Monthly Archives: December 2015

Event Horizon Telescope reveals magnetic fields at Milky Way’s central black hole

Posted on by
Reply

If the black hole is spinning, it can generate strong jets that blast across thousands of light-years and shape entire galaxies. These black hole engines are thought to be powered by magnetic fields. For the first time, astronomers have detected magnetic fields just outside the event horizon of the black hole at the center of our Milky Way galaxy.

The team found that magnetic fields in some regions near the black hole are disorderly, with jumbled loops and whorls resembling intertwined spaghetti. In contrast, other regions showed a much more organized pattern, possibly in the region where jets would be generated.

They also found that the magnetic fields fluctuated on short time scales of only 15 minutes or so.

“Once again, the galactic center is proving to be a more dynamic place than we might have guessed,” says Johnson. “Those magnetic fields are dancing all over the place.”

Source: Event Horizon Telescope reveals magnetic fields at Milky Way’s central black hole

Top Programming Languages That Generate Software Vulnerabilities (Hint: PHP)

Posted on by
Reply

PHP continues to be one of the main sources for many security bugs

With a huge fanbase and used in countless of apps and websites around the Internet, PHP is ranked the worst when it came to command injection bugs, but also came close to the top when it came to SQL injections, cross-site scripting bugs, and cryptographic issues.

Taking a closer look at PHP, we also see that 86% of all the analyzed apps included XSS issues, 73% included cryptographic issues, 67% allowed for directory traversal, 61% for code injection, 58% had problems with credentials management, 56% included SQL injection issues, and 50% allowed for information leakage.

When it came to policy compliance tests, scanned PHP applications passed the OWASP Top 10 tests only in 19% of the cases. ColdFusion had the only lowest rating with 17% while C/C++ passed OWASP tests in 60% of the cases.

Source: Top Programming Languages That Generate Software Vulnerabilities

Russia’s blanket phone spying busted Europe’s human rights laws

Posted on by
Reply

Russia’s legal framework around the mass surveillance was found to be unfit because it did not limit the circumstances in which public authorities were allowed to conduct their surveillance activities, nor were there any limits on the duration of those activities.

Additionally, there was insufficient supervision of the interception and a lack of “procedures for authorising interception as well as for storing and destroying the intercepted data”.

Source: Russia’s blanket phone spying busted Europe’s human rights laws

China ‘clone factory’ scientist eyes human replication

Posted on by
Reply

The Chinese scientist behind the world’s biggest cloning factory has technology advanced enough to replicate humans, he told AFP, and is only holding off for fear of the public reaction.

Boyalife Group and its partners are building the giant plant in the northern Chinese port of Tianjin, where it is due to go into production within the next seven months and aims for an output of one million cloned cows a year by 2020.

But cattle are only the beginning of chief executive Xu Xiaochun’s ambitions.

In the factory pipeline are also thoroughbred racehorses, as well as pet and police dogs, specialised in searching and sniffing.

The firm does not currently engage in human cloning activities, Xu said, adding that it has to be “self-restrained” because of possible adverse reaction.

But social values can change, he pointed out, citing changing views of homosexuality and suggesting that in time humans could have more choices about their own reproduction.

Source: China ‘clone factory’ scientist eyes human replication

Hacker Obtained Children’s Headshots and Chatlogs From Toymaker VTech

Posted on by
Reply

If storing the personal data of almost 5 million parents and more than 200,000 kids wasn’t bad enough, it turns out that hacked toymaker VTech also left thousands of pictures of parents and kids and a year’s worth of chat logs stored online in a way easily accessible to hackers.

On Friday, Motherboard revealed that earlier this month a hacker broke into the servers of VTech, a Hong Kong-based company that makes internet-connected gadgets and toys. Inside the servers, the hacker found the names, email addresses, passwords, and home addresses of 4,833,678 parents, and the first names, genders and birthdays of more than 200,000 kids.

Source: Hacker Obtained Children’s Headshots and Chatlogs From Toymaker VTech

Anti-NSA Easter egg in HTTP/2: every connection starts with PRISM

Posted on by
Reply

British programmer and writer John Graham-Cumming has spotted something interesting in the opening protocol of any HTTP/2 connection: an array of explicitly formatted code which spells the word PRISM, in an apparent reference to the NSA’s primary program for mass-surveillance of the internet, as disclosed by Edward Snowden in 2013.

The HTTP/2 client connection begins its work with a 24-octet sequence which unravels to PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n. Anyone who has ever tried to make a line wrap in web server output will discount the returns and line breaks (such as ‘\r’ and ‘\n’) and see the word ‘PRISM’ stripped away from the code which it is sitting inside.

Source: Anti-NSA Easter egg in HTTP/2, it seems

Revealed: What info the FBI can collect with a National Security Letter. Hint – a lot.

Posted on by
Reply

Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases.

The FBI also claims authority to obtain cell-site location information with an NSL, which effectively turns a cell phone into a location tracking device. In court filings, the FBI said that at some point it stopped gathering location data as a matter of policy, but that it could secretly choose to resume the practice under existing authority.

Source: Revealed: What info the FBI can collect with a National Security Letter

That’s a hell of a lot of information they can collect without a court warrant… And they’ve been doing it for 11 years so far!

Patent troll reckons it owns https via TLS

Posted on by
Reply

It appears in May this year CryptoPeak Solutions, based in Longview, Texas, got its hands on US Patent 6,202,150, which describes “auto-escrowable and auto-certifiable cryptosystems.”

CryptoPeak reckons TLS-secured websites that use elliptic curve cryptography are infringing the patent – so it’s suing owners of HTTPS websites that use ECC. Top tip: loads of websites use ECC these days to securely encrypt their traffic.

Source: Sued for using HTTPS: Big brands told to cough up in crypto patent fight

TrackMeNot – run random searches in the background

Posted on by
Reply

TrackMeNot runs in Firefox and Chrome as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and Bing. It hides users’ actual search trails in a cloud of ‘ghost’ queries, significantly increasing the difficulty of aggregating such data into accurate or identifying user profiles. TMN serves as a means of amplifying users’ discontent with advertising networks that not only disregard privacy, but also facilitate the bulk surveillance agendas of corporate and government agencies, as documented recently in disclosures by Edward Snowden and others. To better simulate user behavior TrackMeNot uses a dynamic query mechanism to ‘evolve’ each client (uniquely) over time, parsing the results of its searches for ‘logical’ future query terms with which to replace those already used.

Source: TrackMeNot

ADNAUSEAM – Clicking Ads So You Don’t Have To

Posted on by
Reply

AdNauseam is a browser extension designed to obfuscate browsing data and protect users from surveillance and tracking by advertising networks. Simultaneously, AdNauseam serves as a means of amplifying users’ discontent with advertising networks that disregard privacy and facilitate bulk surveillance agendas.

Source: ADNAUSEAM – Clicking Ads So You Don’t Have To