Daily Archives: October 27, 2016

Recording Keystroke Sounds Over Skype to Steal User Data

Posted on by
Reply

The researchers found that when connected to a target user on a Skype call, they could record the audio of the user’s keystrokes. With a small amount of knowledge about the victim’s typing style and the keyboard he’s using, the researchers could accurately get 91.7 percent of keystrokes. The attack does not require any malware on the victim’s machine and simply takes advantage of the way that VoIP software acquires acoustic emanations from the machine it’s on.

Source: Recording Keystroke Sounds Over Skype to Steal User Data | On the Wire

Kids today are so stupid they fall for security scams more often than greybeards

Posted on by
Reply

Redmond’s digital crimes unit senior attorney Courtney Gregoire says half of respondents between the age of 18 and 34 had followed tech support scammer instructions, handing over remote access to their machines or downloading software after encountering a scam page.

Only 17 per cent of respondents 55 years and older took the bait. Meanwhile, one in three (34 per cent) of folks aged between 36 and 54 fell for scams.

Source: Kids today are so stupid they fall for security scams more often than greybeards

Meanwhile, in America: Half of adults’ faces are in police databases

Posted on by
Reply

Images representing 117 million American adults – almost half the grownups in the country – can be found in the facial recognition databases maintained by US law enforcement agencies, according to a study conducted by the Center on Privacy and Technology at Georgetown Law School.

That figure is expected to grow as facial recognition technology becomes more capable and more commonplace. Yet such systems have very little oversight.
[…]
“Transparency makes a lot of the problems we’ve noticed easier to detect,” said Frankle.

Some of these problems include: the disproportionate representation of African Americans in US law enforcement databases; the potentially chilling effect of facial recognition on free speech; lack of reliable information on the accuracy of facial recognition systems; and unsettled questions about the circumstances under which facial recognition might violate Fourth Amendment protections against unreasonable searches.
[…]
At the same time, the utility of the technology remains open to question. Where public data about the efficacy of facial recognition searches exists, it’s not particularly compelling. “Of the FBI’s 36,420 searches of state license photo and mug shot databases, only 210 (0.6 per cent) yielded likely candidates for further investigations,” the study says. “Overall, 8,590 (4 per cent) of the FBI’s 214,920 searches yielded likely matches.”

What’s more, reliable metrics for the accuracy of facial recognition systems are scarce. For example, FaceFirst, facial recognition vendor, advertises “an identification rate above 95 per cent.” The CPT study claims this is misleading and cites a 2015 contract with the San Diego Association of Governments that disclaims any specific success rate: “FaceFirst makes no representations or warranties as to the accuracy and reliability of the product in the performance of its facial recognition capabilities.”
[…]
The study cites a facial recognition test conducted with real-time video in Mainz, Germany, from 2006 to 2007, where accuracy was 60 per cent during the day and 10 to 20 per cent at night.
[…]
“Face recognition can and should be used to respond to serious crimes and public emergencies,” the study concludes. “It should not be used to scan the face of any person, at any time, for any crime.”

Source: Meanwhile, in America: Half of adults’ faces are in police databases

32 million Indian debit cards possibly compromised

Posted on by
Reply

A total of 32 lakh debit cards across 19 banks could have been compromised on account of a purported fraud, the National Payment Corporation of India said in a statement.

The issue was brought to light when State Bank of India blocked the debit cards of 6 lakh customers on October 14. This was done after the bank was alerted to a possible fraud by the National Payment Corporation of India, MasterCard and Visa, said Managing Director Rajnish Kumar in a telephonic interview with BloombergQuint.

In a statement released on Thursday evening, the NPCI clarified that the problem was brought to their attention when they received complaints from a few banks that customers’ cards were used fraudulently, mainly in China and the U.S., while those cardholders were in India.

Source: The Big Debit Card Breach: Three Things Card Holders Need To Understand

Intel CPU memory location randomisation weakness broken by flooding branch buffer

Posted on by
Reply

The BTB provides a history of branches taken by the processor as it runs through its code: after the CPU is told to make a decision, it usually jumps to another part of the program based on the outcome of that decision. For example, if something fetched from memory has a value greater than zero, then jump to location A or jump to location B if not.

If a jump location is in the history buffer then the CPU knows this branch is usually taken so can start priming itself with instructions from the jump landing point. That means branches routinely taken execute with minimal delay.

By flooding the BTB with a range of branch targets, hackers can observe the BTB refilling with values of regularly taken jumps. This allows the miscreants to work out where in memory the operating system has randomly placed the application’s vital components. It takes a few tens of milliseconds to perform, we’re told. The eggheads say this allows an “attacker to identify the locations of known branch instructions in the address space of the victim process or kernel.”

Source: Boffins exploit Intel CPU weakness to run rings around code defenses

Consumer Reports Now Ranks Tesla Among the Least Reliable Carmakers

Posted on by
Reply

When it gave the Tesla Model S an unprecedented 103 out of 100 score last August, Consumer Reports looked like it might try to marry Elon Musk’s company and have its little electric car babies. But after a year of disappointments, trust violations and janky-ass door handles, it seems the magazine can no longer advocate true love.

Source: Consumer Reports Now Ranks Tesla Among the Least Reliable Carmakers

Rowhammer Attack Can Now Root Android Devices

Posted on by
Reply

For the past two years, since researchers discovered the attack, the term Rowhammer has been used to describe a procedure through which attackers launch read & write operations at a row of memory bits inside a RAM memory card.

The repeated read and write operations cause an electromagnetic field to appear, which changes local memory bits from 0 to 1 and vice versa, in a process called bit flipping.

For their research paper, called Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, researchers tested and found multiple smartphone models to be vulnerable to their attack.

The list includes LG Nexus (4, 5, 5X), LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xiaomi Mi 4i, and Samsung Galaxy (S4, S5, and S6) devices. Researchers estimate that millions of Android users might be vulnerable.

Source: Rowhammer Attack Can Now Root Android Devices

The Microsoft Cognitive Toolkit now on Github: deep learning AI that recognises human speech at very low error rates

Posted on by
Reply

The Microsoft Cognitive Toolkit—previously known as CNTK—helps you harness the intelligence within massive datasets through deep learning.

Source: The Microsoft Cognitive Toolkit – Microsoft Research

They also offer RESTful APIs on another site, Cognitive Services, with applications you can tap into and APIs for vison, speech, language, knowledge and search. They usually offer free testing, and fees for running volume queries.