/os/ - Online Security

News, techniques and methods for computer network security.


New Reply on thread #149
X
Max 20 files0 B total
[New Reply]

[Index] [Catalog] [Banners] [Logs]
Posting mode: Reply [Return]


A new LOCKY ransomware campaign targets the healthcare
http://opensources.info/a-new-locky-ransomware-campaign-targets-the-healthcare-2/
Aug 19, 2016
Malware researchers at FireEye security firm have spotted a new Locky ransomware campaign mainly  targeting the healthcare sector. Security experts from FireEye have spotted a Locky ransomware campaign mainly targeting the healthcare sector, Telecom and Transportation industries. Attackers launched  a massive phishing campaign to deliver the threat. The campaign bit organizations worldwide, mostly in the US, Japan, South Korea. Threat actors behind this Locky campaign leveraged on DOCM FORMAT email attachments to deliver the ransomware, instead Javascript based downloaders. “From our trend analysis, Locky ransomware started being delivered via DOCM format email attachments more extensively beginning in August. This marks a change from the large campaigns we observed in March, where a JavaScript based downloader was generally being used to infect systems.” reads the report published by FireEye. “These detection spikes and change in tactics suggest that the cybercriminals are investing more to infect systems and maximize their profits. Additionally, we have observed that the delivery of Dridex via this distribution channel seems to have stopped, or nearly so, which could explain why we are seeing the Locky uptick.” The researchers believe crooks are investing to compromise systems maximizing their efforts. Another interesting trend reported by FireEye is the pause in the distribution of the Dridex banking Trojan through the same channel. Experts noticed many similarities in the macro code used by Attackers in three distinct Locky campaigns running on Aug. 9, Aug. 11 and Aug. 15.

 Softopedia 
New Snowden Documents Links Shadow Brokers Leak to Official NSA Hacking Tools
http://news.softpedia.com/news/new-snowden-documents-links-shadow-brokers-leak-to-official-nsa-hacking-tools-507488.shtml
Aug 19, 2016 18:30 GMT  ·  By Catalin Cimpanu
This particular exploit was used in Pakistan and Lebanon
The Intercept has published today new Snowden documents that reveal an official connection between official NSA cyber-weapons and the malware dumped by The Shadow Brokers. The documents are internal NSA operations manuals that describe how CNE (Computer Network Exploitation) tools must be used. The document which The Intercept received from Snowden a few years back but never published describes a hacking system called BADDECISION. Leaked exploit was part of a bigger hacking system The BADDECISION system is made up of the FOXACID server, the SECONDDATE exploit, and the BLINDDATE field operations software, among other things. The SECONDDATE exploit is a tool that works at the network level by intercepting web requests and redirecting them to the FOXACID server, where the user is infected with the desired malware. According to procedures described in the operations manual (page 28), NSA employees must use IDs to tag victims sent to the FOXACID server via different exploits. The document reveals that SECONDDATE's ID is ace02468bdf13579. This very same ID was found in 14 different files in the files named SECONDDATE included in the Shadow Brokers leak. NSA used exploit in Pakistan and Lebanon Furthermore, other documents revealed that the NSA used a system called BLINDDATE to automate SECONDDATE attacks on Wi-Fi networks in the field. BLINDDATE is a hardware system running custom software that can launch MitM (man-in-the-middle) attacks leveraging SECONDDATE, HAPPY HOUR, NITESTAND, and others. The equipment is used in the field, in the range of an enemy's wireless network. BLINDDATE is a laptop with a giant antenna, which can also be mounted on drones, and redirect a Wi-Fi network's web traffic to the NSA FOXACID server. According to Snowden documents leaked in 2013, BLINDDATE was used to spy on Pakistan's National Telecommunications Corporation’s (NTC) VIP Division and on Lebanon's major ISPs. These campaigns provided the NSA with information on Pakistan’s Green Line communications network, Pakistan's civilian and military leadership, and on Hizballah's Unit 1800 activities. Before The Intercept linked the Shadow Brokers leak with actual NSA cyber-weapons, Kaspersky researchers tied the malware in the group's data dump to tools used by the Equation Group cyber-espionage APT, believed to be linked to the NSA.

 InfoWorld 
Poorly configured DNSSEC servers at root of DDoS attacks
http://www.infoworld.com/article/3109581/security/poorly-configured-dnssec-servers-at-root-of-ddos-attacks.html
InfoWorld | Aug 19, 2016
Administrators who have configured their domains to use DNSSEC: Good job! But congratulations may be premature if the domain hasn't been correctly set up. Attackers can abuse improperly configured DNSSEC (Domain Name System Security Extensions) domains to launch denial-of-service attacks. The DNS acts as a phone book for the Internet, translating IP addresses into human-readable addresses. However, the wide-open nature of DNS leaves it susceptible to DNS hijacking and DNS cache poisoning attacks to redirect users to a different address than where they intended to go.DNSSEC is a series of digital signatures intended to protect DNS entries from being modified. Done properly, DNSSEC provides authentication and verification. Done improperly, attackers can loop the domain into a botnet to launch DDoS amplification and reflection attacks, according to the latest research from Neustar, a network security company providing anti-DDoS services. "DNSSEC emerged as a tool to combat DNS hijacking, but unfortunately, hackers have realized that the complexity of these signatures makes them ideal for overwhelming networks in a DDoS attack," said Neustar's Joe Loveless. "If DNSSEC is not properly secured, it can be exploited, weaponized, and ultimately used to create massive DDoS attacks  In a study of more than 1,300 DNSSEC-protected domains, 80 percent could be used in such an attack, Neustar found. The attacks rely on the fact that the size of the ANY response from a DNSSEC-signed domain is significantly larger than the ANY response from a non-DNSSEC domain because of the accompanying digital signature and key exchange information. The ANY request is larger than a normal server request because it asks the server to provide all information about a domain, including the mail server MX records and IP addresses. Armed with a script and a botnet, attackers can trick nameservers into reflecting DNSSEC responses to the target IP address in a DDoS attack. A DNSSEC reflection attack could transform an 80-byte query into a 2,313-byte response, capable of knocking networks offline. The biggest response the researchers received from a DNSSEC-protected server was 17,377 bytes. The number of DNS reflection and amplification DDoS attacks abusing DNSSEC-configured domains have been growing. Neustar said the overall number of attacks using multiple vectors, which probe defenses until they succeed, is on the rise, and more than half of these multivector attacks involve reflection attacks.  Internet security company Akamai observed a similar pattern, as it found 400 DNS reflection/amplification DDoS attacks abusing a single DNSSEC domain in the fourth quarter of 2015. The domain was used in DDoS attacks against customers in multiple verticals, suggesting the domain had been included into a DDoS-for-hire service. "As with other DNS reflection attacks, malicious actors continue to use open DNS resolvers for their own purpose -- effectively using these resolvers as a shared botnet," Akamai wrote in its quarterly State of the Internet Security report back in February. The problem isn't with DNSSEC or its functionality, but rather how it's administered and deployed. DNSSEC is the best way to combat DNS hijacking, but the complexity of the signatures increases the possibility of administrators making mistakes. DNS is already susceptible to amplification attacks because there aren't a lot of ways to weed out fake traffic sources. "DNSSEC prevents the manipulation of DNS record responses where a malicious actor could potentially send users to its own site. This extra security offered by DNSSEC comes at a price as attackers can leverage the larger domain sizes for DNS amplification attacks," Akamai said in its report. To prevent a DNSSEC attack, configure DNSSEC correctly on the domain so that it cannot be used to amplify DNS reflection attacks. That's easier said than done. DNSSEC adoption has been slow, but progress is being made. Administrators should check with their service providers to make sure their digital signatures are valid and test deployments regularly. While blocking DNS traffic from certain domains is certainly an option, it's not one most organizations would be comfortable with as it could block legitimate users and queries. Neustar recommends DNS providers not respond to ANY requests at all. Other filtering systems to detect abuse -- such as looking for patterns of high activity from specific domains -- should also be in place. Fixing DNSSEC won't end these types of attacks, as there are plenty of other protocols that can be used in amplification and reflection attacks, but it can cut down on the current batch. As long as there are systems generating traffic with spoofed IP addresses and networks allowing such traffic, reflection-amplification DDoS attacks will continue. Efforts to dismantle botnets, and prevent systems from joining botnets in the first place, will put a dent in the number of DDoS attacks. In addition, administrators should make sure they have anti-DDoS mechanisms in place, such as preventing source IP spoofing in a network, closing an open resolver, and rate limiting.

Open Sources
New Brazilian Banking Trojan Uses Windows PowerShell Utility
http://opensources.info/new-brazilian-banking-trojan-uses-windows-powershell-utility/
Aug 19, 2016
Microsoft’s PowerShell utility is being used as part of a new banking Trojan targeting Brazilians. Researchers made the discovery earlier this week and say the high quality of the Trojan is indicative of Brazilian malware that is growing more sophisticated. The banking Trojan is identified as “Trojan-Proxy.PowerShell.Agent.a” and is one of the most technically advanced Brazilian malware samples discovered, said Fabio Assolini, a senior security researcher with Kaspersky Lab’s Global Research and Analysis Team in a Securelist blog on Thursday. The banking Trojan is being delivered via a phishing campaign where emails are masquerading as a receipt from a mobile carrier. A malicious .PIF (Program Information File) attachment is used to attack the target’s PC. PIF files tell MS-DOS applications how to run in Windows environments and can contain hidden BAT, EXE or COM programs that automatically execute after the host file is run. In the case of “Trojan-Proxy.PowerShell.Agent.a” the PIF file changes the proxy configuration in Internet Explorer to a malicious proxy server that redirects connections to phishing pages for Brazilian banks, Assolini said. Those changes in the system are made using a PowerShell script. The browser aspect of the attack is identical to how cybercriminals have exploited proxy auto-config (PAC) files in previous attacks, Assolini said. PAC files are designed to enable browsers to automatically select which proxy server to use to get a specific URL. “It’s the same technique used by malicious PACs that we described in 2013, but this time no PACs are used; the changes in the system are made using a PowerShell script,” Assolini wrote. Not only are Internet Explorer users affected, but also users of Firefox and Chrome. The malware has no command and control communication. Instead, once the .PIF file is launched, the “powershell.exe” process is spawned and the command line “-ExecutionPolicy Bypass -File %TEMP%599D.tmp599E.ps1” is cued. This is an attempt to bypass PowerShell execution policies, Assolini said. The malware changes the file prefs.js, inserting the malicious proxy change. After being infected by “Trojan-Proxy.PowerShell.Agent.a”, if a user tries to access some of the websites listed in the script, they will be redirected to a phishing domain hosted at the malicious proxy server. The proxy domains used in the attack use dynamic DNS services and their goal is to redirect all traffic to a server located in the Netherlands, where there are several phishing pages for Brazilian banks, according to Assolini. According to Kaspersky Lab, Brazil was the most infected country when it comes to banking Trojans in Q1 2016. “Attackers (developing Brazilian malware) are investing time and money to develop solutions where the malicious payload is completely hidden under a lot of obfuscation and code protection,” notes a Securelist post from March. That stands in stark contrast to Brazilian malware that not long ago was described as simple and easy to detect. Researchers believe Brazilian cybercriminals have upped their game by adopting new techniques as a result of collaboration with their European counterparts.

Massive Cyberattack Aimed at Flooding .Gov Email Inboxes With Subscription Requests
http://www.circleid.com/posts/20160819_massive_cyberattack_aimed_at_flooding_dot_gov_email_inboxes/
"Massive Email Bombs Target .Gov Addresses," Brian Krebs writes in Krebs on Security: "Over the weekend, unknown assailants launched a massive cyber attack aimed at flooding targeted dot-gov (.gov) email inboxes with subscription requests to thousands of email lists. According to experts, the attack — designed to render the targeted inboxes useless for a period of time — was successful largely thanks to the staggering number of email newsletters that don't take the basic step of validating new signup requests." — Steve Linford, CEO of Spamhaus further explanis: "This incident involved a large number of government addresses belonging to various countries being subscribed to very large numbers of lists in a very short space of time by scripts run by the attacker(s). Most of the lists hit by the attack used COI and therefore only sent confirmation requests and did not subscribe any addresses. The attack undoubtably also hit lists which used Captcha in addition to COI and thus did not even proceed to COI (those list admins deserve some sort of community ‘hi 5’ award, since one can imagine how hard it is to convince one’s management to implement COI let alone put Captcha in front of it). The issue is the badly-run ‘open’ lists which happily subscribed every address without any consent verification and which now continue as participants in the list-bombing of government addresses." — Krebs was also the target of this subscription attack and writes about it based on his first-hand experience: "At approximately 9:00 a.m. ET on Saturday, KrebsOnSecurity’s inbox began filling up with new newsletter subscriptions. The emails came in at a rate of about one new message every 2-3 seconds. By the time I’d finished deleting and unsubscribing from the first page of requests, there would be another page or two of new newsletter-related emails. For most of the weekend until I got things under semi-control, my Gmail account was basically useless." — Laura Atkins in her report on the incident on Monday said, "this should be a major wakeup call for ESPs and senders." ... "Internet harassment seems to be a bigger and bigger issue. I don’t know if it’s because people are being more open about harassment or if it’s actually more common. In either case, it is the responsibility of networks to minimize the harassment. If your network is a conduit for harassment, you need to do something to stop it."

Motherboard
Lorenzo Franceschi-Bicchierai March 29, 2016 // 07:00 AM EST
More Than 14,000 College Printers in the US Are Open to Hackers
Last week, the notorious hacker and troll Andrew Auernheimer showed just how easy it is to use insecure internet-connected printers to spread hateful racist propaganda. The hacker, also known as Weev, said he used two lines of code to make 20,000 printers, many in colleges and universities, spit out an anti-semitic flyer all over the United States. His exploit quickly made the rounds on social media and local news outlets, showing the staff at American schools that they need to make sure their printers aren’t set up in a way that lets anyone, from anywhere in the world, abuse them. “Printer security is basically a joke...and it's the elephant on the network.” Days after the first reports of the incident, a few seem to have gotten the message. But as of Monday afternoon, there are still more than 14,000 printers in colleges and universities in the US that are completely open to hackers, according to a search on Shodan, a search engine for internet-connected devices. While this might be seen as good news, it’s probably too little too late. And it’s not like colleges and universities had not been warned before.Almost 10 years ago, security researcher Adrian Crenshaw noted that many printers were programmed to accept any printing job sent over the internet to their port 9100 (the same port Auernheimer exploited). Also, just two years ago, Shawn Merdinger, another security researcher, encouraged universities and colleges to remove their printers from the public internet in a talk at a security conference for higher education institutions. At the time of his talk, Merdinger said there were more than 38,000 vulnerable printers on the internet. “I'm only surprised this hasn't happened sooner,” Merdinger told me in an email. “Printer security is basically a joke...and it's the elephant on the network.” And if you think all a hacker can do with these open devices is print flyers, think again. As former NSA researcher Dave Aitel noted on Twitter, Auernheimer could have sent an update to the printer’s firmware with a similar command to the one he used last week, bricking the printers.

Motherboard
Researcher Grabs VPN Password With Tool From NSA Dump
http://motherboard.vice.com/read/researcher-grabs-cisco-vpn-password-with-tool-from-nsa-dump
Joseph Cox August 19, 2016 // 07:00 AM EST

Cisco has already warned customers about two exploits found in the NSA-linked data recently dumped by hackers calling themselves The Shadow Brokers. Now, researchers have uncovered another attack included in the cache, which they claim allows the extraction of VPN passwords from certain Cisco products—meaning hackers could snoop on encrypted traffic. Security researcher Mustafa Al-Bassam first documented the hacking tool, which uses the codename BENIGNCERTAIN, in a blog post published Thursday. He coined the attack “PixPocket” after the hardware the tool targets: Cisco PIX, a popular, albeit now outdated, firewall and VPN appliance. Corporations or government departments might use these devices to allow only authorised users onto their network. Based on his analysis of the code, Al-Bassam writes that the tool works by sending a packet to the target machine that makes it dump some of its memory. Included in that dump is the VPN’s authentication password, which is used to log into the device. "With access to the preshared key, they could decrypt any traffic" Brian Waters, another security researcher, tested BENIGNCERTAIN on his own hardware and managed to obtain the VPN's password, also known as a preshared key. On Friday, he tweeted a message of the output from his test, which revealed his test password of “password123” among a list of two other possibilities. I can confirm that BENIGNCERTAIN works against real hardware @XORcat @GossiTheDog @musalbas @marcan42 @msuiche pic.twitter.com/81gAmeHNlL — Brian H₂O's (@int10h) August 19, 2016 “I was able to pop out a VPN password from the ‘outside’ interface. Meaning the one that would be connected to the internet,” Waters told Motherboard in a Twitter message. “To me this is verified,” Al-Bassam told Motherboard in an online chat. “It's proof that in a VPN that uses authentication with preshared keys, the NSA could have remotely sent a packet to that VPN from an outside Internet IP (unlike the other exploits which require internal access), and grabbed the preshared key […] With access to the preshared key, they could decrypt any traffic,” he added. Once they’ve accessed the network, an attacker might then be able to snoop on a target organisation’s traffic and spy on its users. According to Al-Bassam, the tool references PIX versions 5.2(9) up to 6.3(4). However, Brian Waters said he carried out his test on hardware running the 6.3(5) version, implying that the attack may work on other versions of PIX than those listed in the tool's code. Both Al-Bassam and Maksym Zaitsev, another researcher who has been looking into BENIGNCERTAIN, believe that the attack is likely capable of extracting private encryption keys from VPNs as well, which is another, more robust way of authenticating access. Waters was unable to test that however. #EquationGroup seems to be capable of extracting #Cryptography keys from #Cisco VPNs, up to 4096 bits RSA pic.twitter.com/0Fy08KdR6a — Maksym Zaitsev (@cryptolok) August 18, 2016 Cisco officially stopped selling PIX products back in 2009. it is unclear if anyone has used this attack in the wild, or who still uses PIX products today. Kevin Beaumont, another researcher who has been digging through The Shadow Brokers dump, claimed that one of the UK government’s biggest IT contractors still uses a PIX VPN. On Thursday, after Al-Bassam had published his analysis, but before Waters had verified the attack, Cisco spokesperson Yvonne Malmgren told Motherboard in an email that the company’s security team “continues the process of investigating all aspects of the exploits that were released, including the one you mention. As noted, if something new is found that our customers need to be aware of and respond to, we will share it through our established disclosure processes.”

SOFTEPDIA
Anonymous Created Special DDoS Tool Just for the #OpOlympicHacking Attacks
http://news.softpedia.com/news/anonymous-created-special-ddos-tool-just-for-the-opolympichacking-attacks-507500.shtml
Aug 20, 2016 21:25 GMT  ·  By Catalin Cimpanu 
Tool used to automate attacks against five major targets

Members of the Anonymous hacker collective have created a custom tool that allows them and any person to launch DDoS attacks at five built-in targets. The tool was released to aid the group in its recent hacktivism campaign named #OpOlympicHacking, which started at the beginning of the month, just in time for the Rio Olympic Games. The tool is a Windows executable that launches a window with six buttons, as pictured below this article. The first five buttons are for attacking five built-in targets, while the sixth is for stopping the attacks. The tool can be used only for #OpOlympicHacking attacks The five targets are the official Rio 2016 Olympics website, the Brazil 2016 government portal, the Brazil Olympic Committee website, the government portal for the city of Rio de Janeiro, and the website for Brazil's Sports Ministry. These are only a few of the targets Anonymous hackers included in a list of they uploaded online when they announced #OpOlympicHacking at the start of the month. The DDoS tool is offered online as a free download called "opolympddos." Softpedia has discovered links to this tool on Twitter. At the time of writing, the links are dead, so we couldn't check and see if the DDoS tool came with other malware built-in. Users should not download and run this tool because (1) they would be carrying out an illegal activity; (2) they would be exposing themselves to possible malware infections. Users need Tor before using the tool According to security researchers from RSA, the tool is a mashup of VB, Python, and .NET scripts packaged into a Windows executable. Researchers say that users that install this tool are told to install Tor as well, to hide their real IP. Launching "opolympddos" executes out a Layer 7 DoS attack. "This is achieved by creating persistent connections and sending HTTP requests with random data and user-agents," the RSA team explained. Compared to other Anonymous ops, the #OpOlympicHacking campaign can be considered a success, bringing a lot of attention to its cause via high-profile hacks.

OpenSources
US hacked NTC to spy on Pakistan military, political leadership: Snowden documents
http://opensources.info/us-hacked-ntc-to-spy-on-pakistan-military-political-leadership-snowden-documents-2/

The United States hacked into targets in the Pakistan’s National Telecommunications Corporation (NTC) to spy on the country’s political and military leadership, documents released by former National Security Agency contractor Edward Snowden confirm. According to a report by online news site The Intercept, the previously unpublished documents released by Snowden confirm that some of the NSA’s top-secret code has been leaked or hacked. The Intercept’s editors include journalists that worked with Snowden to publicise his notorious 2013 NSA leak revealing the extent of government snooping on private data. In the latest leak of top-secret documents, Snowden has given The Intercept a classified draft NSA manual on how to implant the SECONDDATE malware – malicious code that is used to monitor or control someone else’s computer, the website said. The draft NSA manual contains instructions to NSA operators telling them to use a specific string of characters associated with the SECONDDATE malware program. According to The New York Times, much of the code was created to peer through the computer firewalls of foreign powers. Such access would enable the NSA to plant malware in rivals’ systems and monitor – or even attack – their networks. Now, according to The Intercept report which sheds lights on the NSA’s broader surveillance and infection network, SECONDDATE was also used to spy on Pakistan. “There are at least two documented cases of SECONDDATE being used to successfully infect computers overseas: An April 2013 presentation boasts of successful attacks against computer systems in both Pakistan and Lebanon,” said The Intercept report.   “In the first, NSA hackers used SECONDDATE to breach ‘targets in Pakistan’s National Telecommunications Corporation’s (NTC) VIP Division,’ which contained documents pertaining to ‘the backbone of Pakistan’s Green Line communications network’ used by ‘civilian and military leadership’,” said the report. According to report, SECONDDATE is just one method used by the NSA to hack into target computer systems and networks. Another document in the cache released by Snowden today describe how the NSA used software other than SECONDDATE to repeatedly attack and hack into computer systems in Pakistan.


Security Affairs
Bitcoins move from the seized SilkRoad wallet to the ShadowBrokers
http://securityaffairs.co/wordpress/50462/intelligence/silkroad-bitcoin-shadowbrokers.html
A security expert noticed strange transactions from the Bitcoin wallet of the SilkRoad (now in the hands of Feds) to the ShadowBrokers ‘ wallet. I was surfing the Internet searching for interesting data about the ShadowBrokers group that leaked exploits and hacking tools belonging to the NSA Equation Group. I have found a very intriguing analysis of the popular security researcher krypt3ia that has analyzed the Bitcoin transactions linked to the #ShadowBrokers account. It seems that the account is receiving small amounts of money (at about $990.00 a couple of days ago), but the real surprise is that some of the payments are coming from the seized Silk Road bitcoins and account.
Hey, wait a moment, the Silk Road Bitcoin are under the control of the FBI after the seizure of the popular black market. krypt3ia decided to investigate the overall transactions and discovered that also the US Marshall service was involved in the transfers. “So, is this to say that these coins are still in the coffers of the feds and they are being sent to ShadowBrokers to chum the water here? Maybe get a conversation going? Maybe to get the bitcoins flying so others can trace some taint? Of course once you start to look at that address and the coins in and out there you get some other interesting hits. Suddenly you are seeing US Marshall service as well being in that loop. Which makes sense after the whole thing went down with the theft of coins and such by rogue agents of the USSS and DEA.” wrote krypt3ia in a blog post. Analyzing the transactions the expert noticed transactions of 0,001337 BTC for the for ShadowBrokers.
We are aware that Silk Road coins are in the hands of the US GOV, but someone is sending ShadowBrokers fractions of them. “What if, and you can see this once you start to dig around with Maltego, the coins being paid to the account so far also come from other accounts that are, shall we call them cutout accounts for the government?” added the experts. At this point, the researcher invited readers to analyze transactions involving all the accounts that passed money to Bitcoin Wallets used by the Government and that were used to transfer money to the ShadowBrokers. At the time I’m writing the ShadowBroker wallet was involved in 41 transactions for a total of 1.738 BTC, and the highest bidder is of 1.5 bitcoin, or around $850.

ISIS Noobs Share ‘How To Hack’ Tutorials Online
http://www.vocativ.com/351739/isis-kali-linux/
By Gilad Shiloach with Mor Turgeman Aug 19, 2016 at 2:28 PM ET
A member of al-Minbar, an active and influential online forum frequented by ISIS sympathizers, is offering an online course on hacking tools with the aim of teaching supporters how to “hack American and European security sites” and creating a group of cyber soldiers affiliated with the terror organization. But this is likely to be simply the latest in a series hapless attempts by ISIS affiliates to threaten cyber warfare on the West, to little effect. The online course is focused on Kali Linux, an open-source Linux distribution, which is a type of operating system based on Linux, that includes hundreds of penetration-testing programs, which are designed to help identify vulnerabilities in a computer network or app. It is being promoted by a prominent member of the ISIS-sympathetic forum, who goes by the username Ayam Fath Baghdad, which translates to “the days of the conquest of Baghdad.” “As-salamu alaykum, my brothers, the members of al-Minbar, and those who are registered for the course on Kali Linux. Please gather in the section tonight at 9 p.m., Mecca time, in order to take a class,” he on Wednesday night, in Arabic. In a 20-page thread, this user interacts with at least other 25 members in the forum, all of whom express interest in taking the course and becoming hackers affiliated with the terror group. The course is based upon several Arabic-language YouTube tutorials, which have been uploaded by a non-ISIS affiliated account. Online tutorials on Kali Linux use are plentiful and freely available from a variety of online sources. To supplement the YouTube videos, Ayam Fath Baghdad offers advice on the use of the OS. “Kali Linux is known as the ‘go-to’ for black [hat] and white [hat] hackers alike,” Omri Moyal, VP Research at Minerva Labs, an Israeli cybersecurity company, told Vocativ over email. “It is widely promoted and educated in underground forums and anonymous chat rooms, and the combination of its pre-installed, ready-to-use, powerful tools make it extremely dangerous in the wrong hands,” he adds. “As we have heard that ISIS are declaring that they will move to operate in the cyber domain, it is very natural that they will go to this tool.” But there’s likely no cause for immediate concern. Moyal analyzed portions of the forum thread, including screenshots uploaded by the “students” and responses by the course’s teacher, and explained that the contents were “very, very basic material,” adding, “I can’t say anything about the teacher but the students are complete noobs.” According to his analysis, the would-be hackers “have problems with the very basic commands and also are not looking for the solution themselves, something a good hacker must be able to learn and do.” Moyal stressed the importance of the sophistication of the hacker themselves over the tools at their disposal, which, like Kali Linux, are typically readily available. He explained that while “the capabilities of Kali Linux are unlimited, it’s a tool box. The question is, ‘What are the skills of the person behind the keyboard?'” One of the methods presented in the course is an SQL injection, which according to Moyal, “has the capabilities of extracting data from those databases. It is commonly used to deface websites and steal credentials.” Moyal explains that similar tool was used by a Saudi hacker to steal thousands of credit card data from a unencrypted online database a few years ago. However, substantial technical know-how and experience is necessary for a hack of this nature. The goal of this online course is a grand finale in which students will conduct “join[t] attacks [by] the graduated members” and the group will create an ISIS-sympathetic hacking organization “along the lines of the United Cyber Caliphate (UCC),” referring to an online coalition of four ISIS-sympathetic, so-called hacking groups that was formed in late 2015. At that time, ISIS supporters created a channel on the encrypted-chat app Telegram dedicated for “publishing courses of hacking and programming languages for the supporters of the Caliphate on the Internet.”...

Stolen NSA hacking tools reportedly on sale for $8000
http://opensources.info/stolen-nsa-hacking-tools-reportedly-on-sale-for-8000-2/
It’s been a rough week for the NSA, to say the least. Last week, a group of hackers collectively known as The Shadow Brokers allegedly stole and released a treasure trove of NSA hacking tools and exploits. What’s more, the group promised to release even more weapons from the NSA’s cyber arsenal for the right price. While the initial leak was met with skepticism, researchers and security experts who examined the leak subsequently confirmed that the leaked exploits were very much real. “It definitely looks like a toolkit used by the NSA,” French computer researcher Matt Suiche said after taking a look at the code. As if that weren’t bad enough, now comes word that The Shadow Brokers may not be the only hackers who hold the keys to the NSA’s cache of advanced hacking tools and exploits. DON’T MISS: Samsung’s best phone yet might have some quality issues that can’t be fixed Late on Sunday night, a hacker with the Twitter handle 1×0123 indicated that he was willing to sell the aforementioned hacking tools for $8,000. Speaking to Gizmodo, the hacker also said that he’d be willing to provide screenshots to verify his claims for $1,000. Interestingly, 1×0123 didn’t come to possess these files by hacking the NSA, but allegedly by stealing them from the Shadow Brokers. It’s unclear how the hacker supposedly stole the hacks and he refused to explain beyond saying “traded some exploits for access to a private escrow and stole the tar file.” This could mean a variety of things, but it seems like he’s indicating that he tricked the Shadow Brokers, the group that originally claimed to have accessed the NSA tools, and stole the .tar file containing the exploits. Again, we don’t have a way to confirm this is true but this hacker has hacked and sold his exploits in the past. Notably, 1×0123 is not some fly by night Twitter account with no track record to speak of. On the contrary, 1×0123 is a self-identified “underground researcher” who has been behind a number of big name exploits in the past, including a hack of Fidelity National Information Services. It’s also worth noting that famed NSA whistleblower Edward Snowden gave 1×0123 some praise on Twitter just a few months ago.

Hacker's claims met with flat denials and skepticism by most of the security industry
http://www.csoonline.com/article/3109936/security/hackers-say-leaked-nsa-tools-came-from-contractor-at-redseal.html
Steve Ragan — Senior Staff Writer, CSO
CSO | Aug 19, 2016 7:33 PM PT
On Friday, messages posted to Pastebin and Tumblr allege the recently leaked NSA files came from a contractor working a red team engagement for RedSeal, a company that offers a security analytics platform that can assess a given network's resiliency to attack. In addition, the hackers claim the intention was to disclose the tools this year during DEF CON. Salted Hash reached out to the press team at DEF CON, as well as RedSeal. In a statement, RedSeal would only confirm they are an In-Q-Tel portfolio company. The company also denied any knowledge of red team assessments against their products by In-Q-Tel or contractors working with In-Q-Tel. Sourcesclose to DEF CON also say the claims in the published letter aren't real.
At this point, it's best to take the claims posted to Pastebin and Tumblr with a grain of salt.  The note and subsequent blog post from "Brother Spartacus" and "13 Johns" says that an individual known as "Dark Lord" – reported to be a skilled hardware engineer – was working an In-Q-Tel contract to assess the security of RedSeal products. This red team engagement used a C&C server as a staging point for the leaked NSA tools. When "Dark Lord" walked off the job, they did so with a copy of the tools that were placed on the C&C server. Given how RedSeal products work, attacking routers and other network devices with the leaked NSA code makes sense if you're wanted to prove the RedSeal will detect such incidents. The company has even used the Shadow Broker incident as a means to promote themselves this week. However, there is a split between the claims on the blog and the Pastebin note. The blog claims the test was to harden RedSeal software, while the note says the test was aimed at RedSeal products. It isn't clear how the leaked tools could be used to assess the RedSeal platform directly.  Moreover, the Pastebin post claims to be from DEF CON, and says the annual hacker gathering was approached in July with details surrounding the Shadow Brokers leak. The note says that "Brother Spartacus" approached DEF CON with details about the code theft, with the intention to disclose the incident during this year's show. "The individual self reported they had walked off an In-Q-Tel contract with RedSeal. They had took the Malware pack from a CNC server that was set-up to test RedSeal products. The individual was not well versed in software and could not point out any zero day threats. We decided to not push the person forward to public Defcon leaders. (sic)" As mentioned, sources close to DEF CON deny this letter is legitimate. This was suspected early on due to the tone of the message, the description of "Brother Spartacus," as well as the fact that DEF CON is misspelled. (Normal communications from DEF CON use the proper branding.) At this point, it's clear the Pastebin and Tumblr posts are some sort of hoax. However, there has been a lot of coverage of the Shadow Brokers leak this week, so this is just one more log on the fire. Recap: On Wednesday, Motherboard published a story citing former NSA staffers who feel the leak didn't happen because of a hack. Instead, they feel the incident is the work of a single individual with insider access. Those thoughts somewhat align with the claims posted on Friday, as a contractor would be considered an insider. In addition, security researcher Mustafa Al-Bassam posted a solid examination of the leaked tools and what they do.




ABC
Feds Investigate Hack of The New York Times, Suspect Russian Operatives Are to Blame
http://abcnews.go.com/US/feds-investigate-hack-york-times-suspect-russian-operatives/story?id=41599825
Federal authorities are investigating a series of cyberattacks on The New York Times and other U.S. media organizations, and they believe those web-based assaults were "probably" carried out by the same Russian hackers who recently infiltrated Democratic organizations, a source familiar with the probe told ABC News. The intrusions were discovered in recent months, and it's unclear exactly why the hackers would have targeted news outlets. Journalists, however, routinely interact with countless officials across the U.S. government as part of their jobs. ABC News was unable to determine what other news outlets, aside from The New York Times, were hit. CNN first reported the intrusions and subsequent investigation. The New York Times said its Moscow bureau was targeted, but noted no "internal systems" were breached. "We are constantly monitoring our systems with the latest available intelligence and tools. We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised," the Times said in a statement on Tuesday evening. For months, the FBI has been investigating what appear to be coordinated cyberattacks on Democratic organizations, with the hacking of the Democratic National Committee being the most damaging so far. Top Intel Official Tells Americans to End 'Hyperventilation' Over DNC Hack but Calls Breach Potentially 'Serious' Not only did the hack apparently allow cyber operatives to steal opposition research on Republican nominee Donald Trump, but many suspect it led to the theft of internal messages that showed efforts by DNC officials to undermine Democratic presidential candidate Bernie Sanders during the primary season. After those damaging emails were publicly released by WikiLeaks, Florida Rep. Debbie Wasserman Schultz stepped down as DNC chairwoman. The FBI declined to comment for this article. Asked last month whether Russia might have intentions to undermine the U.S. political process, James Clapper, the nation’s top intelligence official, said Russian officials “believe we’re trying to influence political developments in Russia, we’re trying to affect change, and so their natural response is to retaliate and do unto us as they think we've done to them." Speaking at the annual Aspen Security Forum in Aspen, Colorado, Clapper said Russian President Vladimir Putin is "paranoid" about the potential for revolutions in Russia, "and of course they see a U.S. conspiracy behind every bush, and ascribe far more impact than we’re actually guilty of." Referring to cyber warfare, Clapper said it is not "terribly different than what went on during the heyday of the Cold War," just with different tools and "a different modality." And, he said, the U.S. intelligence community is now "at war" with Russia, conducting operations every hour of every day against Russia and other adversaries. Nevertheless, Clapper said he's "taken aback a bit by ... the hyperventilation over" the hack of the DNC, adding in a sarcastic tone, "I'm shocked somebody did some hacking. That’s never happened before." The American people "just need to accept" that cyber threats and computer-based attacks are a major long-term challenge facing the United States, and he said Americans should "not be quite so excitable when we have yet another instance of it."


Linux.Rex.1, a new Linux Trojan the creates a P2P Botnet
http://www.itsecuritynews.info/linux-rex-1-a-new-linux-trojan-the-creates-a-p2p-botnet/
 23. August 2016 
Security researchers discovered a new Linux Trojan dubbed Linux.Rex.1 that is capable of self-spreading and create a peer-to-peer botnet. A newly observed Linux Trojan is capable of self-spreading through infected websites and can recruit the infected machines into a peer-to-peer (P2P) botnet, Doctor Web researchers warn. Security researchers from the firm Dr. Web have discovered […]

ZDNET
France, Germany push for access to encrypted messages after wave of terror attacks
By Zack Whittaker for Zero Day | August 23, 2016 -- 21:12 GMT (22:12 BST) 
http://www.zdnet.com/article/france-germany-push-for-access-to-encrypted-messages-after-wave-of-terror-attacks/
France and Germany are to ask the EU for new powers that could see state intelligence agencies compel makers of mobile messaging services to turn over encrypted content. The two member states have both numerous suffered terrorist attacks in the past year and a half, with hundreds killed by the so-called Islamic State group, but argue that their intelligence agencies are struggling to intercept messages from criminals and suspected terrorists.Many mobile messaging providers, like WhatsApp, Apple's iMessage, and Telegram, all provide end-to-end encrypted messaging to thwart spying by both hackers and governments alike. Many other sites and services -- including Facebook -- have followed suit by pushing for strong encryption to ensure government spies can't access a person's messages. Reuters reported Tuesday that French interior minister Bernard Cazeneuve wants the European Commission to draft a law that would oblige companies to turn over data. "It's a central issue in the fight against terrorism," Cazeneuve told reporters last week. "Exchanges carried out via applications like Telegram must be identified and used in the course of judicial proceedings," he added. But Cazeneuve's initiative, echoing similar US and British efforts to install "backdoors" for in encryption for governments and law enforcement agencies, effectively undermining its very point, has long been criticized by privacy and security experts, who argue that there's no feasible way to guarantee that hackers won't be able to exploit the same access.  The request for a review falls just short calls for an all-out ban. Earlier this year, one prominent French politician called for fines and ban on services that are unable to turn over encrypted communications. The European Commission said it "welcomed" the initiatives between the two countries, but said that data protection laws are already under review. But the executive body may face internal pressure to dismiss the idea of undermining the effectiveness encryption. Only a few weeks ago, the European data protection supervisor said that nation states should be forbidden from trying to decrypt encrypted communications, or install backdoors. In a report, the supervisor said that end-to-end encryption to be "encouraged, and when necessary, mandated." European authorities have been particularly aggrieved by reports of mass surveillance by the US government, which were brought to light three years ago by the Edward Snowden files. The transatlantic pact that allowed the free flow of data between the two continents was later suspended by a top European court in the wake of the disclosures. A new pact was agreed upon earlier this year.

Russian hackers suspected in hack of New York Times, others
Newspaper says its Moscow bureau was the target of a cybersecurity breach but that there's no evidence hackers were successful. by Steven Musil @stevenmusil  August 23, 20164:44 PM PDT 
http://www.cnet.com/news/russian-hackers-suspected-in-hack-of-new-york-times-others/
Russian hackers are suspected of being behind a cyberattack on The New York Times and other media outlets. Getty Images The FBI suspects cybersecurity breaches targeting reporters at The New York Times and other news agencies were carried out by hackers working for Russian intelligence, CNN reported Monday. "Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said," according to CNN. In a follow-up report, The New York Times reported late Monday that its Moscow bureau was the target of an attempted cyberattack earlier this month. The Times did not immediately respond to a request for comment but said in its report that there was no evidence hackers succeeded in penetrating the newspaper's cyberdefenses. "We are constantly monitoring our systems with the latest available intelligence and tools," Eileen Murphy, a spokeswoman for the Times, said in the report. "We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised." Neither the FBI nor the Russian embassy immediately responded to a request for comment. News of the hack attempt comes amid allegations that hackers working for the Russian government broke into the Democratic National Committee's computer network, gaining access to emails and chat transcripts, as well as opposition research on Republican presidential candidate Donald Trump. US-based news agencies have become popular targets for hack attempts in recent years. In 2013, The Washington Post reported that its servers had been breached for the second time in three years, giving hackers access to employee usernames and passwords.

https://www.hillaryclinton.com/
viewsource:
&lt!DOCTYPE html> &lt!--       HHHHHH       →→HHHH       HHHHHH       →→→→HH       HHHHHH       →→→→→→→       →→→→→→→→→→→→→→→→→→→→→→      Git out the vote!       →→→→→→→→→→→→→→→→→→→→→→→→    Join the only 18 month, nationally televised hackathon.       →→→→→→→→→→→→→→→→→→→→→→      https://boards.greenhouse.io/hillaryforamerica       HHHHHH       →→→→→→→       HHHHHH       →→→→HH       HHHHHH       →→HHHH       --> &lthtml lang="en">   &lthead>


 Daily Mail 
Sickening hack attack on Leslie Jones: Hacker steals nude photos of SNL star and posts them on her website with racist memes and copies of her driving license
http://www.dailymail.co.uk/news/article-3756748/Hacker-defiles-Leslie-Jones-website-racist-posts-nude-photos-SNL-star.html
* A hacker posted nude photos and personal information on Leslie Jones' website on Wednesday  * The website was taken down just after noon ET * The SNL star has yet to issue a public statement on the hack  * Jones became the target for racist online trolling earlier this year  
By Ashley Collman For Dailymail.com Published: 15:57 GMT, 24 August 2016 | Updated: 17:23 GMT, 24 August 2016
SNL comedian Leslie Jones has had her personal website hacked.  Nude photos of the actress were posted on her website Wednesday morning, alongside copies of her driver's license and passport. The hacker also posted a video in tribute to the gorilla Harambe, a racist dig at African-American Jones.
Leslie Jones has had her website hacked. The SNL star pictured above at the August 3 premiere of War Dogs in New York  Also released in the attack were several selfies of Jones with famous celebrities including Rihanna, Kanye West, Kim Kardashian and 50 Cent.  TMZ reports that the hacker accessed the personal photos and information by hacking Jones' Cloud storage or iPhone.   Shortly after noon ET on Wednesday, JustLeslie.com was taken down by hosting website Tumblr. Jones has yet to publicly comment on the hack....Jones' website was taken down shortly after noon ET on Wednesday, following the hack The 48-year-old funny woman has been the target of racist online trolling ever since the new Ghostbusters reboot came out earlier this summer.  Twitter went to far as to ban one of Jones' trolls, as well as delete some of the nastier comments made about her on the website when she complained last month. Internet trolls didn't like it when Jones complained about fashion designers refusing to work with her on a dress for the Ghostbusters premiere earlier this summer. Jones pictured above in a dress Christian Siriano made for her at the last minute The company's CEO Jack Dorsey explained that they don't ban people 'for expressing their thoughts' but that 'targeted abuse and inciting abuse against people' is not allowed. In an interview about the internet abuse on Late Night with Seth Meyers, Jones said: 'What's scary about the whole thing is that the insults didn't hurt me. Unfortunately I'm used to the insults. But what scared me was the injustice of a gang of people jumping against you for such a sick cause.' In the lead up to Ghostbusters' release, Jones complained that several fashion designers had refused to make a dress for her for the film's premiere. 'It’s so funny how there are no designers wanting to help me with a premiere dress for movie,' she tweeted on June 28. 'Hmmmm that will change and I remember everything.' After the drama made headlines, designer Christian Siriano created a custom red gown for Jones.

 Security Affairs 
The Equation Group’s exploit ExtraBacon works on newer Cisco ASA
http://securityaffairs.co/wordpress/50586/breaking-news/nsa-extrabacon-exploit.html
August 24, 2016  By Pierluigi Paganini
Security experts have improved the ExtraBacon exploit included in the NSA Equation Group arsenal to hack newer version of CISCO ASA appliance. The data dump leaked online by ShadowBrokers is a treasure for security experts and hackers that are analyzing every tool it contains. Cisco and Fortinet have confirmed their network appliance are vulnerable to the exploits listed in the leaked dump. Recently security researchers tested the BENIGNCERTAIN tool included in the precious archive belonging to the NSA Equation Group that allows attackers to extract VPN passwords from certain Cisco devices. Now the Hungary-based security consultancy SilentSignal has focused his analysis on another exploit that could be used against the newer models of Cisco’s Adaptive Security Appliance (ASA). We successfully ported EXTRABACON to ASA 9.2(4) #ShadowBrokers #Cisco pic.twitter.com/UPG6yq9Km2 — SilentSignal (@SilentSignalHU) 23 agosto 2016 The security firm has demonstrated that the NSA-linked Cisco exploit dubbed ExtraBacon poses a bigger threat than previously thought. Initially, the ExtraBacon exploit was restricted to versions 8.4.(4) and earlier of the CISCO ASA boxes and has now been expanded to 9.2.(4).An attacker who has already gained a foothold in a targeted network could use the zero-day exploit to take full control of a firewall. In an e-mail sent to ArsTechnica, SilentSignal researcher Balint Varga-Perke wrote: “We first started to work on the exploit mainly to see how easy it would be to add support for other (newer) versions. Turns out it is very easy, that implies two things: * The leaked code is not as poor quality as some might suggest * The lack of exploit mitigation techniques in the target Cisco software makes the life of attackers very easy” Experts from the IT vendor Juniper also confirmed that one of the exploits in the Equation Group archive could be used to hack the Juniper NetScreen firewalls, they also confirmed that are conduction further investigation on the exploit. The tool codenamed FEEDTROUGH and ZESTYLEAK could be used by attackers to target Juniper Netscreen firewalls, the company is investigating their efficiency. “As part of our analysis of these (Equation Group) files, we identified an attack against NetScreen devices running ScreenOS,” explained the company incident response director Derrick Scholl. “We are examining the extent of the attack, but initial analysis indicates it targets the boot loader and does not exploit a vulnerability on ScreenOS devices.” “We will continue to evaluate exactly what level of access is necessary in order to execute the attack, whether it is possible to detect the attack, and if other devices are susceptible.”

 Tech Week Europe
Security Researchers Discover First Twitter-Controlled Botnet
Ben Sullivan, August 24, 2016, 4:21 pm
http://www.techweekeurope.co.uk/security/cyberwar/first-twitter-controlled-botnet-discovered-196739
Twitoor, uncovered by ESET, can plague Android devices with malicious malware The first ever Twitter-controlled botnet has been discovered by security experts at ESET, who claim the backdoor is downloading malware onto infected Android devices. Twitoor is a backdoor that is able to install dodgy malware and has been active for around a month, said ESET. Porn and MMS While the app isn’t listed on the official Android app store, it spreads to users by SMS and malicious URLs, impersonating porn players or MMS applications.ESET said that on launch, the app masks its presence and checks the phone’s Twitter account for commands from a control server, acting as part of a botnet. When commands are received, it can download more malicious apps. “Using Twitter instead of command-and-control (C&C) servers is pretty innovative for an Android botnet,” said Lukáš Štefanko, the ESET malware researcher who discovered the malicious app. As malware that takes down devices to form botnets needs to receive instructions, that communication channel is vital to their survival, said ESET. And to make the Twitoor botnet’s communication more resilient, botnet designers encrypted their messages and used innovative means for communication, among them the use of social networks, said ESET. “These communication channels are hard to discover and even harder to block entirely. On the other hand, it’s extremely easy for the crooks to re-direct communications to another freshly created account,” said Štefanko. Other non-traditional means of controlling Android bots have already been found in blogs or cloud messaging systems, said ESET, but Twitoor is the first Twitter-based bot malware, according to Štefanko. “In the future, we can expect that the bad guys will try to make use of Facebook statuses or deploy LinkedIn and other social networks”, states ESET’s researcher. Twitoor has been found downloading versions of mobile banking malware. However, the botnet operators can start distributing other malware, including ransomware, at any time, warned Štefanko. “Twitoor serves as another example of how cybercriminals keep on innovating their business,” Stefanko continues. “The takeaway? Internet users should keep on securing their activities with good security solutions for both computers and mobile devices.”

ARS TECHNICA
HTTPS and OpenVPN face new attack that can decrypt secret cookies
http://tornews3zbdhuan5.onion/newspage/35462/
http://arstechnica.com/security/2016/08/new-attack-can-pluck-secrets-from-1-of-https-traffic-affects-top-sites/
Ars Technica, Aug. 24, 2016 Dan Goodin - Aug 24, 2016 3:45 pm UTC Researchers have devised a new attack that can decrypt secret session cookies from about 1 percent of the Internet's HTTPS traffic and could affect about 600 of the Internet's most visited sites, including nasdaq.com, walmart.com, match.com, and ebay.in. The attack isn't particularly easy to carry out because it requires an attacker to have the ability to monitor traffic passing between the end user and one of the vulnerable websites and to also control JavaScript on a webpage loaded by the user's browser. The latter must be done either by actively manipulating an HTTP response on the wire or by hosting a malicious website that the user is tricked into visiting. The JavaScript then spends the next 38 hours collecting about 785GB worth of data to decrypt the cookie, which allows the attacker to log into the visitor's account from another browser. A related attack against OpenVPN requires 18 hours and 705GB of data to recover a 16-byte authentication token. Despite the difficulty in carrying out the attack, the researchers said it works in their laboratory and should be taken seriously. They are calling on developers to stop using legacy 64-bit block-ciphers. For transport layer security, the protocol websites use to create encrypted HTTPS connections, that means disabling the Triple DES symmetric key cipher, while for OpenVPN it requires retiring a symmetric key cipher known as Blowfish. Ciphers with larger block sizes, such as AES, are immune to the attack. Further ReadingNew attack steals SSNs, e-mail addresses, and more from HTTPS pages"It is well-known in the cryptographic community that a short block size makes a block cipher vulnerable to birthday attacks, even if the[re] are no cryptographic attacks against the block cipher itself," the researchers wrote in a blog post explaining the attacks. "We observe that such attacks have now become practical for the common usage of 64-bit block ciphers in popular protocols like TLS and OpenVPN." A birthday attack is a type of cryptographic exploit that is based on the mathematical principle known as the birthday paradox. It holds that in a room of 23 randomly selected people, there is a 50-percent chance two of them will share the same birthday, and there's a 99.9 percent chance when the number is increased to 70 people. The same principle can be used by cryptographers to find so-called collisions, in which the output of two chunks of encrypted text is the same. Collisions, in turn, easily return the plaintext. By collecting hundreds of gigabytes worth of HTTPS or VPN data and carefully analyzing it, the attackers are able to recover the sensitive cookie. In response to the new attack, which the researchers have dubbed Sweet32, OpenVPN developers on Tuesday released a new version of the program that actively discourages the use of 64-bit ciphers. OpenSSL maintainers, meanwhile, said in a blog post that they plan to disable Triple DES in version 1.1.0, which they expect to release on Thursday. In versions 1.0.2 and 1.0.1, they downgraded Triple DES from the "high" to "medium," a change that increases the chances that safer ciphers are used to encrypt data traveling between servers and end users. The precise cipher choice is made dynamically and is based on a menu of options supported by both parties. While stripping Triple DES out of all versions would be the safest course, it also would leave some people unable to browse certain HTTPS sites altogether. "When you have a large installed base, it is hard to move forward in a way that will please everyone," Rich Salz, a senior architect at Akamai Technologies and a member of the OpenSSL developer team, wrote. "Leaving triple-DES in 'DEFAULT' for 1.0.x and removing it from 1.1.0 is admittedly a compromise. We hope the changes above make sense, and even if you disagree and you run a server, you can explicitly protect your users through configuration." Browser makers are also in the process of making changes that prioritize safer ciphers over Triple DES. Further ReadingGone in 30 seconds: New attack plucks secrets from HTTPS-protected pagesThe Sweet32 attack will be presented in October at the 23rd ACM Conference on Computer and Communications Security. While the time and data-collection requirements present a significant barrier, it works as described on sites that support Triple DES and allow long-lived HTTPS connections. As of May, about 600 websites in the Alexa 100,000 were identified, including those mentioned at the beginning of this article. Karthikeyan Bhargavan and Gaëtan Leurent—the researchers behind Sweet32—estimate that about 1 percent of the Internet's HTTPS traffic is vulnerable. OpenSSL team member Viktor Dukhovni summed things up well in an e-mail. "We're not making a fuss about the 3DES issue, and rating it 'LOW," Dukhovni wrote. "The 3DES issue is of little practical consequence at this time. It is just a matter of good hygiene to start saying goodbye to 3DES." You must login or create an account to comment.

ARS TECHNICA
Military submarine maker springs leak after “hack”—India, Oz hit dive alarm
http://tornews3zbdhuan5.onion/newspage/35463/
http://arstechnica.com/security/2016/08/military-submarine-maker-leak-dcns-suspected-hack/
Jennifer Baker (UK) - Aug 24, 2016 3:21 pm UTC A massive leak of documents on India’s new military submarines from French shipbuilder DCNS is the result of a hack, the country's defence minister said on Wednesday. Manohar Parrikar claimed, according to local reports, that the entire designs of its Scorpene submarines hadn't been disclosed. “First step is to identify if its related to us, and anyway its not all 100 percent leak,” he was quoted as saying. The documents were made public by The Australian on Tuesday, which described the breach as an “Edward Snowden-sized leak.” A DCNS spokesperson told Ars: “DCNS has been made aware of articles published in the Australian press related to the leakage of sensitive data about Indian Scorpene. This serious matter is thoroughly investigated by the proper French national authorities for defence security. This investigation will determine the exact nature of the leaked documents, the potential damages to DCNS customers as well as the responsibilities for this leakage.” Although the 22,000-page cache of documents date from 2011, they give very detailed technical information about the combat capability of the Scorpene vessels, which are currently in use in Malaysia and Chile. India signed the £2.6 billion deal for six of the boats in 2005—they are to be built in conjunction with an Indian government-owned Mumbai shipbuilder—and Brazil is due to deploy the vessels in 2018. Such sensitive information in the wrong hands would have huge ramifications for national security in all four countries. “It appears that the source of leak is from overseas and not in India,” Parrikar said, vowing to investigate further. Australia is also very concerned. Earlier this year, DCNS won an AUS$50 billion contract—the country’s largest-ever defence deal—to build a new submarine fleet. The French group saw off bids from Germany’s ThyssenKrupp AG and a Japanese-government consortium of Mitsubishi Heavy Industries and Kawasaki Heavy Industries. Details about the Australian contract, expected to run into the 2050s, weren't disclosed in the leak. But it has raised concerns about the data security of the defence project. The country's prime minister Malcolm Turnbull said the leak was a reminder of the importance of cyber security, but claimed that Australia, where the 4,500-tonne Shortfin Barracuda submarines will be built, has “high security standards”—an assertion called into question in the recent census debacle. This post originated on Ars Technica UK You must login or create an account to comment.

Open Sources
Word Games: What the NSA Means by “Targeted” Surveillance Under Section 702
http://opensources.info/word-games-what-the-nsa-means-by-targeted-surveillance-under-section-702/
Aug 24, 2016
We all know that the NSA uses word games to hide and downplay its activities. Words like “collect,” “conversations,” “communications” and even “surveillance” have suffered tortured definitions that create confusion rather than clarity. There’s another one to watch: “targeted” v. “mass” surveillance. Since 2008, the NSA has seized tens of billions of Internet communications. It uses the Upstream and PRISM programs—which the government claims are authorized under Section 702 of the FISA Amendments Act—to collect hundreds of millions of those communications each year. The scope is breathtaking, including the ongoing seizure and searching of communications flowing through key Internet backbone junctures,[1]the searching of communications held by service providers like Google and Facebook, and, according to the government’s own investigators, the retention of significantly more than 250 million Internet communications per year.[2]  Yet somehow, the NSA and its defenders still try to pass 702 surveillance off as “targeted surveillance,” asserting that it is incorrect when EFF and many others call it “mass surveillance.” Our answer: if “mass surveillance” includes the collection of the content of hundreds of millions of communications annually and the real-time search of billions more, then the PRISM and Upstream programs under Section 702 fully satisfy that definition. This word game is important because Section 702 is set to expire in December 2017. EFF and our colleagues who banded together to stop the Section 215 telephone records surveillance are gathering our strength for this next step in reining in the NSA. At the same time, the government spin doctors are trying to avoid careful examination by convincing Congress and the American people that this is just “targeted” surveillance and doesn’t impact innocent people. Section 702 Surveillance: PRISM and Upstream PRISM and Upstream surveillance are two types of surveillance that the government admits that it conducts under Section 702 of the FISA Amendments Act, passed in 2008. Each kind of surveillance gives the U.S. government access to vast quantities of Internet communications.[3] Upstream gives the NSA access to communications flowing through the fiber-optic Internet backbone cables within the United States.[4] This happens because the NSA, with the help of telecommunications companies like AT&T, makes wholesale copies of the communications streams passing through certain fiber-optic backbone cables. Upstream is at issue in EFF’s Jewel v. NSA case. PRISM gives the government access to communications in the possession of third-party Internet service providers, such as Google, Yahoo, or Facebook. Less is known about how PRISM actually works, something Congress should shine some light on between now and December 2017.[5] Note that those two programs existed prior to 2008—they were just done under a shifting set of legal theories and authorities.[6] EFF has had evidence of the Upstream program from whistleblower Mark Klein since 2006, and we have been suing to stop it ever since...

Deep Dot Web 
Police Push For a Law Requiring Canadians to Give Up Their Passwords
http://deepdot35wvmeyd5.onion/2016/08/24/police-push-law-requiring-canadians-give-passwords/
Posted by: C. Aliens August 24, 2016
At the organization’s annual news conference on the 16th of August, The Canadian Association of Chiefs of Police (CACP) passed a resolution that calls for a law allowing the police to force people to provide law enforcement with their computer passwords. CTV spoke with RCMP Assistant Commissioner Joe Oliver after the conference where he explained that under current Canadian laws, the police have no way to legally compel users to hand over passwords. The resolution passed by the CACP is part of an effort to allow law enforcement to catch up with the digital age. “The victims in the digital space are real,” Oliver said. “Canada’s law and policing capabilities must keep pace with the evolution of technology.” The resolution was intentionally passed during a time when the federal government began a study on cybersecurity to find a way to balance online freedoms with the police’s ability to enforce the law. The study will run until the 15th of October. As pointed out by Motherboard, the CACP posted a report on “the challenges of gathering electronic evidence” as a backboard for the resolution, implying that the decision is influenced by recent events such as Apple’s refusal to unlock an iPhone for the FBI. Oliver told CTV that since police tensions are being raised around the globe, new measures are being sought out to make their job easier. One example of this is CACP pushing for police to be able to easily obtain information from cellphone carriers, such as names and addresses of subscribers in real-time. Although the invasive ruling would require permission from a judge before an individual would need to provide law enforcement with his password, advocates for civil liberties have expressed their explicit disapproval. Michael Vonn, policy director for the BC Civil Liberties Association, when questioned by journalists gave a further explanation. “To say this is deeply problematic is to understate the matter,” he said. “We have all kinds of laws that do not compel people to incriminate themselves or even speak.” Since Canada has laws in place to allow people to keep their privacy through silence and choose not to reveal any information, Vonn says the resolution’s proposed law would not fit in Canada’s legal landscape. It would be “tricky constitutionally,” he added. A lawyer for the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa questions whether or not the proposal would be constitutional. “It’s rare to force people to help police investigate themselves, and for good reason,” Tamir Israel writes. “It shifts the focus of criminal condemnation away from actual criminal activity and onto compliance. So if an individual legitimately objects to handing over their password, that alone makes them criminal.” Vonn added that while this is what the Chiefs of Police do, the law should not be in violation of people’s civil liberties.
http://www.ctvnews.ca/canada/police-chiefs-want-law-compelling-people-to-reveal-passwords-1.3030790?hootPostID=3d0770fc68b61c08f414f48b088ef55e

AP
US intelligence still sorting out NSA hack
https://www.yahoo.com/tech/us-intelligence-still-sorting-purported-225513205.html
August 24, 2016
YORBA LINDA, Calif. (AP) — The U.S. is still probing the extent of a recent cyber leak of what purports to be hacking tools used by the National Security Agency, the nation's top intelligence official said Wednesday. "We are still sorting this out," James Clapper, director of national intelligence, said at an event at the Nixon Presidential Library and Museum in Yorba Linda, California. "It's still under investigation," Clapper said. "We don't know exactly the full extent — or the understanding — of exactly what happened." The tool kit consists of malicious software intended to tamper with firewalls, the electronic defenses protecting computer networks. The leak has set the information security world atwitter — and sent major companies rushing to update their defenses. The rogue programs appear to date back to 2013 and have whimsical names like EXTRABACON or POLARSNEEZE. Three of them — JETPLOW, FEEDTROUGH and BANANAGLEE — have previously appeared in an NSA compendium of top secret cyber surveillance tools. The documents have been leaked by a group calling itself the "Shadow Brokers," although many have floated the possibility of Russian involvement. CIA Director John Brennan, who appeared with Clapper at the event, called cyber threats the most serious issue facing the nation. "This administration, the intelligence community is focused like a laser on this and I would say the next administration really needs to take this up early on as probably the most important issue they have to grapple with," Brennan said.

France and Germany against encrypted messaging apps
http://www.ehackingnews.com/2016/08/france-and-germany-against-encrypted.html
Wednesday, August 24, 2016
France and Germany  are pushing  for a common rule in  Europe for the encrypted messaging apps such as Telegram to help governments in monitoring  communications between the extremists. According to the Privacy advocates,  encryption is essential for  online security,especially in banking transactions. Whereas, security experts argues that  encrypted apps are increasingly used by extremists to hide their location, coordinate operations and trade weapons and sex slaves. Interior Minister Bernard Cazeneuve said "French authorities have detained three people this month with "clear attack plans," but police need better tools to eavesdrop on encrypted text conversations utilizing the kinds of powers used to wiretap phones." He and German Interior Minister Thomas de Maiziere  are insisting on a ban on encrypted services.However, Cazeneuve said instead of banning the app,  they should work with companies to ensure they can't be abused by militants. In a joint proposal released on Tuesday, "Encrypted communications among terrorists constitute a challenge during investigations.Solutions must be found to enable effective investigation ... while at the same time protecting the digital privacy of citizens by ensuring the availability of strong encryption." There were no specific solutions, but the leaders want  to discuss encryption next month during a  summit in Bratislava, Slovakia. On the other hand, Telegram  wrote on its website that they  blocked terrorist-related public channels but doesn't intervene in private chats.


Jupiter Broadcasting
Unfilter
Russia’s Cyber Sneak Attack | Unfilter 201
http://www.jupiterbroadcasting.com/102486/russias-cyber-sneak-attack-unfilter-201/

http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/unfilter/2016/unfilter-0201-432p.mp4

http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/unfilter-0201.mp3

http://www.podtrac.com/pts/redirect.ogg/traffic.libsyn.com/jnite/unfilter-0201.ogg

 Australian Broadcasting Corp
Cyber War
By Linton Besser and Poppy Stockell
Monday 29th August 2016
http://www.abc.net.au/4corners/stories/2016/08/25/4526527.htm

Cyber War: How hackers are threatening everything from your bank account to the nation's secrets. In a room, deep inside a Las Vegas hotel, the world's best hackers are gathering. "You have to go into a backroom... there you're going to find about a dozen teams playing against each other, no more than a hundred people. These are really the world's cyber elite." Artificial Intelligence developer They're here to compete against each other and they're being watched by cyber warfare agencies the world over, not for prosecution, but for recruitment. They have the skills needed to wage espionage and warfare in the modern age. On Monday night Four Corners takes you into the world of cyber hacking, where the weapon of choice is computer code. "In WWII we bombed and destroyed the electrical infrastructure of our enemies. Now we have the ability through a cyber attack to just shut the grid down." Former CIA Director Michael Hayden Featuring an interview with the former head of the CIA and the NSA, Michael Hayden, he explains how the intelligence business has changed with young hackers parachuted into sensitive operational activities. "Right ok, take out the power grid... Red Team power is going down, what I want you to look at now, do as much damage as you can." Australian Cyber Trainer We take you into the cutting edge facility where Australian soldiers are being trained in the arts of cyber warfare - where their computer skills can be used to shut down a power grid or cut off a city's water supply. "The Australian Government knows it needs to protect these things... and will continue to strive to stay ahead of whatever the threat environment is." Australian Govt Cyber Adviser And will reveal the strategic Australian companies and institutions that have found themselves hacked. "They're so deep inside our network it's like we had someone sitting over our shoulder for anything we did." IT manager It's not just nation states that are in the hacking business, it's also criminals, and as the program demonstrates, it's frighteningly easy to hack our lives. If you have a smart phone, if you use internet banking, if you store your information "in the cloud" then you are at risk. "Cybercrime poses one of the greatest challenges to law enforcement this century. No longer do we have that individual who carries a firearm and wears a balaclava to disguise their identity. It's a lot more profitable and a lot easier for someone to pick up a laptop, sit in the comfort of their lounge room behind the anonymity of the internet and take the bank for millions of dollars." Australian Police Officer Cyber War, reported by Linton Besser and presented by Sarah Ferguson, goes to air on Monday 29th August at 8.30pm EDT. It is replayed on Tuesday 30th August at 10.00am and Wednesday 31st at 11pm. It can also be seen on ABC News 24 on Saturday at 8.00pm AEST, ABC iview and at abc.net.au/4corners.

ARS TECHNICA
Apple releases iOS 9.3.5 with “an important security update”
Andrew Cunningham Aug 25, 2016 5:21 pm UTC
Just a few weeks after posting iOS 9.3.4 to fix a jailbreaking-related bug, Apple has released iOS 9.3.5 to all supported iPhones and iPads. The update provides an "important security update" and comes just a few weeks before the expected release of iOS 10, which is currently pretty far along in the developer/public beta process. Apple's security release notes say that three bugs have been fixed, two in the iOS kernel and one in WebKit. The bugs were discovered by Citizen Lab and Lookout, the latter of which posted more information in a blog post. Lookout collectively calls the three zero-day vulnerabilities "Trident," and says that they could allow an victim's personal data to be accessed after opening a link sent in a text message. Trident infects a user's phone "invisibly and silently, such that victims do not know they’ve been compromised." We'll have more information about the vulnerability in a forthcoming article. The update is available now for everything that runs iOS 9: the iPhone 4S and newer; iPad 2 and newer; all iPad Minis and iPad Pros; and the fifth- and sixth-generation iPod Touches.

 E hacking news
Cisco begins patching of leaked shadowbrokers attack
hursday, August 25, 2016 
http://www.ehackingnews.com/2016/08/cisco-begins-patching-of-leaked.html
Enterprise-grade Cisco firewalls began the process of patching a zero-day vulnerability in its Adaptive Security Appliance (ASA) software exposed in the ShadowBrokers data dump. Researchers at Silent Signal in Hungary yesterday tweeted they had ported the EXTRABACON attack to ASA version 9.2(4), which was released a year ago. The firm expanded the attack range of the ExtraBacon Cisco hack hole revealed as part of the Shadow Brokers cache of National Security Agency-linked exploits and tools. The research after the attack confirmed that the Equation Group exploit for version 8.4(4) of the firewall appliance did indeed provide remote unauthenticated access over SSH or telnet. The attack was included in a 300 MB file download made freely available by the ShadowBrokers that also included exploits, implants and other attacks against Juniper, WatchGuard, Topsec and Fortinet firewalls and networking gear. Researchers confirmed that there was a connection between ShadowBrokers dump and Equation Group exploits. The exploit was restricted to versions 8.4 (4) and earlier of ASA boxes and has now been expanded to 9.2 (4). Users on affected versions of 7.2, 8.0 and 8.7 are requested to upgrade soon to 9.1.7 (9) or later. Newer versions that are also implicated—9.1 through 9.6—are expected to be updated in the next two days. “We have started publishing fixes for affected versions, and will continue to publish additional fixes for supported releases as they become available in the coming days,” Cisco’s Omar Santos said on Wednesday (August 24) in an updated advisory. Cisco and Fortinet have confirmed their kit is affected by exploits listed in data cache which included some 300 files circulated online. The vulnerability lies in the SNMP code in ASA that could allow an attacker to crash the affected system or remotely execute arbitrary code. The attacks can eventually be modified to target any version. The affected ASA software, Cisco said, runs in a number of its products including Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco ASA 1000V Cloud Firewall, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 4100 Series, Cisco Firepower 9300 ASA Security Module, Cisco Firepower Threat Defense Software, Cisco Firewall Services Module (FWSM), and Cisco Industrial Security Appliance 3000 Cisco PIX Firewalls. Prior to yesterday’s patches, Cisco had provided its customers with IPS and Snort signatures that detect the vulnerability. The ShadowBrokers data dump happened more than a week ago when the group claimed to have hacked the Equation Group, which is widely believed to be connected to the NSA.

ITProPortal
Experts calling for password abolition following Mail.ru breach
http://www.itproportal.com/news/experts-calling-for-password-abolition-following-mailru-breach
By Sead Fadilpašić
Russian internet giant Mail.ru has been hacked once again, and some 25 million accounts associated with forums run by the company have been compromised.

Russian internet giant Mail.ru has been hacked once again, and some 25 million accounts associated with forums run by the company have been compromised.  Among the data that was stolen are usernames, passwords (easily crackable, according to CloudLink), email addresses, phone numbers, birthdays and IP addresses.  Security firm CloudLink says theft of this kind of data is worrying, especially with IP addresses involved, as hackers could find a person’s real life address.  For the security company, this is yet another proof we need to move away from passwords and into more modern solutions: “Given the severity and regularity of data breaches, it’s clear that passwords are now unsustainable. This latest hack has just added to the long list of large data breaches amongst organisations including Apple, LinkedIn, MySpace, Tumblr and Citrix, yet companies are still risking their client’s security by using passwords,” says Gideon Wilkins, VP of Sales and Marketing at Secure Cloudlink.   “The system is flawed and as the appetite for stolen data continues to grow, these breaches will persist unless the IT industry finds a better way of protecting data.” Wilkins says that it doesn’t even matter how well-crafted the password is. If the company handling it doesn’t encrypt it, everything is pointless.  “The most concerning angle of this breach is the fact that people’s location may have been exposed, which adds a physical risk on top of the digital element. Even if an individual picks a highly complex password to make it ‘strong’, when a website is hacked, and the website doesn’t encrypt passwords then personal details as well as other high-risk data can still be compromised. Even if passwords are stored in an encrypted format, they can still be stolen and the encryption cracked.”  “We have changed the approach and changed the game, the faster a no-password solution is embraced, the less data breaches we will see and the safer user’s data will become,” concludes Wilkins.

IT NEWS
Linux at 25: Linus Torvalds on the evolution and future of Linux
http://www.infoworld.com/article/3109150/linux/linux-at-25-linus-torvalds-on-the-evolution-and-future-of-linux.html

By Paul Venezia
The last time I had the occasion to interview Linus Torvalds, it was 2004, and version 2.6 of the Linux kernel had been recently released. I was working on a feature titled “Linux v2.6 scales the enterprise.” The opening sentence was “If commercial Unix vendors weren’t already worried about Linux, they should be now.” How prophetic those words turned out to be. More than 12 years later -- several lifetimes in the computing world -- Linux can be found in every corner of the tech world. What started as a one-man project now involves thousands of developers. On this, its 25th anniversary, I once again reached out to Torvalds to see whether he had time to answer some questions regarding Linux’s origins and evolution, the pulse of Linux’s current development community, and how he sees operating systems and hardware changing in the future. He graciously agreed. The following interview offers Torvalds’ take on the future of x86, changes to kernel development, Linux containers, and how shifts in computing and competing OS upgrade models might affect Linux down the line. Linux’s origins were in low-resource environments, and coding practices were necessarily lean. That’s not the case today in most use cases. How do you think that has affected development practices for the kernel or operating systems in general?  I think your premise is incorrect: Linux's origins were definitely not all that low-resource. The 386 was just about the beefiest machine you could buy as a workstation at the time, and while 4MB or 8MB of RAM sounds ridiculously constrained today, and you'd say "necessarily lean," at the time it didn't feel that way at all. So I felt like I had memory and resources to spare even back 25 years ago and not at all constrained by hardware. And hardware kept getting better, so as Linux grew -- and, perhaps more importantly, as the workloads you could use Linux for grew -- we still didn't feel very constrained by hardware resources. From a development angle, I don't think things have changed all that much. If anything, I think that these days when people are trying to put Linux in some really tiny embedded environments (IoT), we actually have developers today that feel more constrained than kernel developers felt 25 years ago. It sounds odd, since those IoT devices tend to be more powerful than that original 386 I started on, but we've grown (a lot) and people’s expectations have grown, too...

Nextgov
All the Ways Your Wi-Fi Router Can Spy on You
http://www.nextgov.com/cybersecurity/2016/08/all-ways-your-wi-fi-router-can-spy-you/131039/
City dwellers spend nearly every moment of every day awash in Wi-Fi signals. Homes, streets, businesses and office buildings are constantly blasting wireless signals every which way for the benefit of nearby phones, tablets, laptops, wearables and other connected paraphernalia. When those devices connect to a router, they send requests for information—a weather forecast, the latest sports scores, a news article—and, in turn, receive that data, all over the air. As it communicates with the devices, the router is also gathering information about how its signals are traveling through the air, and whether they’re being disrupted by obstacles or interference. With that data, the router can make small adjustments to communicate more reliably with the devices it’s connected to. But it can also be used to monitor humans—and in surprisingly detailed ways. As people move through a space with a Wi-Fi signal, their bodies affect it, absorbing some waves and reflecting others in various directions. By analyzing the exact ways a Wi-Fi signal is altered when a human moves through it, researchers can “see” what someone writes with their finger in the air, identify a particular person by the way they walk, and even read a person’s lips with startling accuracy—in some cases even if a router isn’t in the same room as the person performing the actions. Several recent experiments have focused on using Wi-Fi signals to identify people, either based on their body shape or the specific way they tend to move. Earlier this month, a group of computer-science researchers at Northwestern Polytechnical University in China posted a paper to an online archive of scientific research, detailing a system that can accurately identify humans as they walk through a door nine times out of 10. The system must first be trained: It has to learn individuals’ body shapes so it can identify them later. After memorizing body shapes, the system, which the researchers named FreeSense, watches for people walking across its line of sight. If it’s told the next passerby will be one of two people, the system can correctly identify which it is 95 percent of the time. If it’s choosing between six people, it identifies the right one 89 percent of the time. The researchers proposed using their technology in a smart-home setting: If the router senses one person’s entry into a room, it could communicate with other connected devices—lights, appliances, window shades—to customize the room to that person’s preferences. FreeSense mirrored another Wi-Fi-based identification system a group of researchers from Australia and the U.K. presented at a conference earlier this year. Their system, Wi-Fi ID, focused on gait as a way to identify people from among a small group. It achieved 93 percent accuracy when choosing among two people, and 77 percent when choosing from among six. Eventually, the researchers wrote, the system could become accurate enough it could sound an alarm if an unrecognized intruder entered. Something in the way? No problem. A pair of MIT researchers wrote in 2013 they could use a router to detect the number of humans in a room and identify some basic arm gestures, even through a wall. They could tell how many people were in a room from behind a solid wooden door, a 6-inch hollow wall supported by steel beams, or an 8-inch concrete wall—and detect messages drawn in the air from a distance of five meters (but still in another room) with 100 percent accuracy. (Using more precise sensors, the same MIT researchers went on to develop systems that can distinguish between different people standing behind walls, and remotely monitor breathing and heart rates with 99 percent accuracy. President Obama got a glimpse of the latter technology during last year’s White House Demo Day in the form of Emerald, a device geared toward elderly people that can detect physical activity and falls throughout an entire home. The device even tries to predict falls before they happen by monitoring a person’s movement patterns.) Beyond human identification and general gesture recognition, Wi-Fi signals can be used to discern even the slightest of movements with extreme precision. A system called “WiKey” presented at a conference last year could tell what keys a user was pressing on a keyboard by monitoring minute finger movements. Once trained, WiKey could recognize a sentence as it was typed with 93.5 percent accuracy—all using nothing but a commercially available router and some custom code created by the researchers. And a group of researchers led by a Berkeley Ph.D. student presented technology at a 2014 conference that could “hear” what people were saying by analyzing the distortions and reflections in Wi-Fi signals created by their moving mouths. The system could determine which words from a list of lip-readable vocabulary were being said with 91 percent accuracy when one person was speaking, and 74 percent accuracy when three people were speaking at the same time. Many researchers presented their Wi-Fi sensing technology as a way to preserve privacy while still capturing important data. Instead of using cameras to monitor a space—recording and preserving everything that happens in detail—a router-based system could detect movements or actions without intruding too much, they said. I asked the lead researcher behind WiKey, Kamran Ali, whether his technology could be used to secretly steal sensitive data. Ali said the system only works in controlled environments and with rigorous training. “So, it is not a big privacy concern for now, no worries there,” wrote Ali, a Ph.D. student at Michigan State University, in an email. But as Wi-Fi “vision” evolves, it may become more adaptable and need less training. And if a hacker is able to gain access to a router and install a WiKey-like software package—or trick a user into connecting to a malicious router—he or she can try to eavesdrop on what’s being typed nearby without the user ever knowing. Because all of these ideas piggyback on one of the most ubiquitous wireless signals, they’re ripe for wide distribution once they’re refined, without the need for any new or expensive equipment. Routers could soon keep kids and older adults safe, log daily activities, or make a smart home run more smoothly—but, if invaded by a malicious hacker, they could also be turned into incredibly sophisticated hubs for monitoring and surveillance.

Sensor Tech 
Open-Source Ransomware Based on Hidden Tear and EDA2 on the Loose
http://sensorstechforum.com/open-source-ransomware-based-hidden-tear-eda2-loose/
August 25, 2016 by Milena Dimitrova+
Open-source ransomware is a real issue which is continuously evolving. Over the past few weeks, researchers have caught three open-source crypto virus strains, based on Hidden Tear and EDA2. What all of the three strains have in common is that they all look for files related to web servers and databases. This could easily mean that the ransomware viruses are specifically 
Three Ransomware Strains Based on Open-Source Code Detected in the Wild Interestingly, Hidden Tear and EDA2 are widely accepted as the first open-source ransomware coded for educational purposes. This idea quickly turned out to be fishy, as it didn’t take long for cyber criminals to exploit the code for malicious operations. As pointed out by TrendMicro researchers: RANSOM_CRYPTEAR.B is one of the many Hidden Tear spinoffs that infect systems when users access a hacked website from Paraguay. Magic ransomware http://sensorstechforum.com/magic-the-open-source-ransomware-that-emerged-from-github/ (detected as RANSOM_MEMEKAP.A), based on EDA2, came soon after CRYPTEAR.B’s discovery. It’s not hard to guess why open-source ransomware is becoming so popular among crooks – it offers the ease and convenience of not having to be tech-savvy. What is more, before the source codes of Hidden Tear and EDA2 were taken down, they were publicly available long enough for cyber criminals to modify the code according to their needs. Not only are cyber criminals using open-source code but they are also using elements from pop culture. For example, RANSOM_KAOTEAR.A is built on the Hidden Tear code, uses the filename kaoTalk.exe and includes KakaoTalk icon. KakaoTalk is a popular messaging app in South Korea with 49.1 million active users globally. Another example here is the POGOTEAR or PokemonGo ransomware. The ransomware was found in the wild by the malware researcher Michael Gillespie. It is thought that the virus might still be in development or could be tweaked more in the near future, but it looks nasty enough from now. The PokemonGO ransomware places the .locked file extension on each of the encrypted files. After that process is complete, the file هام جدا.txt is placed on the desktop, containing the ransom instructions. The name of the file is translated as “very important”. Read More about PokemonGo Ransomware Let’s not forget FSociety ransomware (RANSOM_CRYPTEAR.SMILA) which is an EDA2-based ransomware and is “inspired” by the hacker group in the Mr.Robot. http://sensorstechforum.com/mr-robot-season-2-hacks-exploits-fsociety-cryptowall/ Fsociety ransomware is based on the EDA2 ransomware project which is an open source ransomware code uploaded online and created by Utku Sen. Since then, many variants of the EDA2 project have popped up, because all it takes is someone who knows coding to take this source code and design own version of ransomware, just like Fsociety ransomware variant is.
What Else Do KaoTear, POGOTEAR, and Fsociety Ransomware Share? TrendMicro researchers point out that these three ransomware cases have other striking similarities. They target almost the same file types to encrypt: *.txt, *.doc, *.docx, *.xls, *.xlsx, *.ppt, *.pptx, *.odt, *.jpg, *.png, *.csv, *.sql, *.mdb, *.hwp, *.pdf, *.php, *.asp, *.aspx, *.html, *.xml, and *.psd. As mentioned in the beginning, some of these file extensions (such as XML, PHP, and ASPX) are related to web servers which points to attacks targeting businesses. Moreover, all three ransomware search for SQL and MDB files, associated with databases. […] POGOTEAR and FSociety may still be under development. One indicator for this is POGOTEAR’s use of a private IP for its command-and-control (C&C) server. Since it uses a private IP, the information sent stays within the organization’s network. On the other hand, FSociety searches for a folder named ‘test’ in the %Desktop%. If the said folder is not found, FSociety does not encrypt any files.
The Dangers of Open-Source, Educational Malware Open-source ransomware has raised a red flag in the cyber security community. Hidden Tear and EDA2 were both exploited by cyber crooks who used the public source code, modified it and attacked users. Another educational ransomware spotted is ShinoLocker (detected as RANSOM_SHINOLOCK.A). Aside from file encryption, it can also uninstall itself and restore files it has encrypted. The developer created it for simulation purposes. The moral here is that cyber security researchers have to address the possible risks and consequences of developing educational malware. Leaving the source-code in the public space available to anyone has proven to be a bad idea. Instead, researchers should distribute these only to credible recipients through secure channels. Before releasing anything to the public, researchers need to assess its benefits against the potential threats that it can introduce if it goes into the wrong hands, TrendMicro concludes.

Cisco Updates ASA Software to fix the Equation Group’s EXTRABACON exploit
August 25, 2016  By Pierluigi Paganini
http://securityaffairs.co/wordpress/50618/security/cisco-fixed-extrabacon-exploit.html
Cisco has started releasing patches for its ASA software to address the Equation Group’s EXTRABACON exploit included in the NSA data dump leaked online. Security firms and IT giants are analyzing the huge archive leaked by the Shadow Brokers crew after the hack of the NSA-linked Equation Group. We reported that some of the exploits included in the archive are effective against CISCO, Fortinet, and Juniper network appliance. For example, the BENIGNCERTAIN tool included in the NSA data dump could be exploited by remote attackers to extract VPN passwords from certain Cisco devices, meanwhile the EXTRABACON was analyzed by the Hungary-based security consultancy SilentSignal to hack into the newer models of Cisco’s Adaptive Security Appliance (ASA). The EXTRABACON tool exploits the CVE-2016-6366 vulnerability to allow an attacker who has already gained a foothold in a targeted network to take full control of a CISCO ASA firewall. The CVE-2016-6366 flaw affects Cisco’s ASA appliances, both firewalls and routers, Firepower products, Firewall Services Modules, industrial security appliances, and PIX firewalls.
The EXTRABACON tool leverages on a flaw that resides in the Simple Network Management Protocol (SNMP) implemented by the ASA software. “A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” states the advisory  published by CISCO. “The vulnerability is due to a buffer overflow in the affected code area.  The vulnerability affects all versions of SNMP. An attacker could exploit this vulnerability by sending crafted SNMP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. The attacker must know the SNMP community string to exploit this vulnerability.” Cisco promptly analyzed the exploits and released the necessary patches. Network administrators that manage CISCO ASA 7.2, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6 and 8.7 have to update their installations to version 9.1.7(9) or later. The vulnerability has been fixed in the ASA 9.1, 9.5 and 9.6 with the release of versions 9.1.7(9), 9.5(3) and 9.6.1(11). The remaining versions will be fixed by the IT giant in the upcoming days, anyway, the company provided a detailed description of the workarounds to implement as a temporary solution. The company will not issue any patch for no longer supported devices, including firewall modules and PIX firewalls.

Spying on Canadian Phone Calls and Emails by Canadian SIGINT Agency Has Risen Dramatically
http://www.matthewaid.com/post/149457819696/spying-on-canadian-phone-calls-and-emails-by
August 25, 2016 Federal spies suddenly intercepting 26 times more Canadian phone calls and communications Ian MacLeod Ottawa Citizen August 24, 2016 OTTAWA — Interception of Canadians’ private communications by the federal electronic spy agency increased 26-fold last year, for reasons authorities won’t fully explain. And despite commitments between Canada and its intelligence-sharing allies to respect the privacy of each nation’s citizens, the volume of information on Canadians collected by allied intelligence agencies and informally shared with Canada’s spies has grown to the point that it now requires a formal mechanism to cope with all the data. At least one intelligence expert is concerned the change sidesteps the spirit of Canadian privacy laws. Details are contained in the latest annual report by the independent, external oversight organization that reviews activities of the Canadian Security Establishment (CSE), Ottawa’s super-secret foreign signals intelligence agency. Quietly tabled in Parliament July 20, the report concludes CSE’s 2015-16 activities were lawful. But the watchdog Office of the Commissioner of the Communications Security Establishment notes CSE intercepted 342 private communications in 2014-15, compared to just 13 for the previous year. By law, CSE can only target communications of foreign entities outside Canada. If one end of that communication is in Canada, making it a “private communication,” it requires a written authorization from the minister of national defence, responsible for the CSE, and only if it is essential for “international affairs, defence or security.” There also must be “satisfactory measures” to protect the privacy of any Canadian citizens, including permanent residents and corporations, inadvertently caught up in the intercept. Otherwise, the CSE is not allowed to target Canadians at home or abroad. Commissioner Jean-Pierre Plouffe, a retired Quebec superior court judge, reports he is satisfied all the intercepts of Canadians’ communications last year were unintentional, essential to international affairs, defence or security, backed by ministerial authorizations and legal. There’s always been this concern about how much do our careful privacy laws get sidestepped by having allies do this stuff But Plouffe’s explanation for the 26-fold jump is not so straightforward: “This was a consequence of the technical characteristics of a particular communications technology and of the manner in which private communications are counted,” he writes. Asked to clarify, his office Wednesday declined, saying it is bound by the Security of Information Act and, “to say more could reveal CSE operational capabilities.” CSE, too, declined to elaborate. “To protect our capabilities and ensure that they remain effective, CSE cannot provide any additional information,” agency spokesman Ryan Foreman said in a statement. Bill Robinson, a respected and unofficial CSE watchdog who hosts the Lux Ex Umbra blog site, said: “CSE has tremendous control over what the commissioner can in fact say because of its classification/declassification power. They can reduce it to total gibberish.” Robinson speculates CSE may have targeted social media conversations between individuals and counted each separate message in the string as a private communication. A small number of online conversations could be responsible for the rather large total. More concerning, he said, is the increasing practice of U.S., British, Australian and New Zealand security intelligence agencies who, along with Canada, make up the Five Eyes intelligence-sharing network, giving information collected on Canadians to the Canadian Security Intelligence Service (CSIS), the country’s domestic security intelligence guardians. Plouffe’s report says prior to February 2015, the process for such allied reporting to CSIS was “manual” and did not involve CSE. But, “to help address the evolving terrorist threat and the increase in the number of foreign fighters, CSIS required a more timely mechanism to securely exchange information. “To this end, CSIS requested CSE assistance … to establish a mechanism for CSIS to receive and handle these reports via CSE’s established channels.” Robinson believes the change is evidence of just how systematic the clandestine collection of Canadians’ information by the allies has become. Authorities used to claim “that ‘we don’t really do that’. And then it was, ‘yeah, but it’s in exceptional cases’, and then it became, ‘well, we’re doing this for terrorism’ (and certain general crimes), so it’s pretty much going to be all the time,” said Robinson. “There’s always been this concern about how much do our careful privacy laws get sidestepped by having allies do this stuff instead, and the answer has always been, ‘we don’t really do that, we have these agreements’ and so on. “We’re seeing how that gets chipped away.”

 Business Insider 
A hacker claims he has more leaked NSA files to view — If you can solve this puzzle
http://www.businessinsider.com/hacker-nsa-files-2016-8

Paul Szoldra/Business Insider A hacker named 1x0123 claims he has the other half of the recently-leaked NSA hacking toolkit for sale — but samples of the dataset are only available if you can figure out his cryptographic puzzle. On Sunday, the hacker posted on Twitter that he was selling the entire archive of files for $8,000, seemingly undercutting the mysterious "Shadow Brokers" hacking group that leaked one-half of the archive last week at various file-sharing websites with claims of an "auction" for the rest. It appears that 1x0123 is indeed a hacker who has found and sold security vulnerabilities in the past. Even ex-NSA contractor Edward Snowden praised him in April for finding an issue on the Freedom of the Press website. But it's not clear whether the hacker really has the other half of the NSA archive, nor is it clear where he could have obtained it. It's entirely possible this is an elaborate troll and the encrypted archive 1x0123 is offering contains nothing more than a Rickroll. Still, he's been dropping many hints over the past few days of how to access it.  Here's the first hint, which includes an encrypted web address, directory listing, and file name: #NSAHack pic.twitter.com/xAkvQ7FJ3p — 1x0123 (@1x0123) August 22, 2016 This is what he posted as a screenshot of the supposed directory structure of the files, though it should be noted that these can easily be faked. #NSA focused on browser exploits to gain access to machines, pic.twitter.com/M4GB62977P — 1x0123 (@1x0123) August 22, 2016 Then on Tuesday, he posted another hint. This time, it was a screenshot of the supposed .onion site — only accessible via the Tor browser — with the full address redacted. 2 people where able to solve the puzzle i posted, NSA exploits dump are ready for download 901028736451 need more ? pic.twitter.com/enZa7sAl5X — 1x0123 (@1x0123) August 24, 2016 There are a few things we can discern from what 1x0123 has revealed so far: The site hosting the files is an .onion link and the revealed file name — "EQ_exploits_Fullpack.zip" in the screenshot probably helps in decrypting the letters in the original message. Further, the browser title of "ng crypto" is telling, indicating the software the hacker used to encrypt his message. This hasn't really helped us much in figuring it out, but if you get it, please let us know. After 1x0123 posted his claim, Business Insider reached out to ask for a sample of the data to confirm it was legitimate. Instead, the hacker said the data could not be shared until it's sold, and he added that he does not talk to journalists. Still, we noted that 1x0123 had spoken with Gizmodo reporter William Turton. 1x0123 claimed he did not share anything with Turton since he didn't pay him, and hinted that we could get a sample if we paid around $500 to $1000. We declined. "Money is the key to write an execlusive (sic) article," 1x0123 told Business Insider. If the crypto puzzle game doesn't work out, we'll just have to wait for WikiLeaks to release the rest, which it also claims to have. "We had already obtained the archive of NSA cyber weapons released earlier today," its official Twitter account wrote on Aug. 15. "And will release our own pristine copy in due course."

The National Security Agency has no idea how a rogue hacking group leaked its exploits
http://www.ibtimes.co.uk/national-security-agency-has-no-idea-how-rogue-hacking-group-leaked-its-exploits-1578046
A group called The Shadow Brokers leaked NSA exploit kits online on 13 August.
By Jason Murdock August 25, 2016 15:44 BST

The National Security Agency (NSA) headquarters at Fort Meade, Maryland, as seen from the air, January 29, 2010.Saul Loeb/AFP/Getty Images The US intelligence community is still attempting to figure out how a hacking group called the Shadow Brokers was able to obtain and leak a slew of NSA computer exploits used to circumvent security of routers and firewalls, top officials have admitted. "We are still sorting this out," said James Clapper, director of national intelligence, at an event at the Nixon Presidential Library on 24 August. As reported by AP, he added: "It's still under investigation. We don't know exactly the full extent – or the understanding – of exactly what happened." In what amounted to the first official comment on the hack, it's clear the US government is still attempting to find out the true scope of the embarrassing blunder. The leaked toolkits, reportedly from 2013, contained NSA surveillance and infiltration exploits that relied upon previously unknown zero-day vulnerabilities. The Shadow Brokers, the hacking group with suspected ties to Russian intelligence, released the files on 13 August. The group, which claimed to have obtained them from the NSA-linked 'Equation Group', published one file as proof of legitimacy and put the remaining one up for 'auction' for a massive 1m bitcoin – equivalent to over $550m (£416m). Many of the exploits – such as Bananaglee and Zestyleak – were eventually confirmed to be real by previously unreleased Edward Snowden documents published by The Intercept. Following this, multiple US firms – including Cisco, Fortinet and Juniper – were forced to rush out security patches and warnings to their customers. Now, cybersecurity researchers are calling on the NSA and the US government to disclose more information about the troubling leak of tools that were never meant to see the light of day. "It now safe to say that the 'Equation Group' leak by Shadow Brokers is real and consists of a genuine trove of NSA tools used to hack firewalls," said Nicholas Weaver, a senior computer security researcher at the International Computer Science Institute in California. "The leaked code references known programs, uses a particularly unusual RC6 and cruddy crypto techniques previously associated with NSA implants," he added, writing on Lawfare. "The whole episode raises a host of oversight questions. How and why did NSA lose 280MB of top secret attack tools, including multiple zero day exploits and un-obfuscated implants?" Weaver said that tough questions now been to be asked of the NSA, including when it became aware of the breach, why it didn't contact the vulnerable technology firms and if it has identified the source of the breach. "Certainly somewhere there's been a substantial screw up," he said. "Congress should not let the agency off the hook, good security systems should make things difficult to fail."
A computer workstation bears the National Security Agency (NSA) logoPAUL J. RICHARDS/AFP/Getty Images Speaking with IBTimes UK, Douglas Crawford, a cybersecurity expert at BestVPN, a firm that analyses the mounting number of virtual private network products on the market, said it was a concern – but not a surprise – to see the NSA exploiting US technology firms. "The affected companies – Cisco, Juniper and Fortinet, are all high-profile US brands," he said. "That their products were directly targeted by the NSA demonstrates that the security agency has gone rogue, and is acting against the best interests of the country whose job it is to serve." He continued: "The only way for the NSA to help restore confidence in US security products would be to adopt a policy of transparency. "Critically, international encryption standards should be developed as open source projects that can be independently audited, and NIST – which by its own admission works closely with the NSA – certification should be replaced with certification by a transparent and international body of independent experts. Is this likely to happen? The phrase 'snowball's chance in hell' comes to mind." Now, the US intelligence officials have said its probe will continue. John Brennan, the director of the CIA, who appeared alongside Clapper at the Nixon Presidential Library event, added that cybersecurity is now viewed as one of the most serious issues facing the US. "This administration, the intelligence community is focused like a laser on this and I would say the next administration really needs to take this up early on as probably the most important issue they have to grapple with," he said.

Keystroke Recognition Uses Wi-Fi Signals To Snoop
https://threatpost.com/keystroke-recognition-uses-wi-fi-signals-to-snoop/120135/
by Tom Spring August 25, 2016 , 2:19 pm
A group of academic researchers have figured out how to use off-the-shelf computer equipment and a standard Wi-Fi connection to sniff out keystrokes coming from someone typing on a keyboard nearby. The keystroke recognition technology, called WiKey, isn’t perfect, but is impressive with a reported 97.5 percent accuracy under a controlled environment. WiKey is similar to other types of motion and gesture detection technologies such as Intel’s RealSense. But what makes WiKey unique is that instead of recognizing hand gestures and body movement, it can pick up micro-movements as small as keystrokes.

The research, conducted by Michigan State University and China’s Nanjing University, relies 100 percent on the 802.11n/ac Wi-Fi protocol and uses a TP-Link WR1043ND WiFi router ($43) and a Lenovo X200 laptop ($200). Using the above equipment, researchers were able to use the Wi-Fi signal’s Channel State Information values to detect movements within a given environment. Channel State Information (CSI) in the past has been used to detect macro movements such as the presence of someone in a room, or hand or arm movements. A variation of this technology called WiHear was even developed to detect movements of a mouth with the ability to detect nearly a dozen different syllables spoken by a test subject. But WiKey takes WiHear lip reading to an entirely new level by detecting finger, hand, and keyboard key movements. The researchers see the WiKey technology as a theoretic attack vector, but they also see WiKey with applications that go beyond attacks. “The techniques proposed in this paper can be used for several HCI (human computer interaction) applications. Examples include zoom-in, zoom-out, scrolling, sliding, and rotating gestures for operating personal computers, gesture recognition for gaming consoles, in-home gesture recognition for operating various household devices, and applications such as writing and drawing in the air,” wrote co-authors of the scientific research (PDF) Kamran Ali, Alex X. Liu, Wei Wang and Muhammad Shahzad. To capture keystrokes, or micro-movements, isn’t easy. Under a controlled environment, which doesn’t include a lot of movement such as people walking around or multiple people sitting close to one another using a laptop, researchers are able to detect even the slightest variations in wireless channel activities. Along with that data researchers also factor in wealth of information including signal strength, where the keyboard is located and what, where and why is interference occurring. In order to collect micro-movement data using Wi-Fi, researchers use the router’s MIMO channels. MIMO is a wireless term used to refer to a router’s ability to use multiple antennas between a sender (router) and receiver (WNIC) that pass more than one data signal simultaneously of the same radio channel. The researchers explain: “Each MIMO channel between each transmit-receive antenna pair of a transmitter and receiver comprises of multiple subcarriers. These WiFi devices continuously monitor the state of the wireless channel to effectively perform transmit power allocations and rate adaptations for each individual MIMO stream such that the available capacity of the wireless channel is maximally utilized. These devices quantify the state of the channel in terms of CSI values. The CSI values essentially characterize the Channel Frequency Response for each subcarrier between each transmit-receive antenna pair.” If that didn’t sound challenging enough, next researchers have to filter out radio noise (frequency changes) and environmental movements not related to typing. Then, even after noise is removed, there are other considerations researchers needed to factor such as the time it takes to press a key. By associating values based on the above culling of data researchers assigned number values to each keystroke (as seen below) based on individual typists. Average values of features extracted from keystrokes of keys a-z collected from users. Under the most ideal controlled circumstances where test subjects were limited to type only one a half-dozen different sentences and typing one key every one second the researchers achieved 97.5 percent accuracy. That controlled environment also didn’t include real-world scenarios such as people walking around in the same room and typing on additional laptops. In what researchers call a real-world scenario WiKey drops to an average keystroke recognition accuracy of 77.5 percent. “WiKey requires many samples per key from each user which may be difficult to obtain in real life attack scenarios. Still, there exist ways through which an attacker can obtain the training data. For example, an attacker can start an online chat session with a person sitting near him and record CSI values while chatting with him,” researchers wrote. Researchers point out that this level of accuracy might be all that’s needed sniff out a password typed into a laptop. Other than being used in a potential attack, researchers hope WiKey can have a variety of non-attack applications such as gesture recognition. “We have shown that our technique works in controlled environments (using commodity hardware), and in future we plan to address the problem of mitigating the effects of more harsh wireless environments by building on our micro-gesture extraction and recognition techniques proposed in this paper,” the researchers wrote.

 Jupiter Broadcasting 
The Fresh BSD experience | BSD Now 156
http://www.jupiterbroadcasting.com/102501/the-fresh-bsd-experience-bsd-now-156/
SD Video
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0156-432p.mp4
HD Video
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0156.mp4
 MP3 
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/bsd-0156.mp3

http://www.podtrac.com/pts/redirect.ogg/traffic.libsyn.com/jnite/bsd-0156.ogg

Jupiter Broadcasting
iPhishing Expedition | TechSNAP 281
http://www.jupiterbroadcasting.com/102536/iphishing-expedition-techsnap-281/

HD VIDEO
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0281.mp4
 Mobile Video 
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0281-432p.mp4
 MP3 
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jupiterbroadcasting/techsnap-0281.mp3
OGG 
http://www.podtrac.com/pts/redirect.ogg/traffic.libsyn.com/jupiterbroadcasting/techsnap-0281.ogg

Open Sources
Attorney: US-Russia Tensions Led to Seleznev's Kidnapping by US Forces
http://opensources.info/attorney-us-russia-tensions-led-to-seleznev39s-kidnapping-by-us-forces-2/
Aug 26, 2016
SEATTLE (Sputnik) – “We wouldn’t be here if he was a Canadian,” John Henry Browne, Seleznev’s attorney, told journalists on Thursday, explaining “I think because of strained relations between the US and Russia, which I don’t agree with personally at all, the kidnapping of other people that the United States has done has involved terrorists…It’s the first time I’ve ever known of anyone with an identity theft case.” Browne also recalled news reports of a cyber attack on the US Democratic National Committee, an incident that also reflected the current relations between the United States and Russia, according to Seleznev’s lawyer. “I think they were trying to say those were Russians. That’s kind of explains my comment about the Canadian,” Browne said. On Thursday, Seleznev was found guilty by a jury panel at a US court of cybercrimes. Seleznev, 32, who is the son of Russian parliament member Valery Seleznev, was charged with 38 counts of bank fraud, hacking into secured computer networks, possession of illegal hacking devices as well as aggravated identity theft. According to US prosecutors, Seleznev hacked into retail point-of-sale systems and installed malware in order to steal over a million credit card numbers from businesses between October 2009 and October 2013. In July 2014, US forces detained Seleznev in the Maldives, transferred him to Guam before bringing him to Seattle. Russian authorities have branded the detention of Seleznev by the United States as kidnapping.

Son Of Russian Parliament Member Convicted Of Hacking
http://nationalcybersecurity.com/son-russian-parliament-member-convicted-hacking/
Date August 26, 2016
Roman Seleznev, also known as “Track2,” has been convicted on charges that he conspired to hack into U.S. businesses as part of a plot to steal and sell credit card numbers. The hack is estimated to have cost upwards of $169 million. The son of a Russian parliament member, Seleznev was found guilty on 38 of 40 charges brought against him. Those counts included wire fraud and intentional damage to a protected computer. The case hinges on hacks that took place from Oct. 2009 to Oct. 2013. During that time, Seleznev hacked into retail point-of-sale systems and installed malware to steal credit card numbers from businesses. Pizza restaurants in Washington State were a particular favorite target. The trial lasted eight days. And while that may seem short, the trial concluded a decade-long investigation by the U.S. Secret Service. Seleznev was only able to be tried in the U.S. when he was caught in the Maldives before he was able to return from a vacation. Seleznev and various Russian officials have accused the Secret Service of kidnapping him to trial. He is now facing a mandatory minimum of four years in prison, according to his lawyer, John Henry Browne. Browne intends to appeal the case on the grounds that the trial itself is predicated on an illegal arrest and that prosecutors were able to submit evidence from a corrupted laptop. “I don’t know of any case that has allowed such outrageous behavior,” Browne said. Outrageous or not, prosecutors managed to convince a jury that Seleznev was behind the theft and resale of over 2.9 million credit card numbers. His adventures in the U.S. legal system are not quite complete; he still faces separate charges pending in federal courts in Nevada and Georgia.

 Security Affairs 
Apple fixed Zero-Days flaws exploited by nation-state spyware
August 26, 2016  By Pierluigi Paganini
http://securityaffairs.co/wordpress/50641/mobile-2/apple-fixed-zero-days.html
Apple issued emergency iOS updates to patch three Zero-Days exploited by a government spyware in an high-sophisticated attack. Apple has released the iOS 9.3.5 update for its mobile devices (iPhones and iPads). The security updates address three zero-day vulnerabilities exploited by nation-state actors to spy on activists. Security experts have spotted a strain of spyware targeting the iPhone used by a notorious UAE human rights defender, Ahmed Mansoor. Apple labeled the update “important,” inviting users to update their devices to protect them from malicious codes that exploit the three flaws. Malware researchers believe that the Israeli surveillance NSO Group has developed a malware that has been exploiting three zero-day security vulnerabilities in order to spy on dissidents and journalists. The software developed by the company secretly tracks a target’s mobile phone,it exploits the zero-day flaws tracking the device location, access mobile data including contacts, texts, calls logs, emails and record surrounding rumors through the microphone. Apple has patched the three vulnerabilities just ten days after the security experts from Citizen Lab and Lookout reported them to the company. Experts from Lookout identified the targeted attack as Pegasus as explained in a detailed blog post. “Pegasus is the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile — always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists. It is modular to allow for customization and uses strong encryption to evade detection.” states the blog post published by Lookout., the three zero-day flaws, dubbed ” The three zero-day vulnerabilities, dubbed “Trident,” exploited in the attack are: * CVE-2016-4655: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory. * CVE-2016-4656: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to silently jailbreak the device and install surveillance software. * CVE-2016-4657: Memory Corruption in Webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link. Mansoor, who won the ‘Martin Ennals Award’ in the United Arab Emirates, received a text message on his iPhone on August 10. The message was sent from an unknown number. Mansoor found the message very suspicious and forwarded the message to Bill Marczak, researcher at the Citizen Lab that conducted a joint investigation with mobile security firm Lookout. The message embedded a link to a high-sophisticated spyware the was designer to exploit the flaws fixed by Apple.

 Schneir on Security 
The NSA Is Hoarding Vulnerabilities
https://www.schneier.com/blog/archives/2016/08/the_nsa_is_hoar.html
The National Security Agency is lying to us. We know that because of data stolen from an NSA server was dumped on the Internet. The agency is hoarding information about security vulnerabilities in the products you use, because it wants to use it to hack others' computers. Those vulnerabilities aren't being reported, and aren't getting fixed, making your computers and networks unsafe. On August 13, a group calling itself the Shadow Brokers released 300 megabytes of NSA cyberweapon code on the Internet. Near as we experts can tell, the NSA network itself wasn't hacked; what probably happened was that a "staging server" for NSA cyberweapons -- that is, a server the NSA was making use of to mask its surveillance activities -- was hacked in 2013. The NSA inadvertently resecured itself in what was coincidentally the early weeks of the Snowden document release. The people behind the link used casual hacker lingo, and made a weird, implausible proposal involving holding a bitcoin auction for the rest of the data: "!!! Attention government sponsors of cyber warfare and those who profit from it !!!! How much you pay for enemies cyber weapons?" Still, most people believe the hack was the work of the Russian government and the data release some sort of political message. Perhaps it was a warning that if the US government exposes the Russians as being behind the hack of the Democratic National Committee -- or other high-profile data breaches -- the Russians will expose NSA exploits in turn. But what I want to talk about is the data. The sophisticated cyberweapons in the data dump include vulnerabilities and "exploit code" that can be deployed against common Internet security systems. Products targeted include those made by Cisco, Fortinet, TOPSEC, Watchguard, and Juniper -- systems that are used by both private and government organizations around the world. Some of these vulnerabilities have been independently discovered and fixed since 2013, and some had remained unknown until now. All of them are examples of the NSA -- despite what it and other representatives of the US government say -- prioritizing its ability to conduct surveillance over our security. Here's one example. Security researcher Mustafa al-Bassam found an attack tool codenamed BENIGHCERTAIN that tricks certain Cisco firewalls into exposing some of their memory, including their authentication passwords. Those passwords can then be used to decrypt virtual private network, or VPN, traffic, completely bypassing the firewalls' security. Cisco hasn't sold these firewalls since 2009, but they're still in use today. Vulnerabilities like that one could have, and should have, been fixed years ago. And they would have been, if the NSA had made good on its word to alert American companies and organizations when it had identified security holes. Over the past few years, different parts of the US government have repeatedly assured us that the NSA does not hoard "zero days"  the term used by security experts for vulnerabilities unknown to software vendors. After we learned from the Snowden documents that the NSA purchases zero-day vulnerabilities from cyberweapons arms manufacturers, the Obama administration announced, in early 2014, that the NSA must disclose flaws in common software so they can be patched (unless there is "a clear national security or law enforcement" use). Later that year, National Security Council cybersecurity coordinator and special adviser to the president on cybersecurity issues Michael Daniel insisted that US doesn't stockpile zero-days (except for the same narrow exemption). An official statement from the White House in 2014 said the same thing. The Shadow Brokers data shows this is not true. The NSA hoards vulnerabilities. Hoarding zero-day vulnerabilities is a bad idea. It means that we're all less secure. When Edward Snowden exposed many of the NSA's surveillance programs, there was considerable discussion about what the agency does with vulnerabilities in common software products that it finds. Inside the US government, the system of figuring out what to do with individual vulnerabilities is called the Vulnerabilities Equities Process (VEP). It's an inter-agency process, and it's complicated...

Russia says Chinese hackers are getting more aggressive
http://nationalcybersecurity.com/russia-says-chinese-hackers-getting-aggressive/
While the Whttp://www.unian.info/world/1487689-bloomberg-russia-says-chinese-hackers-are-getting-more-aggressive.htmlest sees Russia as a cyber predator, hackers in the East increasingly view it as prey, according to online security company Kaspersky Lab, which says there’s been a sharp spike in attacks from China, according to Bloomberg. Cases of Chinese hacking of Russian industries including defense, nuclear, and aviation rose almost threefold to 194 in the first seven months of this year from 72 in the whole of 2015, according to Alexander Gostev, the Moscow-based company’s chief security expert, Bloomberg wrote. Proofpoint, a California-based cyber security company, also reported an increase in Chinese attacks on Russia. The hacking is going on “despite the officially promoted friendship between Russia and China and accords on cyber security, cooperation and non-aggression” between the two governments, Gostev said in an interview. “I don’t see them working.” President Vladimir Putin is seeking to boost economic and military ties with China, which he calls Russia’s “strategic partner,” amid tensions with the U.S. and Europe over the conflict in Ukraine. He and Chinese President Xi Jinping signed more than 30 cooperation deals including in energy, transport infrastructure and rocket production at a summit in Beijing in June, where Xi said he wanted the two countries to be “friends forever.” Computer hacking allegations have strained relations with the U.S. after the FBI was said to have high confidence that Russian intelligence was behind attacks on Democratic Party groups that led to the release of stolen e-mails just before Hillary Clinton’s nomination last month for the presidential elections. Russia’s denied any involvement. Republican contender Donald Trump urged Russia to find “30,000 e-mails that are missing” from a private server Clinton used as secretary of state, though he later said he was being sarcastic. Cyber Espionage Activity against Russia increased after Xi and U.S. President Barack Obama signed an agreement promising not to engage in economic cyber espionage in September last year, Gostev said. Computer security company FireEye Inc. said in a June report that attacks against the U.S. from known Chinese hacking groups with a connection to state interests have fallen substantially over the past year. Russia and China signed an information-security agreement pledging not to attack each other in May last year. “The Chinese track record of cybersecurity cooperation shows that Beijing isn’t always keen on implementing agreements fully,” Oleg Demidov, cybersecurity expert at Moscow’s PIR Center, a think tank on global security issues, said by e-mail. This is particularly true when the agreements concern China’s “strategic and military interests,” he said. The state-run Cyber Administration of China didn’t respond to a fax seeking comment on hacking attacks. China has repeatedly accused the U.S. of making groundless accusations of state involvement in hacking. Security Threat Chinese malware used against Russia includes more than 50 families of trojan viruses that attacked 35 companies and institutions this year, Kaspersky estimated. Among them were seven military enterprises specializing in missiles, radar and naval technology, five government ministries, four aviation businesses and two companies involved in the nuclear industry, Gostev said. “Almost every entity in Russia’s defense industry has been attacked recently by Chinese groups” and “clearly” lost information, he said. He declined to name specific bodies that were attacked, citing Kaspersky’s client confidentiality policy. The number of attacks on organizations is likely much higher than reported, since only 10% of Kaspersky’s corporate clients exchange data on hacking with its security network, he said. The Russian Defense Ministry and the Federal Security Service (FSB) are formulating measures against NetTraveler, a trojan linked to China, that is being used to spy on weapons manufacturers and threatens national security, SC Magazine reported in June, citing Defense Ministry sources that it didn’t identify. Tanks, Helicopters State-run tank manufacturer, Uralvagonzavod, and Russian Helicopters were among entities attacked, according to the magazine. Neither the companies nor the FSB responded to e-mailed questions seeking comment. Putin’s aide on information security, Andrei Krutskikh, also didn’t reply to e-mailed questions. While it isn’t possible to attribute hacking definitively to Chinese authorities, attacks are most likely either sponsored or approved by state bodies and in some cases are conducted by military hackers, Gostev said. They focus on cyber espionage, not financial hacking, he said.

KUWAITI GOVERNMENT STAFFER ARRESTED FOR ROLE IN ISIS CYBER WING
http://nationalcybersecurity.com/kuwaiti-government-staffer-arrested-role-isis-cyber-wing/
August 26, 2016
Kuwaiti police have detained a government worker on suspicion of proliferating the ideology of the Islamic State militant group (ISIS), the interior ministry said late Thursday. The suspect, identified as 26-year-old Kuwaiti national Othman Zain Nayef, had “used his office and computer to spread the extremist ideology of the so-called Daesh terrorist organization,” the ministry said in a statement, using an Arabic term for ISIS. Nayef has allegedly confessed to being a member of ISIS’s “electronic army,” in which he played a role in its hacking operations at the heart of the Kuwaiti government, according to the ministry, as quoted by the Kuwaiti state news agency KUNA. He admitted to hacking official websites “in friendly and sister states,” AFP news agency reported. ISIS’s aims are helped by a web of sympathizers who have carried out low-level cyber attacks on online targets linked to enemies of the radical Islamist group. One notable attack included the hacking of U.S. Central Command’s Twitter and YouTube accounts. In recent months, one of the group’s affiliated cyber-wings has released a series of hit lists intended to spread fear among the U.S. population. In May, ISIS’s cyber-wing dumped the details of 3,000 New Yorkers, mostly from Brooklyn, forcing the NYPD and FBI to inform all of those included on the list. It then released the names of 800 members of the Arkansas Library Association, another apparently low-level target whose personal data the group was able to breach and circulate. Kuwait has found itself to be an ISIS target. Last month, Kuwaiti authorities said they had intercepted three ISIS cells that were planning attacks in the country, particularly against an interior ministry target and a Shiite mosque. In June 2015, ISIS claimed responsibility for a suicide bombing at a Shiite mosque in Kuwait City during a Ramadan prayer service, killing 26 worshippers. It represented the worst-ever attack in the Gulf state.

Soylent News
25-Core "Piton" SPARC CPU Unveiled by Princeton University
http://7rmath4ro2of2a42.onion/article.pl?sid=16/08/26/151250
posted by janrinok on Saturday August 27, @02:42AM 
Princeton University researchers presented a 25-core "manycore" CPU at the Hot Chips conference: It was a week for chip launches with the Hot Chips conference setting the stage for the unveiling of the IBM Power9 processor (report forthcoming) and a custom ARM-based 64-core CPU from Chinese firm Phytium Technology. A 25-core academic manycore processor out of Princeton University also made its debut from the Silicon Valley event. [...] "With Piton, we really sat down and rethought computer architecture in order to build a chip specifically for data centers and the cloud," said David Wentzlaff, a Princeton assistant professor of electrical engineering and associated faculty in the Department of Computer Science in an official announcement. "The chip we've made is among the largest chips ever built in academia and it shows how servers could run far more efficiently and cheaply." Piton is based on the SPARC V9 64-bit ISA and supports Debian Linux. After being designed in early 2015, Piton was taped-out in IBM's 32nm SOI process. The 6×6 millimeter die has more than 460 million transistors. The silicon has been tested in the lab and is working, according to the research team. The design is open source (open, DOI: 10.1145/2954679.2872414) (DX). More information here.

http://parallel.princeton.edu/papers/openpiton-asplos16.pdf

New microchip demonstrates efficiency and scalable design
Posted August 23, 2016; 01:30 p.m. by Adam Hadhazy for the Office of Engineering Communications
https://www.princeton.edu/main/news/archive/S47/19/67G69/index.xml?section=topstories
http://parallel.princeton.edu/piton/

Princeton University researchers have developed a new computer chip that promises to boost the performance of data centers that lie at the core of numerous online services such as email and social media. The chip — called "Piton" after the metal spikes driven by rock climbers into mountainsides to aid in their ascent — was presented Aug. 23 at Hot Chips, a symposium on high-performance chips held in Cupertino, California. Data centers — essentially giant warehouses packed with computer servers — support cloud-based services such as Gmail and Facebook, as well as store the staggeringly voluminous content available via the internet. Yet the computer chips at the heart of the biggest servers that route and process information often differ little from the chips in smaller servers or everyday personal computers.

Princeton University researchers have developed a new computer chip called "Piton" (above) — after the metal spikes driven by rock climbers into mountainsides to aid in their ascent — that was designed specifically for massive computing systems. The chip could substantially increase processing speed while slashing energy usage, and is scalable, meaning that thousands of chips containing millions of independent processors can be connected into a single system. It was presented Aug. 23 at Hot Chips, a symposium on high-performance chips held in Cupertino, California. (Photo by David Wentzlaff, Department of Electrical Engineering) The Princeton researchers designed their chip specifically for massive computing systems. Piton could substantially increase processing speed while slashing energy usage. The chip architecture is scalable — designs can be built that go from a dozen to several thousand cores, which are the independent processors that carry out the instructions in a computer program. Also, the architecture enables thousands of chips to be connected into a single system containing millions of cores. "With Piton, we really sat down and rethought computer architecture in order to build a chip specifically for data centers and the cloud," said David Wentzlaff, a Princeton assistant professor of electrical engineering and associated faculty in the Department of Computer Science. "The chip we've made is among the largest chips ever built in academia and it shows how servers could run far more efficiently and cheaply." The unveiling of Piton is a culmination of years of effort by Wentzlaff and his students. Michael McKeown, Wentzlaff's graduate student, will present at Hot Chips. Mohammad Shahrad, a graduate student in Wentzlaff's Princeton Parallel Group, said that creating "a physical piece of hardware in an academic setting is a rare and very special opportunity for computer architects." The current version of the Piton chip measures 6 millimeters by 6 millimeters. The chip has more than 460 million transistors, each of which are as small as 32 nanometers — too small to be seen by anything but an electron microscope. The bulk of these transistors are contained in 25 cores. Most personal computer chips have four or eight cores. In general, more cores mean faster processing times, so long as software ably exploits the hardware's available cores to run operations in parallel. Therefore, computer manufacturers have turned to multi-core chips to squeeze further gains out of conventional approaches to computer hardware. In recent years companies and academic institutions have produced chips with many dozens of cores — but the readily scalable architecture of Piton can enable thousands of cores on a single chip with half a billion cores in the data center, Wentzlaff said. "What we have with Piton is really a prototype for future commercial server systems that could take advantage of a tremendous number of cores to speed up processing," Wentzlaff said.  The Piton chip's design focuses on exploiting commonality among programs running simultaneously on the same chip. One method to do this is called execution drafting. It works very much like the drafting in bicycle racing, when cyclists conserve energy by riding behind a lead rider who cuts through the air, creating a slipstream...

Princeton researchers have made its design open source and thus available to the public and fellow researchers
http://www.openpiton.org/

https://medium.com/@jeffreycarr/can-facts-slow-the-dnc-breach-runaway-train-lets-try-14040ac68a55#.a11nrsppx

tl;dr, Jeffery Carr says: OK. Raise your hand if you think that a GRU or FSB officer would add Iron Felix’s name to the metadata of a stolen document before he released it to the world while pretending to be a Romanian hacker. Someone clearly had a wicked sense of humor.

I honestly think that blame on Russia is a lie.




 Blackhat
Numchecker: A System Approach for Kernel Rootkit Detection - Duration: 52 minutes.
https://youtube.com/watch?v=TgMsMwsfoQ0
HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows - Duration: 49 minutes.
https://youtube.com/watch?v=GwQsu8dGSeA
HTTP Cookie Hijacking in the Wild: Security and Privacy Implications - Duration: 46 minutes.
https://youtube.com/watch?v=jYcx7WtbB0A
Behind the Scenes of iOS Security - Duration: 51 minutes.
https://youtube.com/watch?v=BLGFriOKz6U

Multivariate Solutions To Emerging Passive DNS Challenges - Duration: 58 minutes.
https://youtube.com/watch?v=LrLK4zWRWAA
The Tactical Application Security Program: Getting Stuff Done - Duration: 57 minutes.
https://youtube.com/watch?v=4S0mT9QFWeo
The Security Wolf of Wall Street: Fighting Crime With High-Frequency Classification and... - Duration: 57 minutes.
https://youtube.com/watch?v=ZIV3gaPHTw4
Automated Detection of Firefox Extension-Reuse Vulnerabilities - Duration: 57 minutes.
https://youtube.com/watch?v=s9TcgKLhreY
Su-A-Cyder: Homebrewing Malware for IOS Like a BO$$! - Duration: 2 hours, 38 minutes.
https://youtube.com/watch?v=utoNiNBmcW0
The Kitchen's Finally Burned Down: DLP Security Bakeoff - Duration: 53 minutes.
https://youtube.com/watch?v=9-906rJ2HXA
Automated Dynamic Fireware Analysis At Scale: A Case Study on Embedded Web Interfaces - Duration: 1 hour, 8 minutes.
https://youtube.com/watch?v=x-JcudXCvC0
Android Commercial Spyware Disease and Medication - Duration: 28 minutes.
https://youtube.com/watch?v=iwUNe0hh8h0
PLC-Blaster: A worm Living Solely In The PLC - Duration: 55 minutes.
https://youtube.com/watch?v=NNAKaAKRUow
Hacking a Professional Drone - Duration: 27 minutes.
https://youtube.com/watch?v=JRVb-xE1zTI
Cantact: An Open Tool for Automative Exploitation - Duration: 54 minutes.
https://youtube.com/watch?v=HzDW8ptMkDk
DSCOMPROMISED: A Windows DSC Attack Framework - Duration: 59 minutes.
https://www.youtube.com/watch?v=MWnTg3cQ_mo
A New CVE-2015-0057 Exploit Technology - Duration: 51 minutes.
https://www.youtube.com/watch?v=ZG_PElDTe98
Enterprise Apps: Bypassing the IOS Gatekeeper - Duration: 36 minutes.
https://www.youtube.com/watch?v=m4_vAlkyqRc
Rapid Radio Reversing - Duration: 1 hour.
https://youtube.com/watch?v=8kIxlMIGctc
Break Out of The Truman Show: Active Detection and Escape of Dynamic Binary Instrumentation - Duration: 45 minutes.
https://youtube.com/watch?v=VGmvx2B5qdo
Let's See What's Out There - Mapping the Wireless IOT - Duration: 48 minutes.
https://youtube.com/watch?v=75xU6PMd00o
Never Trust Your Inputs: Causing 'Catastrophic Physical Consequences' From The Sensor... - Duration: 53 minutes.
https://youtube.com/watch?v=0BHmoxAw-sA
Hey, Your Parcel Looks Bad - Fuzzing and Exploiting Parcel -Ization Vulnerabilties in Android - Duration: 35 minutes.
https://www.youtube.com/watch?v=I1JR_LriyDQ
Incident Response @ Scale-Building a Next Generation SOC - Duration: 16 minutes.
https://youtube.com/watch?v=kYCJXwBaZR4
I'm Not a Human: Breaking the Google Recaptcha - Duration: 28 minutes.
https://youtube.com/watch?v=8iMU9HbJ7Wo
Locknote: Conclusions and Key Takeaways from Black Hat Asia 2016 - Duration: 51 minutes.
https://youtube.com/watch?v=B7V0Ld40Auk

Opera warns Opera Sync users of possible security breach
http://securityaffairs.co/wordpress/50690/data-breach/opera-sync-security-breach.html
August 27, 2016  By Pierluigi Paganini
The Norwegian company warned the users that the Opera Sync service of a possible security breach that might have exposed their data. On Friday, Opera, published a security alert to warn its users that the Opera Sync service might have been breached. In response to the alleged incident, Opera forced a password reset for all Sync users that were informed via mail of suspicious activity with their accounts. “Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised.” states the security advisory. Opera clarified that passwords in the system used for authentication are hashed and salted with per-user salts, however, the company hasn’t provided any information about the hashing process for the authentication passwords. “Although we only store encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in this system, we have reset all the Opera sync account passwords as a precaution.” continues the advisory.
The company informed users to have promptly blocked the attacks, its experts are investigating the incident. Internal security staff  believes that some users’ data, including login credentials, may have been compromised. The company reset all Opera Sync account passwords and sent emails suggesting them to change any third-party passwords that were synchronized with the service. According to Opera, 1.7 million users could be impacted by the Sync security breach, less than 0.5% of the total Opera user base of 350 million people. As usual, Opera Sync users that share their credentials among multiple sites are advised to change their passwords for those sites as soon as possible.

NSA Whistleblowers: NSA Hack Was Likely An Inside Job
http://www.washingtonsblog.com/2016/08/nsa-whistleblower-nsa-hack-likely-inside-job.html
Posted on August 26, 2016 by WashingtonsBlog
The mainstream press is accusing Russia of being behind the release of information on NSA hacking tools. Washington’s Blog asked the highest-level NSA whistleblower in history, William Binney – the NSA executive who created the agency’s mass surveillance program for digital information, who served as the senior technical director within the agency, who managed six thousand NSA employees, the 36-year NSA veteran widely regarded as a “legend” within the agency and the NSA’s best-ever analyst and code-breaker, who mapped out the Soviet command-and-control structure before anyone else knew how, and so predicted Soviet invasions before they happened (“in the 1970s, he decrypted the Soviet Union’s command system, which provided the US and its allies with real-time surveillance of all Soviet troop movements and Russian atomic weapons”) – what he thinks of such claims. Binney told us: The probability is that an insider provided the data. I say this because the NSA net is a closed net that is continuously encrypted.  Which would mean, that if someone wanted to hack into the NSA network they would not only have to know weaknesses in the network/firewalls/tables and passwords but also be able to penetrate the encryption. So, my bet is that it is an insider.  In my opinion, if the Russians had these files, they would use them not leak them or any part of them to the world. Similarly, former NSA employee, producer for ABC’s World News Tonight, and long-time reporter on the NSA James Bamford notes: If Russia had stolen the hacking tools, it would be senseless to publicize the theft, let alone put them up for sale. It would be like a safecracker stealing the combination to a bank vault and putting it on Facebook. Once revealed, companies and governments would patch their firewalls, just as the bank would change its combination. A more logical explanation could also be insider theft. If that’s the case, it’s one more reason to question the usefulness of an agency that secretly collects private information on millions of Americans but can’t keep its most valuable data from being stolen, or as it appears in this case, being used against us. * The reasons given for laying the blame on Russia appear less convincing, however. “This is probably some Russian mind game, down to the bogus accent,” James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank, told the New York Times. Why the Russians would engage in such a mind game, he never explained. Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents. So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations. In December 2013, another highly secret NSA document quietly became public. It was a top secret TAO catalog of NSA hacking tools. Known as the Advanced Network Technology (ANT) catalog, it consisted of 50 pages of extensive pictures, diagrams and descriptions of tools for every kind of hack, mostly targeted at devices manufactured by U.S. companies, including Apple, Cisco, Dell and many others. Like the hacking tools, the catalog used similar codenames. * In 2014, I spent three days in Moscow with Snowden for a magazine assignment and a PBS documentary. During our on-the-record conversations, he would not talk about the ANT catalog, perhaps not wanting to bring attention to another possible NSA whistleblower. I was, however, given unrestricted access to his cache of documents. These included both the entire British, or GCHQ, files and the entire NSA files. But going through this archive using a sophisticated digital search tool, I could not find a single reference to the ANT catalog. This confirmed for me that it had likely been released by a second leaker. And if that person could have downloaded and removed the catalog of hacking tools, it’s also likely he or she could have also downloaded and removed the digital tools now being leaked. And Motherboard reports: “My colleagues and I are fairly certain that this was no hack, or group for that matter,” the former NSA employee told Motherboard. “This ‘Shadow Brokers’ character is one guy, an insider employee.” The source, who asked to remain anonymous, said that it’d be much easier for an insider to obtain the data that The Shadow Brokers put online rather than someone else, even Russia, remotely stealing it. He argued that “naming convention of the file directories, as well as some of the scripts in the dump are only accessible internally,” and that “there is no reason” for those files to be on a server someone could hack. He claimed that these sorts of files are on a physically separated network that doesn’t touch the internet; an air-gap. * “We are 99.9 percent sure that Russia has nothing to do with this and even though all this speculation is more sensational in the media, the insider theory should not be dismissed,” the source added. “We think it is the most plausible.” * Another former NSA source, who was contacted independently and spoke on

Cyber Espionage: Project Sauron Malware Found Stealing Sensitive Data from 30 Government Networks Worldwide after Five Years Undetected
Aug 10, 2016 10:04 AM EDT By Anita Valencia, UniversityHerald Reporter
http://www.universityherald.com/articles/36890/20160810/cyber-espionage-project-sauron-malware-found-stealing-sensitive-data-from-30-government-networks-worldwide-after-five-years-undetected.htm
The Eye of Sauron in J.R.R Tolkiens' Lord of The Rings is known for its vast far-sight. It has inspired a group of hacker who created undetected malware called Project Sauron which has been hidden in servers of many networks, stealing data for five years.A group named Strider is reportedly responsible for Project Sauron malware that hid inside the database of 30 government organizations in Rwanda, Russia and Iran. According to Kaspersky Lab, the malware was found in scientific, military, government, and financial companies in those countries. America's Symantec Corporation who also detected the malware in China and Belgium, revealed that the platform used advanced system which would not likely to happen without any active help of state-sponsored group. Project Sauron malware uses unique operations with no similar pattern Furthermore, the experts from both companies discovered that the malware has been present since 2011 at least. Crafted in Binary Large Objects, it is untrackable with an antivirus given the unique codes. Kaspersky who described the issue as 'just a tiny tip of the iceberg', stated that the creator of this malware clearly knows that experts would look for patterns. Hence, even when experts have discovered an infection, they are not likely to discover a new one due to how the software was written. How Project Sauron works Researchers explained that Project Sauron works as sleeper cells in the targeted servers. It displays no activity while waiting for the commands, Arstechnica wrote. Project Sauron can't be viewed by Windows OS. It can collect data even without any internet connection because it uses virtual system USB storage drives. Computers infected with the malware 'think' that it is an approved system. What's more impressive is that it still works even when the data-loss prevention software is installed to block unknown USB drives.   Kaspersky Lab explained in Securelist website, that the malware creator has a 'high interest in communication encryption software' used by these organizations. It is able to steal encryption keys and documents of the infected computer and even from USB sticks attached to it.

Reuters
Chinese man arrested in Hong Kong over FACC cyber attack in Austria
https://www.yahoo.com/news/chinese-man-arrested-hong-kong-over-facc-cyber-080435319--finance.html
VIENNA (Reuters) - A Chinese citizen has been arrested in Hong Kong in connection with a cyber attack that cost Austrian aerospace parts maker FACC 42 million euros ($47.39 million), Austrian police said on Friday. FACC fired its chief executive and chief financial officer after the attack, which involved hoax emails asking an employee to transfer money for a fake acquisition project - a kind of scam known as a "fake president incident". FACC's customers include Airbus and Boeing. A 32-year-old man, who was an authorised signatory of a Hong Kong-based firm that received around 4 million euros from FACC, was arrested on July 1 on suspicion of money laundering, a spokesman for Austria's Federal Office for Crime said. Such attacks, also known as "business email compromise", involve thieves gaining access to legitimate email accounts inside a company – often those of top executives – to carry out unauthorized transfers of funds.     The technique, which relies on simple trickery or more sophisticated computer intrusions, typically targets businesses working with international suppliers that regularly perform wire transfers. A spokesman for FACC said the company was working on getting back 10 million euros which had been found and frozen on accounts in different countries around the world. These 10 million euros are not included in the 42 million euro hit the group has already booked. The spokesman declined to give details on the arrest or the location of the accounts.      In June, the U.S. Federal Bureau of Investigation (FBI) said identified losses from this scam totalled $3.1 billion and had risen by 1,300 percent in the past 18 months.     Such scams have been reported by 22,143 victims in all 50 U.S. states and in 100 countries around the world.     The FBI said reports indicate that fraudulent transfers have been made to 79 countries with the majority going to Asian banks located in China and Hong Kong.     Another tool for fraud, "ransomware", which has received much media attention over the past year, refers to malicious software that thieves use to blocks access to a computer until a ransom is paid. Security experts say the two trends are the fastest growing cyber security threats to businesses worldwide. FBI report: https://www.ic3.gov/media/2016/160614.aspx

Irish Times
The cyber hack that could swing the US election
http://www.irishtimes.com/news/world/us/the-cyber-hack-that-could-swing-the-us-election-1.2769852
‘The bizarre has almost become the norm in US politics this past year’
Is there anything that might cause Donald Trump to win the US presidential election? That’s the question political pundits are asking obsessively these days as the main parties’ campaigns take increasingly unpredictable turns. A month ago Trump was almost level with Hillary Clinton in the polls but, since then, a series of gaffes has caused his numbers to slide. This week, for example, an IBT poll suggests Clinton now has a 12-point lead. While this might indicate that the Democrats are cruising for victory, the election has been so uncertain in recent months that nobody dares take anything for granted. So what might suddenly cause momentum to swing again? To my mind, there are at least three factors to watch. The most obvious is that Trump himself implements a change of course, becoming much more professional and effective in running his campaign. That is hard to believe right now but the key person to watch is Kellyanne Conway, a pollster recently brought in to serve as campaign manager. Highly respected in Republican circles and regarded as a very effective operator, she might just possibly end up turning the campaign around. A second factor is whether a nasty external shock occurs. Trump, after all, is a candidate whose campaign is built on stoking up fear, in the mould of former president Richard Nixon. If, God forbid, a big terrorist attack occurs - or something else that causes panic - this might play into Trump’s hands, particularly if his campaign had already shifted momentum under Conway. However, there is a third possibility that has gained less attention: cyber hacking. This summer, the Democratic National Committee revealed it had suffered a cyber attack and that many confidential internal documents had been stolen. CrowdStrike, the cyber security group employed by the DNC, said the culprits were Russia’s intelligence services.
This was denied by Moscow, but backed up by other cyber security groups such as Mandiant and Fidelis Cybersecurity. This is a bizarre turn of events, by any standards, not least because some 20,000 internal DNC emails have now been released via WikiLeaks and a blogging site called Guccifer 2.0. But matters may get worse. CrowdStrike says one Russian hacking group, given the nickname Cozy Bear, was in the DNC system for at least a year. It is unclear what material has been taken but cyber experts believe Cozy Bear holds extensive secret documents, including confidential memos detailing the negative traits of Democratic candidates in this year’s US elections. (It is standard practice for campaign managers to try to assemble all the dirt on their own candidates in advance, so they are prepared in case their opponents try to attack them.) If this is true — like almost everything else in the cyber security sphere, very little can be conclusively proved — it seems that only a small portion of the sensitive material has emerged. So it is possible that the hackers will leak this in the coming months, in a targeted way, trying to cause maximum damage. This week, for example, Guccifer 2.0 leaked data about the tactics that the Democratic Congressional Campaign Committee used in House races in Pennsylvania. This is the first time the hackers have tried to shape momentum in a local race. And if these leaks accelerate, they might stoke up more anti-Clinton feeling, particularly given the separate controversies surrounding Clinton’s personal email server. Or so the gossip goes. On one level, this theory sounds almost fantastical and it is entirely possible that speculation will die away in a few months and that Clinton will romp to victory. But the very fact that Washington is abuzz with these rumours right now illustrates two key points. First, just how strange this current election campaign has become on both sides and, second, the degree to which the bizarre has almost become the norm in US politics this past year. In this election we face a world of James Bond meets Alice in Wonderland, where political boundaries are stealthily shifting, day-by-day. Stand by for more surprises — from Cozy Bear, or anyone else.


Iran says malicious software hit its petrochemical complexes
http://www.israelnationalnews.com/News/News.aspx/217008
Iran detects and removes malicious software from two of its petrochemical complexes.
Iran said on Saturday it has detected and removed malicious software from two of its petrochemical complexes, Reuters reported. The announcement comes after Iran said last week it was investigating whether recent petrochemical fires were caused by cyber attacks. A military official said the malware at the two plants was inactive and had not played a role in the fires. "In periodical inspection of petrochemical units, a type of industrial malware was detected and the necessary defensive measures were taken," Gholamreza Jalali, head of Iran's civilian defense, was quoted as saying by the state news agency IRNA. Iran has in the past been targeted by computer viruses. In 2010, it was attacked with the Stuxnet computer virus, which destroyed Iranian centrifuges that were enriching uranium and was allegedly jointly developed by the United States and Israel. Two years later the country's computer systems were targeted by Flame, a virus far more dangerous than the Stuxnet worm which was described by the Kaspersky Internet security firm as the “most sophisticated cyber-weapon yet unleashed”. Iran later admitted that its oil industry was briefly affected by Flame, but claimed that Iranian experts had detected and defeated the virus. The Islamic Republic's National Cyberspace Council announced last week that it was investigating whether the recent petrochemical fires were triggered by a cyber attack, according to Reuters. But when asked if the fire at Iran's Bu Ali Sina refinery complex last month and other fires this month were caused by the newly-discovered malware, Jalali said, “The discovery of this industrial virus is not related to recent fires."

The Straits Times
Cyber Cold War heats up
http://www.straitstimes.com/opinion/cyber-cold-war-heats-up
Sam Jones Published Aug 28, 2016, 5:00 am SGT
A shadowy group's $677m online 'auction' of a trove of weapons, thought to have been stolen from the National Security Agency, signals an intensifying cyber war between Russia and America.
This is a tale of spies, a US$500 million (S$677 million) cyber arms heist, accusations of an attempt to manipulate a US presidential election and an increasingly menacing digital war being waged between Russia and the West. It begins with a clandestine online group known as The Shadow Brokers. There is no evidence that it existed before Aug 13, when a Twitter account in its name tweeted a handful of leading global news organisations with an unusual announcement: it was conducting a US$500 million auction of cyber weapons. In a show of faith, the group put a selection of its wares - a 4,000-file, 250MB trove - on public display. Security analysts have been racing to go through the list but it is already clear that at least some of what has been revealed so far is real. What is most remarkable, though, is the likely former owner of the Shadow Brokers' cyber bounty: an outfit known as the Equation Group. Equation is an elite hacking unit of the US National Security Agency. The Shadow Brokers claim that the stolen goods are sophisticated cyber weapons used by the NSA. The Shadow Brokers' motivations are not entirely clear. "If this was someone who was financially motivated, this is not what you would do," says security response director Orla Cox at Symantec, a leading cyber security company. Cyber weapons are typically sold over the dark Web, notes Ms Cox, or they are used by hackers who want to remain anonymous. They certainly are not advertised to news outlets. And even the best are not priced in US$500 million bundles.T ILLUSTRATION: CHNG CHOON HIONG For cyber superpowers, insiders say, it is rarely technical limitations that prevent governments from castigating attackers. The problem, an age-old one for spycraft, is that in disclosing what they know, officials may give away how they got it. "It's a false flag. This isn't about money. It's a PR exercise," she says. According to three cyber security companies that declined to be identified, the Shadow Brokers is mostly likely run by Russian intelligence. "There is no digital smoking gun," said one analyst. But the circumstantial evidence is compelling, analysts say. And the list of other potential nation-state actors with the capability, wherewithal and motive is short. "The fact that the Shadow Brokers did not exist before, appeared at this time and are using intelligence that has been saved up until now, suggests this is all part of some deliberate, targeted operation, put together for a particular purpose," says Mr Ewan Lawson, a former cyber warfare officer in Britain's Joint Forces Command and now senior research fellow at Rusi, the think-tank. "That purpose looks like it is to highlight perceived US hypocrisy." Russia, he says, is the obvious perpetrator. Two senior Western intelligence officials say their assessment was evolving but similar: the Shadow Brokers' stunt grew out of Russia's desire to strike back at the US, following accusations that Russian intelligence was behind the hack into the Democratic National Committee's (DNC) servers. That intrusion, and the subsequent leak of embarrassing e-mail, has been interpreted by some as an attempt by Russia to interfere with the US presidential election. The US has yet to respond officially to that hack, even though it knows it to be Russia, according to this narrative. Now, with a piece of Le Carre-esque public signalling between spymasters, Russia's Shadow Brokers gambit has made any such response greatly more complex, the officials suggest. The US and its allies, of course, are hardly innocent of hacking. Regin, a piece of malware used to crack into telecoms networks, hotels and businesses from Belgium to Saudi Arabia - though mainly Russia - is a tool used by the US and Britain, while the Equation Group is among the most virulent and sophisticated hacking operations around. If the warning to Washington was not being telegraphed clearly enough by Moscow, Mr Edward Snowden, the NSA contractor- turned-whistle-blower now living in Russia, spelt it out. "Circumstantial evidence and conventional wisdom indicates Russian responsibility," he wrote in a tweet to his 2.3 million followers. "This leak looks like somebody sending a message that an escalation in the attribution game could get messy fast," he said in another. In the US intelligence community, the assumption is that, at the very least, Mr Snowden is an unwitting agent of Russian intelligence, if not a tool of it. "It's all part of the signalling," says one intelligence official. Mr Jim Lewis, director of strategic technologies at the CSIS think-tank and a former US State Department official, says: "The Russians have had the initiative in this whole thing starting from even before the DNC break-in. "They have the place of honour when it comes to threats to the US in cyber space right now. They've accelerated - they're much less risk-averse and they're much more aggressive." ATTRIBUTION PROBLEMS "Attributing" cyber attacks - or identifying their source - is a thorny issue. For cyber superpowers, insiders say, it is rarely technical limitations that prevent governments from castigating attackers. The problem, an age-old one for spycraft, is that in disclosing what they know, officials may give away how they got it. For agencies like the NSA and Britain's GCHQ, there is a deeply ingrained culture of secrecy surrounding their cyber surveillance work that stretches back to the origins of signals intelligence during World War II. US intelligence knew very quickly that the Chinese were behind the hack of the Office of Personnel Management, announced in June last year, which targeted the records of millions of Americans. But it took time to decide what the appropriate response should be and what kind of effect they wanted from it. Outside the inner circles of the spy world, there is a growing sense that more public attribution is needed to try and put the brakes on a Cyber Cold War that is spiralling out of control. "Up to now, there has been a degree of approaching cyber defence one day at a time," says Rusi's Mr Lawson. "But now it's reached a momentum where people are starting to say we need to start calling people out, making more of an issue about these attacks, because otherwise, how are we ever going to establish any sort of global norms about it?" Publicly identifying attackers can be powerful. Chinese activity against US companies decreased markedly after the US authorities publicly indicted five senior Chinese military officials last year, proving to Beijing that they knew exactly what its hackers were up to - and would respond even more harshly if they continued. But the power of attribution also depends on the adversary. Unlike China, Russia does not depend economically on the US. The Kremlin's hackers are also far stealthier. A particular trend in Russia's hacking operations in the past 18 months, says a senior British cyber security official, has been towards such "false flagging", where attacks are hidden behind proxies. The official points to an attack on the French broadcaster TV5Monde in April last year. The website was defaced with pro-ISIS imagery, but it was the Russians who were responsible, he says. Russia has become much more aggressive in blurring other boundaries too: its cyber operations do not just exfiltrate information, they also sometimes weaponise it. Outright acts of destruction are on the table, too, as was the case when Russia took down the Ukrainian power grid in January. If the tools are new, the techniques may not be. Mr Philip Agee, a former CIA agent, sprang to prominence in the 1970s for publishing a series of salacious books and pamphlets claiming to expose the activities and agents of his former paymasters. He said he was a whistleblower and became a feted figure of the left in the West. But in reality he was carefully directed by the KGB, the Soviet spy agency. Under the Russians' guidance, his output blended genuine US intelligence leaks with outright disinformation concocted by Moscow to suit its own ends. Hundreds of CIA agents were exposed by his activities. The KGB's use of Mr Agee was both an act of disruption and one of manipulation. It boxed in the CIA and affected its decision-making. Moscow ensured genuine agents' names were publicised at times to suit their ends. The Shadow Brokers may be the same trick adapted to the 21st century. Both are textbook examples of what Soviet strategists called reflexive control - a concept that has become resurgent in Russian military planning today. Reflexive control is the practice of shaping an adversary's perceptions. A state might convince an opponent not to retaliate for interfering in an election, for example, by raising the possibility of releasing information about its own tactics. "These are old tactics," says CSIS' Mr Lewis. "The Russians have always been better at this kind of thing than us. But now, they're just able to wield them so much more effectively. They have taken tremendous advantage of the Internet. Information is a weapon."

Softpedia
New RIPPER Malware Suspected Behind Thailand ATM Heists
http://news.softpedia.com/news/new-ripper-malware-suspected-behind-thailand-atm-heists-507676.shtml
FireEye researchers discover new RIPPER ATM malware
Aug 28, 2016 00:20 GMT  ·  By Catalin Cimpanu  ·
A new piece of ATM malware may be behind the recent ATM heists that took place in Thailand and possibly Taiwan, security researchers from FireEye have discovered. Earlier this week, Thai authorities reported that crooks managed to steal $378,000 (12 million baht) from ATMs across Thailand. A few minutes before local press reported the heist, FireEye researchers said that cyber-security platform detected a new file uploaded on VirusTotal from an IP address in Thailand that included all the features of ATM malware. FireEye discovers new ATM malware family A subsequent investigation revealed their initial suspicion. What researchers had discovered was a new malware variant that targets ATMs, which they named RIPPER, based on text found inside the malware source code (ATMRIPPER). While this was a never-before-seen malware family, FireEye says they identified multiple components also found in other ATM malware variants such as Padpin (Tyupkin), SUCEFUL, GreenDispenser, and Skimer. It may be possible that the malware was uploaded to VirusTotal either by one of the crooks working on a new version or by Thai investigators who found it on the infected ATMs. FireEye's technical analysis for RIPPER includes many findings that corroborate with ATM heist details reported by local press. RIPPER features coincide with ATM heist press reports The malware included a component that would disable the ATM's network interface whenever needed. Thai press quotes investigators who said the robbed ATMs were taken offline during the heists. RIPPER allows an attacker to control ATMs via a payment card with a special authentication code embedded in its EMV chip. Investigators reported the same thing about the malware found on targeted ATMs. The Thailand attacks only targeted ATMs manufactured by NCR. Authorities suspect that the group behind this attack was also behind an NT$70 million ($2.18 million) ATM heist in Taiwan from July. In that attack, crooks targeted ATMs from Wincor Nixdorf. FireEye says RIPPER includes code to target three specific vendors. The company doesn't mention their names, but this fits in the group's modus operandi. Furthermore, the PE compile timestamp from the malware uploaded this week on VirusTotal is July 10, 2016, two days before the attacks in Taiwan. RIPPER steals features from other ATM malware strains FireEye researchers note that RIPPER's component that reads or ejects cards on demand is very similar to the one found in SUCEFUL while the technique of using custom-made master EMV cards is borrowed from Skimer. They add that the ability to disable the local network connection resembles that of Padpin (Tyupkin) and the "sdelete" secure self-deletion module is similar to the one found in GreenDispenser. "In addition to requiring technical sophistication, attacks such as that affecting the ATMs in Thailand require coordination of both the virtual and the physical," FireEye researcher Daniel Regalado explains. "This speaks to the formidable nature of the thieves."

CBC News
How a $64M hack changed the fate of Ethereum, Bitcoin's closest competitor
Cryptocurrency alternative to bitcoin was co-founded by 19-year-old Canadian-Russian in 2015
By Jonathan Ore, CBC News Posted: Aug 28, 2016 9:00 AM ET Last Updated: Aug 28, 2016 11:07 AM ET
http://www.cbc.ca/news/technology/ethereum-hack-blockchain-fork-bitcoin-1.3719009
Picture this: A thief steals millions of dollars by hacking into an investment fund. What if you could just hit the undo button and get that money back? That was the dilemma that the creators of Ethereum, an upstart digital currency platform, recently faced. Founded in 2015 by a group of researchers led by Russian-Canadian Vitalik Buterin — then only 19 years old — its currency, ether, is the second-most valuable digital currency after bitcoin. But the currency suffered a blow recently after a hacker siphoned $64 million worth of ether from investors. In the wake of the hack, Buterin decided to turn back the clock through a software update and reset the entire system to its previous state — i.e., before the hack. The reset created a so-called hard fork, which split Ethereum into two parallel systems. Buterin assumed most users would move to the reset platform, but the fork proved divisive and a small group of users continued using the old system, dubbing it Ethereum Classic and arguing Buterin had no right to reset the platform. That has confused cryptocurrency investors and cast a pall over the future of Ethereum. It also opened up a rift between the currency's creators, who were the ones to alter the code and render the stolen currency null and void, and dissenters who argued against any intervention — even in the face of an Ocean's Eleven-style heist. Smart contracts While bitcoin is the best-known cryptocurrency, there are, in fact, hundreds of digital, decentralized payment systems that issue and trade digital currencies online. Each operates on a blockchain, a digital ledger that keeps track of all transactions in transparent, peer-to-peer fashion. While bitcoin did away with paper currency and a central banking authority, more complex transactions, such as setting up regular coupon payments on a bond, might still require the assistance of a lawyer or other third party.  Ethereum eliminates this need by incorporating code that allows transactions to occur through so-called smart contracts, which take automatic effect once mutually agreed-upon conditions have been met."An auction might automatically transfer deeds of ownership to the highest bidder after a certain time has elapsed, or a father's contract might automatically send his son a set amount of money every year on his birthday," explains Business Insider's Rob Price. 'Something that was founded by a 19-year-old university dropout in Toronto … turned into this $1-billion platform.' - Alex Tapscott, technology writer ​Like bitcoin, ether has grown in popularity beyond internet discussion boards and small tech start-ups. Technology and financial companies from Microsoft to Deloitte have taken an interest in it. "Something that was founded by a 19-year-old university dropout in Toronto, Canada, leveraging the resources of developers all over the world, turned into this $1-billion platform," said Alex Tapscott, tech writer and co-author of the book Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World.  ​The hack and the fork ​But before long, the digital currency fell victim to an all-too-human problem: theft. In April, a group of Ethereum users launched what is known as a decentralized autonomous organizations, or DAO, essentially a digital venture capital firm powered by ether. DAO members were supposed to vote on future Ethereum-related projects. The DAO raised more than $160 million worth of ether from about 11,000 investors. Some have called it the biggest crowdfunding project ever.Ether units are mined using high-powered computers, much like these computers mining bitcoins in the Bitmain mining farm near Keflavik, Iceland. (Jemima Kelly/Reuters) But on June 17, before anyone could do anything with the DAO, someone found a vulnerability in the DAO's code (much like finding a legal loophole in a sloppily written real-world contract), and siphoned 3.6 million ether from the fund. Ether's value tanked from a high of $27.60 to $18 immediately after the hack. It has since dropped further to $14.The total value stolen, depending on whether you calculate it before or after the hack, ranges from $64 million to $101 million. Ethereum's creators weren't directly responsible for the DAO, but since the amount stolen from it represented 15 per cent of all ether in circulation, they locked the stolen funds in a "child DAO" — a sort of digital escrow — preventing the thief from cashing out.Buterin and his team carried out the hard fork in the blockchain, rolling back the system to a day before the DAO was formed and returning the stolen ether to the original owners. The thief was essentially left with ether unrecognized by the larger community. "Anything to do with the DAO was reverted," Anthony Di Iorio, a co-founder of Ethereum and CEO of Decentral, a Toronto-based bitcoin, told CBC News. "The contract was changed so that people could get their funds out." Ethereum Classic The hard fork was completed on July 20, but to some users, the move was akin to censorship. Instead of using the post-fork currency, a small but vocal minority kept using the old one, which currently trades for about $2. ​To these adherents, "code is law," Di Iorio said. They believe smart contracts should be immutable — even if the intent of changing the code was to restore millions of stolen ether to the rightful owners.Blockchain is the technology behind cryptocurrencies like bitcoin, ether and hundreds of other smaller offshoots and alternative currencies. (BTC Bitcoin/Flickr/Creative Commons) Tapscott calls that aversion to intervention of any kind — even by the platform's own creators — "very naive." "They confuse governance with government, and governance of any kind with authoritarianism," he said. "There are lots of global resources out there that aren't owned or controlled by anyone that have complex governance structures — like the internet."Can Ethereum and Ethereum Classic coexist? Tapscott says the co-existence of two Ethereum chains "causes confusion as to which is the 'real' Ethereum, which is bad for investor and developer confidence." "'The more the merrier' is a fine philosophy for ideologues and traders, but for people who actually want to run or build smart contracts, two chains are a mess," investor Jacob Eliosoff told cryptocurrency news site Coindesk. In a separate op-ed, he argued that if this fragmentation continues, "the technology we love will never reach a wider public." Cryptocurrency users appear to agree, as Ethereum Classic's price plunged more than 23 per cent in the last week, according to Coindesk. The debate around the forking of the Ethereum platform resembles one that raged within the Bitcoin community a few months ago when some Bitcoin developers proposed increasing the size of the blockchain so that the system could process more transactions at a faster rate.Still, Tapscott remains bullish on the future of blockchain technology, regardless of the ultimate fate of ether, bitcoin or any single digital currency. "Ethereum is one tiny fraction of the entire blockchain universe, and the universe is barrelling ahead on all fronts," he said.

Dropbox Urges Users To Change Old Passwords
http://www.ehackingnews.com/2016/08/dropbox-urges-users-to-change-old.html
on Sunday, August 28, 2016 
Dropbox has asked its users to change their passwords, if they haven’t done so since the online service’s launch in 2007. This comes as a ‘precautionary measure’ after a spate of hack attacks on an old set of Dropbox credentials in 2012. In July 2012, Dropbox said its investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of of Dropbox accounts. It said it had contacted the users affected to help them protect their accounts. The cloud storage service said that the move isn’t any indication that their accounts were improperly accessed. “Based on our threat monitoring and the way we secure passwords, we don’t believe that any accounts have been improperly accessed,” the company said. “Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in.” Dropbox is also recommending that users use two-factor authentication when resetting their passwords. Launched in 2007, Dropbox allows users to store, access and share files easily from a variety of devices. It has accumulated 500 million sign-ups to the service.

 Security Affairs
France, Germany calls for European Decryption Law: What’s next?
http://securityaffairs.co/wordpress/50707/laws-and-regulations/france-germany-decryption-law.html
August 28, 2016  By Pierluigi Paganini
Amidst of Apple vs. FBI debacle and successful attempt of a breach at NSA headquarters by a hacker group, a new torch has flamed internationally by France and Germany calling for a European Decryption Law.

Months after the FBI-Apple encryption case standoff in the U.S. and NSA headquarters breach by hackers has started a global debate on encryption between governments and pro-security supporters. On Tuesday, a joint press conference “Franco-German initiative on internal security in Europe” in Paris was held by Germany’s Interior Minister Thomas de Maizière and France’s Interior Minister Bernard Cazeneuve, they called on the European Commission to think for possible new legislative act to force operators offering products or telecommunications services to decrypt messages or to remove illegal content for government investigators. A directive, if issued by the European Commission, is a kind of EU decryption law that must pass through the interpretation stage of European Union’s member states to become a national law at European level. Meanwhile, at the international level, they also called for the signing and ratification of the Budapest Convention on Cybercrime. These propositions by the two ministers were issued based on the incidents of terrorist attacks happened in their countries, and the attackers were said to be using the highly encrypted communications apps. That being said, there is already a directive in practice for national security pointed out by Commission spokesperson Natasha Bertaud. In an email statement to the Fortune she said, “The current data protection directive (which also applies to the so-called over-the-top service providers) allows member states to restrict the scope of certain data protection rights where necessary and proportionate to, for instance, safeguard national security, and the prevention, investigation, detection and prosecution of criminal offences,” she further added that “The new general data protection regulation (which will apply as from 25 May 2018) maintains these restrictions.” In an opinion based statement on encryption, the German minister talked about “good practices” and “innovative ideas” to tackle encryption. Whereas, his fellow French minister stepped the press conference up by specifically naming the Telegram app and criticizing it. Whatsapp and Telegram took their stance by stating that they cannot decrypt the data because of the encryption mechanism where only users have the access to their conversations. Even though a data protection directive is in practice, the explicit agenda upon access to encryption may be to have control over such apps internationally and EU-wide.Giving her opinion on the matter of encryption, in a French editorial Le Monde, Isabelle Falque-Pierrotin, President of the National Commission on Informatics and Liberties, France’s data protection authority. “It is through encryption that we can make a bank transfer safely. It is through encryption that we can store our health data in a shared medical file (DMP) online. It is also thanks to this tool that investigations on “Panama Papers ” were possible. For companies, encryption is now the best protection against economic espionage,” she wrote. Earlier this year in the U.S., over the debate in FBI-Apple encryption suit we saw telecommunication providers backing up Apple and the anti-encryption hardliners such as Senator Lindsey Graham, switching sides in favor of Apple after realizing the technical reality of the case. “I was all with you until I actually started getting briefed by the people in the intel community,” Graham told Attorney General Loretta Lynch during Senate Judiciary Committee hearings. “I will say that I’m a person that’s been moved by the arguments about the precedent we set and the damage we might be doing to our own national security.” The strong of the anti-backdoor and pro-encryption opinion came from European Commission Vice-President, Andrus Ansip who supported Apple’s decision for refusing to unblock the iPhone of the terrorist. “Identification systems are based on encryption. I am strongly against having any kind of backdoor to these systems. In Estonia, for example, we have an e-voting system. If people trust an e-banking system, they can also trust an e-voting system. This trust is based on a strong single digital identity guaranteed by the government, which is based on encryption. The question is who will trust this e-voting system if there are some back doors and someone has the keys to manipulate the results. The same goes for the e-banking system.” European Parliament resolution on September 2015 on “human rights and technology” turns out to be in favor of strong encryption. As the debate is heating up, the next step could be the revision of “e-privacy” directive of European Union. Refreshing the memory of may 2016, the EU executive body set out new e-privacy proposal, that would significantly change the telecommunication regulation, to create a “level playing field”  between traditional and online telecommunications services like Skype and Whatsapp. According to the Financial Times quoted documents, the European Commission will further proceed the e-privacy revision and bring Microsoft’s Skype and Facebook’s WhatsApp to same regulatory fold as traditional telecommunication operators and may explicitly ask for decryption orders. That would affect Google, Netflix, Amazon and Apple as well in the EU. There are also some news of possible opinion that French and German governments are running into elections next year, and are using this tactics to strong arm them. The press release has started a global tug of war but there is no easy answer to what’s come next.

A malware was found in Iran petrochemical complexes, but it’s not linked to recent incidents
August 29, 2016  By Pierluigi Paganini
http://securityaffairs.co/wordpress/50712/cyber-warfare-2/petrochemical-complexes-malware.html
The head of Iran’s civilian defense confirmed that a malware was found in petrochemical complexes, but it hasn’t caused the fires under investigation.

Last week, I reported the news related to a series of fires at Iranian petrochemical plants. The Iran’s Supreme National Cyberspace Council started an investigation to discover if the incidents at oil and petrochemical fires were caused by cyber attacks. Authorities fear that nation state actors may have launched an attack similar to Stuxnet one. Mr. Abolhassan Firouzabadi, the secretary of Iran’s Supreme National Cyberspace Council, announced that a team of cyber experts will be involved in the investigation to understand if the incidents are linked and if they were caused by cyber attacks.“Abolhassan Firouzabadi, secretary of Iran’s Supreme National Cyberspace Council, says a team of experts will look at the possibility of cyberattacks as being a cause, Press TV reported on Sunday. Special teams will be sent to the afflicted sites to study the possibility of cyber systems having a role in the recent fires, he said.” reported the Tehran Times. Iranian cyber experts have spotted and removed two malware that infected systems at two petrochemical plants. The news was confirmed by a senior military official and reported by Venturebeat.com. “Iran has detected and removed malicious software from two of its petrochemical complexes, a senior military official said on Saturday, after announcing last week it was investigating whether recent petrochemical fires were caused by cyber attacks.” reported by Venturebeat.com. The official also added that the malware was not responsible for the incidents occurred at the petrochemical complexes, the experts discovered that it was inactive and not linked to the fires. “In periodical inspection of petrochemical units, a type of industrial malware was detected and the necessary defensive measures were taken,” Gholamreza Jalali, head of Iran’s civilian defense, said the state news agency IRNA. “the discovery of this industrial virus is not related to recent fires.” As declared by the oil minister, the string of fires in petrochemical complexes was caused by the lack of proper safety measures caused by the cut of the budgets operated by the firms in the energy sector.

After Illinois hack, FBI warns of more attacks on state election board systems
http://tornews3zbdhuan5.onion/newspage/37336/
http://arstechnica.com/security/2016/08/after-illinois-hack-fbi-warns-of-more-attacks-on-state-election-board-systems/
Sean Gallagher - Aug 29, 2016 3:55 pm UTC
Someone using servers in the US, England, Scotland, and the Netherlands stole voter registration from one state's Board of Elections website in June and unsuccessfully attacked another state's elections website in August, according to a restricted "Flash" memorandum sent out by the FBI's Cyber Division. The bureau issued the alert requesting other states check for signs of the same intrusion. The "Flash" memo, obtained by Yahoo News, was published three days after Secretary of Homeland Security Jeh Johnson offered state officials assistance in securing election systems during a conference call. According to Yahoo's Michael Isikoff, government officials told him that the attacks were on voter registration databases in Illinois and Arizona. The Illinois system had to be shut down in July for two weeks after the discovery of an attack; the registration information of as many as 200,000 voters may have been exposed. While saying the Department of Homeland Security was unaware of any specific threat to election systems, Johnson offered states assistance from the National Cybersecurity and Communications Integration Center (NCCIC) "to conduct vulnerability scans, provide actionable information and access to other tools and resources for improving cybersecurity," a DHS spokesperson said, describing the conference call. "The Election Assistance Commission, NIST, and DOJ are available to offer support and assistance in protecting against cyber attacks." The successful hack of the Illinois system began with a scan of the state election board's site with Acunetix, a commercial vulnerability scanning tool used to discover SQL injection vulnerabilities and other site weaknesses. The attacker used information on an SQL injection bug to then use SqlMap, an open source tool, to access user credentials and data, and the DirBuster tool to discover hidden files and directories on the Web server. Yahoo reports that officials suspected "foreign hackers" for the attack. Ars attempted to contact Acunetix for comment, but received no response. The IP addresses listed as sources for the attacks are associated with commercial dedicated and virtual private server hosting companies: US and UK servers provided by King Servers LTD; Fortunix Networks LP, a custom hosting company with servers in Edinburgh; and Liteserver in Tilburg, the Netherlands. The use of virtual private servers (likely purchased with WebMoney, bitcoin, or some other anonymous currency) and off-the-shelf tools doesn't suggest any significant amount of sophistication on the part of the attackers. But state government sites like those affected so far are typically not hardened against attack, so sophistication wouldn't necessarily be required.

CNET
Two state election databases hacked, FBI warns
by Anne Dujmovic @adujmo / August 29, 201611:41 AM PDT
http://www.cnet.com/news/two-state-election-databases-have-been-hacked-fbi-warns/
The FBI is urging state election officials to beef up their computer systems' security in light of two cyberattacks this summer. David Gould, Getty Images The FBI has found evidence that two state election databases were infiltrated this summer by foreign hackers, according to a Yahoo News report Monday. That's led the the agency to urge state election officials throughout the US to strengthen their computer systems' security, the report said. The bureau's cyber division issued the warning on August 18 in a "flash" alert titled "Targeting Activity Against State Board of Election Systems" (PDF). The alert said "the bureau was investigating cyberintrusions against two state election websites this summer, including one that resulted in the 'exfiltration,' or theft, of voter registration data," according to Yahoo News, which obtained a copy of the alert. The warning didn't name the states but sources told Yahoo voter registration databases in Arizona and Illinois were targeted. In Illinois, hackers stole the personal data of up to 200,000 of the state's voters. In Arizona's case, malicious software was found in the system but no data was taken, a state official told Yahoo News. The bureau suggested the two attacks may be linked but did not name the country where they may have originated, the report said. The FBI declined to comment on the specific alert. "The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations. This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals." Earlier this month at a press event in Washington, D.C., Homeland Security Secretary Jeh Johnson said the government is concerned cyberattackers could disrupt the November presidential election. He said the government should consider whether elections should be treated as "critical infrastructure." "There's a vital national interest in our election process," he said.

Election Security Comes Down to Outdated Software
http://www.itbusinessedge.com/blogs/data-security/election-security-comes-down-to-outdated-software.html
Sue Marquette Poremba |   Data Security   |   Posted 29 Aug, 2016
In the spring, I reached out to the last five presidential campaigns standing to ask why cybersecurity wasn’t a top priority in any speeches or policies. I got no response. I wasn’t too surprised by that, considering there hadn’t been any big cybersecurity news – well, nothing that would appear to affect the political landscape. That’s changed, of course, with the hacks into the DNC and the Clinton campaign. Now the FBI is warning that election systems are in jeopardy after election board websites in two states were hacked. As Wired described it: In its warning sent to state-level election boards, the FBI described an attack on at least one of those two election websites as using a technique called SQL injection. It’s a common trick, which works by entering code into an entry field on a website that’s only meant to receive data inputs, triggering commands on the site’s backend and sometimes giving the attacker unintended access to the site’s server. It’s not just a cyberattack that we need to be alert for. A Politico story showed exactly how easy it can be to physically hack elections, as well. A Princeton professor bought a voting machine used in a number of states, and within minutes, he was able to replace a few chips and added his own firmware to the machine that would allow the ballots to be manipulated. Someone with malicious intent, access to the location where machines are stored, and a little cyber-know-how could redirect the course of history. The problem with our voting system is very similar to the cybersecurity problem in many businesses today: The software is outdated and vulnerable. In a white paper released by the Institute for Critical Infrastructure Technology called “Hacking Elections is Easy! Part One: Tactics, Techniques, and Procedures,” the authors showed why voting systems are so vulnerable to an attack: Many electronic voting systems have not been patched for almost a decade because officials falsely believe that an airgap equates to security. In 2016, 43 states relied on voting machines that were at least 10 years old and that relied on antiquated proprietary operating systems such as Windows CE, Windows XP, Windows 2000, Linux, and others. Vulnerabilities for these operating systems are widely available for free download on Deepnet. Alternately, some GUI based script kiddies tools can automatically scan for Windows XP and Windows 2000 and exploit known vulnerabilities to deliver malicious payloads. Even if the officials did their due diligence and practiced moderate cyber-hygiene, Microsoft has not released a patch for Windows CE since 2013 or Windows XP since 2014. It sounds a lot like many of the problems that plague the Internet of Things, and businesses aren’t confident about addressing those security risks. Unfortunately, we tend to think about election cybersecurity every four years, during a presidential campaign, despite the fact that elections are conducted at least twice a year in most states, with primaries and general elections. Those of us who think about cybersecurity all the time know the ramifications that poor security efforts can have on a business and consumers. We don’t want poor cybersecurity to dictate the election results, so the question becomes, how do we make cybersecurity a point of discussion and what can be done to work on a fix? We have a little more than two months to figure it out.

New FairWare Ransomware targeting Linux Computers
Lawrence Abrams * August 29, 2016 * 11:27 AM
http://www.bleepingcomputer.com/news/security/new-fairware-ransomware-targeting-linux-computers/
A new attack called FairWare Ransomware is targeting Linux users where the attackers hack a Linux server, delete the web folder, and then demand a ransom payment of two bitcoins to get their files back. In this attack, the attackers most likely do not encrypt the files, and if they do retain the files, probably just upload it to a server under their control. Victims have reported that they first learned about this attack when they discovered their web sites were down. When they logged into their Linux servers, they discovered that the web site folder had been removed and a note called READ_ME.txt was left in the /root/ folder. This note contains a link to a further ransom note on pastebin. The content of the READ_ME.txt file is: Hi, please view here: http://pastebin.com/raw/jtSjmJzS for information on how to obtain your files! The ransom note on pastebin requests that the victim pay two bitcoins to the bitcoin address 1DggzWksE2Y6DUX5GcNvHHCCDUGPde8WNL within two weeks to get their files back. They are also told that they can email [email protected] with any questions. The full content of the FairWare ransom note is: YOUR SERVER HAS BEEN INFECTED BY FAIRWARE | YOUR SERVER HAS BEEN INFECTED BY FAIRWARE Hi, Your server has been infected by a ransomware variant called FAIRWARE. You must send 2 BTC to: 1DggzWksE2Y6DUX5GcNvHHCCDUGPde8WNL within 2 weeks from now to retrieve your files and prevent them from being leaked! We are the only ones in the world that can provide your files for you! When your server was hacked, the files were encrypted and sent to a server we control! You can e-mail [email protected] for support, but please no stupid questions or time wasting! Only e-mail if you are prepared to pay or have sent payment! Questions such as: "can i see files first?" will be ignored. We are business people and treat customers well if you follow what we ask. FBI ADVISE FOR YOU TO PAY: https://www.tripwire.com/state-of-security/latest-security-news/ransomware-victims-should-just-pay-the-ransom-says-the-fbi/ HOW TO PAY: You can purchase BITCOINS from many exchanges such as: http://okcoin.com http://coinbase.com http://localbitcoins.com http://kraken.com When you have sent payment, please send e-mail to [email protected] with: 1) SERVER IP ADDRESS 2) BTC TRANSACTION ID and we will then give you access to files, you can delete files from us when done Goodbye! At this time it is unknown of the attacker actually retains the victim's files and will return them after ransom payment. Though all ransomware victims should avoid paying a ransom, if you do plan on paying, it is suggested you verify they have your files first.

Government Hackers Have Now Found a Way to Breach iPhone Security
http://www.matthewaid.com/post/149648418136/government-hackers-have-now-found-a-way-to
August 29, 2016 The Cyber Threat: iPhone Software Targeted in Government-Linked Hack Bill Gertz Washington Free Beacon
August 29, 2016 Years ago during lunch with a recently-retired National Security Agency cyber security official, I immediately noticed the former official’s iPhone as he placed it on the table next to his fork. Wow, I thought, if an NSA electronic spook is using an iPhone, those babies must be secure. Days later I traded in my cell phone for an iPhone and have been using them ever since. I endured Apple’s proprietary restrictions, like the inability to change batteries, a company tactic that forces customers to buy a new phone every few years as the battery gradually wears out. So too did I accept the iPhone’s inability to expand its memory. As someone who reports on cyber threats and is not viewed as a favorite reporter by certain foreign governments (and one heavily politicized American one), I decided to accept the limits on Apple handheld devices that today more and more have come to dominate our waking hours. NSA is not alone in adopting the widespread use of Apple devices for better security. Several federal agencies and military services also demand use of iPhones in key locations because of their inherent strong security. There is no question that iPhones are much safer against cyber attacks than other operating systems, like Google’s Android mobile OS. But that is changing. Last week, Apple sent out an urgent notice to all customers to update their iPhone software with a security patch. Security flaws were discovered in the operating system revealing that the cyber threat to iPhones, once the gold standard for handheld security, is reaching new heights. Apple didn’t even know about the latest cyber attack against its software until two security companies discovered what security specialists call “zero day” flaws in the iPhone operating system. Zero days are the coin of the realm for hackers and foreign governments seeking to get into information systems, including computers and smartphones. They’re called zero days because you have zero time to fix the security hole once hackers find them and start using them in attacks. The only solution is to patch the hole after the attacks take place, to limit the data theft or other damage. The security firms Lookout and Toronto-based Citizen Lab found three zero days targeting iOS software that were used against the iPhone 6 of Ahmed Mansoor in early August. Mansoor, a United Arab Emirates-based pro-democracy activist, was sent text messages promising secrets on detainees held in UAE jails if he clicked on a link. He instead contacted the security firms. Electronic analysis showed the malware link was a hacking ploy using the three unknown zero days that researchers traced to an Israeli-based cyber security firm called the NSO Group, reportedly made up of former cyber sleuths from Unit 8200—Israel’s electronic intelligence service. NSO sells a software called Pegasus, an electronic intercept software used by governments. The cyber attack was likely the work of the Emirates’ government that in the past targeted the dissident for harassment. NSO executives aren’t talking. The three-step iPhone hack was set up to cause a targeted victim to click on a fake website that would then use an application capable of downloading sensitive information from the phone’s memory. A third feature was the ability of the hackers to manipulate the hacked iPhone as if it were the owner’s device, or to disrupt its operations by corrupting the memory. “Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” Citizen Lab said. Apple, which posted a third-quarter revenue of $42.4 billion, had little to say about the cyber attack. A company spokesman said the vulnerability was patched immediately after the company was alerted. “We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits,” the spokesman said. Apple iPhone software remains secure from cyber attacks based on the company’s focus on tightly controlling the software and hardware for both security and commercial reasons. For at least a decade now it used to be that if you were concerned about nefarious cyber bad guys—whether Chinese or Russian hackers or thieves and criminals secretly breaking into your phone, iPhones were the most secure. Statistics show that by comparison, the Apple operating system is far less vulnerable to cyber attack than other systems such as Android. A Nokia security report shows that of the top 20 malware threats to smartphones, 19 affect Google’s Android devices. Only one spyware afflicted iPhones. But it was the first time in years that any malware targeting Apple devices had made it to the top 20 threats, an indication of the trends. “The modern smartphone presents the perfect platform for corporate and personal espionage, information theft, denial of service attacks on businesses and governments, and banking and advertising scams,” the Nokia warns. “It can be used simply as a tool to photograph, film, record audio, scan networks and immediately transmit results to a safe site for analysis.” As smartphones become more and more sophisticated, they are also becoming more and more ubiquitous. Look at any busy street today and it is clear that smartphones are dominating our attention. People are on their handheld devices for phone calls, texts, buying things, transportation, navigation, and a host of other personal activities. Reliance on handhelds will only increase as more and more of the elements surrounding us are computerized, such as cars, kitchens, houses and workplaces. The Apple hack and the discovery of three zero day flaws is a sign that electronic security needs to be increased across the board. Good device security is imperative and important to maintaining privacy and ultimately personal freedom.

 Security Affairs 
The son of a Russian lawmaker could face up to 40 years in the jail for hacking
http://securityaffairs.co/wordpress/50745/cyber-crime/son-russian-lawmaker-arrested.html
Roman Seleznev (32), the son of the Russian lawmaker and Russian Parliament member Valery Seleznev was convicted of stealing 2.9 Million credit card numbers
Roman Seleznev (32), the son of one of the most notorious Russian lawmaker and Russian Parliament member Valery Seleznev has been convicted in the US of hacking businesses and stealing 2.9 million US credit card numbers using Point-of-Sale (POS) malware “A federal jury today convicted a Vladivostok, Russia, man of 38 counts related to his scheme to hack into point-of-sale computers to steal and sell credit card numbers to the criminal underworld, announced Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division and U.S. Attorney Annette L. Hayes of the Western District of Washington. ” reads the announcement published by the DoJ. According to the Department of Justice, the hacking scheme defrauded banks of more than $169 Million. The stolen credit card data were offered for sale on multiple “carding” websites. “Testimony at trial revealed that Seleznev’s scheme caused 3,700 financial institutions more than $169 million in losses.” continues the note published by the DoJ.
Seleznev, who was using the online moniker ‘Track2‘ was convicted in a Washington court on Thursday of 38 charges related to stolen credit card details, which includes: * Ten counts of Wire Fraud * Nine counts of obtaining information from a Protected Computer * Nine counts of possession of 15 Unauthorized Devices * Eight counts of Intentional Damage to a Protected Computer * Two counts of Aggravated Identity Theft “Roman Valerevich Seleznev, aka Track2, 32, was convicted after an eight-day trial of 10 counts of wire fraud, eight counts of intentional damage to a protected computer, nine counts of obtaining information from a protected computer, nine counts of possession of 15 or more unauthorized access devices and two counts of aggravated identity theft.  U.S. District Judge Richard A. Jones of the Western District of Washington scheduled sentencing for Dec. 2, 2016.” Roman Seleznev, 32, the son of Russian Parliament member Valery Seleznev, was arrested in 2014 while attempting to board a flight in the Maldives, the arrest raised diplomatic tensions between American and Russian authorities. The prosecution was built starting from data found on his laptop that was seized at the time of the arrest. The PC contained more than 1.7 million stolen credit card numbers, some of which were stolen from businesses in Western Washington. The analysis of the laptop allowed the prosecutors to find additional evidence linking Seleznev to the servers, email accounts and financial transactions involved in the hacking scheme. The prosecution was criticized by the Seleznev’s lawyer, John Henry Browne. “I don’t know of any case that has allowed such outrageous behavior,” said Browne. The US DoJ replied that Seleznev “was prosecuted for his conduct not his nationality.” If convicted, Seleznev could face up to 40 years in the jail, his victims were small businesses and retailers hacked from 2008 to 2014. Seleznev will be sentenced on December 2.

 Security Affairs 
Shad0wS3C group hacked the Paraguay Secretary of National Emergency
http://securityaffairs.co/wordpress/50740/hacktivism/shad0ws3c-hacked-sne.html
Shad0wS3C hacker group has hacked the Paraguay’s Secretary of National Emergency (SNE) and leaked online a dump from a PostgreSQL database. Not so long ago I interviewed Gh0s7, the leader of the Shad0wS3C hacker crew, now he contacted me to announce the hack of the Paraguay’s Secretary of National Emergency (SNE). “The reason for this data leak. The government of Paraguay has violated so many human rights, and either the UN (Don’t rely on them) or anyone has done anything. just to name a few: * Impunity and justice system * Torture and other ill-treatment * Violation of Women’s and girls’ rights * Violation against Human rights defenders” this is the Shad0wS3C message.[Picture]The group has shared as proof of the hack a data dump from a PostgreSQL database, just after the announced security breach the Government website sen.gov.py was up. The leaked data dump includes information about material stocks and also PII belonging to Paraguay’s Secretary of National Emergency employees. Users’ records include names, emails, phone numbers, addresses, salary information, and other data related to their activity within the Government organization (i.e Roles in the case of national emergencies).The leaked data also includes details on hundreds website login credentials, with hashed passwords. Shad0wS3c is a hacker group recently formed, in July it claimed responsibility for the data breach of the EJBCA that resulted in the exposure of credentials and certificates.

 ZDnet
Opera resets passwords after sync server hacked
http://www.zdnet.com/article/opera-resets-passwords-after-server-hack/
By Zack Whittaker for Zero Day | August 28, 2016 -- 18:10 GMT (19:10 BST) 
But the company won't say how the passwords are stored, which may indicate if they can be unscrambled by an attacker.
Opera has confirmed that a hacker breached one of the company's sync servers, potentially exposing passwords. The Norway-based internet browser maker said in a blog post that it "quickly blocked" an attack on its systems earlier this week, but it admitted that some data was compromised, including "some of our sync users' passwords and account information", such as login names. But the company said it doesn't know the full scope of what was compromised. Opera said that it has reset all the Opera sync account passwords as a precaution. At the time of the attack, more than 1.7 million active users last month used the feature, which allows users to share website passwords across devices. The company confirmed that passwords are hashed and salted -- an industry-standard practice to scramble passwords so that they are unusable -- but didn't provide specifics on how, leaving no clear indication if the passwords can be unscrambled by an attacker. Opera staffer Tarquin Wilton-Jones, who wrote the blog post, said the company will "not divulge exactly how authentication passwords on our systems are prepared for storage", as this would "only help a potential attacker". We sent Opera some questions but did not hear back at the time of writing. If that changes, we'll update the piece.

Hacker Interviews – New World Hackers
http://securityaffairs.co/wordpress/50716/hacking/new-world-hackers-interview.html
August 28, 2016  By Pierluigi Paganini
New World Hackers is one of the most popular groups of hackers, it conducted several hacking campaigns against multiple targets.
Did you conduct several hacking campaigns? Could you tell me more about you and your team? We have been dedicated to operations, such as taking down BBC, Donald Trump, NASA, and XBOX. I started out as just a kid wanting to mess around with a few games, later on, I realized I was more skilled than the average child. I began learning how to program in Python and Ruby. I, later on, became a Certified Network Security Analyst but did not take the offer to work for the Federal Bureau. Could you tell me which his your technical background and when you started hacking? Which are your motivations? My motivation for hacking is the excitement of being able to tell someone a security flaw they may have missed. What was your greatest hacking challenge?  The greatest hack I’ve done would be breaching an entire DNS server which held 30,000 domains back in 2014, sadly I only got the chance to deface about 20 domains and left the rest alone. 70% of all DNS servers around the world are still vulnerable to the 0day till this day. Which was your latest hack? Can you describe me it? The latest series of attacks are against celebrities actually! Our team is observing celebrity websites and we are shocked that most celebrities don’t secure the website nearly 50,000 people visit in an hour. Recently http://Adele.com  was held offline an entire day August 20th during a concert. The page for a short period of time displayed some of her domain login information. What are the 4 tools that cannot be missed in the hacker’s arsenal and why? 4 tools:  1. I would say is a dynamic proxy chain which hides you’re ip. You would rather be safe than sorry.  2. Secondary ICMP range vulnerability  scanner. This tool can be found on TOR and can be used to scan multiple domains at the same time finding XSS vulnerability, but also SQLI vulnerability.  3. Scaled shell, not many people have heard of this. It can’t be erased from a server you have just brute forced, or has been SQL injected, thus allowing you to deface or steal data from the specific web server multiple times.  4. A 0day; 0days can’t be found unless you tell it. Make your own, or buy one. Which are the most interesting hacking communities on the web today, why? Hacking communities nowadays aren’t as common, within our boundaries we would state the Turkish Hackers, Greek Hackers, Ghost Squad Hackers, and Tactical Team Hackers, and Ourmine as far as web security are some of the most interesting groups out there at this point in time. Did you participate in hacking attacks against the IS propaganda online? When? How? Yes, participate in hacking attacks against IS, in my former group we use to take down ISIS twitter and facebook accounts and after that I personally took a few down and DDoSed some websites. Where do you find IS people to hack? How do you choose your targets? We did participate in the attacks against the Islamic State back in December, through June we defaced IS propaganda websites and jacked Twitter accounts. I’m going to do a bit of a leak because it isn’t really hacking when you are jacking ISIS Twitter accounts. People located in Saudi Arabia doesn’t need emails to register on Twitter. @ctrlsec on Twitter tweets out vulnerable ISIS accounts every 5 minutes. Since they don’t need an email to register Twitter automatically defaults their email to Gmail, so the email would be [email protected]. All we have to do is make that email which isn’t valid and recover the account. 30% of Twitter is vulnerable to the 0day, have fun jacking ISIS Twitter accounts! We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure? Yes, we think a big risk not taking the necessary steps when you are securing your critical infrastructure. The potential threat of hackers is just around the corner.

Australian cyber crime threats: Four Corners investigates how hackers are hacking into our
http://opensources.info/australian-cyber-crime-threats-four-corners-investigates-how-hackers-are-hacking-into-our-2/

Four Corners ?Cyber War?0:29
Cyber security adviser Kevin Mitnick demonstrates how easy it is to hack into a bank account using a fake wifi network. CREDIT: Four Corners, ABC
http://video.news.com.au/News/
ONE of the world’s most infamous, former computer hackers has revealed how easy it is to hack into a bank account, as Australia faces serious cyber threats. In a special report on cyber crime, Four Corners spoke to Kevin Mitnick, who is now a cyber security adviser to top companies. He showed reporter Linton Besser how easy it was to set up a fake Wi-Fi scam, letting him think he was signing into his National Australia Bank account via Telstra Air. “But what he doesn’t know, he’s connecting to my fake access point. And what we’re gonna do is we’re gonna take over his computer,” he said. Mitnick was then able to record all of his keystrokes, including his banking password. “And then what I’m gonna be able to do is steal his passwords, and I’m gonna be able to inject fake updates, so once he installs them we gain full control of his computer system and he’ll never know the better.” Mitnick’s simple hack is just one part of a much larger problem with the growth of cyber crime across Australia and overseas, which is one of the greatest challenges to law enforcement.Kevin Mitnick, who showed viewers how easy it is to hack into someone’s private information. Picture: ABCSource:Supplied Four Corners also revealed that a small Australian satellite company had its computer systems so comprehensively hacked that experts described their network as the most corrupted they’d ever seen. As well, hackers, likely Chinese, had targeted the Defence Science and Technology Organisation and the Bureau of Meteorology. The real target of the Bureau of Meteorology hack was thought to be the Australian Geospatial-Intelligence Organisation which supports defence operations through provision of satellite and other imagery, it said. The firm Newsat, which planned to launch two Australian satellites and build an Australian satellite industry, attracted the attention of foreign hackers, with the Australian Signals Directorate breaking the bad news to company executives. “Our network was, as far as they could see, the most corrupted they’d seen. Period,” the company’s former chief financial officer Michael Hewins told Four Corners. Former Newsat IT manager Daryl Peter said the intruders had been inside their network for maybe two years, which was like someone looking over their shoulder for everything they did. “Newsat had been hacked and not just by teenagers in the basement or anything like that. Whoever was hacking us was very well-funded, very professional, very serious hackers.” A year ago Newsat called in the liquidators and sold off its remaining assets. Although China is alleged to be responsible for much hacking, Australian officials won’t point the finger.“It’s not useful for us to talk about any particular nation states,” said Alastair MacGibbon, special adviser on cyber security to Prime Minister Malcolm Turnbull. A recent cybercrime victim was the Australian Bureau of Statistics which came under attack on census night, prompting it to close down the Census. Mr MacGibbon said that was a denial of service attack which was certainly not of the scale or sophistication that should have caused any significant problems. He said that attack was easily predictable and should have been prevented. His comments come as former Australian government cyber security official Tim Wellsmore told the program it’s not just individuals whose secrets are vulnerable to others. Governments and businesses in Australia are attacked, and there are parts of the internet where access to hacked computer servers is bought and sold. Ex CIA + NSA head @GenMhayden on the secrets of cyber warfare, tonight on #4Corners #cyberwar pic.twitter.com/nI7TIsQPe2 — Sally Neighbour (@neighbour_s) August 29, 2016 Former CIA and NSA Director Michael Hayden said Australia, the US and other friendly similar nations around the world need to protect their data. Four Corners stated it had also been told of significant cyber attacks against Austrade. The program was also taken inside a secure facility at the Australian Defence Force Academy in Canberra, where viewers saw two rival teams compete in a training exercise to shut down each other’s power grid — which could be a real hacker’s target.One of the cyber world’s experts, Washington-based Dmitri Alperovitch, also criticised Australia for not doing enough to warn local industry about online threats. “The reality is that the Australian government is very well aware of these activities but they have not really come out and publicly acknowledged it, they have not done a good job, in my opinion, educating the public about this threat and as a result there’s a sense of complacency oftentimes among industry because they don’t appreciate that even in Australia you can be targeted,” he said. “And China happens to be your biggest trading partner — there’s a lot of reasons why they would be hacking into your industry, to try to steal intellectual property, try to get an advantage in trade negotiations and it’s happening very often and, uh, very little is being done about it.” Mr MacGibbon defended the government, saying they needed more time to develop ongoing conversations about cyber attacks with the Australian public. “You have to give us some time as we work through what can be said, how it can be said to increase the level of engagement,” he said. As for the allegations against China, the Chinese government through its embassy in Canberra told the ABC it has denied it was behind the cyber attacks in Australia, describing the allegations as “nothing but false cliches”.


 Ars Technica 
Officials blame “sophisticated” Russian hackers for voter system attacks
Sean Gallagher - Aug 30, 2016 7:12 pm UTC
The profile of attacks on two state voter registration systems this summer presented in an FBI "Flash" memo suggests that the states were hit by a fairly typical sort of intrusion. But an Arizona official said that the Federal Bureau of Investigation had attributed an attack that succeeded only in capturing a single user's login credentials to Russian hackers and rated the threat from the attack as an "eight on a scale of ten" in severity. An Illinois state official characterized the more successful attack on that state's system as "highly sophisticated" based on information from the FBI. Arizona Secretary of State Office Communications Director Matt Roberts told the Post's Ellen Nakashima that the FBI had alerted Arizona officials in June of an attack by Russians, though the FBI did not state whether they were state-sponsored or criminal hackers. The attack did not gain access to any state or county voter registration system, but the username and password of a single election official was stolen. Roberts did not respond to requests from Ars for clarification on the timeline and other details of the attack. Based on the details provided by Roberts to the Post, it's not clear if the Arizona incident was one of the two referred to in the FBI "Flash" published this month. The FBI has not responded to questions about the memorandum on the attacks first published publicly by Yahoo News' Michael Isikoff, but a SQL injection attack wouldn't seem to be the likely culprit for stealing a single username and password. It's more likely that the Gila County election official whose credentials were stolen was the victim of a phishing attack or malware. The Illinois breach was described in detail by a message to county election officials by Kyle Thomas of the Illinois State Board of Elections. The attack was detected on July 12 and caused the state to revert to paper voter registration for more than a week. The paperless Illinois Voter Registration System (IVRS) was specifically targeted by the attack, Thomas said: On July 13th, once the severity of the attack was realized, as a precautionary measure, the entire IVRS system was shut down, including online voter registration. The pathway into IVRS was NOT through our firewalls but through a vulnerability on our public web page that an applicant may use to check the status of their online voter registration application. The method used was SQL injection. The offenders were able to inject SQL database queries into the IVRS database in order to access information. This was a highly sophisticated attack most likely from a foreign (international) entity. We have found no evidence that they added, changed, or deleted any information in the IVRS database. Their efforts to obtain voter signature images and voter history were unsuccessful. They were able to retrieve a number of voter records. We are in the process of determining the exact number of voter records and specific names of all individuals affected. The characterization of the attack on the Illinois system as "highly sophisticated" doesn't necessarily match the techniques described by the FBI Cyber Division's memorandum. As Thomas noted, the attackers used a public, non-secure webpage to gain access—a page that tapped directly into the voter rolls from outside the firewall without any data validation. And as Ars reported yesterday, the vulnerability was discovered by the attackers with software from Acunetix, a security tools firm based in London and Malta, along with other free and open source software—software that is usually used to validate the security of websites rather than break into them. "Acunetix automatically crawls and scans websites and Web applications to identify Web application level vulnerabilities that may then be exploited to gain access to databases and other trusted systems," said Acunetix General Manager Chris Martin in an e-mail to Ars. "The idea behind Acunetix is for a website owner to use it to assess the security posture of its website and Web applications for exploitable code before the bad guys get to do that for their own nefarious aims." Martin said that the Acunetix team had checked the IP addresses mentioned in the FBI report as the source of the attackers' scans and said that they "cannot link those IP addresses to any legitimate installation of Acunetix technology. Unfortunately, as with all successful independent software vendors, Acunetix is pirated, and illegal unlicensed copies are used without authorization." He added that Acunetix is volunteering assistance to the FBI in its investigation. For what it's worth, voter registration rolls in Illinois are public records, supplied widely to campaigns and other organizations for direct-mail campaigns. And after the attack, passwords were reset on the IVRS—with a new password policy requiring a minimum of eight characters, at least one being non-alphanumeric.

 Security Affairs 
Saudi government facilities hit by cyber attacks, Saudi cyber experts convened
http://securityaffairs.co/wordpress/50795/cyber-crime/saudi-cyber-experts.html
August 30, 2016  By Pierluigi Paganini
Saudi government facilities have been hit cyber attacks, the Government is investigating with the support of Saudi cyber experts.
Saudi government facilities have been targeted by major cyber attacks, in response, the Government has convened a group of cyber experts to examine the events. According to the Saudi Press Agency, Saudi cyber experts held urgent talks on Tuesday after the cyber attack “in recent weeks targeted government institutions and vital installations in the kingdom.” At the time I was writing there is no information about targeted agencies neither the alleged threat actor behind the cyber attacks against Saudi infrastructure.
The Saudi cyber security experts were involved in the investigation and according to the Saudi Press Agency, the kingdom’s Cybersecurity Centre “held an urgent workshop with a number of parties” to discuss the results of its investigations. The attacks were launched from abroad, attackers targeted Saudi websites with a spyware to steal sensitive information from the targets. This isn’t the first time that Saudi websites were hit by cyber attacks, in June hackers attacked a major Saudi newspaper and gained its control to publish fake news. The Saudi cyber experts analyzed the attacks and proposed the necessary countermeasures to defeat the threat and protect the information targeted by the hackers. Experts exposed the “necessary procedures to fix and to protect those sites”, reported the Saudi Press Agency. The most clamorous attack against Saudi government facilities occurred in 2012 when a virus infected 30,000 workstations of one of the world’s largest energy companies, the Saudi Aramco.

 Security Affairs 
The RIPPER malware linked to the recent ATM attacks in Thailand
http://securityaffairs.co/wordpress/50763/breaking-news/atm-ripper-malware.html
August 30, 2016  By Pierluigi Paganini
Experts from FireEye  who analyzed the RIPPER malware believe it was used by crooks in the recent wave of cyber attacks against ATM in Thailand.
Earlier this month a malware was used by a criminal organization to steal 12 million baht from ATMs in Thailand. According to FireEye, the malware was uploaded for the first time to the online scanning service VirusTotal on Aug. 23, 2016. The malicious code was uploaded from an IP address in Thailand a few minutes the cyber heist was reported by media. Experts from FireEye who analyzed the malware, dubbed RIPPER because researchers found the “ATMRIPPER” name in the sample, revealed that it implemented techniques not seen before. Hackers belonging to a cybercrime gang from Eastern Europe have stolen over 12 Million Baht (approximately US$346,000) from a 21 ATMs in Thailand. The Central Bank of Thailand (BoT) has issued a warning to all the banks operating in the country about security vulnerabilities that plague roughly 10,000 ATMs. It seems that hackers exploited such flaws to steal cash from the ATMs. The same gang was involved in similar attacks against top eight banks in Taiwan. In Taiwan, the thieves have stolen NT$70 Million ($2.2 Million) in cash forcing the banks to shut down hundreds of their cash machines. The warning issued by the Central Bank of Thailand follows the decision of the Government Savings Bank (GSB) to shut down roughly 3,000 ATMs of its 7,000 machines in response to a recent wave of attacks that targeted its machines. According to FireEye, the RIPPER malware borrows multiple features from other ATM malware: * Targets the same ATM brand. * The technique used to expel currency follows the same strategy (already documented) performed by the Padpin (Tyupkin),SUCEFUL and GreenDispenser. * Similar to SUCEFUL, it is able to control the Card Reader device to Read or Eject the card on demand. * Can disable the local network interface, similar to capabilities of the Padpin family. * Uses the “sdelete” secure deletion tool, similar to GreenDispenser, to remove forensic evidence. * Enforces a limit of 40 bank notes per withdrawal consistently, which is the maximum allowed by the ATM vendor. The RIPPER malware also implements new features, for example, it was designed to target three of the main ATM Vendors worldwide, which is a first. The RIPPER malware interacts with the ATM by inserting a specially manufactured ATM card with an EMV chip, with this mechanism crooks authenticate themselves to the cash machine. This mechanism is uncommon, the Skimmer use this method too. In order to gain persistence, the RIPPER malware uses either a standalone service or masquerade itself as a legitimate ATM process. When the RIPPER is installed as a service, it first killk the process “dbackup.exe”, then replaces it with its binary, then it installs the persistent service “DBackup Service.” “RIPPER can stop or start the “DBackup Service” with the following arguments: “service start” or “service stop” RIPPER also supports the following command line switches: /autorun: Will Sleep for 10 minutes and then run in the background, waiting for interaction. /install: RIPPER will replace the ATM software running on the ATM as follows: Upon execution, RIPPER will kill the processes running in memory for the three targeted ATM Vendors via the native Windows “taskkill” tool. RIPPER will examine the contents of directories associated with the targeted ATM vendors and will replace legitimate executables with itself. This technique allows the malware to maintain the legitimate program name to avoid suspicion.” continues FireEye. When RIPPER malware is executed without any parameters, it performs a series of actions, such as connecting with the local peripherals (i.e. Cash Dispenser, Card Reader, and the Pinpad). Then the threat detects a card with a malicious EMV chip it starts a timer to allow a crook  to control the ATM via the Pinpad. The crooks can perform multiple malicious actions, including clear logs and shut down the ATM local network interface. Back to the Thailand attacks, below are reported similarities between the RIPPER malware and the malicious code used by the gang.

Australian Government Computer Networks Breached In Cyber Attacks As Experts Warn Of Espionage Threat
http://www.pireport.org/articles/2016/08/29/australian-government-computer-networks-breached-cyber-attacks-experts-warn
Submitted by PIR Editor on Mon, 08/29/2016 - 12:30
Intelligence sources say they suspect the attackers in these cases were sponsored by China
By Linton Besser, Jake Sturmer and Ben Sveen MELBOURNE, Australia (Radio Australia, August 29, 2016) – Sensitive Australian Government and corporate computer networks — including those holding highly confidential plans for a privately financed geostationary communications satellite — have been penetrated by sophisticated cyber attacks, a Four Corners investigation has established. Austrade and the Defence Department's elite research division, now named the Defence Science Technology Group, both suffered significant cyber infiltrations in the past five years by hackers based in China. Intelligence sources say they suspect the attackers in these cases were sponsored by Beijing. Four Corners has also confirmed Newsat Ltd, an Australian satellite company whose assets were sold off last year after the company went into administration, was so comprehensively infiltrated three years ago that its entire network had to be rebuilt in secret. But these incidents, revealed for the first time, are only a fraction of the cyber attacks being waged against Australian governments and companies. The Prime Minister's cyber security adviser, Alastair MacGibbon, told the program the Australian Government was "attacked on a daily basis". "We don't talk about all the breaches that occur," he said. Former Central Intelligence Agency boss Michael Hayden, who also served for six years as the head of the US electronic spying division, the National Security Agency (NSA), said both Australia and the US had to harden up their defences and "protect their data" from foreign cyber attacks. "It is what adult nation states do to one another," he said. "What my dad told me when I came home beat up from a fight once when I was about 10 years old: 'Quit crying, act like a man and defend yourself'.'" A spokesman for the Chinese Embassy in Canberra denied China had conducted any cyber espionage against Australian interests, calling such allegations "totally groundless" and "false cliches". "Like other countries, China suffers from serious cyber attacks and is one of the major victims of hacking attacks in the world," he said. Defence assets may have been target in BoM hack Four Corners has also been given fresh details about the high-profile hack of the Bureau of Meteorology (BoM), which was officially confirmed by Mr Turnbull earlier this year. Government and industry sources said the true targets for the cyber attack may have been defence assets linked to the BoM and its vast data-collection capabilities. One was the Australian Geospatial-Intelligence Organisation, an intelligence agency within the Department of Defence which provides highly detailed mapping information for military and espionage purposes. The other was the Jindalee Operational Radar Network (JORN), a high-tech over-the-horizon radar run by the Royal Australian Air Force. JORN provides 24-hour military surveillance of the northern and western approaches to Australia but also assists in civilian weather forecasting. Four Corners was told the cyber attack failed to reach into these networks, and that it was "sandboxed", or contained within the BoM. Intelligence sources confirmed the attack was attributed to China, which was again denied by Beijing. Mr MacGibbon said he did not know what the intention was of the people who compromised the system. "I would say to you that people who compromise systems will usually try to find a way to move laterally through it. If that means through a third party that's what they'll try to do," he said. The Australian Signals Directorate (ASD) has conducted detailed investigations into the cyber intrusion, but its boss, Dr Paul Taloni, declined to comment. A former high-ranking intelligence officer told Four Corners the Defence Department itself had significant, unresolved, cyber-security issues and had "to look at itself". He confirmed that in about 2011 the Defence Science Technology Organisation had been successfully hacked by China-sponsored hackers, but declined to provide any further details citing national security concerns. A spokesman for the Defence Science Technology Group said: "Defence policy is to not comment on matters of national security." Sensitive information 'stolen for profit' Mr Hayden said, however, China's efforts against Australia had been primarily focused on "the theft of information, and really by and large the theft of information for commercial profit", activities which he said go beyond acceptable state-on-state espionage.   The Newsat attack by China-based hackers may be a case in point. "Given we were up against China, state-sponsored, a lot of money behind them and a lot of resources and we were only a very small IT team, it certainly wasn't a fair fight for us," Newsat's former IT manager Daryl Peter said. While the company carried communications for resources and fossil fuel companies, as well as the US military's campaign in Afghanistan, Mr Peter said the real target for the cyber infiltration was its plans for a Lockheed Martin-designed satellite dubbed Jabiru-1. "A company like Lockheed Martin, they have restrictions on the countries where they can build their satellites," he said. "So a country like China being able to get a hold of confidential design plans would be very beneficial for them because it's not something they would see or be able to have access to." Mr Peter was first told about the hack of the company in 2013 at a top-level meeting with ASD. The issue had come to a head because of Newsat's advanced plans to employ a restricted encryption tool for use with the new satellite designed by the US Government's NSA. ASD refused to release the tool to Newsat until it tackled the sophisticated cyber intrusion, with intelligence officials telling the company its networks were "the most corrupted" they had seen. "They actually said to us that we were the worst," Mr Peter said. "What came out of that meeting was we had a serious breach on our network and it wasn't just for a small period of time, they'd been inside our network for a long period, so maybe about two years. And the way it was described to us was they are so deep inside our network it's like we had someone sitting over our shoulder for anything we did." To rid the network of the infestation, Mr Peter had to build a parallel network in secret so as to not tip off the hackers that had been identified. That work took almost a year and cost the better part of $1 million. Mr MacGibbon said the revelations were no surprise. "I can't say which particular nation state would get involved in getting into a telecommunications system but I can understand why a nation state would," he said. "If you wanted to listen to someone's communications that's probably a good place to start." Austrade regularly challenged by security issues Australia's trade and investment commission, Austrade, has had persistent problems with cyber security, Four Corners has learned. The discovery of a major infestation in the Austrade network was made during work that began in 2013 within the department to develop a new data centre and a redesigned IT infrastructure. In March 2014, the agency's cyber security regime underwent an ASD-designed security assessment required because Austrade not only carries sensitive communications but works closely with the Department of Foreign Affairs and Trade. An intelligence community figure said the tests resulted in a "series of red flags". He said the infiltration was "covering the network". Austrade brought in UXC Saltbush, a cyber security contractor, to investigate its networks and put mitigation works in place to prevent future breaches A former high-ranking intelligence official said the Austrade breach followed a previous problem in 2011, which was a textbook example of a "successful [and] deeper penetration". Jim Dickins, an Austrade spokesman, said the organisation "faces ongoing and fluid challenges to its information technology security". "Austrade has worked with the Australian Signals Directorate on occasion to contain and eradicate threats but is unable to comment on specific instances. Mitigation strategies developed on those occasions are applied on an ongoing basis." The intelligence community figure said the problems had still not been entirely addressed because of the high cost of a comprehensive network-wide security upgrade, but Mr Dickins denied there were any "significant" persistent issues. "Austrade is not currently dealing with any significant threats or breaches of its network," he said. A third intelligence source told Four Corners that "Austrade is inherently vulnerable" because of its international footprint and reliance on locally-employed staff. "People are getting breached all the time," he said.

 Hacker News 
Two US State Election Systems Hacked to Steal Voter Databases — FBI Warns
http://thehackernews.com/2016/08/election-system-hack.html
Monday, August 29, 2016 Mohit Kumar
A group of unknown hackers or an individual hacker may have breached voter registration databases for election systems in at least two US states, according to the FBI, who found evidence during an investigation this month. Although any intrusion in the state voting system has not been reported, the FBI is currently investigating the cyberattacks on the official websites for voter registration system in both Illinois and Arizona, said Yahoo News. The FBI's Cyber Division released a "Flash Alert" to election offices and officials across the United States, asking them to watch out for any potential intrusions and take better security precautions. "In late June 2016, an unknown actor scanned a state's Board of Election website for vulnerabilities using Acunetix, and after identifying a Structured Query Language (SQL) injection (SQLi) vulnerability, used SQLmap to target the state website," the FBI alert reads. "The majority of the data exfiltration occurred in mid-July. There were 7 suspicious IPs and penetration testing tools Acunetix, SQLMap, and DirBuster used by the actor." The SQL injection attack on Illinois state board website took place in late July, which brought down the state’s voter registration for ten days and siphoned off data on as many as 200,000 registered voters. However, the Arizona attack was less significant, as the hackers were not able to discover any potential loophole using a vulnerability scanning tool, which could have allowed them to steal any data successfully. In the wake of these attacks, the FBI also advised ‘Board of Elections’ of all States to investigate their server logs and determine whether any similar SQL injection, privilege escalation attempts, or directory enumeration activity has occurred. Last December, a misconfigured 300GB of the database also resulted in the exposure of around 191 Million US Voter records, including their full names, home addresses, unique voter IDs, date of births and phone numbers. Why Blame Russia, Always? There's No Evidence Yet The attacks against the state election boards came weeks after the DNC hack that leaked embarrassing emails about the party, leading to the resignation of DNC (Democratic National Committee) Chairwoman Debbie Wasserman Schultz. Some security experts and law enforcement agencies raised concerns about politically motivated hacking, pointing finger over the Russian state-sponsored hackers in an attempt to damage Hillary Clinton’s presidential campaign. Although the FBI does not attribute the recent attacks to any particular hacking group or country, Yahoo News links the attacks to Russia on the basis of IP addresses involved. However, those IP addresses that the FBI said were associated with the attacks belong to a Russian VPN service, which does not conclude that the Russians are behind the attacks. It's believed that the hacks were carried out to disturb the election process either by altering voting totals in the database or by modifying the voter registration page. Script-Kiddie Move Reveals Everything: But, by scanning the website with a vulnerability scanner and downloading the whole database, the ‘script-kiddies’ itself made a rod for their own back, which indicates that neither they are sophisticated state-sponsored hackers, nor they had any intention to influence the election covertly. Neither the Illinois nor Arizona board of elections have responded to these hack attempts.

 Kaspersky 
Angler by Lurk: Why the infamous cybercriminal group that stole millions was renting out its most powerful tool
Woburn, MA, August 30, 2016 – At the beginning of the summer, Kaspersky Lab assisted in the arrest of suspects that were part of the Lurk gang, which allegedly stole more than 45 million dollars from a number of companies and banks in Russia. It was the largest financial cybercrime group to be caught in recent years. However, this wasn’t the only cybercriminal activity the Lurk group has been involved in. According to analysis of the IT infrastructure behind the Lurk malware, its operators were developing and renting their exploit kit out to other cybercriminals. Their Angler exploit kit is a set of malicious programs capable of exploiting vulnerabilities in widespread software and silently installing additional malware on PCs. For years the Angler exploit kit was one of the most powerful tools on the underground available for hackers. Angler activity dates back to late 2013, when the kit became available for hire. Multiple cybecriminal groups involved in propagating different kinds of malware used it: from adware to banking malware and ransomware. In particular, this exploit kit was actively used by the group behind CryptXXX ransomware – one of the most active and dangerous ransomware threats online – TeslaCrypt and others. Angler was also used to propagate the Neverquest banking Trojan, which was built to attack nearly 100 different banks. The operations of Angler were disrupted right after the arrest of the Lurk group. As research conducted by Kaspersky Lab security experts has showed, the Angler exploit kit was originally created for a single purpose: to provide the Lurk group with a reliable and efficient delivery channel, allowing their banking malware to target PCs. Being a very closed group, Lurk tried to accumulate control over their crucial infrastructure instead of outsourcing some parts of it as other groups do. But in 2013, things changed for the gang, and they opened access to the kit to all who were willing to pay. “We suggest that the Lurk gang’s decision to open access to Angler was partly provoked by necessity to pay bills. By the time they opened Angler for rent, the profitability of their main “business” – cyber-robbing organizations – was decreasing due to a set of security measures implemented by remote banking system software developers. These made the process of theft much harder for these hackers. But by that time Lurk had a huge network infrastructure and a large number of “staff” - and everything had to be paid for. They therefore decided to expand their business, and they succeeded to a certain degree. While the Lurk banking Trojan only posed a threat to Russian organizations, Angler has been used in attacks against users worldwide,” explained Ruslan Stoyanov, head of computer incident investigations. The Angler exploit kit – its development and support – wasn’t the only Lurk group side activity. Over more than a five year period, the group moved from creating very powerful malware for automated money theft with Remote Banking Services software, to sophisticated theft schemes involving SIM-card swap fraud and hacking specialists familiar with the inside infrastructure of banks. All Lurk group actions during this time were monitored and documented by Kaspersky Lab security experts. Read more about how Kaspersky Lab researched the activity of the Lurk group over five years in an article by Ruslan Stoyanov on Securelist.com. About Kaspersky Lab Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.

 Security Affairs 
The Network of NewSat satellite telco firm was the ‘most corrupted’ of ever
http://securityaffairs.co/wordpress/50685/intelligence/newsat-satellite-hacked.html
August 29, 2016  By Pierluigi Paganini
The Network of NewSat satellite firm was the ‘most corrupted’ of ever, it was hacked by foreign hackers and it had interception kit in its data centre.
The story demonstrates the high interest of spy agencies in hacking communication systems. Once upon a time, the Australian satellite company was deeply hacked by cyber spies that completely corrupted its network. The  company is not out of the business, its assets were sold off last year after it went into administration. According to a former staffer that has spoken on condition of anonymity to the Australian Broadcasting Corporation, it was ‘the most corrupted’ network the nation’s intelligence had encountered. According to the ABC broadcast, the news of the hack was already reported in 2013, when the company reported the security breach to the Australian Signals Directorate. The Chinese nation-state hackers made the organization “the most corrupted network [the Directorate had ever seen”, the ABC reports. Former Central Intelligence Agency Chief Michael Hayden declared that the China’s efforts against Australia aimed at “the theft of information, and really by and large the theft of information for commercial profit.” According to the official hackers were interested in sensitive information such as the plans for a Lockheed Martin-designed satellite dubbed Jabiru-1. “Given we were up against China, state-sponsored, a lot of money behind them and a lot of resources and we were only a very small IT team, it certainly wasn’t a fair fight for us,” Newsat’s former IT manager Daryl Peter said. The issue had come to the headlines because the Newsat company was planning to install a restricted encryption tool to allows the NSA to spy on satellite communications, so it notified its intent to the ASD. The Australian Signals Directorate refused to release the encryption tool to Newsat until it was able to eradicate the intruders from its systems. intelligence officials replied to the company telling its networks were “the most corrupted” they had seen.Australian satellite company Newsat Ltd was forced to rebuild its entire network in secret. (Four Corners) Intelligence officials who examined the Newsat infrastructure confirmed it was “the most corrupted” they had seen. “They actually said to us that we were the worst,” Mr Peter said. “What came out of that meeting was we had a serious breach on our network and it wasn’t just for a small period of time, they’d been inside our network for a long period, so maybe about two years. And the way it was described to us was they are so deep inside our network it’s like we had someone sitting over our shoulder for anything we did.” According to the anonymous source that has revealed the story to the ABC, the Newsat network was completely rebuilt. Anyway the NewSat company installed an Australian Government communications interception system in its data centre, but the Australian Government had refused to deploy the restricted NSA encryption tool due to the security breach it discovered. “They (NewSat) had a lot of dealings with Middle East organisations,” the source said. Let me suggest reading a detailed analysis published by the ABC’s Four Corners that confirms Australian Government computer networks were breached by hackers.

 Security Affairs 
Minecraft World Map data breach, 71,000 accounts leaked online
http://securityaffairs.co/wordpress/50771/data-breach/minecraft-world-map-hack.html
The popular security expert Troy Hunt reported some 71,000 user accounts and IP addresses have been leaked from the website Minecraft World Map.
Another data breach affects the gaming industry, this time, 71,000 Minecraft World Map accounts has been leaked online after the ‘hack.’ Some 71,000 user accounts and IP addresses have been leaked from Minecraft fan website Minecraft World Map. The Minecraft World Map site is very popular withing the Minecraft gaming community, gamers can use the web property to share the worlds they have built. The popular security expert reported Troy Hunt reported the data dumps that include 71,000 user accounts and IP addresses. New breach: Minecraft World Map had 71k user accounts hacked in Jan. 55% were already in @haveibeenpwned https://t.co/hv1u9SmRVj — Have I been pwned? (@haveibeenpwned) 29 agosto 2016 Exposed records include email addresses, IP address data, login credentials for the popular site Minecraft World Map, Troy Hunt clarified that passwords included in the dumps were salted and hashed.
A rapid check allowed the Australian expert to verify that more than half of the compromised accounts were already listed in its online service haveibeenpwned.com that allows users to discover if they have an account that has been compromised in a data breach. According to the experts, the website Minecraft World Map was breached in January 2016, but the incident was not publicly reported. “In approximately January 2016, the Minecraft World Map site designed for sharing maps created for the game was hacked and over 71k user accounts were exposed. The data included usernames, email and IP addresses along with salted and hashed passwords. Compromised data: Email addresses, IP addresses, Passwords, Usernames” Hunt wrote on his website. Users have to reset their passwords on the Minecraft World Map and on any other website that shares the same login credentials. This is the last incident occurred in the gaming industry disclosed online, recently security vulnerabilities in the vBulletin platform have exposed more than 27 million accounts, many of them belonging to gamers on mail.ru. Giving a close look to the compromised mail.ru accounts they belong from CFire, parapa.mail.ru (ParaPa Dance City game), and tanks.mail.ru (Ground War: Tank game).

 IT WORLD 
Attackers deploy rogue proxies on computers to hijack HTTPS traffic
http://www.itworld.com/article/3114065/attackers-deploy-rogue-proxies-on-computers-to-hijack-https-traffic.html
The new attack uses Word documents loaded with malicious code
Lucian Constantin  * IDG News Service | August 30, 2016
Security researchers have highlighted in recent months how the web proxy configuration in browsers and operating systems can be abused to steal sensitive user data. It seems that attackers are catching on. A new attack spotted and analyzed by malware researchers from Microsoft uses Word documents with malicious code that doesn't install traditional malware, but instead configures browsers to use a web proxy controlled by attackers. In addition to deploying rogue proxy settings, the attack also installs a self-signed root certificate on the system so that attackers can snoop on encrypted HTTPS traffic as it passes through their proxy servers.The attack starts with spam emails that have a .docx attachment. When opened, the document displays an embedded element resembling an invoice or receipt. If clicked and allowed to run, the embedded object executes malicious JavaScript code.  The JavaScript code is obfuscated, but its purpose is to drop and execute several PowerShell scripts. PowerShell is a scripting environment built into Windows that allows the automation of administrative tasks. One of the PowerShell scripts deploys a self-signed root certificate that will later be used to monitor HTTPS traffic. Another script adds the same certificate to the Mozilla Firefox browser, which uses a separate certificate store than the one in Windows. The third script installs a client that allows the computer to connect to the Tor anonymity network. That's because the attackers use a Tor .onion website to serve the proxy configuration file.The system's proxy auto-config setting is then modified in the registry to point to the .onion address. This allows attackers to easily change the proxy server in the future if it's taken offline by researchers.  "At this point, the system is fully infected and the web traffic, including HTTPS, can be seen by the proxy server it assigned," the Microsoft researchers said in a blog post. "This enables attackers to remotely redirect, modify and monitor traffic. Sensitive information or web credentials could be stolen remotely, without user awareness." Researchers from the SANS Internet Storm Center recently reported a similar attack from Brazil, where hackers installed rogue proxies on computers in order to hijack traffic to an online banking website. A rogue root CA certificate was deployed in that case as well in order to bypass HTTPS encryption. At the DEF CON and Black Hat security conferences earlier this month, several researchers showed how man-in-the-middle attackers can abuse the Web Proxy Auto-Discovery (WPAD) protocol to remotely hijack people's online accounts and steal their sensitive information, even when those users access websites over encrypted HTTPS or VPN connections.

Comey: FBI wants 'adult conversation' on device encryption'
http://www.sfgate.com/business/technology/article/Comey-FBI-wants-adult-conversation-on-device-9192617.php
Eric Tucker, Associated Press,Updated 4:33 pm, Tuesday, August 30, 2016
WASHINGTON (AP) — FBI Director James Comey warned again Tuesday about the bureau's inability to access digital devices because of encryption and said investigators were collecting information about the challenge in preparation for an "adult conversation" next year. Widespread encryption built into smartphones is "making more and more of the room that we are charged to investigate dark," Comey said in a cybersecurity symposium. The remarks reiterated points that Comey has made repeatedly in the last two years, before Congress and in other settings, about the growing collision between electronic privacy and national security. The Justice Department decided within the last year to not seek a legislative resolution, and some of the public debate surrounding the FBI's legal fight with Apple Inc. has subsided in the last few months since federal authorities were able to access a locked phone in a terror case without the help of the technology giant. The FBI sought a court order to force Apple to help it hack into an iPhone used by one of the San Bernardino shooters, a demand the tech giant and other privacy advocates said would dramatically weaken security of its products. The FBI ultimately got in the phone with the help of an unidentified third party, leaving the legal dispute unresolved. But Comey made clear Tuesday he expects that dialogue to continue. "The conversation we've been trying to have about this has dipped below public consciousness now, and that's fine," Comey said at a symposium organized by Symantec, a technology company. "Because what we want to do is collect information this year so that next year we can have an adult conversation in this country." The American people, he said, have a reasonable expectation of privacy in private spaces — including houses, cars and electronic devices. But that right is not absolute when law enforcement has probable cause to believe that there's evidence of a crime in one of those places, including a laptop or smartphone. "With good reason, the people of the United States — through judges and law enforcement — can invade our private spaces," Comey said, adding that that "bargain" has been at the center of the country since its inception. He said it's not the role of the FBI or tech companies to tell the American people how to live and govern themselves. "We need to understand in the FBI how is this exactly affecting our work, and then share that with folks," Comey said, conceding the American people might ultimately decide that its privacy was more important than "that portion of the room being dark." He also stood by the Justice Department's decision to bring indictments against Chinese and Iranian officials in major cyberattack cases in the last two years, rejecting criticism from those who have called the criminal charges meaningless gestures unlikely to result in a conviction. "We want to lock some people up, so that we send a message that it's not a freebie to kick in the door, metaphorically, of an American company or private citizen and steal what matters to them," Comey said. "And if we can't lock people up, we want to call it out. We want to name and shame through indictments, or sanctions, or public relation campaigns, who is doing this and exactly what they're doing." Those actions can make a foreign defendant think twice before traveling overseas, and can deter governments. He said there's been progress with the Chinese government since 2014 indictments that accused five Chinese military officials of siphoning secrets from American corporations. "We are working hard to make people at keyboards feel our breath on their necks and try to change that behavior, he said. "We've got to get to a point where we can reach them as easily as they can reach us and change behavior by that reach-out."

 Threatpost 
Privacy Groups File FTC Complaint over WhatsApp Data Sharing with Facebook
https://threatpost.com/privacy-groups-file-ftc-complaint-over-whatsapp-data-sharing-with-facebook/120218/
by Michael Mimoso   Follow @mike_mimoso August 30, 2016 , 12:23 pm
Alleging a trail of broken promises, two privacy-focused advocacy groups yesterday filed a complaint with the Federal Trade Commission against a recent WhatsApp privacy policy change that states it will begin sharing user data with parent company Facebook. The Electronic Privacy Information Center (EPIC) and the Center for Digital Democracy (CDD) said in a joint complaint that the proposed change constitutes an unfair and deceptive trade practice, and called on the FTC to investigate.
August 25, 2016 , 9:22 am
EPIC Consumer Protection Counsel Claire T. Gartland told Threatpost that the FTC has yet to reply to the complaint; the commission does not publicize investigations and filing organizations may not be notified whether the FTC proceeds on a complaint, most of which are ultimately settled without formal hearings. “EPIC will be keeping the pressure on the Commission to act, since this is such a clear violation of their numerous statements on the issue,” Gartland said. “If and when the FTC acts, they have the power to stop the proposed changes from going forward and/or enter into a settlement agreement with the companies – similar to the 2012 consent order with Facebook.” In 2012, the FTC and Facebook settled over charges that Facebook repeatedly shared information that users intended to remain private. Facebook was ordered in the settlement to give consumers “clear and prominent notice and obtaining their express consent before sharing their information beyond their privacy settings, by maintaining a comprehensive privacy program to protect consumers’ information, and by obtaining biennial privacy audits from an independent third party,” the FTC said in a release. WhatsApp, which was acquired by Facebook two years ago for $19 billion, said last Thursday in a blogpost that it would soon begin sharing users’ phone numbers with Facebook, a move that would improve targeted advertising and connections with the friends on Facebook. “Our belief in the value of private communications is unshakeable, and we remain committed to giving you the fastest, simplest, and most reliable experience on WhatsApp,” WhatsApp said. EPIC and CDD, however, said in their complaint to the FTC that the transfer of such data was collected by WhatsApp under promises made in the early days of the Facebook acquisition that private information would not be used or disclosed for marketing purposes. WhatsApp says in its new policy that users will have the opportunity to choose not to share data with Facebook, rather than opt-in to the program. In the FTC complaint, EPIC and CDD point out that WhatsApp founder Jan Koum and Facebook founder Mark Zuckerberg both promised that WhatsApp would operate autonomously and that nothing would change regarding the way WhatsApp uses user data. The complaint also references a 2014 complaint filed with the FTC by EPIC and CDD that called for an investigation and possible injunction blocking the acquisition. Yesterday’s complaint cites a 2014 letter from FTC Consumer Protection Bureau director Jessica Rich to Facebook and WhatsApp officers reminding the companies of promises Facebook made to WhatsApp users, stating that any uses of WhatsApp user data for marketing and advertising purposes violates privacy promises made by the two companies, and that both must obtain consumers’ consent before doing so. “WhatsApp has made a number of promises about the limited nature of the data it collects, maintains, and shares with third parties–promises that exceed the protections currently promised to Facebook users,” Rich wrote. “We want to make clear that, regardless of the acquisition, WhatsApp must continue to honor these promises to consumers.” WhatsApp and Facebook combined have more than two billion users globally. WhatsApp’s messaging service in April introduced end-to-end encryption based on the Signal protocol, securing calls, messages, files, video and voice messages.

SOFTPEDIA
Danish Man Arrested for DDoS Attacks on Finnish State Websites
http://news.softpedia.com/news/danish-man-arrested-for-ddos-attacks-on-finnish-state-websites-507766.shtml
Attacker also DDoSed sites in Denmark, Norway, and the US
Aug 30, 2016 15:25 GMT  ·  By Catalin Cimpanu  · 
Danish police arrested a young Dane for launching DDoS attacks against Finnish government websites, local newspaper Yle Uutiset reports. Police did not reveal the suspect's name but a representative of Finland's NBI's Cybercrime Centre told press that the identity of the attacker is clear. According to Detective Chief Inspector Jyrki Kaipanen, one man was behind all attacks. The same suspect is also investigated by Danish authorities for similar DDoS attacks against websites in Denmark, Norway and the US. All countries collaborated on investigating the attacks, including the FBI. In Finland, authorities accused the young Dane of launching DDoS attacks against more than 200 websites, some belonging to the government. Finnish officials said the crook launched 4-5-hour-long DDoS attacks against the websites of the Social Insurance Institution (Kela), the Ministry of Defence and Parliament. The DDoS attacks took place last spring, in February and March. At the time, officials said the attacker had managed slow down the websites, even halt functionality for hours. There are many incidents of DDoS attack occurring on a daily basis all around the world. Most of these take place because of the low cost of renting a DDoS botnet to carry out the attacks. In most cases, perpetrators get away with their crimes, but sometimes authorities track down and arrest the attackers due to using their home connection to connect and manage the botnet, or because the perpetrators liked to brag online, revealing their identity.

Lurk cybercrime Gang developed, maintained and rent the Angler EK
August 30, 2016  By Pierluigi Paganini
http://securityaffairs.co/wordpress/50779/cyber-crime/lurk-cybercrime-gang.html
Experts from Kaspersky Lab confirmed that the Lurk cybercrime Gang developed, maintained and rent the infamous Angler Exploit Kit.
Security experts from Kaspersky Lab have confirmed that the Lurk cybercrime group are the author of the infamous Angler exploit kit. The members of the Lurk cybercrime crew were arrested by Russian law enforcement this summer, according to the experts they also offered for rent the Angler exploit kit that after the arrest disappeared from the exploit landscape. Law enforcement arrested suspects in June, authorities accused them of stealing around $45 million USD from Russian financial institutions by using the Lurk banking trojan. According to the Cisco Talos researchers, after the arrests of the individuals behind the Lurk banking trojan, it has been observed a rapid disappearance of the Angler EK in the wild. Malware researchers confirmed that the overall traffic related to other EKs shows a drastic fall, around 96% since early April. The Angler and Nuclear exploit kits rapidly disappeared, likely due to the operations conducted by the law enforcement in the malware industry. A joint investigation conducted by the Russian Police and the Kaspersky Lab allowed the identification of the individuals behind the Lurk malware. The experts now confirmed that the Lurk group was also responsible for developing and maintaining the Angler exploit kit, that they called “XXX.” Experts from Kaspersky published a blog post that details how the security firm helped law enforcement in catching the Lurk cybercrime group. The experts explained that the Lurk gang started renting the Angler Exploit Kit after their fraudulent activities became less profitable. “In addition to increasing the number of “minor” attacks, the cybercriminals were trying to solve their cash flow problem by “diversifying” the business and expanding their field of activity. This included developing, maintaining and renting the Angler exploit pack (also known as XXX). Initially, this was used mainly to deliver Lurk to victims’ computers. But as the number of successful attacks started to decline, the owners began to offer smaller groups paid access to the tools.” “Judging by what we saw on Russian underground forums for cybercriminals, the Lurk gang had an almost legendary status,” reads the post. “So when Lurk provided other cybercriminals with access to Angler, the exploit pack became especially popular – a ‘product’ from the top underground authority did not need advertising.” Lurk first appeared on the scene in 2011 when its activities were first spotted by Kaspersky experts. Kaspersky initially determined the Lurk cybercrime group was composed of roughly 15 people. Across the years the number of members of the criminal gang increased to 40.
Kaspersky also provided an estimation of the cost for the Lurk infrastructure that reached tens of thousands of dollars per month. “The criminal group had an extensive and extremely costly network infrastructure, so, in addition to employees’ salaries, it was necessary to pay for renting servers, VPN and other technical tools. Our estimates suggest that the network infrastructure alone cost the Lurk managers tens of thousands of dollars per month.” continues the post.



Ars Technica
Building a new Tor that can resist next-generation state surveillance
http://tornews3zbdhuan5.onion/newspage/38222/
http://arstechnica.com/security/2016/08/building-a-new-tor-that-withstands-next-generation-state-surveillance/
J.M. Porup (UK) - Aug 31, 2016 12:42 pm UTC
Since Edward Snowden stepped into the limelight from a hotel room in Hong Kong three years ago, use of the Tor anonymity network has grown massively. Journalists and activists have embraced the anonymity the network provides as a way to evade the mass surveillance under which we all now live, while citizens in countries with restrictive Internet censorship, like Turkey or Saudi Arabia, have turned to Tor in order to circumvent national firewalls. Law enforcement has been less enthusiastic, worrying that online anonymity also enables criminal activity. Tor's growth in users has not gone unnoticed, and today the network first dubbed "The Onion Router" is under constant strain from those wishing to identify anonymous Web users. The NSA and GCHQ have been studying Tor for a decade, looking for ways to penetrate online anonymity, at least according to these Snowden docs. In 2014, the US government paid Carnegie Mellon University to run a series of poisoned Tor relays to de-anonymise Tor users. A 2015 research paper outlined an attack effective, under certain circumstances, at decloaking Tor hidden services (now rebranded as "onion services"). Most recently, 110 poisoned Tor hidden service directories were discovered probing .onion sites for vulnerabilities, most likely in an attempt to de-anonymise both the servers and their visitors. Cracks are beginning to show; a 2013 analysis by researchers at the US Naval Research Laboratory (NRL), who helped develop Tor in the first place, concluded that "80 percent of all types of users may be de-anonymised by a relatively moderate Tor-relay adversary within six months." Despite this conclusion, the lead author of that research, Aaron Johnson of the NRL, tells Ars he would not describe Tor as broken—the issue is rather that it was never designed to be secure against the world’s most powerful adversaries in the first place. "It may be that people's threat models have changed, and it's no longer appropriate for what they might have used it for years ago," he explains. "Tor hasn't changed, it's the world that's changed." Enlarge / Tor use in Turkey spiked during the recent crackdown.Tor's weakness to traffic analysis attacks is well-known. The original design documents highlight the system's vulnerability to a "global passive adversary" that can see all the traffic both entering and leaving the Tor network. Such an adversary could correlate that traffic and de-anonymise every user. But as the Tor project's cofounder Nick Mathewson explains, the problem of "Tor-relay adversaries" running poisoned nodes means that a theoretical adversary of this kind is not the network's greatest threat. "No adversary is truly global, but no adversary needs to be truly global," he says. "Eavesdropping on the entire Internet is a several-billion-dollar problem. Running a few computers to eavesdrop on a lot of traffic, a selective denial of service attack to drive traffic to your computers, that's like a tens-of-thousands-of-dollars problem." At the most basic level, an attacker who runs two poisoned Tor nodes—one entry, one exit—is able to analyse traffic and thereby identify the tiny, unlucky percentage of users whose circuit happened to cross both of those nodes. At present the Tor network offers, out of a total of around 7,000 relays, around 2,000 guard (entry) nodes and around 1,000 exit nodes. So the odds of such an event happening are one in two million (1/2000 x 1/1000), give or take. Further ReadingOp-Ed: In defense of Tor routersBut, as Bryan Ford, professor at the Swiss Federal Institute of Technology in Lausanne (EPFL), who leads the Decentralised/Distributed Systems (DeDiS) Lab, explains: "If the attacker can add enough entry and exit relays to represent, say, 10 percent of Tor's total entry-relay and exit-relay bandwidth respectively, then suddenly the attacker is able to de-anonymise about one percent of all Tor circuits via this kind of traffic analysis (10 percent x 10 percent)." "Given that normal Web-browsing activity tends to open many Tor circuits concurrently (to different remote websites and HTTP servers) and over time (as you browse many different sites)," he adds, "this means that if you do any significant amount of Web browsing activity over Tor, and eventually open hundreds of different circuits over time, you can be virtually certain that such a poisoned-relay attacker will trivially be able to de-anonymise at least one of your Tor circuits." For a dissident or journalist worried about a visit from the secret police, de-anonymisation could mean arrest, torture, or death. As a result, these known weaknesses have prompted academic research into how Tor could be strengthened or even replaced by some new anonymity system. The priority for most researchers has been to find better ways to prevent traffic analysis. While a new anonymity system might be equally vulnerable to adversaries running poisoned nodes, better defences against traffic analysis would make those compromised relays much less useful and significantly raise the cost of de-anonymising users. The biggest hurdle? Despite the caveats mentioned here, Tor remains one of the better solutions for online anonymity, supported and maintained by a strong community of developers and volunteers. Deploying and scaling something better than Tor in a real-world, non-academic environment is no small feat. Tor was designed as a general-purpose anonymity network optimised for low-latency, TCP-only traffic. Web browsing was, and remains, the most important use case, as evidenced by the popularity of the Tor Browser Bundle. This popularity has created a large anonymity set in which to hide—the more people who use Tor, the more difficult it is to passively identify any particular user. But that design comes at a cost. Web browsing requires low enough latency to be usable. The longer it takes for a webpage to load, the fewer the users who will tolerate the delay. In order to ensure that Web browsing is fast enough, Tor sacrifices some anonymity for usability and to cover traffic. Better to offer strong anonymity that many people will use than perfect anonymity that's too slow for most people's purposes, Tor's designers reasoned. "There are plenty of places where if you're willing to trade off for more anonymity with higher latency and bandwidth you'd wind up with different designs," Mathewson says. "Something in that space is pretty promising. The biggest open question in that space is, 'what is the sweet spot?' "Is chat still acceptable when we get into 20 seconds of delay?" he asks. "Is e-mail acceptable with a five-minute delay? How many users are willing to use that kind of a system?" Mathewson says he's excited by some of the anonymity systems emerging today but cautions that they are all still at the academic research phase and not yet ready for end users to download and use. Ford agrees: "The problem is taking the next big step beyond Tor. We've gotten to the point where we know significantly more secure is possible, but there's still a lot of development work to make it really usable." You must login or create an account to comment.

 Soylent News 
Big Data Busts Crypto: 'Sweet32' Captures Collisions in Old Ciphers
posted by janrinok on Wednesday August 31, @09:46AM  
http://7rmath4ro2of2a42.onion/article.pl?sid=16/08/31/0710222
http://www.theregister.co.uk/2016/08/29/big_data_busts_crypto_sweet32_captures_collisions_in_old_ciphers/
Researchers with France's INRIA are warning that 64-bit ciphers – which endure in TLS configurations and OpenVPN – need to go for the walk behind the shed. The research institute's Karthikeyan Bhargavan and Gaëtan Leurent have demonstrated that a man-in-the-middle on a long-lived encrypted session can gather enough data for a "birthday attack" on Blowfish and triple DES encryption. They dubbed the attack "Sweet32". Sophos' Paul Ducklin has a handy explanation of why it matters here. The trick to Sweet32, the Duck writes, is the attackers worked out that with a big enough traffic sample, any repeated crypto block gives them a start towards breaking the encryption – and collisions are manageably common with a 64-bit block cipher like Blowfish or Triple-DES. They call it a "birthday attack" because it works on a similar principle to what's known as the "birthday paradox" – the counter-intuitive statistic that with 23 random people in a room, there's a 50 per cent chance that two of them will share a birthday. In the case of Sweet32 (the 32 being 50 per cent of the 64 bits in a cipher), the "magic number" is pretty big: the authors write that 785 GB of captured traffic will, under the right conditions, yield up the encrypted HTTP cookie and let them decrypt Blowfish- or Triple-DES-encrypted traffic. [...] "Our attacks impact a majority of OpenVPN connections and an estimated 0.6% of HTTPS connections to popular websites. We expect that our attacks also impact a number of SSH and IPsec connections, but we do not have concrete measurements for these protocols" (emphasis added).

 Open Sources 
Cybersecurity, Encryption Keep the FBI Busy
http://opensources.info/cybersecurity-encryption-keep-the-fbi-busy/
WASHINGTON, D.C. — Cyberattacks are hitting U.S. businesses and governments in multiple ways, and the Federal Bureau of Investigation is stepping up efforts to detect and deter the growing problem, said FBI Director James Comey. Comey made his remarks Tuesday, Aug. 30, just as his agency warned state election officials across the country to be on guard against hackers after the breach of a voter information database in Illinois and an attempted attack in Arizona. Speaking at the Symantec Government Symposium, Comey labeled today’s hackers and data thieves as increasingly sophisticated and often part of a multinational or foreign state supported effort to breach information and databases. “Many of these threats are from criminals with inside information harvested from social media,” he said.  Comey did not comment directly on the election hacking attempts, but said that highest level of cyberthreats today are state-supported, and the biggest players include China, Russia and North Korea. “Next down in the threat stack are the multinational criminal syndicates, followed by purveyors of ransomware, which is spreading like a virus,” he said. Further down the list are the so-called hacktivists, who aren’t interested in profit, but in embarrassing institutions and governments through leaking sensitive data. Surprisingly, Comey listed terrorists as the weakest cyberthreat tracked by the FBI. He explained that terrorists are proficient at disseminating their messages to the public around the clock, but have yet to turn their attention toward computers as a target for terrorism. To battle against the rising tide of cybercrime, the FBI has established cyberthreat teams around the country that take on threats based on their ability to counteract to specific kinds of criminal activity. Comey said the program has a created a healthy competition among teams to handle certain types of intrusions, extortions and breaches. In addition, the bureau has a Cyber Action Team that is ready to fly into a hotspot and respond at any time. The FBI also works closely with the U.S. Department of Homeland Security and national intelligence, as well as foreign partners to deter and, when possible, “incapacitate the bad boys,” he said. Like other government agencies, the FBI struggles to find information security talent willing to work for government pay. The director also said that working with state and local government has become increasingly important as cybercrime continues to grow. “We can’t help with every problem [faced by states and localities], but we can provide training and equipment,” he said. Perhaps the most controversial remarks focused on privacy and encryption, or what Comey termed: going dark. “This is our inability to use judicial authority to get access to data on a device,” he said. “Strong encryption is making more and more of the room going dark. In three years, post Snowden, through default encryption, that shadow is spreading through the room.” A growing number of technology firms, most notably Apple, have introduced devices that encrypt data that not even the companies themselves can access. The FBI and other law enforcement agencies say the devices have become warrant-proof spaces for criminals. The FBI has received 5,000 devices from state and local government agencies requesting help with decrypting them, Comey said, adding that the bureau was unable to open several hundred. With probable cause, he added, law enforcement has always been able to access an individual’s personal property, including communications, such as correspondence. “But there is no such thing as absolute privacy,” he said. “Widespread default encryption changes that bargain. We have never lived with absolute privacy, and default encryption impacts our ability to go after criminals and national security. Tools are becoming less effective because we are going dark.” Comey called for a national conversation about the problem, saying an individual’s absolute control of data is not acceptable. But having that talk might not be easy. Nuala O’Connor, president and CEO of the Center for Democracy and Technology, spoke after Comey and strongly disagreed with his views on encryption. “I don’t agree with FBI Director Comey on dark room encryption,” she said. “The FBI wants to have the master key to the problem. That’s not right.”

SWIFT warns of new attacks, pushes for security upgrades
http://www.scmagazine.com/swift-warns-of-new-attacks-pushes-for-security-upgrades/article/519774/
After cybercriminals lifted $81 million from Bangladesh Bank, SWIFT tightened security but attackers managed to compromise systems at some member banks. While six Democratic senators were beseeching President Obama in a letter to make cybercrime a priority at this weekend's Group of 20 Summit in China, SWIFT was sending a letter of its own to clients alerting them to additional attacks on member banks. Earlier attacks against SWIFT banks were, in part, the impetus behind the senators' letter to Obama, as legislators and world leaders have grown increasingly concerned about the devastation hacks could wreak on the global financial systems. "With so many attack vectors, it was just a matter of time before SWIFT became a focal point for cybercriminals with their financial understanding of the sector's common reactive-ness mentality, or in other words, 'let us see what gets hacked, and then we will react tactically to address it,'” Shane Stevens, VASCO Data Security's director of omni-channel identity and trust solutions, said in comments emailed to SCMagazine.com, “SWIFT got a wake-up call finally for its decision to stay with passwords, albeit stronger ones, when there are far more effective means of authentication available and the 30-year old technology of passwords has long been been proven easy to defeat.” The additional attacks, which SWIFT said indicated a threat that “is persistent, adaptive and sophisticated – and is here to stay,” included compromises of customers' environments “and subsequent attempts made to send fraudulent payment instructions,” according to Reuters, which obtained a copy of the SWIFT letter. “This new wave of cyber attacks leveraging the SWIFT messaging system highlights the fact that banks are still behind the times. They've mastered physical security with big vaults and armed guards,” Yorgen Edholm, CEO of Accellion, said in emailed comments to SCMagazine.com. “However, Jesse James and Patty Hearst aren't the bank robbers society has to worry about any more. What's even more frustrating is the fact that hackers are employing the same methods time and time again – and are still successful. We need change now! Until SWIFT and their customers figure out together a way to prevent these hacks, they will continue and faith in the global banking system will continue to suffer.” Dawid Kowalski, technical director - EMEA at FireMon, said in comments emailed to SCMagazine.com that earlier “events related to Bangladesh Bank exposed weak points of risk management” while the “latest revelations show that for at least one of the attacks on Banks, there was lack of firewall management, not to mention any security posture assessments or event correlation.”  The first attacks, which resulted in the theft of $81 million from Bangladesh Bank in February, had prompted the global financial messaging system to tighten security and put in place additional security procedures. In the letter to clients, SWIFT urged its members to implement its updated software by the November 19 deadline or risk being reported to regulators and other banks, the report said. But following SWIFT's recommendations for upgrading security tools and procedures, likely won't be enough, István Szabó, product manager at Balabit, said in comments emailed to SCMagazine.com,"It is important to highlight that these attacks are not primarily machine based and current security tools won't spot them, as the attackers have already gained foothold behind the defense perimeters,” he said. “ As the account they've used for such actions might already possess the highest level of privileges, the bad actors can often do whatever they want and cover up their tracks with ease.”  Privileged users, he added, are targeted in these types of attacks. “Such sophisticated attacks require more sophisticated methods to discover and stop them,” he explained.

Security Affairs
Dropbox Data Breach, more than 68 Million account details leaked online
August 31, 2016  By Pierluigi Paganini
http://securityaffairs.co/wordpress/50803/data-breach/dropbox-data-breach.html
A DropBox data breach occurred in 2012 is forcing the company to reset login passwords for users included in a data dump leaked online.
Another clamorous data breach is in the headlines, a data dump containing more than 68 Million account credentials for online cloud storage platform Dropbox was leaked online. Earlier this week, Dropbox announced it was forcing password resets for a number of accounts after discovering the data dump online linked to a 2012 breach. “The next time you visit dropbox.com, you may be asked to create a new password. We proactively initiated this password update prompt for Dropbox users who meet certain criteria. Specifically, we’re prompting the update for users who: * Signed up to use Dropbox before mid-2012, and * Have not changed their password since mid-2012″ states the announcement published by DropBox that did not provide further details about the number of impacted users. Dropbox has confirmed the data breach that occurred in 2012, the company already notified its users of a potential forced password resets in response to the incident. “We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” said Patrick Heim, Head of Trust and Security for Dropbox. “We initiated this reset as a precautionary measure so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.” According to Motherboard that obtained parts of the leaked archive, the files contain email addresses and hashed passwords for the Dropbox users. Motherboard had access to four files total in at around 5GB that contains details on 68,680,741 accounts.Out of 68 Million disclosed after the Dropbox Data Breach, 32 Million passwords are protected by the BCrypt hashing, the remaining is hashed with the SHA-1 hashing algorithm. “Motherboard was provided the full set by breach notification service Leakbase, and found many real users in the dataset who had signed up to Dropbox in around 2012 or earlier.” reported Motherboard. There is no doubt, the data is legitimate, as confirmed by an unnamed Dropbox employee that has spoken on condition of anonymity. “Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time,” states a security update published by the company. In 2012, Dropbox initially notified users that one of its employee passwords was acquired and used to access a file with users’ email addresses, but the company didn’t admit that data was stolen by attackers.disclose that the hackers were able to pilfer passwords too. Dropbox data breach is the last incident in order of time, other IT giants suffered similar problems, including LinkedIn, MySpace, VK.com and Tumblr. In response to the DropBox data breach, users, as usual, have to reset their passwords for the service and on any other website that shares the same login credentials.

 Open Sources 
Hacker Interviews – NorthScripts from P0werfulGreakArmy
http://opensources.info/hacker-interviews-northscripts-from-p0werfulgreakarmy/
Aug 31, 2016
NorthScripts is one of the members of the PøwerfulGreəkArmy hacker group, a young team that conducted several hacking campaigns against multiple targets. Enjoy the interview! Could you tell me more about you? Could you tell me which his your technical background and when you started hacking?  I started hacking in 2013, but got better in 2015 when I started the development of 0-day exploits, developing custom programs and scripts, that’s why I use the name “NorthScripts,” North because I live in North America. What was your greatest hacking challenge?  My greatest hacking challenge was when I took down BBC News website with P.G.A and PhantomSquad. Which are your motivations? I want to get the world free from racist. Which was your latest hack? Can you describe me it? My latest hack was an attack against an the ISIS Government website. What are the 4 tools that cannot be missed in the hacker’s arsenal and why? A botnet. Every hacker should know coding. Linux system (for example Backbox). Php shells. A VPN to protect anonymity online. Which are the most interesting hacking communities on the web today, why? There are a lot of interesting communities on the web, but Hackforums is still the best. Did you participate in hacking attacks against the IS propaganda online? When? How? Yes, I have participated in several attacks, but not so much. I’m not the best on defacing websites I’m known for my DDoSing abilities, for developing DDoS scripts, proxies, doxxes and all the other things

Computer World
SWIFT: More banks hacked; persistent, sophisticated threat is here to stay
http://www.computerworld.com/article/3114337/security/swift-more-banks-hacked-persistent-sophisticated-threat-is-here-to-stay.html
SWIFT warned that more banks have been attacked, some losing money in the high-tech heists, and urged banks to tighten security since the persistent and sophisticated threat is here to stay.
Computerworld | Aug 31, 2016 9:43 AM PT
Bad news for banks with lax security that also use SWIFT, the global financial transaction messaging network, as hackers are still pulling off high-tech heists. On Tuesday, the Society for Worldwide Interbank Financial Telecommunication, more commonly called SWIFT, notified customers of “ongoing attacks.” Hackers have again stolen money from banks, yet SWIFT did not say how many attacks were successful, did not identify specific banks and did not say how much was stolen. The banks, which “varied in size and geography and used different methods for accessing SWIFT,” shared one common denominator; each had weak local security. The SWIFT notice, according to Reuters, read:  Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions. The threat is persistent, adaptive and sophisticated – and it is here to stay. Banks were urged to stop dragging their feet, get serious about security, and get the latest version of SWIFT software installed pronto. Or else… Although SWIFT claimed it doesn’t disclose “affairs of specific customers,” that confidentiality arrangement might change. If banks miss the November 19 deadline for installing the latest and more secure version of SWIFT software, then SWIFT threatened it might report the banks “to regulators and banking partners.” No bank wants its private dirty laundry to be aired in public. The newest SWIFT software reportedly includes security features which could have stopped the latest hack attacks. The features were rolled out after Bangladesh Bank was breached and almost lost $1 billion … saved only by a New York Federal Reserve Bank employee noticing a typo which raised suspicions about the payment request. Bangladesh Bank had used $10 second-hand networking gear and had no firewall. Researchers at BAE analyzed the malware which is believed to have been designed specifically so attackers can abuse SWIFT. After other banks were targeted, SWIFT issued a warning. Hackers managed to steal $12 million from Ecuador's Banco del Austro and attempted to steal $1.36 million from Vietnam's Tien Phong Bank. Attacks abusing weak security measures to target SWIFT were also aimed at banks in the Philippines and New Zealand. The security firm FireEye was sent in to investigate attacks on up to another dozen banks.  Symantec researchers suspected that a hacking group known as Lazarus was responsible for the attacks; in fact, the wiping code used to hide the bank hacks was also used in the Sony Pictures attack. The FBI decided the North Korean government was behind the attack on Sony. Near the end of June, hackers stole $10 million from an unnamed Ukrainian bank after taking advantage of shoddy security and then transferring money out via SWIFT. The Information Systems Audit and Control Association reported, “Dozens of banks (mostly in Ukraine and Russia) have been compromised, from which has been stolen hundreds of millions of dollars.” SWIFT believes better security could put an end to these high-tech heists. In its letter to customers, SWIFT said the affected banks “shared one thing in common; they have all had particular weaknesses in their local security. These weaknesses have been identified and exploited by the attackers, enabling them to compromise the customers’ local environments and input the fraudulent messages.” SWIFT has tried repeatedly to get banks to step up security, adding that there is “no indication that the SWIFT network or core messaging services have been compromised.”

Who is Guccifer 2.0, the mysterious hacker targeting the Democratic Party?
http://www.ibtimes.co.uk/democratic-party-tactics-dealing-black-lives-matter-leaked-by-hacker-1578918
An internal memo reportedly hacked from the personal computer of Nancy Pelosi, the top Democrat in the US House of Representatives, shows how officials were briefed on how to respond to the Black Lives Matter (BLM) movement – including tactics on how to answer questions by activists. The document, reportedly authored in November last year by a staffer called Troy Perry, states that Democratic Party candidates and members should never use the phrases all lives matter nor mention black on black crime as they are viewed as red herring attacks and will garner additional media scrutiny and only anger BLM activists. The Black Lives Matter movement was formed in 2012 following the death of Trayvon Martin and has been at the forefront of alleged US police brutality ever since – documenting and protesting the slew of killings including, most recently, those of Alton Sterling and Philando Castile. The BLM-centric document was leaked online by Guccifer 2.0, the self-proclaimed hacker claiming to be responsible for infiltrating the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC). Many cybersecurity experts believe the persona is maintained by Russian intelligence to manage a disinformation campaign with the intention of influencing the upcoming 8 November election. Kremlin officials have denied the accusations. Presidential candidates have struggled to respond to tactics of the Black Lives Matter movement, the memo continues. While there has been little engagement with House candidates, candidates and campaign staff should be prepared. This document should not be emailed or handed to anyone outside of the building. Please only give campaign staff these best practices in meetings or over the phone. Under a section marked tactics, Perry instructs Democratic Party officials to meet with local activists. He wrote: If approached by BLM activists, campaign staff should offer to meet with local activists. Invited BLM attendees should be limited. Please aim for personal or small group meetings. He advised to listen to their concerns but dont offer support for concrete policy positions. According to his public Twitter profile, Troy Perry is a former DCCC staffer who now works on the election campaign of Democratic nominee Hillary Clinton. BLM needs partners to achieve their agenda and they want to be a part of the conversation, Perry wrote in the memo last November. However, BLM activists dont want their movement co-opted by the Democrat Party. They are leary of politicians who hijack their message to win campaigns. Under the title What to say to media, Perry noted that officials should aim to rebuild the relationship between police and community and explore reforms to ensure officers are properly trained and dont infringe on citizens rights. The mysterious Guccifer 2.0 figure also released nine other documents in total – all reportedly compromised from the PC of Pelosi. Other titles included: Recent Immigration Reform Proposals, 2016 NP Proposed Contributions, ISIS (talking points) and Framework One Pager Benghazi. A statement posted alongside the latest release said: Hi everyone. As you see Ive been gradually posting DCCC docs on different states. But besides that I have a folder from the Nancy Pelosis PC and Id like to share some docs from it with you. They are related to immigration, Hispanics, BLM, Islam and other issues. So here they are Due to the documents featuring potentially sensitive financial data, IBTimes UK has not linked directly to the release.Guccifer 2.0 did not respond to a request for comment.

DNS tunneling widely used, Infoblox says
By Sead Fadilpašić
DNS tunnelling, a security threat which can indicate either active malware, or data exfiltration, is fairly widespread today, according to a new report by network control company Infoblox.
http://www.itproportal.com/news/dns-tunneling-widely-used-infoblox-says
DNS tunnelling, a security threat which can indicate either active malware, or data exfiltration, is fairly widespread today, according to a new report by network control company Infoblox. Infoblox analysed 559 files capturing DNS traffic, uploaded from 248 customers. Two thirds (66 per cent) of files have shown evidence of suspicious DNS activity.  Almost half (40 per cent) show evidence of DNS tunnelling.  “In the physical world, burglars will go to the back door when you’ve reinforced and locked the front door. When you then secure the back door, they’ll climb in through a window,” said Rod Rasmussen, vice president of cybersecurity at Infoblox.   “Cybersecurity is much the same. The widespread evidence of DNS tunnelling uncovered by the Infoblox Security Assessment Report for the second quarter of 2016 shows cybercriminals at all levels are fully aware of the opportunity. Organisations can’t be fully secure unless they have tools in place to discover and prevent DNS tunnelling.”  According to the company’s report, cyber-criminals know how well-established and trusted protocol DNS really is, which is why they use it. Many organisations, Infoblox says, do not look at DNS traffic for malicious activity. Besides DNS tunnelling, there are a couple of other security threats uncovered, including protocol anomalies (48 per cent), botnets (35 per cent), amplification and reflection traffic (17 per cent), distributed denial of service – DDoS attacks (14 per cent), and ransomware (13 per cent).   “While these threats are serious, DNS can also be a powerful security enforcement point within the network,’ said Rasmussen.  “When suspicious DNS activity is detected, network administrators and security teams can use this information to quickly identify and remediate infected devices—and can use DNS firewalling as well to prevent malware inside the network from communicating with command-and-control servers.” The full report can be found on this link.

 Security Affairs 
iOS 9.3.4 and minor versions are vulnerable to the Trident Exploit
August 31, 2016  By Pierluigi Paganini
Its name is the Trident: a chain of zero-day exploits that aim to infect iPhone with commercial spyware. Researchers linked it to the NSO group.
http://securityaffairs.co/wordpress/50788/mobile-2/ios-9-3-4-trident-exploit.html
Its name is the Trident: a chain of zero-day exploits that aim to infect iPhone with commercial spyware. Researchers say it’s belonging to an exploit infrastructure connected to the NSO group.Thanks to the great work made by the researchers from the Citizenlab organization and the Lookout firm that responsibly disclosed the exploits and their related vulnerabilities to Apple. Given the severity of the Trident, Apple worked extremely quickly to patch these vulnerabilities and it has released iOS 9.3.5 to address them. In this post, we want to give you a description and some technical information about the inner logic of the Trident exploit instead of the attack received by Ahmed Mansoor. With the episode of Ahmed Mansoor we can quickly understand the infection vector of that exploit: SMS, email, social media, or any other message. The most scaring part of that attack is that the single action the user have to do to trigger this dangerous attack is just a click on an external link. The exploit seems to contain the logic to remote jailbreak an iPhone to install arbitrary applications and then deliver a commercial spyware called Pegasus as an espionage software to track the victim. What is Pegasus and who is behind it? Pegasus  is a spy software installable on iOS devices that allow reading messages, emails, passwords and address lists as well as eavesdropping on phone calls, making and transmitting audio recordings and tracking the location on a compromised device (but we will look better in the following section). It seems that this spyware is attributed to NSO Group, an Israeli firm based in Herzliya in the country’s “Silicon Valley”. This spyware was attributed to the NSO Group because in the Mansoor’s attack the domain used for the phishing message (webdav.co) belongs to a network of domains that is a part of an exploit infrastructure provided by the company NSO Group. NSO Group, now owned by US private equity firm Francisco Partners Management, has flown far under the radar, without even a website. The Citizenlab reported that just opening the link included in the message sent to the victims with an iPhone version 9.3.3 it is possible to observe an active unknown software that was remotely implanted into the system through the delivery of unknown exploits from that link. The complex exploit takes the name as Trident. ATTACK SCENARIO After the user get baited the exploit start his work to infect the phone, following the 3 main stages of that attack, better detailed here:  1. Delivery and WebKit vulnerability This stage comes down over the initial URL in the form of an HTML file that exploits a vulnerability (CVE-2016-4655) in WebKit (used in Safari and other browsers). CVE-2016-4655: Memory Corruption in Safari WebKit A memory corruption vulnerability exists in Safari WebKit that allows an attacker to execute arbitrary code. Pegasus exploits this vulnerability to obtain initial code execution privileges within the context of the Safari web browser.  2. Jailbreak This stage is downloaded from the first stage code based on the device type (32-bit vs 64- bit). Stage 2 is downloaded as an obfuscated and encrypted package. Each package is encrypted with unique keys at each download, making traditional network-based controls ineffective. It contains the code that is needed to exploit the iOS Kernel (CVE-2016-4656 and CVE-2016-4657) and a loader that downloads and decrypts a package for stage 3. CVE-2016-4656: Kernel Information Leak Circumvents KASLR Before Pegasus can execute its jailbreak, it must determine where the kernel is located in memory. Kernel Address Space Layout Randomization (KASLR) makes this task difficult by mapping the kernel into different and unpredictable locations in memory. In short, before attacking the kernel, Pegasus has to find it. The attacker has found a way to locate the kernel by using a function call that leaks a non-obfuscated kernel memory address in the return value, allowing the kernel’s actual memory location to be mapped. CVE-2016-4657: Memory Corruption in Kernel leads to Jailbreak The third vulnerability in Pegasus’ Trident is the one that is used to jailbreak the phone. A memory corruption vulnerability in the kernel is used to corrupt memory in both the 32- and 64-bit versions. The exploits are performed differently on each version....

The NSA Research Director Wants Hackers to Know Who She Is
http://www.matthewaid.com/post/149756647326/the-nsa-research-director-wants-hackers-to-know
August 31, 2016 Paul O'Donnell Washingtonian August 30, 2016
Even before Edward Snowden, the National Security Agency—the super-secret electronic spy outfit at Fort Meade—had started showing signs of thaw. Locally, NSA employees were acknowledging to friends and neighbors where they worked, while increasing links to Silicon Valley opened NSA to the outside world. Then in June 2013 came Snowden’s leak of documents demonstrating the level of surveillance aimed at US citizens, and the Agency That Would Not Be Named made headlines. In the scrutiny from the press and Congress that followed, one quip had it that NSA stood for Not Secret Anymore. At the time, Deborah Frincke, a computer scientist and cyberresearcher, was still settling in as the agency’s research director, taking charge of developing cutting-edge tools for protecting the government’s computer systems and cracking those of our enemies. Frincke had spent most of her career as a specialist in computer security, first at the University of Idaho, then at the federal Pacific Northwest National Lab in Seattle. A relative outsider at NSA and the first woman to head the research directorate, Frincke found herself uniquely disposed to explain NSA to the world, and the world to NSA. We talked to her recently for an update. So NSA has been making news.How did the Snowden controversy affect people inside the walls? It was certainly very hard in the early days. It was hurtful to people who work so hard to save lives and obey the Constitution, and now the country doesn’t trust them. As one whose role is outwardly leaning, I’ve tried to explain how people outside the agency could have such a misunderstanding. I think we’ve rebounded now, and I think we understand why people got an impression that they did.Has the controversy made it harder to attract good people to the agency? We haven’t had trouble attracting candidates. Most people have had a chance to think about the revelations and what intelligence communities mean in general. If you ask those who’ve been here 20, 30 years, many had no idea what the agency was when they interviewed. That would be true of few of our new hires. They know what they signed up for. What about other players in the cyber-security world—in academia and the private sector? How have you tended to those crucial relationships? I show I’m willing to have a dialogue. At [the technology conference] Black Hat, I wore a badge that said NSA—usually they very politely put DoD [Department of Defense] under my name. I changed it to NSA so everyone would know exactly who they were talking to. What’s important at this stage is that people ask questions, raise concerns. Speaking of how you’re received, it’s no secret that women are a minority in technical fields. What’s it like working in a male-dominated environment? NSA does pretty well with women advancing through the ranks. It’s when I go to conferences that I see how comfortable they are with a female leader. Sometimes I turn my badge around to get a sense of what it’s like to show up as a female in the crowd, as opposed to NSA’s research director. It’s different.It’s getting better, though. Forbes recently named you a “cool” role model for high-school girls. It’s taken me all this time to get to the point where I’m actually cool. I was a bit of a novelty in graduate school. Did you ever feel discouraged? I did when I started, because I was the only one who looked like me. The atmosphere was less accepting, especially when you got into cybercrime. It was acceptable to work on proving things were safe and secure. That was cleaner than the messier world of attacks and defenses, which was more militaristic and not suitable. So I remember getting a fair amount of pushback. But when you are an anomaly and you stick it out, you get a little bit of name recognition. The culture at NSA’s campus at Fort Meade has been criticized for being too insular and secretive. Photograph By Trevor Paglen. How did you get into computers? My dad was a prof, and when I was in third grade, he spent his sabbatical in Crofton [Maryland], helping the Naval Academy set up a computer. He would bring us in, and we would play with the big paper tape. I loved it. When the Radio Shack [home] computers came out, he of course bought them and I of course played with them. You had to write your own games then; otherwise you were stuck, so I got into computers very early on. Was it your father’s experience that gave you the idea to go into government work? I would say I grew up on a service orientation. I was really into King Arthur and Tolkien—the strong protecting the weak, the duty that we have to take care of our folks. That was part of our family culture. So it was not unnatural for me to move into a discipline where the goal was to take care of other people, to defend the systems. But why NSA? You had a long career in academia, you worked on a start-up. There are plenty of places to use your skills. As a scientist, there are very few places where I can say I’m directly helping the country. It’s harder when you go to a tech company that’s putting out widgets. Those things are important, but it’s not satisfying. But the private sector is making some important widgets for cybersecurity. I take nothing away from that. I’m just wired a little differently. It’s a happier place for me to work directly in government and try to take those skills and shape those things. In a recent article about hackers, an industry insider said, “My concern is that the bad guys are going to out-innovate us.” Is NSA still ahead? At the moment, yes. [NSA director] Michael Rogers recently announced a reorganization called NSA21 to make sure the same is true in ten years. We want to know what we can do to be easier to work with. Many of the innovative spirits in the industry are one- and two-person companies. How do they begin to bring their great solutions to a behemoth? Which I say with love, but we are. That’s a huge cultural change for NSA, isn’t it? To go from being the primary producer to being a consumer? It’s a huge cultural change. It’s a healthy change. There will always be things we’ll know how to do best. The things we buy from the outside actually allow us to focus on that. The important thing will be to maintain that focus. To farm out all of our brains, that would be a problem. But to be a savvy consumer who’s also a producer, you can be more nimble that way. Half of NSA’s job is “signals intelligence”—spying on others. The other half is defense, protecting our computers. When you lie awake at night, are you thinking about defense or offense? I’ll probably always think more about defense because I was raised that way. It’s also in many ways a harder problem. You have to get the defense right all the time. Offense can be successful if it gets in and gets out. Defense touches every US citizen every single day. The vulnerability is continually widening. It’s the electrical grid, the food supply. Everything has been technologized to the point that it’s a concern. Not all of that is NSA’s concern necessarily. It may affect Silicon Valley more. The “internet of things” means we’re bringing critical cybertechnologies literally right next to us—Fitbit, GPS, all the devices embedded in my home. That’s very personal. Yet our devices are not designed secure. Every year, more and more, so much of our lives is dependent on a fragile infrastructure. We will see breaks. If US citizens want to worry about one, it’s defense they should focus on. What can they do? If you don’t want GPS tracking to be on, turn it off. Have your e-mail set up so you have password protection. Think through: How did I protect my bank account today? And as political consumers, we should be asking: How do we devise our next culture? We should demand safety in our devices just as we demand seat belts. Can you give an example? I’m a breast-cancer survivor. Should I have a recurrence, chances are it will be at a point when the technology will enable doctors to monitor how my cancer is progressing from their office. What should be designed into those sensors so I don’t have to worry that someone else will hack that information? These devices that help regulate bodily processes—how can we make sure those are hacker-proof? What’s the balance, though? After the San Bernardino shootings, many said our phones should be locked up tight. Given the threat we’re facing, do you say, “This isn’t about protecting your Snapchats”? I’m not going to weigh the value of someone’s photos, whether of their cat or something I might consider important. That’s precious to them. What I ask is that as a nation we have thoughtful dialogue, think through where we do want to share information. What if we said you can never share information about a cancer patient? What if we never share information that would help catch lawbreakers? Where do we create that balance between maximizing civil liberties and maximizing the safety and security? If you don’t get them both right, then you are not safer and more secure. We have to get them both right.

RT
Putin on DNC hack: Let’s talk content, not hackers’ identity
http://tornews3zbdhuan5.onion/newspage/39018/
https://www.rt.com/news/358007-putin-dnc-hack-comment/
Sept. 2, 2016
A number of US officials and media outlets accused Moscow of “trying to hack” the US presidential election by using cyber-offensive operations that undermine Democratic candidate Hillary Clinton and benefiting her Republican rival Donald Trump. When asked about the allegations by Bloomberg News Editor-in-Chief John Micklethwait, Russian President Vladimir Putin denied Moscow’s involvement. READ MORE: Black Lives Matter a ‘radical movement’ & other Dems talking points revealed by Guccifer 2.0 “I wouldn’t know anything about it. You know, there are so many hackers today and they work with such finesse, planting a trail where and when they need. Not even their own trail but masquerade their actions as those of other hackers acting from other territories, nations. It’s difficult to trace, if even possible,” Putin said. “Anyway, we certainly don’t do such things on the state level,” he added. Putin suggested that the debate over who hacked election-related computer networks in the US draws attention away from the nature of the leaked documents. “The important thing here is what the public was shown. That is what the discussion should focus on. One shouldn’t draw the public attention from the core of the issue by replacing it with secondary details like who did it,” the Russian president suggested. Earlier the whistleblower website WikiLeaks published some 20,000 emails of the Democratic National Committee (DNC), which suggested that the party leadership colluded to have Clinton rather than her principal competitor Bernie Sanders be chosen as Democratic Party’s presidential hopeful. Some US media claimed that WikiLeaks received the emails from the Russian intelligence and that the organization, which has been exposing classified material to public scrutiny since 2006, timed its publications to the goals of the Russian foreign policy. WikiLeaks dismissed the allegations as a conspiracy theory. READ MORE: ‘Conspiracy, not journalism’: WikiLeaks blasts NYT story on ‘Russian intel’ behind DNC hack In the Bloomberg interview Putin implied that the individual or group behind the DNC hack must be someone with intimate understanding of how the American politics works. “Frankly, I couldn’t imagine that such information could provoke such interest from the American public,” he said. “One would have to ‘feel the nerve’ and peculiarities of the US domestic political life. I’m not sure that even our Foreign Ministry experts have that level of comprehension.” Asked whether he preferred to see as the next US president Trump, who has complimented Putin on several occasions, or Clinton, how apparently “wants to get rid” of Putin, the Russian leader said he had no preference in the matter. “I would like to deal with a person who can take responsible decisions and deliver on agreements. Name is irrelevant here,” he said. “They both make shocking statements in their own way. They both are smart people and know which points to press to be heard and understood by US voters,” Putin added, further saying that in his opinion neither candidate set a good example of campaigning in that regard. “That’s American political culture and one has to accept it as it is. America is a great nation and it deserves to be spared foreign interference and comments.” The Russian president also voiced doubt over proposals to establish a “hacking code of conduct” for G20 countries – which are to convene later on the weekend in China – saying it was not a suitable forum for the topic. “The G20 was intended as a forum for discussing world economy. Politics affects economy, obviously, but if we bring into it our quarrels or even serious issues related to world politics, we would oversaturate the G20 agenda and instead of talking finances and structural changes of the economy and taxes we would just argue about Syria and other world problems,” he said. “Such issues belong to other places and forums. Like the UN Security Council,” Putin said.

Reading this on a Mac? Install this security fix to avoid being spied on
http://tornews3zbdhuan5.onion/newspage/39025/
http://feedproxy.google.com/~r/techradar/allnews/~3/cB1mpBdMDOo/1327720
Tech Radar, Sept. 2, 2016 By Darren Allan
Remember that gaping iOS security flaw which was revealed last week? Well, turns out that it's also present on Apple's desktop operating system, with the company patching up OS X to cure the issue. The problem is a serious one involving so-called Pegasus malware created by an outfit that goes by the name of NSO Group, which is known for selling spyware to governments, and that's exactly what this nasty does – allows an attacker to spy on your device. That's why you should act quickly to make sure that these vulnerabilities are patched up on your Mac. Apple has actually issued a pair of patches. The main one addresses the problem for the OS on both Yosemite and El Capitan – it's not mentioned if the flaw also affects preview versions of macOS Sierra. The second update is for Safari, and cures a memory corruption issue present in the browser. This fix is actually included in the above patch, but is available separately for those who don't install that (as mentioned, it only pertains to Yosemite and El Capitan). At any rate, head over to the App Store and click on the Update tab (top-right) to patch your system up appropriately. It's a bit of a tired old record now, but yes, this is another small lesson in how Mac security isn't bulletproof and shouldn't be taken for granted. As we saw back in the spring, Apple computer users have also come under fire with ransomware this year, the current belle of the malware ball.

43 million passwords hacked in Last.fm breach'
TechCrunch, Sept. 2, 2016
http://feedproxy.google.com/~r/Techcrunch/~3/zFRaLDEKhoQ/
Crikey: 43,570,999 user accounts were breached in a hack of Last.fm that occurred in March of 2012, according to a report from LeakedSource. Three months after the breach, in June of 2012, Last.fm issued the following statement:  “We are currently investigating the leak of some Last.fm user passwords. This follows recent password leaks on other sites, as well as information posted online. As a precautionary measure, we’re asking all our users to change their passwords immediately.” The number of passwords and the severity of the hack were not uncovered until today. The passwords were stored using unsalted MD5 hashing. Rather than storing passwords in plaintext, nearly every site that stores critical user information utilizes some form of hashing. Hashing is a method for encrypting data, but some methods are far superior to others. MD5 is seriously out of style, in part because it is not mathematically intensive enough to resist modern methods of brute-force cracking. Moreover, Last.fm didn’t use salt in its hashing process. Salting is the practice of adding a random string of numbers to the hash for each individual password, making them more secure and decreasing the likelihood that they will be cracked if the passwords are ever leaked online. Unfortunately, Last.fm did not take that step, and LeakedSource reports that most of the passwords were easily cracked. For the second time this week, our advice is that you change your password immediately if you have an account on Last.fm. The most popular password pulled from the Last.fm database was 123456. Seriously, it’s 2016 people — use a platform like LastPass to generate randomized, complex passwords that are unique to every service for which you sign up.

Hacker Guccifer, who exposed Clinton’s use of private e-mail, gets 52 months
http://tornews3zbdhuan5.onion/newspage/38727/
http://arstechnica.com/tech-policy/2016/09/hacker-guccifer-who-exposed-clintons-use-of-private-e-mail-gets-52-months/
David Kravets - Sep 1, 2016 5:22 pm UTC
The Romanian hacker who helped expose Democratic presidential candidate Hillary Clinton's use of private e-mail as secretary of state was sentenced Thursday to 52 months in prison in connection to an admission that he broke into about 100 Americans' e-mail accounts. The compromised accounts included celebrities, former Secretary of State Colin Powell, and family members of former Presidents George W. Bush and George H.W. Bush, and Sidney Blumenthal, a political advisor whom Clinton corresponded with using her private e-mail account. Marcel Lehel Lazar, a 44-year-old cab driver known by the handle Guccifer, conducted his crimes at home and was extradited to the US this year. He pleaded guilty to identity theft and federal hacking charges. Guccifer had claimed he hacked into Clinton's private e-mail server at her New York residence. But he has never been charged for that, and he has never divulged the contents of the alleged hack. However, the hacker did reveal private documents from other hacks, including self portraits painted by George W. Bush. He also leaked memos Blumenthal sent Clinton to her private e-mail account. This eventually exposed the fact that Clinton used that account as secretary of state for personal and private businesses instead of using her government account for official business. The State Department eventually chastised Clinton for using private e-mail, though the Federal Bureau of Investigation recommended that she not be charged. Attorney General Loretta Lynch echoed that position. Republicans, including GOP presidential nominee Donald Trump, are invoking the e-mail brouhaha in the run up to the November 8 presidential election hoping to convince the public that Clinton is unfit to be president. Guccifer's sentence was in line with what federal prosecutors were seeking. They said the penalty must "address any false perception that unauthorized access of a computer is ever justified or rationalized as the cost of living in a wired society—or even worse, a crime to be celebrated." When handing down the term, US District Judge James Cacheris of Virginia said, "this epidemic must stop." In seeking the harsh sentence, feds had referred to a new hacker individual or collective known as Guccifer 2.0 that is suspected of having ties to the Russian government and has been credited for hacking into the Democratic National Committee earlier this year. Guccifer 2.0 has also been credited for a separate breach of the Democratic Congressional Campaign Committee. Lazar, meanwhile, has said he had no formal computer training or expertise. Instead, he claims to have guessed people's passwords after reviewing Wikipedia entries about them. You must login or create an account to comment.

The Intercept
Leaked Catalogue Reveals a Vast Array of Military Spy Gear Offered to U.S. Police
http://tornews3zbdhuan5.onion/newspage/38876
https://theintercept.com/2016/09/01/leaked-catalogue-reveals-a-vast-array-of-military-spy-gear-offered-to-u-s-police/
Sept. 2, 2016
A confidential, 120-page catalogue of spy equipment, originating from British defense firm Cobham and circulated to U.S. law enforcement, touts gear that can intercept wireless calls and text messages, locate people via their mobile phones, and jam cellular communications in a particular area. The catalogue was obtained by The Intercept as part of a large trove of documents originating within the Florida Department of Law Enforcement, where spokesperson Molly Best confirmed Cobham wares have been purchased but did not provide further information. The document provides a rare look at the wide range of electronic surveillance tactics used by police and militaries in the U.S. and abroad, offering equipment ranging from black boxes that can monitor an entire town’s cellular signals to microphones hidden in lighters and cameras hidden in trashcans. Markings date it to 2014. Cobham, recently cited among several major British firms exporting surveillance technology to oppressive regimes, has counted police in the United States among its clients, Cobham spokesperson Greg Caires confirmed. The company spun off its “Tactical Communications and Surveillance” business into “Domo Tactical Communications” earlier this year, presumably shifting many of those clients to the new subsidiary. Caires declined to comment further on the catalogue obtained by The Intercept or confirm its authenticity, but said it “looked authentic” to him. “By design, these devices are indiscriminate and operate across a wide area where many people may be present,” said Richard Tynan, a technologist at Privacy International, of the gear in the Cobham catalogue. Such “indiscriminate surveillance systems that are not targeted in any way based on prior suspicion” are “the essence of mass surveillance,” he added.   The national controversy over military-grade spy gear trickling down to local police has largely focused on the “Stingray,” a single type of cellular spy box manufactured by a single company, Harris Corp. But the menu of options available to domestic law enforcement is enormous and poorly understood, mostly because of efforts by both manufacturers and their police clientele to suppress information about their functionality and use. What little we know about Stingrays has often been the result of hard-fought FOIA lawsuits or courtroom disclosures by the government. When the Wall Street Journal began reporting on the use of the Stingray in 2011, the FBI declined to comment on the grounds that even discussing the device’s existence could jeopardize its usefulness. The effort to pry out details about the tool is ongoing; just this past April, the American Civil Liberties Union and Electronic Frontier Foundation prevailed in a federal court case, getting the government to admit it used a Stingray in Wisconsin. Unsurprisingly, the Cobham catalogue describes itself as “proprietary and confidential” and demands that it “must be returned upon request.” Information about Cobham’s own suite of Stingray-style boxes is almost nonexistent on the web. But starting far down on Page 105 of the catalogue is a section titled “Cellular Surveillance,” wherein the U.K.-based manufacturer of defense and intelligence-oriented hardware lays out all the small wonders it sells for spying on people’s private conversations, whether they’re in Baghdad or Baltimore...

Microsoft To Set Up Cybersecurity Center In Delhi
http://economictimes.indiatimes.com/tech/ites/microsoft-plans-cybersecurity-centre-in-connaught-place/articleshow/53954322.cms
Microsoft is setting up a cybersecurity center in New Delhi to arm governments and private agencies with all-round intelligence on cyber attacks within the country.  The center, probably will be at Connaught Place in close proximity to most government establishments, would target the spread of malware by monitoring the Internet traffic flowing through the country, Bhaskar Pramanik, chairman at Microsoft India, said in a ET report.  “Security is becoming a big conversation topic, especially when are talking about the cloud,” he added. The center is expected to be Microsoft’s biggest such setup at its headquarters in Redmond, Washington, it would be inaugurated sometime in October or November. Globally Microsoft has seven such centers which have partnerships with international law enforcement agencies such as Interpol and Europol to fight cybercrime. The canaught place center will be an extended version of a small Gurgaon office which was launched of-lately June this year. The center will provide necessary details about malware and attacks to the government on which they can take precautionary measures and actions, Pramanik said.  Earlier during Satya Nadella third visit in India he said “Microsoft is building technology around digital and virtual reality and how the tech major can help the country in its ‘Digital India’ initiative. ”While in Delhi, Nadella also met telecom minister Ravi Shankar Prasad and minister of state for finance Jayant Sinha “We shared this idea with the government departments and they are all very excited about it,” he said, adding that the idea to base the center in central Delhi was to ensure that top officials from government departments in close vicinity can “see it for themselves.” 
The centre, which is likely to be in Connaught Place in close proximity to most government establishments, would target the spread of malware by monitoring the Internet traffic flowing through the country, Bhaskar Pramanik, chairman at Microsoft India, said. NEW DELHI: American technology giant Microsoft is setting up a cybersecurity centre in the heart of New Delhi to arm governments and private agencies with all-round intelligence on cyber attacks within the country. The centre, which is likely to be in Connaught Place in close proximity to most government establishments, would target the spread of malware by monitoring the Internet traffic flowing through the country, Bhaskar Pramanik, chairman at Microsoft India, said. "Security is becoming a big conversation topic, especially when are talking about the cloud," he told ET in an interview. To be modelled on Microsoft's biggest such setup at its headquarters in Redmond, Washington, it would be inaugurated sometime in October or November. Microsoft has seven such centres globally that have partnerships with international law enforcement agencies such as Interpol and Europol to fight cybercrime. The centre will be an expanded version of a small one launched in June this year in the company's Gurgaon office. While the centre will be a completely Microsoft set up, it will give the necessary details about malware and attacks to the government on which they can take precautionary measures and actions, Pramanik said. "We shared this idea with the government departments and they are all very excited about it," he said, adding that the idea to base the centre in central Delhi was to ensure that top officials from government departments in close vicinity can "see it for themselves." The launch of the centre comes on the heels of a discussion between PM Narendra Modi and Microsoft's global chief Satya Nadella during his last visit to India.

How US Army Cyber Command Pitched Camp in Augusta, Georgia
http://www.pcmag.com/news/347468/how-us-army-cyber-command-pitched-camp-in-augusta-georgia
By Sophia Stuart * August 31, 2016 08:00am EST
The United States Army is ramping up recruitment of geeks as it builds out a massive US Army Cyber Command in Augusta, Georgia, a move that could reportedly bring up to 5,000 new workers to the region, both military and civilian. On the Internet, the enemy has no intention of following the Rules of Engagement or reading the manual, so to speak. So the Department of Defense has been stealthily building something so advanced, internally and across all joint forces (Army, Navy and Marines), that it can be proactive and reactive in dealing with modern warfare. Welcome to the future of non-kinetic combat—in cyberspace. PCMag went to Augusta, Georgia, to attend TechNet Augusta and find out more about US Army Cyber Command, which will be based in the city from 2018. The overarching USCYBERCOM has its own HQ in Fort Meade, Maryland. Augusta is already home to the Army Signal Corp and its Cyber Center of Excellence at US Army Base Fort Gordon. Considering the Signal Corp is responsible for all information systems and global networks, it's essentially where you'll find the geeks of the military, so the location makes sense.At TechNet, top ranking officers from the US Army were joined by C-Suite IT and defense contract executives for a look at the latest gear, intelligence sharing, and talent scouting. Panel discussions included everything from the challenges of critical infrastructure protection and defensive cyber operations maneuver baselines to securing your warfighting platform, managing LAN devices in the cloud, and deceiving hackers with honey hashes (aka, foiling authentication attempts to grab passwords and break into networks). The exhibition hall had all the big name IT giants, including Unisys, HP, Cisco, and IBM. But that is where the similarities to a regular tech gathering ended. Most attendees were in fatigues and a few were in full military dress with medals and spit-and-polished shoes. Networking areas mingled between security intelligence briefing desks and display booths showcasing things like ultra rugged Getac X500 briefcase-sized battlefield tested mobile server units and an NSA Certified Type 1 Harris RF Falcon III communications tactical radio unit, or "Command Post in a Ruck." Bizarrely, along with the usual booth bait of branded ballpoint pens and Post-IT note giveaways, were jars of lollipops and tubs of unbuttered popcorn. They sat a little oddly amongst the rugged battle-tested equipment, but we digress. At the sit-down lunch in the chandeliered ballroom, PCMag joined a table of soldiers who had done five tours of duty in Iraq each. Sadly they weren't empowered to talk to the press, so we can't quote anything that was said. But we can confirm the trenchant humor of the military is of an excellent standard (and it did feel like having a walk-on role in M*A*S*H). The keynote speech was given by Major General Crawford, 14th Commander of the US Army Communications-Electronics Command (CECOM). He laid out the "New Strategic Realities" for the army to be in "readiness" at both the IOC (Initial Operational Capability) and FOC (Final Operational Capability). These include irregular warfare, sustain SWA (South West Asia) long-term and Army Posture in Europe. He also highlighted problems with privacy versus security as well as keeping current with the exponential growth in software coupled with velocity of instability in global conflict regions. Unisys Stealth Though top brass was a bit press shy, most of the top defense contractors are ex-military or formerly part of the intelligence community themselves, and they are happy to talk. PCMag sat down with two executives from Unisys: Jennifer L. Napper, Group Vice President, Department of Defense and Intelligence Group and Tom Patterson, Chief Trust Officer. Napper reached the rank of Major General in the US Army and retired after 30 years of distinguished service. She's no stranger to large scale complex IT installations, as she was responsible for engineering, operating, and securing global IT and communications networks for the Army. Her role now is to securing and delivering Unisys federal contracts to DOD and other US government entities...

AgentTesla campaign engages in cybersquatting to host and deliver spyware
http://www.scmagazine.com/agenttesla-campaign-engages-in-cybersquatting-to-host-and-deliver-spyware/article/519750/
The spyware AgentTesla was recently found to be residing on a domain that was registered to appear as if it belonged to consulting and services firm Diode Technologies, according to Zscaler. Researchers at Zscaler recently discovered a new spyware campaign that used cybersquatting techniques to host, distribute and command-and-control the AgentTesla keylogger via a domain whose name was strikingly similar to Chesapeake, Virginia-based consulting and services firm Diode Technologies. According to Zscaler, the malicious domain, diodetechs.com, was registered two months prior to the attack, and was only one letter different from Diode Technologies' legitimate domain, diodetech.com. The domain has since been suspended. Diode, whose target customer base includes corporations, government agencies, educational institutions and health-care organizations, was informed of the incident earlier this month. The campaign infected victims using socially engineered emails with attached documents that were supposedly purchase orders but actually contained malicious macros that installed the AgentTesla payload. Upon downloading, AgentTesla is capable of keylogging, screen capturing and exfiltrating stored passwords. The malware can also terminate various security software programs on a victim's machine and evade sandboxes and virtual environments. Zscaler's director of security research Deepen Desai confirmed to SCMagazine.com that in one instance, a malicious email purported to come from Diode Technologies. "While we have only seen one instance, it is very likely that they were targeting Diode Technologies customers in this campaign," said Desai in emailed comments.

 Security Affairs 
Hacker Interviews – Speaking with Lorenzo Martínez
http://securityaffairs.co/wordpress/50848/hacking/hacker-interviews-lorenzo-martinez.html
September 1, 2016  By Pierluigi Paganini
Today I have the pleasure to share with you the interview with one of the most popular Spanish cyber security experts, Lorenzo Martinez. Enjoy it!
Lorenzo Martinez is the CTO of Securizame, a Spanish security company fully oriented to consultancy, ethical hacking, forensics and security trainings. He is also one of the four editors and founders at Security By Default, one of the most well-known Spanish security blogs. You can find him on Twitter as @lawwait.You are one of the world’s most talented cyber security experts, Could you tell me which his your technical background and when you started hacking? Well. You are pointing me very high. I am just a security enthusiast who had the chance and luck to study and work in what I like: Security. I started as a security consultant, sysadmin, and trainer. The I started to learn and practice about ethical hacking in different companies. I worked for two different security vendors, related to web security (a WAF manufacturer) and strong authentication. In 2012 I started my own company and done a bunch of forensics. What was your greatest hacking challenge? Hacking for me doesn’t mean only breaking websites and develop exploits. A way of hacking is to build useful stuff that has not be created for a particular use. My greatest hacking challenge was to ‘domotize’ my home creating the intelligence to glue several devices: a Roomba vacuum, a security system with face recognition using a webcam with OpenCV, an alarm and air conditioning systems with web management panels, X10 for lights and curtains, an Asterisk, a meteorologic station, a GPS-based tracker for my car, etc… I created a bot to manage them all, and to be more or less “autonomous”. IoT in 2012! You can find a first version of the talk I gave in RootedCON 2012 in this post http://www.securitybydefault.com/2012/04/welcome-to-your-secure-home-user.html and the enhanced version with the system running in two Raspberry PI Model B in this one in Ekoparty 2012 What are the 4 tools that cannot be missed in the hacker’s arsenal and why? In my case, that I prefer forensics, I would say: Autopsy, FTK Imager, Tcpdump/Wireshark and all CAINE tools. Speaking of hacking: Nmap, Netcat, Metasploit, and BURP. Which are the most interesting hacking communities on the web today? Security and hacking communities are moving to different sectors: CONs, IRC, even Telegram groups where you can discuss specific stuff. Which is the industry (healthcare, automotive, telecommunication, banking, and so on) most exposed to cyber attacks and why? What scares you more on the internet and why? Everything connected to the Internet (and a lot of air-gapped ones) is prone to be hacked. Several causes: misconfigurations, outdated systems, security implementation weaknesses, public or private exploits, because of being a target of any powerful government,… Others can be hacked because of people involved in the business of the organization. What do they want? Money or something that can be transformed into money, like information/data that could be sold for a strategy of a competitor or different country. I am scared because of the treatment of my data, by the providers or people who have my confidential information, as public administration, hospitals, banks, shops where I have to trust my credit card. We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure? I agree with that assessment. An attack to a nuclear central that would cause human casualties, would be catastrophic. In my opinion, there are more security incidents that are happening but we don’t realize because they are still unknown, and others that are discovered but kept private to avoid distrust or public panic. Thanks and compliments for your great work!

State Governments' War Against Cybercrime
http://www.bankinfosecurity.com/state-governments-war-against-cybercrime-a-9376
 Geetha Nandikotkur (AsiaSecEditor) • September 1, 2016   
Following cyberattacks on public and private organizations, state governments in India are rolling up their sleeves to fight cybercrime.For example, Maharashtra Chief Minister Devendra Fadnavis announced the "Maharashtra Cyber Project" on Independence Day, planning 51 cyber labs across districts providing technical and forensic investigation support to the cyber police. The project also will launch a computer emergency response team, or CERT. Three other states - UP, Karnataka and Kerala states - that have already set up cyber labs intend to scale up and emulate the Maharashtra model. In the Maharashtra project, "the labs will be equipped to analyze mobile forensic and call detail records," Fadnavis says. "Totally, 51 labs will be started across the state, expected to be completed by December 2016." Security leaders from law enforcement and business enterprises welcome Maharashtra's move, while acknowledging the challenges the program entails. Bangalore-based Sanjay Sahay, additional director general of police-cybercrime for the Karnataka Police, says the project will be effective only when law enforcement officers understand how to leverage cyber lab capabilities. "The key challenge is finding the right resources and capabilities to develop a defensive forensic and incidence response mechanism and auditing capabilities to defend against growing hacktivism," Sahay says. The Cyber Project Although Fadnavis only recently announced the initiative, the Maharashtra government already has been issuing tenders for hardware and software tools and other infrastructure. Sources say that so far, 34 labs already have been set up. The state has trained 1,000 personnel who'll be assigned jobs at these labs and get regular updates on the latest technologies. Brijesh Singh, inspector general (cyber), says the labs will analyze evidence, including CCTV footage, call data records, retrieved files that criminals had deleted from gadgets, retrieved bank records and links traced and hacked by fraudsters. "The cyber force ... will help create forensic reports of the technical evidence collected in offences," Singh says. Maharashtra police is collaborating with the Centre for Development of Advance Computing, CERT-In, Department of Electronics and IT and Department of Telecom, to identify a system integrator and value service provider to carry out the functions. Maharashtra will establish a CERT along the lines of CERT-In with experts from the Army, Navy, Defence Research Development Organization and other cybersecurity agencies. Sources at the state's police headquarters declined to divulge details on CERT's role and cyber labs functions. Maharashtra is investing $118 million in its project, far more than other states have invested so far. By comparison, Lucknow-based Dr. Triveni Singh, additional superintendent of Police, at UP Police, says UP has established 27 cyber labs across districts, investing more than $2.5 million to build forensic investigation capabilities. "We've created training modules for the police force in coordination with the Central Bureau of Investigation for cyber forensics, investigation and telecom interception, and they are also trained under CBI," Singh says. Delhi-based Data Security Council of India initiated setting up cyber labs in about five to six states way back in 2011 as part of its private-public partnership. Vinayak Godse, DSCI's senior director, says the council partnered with state police and DeitY to set up labs across Mumbai, Pune, Bangalore and Kolkata for cybercrime investigations and standardized training material for law enforcement. "We trained over 55,000 police personnel in cyber forensics and evidence gathering," Godse says. Telangana rolled out its new cybersecurity policy early this year, emphasizing involving and training law enforcement. Recently, Andhra Pradesh's chief minister, N. ChandraBabu Naidu, worked with Nasscom and DSCI to roll out a draft cybersecurity policy. Sources say that state will come launch a CERT to drive public-private partnership. Key Challenges The key challenge in establishing cyber labs is creating a sustenance model to ensure the ability to scale up capabilities as needed. "It's critical to sustain them with enhancement in new techniques and procedures to tackle new risks; this means new investments," Godse says. Three key challenges in establishing and operationalizing these labs, security experts say, are: * Establishing robust technological framework in gathering evidence and investigation; * Gaining access to information about data thefts and hackers both inside and outside of India; * Dealing with a lack of clarity in Indian law regarding how to punish cybercriminals. "It's a challenge to get trainers to train the police on key skills like forensics, evidence gathering, log management, data mining etc., unless there's an effective public and private partnership model in place," notes Rakshit Tandon, cybersecurity adviser to the Uttar Pradesh Police Task Force. Sahay says gaining the necessary expertise is expensive. For example, he notes, "Hiring an expert to audit the website during website defacement means about $70,000 for a small activity." Role of CERTs Some security practitioners contend that because the government doesn't have an effective model for leveraging public and private partnerships in its sustenance program, the proposed CERTs will need to develop an effective program seeking private enterprises to hire talent to train law enforcement groups. The Kerala State Police has already commissioned a CyberDome - a high-tech cybersecurity and innovation centre, via public/private partnership, to tackle cybercrime. CyberDome is envisioned as a primary monitoring unit for the internet and the nodal centre for policing social networking sites and anti-terror activities, says Manoj Abraham, inspector general of police and nodal officer for the Kerala Police. Some security experts argue that state governments should support private sector for cybersecurity through effective public-private partnership models with clearly defined roles. "It's not an investment in high-tech infrastructure that's required; empowering the state academy and having an incentive program for private parties to build skills of these police groups is critical," Tandon says.

OS X malware spread via signed Transmission app... again
https://www.grahamcluley.com/2016/09/signed-sealed-delivered-malware-spread-signed-transmission-app/
David Bisson | September 1, 2016 10:26 am For the second time this year, the Transmission BitTorrent client has been compromised.Researchers have caught malware being spread through a signed version of Transmission, the popular OS X BitTorrent client. A team of malware analysts notified Transmission after the malicious file was discovered on the Transmission application's official website. Transmission promptly removed the file. Even so, it's unclear when the malware, which goes by the name OSX/Keydnap, first made it onto the site. As ESET's researchers explain: "According to the signature, the application bundle was signed on August 28th, 2016, but it seems to have been distributed only the next day. Thus, we advise anyone who downloaded Transmission v2.92 between August 28th and August 29th, 2016, inclusively, to verify if their system is compromised by testing the presence of any of the following files or directory:" /Applications/Transmission.app/Contents/Resources/License.rtf /Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id $HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist /Library/Application Support/com.apple.iCloud.sync.daemon/ $HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist Under no circumstances do you want to find any of the above files running on your computer. Their presence points to an active Keydnap infection, which doesn't mean anything good for a Mac user's passwords. ESET's researchers elaborate in another blog post: "The OSX/Keydnap backdoor is equipped with a mechanism to gather and exfiltrate passwords and keys stored in OS X's keychain. The author simply took a proof-of-concept example available on Github called Keychaindump. It reads securityd’s memory and searches for the decryption key for the user’s keychain. This process is described in a paper by K. Lee and H. Koo. One of the reasons we think the source was taken directly from Github is that the function names in the source code are the same in the Keydnap malware."Interestingly, this version of OSX/Keydnap bears a striking similarity to OSX.KeRanger.A, the first fully functional ransomware which posed as version 2.90 of Transmission back in March. Coincidence? Not bloody likely! The code responsible for dropping the malware payload is the same:OSX/Keydnap and OSX.KeRanger.A also share a C&C URL resource path and parameter as well as a legitimate code signing key that was signed by Apple, meaning that both malware samples can bypass GateKeeper. Per ESET's recommendation, if you installed Transmission v2.92 between August 28th and August 29th of this year, make sure you check for the presence of those files. If they're there, remove them and scan your system with an anti-virus solution just to be on the safe side.

CYBERCOM wants adversary to know it’s hacked
http://www.matthewaid.com/post/149789428791/cybercom-wants-adversary-to-know-its-hacked
September 1, 2016 Mark Pomerlau
C4ISRnet.com August 31, 2016
As Cyber Command is beginning to reach initial operational capability and entering into both defensive and offensive operations around the globe, America’s cyber warriors need cyber tools to conduct their missions. However, unlike the tools used by members of the intelligence community, which seek to operate without being detected, the Defense Department is interested in “louder” tools. First reported by FedScoop, Cyber Command’s Executive Director Shawn Turskey said the command desires tools that can be attributed to DoD. “In the intelligence community you never want to be caught, you want be low and slow, you never really want to be attributed. There’s a different paradigm from where you are at in the intelligence community,” Tuskey said at a government cybersecurity workshop hosted by the Department of Homeland Security August 30, according to FedScoop reporter Chris Bing. “But there’s another space over here, where maybe you definitely want to be louder, where attribution is important to you and you actually want the adversary to know.” An official at Cyber Command, speaking to C4ISRNET on background, said joint force commanders might want their goals or objectives to be known in order to convey a message. Some cyber teams work directly to support the objectives of joint force commanders by providing options in cyberspace in furtherance of these goals. CYBERCOM is currently engaged in the global anti-ISIS coalition to help degrade and ultimately destroy the group by disrupting its command and control as well as ability to communicate. As part of the effort, CYBERCOM Commander Adm. Michael Rogers had stood up a specific task force headed by the commander of Army Cyber Command Gen Edward Cardon designed specifically at building tools tailored toward ISIS and their capabilities. Joint Task Force – Ares, as it is called, is “very consistent with what we talked earlier but from a real specific operations point of view,” Ronald Pontius, deputy to the commanding general of ARCYBER, said in a recent interview with C4ISRNET. “It’s not just about tools, it is about how do you achieve effects that are integrated into Joint Task Force – Operation Inherent Resolve as the overall joint task force leading the efforts. So how do you integrate non-kinetic with kinetic to achieve those effects. The Joint Task Force – Ares is working that very much.” Pontius added that this project is a collaboration between CYBERCOM and Central Command, responsible for the geographic area encompassing ISIS’s largest territory to include the group’s de facto capital.  Joint Task Force Ares is “integrated with Joint Task Force – OIR because they have responsibility in the entire battlespace of all the airspace, land domains,” he continued. The CYBERCOM official noted that the initiative to create attributable cyber tools is broad based and not specific to any one specific effort. As CYBERCOM is nearing IOC, which will occur at the end of 2016, and while there have been reports the organization will be elevated to a unified command, it will continue to remain a close partner with the intelligence community and the NSA, its de facto parent, for the foreseeable future. “We will continue to work with the intelligence community for offensive means and offensive operations, but as the United States Cyber Command, we need totally separate tools and infrastructure to conduct our operations,” Tusky said. There is a close working relationship between signals intelligence and cyber. One can inform the other but also the other informs the other,” Pontius, whose organization is relocating its headquarters from Fort Belvior, VA to Fort Gordon, GA in 2020, collocating with NSA-Georgia, said. “There’s things that we very much could see from a cyberspace operations point of view that could say here’s something we need to look at from a signals intelligence point of view or we may have indications and warnings from signals intelligence that says we believe adversaries are thinking about pursuing this kind of thing against our networks or our systems – you need to look in this area.” In a general sense, Col Brandon Pearce, formerly chief of current intelligence for CYBERCOM, told C4ISRNET that this relationship is absolutely critical. “I believe that the relationship between signals intelligence and what U.S. CYBERCOM is trying to do in order to leverage signals intelligence and other types of intelligence to figure out what to do next inside the cyberspace is absolutely critical,” he said following an appearance at an FCW-hosted event on August 24, noting he has been out of that position for two years and was not commenting on current operations or polices. Pontius was sure to articulate the key differences between Title 10 military operations and Title 50 intelligence operations as they apply to the intelligence-military partnership in cyberspace. “Cyberspace operations as a Title 10 operations is that, it’s a military operation, not an intelligence operation. And so it’s very important and we go through a lot of training and we have our operational lawyers very much with us on everything…You have to understand under what authorities are you conducting what operation and we work that very carefully,” he said.

Undocumented Patched Vulnerability in Nexus 5X Allowed for Memory Dumping via USB
https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/
September 1, 2016  |  By Roee Hay
Share Undocumented Patched Vulnerability in Nexus 5X Allowed for Memory Dumping via USB on Twitter Share Undocumented Patched Vulnerability in Nexus 5X Allowed for Memory Dumping via USB on Facebook Share Undocumented Patched Vulnerability in Nexus 5X Allowed for Memory Dumping via USB on LinkedIn
The IBM X-Force Application Security Research Team recently discovered a previously undocumented vulnerability in older versions of Nexus 5X’s Android images (6.0 MDA39E through 6.0.1 MMB29V or bootloaders bhz10i/k). The first nonvulnerable version is MHC19J (bootloader bhz10m), released in March 2016. The vulnerability would have permitted an attacker to obtain a full memory dump of the Nexus 5X device, allowing sensitive information to be exfiltrated from the device without it being unlocked. Clearly such an ability would have been very appealing to thieves. Fortunately, IBM is not aware of any exploitation attempts of this vulnerability. The vulnerability could have been exploited by physical or nonphysical attackers with Android Debug Bridge (ADB) access to the device. A nonphysical attacker could gain ADB access by infecting an ADB-authorized developer’s PC with malware or by using malicious chargers targeting ADB-enabled devices. Using such chargers requires the victim to authorize the charger once connected. IBM disclosed this issue to Android a few months ago, and the Android Security Team recently acknowledged it was patched. Behind the Curtain of the Nexus 5X Vulnerability The vulnerability and its exploitation are rather straightforward: The attacker reboots the phone into fastboot mode, which can be done without any authentication. A physical attacker can do this by pressing the volume down button during device boot. An attacker with ADB access can do this by issuing the adb reboot bootloader command. The fastboot mode exposes a USB interface, which, on locked devices, must not allow any security-sensitive operation to be commanded. However, we discovered that if the attacker issued the fastboot oem panic command via the fastboot USB interface, the bootloader would be forced to crash: [38870] fastboot: oem panic [38870] panic (frame 0xf9b1768): [38870] r0 0x0f9972c4 r1 0x4e225c22 r2 0x7541206f r3 0x74206874 [38870] r4 0x0f9972e8 r5 0x0f96715c r6 0x0f9972f0 r7 0x0f9670ec [38870] r8 0x0f92e070 r9 0x00000000 r10 0x00000000 r11 0x00000000 [38870] r12 0x0f92e070 usp 0x0f9650ec ulr 0x00000000 pc 0x0f99c75c [38870] spsr 0x0f936964 [38870] fiq r13 0x0f989490 r14 0x00000000 [38870] irq r13 0x0f989490 r14 0x0f9004f4 [38870] svc r13 0x0f9b16f0 r14 0x0f92dd0c [38870] und r13 0x0f989490 r14 0x00000000 [38870] sys r13 0x00000000 r14 0x00000000 [38880] panic (caller 0xf936964): generate test-panic...

Massive Data Breach Puts French Sub Maker in Crosshairs
http://www.technewsworld.com/story/83860.html?rss=1#
By David Jones Sep 1, 2016 7:00 AM PT
Officials in France and India have launched investigations of a massive data breach involving thousands of documents belonging to defense industry contractor DCNS, which was scheduled to deliver six Scorpene-class submarines to the Indian navy later this year. Hackers stole more than 22,000 pages of documents that included detailed technical information on the vessels. They turned them over en masse to The Australian, which published some of the leaked information. DCNS acknowledged it was aware of the press coverage of the leak about the Indian Scorpene submarine project, and said French authorities were investigating the case. The investigation will determine the exact nature of the leaked documents, potential damages to DCNS customers, and responsibility for the leak, the company said. Indian government officials took up the incident with the director general of armament of the French government. They asked for an investigation and for the findings to be shared with the Indian government. The Indian government also is conducting an internal investigation to rule out any security compromise. However, the leak appears to have taken place outside of India, according to defense officials. Possible Links The evidence so far has led some to suspect a link to state-sponsored activity or even organized crime, noted Pierluigi Paganini, chief information security officer at Bit4id. "A government could be interested in leaking online such precious data only to interfere with commercial relationships between the DCNS and other governments," he told TechNewsWorld. "It could be interested, for example, to benefit a company linked to it." The Kalvari, the first submarine built in India, reflects a deal between DCNS and Mazagon Dock Shipbuilders to build six vessels in Mumbai. IFrame DCNS also won the largest-ever contract awarded in Australian history, for an advanced fleet of vessels. Australia selected DCNS as the preferred international partner for the design of 12 future submarines for the Royal Australian Navy, the company announced this spring. The leakage of the India Scorpene data has created some unease over whether Australia should take delivery of those vessels. The Australian government chose DCNS for its ability to meet all of its requirements -- among them, superior sensors and stealth characteristics, as well as range and endurance similar to Collins class vessels. NATO's main cyber-responsibility is to defend its own networks, noted Press Officer Daniele Riggio. Individual allies are responsible for protecting their own networks. Sponsored Espionage? The Scorpene cyberattacks follow a series of attacks launched late last year against several contractors who were in the running for the Australian submarine contract. Several reports linked China and possibly Russian hackers to those incidents, which targeted contractors in Germany and Japan, as well as France's DCNS. Torben Beckmann, spokesman for Thyssenkrupp Industrial Solutions, confirmed to TechNewsWorld that the company was one of three contractors in contention for the submarine contract, but he declined to comment on the reported data hack.

Former Canadian SIGINT Chief Says Canada Needs Offensive Cyber Weapons
http://www.matthewaid.com/post/149802230576/former-canadian-sigint-chief-says-canada-needs
Alex Boutilier Toronto Star September 1, 2016
Former electronic spy chief urges Ottawa to prepare for ‘cyber war’
OTTAWA—The former chief of Canada’s electronic spies is calling on Ottawa to develop an arsenal of cyber weapons — and give defence and intelligence agencies the green light to attack. “Cyber war” is still in its infancy, John Adams argued in a July paper, but computer viruses could soon cause as much damage to a country as conventional bombs and bullets. Canada has traditionally — at least officially — focused cyber efforts on defending against espionage and attacks from both hostile states and hackers. But Adams, the chief of the Communications Security Establishment between 2005 and 2012, is calling on the federal Liberals to rethink that approach and allow Canada to go on the offensive. “Some people think that cyber war will sooner or later replace kinetic war. More frequently, cyber war is presented as a new kind of war that is cheaper, cleaner and less risky for an attacker than other forms of armed conflict,” Adams wrote in a paper published by the Canadian Global Affairs Institute. Article Continued Below “In either case, the Canadian Armed Forces have a responsibility not only to protect their own systems but they also need to have the authority to direct offensive action … if that is what it takes to blunt an ongoing catastrophic attack on critical infrastructure.” Adams argued that if a hostile state were attacking Canada’s networks, Canada should be able to respond in kind to stop that attack. But in an interview with the Star Tuesday, Adams was clear that he’s envisioning a much wider range of actions for Canada’s defence agencies. “Let’s say we’ve got A, B, and C. A owes C money, and we want to make sure that money does not get to C. You can take steps to make sure, even though A may intend that (the money) goes to C, in fact it goes to B.” “And C says, ‘Well, that son of a gun’ and he goes and shoots A in the head.” To most, Adams said, that would seem like an offensive action — Canadian spies misdirecting money, which ultimately results in someone getting killed. “That sort of action is very troublesome to governments, and certainly to politicians,” Adams said. “(Because) that would be judged to be an offensive action … (rather than) simply a defensive action, (where) you’re trying to stymie a whatever it might be, a nefarious action, and in so doing you take that kind of action and guess what? The bad guys are killing one another rather than doing the things you’d rather them not be doing.” Adams is making his argument as the Canadian government is in the middle of a massive re-think of defence and cyber security policy. Defence Minister Harjit Sajjan launched a review of defence policy in April, and is expected to release the new policy in 2017. Public Safety Minister Ralph Goodale has also launched a review of Canada’s cyber security posture, in addition to a promised comprehensive look at the country’s national security framework. Goodale’s office deferred comment to the Department of National Defence. Calls to Sajjan’s office were not returned as of Wednesday. In a written response, the Communications Security Establishment simply said that they have no authority to conduct offensive cyber operations. “CSE does not have a mandate to conduct offensive cyber activities,” agency spokesperson Ryan Foreman wrote in a statement. “The government of Canada is currently engaged in a defence policy review, which includes consulting Canadians on defensive and offensive military cyber capabilities.” Part of the difficulty in discussing “cyber attacks” is how often that term is used to describe everything from minor website disruptions (a favoured tool of “hacktivist” groups like Anonymous) to serious hacks aimed at stealing secrets or sabotaging networks. The lines between attacking, defending, and espionage can also be blurry. Wesley Wark, a professor at the University of Ottawa specializing in national security and intelligence issues, said while limited attack capabilities might be desirable, he thinks Canada needs to prioritize defence and intelligence gathering. “Before we leap ahead to far in investigating computer network attack capabilities and policies, we have to have a foundation in place … network defence capabilities, and the intelligence gathering capabilities,” Wark said. “If you don’t have those two, you can’t do the network attack … I’m afraid that this debate about let’s invest in cyber attack capabilities is going to drain resources, and time and attention, from those two foundational pieces.” Wark also cautioned that cyber weapons should be used sparingly, or countries risk escalating an already busy exchange of attacks and counterattacks. “The last thing you want is to get into a round of escalating, out of control cyber aggressions, tit for tat, across international boundaries between state actors,” Wark said. Proliferation and escalation are valid concerns, Adams conceded to the Star. But he said that he’s “equally concerned” about Canada not having the capacity to respond at all. “I simply say that it’s time for the debate. Let’s have the discussion,” Adams said. “Let’s get on with it, because I think it’s now time.”

Florida Man Arrested for Hacking Linux Kernel Organization
http://www.itsecuritynews.info/florida-man-arrested-for-hacking-linux-kernel-organization/
2. September 2016
Donald Ryan Austin, 27, of El Portal, Florida, was charged yesterday with hacking servers belonging to the Linux Kernel Organization (kernel.org). According to a four-count indictment, Austin gained access to server credentials used by an individual associated with the Linux Kernel Organization. Austin used the credentials to access four kernel.org servers located in a Bay Area data center, modified server configurations and installed rootkits and other trojans. Linux Kernel Organization administrators detected the intrusion and called on the FBI to investigate the incident. FBI agents tracked down the intrusion to Austin, and a federal grand jury issued a four-count indictment on June 2 […]

 ABC News Australia
The internet of hacked things
http://www.abc.net.au/news/2015-10-07/four-corners-internet-of-hacked-things/7778954
Four Corners Updated August 29, 2016 10:09:04
Satellite communications Newsat was once Australia's biggest satellite company, with systems carrying sensitive communications for the Australian Defence Force and mining companies. In a 2013 meeting called by the Australian Signals Directorate, former IT manager Daryl Peter was told the company had been seriously infiltrated by foreign hackers. Mr Peter believed the hack was from China. Newsat's former chief financial officer, Michael Hewins, said the company's IT staff were told its computers had been compromised in one of the worst cases Australian intelligence had ever seen. They were told Newsat would not be allowed to launch its flagship Jabiru 1 satellite until major changes were made. Jabiru 1 was a five-tonne state-of-the-art satellite that NewSat promised to launch, but it never got off the ground as the company eventually collapsed and went into administration.   Bureau of Meteorology In April, Prime Minister Malcolm Turnbull confirmed the Bureau of Meteorology had suffered a significant cyber intrusion that was first discovered in 2015. It was the first time there was official acknowledgement that a critical Australian Government agency had been penetrated by a sophisticated cyber attack. The Government did not say it publicly but Australian intelligence sources have confirmed to the ABC that China was behind the attack. Four Corners has been told the Bureau of Meteorology was probably just a gateway for a more sinister attack. China's true targets may have been the Australian Geospatial Intelligence Organisation, which provides satellite imagery for sensitive defence operations, and a high-tech Royal Australian Air Force radar system called the Jindalee Operational Radar Network (JORN). The JORN system is designed to detect planes and maritime vessels within a 3,000-kilometre radius of Australia's northern and western shorelines. Beijing continues to deny responsibility for the attack.Nuclear facilities Stuxnet is the first cyberweapon known to cause actual physical damage. At the time of its 2010 discovery by security researchers, it was the most sophisticated malware identified in the public realm. Stuxnet targeted devices that automate electro-mechanical processes to sabotage Iran's uranium enrichment program in Natanz. Since the nuclear facilities were not connected to the Internet, it is believed that the malware was deployed by infecting employees' home computers, and carried unknowingly into the facility via a USB flash drive. Once inside the facility, the malware proceeded to override the Iranian scientists' internal network, forcing the centrifuges to spin at self-destructive speeds while making it appear that nothing abnormal was occurring. It was not until loud noises were heard from the centrifuge chambers that Iran's nuclear scientists became aware that their system was failing. It took another five months before researchers discovered that the culprit: Stuxnet. Stuxnet is believed to have resulted in the destruction of roughly one-fifth of Iran's centrifuge stockpile. It also represented an unprecedented moment in history, when cyber warfare finally spilled over into the physical domain.Power grids The first publicly acknowledged successful cyber intrusion to knock a power grid offline occurred in Ukraine during December 2015. Widespread service outages were reported and it was soon discovered that about 30 substations became disconnected from the grid, leaving more than 225,000 customers freezing in the Ukrainian winter chill. The attackers are also believed to have spammed the Ukrainian utility's customer-service centre with phone calls in order to prevent real customers from requesting assistance. This was no opportunist act of hacktivism: those responsible were running a sophisticated and stealthy operation that would have required months of reconnaissance. Although power was restored hours later, many functions had to be controlled manually for months to come; the firmware inside the control centres running the substations had been rendered inoperable by the attack. Later, US security researchers found that the authors of the malware were writing in Russian. This malware was dubbed BlackEnergy.Cars In July 2015, American security researchers Charlie Miller and Chris Valasek demonstrated they could remotely hack a 2014 Jeep Cherokee, allowing them to control the car's transmission and brakes. The vulnerability they had discovered was exploited via the wi-fi in the car's multimedia system; the number of affected vehicles ran into the millions. They discovered they could crack a car's password through a method known as brute-forcing: literally decoding it through automated guesswork. Since then, a number of other vehicles have proved to be vulnerable to hacking, including models manufactured by Tesla, BMW, Nissan and Mercedes Benz. In response to security concerns, Tesla and Fiat Chrysler have both announced the establishment of bug bounty programs. Such programs allow independent security researchers to submit vulnerabilities they discover to the company and can be compensated thousands of dollars for their efforts.   Drug infusion pumps We've all seen infusion pumps in hospitals before. But what you probably don't know is that many are actually connected to the hospital's computer network. In 2014, Californian researcher Billy Rios found he could remotely hack into hospital pumps that administer morphine and antibiotics to change the dosage level. After Rios sent his findings to the Department of Homeland Security, they contacted the Food and Drug Administration (FDA), who contacted the pumps' manufacturer, Hospira. The FDA eventually issued an advisory recommending that hospitals stop using the affected model of pump Rios had studied. But many more hospital pumps affected by similar vulnerabilities continue to be used today.Steel mills In 2014, the German Government confirmed that an unnamed steel mill was targeted by hackers, leaving one of its furnaces destroyed. The German Federal Office for Information Security said the attackers used a combination of techniques to attack the facility. They started by sending malicious emails to employees at the mill that surreptitiously stole login and password details. Once inside the system, they exploited software used to administer the plant's operations, allowing them to stop the blast furnace from being shut down.Building management systems In 2013, Billy Rios and Terry McCorkle hacked into the building management system of Google's offices in Sydney. Building management systems are interfaces that control power, CCTV systems, security alarms, fire alarms, electrical locks, air-conditioning, elevators and water pipes. The researchers had discovered the Google management system on a search engine for internet-connected devices known as Shodan. Google Australia thanked the researchers for alerting it, and "took appropriate action to resolve this issue".Dams Hackers almost gained control of the floodgates at Bowman Avenue Dam, near New York City, in 2013. It is believed the only reason they did not gain full control was because the dam had been manually disconnected for routine maintenance. Former government officials lay the blame for the attack on Iran, but details remain scarce as the incident remains classified.TV stations The French TV station TV5Monde fell victim to a sophisticated cyber attack that brought down 12 channels for almost a whole day in April 2015. Jihadist hackers were initially suspected to be the culprit as the TV5Monde website was defaced with Islamic State propaganda. However, cyber security experts later realised the hacker group used Russian code.ATMs New Zealand hacker Barnaby Jack came to fame in 2010 after demonstrating how to hack into automatic teller machines, causing them to spew out wads of notes. One of the vulnerabilities Jack demonstrated was in the remote monitoring feature, which in some models of ATMs is turned on by default. It was through this flaw in the ATMs' software that he uploaded a program designed to infect the machine in secret. The program would then be activated when someone entered a touch-sequence on the ATM's keypad, causing bills to fly out of the machine.Traffic lights In 2014, researchers demonstrated how they could remotely control a system of 100 intersections' traffic lights in an unnamed city in Michigan. Under the supervision of the government road agency, experts from the University of Michigan showed how the traffic lights used wireless radio to communicate data within a central network. It was through this wireless radio system that they discovered they could send commands to any intersection and control the lights at will.Planes? Security researcher Chris Robert is subject to an ongoing FBI investigation after claiming to have hacked a plane mid-flight via its entertainment console. He claims to have made the passenger jet fly in a sideways movement. However, the jury remains out as to whether his claims are correct, especially if the flight crew failed to notice any abnormality.

 Watch Cyber War on Four Corners, Monday 8.30pm and on iview.
http://www.abc.net.au/4corners/stories/2016/08/25/4526527.htm


DNS tunneling threat drills into nearly half of networks tested'
http://www.scmagazineuk.com/dns-tunneling-threat-drills-into-nearly-half-of-networks-tested/article/520363/
Davey Winder September 02, 2016
InfoBlox's new report showed nearly half of all networks tested to show signs of DNS tunnelling.The latest Infoblox Security Assessment Report reveals 40 per cent of the files it tested showed evidence of DNS tunnelling. That's nearly half of the enterprise networks that were tested by Infoblox returning evidence of a threat that can mean active malware or ongoing data exfiltration within the network. For more than a decade now the bad guys have been looking at ways of using DNS to exfiltrate data. Port 53 manipulation, also known as DNS Tunneling, allows data to be directed through this established path for malicious purposes. Perhaps this shouldn't be surprising, given the inherently trusted nature of DNS. While there are some 'quasi-legitimate' uses of DNS tunnelling, many will be malicious. The nature of these attacks can vary, depending if the perpetrator is an off the shelf scripter or nation state actor. Project Sauron, an example at the nation state end of the spectrum, used DNS tunneling to exfiltrate data. Rod Rasmussen, vice president of cyber-security at Infoblox, says that "the widespread evidence of DNS tunnelling uncovered by the report shows cyber-criminals at all levels are fully aware of the opportunity." Rasmussen also points out that when suspicious DNS activity is detected, security teams can "use the information to quickly identify and remediate infected devices." Luther Martin, Distinguished Technologist at HPE Security, is in agreement that DNS tunneling is used by lots of hackers. "It's actually a fairly robust way to sneak data past a firewall" Martin told SCMagazineUK.com "it's easy to get data rates of over 100 MB/s with it." Indeed, he's even seen DNS tunneling as a service offerings out there. Interestingly, according to Martin, DNS tunneling for the egress of lots of data (think big breach) is unlikely as firewalls are often surprisingly bad at egress filtering. "The main use", Martin concludes, "might actually be to bypass firewalls and get WiFi access without paying for it." Luke Potter, Security Practice Director for SureCloud, revealed during a conversation with SC that DNS tunneling is even "an area that our testing team are actively using in client engagements" and that "we often find that mitigation for DNS tunnelling has not been considered or implemented." And Marc Laliberte, Information Security Threat Analyst at WatchGuard Technologies has seen tunneling "prominently used in the Multigrane POS malware which made its rounds earlier this year." What's more, he told us he expects to "continue to see DNS tunnelling used for data exfiltration and C2 connections until organisations better prepare themselves to stop it." So how do they do that then? Jonathan Couch, VP of Strategy at ThreatQuotient told SC that despite something like 90 per cent of malware utilising DNS for command and control as well as exfiltration, organisations which should know this continue not manage their own DNS internally and still let UDP and TCP port 53 flow freely through their firewalls. "And those that do implement internal DNS" Couch adds "either don't monitor it for tunneling or don't enforce use of it by blocking UDP/TCP 53 at the firewalls." The why is interesting, and reflects a common problem in the world of security teams. They don't plug the hole because it takes resources to implement and maintain internal DNS. "These are resources which the network operations folks need to use for other essential network services or security infrastructure" Couch concludes. That, and the fact that DNS is so core to everything that they don't want to mess it up! Meanwhile, Luke Potter admits it's not straightforward to prevent this technique of tunnelling data, but provided SC Magazine with this summary: "To block tunnelling across the network, ensure the egress firewall has intrusion prevention and deep packet inspection enabled, as well as strict outbound port and protocol whitelisting. Additionally, an internal proxy server should be in use with SSL/TLS bumping to intercept encrypted traffic."

InfoWorld
Regular password changes make things worse
http://www.csoonline.com/article/3113710/data-protection/regular-password-changes-make-things-worse.html
Changing passwords is supposed to make things more difficult for attackers. Unfortunately, research shows that human nature means it makes it easier
Taylor Armerding Sep 2, 2016
Security experts have been saying for decades that human weakness can trump the best technology. Apparently, it can also trump conventional wisdom. Since passwords became the chief method of online authentication, conventional wisdom has been that changing them every month or so would improve a person's, or an organization's, security. [ Simplify your security with 8 password managers for Windows, MacOS, iOS, and Android. Find out which one prevails in InfoWorld's review. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Not according to Lorrie Cranor, chief technologist of the Federal Trade Commission (FTC), who created something of a media buzz earlier this year when she declared in a blog post that it was, "time to rethink mandatory password changes." She gave a keynote speech at the BSides security conference in Las Vegas earlier this month making the same point.  But the message was not new -- she has been preaching it for some time. Cranor, who before her move to the FTC was a professor of computer science and of engineering and public policy at Carnegie Mellon University, gave a TED talk on it more than two years ago. She contends that changing passwords frequently could do more harm than good. Not because new passwords, in and of themselves, would make it easier for attackers, but because of human nature. ALSO ON CSO: The CSO password management survival guide She cited research suggesting that, "users who are required to change their passwords frequently select weaker passwords to begin with, and then change them in predictable ways that attackers can guess easily." This, she said, was demonstrated more than six years ago in a 2009-2010 study at the University of North Carolina at Chapel Hill. Researchers, using passwords of more than 10,000 defunct accounts of former students, faculty and staff, found it much easier to crack new passwords if they had cracked an older one, since users tended create a new password with a minor tweak of the old one.  Those tweaks included changing a lower-case letter to upper case, substituting a number for a letter, such as a "3" for an "e," or simply adding a couple of letters or numbers to the end of the previous password. Cranor said the researchers found that if they knew a previous password, they could guess the new one in Cranor said the researchers found that if they knew a previous password, they could guess the new one in fewer than five tries. A hacker who had also stolen the hashed password file would be able to guess new ones within three seconds -- and that was with 2009 technology. The UNC study is not the only one reaching that conclusion. Researchers at the School of Computer Science at Carleton University in Ottawa, Canada, in a paper published in March 2015, concluded that security advantages of password expiration policies were, "relatively minor at best, and questionable in light of overall costs," for the same reason the UNC researchers found. "(W)hen password changes are forced, often new passwords are algorithmically related to the old [password], allowing many to be found in few guesses," they wrote. And the National Institute of Standards and Technology (NIST), in a draft publication from April 2009 (although it was marked "Retired" this past April), said password expiration policies frequently frustrate users, who then, "tend to choose weak passwords and use the same few passwords for many accounts." Not surprisingly, attackers are very much aware of these vulnerabilities. The latest Verizon Data Breach Incident Report (DBIR) found that 63 percent of all data breaches involved the use of stolen, weak or default passwords. A report released earlier this month by Praetorian found that four out of the top five activities in the cyber kill chain had nothing to do with malware, but with stolen credentials, thanks to things like weak domain user passwords and cleartext passwords in memory. MORE: Sample password protection policy All of which would seem to be even more ammunition for organizations like the FIDO Alliance, which has been crusading to eliminate passwords entirely since its formation four years ago. The Alliance has been pitching two passwordless authentication options it hopes will be irresistible to both users and service providers. But even with increasing interest and acceptance of those options, Brett McDowell, FIDO's executive director, has acknowledged that there will be a "long tail" for password use. And during that long transition, he and others say there are multiple ways to improve security that don't involve creating a new password every couple of months that is easier to crack than previous ones. Zach Lanier, director of research at Cylance, cites Apple's TouchID and Google's Project Abacus as mobile options to wean users off passwords, but said passwords are obviously, "still around, and they're likely to be for a bit longer. It's just that they're so ‘standard' for people and enterprises, and have been for so long, that it's really hard to make them completely disappear." In the interim, he said, organizations can improve their password security through a combination of employee training and, "actively testing their authentication mechanisms and auditing users' passwords -- cracking them -- whether it's through internal infosec teams or external firms. In my opinion, it should be both," he said. "This can give the organization a better idea of where things are broken, from people to technology." The users can be brought into this as well, he added, by, "making available the tools to enable, if not force, users to test the strength of their own passwords." McDowell agrees that education is, "a laudable endeavor, especially to help users avoid falling victim to phishing and/or social engineering attacks." But he said the "shared secret" authentication model is vulnerable to too many forms of attack -- not just social engineering -- hence the need to eliminate them as soon as possible. Tom Pendergast, chief strategist, Security, Privacy & Compliance, at MediaPro, said organizations can and should have much more rigorous password policies. "Current policies set the bar far too low for complexity in passwords and don't require multi-factor authentication, acknowledged as the best commonly available solution," he said. Lanier agreed. "There are some really awful organizations, sites or services that can't seem to move past the year 1998 with authentication," he said. "Things like not allowing certain characters, or limiting the length of the password to something ridiculously low, all because the developers, database admins, and/or designers are using outdated or deprecated mechanisms." Pendergast said he sees the same thing. "There is plenty of existing technology designed specifically to prevent users from repeating passwords, using common passwords, and enforcing password rules. A surprising number of companies don't use these basic password reinforcement functions," he said. And, Lanier noted that, "password managers are, of course, a huge boon for generating complex passwords without the fuss of having to remember them or write them on a Stickie note. This at least reduces the risk that a person might serialize their password choices. Certainly not a panacea, but for the average person, it's a great idea." [ RELATED: How to evaluate password managers ] Still, as McDowell noted, even rigorous passwords can't compensate for a person being fooled by a skilled attacker. "Many times, passwords are simply given away in a phishing or social engineering attack," he said. "I saw a recent stat from the SANS Institute that 95% of all attacks on enterprise networks are the result of successful spear phishing." All agree that the weaknesses of human nature mean it would be better to move beyond passwords. But, as McDowell notes, human nature also requires that whatever replaces passwords must be, "easier to use than passwords alone. "User experience is going to win over security every time so the key to building a secure password replacement system is to build ease-of-use into its foundation," he said. Until then, Lanier said, organizations should, at a minimum, not rely on passwords alone. "At the very least, if/when that poor password gets cracked or guessed, two-factor authentication raises the bar for the attacker," he said. This story, "Regular password changes make things worse" was originally published by CSO.

Apple Patches Safari, OS X Flaws to Prevent Snooping
http://cyberparse.co.uk/2016/09/02/apple-patches-safari-os-x-flaws-to-prevent-snooping/
September 2, 2016
The fix comes a week after Cupertino patched a similar iOS vulnerability. Apple on Thursday fixed critical vulnerabilities in its desktop Safari browser and the OS X operating system. The security update comes after Cupertino last week patched a serious iOS flaw that let malware spy on a users’ phone calls and text messages. But Safari’s mobile and desktop versions share the same codebase, making Mac users vulnerable, as well. According to Apple’s advisory, the Safari 9.1.3 bug could allow a hacker to execute arbitrary code on an unsuspecting victim’s Mac by tricking the person into visiting “a maliciously crafted website.” Hackers employed the same technique recently when they tried to infiltrate human rights activist Ahmed Mansoor’s iPhone. The prominent advocate reportedly received a text message from a “cyber war” company with a link to malware that would have jailbroken his handset and installed surveillance software. The exploit, according to research group Citizen Lab, is connected to NSO Group, an Israeli company best known for selling a government-exclusive “lawful intercept” spyware product called Pegasus. If Mansoor had activated the malware, it would have allowed NSO access to the phone’s camera, microphone, and GPS. “Not only could NSO infect iPhones at the touch of a link, but it seems that the vulnerabilities they were exploiting could be weaponized to target many different platforms,” Citizen Lab researcher Bill Marczak told Motherboard. Citizen Lab did not immediately respond to PCMag’s request for comment. Apple last week released the latest version of iOS, 9.3.5, which fixes the aforementioned issues. The update includes two improvements to how iOS devices access memory, as well as a patch that prevents visits to malware-laden websites.

Inteno Router Flaw Could Give Remote Hackers Full Access
http://www.infosecurity-magazine.com/news/inteno-router-flaw-remote-hackers/
Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine
Security experts are warning of a critical new router vulnerability which could allow remote attackers to replace the firmware on a device to take complete control over it, and monitor all internet traffic flowing in and out. F-Secure claimed the issue affects the Inteno EG500, FG101, DG201 routers. However, in an advisory it added that more models could be affected but it couldn’t be sure due to the “vendor’s unwillingness to cooperate.” In fact, F-Secure claimed to have first contacted Inteno about the issue in January but when the vendor replied two months later it argued that software issues are dealt with by the “operators” that sell the equipment to end users. “Inteno do not do end user sales on CPE, we only sell through operators so such software features are directed through operators requests,” an Inteno representative told F-Secure at the time. The vulnerability itself stems from the fact that several router models don’t validate the Auto Configuration Server (ACS) certificate (CWE-295). This means that an attacker capable of launching a Man in the Middle (MitM) attack between the ACS and the device could intercept all network traffic going in and out of the device to the ACS and gain full administrative access to the router, allowing them to reflash the firmware. The implications of such a flaw are potentially serious, according to F-Secure cybersecurity expert, Janne Kauhanen. “By changing the firmware, the attacker can change any and all rules of the router. Watching video content you’re storing on another computer? So is the attacker. Updating another device through the router? Hopefully it’s not vulnerable like this, or they’ll own that too,” he warned. “Of course, HTTPS traffic is encrypted, so the attacker won’t see that as easily. But they can still redirect all your traffic to malicious sites that enable them to drop malware on your machine.” The one saving grace is that an attacker would have to gain a “privileged network position” before being able to launch such an attack – something which HTTPS is designed to prevent. However, if HTTPS is not implemented and an attacker is able to launch a MitM then there’s nothing a user can do to prevent a successful exploitation, short of installing a new router or a firmware update – once one is finally made available. “Gaining a MitM position is not trivial, but it’s not outside the realm of possibilities either, whether physically attacking a whole building by breaking into the distribution trunk in the building or using software tricks to route network traffic through a malicious site,” Kauhanen told Infosecurity. “If you use a vulnerable router to surf on my website for kitty pictures, here comes the payload.” In the meantime, F-Secure recommended users keep browsers and other software updated to prevent hackers exploiting any flaws; to use effective AV to prevent any malware downloads; and to use a VPN to encrypt internet traffic and prevent hackers gaining that initial foothold into the network. Unofficial reports suggest that there is a fix out there somewhere, although these have not been confirmed, according to Kauhanen.

Man Convicted for Hacking Linux Kernel Servers
http://sensorstechforum.com/man-convicted-hacking-linux-kernel-servers/
September 2, 2016 by Vencislav Krustev+
A man from El Portal, Florida was arrested for gaining unauthorized access to the kernel.org (Linux Kernel) servers. According to the court, the hacker Ryan Austin used credentials to the servers of what appears to be an employee associated with the Linux Organization. The organization’s network administrators have detected the unauthorized login and have notified the authorities. The FBI took over this investigation, and they have eventually discovered that there were also attempts by Austin to modify the configuration files of the servers and have had installed malware such as rootkits and Trojan horses on a server based in Bay Area. The agents behind the investigation eventually tracked down the tracks of the intrusion, and they let to Ryan Austin, who was arrested on August 28, 2016. The suspect Ryan Austin was indicted to possibly face a 10-year solitary confinement as well as a fine of $250000.Is This The Same Hacker Behind the 2011 Attack? This is similar to the 2011 kernel.org hack which resulted in the successful installation of the Phalanx Rootkit infection with other Trojans able to steal passwords as well as perform other malicious activities. This time, the hack was relatively the same and the cyber-criminal attempted the same actions, suggesting that it may have been Austin who did the hack. There hasn’t been much fuzz since this accident has happened, besides that the hack was found half a month later. What is known from back then is that during that time, there was access to several machines that were used to distribute the Linux OS, according to officials. The consequences of the hack were that the attackers were able to track down anyone using these servers and what they do. Not only this but besides the servers Hera and Odin1 the hackers were able to access a senior developer’s personal machines as well. It is not disclosed as to what extent the data was stolen, but other computers within the kernel.org network may have also become victims of this attack.What About The Future? The good news for this situation is that Linux Kernel has learned from their mistakes and this time they have caught the attacker. However, it remains a mystery whether this was just Austin or there were other attackers as well since multiple computers were attacked. So far the big question remains is whether or not this is going to be the end of those type of trojan and rootkit attacks against Linux Kernel. The reality is with this attack and other attacks, like the Fairware ransomware, Linux becomes increasingly bigger target for malware writers espeicially when it comes to servers.

Man charged with hacking city sites in Arizona, Wisconsin
http://ktar.com/story/1257828/man-charged-with-hacking-city-sites-in-arizona-wisconsin/
By Associated Press | September 1, 2016 @ 5:41 pm
PHOENIX — A man has been indicted on federal charges of hacking into government websites in Arizona and Wisconsin, including a cyberattack that came three days after a police shooting of an unarmed man in the city of Madison and interrupted communications equipment for emergency workers there. Randall Charles Tucker of Apache Junction, Arizona, is charged with intentional damage to protected computers and threatening damage to protected computers for allegedly attacking municipal computer systems in March 2015 in Madison and two Phoenix suburbs, Chandler and Mesa. He also is accused of attacking the Washington, D.C.-based News2Share site in late 2014 after it failed to run a video he had provided. The video’s contents weren’t publicly revealed. It’s unknown whether Tucker has an attorney, and there was no listed phone number for his home. He hasn’t yet made an initial appearance in U.S. District Court in Phoenix. The indictment says Tucker temporarily disabled access to the city of Madison’s website and crippled the automatic dispatch system for emergency workers. The attack came three days after a white Madison police officer fatally shot Tony Robinson, a 19-year-old biracial man, during an altercation in an apartment building stairwell. The shooting put the police department under intense scrutiny and sparked days of protests. The officer was eventually cleared of criminal wrongdoing. The indictment against Tucker doesn’t mention the shooting. Less than a week after the Madison hack, authorities say Tucker launched an attack on city websites in Mesa and Chandler that temporarily made them inaccessible to users.

Florida Man Arrested for Hacking Linux Kernel Organization
http://www.securitynewspaper.com/2016/09/02/florida-man-arrested-hacking-linux-kernel-organization/
Security Newspaper | September 2, 2016
Donald Austin is the main suspect behind the kernel.org security breach that took place in the summer of 2011.Donald Ryan Austin, 27, of El Portal, Florida, was charged yesterday with hacking servers belonging to the Linux Kernel Organization (kernel.org). According to a four-count indictment, Austin gained access to server credentials used by an individual associated with the Linux Kernel Organization. Austin used the credentials to access four kernel.org servers located in a Bay Area data center, modified server configurations and installed rootkits and other trojans. Linux Kernel Organization administrators detected the intrusion and called on the FBI to investigate the incident. FBI agents tracked down the intrusion to Austin, and a federal grand jury issued a four-count indictment on June 23, 2016. Austin arrested this past Sunday Officers from the Miami Shores Police Department arrested Austin during a routine traffic stop last Sunday, on August 28, 2016. The suspect made an initial appearance in a Miami court on Monday, and officials unsealed the indictment the following day. Austin appeared in court yesterday again, where a judge set bail for $50,000 and scheduled the next court appearance for September 21, 2016, in a San Francisco federal court. The suspect was released on bond. For his crimes, Austin faces a maximum sentence of ten years in prison, a fine of $250,000, and any other restitution.The Linux Kernel Organization manages Linux Kernel development and the kernel.org website. The Linux Kernel Organization is different from the Linux Foundation, which is a separate nonprofit foundation that supports the former. Is Austin the hacker behind the 2011 kernel.org incident? Back in 2011, the kernel.org website was hacked by an unknown attacker, who used a volunteer’s credentials to install the Phalanx rootkit along with other trojans capable of logging passwords and other malicious actions. It took the kernel.org team 17 days to discover the hack, and administrators never released an incident report detailing the data breach. Five years later, there are still very few details available about what really happened back then. With all the currently available information, Austin seems to be the main suspect behind the 2011 kernel.org security breach. Source:http://news.softpedia.com/

Countdown to IANA Transition Is Not the Countdown to Doomsday
http://www.circleid.com/posts/20160902_countdown_to_iana_transition_is_not_the_countdown_to_doomsday/
 Michele Neylon Sep 02, 2016 7:28 AM PDT
I've mentioned the IANA transition in several posts over the last year or so. Personally I'd love to not have to mention it ever again, as it's not the kind of topic that we should be spending too much time thinking about or worrying about. There are plenty of other things out there that cause us all headaches without adding to the list. However the IANA transition is a topic that is of fundamental importance for the global internet community. As a company we rely heavily on the internet, in fact we are pretty much 100% online. Sure, we have physical offices and staff and all that, but pretty much everything we do is online. As a business our ability to serve our customers is predicated on our clients being able to have unfettered access to the global internet. Sure, there are limitations on some private networks and various government regimes around the world may place restrictions on what can and cannot be accessed at any given time. We may not like that, but part of freedom is that people are free to do lots of things, even things we don't really like. And the internet is built in such a way that most of those restrictions can be routed around either directly or indirectly, so the overall network's health is not adversely impacted. The transition will result in the US government losing its special relationship with the IANA functions. That's all that will change and for the average internet user or business nothing will be impacted. The only "tangible" impact will be in how changes to the IANA functions are processed in the future. Which, again, has no impact on the average internet user. Post-IANA transition no one government or subset of governments will have more power than anyone else. The internet has blossomed where governments have taken a "light touch". Where governments have been more "heavy handed" in their interactions the online world has not grown and flourished as quickly. It wouldn't be in anyone's interests to allow the very nature of the internet to be adversely changed. Yet, unfortunately, some elements in the US government (and elsewhere) have been spreading lots of scary, but factually incorrect, stories about how the Obama administration is going to handover the internet to Russia and China. One has even setup a sort of "doomsday" countdown clock. From our side we look forward to the IANA functions being transitioned to ICANN and the global internet community. We don't expect it to have any impact on our business nor that of our clients. However a failure to finalise the transition will definitely cause us all headaches, so let's just get it done once and for all!

TrustedSec Security Podcast Episode 53 – DropBox, NSA Breach, Medical Professionals
https://www.trustedsec.com/september-2016/tsp-episode-53-show-notes/
TrustedSec Security Podcast Episode 53 for September 1, 2016.  This podcast is hosted by Rick Hayes, Scott White, Justin Elze, and Geoff Walton 
Download Page https://www.trustedsec.com/podcasts/trustedsec-security-podcast-episode-53.mp3
XML Page https://www.trustedsec.com/podcasts/trustedsecsecuritypodcast.xml

Jupiter Broadcasting
September 1, 2016
The Shadow Knows | TechSNAP 282
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0282.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jupiterbroadcasting/techsnap-0282.mp3
http://www.podtrac.com/pts/redirect.ogg/traffic.libsyn.com/jupiterbroadcasting/techsnap-0282.ogg

ZFS, The “Universal” Filesystem | BSD Now 157
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0157-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jupiterbroadcasting/bsd-0157.mp3
http://www.podtrac.com/pts/redirect.ogg/traffic.libsyn.com/jupiterbroadcasting/bsd-0157.ogg

Clinton aide destroyed Hillary's phones by 'breaking them in half or hitting them with a hammer,' FBI documents reveal
http://www.dailymail.co.uk/news/article-3772563/Clinton-aide-destroyed-two-Hillary-s-phones-breaking-half-hitting-hammer-FBI-documents-reveal.html
* Justin Cooper recalled two instances where he broke Hillary's phones * FBI listed 13 phones Hillary may have used to send emails on private server * Hillary was known to switch to new phones before resorting back to older ones because she was more familiar with how to use it, Huma Abedin said * 'The whereabouts of Clinton's devices would frequently become unknown once she transitioned to a new device,' according to the FBI  * Cooper set up email domain a week before she was sworn in as secretary of state and shut the server down in 2011 during a hacking attempt * He did not have security clearance and was not an expert in cyber security
By Jessica Chia For Dailymail.com
Published: 21:06 GMT, 3 September 2016 | Updated: 21:16 GMT, 3 September 2016

An aide to Bill Clinton destroyed Hillary's phones by 'breaking them in half or hitting them with a hammer', according to FBI documents released Friday. The FBI identified 13 mobile phones Hillary may have used to send emails through a private server, and staffer Justin Cooper recalled two instances where he destroyed the phones through brute force. Hillary's 'shadow' Huma Abedin told the FBI the former Secretary of State would often use a new phone for a few days before switching back to an older one because she was more familiar with how to use it.The FBI identified 13 phones Hillary may have used to send emails through a private server, and Huma Abedin said the former Secretary of State was known to switch between them Cooper recalled 'two instances where he destroyed Clinton's old mobile phones by breaking them in half or hitting them with a hammer,' according to the FBI report. Abedin said aides would help transfer Hillary's sim cards when she switched between phones. 'The whereabouts of Clinton's devices would frequently become unknown once she transitioned to a new device,' according to the FBI. 
Abedin said aides would help transfer Hillary's sim cards Cooper got a start as an intern in the Office of Science and Technology, before working as Bill Clinton's senior adviser and moving on to the Clinton Foundation and it's initiatives. He registered the domain clintonemail.com a week before Clinton was sworn in as secretary of state and shut down the private server in 2011 when someone tried to hack it. He did not have security clearance and was not an expert in cyber security, the Washington Post reported.    After the FBI published additional documents on Friday, Hillary's press secretary Brian Fallon said they were 'pleased'.  'While her use of a single email account was clearly a mistake and she has taken responsibility for it, these materials make clear why the Justice Department believed there was no basis to move forward with this case,' he said. The documents revealed Hillary told the FBI she could not recall answers to some of their questions about her secret server scandal because she had a concussion in 2012.

Leakedsource breach notification service reported two Bitcoin Data Breaches
http://securityaffairs.co/wordpress/50890/data-breach/bitcoin-data-breaches.html
September 3, 2016  By Pierluigi Paganini
Now LeakedSource disclosed details from two Bitcoin data breaches that affected the bitcoin exchange BTC-E.com and the discussion forum Bitcointalk.org.
The data breach notification service LeakedSource is becoming familiar to my readers, recently it reported the data breach suffered by many IT services, including Last.fm and DropBox, both occurred in 2012. Now LeakedSource disclosed details from two Bitcoin data breaches that affected the Bitcoin sector, the incident were suffered by the bitcoin exchange BTC-E.com and the bitcoin discussion forum Bitcointalk.org. The incident occurred at the Bitcointalk.org was disclosed in May when the servers of the forum were compromised by attackers. Server compromised due to social engineering against ISP NFOrce. There will be extended downtime for forensic analysis and reinstall. — BitcoinTalk (@bitcointalk) 22 maggio 2015 “The forum’s ISP NFOrce managed to get tricked into giving an attacker access to the server. I think that the attacker had access for only about 12 minutes before I noticed it and had the server disconnected, so he probably wasn’t able to get a complete dump of the database. However, you should act as though your password hashes, PMs, emails, etc. were compromised.” was reported on Reddit by the theymos user.”The forum will probably be down for 36-60 hours for analysis and reinstall. I’ll post status updates on Twitter @bitcointalk and I’ll post a complete report in a post in Meta once the forum comes back online.” “each password has a 12-byte unique salt. The passwords are hashed with 7500 rounds of SHA-256.” he added. LeakedSource reported that 499,593 user details were stolen in the incident, the leaked records include usernames, passwords, emails, birthdays, secret questions, hashed secret answers and some other internal data. 91% of passwords were hashed with sha256crypt, the experts explained that and that it would take about a year to crack an estimated 60-70% of them. 9% were hashed with MD5 and all were protected with the same salt value, LeakedSource has already cracked approximately 68% of those.
More mysterious was the BTC-E.com incident, it is possible that hackers also compromised some users’ wallets stealing bitcoins. Despite the LeakedSource’s notification, there is no news about incidents occurred to BTC-E customers. In January 2016 the Financial Underground Kingdom blog reported that the exchange has suffered one hack without effects for its customers, it is likely the data leaked by LeakedSource are related that incident. “During years of existance [BTC-E] had just 1 hack after which the owners paid all the debt to users.” It isn’t clear whether that hack and the data disclosure made by LeakedSource refer to the same incident. LeakedSource reported that that BTC-E.com was hacked in October 2013 and 568,355 users were impacted. The passwords were protected with an unknown hashing method, making the “passwords completely uncrackable although that may change.”

 Security Affairs 
Apple issued fixes for Pegasus spyware bugs in OS X, Safari. Apply it now!
http://securityaffairs.co/wordpress/50868/hacking/pegasus-tridend-exploit.html
September 2, 2016  By Pierluigi Paganini
Apple issued security fixes for Mac OS X and Safari to patch zero-day flaws exploited by Pegasus spyware to spy on mobile users. 
A few days ago, we reported a detailed analysis of the Trident exploit that triggers three vulnerabilities in order to remotely hack Apple mobile devices through the installation of the Pegasus spyware. The joint investigation conducted by experts from CitizenLab organization and Lookout security firm demonstrated that nation-state actors exploited the three vulnerabilities to spy on activists’ Apple mobile devices. Experts from Lookout identified the targeted attack as Pegasus as explained in a detailed blog post. “Pegasus is the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile — always connected (WiFi, 3G/4G), voice communications, camera, email, messaging, GPS, passwords, and contact lists. It is modular to allow for customization and uses strong encryption to evade detection.” states the blog post published by Lookout., the three zero-day flaws, dubbed ” The three zero-day vulnerabilities, dubbed “Trident,” exploited in the attack are: * CVE-2016-4655: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory. * CVE-2016-4656: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to silently jailbreak the device and install surveillance software. * CVE-2016-4657: Memory Corruption in Webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link.Malware experts linked the attacks leveraging on the Pegasus malware to the activity of the Israeli surveillance NSO Group that has developed a malicious code that has been exploiting three zero-day security vulnerabilities in order to spy on dissidents and journalists. The vulnerabilities, including a hole in IOMobileFrameBuffer (found and fixed in Safari and coded CVE-2016-4564) affect also desktop Safari and OS X, too. Do not forget that iOS and OS X, share a big portion of code, so it is normal the presence of the flaws in the MAC desktop PCs. Apple, that released the iOS 9.3.5 update for its mobile devices (iPhones and iPads) to address the flaws, now has issued security updates also for the Safari Browser and OS X. The Safari patch fixes the Trident vulnerabilities, Apple also issued the updates for the El Capitan and Yosemite. Don’t waste time, patch as soon as possible your Apple device.

https://vigilance.fr/
Vigil@nce - HTTP: Man-in-the-Middle via Proxy CONNECT September 2016 by Vigil@nce This bulletin was written by Vigil@nce : https://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY An attacker can act as a Man-in-the-Middle when an HTTP proxy is configured, in order to obtain passwords of users of this proxy.  Impacted products: HTTP protocol, SSL protocol.  Severity: 1/4.  Creation date: 18/08/2016. DESCRIPTION OF THE VULNERABILITY When an HTTP proxy is configured, the web browser uses the HTTP CONNECT method to ask the proxy to setup a secured TLS session. However, the HTTP CONNECT query and its reply are sent in a clear HTTP session. An attacker can act as a Man-in-the-Middle, and spoof a 407 Proxy Authentication reply to the client. The victim then sees an authentication windows, and may enter his password, which is sent to the attacker’s server. It can be noted that this vulnerability impacts all session types requested to the proxy, but as the victim requests an https/TLS url, he expects his session to be encrypted. It is thus a perception problem, instead of a real new vulnerability. An attacker can therefore act as a Man-in-the-Middle when an HTTP proxy is configured, in order to obtain passwords of users of this proxy. ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

Attackers Combine Three Botnets to Launch Massive DDoS Attack
http://news.softpedia.com/news/attackers-combine-three-botnets-to-launch-massive-ddos-attack-507901.shtml
Sep 2, 2016 18:50 GMT  By Catalin Cimpanu  
Crooks use a botnet of CCTV cameras, one of home routers, and one made up by compromised web servers
An unnamed website has been at the end of a ferocious Layer 7 DDoS attack that involved traffic from over 47,000 distinct IP addresses, most of which belonged to IoT (CCTV) devices, home routers, and compromised Linux servers. Sucuri, a US web security vendor who was called in to mitigate the incident, says the attack reached a whopping 120,000 requests per second, and that the attacker used a flood of HTTPS packets in order to maximize resource consumption on the target's machines. Most of the DDoS traffic came from hijacked CCTV systems After the attack had subsided, Sucuri experts that were investigating the incident discovered that the DDoS traffic didn't come from one singular source, but the attacker had combined (possibly rented) three different distinct botnets. The company was well aware of one of the botnets, which they previously discovered at the end of June. This was a 25,000-strong botnet assembled after compromising Internet-connected CCTV devices from different vendors, most of which were running firmware made by Chinese firm TVT. The group behind this recent DDoS attack wasn't content with the capabilities provided by this botnet and had also created/rented another botnet to help their efforts. A quarter of the traffic also came from compromised home routers According to Sucuri, the group was controlling another botnet comprised of 11,767 home routers from eight major industry brands. The attackers had managed to take control over these devices by using various firmware vulnerabilities or by hijacking the routers for which device owners didn't change the default admin panel password. Compromised Huawei routers made more than half of this botnet, with 6,015 devices, almost 51 percent of the entire botnet. Second came Mikro RouterOS (2,119 devices - 18 percent), AirOS routers (245 routers), but also NuCom 11N Wireless Routers, Dell SonicWall, VodaFone, Netgear, and Cisco.
Geographic distribution of compromised home routers Most compromised home routers found in Spanish-speaking countries The home router botnet was very effective because not all compromised devices were in the same geographical area, which would have been easy to block. Devices were spread all over the world, but mainly in Spanish-speaking countries, such as Spain (45 percent of the entire botnet), Uruguay, Mexico, the Dominican Republic, and Argentina. The third and last botnet used in the DDoS attack was made up by compromised web servers coming from data centers. "This new [three-botnet] distribution allowed the attacker to generate a massive number of requests per second without affecting the operation of the infected devices," Sucuri CTO Daniel Cid explains. "Under this configuration, the devices would only need to generate a few requests per second – well within their means." Sucuri isn't the only company that has discovered huge botnets of IoT devices engaging in DDoS attacks. Researchers from Arbor Networks have also discovered a botnet of 120,000 IoT devices,

US Government Admits IANA Transition May Not Move Forward
http://www.circleid.com/posts/20160902_us_government_admits_iana_tranisition_may_not_move_forward/
Sep 02, 2016 12:51 PM PDT
The US government plan to move control of the internet's naming and numbering functions to ICANN next month may not move forward, reports Kieren McCarthy: "In a letter from the Department of Commerce (DoC) to ICANN sent August 31, the department's CFO gives the organization 30 days' notice that it may extend its current contract over the critical IANA functions by a year. In other words, Uncle Sam will continue to oversee ICANN's running of IANA for another 12 months. That contract is due to terminate on September 30, and following a two-year process started by the US government and run by the internet community, ICANN is due to take over full control." — McCarthy: "In the heart of election season, it is not inconceivable that Congress will agree to that 'significant impediment,' but it won't happen if Ted Cruz – who remains widely disliked within Congress – is the only standard-bearer of the move to disrupt the transition." — "Countdown to IANA transition is not the countdown to doomsday," said Michele Neylon, earlier today on CircleID: "The transition will result in the US government losing its special relationship with the IANA functions. That's all that will change and for the average internet user or business nothing will be impacted. The only 'tangible' impact will be in how changes to the IANA functions are processed in the future. Which, again, has no impact on the average internet user." — I have advocated that there is "No Legal Basis for IANA Transition," says Sophia Bekele: "My recent letter to Sens. Marco Rubio (R-Fla.) and Ted Cruz (R-Texas) certainly have helped in identifying the majority of the key issues that the Congress is now forming its opinion on and it has vindicated me. We now see an activated campaign against this transition by various senators supporting it, highlighting the same issues. A legislation process is in progress to block this transition as part of the Republican policy… Even before such open statements were made by the respective parties, I rightfully predicted in my public commentary to The Hill [November 2016 Elections will determine fate of Internet Privatization; Fixing what is not broken] and rightfully so, we will be waiting for this outcome."

USA spy agency's hacking tools revealed on Internet
http://opensources.info/usa-spy-agency39s-hacking-tools-revealed-on-internet/
Sep 2, 2016
He believes the Shadow Brokers’ cyberattack on the NSA’s group is linked to the Democratic National Convention, afterRussian hackers leaked several emails and voice messages. Further tweets made by the former NSA contractor suggest that ties exist between “The Shadow Brokers” and Russian Federation, the country that has hosted Snowden since his escape from the US and the reported source of the DNC massive leak that took place a couple of months ago. Yesterday, it was reported that a new murky hacking collective, The Shadow Brokers, had infiltrated another hacking sect called The Equation Group, dumping its sensitive documents online over the weekend. The group also said that if the auction raised 1 million bitcoins – equivalent to roughly $500 million – it would release the second file to the world. The group’s name appears to be a reference to a character in the “Mass Effect” video games who sells off information to the highest bidder. But despite this freaky, disjointed statement, security experts see other motives behind the dump of several hacking tools believed to belong to the NSA: whoever is behind it wanted to send a warning message. If the hack is real, experts believe that a foreign government must have helped the group in order for it to have exploited NSA resources in this way. As explained Edward Snowden through CNN, modern spying is like launching a missile attack to an enemy where you will not directly hit them from your base, you have to look for a dummy spot to fire the missile to avoid trace back. Former NSA employees who worked at the agency’s hacking division known as Tailored Access Operations told the Washington Post the hack appeared genuine. As proof, the hackers released a swathe of malware programs, including a number of pieces of software referenced in the leaks from NSA whistleblower Edward Snowden. If the Shadow Brokers owned NSA’s command and control server, it would be a great approach to try other interesting things they might be able to find. “You’re welcome, @NSAGov. Lots of love”, Snowden tweeted. The NSA has steadfastly declined to comment on whether it has been the victim of a security breach. Dick Clarke – a former White House counterterrorism adviser, a cybersecurity expert and an ABC News consultant – said, “You can bet the NSA is trying to figure out whether or not this is legitimate”. The leaked malware reveals encryption techniques that are identical to those employed by the Equation Group, which indicates they probably came from the same source, according to Kaspersky. The same targets would presumably be at the top of a list of USA intelligence priorities. The main suspect is Russian Federation, and it’s not clear if the hackers broke into the secure NSA computer network or, perhaps more likely, a TAO employee left the tool kit on an unsecured intermediary server being used in a hacking operation. Between 15-16 August, users visiting the agency’s website were greeted by the live homepage, however almost every other link was met with an error message.

We want GCHQ-style spy powers to hack cybercrims, say police
http://opensources.info/we-want-gchq-style-spy-powers-to-hack-cybercrims-say-police/
Sep 2, 2016
Why catch crooks when you can DDoS them from the nick?
Traditional law enforcement techniques are incapable of tackling the rise of cybercrime, according to a panel of experts gathered to discuss the issue at the Chartered Institute of IT. Last night more than a hundred IT professionals and academics, including representatives of the National Crime Agency and Sir David Omand, the former director of GCHQ, discussed what they saw as the necessity of the police acting more like intelligence agencies and “disrupting” cybercriminals where other methods of law enforcement failed. The perpetrators of cybercrime are often not only overseas, but in hard-to-reach jurisdictions. Evgeniy Bogachev, the Russian national who created the GameOver Zeus trojan, for instance, currently has a $3m bounty on his capture – but Russia does not want to hand him over to the US. In such situations, when arrests are not possible, disrupting criminal activities “may be the only response” suggested Sir David Omand, adding that “the experts in disruption are in the intelligence community.” Technical disruption, as the NCA practices it, can involve sinkholing, getting hold of the domains used by malware to communicate and so breaking its command and control network. Paul Edmunds, the head of technology at the NCA’s National Cyber Crime Unit, explained how Operation Bluebonnet took aim at the Dridex banking trojan, but said that sinkholing it and organising arrests required a concerted international effort – one that may need to be repeated with the “up-and-coming” exploit kit Rig. Disruption as an intelligence agency technique, however, is a much more proactive and engaged activity. A Snowden-provided document covering the activities of GCHQ’s Joint Threat Research Intelligence Group (JTRIG) showed active “disruption” targeted at those flogging malware. The attacks included providing false resources and denial of service attacks.
Six users of the Lizard Stresser DDoS-for-hire tool were arrested by the NCA last year – when the agency’s average age for arrests dropped from 24 to 17 – and the agency was surprised when it discovered its users were all very young and male, as NCA officer Zulfikar Moledina explained to those attending. When the NCA tackled the use of the Blackshades remote access trojan last year, it had 750 suspects who had used it. It sent 350 emails warning downloaders, 200 “influence letters”, and 99 cease and desist notifications. 21 individuals were arrested; among those who bought the RAT was a 12-year-old boy. In response to this demographic shift, the NCA launched a “Prevent” campaign last year – sharing a name, if not policy, with the controversial counter-extremist strategy – targeting the parents of 12-15 year old boys whose web hi-jinks could potentially progress towards serious cybercrime. Disrupting real offenders and providing guidance to potential offenders – encouraging them to engage in more productive activities – must be part of a more considered response to cybercrime, the panel considered. Professor Gloria Laycock OBE, the founding director of the Jill Dando Institute of Crime Science at UCL, explained the model for dealing with meatspace crime and how that could be applied to cybercrime. According to an attrition table on crime rates published by the Home Office, for every 100 crimes committed only 50 are reported to police, even fewer of those reports are recorded and a mere two per cent of crimes are successfully prosecuted. Laycock said that while a means of punishment and retribution is necessary, this showed that “you cannot control crime through the criminal justice system.” Instead, there are five ways to reduce crime: increase the effort criminals need to apply to commit the crime successfully; increase the risks criminals need to take; reduce the rewards of criminal activity; remove the excuses for it; and reduce provocation. When it comes to cybercrime, the questions that persisted were whether it could be designed out of the systems we use, and if not whether it was possible to better educate the public. To what extent police need the security and intelligence agencies’ powers to deal with cybercrime was a strongly recurring theme as well.

Bill Clinton Staffer’s Email Was Breached on Hillary's Private Server, FBI Says
https://www.wired.com/2016/09/fbi-says-bill-clinton-staffers-email-breached-private-server/
Since it came to light that Hillary Clinton ran a private email server during her time as Secretary of State, that computer’s security has become a subject of controversy among politicos whose only notion of a “server” until recently was a waiter carrying canapés at a fundraising dinner. But now the FBI has released the first hint that Clinton’s private server may have been compromised by hackers, albeit only to access the email of one of former president Bill Clinton’s staffers. And though there’s no evidence the breach went further, it’s sure to offer new fodder to critics of Clinton’s handling of classified data. On Friday afternoon, the FBI released a new set of documents from its now-concluded investigation into Clinton’s private email server controversy. The 60-page report includes a description of what sounds like an actual hacker compromise of one of Bill Clinton’s staffers. It describes that in early January 2013, someone accessed the email account of one of his female employees, whose name is redacted from the report. The unnamed hacker apparently used the anonymity software Tor to browse through this staffer’s messages and attachments. The FBI wasn’t able to determine how the hacker would have obtained the her username and password to access her account, which was also hosted on the same private server used by then-Secretary of State Clinton.“The FBI’s review of available…web logs showed scanning attempts from external IP addresses over the course of [IT manager Bryan] Pagliano’s administration of the server, only one appears to have resulted in a successful compromise of an email account on the server,” the report reads. “Three IP addresses matching known Tor exit nodes were observed accessing an e-mail account on the Pagliano Server believed to belong to President Clinton staffer [redacted].” In a press conference in July, FBI director James Comey said that how presidential candidate Clinton mishandled classified documents stored in emails on that private server didn’t warrant criminal charges, but nonetheless called her behavior “extremely careless.” And the FBI’s investigation did, in fact, turn up dozens of email chains that contained classified documents, including eight whose contents were “top secret.” The FBI could find no evidence that any of those classified documents had been compromised, but also cautioned that it might lack the forensic records to know if they had been. The compromise of a Bill Clinton staffer—who almost certainly had no access to any of then-Secretary Clinton’s classified material—doesn’t make the security of those classified documents any clearer. But it will no doubt be seized on by the Clintons’ political opponents to raise more questions about their server’s security. “Clinton’s reckless conduct and dishonest attempts to avoid accountability show she cannot be trusted with the presidency and its chief obligation as commander-in-chief of the U.S. armed forces,” wrote Donald Trump campaign communications staffer Jason Miller in response to the FBI’s release of more documents from its investigation. The Clinton campaign didn’t immediately respond to a request for comment. Though the single-user email breach doesn’t indicate any inherent vulnerability in the Clintons’ server, it does show a lack of attention to its access logs, says Dave Aitel, a former NSA security analyst and founder of security firm Immunity. “They weren’t auditing and restricting IP addresses accessing the server,” Aitel says. “That’s annoying and difficult when your user is the Secretary of State and traveling all around the world…But if she’s in Russia and I see a login from Afghanistan, I’d say that’s not right, and I’d take some intrusion detection action. That’s not the level this team was at.” Often overlooked in Clinton’s email scandal, however, is the fact that the official State Department IT systems have suffered terrible breaches of their own. Since it first came to light, the security community has roundly criticized Clinton for the reckless move of hosting her own email outside of scrutiny of federal government security efforts like those at the NSA. But often overlooked in Clinton’s email scandal, however, is the fact that the official State Department IT systems have suffered terrible breaches of their own. In 2014 and 2015, hackers believed to be based in Russia accessed State unclassified email systems so thoroughly that in November of 2014, the Department’s security staff were forced to take the email servers offline to try to root out the hackers. On Clinton’s private server, other than that single staffer’s compromised account, the FBI’s report notes only multiple hacking attempts in the form of “brute force” guessing of login credentials. Those attempts increased when the existence of the server was exposed by the New York Times in the spring of last year. But none of the recorded attempts seem to have succeeded. At one point, the FBI record notes, Clinton did receive an email containing a malicious link, sent from the apparently hijacked or spoofed personal account of a State Department staffer. Clinton responded, “Is this really from you? I was worried about opening it!” But the FBI found no evidence of malware on Clinton’s server or any of her personal devices. For all her security snafus, give Clinton this much credit: she can at least spot a phishing email when she sees it.

A mystery user breached an email account on Clinton's server
http://www.arnnet.com.au/article/606234/mystery-user-breached-an-email-account-clinton-server/
The unknown user browsed email folders and attachments, the FBI says in newly released documents
In 2013, an unknown user accessed an email account on Hillary Clinton’s private email server through Tor, the anonymous web surfing tool, according to new FBI documents. On Friday, the FBI provided details on the possible breach in newly released files about its investigation of Clinton’s use of a private email server when she was the U.S. secretary of state. The affected email account belonged to a member of Bill Clinton's staff. In January 2013, an unknown user managed to log in to the account and browse email folders and attachments. The FBI later interviewed the staffer, who said she had never used Tor. The tool is popular among hackers, journalists and activists to help mask their online presence. The agency’s investigation so far hasn’t found the actor responsible or how the login credentials were obtained. The FBI has said Clinton was “extremely careless” in her use of the server, but in a July report, the agency didn’t recommend bringing charges against her. The new documents released on Friday said the FBI found no evidence confirming that Clinton’s email server system was ever compromised. Still, the agency said that the server had faced ongoing threats from possible hackers, including phishing email attacks and failed login attempts. Bryan Pagliano, a Clinton aide who helped administer the server, was interviewed in the FBI’s investigation. Although Pagliano said there were no security breaches, there were many failed login attempts, or “brute force attacks,” according to the FBI documents. At one point, “Pagliano recalled finding ‘a virus,’ but could provide no additional details, other than it was nothing of great concern,” the FBI said. The agency also found “multiple occurrences” of phishing attacks against Clinton’s email account. In July, FBI director James Comey said it’s impossible to rule out that Clinton’s server could have been hacked.

'Ultra secure' Turing Phone plagued by shaky security claims
http://www.zdnet.com/article/ultra-secure-turing-phone-plagued-by-shaky-security-claims/
By Zack Whittaker for Zero Day | September 2, 2016 -- 22:15 GMT (23:15 BST) | Topic: Security
It's the "ultra-secure smartphone" claim that Turing chief executive Steve Chao desperately tried to claw back. "We're a fashion technology company," said Chao on the phone a few weeks ago. "Seldom do we get people talking about security. I wouldn't brand Turing Phone as a 'secure' phone... it's more a fashion tech phone," he said. It was a fairly swift, unexpected turnaround from what the company touts as hacker-resistant and "ultra secure". Chao didn't deny the phone has "groundbreaking security", but his backtrack seemed to raise more questions than Chao had answers. The long-awaited Turing Phone was first slated as an unbreakable, security-heavy smartphone that's able to withstand the greatest of malware, hackers, and nation states attackers. But that illusion quickly unraveled. We got our hands on the long-awaited smartphone, dogged by delays and setbacks, in part because of a switch from Android to the lesser-known Sailfish OS. Yet, after a detailed and examined look, the device is yet another device in a long list of "secure" smartphones from a company, which nobody's ever heard of, touting theoretical security and unproven privacy. The phone's flagship feature, a hardware encryption chip, dubbed the Turing Imitation Key, encrypts the Turing Phone, and it lets a device owner communicate securely through end-to-end encryption, said Chao. "When you initiate a communication, the other user's private key is generated by the chip," he said. That means every email, text message, and VoIP call to another Turing Phone will be encrypted, without having to rely on a third-party key server. If you want to communicate with someone who doesn't have a Turing Phone, you have to rely on a third-party app.
Security going south? There are a few things about this "secure" smartphone that don't add up.  Chao said the cryptography used in the phone's end-to-end encryption is semi-proprietary. "It's our own algorithm," said Chao. Making it worse, the encryption is closed-source, so it can't be inspected -- though, Chao said that would change down the line. He said that the cryptography had been "inspected by experts", but he declined to name them or say what conclusions they came to, making it impossible to verify the integrity of the encryption. Ask anyone in security about "proprietary encryption", and they'll tell you it's an immediate security red flag. Some of the most trusted algorithms have been around for decades. New algorithms haven't been inspected. And "closed-source" is another red flag, as it makes it impossible to know how good the code is, or if there were any backdoors added during the process. Not having the code open to scrutiny by the community means we have no basis of trust for it.Justin Troutman, an independent cryptographer, told me he had concerns about the company's security approach. "I remember taking a look at their former QSAlpha Quasar device, and while I generally like the software and hardware approach of securing mobile devices, three fundamental problems remain, just as they did back then," he said. "Firstly, they're using something proprietary," he said, describing the cryptography. "We can't independently and openly inspect [the crypto]," and, "we have no knowledge of who [the company is] and their ability to design cryptographic primitives". But it gets worse.Chao said that the private key, which is the basis for scrambling data on the phone, is created by a master private key. That key, Chao said, generated five million keys -- far more keys than the company expects it may ever need. The company has over 1,000 devices shipped as of July, out of a total of 10,000 devices manufactured in the first batch. Once the keys were created, the company "made the decision to destroy" the key, Chao said.I asked if the company kept the key. "We don't have access to the master private key," he said. "Not even we have access to the user's data," which is stored in its datacenter in Finland, where the company is now headquartered. "How do we know you destroyed the key?" I asked. "Well, there's no way to guarantee that," he said. "Although, we say so. But knowing that we're a private business, even if we go public one day, we're still a business -- not a government agency," said Chao. "That we know of," I said, half-joking. Troutman also expressed concerns that users have to take "their word that this master key is being destroyed". It turns out these aren't even new complaints. Cast your mind back three years ago, when the Turing Phone was the first edition of the futuristic Quasar IV. The phone had some promise and appeared to be a good concept -- with similarities drawn between BlackBerry devices. But after a detailed analysis, it was slated to look like "snake oil" by Ars Technica in a review from 2013. The phone itself has promise. But the core of the device is built on sketchy security and poorly thought-out principles. The company didn't learn the mistakes the first time, and that's troubling if the phone is effectively a repackaged and rebranded phone with "ultra secure" slapped on its side. It's tough to reserve judgment when a company promises state-of-the-art and custom security at such a high price. But for anyone looking for an all-in-one security solution, there are far better alternatives that are tried and tested -- and a lot cheaper.

Feds pin brazen kernel.org intrusion on 27-year-old programmer Indictment comes five years after mysterious breach of the Linux repository.
http://arstechnica.com/tech-policy/2016/09/feds-pin-brazen-kernel-org-intrusion-on-27-year-old-programmer/
Dan Goodin - Sep 2, 2016 9:20 pm UTC
In August 2011, multiple servers used to maintain and distribute the Linux operating system kernel were infected with malware that gave an unknown intruder almost unfettered access. Earlier this week, the five-year-old breach investigation got its first big break when federal prosecutors unsealed an indictment accusing a South Florida computer programmer of carrying out the attack. Further Reading Who rooted kernel.org servers two years ago, how did it happen, and why? Donald Ryan Austin, 27, of El Portal, Florida, used login credentials belonging to a Linux Kernel Organization system administrator to install a hard-to-detect backdoor on servers belonging to the organization, according to the document that was unsealed on Monday. The breach was significant because the group manages the network and the website that maintain and distribute the open source OS that's used by millions of corporate and government networks around the world. One of Austin's motives for the intrusion, prosecutors allege, was to "gain access to the software distributed through the www.kernel.org website." The indictment refers to kernel.org officials P.A. and J.H., who are presumed to be Linux kernel developer H. Peter Anvin and kernel.org Chief System Administrator John "'Warthog9" Hawley, respectively. It went on to say that Austin used the credentials to install a class of extremely hard-to-detect malware known as a rootkit and a Trojan that logs the credentials of authorized users who use the secure shell protocol to access an infected computer. According to the indictment: The defendant, DONALD RYAN AUSTIN ("AUSTIN"), used credentials belonging to an individual, J.H., to gain unauthorized access to servers belonging to the Linux Foundation, the Linux Kernel Organization, and P.A. AUSTIN installed the Phalanx rootkit and Ebury Trojan on several of those servers, causing damage without authorization. AUSTIN also used the unauthorized administrative privileges to make other changes to the servers, such as inserting messages that would automatically display when the servers restarted. One of AUSTIN's goals was to gain access to the software distributed through the www.kernel.org website. Prosecutors went on to say Austin infected Linux servers known as "Odin1," "Zeus1," and "Pub3," which were all leased by the Linux Foundation and used to operate kernel.org. The infections started around August 13, 2011 and continued until around September 1 of that year. Austin also stands accused of infecting a personal e-mail server belonging to Anvin during the same dates. There was no mention of "Hera," a kernel.org server that Linux Kernel officials say had been rooted when they disclosed bare-bones details of the breach shortly after it occurred. Kernel.org was offline for more than a month following the intrusion while the affected servers were rebuilt. According to a Justice Department release, Austin was arrested by Miami Shores Police on Sunday following a traffic stop. The federal indictment was filed in June and was unsealed only after he was taken into custody. He was freed on $50,000 bond provided by the family of his girlfriend. He has been ordered to stay away from computers, the Internet, and any type of social media or e-mail. Court documents said he "may pose a risk of danger" because of a "substance abuse history." He is scheduled to appear in San Francisco federal court on September 22. The indictment raises almost as many questions as it answers. Given that Linux is freely available, it's not clear what kernel.org-distributed software Austin hoped to obtain when he allegedly breached the site. Also noticeably absent is any explanation of how Austin initially obtained Hawley's credentials to gain unauthorized access, as prosecutors allege. There's also no detail about the messages that Austin allegedly caused to be displayed when the infected servers were restarted. What's more, there's little information about Austin, who was just 22 years old when the breach occurred. No record exists of anyone named "Donald Ryan Austin" doing public Linux development or contributing to the Linux Kernel Mailing List. Attempts to reach Austin didn't succeed. Last, why prosecutors took five years to indict the suspect also remains a mystery. Officials from kernel.org pledged to provide a full autopsy of the breach shortly after it occurred. They never made good on that promise and declined to comment for this post. In the past, they have said they were confident the 2011 breach didn't result in any malicious changes being made to Linux source code. The intrusion may be the work of someone motivated by a grudge, the challenge of pulling it off, or some other personal motive. But it's not every day that someone gets three weeks of root access to the gateway to one of the world's most widely used operating systems. Until we know more about how and why this breach happened, we should push prosecutors and Linux officials for answers.

 We Are Change 
FBI REPORT: TOR USER BREACHED HILLARY’S SERVER
http://wearechange.org/fbi-report-tor-user-breached-hillarys-server/
Aaron Kesel | Sep 2, 2016
According to the FBI’s released notes on Hillary Clinton and her server, a Tor user breached Hillary’s server shortly before she left as Secretary Of State just one month prior. This marks the first confirmed incident that Hillary Clinton’s server was indeed breached by an individual — something that Hillary strongly denied. IFrame In the section titled “cyber targeting” of Clinton’s “personal E-mail and Associated Accounts” there are multiple notes about possible hack attacks along with one documented case where another user of Hillary’s private server had their email account breached. The FBI’s review of server logs revealed that someone accessed an email account on Jan. 5, 2013, using Tor “exit nodes.” Three different IP addresses were used in order to conceal the user’s identity. The owner of the account was redacted but their quote was left – “I’m not familiar with nor have I ever used Tor software.” the anonymous person said. Tor is a software that was developed under the U.S. Navy for secure communications. Today, Tor is used to circumvent censorship by governments and oppressive regimes. Tor is used by journalists and activists to conceal their identity, communicate and surf the Web without interference. Tor is also used for illegal activities such as funding terrorism, buying/viewing child pornography, buying/selling drugs, and buying/selling unregistered firearms. Tor’s biggest darkweb market place, Silk Road ,was taken down in 2013 when the FBI raided and arrested it’s owner. Since then, many copycats have emerged with the same result of eventually being either shutdown or raided. It was revealed today that a remote desktop used for remote server access was turned on by a Clinton aide, which is highly vulnerable and susceptible to hack attacks, to say the least(and “Extremely careless”). Earlier in the year we had learned that a Clinton staffer turned off the firewall to try to fix the connection problems Hillary was having between her insecure private server and the State Department’s secure server. This left her server open to hackers for weeks before the firewall was finally turned back on. Hillary herself instructed aides to remove classified markings and send classified materials insecure. It’s also noted in the FBI’s findings report that Hillary’s e-mail accounts were targeted in multiple “spear phishing” attacks. The FBI noted an e-mail sent to Clinton, “contained a potentially malicious link.” Hilariously, the link Hillary clicked was for porn. “Open source information indicated, if opened, the targeted user’s device may have been infected, and information would have been sent to at least three computers overseas, including one in Russia.” ~The FBI, notes on Hillary Clinton state. Mrs.Clinton has encountered far too many resolvable security issues and handled in an irresponsible and reckless manner. Many people have been asking themselves, “Is this the woman we are going to choose as the next president to lead us into the 21st century? “.  Not only is she “extremely careless”, but the extremity of that carelessness leads to suspiscion of whether or not this was deliberate. Of course, we at We Are Change having followed the course of this election in full, our 100% confident we know the answer to that question based on extensive analysis of the timeline of events this took place. Time and time again, Hillary has been exposed of  corrupt activity. Whether it be using her non-taxed, charity organization as a front for illegal political activities and arms deals to deliberately infiltrating and corrupting the DNC in order to manipulate the election, its  all tied together in the emails. The mere fact that she had persistently neglected security measures should eliminate general consideration for electing her to be President. “When asked what the parenthetical ‘C’ meant before a paragraph … Clinton stated she did not know and could only speculate it was referencing paragraphs marked in alphabetical order,”- the FBI wrote in a in a highly-filtered FBI interview summary released on Friday. Hmm, perhaps that has something to due with her not taking the required training any Secretary of State must go through in order to learn the procedures of handling classified date.The use of slang to circumvent any incriminating statements is obvious. Hillary’s entire defense against the charges has been claiming ignorance of handling classified data. The intent to disguise the transfer of classified information blows her defense out of the water.

 Security Affairs 
Azerbaijani Anti-Armenia Team of hacktivists leaked Armenian security service data
http://securityaffairs.co/wordpress/50873/hacktivism/anti-armenia-team.html
September 3, 2016  By Pierluigi Paganini
Azerbaijani Anti-Armenia Team of hacktivists leaked Armenian security service data and passport details of foreign visitors to Armenia. A group of Azerbaijani hacktivists has leaked the passport details of foreign visitors to Armenia. The data breach exposed the Internal resources of the Security Service (SNS) that are involved in the process of updating information about passports of foreign passports. The hackers breached Armenian government servers stealing sensitive data, including passport scans. Intelligence experts who analyzed the data leaks confirmed their authenticity. The Anti-Armenia Team took credit for a series of data leaks that the hackers claim were stolen from servers of Armenian national security ministry. “We would like to notice that Anti – Armenia team is an independent group, who is active for five years and repeatedly makes anxious Armenian side by its cyber attacks,” the group explained to El Reg. Armenia and Azerbaijan are neighbouring countries that engaged a war over the disputed Nagorno-Karabakh region between 1988 and 1994. There is a great tension between the two countries, in April, the Azerbaijani army tried to regain control of the Nagorno-Karabakh Republic, but the battle caused the death of 350 people.
A source that has spoken to El Reg on condition of anonymity told to El Reg the leaked information is more likely to have come from an insider, excluding that the alleged Anti–Armenia team has hacked on Armenian government systems. “I am familiar with the incident, and [can] confirm, that such attacks really happened, and the documents are legitimate and not fake,” the source told el Reg. “I have more confidence that one of their employees having access to it has been compromised and technical border control service is a part of SNS (Security Service), that’s why there is such overlap, and the documents could be stolen from particular person, and not ‘systems’, like they claim.”

Details of BTC-E and BitcoinTalk breach revealed
http://www.ehackingnews.com/2016/09/details-of-btc-e-and-bitcointalk-breach.html
Saturday, September 03, 2016
Data breach monitoring service, LeakedSource revealed on Friday (September 03) that that leading cryptocurrency exchange BTC-E.com and largest bitcoin discussion forum Bitcointalk.org suffered major hacks in 2014 and 2015 respectively. LeakedSource, which is a great source for leaked passwords and accounts has reported that 499,593 user details of Bitcointalk.org were actually stolen in May 2015 which comprised of "usernames, emails, passwords, birthdays, secret questions, hashed secret answers and some other internal data." It confirmed that 91% were hashed with sha256crypt, which would take a year to crack around 60-70% of them. The remaining 9% were hashed with MD5 and a unique salt and LeakedSource has cracked around 68% of them. In the BTC-E.com hack, 568,355 accounts had been compromised in October 2014. “They [BTC-E.com] used some unknown password hashing method which currently makes their passwords completely uncrackable although that may change. This is good because if the passwords were easy to crack, hackers could log into the exchange and start stealing members Bitcoins”, LeakedSource said. The BTC-E.com hack is more serious since wallets could be accessed and bitcoins stolen. LeakedSource says it hasn't yet seen any news about stolen BTC-E customers losing their coins. The presence of two hash types suggest they changed their password storage mechanism at some point. Meanwhile, the company also disclosed that 43 million account details were stolen from music site, Last.fm in 2012. Last.fm was hacked on March 22nd 2012 for a total of 43,570,999 users which is becoming public like all others. The site said that the most commonly used password on Last.fm is the shockingly common, ‘123456’, followed by 'password' and 'last.fm'. LeakedSource is processing enough additional databases to publish one per day or several years.

Mission Impossible? FBI wants to be cool enough to recruit hackers
http://www.ibtimes.co.uk/mission-impossible-fbi-wants-be-cool-enough-recruit-hackers-1579480
FBI director James Comey said that the agency is looking to 'steal people' from the private sector. 
By India Ashok September 3, 2016 10:02 BST
After a series of high-profile cyberattacks against individuals and organisations in the US, the FBI is increasing its efforts to combat cybercrime, including adopting a new approach to recruiting hackers. The agency has had long-standing issues attracting people from the hacking community to work for them, over staying independent or working in the private sector. But, in a recent speech, FBI director James Comey said the agency is now "working very hard" to "be a whole lot cooler than you may think we are", in efforts to get people with cyberattack and cyberdefence skills to work for them. Comey said that the FBI is looking to staff its cyberattack response teams, specifically the Cyber Threat Team and the Cyber Act Team (CAT) – which he called the "fly team" – who are deployed "at a moment's notice" to provide on-location support during investigations. "We are not to bean bags and granola and a lot of white boards yet," Comey said at the Symantec Government Symposium. "But we're working very hard at marching in that direction, so that when this talent comes into our organisation we are open to having them make us better – in a way that connects us and them to our mission more closely." Comey also said that the agency was working on doing "a better job" to "steal people" that the private sector was looking to hire "to work at the FBI". According to a report by the Washington Post, the FBI has had limited success in recruiting hackers, despite its outreach at high-profile cyber events such as DefCon and Black Hat. Reports speculate that the FBI's much-publicised encryption battle with tech giant Apple and its alleged use of privacy-infringing surveillance techniques, revealed by whistleblower Edward Snowden, may have adversely affected the agency's recruitment efforts.In the wake of the growing and imminent threat of digital crimes, the FBI now appears to be grappling with the ability to come to terms with the changing timesGetty Images
Who is the typical FBI cyberagent?
In his speech, Comey explained that the FBI recognises the challenges in hiring qualified people. He pointed out that finding people skilled in IT, who are also able to "run, fight, and shoot", is the major challenge. Additionally, Comey said that the agents they're looking to hire need to have integrity, "which is non-negotiable". Comey acknowledged that those three "buckets of attributes" are "rare to find in the same human being in nature". In the wake of the growing and imminent threat of digital crimes, the FBI now appears to be grappling with the ability to come to terms with the changing times. "We're leaving our mind open to the fact that we've never faced a transformation like the digital transformation, and so the FBI wanted to be open to being different in the way we think about our people. Lots more to come there," Comey added. However, it remains to be seen if the FBI's new approach to be "more open" and "cooler" will be successful in luring talented hackers from choosing government work over the perks offered by the private sector. As Comey's daughter put it, "Dad, the problem is you're 'The Man'," she said. "Who would want to work for 'The Man?'"

Putin on DNC hack: 'Does it even matter who hacked this data?
http://www.ibtimes.co.uk/putin-dnc-hack-does-it-even-matter-who-hacked-this-data-1579465
By India Ashok September 3, 2016 07:56 BST
Russian President Vladimir Putin deemed the cyberattack on the Democratic National Committee (DNC), a public service. The attack saw hackers stealing thousands of emails from the DNC, which were later leaked by the whistleblowing platform WikiLeaks, just days before US Democratic presidential candidate Hillary Clinton's nomination was announced. Putin, however, asserted that Russia had no hand in the DNC hack. "Listen, does it even matter who hacked this data?'' Putin said in an interview, Bloomberg reported. "The important thing is the content that was given to the public. There's no need to distract the public's attention from the essence of the problem by raising some minor issues connected with the search for who did it. But I want to tell you again, I don't know anything about it, and on a state level Russia has never done this." Several cybersecurity firms, including CrowdStrike, Fidelis Security and FireEye's Mandiant have concluded that the malware used in the DNC breach was linked to Russian intelligence services. Additionally, US officials have also accused Russia of having a hand in the hacking, in efforts to influence the US elections. However, Kremlin officials have categorically denied any knowledge of the attacks. Following Putin's comments, the Clinton campaign hit back, accusing the Russian president of endorsing disruptions of the US elections by characterising the cyberattack as a public service. "Unsurprisingly, Putin has joined Trump in cheering foreign interference in the U.S. election that is clearly designed to inflict political damage on Hillary Clinton and Democrats," said Jesse Lehrich, spokesperson for the Clinton campaign. "This is a national security issue and every American deserves answers about potential collusion between Trump campaign associates and the Kremlin." The cyberattacks against US have since accelerated with further indications of Russia based hackers launching attacks. In late August, CrowdStrike reported about Washington-based think tanks focusing on researching Russia being targeted by hackers. According to CrowdStrike the hacker group believed to be affiliated to Russia's Federal Security Service, Cozy Bear or APT29 was behind the breaches.Putin claimed that even if Russia desired to influence the US elections, it did not necessarily comprehend the nuances of US politics to successfully do soReuters Putin, however, claimed that even if Russia desired to influence the US elections, it did not necessarily comprehend the nuances of US politics to successfully do so. "To do that you need to have a finger on the pulse and get the specifics of the domestic political life of the U.S.," he said. "I'm not sure that even our Foreign Ministry experts are sensitive enough." Putin also said that given the level of sophistication of the current crop of cybercriminals, it would be nearly impossible to accurately attribute the attacks. "You know how many hackers there are today?" Putin said. "They act so delicately and precisely that they can leave their mark — or even the mark of others — at the necessary time and place, camouflaging their activities as that of other hackers from other territories or countries. It's an extremely difficult thing to check, if it's even possible to check. At any rate, we definitely don't do this at a state level." Hillary Clinton recently said that if elected, she would like the US to "lead the world in setting the rules in cyberspace," adding that under her regime, the US would treat cyberattacks "just like any other attack", indicating the use of military action in response to such attacks.

USBee Malware Turns Regular USB Connectors into Data-Stealing Weapons
http://www.itsecuritynews.info/usbee-malware-turns-regular-usb-connectors-into-data-stealing-weapons/
3. September 2016 Researchers from the Ben-Gurion University in Israel have discovered a novel method of using USB connectors to steal data from air-gapped computers without the need of special radio-transmitting hardware mounted on the USB. Their attack scenario relies on infecting a computer with malware they’ve created called USBee. An NSA cyber-weapon inspired the research Researchers said that NSA cyber-weapons inspired their research, namely, the COTTONMOUTH[/IMG] hardware implant included in a catalog of NSA hacking tools leaked by Edward Snowden via the DerSpiegel German newspaper. USBee is superior to COTTONMOUTH because it does not need an NSA agent to smuggle a modified USB connector/dongle/thu […]

 Security Affairs 
Hacker Interviews – The Riddler, the founder of the BinarySec Group
http://securityaffairs.co/wordpress/50886/hacking/hacker-interviews-binarysec.html
September 3, 2016  By Pierluigi Paganini
Today I present you the Riddler, aka Binary, the founder of the BinarySec group, a hacker collective focused in the fight against the ISIS propaganda online.
You are a popular talented hacker that has already participated in several hacking campaigns, could you tell me more about. Could you tell me which his your technical background and when you started hacking? All of our members come from many different backgrounds. A few of our members are just an “average joe” who’s picked up hacking in their spare time, while other members actually do security and Hacking for a living. Which is the technical background of your members?  My background is in IT, I started hacking about 8 years ago and my motivation was actually looking at a website and thinking. How can I make this work for me without the owner knowing… What was your greatest hacking challenge?  My greatest hacking challenge was about 4 years ago when I launched a hacking campaign called OpBangladesh with some old hacking buddies. We targeted Bangladeshi websites and proceeded to hack and deface them, By the time the campaign was over. 20+ Bangladeshi government websites were defaced and shelled. What are the 4 tools that cannot be missed in the hacker’s arsenal and why? The 4 tools a hacker absolutely needs aren’t actually tools at all, They are Curiosity, Willingness to learn, Perseverance, and A unique way of thinking, these 4 things can actually make or break any hacker. Which are the most interesting hacking communities on the web today, why? As for me specifically I couldn’t tell you about hacking communities because they have really diminished. Did you participate in hacking attacks against the IS propaganda online? When? How? Where do you find IS people to hack? How do you choose your targets? I personally did participate in the attacks against the IS Propaganda online and so did many of our members. We’ve been and still currently taking down and removing their propaganda . As for the IS people we hack, We carefully check each and any suspicious person or submission to our website. If they are ruled to be an IS member or some other form of a Terrorist Organization, We attack accordingly. We exhaust every resource possible in efforts to shut down ISIS propaganda and recruitment online. I personally do believe that cyber attacks can cause a huge risk to critical infrastructure . We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure?  I personally do believe that cyber attacks can cause a huge risk to critical infrastructure .

Spies Love People Who Use Smartphones Because They Are So Easy to Tap
http://www.matthewaid.com/post/149878162341/spies-love-people-who-use-smartphones-because-they
September 3, 2014
How Spy Tech Firms Let Governments See Everything on a Smartphone
Nicole Perlroth New York Times September 3, 2016
SAN FRANCISCO — Want to invisibly spy on 10 iPhone owners without their knowledge? Gather their every keystroke, sound, message and location? That will cost you $650,000, plus a $500,000 setup fee with an Israeli outfit called the NSO Group. You can spy on more people if you would like — just check out the company’s price list. The NSO Group is one of a number of companies that sell surveillance tools that can capture all the activity on a smartphone, like a user’s location and personal contacts. These tools can even turn the phone into a secret recording device. Since its founding six years ago, the NSO Group has kept a low profile. But last month, security researchers caught its spyware trying to gain access to the iPhone of a human rights activist in the United Arab Emirates. They also discovered a second target, a Mexican journalist who wrote about corruption in the Mexican government. Now, internal NSO Group emails, contracts and commercial proposals obtained by The New York Times offer insight into how companies in this secretive digital surveillance industry operate. The emails and documents were provided by two people who have had dealings with the NSO Group but would not be named for fear of reprisals. The company is one of dozens of digital spying outfits that track everything a target does on a smartphone. They aggressively market their services to governments and law enforcement agencies around the world. The industry argues that this spying is necessary to track terrorists, kidnappers and drug lords. The NSO Group’s corporate mission statement is “Make the world a safe place.” Advertisement Continue reading the main story Ten people familiar with the company’s sales, who refused to be identified, said that the NSO Group has a strict internal vetting process to determine who it will sell to. An ethics committee made up of employees and external counsel vets potential customers based on human rights rankings set by the World Bank and other global bodies. And to date, these people all said, NSO has yet to be denied an export license. But critics note that the company’s spyware has also been used to track journalists and human rights activists. “There’s no check on this,” said Bill Marczak, a senior fellow at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. “Once NSO’s systems are sold, governments can essentially use them however they want. NSO can say they’re trying to make the world a safer place, but they are also making the world a more surveilled place.” The NSO Group’s capabilities are in higher demand now that companies like Apple, Facebook and Google are using stronger encryption to protect data in their systems, in the process making it harder for government agencies to track suspects. The NSO Group’s spyware finds ways around encryption by baiting targets to click unwittingly on texts containing malicious links or by exploiting previously undiscovered software flaws. It was taking advantage of three such flaws in Apple software — since fixed — when it was discovered by researchers last month. The cyberarms industry typified by the NSO Group operates in a legal gray area, and it is often left to the companies to decide how far they are willing to dig into a target’s personal life and what governments they will do business with. Israel has strict export controls for digital weaponry, but the country has never barred the sale of NSO Group technology.The founders of NSO Group, Omri Lavie, left, and Shalev Hulio. Credit NSO Group Since it is privately held, not much is known about the NSO Group’s finances, but its business is clearly growing. Two years ago, the NSO Group sold a controlling stake in its business to Francisco Partners, a private equity firm based in San Francisco, for $120 million. Nearly a year later, Francisco Partners was exploring a sale of the company for 10 times that amount, according to two people approached by the firm but forbidden to speak about the discussions. The company’s internal documents detail pitches to countries throughout Europe and multimillion-dollar contracts with Mexico, which paid the NSO Group more than $15 million for three projects over three years, according to internal NSO Group emails dated in 2013.“Our intelligence systems are subject to Mexico’s relevant legislation and have legal authorization,” Ricardo Alday, a spokesman for the Mexican embassy in Washington, said in an emailed statement. “They are not used against journalists or activists. All contracts with the federal government are done in accordance with the law.” Zamir Dahbash, an NSO Group spokesman, said that the sale of its spyware was restricted to authorized governments and that it was used solely for criminal and terrorist investigations. He declined to comment on whether the company would cease selling to the U.A.E. and Mexico after last week’s disclosures. For the last six years, the NSO Group’s main product, a tracking system called Pegasus, has been used by a growing number of government agencies to target a range of smartphones — including iPhones, Androids, and BlackBerry and Symbian systems — without leaving a trace. Among the Pegasus system’s capabilities, NSO Group contracts assert, are the abilities to extract text messages, contact lists, calendar records, emails, instant messages and GPS locations. One capability that the NSO Group calls “room tap” can gather sounds in and around the room, using the phone’s own microphone. Pegasus can use the camera to take snapshots or screen grabs. It can deny the phone access to certain websites and applications, and it can grab search histories or anything viewed with the phone’s web browser. And all of the data can be sent back to the agency’s server in real time. In its commercial proposals, the NSO Group asserts that its tracking software and hardware can install itself in any number of ways, including “over the air stealth installation,” tailored text messages and emails, through public Wi-Fi hot spots rigged to secretly install NSO Group software, or the old-fashioned way, by spies in person. Much like a traditional software company, the NSO Group prices its surveillance tools by the number of targets, starting with a flat $500,000 installation fee. To spy on 10 iPhone users, NSO charges government agencies $650,000; $650,000 for 10 Android users; $500,000 for five BlackBerry users; or $300,000 for five Symbian users — on top of the setup fee, according to one commercial proposal. You can pay for more targets. One hundred additional targets will cost $800,000, 50 extra targets cost $500,000, 20 extra will cost $250,000 and 10 extra costs $150,000, according to an NSO Group commercial proposal. There is an annual system maintenance fee of 17 percent of the total price every year thereafter. What that gets you, NSO Group documents say, is “unlimited access to a target’s mobile devices.” In short, the company says: You can “remotely and covertly collect information about your target’s relationships, location, phone calls, plans and activities — whenever and wherever they are.”

How Much Do We Know (Or Not Know) About Canadian Intelligence
http://www.matthewaid.com/post/149925768271/how-much-do-we-know-or-not-know-about-canadian
September 4, 2016 
Victori H.S. Scott The Independent (Canada) August 16, 2016
Last year American whistle-blower Edward Snowden proclaimed that Canadian intelligence agencies have the “weakest oversight” in the Western world and compared the Canadian government’s Bill C-51 to George W. Bush’s post-9-11 U.S. Patriot Act. Canada became a surveillance state under the Stephen Harper Conservatives. In 2014, for example, it came to light that the Government Operations Centre was monitoring residents of Newfoundland and Labrador, including Indigenous Peoples, residents of the Island’s west coast who opposed fracking, and fishermen who were protesting shrimp quotas. This ongoing problem is further complicated by multiple transnational intelligence sharing agreements, in place since World War II, that remain largely unknown to the general public. Indeed, the rise of the surveillance state is a global phenomenon that cannot be separated from the rise of the internet. But in Canada, because of the lack of any credible oversight, it has played out in a very specific way. This has everything to do with what the Canadian public knows—and more importantly, does not know—about Canadian intelligence agencies. Canada’s new and highly invasive so-called anti-terror legislation came into force last year with the support of then-Opposition Leader Justin Trudeau and the Liberal caucus. The Trudeau Liberals knew that in order to win the election they would need to undo—or at least promise to undo—much of the damage done by their predecessors. They would have to address the alienation felt by Canadians from having a government that used national security as an excuse to trade away its citizens’ freedom and civil liberties. Unfortunately, they have yet to repeal or even reform Bill C-51, and recent terrorist attacks in Europe, the U.S, and here at home in Canada have provided the perfect backdrop against which to further delay the process. On August 10, for example Aaron Driver, a 24-year-old Canadian citizen who was allegedly plotting a terrorist attack in the southern Ontario town of Strathroy, died in a confrontation with police who were following up on a tip from the FBI.  Recent terrorist attacks in Europe, the U.S, and here at home in Canada have provided the perfect backdrop against which to further delay the process [of reforming Bill C-51]...

Security Affairs
Dutch Police seized two servers of the VPN provider Perfect Privacy
September 4, 2016  By Pierluigi Paganini
http://securityaffairs.co/wordpress/50897/laws-and-regulations/perfect-privacy-seizures.htm
September 4, 2016  By Pierluigi Paganini
The Dutch Police has seized two servers belonging to Switzerland-based Virtual Private Network (VPN) provider Perfect Privacy, as part of an investigation.
Recently, two European countries, France and Germany, have declared war against encryption with an objective to force major technology companies to build encryption backdoors in their secure messaging services. The fight to the cybercrime is a priority for every European government, law enforcement agencies worldwide are joining their efforts to fight illegal activities online. Law enforcement bodies claim their investigation are hampered by the wide adoption of encryption of criminal organizations and ask more powers to their governments. France and Germany governments call for an European Decryption Law, a joint press conference “Franco-German initiative on internal security in Europe” in Paris was held by Germany’s Interior Minister Thomas de Maizière and France’s Interior Minister Bernard Cazeneuve. They called on the European Commission to think for possible new legislative act to force operators offering products or telecommunications services to decrypt messages or to remove illegal content for government investigators. A directive, if issued by the European Commission, is a kind of EU decryption law that must pass through the interpretation stage of European Union’s member states to become a national law at European level. Meanwhile, at the international level, they also called for the signing and ratification of the Budapest Convention on Cybercrime. Netherlands is another country that is adopting measures to contrast cybercrime, recently the Dutch Police has seized two servers belonging to Switzerland-based Virtual Private Network (VPN) provider Perfect Privacy, as part of an investigation. At the time I was writing the Dutch police hasn’t provided further details about the seizures. The Perfect Privacy VPN provider informed its customers that two servers in Rotterdam were seized by the Dutch police on Thursday, August 24. The Dutch authorities seized the servers of the company, they requested the I3D to give them the access to the servers with a subpoena that allowed them to seize the hardware.Perfect Privacy confirms that the company was back up and running the following day after I3D The Perfect Privacy provider confirmed the seizures and declared that it received the news about the law enforcement operation I3D, the company that provides server hosting in the Netherlands. “Today our hoster I3D informed us that the Dutch authorities have seized two servers from our location in Rotterdam. Currently we have no further information since the responsible law enforcement agency did not get in touch with us directly, we were merely informed by our hoster.” states the announcement from the Perfect Privacy VPN provider. “Since we are not logging any data there is currently no reason to believe that any user data was compromised.” VPNs are privileged tools that allow security experts, activists, and journalists, to protect their privacy online, unfortunately, they are often abused also by crooks and black hat hackers. VPN service providers numerous requests from law enforcement agencies for supporting their investigation, but in the majority of cases the company doesn’t offer their collaboration. It is likely that this is what has happened to the Perfect Privacy VPN provider. In April, the Dutch Police seized the servers of the Ennetcom VPN provider based in the Netherlands and Canada to shut down their operations during a criminal investigation. In that case, the Dutch Police accused Ennetcom of helping criminal activities, including drug trafficking and assassinations. The I3D hosting provider offered two replacement servers to avoid problems with the VPN provider.

Transmission Bittorrent Client Download Was Compromised for 2 Days
http://7rmath4ro2of2a42.onion/article.pl?sid=16/09/04/0236201
posted by cmn32480 on Sunday September 04, @01:04PM
A. It appears that on or about August 28, 2016, unauthorized access was gained to our [TransmissionBT's] website server. The official Mac version of Transmission 2.92 was replaced with an unauthorized version that contained the OSX/Keydnap malware. The infected file was available for download somewhere between a few hours and less than a day. Additional information about the malware is available here and here. A. The infected file was removed from the server immediately upon discovering its existence, which was less than 24 hours after the file was posted to the website. To help prevent future incidents, we have migrated the website and all binary files from our current servers to GitHub. Other services, which are currently unavailable, will be migrated to new servers in the coming days. As an added precaution, we will be hosting the binaries and the website (including checksums) in two separate repositories.

Leaked Catalogue Reveals a Vast Array of Military Spy Gear Offered to U.S. Police
https://theintercept.com/2016/09/01/leaked-catalogue-reveals-a-vast-array-of-military-spy-gear-offered-to-u-s-police/
Sam Biddle 2016-09-01T20:31:32+00:00
A confidential, 120-page catalogue of spy equipment, originating from British defense firm Cobham and circulated to U.S. law enforcement, touts gear that can intercept wireless calls and text messages, locate people via their mobile phones, and jam cellular communications in a particular area. The catalogue was obtained by The Intercept as part of a large trove of documents originating within the Florida Department of Law Enforcement, where spokesperson Molly Best confirmed Cobham wares have been purchased but did not provide further information. The document provides a rare look at the wide range of electronic surveillance tactics used by police and militaries in the U.S. and abroad, offering equipment ranging from black boxes that can monitor an entire town’s cellular signals to microphones hidden in lighters and cameras hidden in trashcans. Markings date it to 2014. Cobham, recently cited among several major British firms exporting surveillance technology to oppressive regimes, has counted police in the United States among its clients, Cobham spokesperson Greg Caires confirmed. The company spun off its “Tactical Communications and Surveillance” business into “Domo Tactical Communications” earlier this year, selling the entity to another company and presumably shifting many of those clients into it. Caires declined to comment further on the catalogue obtained by The Intercept or confirm its authenticity, but said it “looked authentic” to him. “By design, these devices are indiscriminate and operate across a wide area where many people may be present,” said Richard Tynan, a technologist at Privacy International, of the gear in the Cobham catalogue. Such “indiscriminate surveillance systems that are not targeted in any way based on prior suspicion” are “the essence of mass surveillance,” he added.   The national controversy over military-grade spy gear trickling down to local police has largely focused on the “Stingray,” a single type of cellular spy box manufactured by a single company, Harris Corp. But the menu of options available to domestic law enforcement is enormous and poorly understood, mostly because of efforts by both manufacturers and their police clientele to suppress information about their functionality and use. What little we know about Stingrays has often been the result of hard-fought FOIA lawsuits or courtroom disclosures by the government. When the Wall Street Journal began reporting on the use of the Stingray in 2011, the FBI declined to comment on the grounds that even discussing the device’s existence could jeopardize its usefulness. The effort to pry out details about the tool is ongoing; just this past April, the American Civil Liberties Union and Electronic Frontier Foundation prevailed in a federal court case, getting the government to admit it used a Stingray in Wisconsin. Unsurprisingly, the Cobham catalogue describes itself as “proprietary and confidential” and demands that it “must be returned upon request.” Information about Cobham’s own suite of Stingray-style boxes is almost nonexistent on the web. But starting far down on Page 105 of the catalogue is a section titled “Cellular Surveillance,” wherein the U.K.-based manufacturer of defense and intelligence-oriented hardware lays out all the small wonders it sells for spying on people’s private conversations, whether they’re in Baghdad or Baltimore:The above page immediately stood out to ACLU attorney Nathan Wessler, who has made Stingray-like devices a major focus of his work for the civil liberties group. Wessler said “the note at the top of the page about the ability to intercept calls and text messages (in addition to the ability to geo-locate phones)” is of particular interest, because “domestic law enforcement agencies generally say they don’t use that capability.” Also remarkable to Wessler is the claim that cellphone users can be “tracked to less than 1 [meter] of accuracy.” Tynan said Cobham’s cellular surveillance devices are, like the Stingray, standard “IMSI catchers,” deeply controversial equipment that can be used to create fake cellular networks and swallow up International Mobile Subscriber Identity fingerprints, calls, and texts. But he noted that such devices can operate on a vast scale: The Cobham devices in this catalogue are standard interception devices with the ability to masquerade as 1-4 base stations simultaneously. This would allow it to pretend to be 4 different operators or 4 base stations from the same operator or any combination. These specifications allow for the interception of up to 4 calls at a time. The operational distance of these devices would be around 1-2 KM for 3G and significantly greater for 2G devices. Devices of this type can typically acquire the unique identifiers of handsets at a rate of 200 per minute. Cobham also offers equipment capable of causing immense cellular blackouts and bulk data collection, including the “3G-N” — operated via laptop...

How Bitcoin Users Reclaim Their Privacy Through its Anonymous Sibling, Monero
http://7rmath4ro2of2a42.onion/article.pl?sid=16/09/03/1412225
http://www.nasdaq.com/article/how-bitcoin-users-reclaim-their-privacy-through-its-anonymous-sibling-monero-cm673770
Bitcoin right now is not really anonymous. While Bitcoin addresses aren't necessarily linked to real-world identities, they can be. Monitoring the unencrypted peer-to-peer network, analyses of the public blockchain and Know Your Customer (KYC) policy or Anti-Money Laundering (AML) regulations can reveal a lot about who's using Bitcoin and for what. This is not great from a privacy perspective. For example, Bitcoin users might not necessarily want the world to know where they spend their money, what they earn or how much they own; similarly, businesses may not want to leak transaction details to competitors. Additionally, the fact that the transaction history of each bitcoin is traceable puts the fungibility of all bitcoins at risk. "Tainted" bitcoins, for example, may be valued less than other bitcoins, possibly even calling into question Bitcoin's value proposition as money. There are potential solutions that may increase privacy and improve fungibility in Bitcoin. But most of these solutions are either partial, works-in-progress or just largely theoretical. To reclaim their privacy right now, therefore, have begun to utilize one of its competitors: the altcoin Monero. The article continues with an explanation of how Monero works differently from Bitcoin. Monero is based on the CryptoNote reference implementation, which is an altcoin that was designed from scratch. It uses XMR as its native currency which is one of the top altcoins by market capitalization It has implementation details that greatly reduce the ability of someone to follow the chain of inputs and outputs of transactions and trace back someone's identity. The real trick is Monero's use of "Ring Signatures": The actual magic comes from a cryptographic signature scheme called "ring signatures," based on the older concept of "group signatures." Ring signatures exist as several iterations and variations, but all share the property of obfuscating which cryptographic key signed "which" message, while still proving "that" a cryptographic key signed "a" message. The version used by Monero is called "Traceable Ring Signatures (pdf)," invented by Eiichiro Fujisaki and Koutarou Suzuki. Lastly, a Bitcoin holder can exchange Bitcoin for Monero, perform a transaction, and then (if desired) convert any change from the transaction back to Bitcoin (with suitable delays to allow other transactions to occur on the Monero blockchain.)

Hacker Interviews – 0xOmar (@0XOMAR1337)
http://securityaffairs.co/wordpress/50938/hacking/hacker-interviews-0xomar.html
September 4, 2016  By Pierluigi Paganini
Today I present you 0xOmar  (@0XOMAR1337) an expert very active in the hacking community online with a great experience. Enjoy the Interview. Why do you use the nickname of TeaMp0isoN? I know them and you are not a member of the original crew. Trick was very good friend of mine invited me to join TeaMp0isoN in 2012 after my interview with Skynews on skype in 2012 then i meet MLT after 2013 I have been underground for many years because Israeli intelligence was trying to track me, but I still was here like other Anons are still wearing their masks. No one will know you. New crew of TeaMp0isoN don’t know me. Members of the old crew like MLT knows me. Good Time, when I have joint the team it was composed of only 4 persons. Did you participate in in several hacking campaigns, could you tell me more about? I have participated in many operations and campaigns during my 17 years career. I taught many Anons hackers and I was member of many teams. I have built 4 teams. I have participated in campaigns, including #OpISIS, #OpIsrael, #Opusa, #OpIran, #OpMyanmar. Could you tell me which his your technical background and when you started hacking? My skills are Hardware, Networking, Coding HTML,PHP,ASP,APSX,VB,C++,C#,JS2E5.0,Java SE 8, JavaScript, JavaScript, Perl, SQL, NET, XML, Scala, Python, Matlab, Cobol, haskell Smalltalk, Object-Oriented, Fortran, Scripting, Squeak, Ada, Labview. My first software was made in VB and later in 2004 I developed a lot of software. One of my best software allowed me to get in yahoo conference without been invited. I developed many booters,  DDoS scripts, malware, crypters & Binders etc. I started hacking in 1999. Which are your motivations? I fight for peace in the World. What was your greatest hacking challenge? Taking Down el Aviv Stock Exchange in 2012, airline and Government web sites. Below the list: http://www.zone-h.org/archive/notifier=0xOmar/page=1 … I infected with malware the Iranian Oil Feld and I took down the site of the Israeli Intelligence Agencies when I was testing my tools (https://vid.me/9sqj ) What are the 4 tools that cannot be missed in the hacker’s arsenal and why? * Nmap For Scan Ports Map Networks and connecting to Targets. * Metasploit Exploitation & hacking framework. * Hydra brute force other network cracking techniques. * Acunetix WVS web vulnerability scanner Cross-site Scripting, SQL injection,WordPress,1200 vulnerabilities. Which are the most interesting hacking communities on the web today, why? Most Interesting hacking communities are common in You can find them on social media platforms like Facebook, Twitter, etc. Did you participate in hacking attacks against the IS propaganda online? When? How? Yes, I Do. I participated in hacking attacks against IS, I attacked the main sites used by the IS with botnet and malware. I hacked into many of their accounts. For me ISIS are not evenMuslims.Where do you find IS people to hack? How do you choose your targets?  Social media, mobile apps, Twitter, Facebook, Telegram, Etc & friends been reporting chosen targets. We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure? Yes, It Is. I Do Attacks against critical infrastructure. It is easy to attack them and person inside them. Send them emails with a malware .and you got it. It is quite easy to scan online searching for vulnerable SCADA exposed on the Internet. Then you can user known exploit to hack them or write your own exploit code.

Riseup, providing encrypted comms for over 15 years, could run out of money next month
https://www.grahamcluley.com/2016/09/riseup-encrypted-communications/
Graham Cluley | September 5, 2016 5:36 pm Riseup.net, the non-profit collective which has been providing dissidents a way to encrypt their communications since 1999, without revealing your location or logging your IP address, is running out of money: The news is not good We hate to be bad news birds, but we need to tell you that Riseup will run out of money next month. We had a number of unexpected hardware failures, lower-than-expected regular donations, and a record year of new Riseup users which puts more financial pressure on us than ever before. We need your help to keep things going this year, so we are starting a campaign to ask Riseup users to give us just one dollar! Can you give us a dollar? There are a lot of easy ways to do it: https://riseup.net/donate It seems that Riseup.net saw a boom in new users in the wake of the Edward Snowden revelations, but has not managed to match that growth with sufficient regular donations. If Riseup.net shuts down, that also means the end for 150,000 email accounts and over 18,000 mailing lists that depend on the service for their privacy and security. It would be sad to see Riseup.net close its doors. I hope people who value online liberty will support this noble cause. (Yes, I already donated.)

NSA EXTRABACON exploit still threatens tens of thousands of CISCO ASA boxes
http://securityaffairs.co/wordpress/50971/hacking/nsa-extrabacon.html
Two security experts from the Rapid 7 firm revealed that tens of thousands of CISCO ASA boxes are still vulnerable to the NSA EXTRABACON exploit.
A few weeks ago the Shadow Brokers hacker group hacked into the arsenal of the NSA-Linked Equation Group leaked online data dumps containing its exploits. ExtraBacon is one of the exploits included in the NSA arsenal, in August security experts have improved it to hack newer version of CISCO ASA appliance. The Hungary-based security consultancy SilentSignal has focused his analysis on the ExtraBacon exploit revealing that it could be used against the newer models of Cisco’s Adaptive Security Appliance (ASA). The security firm has demonstrated that the NSA-linked Cisco exploit dubbed ExtraBacon poses a bigger threat than previously thought. Initially, the ExtraBacon exploit was restricted to versions 8.4.(4) and earlier of the CISCO ASA boxes and has now been expanded to 9.2.(4).The EXTRABACON tool exploits the CVE-2016-6366 vulnerability to allow an attacker who has already gained a foothold in a targeted network to take full control of a CISCO ASA firewall. The EXTRABACON tool leverages on a flaw that resides in the Simple Network Management Protocol (SNMP) implemented by the ASA software. “A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code.” states the advisory  published by CISCO. “The vulnerability is due to a buffer overflow in the affected code area.  The vulnerability affects all versions of SNMP. An attacker could exploit this vulnerability by sending crafted SNMP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. The attacker must know the SNMP community string to exploit this vulnerability.” At the end of August CISCO started releasing patches for its ASA software to address the Equation Group’s EXTRABACON exploit included in the NSA data dump leaked online. Network administrators that manage CISCO ASA 7.2, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6 and 8.7 have to update their installations to version 9.1.7(9) or later. The vulnerability has been fixed in the ASA 9.1, 9.5 and 9.6 with the release of versions 9.1.7(9), 9.5(3) and 9.6.1(11). Experts estimated that tens of thousands of Cisco ASA firewalls are vulnerable to an authentication bypass exploit. The bad news Unfortunately, two security experts from the Rapid 7 firm, Derek Abdine and Bob Rudis, revealed that tens of thousands of ASA appliance are still vulnerable to the EXTRABACON attack judging by the time of the last reboot. The security duo scanned roughly 50,000 ASA devices that were identified in a previous reconnaissance and analysed the last time reboot times. Some 10,000 of the 38,000 ASA boxes had rebooted within the 15 days since Cisco released its patch, an information that confirms that roughly 28,000 devices are still vulnerable because they were not patched. The remaining 12,000 devices did not provide the information of the last reboot.Going deep into the analysis, the researchers discovered that unpatched devices belong to four large US firms, a UK government agency and a financial services company, and a large Japanese telecommunications provider.What does it means? It means that the above organizations are using vulnerable CISCO ASA Boxes if the following condition are matched: * the ASA device must have SNMP enabled and an attacker must have the ability to reach the device via UDP SNMP (yes, SNMP can run over TCP though it’s rare to see it working that way) and know the SNMP community string * an attacker must also have telnet or SSH access to the devices Of course, the exploiting of ExtraBacon is not so simple, anyway, it is possible when dealing with persistent attackers. “This generally makes the EXTRABACON attack something that would occur within an organization’s network, specifically from a network segment that has SNMP and telnet/SSH access to a vulnerable device. So, the world is not ending, the internet is not broken and even if an attacker had the necessary access, they are just as likely to crash a Cisco ASA device as they are to gain command-line access to one by using the exploit.” wrote Abdine and Rudis. “Even though there’s a high probable loss magnitude from a successful exploit, the threat capability and threat event frequency for attacks would most likely be low in the vast majority of organisations that use these devices to secure their environments.”  “Having said that, Extra Bacon is a pretty critical vulnerability in a core network security infrastructure device and Cisco patches are generally quick and safe to deploy, so it would be prudent for most organisations to deploy the patch as soon as they can obtain and test it.” The security duo is warning the above organisations which could not underestimate the risk of exposure to EXTRABACON attacks.

Dutch Police seized two servers of the VPN provider Perfect Privacy
http://securityaffairs.co/wordpress/50897/laws-and-regulations/perfect-privacy-seizures.html
September 4, 2016  By Pierluigi Paganini
The Dutch Police has seized two servers belonging to Switzerland-based Virtual Private Network (VPN) provider Perfect Privacy, as part of an investigation. Recently, two European countries, France and Germany, have declared war against encryption with an objective to force major technology companies to build encryption backdoors in their secure messaging services. The fight to the cybercrime is a priority for every European government, law enforcement agencies worldwide are joining their efforts to fight illegal activities online. Law enforcement bodies claim their investigation are hampered by the wide adoption of encryption of criminal organizations and ask more powers to their governments. France and Germany governments call for an European Decryption Law, a joint press conference “Franco-German initiative on internal security in Europe” in Paris was held by Germany’s Interior Minister Thomas de Maizière and France’s Interior Minister Bernard Cazeneuve. They called on the European Commission to think for possible new legislative act to force operators offering products or telecommunications services to decrypt messages or to remove illegal content for government investigators. A directive, if issued by the European Commission, is a kind of EU decryption law that must pass through the interpretation stage of European Union’s member states to become a national law at European level. Meanwhile, at the international level, they also called for the signing and ratification of the Budapest Convention on Cybercrime. Netherlands is another country that is adopting measures to contrast cybercrime, recently the Dutch Police has seized two servers belonging to Switzerland-based Virtual Private Network (VPN) provider Perfect Privacy, as part of an investigation. At the time I was writing the Dutch police hasn’t provided further details about the seizures. The Perfect Privacy VPN provider informed its customers that two servers in Rotterdam were seized by the Dutch police on Thursday, August 24. The Dutch authorities seized the servers of the company, they requested the I3D to give them the access to the servers with a subpoena that allowed them to seize the hardware.Perfect Privacy confirms that the company was back up and running the following day after I3D The Perfect Privacy provider confirmed the seizures and declared that it received the news about the law enforcement operation I3D, the company that provides server hosting in the Netherlands. “Today our hoster I3D informed us that the Dutch authorities have seized two servers from our location in Rotterdam. Currently we have no further information since the responsible law enforcement agency did not get in touch with us directly, we were merely informed by our hoster.” states the announcement from the Perfect Privacy VPN provider. “Since we are not logging any data there is currently no reason to believe that any user data was compromised.” VPNs are privileged tools that allow security experts, activists, and journalists, to protect their privacy online, unfortunately, they are often abused also by crooks and black hat hackers. VPN service providers numerous requests from law enforcement agencies for supporting their investigation, but in the majority of cases the company doesn’t offer their collaboration. It is likely that this is what has happened to the Perfect Privacy VPN provider. In April, the Dutch Police seized the servers of the Ennetcom VPN provider based in the Netherlands and Canada to shut down their operations during a criminal investigation. In that case, the Dutch Police accused Ennetcom of helping criminal activities, including drug trafficking and assassinations. The I3D hosting provider offered two replacement servers to avoid problems with the VPN provider.

Linux/Mirai ELF, when malware is recycled could be still dangerous
http://securityaffairs.co/wordpress/50929/malware/linux-mirai-elf.html
September 5, 2016  By Pierluigi Paganini
Experts from MalwareMustDie spotted a new ELF trojan backdoor, dubbed ELF Linux/Mirai,  which is now targeting IoT devices
Experts from MalwareMustDie have analyzed in August samples of a particular ELF trojan backdoor, dubbed ELF Linux/Mirai,  which is now targeting IoT devices. The name of the malware is the same of the binary,”mirai.*,” and according to the experts, several attacks have been detected in the wild. The ELF Linux/Mirai is very insidious; it is still undetected by many antivirus solutions as confirmed by the very low detection ratio in the VirusTotal online scanning service. “The reason for the lack of detection is because of the lack of samples, which are difficult to fetch from the infected IoT devices, routers, DVR or WebIP Camera, the Linux with Busybox binary in embedded platform, which what this threat is aiming.” states the analysis from MalwareMustDie Blog. The last ELF examined by Security Affairs was the Linux Trojan Linux.PNScan that has actively targeting routers based on x86 Linux in an attempt to install backdoors on them. But MalwareMustDie tells us that Linux/Mirai “is a lot bigger than PnScan”. And continues: “The threat was starting campaign in early August even if this ELF is not easy to be detected since it is not showing its activity soon after being installed: it sits in there and during that time, no malware file will be left over in system, all are deleted except the delayed process where the malware is running after being executed.” This means that when the infections succeeded, it is not easy to distinguish an infected system by a not infected one, except than from the memory analysis, and we are talking about a kind of devices that are not easy to analyze and debug. The normal kind of analysis conducted from the file system or from the external network traffic doesn’t give any evidence, at the beginning. We are in a hostile environment, called Internet of Things (IoT), shaping new kind of powerful Botnets spreading worldwide, but which Countries are more exposed to this kind of attack? “Countries that are having Linux busybox IoT embedded devices that can connect to the internet, like DVR or Web IP Camera from several brands, and countries who have ISP serving users by Linux routers running with global IP address, are exposed as target, especially to the devices or services that is not securing the access for the telnet port (Tcp/23) service“ In fact seems that he continues, “the Linux/Mirai creators succeed to encode the strings and making diversion of traffic to camouflage themself. As is possible to see analyzing the samples, shown in the link to Virustotal  the best detection is only “3 of 53” or “3 to 55.” What is very important for all the sysadmins is to be provided by a shield against these infections: “along with the good friends involved in the open filtration system, security engineers are trying to push” – says again MalwareMustDie – “the correct filtration signature to alert the sysadmins if having the attacks from this threat. And on one pilot  a sysadmins provided with the correct signatures, found the source attack from several hundreds of addresses within only a couple of days.” Then it seems that the infection is really going widespread and the Botnet seems to be really very large. At the moment for all the sysadmins who want to protect their systems there is a list of mitigations actions: * If you have an IoT device, please make sure you have no telnet service open and running. * Blocking the used TCP/48101 port if you don’t use it, it’s good to prevent infection & further damage, * Monitor the telnet connections because the Botnet protocol used for infection is the Telnet service, * Reverse the process looking for the strings reported in the MalwareMustDie detections tool tips. But, what we know about this Linux/Mirai ELF malware exactly, and why it is not so common among the malware analysts? “The reason why not so many people know it”, says MalwareMustDie – “is that antivirus thinks it is a variant of Gafgyt or Bashlite or Bashdoor. Then, the real samples of this malware is hard to get since most malware analysts have to extract it from memory on an infected device, or maybe have to hack the CNC to fetch those.” This means that also the forensic analysis can be difficult if we switch off the infected device: all the information would be lost and maybe it would be necessary start again with a new infection procedure, in case. It remembers the Greek mobile wiretap named “Vodafone Hack”, no evidence than in the memory. But in your opinion which is the main difference among the previous ELF malware versions? “The actors are now having different strategy than older type of similar threat.” – says MalwareMustDie – “by trying to be stealth (with delay), undetected (low detection hit in AV or traffic filter), unseen (no trace nor samples extracted), encoded ELF’s ASCII data, and with a big “hush-hush” among them for its distribution. But it is obvious that the main purpose is still for DDoS botnet and to rapidly spread its infection to reachable IoTs by what they call it as Telnet Scanner. ” The real insidiously of this ELF is that the only way to track it is to extract it from the memory of the running devices and there is not so much expertise among people that can “hack their own routers or webcam or DVR to get the malware binary dumped from the memory or checking the trace of infection.” Digging in the details: how the infection works...

Evidence on hacks of the US State Election Systems suggest Russian origin 
http://securityaffairs.co/wordpress/50962/intelligence/election-systems-attacks.html
September 5, 2016  By Pierluigi Paganini
Researchers have found links between the attacks on US state election systems and campaigns managed by alleged Russian state-sponsored hackers.
Security experts at threat intelligence firm ThreatConnect have conducted an analysis on the IP addresses listed in the flash alert issued in August by the FBI that warned about two cyber attacks against the election systems in two U.S. states. The FBI confirmed that foreign hackers have penetrated state election systems, federal experts have uncovered evidence of the intrusion. The hackers violated the databases of two state election systems for this reason the FBI issued the flash alert to election officials across the country inviting them to adopt security measured to protect their computer systems. “The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility ofcyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections.”reported Yahoo News that obtained a copy of the “flash” alert.The FBI alert contains technical details about the attacks, including the IP addresses involved in the both attacks that have been analyzed by ThreatConnect. The TTPs adopted by attackers suggest the involvement of Russian hackers, one of the IP addresses included in the alert has surfaced before in Russian criminal underground hacker forums. Some of the IPs are owned by the FortUnix Networks firm that was known to the security experts because its infrastructure was exploited by attackers that hit in December the Ukrainian power grid with the Black Energy malware. The experts revealed that one of them was used in the past in spear-phishing campaigns that targeted the Justice and Development (AK) Party in Turkey, the Freedom Party in Germany, and the Ukrainian Parliament. “However, as we looked into the 5.149.249[.]172 IP address within the FBI Flash Bulletin, we uncovered a spear phishing campaign targeting Turkey’s ruling Justice and Development (AK) Party, Ukrainian Parliament, and German Freedom Party figures from March – August 2016 that fits a known Russian targeting focus and modus operandi.” states the analysis published by ThreatConnect”As we explored malicious activity in the IP ranges around 5.149.249[.]172 we found additional linkages back to activity that could be evidence of Russian advanced persistent threat (APT) activity. This connection around the 5.149.249[.]172 activity is more suggestive of state-backed rather than criminally motivated activity, although we are unable to assess which actor or group might be behind the attacks based on the current evidence.” The phishing campaigns mentioned in the analysis exploited an open source phishing framework named Phishing Frenzy, the security experts managed to hack into the control panel of the system used by the phishers and discovered a total of 113 emails written in Ukrainian, Turkish, German and English. Out of the 113 total emails, 48 of them are malicious messages targeting Gmail accounts, while the rest were specifically designed to look like an email from an organization of interest for the victims. 16 of the malicious email used to target AK Party officials were also included in the WikiLeaks dump of nearly 300,000 AK Party emails disclosed in July. The experts from ThreatConnect discovered some connections to a Russian threat actor, alleged linked to the Government of Moscow. One of the domains hosting the phishing content was registered with an email address associated with a domain known to be used by the infamous APT28 group (aka Fancy Bear, Pawn Storm, Sednit, Sofacy). Below the evidence collected by experts at ThreatConnect that suggest the involvement of the Russian Government, “but do not prove” it: * Six of the eight IP addresses belong to a Russian-owned hosting service * 5.149.249[.]172 hosted a Russian cybercrime market from January – May 2015 * Other IPs belonging to FortUnix infrastructure – the same provider as 5.149.249[.]172 – were seen in 2015 Ukraine power grid and news media denial of service attacks * The Acunetix and SQL injection attack method closely parallel the video from a purported Anonymous Poland (@anpoland) handle describing how they obtained athlete records from Court of Arbitration for Sport (CAS).

NSO Group, the surveillance firm that could spy on every smartphone
http://securityaffairs.co/wordpress/50949/hacking/nso-group-firm.html
September 5, 2016  By Pierluigi Paganini
The NSO Group is one of the surveillance companies that allow their clients to spy on their targets through almost any smartphone. 
It is quite easy for any Government to spy on mobile users, recently we have discussed the Trident vulnerabilities that were exploited by a surveillance software developed by the NSO Group to deliver the Pegasus malware. But it could be very expensive if you decide to use the NSO Group’s software, according to The New York Times spy on 10 iPhones will cost $650,000, plus a $500,000 setup fee. “To spy on 10 iPhone users, NSO charges government agencies $650,000; $650,000 for 10 Android users; $500,000 for five BlackBerry users; or $300,000 for five Symbian users — on top of the setup fee, according to one commercial proposal.” reported The New York Times. “You can pay for more targets. One hundred additional targets will cost $800,000, 50 extra targets cost $500,000, 20 extra will cost $250,000 and 10 extra costs $150,000, according to an NSO Group commercial proposal. There is an annual system maintenance fee of 17 percent of the total price every year thereafter.” There are several companies that develop surveillance platforms for targeting mobile devices, the NSO Group operated in the dark for several years, until the researchers from the Citizenlab organization and the Lookout firm spotted its software in targeted attacks against UAE human rights defender, Ahmed Mansoor. The researchers also spotted other attacks against a Mexican journalist who reported to the public a story of the corruption in the Mexican government. “The company’s internal documents detail pitches to countries throughout Europe and multimillion-dollar contracts with Mexico, which paid the NSO Group more than $15 million for three projects over three years, according to internal NSO Group emails dated in 2013.” added The New York Times.“Our intelligence systems are subject to Mexico’s relevant legislation and have legal authorization,” Ricardo Alday, a spokesman for the Mexican embassy in Washington, said in an emailed statement. “They are not used against journalists or activists. All contracts with the federal government are done in accordance with the law.” The New York Times has conducted further investigations on the NSO Group, the company that specializes its offer in surveillance applications for governments and law enforcement agencies around the world. People familiar with the NSO Group confirmed that the company has an internal ethics committee that monitors the sales and potential customers verifying that the software will not be abused to violate human rights. Officially the sale of surveillance software is limited to authorized governments to support investigation of agencies on criminal organization and terrorist groups. Unfortunately, its software is known to have been abused to spy on journalists and human rights activists. “There’s no check on this,” said Bill Marczak, a senior fellow at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. “Once NSO’s systems are sold, governments can essentially use them however they want. NSO can say they’re trying to make the world a safer place, but they are also making the world a more surveilled place.” Companies like the NSO Group operate in the dark, in a sort of “legal gray area,” despite the Israeli government exercises strict control of the export of such kind of software, surveillance applications could be abused by threat actors and authoritarian regimes worldwide. The principal product of the NSO Group is a surveillance software called Pegasus, it allows to spy on the most common mobile devices, including iPhones, Androids, and BlackBerry and Symbian systems. Pegasus is a perfect tool for surveillance, it is able to steal any kind of data from smartphones and use them to spy on the surrounding environment through their camera and microphone. “In its commercial proposals, the NSO Group asserts that its tracking software and hardware can install itself in any number of ways, including “over the air stealth installation,” tailored text messages and emails, through public Wi-Fi hot spots rigged to secretly install NSO Group software, or the old-fashioned way, by spies in person.” continues The New York Times. Now we have more information about the mysterious NSO Group, but many other companies operate in the same “legal gray area.”



CVE-2016-3862 flaw – Silently hack millions Androids devices with a photo
http://securityaffairs.co/wordpress/51043/mobile-2/android-cve-2016-3862-flaw.html
The CVE-2016-3862 flaw is a remote code execution vulnerability that affects the way images used by certain Android apps parsed the Exif data.
Are you an Android user? I have a bad news for you, an apparently harmless image on social media or messaging app could compromise your mobile device. The last security updates issued by Google have fixed the Quadrooter vulnerabilities, that were threatening more than 900 Million devices, and a critical zero-day that could let attackers deliver their hack hidden inside an image. The flaw, coded as CVE-2016-3862, is a remote code execution vulnerability in the Mediaserver. It affects the way images used by certain Android applications parsed the Exif data included in the images. “Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (includingsmartphones), scanners and other systems handling image and sound files recorded by digital cameras. ” reads Wikipedia. The flaw was first discovered by the security researcher Tim Strazzere from the SentinelOne firm, who explained that it could be exploited by hackers to take complete control of the device without the victim knowing or crash it. “Strazzere told me that as long as an attacker can get a user to open the image file within an affected app – such as Gchat and Gmail – they could either cause a crash or get “remote code execution”; ergo they could effectively place malware on the device and take control of it without the user knowing.” explained Forbes. The victim doesn’t need to click on the malicious image, neither on a link, because as soon as it’s data was parsed by the device it would trigger the CVE-2016-3862 vulnerability. “The problem was made even more severe as a malicious hacker wouldn’t even need the victim to do anything. “Since the bug is triggered without much user interaction – an application only needs to load an image a specific way – triggering the bug is as simple as receiving a message or email from someone. Once that application attempts to parse the image (which was done automatically), the crash is triggered,” Strazzere explained.  What does it mean? Just one photo containing a generic exploit can silently hack millions of Android devices, is a way similar to the Stagefright exploits that allowed the attackers to hack a smartphone with just a simple text message. “Theoretically, someone could create a generic exploit inside an image to exploits lots of devices. However, due to my skill level, I had to specifically craft each one for the devices. Though once this is done, Gchat, Gmail, most other messengers or social media apps would likely allow this to trigger.” Strazzere developed the exploits for the affected devices and tested them on Gchat, Gmail and many other messenger and social media apps. Strazzere did not reveal the names of the other apps that are also affected by the CVE-2016-3862 vulnerability, it also added that the list of vulnerable software includes “privacy-sensitive” tools. Any mobile app implementing the Android Java object ExifInterface code is likely vulnerable to the vulnerability.The vulnerability is similar to last year’s Stagefright bug (exploit code) that allowed hackers to hijack Android devices with just a simple text message without the owners being aware of it. Google Android version from 4.4.4 to 6.0.1 are affected by the CVE-2016-3862 vulnerability, of course, the devices that installed the last update. Google has already delivered a patch to fix the vulnerability, as usual, this doesn’t mean that your mobile has already applied it because the patch management depends on handset manufacturers and carriers. So, if you are not running an updated version of the Android OS, you probably are vulnerable to the image-based attack. Google rewarded  Strazzere $4,000 as part of its Android bug bounty and added another $4,000, as the researcher had pledged to give all $8,000 to Girls Garage, a program of the nonprofit Project H Design for girls aged 9-13.

 Security Affairs 
Hacker Interviews – @h0t_p0ppy, the hacktivist
http://securityaffairs.co/wordpress/51038/hacktivism/hacker-interviews-h0t_p0ppy-the-hacktivist.html
Today I’ll present you  @h0t_p0ppy, a skilled online hacktivist that participated in the major hacking campaigns, including#OpWhales, #OpSeaWorld, #OpKillingBay, and #OpBeast,
September 7, 2016  By Pierluigi Paganini
You are a popular talented hacker that has already participated in several hacking campaigns, could you tell me more about. I have participated in campaigns against animal abuses. There are many ops for animals that don’t get enough attention or recognition. The first big one was #OpFunKill then #OpKillingBay which inspired me to create #OpSeaWorld, #OpKillingBay-EU and #OpWhales. All these campaigns focus on either the slaughter or confinement of cetaceans. Few people were aware about the impact of cetacean slaughter on our environment. As Paul Watson said “If the oceans die, we die” With these ops the public can learn about whale slaughter which is still happening today and the truth behind SeaWorld and marine prisons. Its not easy keeping all these ops up to date with relevant information. It take a lot of my spare time but if it makes a difference, it’s worth it. Could you tell me which his your technical background and when you started hacking? I was inspired by the anonymous movement to believe that every single person has the ability to make a change. I went from office to hacktivism. I have picked up skills, taught myself and relied on team members to teach me new skills. The team as a whole have a varied skill base from researching to dd0s and hacking. Each and everyone of us is equally important to the success of the ops. Which are your motivations? Simply to bring awareness to the public about the crimes against cetaceans at the hands of humans. I also want to see an end to whaling. What was your greatest hacking challenge? The greatest challenge isn’t hacking, it’s keeping the momentum and interest in the ops. #OpKillingBay for instance is in year 4 now and still as important as the day it launched. All our work is a team effort. Action taken for #OpWhales has brought Iceland’s commercial hunt of fin whales (an endangered animal) into the spotlight. Sites were brought down including the prime minister’s official website and that of the environment and interior ministries. This brought worldwide media attention to the plight of these whales. Which was your latest hack? Can you describe me it? The guys at Powerful Greek Army have been getting involved with ops hitting SeaWorld with a huge dd0s attack in the last few days. Also a few other Animal Rights Hacktivists have had a few whale meat sellers sites de-hosted. (Many thanks to all) What are the 4 tools that cannot be missed in the hacker’s arsenal and why? A range of vulnerability scanners, patience, determination and most importantly a trust worthy team. Which are the most interesting hacking communities on the web today, why? The guys at Anon Rising are doing a great job building up an IRC and support Base for anons and Ops. How do you choose your targets? Targets are connected to the whaling industry ~ the sale and transport of whale meat and governments that approve whaling. Also any company connected with the trade in dolphins and their incarceration. We often hear about cyber weapons and cyber attacks against critical infrastructure. Do you believe it is real the risk of a major and lethal cyber attack against a critical infrastructure?  Yes,  it is just a matter of time.

CSTO Ransomware, a malware that uses UDP and Google Maps
http://securityaffairs.co/wordpress/51015/malware/csto-ransomware.html
September 7, 2016  By Pierluigi Paganini
CSTO ransomware it is able to query the Google Maps API to discover the victim’s location and connects to the C&C via UDP.
Ransomware is considered by the security experts one of the most dangerous threats to Internet users and organizations across the world. Malware authors are developing new malicious codes that implement new features to improve evasion and spreading abilities. Security researchers at BleepingComputer have reported a new ransomware dubbed Cry or CSTO because it pretends to come from the inexistent organization Central Security Treatment Organization. The CSTO ransomware was first spotted by the malware researcher MalwareHunterTeam. Once infected a machine the CSTO ransomware encrypts files and append the .cry extension to them. Like the Cerber ransomware, also the CSTO sends information to its command and control server via UDP. After infecting a computer, the CSTO ransomware collects information on the host (Windows version, installed service pack, OS version, username, computer name, and CPU type) that sends via UDP to 4096 different IP addresses, but only one of them is the C&C server. The Vxers have chosen the UDP protocol in an attempt to hide the location of the C&C server. The threat requests the payment of a 1.1 Bitcoins (more than $600) ransom in order to decrypt the files. The CSTO ransomware implements a singular feature, it leverages websites such as Imgur.com and Pastee.org to host information about victims, it is able to query the Google Maps API to discover the victim’s location using SSIDs of nearby wireless networks . The ransomware uses the WlanGetNetworkBssList function to get the nearby SSIDs, in this way it is able to determine the victim’s location, but it is not clear how the malware uses this information. “Furthermore, it will also use public sites such as Imgur.com and Pastee.org to host information about each of the victims. Last, but not least, it will query the Google Maps API to determine the victim’s location using nearby wireless SSIDs.” reported bleepingcomputer.com.The threat encrypts the file, it uploads host information along with a list of encrypted files to Imgur.com by compiling all details in a fake PNG image file and sending it to a certain album. Imgur, in turn, assigns a unique name for the image file and notifies it to the CSTO ransomware and then broadcasts the filename over UDP to inform the C&C server. Similar to other ransomware, the Cry ransomware deletes the Shadow Volume Copies using the command vssadmin delete shadows /all /quiet. In this way it prevents victims from restoring the encrypted files. The threat gains the persistency by creating a randomly named scheduled task that is triggered every time the user logs into Windows. The task also drops ransom notes on the desktop of the infected machine. The ransom note includes instructions on how to access the Tor network to reach the payment site used by the authors. “The ransom notes created by the Central Security Treatment Organization Ransomware contain links to a TOR payment site that has a Window title of User Cabinet. When a user visits this site, they will be prompted to login using the personal code from their ransom note.” continues bleepingcomputer.com. The payment site includes a support page and offers victims the possibility to decryption just one file for free as proof that it is possible to decrypt all the locked files. The researchers tested the free decryption feature, but it failed, another good reason to avoid paying the ransom.

Threatpost
Cry Ransomware Uses UDP, Imgur, Google Maps
https://threatpost.com/cry-ransomware-uses-udp-imgur-google-maps/120383/
by Chris Brook September 6, 2016 , 2:40 pm
Ransomware purporting to come from a phony government agency, something called the Central Security Treatment Organization, has been making the rounds, researchers say. The ransomware, which is already known by a number of names including Cry, CSTO ransomware, or Central Security Treatment Organization ransomware, uses the User Datagram Protocol (UDP) to communicate and the photo sharing service Imgur and Google Maps to carry out its infections to an extent, as well. A security researcher who goes under the guise MalwareHunterTeam discovered the malware last Thursday. Lawrence Abrams, who runs BleepingComputer.com, helped analyze the ransomware alongside MalwareHunterTeam and security researcher Daniel Gallagher. Abrams discussed their collected findings in a blog post Monday night. The three point out that the ransomware is still being analyzed so many of the details around it are still hazy; that includes how it’s being distributed and whether or not decryption is possible. What is known is that the malware has managed to hit 8,000 victims in almost two weeks so far. Abrams told Threatpost on Tuesday that when he started to analyze the ransomware with MalwareHunterTeam on Sept. 2 there were roughly 3,200 victims. That figure later ballooned to 6,800 two days later and when he checked on Monday, it had reached 8,000. The ransomware is still being developed too; Abrams claims Gallagher discovered a new sample earlier today. After machines are infected, Cry leaves ransom notes, “Recovery_[random_chars].html” and “!Recovery_[random_chars].txtencrypts” on a victim’s desktop, notifying them their files have been encrypted with the “.cry” extension – hence the name. The notes demand 1.1 bitcoin, or roughly $625 to decrypt them. From there, it uses the UDP protocol to relay information about the infected machine, including its Windows version, its Windows bit type, which service pack is installed, the computer’s name and CPU type to over 4,000 IP addresses. According to Abrams, this method is likely used to make it trickier for authorities to finger the command and control server’s location, a technique that has been used in the past by the Cerber ransomware strain. Researchers at Invincea saw a Cerber variant in May generating loads of outgoing UDP traffic, to the point that it was flooding subnets with UDP packets over port 6892. Experts didn’t rule out the possibility that the ransomware could be capable of carrying out a distributed denial of service attack. In addition to UDP, Cry also uses two other services not usually leveraged by ransomware: Imgur and Google Maps. The ransomware culls all the information it sends to the IP addresses and embeds it in a PNG image file and subsequently uploads to an Imgur photo gallery. “Once the file has successfully been uploaded, Imgur will respond with a unique name for the filename,” Abrams writes. “This filename (can) then be broadcasted over UDP to the 4096 IP addresses to notify the Command & Control server that a new victim has been infected.” The ransomware can also use Google Maps’ API to determine the Service Set Identifier (SSID) of packets sent by any nearby wireless networks. By using Windows’ WlanGetNetworkBssList function, Cry can get the list of wireless networks and SSIDs. After querying any SSIDs visible to the infected machine, it can use Google Maps to get the victims’ location. While the location data is no doubt valuable, Abrams claims it’s unclear what exactly it’s for, but admits it can likely be used to further scare a victim into paying. Abrams told Threatpost that while it wasn’t discovered until Sept. 1, it appears the developer behind Cry first began testing the waters several days before, on Aug. 25. Abrams, Gallagher and MalwareHunterTeam can see the developer began testing uploaded PNG files at the time with just the strings “LOLWTFAMIDOINGHERE.” While the Central Security Treatment Organization doesn’t exist, neither does the Department of Pre-Trial Settlement or the Federal Agency of Investigation, two other bogus groups that the ransomware touts itself as representing on its Tor payment site. The seal for the fake organization appears to borrow the crest, branches, and stars from the FBI’s logo and the eagle’s head from the CIA logo.

Information Security Newspaper
LuaBot Is the First Botnet Malware Coded in Lua Targeting Linux Platforms
http://www.securitynewspaper.com/2016/09/06/luabot-first-botnet-malware-coded-lua-targeting-linux-platforms/
Security Newspaper | September 6, 2016
LuaBot is the latest addition to the Linux malware scene. A trojan coded in Lua is targeting Linux platforms with the goal of adding them to a global botnet, security researcher MalwareMustDie! has reported today. For an operating system with a minuscule 2.11 percent market share, this is our third story on Linux malware in the past 24 hours, after previously reporting on the Mirai DDoS trojan and the Umbreon rootkit. LuaBot falls into the same category as Mirai because its primary purpose is to compromise Linux systems, IoT devices or web servers, and add them as bots inside a bigger botnet controlled by the attacker. LuaBot most likely used for DDoS attacks At the time of writing, this botnet’s purpose is currently unknown, but MalwareMustDie told Softpedia on Twitter that the code for launching packet floods (DDoS attacks) is there, only that he wasn’t able to confirm the functionality yet. At the moment, the LuaBot trojan is packed as an ELF binary that targets ARM platforms, usually found in embedded (IoT) devices. Based on his experience, this seems to be the first Lua-based malware family packed as an ELF binary spreading to Linux platforms. Unlike Mirai, which is the fruit of a two-year-long coding frenzy, LuaBot is in its early stages of development, with the first detection being reported only a week ago and a zero detection rate on VirusTotal for current samples. Since it’s only a one-week-old malware strain, details are scarce about its distribution and infection mechanism. LuaBot author challenges security researchers MalwareMustDie has managed to reverse-engineer some of the trojan’s code and discovered that the bot communicates with a C&C server hosted in the Netherlands on the infrastructure of dedicated server hosting service WorldStream.NL. The researcher also found that LuaBot’s brazen developer left a message behind for all the infosec professionals trying to deconstruct his code. The message reads, “Hi. Happy reversing, you can mail me: [REDACTED .ru email address].” Additionally, MMD also discovered code labeled as “penetrate_sucuri,” alluding to features capable of skirting Sucuri’s infamous Web Application Firewall, a cyber-security product that has stopped many web threats in the past. MMD told Softpedia that “it seems the function is there […] coded with that purpose,” but the researcher later admitted that “I don’t know the Sucuri WAF much, so I can not test it.” Softpedia has reached out to Sucuri, and we’ll update the article if this function proves to be a successful firewall bypass or just an unfinished piece of code.


 Jupiter Broadcasting
Ham, Radio & Pie, Oh My! | BSD Now 158
September 8, 2016
http://www.jupiterbroadcasting.com/102941/ham-radio-pie-oh-my-bsd-now-158/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0158-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/bsd-0158.mp3

I Can’t Believe It’s Not Ethernet | TechSNAP 283
http://www.jupiterbroadcasting.com/102961/i-cant-believe-its-not-ethernet-techsnap-283/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0283-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/techsnap-0283.mp3

Jupiter Broadcasting
Net Scaling Privacy (Flix Style) | BSD Now 159
http://www.jupiterbroadcasting.com/103086/net-scaling-privacy-flix-style-bsd-now-159/

Buffalo Overflow | TechSNAP 284
http://www.jupiterbroadcasting.com/103141/buffalo-overflow-techsnap-284/



 Jupiter Broadcasting 
EuroBSD Dreamin’ | BSD Now 160
September 22, 2016
http://www.jupiterbroadcasting.com/103306/eurobsd-dreamin-bsd-now-160/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0160-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/bsd-0160.mp3
OpSec for Script Kiddies | TechSNAP 285
http://www.jupiterbroadcasting.com/103321/opsec-for-script-kiddies-techsnap-285/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0285-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/techsnap-0285.mp3

Tor Project
Tor 0.2.9.3-alpha is released, with important fixes
https://blog.torproject.org/blog/tor-0293-alpha-released-important-fixes
Posted September 23rd, 2016 by nickm
Tor 0.2.9.3-alpha adds improved support for entities that want to make high-performance services available through the Tor .onion mechanism without themselves receiving anonymity as they host those services. It also tries harder to ensure that all steps on a circuit are using the strongest crypto possible, strengthens some TLS properties, and resolves several bugs -- including a pair of crash bugs from the 0.2.8 series. Anybody running an earlier version of 0.2.9.x should upgrade.

Tor 0.2.8.8 is released, with important fixes
https://blog.torproject.org/blog/tor-0288-released-important-fixes
Posted September 23rd, 2016 by nickm
Tor 0.2.8.8 fixes two crash bugs present in previous versions of the 0.2.8.x series. Relays running 0.2.8.x should upgrade, as should users who select public relays as their bridges. You can download the source from the Tor website. Packages should be available over the next week or so.

https://www.torproject.org/dist/tor-0.2.8.8.tar.gz
https://www.torproject.org/dist/tor-0.2.8.8.tar.gz.asc
https://www.torproject.org/dist/tor-0.2.9.3-alpha.tar.gz
https://www.torproject.org/dist/tor-0.2.9.3-alpha.tar.gz.asc

 Motherboard 
US to Transfer Internet DNS Oversight After GOP Sabotage Effort Fails
Sam Gustin Correspondent * October 1, 2016 // 01:00 PM EST
http://motherboard.vice.com/read/us-to-transfer-internet-dns-oversight-after-gop-sabotage-effort-fails
The United States government moved to relinquish stewardship of key internet technical functions on Saturday, paving the way for a private, international non-profit group to assume oversight of the internet’s core naming directory. Tech policy experts say the historic transfer of US stewardship over the Domain Name System (DNS) to an independent group of global stakeholders will help ensure internet openness and freedom. The transition moved forward after a last-ditch Republican effort to sabotage the handover was rejected by a federal judge late Friday. The oversight transfer, which has been in the works for nearly two decades, is largely clerical in nature, and is unlikely to even be noticed by internet users. But that didn’t stop Republicans like Sen. Ted Cruz of Texas and presidential candidate Donald Trump from using scare-tactics to try to scuttle the plan for political gain. “This is a symbolic, but important step in preserving the stability and openness of the internet, which impacts free speech, our economy and our national security,” Ed Black, President & CEO of the Computer & Communications Industry Association, which represents companies like Google, Amazon, and Facebook, said in an emailed statement. Starting Saturday, stewardship of the Internet Assigned Numbers Authority (IANA) functions, including the DNS, which translates website names like vice.com into numeric internet protocol (IP) addresses, will be fully overseen by a Los Angeles-based nonprofit group of international stakeholders called the Internet Corporation for Assigned Names and Numbers (ICANN). On Wednesday, four Republican state attorneys general sued the Obama administration in Texas federal court in order to block the transition. In their lawsuit, the attorneys general for Arizona, Oklahoma, Nevada and Texas argued that the move would violate US law and imperil US national security—spurious claims that have been debunked by US officials and tech policy experts. Late Friday, Galveston, Texas federal judge George Hanks Jr. denied the state attorneys general request for an injunction, clearing the way for the transition to move forward. On Saturday morning, the US government allowed its contract with ICANN to expire, which means that ICANN will now assume sole stewardship over key internet naming functions. “This decision is another clear sign that efforts from a fringe group to block the IANA transition are misguided and irresponsible.” Sen. Brian Schatz, the Democrat from Hawaii who serves as Ranking Member of the Senate Subcommittee on Communications, Technology, Innovation, and the Internet, said he was “glad the court found this lawsuit to be baseless, and appropriately threw it out.” “This decision is another clear sign that efforts from a fringe group to block the IANA transition are misguided and irresponsible,” Sen. Schatz said in a statement. “We can now keep our long-standing and public commitment to the global community to keep the internet open and free.” Republican arguments suggesting that the transition will undermine US interests by leading to a UN takeover of the internet are baseless, according to tech policy experts. In fact, the transition will help promote internet freedom by distributing stewardship of the global internet’s technical functions to a broad, international coalition of public and private stakeholders, ensuring that no single nation can undermine the key functions for everyone else. For more than a decade, ICANN managed the IANA functions under a contract with the Commerce Department’s National Telecommunications and Information Administration (NTIA). But the US has long made clear that it intended to relinquish oversight of the DNS oversight functions in order to facilitate “international participation” in internet governance. Leading civil society and public interest groups supported the transition, including the Internet Society, Access Now, Public Knowledge, the Center for Democracy & Technology, and New America Foundation’s Open Technology Institute. These groups argued that the transition to a multi-stakeholder model will help prevent any one nation from exercising direct government control over the internet. “No one country or entity controls the internet." For the last several weeks, Cruz and other Republicans, including Donald Trump, have been pushing false claims that the US is surrendering “control” of the internet to the UN, or perhaps more ominously, to “enemies” like Iran or China. Most tech policy experts reject those assertions because the internet is a decentralized, global “network of networks” that no single government can control. Authoritarian countries like Iran and China can and do censor the internet for their own citizens, but they have no power to exert similar repression over US consumers—and that won’t change after the governance transition, experts say. “No one country or entity controls the internet,” Assistant US Commerce Secretary and NTIA Chief Larry Strickling, who is overseeing the transition for the US government, testified before Congress last month. “The internet is a network of networks that operates with the cooperation of stakeholders around the world.” Lauren Weinstein, a veteran tech policy expert who was involved in developing the ARPANET, the precursor to the internet, blasted the last-minute efforts by Republicans to sow fear about the transition for political gain. “Anyone hearing the bizarre, false, politicized, last-ditch rants of the politicians who tried to block the transition could be excused for waking up Saturday morning and being stunned to discover that the transition took place as scheduled, and yet there was no related internet Armageddon,” Weinstein told Motherboard. “Nor will there be.”


 Jupiter Broadcasting 
Botnet of Things | TechSNAP 286
http://www.jupiterbroadcasting.com/103516/botnet-of-things-techsnap-286/
Krebs is hit with DDoS attack & then gets kicked off of Akamai. We’ll tell you about the record breaking details, Firefox puts it foot down, picking NFS or Samba…
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0286.mp4
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0286-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/techsnap-0286.mp3
http://www.podtrac.com/pts/redirect.ogg/traffic.libsyn.com/jnite/techsnap-0286.ogg

The BSD Bromance | BSD Now 161
http://www.jupiterbroadcasting.com/103466/the-bsd-bromance-bsd-now-161/
This week on BSDNow, we’re going to be hearing about Allan’s trip to EuroBSDCon, plus an Interview about “Bro on BSD”! Stay tuned for your place to B…SD!
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0161-432p.mp4
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0161.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/bsd-0161.mp3
http://www.podtrac.com/pts/redirect.ogg/traffic.libsyn.com/jnite/bsd-0161.ogg

DeepDotWeb
Brian Krebs Attacked By Hackers: Largest DDoS Attack Against A Security Blogger
https://www.deepdotweb.com/2016/10/03/brian-krebs-attacked-hackers-largest-ddos-attack-security-blogger/
Posted by: Benjamin Vitáris October 3, 2016
Brian Krebs, a top security blogger who writes on the Krebs on Security blog, was attacked by a massive DDoS attack, recently. A giant botnet made up with things connected to the internet, such as lightbulbs, cameras, and thermostats, had launched the largest DDoS attack ever delivered with the use of IoT (internet of things) devices. The attack was so big that Akamai, the CDN (content delivery network) and cloud service provider of Krebs, has canceled the security blogger’s account. The reason for the cancellation was not that Akamai couldn’t mitigate the attack, but they used so many resources for protection that it became rather expensive, according to Andy Ellis, the firm’s Chief Security Officer. The delivery network stopped protection for the Krebs on Security blog after 665 Gbps of traffic overwhelmed the security expert’s site on Tuesday. The attack’s size was almost over the double what Akamai had ever seen before. Ellis says it will take time to analyze and come up with more effective mitigation tools for this IoT botnet. The Akamai CSO added the attack was similar to the 2010 attacks of Anonymous where they used the open source, low-orbit ion cannon tool, or to the 2014 DDoS attacks launched from compromised Joomla and WordPress servers. According to Ellis, this is a lesson for companies to have a better system against DDoS attacks. The Krebs on Security attack is a work of a botnet made up of IoT devices, Ellis says. So many devices were used in the breach that the hacker didn’t even have to amplify the impact of the individual devices. “We’re still trying to size it,” Ellis said estimating the number of IoT devices used in the attack to a million. “We think that might be an overestimate but it’s also possible that will be a real estimate once we get into the numbers.” According to Dave Lewis, a global security advocate for Akamai, with estimates of 21 billion IoT devices by 2020, the size of the botnets created for attacks could be massive. “What if an attacker injects code into devices to create a Fitbit botnet?” Lewis said. “Researchers have already shown it’s possible to wirelessly load malware onto a Fitbit in less than 10 seconds so the possibility isn’t fantastic. “It’s possible they are faking it or it’s possible it’s a camera that was doing these attacks. There are indicators that there are IoT devices here, at scale.” Ellis says the attack didn’t use any reflection or amplification and it consisted of legitimate HTTP requests. Some things are still unknown, for example, who is behind the attack and what method did they used to infect the devices. According to Ellis, Akamai had contacted other websites where they reported similar, but smaller attacks from the same botnet. Many of the sites were related to gaming, and Krebs wrote about such attacks so there could be a connection between them.

Soylent News
Systemd Crashing Bug
posted by CoolHand on Tuesday October 04, @08:46PM
http://7rmath4ro2of2a42.onion/article.pl?sid=16/10/04/2258217
mechanicjay writes: Security researcher and MateSSL founder, Andrew Ayer has uncovered a bug which will either crash or make systemd unstable (depending on who you talk to) on pretty much every linux distro. David Strauss posted a highly critical response to Ayer. In true pedantic nerd-fight fashion there is a bit of back and forth between them over the "true" severity of the issue and what not. Nerd fights aside, how you feel about this bug, will probably largely depend on how you feel about systemd in general. The following command, when run as any user, will crash systemd: NOTIFY_SOCKET=/run/systemd/notify systemd-notify "" After running this command, PID 1 is hung in the pause system call. You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system. The system feels generally unstable (e.g. ssh and su hang for 30 seconds since systemd is now integrated with the login system). All of this can be caused by a command that's short enough to fit in a Tweet. Edit (2016-09-28 21:34): Some people can only reproduce if they wrap the command in a while true loop. Yay non-determinism!

https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet

A zero day flaw in OpenJPEG JPEG 2000 could lead arbitrary code execution
http://securityaffairs.co/wordpress/51860/hacking/jpeg-2000-zero-day.html
October 2, 2016  By Pierluigi Paganini
Cisco Talos Team disclosed a zero-day flaw affecting the JPEG 2000 image file format parser implemented in the OpenJPEG library.
  Security experts at Cisco Talos group have discovered a serious vulnerability (TALOS-2016-0193/CVE-2016-8332) affecting the JPEG 2000 image file format parser implemented in OpenJPEG library. An attacker could exploit the flaw to trigger the heap corruption and execute arbitrary code on the target system. “This particular vulnerability could allow an out-of-bound heap write to occur, resulting in heap corruption and lead to arbitrary code execution. Talos has disclosed this vulnerability responsibility to the library maintainers to ensure a patch is available.” states the security advisory published by Talos. The experts successfully tested the JPEG 2000 image exploit on the OpenJpeg openjp2 2.1.1.The security experts have has ethically reported the security flaw to the library maintainers to ensure a patch is available. The flaw has a serious impact because the JPEG 2000 file format is commonly used for embedding images inside PDF documents. In order to exploit the vulnerability, an attacker has to trick victims into opening a file containing a specifically crafted JPEG 2000 image that triggers the flaw. A first attack scenario sees attackers sending an email to the targets, the malicious message will include a PDF document including a specifically crafted JPEG 2000 image, or in a hosted content scenario where a user downloads a file from Google Drive or Dropbox. Attackers could also leverage on cloud storage like Google Drive or Dropbox where he hosts a specifically crafted JPEG 2000 image, then he will share the link to the picture. Experts from Talos have also released Snort Rules (40314-40315) that could help experts in detecting attempts to exploit the flaw. Cisco Talos group also announced that additional rules may be released at a future date informing users that current rules are subject to change pending additional vulnerability information. Below the Timeline of the Vulnerability.

DefecTor – Deanonymizing Tor users with the analysis of DNS traffic from Tor exit relays
http://securityaffairs.co/wordpress/51848/deep-web/defector-tor-deanonymizing.html
October 2, 2016  By Pierluigi Paganini
Researchers devised two correlation attacks, dubbed DefecTor, to deanonymize Tor users using also data from observation of DNS traffic from Tor exit relays.
Law enforcement and intelligence agencies dedicate an important commitment in the fight of illegal activities in the Dark Web where threat actors operate in a condition of pseudo-anonymity. A group of security researchers at the Princeton University, Karlstad University and KTH Royal Institute of Technology have devised two new correlation attack technique to deanonymize Tor users. “While the use of Tor constitutes a significant privacy gain over off-the-shelf web browsers, it is no panacea, and the Tor Project is upfront about its limitations. These limitations are not news to the research community. It is well understood that low-latency anonymity networks such as Tor cannot protect against so-called global passive adversaries. We define such adversaries as those with the ability to monitor both network traffic that enters and exits the network.” says Phillip Winter, a researcher at Princeton University that was involved in the research. The techniques were dubbed DefecTor by the researchers, they leverage on the observation of the DNS traffic from Tor exit relays, for this reason, the methods could integrate existing attack strategies. “We show how an attacker can use DNS requests to mount highly precise website fingerprinting attacks: Mapping DNS traffic to websites is highly accurate even with simple techniques, and correlating the observed websites with a website fingerprinting attack greatly improves the precision when monitoring relatively unpopular websites. ” reads the analysis published by the researchers. “
“Our results show that DNS requests from Tor exit relays traverse numerous autonomous systems that subsequent web traffic does not traverse. We also find that a set of exit relays, at times comprising 40% of Tor’s exit bandwidth, uses Google’s public DNS servers—an alarmingly high number for a single organization. We believe that Tor relay operators should take steps to ensure that the network maintains more diversity into how exit relays resolve DNS domains.” The test results obtained with the DefecTor technique are excellent anyway we have to consider that such attacks request a significant effort, typically spent by persistent attackers like government bodies. The simulations of the attacks conducted by the researchers allowed them to identify the vast majority of the visitors to unpopular visited sites. The experts highlighted that Google operates public DNS servers that observe almost 40% of all DNS requests exiting the Tor network, a privileged point of observation for attackers. Google is also able to monitor some network traffic that is entering the Tor network, the experts reported as an example the traffic via Google Fiber or via guard relays that are occasionally running in Google’s cloud. “Additionally, Google can monitor some network traffic that is entering the Tor network: for example, via Google Fiber, via guard relays that are occasionally run in Google’s cloud, and formerly via meek app engine, which is now defunct,” Winter explains. The experts also remark that DNS requests could be used to obtain other precious information about the traffic of Tor users, they traverse autonomous systems and Internet exchanges. “there are entities on the Internet such as ISPs, autonomous systems, or Internet exchange points that can monitor some DNS traffic but not web traffic coming out of the Tor networkand potentially use the DNS traffic to deanonymize Tor users.” says Winter. “Past traffic correlation studies have focused on linking the TCP stream entering the Tor network to the one(s) exiting the network. We show that an adversary can also link the associated DNS traffic, which can be exposed to many more autonomous systems than the TCP stream.” The researchers also developed a tool, dubbed “DNS Delegation Path Traceroute” (dptr), that could be used to determine the DNS delegation path for a fully qualified domain name. The tool runs UDP traceroutes to all DNS servers on the path that are then compared to a TCP traceroute to the web server behind the same fully qualified domain name. On the other side, experts from the Tor Project are already working on a series of significant improvements to the popular anonymizing network. In March the Tor Project revealed how the organization has conducted a three-year long work to improve its ability to detect fraudulent software. While Tor developers are already working on implementing techniques to make website fingerprinting attacks harder to execute, there are other actions that can be taken to prevent DefecTor attacks, such as Tor relay operators ensuring that the network maintains more diversity in how exit relays resolve DNS domains. The experts invite the security community to review their paper, for further information visit the DefecTor project page.



BBC News
 NSA government contractor stole classified files 
http://tornews3zbdhuan5.onion/newspage/53811/
A National Security Agency contractor has been arrested, accused of taking top secret information, officials say. Harold Thomas Martin III is charged with theft of government property and unauthorised removal of "highly classified" materials. The 51-year-old had a top secret national security clearance and faces 10 years in prison. Mr Martin's lawyer said there was no evidence he had betrayed the US, a country he very much loved. The Justice Department said he worked for Booz Allen Hamilton, the same contractor that employed NSA leaker Edward Snowden. Six of the documents found in Mr Martin's possession were classified as top secret, "meaning that unauthorized disclosure reasonably could be expected to cause exceptionally grave damage to the national security of the US", the Justice Department said. According to a warrant, Mr Martin was arrested two days after his Glen Burnie, Maryland, home, garage and vehicle were searched on 27 August this year. The FBI said Mr Martin at first denied taking the documents, but later admitted removing documents and digital files. James Wyda, Mr Martin's lawyer, told the Baltimore Sun his client has yet to be proven guilty of the charges. "There's no evidence that Hal Martin has betrayed his country," Mr Wyda said. "What we do know is that Hal Martin loves his family and his country. He served this nation honourably in the US Navy and he has devoted his entire life to protecting his country." Mr Martin faces up to 10 years in prison for the theft of government property, and up to one year for the removal of classified materials. The New York Times, which broke the story, said Mr Martin was suspected of taking the NSA's "source code" used to hack into the systems of Russia, China, Iran and North Korea. "A large percentage of the materials recovered from Martin's residence and vehicle bore markings indicating that they were property of the United States and contained highly classified information of the United States," FBI Special Agent Jeremy Bucalo wrote. "The disclosure of the documents would reveal those sensitive sources, methods, and capabilities." John Carlin, the Justice Department's top national security official, said the arrest underlined the threat posed by insiders.
Clearnet Link
http://www.bbc.co.uk/news/world-us-canada-37568879

 Jupiter Broadcasting 

The Foundation of NetBSD | BSD Now 162
http://www.jupiterbroadcasting.com/103626/the-foundation-of-netbsd-bsd-now-162/
This week on the show, we’ll be talking to Petra about the NetBSD foundation & how they operate and assist NetBSD behind the scenes. That plus lots of news about the pending 11.0-RELEASE of FreeBSD & more! 

http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0162-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/bsd-0162.mp3

Open Source Botnet | TechSNAP 287
http://www.jupiterbroadcasting.com/103671/open-source-botnet-techsnap-287/

The Source code for a historic botnet has been released, the tale of a DNS packet & four ways to hack ATMs.
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0287-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/techsnap-0287.mp3


 Jupiter Broadcasting 
Internet of Default Passwords | TechSNAP 288
http://www.jupiterbroadcasting.com/103901/internet-of-default-passwords-techsnap-288/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0288-432p.mp4
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0288.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/techsnap-0288.mp3
http://www.podtrac.com/pts/redirect.ogg/traffic.libsyn.com/jnite/techsnap-0288.ogg

Return of the Cantrill | BSD Now 163
http://www.jupiterbroadcasting.com/103871/return-of-the-cantrill-bsd-now-163/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0163-432p.mp4
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0163.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/bsd-0163.mp3
http://www.podtrac.com/pts/redirect.ogg/traffic.libsyn.com/jnite/bsd-0163.ogg

TOR PROJECT
Tor 0.2.8.9 is released, with important fixes
Posted October 17th, 2016 by nickm 
https://blog.torproject.org/blog/tor-0289-released-important-fixes

Tor 0.2.8.9 backports a fix for a security hole in previous versions of Tor that would allow a remote attacker to crash a Tor client, hidden service, relay, or authority. All Tor users should upgrade to this version, or to 0.2.9.4-alpha. Patches will be released for older versions of Tor.

You can download the source from the Tor website. Packages should be available over the next week or so.

Below is a list of changes since 0.2.8.8.
Changes in version 0.2.8.9 - 2016-10-17

    Major features (security fixes, also in 0.2.9.4-alpha):
        Prevent a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening. With this defense in place, such bugs can't crash Tor, though we should still fix them as they occur. Closes ticket 20384 (TROVE-2016-10-001). 
    Minor features (geoip):
        Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2 Country database.

TOR PROJECT
Tor 0.2.9.4-alpha is released, with important fixes
Posted October 17th, 2016 by nickm
https://blog.torproject.org/blog/tor-0294-alpha-released-important-fixes

Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor that would allow a remote attacker to crash a Tor client, hidden service, relay, or authority. All Tor users should upgrade to this version, or to 0.2.8.9. Patches will be released for older versions of Tor.

Tor 0.2.9.4-alpha also adds numerous small features and fix-ups to previous versions of Tor, including the implementation of a feature to future- proof the Tor ecosystem against protocol changes, some bug fixes necessary for Tor Browser to use unix domain sockets correctly, and several portability improvements. We anticipate that this will be the last alpha in the Tor 0.2.9 series, and that the next release will be a release candidate.

You can download the source from the usual place on the website. Packages should be available over the next several days. Remember to check the signatures!

Please note: This is an alpha release. You should only try this one if you are interested in tracking Tor development, testing new features, making sure that Tor still builds on unusual platforms, or generally trying to hunt down bugs. If you want a stable experience, please stick to the stable releases.

Below are the changes since 0.2.9.3-alpha.
Changes in version 0.2.9.4-alpha - 2016-10-17

    Major features (security fixes):
        Prevent a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening. With this defense in place, such bugs can't crash Tor, though we should still fix them as they occur. Closes ticket 20384 (TROVE-2016-10-001). 
    Major features (subprotocol versions):
        Tor directory authorities now vote on a set of recommended subprotocol versions, and on a set of required subprotocol versions. Clients and relays that lack support for a _required_ subprotocol version will not start; those that lack support for a _recommended_ subprotocol version will warn the user to upgrade. Closes ticket 19958; implements part of proposal 264.
        Tor now uses "subprotocol versions" to indicate compatibility. Previously, versions of Tor looked at the declared Tor version of a relay to tell whether they could use a given feature. Now, they should be able to rely on its declared subprotocol versions. This change allows compatible implementations of the Tor protocol(s) to exist without pretending to be 100% bug-compatible with particular releases of Tor itself. Closes ticket 19958; implements part of proposal 264. 
...

TOR STABLE
http://torsiteyqk5ajx5o.onion/dist/tor-0.2.8.9.tar.gz
http://torsiteyqk5ajx5o.onion/dist/tor-0.2.8.9.tar.gz.asc

https://www.torproject.org/dist/tor-0.2.8.9.tar.gz
https://www.torproject.org/dist/tor-0.2.8.9.tar.gz.asc

http://torsiteyqk5ajx5o.onion/docs/verifying-signatures.html.en


TOR ALPHA
http://torsiteyqk5ajx5o.onion/dist/tor-0.2.9.4-alpha.tar.gz
http://torsiteyqk5ajx5o.onion/dist/tor-0.2.9.4-alpha.tar.gz.asc

https://www.torproject.org/dist/tor-0.2.9.4-alpha.tar.gz
https://www.torproject.org/dist/tor-0.2.9.4-alpha.tar.gz.asc

https://www.torproject.org/docs/verifying-signatures.html.en



 >>/616/
This pdf file is an index of http hyperlinks to wikileaks documents.  If you click on the links in the pdf it will open up your web-browser and navigate there in plain text (clearnet) deanonymizing you as a user of this website (Endchan).  A website based version of this index would be a better idea, then you could browse it behind tor, I'm sure wikileaks has a search engine on their website. I didn't post this but download and use at your own discretion.  

If you do so, use safedown.sh, safemode.sh, pdfclean.sh to build good habits when dealing with strange pdfs from the internet, view with firejail with no internet protocols.

DeepDotWeb
Blockchain Technology May Be Borrowed By DARPA To Secure Military Networks
http://deepdot35wvmeyd5.onion/2016/10/20/blockchain-technology-may-borrowed-darpa-secure-military-networks/

[CLEARNET]
https://www.deepdotweb.com/2016/10/20/blockchain-technology-may-borrowed-darpa-secure-military-networks/
[CLEARNET]

Posted by: DeepDotWeb October 20, 2016

Blockchain, the technology that underlies digital cryptocurrencies such as Bitcoin, has acquired a different identity. According to Steve Norton’s article “CIO Explainer: What Is Blockchain?” published in the Wall Street Journal, he explains how the technology is emerging as an alternative way for companies to instantaneously make and verify their network transactions. A considerable number of firms are experimenting with Blockchain technology for different purposes. The Defense Advanced Research Projects Agency (DARPA) is studying the possible implementation of the Blockchain technology as a way of securing sensitive military systems; which could also help in ensuring the safe storage of nuclear weapons. The Blockchain technology provides a number of benefits which are the main reasons why it has caused a stir in the technology as well as the business world. Its major benefit is security. Blockchain allows the universal recording of all transactions taking place into “blocks,” which are then chronologically and cryptographically bound together into a “chain.” The security advantage also arises from the one-way nature of the blockchain encryption process which prevents the ledgers from being tampered with. In the case of Bitcoin, it makes sure that all Bitcoins sent from wallet to wallet can be accounted for and tracked. The transaction ledgers are stored in multiple locations. This distributed nature makes hacking more difficult, unlike when a centralized ledger is used. It makes data secure by making it almost impossible to hide activity by modifying the data since there are multiple copies of the database on different computers across the network. According to Timothy Booher, the leader of DARPA’s Blockchain implementation efforts, Blockchain makes it difficult to modify or steal system files. Using the analogy of castle defense, he explains that despite the implementation of more and more security policies and measures, hackers can still find a way in; much like people can still get into a castle despite efforts to build high walls and seal cracks. It’s important to know who got in and what activities they carried out while inside. With Blockchain technology, this type of information is securely logged and cannot be altered. The technology can help avoid instances where agencies are not even aware they have been hacked until it’s too late to stop their private data from being made public. Progress has so far been made in DARPA’s efforts with formal verification being carried out. A computer security firm was contracted by DARPA to test a Blockchain implementation which was provided by a different contractor. This process is carried out to make sure that the technology implemented works as intended. Depending on the findings of the verification, DARPA may implement Blockchain to monitor information integrity in military systems that require high security such the nuclear weapon and satellite surveillance control systems. Such an implementation would enhance security by making it extremely difficult to alter information. It would also make it possible to easily and accurately detect any access or change to any file by providing an immutable record. Even though bitcoin has previously had some problems and its ability to gain universal acceptance as a substitute for regular money is questioned, the blockchain technology might just change the world, as reported by Extreme Tech.

 >>/617/
https://file.wikileaks.org/

Basically, the PDF is an alphabetical list. I just posted the PDF link from this blog post here: https://www.armstrongeconomics.com/international-news/north_america/2016-u-s-presidential-election/here-is-the-wikileaks-index-to-files/

Jupiter Broadcasting
Virtualized COW / PI? | BSD Now 164
http://www.jupiterbroadcasting.com/104056/virtualized-cow-pi-bsd-now-164/

http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0164-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/bsd-0164.mp3

Long Broken SSL History | TechSNAP 289
http://www.jupiterbroadcasting.com/104096/long-broken-ssl-history-techsnap-289/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0289-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/techsnap-0289.mp3
http://www.podtrac.com/pts/redirect.ogg/traffic.libsyn.com/jbmirror/techsnap-0289.ogg


DeepDotWeb
Tor’s Biggest Threat – Correlation Attack
http://deepdot35wvmeyd5.onion/2016/10/25/tors-biggest-threat-correlation-attack/
Posted by Filip Jelic October 25, 2016
Throughout the years of Tor existence many users lost their anonymity. I’m going to explain a technique called “Correlation Attack” that government agencies used in the past for that purpose. These include exploiting human errors as well as highly sophisticated mathematical methods exploiting software flaws. This attack has been around since Tor widespread usage began and it seems like it isn’t going anywhere in the recent future. An attacker controlling the first and last router in a Tor circuit can use timing and data properties to correlate streams observed at those routers and therefore break Tor’s anonymity.
No simple patch can be made that can prevent this method because it’s not exploiting any bug, but rather uses math (probability and statistics) and attacks the logic of Tor network. With that said, there are ways to made this task much more difficult, but they are usually rejected to preserve low latency. Some attacks are not even against software, but against users. For example, if dark market admin shared some information about himself such as state, age and/or past criminal activities, it becomes feasible for government agencies to monitor all possible suspects’ internet activity and try to see which one connects to the Tor network at the same time admin comes online. Previous example was easy, let’s analyze a case where targets are smarter and disclose zero information about themselves. The idea is to control a sizeable portion of Tor relays and hopefully, as many guards (1st relay that knows your IP address) and exit relays (those that connect to server). It’s already clear that this attack needs good sponsorship and is mostly done by government agencies. Reason behind this is that Tor counts over 7000 relays and over 2 million daily users. Since Tor employs volunteer resource model, anyone is encouraged to start any number of relays to help Tor network. One that controls a sizeable portion of relays has a chance of “serving” as guard and end relay for the same user. It’s only a matter of time when you will start using compromised circuit.Attacker uses automatic packet analysis on both relays to calculate a correlation coefficient. The most useful variables are timing, packet size and frequency. Although this information gives the attacker pretty good idea which website you are visiting, because of huge size of Tor network there are many false positives. Exact percentage of these conclusion greatly vary on what kind of traffic you are making. For example, the easiest target is the one that is downloading some files because there are many sizeable packets to compare. One that is simply browsing a website is doing the same as thousands of other users and a chance for false positives increases. According to this paper, 80% of users can de deanonymized in the period of six months by realistic adversaries. This is no proof on court because of possible false positives (ranges from 5-10% depending on the correlation algorithm), but provides enough suspicion to start further monitoring. It’s very likely that Carnegie Mellon University attack on Tor network was indeed correlation attack. The information about Tor users was then sold to FBI for $1 million. At the time (early 2014), Tor relays could easily confirm their suspicion by adding an arbitrary value to the packet and check for it on the other end to reach the level of certainty. This was quickly patched, but correlation attack is still not prevented. This attack was pitfall for many websites and their users including Silk Road 2.0 and 2 child porn sites. Good thing is that Tor contributors are well aware of this attack. The Tor Project is already working on techniques that make website fingerprinting attacks less effective. You shouldn’t be concerned about these attacks if you’re using a trusted VPN to connect to Tor network because this attack won’t yield your IP address, but the one belonging to a proxy server. Be aware that all VPNs must obey the laws of the country they reside in and most countries require all ISP (including VPNs) to keep the log of all users activity for a period of time (usually around 2 years) and provide that information if the court issues a warrant. Even if VPN resides in a country that has no such laws, they might be selling your information. Thankfully, deepdotweb offers great advice on choosing the right VPN. Before you comment “VPN + Tor sucks”, read what Tor developers have to say on this topic. Using VPN has both its benefits and downsides, I recommended using VPN because it saves you from this particular attack. My opinion is that the quality of VPN is all that matters. If they log your data, they will only make government agencies wait for a warrant. They’ll sell it to everyone that offers some money too. On the other hand, no-log VPN can be invaluable. P.S. I believe all VPNs keep logs – why wouldn’t they? You can’t know it anyway. And I can’t persuade myself that they would refuse money for my identity either. At least some VPNs don’t have to give up our identity to law enforcement agencies, which is nice.





Jupiter Broadcasting

Vote4BSD | BSD Now 165
http://www.jupiterbroadcasting.com/104231/vote4bsd-bsd-now-165/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0165-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/bsd-0165.mp3

Internet Snow Day | TechSNAP 290
http://www.jupiterbroadcasting.com/104286/internet-snow-day-techsnap-290/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0290-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/techsnap-0290.mp3

Ars Technica
“Most serious” Linux privilege-escalation bug ever is under active exploit (updated) Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access.
http://arstechnica.com/security/2016/10/most-serious-linux-privilege-escalation-bug-ever-is-under-active-exploit/
Dan Goodin - Oct 20, 2016 8:20 pm UTC
A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible. While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild. "It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time." The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important." As their names describe, privilege-escalation or privilege-elevation vulnerabilities allow attackers with only limited access to a targeted computer to gain much greater control. The exploits can be used against Web hosting providers that provide shell access, so that one customer can attack other customers or even service administrators. Privilege-escalation exploits can also be combined with attacks that target other vulnerabilities. A SQL injection weakness in a website, for instance, often allows attackers to run malicious code only as an untrusted user. Combined with an escalation exploit, however, such attacks can often achieve highly coveted root status. The in-the-wild attacks exploiting this specific vulnerability were found by Linux developer Phil Oester, according to an informational site dedicated to the vulnerability. It says Oester found the exploit using an HTTP packet capture, but the site doesn't elaborate. Update: In e-mails received about nine hours after this post went live, Oester wrote: Any user can become root in &lt 5 seconds in my testing, very reliably. Scary stuff. The vulnerability is easiest exploited with local access to a system such as shell accounts. Less trivially, any web server/application vulnerability which allows the attacker to upload a file to the impacted system and execute it also works. The particular exploit which was uploaded to my system was compiled with GCC 4.8.5 released 20150623, though this should not imply that the vulnerability was not available earlier than that date given its longevity. As to who is being targeted, anyone running Linux on a web facing server is vulnerable. For the past few years, I have been capturing all inbound traffic to my webservers for forensic analysis. This practice has proved invaluable on numerous occasions, and I would recommend it to all admins. In this case, I was able to extract the uploaded binary from those captures to analyze its behavior, and escalate to the appropriate Linux kernel maintainers. The vulnerability, a variety known as a race condition, was found in the way Linux memory handles a duplication technique called copy on write. Untrusted users can exploit it to gain highly privileged write-access rights to memory mappings that would normally be read-only. More technical details about the vulnerability and exploit are available here, here, and here. Using the acronym derived from copy on write, some researchers have dubbed the vulnerability Dirty COW. Disclosure of the nine-year-old vulnerability came the same week that Google researcher Kees Cook published research showing that the average lifetime of a Linux bug is five years. "The systems using a Linux kernel are right now running with security flaws," Cook wrote. "Those flaws are just not known to the developers yet, but they’re likely known to attackers."


DeepDotWeb
Windows 0-day Exploited in the Wild
http://deepdot35wvmeyd5.onion/2016/11/04/windows-0-day-exploited-wild/
Posted by: Filip Jelic November 4, 2016

Google’s Threat Analysis Group found a zero-day vulnerability – CVE-2016-7855, notified Adobe and Microsoft on October 21st and released it after a short period. This is yet another zero-day regarding flash software on Windows. Adobe patched it on October 26th while Microsoft said Windows patch will be ready on November 8th. Vulnerability was publicly disclosed on October 31st which means there is still a window of one week in which Windows users are vulnerable. Google stated that it was already being exploited in the wild which is why they published it. Affected systems are Windows Vista and newer. All users are advised to update their Flash and browser software, and Windows as soon as the patch arrives. According to this document by Google, Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability. Also, Microsoft published that users of Microsoft are safe on Windows 10 and Microsoft Edge browser. What you need to know to understand this vulnerability When you watch a video in your browser, it is viewed in a sandbox environment. It enables security restrictions for iframe elements that contain untrusted content. These restrictions enhance security by preventing untrusted content from performing actions that can lead to potentially malicious behavior. Sandboxes usually restrict calls to system functions that are not needed to non-malicious files. System call is the programmatic way in which a program requests a service from the kernel of the operating system it is executed on. This may include hardware-related services (for example, accessing a hard disk drive), creation and execution of new processes, and communication with integral kernel services such as process scheduling. System calls provide an essential interface between a process and the operating system. System calls can be roughly grouped into five major categories:  1. Process Control – create, execute, terminate, get/set attributes.  2. File management – create, delete, open, close, read, write, get/set attributes.  3. Device Management – request, detach device, get/set attributes.  4. Information Maintenance – get/set time, date, control system data.  5. Communication – create/cancel connection, send and receive messages etc. On Windows, system calls are broadly split into two main types, implemented by two separate subsystems in the kernel. First, there are the NT calls, which are implemented by ntoskrnl.exe, then there are the win32k calls, which are implemented by Win32k.sys. Win32k calls tend to be associated with the graphics subsystem (which runs in the kernel on Windows, for performance and historical reasons), while ntoskrnl calls are more for the Windows NT API e.g. file access, network, POSIX. On Windows, there is no fine grained system call filtering, but each system call is responsible for verifying the access token of the caller that allows the call to be made. The Vulnerability The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Previous paragraph is all internet news say, so I decided to take a deeper look...



RT
Secret World of US Election: Julian Assange talks to John Pilger (FULL INTERVIEW) - Duration: 24 minutes.
https://youtube.com/watch?v=_sbT3_9dJY4
Cyber sabotage? US govt hackers reportedly penetrate Russian infrastructure - Duration: 7 minutes, 24 seconds.
https://youtube.com/watch?v=tMfpsSaTGvM
Million Mask March 2016: Anonymous readies for global day of action - Duration: 2 minutes, 30 seconds.
https://youtube.com/watch?v=ZmrM9UcwkD0
Assange busts ‘Russian spy’ myth in exclusive interview about leaks - Duration: 2 minutes, 51 seconds.
https://youtube.com/watch?v=hPYlmDv10Cg
Fears of chaos as hundreds join Million Mask March in London - Duration: 2 minutes, 59 seconds.
https://youtube.com/watch?v=07jt7B8oXf8


Jupiter Broadcasting
Nuclear IoT Toaster | TechSNAP 291
http://www.jupiterbroadcasting.com/104426/nuclear-iot-toaster-techsnap-291/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0291-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/techsnap-0291.mp3

Pass that UNIX Pipe | BSD Now 166
http://www.jupiterbroadcasting.com/104421/pass-that-unix-pipe-bsd-now-166/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0166-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/bsd-0166.mp3


 Jupiter Broadcasting 
November 10, 2016

Playing the Long Game | BSD Now 167
http://www.jupiterbroadcasting.com/104596/playing-the-long-game-bsd-now-167/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0167-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/bsd-0167.mp3

Unix Security Trifecta | TechSNAP 292
http://www.jupiterbroadcasting.com/104601/unix-security-trifecta-techsnap-292/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0292-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/techsnap-0292.mp3





 Jupiter Broadcasting 
The Post Show Show | BSD Now 168
http://www.jupiterbroadcasting.com/104751/the-post-show-show-bsd-now-168/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0168-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/bsd-0168.mp3

Root in 70 Seconds | TechSNAP 293
http://www.jupiterbroadcasting.com/104776/root-in-70-seconds-techsnap-293/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0293-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/techsnap-0293.mp3


Get a root shell by holding down enter, comprising a Linux desktop using an NES & PoisonTap, the impressive little hacking tool.





 Jupiter Broadcasting 
Scheduling your NetBSD | BSD Now 169
http://www.jupiterbroadcasting.com/104881/scheduling-your-netbsd-bsd-now-169/
We’re loaded and ready to go. Lots of OpenBSD news, a look at LetsEncrypt usage, the NetBSD scheduler & much more! Keep it tuned to your place to B…SD!

http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0169-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/bsd-0169.mp3

Turkey.deb | TechSNAP 294
http://www.jupiterbroadcasting.com/105026/turkey-deb-techsnap-294/
The Debian packaging flaw that exposes your server, we go over the state of the Internet… report that is & hacking 27% of the web.

http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0294-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/techsnap-0294.mp3



DeepDotWeb
US Army Prepares Bug Bounty Program, Asks Hackers to Find Cybersecurity Exploits
http://deepdot35wvmeyd5.onion/2016/11/27/us-army-prepares-bug-bounty-program-asks-hackers-find-cybersecurity-exploits/
Posted by: C. Aliens November 27, 2016 

Eric Fanning, Secretary of the Army, announced plans to set up a bug bounty. The US Army, according to the press release, partnered up with HackerOne to have eligible hackers find exploits in the Army’s cybersecurity systems. HackerOne is a “vulnerability coordination and bug bounty platform” that previously partnered with the Department of Defense for the widely successful “Hack the Pentagon.” According to HackerOne, “Hack the Pentagon” participants revealed 138 vulnerabilities in 24 days. The US Army’s program will be similar in structure. Following the initial hacking run, the Department of Defense will begin to expand these programs to other essential departments. The US Army is the first of these “bold” challenges, a HackerOne spokesperson published in a press release. So far, HackerOne has worked and had success with the following companies: Uber, Twitter, New Relic, General Motors, Github, CloudFlare, Kaspersky Labs, Panasonic Avionics, Snapchat, Zenefits—and the Department of Defense. The Secretary of Defense, Ash Carter, has been quintessential in terms of promoting this level of interaction with the private sector. Carter spoke about the usefulness of the “Hack the Pentagon” program: By allowing outside researchers to find holes and vulnerabilities on several sites and subdomains, we freed up our own cyber specialists to spend more time fixing them than finding them. The (program) showed us one way to streamline what we do to defend our networks and correct vulnerabilities more quickly. The push for this type of initiative has not been from Carter alone. After the successfulness of the DoD’s first run, the idea took off.Greg Touhill, U.S. Chief Information Security Office stated, “Frankly, if I had it my way, we would do a bug bounty across .gov and the program office in charge of the source code would reimburse the bug bounty pool once a bug is discovered.” Fanning said that these hackers would, in essence, provide an external view of the Army’s cybersecurity systems. The Army’s own cybersecurity staff know what the systems look like from the inside but skilled hackers could provide insight from an attacker’s perspective. The full details have not been released yet and the US Army has not made a full public announcement through a platform of their own. However, the HackerOne press release mentioned that only “eligible hackers will be able to try to exploit the Army’s systems.” We can expect this event to very closely mirror the previous Pentagon one. Participants had to be vetted and pass a mandatory background check before taking part in the program. In the partnership announcement, HackerOne said that the full details would be available soon. If one would like to “Hack the Army,” they recommended checking the HackerOne Twitter account: @hacker0x01.




Jupiter Broadcasting
Sandboxing Cohabitation | BSD Now 170
http://www.jupiterbroadcasting.com/105116/sandboxing-cohabitation-bsd-now-170/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0170-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/bsd-0170.mp3

Shift+F10 and Done | TechSNAP 295
http://www.jupiterbroadcasting.com/105166/shiftf10-and-done-techsnap-295/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0295-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/techsnap-0295.mp3


Jupiter Broadcasting

The APU, BSD Style! | BSD Now 171
http://www.jupiterbroadcasting.com/105291/the-apu-bsd-style-bsd-now-171/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0171-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/bsd-0171.mp3

Schoolhouse Exploits | TechSNAP 296
http://www.jupiterbroadcasting.com/105326/schoolhouse-exploits-techsnap-296/
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0296-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/techsnap-0296.mp3

Links 2.14
Nov 26 2016
http://links.twibright.com/download.php

 >>/708/

http://links.twibright.com/download/links-2.14.tar.gz
http://links.twibright.com/download/links-2.14.tar.bz2

Current version is 2.14. See ChangeLog

http://links.twibright.com/download/ChangeLog
RELEASE 2.14
Thu Nov  3 19:45:34 CET 2016 mikulas:  
Enable DECC$EFS_CHARSET on OpenVMS, so that we can browser files and directories with extended names 
Wed Nov  2 20:35:31 CET 2016 mikulas:   
Limit keepalive of ciphers with 64-bit block size to mitigate the SWEET32 attack 
Wed Nov  2 19:14:33 CET 2016 mikulas:
Disable SSL compression to avoid the CRIME attack

 >>/708/

DeepDotWeb
Firefox Zero-Day Can Be Used To Deanonymize Tor Users
Posted by: Benjamin Vitáris December 11, 2016 
http://deepdot35wvmeyd5.onion/2016/12/11/firefox-zero-day-can-used-deanonymize-tor-users/
Recently, a Firefox zero-day was being used to target Tor users. Experts say the code is nearly identical to what the Federal Bureau of Investigation used in their hack against Tor users in 2013. However, on the same day, the exploit came out, the Tor Project and Mozilla published browser updates that fixed the issues within the software. The Tor Project was notified about the zero-day by a user who posted the exploit code to the Tor mailing list from a Sigaint dark net email address. “This is a JavaScript exploit actively used against Tor Browser NOW,” the anonymous user wrote. Shortly after the user posted the exploit code, Roger Dingledine, co-founder of the Tor Project Team, confirmed the fact and said the Firefox team had been notified. He also added that Firefox found the bug and are working on a patch. On November 28, Mozilla had to update its browser for a different critical vulnerability. Several researchers started analyzing the zero-day exploit. Among the experts was Dan Guido, CEO of TrailofBits who made posted on Twitter that the zero-day exploit is “a garden-variety use-after-free, not a heap overflow” and it’s “not an advanced exploit.” The researcher added that the vulnerability is also present on the Mac OS, “but the exploit does not include support for targeting any operating system but Windows.” Security researcher Joshua Yabut told the media that the exploit code is “100% effective for remote code execution on Windows systems.” “The shellcode used is almost exactly the shellcode of the 2013 one,” a security researcher using the pseudo name “TheWack0lian” tweeted. “When I first noticed the old shellcode was so similar, I had to double-check the dates to make sure I wasn’t looking at a 3-year-old post.” The researcher referred to the payload used by the FBI to deanonymize the users of a dark web child porn site. This allowed the Bureau to tag Tor users who visited the illegal website on Freedom Hosting. The exploit code forced the browser to send sensitive data, such as MAC address, hostname, and IP address to a third-party server with a public IP address. The FBI only had to request customer information from the ISPs to acquire the identity of the hacked users. According to TheWack0lian, the malware was talking to a server assigned to French ISP OVH, however, when checked, the server seemed to be down. “The Tor malware calling home to a French IP address is puzzling, though. I’d be surprised to see a US federal judge authorize that,” Privacy advocate Christopher Soghoian tweeted after he knew about the French IP. The same day as the zero-day exploit was discovered, both Tor and Mozilla published a press release that they fixed the issue. “This release features an important security update to Firefox and contains, in addition to that, an update to NoScript (2.9.5.2).” “The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.”








Jupiter Broadcasting
December 15, 2016
A tale of BSD from yore | BSD Now 172
http://www.jupiterbroadcasting.com/105421/a-tale-of-bsd-from-yore-bsd-now-172/

This week on BSDNow, we have a very special guest joining us to tell us a tale of the early days in BSD history. That plus some new OpenSSH goodness, shell scripting utilities & much more! Stay tuned for your place to B…SD!

http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0172-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/bsd-0172.mp3

The Bourne Avalanche | TechSNAP 297
http://www.jupiterbroadcasting.com/105481/the-bourne-avalanche-techsnap-297/

The Malvertising campaign that targets routers, script kiddies get a talking to & the Avalanche crime ringleader is on the run.

http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0297-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/techsnap-0297.mp3

 Tor 0.2.9.8 is released: finally, a new stable series!
Posted December 19th, 2016 
https://blog.torproject.org/blog/tor-0298-released-finally-new-stable-series

by nickm in release stable tor 

Tor 0.2.9.8 is the first stable release of the Tor 0.2.9 series.

The Tor 0.2.9 series makes mandatory a number of security features that were formerly optional. It includes support for a new shared- randomness protocol that will form the basis for next generation hidden services, includes a single-hop hidden service mode for optimizing .onion services that don't actually want to be hidden, tries harder not to overload the directory authorities with excessive downloads, and supports a better protocol versioning scheme for improved compatibility with other implementations of the Tor protocol.

And of course, there are numerous other bugfixes and improvements.

This release also includes a fix for a medium-severity issue (bug 21018 below) where Tor clients could crash when attempting to visit a hostile hidden service. Clients are recommended to upgrade as packages become available for their systems.

You can download the source code from the usual place on the website. Packages should be up within the next few days, with a
TorBrowser release planned for early January.

Below are listed the changes since Tor 0.2.8.11. For a list of changes since 0.2.9.7-rc, see the ChangeLog file.
Changes in version 0.2.9.8 - 2016-12-19

    New system requirements:
        When building with OpenSSL, Tor now requires version 1.0.1 or later. OpenSSL 1.0.0 and earlier are no longer supported by the OpenSSL team, and should not be used. Closes ticket 20303.
        Tor now requires Libevent version 2.0.10-stable or later. Older versions of Libevent have less efficient backends for several platforms, and lack the DNS code that we use for our server-side DNS support. This implements ticket 19554.
        Tor now requires zlib version 1.2 or later, for security, efficiency, and (eventually) gzip support. (Back when we started, zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was released in 2003. We recommend the latest version.)

Tor 0.3.0.1-alpha: A new alpha series begins
Posted December 19th, 2016 by nickm
https://blog.torproject.org/blog/tor-0301-alpha-new-alpha-series-begins

Now that Tor 0.2.9.8 is stable, it's time to release a new alpha series for testing and bug-hunting!

Tor 0.3.0.1-alpha is the first alpha release in the 0.3.0 development series. It strengthens Tor's link and circuit handshakes by identifying relays by their Ed25519 keys, improves the algorithm that clients use to choose and maintain their list of guards, and includes additional backend support for the next-generation hidden service design. It also contains numerous other small features and improvements to security, correctness, and performance.

You can download the source from the usual place on the website. Packages should be available over the next weeks, including an alpha TorBrowser release some time in January.

Please note: This is an alpha release. Please expect more bugs than usual. If you want a stable experience, please stick to the stable releases.

Below are the changes since 0.2.9.8.
Changes in version 0.3.0.1-alpha - 2016-12-19

    Major features (guard selection algorithm):
        Tor's guard selection algorithm has been redesigned from the ground up, to better support unreliable networks and restrictive sets of entry nodes, and to better resist guard-capture attacks by hostile local networks. Implements proposal 271; closes ticket 19877. 
    Major features (next-generation hidden services):
        Relays can now handle v3 ESTABLISH_INTRO cells as specified by prop224 aka "Next Generation Hidden Services". Service and clients don't use this functionality yet. Closes ticket 19043. Based on initial code by Alec Heifetz.
        Relays now support the HSDir version 3 protocol, so that they can can store and serve v3 descriptors. This is part of the next- generation onion service work detailled in proposal 224. Closes ticket 17238. 
    Major features (protocol, ed25519 identity keys):
        Relays now use Ed25519 to prove their Ed25519 identities and to one another, and to clients. This algorithm is faster and more secure than the RSA-based handshake we've been doing until now. Implements the second big part of proposal 220; Closes ticket 15055.
        Clients now support including Ed25519 identity keys in the EXTEND2 cells they generate. By default, this is controlled by a consensus parameter, currently disabled. You can turn this feature on for testing by setting ExtendByEd25519ID in your configuration. This might make your traffic appear different than the traffic generated by other users, however. Implements part of ticket 15056; part of proposal 220.
        Relays now understand requests to extend to other relays by their Ed25519 identity keys. When an Ed25519 identity key is included in an EXTEND2 cell, the relay will only extend the circuit if the other relay can prove ownership of that identity. Implements part of ticket 15056; part of proposal 220.

https://www.torproject.org/dist/tor-0.2.9.8.tar.gz
https://www.torproject.org/dist/tor-0.2.9.8.tar.gz.asc

https://www.torproject.org/dist/tor-0.3.0.1-alpha.tar.gz
https://www.torproject.org/dist/tor-0.3.0.1-alpha.tar.gz.asc

Check the signatures before unpacking. It would be nice if they would post the SHA256 and SHA512 sums as well. Here's what I'm getting:
SHA 256
fbdd33d3384574297b88744622382008d1e0f9ddd300d330746c464b7a7d746a  tor-0.2.9.8.tar.gz
7013353f0cbd2af8c0144f6167339f6eb252eb35ca9a2db2971310171108b064  tor-0.3.0.1-alpha.tar.gz

SHA512
6a43a56ebed7b24ccdd2474406f25347819d4efec4916bdb2e725177b34e233632cc17e68c823efa3d0aad4a5bd13e00a5077cdfeb8830a612253a03ab91b622  tor-0.2.9.8.tar.gz

181cada87ece0f1d6f852948a66fdcff013b8db6e3d39a635ef8050c4e7671ade186925297025888151753e6280f7eea4511f2051a19ddac79834caf8f7ba9ea  tor-0.3.0.1-alpha.tar.gz

Jupiter Broadcasting
December 22, 2016
Best of 2016 | TechSNAP 298
http://www.jupiterbroadcasting.com/105646/best-of-2016-techsnap-298/
We’ve given the Jupiter Broadcasting staff the holidays off, so lets take this moment to have a look back at some of the best moments of TechSNAP in 2016!

http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0298-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/techsnap-0298.mp3

Carry on my Wayland son | BSD Now 173
http://www.jupiterbroadcasting.com/105596/carry-on-my-wayland-son-bsd-now-173/

This week on the show, we’ve got some great stories to bring you, a look at the odder side of UNIX history from Ritchie, news about Wayland/Weston, a new ‘syspatch’ binary patch tool & more! Stay tuned for your place to B…SD!

http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0173-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/bsd-0173.mp3






Jupiter Broadcasting
December 29, 2016

2016 highlights | BSD Now 174
http://www.jupiterbroadcasting.com/105781/2016-highlights-bsd-now-174/
Chris takes over and guest hosts the show to give the guys some time off.
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0174-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jupiterbroadcasting/bsd-0174.mp3

Fancy Bear Misfire.apk | TechSNAP 299
http://www.jupiterbroadcasting.com/105816/fancy-bear-misfire-apk-techsnap-299/
PHPMailer puts almost every PHP CMS at risk, the Fancy Bear Android Malware that has a complicated past & the new botnet that likes brag.
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0299-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jupiterbroadcasting/techsnap-0299.mp3

Jupiter Broadcasting
How the Dtrace saved Christmas | BSD Now 175
http://www.jupiterbroadcasting.com/105921/how-the-dtrace-saved-christmas-bsd-now-175/

We’ve got all sorts of post-holiday goodies to share. New OpenSSL APIs, Dtrace, OpenBSD desktops, a truly paranoid start to your 2017 security & more!

http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0175-432p.mp4

http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/bsd-0175.mp3


Jupiter Broadcasting
2089 Days Uptime | TechSNAP 300
http://www.jupiterbroadcasting.com/106026/2089-days-uptime-techsnap-300/

How the hack of DigiNotar changed the infrastructure of the Internet forever, changing the way we think about security & how to hide malware in a PNG.

http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0300-432p.mp4

http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/techsnap-0300.mp3


 >>/784/
Hey thanks, I hope that some of the content is helpful to people looking to get increased computer security.  

Thank you for setting up the board in the first place, it's been a great resource for me and hopefully for other people too. 

Feel free to contribute original content or start a new thread to curate original content.  I tried my best with Endware, but more needs to be done...   

I need to work on the board and get some banners and stuff, but I'm tied up with homework from school.

I'll try to keep it up.

Endwall






 Jupiter Broadcasting 

The Next Generation | TechSNAP 301
January 10, 2017
http://www.jupiterbroadcasting.com/106086/the-next-generation-techsnap-301/

Malware that evades blocking systems and getting into BSD for the first time.

http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2016/techsnap-0301-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/techsnap-0301.mp3

Linking your world | BSD Now 176
http://www.jupiterbroadcasting.com/106146/linking-your-world-bsd-now-176/
January 12, 2017
Another exciting week on BSDNow, we’re queueing up with LLVM / Linking news, a look at NetBSD’s scheduler, routers, desktops, build-systems & more!
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2016/bsd-0176-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/bsd-0176.mp3

detailed instructions and tips for hooking system calls of android for REing and profiling applications.

http://web.archive.org/web/20170114133745/http://www.vantagepoint.sg/blog/82-hooking-android-system-calls-for-pleasure-and-benefit

E Hacking News
Italian siblings arrested for cyberattack
http://www.ehackingnews.com/2017/01/italian-siblings-arrested-for.html
Monday, January 16, 2017
Italian police have arrested a nuclear engineer, Giulio Occhionero, 45 and his sister, Francesca Maria Occhionero, 49 for hacking into 18,000 high-profile email accounts, including the former Prime Minister. Authorities suspect that the siblings may have ties to the Freemasons, because the malware used in the hack was called Eye Pyramid believed to be a reference to the all-seeing eye of God, or Eye of Providence, a symbol typically associated with Freemasonry. The name of the software may also have been a play on his own surname – Occhionero means “black eye” in Italian. The widespread cyber-attack compromised communications of prominent Italian institutions and individuals, including Vatican’s two former Prime Ministers, Vatican cardinals, bank executives and other high profile targets, which prosecutors claim was used to conduct insider trading. Mario Draghi, the president of the European Central Bank was also among the targeted individuals. Former Prime Minister, Matteo Renzi was also one who resigned in December last year after losing a constitutional reform referendum. The attackers, who have dual residencies in London and Rome, are accused of spearphishing attacks using malware to gain access to victims' email accounts and illegally accessing classified information and breaching and intercepting information technology systems and data communications since 2012. The siblings were most recently living in Italy. Vatican officials have not yet commented on the attack and it is yet unknown to what extent sensitive Vatican information may have been compromised. There are indications the malware campaign may have been running from as early as 2008. In total, just under 1800 passwords were allegedly captured by the Occhionero siblings, who exfiltrated around 87 gigabytes of data to servers in the United States. Mr Occhionero who had strong links to the Masonic movement allegedly developed software that infected email accounts, enabling him to access the information. Several of the compromised accounts belonged to Mason members. Whether or not there are ties to the Masons, cyber security experts believe it is highly unlikely that the sibling pair acted alone. The illegally accessed information was stored on servers in the United States, leading to an ongoing investigation with the assistance of the FBI’s cyberdivision. The stolen data has been seized by Italian police and the FBI. Italian police believe the siblings used the stolen confidential information to make investments through a firm operated by Mr Occhionero, a nuclear engineer by profession.

https://web.archive.org/web/20170103200607/https://blog.cloudflare.com/how-and-why-the-leap-second-affected-cloudflare-dns/

how not to use non-monotonic clock source : time might go backward


Jupiter Broadcasting
Internet of Voice Triggers | TechSNAP 302
http://www.jupiterbroadcasting.com/106226/internet-of-voice-triggers-techsnap-302/
The Github enterprise SQL scare, malware that lives in your browser, Dan’s mail server war story, your feedback, a righteous roundup & more!
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0302-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jnite/techsnap-0302.mp3

Jupiter Broadcasting
Getting Pi on my Wifi | BSD Now 177
http://www.jupiterbroadcasting.com/106301/getting-pi-on-my-wifi-bsd-now-177/
January 19, 2017
This week on BSDNow, we’ve got Wifi galore, a new iocage and some RPi3 news and guides to share. Stay tuned for your place to B…SD!
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0177-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/bsd-0177.mp3



 Jupiter Broadcasting 

DDos Mafia | TechSNAP 303 January 24, 2017
http://www.jupiterbroadcasting.com/106411/ddos-mafia-techsnap-303/
A remote vulnerability in Ansible has been patched, the latest updates on the Mirai botnet, our first TechSNAP challenge, your feedback, a gigantic roundup & so much more!
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0303-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/techsnap-0303.mp3

Enjoy the Silence | BSD Now 178 January 26, 2017
http://www.jupiterbroadcasting.com/106451/enjoy-the-silence-bsd-now-178/
We discuss a wide variety of topics including Routers, Run-Controls, the “Rule” of silence and some Minecraft just for good measure. Stay tuned for your place to B…SD!
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0178-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/bsd-0178.mp3

 Tor Project 
Tor 0.3.0.2-alpha is released 
https://blog.torproject.org/blog/tor-0302-alpha-released
Posted January 23rd, 2017 by arma
Tor 0.3.0.2-alpha fixes a denial-of-service bug where an attacker could cause relays and clients to crash, even if they were not built with the --enable-expensive-hardening option. This bug affects all 0.2.9.x versions, and also affects 0.3.0.1-alpha: all relays running an affected version should upgrade. Tor 0.3.0.2-alpha also improves how exit relays and clients handle DNS time-to-live values, makes directory authorities enforce the 1-to-1 mapping of relay RSA identity keys to ED25519 identity keys, fixes a client-side onion service reachability bug, does better at selecting the set of fallback directories, and more. You can download the source code from https://dist.torproject.org/ but most users should wait for the upcoming 7.0a Tor Browser alpha release, or for their upcoming system package updates.

Tor 0.2.9.9 is released 
https://blog.torproject.org/blog/tor-0299-released
Posted January 23rd, 2017 by arma in * release * stable * tor Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could cause relays and clients to crash, even if they were not built with the --enable-expensive-hardening option. This bug affects all 0.2.9.x versions, and also affects 0.3.0.1-alpha: all relays running an affected version should upgrade. This release also resolves a client-side onion service reachability bug, and resolves a pair of small portability issues. You can download the source code from https://dist.torproject.org/ but most users should wait for the upcoming Tor Browser release, or for their upcoming system package updates.

https://www.torproject.org/dist/tor-0.2.9.9.tar.gz
https://www.torproject.org/dist/tor-0.2.9.9.tar.gz.asc

https://www.torproject.org/dist/tor-0.3.0.2-alpha.tar.gz
https://www.torproject.org/dist/tor-0.3.0.2-alpha.tar.gz.asc


Jupiter Broadcasting
Three C’s to Tweet By | TechSNAP 304 
February 1, 2017
http://www.jupiterbroadcasting.com/106551/three-cs-to-tweet-by-techsnap-304/
The guys cover Dropbox bugs that could be holding on to your deleted files, explain what the heck ATM ‘shimmers’ are & talk about how to keep your secret identity secret.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0304-432p.mp4
http://traffic.libsyn.com/jbmirror/techsnap-0304.mp3

The Wayland Machine | BSD Now 179
February 2, 2017
http://www.jupiterbroadcasting.com/106601/the-wayland-machine-bsd-now-179/
We lead off with the latest news about Wayland and Xorg support on FreeBSD, then a look at OpenBSD ARM64 support, inside the chacha20 cipher & much more!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0179-432p.mp4
http://traffic.libsyn.com/jbmirror/bsd-0179.mp3


Jupiter Broadcasting
Gambling with Code | TechSNAP 305
http://www.jupiterbroadcasting.com/106721/gambling-with-code-techsnap-305/
We’ve got the latest on GitLabs data disaster, a clever new method to cheat at the slots & a new Netgear exploit thats coming for your network!
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0305-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/techsnap-0305.mp3
Illuminating the desktop | BSD Now 180
http://www.jupiterbroadcasting.com/106756/illuminating-the-desktop-bsd-now-180/
This week on BSDNow, Kris is out of town but we have a great interview with Ken Moore, his brother, about the latest in BSD desktop computing & Lumina specifically. Stay tuned to your place to B…SD.
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0180-432p.mp4
http://www.podtrac.com/pts/redirect.mp3/traffic.libsyn.com/jbmirror/bsd-0180.mp3

 Jupiter Broadcasting 

Metadata Matters | TechSNAP 306   
February 15, 2017
http://www.jupiterbroadcasting.com/106886/metadata-matters-techsnap-306/
The latest on just who has access to your private email, Dan dives deep on the GitLab Postmortem & did you know that Transport for London has been tracking your wifi? We’ve got the details.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0306-432p.mp4
http://traffic.libsyn.com/jbmirror/techsnap-0306.mp3

The Cantrillogy | BSD Now 181
February 15, 2017
http://www.jupiterbroadcasting.com/106911/the-cantrillogy-bsd-now-181/
This week on BSDNow we have a Cantrill special to bring you! All three interviews back to back in their original glory, you won’t want to miss it. Stay tuned for your place to B…SD! 
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0181-432p.mp4
http://traffic.libsyn.com/jnite/bsd-0181.mp3



DeepDotWeb
Can Foreign Governments Hack Americans With Impunity?
ClearNET
https://www.deepdotweb.com/2017/02/21/can-foreign-governments-hack-americans-impunity/
ONION
http://deepdot35wvmeyd5.onion/2017/02/21/can-foreign-governments-hack-americans-impunity/

Posted by: DividedBy0 February 21, 2017

A lawsuit being heard by the US Court of Appeals for the District of Columbia Circuit seeks to answer the question of whether foreign governments can hack Americans with impunity. In the case of Kidane v. Ethiopia, lawyers for the Electronic Frontier Foundation (EFF) and the law firm of Jones Day and Robins Kaplan are representing a man from Maryland, who is going by the pseudonym of Mr. Kidane, in a lawsuit where Mr. Kidane alleges the government of Ethiopia infected his computer with spyware. The lawsuit alleges that the secret malware, known as FinSpy, allowed the government of Ethiopia to conduct wiretaps on his Skype calls and monitor everything he and his family did on the computer for a period that lasted months. The court has allowed the man to use a pseudonym that he had used in the Ethiopian community, because the Ethiopian government has a history of punishing the family members of people who dare to oppose it. Mr. Kidane was born in Ethiopia and moved to the United States 20 years ago, where he sought asylum and became an American citizen. Kidane became infected with the spyware after he opened a Word document that was sent to him by agents of the Ethiopian government. After opening the document, FinSpy was secretly downloaded onto his computer from a server with an IP address located in Ethiopia. All activities, including Skype calls, keystrokes, passwords, e-mails, chats, and web browsing was monitored, recorded, and uploaded to a command and control server with an IP address located in Ethiopia and controlled by the Ethiopian government. FinSpy is developed and marketed by FinFisher, formerly known as Gamma International, a company based in the United Kingdom. It is part of a line of “IT intrusion” software made by FinFisher, which are only sold to government agencies. Their software is frequently used to spy on activists around the world. Kidane continues his lawsuit, which is being appealed. Recently, attorneys for Mr. Kidane argued before a 3 judge panel that the lawsuit should be allowed to continue. Under the Foreign Sovereign Immunities Act, foreign governments are only liable for acts committed within the United States. Kidane’s attorneys argued that his computer was located in Maryland and remained there the entire time it was being spied upon. Attorneys for Ethiopia argued that they should not be held liable because they did not have a human agent who was physically located within the United States. One of the judges on the panel asked the attorneys representing Ethiopia if they believed that they could be held liable for mailing a letter bomb to the United States, or for remotely hacking a self driving car in the United States and causing it to crash. The attorneys for Ethiopia responded to the judge’s question by saying that they believed they could not be sued for such actions. Kidane was spied on from at least late October of 2012 until March of 2013. The lawsuit was originally filed in February of 2014. Previously in the case, a federal court ruled that foreign governments could not be held liable for wiretapping American citizens within the United States. The DC Circuit Court is expected to rule on the appeal within a few months.

 Jupiter Broadcasting 

State Sponsored Audiophiles | TechSNAP 307
February 21, 2017
http://www.jupiterbroadcasting.com/107016/state-sponsored-audiophiles-techsnap-307/
The details on the latest WordPress vulnerability, then the surprising, or perhaps not so surprising takeover of a cybersecurity firms website & watch out, hacker’s may be using your microphone to steal your data!
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0307-432p.mp4
http://raffic.libsyn.com/jnite/techsnap-0307.mp3

Bloaty McBloatface | BSD Now 182
February 22, 2017
http://www.jupiterbroadcasting.com/107061/bloaty-mcbloatface-bsd-now-182/
This week on the show, we’ve got FreeBSD quarterly Status reports to discuss, OpenBSD changes to the installer, EC2 and IPv6 & more! Stay tuned for your place to B…SD!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0182-432p.mp4
http://traffic.libsyn.com/jnite/bsd-0182.mp3

 Hak 5 

ThreatWire
Operation BugDrop Targets Ukrainian Infrastructure - Threat Wire - Duration: 5 minutes, 54 seconds.
https://youtube.com/watch?v=Ap2xkiBZ9hw
SHA-1 is Officially Dead and What is CloudBleed? - Threat Wire - Duration: 7 minutes, 53 seconds.
https://youtube.com/watch?v=HguaJV7tGtU

#######################################################################################################
Hak 5 Main Show
USB Hacks for Windows, Linux, and Macs - Hak5 2124 - Duration: 31 minutes.
https://youtube.com/watch?v=qGPGOoJn54E
Introducing the Bash Bunny - Hak5 2125 - Duration: 29 minutes.
https://youtube.com/watch?v=CvI_mrQYaF8

Jupiter Broadcasting

Cloudy with a Chance of Leaks | TechSNAP 308
http://www.jupiterbroadcasting.com/107191/cloudy-with-a-chance-of-leaks-techsnap-308/

Google heard you like hashes so they broke SHA1, we’ve got the details. Plus we dive in to Cloudflare’s data disaster, Dan shows us his rack, your feedback, a huge roundup & so much more!
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0308-432p.mp4
http://traffic.libsyn.com/jnite/techsnap-0308.mp3

Getting Steamy Here | BSD Now 183
http://www.jupiterbroadcasting.com/107231/getting-steamy-here-bsd-now-183/

This week on BSDNow, we have “Weird Unix Things”, “Is it getting Steamy in here?” & an Interview about BSD Sockets API. (Those aren’t all related). It’s going to be a good one, buckle up for your place to B…SD!

http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0183-432p.mp4
http://traffic.libsyn.com/jnite/bsd-0183.mp3

Jupiter Broadcasting
Bad Boy Backups | TechSNAP 309
http://www.jupiterbroadcasting.com/107361/bad-boy-backups-techsnap-309/
We’ve got the sad story of cloud-enabled toys leading to, you guessed it, leaking customer’s personal information! Plus a case of backups gone bad, but this time, it’s a good thing!
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0309-432p.mp4
http://traffic.libsyn.com/jnite/techsnap-0309.mp3


Tokyo Dreaming | BSD Now 184
http://www.jupiterbroadcasting.com/107406/tokyo-dreaming-bsd-now-184/
This week on BSDNow, Allan & Kris are in Tokyo for AsiaBSDCon, but not to worry, we have a full episode lined up and ready to go.
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0184-432p.mp4
http://traffic.libsyn.com/jnite/bsd-0184.mp3

Vault 7 Unlocked | Unfilter 228
http://www.jupiterbroadcasting.com/107436/vault-7-unlocked-unfilter-228/
Wikileaks drops Vault 7 filled with CIA secrets. We analyze it & the establishment’s response. Plus are Trump’s claims he was wiretapped crazy or rooted in reality?
http://201406.jb-dl.cdn.scaleengine.net/unfilter/2017/unfilter-0228-432p.mp4
http://traffic.libsyn.com/jnite/unfilter-0228.mp3


 Jupiter Broadcasting 

Don’t Panic & P your S | TechSNAP 310
http://www.jupiterbroadcasting.com/107531/dont-panic-p-your-s-techsnap-310/
March 14, 2017

We crack open Vault 7 & are a little let down by what’s inside, give you one more reason you should already be using ZFS & just when you thought you could trust your phone again, we’ve got the story of preinstalled Android malware. Then it’s your feedback, a huge roundup & so much more!

http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0310-432p.mp4
http://traffic.libsyn.com/jbmirror/techsnap-0310.mp3

Exit Interview | BSD Now 185
http://www.jupiterbroadcasting.com/107556/exit-interview-bsd-now-185/
March 16, 2017

This is a very special BSD Now! New exciting changes are coming to the show and we’re gonna cover them, so stick around or you’ll miss it!

http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0185-432p.mp4
http://traffic.libsyn.com/jbmirror/bsd-0185.mp3


Jupiter Broadcasting

Trump Taxes and Tappin | Unfilter 229
http://www.jupiterbroadcasting.com/107561/trump-taxes-and-tappin-unfilter-229/

The big Trump tax reveal is a bust, but not for the reasons you might think. Trump’s wiretapping claims are looking more and more farfetched & who else could have been behind the DNC leaks.

http://201406.jb-dl.cdn.scaleengine.net/unfilter/2017/unfilter-0229-432p.mp4

http://traffic.libsyn.com/jbmirror/unfilter-0229.mp3

Jupiter Broadcasting

Check Yo Checksum | TechSNAP 311
http://www.jupiterbroadcasting.com/107681/check-yo-checksum-techsnap-311/
The guys break with the usual format & turn things over to Dan for a deep deep dive on Bacula! Then it’s the latest Yahoo hack news & a few more reasons you should already be using ZFS.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0311-432p.mp4
http://traffic.libsyn.com/jbmirror/techsnap-0311.mp3

Fast & the Firewall: Tokyo Drift | BSD Now 186
http://www.jupiterbroadcasting.com/107716/fast-the-firewall-tokyo-drift-bsd-now-186/
This week on BSDNow, reports from AsiaBSDcon, TrueOS & FreeBSD news, Optimizing IllumOS Kernel, your questions & more!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0186-432p.mp4
http://traffic.libsyn.com/jbmirror/bsd-0186.mp3

Hak 5
Linux Terminal 201: Installing and Updating Packages - HakTip 149 - Duration: 6 minutes, 37 seconds.
https://youtube.com/watch?v=EJgXqQvqaIM
WhatsApp Web App Account Takeover, and Yahoo Hackers Indicted - Threat Wire - Duration: 7 minutes, 9 seconds.
https://youtube.com/watch?v=eaxVrD9JGIs
Concealed Exfiltration - Pocket Network Attacks with the Bash Bunny - Hak5 2202 - Duration: 37 minutes.
https://youtube.com/watch?v=VPhqD__lOBQ
Linux Terminal 201: Working with Storage Media, ISO Images, and MD5 Checksums - HakTip 150 - Duration: 9 minutes, 15 seconds.
https://youtube.com/watch?v=ZA5KMyuj5jk

Jupiter Broadcasting
Das Boot Manager | LUP 189
http://www.jupiterbroadcasting.com/107646/das-boot-manager-lup-189/
Bulletproof Linux Kernel upgrades might be near, Kodi gets a real Netflix Plugin & the dirty, stinky, no good, obvious, elephant in the room around desktop Linux.

http://201406.jb-dl.cdn.scaleengine.net/linuxun/2017/lup-0189-432p.mp4
http://traffic.libsyn.com/jbmirror/lup-0189.mp3


High Nunes Showdown | Unfilter 230
http://www.jupiterbroadcasting.com/107696/high-nunes-showdown-unfilter-230/
Have Trump’s claims of “wiretapping” been vindicated or have we just witnessed political suicide? Plus the important moments from the big Russia hearings & the top secret tight spot the Donald is in. 

http://201406.jb-dl.cdn.scaleengine.net/unfilter/2017/unfilter-0230-432p.mp4
http://traffic.libsyn.com/jbmirror/unfilter-0230.mp3



  Jupiter Broadcasting  

Boot Free or Die Tryin’ | LUP 190
http://www.jupiterbroadcasting.com/113291/boot-free-or-die-tryin-lup-190/
Posted on: March 28, 2017
We dig deep into the LibreBoot project, how the Intel ME problem impacts open source & limits badass free laptops. Then we spend Wes’ money and shop for his next perfect Linux rig.

http://201406.jb-dl.cdn.scaleengine.net/linuxun/2017/lup-0190-432p.mp4
http://traffic.libsyn.com/jbmirror/lup-0190.mp3

Privacy is Dead | TechSNAP 312
http://www.jupiterbroadcasting.com/113306/privacy-is-dead-techsnap-312/
Posted on: March 29, 2017
This week, we sell your private browsing history to the highest bidder! Oh wait, that’s your ISP! We cover the latest rollback of internet privacy regulations in the US, plus the surprisingly uplifting story of script kiddies getting their day in court, Dan does a not-so-deep dive into ZFS & explains why you should already be using it.

http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0312-432p.mp4
http://traffic.libsyn.com/jupiterbroadcasting/techsnap-0312.mp3

Catching up to BSD | BSD Now 187
http://www.jupiterbroadcasting.com/113371/catching-up-to-bsd-bsd-now-187/
Posted on: March 30, 2017
This week on BSDNow, news about the NetBSD project, a BSD Phone, bunch of OpenBSD and TrueOS News & more!

http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0187-432p.mp4
http://traffic.libsyn.com/jupiterbroadcasting/bsd-0187.mp3


Jupiter Broadcasting

Dubstep Allan | LAS 463
http://www.jupiterbroadcasting.com/113386/dubstep-allan-las-463/
We start this week covering the latest news about Red Hat’s record profits, some new changes coming video editing & audio sampling under linux & Apple releasing their new APFS file system. Then Noah reveals the real reason behind LAS ending, we cover your feedback & much more!
http://201406.jb-dl.cdn.scaleengine.net/las/2017/linuxactionshowep463b-432p.mp4
http://traffic.libsyn.com/jbmirror/linuxactionshowep463b.mp3

What’s a Distro? | LUP 191
http://www.jupiterbroadcasting.com/113566/whats-a-distro-lup-191/
Joe Ressington of Late Night Linux joins Wes to discuss just what makes a “Proper” distribution. Then the latest news about Libreboot and the Free Software Foundation, Containers explained in pictures & our complaints about the latest Telegram release.
http://201406.jb-dl.cdn.scaleengine.net/linuxun/2017/lup-0191-432p.mp4
http://traffic.libsyn.com/jbmirror/lup-0191.mp3

Jupiter Broadcasting

Wifi Stack Overfloweth | TechSNAP 313
http://www.jupiterbroadcasting.com/113571/wifi-stack-overfloweth-techsnap-313/
April 5, 2017
Your Wifi Stack is under attack! But dont worry, Apple’s got the patch & we’ve got the story. Then the latest ATM hacking tips that will only cost you $15 & Dan does a deep dive into Let’s Encrypt!
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0313-432p.mp4
http://traffic.libsyn.com/jbmirror/techsnap-0313.mp3

And then the murders began | BSD Now 188
http://www.jupiterbroadcasting.com/113621/and-then-the-murders-began-bsd-now-188/
April 6, 2017
Today on BSD Now, the latest Dragonfly BSD release, RaidZ performance, another OpenSSL Vulnerability & more; all this week on BSD Now!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0188-432p.mp4
http://traffic.libsyn.com/jbmirror/bsd-0188.mp3


 Jupiter Broadcasting 

Cyber Liability | TechSNAP 314
http://www.jupiterbroadcasting.com/113781/cyber-liability-techsnap-314/
Posted on: April 12, 2017
We cover some fascinating new research that can steal your phone’s PIN using just the on-board sensors. Then we cover how computer security is broken from top to bottom and Dan does another deep dive, this time on everyone’s favorite database, PostgresSQL.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0314-432p.mp4
http://traffic.libsyn.com/jbmirror/techsnap-0314.mp3

Codified Summer | BSD Now 189
http://www.jupiterbroadcasting.com/113836/codified-summer-bsd-now-189/
Posted on: April 13, 2017
This week on the show we interview Wendell from Level1Techs, cover Google Summer of Code on the different BSD projects, cover YubiKey usage, dive into how NICs work & more!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0189-432p.mp4
http://traffic.libsyn.com/jbmirror/bsd-0189.mp3


Jupiter Broadcasting 

Tales of FileSystems | TechSNAP 315
http://www.jupiterbroadcasting.com/113981/tales-of-filesystems-techsnap-315/
April 18, 2017
We’ve got the latest gossip on Apple’s brand new filesystem & why you should care! Plus Dan dives deep into the wonderful world of ZFS and FreeBSD jails & shows us how he is putting them to use in his latest server build.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0315-432p.mp4
http://traffic.libsyn.com/jbmirror/techsnap-0315.mp3

The Moore You Know | BSD Now 190
http://www.jupiterbroadcasting.com/114041/the-moore-you-know-bsd-now-190/
April 20, 2017
This week, we look forward with the latest OpenBSD release, look back with Dennis Ritchie’s paper on the evolution of Unix Time Sharing, have an Interview with Kris Moore about FreeNAS & more!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0190-432p.mp4
http://traffic.libsyn.com/jnite/bsd-0190.mp3


 Jupiter Broadcasting 

Internet of Troubles | LUP 194
http://www.jupiterbroadcasting.com/114171/internet-of-troubles-lup-194/

Linux Foundation thinks they have the solution to the Internet of Terrible & they might actually be right. We’ll share the exclusive interview that has us excited for the future.

http://201406.jb-dl.cdn.scaleengine.net/linuxun/2017/lup-0194.mp4
http://traffic.libsyn.com/jnite/lup-0194.mp3

PHP Steals Your Nuts | TechSNAP 316
http://www.jupiterbroadcasting.com/114206/php-steals-your-nuts-techsnap-316/

The squirrels have gotten in the mailbag as the guys discuss an unfortunate new vulnerability in Squirrelmail. Plus an interesting new entrant to the anonymous domain name space from some of the internet’s most famous rabble rousers. Then Dan & Wes get just a bit jealous of Canada’s new take on net neutrality & more!

http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0316.mp4
http://traffic.libsyn.com/jnite/techsnap-0316.mp3

I Know 64 & A Bunch More | BSD Now 191
http://www.jupiterbroadcasting.com/114256/i-know-64-a-bunch-more-bsd-now-191/

We cover TrueOS/Lumina working to be less dependent on Linux, How the IllumOS network stack works, Throttling the password gropers, the 64 bit inode call for testing & more!

http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0191.mp4
http://traffic.libsyn.com/jnite/bsd-0191.mp3


 Jupiter Broadcasting 

Some Fishy Chips | TechSNAP 317
http://www.jupiterbroadcasting.com/114371/some-fishy-chips-techsnap-317/
Posted on: May 3, 2017

Intel’s patched a remote execution exploit that’s been lurking in their chips for the past nine years, we’ve got the details & some handy tips to check if you’re affected. Then Dan does a deep dive into friend of the show Tarsnap: what it is, how to use it & why it’s so awesome. Plus we discuss when we use external services versus building ourselves & a few tips for lightweight backup solutions that might work for you.

http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0317.mp4
http://traffic.libsyn.com/jnite/techsnap-0317.mp3
https://youtube.com/watch?v=hoPcL_vo-BY

SSHv1 Be Gone | BSD Now 192
http://www.jupiterbroadcasting.com/114426/sshv1-be-gone-bsd-now-192/
Posted on: May 4, 2017

This week we have a FreeBSD Foundation development update, tell you about sprinkling in the TrueOS project, Dynamic WDS & a whole lot more!

http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0192.mp4
http://traffic.libsyn.com/jnite/bsd-0192.mp3
https://youtube.com/watch?v=sM0CIpJzpAI

Privacy Online News
https://www.privateinternetaccess.com/blog/2017/05/intel-confirms-remote-code-execution-hole-intel-cpus-since-2008/

Intel confirms remote code execution hole in all Intel CPUs since 2008
Posted on May 1, 2017 by Caleb Chen
According to security researchers, media, and now Intel themselves, a security hole allowing remote code execution (RCE) has been present in Intel CPUs since 2008. The exploit was usable on Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability (SM). Those are present in most every computer with an Intel CPU from the last ten years, and allowed for remote execution of code on the CPU. Charlie Demerjian at SemiAccurate first reported the news earlier today: “The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware.” Intel confirms escalation of privilege vulnerability SemiAccurate has known about the exploit for over five years before releasing the news earlier today. SemiAccurate, along with many others such as Richard Stallman, have been warning that something like this could happen and likely had happened already. Today, May 1st, 2017, we have confirmation. The issue was confirmed with a security advisory later in the day while thanking Maksim Malyutin from Embedi. They have released a firmware fix and it will be distributed asap. The CPU maker admitted that the vulnerability allowed for “an unprivileged attacker to gain control of the manageability features provided by these products.” The manageability features allow all sorts of shenanigans. Intel confirmed to SemiAccurate that AMT can be used to “bare metal image a dead machine over a cellular connection.” Needless to say, if they can do that – they can do anything. The security advisory also states that this vulnerability did not/does not exist on consumer PCs, only non-consumer PCs. In the public eye, the veracity of this claim has not been proven. If your computer doesn’t have VPro, then it doesn’t have AMT and isn’t vulnerable. It’s also worth noting that Apple Macs do not use Intel AMT, and thus were not vulnerable.

Wired

Hack Brief: Intel Fixes a Critical Bug That Lingered for 7 Dang Years

https://www.wired.com/2017/05/hack-brief-intel-fixes-critical-bug-lingered-7-dang-years/

Since Intel makes the processors that run, well, most computers, any Intel chip vulnerability—especially one that’s been around for nearly a decade—rings alarms. In the wake of Intel disclosing a longstanding flaw in the remote system management features of some popular Intel chipsets, manufacturers are scrambling to release patches. It’s not an unmitigated disaster, and it affects enterprises more than consumers. But make no mistake, it’s going to take a major effort to fix. The Hack The vulnerability lies in Intel’s remote management programs that run on a dedicated microprocessor called the Management Engine. Intel says that three of its ME services—Active Management Technology, Small Business Technology, and Intel Standard Manageability—were all affected. These features are meant to let network administrators remotely manage a large number of devices, like servers and PCs. If attackers can access them improperly they potentially can manipulate the vulnerable computer as well as others on the network. And since the Management Engine is a standalone microprocessor, an attacker could exploit it without the operating system detecting anything. Intel has released a firmware patch to address the bug, and says that it hasn’t detected any exploitation. A challenge to actually resolving the problem, though, is its ubiquity. Every impacted manufacturer will have to release a tailored version of the patch, assuming the products aren’t too old to receive support.... “The biggest problem is probably going to be in corporate environments, where getting access to a single machine inside the network now lets you get remote desktop access to a large number of client systems,” says Matthew Garrett, a security researcher who has been monitoring the vulnerability. “Some companies are likely to have to choose between buying new hardware, disabling a vital part of their IT management infrastructure, or leaving it vulnerable.” Who’s Affected? Some good news! A lot of Intel chipsets include the Management Engine, but only some incorporate the vulnerable remote access programs like Active Management Technology. Macs, for instance, aren’t impacted by this. And since these services aren’t turned on by default, most consumer devices shouldn’t have trouble. The search engine Shodan, which indexes internet-connected devices, shows that fewer than 6,500 potentially affected devices are visible on the open internet....Additionally, the researchers who reported the bug to Intel say that it may be exploitable on even more computers than are currently thought to be vulnerable. Since the Management Engine and related services have special system privileges and direct hardware access to begin with (appealing properties for an attacker to exploit), experts aren’t shocked to hear about this vulnerability. “A lot of people have felt a security issue in AMT was likely—and plenty of people in the security and free software communities have been talking about the dangers of the Management Engine in general for years,” Garrett says. Now that those worries have been confirmed, it’s time for system administrators and IT departments to get patching.


thumbnail of screen-shot-2017-05-12-at-1-37-11-pm.png
thumbnail of screen-shot-2017-05-12-at-1-37-11-pm.png
screen-shot-2017-05-1... png
(1.6 MB, 1606x1080)
CircleID

WannaCry Ransomware Cyberattack Spreading to Countries Across the World, 45K Attacks Reported So Far
http://www.circleid.com/posts/201670512_wannacry_ransomware_cyberattack_spreading_across_the_world/

Security researchers are reporting a massive attack today, dubbed "WannaCry", which has reached 45,000 attacks in 74 countries around the world so far, mostly in Russia. Kaspersky Lab's Global Research & Analysis reports that the attack is initiated through an SMBv2 remote code execution in Microsoft Windows. "This exploit (codenamed 'EternalBlue') has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14. Unfortunately, it appears that many organizations have not yet installed the patch. ... while unpatched Windows computers exposing their SMB services can be remotely attacked with the 'EternalBlue' exploit and infected by the WannaCry ransomware, the lack of existence of this vulnerability doesn't really prevent the ransomware component from working." — "A few hours ago, Spain's Computer Emergency Response Team CCN-CERT, posted an alert on their site about a massive ransomware attack affecting several Spanish organizations. The alert recommends the installation of updates in the Microsoft March 2017 Security Bulletin as a means of stopping the spread of the attack." –Kaspersky Lab — "The National Health Service (NHS) in the U.K. also issued an alert and confirmed infections at 16 medical institutions. We have confirmed additional infections in several additional countries, including Russia, Ukraine, and India." –Kaspersky Lab — "The malware used in the attacks encrypts the files and also drops and executes a decryptor tool. The request for $600 in Bitcoin is displayed along with the wallet. It’s interesting that the initial request in this sample is for $600 USD, as the first five payments to that wallet is approximately $300 USD. It suggests that the group is increasing the ransom demands." –Kaspersky Lab — "The malware was made available online on 14 April through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of “cyber weapons” from the National Security Agency (NSA). At the time, there was skepticism about whether the group was exaggerating the scale of its hack." –The Guardian

Jupiter Broadcasting

All Drives Die | TechSNAP 318
http://www.jupiterbroadcasting.com/114566/all-drives-die-techsnap-318/
May 9, 2017

Turns out you’ve been doing passwords wrong, but don’t worry, we’ve got the latest and greatest guidance from NIST. Plus the latest numbers from BackBlaze with some interesting conclusions about enterprise drives. Then the details about that google docs worm everyone’s talking about, some top tips to stay safe & so much more!

http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0318.mp4
http://traffic.libsyn.com/jnite/techsnap-0318.mp3
https://youtube.com/watch?v=pEfhRcUAIUI

Fire up the 802.11 AC | BSD Now 193
http://www.jupiterbroadcasting.com/114591/fire-up-the-802-11-ac-bsd-now-193/
May 11, 2017

This week on BSD Now, Adrian Chadd on bringing up 802.11ac in FreeBSD, a PFsense and OpenVPN tutorial & we talk about an interesting ZFS storage pool checkpoint project.

http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0193.mp4
http://traffic.libsyn.com/jnite/bsd-0193.mp3
https://youtube.com/watch?v=NO0MTE0AeYU

SECURITYWEEK
WannaCry Ransomware Creators Make Rookie Mistake
By Ionut Arghire on May 17, 2017 
http://www.securityweek.com/wannacry-ransomware-creators-make-rookie-mistake

WannaCry Ransomware Didn't Utilize Trackable Bitcoin Wallets A bug in the WannaCry ransomware prevented the malicious application from generating individual Bitcoin wallets to collect payments from each of its victims, security researchers have discovered. WannaCry began wreaking havoc worldwide on May 12, courtesy of a worm component abusing the NSA-linked EternalBlue exploit. Targeting an already addressed Windows SMB vulnerability, the exploit allowed an otherwise typical run-of-the-mill ransomware to become an international threat within hours. An earlier WannaCry version appears connected to North Korean threat group Lazarus, but the variant used in the still ongoing campaign has nothing out of the ordinary, researchers say. In fact, researchers have already discovered bugs in the malware's code, although the encryption routine hasn’t been cracked as of now. In a recent tweet, Symantec Security Response reveals that a race condition bug prevented the malware from using a unique Bitcoin address for every victim. The issue resulted in the ransomware using only three wallets for collecting ransom payments, which prevents its operators from tracking the payments to specific victims. #WannaCry has code to provide unique bitcoin address for each victim but defaults to hardcoded addresses as a result of race condition bug — Security Response (@threatintel) May 16, 2017 Security experts have warned countless of times against paying the ransom in the event of a ransomware attack, as making payment does not guarantee that files would be restored. When it comes to the WannaCry attack, it is unlikely that victims would get their files back after paying the ransom. More than 260 payments have been made to the three Bitcoin addresses associated with the ransomware, allowing the crooks to collect an estimated $78,000 to date from this campaign alone. According to a recent tweet from Symantec, WannaCry attackers released a version that fixed the Bitcoin bug soon after the original variant, but most infections contain the flaw. However, the attempt to resolve the bug shows that the hackers’ “main goal was to make money,” the security firm says. Patches, malware and kill-switch slowed the infection Over 200,000 computers are estimated to have been hit by the ransomware, but that number could have been much higher if it wasn’t for several conditions, starting with the fact that the attack unfolded heading into a weekend, when many vulnerable computers were offline. Microsoft issuing an emergency patch to address the flaw in older Windows versions also helped. In a rather strange twist of events, a crypto-currency mining botnet that has been spreading using the very same vulnerability might have limited WannaCry’s infection as well. Dubbed Adylkuzz, the botnet blocks SMB networking immediately after infection, thus preventing other malware from compromising the machine using EternalBlue. More importantly, a great deal of attacks were stopped because security researcher @MalwareTechBlog registered a domain the ransomware would beacon to before starting the infection. The domain acts as a kill-switch, as the malware terminates its process when receiving a response from it. A WannaCry variant with no kill-switch was also observed, apparently patched in a hex editor. While that variant was supposedly the work of the same cybercriminals, because no change was made to the hardcoded Bitcoin wallets, newer samples feature different addresses, Bitdefender senior e-threat analyst Bogdan Botezatu told SecurityWeek. These variations are believed to come from different crooks and they too were patched on the fly (not recompiled), Botezatu said....

freemalaysiatoday
ShadowBrokers’ threatens to release more cyber attack tools
http://www.freemalaysiatoday.com/category/world/2017/05/18/shadowbrokers-threatens-to-release-more-cyber-attack-tools/
May 18, 2017
It also threatened to release compromised data from the international banking network and secret information on the nuclear and missile programs of Russia, China, Iran or North Korea.

WASHINGTON: The mysterious ShadowBrokers group, which leaked the stolen hacking tool used in last week’s global cyber attacks, is threatening to release more such tools next month. In a taunting online message in broken English late Tuesday, the group said it will take payments beginning in June for monthly releases of computer hacks and vulnerability exploits like the one behind the global hacking wave. It also threatened to release compromised data from the international banking network and secret information on the nuclear and missile programs of Russia, China, Iran or North Korea. “Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members,” the group wrote on the Steemit social blogging platform. ShadowBrokers first surfaced last year offering for sale a suite of hacking tools stolen from the US National Security Agency, leaking bits to demonstrate what they had in their possession. Who is behind the group is unknown, though they are believed to be based in Russia or Eastern Europe. But analysts believe the files are genuine and came from the NSA’s hyper-secret hacking unit dubbed the “Equation Group.” ShadowBrokers’s trove included the NSA’s exploit tool for a Microsoft Windows vulnerability that was used in Friday’s “WannaCry” ransomware attack, which infected hundreds of thousands of computers in scores of countries. ShadowBrokers is not believed to be the source of the ransomware attack itself, which some analysts say could be linked to North Korea. In the new online message, ShadowBrokers accused the Equation Group of not warning software makers like Microsoft of vulnerabilities that leave their products open to hacking and malware. It said future releases could be prevented if the NSA or another “responsible party” bought back the stolen data. “TheShadowBrokers is not being interested in stealing grandmothers’ retirement money. This is always being about theshadowbrokers vs theequationgroup,” they said.


 Jupiter Broadcasting 
When IT Security Cries | TechSNAP 319 Posted on: May 16, 2017
http://www.jupiterbroadcasting.com/114721/when-it-security-cries-techsnap-319/
The WannaCry Worm has brought the world to tears. We’ve got the latest details, conspiracy theories, fallout & some tissues. Plus a keylogger that may be hiding in your audio driver, some great hardware recommendations from the audience, your great fee
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0319.mp4
http://traffic.libsyn.com/jnite/techsnap-0319.mp3

Daemonic Plans | BSD Now 194 Posted on: May 18, 2017
http://www.jupiterbroadcasting.com/114751/daemonic-plans-bsd-now-194/
We cover the latest FreeBSD Status Report, a plan for Open Source software development, centrally managing bhyve with Ansible, libvirt, pkg-ssh & a whole lot more!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0194.mp4
http://traffic.libsyn.com/jnite/bsd-0194.mp3



Jupiter Broadcasting 
Linux Action News 2
http://www.jupiterbroadcasting.com/114901/linux-action-news-2/
May 21, 2017
Ubuntu’s Gnome plans start to form & they want your input. The Linux subsystem is coming to Windows Server & Mycroft is finally ready to ship. Plus the Tizen surprise, elementary OS’ pay-what-you-want AppCenter & what’s new Android O.

http://201406.jb-dl.cdn.scaleengine.net/lan/2017/lan-002.mp4
http://aphid.fireside.fm/d/1437767933/dec90738-e640-45e5-b375-4573052f4bf4/c506f753-94e4-434e-a6a6-546d4ea72849.mp3
https://youtube.com/watch?v=nuslraFlAsE

Jupiter Broadcasting

Kill Switch Engage | TechSNAP 320
http://www.jupiterbroadcasting.com/115001/kill-switch-engage-techsnap-320/
Posted on: May 23, 2017
We’ve got another round of WannaCry analysis, the latest on the FCCs battle over Net neutrality. Then IPv6 Tunnels & you, a 2017 check-in.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0320.mp4
http://traffic.libsyn.com/jnite/techsnap-0320.mp3
https://youtube.com/watch?v=V8YEWEwMv90

I don’t WannaCry | BSD Now 195
http://www.jupiterbroadcasting.com/115041/i-dont-wannacry-bsd-now-195/
May 25, 2017
A pledge of love to OpenBSD, combating ransomware like WannaCry with OpenZFS & using PFsense to maximize your non-gigabit Internet connection!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0195.mp4
http://traffic.libsyn.com/jnite/bsd-0195.mp3
https://youtube.com/watch?v=DRGBsRrRExo

 >>/921/

Luckily this was about a Windows 10 driver supplied with OEM HP computers, written by crap programers outsourced from India. However  that said, I don't trust pulseaudio. 

One computer can't do it all. You can't be gaming and browsing and encrypting and watching videos and music while emailing and instant messaging with everything else with a full desktop like KDE or Gnome, all on one computer if you want to avoid problems.    

Most people seem to be getting on in life just fine with Windows 10, Mac OS X 10.11, smart tv's, Android and iPhones, Wifi and Smart Tablets. 

And yes it's infuriating; terrorists, drug dealers, and criminals in gangs are running free watching porn on Windows 10 and I'm locked in my room playing with Unix and Linux and it's barely working. While they be flossing with dollar bills and hos dancing with Windows 10 and rap music playing in the background.

I'm 90% sure that I'm being keylogged right now. I'm not sure of the source of the problem, probably some jpeg,mp3 or webm i looked at on Endchan or a malware package i've pulled in from the Parabola repo. I'm going to have to wipe and reinstall and redesign my internal network.  I'm not sure if I can reuse this computer because of the ME problem or if it's going into the trash bin, the BIOS is probably infected by now.   

Secure computing feels like a problem that should have already been solved like a decade ago. 

But I've inherited this disaster so I plan on trying to mitigate it.

 >>/931/
IME is fucking cancer (Windows ME was a buggy piece of shit).

https://github.com/ghacksuserjs/ghacks-user.js Mess around with this and perhaps put this in the sticky, maybe. Read its wiki too.

Security through normalfaggotry is not a tactic for abnormal people like (real) journalists/whistleblowers, pedophiles (Jared was fucked through PhotoDNA tech), real hackers, political dissidents, etc.

Grsecurity is no longer releasing their experimental kernels to the public, so I've switched to the pck kernel. I'm somewhat stumped as to whether hardened or apparmor kernels are better when it comes to network security though probably not. I'm not a kernel guy, just a random stupid loonix enthusiast. My shit just doesn't feel the same without the grsec-knock kernel, but we all gotta move on. Perhaps that's what fucked you up, though your circumstance is much more different than I'm in so you should know the plausible variables that had got you better than I do.

Minix and Plan 9 already solved it though in different ways, while the Amiga was the best, it's now a big mess, it (AmigaOS) doesn't have true multicore support.

Maybe powerlines is the problem, or maybe it's something more esoteric and obscure.


Jupiter Broadcasting
#NotMyInternet | TechSNAP 322
http://www.jupiterbroadcasting.com/115351/notmyinternet-techsnap-322/
We discuss who really controls the internet & just how centralized and potentially vulnerable it has become. Plus the latest security letdowns from Windows 10, the story of a questionably ethical hacker & Zomato’s data breach.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0322.mp4
http://traffic.libsyn.com/jnite/techsnap-0322.mp3

PostgreZFS | BSD Now 196
http://www.jupiterbroadcasting.com/115251/postgrezfs-bsd-now-196/
This week on BSD Now, we review the EuroBSDcon schedule, explore the mysteries of Docker on OpenBSD, show you how to run PostgreSQL on ZFS & more!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0196.mp4
http://traffic.libsyn.com/jnite/bsd-0196.mp3

A Burrito Stole My Money | TechSNAP 321
http://www.jupiterbroadcasting.com/115216/a-burrito-stole-my-money-techsnap-321/
Not only is the UK leaving the Eurozone, they are starting their own internet, this time with more surveillance! Then we’ve got some top tips on getting recruited by the Israeli NSA & the details of some new WannaCry wannabes that may be infecting a windows server near you.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0321.mp4
http://traffic.libsyn.com/jnite/techsnap-0321.mp3


Jupiter Broadcasting
Linux Action News 6
Posted on: June 18, 2017
http://www.jupiterbroadcasting.com/115871/linux-action-news-6/
More competition in desktop Linux, Debian 9, Tails 3, Firefox 54, FreeNAS 11 & OpenMediaVault 3 all get released.
http://aphid.fireside.fm/d/1437767933/dec90738-e640-45e5-b375-4573052f4bf4/4050d933-1f73-4c71-80b1-54c86f954436.mp3
http://www.podtrac.com/pts/redirect.mp4/201406.jb-dl.cdn.scaleengine.net/lan/2017/lan-006.mp4

DNS Mastery | TechSNAP 324 June 20, 2017
http://www.jupiterbroadcasting.com/115931/dns-mastery-techsnap-324/
We’ve got the latest on the ‘Stack Crash’ vulnerability affecting a UNIX OS near you. Plus thanks to a recent RNC data leak we’ve got your name, address, birthday & a lot more personal information! Then Dan does a deep dive on his DNS infrastructure, some recent improvements & his integration with Let’s Encrypt.
http://traffic.libsyn.com/jnite/techsnap-0324.mp3
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0324.mp4

Jupiter Broadcasting
Halls of Endless Linux | LUP 202
June 20, 2017
http://www.jupiterbroadcasting.com/115911/halls-of-endless-linux-lup-202/
Michael Hall from Endless joins us to discuss his new role, Endless’ involvement with Gnome & the unique approach they are taking with EndlessOS. Plus Fedora shares some future plans that have us really excited & we try to grok casync, Lennart Poettering’s new project for distributing file system images.

http://traffic.libsyn.com/jnite/lup-0202.mp3
http://201406.jb-dl.cdn.scaleengine.net/linuxun/2017/lup-0202.mp4

Tails of Privacy | Ask Noah 13
June 19, 2017
http://www.jupiterbroadcasting.com/115891/tails-of-privacy-ask-noah-13/
This week we’re back in Grand Forks and we give you a deep dive on TAILS linux – the distro designed from the ground up to provide you with a secure computing environment. Plus we talk about universal installers, the security of messengers & your calls.

http://aphid.fireside.fm/d/1437767933/305e3275-6919-4ed2-9ca1-b21e0cf904b2/a7381802-5b6c-43db-8210-97804a02dde1.mp3
http://201406.jb-dl.cdn.scaleengine.net/asknoah/2017/asknoah-0013.mp4

DeepDotWeb
Wikipedia May Be Coming to the Darknet
http://deepdot35wvmeyd5.onion/2017/06/26/wikipedia-may-coming-darknet/
Posted by: DividedBy0 June 26, 2017 
A proposal recently made by Cristian Consonni, who was previously the Vice President of Wikimedia Italy, calls for bringing Wikipedia to the darknet by hosting the online encyclopedia as a hidden service on the Tor network. The proposal calls for the Wikimedia Foundation to host the hidden service proxy. Wikipedia has faced censorship of its site from governments around the world, including Russia, China, Iran, the United Kingdom, and France, among others. Cosonni hopes that by bringing Wikipedia to Tor, the Wikimedia Foundation can help raise awareness about the Tor Project and spread the use of Tor to more average internet users. Previously, Wikimedia enabled HTTPS for all of its projects in 2014. Making Wikipedia available through a Tor hidden service would allow Tor users to avoid having to access the site through a Tor exit node. Exit nodes are one of the weakest links in Tor, as a malicious exit node can interfere and manipulate certain sites accessed through it. Fortunately, Wikipedia is already mitigating that problem through the use of HTTP Strict Transport Security. Sites which do not implement HTTP Strict Transport Security are vulnerable to downgrade attacks, allowing exit nodes to force users to receive the insecure HTTP version of a site. With HTTP Strict Transport Security and browser add-ons such as HTTPS Everywhere (which is already bundled with the Tor Browser), downgrade attacks can be prevented... Consonni’s proposal notes that Wikimedia’s servers have been subjected to mass surveillance by the NSA’s Upstream bulk collection of traffic from the internet backbone. Wikimedia is currently a party to a lawsuit against the NSA’s Upstream program in the case of Wikimedia Foundation vs. NSA, which was originally filed in 2015. In May of this year, the Fourth Circuit Court of Appeals ruled that the Wikimedia Foundation does have standing to sue the NSA and the Department of Justice...."It can be argued that the privacy gain of having an onion service over visiting Wikipedia with HTTPS over Tor is minimal, but I think it is worth having this option. I think that all major websites should serve a version over Tor,” Cosonni told Motherboard in a message over Twitter. Users connecting to hidden services never leave the Tor network, and so do not access the site through an exit node connected to the clearnet. On the Wikimedia-l listserv many editors agreed with Cosonni’s proposal. “I think that’s an excellent idea and very much aligned with our commitment to provide free information also for those who are living under unfavorable conditions. I personally endorse it,” editor David Cuenca Tudela replied to Cosonni’s post revealing the hidden services proposal. If the proposal is accepted, Wikipedia would join other mainstream websites in offering the option of accessing the site through a Tor hidden service. In 2014, Facebook launched its own hidden service on Tor. The Internet Archive is currently experimenting with offering their site through a Tor hidden service, and have launched a public beta version of their onion site. Cosonni mentions that Wikimedia could use some of the software created for The Internet Archive’s hidden service. HackerFactor, who has been assisting The Internet Archive in moving to Tor, is also listed as an adviser on the Wikimedia proposal.

thumbnail of petya_figure2.jpg
thumbnail of petya_figure2.jpg
petya_figure2 jpg
(100.21 KB, 600x332)
TrendMicro
PETYA Crypto-ransomware Overwrites MBR to Lock Users Out of Their Computers
Posted on:March 25, 2016 at 2:17 am
http://blog.trendmicro.com/trendlabs-security-intelligence/petya-crypto-ransomware-overwrites-mbr-lock-users-computers/

As if encrypting files and holding them hostage is not enough, cybercriminals who create and spread crypto-ransomware are now resorting to causing blue screen of death (BSoD) and putting their ransom notes at system startup—as in, even before the operating system loads. Imagine turning on your computer and instead of the usual Windows icon loading, you get a flashing red and white screen with a skull-and-crossbones instead.
igure 1. Petya’s red skulls-and-crossbones warning This is the routine of a new crypto-ransomware variant dubbed “Petya” (detected by Trend Micro as RANSOM_PETYA.A). Not only does this malware have the ability to overwrite the affected system’s master boot record (MBR) in order to lock users out, it is also interesting to note that it is delivered to victims via a legitimate cloud storage service (in this case, via Dropbox). We do note that this isn’t the first time that malware has abused a legitimate service for its own gain; however, this is the first time (in a long time) that leads to crypto-ransomware infection. It is also a departure from the typical infection chain, wherein the malicious files are attached to emails or hosted in malicious sites and delivered by exploit kits. Infection Routine Reportedly, Petya is still distributed via email. Victims would receive an email tailored to look and read like a business-related missive from an “applicant” seeking a position in a company. It would present users with a hyperlink to a Dropbox storage location, which supposedly would let the user download said applicant’s curriculum vitae (CV)...Infection Symptoms Once executed, Petya overwrites the MBR of the entire hard drive, causing Windows to crash and display a blue screen. This is also Petya’s way of getting around security products. Should the user try to reboot his PC, the modified MBR will prevent him from loading Windows normally and instead greet him with an ASCII skull and an ultimatum: pay up with a certain amount of bitcoins or lose access to your files and computer. Another thing to point out here is that the edited MBR also disallows restarting in Safe Mode. The user is then given explicit instructions on how to do this, just like any crypto-ransomware currently making the rounds: a list of demands, a link to the Tor Project and how to get to the payment page using it, and a personal decryption code.

The Verge
The Petya ransomware is starting to look like a cyberattack in disguise
https://www.theverge.com/2017/6/28/15888632/petya-goldeneye-ransomware-cyberattack-ukraine-russia

The haze of yesterday’s massive ransomware attack is clearing, and Ukraine has already emerged as the epicenter of the damage. Kaspersky Labs reports that as many as 60 percent of the systems infected by the Petya ransomware were located within Ukraine, far more than anywhere else. The hack’s reach touched some of the country’s most crucial infrastructure including its central bank, airport, metro transport, and even the Chernobyl power plant, which was forced to move radiation-sensing systems to manual. The ostensible purpose of all that damage was to make money — and yet there’s very little money to be found. Most ransomware flies under the radar, quietly collecting payouts from companies eager to get their data back and decrypting systems as payments come in. But Petya seems to have been incapable of decrypting infected machines, and its payout method was bizarrely complex, hinging on a single email address that was shut down almost as soon as the malware made headlines. As of this morning, the Bitcoin wallet associated with the attack had received just $10,000, a relatively meager payout by ransomware standards. “There’s no fucking way this was criminals.” It leads to an uncomfortable question: what if money wasn’t the point? What if the attackers just wanted to cause damage to Ukraine? It’s not the first time the country has come under cyberattack. (These attacks have typically been attributed to Russia.) But it would be the first time such an attack has come in the guise of ransomware, and has spilled over so heavily onto other countries and corporations. Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program’s decryption failure in a post today, Comae’s Matthieu Suiche concluded a nation state attack was the only plausible explanation. “Pretending to be a ransomware while being in fact a nation state attack,” Suiche wrote, “ is in our opinion a very subtle way from the attacker to control the narrative of the attack.” Another prominent infosec figure put it more bluntly: “There’s no fucking way this was criminals.” There’s already mounting evidence that Petya’s focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections...

Ars Technica
Tuesday’s massive ransomware outbreak was, in fact, something much worse Payload delivered in mass attack destroys data, with no hope of recovery.
https://arstechnica.com/security/2017/06/petya-outbreak-was-a-chaos-sowing-wiper-not-profit-seeking-ransomware/
Dan Goodin - Jun 28, 2017 8:30 pm UTC
Tuesday's massive outbreak of malware that shut down computers around the world has been almost universally blamed on ransomware, which by definition seeks to make money by unlocking data held hostage only if victims pay a hefty fee. Now, some researchers are drawing an even bleaker assessment—that the malware was a wiper with the objective of permanently destroying data. Further Reading A new ransomware outbreak similar to WCry is shutting down computers worldwide Initially, researchers said the malware was a new version of the Petya ransomware that first struck in early 2016. Later, researchers said it was a new, never-before-seen ransomware package that mimicked some of Petya's behaviors. With more time to analyze the malware, researchers on Wednesday are highlighting some curious behavior for a piece of malware that was nearly perfect in almost all other respects: its code is so aggressive that it's impossible for victims to recover their data. In other words, the researchers said, the payload delivered in Tuesday's outbreak wasn't ransomware at all. Instead, its true objective was to permanently wipe as many hard drives as possible on infected networks.... Researchers analyzing Tuesday's malware—alternatively dubbed PetyaWrap, NotPetya, and ExPetr—are speculating the ransom note left behind in Tuesday's attack was, in fact, a hoax intended to capitalize on media interest sparked by last month's massive WCry outbreak. "The ransomware was a lure for the media,"...Suiche provided the above side-by-side code comparison contrasting Tuesday's payload with a Petya version from last year.... while the earlier Petya encrypts the master boot record and saves the value for later decryption, Tuesday's payload, by contrast, was rewritten to overwrite the master boot record. This means that,even if victims obtain the decryption key, restoring their infected disks is impossible. "Petya 2016 modifies the disk in a way where it can actually revert its modification," Suiche told Ars. "Whereas yesterday's one does some permanent damage to the disk." Asked if the recovery made possible by Petya 2016 was related to the master boot record tampering, Suiche pointed to this analysis of the ransomware from researchers at Check Point Software.... Tuesday's malware, by contrast, destroys the 25 first sector blocks of the disk. In Wednesday's blog post, Suiche wrote: The first sector block is being reversibly encoded by XORed with the 0x7 key and saved later in the 34th block....That would mean that 24 sector blocks following the first sector block are being purposely overwritten, they are not read or saved anywhere. Whereas the original 2016 Petya version correctly reads each sector block and reversibly encode them. Researchers at antivirus provider Kaspersky Lab, in their own blog post published Wednesday, also labeled the previous day's malware a wiper. They confirmed Suiche's finding that the damage was irreversible. In an e-mail, they wrote: Our analysis indicates there is little hope for victims to recover their data. We have analyzed the high-level code of the encryption routine, and we have figured out that, after disk encryption, the threat actor could not decrypt victims' disks. To decrypt a victim's disk, threat actors need the installation ID. In previous versions of "similar" ransomware like Petya/Mischa/GoldenEye, this installation ID contained the information necessary for key recovery. ExPetr does not have that, which means that the threat actor could not extract the necessary information needed for decryption. In short, victims could not recover their data. Definitely not designed to make money.


 >>/974/
Post a news article about this file, or post this over in my new board H4X0R, with a 1 sentence description. 

>>>/h4x0r/

For reference this is the user manual of a CIA exploit tool that seems to use ssh to leave a persistent server on a victim computer. I had no idea what this wa about before I downloaded it: safeload, safemode, pdfclean, endjail --no-net, and then read the first few pages with mupdf.  I will be deleting the above post in 3 days feel free to repost this in >>>/h4x0r/ , under LeAkZ.  It's a stolen document, that is probably classified, I think it's noteworthy, but I don't want trouble over here.  Lets keep this thread just for news articles, security videos, cve reports, and commentary about those things. 

I'll deal with the trouble over in >>>/h4x0r/.  I'm probably already on a watch list anyways.

Thanks.

 >>/975/

It's classified /Secret with a declassification date of 2038.  I don't think that material is automatically unclassified if it is leaked or is it?  Is this unlawful material to posses in the state of Nevada? Am I responsible for the file since I have the power to remove it?  I'm assuming this is from Wikileaks Vault-7.  It's probably better to link to their website with an explaination than to drop a file here.

I created a new board for this type of thing.  I won't be reading the files, or doing any intervention, but I'll remove content if requested to with a good reason, so it should be OK.

Anyways I'm sticking to my plan, this will be deleted from this thread in 3 days time.  Sorry for the inconvenience.

Wikileaks
BothanSpy 
https://www.wikileaks.org/vault7/
6 July, 2017
Today, July 6th 2017, WikiLeaks publishes documents from the BothanSpy and Gyrfalcon projects of the CIA. The implants described in both projects are designed to intercept and exfiltrate SSH credentials but work on different operating systems with different attack vectors. BothanSpy is an implant that targets the SSH client program Xshell on the Microsoft Windows platform and steals user credentials for all active SSH sessions. These credentials are either username and password in case of password-authenticated SSH sessions or username, filename of private SSH key and key password if public key authentication is used. BothanSpy can exfiltrate the stolen credentials to a CIA-controlled server (so the implant never touches the disk on the target system) or save it in an enrypted file for later exfiltration by other means. BothanSpy is installed as a Shellterm 3.x extension on the target machine. Gyrfalcon is an implant that targets the OpenSSH client on Linux platforms (centos,debian,rhel,suse,ubuntu). The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. All collected information is stored in an encrypted file for later exfiltration. It is installed and configured by using a CIA-developed root kit (JQC/KitV) on the target machine.

BothanSpy 1.0
Classification:SECRET//NOFORN 
(S) Engineering Development Group (S) BothanSpy V1.0 (U) Tool Documentation Rev. 1.0 20 March 2015
Classified By: 2417940 Reason: 1.4(c) 
Declassify On: 25X1, 20650309 
Derived From: CIA NSCG COL S-06 SECRET//NOFORN
https://www.wikileaks.org/vault7/document/BothanSpy_1_0-S-NF/

Gyrfalcon 2.0 User Guide
Classification: SECRET//NOFORN 
Gyrfalcon 2.0 Userʼs Guide November 26, 2013
Classified By: 2245665 Reason: 1.4(c) 
Declassify On: 20381126 
Derived From: COL S-06 SECRET//NOFORN
https://www.wikileaks.org/vault7/document/Gyrfalcon-2_0-User_Guide/

Gyrfalcon 1.0 User Manual
Classification: SECRET//NOFORN (U) G
Gyrfalcon v1.0 User Manual January 28, 2013 
Classified By: Reason: 1.4(c)
Declassify On: 20380116 
Derived From: COL S-06 SECRET//NOFORN
https://www.wikileaks.org/vault7/document/Gyrfalcon-1_0-User_Manual/

 >>/978/
This is the correct way to publicize the information you were wishing to publicize.  From this posting I can see the author, the date, what the information is about, what the files are, and where they came from.  I can choose based on the additional information supplied whether or not I want to download the files to inspect them.  Also they're not hosted on Endchan, so there is no legal problem. Only the link is supplied and you get to choose whether or not you want to download them and bear any possible legal consequences.  Sorry to be a Nazi but I hope you get where I'm coming from. Please do it this way in future. Otherwise I'll just delete the post without explaination next time.  Thanks.

Here are the relevant laws regarding the leaking and transmission of classified United States documents. 

18 U.S. Code § 798 - Disclosure of classified information
https://www.law.cornell.edu/uscode/text/18/798

(a) Whoever knowingly and willfully communicates, furnishes, transmits, or otherwise makes available to an unauthorized person, or publishes, or uses in any manner prejudicial to the safety or interest of the United States or for the benefit of any foreign government to the detriment of the United States any classified information—
(1) concerning the nature, preparation, or use of any code, cipher, or cryptographic system of the United States or any foreign government; or
(2) concerning the design, construction, use, maintenance, or repair of any device, apparatus, or appliance used or prepared or planned for use by the United States or any foreign government for cryptographic or communication intelligence purposes; or
(3) concerning the communication intelligence activities of the United States or any foreign government; or
(4) obtained by the processes of communication intelligence from the communications of any foreign government, knowing the same to have been obtained by such processes—
Shall be fined under this title or imprisoned not more than ten years, or both.

18 U.S. Code § 793 - Gathering, transmitting or losing defense information
https://www.law.cornell.edu/uscode/text/18/793

(e) Whoever having unauthorized possession of, access to, or control over any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note relating to the national defense, or information relating to the national defense  which information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it; or
...
(1) Any person convicted of a violation of this section shall forfeit to the 'United States, irrespective of any provision of State law, any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, from any foreign government, or any faction or party or military or naval force within a foreign country, whether recognized or unrecognized by the United States, as the result of such violation. For the purposes of this subsection, the term “State” includes a State of the United States, the District of Columbia, and any commonwealth, territory, or possession of the United States.
(2) The court, in imposing sentence on a defendant for a conviction of a violation of this section, shall order that  the defendant forfeit to the United States all property described in paragraph (1) of this subsection.


Jupiter Broadcasting
Unsecured IO | TechSNAP 327
http://www.jupiterbroadcasting.com/116571/unsecured-io-techsnap-327/
Posted on: July 11, 2017
GNUPG has just released a fix for a dangerous side-channel attack that could expose your private key, a leak of NASDAQ test data was picked up by real news organizations and caused a bit of a panic & the fascinating story of a security researched who managed to take over all .io domains with a little sleuthing and a few domain registrations. 
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0327.mp4
http://traffic.libsyn.com/jnite/techsnap-0327.mp3







 Hak 5 
Linux Terminal 201: Grep and Metacharacters
https://youtube.com/watch?v=xXo1L28Jc6A

Sarahah Uploads Your Data, Internet of Things Creds Exposed - Threat Wire'
https://youtube.com/watch?v=WWvoljLJnVY

Bash Bunny Primer - Hak5 2225
https://youtube.com/watch?v=8j6hrjSrJaM

Linux Terminal 201: Using Brackets with Grep 
https://youtube.com/watch?v=sQNvg-zTEvA

Half A Million Pacemakers Could Be Hacked - Threat Wire
https://youtube.com/watch?v=rBlgho73agA

Jupiter Broadcasting 

HPKP: Hard to Say, Hard to Use | TechSNAP 334
Posted on: August 29, 2017
http://www.jupiterbroadcasting.com/117826/hpkp-hard-to-say-hard-to-use-techsnap-334/
We discuss, and struggle to pronounce, the difficulties in deploying HTTP public key pinning & some possible alternatives you should consider. Then we get excited for (n+1)sec, a new protocol for distributed multiparty chat encryption & explore the nuances of setting up home VPN gateway!

http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0334.mp4
http://traffic.libsyn.com/jnite/techsnap-0334.mp3

Extended Usefulness | TechSNAP 335
http://www.jupiterbroadcasting.com/118036/extended-usefulness-techsnap-335/
Posted on: September 5, 2017
We’re extending your filesystems usefulness with extended attributes! We learn what they are & how they might be useful. Plus, we take a look behind the scenes of a major spambot operation & check in with Bruce Schneier on the state of internet privacy.

http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0335.mp4
http://traffic.libsyn.com/jnite/techsnap-0335.mp3

Signals: gotta catch ‘em all | BSD Now 209 
http://www.jupiterbroadcasting.com/117861/signals-gotta-catch-em-all-bsd-now-209/
Posted on: August 31, 2017
We read a trip report about FreeBSD in China, look at how Unix deals with Signals, a stats collector in DragonFlyBSD & much more!

http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0209.mp4
http://traffic.libsyn.com/jnite/bsd-0209.mp3




Jupiter Broadcasting
Equihax | TechSNAP 336
http://www.jupiterbroadcasting.com/118206/equihax-techsnap-336/
Posted on: September 12, 2017
Equifax got hacked, some top tips for staying safe & a debate over just who’s to blame for vulnerable open source software. Then Google’s breaking up with Symantec & we take a little time for Sysadmin 101, this time, ticketing systems. 

http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0336.mp4
http://traffic.libsyn.com/jnite/techsnap-0336.mp3

It’s HAMMER2 Time! | BSD Now 211
http://www.jupiterbroadcasting.com/118241/its-hammer2-time-bsd-now-211/
Posted on: September 14, 2017
We explore whether a BSD can replicate Cisco router performance; RETGUARD, OpenBSDs new exploit mitigation technology, Dragonfly’s HAMMER2 filesystem implementation & more!

http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0211.mp4
http://traffic.libsyn.com/jnite/bsd-0211.mp3

Jupiter Broadcasting
FCC’s Free Offsite Storage | TechSNAP 337
http://www.jupiterbroadcasting.com/118386/fccs-free-offsite-storage-techsnap-337/
Posted on: September 19, 2017
That Equifax hack? So last week! This weeks vulnerability is BlueBorne, a new attack on just about every bluetooth capable device. We’ve got the details, and what you need to know to get patched. Plus some of our favorite overlooked shell commands & a breakdown of the ACLUs recent lawsuit to protect your rights at the border.

http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0337.mp4
http://traffic.libsyn.com/jnite/techsnap-0337.mp3

The Solaris Eclipse | BSD Now 212
http://www.jupiterbroadcasting.com/118421/the-solaris-eclipse-bsd-now-212/
Posted on: September 21, 2017
We recap vBSDcon, give you the story behind a PF EN, reminisce in Solaris memories & show you how to configure different DEs on FreeBSD.

http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0212.mp4
http://traffic.libsyn.com/jnite/bsd-0212.mp3


Hak 5
Linux Terminal 201: Monitoring System Resources Pt 1 - HakTip 164
https://youtube.com/watch?v=xcR_FjAy1HI
Published on Sep 29, 2017
Today we're monitoring system resources with ps, aux, grep, kill, killall, and lsof.
Monitoring System Resources Pt 2: Linux Terminal 201 - HakTip 165
Published on Oct 6, 2017
https://youtube.com/watch?v=fwMTD9ghC3c
Monitoring system resources via the Linux terminal!
What is White Hat Hacking
https://youtube.com/watch?v=cbrPAwqlIgc
Hacking as a Way of Thinking
https://youtube.com/watch?v=BzEYP345Rm4

Jupiter Broadcasting
Laying Internet Pipe | TechSNAP 339
http://www.jupiterbroadcasting.com/118836/laying-internet-pipe-techsnap-339/
Posted on: October 5, 2017
We cover the problematic implications of SESTA, the latest internet regulations proposed in the US, plus some PR troubles for CBS’s Showtime after cryptocoin mining software was found embedded in their webpage & Dan gets excited as we discuss why tape-powered backups are still important for many large organizations. And of course your feedback, a fantastic round-up & so much more on this week’s episode of TechSNAP!
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0339.mp4
http://traffic.libsyn.com/jnite/techsnap-0339.mp3

The history of man, kind | BSD Now 214
http://www.jupiterbroadcasting.com/118811/the-history-of-man-kind-bsd-now-214/
Posted on: October 5, 2017
The costs of open sourcing a project are explored, we discover why PS4 downloads are so slow, delve into the history of UNIX man pages & more!
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0214.mp4
http://traffic.libsyn.com/jnite/bsd-0214.mp3


Jupiter Broadcasting

Spy Tapes | TechSNAP 340
 Posted on: October 12, 2017
http://www.jupiterbroadcasting.com/119041/spy-tapes-techsnap-340/
We try our hand at spycraft with a set of espionage themed stories covering everything from the latest troubles at Kaspersky to the strategic implications of responsible disclosure at the NSA. Plus, a few more reasons to be careful with what you post on social media & a fascinating discussion of the ethics of running a data breach search service.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0340.mp4
http://traffic.libsyn.com/jnite/techsnap-0340.mp3


Jupiter Broadcasting
Cloudy with a chance of ABI | TechSNAP 342
Posted on: October 24, 2017
http://www.jupiterbroadcasting.com/119391/cloudy-with-a-chance-of-abi-techsnap-342/
We air Microsoft’s dirty laundry as news leaks about their less than stellar handling of a security database breach, plus a fascinating story of deceit, white lies, and tacos; all par for the course in the world of social engineering, and we find out that so-called-smart cards might not be so smart, after it is revealed that millions are vulnerable to a crippling cryptographic attack & more!
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0342.mp4
http://traffic.libsyn.com/jnite/techsnap-0342.mp3
Low Security Pillow Storage | TechSNAP 343
Posted on: October 31, 2017
http://www.jupiterbroadcasting.com/119566/low-security-pillow-storage-techsnap-343/
We’ve got some top tips to turn you from ssh-novice to port-forwarding master. Plus the latest on the confusing story of Kaspersky, the NSA & a bone-headed contractor. Then, our backup sense is tingling, with the story of $30,000 lost to a forgotten pin.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0343.mp4
http://traffic.libsyn.com/jnite/techsnap-0343.mp3

Jupiter Broadcasting

A KRACK in the WiFi | BSD Now 218
Posted on: November 2, 2017
FreeBSD 10.4-RELEASE is here, more EuroBSDcon travel notes, the KRACK attack, ZFS and DTrace on NetBSD & pfsense 2.4.
http://www.jupiterbroadcasting.com/119606/a-krack-in-the-wifi-bsd-now-218/

http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2017/bsd-0218.mp4
http://traffic.libsyn.com/jnite/bsd-0218.mp3


Jupiter Broadcasting

SSL Strippers | TechSNAP 344 Posted on: November 7, 2017
http://www.jupiterbroadcasting.com/119711/ssl-strippers-techsnap-344/

You may think that’s a secure password field, but don’t be fooled! We’ve got the disturbing tale of some negligent websites & their fraudulent fonts. Then, some top tips to evaluate the security of your banking institutions & best practices for verbal passwords. Plus, a controversial discussion of opsec, obfuscation, security & you!

http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0344b.mp4
http://traffic.libsyn.com/jnite/techsnap-0344b.mp3

Jupiter Broadcasting
Namespaces GOTO Jail | TechSNAP 345
Posted on: November 18, 2017
http://www.jupiterbroadcasting.com/119986/namespaces-goto-jail-techsnap-345/
We can’t contain our excitement as we dive deep into the world of jails, zones & so-called linux containers. Dan shares his years of experience using the time-tested original bad boy of containers, FreeBSD jails. Wes breaks down cgroups, namespaces & explains how they come together to create a container. Plus we discuss similarities, differences, workflows & more!
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0345.mp4
http://traffic.libsyn.com/jnite/techsnap-0345.mp3

Neutral Nets | TechSNAP 346
Posted on:November 20, 2017
http://www.jupiterbroadcasting.com/120031/neutral-nets-techsnap-346/
We get depressed over some new stats confirming our worst fears about the huge number of outdated and unpatched android systems. But, in some good news, Github wants to help you, and your open source projects, stay secure with their new Security Alerts feature. We discuss the details and what it needs to be relevant.
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0346.mp4
http://traffic.libsyn.com/jnite/techsnap-0346.mp3

 Jupiter Broadcasting  

A Farewell to Dan | TechSNAP 347
Posted on: November 29, 2017
http://www.jupiterbroadcasting.com/120317/a-farewell-to-dan-techsnap-347/

We say farewell to Dan, but don’t despair, we’ve still got a ton of great topics to cover as we say goodbye. We compare the handling of recent data breaches at imgur & DJI, share some in-depth guides on beefing up your security posture & see Dan off with some of your finest feedback and the world’s tastiest roundup.

http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0347.mp4
http://traffic.libsyn.com/jnite/techsnap-0347.mp3

show links
https://blog.imgur.com/2017/11/24/notice-of-data-breach/
https://threatpost.com/imgur-confirms-2014-breach-of-1-7-million-user-accounts/129006/

https://motherboard.vice.com/en_us/article/d3devm/motherboard-guide-to-not-getting-hacked-online-safety-guide
https://ssd.eff.org/en/module/assessing-your-risks
https://techsolidarity.org/resources/basic_security.htm



Jupiter Broadcasting 

Server Neglect | TechSNAP 348
Posted on: December 15, 2017
http://www.jupiterbroadcasting.com/120687/server-neglect-techsnap-348/

Authors of one of the most infamous botnets of all time get busted, researchers discover keyloggers built into HP Laptops, the major HomeKit flaw no one is talking about & the new version of FreeNAS packs a lot of features for a point release.

http://201406.jb-dl.cdn.scaleengine.net/techsnap/2017/techsnap-0348.mp4
http://aphid.fireside.fm/d/1437767933/95197d05-40d6-4e68-8e0b-2f586ce8dc55/74701ab6-ae93-42d3-b9ed-e8ec152108fd.mp3


Jupiter Broadcasting

The Spectre of Meltdown | BSD Now 228
Posted on: January 11, 2018
http://www.jupiterbroadcasting.com/121362/the-spectre-of-meltdown-bsd-now-228/
We review the information about Spectre & Meltdown thus far, we look at NetBSD memory sanitizer progress, Postgres on ZFS & show you a bit about NomadBSD.
http://201406.jb-dl.cdn.scaleengine.net/bsdnow/2018/bsd-0228.mp4
http://traffic.libsyn.com/jnite/bsd-0228.mp3

show links
https://meltdownattack.com/
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
https://www.theregister.co.uk/2018/01/04/intel_meltdown_spectre_bugs_the_registers_annotations/
https://lists.freebsd.org/pipermail/freebsd-security/2018-January/009719.html
https://reviews.freebsd.org/D13797
https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
https://lists.xenproject.org/archives/html/xen-devel/2018-01/msg00110.html
https://wiki.freebsd.org/SpeculativeExecutionVulnerabilities
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf

Jupiter Broadcasting
Performance Meltdown | TechSNAP 351
Posted on: January 11, 2018 
http://www.jupiterbroadcasting.com/121472/performance-meltdown-techsnap-351/
The types of workloads that will see the largest performance impacts from Meltdown, tools to test yourself & the outlook for 2018. Plus a concise breakdown of Meltdown, Spectre & side-channel attacks like only TechSNAP can. Then we run through the timeline of events & the scuttlebutt of so called coordinated disclosure. We also discuss yet another security issue in macOS High Sierra, a backdoor in popular storage appliances.

http://aphid.fireside.fm/d/1437767933/95197d05-40d6-4e68-8e0b-2f586ce8dc55/92c20700-9d53-4470-a263-d3e009a19100.mp3

show links
https://blog.barkly.com/meltdown-spectre-bugs-explained
https://www.bloomberg.com/news/articles/2018-01-08/-it-can-t-be-true-inside-the-semiconductor-industry-s-meltdown
https://techcrunch.com/2018/01/06/how-tier-2-cloud-vendors-banded-together-to-cope-with-spectre-and-meltdown/
https://www.postgresql.org/message-id/[email protected]
http://web.archive.org/web/20180102084848/https://lkml.org/lkml/2017/12/27/2
http://www.pcgameshardware.de/Sicherheit-Thema-229955/News/Meltdown-Spectre-Intel-Benchmarks-1247650/
http://www.gamestar.de/artikel/meltdownspectre-performance-laut-microsoft-unter-win-7-und-8-schlechter-als-bei-win-10,3324502.html
https://www.blog.google/topics/google-cloud/protecting-our-google-cloud-customers-new-vulnerabilities-without-impacting-performance
https://www.theregister.co.uk/2018/01/09/meltdown_spectre_slowdown/
https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help
https://github.com/speed47/spectre-meltdown-checker



Jupiter Broadcasting
Here Come the Script Kiddies | TechSNAP 354
Posted on: February 1, 2018
http://www.jupiterbroadcasting.com/122057/here-come-the-script-kiddies-techsnap-354/
AutoSploit has the security industry in a panic, so we give it a go. To our surprise we discover systems at the DOD, Amazon & other places vulnerable to this automated attack. We’ll tell you all about it & what these 400 lines of Python known as AutoSploit really do. Plus injecting arbitrary waveforms into Alexa and Google Assistant commands, making WordPress bulletproof & how to detect and prevent excessive port scan attacks. 
Video
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2018/techsnap-0354.mp4
Audio
http://aphid.fireside.fm/d/1437767933/95197d05-40d6-4e68-8e0b-2f586ce8dc55/e2e1b46b-2f05-465f-821b-95680dc0cda0.mp3

https://arstechnica.com/information-technology/2018/02/threat-or-menace-autosploit-tool-sparks-fears-of-empowered-script-kiddies/
https://www.theregister.co.uk/2018/01/31/auto_hacking_tool/
https://www.digitalocean.com/community/tutorials/how-to-use-psad-to-detect-network-intrusion-attempts-on-an-ubuntu-vps

https://github.com/NullArray/AutoSploit


Jupiter Broadcasting
The Concern with Containers | TechSNAP 356
http://www.jupiterbroadcasting.com/122482/the-concern-with-containers-techsnap-356/
Posted on: February 15, 2018
The problems containers can’t solve, nasty security flaws in Skype and Telegram & Cisco discovers they have a bigger issue on their hands then first realized. Plus the latest jaw-dropping techniques to extract data from air-gapped systems.

video
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2018/techsnap-0356.mp4
audio
http://aphid.fireside.fm/d/1437767933/95197d05-40d6-4e68-8e0b-2f586ce8dc55/0d9f7516-90f2-4dd5-82e4-3bb92e6de943.mp3
youtube
https://youtube.com/watch?v=3dGntsiAZtQ

show links
http://www.zdnet.com/article/skype-cannot-fix-security-bug-without-a-massive-code-rewrite/
https://securelist.com/zero-day-vulnerability-in-telegram/83800/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1?source=infected.io-telegram
https://www.forbes.com/sites/ktorpey/2018/02/12/microsoft-to-embrace-decentralized-identity-systems-built-on-bitcoin-and-other-blockchains
https://queue.acm.org/detail.cfm?id=3185224

Escaping Sensitive Data from Faraday-Caged, Air-Gapped Computers via Magnetic Fields
 Our method is based on an exploitation of the magnetic field generated by the computer’s CPU. Unlike electromagnetic radiation (EMR), low frequency magnetic radiation propagates through the air, penetrating metal shielding such as Faraday cages (e.g., compass still works inside Faraday cages).
https://arxiv.org/abs/1802.02700

Computer Science > Cryptography and Security
Title: ODINI : Escaping Sensitive Data from Faraday-Caged, Air-Gapped Computers via Magnetic Fields 
Authors: Mordechai Guri, Boris Zadov, Andrey Daidakulov, Yuval Elovici (Submitted on 8 Feb 2018)

Abstract: Air-gapped computers are computers which are kept isolated from the Internet, because they store and process sensitive information. When highly sensitive data is involved, an air-gapped computer might also be kept secluded in a Faraday cage. The Faraday cage prevents the leakage of electromagnetic signals emanating from various computer parts, which may be picked up by an eavesdropping adversary remotely. The air-gap separation, coupled with the Faraday shield, provides a high level of isolation, preventing the potential leakage of sensitive data from the system. In this paper, we show how attackers can bypass Faraday cages and air-gaps in order to leak data from highly secure computers. Our method is based on an exploitation of the magnetic field generated by the computer CPU. Unlike electromagnetic radiation (EMR), low frequency magnetic radiation propagates though the air, penetrating metal shielding such as Faraday cages (e.g., compass still works inside Faraday cages). We introduce a malware code-named ODINI that can control the low frequency magnetic fields emitted from the infected computer by regulating the load of the CPU cores. Arbitrary data can be modulated and transmitted on top of the magnetic emission and received by a magnetic receiver (bug) placed nearby. We provide technical background and examine the characteristics of the magnetic fields. We implement a malware prototype and discuss the design

https://arxiv.org/abs/1802.02700

full paper
https://arxiv.org/pdf/1802.02700

Jupiter Broadcasting
The Return of Spectre | TechSNAP 357
http://www.jupiterbroadcasting.com/122722/the-return-of-spectre-techsnap-357/
Posted on: February 22, 2018

New variants, bad patches, busted microcode & devastated performance. It’s a TechSNAP Meltdown & Spectre check up. Plus Tesla gets hit by Monero Cryptojacking & a dating site that matches people based on their bad passwords…. So we gave it a go!

video
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2018/techsnap-0357.mp4
audio
http://aphid.fireside.fm/d/1437767933/95197d05-40d6-4e68-8e0b-2f586ce8dc55/3ad2e9bb-44f4-4889-8c42-992309c470df.mp3
youtube
https://youtube.com/watch?v=yZwpwW6WLQg

show links
https://github.com/hannob/meltdownspectre-patches
https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help
https://github.com/speed47/spectre-meltdown-checker

https://www.phoronix.com/scan.php?page=news_item&px=FreeBSD-Spectre-Meltdown-Fix
https://wiki.freebsd.org/SpeculativeExecutionVulnerabilities
https://packages.debian.org/stretch-backports/spectre-meltdown-checker?utm_source=dlvr.it&utm_medium=twitter
https://github.com/hannob/meltdownspectre-patches#windows
https://www.computerworld.com/article/3254657/microsoft-windows/microsofts-free-analytics-service-sniffs-out-meltdown-spectre-patch-status.html

https://www.techrepublic.com/article/meltdown-fixs-massive-overhead-will-slow-linux-systems-warns-netflix-engineer/
http://www.brendangregg.com/blog/2018-02-09/kpti-kaiser-meltdown-performance.html
https://www.techrepublic.com/article/new-spectre-meltdown-variants-leave-victims-open-to-side-channel-attacks


AMD's Ryzen, Epyc security co-processor and chipset have major flaws, researchers claim It's unknown whether the potential attacks on AMD's Ryzen, with names like Ryzenfall, Masterkey, and Fallout, will prove to be significant.
https://www.pcworld.com/article/3262967/security/amds-ryzen-epyc-security-co-processor-and-chipset-have-major-flaws-researchers-claim.html

Researchers say they’ve discovered serious potential vulnerabilities within AMD’s Ryzen and Epyc chip architectures. AMD said it’s taking the reports seriously, though it wasn’t provided sufficient time to investigate or confirm them before their disclosure. CTS-Labs, a security research company which says it specializes in vulnerabilities within ASICs and other chips, has said it’s discovered four potential attacks, code-named Masterkey, Ryzenfall, Fallout, and Chimera. All would require a program running with local access and administrator privileges to exploit them. AMD confirmed it’s been made aware of the potential vulnerabilities. However, the statement AMD provided to PCWorld implied that the company wasn’t given the usual amount of time to investigate the vulnerabilities internally, which is typically about 90 days....

Links
https://www.pcworld.com/article/3262967/security/amds-ryzen-epyc-security-co-processor-and-chipset-have-major-flaws-researchers-claim.html
https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/
https://thehackernews.com/2018/03/amd-processor-vulnerabilities.html
https://hothardware.com/news/amd-processors-and-chipsets-ryzenfall-chimera-fallout-security-flaws
https://wccftech.com/report-alleges-amd-ryzen-epyc-cpus-suffer-13-fatal-security-flaws/

 >>/1161/

There is speculation (on 8chan and in the final article link) that this is a stock price manipulation attempt against AMD for profit by short sellers.  Also Linus Torvalds wrote some skeptical tweets. I'll wait and see what comes out of the research over the next month. I'm skeptical, but its valid news, we'll see how it pans out.

AMD
Initial AMD Technical Assessment of CTS Labs Research 
Posted by mark.papermaster in AMD Corporate on Mar 21, 2018 7:07:10 AM
https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research 

On March 12, 2018, AMD received a communication from CTS Labs regarding research into security vulnerabilities involving some AMD products. Less than 24 hours later, the research firm went public with its findings. Security and protecting users’ data is of the utmost importance to us at AMD and we have worked rapidly to assess this security research and develop mitigation plans where needed. This is our first public update on this research, and will cover both our technical assessment of the issues as well as planned mitigation actions.   The security issues identified by the third-party researchers are not related to the AMD “Zen” CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018. Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.   As described in more detail below, AMD has rapidly completed its assessment and is in the process of developing and staging the deployment of mitigations. It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research. Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues. A useful clarification of the difficulties associated with successfully exploiting these issues can be found in this posting from Trail of Bits, an independent security research firm who were contracted by the third-party researchers to verify their findings....

Jupiter Broadcasting

Analytica Aftermath | Unfilter 273 
Posted on: March 21, 2018
http://www.jupiterbroadcasting.com/123442/analytica-aftermath-unfilter-273/
The twisted way that data about you and your family is used to manipulate the way you feel about hot button topics gets exposed when a Cambridge Analytica whistleblower reveals all. Plus Trump’s had a busy week, the high-note is quick, and the Overtime is packed!

audio
http://aphid.fireside.fm/d/1437767933/c87648ce-b72e-4aa7-a61d-97d77d59c6e5/76fdc6b8-2299-471f-9a46-00a607e4521f.mp3
video
http://201406.jb-dl.cdn.scaleengine.net/unfilter/2018/unfilter-0273.mp4

Hak5

Facebook Private Data Leak of 50 Million Users; New AMD Chipset Flaws -ThreatWire
Published on Mar 20, 2018
A well-known hacker passes away, processors have new vulnerabilities, and Facebook gave 50 million users data away.. All that coming up now on ThreatWire.

https://youtube.com/watch?v=WM0Jqua-fII

Facebook Fails at Data Protection - ThreatWire
Published on Mar 27, 2018
Facebook and Cambridge Analytica face intense scrutiny, the US charges 9 iranians in university hacks, and was Guccifer 2.0 really working for the Russian government? All that coming up now on ThreatWire.

https://youtube.com/watch?v=1cFdT6ekL-4

Jupiter Broadcasting

http://www.jupiterbroadcasting.com/123462/amd-flaws-explained-techsnap-360/

AMD Flaws Explained | TechSNAP 360 
Posted on: March 22, 2018 
We cut through the noise and explain in clear terms what’s really been discovered. The botched disclosure of flaws in AMD products has overshadowed the technical details of the vulnerabilities, and we aim to fix that.. Plus another DNS Rebinding attack is in the wild and stealing Ethereum, Microsoft opens up a new bug bounty program, Expedia gets hacked, and we perform a TechSNAP checkup. 

audio
http://aphid.fireside.fm/d/1437767933/95197d05-40d6-4e68-8e0b-2f586ce8dc55/2bdd82c5-b92f-4a94-af10-1fdc61f7a3a9.mp3
video
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2018/techsnap-0360.mp4
youtube
https://youtube.com/watch?v=oIDPLF9s1KI

Jupiter Broadcasting

It’s All in the Logs | TechSNAP 361
http://www.jupiterbroadcasting.com/123682/its-all-in-the-logs-techsnap-361/
Posted on: March 29, 2018
Embarrassing flaws get exposed when the logs get reviewed, Atlanta city government gets shut down by Ransomware, and the cleverest little Android malware you’ll ever meet. Plus we go from a hacked client to a Zero-day discovery, answer some questions, ask a few, and more!

audio
http://aphid.fireside.fm/d/1437767933/95197d05-40d6-4e68-8e0b-2f586ce8dc55/60c0569a-55b4-446f-bf42-6d017d933f4f.mp3
video
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2018/techsnap-0361.mp4
youtube
https://youtube.com/watch?v=uSI8JseT9sU

Apple Insider

Apple planning to ditch Intel chips in Macs for its own custom silicon in 2020 
By Mike Wuerthele Monday, April 02, 2018, 11:02 am PT (02:02 pm ET) 
https://appleinsider.com/articles/18/04/02/apple-planning-to-ditch-intel-chips-in-macs-for-its-own-custom-silicon-in-2020

Apple is expected to ditch Intel's x86 architecture using its own chips in the Mac as soon as 2020, with the fruits of project "Kalamata" similar to a move that it has pulled twice before. According to Bloomberg, "Kalamata" is in the early stages, and is part of a larger strategy to make Apple devices work with more integration than they currently do. At first glance, the project appears to be similar to the "fat binary" approach Apple has taken in the past, both with the shift from 68K processors to PowerPC, and then with PowerPC to x86 with Rosetta. The transition is said to be "multi-step" —but few details are known at present. Prior to a shift in hardware, Apple plans to lay groundwork with software as part of its Project Marzipan initiative. Aside from a new code name, today's report offers little in the way of new information. The prediction isn't revelatory, given Apple's history. Apple internally started the shift to PowerPC chips in 1991, with the transition happening for consumers a bit more than two years later. Additionally, the company had Mac OS X builds for Intel chips since nearly the launch of the operating system, with that shift happening about five years later. Rumors that Apple plans to switch away from x86 to its own custom silicon have been circulating for a decade. Rumblings have been heard since at least since 2008, when the tech giant purchased chip designer PA Semi for a reported $278 million. After specifying several iterations of ARM-based system-on-chip packages for use in early iPhone models, Apple purchased chipmaker Intrinsity in 2010 and released its own mobile processor design in the A4. Industry scuttlebutt concerning inevitable integration in Mac followed in 2011, when a report claimed Apple would deliver a desktop version of its 64-bit ARM platform within one to two years, gossip seemingly backed up by a buy-in into a chip fabrication plant in 2013. That hearsay bore no fruit, but Apple's work toward a first-party solution continued. In late 2010, Apple began a concerted effort to build out its CPU design group, a years-long project involving rounds of poaching, including former Texas Instruments engineers, and new acquisitions like efficient chipset maker Passif. Other key moves include the purchase of a chip fab once owned by Maxim and the establishment of SoC-related research and development facilities in Israel and beyond. Rumors of an ARM-based Mac cropped up again last September, when a report claimed the company was looking to cut back on its reliance on Intel. Apple's A11 Bionic processor has a single-core processor speed of 4205, with a multi-core speed of 10122. The results are very similar in performance to the 2016 and 2017 i7 MacBook Pro for single-core performance, and the multicore performance of the original 15-inchMacBook Pro with Retina Display.

Bloomberg
Apple Plans to Use Its Own Chips in Macs From 2020, Replacing Intel
https://www.bloomberg.com/news/articles/2018-04-02/apple-is-said-to-plan-move-from-intel-to-own-mac-chips-from-2020
By Ian King @ianmking More stories by Ian King and Mark Gurman @markgurman More stories by Mark Gurman April 2, 2018, 1:44 PM EDT Updated on April 2, 2018, 3:55 PM EDT 

Apple Inc. is planning to use its own chips in Mac computers beginning as early as 2020, replacing processors from Intel Corp., according to people familiar with the plans. The initiative, code named Kalamata, is still in the early developmental stages, but comes as part of a larger strategy to make all of Apple’s devices -- including Macs, iPhones, and iPads -- work more similarly and seamlessly together, said the people, who asked not to be identified discussing private information. The project, which executives have approved, will likely result in a multi-step transition. The shift would be a blow to Intel, whose partnership helped revive Apple’s Mac success and linked the chipmaker to one of the leading brands in electronics. Apple provides Intel with about 5 percent of its annual revenue, according to Bloomberg supply chain analysis. Intel shares dropped as much as 9.2 percent, the biggest intraday drop in more than two years, on the news. They were down 6.4 percent at $48.75 at 3:30 p.m. in New York. Apple could still theoretically abandon or delay the switch. The company declined to comment. Intel said, “We don’t comment on speculation about our customers.” For Apple, the change would be a defining moment. Intel chips remain some of the only major processor components designed by others inside Apple’s product portfolio. Currently, all iPhones, iPads, Apple Watches, and Apple TVs use main processors designed by Apple and based on technology from Arm Holdings Plc. Moving to its own chips inside Macs would let Apple release new models on its own timelines, instead of relying on Intel’s processor roadmap. “We think that Apple is looking at ways to further integrate their hardware and software platforms, and they’ve clearly made some moves in this space, trying to integrate iOS and macOS,” said Shannon Cross, an analyst at Cross Research. “It makes sense that they’re going in this direction. If you look at incremental R&D spend, it’s gone into ways to try to vertically integrate their components so they can add more functionality for competitive differentiation.” Stand Out The shift would also allow Cupertino, California-based Apple to more quickly bring new features to all of its products and stand out from the competition. Using its own main chips would make Apple the only major PC maker to use its own processors...

Hak5

Fast and Easy Free VPN from Google - The Open Source OUTLINE - Hak5 2403
Duration : 17:59
https://youtube.com/watch?v=sl_9dAArAzw

MyFitnessPal Hacked - ThreatWire  
Duration 8:20
https://youtube.com/watch?v=hXtSbRazsQs

Stingrays Found in DC?! Best Buy and Delta Hit with Malware - ThreatWire
Duration: 10:57
https://youtube.com/watch?v=7essVRuqwjM

How secure is Internet traffic? - Hak5 2405
Duration: 5:15
https://youtube.com/watch?v=LGABCWReYVk

Jupiter Broadcasting
Tips from the Top | TechSNAP 363
http://www.jupiterbroadcasting.com/124047/tips-from-the-top-techsnap-363/
Posted on: April 12, 2018
Getting started or getting ahead in IT is a moving target, so we’ve crowd sourced some of the best tips and advice to help. Plus a tricky use of zero-width characters to catch a leaker, a breakdown of the new BranchScope attack, and a full post-mortem of the recent Travis CI outage. 
audio
http://aphid.fireside.fm/d/1437767933/95197d05-40d6-4e68-8e0b-2f586ce8dc55/2f57aaaa-4b64-4c6f-809f-121a3710a543.mp3
video
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2018/techsnap-0363.mp4
youtube
https://youtube.com/watch?v=jJe_NVqCQnU

Linux Action News 48 
http://www.jupiterbroadcasting.com/123937/linux-action-news-48/
Posted on: April 8, 2018
The Linux kernel gets a spring cleaning, things are going well for RISC-V, and Linux-Libre is clearly prioritizing freedom over security with their recent update. Steam Machines were pronounced dead and then alive this week, we’ll try and clear things up, and Mozilla has a new project.
audio
http://aphid.fireside.fm/d/1437767933/dec90738-e640-45e5-b375-4573052f4bf4/05d18ff2-7e5c-4028-8d4c-1bdf32a6f8cc.mp3
video
http://201406.jb-dl.cdn.scaleengine.net/lan/2018/lan-048.mp4
youtube
https://youtube.com/watch?v=k38DdrW03qc

Jupiter Broadcasting 
Rebuilding it Better | TechSNAP 362
http://www.jupiterbroadcasting.com/123852/rebuilding-it-better-techsnap-362/
Posted on: April 4, 2018
It’s a TechSNAP introduction to Terraform, a tool for building, changing, and versioning infrastructure safely and efficiently. Plus a recent spat of data leaks suggest a common theme, Microsoft’s self inflicted Total Meltdown flaw, and playing around with DNS Rebinding attacks for fun. 
audio
http://aphid.fireside.fm/d/1437767933/95197d05-40d6-4e68-8e0b-2f586ce8dc55/60c0569a-55b4-446f-bf42-6d017d933f4f.mp3
video
http://201406.jb-dl.cdn.scaleengine.net/techsnap/2018/techsnap-0362.mp4
youtube
https://youtube.com/watch?v=dxy1DJVGPTA

The Stallman Directive | LUP 243
http://www.jupiterbroadcasting.com/123817/the-stallman-directive-lup-243/
Posted on: April 3, 2018
Richard Stallman has some practical steps society could take to roll back the rampant and expanding invasion of our privacy. But his suggestions leave us asking some larger questions. Plus the latest on the march to Juno, some fun app picks, a quick look at Qubes OS 4.0, community news, and more. 
audio
http://aphid.fireside.fm/d/1437767933/f31a453c-fa15-491f-8618-3f71f1d565e5/699e058f-260b-42b1-b5e1-09f66555b0ce.mp3
video
http://201406.jb-dl.cdn.scaleengine.net/linuxun/2018/lup-0243.mp4
'youtube
https://youtube.com/watch?v=5jkeGr1yMdc






Hak 5

Location Data? Come Back With A Warrant! - ThreatWire
https://youtube.com/watch?v=CGkEuiIc8NY
The Supreme Court ruled in favor of privacy advocates everywhere, Cell phone Carriers Stop Location Data Sharing, and you can totally Steal online Accounts Through Audio Files.

California’s New Privacy Bill, Exactis Leak, & Gentoo Guthub Hacked - ThreatWire
https://youtube.com/watch?v=hqCc7cE3sn4
Gentoo’s github account was hacked, a Marketing Firm Leaks Private Data on millions, and a new GDPR-like bill was signed into law in California. All that coming up now on ThreatWire.

I saw this on 8-chan:

https://www.ccc.de/en/updates/2018/hausdurchsuchungen-bei-vereinsvorstanden-der-zwiebelfreunde-und-im-openlab-augsburg

Police searches homes of „Zwiebelfreunde“ board members as well as „OpenLab“ in Augsburg
2018-07-04 08:12:30, 46halbe

On June 20th, board members of the „Zwiebelfreunde“ association in multiple German cities had their homes searched under the dubious pretence that they were „witnesses“ while their computers and storage media were confiscated. The Augsburger CCC offshoot „OpenLab“ also had to contend with a search of their premises. For seven years, the Zwiebelfreunde association has been promoting and creating privacy enhancing technologies, while also educating the public in their use. At TorServers.net, the association operates Relays of the Tor anonymising network while helping operators technically and legally. In addition to this, the association helps other organisations raise funds. The board members of the association are not considered suspects but witnesses in the ongoing investigation. The story behind the searches and seizures is somewhat convoluted: There was an anonymous website on the internet, calling for protests against the far-right Alternative for Germany (AfD) party convention in Augsburg. The unknown operators of this website used an e-mail address at Riseup, a well-known alternative provider. [1] The Zwiebelfreunde association has a bank account to facilitate donations to riseup.net.

Riseup is domiciled in the US, and essentially offers a non-commercial alternative to Gmail. Because data-protection practices are in decline world-wide, many NGOs and grassroots organisations use Riseup.These facts have not yet reached the police in Bavaria. The state prosecutor’s office in Munich has apparently been operating on the mistaken assumption that everyone even tangentially connected to Riseup would be able to provide information on any e-mail account registered there, including that of the alleged illegal website. [2] The officers on the scene made clear that they themselves felt this assumption would not hold and said so to the witnesses. But they performed the searches and seizures anyway.With such contrived reasoning, almost anyone could be searched if the anonymous website had been operated by people with a Gmail address. As a consequence of this clearly nonsensical attempt at logic, those involved in this as witnesses and their families have had to endure abjectly disproportional intrusions into their homes. Homes were searched without anyone even attempting to question the alleged witnesses.

A multitude of storage media, computers and other devices were confiscated, also affecting family members of the association’s board members - none of whom stands accused of a criminal act. Also affected are completely unrelated businesses and sensitive projects of Zwiebelfreunde, such as the Tails Linux distribution. Some of those involved have had their requests to return the hardware denied....




What do you think about it? 
This person is selling the secret of eternal youth: 

Endwall:
It could be a scam...but you never know, eternal youth sounds enticing...












Bleepingcomputer
https://www.bleepingcomputer.com/news/security/hacker-say-they-compromised-protonmail-protonmail-says-its-bs/

A person or group claiming to have hacked ProtonMail and stolen "significant" amounts of data has posted a lengthy ransom demand with some wild claims to an anonymous Pastebin. ProtonMail states it's complete BS. According to the message, a hacker going by the name AmFearLiathMor makes quite a few interesting claims such as hacking ProtonMail's services and stealing user's email, that ProtonMail is sending their user's decrypted data to American servers, and that ProtonMail is abusing the lack of Subresource Integrity (SRI) use to purposely and maliciously steal their user's passwords. After reading the Pastebin message (archive.is link), which is shown in its entirety below minus some alleged keys, and seeing the amount of claims, the first thing that came to mind was a corporate version of the sextortion scams that have been running rampant lately. As I kept reading it, though, it just felt like a joke. Short Summary: We hacked Protonmail and have a significant amount of their data from the past few months.  We are offering it back to Protonmail for a small fee, if they decline then we will publish or sell user data to the world. Long Explanation: While Protonmail's open-source code can be freely audited on Github, they haven't configured the mandatory SRI feature (https://www.w3.org/TR/SRI/). This leaves users without any guarantee about their source code integrity, thus allowing tampering and data collection at anytime. This will be totally transparent and unnoticed, because without enabling SRI all the users should inspect the website runtime code and its connections manually in the same moment they're being tampered with by Protonmail to discover it. Furthermore this requires spending a lot of time and advanced knowledge.  With this being clarified, we have proven and recorded that Protonmail intentionally manipulated their source code to reveal users decryption keys (private keys) by collecting their password. Protonmail abuses the lack of SRI technology to serve a modified version of their code that allows full data collection and decryption of their users content.  We haven't found the exact pattern that triggers this (probably by targeting IP ranges or just randomly to collect everybody's password), but again, we have proven and recorded this happens. After proving Protonmail knowingly permits misconfiguration to maliciously target users we decided to deploy our full capabilities against them.  We began with months of dedicated penetration testing, we asked assistance from other organizations and deployed unreleased 0-days.  Although arduous we successfully installed a permanent backdoor on their major machines without Protonmail’s knowledge, bypassing their detection mechanisms. Once we obtained that access we took advantage of their misconfiguration and collected passwords from a large percentage of active accounts that accessed Protonmail during that period. After that we were running a modified and automatized version of their webclient on our end, where we fetched, processed and stored email messages from those affected users in a huge database of our own, thus having significant useful information from many different individuals and companies. If you have used Protonmail in the past several months it is probable we have your Username/Password and your decrypted emails recorded on our own private server. We also have names, addresses (If entered), contact lists, IP addresses, and much more.  We would not have been able to do this if Protonmail did not deliberately mis-configure their code to harm their own users. Incidentally during this period we noticed that Protonmail sends decrypted user data to American servers frequently.  This may be due to the Swiss MLAT treaty requiring swiss companies reveal all their data to the Americans...

 >>/1339/

https://archive.fo/20M7z

We'll see where this goes. If you use protonmail, encrypt your messages with your own pgp key.  Don't rely on any third party to keep your messages safe.  
This just puts proton mail into gmail territory.  If you want real email security follow the general steps posted here:

 >>/992/
 >>/1211/

Even if you use gpg and the attacker has access to the encrypted cypher text, frequency analysis can be used to perform probabilistic decryption, and then check words against a dictionary to confirm the decryption (completely automated).  So add alot of noise to lower the signal to noise ratio if your cypher text is stored remotely by a third party.  I'm removing protonmail from the recommended carriers if this attack is confirmed with evidence.


 >>/1340/

Follow up, copied from 8chan, copied from 4chan.

https://paste.tbee-clan.de/JLwHh

Deadline is Friday 23rd November.  We'll see what happens.  Either way, use pgp / gpg when you send emails of a sensitive nature, never trust a third party with your message security / integrity. Do not communicate in plain text if the content of your messages is sensitive.



Hak5
Australiaâs Anti-Encryption Bill Passes - ThreatWire
https://youtube.com/watch?v=GUjCQQ0TrDU
Published : 11 Dec 2018
Australia's Anti-Encryption Bill Passes, Banks Get Hit With Old School Social Engineering and new school tech,and Huawei gets banned in multiple countries!

Facebook Exposes Private Photos For Millions of Users - ThreatWire
https://youtube.com/watch?v=4BwKYt5xwE8
Published : 18 Dec 2018
Shamoon malware is back, Facebook exposes private photos for millions of users, and SuperMicro did an audit to prove their innocence!


Hak5
DNS Hijacking Worldwide; Cell Carriers Stop Selling Data - ThreatWire
https://youtube.com/watch?v=3FnSbDbRv1o
Duration  : 08:58  Published : 15 Jan 2019
A systemd vulnerability creates concern, DNS Hijacking goes worldwide, and major telcos are still selling location data for their users! All that coming up now on ThreatWire.
Links:
https://www.qualys.com/2019/01/09/system-down/system-down.txt
https://www.zdnet.com/article/new-linux-systemd-security-holes-uncovered/
https://thehackernews.com/2019/01/linux-systemd-exploit.html
https://www.us-cert.gov/ncas/current-activity/2019/01/10/DNS-Infrastructure-Hijacking-Campaign
https://www.wired.com/story/iran-dns-hijacking/
https://www.cyberscoop.com/fireeye-dns-hijacking-record-manipulation-iran/ 
https://www.wired.com/story/carriers-sell-location-data-third-parties-privacy/


Hak5
5G Network Security Flaw Discovered! FaceTime Disabled - ThreatWire
https://youtube.com/watch?v=_9F2_tdvmzY
Duration  : 08:10
Published : 05 Feb 2019
Links:
https://www.cnet.com/news/security-flaw-allows-for-spying-over-5g-researchers-find/
https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-telephony-protocols/
https://www.zdnet.com/article/iphone-facetime-bug-now-apple-sued-over-eavesdrop-on-lawyers-client-phone-call/
https://www.cnet.com/news/apple-facetime-bug-prompts-investigation-from-ny-attorney-general/
https://www.cnet.com/news/facebook-shuts-down-ios-research-app-it-used-to-access-user-data/

Hak5
Airlines Don't Encrypt Your Passenger Data for E-Tickets - ThreatWire 
https://youtube.com/watch?v=rZNDnK0cj4s
Duration  : 09:23
Published : 12 Feb 2019

Links
Apple Facetime Update:
https://www.zdnet.com/article/ios-12-1-4-fixes-iphone-facetime-spying-bug/
Airline Systems:
https://threatpost.com/flaw-in-multiple-airline-systems-exposes-passenger-data/141596/
Cell Carriers:
https://motherboard.vice.com/en_us/article/j575dg/what-a-gps-data-is-and-why-wireless-carriers-most-definitely-shouldnt-be-selling-it
https://motherboard.vice.com/en_us/article/a3b3dg/big-telecom-sold-customer-gps-data-911-calls
https://motherboard.vice.com/en_us/article/43z3dn/hundreds-bounty-hunters-att-tmobile-sprint-customer-location-data-years

Hak5
Scooter Hacks! Is Tor on Android Broken?! - ThreatWire
https://youtube.com/watch?v=8gqjwTaEbQw
Duration  : 10:32 Published : 19 Feb 2019

Links:
Scooter:
https://blog.zimperium.com/dont-give-me-a-brake-xiaomi-scooter-hack-enables-dangerous-accelerations-and-stops-f
or-unsuspecting-riders/
https://www.cyberscoop.com/scooter-hack-zimperium-bluetooth-bird-spin/
https://thehackernews.com/2019/02/xiaomi-electric-scooter-hack.html
Android:
https://arxiv.org/pdf/1901.04434.pdf
https://www.zdnet.com/article/tor-traffic-from-individual-android-apps-detected-with-97-percent-accuracy/
https://support.google.com/googleplay/android-developer/answer/6048248?hl=en
https://blog.appcensus.mobi/2019/02/14/ad-ids-behaving-badly/
https://www.cnet.com/news/these-android-apps-have-been-tracking-you-even-when-you-say-stop/
https://www.zdnet.com/article/thousands-of-apps-bypass-android-privacy-protections-to-permanently-record-your-a
ctivities/
Australia:
https://www.smh.com.au/politics/federal/australia-s-major-political-parties-hacked-in-sophisticated-attack-ahea
d-of-election-20190218-p50yi1.html
https://www.zdnet.com/article/australian-political-parties-also-hit-by-state-actor-in-parliamentary-network-att
ack-pm/
https://www.zdnet.com/article/australian-government-computing-network-reset-following-security-incident/
https://www.cnet.com/news/australia-blames-sophisticated-state-actor-for-massive-government-hack/
https://arstechnica.com/information-technology/2019/02/australian-political-parties-hacked-by-nation-state-atta
cker/
https://www.abc.net.au/news/2019-02-18/someone-tried-to-hack-parliament-are-our-politicians-vulnerable/10822072

Hak5
Password Managers Flawed; WinRAR Vulnerable for 2 Decades! - ThreatWire
https://youtube.com/watch?v=tfo3s-mwZm4
Duration  : 12:41
Published : 26 Feb 2019

Links:
Password Managers:
https://www.securityevaluators.com/casestudies/password-manager-hacking/
https://www.zdnet.com/article/critical-vulnerabilities-uncovered-in-popular-password-managers/
https://keepass.info/help/base/security.html#secmemprot
https://lastpass.com/misc_download2.php
https://threatpost.com/1password-dashlane-keepass-and-lastpass/142037/
https://www.cyberscoop.com/bugcrowd-adrian-bednarek-lastpass/
Embedded Recording Devices:
https://twitter.com/vkamluk/status/1097008518685573120
https://www.cnet.com/news/airplane-seat-cameras-could-be-your-new-spy-in-the-sky/
https://www.buzzfeednews.com/article/nicolenguyen/american-airlines-planes-entertainment-system-cameras
https://thehackernews.com/2016/12/hacking-in-flight-system.html
https://www.cnet.com/news/google-calls-nests-hidden-microphone-an-error/
https://www.zdnet.com/article/google-says-secret-microphones-in-nest-home-products-an-error/
WinRAR Vulnerability:
https://research.checkpoint.com/extracting-code-execution-from-winrar/
https://arstechnica.com/information-technology/2019/02/nasty-code-execution-bug-in-winrar-threatened-millions-o
f-users-for-14-years/
https://threatpost.com/winrar-flaw-500-million-users/142080/
https://www.zdnet.com/article/winrar-versions-released-in-the-last-19-years-impacted-by-severe-security-flaw/
https://thehackernews.com/2019/02/winrar-malware-exploit.html

Hak5
Sign-In Kiosks Vulnerable, Android is FIDO2 Certified! - ThreatWire
https://youtube.com/watch?v=hys8LdRj_G0
Published : 05 Mar 2019 Duration  : 07:38

Links:
https://android-developers.googleblog.com/2019/02/android-security-improvement-update.html
https://www.cnet.com/news/android-security-program-has-helped-fix-over-1m-apps-in-google-play/
https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/
https://thehackernews.com/2019/02/android-fido2-password-security.html
https://www.cnet.com/news/goodbye-passwords-webauthn-is-now-an-official-web-standard/
https://www.cnet.com/news/google-looks-to-leave-passwords-behind-for-a-billion-android-devices/
https://www.yubico.com/2018/08/10-things-youve-been-wondering-about-fido2-webauthn-and-a-passwordless-world/

https://securityintelligence.com/stranger-danger-x-force-red-finds-19-vulnerabilities-in-visitor-management-sys
tems/
https://www.zdnet.com/article/19-vulnerabilities-exposed-in-visitor-management-systems/
https://www.cyberscoop.com/ibm-interns-find-19-vulnerabilities-corporate-check-systems/

https://www.techradar.com/news/facebook-no-longer-lets-you-search-for-friends-by-phone-numbers
https://techcrunch.com/2019/03/03/facebook-phone-number-look-up/
https://www.cnet.com/news/facebooks-two-factor-authentication-with-phone-numbers-puts-security-and-privacy-at-o
dds/
https://twitter.com/jeremyburge/status/1101402001907372032?ref_src=twsrc%5Egoogle%7Ctwcamp%5Enews%7Ctwgr%5Etwee
t
https://motherboard.vice.com/en_us/article/kzdxjx/facebook-phone-number-two-factor-authentication


Hak5
NSA's Ghidra is Here! - ThreatWire 
https://youtube.com/watch?v=yegAeuhsENY
Published : 12 Mar 2019
Duration  : 08:23

Links:
Chrome Zero Days:
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5786
https://www.zdnet.com/article/google-chrome-zero-day-was-used-together-with-a-windows-7-zero-day/
https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
https://www.wired.com/story/turn-on-auto-updates-everywhere/

Ghidra:
https://motherboard.vice.com/en_us/article/panvm7/nsa-releases-ghidra-for-free-game-changer
https://www.zdnet.com/article/nsa-release-ghidra-a-free-software-reverse-engineering-toolkit/
https://ghidra-sre.org/
https://github.com/nationalsecurityagency
https://www.cyberscoop.com/ghidra-nsa-tool-public/
https://www.wired.com/story/nsa-ghidra-open-source-tool/

New Bill to restore net neutrality:
https://motherboard.vice.com/en_us/article/d3mk5w/democrats-unveil-new-bill-to-fully-restore-net-neutrality
https://energycommerce.house.gov/sites/democrats.energycommerce.house.gov/files/documents/Save%20the%20Internet
%20Act%20Legislative%20Text.pdf
https://arstechnica.com/tech-policy/2019/01/net-neutrality-advocates-confident-about-beating-fcc-as-case-heads-
to-court/

2 Million+ Credit Cards Stolen, Buca di Beppo Hacked - ThreatWire
https://youtube.com/watch?v=MPJs_mJULb0
Published : 02 Apr 2019
Duration  : 11:40

Links:
Support me on alternative platforms! https://snubsie.com/support

ASUS, from David on Patreon:
https://securelist.com/operation-shadowhammer/89992/
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
https://arstechnica.com/information-technology/2019/03/hijacked-asus-software-updates-installed-backdoor-on-at-least-0-5-million-pcs/
https://www.zdnet.com/article/supply-chain-attack-installs-backdoors-through-hijacked-asus-live-update-software/
https://thehackernews.com/2019/03/asus-hack-mac-addresses.html
https://www.zdnet.com/article/researchers-publish-list-of-mac-addresses-targeted-in-asus-hack/
https://shadowhammer.kaspersky.com/
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
https://threatpost.com/asus-patches-live-update-bug-that-allowed-apt-to-infect-thousands-of-pcs/143169/
https://www.cyberscoop.com/asus-patch-shadowhammer-kaspersky/

Right to repair:
https://www.wired.com/story/right-to-repair-elizabeth-warren-farmers/
https://motherboard.vice.com/en_us/article/d3mb5k/elizabeth-warren-calls-for-a-national-right-to-repair-law
teamwarren/leveling-the-playing-field-for-americas-family-farmers-823d1994f067">https://medium.comteamwarren/leveling-the-playing-field-for-americas-family-farmers-823d1994f067
https://motherboard.vice.com/en_us/article/d3mqna/internal-documents-show-apple-is-capable-of-implementing-right-to-repair-legislation
https://motherboard.vice.com/en_us/article/eveezj/a-cell-phone-carrier-breaks-with-big-telecom-announces-support-for-right-to-repair-legislation
https://ting.com/blog/epicphonefail/

Buca di Beppo:
http://www.earlenterprise.com/incident/#potentially-affected-locations
https://www.earlenterprise.com/
https://www.zdnet.com/article/card-breach-reported-at-buca-di-beppo-planet-hollywood-and-other-restaurants/
https://www.cnet.com/news/malware-may-have-stolen-2-million-us-restaurant-diners-credit-card-details/
https://krebsonsecurity.com/2019/03/a-month-after-2-million-customer-cards-sold-online-buca-di-beppo-parent-admits-breach/

Hak5
AirBnB Hidden Cameras, Facebook Still Horrible For Privacy - ThreatWire
https://youtube.com/watch?v=GGkH87KUVYM
Duration  : 08:05
Published : 09 Apr 2019

Links: Support me on alternative platforms! https://snubsie.com/support

Facebook data leak:
https://www.upguard.com/breaches/facebook-user-data-leak
https://www.cyberscoop.com/facebook-apps-3rd-party-data-exposures-upguard/
https://thehackernews.com/2019/04/facebook-app-database.html
https://threatpost.com/facebook-data-of-millions-exposed-in-leaky-datasets/143412/
https://www.bloomberg.com/news/articles/2019-04-03/millions-of-facebook-records-found-on-amazon-cloud-servers

Facebook Email Passwords:
https://www.thedailybeast.com/beyond-sketchy-facebook-demanding-some-new-users-email-passwords
https://twitter.com/originalesushi/status/1112496649891430401
https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/
https://arstechnica.com/information-technology/2019/04/facebook-asked-some-users-for-their-email-passwords-because-why-not/

AirBnB Hidden Cameras:
https://arstechnica.com/information-technology/2019/04/airbnb-guest-found-hidden-surveillance-camera-by-scanning-wi-fi-netw
ork/
https://sixfortwelve.wordpress.com/2019/04/06/how-to-increase-your-chances-of-finding-a-hidden-camera/?fbclid=IwAR3dZpL-qQT
cbA-VL9oTIiP3z4JGNWo04z9TXx89vOz3YIQD9i2bHUQ87sw
https://www.cnn.com/2019/04/05/europe/ireland-airbnb-hidden-camera-scli-intl/index.html
https://www.facebook.com/photo.php?fbid=10156325018207239&set=a.440220892238&type=3&theater
https://www.airbnb.com/help/article/887/what-are-airbnb-s-rules-about-electronic-surveillance-devices-in-listings

RT
Facebook is surveillance monster feeding on our personal data - Richard Stallman
https://youtube.com/watch?v=9c3sv30w158
Duration  : 26:09
Published : 15 Apr 2019
"Our world today may be a high-tech wonderland, but we, the users, own nothing in it, with our personal data being the new oil for Big Tech. How do we break its grip on our digital lives? We asked Richard Stallman, the founder and leader of the Free Software Movement"

Hak5
Security Flaws Found in WPA3! Julian Assange of Wikileaks Arrested - ThreatWire
https://youtube.com/watch?v=oXZju0uafv0
Duration  : 12:31
Published : 16 Apr 2019
Julian Assange Arrested
https://thehackernews.com/2019/04/wikileaks-julian-assange-arrested.html
https://www.zdnet.com/article/julian-assange-arrested-by-uk-police/
https://twitter.com/wikileaks/status/1113919962995884033
https://www.cnet.com/news/julian-assanges-defense-against-hacking-charges-and-where-it-falls-short/
https://motherboard.vice.com/en_us/article/mb8qyn/julian-assange-charged-with-hacking-conspiracy-not-publishing
https://www.cyberscoop.com/julian-assange-arrested-indictment/
https://gizmodo.com/chelsea-mannings-fbi-files-are-central-to-ongoing-crimi-1833897041
WPA3 Flaw:
https://papers.mathyvanhoef.com/dragonblood.pdf
https://thehackernews.com/2019/04/wpa3-hack-wifi-password.html
https://wpa3.mathyvanhoef.com/
https://arstechnica.com/information-technology/2019/04/serious-flaws-leave-wpa3-vulnerable-to-hacks-that-steal-wi-fi-passwords/
https://www.zdnet.com/article/dragonblood-vulnerabilities-disclosed-in-wifi-wpa3-standard/
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-security-update-april-2019
https://www.wi-fi.org/security-update-april-2019
Amazon Echo:
https://www.bloomberg.com/technology
https://www.zdnet.com/article/amazon-employees-are-listening-in-to-your-conversations-with-alexa/
https://www.cnet.com/news/amazon-workers-eavesdrop-on-your-talks-with-alexa/
https://threatpost.com/amazon-auditors-listen-to-echo-recordings-report-says/143696/
https://motherboard.vice.com/en_us/article/ywyzm5/big-tech-lobbying-gutted-a-bill-that-would-ban-recording-you-without-consent
http://www.ilga.gov/legislation/101/SB/PDF/10100SB1719lv.pdf

Hak5
Baby Monitors and GPS Tracker Apps - Hacked! - ThreatWire
https://youtube.com/watch?v=WthEpxjBcu4
Duration  : 09:56
Published : 30 Apr 2019
Host: Shannon Morse â https://www.twitter.com/snubs
Host: Darren Kitchen â https://www.twitter.com/hak5darren
Host: Mubix â http://www.twitter.com/mubix
Millions of IoT Devices Exposed:
https://krebsonsecurity.com/2019/04/p2p-weakness-exposes-millions-of-iot-devices/
https://www.zdnet.com/article/over-two-million-iot-devices-vulnerable-because-of-p2p-component-flaws/
https://hacked.camera/
Amazon:
https://threatpost.com/amazon-employees-personal-alexa/144119/
https://www.cnet.com/how-to/how-to-use-an-alexa-smart-speaker-and-keep-your-privacy/
https://www.cnet.com/news/amazon-alexa-audio-reviewers-might-know-where-you-live/
https://www.bloomberg.com/news/articles/2019-04-24/amazon-s-alexa-reviewers-can-access-customers-home-addresses 
Remotely killing cars with GPS apps:
https://motherboard.vice.com/en_us/article/zmpx4x/hacker-monitor-cars-kill-engine-gps-tracking-apps
http://www.protrack365.com/
http://www.itrack.top/

Hak5
Right To Repair? Consumers Will Hurt Themselves!-ThreatWire
https://youtube.com/watch?v=R1JxzlMsnpE
Duration  : 08:01
Published : 07 May 2019

Dell:
https://thehackernews.com/2019/05/dell-computer-hacking.html
https://threatpost.com/dell-flaws-security-support-tool/144295/
 https://www.zdnet.com/article/dell-laptops-and-computers-vulnerable-to-remote-hijacks/

Right to repair killed
https://www.vice.com/en_us/article/gyawqy/right-to-repair-legislation-is-officially-being-considered-in-ontario-canada
https://motherboard.vice.com/en_us/article/9kxayy/right-to-repair-bill-killed-after-big-tech-lobbying-in-ontario
https://motherboard.vice.com/en_us/article/wjvdb4/apple-is-telling-lawmakers-people-will-hurt-themselves-if-they-try-to-fix-iphones

Google
https://www.blog.google/technology/safety-security/automatically-delete-data/
https://thehackernews.com/2019/05/google-web-location-history.html
https://www.apnews.com/828aefab64d4411bac257a07c1af0ecb
https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html
https://arstechnica.com/tech-policy/2019/05/google-unveils-auto-delete-for-location-web-activity-and-app-usage-data/

Hak5
SIM Swapping Criminals Charged, â USB Gets Hacked - ThreatWire
https://youtube.com/watch?v=Yau6t2PWQ_s
Duration  : 08:35
Published : 14 May 2019
SIM Swapping Hacks:
https://krebsonsecurity.com/2019/05/nine-charged-in-alleged-sim-swapping-ring/
https://thehackernews.com/2019/05/sim-swapping-hacking.html
https://www.justice.gov/usao-edmi/pr/nine-individuals-connected-hacking-group-charged-online-identity-theft-and
-other
https://krebsonsecurity.com/wp-content/uploads/2019/05/ninesimswap.pdf
https://krebsonsecurity.com/wp-content/uploads/2019/05/josephwhitejack.pdf
100 Sites Hacked:
https://blog.netlab.360.com/ongoing-credit-card-data-leak/
https://urlscan.io/search/#domain%3Amagento-analytics.com
https://thehackernews.com/2019/05/magento-credit-card-hacking.html
https://arstechnica.com/information-technology/2019/05/more-than-100-commerce-sites-infected-with-code-that-ste
als-payment-card-data/
https://arstechnica.com/information-technology/2019/03/a-new-rash-of-highly-covert-card-skimming-malware-infect
s-ecommerce-sites/
Unhackable USB Key Gets Hacked:
https://www.kickstarter.com/projects/eyedisk/eyedisk-unhackable-usb-flash-drive/description
https://www.pentestpartners.com/security-blog/eyedisk-hacking-the-unhackable-again/
https://threatpost.com/unhackable-biometric-usb-passwords/144576/
https://www.zdnet.com/article/unhackable-biometric-drive-exposed-passwords-in-clear-text/

Hak5
Google Bluetooth Security Key Flawed; Intel CPU Insecure! - ThreatWire
https://youtube.com/watch?v=PL9lyCoQVNg
Duration  : 10:22  Published : 21 May 2019
Titan Security Key Hacked:
https://security.googleblog.com/2019/05/titan-keys-update.html
https://arstechnica.com/information-technology/2019/05/google-warns-bluetooth-titan-security-keys-can-be-hijacked-by-nearby-hackers/
https://www.cnet.com/news/google-warns-titan-security-key-has-bluetooth-bug-that-leaves-it-vulnerable/
https://www.cyberscoop.com/google-replace-titan-keys-free-uncovering-bluetooth-flaw/
https://www.zdnet.com/article/google-to-replace-faulty-titan-security-keys/
https://www.wired.com/story/bluetooth-complex-security-risk/
Radio aircraft navigation landing system hacked:
https://aanjhan.com/assets/ils_usenix2019.pdf
https://arstechnica.com/information-technology/2019/05/the-radio-navigation-planes-use-to-land-safely-is-insecure-and-can-be-hacked/
https://securityledger.com/2019/05/researchers-hack-aircraft-landing-system-with-600-radios/
RIDL In Intel (Zombieland):
https://www.cyberscoop.com/intel-chip-flaws-zombieland-ridl-fallout/
https://arstechnica.com/gadgets/2019/05/new-speculative-execution-bug-leaks-data-from-intel-chips-internal-buffers/
https://thehackernews.com/2019/05/intel-processor-vulnerabilities.html
https://www.zdnet.com/article/patch-status-for-the-new-mds-attacks-against-intel-cpus/
https://zombieloadattack.com/zombieload.pdf
https://zombieloadattack.com/
https://www.zdnet.com/article/intel-cpus-impacted-by-new-zombieload-side-channel-attack/
https://www.zdnet.com/article/how-to-test-mds-zombieload-patch-status-on-windows-systems/
Additional resources:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Hak5
Apple Adds Privacy Updates to iOS 13 at WWDC - ThreatWire
https://youtube.com/watch?v=uBZaCxXa4Lc
Published : 04 Jun 2019 Duration  : 08:40

Links:
Support me on alternative platforms! https://snubsie.com/support
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/
https://arstechnica.com/information-technology/2019/05/microsoft-warns-wormable-windows-bug-could-lead-to-another-wannacry/
https://thehackernews.com/2019/05/bluekeep-rdp-vulnerability.html
https://blogs.technet.microsoft.com/msrc/2019/05/30/a-reminder-to-update-your-systems-to-prevent-a-worm/
https://arstechnica.com/information-technology/2019/05/microsoft-says-its-confident-an-exploit-exists-for-wormable-bluekeep-flaw/
https://blog.erratasec.com/2019/05/almost-one-million-vulnerable-to.html
https://arstechnica.com/information-technology/2019/05/why-a-windows-flaw-patched-nine-days-ago-is-still-spooking-the-internet/
https://securityledger.com/2019/05/microsoft-bluekeep-flaw-threatens-medical-devices-iot/

http://newsroom.questdiagnostics.com/AMCADataSecurityIncident
https://www.huffpost.com/entry/quest-diagnostics-data-breach_n_5cf54eaae4b0e346ce8267f7?ncid=tweetlnkushpmg00000067
https://techcrunch.com/2019/06/03/quest-diagnostics-breach/
https://www.chicagotribune.com/business/ct-quest-data-hack-1214-biz-20161213-story.html

https://www.zdnet.com/article/wwdc-2019-apple-debuts-new-privacy-features-in-ios-13/
https://9to5mac.com/2019/06/03/apple-launches-sign-in-with-apple-button-for-apps-no-tracking-login/
https://www.zdnet.com/article/wwdc-2019-apple-announces-sign-in-with-apple-feature/
https://threatpost.com/wwdc-2019-apple-facebook-privacy/145290/

Hak5
Ring Doorbells Create a Surveillance State - ThreatWire
https://youtube.com/watch?v=0sHdPjrREi0
Published : 11 Jun 2019 Duration  : 09:59

Windows Zero Day ByeBear Posted to Bypass Windows Patch
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841
https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/
https://threatpost.com/sandboxescaper-byebear-windows-bypass/145470/
https://www.zdnet.com/article/windows-10-zero-day-details-published-on-github/
https://www.microsoft.com/en-us/msrc/bounty
Amazon Ring Doorbell used by police for surveillance network
https://blog.ring.com/2019/02/14/how-rings-neighbors-creates-safer-more-connected-communities/
https://www.theinformation.com/go/b7668a689a
https://www.cnet.com/features/amazons-helping-police-build-a-surveillance-network-with-ring-doorbells/
https://www.vice.com/en_us/article/evkgpw/smart-doorbell-company-ring-is-working-with-cops-to-report-suspicious-people-and-activities
https://www.businessinsider.com/amazon-ring-video-doorbell-footage-used-by-police-report-2019-6
https://www.cnet.com/news/these-laws-make-police-get-public-buy-in-on-surveillance-tools/
https://www.cnet.com/news/amazons-ring-takes-heat-for-considering-facial-recognition-for-its-video-doorbells/
https://www.vice.com/en_us/article/pajm5z/amazon-home-surveillance-company-ring-law-enforcement-advertisements
238 Google Play apps found with malicious code
https://arstechnica.com/information-technology/2019/06/238-google-play-apps-with-440-million-installs-made-phones-nearly-unusable/
https://threatpost.com/android-completely-obnoxious-pop-ups/145390/
https://blog.lookout.com/beitaplugin-adware
https://www.zdnet.com/article/440-million-android-users-installed-apps-with-an-aggressive-advertising-plugin/

Hak5
RAMBleed Steals Crypto Keys; Yubikeys Recalled - ThreatWire
https://youtube.com/watch?v=Am4GmkdtKQs
Published : 18 Jun 2019, Duration  : 10:01
RAMBleedshoutout to CypherDragon:
https://access.redhat.com/articles/1377393
https://rambleed.com/
https://rambleed.com/docs/20190603-rambleed-web.pdf
https://arstechnica.com/information-technology/2019/06/researchers-use-rowhammer-bitflips-to-steal-2048-bit-crypto-key/
https://threatpost.com/rambleed-side-channel-privileged-memory/145629/
https://thehackernews.com/2019/06/rambleed-dram-attack.html
Yubikeys
https://www.yubico.com/support/security-advisories/ysa-2019-02/
https://www.zdnet.com/article/yubico-to-replace-vulnerable-yubikey-fips-security-keys/
https://www.yubico.com/replaceorder/

Hak5
Amazon Surveillance Delivery Drones; Patch Linux! - ThreatWire
https://youtube.com/watch?v=fCzu0LYZFwQ
Published : 25 Jun 2019  Duration  : 08:14
Firefox Zero Day:
https://www.zdnet.com/article/mozilla-patches-firefox-zero-day-abused-in-the-wild/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/
https://www.zdnet.com/article/mozilla-fixes-second-firefox-zero-day-exploited-in-the-wild/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
https://www.zdnet.com/article/firefox-zero-day-was-used-in-attack-against-coinbase-employees-not-its-users/
https://twitter.com/SecurityGuyPhil/status/1141466335592869888
https://threatpost.com/mozilla-patches-firefox-critical-flaw-under-active-attack/145814/
Amazon Drones:
https://www.cnet.com/news/amazon-granted-patent-for-surveillance-drones-service/
https://www.zdnet.com/article/amazon-patent-suggests-surveillance-as-a-service-could-be-future-offering/
https://www.businessinsider.com/amazon-wins-patent-for-surveillance-drones-2019-6
Linux Vulns:
https://arstechnica.com/information-technology/2019/06/new-vulnerabilities-may-let-hackers-remotely-sack-linux-and-freebsd-systems/
https://threatpost.com/linux-kernel-bug-pcs-iot-offline/145797/
https://www.zdnet.com/article/netflix-to-linux-users-patch-sack-panic-kernel-bug-now-to-stop-remote-attacks/
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md


Hak5
Big Problems for OpenPGP - ThreatWire
https://youtube.com/watch?v=iQwUIgfeFrw
Published : 09 Jul 2019  Duration  : 09:24
Links:
https://www.nytimes.com/2019/07/02/technology/china-xinjiang-app.html
https://www.vice.com/en_us/article/7xgame/at-chinese-border-tourists-forced-to-install-a-text-stealing-piece-of-malware
https://github.com/motherboardgithub/bxaq
https://www.cnet.com/news/china-is-reportedly-scanning-tourists-phones-with-malware/
https://threatpost.com/pgp-ecosystem-targeted-in-poisoning-attacks/146240/
https://www.vice.com/en_us/article/8xzj45/someone-is-spamming-and-breaking-a-core-component-of-pgps-ecosystem
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html
https://www.cnet.com/news/alexa-privacy-concerns-prompt-senator-to-seek-answers-from-amazon-ceo-jeff-bezos/
https://www.cnet.com/news/amazon-alexa-keeps-your-data-with-no-expiration-date-and-shares-it-too/
https://www.theverge.com/2019/7/3/20681423/amazon-alexa-echo-chris-coons-data-transcripts-recording-privacy
https://www.cnet.com/how-to/you-can-finally-delete-most-of-your-amazon-echo-transcripts-heres-how/

Hak5
WPA3 Passwords Still Vulnerable To Hacks, Capital One Hack Breakdown - ThreatWire
https://youtube.com/watch?v=RdEVE-IUJpo
Published: 06 Aug 2019  Duration: 11:05
Capital One breach, WPA3 is still vulnerable to hacks, and US utility companies are targeted in attacks!
WPA3 Hacking
https://www.zdnet.com/article/dragonblood-vulnerabilities-disclosed-in-wifi-wpa3-standard/
https://www.zdnet.com/article/new-dragonblood-vulnerabilities-found-in-wifi-wpa3-standard/
https://thehackernews.com/2019/08/hack-wpa3-wifi-password.html
https://wpa3.mathyvanhoef.com/#new
https://eprint.iacr.org/2019/383.pdf
US Utilities targeted in hack
https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks
https://arstechnica.com/information-technology/2019/08/new-advanced-malware-possibly-nation-sponsored-is-targeting-us-utilities/
https://www.zdnet.com/article/suspected-state-sponsored-hacking-group-tried-to-break-into-us-utilities/
https://www.cyberscoop.com/apt-10-utilities-phishing-proofpoint/
Capital One
https://www.cyberscoop.com/capital-one-cybersecurity-data-breach-what-went-wrong/
https://www.prnewswire.com/news-releases/capital-one-announces-data-security-incident-300892738.html
https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/
https://www.capitalone.com/applications/responsible-disclosure/
https://www.justice.gov/usao-wdwa/press-release/file/1188626/download
https://techcrunch.com/2019/07/31/capital-one-breach-vodafone-ford-researchers/
https://www.scribd.com/document/420587413/GitHub-CapitalOne-Complaint
https://www.cyberscoop.com/capital-one-data-breach-credit-freeze-credit-cards/
ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire

DEF CON 2019: How To Hack A Canon Camera - ThreatWire
https://youtube.com/watch?v=l6MefN0bw2A
Published : 14 Aug 2019 Duration : 08:18
Steam Vulnerability:
https://www.bleepingcomputer.com/news/security/steam-zero-day-vulnerability-affects-over-100-million-users/
https://threatpost.com/gamers-zero-day-steam-client-affects-windows/147225/
https://amonitoring.ru/article/steamclient-0day/
https://twitter.com/enigma0x3/status/1159103239729471488
Canon DSLR Hacking:
https://thehackernews.com/2019/08/dslr-camera-hacking.html
https://asia.canon/en/support/security-advisory-ptp-communication-and-firmware-functions/notice
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
https://threatpost.com/hack-of-a-canon-eos-80d-dslr/147214/
Fingerprint on Android:
https://thehackernews.com/2019/08/android-local-user-verification.html
https://security.googleblog.com/2019/08/making-authentication-even-easier-with_12.html
https://arstechnica.com/information-technology/2019/08/google-lets-android-users-skip-the-password-when-logging-in/
https://www.cnet.com/news/google-now-offers-no-password-login-if-you-have-android-phone/

Hak5
Valve Apologizes to Banned Security Researcher - ThreatWire
https://youtube.com/watch?v=fYlkXrkvlrI
Duration  : 08:27  Published : 27 Aug 2019
Hacker must pay back 1 million euros:
https://www.theguardian.com/technology/2019/aug/23/bitcoin-seized-hacker-grant-west-uk-compensate-victims
https://thehackernews.com/2019/08/hacker-phishing-bitcoin.html
https://www.zdnet.com/article/police-to-sell-hackers-1-1-million-bitcoin-stash-to-compensate-victims/
http://news.met.police.uk/news/more-than-900000-pounds-confiscated-from-from-cyber-hacker-379015?hootPostID=11032480c2ac425d16457361a6932540
Valve:
https://threatpost.com/gamers-zero-day-steam-client-affects-windows/147225/
https://hackerone.com/valve
https://amonitoring.ru/article/onemore_steam_eop_0day/
https://threatpost.com/researcher-discloses-second-steam-zero-day-after-valve-bug-bounty-ban/147593/
https://www.zdnet.com/article/researcher-publishes-second-steam-zero-day-after-getting-banned-on-valves-bug-bounty-program/
https://twitter.com/enigma0x3/status/1160961861560479744
https://arstechnica.com/information-technology/2019/08/valve-says-turning-away-researcher-reporting-steam-vulnerability-was-a-mistake/
https://www.zdnet.com/article/valve-patches-recent-steam-zero-days-calls-turning-away-researcher-a-mistake/
Homomorphic encryption:
https://www.cyberscoop.com/homomorphic-encryption-nsa-silicon-valley-commercial/
https://www.microsoft.com/en-us/research/blog/the-microsoft-simple-encrypted-arithmetic-library-goes-open-source/
https://www.intel.ai/he-transformer-for-ngraph-enabling-deep-learning-on-encrypted-data/#gs.yi2ofi
https://www.theregister.co.uk/2018/03/08/ibm_faster_homomorphic_encryption/
https://www.cyberscoop.com/homomorphic-encryption-standards-intel-microsoft-google/
http://homomorphicencryption.org/aug-17-2019-homomorphicencryption-org-standards-meeting/#

Hak5
SIM Jacking Can Steal Device Data - ThreatWire
https://youtube.com/watch?v=AoXpWbYGwf0
Published : 17 Sep 2019, Duration: 09:04
3rd Party Cookies
https://blog.mozilla.org/blog/2019/09/03/todays-firefox-blocks-third-party-tracking-cookies-and-cryptomining-by-default/
https://private-network.firefox.com
https://thehackernews.com/2019/09/firefox-privacy-vpn-service.html
https://www.cnet.com/news/mozilla-tests-firefox-vpn-service-to-help-protect-your-privacy/
SIM JACKER
https://simjacker.com
https://thehackernews.com/2019/09/simjacker-mobile-hacking.html
https://threatpost.com/1b-mobile-users-vulnerable-to-ongoing-simjacker-surveillance-attack/148277/
https://www.zdnet.com/article/new-simjacker-attack-exploited-in-the-wild-to-track-users-for-at-least-two-years/
https://www.cyberscoop.com/simjacker-mobile-phone-vulnerability/
DNS over HTTPS
https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html
https://www.chromium.org/developers/dns-over-https
https://thehackernews.com/2019/09/chrome-dns-over-https.html
https://www.zdnet.com/article/google-to-run-dns-over-https-doh-experiment-in-chrome/

Hak5
Jailbreak Your iPhone! DoorDash Gets Hacked, and an Update to SIM Jacker - ThreatWire
https://youtube.com/watch?v=Uw0V_MWnSzE
Published:01 Oct 2019Duration :08:58DoorDash:
DoorDash:
https://blog.doordash.com/important-security-notice-about-your-doordash-account-ddd90ddf5996
https://www.zdnet.com/article/personal-info-on-nearly-5m-doordash-users-merchants-drivers-exposed/
https://www.vice.com/en_us/article/pa97g7/xnore-copy9-stalkerware-data-breach-thousands-victims
https://arstechnica.com/information-technology/2019/09/doordash-hack-spills-loads-of-data-for-4-9-million-people/
https://www.businessinsider.com/doordash-data-breach-hack-how-to-check-if-youre-affected-2019-9
iPhone Jailbreak:
https://twitter.com/axi0mX/status/1177542201670168576
https://arstechnica.com/information-technology/2019/09/unpatchable-bug-in-millions-of-ios-devices-exploited-developer-claims/
https://threatpost.com/ios-exploit-checkm8-could-allow-permanent-iphone-jailbreaks/148762/
https://www.wired.com/story/ios-exploit-jailbreak-iphone-ipad/
https://github.com/axi0mX/ipwndfu
Simjacker:
https://www.vice.com/en_us/article/qvgzqw/researchers-think-they-know-how-many-phones-are-vulnerable-to-simjack
er-attacks
https://srlabs.de/bites/sim_attacks_demystified/
https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html
https://www.zdnet.com/article/new-sim-card-attack-disclosed-similar-to-simjacker/

Hak5
Android Zero Day Actively Exploited In the Wild! - ThreatWire
https://youtube.com/watch?v=uaFbzTDk8SI
Published:08 Oct 2019 Duration:10:21

https://www.buzzfeednews.com/article/ryanmac/bill-barr-facebook-letter-halt-encryption
https://www.facebook.com/notes/mark-zuckerberg/a-privacy-focused-vision-for-social-networking/10156700570096634/
https://www.cnet.com/news/the-uss-renewed-calls-for-backdoor-access-to-encryption-has-all-the-same-flaws/
https://www.cyberscoop.com/facebook-encryption-william-barr-letter/
https://threatpost.com/ag-barr-facebook-dont-encrypt-messaging/148913/
https://www.cnet.com/news/governments-call-on-facebook-to-pause-encryption-efforts/
https://www.zdnet.com/article/signal-fixes-facetime-like-eavesdropping-bug/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1943
https://www.vice.com/en_us/article/3kx7n8/signal-bug-could-have-let-hackers-listen-to-android-users-via-microphone
https://thehackernews.com/2019/10/signal-messenger-bug.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1942
https://www.zdnet.com/article/google-finds-android-zero-day-impacting-pixel-samsung-huawei-xiaomi-devices/
https://thehackernews.com/2019/10/android-kernel-vulnerability.html
https://threatpost.com/google-warns-of-zero-day/148924/
https://www.cnet.com/news/android-exploit-leaves-some-pixel-galaxy-phones-vulnerable-to-hacks/
https://arstechnica.com/information-technology/2019/10/attackers-exploit-0day-vulnerability-that-gives-full-control-of-android-phones/

NordVPN Was Hacked, Google Pixel 4 Face Unlock to Receive Update - ThreatWire
https://youtube.com/watch?v=NjalaWjqdg4
Duration  : 09:50  Published : 22 Oct 2019
ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire 
Links:
https://news.samsung.com/global/statement-on-fingerprint-recognition-issue
https://www.thesun.co.uk/tech/10127908/samsung-galaxy-s10-screen-protector-ebay/
https://www.vice.com/en_us/article/59nqdb/samsung-galaxy-s10-vault-like-security-beaten-by-a-dollar3-screen-protector
https://www.reuters.com/article/us-samsung-elec-smartphone/samsung-to-patch-galaxy-s10-fingerprint-problem-idUSKBN1WW0Q5
https://www.cnet.com/news/samsung-promises-to-fix-galaxy-s10-fingerprint-unlock-bug/
https://www.zdnet.com/article/google-pixel-4s-face-unlock-works-even-if-you-have-your-eyes-closed/
https://www.cnet.com/news/pixel-4-face-unlock-works-even-when-your-eyes-are-closed-unconscious-dead-google-patch-months-away/
https://www.zdnet.com/article/facial-recognition-doesnt-work-as-intended-on-42-of-110-tested-smartphones/
https://www.zdnet.com/article/google-to-roll-out-update-in-the-coming-months-to-fix-pixel-4-face-unlock-bypass/
https://www.theverge.com/2019/10/20/20924143/google-pixel-4-face-unlock-eyes-security-update-coming-months
https://www.cyberscoop.com/samsung-fingerprint-flaw-google-pixel-biometric-security/

https://www.theverge.com/2019/10/17/20917988/ron-wyden-facebook-privacy-data-regulation-do-not-track
https://www.zdnet.com/article/us-senator-introduces-privacy-bill-that-would-jail-ceos-for-user-privacy-violations/
https://threatpost.com/execs-jail-time-privacy-violations/149334/
https://www.cnet.com/news/senator-proposes-data-privacy-bill-with-serious-punishments/

https://nordvpn.com/blog/official-response-datacenter-breach/
https://www.zdnet.com/article/nordvpn-confirms-data-center-breach/
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
https://www.cnet.com/news/popular-vpn-service-nordvpn-confirms-datacenter-breach/

Adobe Creative Cloud Exposes Data for 7 Million+ Users - ThreatWire
https://youtube.com/watch?v=45pG1WhhsB4
Duration  : 06:56 Published : 29 Oct 2019
AWS Capital One Breach
https://www.cyberscoop.com/warren-wyden-aws-capital-one-breach/
https://www.cnet.com/news/warren-and-wyden-call-for-ftc-investigation-on-amazon-over-capital-one-breach/
Adobe:
https://www.comparitech.com/blog/information-security/7-million-adobe-creative-cloud-accounts-exposed-to-the-public/
https://theblog.adobe.com/security-update/
https://threatpost.com/adobe-creative-cloud-users-exposed-hackers/149563/
https://thehackernews.com/2019/10/adobe-database-leaked.html
PHP Flaw:
https://thehackernews.com/2019/10/nginx-php-fpm-hacking.html
https://github.com/neex/phuip-fpizdam
https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/

BlueKeep Attacks Surfacing; Persistent Malware on Android - ThreatWire
https://youtube.com/watch?v=CPlRvj_r5xA
Duration  : 09:02 Published : 05 Nov 2019
Hacking Telecom
https://thehackernews.com/2019/10/sms-spying-malware.html
https://arstechnica.com/information-technology/2019/10/researchers-unearth-malware-that-siphoned-sms-texts-out-of-telcos-network/
https://threatpost.com/china-hackers-spy-texts-messagetap-malware/149761/
https://www.zdnet.com/article/chinese-hackers-developed-malware-to-steal-sms-messages-from-telcos-network/
https://www.cyberscoop.com/chinese-hacking-group-breached-telecom-monitor-targets-texts-phone-metadata/
https://content.fireeye.com/apt-41/rpt-apt41/
BlueKeep
https://www.wired.com/story/microsoft-bluekeep-patched-too-slow/
https://threatpost.com/bluekeep-attacks-have-arrived-are-initially-underwhelming/149829/
https://www.zdnet.com/article/bluekeep-attacks-are-happening-but-its-not-a-worm/
https://thehackernews.com/2019/11/bluekeep-rdp-vulnerability.html
https://www.wired.com/story/bluekeep-hacking-cryptocurrency-mining/
45k Androids infected w/ malware
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware 
https://blog.malwarebytes.com/android/2019/08/mobile-menace-monday-android-trojan-raises-xhelper/
https://thehackernews.com/2019/10/remove-xhelper-android-malware.html
https://threatpost.com/android-malware-45k-devices-mystery/149654/

Hacking Smart Speakers With Lasers - ThreatWire
https://youtube.com/watch?v=LA0L0cyGkj0
Duration09:22 Published:13 Nov 2019
Ring doorbell:
https://www.bitdefender.com/files/News/CaseStudies/study/294/Bitdefender-WhitePaper-RDoor-CREA3949-en-EN-GenericUse.pdf
https://thehackernews.com/2019/11/ring-doorbell-wifi-password.html
https://arstechnica.com/information-technology/2019/11/ring-patches-total-lack-of-password-security-during-setup/
https://threatpost.com/amazon-fixes-ring-video-doorbell-flaw-that-leaked-wi-fi-credentials/150029/
https://www.zdnet.com/article/amazon-fixes-ring-video-doorbell-wi-fi-security-vulnerability/
https://www.cyberscoop.com/ring-doorbell-wi-fi-flaw/
MacOS Email:
boberito/apple-mail-stores-encrypted-emails-in-plain-text-database-fix-included-3c2369ce26d4">https://medium.comboberito/apple-mail-stores-encrypted-emails-in-plain-text-database-fix-included-3c2369ce26d4
https://threatpost.com/encrypted-emails-on-macos-found-stored-in-unprotected-way/150065/
https://www.zdnet.com/article/apple-mail-on-macos-leaves-parts-of-encrypted-emails-in-plaintext/
https://www.cyberscoop.com/apple-mail-vulnerability-encryption-macos/
https://www.theverge.com/2019/11/8/20954130/apple-mail-encrypted-unencrypted-email-macos-siri-text
Lasers:
https://lightcommands.com/20191104-Light-Commands.pdf
https://www.cnet.com/news/lasers-can-seemingly-hack-alexa-google-home-and-siri/
https://thehackernews.com/2019/11/hacking-voice-assistant-laser.html
https://www.vice.com/en_us/article/3kxwvy/alexa-siri-and-google-assistant-can-be-hacked-remotely-with-lasers

Android Pixel, Samsung Cameras Vulnerable to Hijacking! - ThreatWire
https://youtube.com/watch?v=k2JcazwM33k
Duration:09:32 Published:26 Nov 2019

https://www.oneplus.com/uk/support/faq22119102
https://forums.oneplus.com/threads/security-notification.1144088/
https://www.cyberscoop.com/oneplus-breach-phone-hack/
https://www.zdnet.com/article/smartphone-maker-oneplus-discloses-data-breach/
https://www.zdnet.com/article/oneplus-confirms-hack-exposed-credit-cards-of-phone-buyers/
https://thehackernews.com/2019/11/oneplus-store-data-breach.html

https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
https://www.cyberscoop.com/voice-assistant-flaws-checkmarx-google-assistant-samsung-bixby/
https://www.zdnet.com/article/android-vulnerability-lets-rogue-apps-take-photos-record-video-even-if-your-phone-is-locked/
https://threatpost.com/google-android-camera-hijack-hack/150409/
https://arstechnica.com/information-technology/2019/11/google-samsung-fix-android-spying-flaw-other-makers-may-still-be-vulnerable/
https://thehackernews.com/2019/11/android-camera-hacking.html

https://www.t-mobile.com/customers/6305378822
https://thehackernews.com/2019/11/t-mobile-prepaid-data-breach.html
https://www.zdnet.com/article/t-mobile-discloses-security-breach-impacting-prepaid-customers/
https://techcrunch.com/2019/11/22/more-than-1-million-t-mobile-customers-exposed-by-breach/
https://www.cnet.com/news/t-mobile-customers-personal-information-exposed-in-hack/

StrandHogg Gets an Android StrongHold - ThreatWire
https://youtube.com/watch?v=ED_xOP2WNXg
Duration:11:02 Published:03 Dec 2019
Mixcloud data breach:
https://www.vice.com/en_us/article/7x5g4q/mixcloud-investigating-data-breach-allegedly-impacting-21-million-users
https://www.zdnet.com/article/data-of-21-million-mixcloud-users-put-up-for-sale-on-the-dark-web/
https://blog.mixcloud.com/2019/11/30/mixcloud-security-notice/
Android vuln:
https://thehackernews.com/2019/12/strandhogg-android-vulnerability.html
https://www.zdnet.com/article/android-new-strandhogg-vulnerability-is-being-exploited-in-the-wild/
https://promon.co/security-news/strandhogg/
https://www.androidcookbook.info/android-1-6-sdk/the-allowtaskreparenting-attribute.html
TrueDialog Database:
https://threatpost.com/insecure-database-exposes-millions-of-private-sms-messages/150706/
https://www.vpnmentor.com/blog/report-truedialog-leak/?=truedialog-exposed-data

Hijacking VPNs on Linux Distros - ThreatWire
https://youtube.com/watch?v=IBeuf1lHulc
Duration:10:23Published:11 Dec 2019
Links:
https://krebsonsecurity.com/2019/12/the-iphone-11-pros-location-data-puzzler/
https://www.cnet.com/news/iphone-11-pro-discovered-to-still-seek-user-location-data-despite-settings/
https://www.cnet.com/news/apple-iphone-feature-needs-your-location-even-when-you-dont-share-it/
https://discussions.apple.com/thread/250665845
https://krebsonsecurity.com/2019/12/apple-explains-mysterious-iphone-11-location-requests/
https://techcrunch.com/2019/12/05/apple-ultra-wideband-newer-iphones-location/
https://www.theverge.com/2019/12/5/20997338/apple-ultra-wideband-u1-chip-iphone-11-pro-location-data-request-privacy-issue
https://seclists.org/oss-sec/2019/q4/122
https://www.zdnet.com/article/new-vulnerability-lets-attackers-sniff-or-hijack-vpn-connections/
https://threatpost.com/linux-bug-vpns-hijacking/150891/
https://thehackernews.com/2019/12/linux-vpn-hacking.html
https://objective-see.com/blog/blog_0x51.html
https://arstechnica.com/information-technology/2019/12/north-koreas-lazarus-hackers-up-their-game-with-fileless-mac-malware/

Intel CPUs Attacked by Plundervolt - ThreatWire
https://youtube.com/watch?v=3WD6P46Asbo
Duration:09:59 Published:17 Dec 2019
FIN8 Fuel Pumps:
https://threatpost.com/fin8-targets-card-data-fuel-pumps/151105/
https://www.zdnet.com/article/visa-warns-of-pos-malware-incidents-at-gas-pumps-across-north-america/
https://www.documentcloud.org/documents/6575126-Visa-Security-Alert-CYBERCRIME-GROUPS-TARGETING.html
PlunderVolt:
https://plundervolt.com/
https://threatpost.com/intel-cpus-plundervolt-attack/151006/
https://arstechnica.com/information-technology/2019/12/scientists-pluck-crypto-keys-from-intels-sgx-by-tweaking-cpu-voltage/
https://www.zdnet.com/article/new-plundervolt-attack-impacts-intel-cpus/
https://github.com/KitMurdock/plundervolt
Amazon Cameras:
https://www.cnet.com/news/set-up-two-factor-authentication-to-keep-your-ring-camera-from-getting-hacked/
https://www.vice.com/en_us/article/3a88k5/how-hackers-are-breaking-into-ring-cameras
https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast
https://threatpost.com/amazon-blink-smart-camera-flaws/150962/
https://www.cyberscoop.com/blink-amazon-camera-tenable-iot-flaws/

10 Biggest Hacks of 2019 - ThreatWire
https://youtube.com/watch?v=DX7PxFPUmTw
Duration:09:16Published:24 Dec 2019
Links:
https://www.zdnet.com/article/adobe-left-7-5-million-creative-cloud-user-records-exposed-online/
https://techcrunch.com/2019/08/31/china-google-iphone-uyghur/ 
https://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/ 
https://www.bloomberg.com/news/articles/2019-06-17/american-medical-collection-agency-parent-files-for-bankruptcy 
https://www.upguard.com/breaches/facebook-user-data-leak 
https://www.dailymail.co.uk/sciencetech/article-6864029/Biggest-breach-recorded-982-MILLION-peoples-personal-information-exposed.html 
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/ 
https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/ 
https://www.nytimes.com/2019/07/29/business/capital-one-data-breach-hacked.html 
https://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/

SHA-1 Is Terrible, Cable Modems Haunted By Flaw, SIM Swapping Gets Worse - ThreatWire
https://youtube.com/watch?v=HyyQAx8enMs
Duration:10:12 Published:14 Jan 2020
A major vulnerability affects modems, SIM swapping is still a huge threat, and SHA1 Still Sucks!
Cable Haunt:
https://threatpost.com/cable-haunt-remote-code-execution/151756/
https://www.zdnet.com/article/hundreds-of-millions-of-cable-modems-are-vulnerable-to-new-cable-haunt-vulnerability/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19494
https://cablehaunt.com/
https://github.com/Lyrebirds/sagemcom-fast-3890-exploit
SIM Swapping:
https://www.zdnet.com/article/academic-research-finds-five-us-telcos-vulnerable-to-sim-swapping-attacks/
https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf
https://www.issms2fasecure.com/dataset
https://www.vice.com/en_us/article/5dmbjx/how-hackers-are-breaking-into-att-tmobile-sprint-to-sim-swap-yeh
https://www.vice.com/en_us/article/k7e8xx/sim-swapping-indictments-pile-up-as-congress-begs-the-fcc-to-do-more
SHA1:
https://en.wikipedia.org/wiki/SHA-1
https://arstechnica.com/information-technology/2020/01/pgp-keys-software-security-and-much-more-threatened-by-new-sha1-exploit/
https://eprint.iacr.org/2020/014.pdf

Citrix Patches Major Vulnerability; Windows Patches NSA Reported Bug - ThreatWire
https://youtube.com/watch?v=uQUJv33_rsA
Duration:09:52 Published:21 Jan 2020
"A critical flaw in Citrix is finally patched, the NSA reports a major windows bug, and half a million usernames and passwords were leaked! All that coming up now on
ThreatWire."

Links:
Citrix:
https://www.cyberscoop.com/citrix-adc-vulnerability-positive-technologies/
https://support.citrix.com/article/CTX267027
https://www.cyberscoop.com/citrix-vulnerability-patch-exploit/
https://thehackernews.com/2020/01/citrix-adc-gateway-exploit.html
https://github.com/trustedsec/cve-2019-19781
https://github.com/projectzeroindia/CVE-2019-19781
https://arstechnica.com/information-technology/2020/01/unpatched-citrix-vulnerability-now-exploited-patch-weeks-away/
https://www.us-cert.gov/ncas/current-activity/2020/01/13/cisa-releases-test-citrix-adc-and-gateway-vulnerability
https://www.zdnet.com/article/a-hacker-is-patching-citrix-servers-to-maintain-exclusive-access/
https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html
https://support.citrix.com/article/CTX267027
NSA Windows:
https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html
https://www.cnet.com/news/major-windows-10-security-flaw-reported-nsa-same-day-windows-7-support-ended/
https://www.cyberscoop.com/windows-10-vulnerability-nsa-public-disclosure/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
https://arstechnica.com/information-technology/2020/01/researcher-develops-working-exploit-for-critical-windows-10-vulnerability/
https://github.com/ollypwn/cve-2020-0601
https://threatpost.com/poc-exploits-published-for-microsoft-crypto-bug/151931/
https://threatpost.com/microsoft-patches-crypto-bug/151842/
PW Leak:
https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/

Honeypot ICS Network Tricks CyberCriminals - ThreatWire
Duration:10:04 Published:28 Jan 2020

Microsoft has a security blunder, a honeypot network tricks cybercriminals, and Jeff Bezos’ phone was hacked! All that coming up now on ThreatWire.

Microsoft’s Security Blunder via Joel:
https://msrc-blog.microsoft.com/2020/01/22/access-misconfiguration-for-customer-support-database/
https://www.engadget.com/2020/01/22/microsoft-database-exposure/
https://www.zdnet.com/article/microsoft-discloses-security-breach-of-customer-support-database/
https://www.cnet.com/news/microsoft-fixes-error-that-exposed-customer-database/
https://thehackernews.com/2020/01/microsoft-customer-support.html
Mock ICS:
https://documents.trendmicro.com/assets/white_papers/wp-caught-in-the-act-running-a-realistic-factory-honeypot-to-capture-real-threats.pdf
https://www.cyberscoop.com/trend-micro-honeypot-ransomware-factory-s4/
https://www.zdnet.com/article/ransomware-snooping-and-attempted-shutdowns-the-state-of-this-honeypot-shows-what-hackers-do-to-systems-left-unprotected-online/
https://threatpost.com/fake-smart-factory-honeypot-highlights-new-attack-threats/152170/
Bezos:
https://www.theguardian.com/technology/2020/jan/21/amazon-boss-jeff-bezoss-phone-hacked-by-saudi-crown-prince
https://arstechnica.com/information-technology/2020/01/report-bezos-phone-uploaded-gbs-of-personal-data-after-getting-saudi-princes-whatsapp-message/
https://www.theverge.com/2020/1/21/21075968/amazon-jeff-bezos-hacked-saudi-arabia-crown-prince-whatsapp-message
https://www.cnet.com/news/in-bezos-phone-hack-un-wants-answers-on-saudi-princes-alleged-role/
https://www.wyden.senate.gov/imo/media/doc/012220%20Wyden%20Jeff%20Bezos%20Saudi%20Hacking%20Letter.pdf
https://www.vice.com/en_us/article/v74v34/saudi-arabia-hacked-jeff-bezos-phone-technical-report
https://assets.documentcloud.org/documents/6668313/FTI-Report-into-Jeff-Bezos-Phone-Hack.pdf
https://www.cyberscoop.com/jeff-bezos-mbs-hack-fti-report-questions/



Hak5
Nvidia Patches Vulnerable Drivers and vGPUs; TikTok Caught! - ThreatWire
18,020 views •Premiered Jun 30, 2020
https://youtube.com/watch?v=9oPX4Y2KINw

EncroChat Encrypted Broken by Law Enforcement, Hundreds Arrested - ThreatWire
67,967 views•Jul 7, 2020
https://youtube.com/watch?v=niiTGFOpuUg

The Importance of the Twitter Hack, Explained - ThreatWire
20,243 views •Jul 21, 2020
https://youtube.com/watch?v=ld7euYtM7Yk

DJI’s Android App: Ripe for a Hack or Legitimate Usage? - ThreatWire
8,657 views •Jul 28, 2020
https://youtube.com/watch?v=15YTseZQyLc


Hak5
Rite Aid Used Facial Recognition Cameras; BootHole Hits GRUB2 - ThreatWire
10,663 views•Premiered Aug 4, 2020
https://youtube.com/watch?v=OIk58iXtUwQ
"Three have been arrested for the twitter hack, the BootHole vulnerability creates bigger problems, and Rite Aid used facial recognition technology in hundreds of stores!"

Satellite Comms Can Be Hacked; Intel Source Code Leaks - ThreatWire
https://youtube.com/watch?v=HdfXpxVM0IE
9,698 views•Premiered Aug 11, 2020
"Intel Source Code is Leaked, I’ve got news from Black Hat and DEF CON, and the NSA Warns of Location Data Exposure! "




So after weeks of people thinking they exit scammed... they're back! 
 
REMOVED
onion link did not work / spam promotion of something questionable.

ENDWALL: After a preliminary search about this topic, this is the information that I have found out:

https://www.darknetstats.com/deep-sea-market/

The darknet black market site DeepSea went offline for 15 days, and then came back online, people tried to recover their btc from escrow and couldn't, some claim they were able to.  Some claim that it's been taken down by LE and being used as a honey pot to catch people.  I don't know anymore about this than what I read in the comments section of the above link. but it seems wise to remain cautious and suspicious.  I don't use this market nor do I endorse it.

Hak5
How Attackers Hacked the Feds with VPN Vulnerabilities - ThreatWire
Sep 29, 2020 10:50
https://youtube.com/watch?v=kxlgrj8snaM
"An active directory flaw is being actively exploited, coffee makers can be hacked (which, are we surprised?), and a VPN vulnerability was used to hack the feds!"
Pay a Ransom for Ransomware? Pay a Penalty Too. - ThreatWire
https://youtube.com/watch?v=AdxgaV1SNZI
Oct 6, 2020 11:04
"Wanna pay that ransom? You might end up paying a penalty too. Medical services are being targeted by criminals, and phishing is getting smarter! "

Hak5
Linux Bluetooth Vulnerabilities, Barnes & Noble Hacked - ThreatWire
https://youtube.com/watch?v=Bs1aLstemP0
Oct 20, 2020 8:08
"Bluetooth vulnerabilities hit linux devices, the APT31 hacking group is mimicking McAfee Antivirus, and Barnes & Noble confirms a cyberattack!"
Ransomware for Charity?, Update GeForce Experience, and Hacking Campaigns Attributed - ThreatWire
https://youtube.com/watch?v=Nbwhhc5CCyg
Oct 27, 2020 9:11
"A ransomware gang donated $20000 to charity, Windows gamers - update Geforce Experience now to patch some security issues, and an election disinformation campaign is being attributed to hacking groups in another country!"

Hak5
Hospitals Targeted In Ransomware Campaigns - ThreatWire
https://youtube.com/watch?v=vndloinbALk
Nov 3, 2020 10:16
"Ransomware is hitting hospitals, home depot canada leaks customer data through no fault but their own, and researchers found a new way to extract security keys from Intel CPUs!"
Feds Seize $1 Billion from Famous Bitcoin Wallet - ThreatWire
https://youtube.com/watch?v=Br4_Ez-ONCc
Nov 10, 2020 9:00
"Feds Seize $1 Billion in Bitcoin, Apple Patches 3 Zero Days, and Election Security and California’s new Prop 24!"


Restaurant POS Hacks, DNS Cache Poisoning is Back!, Hackers Target Covid Vaccine Orgs - ThreatWire
https://youtube.com/watch?v=iJjrM3KlTjU
25,086 views•Nov 17, 2020
Teslas Can Be Hacked (Again!), RCS Messages + E2EE Coming 2021 Via Google - ThreatWire
https://youtube.com/watch?v=LxqNnKsQUeI
15,944 views•Dec 1, 2020
Covid-19 Vaccine Distributors Under Attack; iPhones Could Be Hacked Over Wi-Fi - ThreatWire
https://youtube.com/watch?v=MwGyz8UFCrs
15,098 views•Dec 8, 2020
SolarWinds - ThreatWire
https://youtube.com/watch?v=JkdHmqnxuZ8
20,120 views•Dec 15, 2020

Find out if the desktop computer you desire has included programs. You habit to know what they are. You dependence to know if it has a word processor or spreadsheet program that you will use. This is important to many for their work. Also, find out if the software included are full versions or demos. The demos expire after 30 or 90 days, which require you to buy the full versions yourself.


Zoom
https://www.justice.gov/opa/press-release/file/1347146/download

DOJ criminal complaint against a "Technology and Security Officer" for teleconferencing company Zoom, for spying, harassing and censoring American citizens using Zoom, at the request of the Chinese government.

Zoom
https://www.justice.gov/opa/pr/china-based-executive-us-telecommunications-company-charged-disrupting-video-meetings

https://blog.zoom.us/our-perspective-on-the-doj-complaint/


Hak5
Two Year Old Linux Backdoor Found, Microsoft Finds IoT Vulnerabilities - ThreatWire
https://youtube.com/watch?v=6d7EN1tbxQY
May 4, 2021
Microsoft finds a bunch of IoT vulnerabilities, a Linux backdoor existed for over two years undetected, and Emotet email addresses are now in have I been pwned! All that coming up now on ThreatWire. 
https://www.zdnet.com/article/linux-kernel-vulnerability-exposes-stack-memory/
https://threatpost.com/linux-kernel-bug-wider-cyberattacks/165640/

Hak5
Colonial Pipeline Hit With Ransomware; Apple AirTags Hacked - ThreatWire
https://youtube.com/watch?v=QjLvIDWnc3w
May 11, 2021
A Qualcomm SoC could be exploited by attackers, the US’s biggest gas pipeline is hit with ransomware, and Apple AirTags get hacked! 

https://www.cnet.com/news/fbi-says-darkside-hacking-group-responsible-for-pipeline-cyberattack/
https://threatpost.com/pipeline-crippled-ransomware/165963/




Где Вы ищите свежие новости? 
Лично я читаю и доверяю газете https://www.ukr.net/. 
Это единственный источник свежих и независимых новостей. 
Рекомендую и Вам

Translation to English: Where do you look for the latest news? Personally, I read and trust the newspaper https://www.ukr.net/. It is the only source of fresh and independent news. I recommend it to you



Post(s) action:


Moderation Help
Scope:
Duration: Days

Ban Type:


499 replies | 3 file
New Reply on thread #149
Max 20 files0 B total