Not only is President Barack Obama wanting assistance from tech firms to fight terrorism, as he plans to “urge hi-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice,” but in his address late Sunday he proposed several steps that Congress should take now to defeat ISIS.That is likely to include a fresh wave of stale arguments against encryption and for NSA bulk collection power which were rehashed in the wake of recent terrorist attacks. Yet presidential hopeful Senator Rand Paul told CNN, “There will always be authoritarians like [New Jersey Gov. Chris] Christie who want you to give up your liberty for a false sense of security.”To read this article in full or to leave a comment, please click here
Veracode released a new report, State of Software Security: Focus on Application Development, which is a supplement to the original 2015 State of Software Security (SOSS) report that was released in June. The company’s fall 2015 SOSS edition looks at security flaws of apps written in mobile app development languages, compiled languages and traditional web app development languages.To read this article in full or to leave a comment, please click here
Whoa, Five Eyes, you're slipping again with your almighty surveillance machine, as Australia's Bureau of Meteorology (BoM) was the victim of a "massive" cyberattack.Whodunit and how?
The Australian Broadcasting Corporation (ABC) first reported BoM being hacked, which was immediately blamed on China. Unsurprisingly, China denied the "groundless accusations." Oh what fun it must be at the global climate talks, as the nations' head honchos must play nice.To read this article in full or to leave a comment, please click here
A federal judge lifted an 11-year gag order the FBI had imposed on Nicholas Merrill and removed redactions of a National Security Letter (NSL) so Americans can see the overly broad "types of electronic communications transaction records" that the FBI has sought and continues to seek through NSLs.The FBI served the NSL back in 2004 when Nicholas Merrill owned and operated Calyx Internet Access, a small ISP with about 200 customers. After the judge found in favor of Merrill and not the government, Merrill said, "For more than a decade, the FBI has fought tooth and nail in order to prevent me from speaking freely about the NSL I received. Judge Marrero’s decision vindicates the public’s right to know how the FBI uses warrantless surveillance to peer into our digital lives. I hope today’s victory will finally allow Americans to engage in an informed debate about proper the scope [sic] of the government’s warrantless surveillance powers."To read this article in full or to leave a comment, please click here
Amazon showed off its new prototype drone to be used in its future Prime Air service, which will deliver packages up to five pounds in the time it takes to get a pizza delivered, “in 30 minutes or less.”Former Top Gear host Jeremy Clarkson said in the Amazon Prime Air video that eventually there will be a “whole family of Amazon drones, different designs for different environments.”That won’t happen until Amazon has FAA approval, as the company explained in several of its FAQs.To read this article in full or to leave a comment, please click here
It’s not unusual for companies to monitor social media in order to ‘protect’ their brands; Microsoft, for example, makes dossiers on journalists who write about the company. Yet Walmart allegedly “is always watching” and went the extra distance to spy on employees by hiring defense contractor Lockheed Martin and allegedly even received help from the FBI.Walmart was most interested in gathering surveillance of employees involved with the group OUR Walmart which planned Black Friday protests in 2012. OUR Walmart was advocating for higher wages, predictable schedules, better healthcare coverage, and the right to unionize. Walmart’s surveillance efforts were described in over 1,000 pages of “emails, reports, playbooks, charts, and graphs as well as testimony,” according to Bloomberg Businessweek which reviewed the documents. The testimony, which was given earlier this year to the National Labor Relations Board, claims Walmart hired Lockheed Martin and received help from the FBI Joint Terrorism Task Force.To read this article in full or to leave a comment, please click here
Just because you love your privacy doesn’t mean you can’t make kids of all ages smile with a holiday light show. It’s not like they will be peering into your house. I’m excited to be having my first light show this year, having recently purchased a Light-O-Rama controller and software. As word leaked out about my light show, I warned people it’s not going to be all that this year. What kind of silly soul gets the hardware, tries to learn the software, how to program songs, learns about circuits, makes their own props, sets up and kicks off a show in a mere 30 days? Yes, my adventure was more like how not to do a light show.The fault is mine as I set a goal of getting it up and running by Thanksgiving night, thinking kids don’t have school the next day. Although I told only one person, when I went to vote on Election Day he was spreading the word. Then a lady approached me about bringing a bus load of kids to the show as a Thanksgiving treat. Great; I’m a total noob who doesn’t know what I’m doing yet and it’s only the first Continue reading
If you want to have a holiday light show that will back up traffic and make people of all ages smile (except Grinches and Scrooges), then you might be interested in Light-O-Rama. It’s been used by contestants in the Great Light Fight and was running behind the scenes of the first viral video of Christmas lights to Wizards in Winter. Incidentally, it took the electrical engineer who set up that light show about two months and 16,000 lights; for each minute of the song, it took him about one hour to sequence 88 Light-O-Rama channels. One LOR hardware controller generally has 16 channels.To read this article in full or to leave a comment, please click here
Depending upon your line of work, you might be looking at a long holiday weekend. If you like to tinker with code and hardware, and also like holiday light shows, then instead of purchasing some pre-made kit, you might consider LightShow Pi.To read this article in full or to leave a comment, please click here
Cancer-screening laboratory LabMD won its case against the FTC. LabMD was accused of two data breaches, one in 2012 and one in 2008, when a company spreadsheet that contained sensitive personal information of 9,000 consumers was found on a peer-to-peer network. Seven years of litigation later, FTC Chief Administrative Law Judge Chappell’s issued an initial ruling (pdf) dismissing the FTC’s complaint against LabMD since the FTC had failed to prove that LabMD’s “alleged failure to employ ‘reasonable and appropriate’ data security ‘caused, or is likely to cause, substantial injury to consumers’.”To read this article in full or to leave a comment, please click here
During a Black Hat Europe talk about (In)Security of Backend-as-a-Service, researchers warned that thousands of popular mobile apps have hard-coded backend credentials which could allow anyone to access millions of sensitive records. “Attacks are free, effortless, and simple,” they warned.Siegfried Rasthofer and Steven Arzt, PhD students at TU Darmstadt in Germany, focused on apps that use Backend-as-a-Service (BaaS) frameworks from the providers Amazon Web Services, CloudMine and Parse.com, which is owned by Facebook. This is the “first comprehensive security evaluation of several popular BaaS providers and APIs as well as their use in real-world Android and iOS applications.”To read this article in full or to leave a comment, please click here
Although Conficker is old, it’s still around as cleaning up botnets takes years to complete. In a new twist, iPower Technologies reported receiving multiple police body cams that came preloaded with the Conficker worm.The body cams were Martel Electronics Frontline Cameras with GPS, which are “sold and marketed as a body camera for official police department use.” Martel said of its “elite video cameras” meant for police departments:To read this article in full or to leave a comment, please click here
During Dateline coverage after the terrorist attacks on Paris, Lestor Holt asked, “Does this change the game in terms of intelligence?”Andrea Mitchell replied, “It does,” before discussing how intelligence missed any type of communication regarding the coordinated attacks. She added, “There’s such good surveillance on cell phones and there’s such good communications ability by the intelligence gathering in Europe, especially in France, especially in Great Britain and in the United States. So they may have been communicating via social media or through codes. And that’s the kind of thing that is very concerning to U.S. intelligence.”To read this article in full or to leave a comment, please click here
If you are looking for a good deal, then Black Friday is generally a smart time to buy a TV. For example, Vizio is one of the most popular brands and there are dozens of Vizio TVs showing up in leaked Black Friday ads; but good luck finding one that isn’t “smart.”In the case of Vizio, smart equals spying. So before you jump on a steal of a deal – or if you already own a Vizio smart TV – then you need to know that Vizio is tracking your viewing habits and sharing it with advertisers so you can be tracked across your phone and other devices.Samsung and LG have previously been involved in smart TV spying scandals, but the companies now track users’ viewing habits if customers turn on the feature. “Vizio’s actions,” according to a ProPublica investigation, “appear to go beyond what others are doing in the emerging interactive television industry…. Vizio appears “to provide the information in a form that allows advertisers to reach users on other devices.”To read this article in full or to leave a comment, please click here
For Patch Tuesday November 2015, Microsoft released 12 security bulletins, four rated as critical and the remaining 8 rated as important.Rated CriticalMS15-112 is the cumulative fix for remote code execution flaws in Internet Explorer. Microsoft lists 25 CVEs, most of which are IE memory corruption vulnerabilities. 19 are called Internet Explorer memory corruption vulnerabilities, with three CVEs labeled slightly different as Microsoft browser memory corruption vulnerabilities. Of the remaining CVEs, one involves Microsoft browser ASLR bypass, one is for an IE information disclosure flaw, and one is a scripting engine memory corruption vulnerability. You should deploy this as soon as possible.To read this article in full or to leave a comment, please click here
As if you need more reasons to hate Adobe Flash, it’s unsurprisingly a favorite among cyber criminals to roll into exploit kits. The most popular exploit kit right now is Angler, which has been around since 2013, but it is still “regularly tied to malware including Cryptolocker.”According to a new report by Recorded Future, eight of the top 10 vulnerabilities used by exploit kits target Adobe Flash Player. The remaining two non-Flash flaws favored in the crimeware as a service (CaaS) ecosystem were in Microsoft Internet Explorer versions 10 and 11 and other “Microsoft products including Silverlight.”To read this article in full or to leave a comment, please click here
A group of teenage hackers going by the name of “Crackas With Attitude” (CWA) are on a rampage, breaking into federal systems to embarrass the U.S. government.After gaining access to the personal AOL email account of CIA Director John Brennan last month, the teenagers reportedly broke into the Comcast email account of FBI Deputy Director Mark Giuliana’s wife, dumped personal details of thousands of government employees and then claimed to have gained access to the national Joint Automated Booking System, JABS, a database of arrest records, the FBI’s Internet Crime Complaint Center and the FBI’s Virtual Command Center.To read this article in full or to leave a comment, please click here
A group of teenage hackers going by the name of “Crackas With Attitude” (CWA) are on a rampage, breaking into federal systems to embarrass the U.S. government.After gaining access to the personal AOL email account of CIA Director John Brennan last month, the teenagers reportedly broke into the Comcast email account of FBI Deputy Director Mark Giuliana’s wife, dumped personal details of thousands of government employees and then claimed to have gained access to the national Joint Automated Booking System, JABS, a database of arrest records, the FBI’s Internet Crime Complaint Center and the FBI’s Virtual Command Center.To read this article in full or to leave a comment, please click here
Companies are increasingly reliant on digital spaces and the continuing stream of high-profile data breaches means cybersecurity topics – often in the form of cyber liability questions – are now a part of board and senior management discussions instead of only being discussed at the IT level. Security, following “ethical issues,” is the second-leading risk to a company’s brand.Although getting hacked has a huge impact on the bottom line, NYSE Governance Services and Vercode found that “the extent of the brand damage caused by breaches is often linked to boards’ level of preparedness. It is therefore a board’s fiduciary duty to ask the right questions to ensure due care has been followed.”To read this article in full or to leave a comment, please click here
If you want to make free, worldwide encrypted calls, then you should consider using Signal; it supports encrypted texting too.While iPhone users have had the option to use Signal since last year, yesterday Open Whisper Systems founder Moxie Marlinspike announced that TextSecure and RedPhone have been rolled into one Signal for Android app. Open Whisper Systems
Signal is so super easy to use, even your granny can make private calls and send private texts. Cryptography researcher Matt Blaze previously tweeted about overhearing an elderly gentleman explaining how to install Signal; Blaze called it a “turning point.”To read this article in full or to leave a comment, please click here
Ms. Smith