DCNS, a French submarine builder, has allegedly been hacked – potentially for economic espionage reasons – and 22,400 pages of “secret” documents pertaining to its Scorpene-class submarine have been leaked.The Australian published redacted portions of the leaked documents, claiming to have seen thousands of pages outlining highly sensitive details about systems, sensors, specifications, tech manuals, stealth capabilities, antennae models, electromagnetic and infrared data, conditions under which the periscope can be used and more. The leaked documents reportedly detail “the entire secret combat capability of the six Scorpene-class submarines that French shipbuilder DCNS has designed for the Indian Navy.”To read this article in full or to leave a comment, please click here
Security holes which could lead to “unauthorized access” to personally identifiable information is not something you want to hear in regards to the wireless networks of a federal agency tasked with collecting and storing financial and health care information. Yet a recent Office of Inspector General report did say it found vulnerabilities in the wireless networks of Centers for Medicare & Medicaid Services (CMS); if exploited, it could lead to unauthorized access and even “disruption of critical operations.”The OIG at the Department of Health and Human Services (HHS) conducted a wireless penetration test on 13 CMS data centers and facilities; CMS, an agency within HHS, administers federal healthcare programs such as Medicare, Medicaid and the Children’s Health Insurance Program. The agency “collects, generates and stores financial and health care information.”To read this article in full or to leave a comment, please click here
Security holes which could lead to “unauthorized access” to personally identifiable information is not something you want to hear in regards to the wireless networks of a federal agency tasked with collecting and storing financial and health care information. Yet a recent Office of Inspector General report did say it found vulnerabilities in the wireless networks of Centers for Medicare & Medicaid Services (CMS); if exploited, it could lead to unauthorized access and even “disruption of critical operations.”The OIG at the Department of Health and Human Services (HHS) conducted a wireless penetration test on 13 CMS data centers and facilities; CMS, an agency within HHS, administers federal healthcare programs such as Medicare, Medicaid and the Children’s Health Insurance Program. The agency “collects, generates and stores financial and health care information.”To read this article in full or to leave a comment, please click here
If your webcam is freezing after about a minute when using Skype, or another app, then you can thank Microsoft.The Redmond giant meant to allow multiple apps to access the camera at the same time, but didn’t want users to suffer poor performance as those apps concurrently accessed the webcam and the MJPEG or H264 encoding processes. So Microsoft decided the best plan was to stop USB webcams from using MJPEG or H264 and instead to only support webcams that use YUY2 encoding.To read this article in full or to leave a comment, please click here
If your webcam is freezing after about a minute when using Skype or another app, then you can thank Microsoft.The Redmond giant meant to allow multiple apps to access the camera at the same time, but it didn’t want users to suffer poor performance as those apps concurrently accessed the webcam and the MJPEG or H264 encoding processes. So, Microsoft decided the best plan was to stop USB webcams from using MJPEG or H264 and instead to only support webcams that use YUY2 encoding.To read this article in full or to leave a comment, please click here
Security researchers continue to find ways around biometric-based security features, including a new attack which can defeat face authentication systems.You might be careful about posting photos of yourself online, either refraining from it or setting the images to private, but your “friends” might post pictures of you online. It wouldn’t matter if those pictures of you are low quality or there were as few as three publicly available photos of you, researchers from the University of North Carolina have developed a virtual reality-based attack that can reproduce your face well enough to trick face authentication systems.In “Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos” (pdf), the researchers called “the ability of an adversary to recover an individual’s facial characteristics through online photos” an “immediate and very serious threat.” The team devised an attack which can bypass “existing defenses of liveness detection and motion consistency.”To read this article in full or to leave a comment, please click here
Security researchers continue to find ways around biometric-based security features, including a new attack which can defeat face authentication systems.You might be careful about posting photos of yourself online, either refraining from it or setting the images to private, but your “friends” might post pictures of you online. It wouldn’t matter if those pictures of you are low quality or there were as few as three publicly available photos of you, researchers from the University of North Carolina have developed a virtual reality-based attack that can reproduce your face well enough to trick face authentication systems.In “Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos” (pdf), the researchers called “the ability of an adversary to recover an individual’s facial characteristics through online photos” an “immediate and very serious threat.” The team devised an attack which can bypass “existing defenses of liveness detection and motion consistency.”To read this article in full or to leave a comment, please click here
Have you ever wanted to order something online, perhaps from a dark web marketplace, but didn’t want to give your real name? Someone claiming to be an attorney addressed the subject during an OPSEC discussion on Reddit’s DarkNetMarkets.A computer science professor of mine once advised the class to never use your real name online. He wasn’t suggesting for us to go all out with fake names, but to continually tweak your ‘real’ name such as changing the spelling, shortening it, using nicknames, adding A through Z as a middle initial, etc. That way you see who is tracking you and who is selling your information. If Joey Z Doe gets snail mail or email after registering to purchase something from an online marketplace, then you know that site is selling your information. If you get too wild with the naming convention, then the transaction cannot go through a traditional credit card payment since it’s too far from a match.To read this article in full or to leave a comment, please click here
Have you ever wanted to order something online, perhaps from a dark web marketplace, but didn’t want to give your real name? Someone claiming to be an attorney addressed the subject during an OPSEC discussion on Reddit’s DarkNetMarkets.A computer science professor of mine once advised the class to never use your real name online. He wasn’t suggesting for us to go all out with fake names, but to continually tweak your ‘real’ name such as changing the spelling, shortening it, using nicknames, adding A through Z as a middle initial, etc. That way you see who is tracking you and who is selling your information. If Joey Z Doe gets snail mail or email after registering to purchase something from an online marketplace, then you know that site is selling your information. If you get too wild with the naming convention, then the transaction cannot go through a traditional credit card payment since it’s too far from a match.To read this article in full or to leave a comment, please click here
Have you ever wanted to order something online, perhaps from a dark web marketplace, but didn’t want to give your real name? Someone claiming to be an attorney addressed the subject during an OPSEC discussion on Reddit’s DarkNetMarkets.A computer science professor of mine once advised the class to never use your real name online. He wasn’t suggesting we go all out with fake names, but to continually tweak your "real" name such as changing the spelling, shortening it, using nicknames, adding A through Z as a middle initial, etc. That way you see who is tracking you and who is selling your information. If Joey Z Doe gets snail mail or email after registering to purchase something from an online marketplace, then you know that site is selling your information. If you get too wild with the naming convention, then the transaction cannot go through a traditional credit card payment, since it’s too far from a match.To read this article in full or to leave a comment, please click here
Aussie cops hacked US TOR users as part of a child porn investigation, according to a report by Motherboard. The IP addresses of at least 30 Americans were turned over to the FBI.The cops knew the owner of the dark web child porn site called “The Love Zone” started all of his messages with “hiyas.” Search engine results turned up over 450,000 hits for hiyas, but police whittled away at it until they had identified the owner; the former childcare worker is currently serving 35 years for ‘evil, depraved’ sex offenses.To read this article in full or to leave a comment, please click here
Aussie cops hacked U.S. TOR users as part of a child porn investigation, according to a report by Motherboard. The IP addresses of at least 30 Americans were turned over to the FBI.The police knew the owner of the dark web child porn site called “The Love Zone” started all of his messages with “hiyas.” Search engine results turned up over 450,000 hits for hiyas, but police whittled away at it until they had identified the owner; the former childcare worker is currently serving 35 years for "evil, depraved" sex offenses.To read this article in full or to leave a comment, please click here
Aussie cops hacked U.S. TOR users as part of a child porn investigation, according to a report by Motherboard. The IP addresses of at least 30 Americans were turned over to the FBI.The police knew the owner of the dark web child porn site called “The Love Zone” started all of his messages with “hiyas.” Search engine results turned up over 450,000 hits for hiyas, but police whittled away at it until they had identified the owner; the former childcare worker is currently serving 35 years for "evil, depraved" sex offenses.To read this article in full or to leave a comment, please click here
If you build it and it’s popular, they will come; it being an app and they being cyber criminals. This time it’s Pokemon GO ransomware which goes the extra mile by adding a hidden backdoor Windows admin account, spreading to other drives and creating network shares.Michael Gillespie discovered Hidden Tear ransomware disguised as a Pokemon Go app on a Windows Phone. But it’s not the standard ransomware. Bleeping Computer explained, “This developer has put in extra time to include features that are not found in many, if any, other ransomware variants.”To read this article in full or to leave a comment, please click here
If you build it and it’s popular, they will come; it being an app, and they being cyber criminals. This time it’s Pokémon Go ransomware, which goes the extra mile by adding a hidden backdoor Windows admin account, spreading to other drives and creating network shares.Michael Gillespie discovered Hidden Tear ransomware disguised as a Pokémon Go app on a Windows Phone. But it’s not the standard ransomware. Bleeping Computer explained, “This developer has put in extra time to include features that are not found in many, if any, other ransomware variants.”To read this article in full or to leave a comment, please click here
If you build it and it’s popular, they will come; it being an app, and they being cyber criminals. This time it’s Pokémon Go ransomware, which goes the extra mile by adding a hidden backdoor Windows admin account, spreading to other drives and creating network shares.Michael Gillespie discovered Hidden Tear ransomware disguised as a Pokémon Go app on a Windows Phone. But it’s not the standard ransomware. Bleeping Computer explained, “This developer has put in extra time to include features that are not found in many, if any, other ransomware variants.”To read this article in full or to leave a comment, please click here
If you were considering potential vacation locations, then the Android app Live Camera Viewer for IP Cams is purportedly “for travelers to have a spy sneak peek at travel destinations.” Yet children’s bedrooms would never occur to me as a travel destination. A heartsick mom in Texas found out her kids’ bedrooms were being live-streamed via the app.ABC News recounted a story which started with a mom and son duo from Oregon; they had been surfing satellite images of Earth. The Oregon mom found the Live Camera Viewer app while looking for more satellite feeds. That’s when she saw a broadcast from Houston, Texas, of a little girl’s bedroom.To read this article in full or to leave a comment, please click here
If you were considering potential vacation locations, then the Android app Live Camera Viewer for IP Cams is purportedly “for travelers to have a spy sneak peek at travel destinations.” Yet children’s bedrooms would never occur to me as a travel destination. A heartsick mom in Texas found out her kids’ bedrooms were being live-streamed via the app.ABC News recounted a story that started with a mom and son duo from Oregon; they had been surfing satellite images of Earth. The Oregon mom found the Live Camera Viewer app while looking for more satellite feeds. That’s when she saw a broadcast from Houston, Texas, of a little girl’s bedroom.To read this article in full or to leave a comment, please click here
Encryption backdoors don’t work; the latest proof of that was discovered by security researchers Slipstream and MY123. This time, the security flub-up involves “golden keys” which can unlock Windows devices allegedly protected by Secure Boot.The researchers sounded the alarm, saying Microsoft messed up and accidentally leaked the security key which is supposed to protect Windows devices from attackers as a box boots up. This same flaw could be used by the machine’s owner to jailbreak a locked box and run a different OS like Linux – anything really, so long as it is cryptographically signed.To read this article in full or to leave a comment, please click here
Encryption backdoors don’t work; the latest proof of that was discovered by security researchers Slipstream and MY123. This time, the security flub-up involves “golden keys” which can unlock Windows devices allegedly protected by Secure Boot.The researchers sounded the alarm, saying Microsoft messed up and accidentally leaked the security key which is supposed to protect Windows devices from attackers as a box boots up. This same flaw could be used by the machine’s owner to jailbreak a locked box and run a different OS like Linux – anything really, so long as it is cryptographically signed.To read this article in full or to leave a comment, please click here
Ms. Smith