Domain: securityaffairs.co
Stories and comments across the archive that link to securityaffairs.co.
Comments · 13
-
MICROS~1 Windows strikes again :]
“The dropper used to deliver the malware is related to the PowerRatankba, a Microsoft Visual C#/ Basic
.NET (v4.0.30319)-compiled executable” ref
.. insert one of China/Russia/Iran/NORK/Venezuela ..or who ever else the deepstate is trying to pick a fight with .. -
Re:Officially Freaked Out
Sadia Afroz is the main public-sector researcher on this topic (stylometric machine learning).
She gave a relevant introduction in 2013
stylometric analysis to track anonymous users in the underground and the corresponding video regarding darknet user tracking through stylometry.She commented a while ago "Please do not ask me to deanonymize Satoshi." and gave reasons.
I bet you the POTUS has a unique style and only grade 8 students and below write at the same level.
-
Re:Officially Freaked Out
Sadia Afroz is the main public-sector researcher on this topic (stylometric machine learning).
She gave a relevant introduction in 2013 stylometric analysis to track anonymous users in the underground and the corresponding video regarding darknet user tracking through stylometry.
She commented a while ago "Please do not ask me to deanonymize Satoshi." and gave reasons. -
slashdoted already
See this alternate link http://securityaffairs.co/word...
-
Re:Bigoted much?
If it's bog-standard government IT, then yes, there's no security sophistication there to speak of. I should know, I've helped them with IAVAs and STIGs.
But nation state level hacking is something else entirely. Try comparing this to the Belgacom hack (another company I've worked with, though not in any direct relation to this). Or look at the attacks vs. North Korea.
Yes, some of those did involve sending email with bogus attachments. But they weren't amateurs that set off alarm bells with a "YOU HAVE BEEN HACKED" email. If a nation state wanted Podesta, they'd have gotten it, e.g., when he lost his phone in that DC cab or otherwise compromised one of his personal machines and taken all the passwords (including Gmail) from there. If they did the dump from his own computer, he wouldn't have even been the wiser.
-
Re:"optional" as long as you fill it out...
Going forward I know I am feeding a troll, but I will explain just in case you really have the IQ of a four year old.
In this context the companies are consulting with ex-cia. They aren't teaching the ex-cia guy the ex-cia guy is teaching them.
If you're teaching something you must have some level of experience prior. There's only two types of people in the world that I can think of that would have experience data-mining social media; SJW's and individuals acting at the behest of a Nations security or military agencies. What the CIA does is obviously classified, but it goes without saying that people coming out of Govt organizations with this kind of teachable knowledge that *just happens* to align with the objectives our Govt has been requesting it's not a leap at all to come to the conclusion that CIA has been data-mining social media.
Oh wow, look at this:
https://theintercept.com/2016/...
http://www.digitaltrends.com/s...
http://securityaffairs.co/word...
http://www.usnews.com/news/art...
http://www.commondreams.org/ne...google: Cia data mining social media
U.S. Customs is just a late comer to the party that's already been going on that you're calling me a conspiracy nut over. News is out man, Go home, and go to bed.
-
Re:Second ASUS announcement today.
I personally will never buy another Android device until they actually fix the problem with updates.
Between this and the scary amount of high risk security vulnerabilities I won't either.
-
Re:Chip cards would not have prevented Target Brea
If you can by-pass it then it effectively nullifies any security provided, so yes, it does count.
So if I try to rob a house, and I "bypass" the security system by robbing the next house over, does that mean the security system of the first house sucks?
If you are able to use entry into the second house to steal stuff from the first house, then yes, that the security on the first house is insufficient protection. If the two are completely unrelated, then the security of the first makes no difference.
In this case, card vs card+chip+pin is like two homes with a tunnel between them. The first home might be more secure, but the tunnel is doesn't have any security on it. So the valuables in the first house are still at risk through entry into the second house; and the guy that sold the first house to the current owners failed to mention the existence of the tunnel.Even aside from that, chip+PIN it no where near as secure as things like Google Wallet that provide single-use card numbers for each transaction.
How is this more secure?
The card number is single use. If they try to use it again, it doesn't work. So it's more secure in the same way that a one-time password is more secure. Google approves the single transaction, and denies any further ones. So yes, it's actually more secure but it also relies on NFC (Wallet+NFC, now Android Pay). It's less secure in that you're putting your bank/credit cards at a single source (Google, Apple, etc) and then using their services to make more secure transactions with others - so single point of failure in security. However, you're card numbers won't be stolen from Target, Home Depot, Walmart, or any other vendor you do business with.
It's also been shown that people can completely clone a chip+PIN card, again rendering the added security null and void.
Do you have a citation?
here's a couple:
http://securityaffairs.co/word...
http://www.theage.com.au/it-pr... - also referenced at http://krebsonsecurity.com/201...
So yeah, if Krebs mentions it, it's probably been proven sufficiently, and likely happening. -
Re:nothing new under the sun
3. The hackers posted a graphic that explained their motivation and you didn't read it.
http://securityaffairs.co/word...
The company running Ashley-Madison also runs sites that promote human trafficking.
-
Trovicor Monitoring Center
also uses DPI (packet injection) and is supposed to be the state-of-the-art full-spectrum intelligence platform: it will allow one to intercept an email, alter and forward it unknown to either the addressor or addressee, with a new meeting time and place, and then dispatch either an extreme rendition, or kill team, to the rendezvous point. Ain't life grand?
https://www.wikileaks.org/spyf...
http://www.spiegel.de/internat...
http://www.allgov.com/news/us-...
http://securityaffairs.co/word... -
Hacking the insurance dongle
Car hacking A security researcher demonstrated that “car hacking” is reality through the exploitation of vulnerable Can Insurance Dongle. Million vehicles at risk.
-
Re:In that case...
FYI it was the British and Australian defense and intelligence communities that discovered malicious modifications to Lenovo's circuitry.
Link needed. All the links I find seem to point to the old story about a US military chip where the chip design came from the outside China and I never saw a clear statement about who introduced the back door. I will take that to mean that the backdoor was in the original designs and was either a legitimate mistake, "debugging feature" or real backdoor that the manufacturer had no knowledge of.
N.B. just a little message for the national security folks listening in here. If you do know about this and have proof, at some point, after you have done everything needed to show 100% who is doing it or after there isn't any more hope for the investigation you have a clear duty to properly, openly warn the rest of us.
-
Welcome to the next level, dood!
"White Hats" versus "Black Hats" ? ? ?
How about, evil is as evil does!
There's an article in that rag owned by notorious dog killer, Blethens (the Seattle Times) describing "white hats" --- a most muddied description when it pertains to those who support the status quo, which is coding software to track everyone today!
Narus, now a Boeing subsidiary, would describe themselves as "white hats" --- yet their DPI technology (Deep Packet Inspection) has been used to track down, torture and murder pro-democracy activists in China, Syria, Egypt and elsewhere.
The Narus DPI technology has been incorporated into the ultimate automated spy/intelligence platform, the Trovicor Monitoring Center, originally developed at Nokia Siemens Networks, it is now owned and sold through a private equity fund based in Germany, of unknown ownership.
It has been sold to one hundred countries, including China, America, Iran and Bahrain; the last two countries having used it in the kidnapping, torture and murder of various dissidents and pro-democracy activists.
This platform can be set to automatically intercept emails, or phone calls of any type, alter their content (as in meeting place location, etc.) then dispatch a kidnap team or kill team.
Say a member of the global elite requires a new organ. The Chinese government will match the target to Trovicor's DNA database, run an audio program search and match on wi-fi/landline to identify the target and his/her whereabouts, then dispatch an organ harvesting team to do a forced organ theft. The victim will end up either disappeared, or in the next Chinese "Bodies Exhibition" --- a profitable endeavor for the ghouls who pay to view such amoral travesties!
Welcome to the next level, dood!