Daily Archives: April 3, 2019

Facebook Is Just Casually Asking Some New Users for Their Email Passwords [note – never give out your email password!!!!]

Posted on by

Facebook has been prompting some users registering for the first time to hand over the passwords to their email accounts, the Daily Beast reported on Tuesday—a practice that blares right past questionable and into “beyond sketchy” territory, security consultant Jake Williams told the Beast.

A Twitter account using the handle @originalesushi first posted an image of the screen several days ago, in which new users are told they can confirm their third-party email addresses “automatically” by giving Facebook their login credentials. The Beast wrote that the prompt appeared to trigger under circumstances where Facebook might think a sign-up attempt is “suspicious,” and confirmed it on their end by “using a disposable webmail address and connecting through a VPN in Romania.”

It is never, ever advisable for a user to give out their email password to anyone, except possibly to a 100 percent verified account administrator when no other option exists (which there should be). Email accounts tend to be primary gateways into the rest of the web, because a valid one is usually necessary to register accounts on everything from banks and financial institutions to social media accounts and porn sites. They obviously also contain copies of every un-deleted message ever sent to or from that address, as well as additional information like contact lists. It is for this reason that email password requests are one of the most obvious hallmarks of a phishing scam.

“That’s beyond sketchy,” Williams told the Beast. “They should not be taking your password or handling your password in the background. If that’s what’s required to sign up with Facebook, you’re better off not being on Facebook.”

“This is basically indistinguishable to a phishing attack,” Electronic Frontier Foundation security researcher Bennett Cyphers told Business Insider. “This is bad on so many levels. It’s an absurd overreach by Facebook and a sleazy attempt to trick people to upload data about their contacts to Facebook as the price of signing up… No company should ever be asking people for credentials like this, and you shouldn’t trust anyone that does.”

A Facebook spokesperson confirmed in a statement to Gizmodo that this screen appears for some users signing up for the first time, though the company wrote, “These passwords are not stored by Facebook.” It additionally characterized the number of users it asks for email passwords as “very small.” Those presented with the screen were signing up on desktop while using email addresses that did not support OAuth—an open standard for allowing third parties authenticated access to assets (such as for the purpose of verifying identities) without sharing login credentials. OAuth is typically a standard feature of major email providers.

Facebook noted in the statement that those users presented with this screen could opt out of sharing passwords and use another verification method such as email or phone. The company also said it would be ending the practice of asking for email passwords.

Source: Facebook Is Just Casually Asking Some New Users for Their Email Passwords

This beggars belief!

DOJ Warns Academy Over Proposed Oscar Rule Changes that exclude Netflix and other streamers

Posted on by

The Justice Department has warned the Academy of Motion Picture Arts and Sciences that its potential rule changes limiting the eligibility of Netflix and other streaming services for the Oscars could raise antitrust concerns and violate competition law.

According to a letter obtained by Variety, the chief of the DOJ’s Antitrust Division, Makan Delrahim, wrote to AMPAS CEO Dawn Hudson on March 21 to express concerns that new rules would be written “in a way that tends to suppress competition.”

“In the event that the Academy — an association that includes multiple competitors in its membership — establishes certain eligibility requirements for the Oscars that eliminate competition without procompetitive justification, such conduct may raise antitrust concerns,” Delrahim wrote.

The letter came in response to reports that Steven Spielberg, an Academy board member, was planning to push for rules changes to Oscars eligibility, restricting movies that debut on Netflix and other streaming services around the same time that they show in theaters. Netflix made a big splash at the Oscars this year, as the movie “Roma” won best director, best foreign language film and best cinematography.

[…]

Spielberg’s concerns over the eligibility of movies on streaming platforms have triggered intense debate in the industry. Netflix responded on Twitter early last month with the statement, “We love cinema. Here are some things we also love. Access for people who can’t always afford, or live in towns without, theaters. Letting everyone, everywhere enjoy releases at the same time. Giving filmmakers more ways to share art. These things are not mutually exclusive.”

Spielberg told ITV News last year that Netflix and other streaming platforms have boosted the quality of television, but “once you commit to a television format, you’re a TV movie. … If it’s a good show—deserve an Emmy, but not an Oscar.”

Source: DOJ Warns Academy Over Proposed Oscar Rule Changes – Variety

India’s Anti-Satellite Test Could Threaten the International Space Station

Posted on by

Last week, Indian Prime Minister Narendra Modi said the country’s space agency had tested a new anti-satellite weapon by destroying a satellite already in orbit. Now, an announcement by NASA Administrator Jim Bridenstine claims that India’s test could endanger other satellites and objects in orbit—including the International Space Station.

India launched a missile at a satellite believed to be the Indian spy satellite Microsat-r, launched a few months ago. The blowup created a field of satellite debris at that altitude. That debris is a problem because it sits at the same altitude as the ISS. In a worst-case scenario, some of that debris could impact the station creating a Gravity-esque scenario. Some of those pieces are too small for NASA to track, meaning we’ll have no way of predicting an impact beforehand.

“What we are tracking right now, objects big enough to track — we’re talking about 10 cm (4 inches) or bigger —about 60 pieces have been tracked,” Bridenstine said in an announcement on Monday.

India deliberately targeted a satellite that orbited at a lower altitude than the ISS to prevent this sort of situation, but some of the debris appears to have reached higher. Of those 60 debris objects tracked by NASA, Bridenstine says 24 of them are at the same altitude as the ISS or higher.

The nature of low Earth orbit means that even debris pieces residing above the ISS could still pose a threat. Satellites and debris are gradually slowed by the very thin atmosphere that resides there. The ISS, for instance, routinely has to fire its boosters to increase its altitude to counteract atmospheric drag.

Those small debris pieces will lose altitude over time and eventually burn up in the atmosphere, but the high-altitude debris will have to come in range of the ISS before that happens. That means an impact could happen even a few months from now as high-altitude debris continues to fall.

Source: India’s Anti-Satellite Test Could Threaten the International Space Station

The head of the United States’ National Aeronautics and Space Administration (NASA), Jim Bridenstine, on Tuesday branded India’s destruction of one of its satellites a “terrible thing” that had created 400 pieces of orbital debris and led to new dangers for astronauts aboard the International Space Station (ISS).

Mr. Bridenstine was addressing employees of the NASA five days after India shot down a low-orbiting satellite in a missile test to prove it was among the world’s advanced space powers.

Not all of the pieces were big enough to track, Mr. Bridenstine explained. “What we are tracking right now, objects big enough to track — we’re talking about 10 cm [six inches] or bigger — about 60 pieces have been tracked.”

The Indian satellite was destroyed at a relatively low altitude of 300 km, well below the ISS and most satellites in orbit.

But 24 of the pieces “are going above the apogee of the ISS,” said Mr. Bridenstine.

“That is a terrible, terrible thing to create an event that sends debris at an apogee that goes above the International Space Station. That kind of activity is not compatible with the future of human spaceflight. It’s unacceptable and NASA needs to be very clear about what its impact to us is,” he said.

But the risk will dissipate over time as much of the debris will burn up as it enters the atmosphere.

The U.S. military tracks objects in space to predict the collision risk of the ISS and satellites.

They are currently tracking 23,000 objects larger than 10 cm.

Chinese test created 3,000 debris

That includes about 10,000 pieces of space debris, of which nearly 3,000 were created by a single event: a Chinese anti-satellite test in 2007 at 530 miles from the surface.

As a result of the Indian test, the risk of collision with the ISS has increased by 44 percent over 10 days, Mr. Bridenstine said.

https://www.thehindu.com/sci-tech/technology/indias-asat-missile-test-created-400-pieces-of-debris-endangering-iss-nasa/article26708817.ece

Soon after the ASAT test, India said it was done in the lower atmosphere to ensure that there is no space debris. “Whatever debris that is generated will decay and fall back onto the earth within weeks.”

By conducting the test, the Ministry of External Affairs in New Delhi said, India was not in violation of any international law or treaty to which it is a party to or any national obligation.

Interestingly, Bridenstine is the first top official from the Trump administration to come out in public against the India’s ASAT test.

A day after India successfully carried out its ASAT test, acting US defence secretary Patrick Shanahan warned that the event could create a “mess” in space but said Washington was still studying the impact.

Bridenstine said the NASA is “learning more and more every hour” that goes by about this orbital debris field that has been created from the anti-satellite test.

“Where we were last week with an assessment that comes from NASA experts as well as the Joint Space Operations Center (part of US Strategic Command).. is that the risk to the International Space Station has increased by 44 per cent,” Bridenstine said.

“We are charged with commercialising of low earth orbit. We are charged with enabling more activities in space than we’ve ever seen before for the purpose of benefiting the human condition, whether it’s pharmaceuticals or printing human organs in 3D to save lives here on earth or manufacturing capabilities in space that you’re not able to do in a gravity well,” he said.

“All of those are placed at risk when these kinds of events happen,” Bridenstine said as he feared India’s ASAT test could risk proliferation of such activities by other countries.

“When one country does it, other countries feel like they have to do it as well,” he said.

“It’s unacceptable. The NASA needs to be very clear about what its impact to us is,” he said.

Risk gone up 44% over 10 days

The risk from small debris as a result of the ASAT test to the ISS went up 44 per cent over a period of 10 days. “So, the good thing is it’s low enough in earth orbit that over time this will all dissipate,” he told his NASA colleagues.

The ISS is a habitable artificial satellite, orbiting the Earth at an altitude between 330 and 435 km. It is a joint project between space agencies of US, Russia, Japan, Europe and Canada, and serves as a research laboratory for scientists to conduct space experiments.

As many as 236 astronauts from 18 countries have visited the space station, many of them multiple times, since November 2000.

Bridenstine said a lot of debris from the 2007 direct ascent anti-satellite test by China is still in the space.

“And we’re still dealing with it. We are still, we as a nation are responsible for doing space situational awareness and space traffic management, conjunction analysis for the entire world,” the NASA chief said.

“The International Space Station is still safe. If we need to manoeuvre it, we will. The probability of that I think is low. But at the end of the day we have to be clear also that these activities are not sustainable or compatible with human spaceflight,” he said.

https://www.thehindubusinessline.com/news/science/indias-shooting-down-of-satellite-created-400-pieces-of-debris-put-iss-at-risk-nasa/article26709952.ece

Former NSA spies hacked BBC host, Al Jazeera chairman for UAE

Posted on by

A group of American hackers who once worked for U.S. intelligence agencies helped the United Arab Emirates spy on a BBC host, the chairman of Al Jazeera and other prominent Arab media figures during a tense 2017 confrontation pitting the UAE and its allies against the Gulf state of Qatar.

The American operatives worked for Project Raven, a secret Emirati intelligence program that spied on dissidents, militants and political opponents of the UAE monarchy. A Reuters investigation in January revealed Project Raven’s existence and inner workings, including the fact that it surveilled a British activist and several unnamed U.S. journalists.

The Raven operatives — who included at least nine former employees of the U.S. National Security Agency and the U.S. military — found themselves thrust into the thick of a high-stakes dispute among America’s Gulf allies. The Americans’ role in the UAE-Qatar imbroglio highlights how former U.S. intelligence officials have become key players in the cyber wars of other nations, with little oversight from Washington.

[…]

Dana Shell Smith, the former U.S. ambassador to Qatar, said she found it alarming that American intelligence veterans were able to work for another government in targeting an American ally. She said Washington should better supervise U.S. government-trained hackers after they leave the intelligence community.

“Folks with these skill sets should not be able to knowingly or unknowingly undermine U.S. interests or contradict U.S. values,” Smith told Reuters.

Source: Former NSA spies hacked BBC host, Al Jazeera chairman for UAE

Wait, so once you are trained for something by the US government, basically you have entered into an enslaved indenture? You may only work for who the US decides you may work for ever after? Or… what, they assassinate you?

D.E.A. Secretly Collected Bulk Records of Money-Counter Purchases

Posted on by

WASHINGTON — The Drug Enforcement Administration secretly collected data in bulk about Americans’ purchases of money-counting machines — and took steps to hide the effort from defendants and courts — before quietly shuttering the program in 2013 amid the uproar over the disclosures by the National Security Agency contractor Edward Snowden, an inspector general report found.

Seeking leads about who might be a drug trafficker, the D.E.A. started in 2008 to issue blanket administrative subpoenas to vendors to learn who was buying money counters. The subpoenas involved no court oversight and were not pegged to any particular investigation. The agency collected tens of thousands of records showing the names and addresses of people who bought the devices.

The public version of the report, which portrayed the program as legally questionable, blacked out the device whose purchase the D.E.A. had tracked. But in a slip-up, the report contained one uncensored reference in a section about how D.E.A. policy called for withholding from official case files the fact that agents first learned the names of suspects from its database of its money-counter purchases.

[…]

The report cited field offices’ complaints that the program had wasted time with a high volume of low-quality leads, resulting in agents scrutinizing people “without any connection to illicit activity.” But the D.E.A. eventually refined its analysis to produce fewer but higher-quality leads, and the D.E.A. said it had led to arrests and seizures of drugs, guns, cars and illicit cash.

The idea for the nationwide program originated in a D.E.A. operation in Chicago, when a subpoena for three months of purchase records from a local store led to two arrests and “significant seizures of drugs and related proceeds,” it said.

But Sarah St. Vincent, a Human Rights Watch researcher who flagged the slip-up on Twitter, argued that it was an abuse to suck Americans’ names into a database that would be analyzed to identify criminal suspects, based solely upon their purchase of a lawful product.

[…]

In the spring of 2013, the report said, the D.E.A. submitted its database to a joint operations hub where law enforcement agencies working together on organized crime and drug enforcement could mine it. But F.B.I. agents questioned whether the data had been lawfully acquired, and the bureau banned its officials from gaining access to it.

The F.B.I. agents “explained that running all of these names, which had been collected without foundation, through a massive government database and producing comprehensive intelligence products on any ‘hits,’ which included detailed information on family members and pictures, ‘didn’t sit right,’” the report said.

Source: D.E.A. Secretly Collected Bulk Records of Money-Counter Purchases