The Air Force has hired civilian defense contractors to fly MQ-9 Reaper drones to help track suspected militants and other targets in global hot spots, a previously undisclosed expansion in the privatization of once-exclusively military functions.
Source: Air Force hires civilian drone pilots for combat patrols; critics question legality
Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage.
Source: Sneaky Microsoft renamed its data slurper before sticking it back in Windows 10
US hotel chain Hilton revealed Tuesday that hackers infected some of its point-of-sale computer systems with malware crafted to steal credit card information.
Hilton would not disclose whether data was taken, but advised anyone who used payment cards at Hilton Worldwide hotels between November 18 and December 5 of last year or April 21 and July 27 of this year to watch for irregular activity on credit or debit card accounts.
Malicious code that infected registers at hotels had the potential to take cardholders’ names along with card numbers, security codes and expiration dates, Hilton said in an online post.
Source: Hilton hotels hit by cyber attack
Allows you to store all of your credit cards and magstripes in one device Works on traditional magstripe readers wirelessly (no NFC/RFID required) Can disable Chip-and-PIN (code not included) Correctly predicts Amex credit card numbers + expirations from previous card number (code not included) Supports all three magnetic stripe tracks, and even supports Track 1+2 simultaneously Easy to build using Arduino or other common parts MagSpoof is a device that can spoof/emulate any
Source: samyk/magspoof · GitHub
Commercial spaceflight start-up Blue Origin has achieved a historic first by vertically landing and recovering the launcher stage of the New Shepard suborbital system after delivering a payload to space.
Source: Historic touchdown for Blue Origin’s New Shepard space vehicle
Identity Mixer is designed to protect users’ privacy by focusing just on the essentials of the proof. Thanks to a set of algorithms based on cryptography work done at IBM Research, the tool allows developers to build apps that can authenticate users’ identities using what’s known as a “zero-knowledge proof” that collects no personal data.
Specifically, Identity Mixer authenticates users by asking them to provide a public key. Each user has a single secret key, and it corresponds with multiple public keys, or identities. Each transaction a user makes receives a different public key and leaves no privacy “breadcrumbs.”
So, in the streaming service example, users would have both identity and subscription credentials stored in a personal Credential Wallet. To access a movie, they could use that electronic wallet to prove that they’re entitled to watch the selected content without having to expose any other details.
The result, according to IBM, is that users’ privacy is better preserved, and the service provider is spared the need to protect and secure all that extraneous data.
Source: New IBM tech lets apps authenticate you without personal data
Satellites are being weaponised, with the anti-satellite missles, manoevering satellites that can hit other objects and satellites that hack into feeds, giving false information to the receiver. Countriies have been holding on to a balance for ages, but in the last 10 or so years, countries have been gradually upping their game.
Source: Satellite wars – FT.com
Turns out that companies have been writing information that makes US citizens not believe in climate change science.
“The comprehensive data include all individual and organizational actors in the climate change countermovement (164 organizations), as well as all written and verbal texts produced by this network between 1993–2013 (40,785 texts, more than 39 million words). Two main findings emerge. First, that organizations with corporate funding were more likely to have written and disseminated texts meant to polarize the climate change issue. Second, and more importantly, that corporate funding influences the actual thematic content of these polarization efforts, and the discursive prevalence of that thematic content over time. ”
Corporate funding and ideological polarization about climate change
And now here’s how you can really destroy it
Source: Superfish 2.0 worsens: Dell’s dodgy security certificate is an unkillable zombie
It’s a motion platform that tilts and rotates to simulate the experience of being in a car, plane, or pretty much any other vehicle. It comes ready-to-go, with an on-board computer, monitors, a 900 watt surround sound system, and the most powerful force feedback wheel in the business.
Source: force dynamics – Force Dynamics
The document addresses the findings of a mobile App research and summarizes concerns and approaches required to improve the state of mobile app security.
Source: The State of Mobile Application Security 2014-2015 – Checkmarx.com
Earlier this week the Center for Democracy and Technology (CDT) warned that an Indian firm called SilverPush has technology that allows adverts to ping inaudible commands to smartphones and tablets.
Now someone has reverse-engineered the code and published it for everyone to check.
SilverPush’s software kit can be baked into apps, and is designed to pick up near-ultrasonic sounds embedded in, say, a TV, radio or web browser advert. These signals, in the range of 18kHz to 19.95kHz, are too high pitched for most humans to hear, but can be decoded by software.
An application that uses SilverPush’s code can pick up these messages from the phone or tablet’s builtin microphone, and be directed to send information such as the handheld’s IMEI number, location, operating system version, and potentially the identity of the owner, to the application’s backend servers.
Source: How TV ads silently ping commands to phones: Sneaky SilverPush code reverse-engineered
NASA took a significant step Friday toward expanding research opportunities aboard the International Space Station with its first mission order from Hawthorne, California based-company SpaceX to launch astronauts from U.S. soil.
Source: NASA Orders SpaceX Crew Mission to International Space Station | NASA
Beliefs about honesty seem to be driven by psychological features, such as self-projection. Surprisingly, people were more pessimistic about the honesty of people in their own country than of people in other countries. One explanation for this could be that people are more exposed to news stories about dishonesty taking place in their own country than in others
Source: Study finds honesty varies significantly between countries
Laat de voertuigbeveiliging installeren door een erkend inbouwbedrijf. U ontvangt dan een VbV-SCM certificaat en uw auto wordt voorzien van een keurmerksticker. De registratie wordt door VbV – SCM vastgelegd..
Source: Doe de kentekencheck – Laat je auto niet hacken.nl
Who thinks these things up?
Researchers find ways to p0wn industrial control systems
Source: SAP pumps 70m barrels of oil a day … and might also blow them up
As described in a paper posted online and submitted to Physical Review Letters (PRL), researchers from NIST and several other institutions created pairs of identical light particles, or photons, and sent them to two different locations to be measured. Researchers showed the measured results not only were correlated, but also—by eliminating all other known options—that these correlations cannot be caused by the locally controlled, “realistic” universe Einstein thought we lived in. This implies a different explanation such as entanglement.
Source: NIST team proves ‘spooky action at a distance’ is really real
Want a FIPS 140-2 RNG? Look at the universe
Source: Big Bang left us with a perfect random number generator
Unfortunately the processing power required is a bit much for home computers…
The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over 70 million records of phone calls, placed by prisoners to at least 37 states, in addition to links to downloadable recordings of the calls. The calls span a nearly two-and-a-half year period, beginning in December 2011 and ending in the spring of 2014. Particularly notable within the vast trove of phone records are what appear to be at least 14,000 recor
Source: Massive Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege
The 4th Reich is at it again!
Unless you went dumpster-diving outside SEMA or your uncle is Stacey David, you probably don’t have unlimited resources to throw at car modification. Thankfully, you friendly neighborhood Tavarish is here to help you frugal modders make your cars into something truly deserving of a voided warranty.
Source: Here Are Ten Cheap Mods That Will Transform The Way Your Car Drives
Because it’s out of date – nowadays you need to be using TLS! You can download the best practices here…
Source: Qualys SSL Labs – Projects / Documentation
Source: Your Unhashable Fingerprints Secure Nothing
An article on how poor fingerprint security is:
– they are not secret
– they can be copied (even from photos!)
– they are not revocable
– they can’t be hashed
U.S. prosecutors on Tuesday unveiled criminal charges against three men accused of running a sprawling computer hacking and fraud scheme that included a huge attack against JPMorgan Chase & Co and generated hundreds of millions of dollars of illegal profit.
Source: U.S. charges three in huge cyberfraud targeting JPMorgan, others