The US Secret Service is tasked with keeping the President and members of his family safe. But newly released documents show that the agency has had trouble keeping tabs on its own equipment. Since 2001, the agency has lost at least 1,024 computers, 736 mobile phones, and 121 guns.

Judicial Watch obtained the numbers through a Freedom of Information Act (FOIA) request filed in January. The Secret Service released the numbers this week, which is broken down into different categories of lost and stolen equipment. Of the 1,024 total computers lost or stolen, the Secret Service has misplaced 744 laptops, 258 desktops, and 22 tablets.

Source: The Secret Service Has Lost 1,024 Computers Since 2001

I have no idea how many personnel the US secret Service has, so can’t say if this is a lot or a little.

CCTV cameras? You’ve been looking in the wrong place

Source: Origin of the beasties: Mirai botnet missing link revealed as DVR player

Looks like digital video recorders offer more functionalities than IP cams and were used in 4/5 attack vectors.

At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries.

The attack began Tuesday afternoon, and continued for two days straight, according to a source close to Russia’s Central Bank quoted by RIA Novosti. Sberbank confirmed the DDoS attack on its online services.

“The attacks are conducted from botnets, consisting of tens of thousands computers, which are located in tens of countries,” Sberbank’s press service told RIA.

The initial attack was rather massive and its power intensified over the course of the day.

Source: 5 major Russian banks repel massive DDoS attack — RT News

By using the interference patterns with wifi, you can collect information and detect with 68.9% accuracy what people are typing. The accuracy goes up as you collect more data.

Source: Your body reveals your password by interfering with Wi-Fi

In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform.
The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack.
[…]
To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates.

Source: IoT Goes Nuclear – Creating a ZigBee Chain Reaction

As explained in a paper titled A Formal Security Analysis of the Signal Messaging Protocol (PDF) from the International Association for Cryptologic Research, Signal has no discernible flaws and offers a well-designed and compromise-resistant architecture.

Signal uses a double rachet algorithm that employs ephemeral key exchanges continually during each session, minimising the amount of text that can be decrypted at any point should a key be compromised.

Signal was examined by a team of five researchers from the UK, Australia, and Canada, namely Oxford University information security Professor Cas Cremers and his PhDs Katriel Cohn-Gordon and Luke Garratt, Queensland University of Technology PhD Benjamin Dowling, and McMaster University Assistant Professor Douglas Stebila.
[…]
The team finds some room for improvement which they passed on to the app’s developers, namely that the protocol can be further strengthened with negligible cost by using “constructions in the spirit of the NAXOS (authenticated key exchange) protocol” [PDF]” by or including a static-static Diffie-Hellman shared secret in the key derivation. This would solve the risk of attackers compromising communications should the random number generator become fully predictable.

The paper does, however, cover only a subsection of Signal’s efforts, as it ignores non-Signal library components, plus application and implementation variations. It should therefore be considered a substantial starting point for future analysis, the authors say, rather than the final world on Signal.

Source: ‘Trust it’: Results of Signal’s first formal crypto analysis are in

Cisco has fixed a vulnerability in its Professional Careers portal that may have exposed truckloads of personal information.

The networking giant has sent an email to affected users in which it says a “limited set of job application related information” was leaked from the mobile version of the website, blaming an “incorrect security setting” placed after system maintenance on a third party site.
[…]
It says exposed data may have included real and login names; passwords; physical and email addresses, phone numbers; answers to security questions; users’ education and professions; cover letters and resumes.

Any hacker hoovering up that data would have also gained applicants’ voluntary information including gender, race, and veteran and disability status, and disability.

Source: Cisco’s job applications site leaked personal data

Linux/IRCTelnet, as the underlying malware has been named, borrows code from several existing malicious IoT applications. Most notably, it lifts entire sections of source code from Aidra, one of the earliest known IoT bot packages. Aidra was discovered infecting more than 30,000 embedded Linux devices in an audacious and ethically questionable research project that infected more than 420,000 Internet-connected devices in an attempt to measure the security of the global network. As reported by the anonymous researcher, Aidra forced infected devices to carry out a variety of distributed denial-of-service attacks but worked on a limited number of devices.

Linux/IRCTelnet also borrows telnet-scanning logic from a newer IoT bot known as Bashlight. It further lifts a list of some 60 widely used username-password combinations built into Mirai, a different IoT bot app whose source code was recently published on the Internet. It goes on to add code for attacking sites that run the next-generation Internet protocol known as IPv6.

[…]

Once a device is infected, its IP address is stored so the botnet operator can re-infect it if it suddenly loses contact with the command and control channel.

Source: New, more-powerful IoT botnet infects 3,500 devices in 5 days

The nation state has a single point of failure fiber, recently installed in 2011, and it could spell disaster for dozens of other countries

The attack was said to be upwards of 1.1Tbps — more than double the attack a few weeks earlier on security reporter Brian Krebs’ website, which was about 620Gbps in size, said to be one of the largest at the time. The attack was made possible by the Mirai botnet, an open-source botnet that anyone can use, which harnesses the power of insecure Internet of Things (IoT) devices.

This week, another Mirai botnet, known as Botnet 14, began targeting a small, little-known African country, Liberia, sending it almost entirely offline each time.

Security researcher Kevin Beaumont, who was one of the first to notice the attacks and wrote about what he found, said that the attack was one of the largest capacity botnets ever seen.

One transit provider said the attacks were over 500Gbps in size. Beaumont said that given the volume of traffic, it “appears to be the owned by the actor which attacked Dyn”.

Source: Mirai botnet attackers are trying to knock an entire country offline

Long-overdue rules protecting security research and vehicle repair have finally taken effect, as they should have done last year. Though the Copyright Office and the Librarian of Congress unlawfully and pointlessly delayed their implementation, for the next two years the public can take advantage of the freedom they offer.

Source: Why Did We Have to Wait a Year to Fix Our Cars? | Electronic Frontier Foundation

Government idiots.

The researchers found that when connected to a target user on a Skype call, they could record the audio of the user’s keystrokes. With a small amount of knowledge about the victim’s typing style and the keyboard he’s using, the researchers could accurately get 91.7 percent of keystrokes. The attack does not require any malware on the victim’s machine and simply takes advantage of the way that VoIP software acquires acoustic emanations from the machine it’s on.

Source: Recording Keystroke Sounds Over Skype to Steal User Data | On the Wire

Redmond’s digital crimes unit senior attorney Courtney Gregoire says half of respondents between the age of 18 and 34 had followed tech support scammer instructions, handing over remote access to their machines or downloading software after encountering a scam page.

Only 17 per cent of respondents 55 years and older took the bait. Meanwhile, one in three (34 per cent) of folks aged between 36 and 54 fell for scams.

Source: Kids today are so stupid they fall for security scams more often than greybeards

A total of 32 lakh debit cards across 19 banks could have been compromised on account of a purported fraud, the National Payment Corporation of India said in a statement.

The issue was brought to light when State Bank of India blocked the debit cards of 6 lakh customers on October 14. This was done after the bank was alerted to a possible fraud by the National Payment Corporation of India, MasterCard and Visa, said Managing Director Rajnish Kumar in a telephonic interview with BloombergQuint.

In a statement released on Thursday evening, the NPCI clarified that the problem was brought to their attention when they received complaints from a few banks that customers’ cards were used fraudulently, mainly in China and the U.S., while those cardholders were in India.

Source: The Big Debit Card Breach: Three Things Card Holders Need To Understand

The BTB provides a history of branches taken by the processor as it runs through its code: after the CPU is told to make a decision, it usually jumps to another part of the program based on the outcome of that decision. For example, if something fetched from memory has a value greater than zero, then jump to location A or jump to location B if not.

If a jump location is in the history buffer then the CPU knows this branch is usually taken so can start priming itself with instructions from the jump landing point. That means branches routinely taken execute with minimal delay.

By flooding the BTB with a range of branch targets, hackers can observe the BTB refilling with values of regularly taken jumps. This allows the miscreants to work out where in memory the operating system has randomly placed the application’s vital components. It takes a few tens of milliseconds to perform, we’re told. The eggheads say this allows an “attacker to identify the locations of known branch instructions in the address space of the victim process or kernel.”

Source: Boffins exploit Intel CPU weakness to run rings around code defenses

For the past two years, since researchers discovered the attack, the term Rowhammer has been used to describe a procedure through which attackers launch read & write operations at a row of memory bits inside a RAM memory card.

The repeated read and write operations cause an electromagnetic field to appear, which changes local memory bits from 0 to 1 and vice versa, in a process called bit flipping.

For their research paper, called Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, researchers tested and found multiple smartphone models to be vulnerable to their attack.

The list includes LG Nexus (4, 5, 5X), LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xiaomi Mi 4i, and Samsung Galaxy (S4, S5, and S6) devices. Researchers estimate that millions of Android users might be vulnerable.

Source: Rowhammer Attack Can Now Root Android Devices

iTrack Easy, Nut Smart Tracker, TrackR Bravo en Tile were looked at: both the data the device itself sends and the apps they use. They don’t come out well.

Source: Stalkers volgen je dankzij je eigen GPS-trackers

On Oct 1, after a 2h absence from his phone, Bob attempted to check his email and discovered he’d been logged out of his gmail account. Upon trying to log back in, Google notified him that his email password had been changed less than an hour ago.

He then tried to make a call and discovered that his phone service was no longer active. Calling Verizon, he discovered that someone (the attacker) had called less than an hour ago and switched his service to an iPhone 4. Verizon later conceded that they had transferred his account despite having neither requested nor being given the 4-digit PIN they had on record.

The attacker was able to reset Bob’s password and take control of his account. He or she then removed Bob’s recovery email, changed the password, changed the name on the account, and enabled two factor authentication. (Records show that the account was accessed from IP addresses in Iowa and Germany.)

Source: Adding a phone number to your Google account can make it LESS secure.

What is the CVE-2016-5195?

CVE-2016-5195 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE.

Why is it called the Dirty COW bug?

“A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.” (RH)

Source: Dirty COW (CVE-2016-5195)

Now we have yet another massive database leak has been uncovered related to an insecure MongoDB installation, exposing at least 58 million subscriber records.

Twitter user @0x2Taylor posted exfiltrated data on the file sharing site MEGA twice over the weekend, each time resulting in the data being taken down very quickly. The data was then released for a third time on a smaller file sharing website. After analyzing the dataset, we can confirm that nearly 58 million records contain full names, IP addresses, dates of birth, email addresses, vehicle data, and occupations were included in the leak.

Who Is Modern Business Solutions?

Modern Business Solutions (MBS) describes itself as a technology and application service provider specializing in data management and monetization services for data owners. Based in Austin, TX, the firm claims to help “clients build their revenue streams by providing content and services” to a variety of industries including the automotive and employment verticals.

Source: Modern Business Solutions Stumbles Over A Modern Business Problem – 58M Records Dumped From An Unsecured Database

A data management company that can’t configure a database? What a bunch of tits!

A new strain of malware has been discovered by Kaspersky Labs, named ‘StrongPity,’ which targets users looking for two legitimate computer programs, WinRAR and TrueCrypt. WinRAR is a file archiver utility for Windows, which compresses and extracts files, while the latter is a discontinued encryption tool.

The malware contains components that not only has the ability to give attackers complete control on the victim’s computer, but also steal disk contents and download other software that the cybercriminals need. It was found that users in Italy and Belgium were affected the most, but there were also records found in Turkey, North Africa, and the Middle East.

To be able to gather victims, the attackers have built special fake websites that supposedly host the two programs. One instance that was discovered by the researchers is that the criminals transposed two letters in a domain name, in order to fool the potential victim into thinking that the program was a legitimate WinRAR installer website.

Source: ‘StrongPity’ malware infects users through illegitimate WinRAR and TrueCrypt installers

inisters have been barred from wearing Apple Watches during Cabinet meetings amid concerns that they could be hacked by Russian spies, The Telegraph has learned.

Under David Cameron, several cabinet ministers wore the smart watches, including Michael Gove, the former Justice Secretary.

However, under Theresa May ministers have been barred from wearing them amid concerns that they could be used by hackers as listening devices.

Mobile phones have already been barred from the Cabinet because of similar concerns.

One source said: “The Russians are trying to hack everything.”

Source: Apple Watches banned from Cabinet after ministers warned devices could be vulnerable to hacking 

In the latest exchange between Mobileye and Tesla, however, the chip company has accused Tesla of lying. “The allegations recently attributed to a spokesperson for Tesla … are incorrect and can be refuted by the facts,” Mobileye said in a statement.
[…]
Tesla was “pushing the envelope in terms of safety,” the company’s chairman and CTO Amnon Shashua said in an interview with Reuters on Wednesday. “It [the autopilot system] is not designed to cover all possible crash situations in a safe manner … It is a driver assistance system and not a driverless system,” he said.
[…]
While the assisted-driving technology is undoubtedly impressive, Mobileye says it was very unhappy when Tesla started suggesting it would allow customers to drive their car hands-free. Brown was thought to be watching a movie when the crash happened.

“It has long been Mobileye’s position that Tesla’s Autopilot should not be allowed to operate hands-free without proper and substantial technological restrictions and limitations,” said the company’s most recent statement, adding: “In communications dating back to May 2015 between Mobileye Chairman and Tesla’s CEO, Mobileye expressed safety concerns regarding the use of Autopilot hands-free.”
[…]
Mobileye claims that after the crash, it had a face-to-face meeting with Musk in which he promised that the autopilot would be “hands on.” But then Musk reneged on the agreement, it says, and offered a hands-free activation mode.

Source: Is Tesla telling us the truth over autopilot spat?

Sounds pretty typical of Elon Musk

Qubes is a security-oriented, open-source operating system for personal computers.
Qubes takes an approach called security by compartmentalization, which allows you to compartmentalize the various parts of your digital life into securely isolated compartments called qubes.

This approach allows you to keep the different things you do on your computer securely separated from each other in isolated qubes so that one qube getting compromised won’t affect the others. For example, you might have one qube for visiting untrusted websites and a different qube for doing online banking. This way, if your untrusted browsing qube gets compromised by a malware-laden website, your online banking activities won’t be at risk. Similarly, if you’re concerned about malicious email attachments, Qubes can make it so that every attachment gets opened in its own single-use disposable qube. In this way, Qubes allows you to do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop.

Source: Qubes OS Project

It runs lightweight Virtual Machines for your processes (Qubes) which isolate them, making sure they don’t infect other parts of your machines.

Whonix is a desktop operating system designed for advanced security and privacy. It realistically addresses attacks while maintaining usability. It makes online anonymity possible via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP leaks. Pre-installed applications, pre-configured with safe defaults are ready for use. Additionally, installing custom applications or personalizing the desktop will in no way jeopardize the user. Whonix is the only actively developed OS designed to be run inside a VM and paired with Tor.

This safeguards your privacy by running on 2 VMs in your OS, so it can’t know much about what your computer is doing.

Whonix

Then there is tails, which has as advantage that it runs off a USB stick. This does, however, mean that every time you restart, everything resets. This ensures the base package stays clean, but updates to software or personal documents cannot be part of your tails.