Daily Archives: April 29, 2016

FindFace Facial Recognition Service Becomes a Weapon Against Russian Porn Actresses

Posted on by
Reply

Users of the Russian imageboard “Dvach” (2chan) have launched a campaign to deanonymize Russian actresses who appear in pornography, utilizing a controversial new service called “FindFace.”

Source: Facial Recognition Service Becomes a Weapon Against Russian Porn Actresses – Global Voices Advocacy

What a bunch of pissants – using a creepy stalker app to then send the contacts of porn actresses porn pictures of their friends. To me it sounds like these guys are so jealous of people having sex whilst they never will, that they’d rather just spoil it for everyone and try to make sure there are no more porn actresses.

Malware and non-malware ways for ATM jackpotting. Extended cut – Securelist

Posted on by
Reply

Millions of people around the world now use ATMs every day to withdraw cash, pay in to their account or make a variety of payments. Unfortunately, ATM manufacturers and their primary customers – banks – don’t pay much attention to the security of cash machines.

Source: Malware and non-malware ways for ATM jackpotting. Extended cut – Securelist

If you use Waze, hackers can stalk you, add thousands of ghost cars to divert your traffic

Posted on by
Reply

Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thousands of “ghost drivers” that can monitor the drivers around them—an exploit that could be used to track Waze users in real-time. They proved it to me by tracking my own movements around San Francisco and Las Vegas over a three-day period.

Here’s how the exploit works. Waze’s servers communicate with phones using an SSL encrypted connection, a security precaution meant to ensure that Waze’s computers are really talking to a Waze app on someone’s smartphone. Zhao and his graduate students discovered they could intercept that communication by getting the phone to accept their own computer as a go-between in the connection. Once in between the phone and the Waze servers, they could reverse-engineer the Waze protocol, learning the language that the Waze app uses to talk to Waze’s back-end app servers. With that knowledge in hand, the team was able to write a program that issued commands directly to Waze servers, allowing the researchers to populate the Waze system with thousands of “ghost cars”—cars that could cause a fake traffic jam or, because Waze is a social app where drivers broadcast their locations, monitor all the drivers around them.

Source: If you use Waze, hackers can stalk you

Cisco Finds Backdoor Installed on 12 Million PCs by French Advertiser Tuto4PC

Posted on by
Reply

Cisco’s Talos security intelligence and research group has come across a piece of software that installed backdoors on 12 million computers around the world.The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC. The firm, previously known as Eorezo Group and apparently linked to another company called Wizzlabs, has been targeted by French authorities over its questionable practices regarding the installation of unwanted software and harvesting of users’ personal details.
[…]
Researchers determined that the application, installed with administrator rights, was capable not only of downloading and installing other software, such as a known scareware called System Healer, but also of harvesting personal information. Furthermore, experts found that the software is designed to detect the presence of sandboxes, antiviruses, security tools, forensic software and remote access doors.

These “features” have led Cisco Talos to classify the Tuto4PC software as a “full backdoor capable of a multitude of undesirable functions on the victim machine.”

Source: Cisco Finds Backdoor Installed on 12 Million PCs | SecurityWeek.Com

Mad Scientist Builds Fully Functional Hoverbike

Posted on by
Reply

Because a thermite-blasting cannon isn’t crazy enough, Colin Furze used a pair of motors and propellers designed for parasailing to build himself a fully functional flying hoverbike. It’s easily one of the mad scientist’s most dangerous builds to date, but seeing how maneuverable it is almost makes us want to build one too.

Source: Mad Scientist Builds Fully Functional Hoverbike

Microsoft Office 365 Flaw Allowed Anyone To Log In To Almost Any Business Account

Posted on by
Reply

A severe vulnerability in the way Microsoft Office 365 handles federated identities via SAML put an attacker in a position to have access to any account and data, including emails and files stored in the cloud-based service. Microsoft pushed through a mitigation to the service on Jan. 5, seven hours after being notified by researchers Yiannis Kakavas and Klemen Bratec. “The attack surface was quite big (Outlook Online, OneDrive, Skype for Business, OneNote — depending on what the company has paid for in terms of licensing),” Kakavas and Bratec told Threatpost via email. “And a malicious user exploiting this vulnerability could have gained access to very sensitive private and company information (emails, internal documents etc. ).” Office 365 users who had configured domains as federated were affected. The list includes British Airways, Microsoft, Vodafone, Verizon and many others, as mentioned in a report published late Wednesday.

Source: Office 365 Flaw Allowed Anyone To Log In To Almost Any Business Account – Slashdot

Oops, don’t you love the cloud? 🙂