NSA collected Americans’ phone records (151 million of them!) despite law change

Posted on May 4, 2017 by Robin Edgar

The U.S. National Security Agency collected more than 151 million records of Americans’ phone calls last year, even after Congress limited its ability to collect bulk phone records, according to an annual report issued on Tuesday by the top U.S. intelligence officer. The report from the office of Director of National Intelligence Dan Coats was Read more about NSA collected Americans’ phone records (151 million of them!) despite law change[…]

After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts via MitM attacks

Posted on May 4, 2017 by Robin Edgar

Experts have been warning for years about security blunders in the Signaling System 7 protocol – the magic glue used by cellphone networks to communicate with each other. These shortcomings can be potentially abused to, for example, redirect people’s calls and text messages to miscreants’ devices. Now we’ve seen the first case of crooks exploiting Read more about After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts via MitM attacks[…]

Endurance in a pill

Posted on May 4, 2017 by Robin Edgar

“It’s well known that people can improve their aerobic endurance through training,” says senior author Ronald Evans, Howard Hughes Medical Institute investigator and holder of Salk’s March of Dimes Chair in Molecular and Developmental Biology. “The question for us was: how does endurance work? And if we really understand the science, can we replace training Read more about Endurance in a pill[…]

rpcbomb: remote rpcbind denial-of-service + patches

Posted on May 4, 2017 by Robin Edgar

This vulnerability allows an attacker to allocate any amount of bytes (up to 4 gigabytes per attack) on a remote rpcbind host, and the memory is never freed unless the process crashes or the administrator halts or restarts the rpcbind service. Attacking a system is trivial; a single attack consists of sending a specially crafted Read more about rpcbomb: remote rpcbind denial-of-service + patches[…]

Mozilla Fathom – framework for classifying the web semantically

Posted on May 2, 2017 by Robin Edgar

Fathom is a JavaScript framework for extracting meaning from web pages, identifying parts like Previous/Next buttons, address forms, and the main textual content—or classifying a page as a whole. Essentially, it scores DOM nodes and extracts them based on conditions you specify. A Prolog-inspired system of types and annotations expresses dependencies between scoring steps and Read more about Mozilla Fathom – framework for classifying the web semantically[…]

FuturePets.com database of thousands of credit cards was left exposed for months

Posted on May 2, 2017 by Robin Edgar

A US online pet store has exposed the details of more than 110,400 credit cards used to make purchases through its website, researchers have found. In a stunning show of poor security, the Austin, Texas-based company FuturePets.com exposed its entire customer database, including names, postal and email addresses, phone numbers, credit card information, and plain-text Read more about FuturePets.com database of thousands of credit cards was left exposed for months[…]

Yes, your whatsapp messages can be read by the London police

Posted on May 2, 2017 by Robin Edgar

Bruce66423 brings word that a terrorist’s WhatsApp message has been decrypted “using techniques that ‘cannot be disclosed for security reasons’, though ‘sources said they now have the technical expertise to repeat the process in future.’” The Economic Times reports: U.K. security services have managed to decode the last message sent out by Khalid Masood before Read more about Yes, your whatsapp messages can be read by the London police[…]

Russian-controlled telecom hijacks financial services’ Internet traffic

Posted on May 2, 2017 by Robin Edgar

On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications. Anomalies in the border gateway protocol—which routes Read more about Russian-controlled telecom hijacks financial services’ Internet traffic[…]

Jenkins admin? Get buzzy patching, says Cloudbees

Posted on May 2, 2017 by Robin Edgar

The bug, CVE-2017-1000353, exists in how Jenkins implements HTTP upload/download requests. The bug lets an attacker exploit a serialised object in the preamble of commands sent to the CLI. As described by Securiteam, “since Jenkins does not validate the serialised object, any serialise[d] object can be sent.” The attacker can use the channel to send Read more about Jenkins admin? Get buzzy patching, says Cloudbees[…]

Remote security exploit in all 2008+ Intel platforms – SemiAccurate

Posted on May 2, 2017 by Robin Edgar

The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware. If this isn’t scary enough news, even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is Read more about Remote security exploit in all 2008+ Intel platforms – SemiAccurate[…]

This Artificially Intelligent Speech Generator Can Fake Anyone’s Voice

Posted on May 2, 2017 by Robin Edgar

“We train our models on a huge dataset with thousands of speakers,” Jose Sotelo, a team member at Lyrebird and a speech synthesis expert, told Gizmodo. “Then, for a new speaker we compress their information in a small key that contains their voice DNA. We use this key to say new sentences.” The end result Read more about This Artificially Intelligent Speech Generator Can Fake Anyone’s Voice[…]

How to Easily Unsubscribe from Bulk Emails in Gmail – Unroll.me Alternative

Posted on April 30, 2017 by Robin Edgar

How to easily unsubscribe your Gmail email address from mailing lists, newsletters, junk and other unsolicited bulk mail that is clogging up your Gmail inbox. Source: How to Easily Unsubscribe from Bulk Emails in Gmail – Unroll.me Alternative

Netgear says sorry four weeks after losing customer backups on cloud and locally(!!!!) – yes the cloud can hurt you!

Posted on April 28, 2017 by Robin Edgar

Neatgear has cocked up its cloud management service, losing data stored locally on ReadyNAS devices’ shared folders worldwide – and customers have complained to The Register about only being informed four weeks later. This week, the San Jose-based networking business sent an email to customers, seen by The Register, confirming that an “outage” affecting ReadyCLOUD, Read more about Netgear says sorry four weeks after losing customer backups on cloud and locally(!!!!) – yes the cloud can hurt you![…]

Windows is Bloated, Thanks to Adobe’s Extensible Metadata Platform – Thurrott.com

Posted on April 28, 2017 by Robin Edgar

I put together a tool that scans files for PNG images containing Adobe metadata and was surprised that Windows is host to a lot of this gunk. […] Windows Explorer, for example, is a critical Shell component in the startup hot path. But despite its importance, it’s comprised of ~20% pure garbage. ApplicationFrame.dll, responsible for Read more about Windows is Bloated, Thanks to Adobe’s Extensible Metadata Platform – Thurrott.com[…]

Popular belief that saturated fat clogs up arteries is a myth, experts say – let the wars begin: others disagree!

Posted on April 28, 2017 by Robin Edgar

Heart experts have been criticised for claiming it is “plain wrong” to believe that saturated fat clogs up arteries. Three specialists argued that eating “real food”, taking exercise and reducing stress are better ways to stave off heart disease than cutting out dietary saturated fat. Writing in a respected journal, they maintained that inflammation is Read more about Popular belief that saturated fat clogs up arteries is a myth, experts say – let the wars begin: others disagree![…]

iPhone lawyers literally compare Apples with Pears in trademark war – and win!

Posted on April 28, 2017 by Robin Edgar

Pear Technology, which produces digital mapping software and services, applied for the pear logo in 2014 and was almost immediately challenged by Apple, which claimed it was confusingly similar to its own apple-with-a-bite-out-of-it silhouette logo. The Cupertino intellectual property lawyers claimed that despite one being a picture of a pear and one being a picture Read more about iPhone lawyers literally compare Apples with Pears in trademark war – and win![…]

FYI: You can blow Intel-powered broadband modems off the ‘net with a ‘trivial’ packet stream

Posted on April 28, 2017 by Robin Edgar

This week, inquisitive netizens discovered that, when presented with even modest amounts of network packets – as little as 1.5Mbps spread across various TCP or UDP ports – modems equipped with a Puma 6 slow to an unusable crawl. According to one engineer who spoke to El Reg on the issue, the flaw would be Read more about FYI: You can blow Intel-powered broadband modems off the ‘net with a ‘trivial’ packet stream[…]

UK gov forces porn sites to gather personal info and allows gov depts to share citizens data despite being hugely unsafe

Posted on April 28, 2017 by Robin Edgar

ISPs may be forced to block sites which fail to do so, and the fact that many such sites are not based in the UK nor subject to British law shall pose plenty of difficulties for the law’s implementation, as will its provisions forcing ISPs to prohibit access to “non-conventional sex acts”, which has provoked Read more about UK gov forces porn sites to gather personal info and allows gov depts to share citizens data despite being hugely unsafe[…]

How Did Unroll.me Get Users to Allow It to Sell Their Inbox Data?

Posted on April 28, 2017 by Robin Edgar

But a New York Times profile of Uber this weekend revealed, in passing, that Unroll.me, which is owned by a company called Slice Intelligence, isn’t just in the business of tidying up customers’ inboxes. Slice makes money by scanning its users’ email for receipts, then packaging that information into intel reports on consumer habits. Uber, Read more about How Did Unroll.me Get Users to Allow It to Sell Their Inbox Data?[…]

Nuh-uh, Google, you WILL hand over emails stored on foreign servers, says US judge

Posted on April 23, 2017 by Robin Edgar

Google has been ordered by a US court to cough up people’s private Gmail messages stored overseas – because if that information can be viewed stateside, it is subject to American search warrants, apparently. During a hearing on Wednesday in California, magistrate judge Laurel Beeler rejected [PDF] the advertising giant’s objections to a US government Read more about Nuh-uh, Google, you WILL hand over emails stored on foreign servers, says US judge[…]

NL Court rules fan subtitles on TV and movies are illegal

Posted on April 23, 2017 by Robin Edgar

Subtitle lovers, beware: a court just ruled that making fan subtitles or translations is not protected by the law. A Dutch group called (translated) the Free Subtitles Foundation took anti-piracy group BREIN to court over “fansubbing.” BREIN has previously been active in taking fan subtitles and translations offline, and the Foundation was hoping a Dutch court Read more about NL Court rules fan subtitles on TV and movies are illegal[…]

Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools

Posted on April 23, 2017 by Robin Edgar

The NSA’s Equation Group hacking tools, leaked last Friday by the Shadow Brokers, have now been used to infect thousands of Windows machines worldwide, we’re told. On Thursday, Dan Tentler, founder of security shop Phobos Group, told The Register he’s seen rising numbers of boxes on the public internet showing signs they have DOUBLEPULSAR installed Read more about Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools[…]

Researchers capture first ‘image’ of a dark matter web that connects galaxies

Posted on April 20, 2017 by Robin Edgar

Researchers at the University of Waterloo have been able to capture the first composite image of a dark matter bridge that connects galaxies together. The scientists publish their work in a new paper in Monthly Notices of the Royal Astronomical Society. The composite image, which combines a number of individual images, confirms predictions that galaxies Read more about Researchers capture first ‘image’ of a dark matter web that connects galaxies[…]

This new solar-powered device can pull water straight from the desert air

Posted on April 20, 2017 by Robin Edgar

You can’t squeeze blood from a stone, but wringing water from the desert sky is now possible, thanks to a new spongelike device that uses sunlight to suck water vapor from air, even in low humidity. The device can produce nearly 3 liters of water per day for every kilogram of spongelike absorber it contains, Read more about This new solar-powered device can pull water straight from the desert air[…]

Burger King ads talk to Google Home devices, make them talk when listening.

Posted on April 20, 2017 by Robin Edgar

The advertisment says: “Hello Google, what is the whopper burger?” and Google home reads out the first line of the wiki page. So Google blocked Burger King. So BK re-recorded and Google Home devices recite the first Absolutely brilliant and very funny! Alexa next! And even more funny: changing the wiki page just as the Read more about Burger King ads talk to Google Home devices, make them talk when listening.[…]

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30