TweakTown NewsRefine News by Category:
Independent researcher George Tankersley and CloudFlare security team member Filippo Valsorda again showed how Tor users are not as secure as they wish.
Speaking during the Hack in the Box conference in Amsterdam, the researchers said motivated users can subvert anonymous access to the service. Hackers can identify the original location of users by operating rogue HSDir (hidden service directory) nodes that are required - with two sets of three needed to connect to the hidden service - with four days of operation to be marked as a "trusted" HSDir node.
A malicious HSDir instead of an exit node can be used in the process, making it easy to attack hidden service users.
The United States and the rest of the "Five Eyes" group, which also includes the UK, Australia, Canada and New Zealand, aimed to infect apps available in the Google Play store with spyware.
Even though the US and UK are well known for spying on their own citizens, among foreign nationals, it looks like this spying campaign was designed to target non-US residents. The effort reportedly began in late 2011 with an effort to infect the Alibaba-owned UC Browser, which runs on Google Android, Apple iOS, Microsoft Windows Phone, Symbian, Java ME, and BlackBerry.
The idea that Five Eyes wanted to spy on users isn't overly surprising, but possible ramifications don't leave users at ease.
Apple co-founder Steve Wozniak described former NSA contractor Edward Snowden as "a hero," as he "gave up his own life... to help the rest of us." Wozniak previously met with Snowden in Moscow sometime in 2014, though it's unknown what the two men discussed.
"Total here to me; total hero," Wozniak recently said in an interview with ArabianBusiness. "Not necessarily [for] what he exposed, but the fact that he internally came form his own heart, his own belief in the United States Constitution, what democracy and freedom was about. And now a federal judge has said that NSA data collection was unconstitutional."
The Woz obviously is a great fan of technology, but has admitted early innovators "didn't realize that in the digital world there were a lot of ways to use the digital technology to control us." That interview was published by CNN in 2013, before Snowden unveiled a widespread NSA surveillance program.
The IRS recently suffered a data breach that left thousands of Americans at risk, and more attention is now focused on government mismanaged. Utilizing a $10.9 billion budget, either the agency is greatly mismanaged and/or the IRS just isn't ready to try to protect taxpayer information.
There seems to be a lot of problems with the IRS, and that has certainly trickled down to its cybersecurity protocols. The agency still uses Microsoft Windows XP - and while the IRS originally paid Microsoft for support - that support has ended. To make matters worse, some fraud identification software is almost 20 years old.
The IRS previously had 410 cybersecurity team personnel, but that has been slashed down to 363 workers. The idea that IRS personnel are unable to keep up with identity theft is a huge problem, especially as cybercriminals get cleverer.
It didn't take long for Apple to provide a temporary fix for a bug that allows users to crash an iPhone, iPad or Apple Watch via text message. The company was reportedly working on a fix anyway, but had to speed things up when users started sharing details about the problem on YouTube and social media outlets.
The problem stemmed from the way Arabic text is rendered by an iOS device, and the device's RAM ends up full, forcing a restart.
iOS users can have Siri read unread messages, and have Siri respond to the malicious message. Once that is done, users can open Messages again. Once in messages, users must swipe left to delete the entire conversation thread - or tap, hold, and delete the malicious message.
The United States reportedly attempted to launch a Stuxnet-like cyberattack aimed at the nuclear weapons program in North Korea, but the cyberespionage attempt failed. Launched at the same time when Stuxnet hit Iran in 2009 and 2010, the US wanted to also set North Korea's nuclear efforts back, according to a recent Reuters report.
US cybersecurity specialists couldn't directly access systems responsible for controlling nuclear ambitions in Pyongyang - and the reclusive country's extreme secrecy and isolation helped make the attack more difficult. Similar to Iran, North Korea likely uses Microsoft Windows to power the PCs, which use control software from Siemens AG.
Cyberespionage among nations is nothing new, with nations specifically concerned regarding the nuclear ambitions of Iran, North Korea, and other nations. However, North Korea - which extremely limits access to the Internet - reportedly has an increasingly sophisticated cyberespionage program that can be used to target South Korea, the US, and other political rivals.
Encryption is vital to free speech and government efforts to install backdoors prove to be a violation of human rights against Internet users. The UN report says encryption and Internet anonymity allow for a privacy buffer so they can share their views without the fear of being censored.
There is an effort by the United States, UK and other governments to create backdoors - which could also allow cybercriminals to access information - in an effort to aid law enforcement. If an agency needs to view and monitor encrypted messages, it should only be done on a "case-by-case" basis, and shouldn't be required for the majority of users.
The report will be presented in front of the UN Human Rights Council sometime next month.
Organized hackers in North Korea have the ability to launch cyberattacks against critical infrastructure and could even potentially lead to casualties, according to a high-profile defector. Professor Kim Heung-Kwang, a former computer science professor at the Hamheung Computer Technology University, helped teach some students that eventually joined the Bureau 121 hacker group.
North Korea has around 6,000 well-trained hackers - suspected of operating inside of China - with an estimated 10 to 20 percent of the nation's military spending directed towards online cyber operations.
"The reason North Korea has been harassing other countries is to demonstrate that North Korea has cyber war capacity," Prof. Kim told BBC Click. "Their cyberattacks could have similar impacts as military attacks, killing people and destroying cities."
NCSoft, best known to Western gamers for the Lineage MMORPG, is a major South Korean gaming company with big aspirations for the rest of the world. The studio racked up $756 million in revenue during 2014, and wants to create appealing PC and mobile gamers for consumers across the world.
The game studio restructured, and plans to release its paid online game Wildstar as a free-to-play game for the United States. NCSoft also plans to expand with a mobile gaming studio located in Silicon Valley, which could host more than 100 employees.
"This is happening after a long period of anticipation, and it's a significant announcement," said John Burns, SVP of publishing at NCSoft West, in a statement to GamesBeat. "We are doubling down on our PC game portfolio and expanding into mobile. The goal for NCSoft West is to become a leader in the game industry."
Cybercriminals want to victimize people in any way possible, including even collecting unemployment checks directly from the government. As much as $5.6 billion is taken in federal benefits fraud, stemming from identity theft and data breaches.
Individual states and the federal government provide unemployment benefits directly to citizens, but if a person's personal information is purchased on the black market - and the fraudsters are able to file paperwork to collect the benefits. Each state must create their own system to identify - and stop - fraudulent claims, with thousands of suspected false forms submitted.
"The fact that this is so easy to commit is something that has been a real challenge to law enforcement because the fraudsters keep evolving, and they always find a new way to steal our identities," said Wifredo Ferrer, US Attorney for the Southern District of Florida, in a statement to CNN. "And all you need sometimes is a name, a date of birth and a Social Security number. And sometimes, you don't even need that to commit this crime."