-commerce fraud.
“In financial burglary, financial damage can be high and the police will not investigate for example less than EUR 10 000. Such cases have become more common in recent years, and half of people experiencing financial damage have to pay the damage entirely or partly theft,” the company said in a press release.
“By means of personal information, the thief can buy goods in the name of a victim, for example, online and order them in a different mail address or box.”
MySafety also provides nine tips on how best to protect personal fraud. We summarized the tips.
1. Keep your wallet in a safe place especially in places with a lot of people.
2. Keep your personal and payment information at different locations.
3. Keep your inbox locked.
4. Set your credit information protection. This will give you a real-time notification if your credit information is requested.
5. If you get strange bills or loan applications, alarm clocks should ring.
6. If big breaks are reported, it’s worth checking your own accounts and changing passwords.
7. Be careful about social media where your friends can be asked for money in your name, for example through copy profiles.
8. For holidays, only the cards you need are included. Passy should be kept in the safe box during the trip.
9. If the personal papers disappear, you should inform the police. Lost credit cards have to be canceled.
Source: http://www.tivi.fi/Kaikki_uutiset/tylyja-lukuja-verkkohuijauksista-160-000-suomalaista-uhria-yli-kolmannes-kansasta-huolissaan-6661622
Tomi Engdahl says:
Are we going to urvive Petya?
When we were struck by the Petty Weapon Program in Ukraine’s infrastructure as a reinforced boot, we stopped at FBIH’s Kybert Security Center again to wonder how our own society would endure a similar attack.
Finnish society is designed to withstand various deficiencies and exceptional situations. We have grain, fuel, raw materials and components in the security of supply in order to safeguard the vital functions of society, but our typical times are that the availability of raw materials is no longer our only problem.
We’ve added more and more new IT loops to our system chains, the disruption of which will lead to the entire chain being broken. It is very difficult for efficient IT and telecommunications connections to securely store underground in steel barrels.
Information systems are esoteric, difficult to approach, sensitive and very effective. They provide productivity gains that can not be compared with history. Networked, their efficiency exponentially increases, and the perception of the limits of this growth has not yet been reached. We have been harnessing this efficiency to promote society’s normal functioning, but are we adequately prepared for our information systems to no longer respond to our invitations but to present a boom demand for snow? Is it possible for us to return before computers, mobile phones, or even the internet?
There is no manual access to a magnetic imaging device, a paper machine, or a police information system.
It is easy to perceive the cyberworld challenges mainly as nerd problems, but in reality, we are all dependent on the computer networks that are invisible to us to do their job carefully, correctly and on time.
Source: https://www.viestintavirasto.fi/viestintavirasto/blogit/2017/kestaisimmekomepetyan.html
Tomi Engdahl says:
For all the chaos it sows, fewer than 1% of threats are actually ransomware
It does a pretty good job of ruining everything
https://www.theregister.co.uk/2017/07/04/avtest_malware_sitrep/
Ransomware dominated the threat landscape last year even though file-encrypting nasties made up less than one in a hundred examples of different Windows malware during 2016.
The mode of action and damage created by file-encrypting trojans makes them a much greater threat than implied by a consideration of the numbers, according to a study by security testing outfit AV-Test.
Security firms were faced with 14 per cent fewer malware samples than in 2015 but the decrease from huge figures hardly made much of a difference in practice. The overall number of malware exceeds 640 million, according to AV-Test. In this, Windows remains the most widely attacked operating system. In 2016, seven out of ten newly programmed malware programs targeted Windows.
Tomi Engdahl says:
Smart burglars will ride the surf of inter-connected hackability
Let’s invent a dustbin that throws itself away
https://www.theregister.co.uk/2017/06/23/smart_burglars_will_ride_the_surf_of_interconnected_hackability/
Of course, if the burglar (or the cat) notices the device when breaking in, he could always unplug it from the mains and take it home with the rest of the swag, SD card and all.
God forbid that the burglar thinks of wearing a mask to disguise his identity. What next? Gloves?
But all of this is academic. A nifty burglar will hack into your home security device through a chain of infection, starting from a humble e-cig. Malicious code will then flow though your connected junk of unnecessary gadgetry, via your smart lampshades, robotically enhanced cutlery and intelligent toilet seats, and simply put your security camera in sleep mode.
On the way, it will change the timer on your boiler, unlock your autonomous vehicle and reprogram the skills in Alexa. You’ll come home to find the only warm place in the house is the fridge, your car has driven itself to Devon for the weekend and Amazon has delivered 4,000 bananas.
So beware: it’s through the small things that we’ll get targeted. Hang on, I’ve just thought of a really good use for Baryl.
Tomi Engdahl says:
Small Stock Market Glitch Causes Utter Chaos Among US Tech Giants
http://www.iflscience.com/technology/small-stock-market-glitch-causes-chaos-among-us-tech-giants/
As the world becomes increasingly digitized, things become more efficient and integrated, but they also become more vulnerable to hacking, corruption, and glitches. Even the slightest of hiccups can set off a chain of events that cause an upset, as the global stock market discovered on Tuesday this week.
As reported by the Financial Times, a coding error of some kind forced the shares of giant US technology companies – including Apple, Amazon, Microsoft, and Google-owning Alphabet – to the same price of $123.47.
Tomi Engdahl says:
Reuters:
New regulations in China require at least two “auditors” to vet all audiovisual content posted online to ensure it adheres to “core socialist values”
China’s bloggers, filmmakers feel chill of internet crackdown
http://www.reuters.com/article/us-china-internet-content-idUSKBN19O21X
China’s latest maneuvre in a sweeping crackdown on internet content has sent a chill through a diverse community of filmmakers, bloggers, media and educators who fear their sites could be shut down as Beijing tightens control.
Over the last month, Chinese regulators have closed celebrity gossip websites, restricted what video people can post and suspended online streaming, all on grounds of inappropriate content.
On Friday, an industry association circulated new regulations that at least two “auditors” will, with immediate effect, be required to check all audiovisual content posted online – from films to “micro” movies, documentaries, sports, educational material and animation – to ensure they adhere to “core socialist values”.
People flocked online at the weekend to criticize the move, with most saying it was a step backwards that would hamper creativity. Some noted it could be near impossible to enforce.
While censorship of creative content in China is nothing new, the internet has generally been a more permissive arena because of the gray areas around regulation.
The atmosphere has become more tense since Xi called for stricter regulation last year.
In June, China’s cyberspace authorities ordered internet firms like Baidu Inc (BIDU.O) and Tencent Holding Ltd (0700.HK) to close 60 popular celebrity gossip social media accounts, including “China’s Number One Paparazzi” Zhuo Wei, an account that had more than 7 million followers.
Tomi Engdahl says:
Reuters:
Ukraine scrambles to mitigate backdoor found in M.E. Doc software used by 80% of Ukrainian firms, says all devices on networks that had M.E. Doc are vulnerable
Ukraine scrambles to contain new cyber threat after ‘NotPetya’ attack
http://www.reuters.com/article/us-cyber-attack-ukraine-backdoor-idUSKBN19Q14P
The Ukrainian software firm used to launch last week’s global cyber attack warned on Wednesday that all computers sharing a network with its infected accounting software had been compromised by hackers.
The attack used a virus, dubbed “NotPetya” by some experts, to take down thousands of computers in dozens of countries, disrupting shipping and businesses. Investigators now say the hack may be far more nefarious than previously thought.
Tomi Engdahl says:
Luke Parker / Brave New Coin:
South Korea’s largest cryptocurrency exchange, Bithumb, was hacked; info of some users accessed and later used in phishing attacks to steal funds from accounts
Fourth largest Bitcoin exchange. Bithumb, hacked for billions of Won
https://bravenewcoin.com/news/fourth-largest-bitcoin-exchange-bithumb-hacked-for-billions-of-won
The largest bitcoin and ether exchange in South Korea by volume, Bithumb, was recently hacked. Monetary losses from compromised accounts have started to surface, and are quickly reaching into the billions of won.
With a reported 75.7% share of the South Korean bitcoin market volume, Bithumb is one of the five largest bitcoin exchanges in the world and hosts over 13,000 bitcoins worth of trading volume daily, or roughly 10 percent of the global bitcoin trade.
The exchange also hosts the world’s largest ether market. While trade in the South Korean won currently makes up the fourth largest currency market for bitcoin, trailing the US dollar, Chinese yuan and Japanese yen, the won market is Ethereum’s largest. Bithumb accounts for around 44 percent of South Korean ether trading.
A cyber attack late last week resulted in the loss of billions of won from customers accounts.
Hackers succeeded in grabbing the personal information of 31,800 Bithumb website users, including their names, mobile phone numbers and email addresses. The exchange claims that this number represents approximately three percent of customers.
The breach was discovered by Bithumb on June 29 and reported to the authorities on June 30.
More than 100 Bithumb customers have since filed a complaint with the National Police Agency’s cybercrime report center.
While admitting to being hacked on their website, Bithumb maintained that there was no direct access to funds stored on the exchange. Nonetheless, many customers are reporting their digital currency wallets being emptied. The exchange further claims that the breach was made to a personal computer belonging to an employee, and not the exchange’s internal network, servers nor digital currency wallets.
While victim accounts of exactly how their funds were stolen have widely differed, attackers appear to have stolen enough credentials to begin a process of “voice phishing,” where the scammers call up victims one at a time and pose as representatives of Bithumb.
Tomi Engdahl says:
The Darker Side Of Machine Learning
https://semiengineering.com/darker-side-machine-learning/
Machine learning needs techniques to prevent adversarial use, along with better data protection and management.
Machine learning can be used for many purposes, but not all of them are good—or intentional.
While much of the work underway is focused on the development of machine learning algorithms, how to train these systems and how to make them run faster and do more, there is a darker side to this technology. Some of that involves groups looking at what else machine learning can be used for. Some of it is simply accidental. But at this point, none of it is regulated.
“Algorithms people write algorithms,” said Andrew Kahng, professor at the University of California at San Diego. “In general, algorithms used inside chip design have been deterministic and not statistical. Humans can understand how they work. But what folks expect in this world of deep learning is gleaned from fitting a neural network model on a classic Von Neumann machine, doing tenfold cross-validation, and that’s it. You get statistically likely good results. But that’s not something that IC designers and concepts of signoff and handoff — or, even, the concept of an ASSP/SOC product — know how to live with.”
But what happens when the data is bad or the data is corrupted on purpose? This might come down to the DNA of the engineer and the product sector, according to Kahng.
That data can be corrupted inadvertently, as well. Bias is a well-known problem in training systems, but one that is difficult to prevent.
Tomi Engdahl says:
Beyond WannaCry and NotPetya / Petya: What’s next for enterprises?
https://www.synopsys.com/blogs/software-security/beyond-notpetya-petya/
This week’s malware outbreak that removed computer data capabilities from large enterprises worldwide is now thought to have been designed to damage, not to earn profit. Therefore, it only masquerades as traditional ransomware. First seen on Tuesday, NotPetya/Petya is like last month’s WannaCry in that it displayed a ransom request of $300 in BitCoin on compromised machines. However, this time the attacks were not widespread nor intended for individual machines. They were targeted at faulty enterprise networks and the data was generally not recoverable.
According to Reuters, the main purpose of the attack appears to be the installation of new malware on computers at government and commercial organizations, primarily in the Ukraine. These organizations have offices worldwide; thus, a total of 65 countries were affected. The WannaCry and NotPetya/Petya attacks aren’t so much ransomware as they are early warnings of how future malware will take advantage of existing cracks in the enterprise network.
Intentional sloppiness
As with WannaCry, the ransom aspect, BitCoin collection and distribution of keys, for NotPetya/Petya appears to be layered on as an afterthought. This time the email address for contact and data recovery was disabled by the provider shortly after the attack began. And on the BitCoin side, the account appears to have been set up with no way to correlate who paid and who didn’t. This is also true of WannaCry.
NotPetya/Petya contains a variety of features, not all enabled. For example, there appears to be a data wiper in the code. A wiper destroys the data and hardware of a computer. Shamoon, which targeted the oil and gas industry in 2012, is a classic example of such malware.
NotPetya/Petya
There is a ransomware package called Petya, and NotPetya/Petya contains much of its code. However, it is also different. This caused confusion within the attack’s first 24 hours
A sophisticated attack
The NotPetya/Petya outbreak is thought to have started as a compromised update in the MeDoc accounting software, widely used in the Ukraine. According to Fortune, criminal hackers broke into the MeDoc servers on or around June 22. The compromised software update is now thought to have included a compromised Word document. This is a classic characteristic of a virus: requiring an end user to click on the infected email and open the attachment in order to spread. This technique also allows for a more targeted attack.
Where WannaCry spread like wildfire across the globe within a day, Petya was more focused, using spear-phishing to target strategic databases (i.e., companies doing business in the Ukraine). Initially it was thought that NotPetya/Petya was simply a virus. As it turns out, it is a hybrid virus and worm.
Exploiting other holes in the network
Any time data needs to move from one server to another, or one system to another, there is opportunity. Additionally, Microsoft-based networks have inherently had a lot of trust built in. That’s because the support issues with a “trust no one” model—where everything is turned off and is enabled as needed—would be staggering. Here’s where a good penetration test would benefit an organization to help define what should be trusted and what should not.
Software is everywhere
These recent malware attacks also serve to remind us how prevalent software is today with gas pumps and digital billboards displaying the ransom requests. Enterprises today need to change fundamentally how their software is developed or adopted, updated, and accessed. World economies and infrastructures depend on the quality and security of software and applications more than ever.
Internal testing required
Whether utilizing a software vendor or an in-house development team, quality and security must be a priority. As development teams build out their software, they need to test the supply chain code with software composition analysis.
Shared responsibility
If security is truly built in, it also needs to be understood and supported from the CEO, board rooms, and throughout the organization. It needs to be the culture. In security, only one weak link is necessary for a bad actor to take root. Enterprises need a culture of security throughout. If the security team isn’t talking regularly to the C-suite or board about security, then how might this change come about?
And if all else fails…
Enterprises should always have an updated incident response plan. This should include how the business will continue if its hardware or data become compromised. Just as you should be testing and monitoring your software, you should also test and update your incident response plan to consider the latest attacks.
Clearly, WannaCry and NotPetya/Petya are just shots across the bow. Proof of concepts that have been successful to varying degrees. The next one could have more damaging consequences. Consider what happened at Maersk this week where paper and pen had to be used with global shipments. If your enterprise is not currently taking software security seriously, then consider yourself forewarned.
Tomi Engdahl says:
Linux Is Not As Safe As You Think
https://linux.slashdot.org/story/17/07/05/2148200/linux-is-not-as-safe-as-you-think?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Would you be surprised if I told you that threat methods for Linux increased an astonishing 300 percent in 2016, while Microsoft’s operating systems saw a decrease? Well, according to a new report, that is true. Does this mean Linux is unsafe? No way, Jose! There are some important takeaways here. Microsoft’s Windows operating systems are still the most targeted platforms despite the year over year decline — far beyond Linux. Also, just because there is an increase in malware attack methods doesn’t necessarily mean that more systems will be infected. Let us not forget that it is easier to find a vulnerability with open source too; Microsoft largely uses closed source code.
Linux is not as safe as you think
https://betanews.com/2017/07/05/linux-safe/
There is a notion by many people that Linux-based operating systems are impervious to malware and are 100 percent safe. While operating systems that use that kernel are rather secure, they are certainly not impenetrable. In fact, users are arguably less safe when they believe that stereotype, since they could be less vigilant.
Many of these same people view Windows as being Swiss cheese-like. With that said, would you be surprised if I told you that threat methods for Linux increased an astonishing 300 percent in 2016, while Microsoft’s operating systems saw a decrease? Well, according to a new report, that is true.
“At the end of November, criminals with other variants of the same Linux malware unleashed devastating attacks against DSL routers of Telekom customers. 900,000 devices were taken down. In October, the Mirai code appeared freely available on the Internet. Since then, the AV-TEST systems have been investigating an increasing number of samples with spikes at the end of October,November and beginning of December,” says AV Test of the Mirai malware.
The company also says, “Other Linux malware, such as the Tsunami backdoor, has been causing trouble for several years now and can be easily modified for attacks against IoT devices. The detection systems of AV-TEST first detected the Tsunami malicious code in the year 2003. Although, at that time, practically no IoT devices existed, the Linux backdoor already offered attack functions which even today would be suitable for virtually unprotected attacks on routers: In this manner, Tsunami can download additional malicious code onto infected devices and thus make devices remote controllable for criminals. But the old malware can also be used for DDoS attacks. The Darlloz worm, known since 2013, as well as many other Linux and Unix malware programs, have similar attack patterns which AV-TEST has been detecting and analyzing for years.”
As you can see, many of the increases in Linux attacks aren’t aimed at workstations. Actually, it can largely be attributed to IoT and other devices, such as routers, which some manufacturers abandon from an update perspective.
Tomi Engdahl says:
SECURITY REPORT 2016/17
https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf
Declining malware statistics
It remains positive to note that the declining malware trend in 2016
provided some relief, at least quantitatively. Thus, compared to 2015,
detection systems were required to seek out and defend against 14% fewer
malware samples. In total, this amounted to precisely 11,725,292 fewer newly
developed malware programs than in the previous year. It should not be
forgotten, however, that the volume of newly developed malware in 2016 still
represented the second-highest since the beginning of measurements by
the AV-TEST systems. In addition, 2015 saw skyrocketing growth in malware
programs and in comparison to 2014, practically a doubling of the sample
statistics. The overall number of malware programs for all operating systems
currently exceeds 640 million.