Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass.
via Extracting audio from visual information | MIT News Office.
Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic.
via Cisco Security Advisory: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products.
Nearly half of the people on the U.S. government’s widely shared database of terrorist suspects are not connected to any known terrorist group, according to classified government documents obtained by The Intercept.
Of the 680,000 people caught up in the government’s Terrorist Screening Database—a watchlist of “known or suspected terrorists” that is shared with local law enforcement agencies, private contractors, and foreign governments—more than 40 percent are described by the government as having “no recognized terrorist group affiliation.” That category—280,000 people—dwarfs the number of watchlisted people suspected of ties to al Qaeda, Hamas, and Hezbollah combined.
via Barack Obama's Secret Terrorist-Tracking System, by the Numbers – The InterceptThe Intercept.
A photographer who set up a load of cameras in the wild can’t get pictures of a monkey removed from Wikipedia, as the monkey pressed the shutter. Wikipedia argues that this means that nobody owns the copyright. I wonder what the BBC series Earth has to say about this?
Wikipedia refuses to delete photo as 'monkey owns it' – Telegraph.
With privacy concerns being raised more and more about the use of cloud storage, tech giants are turning to the age old scare tactic of using child porn as an excuse to burrow through users data.
Microsoft tip leads to child porn arrest in Pennsylvania.
Twitch TV – a gaming TV channel with billions of watchers – will attempt to detect music playing in the background. If a 10 second spell seems to be copyrighted, they will remove the sound for half an hour.
I suppose the rationale is that the music companies and the RIAA think this is a potentially lost sale or something? It’s not surprising the users are up in arms about this.
Twitch Cracks Down On Music In Videos, Users Freak Out.
A Russian group has hacked 1.2 billion usernames and passwords belonging to more than 500 million email addresses, according to Hold Security – a US firm specialising in discovering breaches.
Hold Security described the hack as the "largest data breach known to date".
It claimed the stolen information came from more than 420,000 websites, including "many leaders in virtually all industries across the world".
via BBC News – Russia gang hacks 1.2 billion usernames and passwords.
General Dynamics C4 Systems and NICTA are pleased to announce the open sourcing of seL4, the world’s first operating-system kernel with an end-to-end proof of implementation correctness and security enforcement. It is still the world’s most highly-assured OS.
What’s being released?
It includes all of the kernel’s source code, all the proofs, plus other code and proofs useful for building highly trustworthy systems. All is under standard open-source licensing terms — either GPL version 2, or the 2-clause BSD licence.
via Home | seL4.
Unique about seL4 is its unprecedented degree of assurance, achieved through formal verification. Specifically, the ARM version of seL4 is the first (and still only) general-purpose OS kernel with a full code-level functional correctness proof, meaning a mathematical proof that the implementation (written in C) adheres to its specification. In short, the implementation is proved to be bug-free (see below). This also implies a number of other properties, such as freedom from buffer overflows, null pointer exceptions, use-after-free, etc
Using the Epson Moverio glasses, Augmented reality projects the following features onto the lenses in 3D.
Airports
Navigation Aids
ADS-B traffic
Flight Plan route & waypoints
Airways
Geographic points of interest (cities, villages, visual navigation points)
Soon followed by:
Airspaces
Terrain elevation
Procedures
ILS approach cones
FLARM traffic (for glider)
Weather
Dynamic Data (NOTAM, TFRs)
Ground Phase stuff other than runways (taxiways, gates etc)
3D Terrain Avoidance
Obstacles
They plan to sell them for around $700,- which is very cheap for a fighter pilot helmet / Heads up display / HUD!
As the entry point, they exploit a vulnerability in Microsoft Word with the help of a crafted Word document they spread via email. The same approach would work with any other exploit.
After that, they make sure that the malicious activities survive system re-boot by creating an encoded autostart registry key. To remain undetected, this key is disguised/hidden.
Decoding this key shows two new aspects: Code which makes sure the affected system has Microsoft PowerShell installed and additional code.
The additional code is a Base64-encoded PowerShell script, which calls and executes the shellcode (assembly).
As a final step, this shellcode executes a Windows binary, the payload. In the case analyzed, the binary tried to connect to hard coded IP addresses to receive further commands, but the attackers could have triggered any other action at this point.
All activities are stored in the registry. No file is ever created.
Malware that resides in the registry only – a rare and rather new approach
“to ensure users’ rights to privacy of their personal data and personal information, and information security for government agencies and corporate clients”
Once reprogrammed, benign devices can turn malicious in many ways, including:
A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.
via Turning USB peripherals into BadUSB | Security Research Labs.
Looks like Karsten Nohl has done it again!
US State Department database used to process passports and visas still hasn’t recovered from a crash last week — leaving tens of thousands of people stranded overseas.
via Passport Database Outage: 'We Regret The Inconvenience' – InformationWeek.
Yep, the power of big centralised databases!
British scientist Roger Shawyer has been trying to interest people in his EmDrive for some years through his company SPR Ltd. Shawyer claims the EmDrive converts electric power into thrust, without the need for any propellant by bouncing microwaves around in a closed container. He has built a number of demonstration systems[…]a US scientist, Guido Fetta, has built his own propellant-less microwave thruster, and managed to persuade Nasa to test it out. The test results were presented on July 30 at the 50th Joint Propulsion Conference in Cleveland, Ohio. Astonishingly enough, they are positive[…]he Nasa team has avoided trying to explain its results in favour of simply reporting what it found: “This paper will not address the physics of the quantum vacuum plasma thruster, but instead will describe the test integration, test operations, and the results obtained from the test campaign.”[…]A working microwave thruster would radically cut the cost of satellites and space stations and extend their working life, drive deep-space missions, and take astronauts to Mars in weeks rather than months. In hindsight, it may turn out to be another great British invention that someone else turned into a success.
via Nasa validates 'impossible' space drive (Wired UK).
In January 2013, a chap called Jonathan Moylan sent a single email that caused an AU$314m – £174m or $295m – dip in a coal company’s value.
The email was a fake press release stating that Whitehaven Coal’s bank, ANZ, had decided not to lend the mining firm the billion or so dollars needed to open a new pit.
Moylan’s message was sent from a domain that riffed on ANZ Bank’s name, used the bank’s logo and included the name of an ANZ Bank PR person and a phone number. That number was Moylan’s own, so when journalists called to confirm the details of the fake press release, Moylan simply told them it was all kosher.
ONE EMAIL costs mining company $300 MEEELION • The Register.
Think W3 Limited was hacked in December 2012 in an attack that relied on what the ICO described as "insecure" coding on the website of its subsidiary business, Essential Travel Ltd. The unidentified hacker behind the attack siphoned off a total of 1,163,996 credit and debit card records (431K current and 733K expired).
"Cardholder details had not been deleted since 2006 and there had been no security checks or reviews since the system had been installed," according to a subsequent investigation into the incident by data privacy watchdogs at the Information Commissioner’s Office (ICO). Think W3 was found guilty of a "serious" breach of the DPA.
via Who has your credit card data? 1 million HOLIDAY-MAKERS' RECORDS exposed • The Register.
A Minnesota man and his two sons were asked to leave a Southwest Airlines flight after the man sent a tweet complaining about being treated rudely by a gate agent.
[…] a tweet that read “RUDEST AGENT IN DENVER. KIMBERLY S. GATE C39. NOT HAPPY @SWA.” […] after he boarded, an announcement came over the plane asking his family to exit the aircraft. Once at the gate, the agent said that unless the tweet was deleted, police would be called and the family would not be allowed back onboard.
via Minnesota man asked to leave Southwest flight after critical tweet | Reuters.
Little Nazi flight people. I think stewards feel self entitled and forget that their job is to actually help people.
The European Central Bank (ECB) said on Thursday there had been a breach of the security protecting a database serving its public website. This led to the theft of email addresses and other contact data left by people registering for events at the ECB.
via ECB: ECB announces theft of contact information.
In a court case in which the government (mr Plasterk) was taken to task for using NSA data – private information gotten through illegal means according to Dutch law – the NL courts have ruled that secret services can use this data freely, because “it’s important”. This is a bit like allowing evidence gained under torture. It may be illegal in NL, but hey – another person gave it to us and it’s really important, so let’s use it!
Another real problem is that this ruling allows the NL secret service to circumvent the checks and balances applying to the Dutch democracy by sending data to the US, or allowing the US to capture it, have it be analysed there and then returned to NL. In this way the AIVD can perform illegal data mining “legally”.
Rechter: Nederland mag NSA-data blijven gebruiken – IT Pro – Nieuws – Tweakers.
FossaMail is an Open Source, Mozilla Thunderbird-based mail, news and chat client for Windows, brought to you by the Pale Moon developer (and therefore not affiliated with the Mozilla Corporation). It is an optimized and reconfigured re-build of Mozilla Thunderbird ESR.
via FossaMail.
In an unbelievably sane move, the UK has accepted that piracy exists and that cutting people from the internet won’t work very well.
Geoff Taylor, chief executive of music trade body the BPI, said VCAP was about “persuading the persuadable, such as parents who do not know what is going on with their net connection.”
He added: “VCAP is not about denying access to the internet. It’s about changing attitudes and raising awareness so people can make the right choice.”
Britain just decriminalised online game piracy | VG247.
The change, the most dramatic policy shift since Japan set up its post-war armed forces 60 years ago, will widen Japan’s military options by ending the ban on exercising "collective self-defense", or aiding a friendly country under attack.
Abe’s cabinet adopted a resolution outlining the shift, which also relaxes limits on activities in U.N.-led peace-keeping operations and "grey zone" incidents short of full-scale war, Defence Minister Itsunori Onodera told reporters.
via Japan takes historic step from post-war pacifism, OKs fighting for allies | Reuters.
And now it’s arming up with UAV’s / drones – Global Hawks
The real story behind Japan’s drone boom
