Posts tagged software
A Chinese Rebellion – How Activists are Stamping QR Codes on Currency to Fight Censorship
One of the most productive trends I have witnessed in 2014 to-date, consists of the increasingly creative ways that activists around the world are fighting back against the status quo (Bitcoin stole the show in this regard last year). The first example of this emerged from within the Ukraine, where protestors are holding up mirrors in front of police forces in order to show them exactly what they have become and what they look like. Here are three powerful examples:
While I am not naive enough to think this simple act will change the world, it is a very good start and a tactic activists around the world should emulate. It is far more effective than running around in a violent orgy destroying property. The only thing that serves to do is encourage the police to meet violence with violence, and it also turns a large percentage of the populace against the activists. By reflecting their images back upon them through the use of mirrors, the police are forced to see how ridiculous they look in comparison to the poorly dressed, freezing cold serfs they have been paid to control by the ruling oligarchy.
Interestingly, Chinese activists have discovered their own form of non-violent, creative and effective resistance. They are stamping QR codes on the national currency with a message to ”scan and download software to break the Internet firewall.” Brilliant.
More from Boing Boing:
An anonymous anti-censorship group is stamping Chinese banknotes with a QR code and the message “Scan and download software to break the Internet firewall.” The stamps encode a URL for Freegate, a firewall-busting service. The stamps are widely suspected to be the work of Falun Gong, an outlawed religious sect that has a long history of supplying anti-censorship technology inside of mainland China, both to supply access to its own censored websites and to advertise the virtues of its belief-system to Chinese Internet users who are more interested in beating censorship than religion.
Full article here.
Follow Mike on Twitter.
Image credit: http://libertyblitzkrieg.com
When Refrigerators Attack
Published by NextNewsNetwork
About: In the first proven attack of its kind in history, a refrigerator has been used to hack into computers. The home appliance was used to send spam emails in a cyber-attack in December.
From December 23rd through January 6th, smart home electronics were infected with botnet software, which connected the devices through the internet. The connections also scooped up the processing power of routers, televisions and multimedia centers.
Evidence of the hacking was uncovered by the security firm Proofpoint. The groups stated that home appliances are often less secure than PC, tablets and other devices. This could make them a more common target for hackers as the next generation of devices becomes more popular.
David Knight, spokesman for ProofPoint, said “Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come online and attackers find additional ways to exploit them.”
The emails sent carried the malware used to grow the size of the network. Until recently, most computer experts considered such attacks to be a theoretical possibility. This is the first time such an attack has been carried out.
At the Consumer Electronics Show earlier this month, manufacturers showed off a number of new internet-connected devices, including a smart toothbrush. Google recently purchased Nest, a manufacturer of intelligent smoke alarms.
By the year 2020, as many as 30 billion internet-connected devices will be in use around the world.
Knight said, “I don’t think a consumer should be expected to know and fix if their refrigerator has been compromised. The industry is going to have to do a better job of securing these devices.”
With the market for home appliances growing so quickly, stories of hacking such devices will soon become common. Just be glad that for now, you can get a glass of orange juice out of your refrigerator without hearing about a multimillion dollar inheritance from a Nigerian prince.
Download your free Next News “Heroes & Villains” Poster here: http://nextnewsnetwork.com/the-2013-h…
Meet the Next News Team: http://youtu.be/2QnNKwQ2WkY
Tech Corps Form Alliance to Push the Internet of Everything
If the AllSeen Alliance (ASA) has it their way, all of our home appliances, cars and computers will be speaking to each other because of open source frame working that has become the cornerstone of consumer electronics.
This software framework was developed by Qualcomm under project AllJoyn which was intended to connect and interact with systems regardless of whether or not the manufacturer installed an operating system in the unit.
Supporters of the ASA are:
• Linux Foundation
• LG Electronics
Jim Zemlin explained: “Qualcomm has contributed the AllJoyn code to the AllSeen Alliance, which will own the copyright, allowing the project to take on a broader scope. The open source community can also contribute.”
Called the Internet of Everything (IoE), ASA views their project as “h an open, universal development framework supported by a vibrant ecosystem and thriving technical community.”
The concept of IoE “is based on the idea that devices, objects and systems can be connected in simple, transparent ways to enable seamless sharing of information across all of them. As no single company can accomplish the level of interoperability required to support the Internet of Everything and address every day, real-life scenarios, a cross-industry effort is needed to deliver new experiences to consumers and businesses.”
The shared framework would link your car to your coffeemaker and your cellphone to make these devices interoperable and communicative; regardless of whether to not the manufacturer intended this to be true.
Navetas , a UK start-up, is working on a new smart meter that will track energy use by distinguishing between a television, refrigerator and other household appliances.
Called energy disaggregation, the computer algorithms learn how much power each appliance in a home uses and how often it is used.
This information can be sent to a smartphone and to the utilities corporation.
Chris Saunders, chief executive officer of Navetas, explained the technology: “We go into a process where we identify the core elements of an appliance — for instance, we can identify heating loads, induction motor loads, consumer electronics loads and things like that. We then look at associations between all of those within the home to piece together what is occurring, and to identify discrete appliances.”
Jason Huntley, an information technologies consultant in the UK revealed how the LG smart television sends customer surveillance data to LG Electronics Inc.
Huntley explained: “the company continued to collect which channel he was watching even after he disabled the information collection feature. The (LG) server acknowledges the successful receipt of this information back to the TV. The information appeared to be sent to LG unencrypted.”
In a part of the menu called “collection of watching info” Huntley discovered that regardless of turning the option off, data was still being sent to LG computer servers.
Huntley commented: “That’s a terrible implementation of the idea. It still sends the traffic but labels it saying I didn’t want it to be sent. It’s actually worse, I think, than if they’d not offered the opt-out in the first place since it allows the user to believe nothing is being sent.”
Other data stored included:
• Customer names of files
• Unique identification customer information
• Specialized tracking numbers for the specific TV
By utilizing a USB external drive, all this information could be taken directly from the unit.
LG responded to Huntley, saying: “As you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer.”
FBI pressures Internet providers to install surveillance software
The U.S. government is quietly pressuring telecommunications providers to install eavesdropping technology deep inside companies’ internal networks to facilitate surveillance efforts.
FBI officials have been sparring with carriers, a process that has on occasion included threats of contempt of court, in a bid to deploy government-provided software capable of intercepting and analyzing entire communications streams. The FBI’s legal position during these discussions is that the software’s real-time interception of metadata is authorized under the Patriot Act.
Attempts by the FBI to install what it internally refers to as “port reader” software, which have not been previously disclosed, were described to CNET in interviews over the last few weeks.
Teenage Prodigy Spurns MIT, Chooses Entrepreneurship
The Bulgarian immigrant comes from an exceptionally well-educated family in which he was expected to get an advanced college degree. His father, Tihomir Asparouhov, earned a doctorate in mathematics from the California Institute of Technology, and his mother, Elena, is an associate professor of finance at the University of Utah.
After high school, Delian was accepted at MIT – but he has since dropped out to launch a health care App called Nightingale, which will use mobile phones to help patients manage their medications.
Asparouhov developed the app with MIT student Eric Bakan – and their idea won a $100,000 fellowship funded by PayPal co-founder Peter Thiel. The Thiel Fellowship is given each year to about 20 students under age 20 to drop out of college and develop a business idea.
MUST VIEW VIDEO: Digital Carjackers Show Forbes How Michael Hasting’s Car Could Have Been Remotely Carjacked0
Posted by Robert Wenzel
Digital Carjackers Show Forbes How Michael Hasting’s Car Could Have Been Remotely Carjacked
Hasting’s isn’t mentioned in the video, just a demonstration of how a car can be remotely carjacked.
The research on this was done as a result of funding by the Pentagon, which Forbes writer Andy Greenberg tells us was commissioned to, ahem, “to root out security vulnerabilities”:
This fact, that a car is not a simple machine of glass and steel but a hackable network of computers, is what Miller and Valasek have spent the last year trying to demonstrate. Miller, a 40-year-old security engineer at Twitter, and Valasek, the 31-year-old director of security intelligence at the Seattle consultancy IOActive, received an $80,000-plus grant last fall from the mad-scientist research arm of the Pentagon known as the Defense Advanced Research Projects Agency to root out security vulnerabilities in automobiles.
Hackers Break into Smartphones to Access Your Bank Account
Security Research Labs (SRL) states that SIM cards in smartphones could be utilized by hackers to gather online banking account information.
Indeed, an estimated 500 million subscriber identity module (SIM) cards have been identified as having vulnerabilities that allow remotely controlled attacks to occur.
SIM cards are “tiny computers that store crucial cryptographic data.”
SIM cards store data on user’s such as phone number, private login and billing information. This includes details about a user’s PayPal and credit card numbers so that the hacker can infiltrate all financial records of individuals.
It is unclear whether or not users can verify that their SIM card is vulnerable to hacker attacks. Specific details provided by the manufacturer cannot assist the user with determining if they are a sitting duck.
Apps made for smartphones are syphoned through SIM cards because they act as a portal .
Karsten Nohi, founder of SRL, is expected to provide this research to the BlackHat Conference in Las Vegas in the later part of this month.
SRL asserts that hackers would send “an unrecognizable, binary text message usually meant to carry user logs and telephone settings to a victim’s phone.
The cellphone then responds by sending back an error message carrying a signature that can be distilled to reveal a 56-bit Data Encryption Standard (DES) key. DES is an old encryption standard used by about one in eight phones around the world.”
Through the “cracked key” the hacker can “download software onto the SIM card that can, among other tricks, change voicemail numbers and find out exactly where a phone is at any time. This allows for remote cloning of possibly millions of SIM cards including their mobile identity as well as payment credentials stored on the card.”
Nohi said : “We can remotely install software on a handset that operates completely independently from your phone. We can spy on you. We know your encryption keys for calls. We can ready your [SMSes]. More than just spying, we can steal data from the SIM card, your mobile identity, and charge your account.”
Because SIM cards are employed as a de facto trust anchor for cellular phones, simply using two Short Message Service texts can allow a hacker to break into the phone, steal data, listen in on the calls made, and make purchases as if they were the owner of the phone.
The UN issued a warning under the Telecommunications Union (UNTU), that this research provided by SRL is “highly significant” and that “these findings show us where we could be heading in terms of cybersecurity risks.”
Under the direction of the UNTU, academics, private tech corporations and mobile phone companies will be admonished to cooperate with the international community to set up regulations with government officials so that this threat is quelled.
Last October, smartphone connecting to customer bank accounts and conducting remote online banking is utilized by an estimated 29% of US mobile phone users.
Although those invested in keeping the online banking revolution alive are reassuring the general public that it is safe, malware software is rampant throughout the internet and used by fake hacker groups to justify stricter restraints on our digital freedoms. The smartphone banking apps are not different.
Earlier in 2012, the CIA-sponsored hacker group Anonymous breached security systems for VISA and MASTERCARD. These two corporations alerted other banking institutions across the US that there was a “massive breach” within the financial sector.
In October of 2011, the fake hacker group apparently took control over Bank of America (BoA), one of the oldest central banking cartel funded banks. Lately, BoA was used to funnel funds to known drug cartels in Mexico under the Fast and Furious scandal.
January of 2012, Trusteer, the Israeli-based security firm, discovered a banking virus that will steal funds from customers and cover its tracks in the process. This new creation from the SpyEye Trojan will “swap out banking Web pages . . . preventing customers from realizing that their money is gone.”
This Trojan waits patiently for the user to visit their online banking site, copies their login and password, then divulges the personal data surveyed; such as debit/credit card information.
When the user inputs their credit/debit card information in to conduct a purchase, the Trojan will swap web pages and siphon out the funds. According to Truseeter, this is a “post transaction attack”.
The cover-up ability of this Trojan is remarkable. It will edit balance amounts, line by line transactions, and all activity that would trigger suspicion by the owner of the account.
In 2011, SpyEye Trojan attacked Android mobile online banking by siphoning out data from the customer to be used by the hacker. SpyEye also changes while circumventing mobile SMS which is a security measure taken by banks when a customer is conducting online account transactions to certify that the correct user is conducting the business.
SpyEye was victimizing Verizon customers with fake billing pages that require the customer to log in which reveals personal financial data to the virus concerning the user. This Trojan can deter anti-virus software, jumping over firewalls and sit undetected between the browser and the computer redirecting the user to pages without ever being caught.
Image credit: http://www.occupycorporatism.com
About the author:
Posted by Robert Wenzel
Murder Mystery(?) Michael Hastings and a CyberSecurity Firm Called Endgame
Reports are beginning to surface about a connection between the reporter Michael Hastings and a mysterious cybersecurity firm known as Endgame.
Hastings has been linked to Barrett Brown, who the government alleges is the leader of the hacker group Anonymous. Brown is in jail and is being held without bail. The web site Free Barrett Brown reports:
Having previously been raided by the FBI on March 6, 2012 and not charged with any crime in relation to that incident, on September 12, 2012 Barrett Brown was again raided and this time arrested by the Federal Bureau of Investigation while he was online participating in a Tinychat session. He was subsequently denied bail and detained without charge and adequate medical treatment for over two weeks while in the custody of US Marshals. In the first week of October 2012, he was finally indicted on three counts.
These charges are related to alleged activities or postings on popular websites such as Twitter and YouTube, in which he postured for the return of property which was taken from him in March, and expressed frustration at the targeted campaign against him and a member of his family. The Department of Justice issued a press release at the time.
Also, according to the web site, Hastings was planning to interview Brown:
Before his untimely death, Hastings was working on a story about Barrett, announcing mysteriously to his followers “Get ready for your mind to be blown.” Hastings had been in touch with Barrett’s lawyers, and intended to interview him in June for the story. Barrett has been in prison for 281 days pending trial, and faces over a hundred years imprisonment for what Hastings called ”trumped up FBI charges regarding his legitimate reportorial inquiry into the political collective known sometimes as Anonymous.”
Before his suspicious death in a fiery car crash, Hastings seemed to confirm this planned interview, in a tweet and hinted it was relative to a very big story:
Barrett, at the time he was arrested,was studying Endgame. The Nation reports:
Brown began looking into Endgame Systems, an information security firm that seemed particularly concerned about staying in the shadows. “Please let HBGary know we don’t ever want to see our name in a press release,” one leaked e-mail read. One of its products, available for a $2.5 million annual subscription, gave customers access to “zero-day exploits”—security vulnerabilities unknown to software companies—for computer systems all over the world. Business Week published a story on Endgame in 2011, reporting that “Endgame executives will bring up maps of airports, parliament buildings, and corporate offices. The executives then create a list of the computers running inside the facilities, including what software the computers run, and a menu of attacks that could work against those particular systems.” For Brown, this raised the question of whether Endgame was selling these exploits to foreign actors and whether they would be used against computer systems in the United States. Shortly thereafter, the hammer came down.
The FBI acquired a warrant for Brown’s laptop, gaining the authority to seize any information related to HBGary, Endgame Systems, Anonymous and, most ominously, “email, email contacts, ‘chat’, instant messaging logs, photographs, and correspondence.” In other words, the FBI wanted his sources.
So what is Endgame? According to Darker Net:
The Associated Press Posted: Dec 5, 2012 10:20 PM ET Last Updated: Dec 6, 2012 1:54 AM ET
Software company founder John McAfee was arrested by police in Guatemala on Wednesday for entering the country illegally, hours after he said he would seek asylum in the Central American country.
The anti-virus guru was detained at a hotel in an upscale Guatemala City neighbourhood with the help of Interpol agents and taken to an old, three-story building used to house migrants who enter the country illegally, said Interior Minister Mauricio Lopez Bonilla.
It was the latest twist in a bizarre tale that has seen McAfee refuse to turn himself in to authorities in Belize, where he is a person of interest in the killing of a neighbour, then go on the lam, updating his progress on a blog and claiming to be hiding in plain sight, before secretly crossing the border into Guatemala.
“He will be in danger if he is returned to Belize, where he has denounced authorities,” said his lawyer in Guatemala, Telesforo Guerra. “His life is in danger.”
Guerra said he would ask that a judge look at McAfee’s case as soon as possible. “From them moment he asked for asylum he has to have the protection of the Guatemalan government.”
Security for the 99%
The House of Representatives kicked off their “cybersecurity week” yesterday with a hearing titled “America Is Under Cyber Attack: Why Urgent Action is Needed.” Needless to say, the rhetoric of fear was in full force. A lot of topics were raised by members of Congress and panelists, but perhaps the most troublesome theme came from panelist and Former Executive Assistant Director of the FBI Shawn Henry, who repeatedly urged that good cybersecurity means going on the offensive:
“the problem with existing [...] tactics is that they are too focused on adversary tools (malware and exploits) and not on who the adversary is and how they operate. Ultimately, until we focus on the enemy and take the fight to them […], we will fail.”
This offensively-minded approach has major pitfalls, as it could lead to more government monitoring and control over our communications. While we think an increased focus on catching criminals using existing tools is a fine tactic that could be used by law enforcement, we fear the temptation for law enforcement to increase their surveillance capabilities in order to successfully go on the offensive in the context of computer crimes. This could mean things like breaking into people’s computers without warrants, or disrupting privacy-enhancing tools like Tor. Needless to say, we think it would be a very bad idea to link our safety to the ability for law enforcement to effectively monitor people, and that is a danger of focusing solely on an offensive strategy. Instead, we would like to offer an alternative, defensively-oriented point of view regarding security, an important view that we think was not adequately represented in yesterday’s panel.
Securing U.S. critical infrastructure networks, corporate networks, and the Internet at large depends upon securing our computers and networked devices. Fundamentally, it’s very simple: fewer software vulnerabilities means more security. Once a vulnerability is patched and an upgraded version of software is available and in use, that increases safety for all of us. Ensuring that the right mechanisms are in place to maximize this baseline security should be a major focus area of any organized effort to secure our critical and other Internet infrastructure. This means encouraging the disclosure of vulnerabilities when they are found so that they can be fixed, and no longer exploited. This is what we mean when we talk about security for everyone. This defensive strategy also takes a view of vulnerabilities that includes engineering with security in mind: if software doesn’t force good security on administrators and other humans who have a role to play to keep things secure, then that should be considered a security vulnerability in that software.
In order to understand why vulnerabilities are the foundation of insecurity and ought to the focus of defensive efforts, let’s take a bit of time for those new to the computer security world to define bugs, vulnerabilities, exploits, and a particularly nasty class of exploits called “zero-day” exploits.