TweakTown NewsRefine News by Category:
The Kauffman Center for Performing Arts is set to host hackathon Compute Midwest (CMW), which is a 2.5-day event happening on November 9 to 11 in Kansas City. What makes this stand out is that the event will be powered by Google Fiber.
CMW has told The Next Web that more than 100 developers will come together at the Google Fiber space to build apps overnight, where they could be up for thousands of dollars in prizes. There are multiple categories to compete in, but CMW should have developers excited to test out the Google Fiber service.
Are you headed to CMW? What are you more excited for now? The hackathon itself, or getting your eyes glued on Google Fiber?
Skype users attacked by 'lol is this your new profile pic?' ransomware and click fraud, be careful of what you click on
Users of the popular video chat and messaging application Skype are being targeted by a round of ransomware and click fraud that is being sent around as a message from contacts. The message reads "lol is this your new profile pic?" and is then followed by a link. The link downloads a zip file, which contains an executable that infects the system.
The executable opens up a Java exploit using BlackHole 2.0. The system is then locked down via the ransomware and displays a message requesting money. GFI, the company that first reported this latest wave, explains how it works:
The above is a typical Ransomware scare message that locks the user out of their data, encrypts the files and demands payment (via Moneypak) to the tune of $200. The IP address and geographical location is displayed in the bottom right hand corner, along with various threats related to the downloading of MP3s, illegal pornography, gambling and more besides.
The ransomware also simulates legitimate clicks on websites and such to generate ad revenue for the creators of the ransomware. Not only are you having to pay to unlock the system, but your computer generates money for the creators even if you don't pay up.
We're here again, with another exploit to watch out - this time with security researcher Adam Gowdiak discovering a new zero-day vulnerability in Java. This new bug is said to be in currently-supported versions of Java, such as Java 5, Java 6, and Java 7 and has the ability to allow attackers to install malware on close to 1 billion systems (based on the installation numbers from Oracle themselves).
This exploit affects both Macs and PCs, meaning that any Java-powered PC is at risk. Right now, the exploit doesn't pose much threat to the general public, but Gowdiak who is known for finding similar issues within Java, has said that he isn't currently aware of any active attacks that exploit this particular vulnerability.
Gowdiak found the exploit last week and has spent the last few days testing a proof-of-concept before he revealed the exploit to Oracle. Oracle has since confirmed that the vulnerability with Gowdisk, and have said that it will be fixed in a future security update. Oracle haven't given a date on when this update will be pushed out, but the next scheduled update is a while way - October 16.
As most Android users know, carriers and smartphone manufacturers aren't the best at keeping your device updated to the latest Android operating system. Unfortunately, never upgrading, or slow upgrading, leaves consumers' devices open to vulnerabilities that have been patched in the later version.
According to one study, the number of devices with vulnerabilities that have been patched in later versions is in excess of 50 percent. This news comes from a new statup that is receiving funding from the Department of Defense. Users who ran their X-ray app had their phone scanned by the app for known vulnerabilities that are unpatched.
"The stat is based on over 20,000 users who downloaded and ran the X-Ray mobile application on their device, and the current global distribution of Android versions," said Jon Oberheide, CTO of Duo Security. "As carriers are very conservative in rolling out patches to fix vulnerabilities in the Android platform, users' mobile devices often remain vulnerable for months and even years."
Unfortunately, this means a more insecure operating system for users who's carriers or manufacturers don't update the devices. This could ultimately be the downfall of Android, if the manufacturers don't start keeping devices up-to-date.
A member of Anonymous has claimed responsibility for the hacking of GoDaddy today, which has affected sites across the web. GoDaddy's site has been down today, along with sites hosted with the service. Other sites that use GoDaddy for DNS or other services have also been affected, though not all are down for everyone.
GoDaddy has acknowledged the problem with a Tweet:
Status Alert: Hey, all. We're aware of the trouble people are having with our site. We're working on it.
@AnonymousOwn3r has Tweeted the following, taking credit for the attack:
I'm taking godaddy down bacause well i'd like to test how the cyber security is safe and for more reasons that i can not talk now
@AnonOpsLegion, the official Twitter for Anonymous responded with the following:
@AnonymousOwn3r Good job brother, glad to see you back!
GoDaddy has provided the following updates:
Update: Still working on it, but we're making progress. Some service has already been restored. Stick with us.
We're continuing our work to get back on track. This is our #1 priority. We'll keep posting updates here. Thanks for all the support.
It's not clear when all services will be restored, but GoDaddy is working as quickly as possible to bring everything back online. I'm sure will come out in the following hours and days and we will be sure to keep you updated on the latest.
If all the existing cameras on our streets, front-facing cameras on our smart devices, and even the ones that are now being baked into our TVs aren't enough, the Federal Bureau of Investigation (FBI) are spending $1 billion on a next-generation facial recognition system.
This new next-gen system would be capable of identifying someone under various conditions with as much as 92% accuracy. The Next Generation Identification (NGI) pilot program was launched two years ago, and if the results are anything to go by, the best algorithms were capable of narrowing down someone's identity 92% of the time, from 1.6 million mugshots, impressive.
The person doesn't even need to be looking directly at the camera, as the technology is able to match the person to the available mugshot in the database using various biometric analyses. Said algorithms can analyze features on front and side views of mugshots, create a 3D model of the face, and even rotate the model as much as 70 degrees in order to match the angle of the face in the photo.
According to the latest report from security company Symantec, cybercrime cost customers across the world nearly $110 billion in 2011. For the US alone, consumers lost $20.7 billion in the twelve-month period, which saw 71 million Americans finding themselves victims to cybercrime.
An average of $197 in direct financial loss to each victim across the world, with US losses per victim tallying up to $290. The report states that a whopping 556 million adults across Earth had found themselves experiencing first-hand experience of cybercrime in 2011.
This figure of 556 million people affected, is nearly half of all adults on the Internet, which is staggering, and is also up 45% from 2010. The reason for the increase in cybercrime and affected consumers, is the meteoric rise in social network and mobile use. 21% of online adults report that they have been victims to social- or mobile-based crime. The report also states that 15% of Internet users have had their social networking account hacked, with 1 in 10 users falling victim to fake links or scams through Facebook.
Last week we reported on AntiSec's claims that they had somehow gotten their grubby mits on millions of unique device identifiers for Apple devices (UDIDs), which were reportedly stolen from an FBI notebook. But, it looks like Apple have finally weighed in on the serious claim. Apple spokeswoman, Natalie Kerris, told AllThingsD:
The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization. Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID.
The FBI have since stated that the story is completely false:
At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
At the end of the day, who knows what the truth is. Are the FBI not telling us everything? Are AntiSec pulling our leg? Are Apple covering themselves from a potentially huge security scandal?
A new leak has shown up on Pastbin. This latest showing comes from AntiSec and contains a list over 1 million Apple UDIDs, allegedly taken from a list of over 12 million that was on an FBI laptop. The UDIDs were supposedly in the file with other personally identifiable information such as zip codes, names, and other data, but that has been stripped out for the leak.
The file, according to the Pastebin post, came from the Dell laptop of Supervisor Special Agent Christopher K. Stangl which was exploited by a Java exploit back in March 2012. The details of the hack, along with information on how to get the data is available on Pastebin. Several tools have popped up to check if your UDID is on the list.
during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts.
A new vulnerability has been found in the latest version of Java. The vulnerability is a rather massive hole and users with Java installed in their browser should likely disable it right now to prevent themselves from being infected. Have I scared you enough? But wait, I haven't even told you the problem!
The new security hole allows malicious people to break into users' computers and install nasty malware and viruses. This security hole fits into a category of security flaws known as a "zero-day" threat because it is the first time it has been found. Due to this, there currently exists no way to fix the problem or defend against it, other than disabling Java.
The vulnerabilities were actually found back in April, according to a few sources, and they reportedly told Oracle about the problem. However, Oracle had decided to hold off until the October patch release date to do anything about them. Now, the vulnerabilities have been integrated into BlackHole, a hacking tool.
"SophosLabs has seen samples of [the exploit] from Blackhole and are analyzing them now to determine if they actually work," Chester Wisniewski, a senior security adviser at antivirus firm Sophos, said Tuesday via email. "So, yes, we can confirm it has been added, but still working out if they did it right."