keep moving – Page 21 – a blog on current news and trends in software, hardware and technology

Hack Brief: Yahoo Breach Hits Half a Billion Users

Post author By tongwing
Post date September 23, 2016

Largest password breach so far – 500M users.

After earlier reports of a cybercriminal hack that affected 200 million users, the real breach turns out to be far more serious.

Source: Hack Brief: Yahoo Breach Hits Half a Billion Users

[2016-09-29]: Defending Against Hackers Took a Back Seat at Yahoo, Insiders Say. ‘Cos it doesn’t affect the bottom line, no?

“Yahoo is already suffering. I don’t think they’ll suffer more because of this,” said Avivah Litan, a security analyst with the research firm Gartner.
Ouch.

Uncategorized

Beware: Windows 10 Signature Edition Blocks Installing Linux – FossBoss

Post author By tongwing
Post date September 21, 2016

Anti-competitive practice from Microsoft. Microsoft is apparently pressuring some hardware vendors to lock their BIOS to prevent installation of 3rd party OSes including Linux. Someone bought a Yoga 900 ISK2 and found that they can’t install Linux on it.

Just when you thought Microsoft is turning good – from all the open-source and Windows Subsystem for Linux efforts.

For you: If you see the “Windows 10 Signature Edition” badge on a laptop, DON’T BUY IT! You may not be able to install Linux (or any OS) on it, and there’s nothing you can do to the machine to change this currently.

Source: Beware: Windows 10 Signature Edition Blocks Installing Linux – FossBoss

Update (2016-09-22): Someone claims that the issue is overblown and that Ms isn’t forcing manufacturers to lock their BIOS. It’s Lenovo that is mishandling the whole thing.

Update (2016-09-22): Lenovo denies blocking installation of alternate OSes. Well they didn’t exactly block it. They just didn’t make it possible. If Lenovo wants to keep its customers happy it should release a BIOS patch that do exactly that.

Tags linux, microsoft

privacy security

The Dropbox hack is real

Post author By tongwing
Post date September 1, 2016

It’s not a suspect breach. Change your Dropbox password now.

Earlier today, Motherboard reported on what had been rumoured for some time, namely that Dropbox had been hacked. Not just a little bit hacked and not in that “someone has cobbled together a list of credentials that work on Dropbox” hacked either, but proper hacked to the tune of 68

Source: The Dropbox hack is real

security

The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender – The Citizen Lab

Post author By tongwing
Post date August 26, 2016

The dark side of the cybersecurity industry has surfaced once again – companies that provide cyberweapons to organizations with deep pockets. In this case, the cyberweapon is a chain of zero-day exploits that requires no more than clicking on a link from an SMS. Good thing the target is discerning enough not to click on it – which means a million dollars (or two, or three) is wasted.

This report describes how a government targeted an internationally recognized human rights defender, Ahmed Mansoor, with the Trident, a chain of zero-day exploits designed to infect his iPhone with sophisticated commercial spyware.

Source: The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender – The Citizen Lab

security

The NSA Leak Is Real, Snowden Documents Confirm

Post author By tongwing
Post date August 25, 2016

Yes any organization can be hacked. Even the NSA. The stolen cyberweapons – there may be more than one group who possess them – are now being auctioned publicly. This is why it’s a bad idea to add backdoors that only governments can use.

A never-before-published NSA manual makes it clear that malware released by a hacker group this week came from the spy agency.

Source: The NSA Leak Is Real, Snowden Documents Confirm

Uncategorized

Google launches 1-to-1 video calling app Duo

Post author By tongwing
Post date August 16, 2016

Google launches another video calling app. It’s not the app that caught my eyes though, but comments on Hacker News about Google’s culture:

Google culture is hiring the smartest or most motivated college grads, paying them to babysit legacy money printing systems built by the generation before them, then occasionally encouraging them to team up and clone popular services from other companies and startups.

The clones get passed around the campus for dogfooding until enough interest builds up and the project goes up the chain of command until a VP (at the time Marissa) signs off on it with notes on what to improve along with granting the necessary resources to spin it up.

Then if someone decides the project has legs they figure out how to engineer it for Google’s audience and launch. If it doesn’t work then the team disperse and move on to another project. Or it works and the team gets a moment in the sun.

Every single popular thing on the internet has a Google clone somewhere in the intranet.

privacy security

New air-gap jumper covertly transmits data in hard-drive sounds

Post author By tongwing
Post date August 12, 2016

Your secrets should be safe as long as your machine is not connected to any network right? Think again. There have been extremely innovative ways of transmitting information from unplugged (or what is known as air-gapped) computers to other devices, including:

using inaudible acoustic signals via built-in speakers
using GPU as a FM transmitter
wireless keyboard/mouse
computer fan

and now.. via the sound that a hard drive makes.

“DiskFiltration” siphons data even when computers are disconnected from the Internet.

Source: New air-gap jumper covertly transmits data in hard-drive sounds

security

A New Wireless Hack Can Unlock 100 Million Volkswagens

Post author By tongwing
Post date August 11, 2016

More bad news for Volkswagen.

A team of researchers has found that Volkswagen stores secret keys in car components that leave almost all its vehicles since 1995 vulnerable to theft.

Source: A New Wireless Hack Can Unlock 100 Million Volkswagens

security

Researchers crack open unusually advanced malware that hid for 5 years

Post author By tongwing
Post date August 10, 2016

Another impressive likely-state-sponsored malware. Data exfiltration from air-gapped machines is the holy grail of the malware world. If they succeeded this will be huge.

The malware—known alternatively as “ProjectSauron” by researchers from Kaspersky Lab and “Remsec” by their counterparts from Symantec—has been active since at least 2011 and has been discovered on 30 or so targets. Its ability to operate undetected for five years is a testament to its creators, who clearly studied other state-sponsored hacking groups in an attempt to replicate their advances and avoid their mistakes.

Source: Researchers crack open unusually advanced malware that hid for 5 years

security

Exclusive: Hackers accessed Telegram messaging accounts in Iran – researchers

Post author By tongwing
Post date August 3, 2016

It has long been known that telephony services like SMS are not secure. When your infrastructure provider is hostile it gets challenging to protect your users.

Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system, cyber researchers told Reuters.

Source: Exclusive: Hackers accessed Telegram messaging accounts in Iran – researchers