Linking ideas with the world
Hyrum Anderson, technical director of data science at security shop Endgame, showed off research that his company had done in adapting Elon Musk’s OpenAI framework to the task of creating malware that security engines can’t spot. The system basically learns how to tweak malicious binaries so that they can slip past antivirus tools and continue Read more about AI quickly cooks malware that AV software can’t spot[…]
Two German researchers say they have exposed the porn-browsing habits of a judge, a cyber-crime investigation and the drug preferences of a politician. The pair obtained huge amounts of information about the browsing habits of three million German citizens from companies that gather “clickstreams”. These are detailed records of everywhere that people go online. The Read more about It is easy to expose users’ secret web habits, if you have access to cheap clickstream data[…]
Currently, the infosec community and former Hansa vendors themselves have spotted two ways in which Dutch authorities are going after former Hansa vendors. Police gain access to Dream accounts via password reuse In the first, Dutch investigators have taken the passwords of vendors who have the same usernames on both the old Hansa Market and Read more about Crooks Reused Passwords on Hansa and Dream, so Dutch Police Hijacked Their Accounts after running Hansa for a month[…]
This year at the DEF CON hacking conference in Las Vegas, 30 computer-powered ballot boxes used in American elections were set up in a simulated national White House race – and hackers got to work physically breaking the gear open to find out what was hidden inside. In less than 90 minutes, the first cracks Read more about It took DEF CON hackers minutes to pwn these US voting machines[…]
Life has changed since 2007 and 2012 so it’s time for a rundown of modern systems! For around $400,- you get Navdy, which takes some time to set up but offers the best solution for sale at the moment. It has map navigation, notifications, direct sunlight, hand gestures and control button on the steering wheel. Read more about In Car Head up Displays[…]
AMSTERDAM (Reuters) – The Dutch Senate passed a law early on Wednesday giving intelligence agencies broad new surveillance and other powers, including the ability to gather data from large groups of people at once. The Senate’s approval was the last hurdle for the “tapping law,” which was moulded into its current form after years of Read more about Netherlands turns into total surveillance state: unsupervised mass internet tapping, storage and sharing with whoever they feel like[…]
Want to control over 270,000 websites? That’ll be $96 and a handover cockup, please Late Friday, Matthew Bryant noticed an unusual response to some test code he was using to map top-level domains: several of the .io authoritative name servers were available to register. Out of interest, he tried to buy them and was amazed Read more about Bloke takes over every .io domain by snapping up crucial name servers[…]
BothanSpy is an implant that targets the SSH client program Xshell on the Microsoft Windows platform and steals user credentials for all active SSH sessions. These credentials are either username and password in case of password-authenticated SSH sessions or username, filename of private SSH key and key password if public key authentication is used. BothanSpy Read more about CIA Vault 7 tools steal active SSH sessions on Linux and Windows[…]
Traditionally, web technology has been open. HTML markup, CSS, and JavaScript code can be viewed (though not necessarily easily understood, thanks to minification), remixed, and reused. The web’s openness allowed it to flourish. But those selling costly content – software and media companies – prefer open wallets to anything goes. So they have employed copy Read more about Web inventor Sir Tim and W3C decide to close up the web: world has 2 weeks to appeal[…]
To obtain root privileges on a Linux distribution that utilizes systemd for initialization, start with an invalid user name in the systemd.unit file. Linux usernames are not supposed to begin with numbers, to avoid ambiguity between numeric UIDs and alphanumeric user names. Nevertheless, some modern Linux distributions, like RHEL7 and CentOS, allow this. The systemd Read more about Create a user called ‘0day’, get bonus root privs – thanks, Systemd![…]
After decades of tinkering, Peter Beck and Rocket Lab are poised to bring low-cost launches to the world. Source: At 18, He Strapped a Rocket Engine to His Bike. Now He’s Taking on SpaceX As opposed to running a company on insane working hours and crazy project changes, this guy is launching rockets at $5m Read more about At 18, He Strapped a Rocket Engine to His Bike. Now He’s Taking on SpaceX: Rocket Lab, led by someone who knows what he’s doing![…]
NASA has achieved a significant milestone in its effort to make supersonic passenger jet travel over land a real possibility by completing the preliminary design review (PDR) of its Quiet Supersonic Transport or QueSST aircraft design. QueSST is the initial design stage of NASA’s planned Low Boom Flight Demonstration (LBFD) experimental airplane, otherwise known as Read more about NASA QueSST goes supersonic quietly[…]
The Royal Navy’s brand new £3.5bn aircraft carrier HMS Queen Elizabeth is currently* running Windows XP in her flying control room, according to reports. Defence correspondents from The Times and The Guardian, when being given a tour of the carrier’s aft island – the rear of the two towers protruding above the ship’s main deck Read more about HMS QE: Britain’s newest Aircraft Carrier runs Windows XP[…]
The Debian advisory says affected users need to disable hyper-threading “immediately” in their BIOS or UEFI settings, because the processors can “dangerously misbehave when hyper-threading is enabled.” Symptoms can include “application and system misbehaviour, data corruption, and data loss”. Henrique de Moraes Holschuh, who authored the Debian post, notes that all operating systems, not only Read more about Intel’s Skylake and Kaby Lake CPUs have nasty microcode bug[…]
The White House debated various options to punish Russia, but facing obstacles and potential risks, it ultimately failed to exact a heavy toll on the Kremlin for its election meddling. Source: Obama’s secret struggle to punish Russia for Putin’s election assault
If you were one of those hit by the intrusion, don’t expect a big payout. Plenty of others will be getting their cuts first. According to the terms of the settlement, a full third of the package ($37,950,000) has been earmarked to cover attorney fees. An additional $17m will be paid out to Experian, who Read more about Anthem to shell out $115m in largest-ever data theft settlement: 1/3rd goes to lawyers, 10% to Experian, much to taxes, leaves around 10% for victims. Shows you what use the Law is for justice.[…]
The Password Reset Man in the Middle (PRMITM) attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource (e.g. free Read more about Password Reset man in the middle attack[…]
G Suite’s Gmail is already not used as input for ads personalization, and Google has decided to follow suit later this year in our free consumer Gmail service. Consumer Gmail content will not be used or scanned for any ads personalization after this change. This decision brings Gmail ads in line with how we personalize Read more about Gmail no longer will scan your emails – because they allready know enough about you through other channels[…]
The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as “primary host”) and installs the BrutalKangaroo malware on it. When a user is using the primary host and Read more about CIA airgaps using Brutal Kangaroo software[…]
THE TECHNOLOGIES LISTED BELOW were developed within the National Security Agency (NSA) and are now available to the public via Open Source Software (OSS). The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace. OSS invites cooperative development of technology, Read more about NSA opens Github repo[…]
AEGIS doesn’t cover general operations, which are still directed by humans. Instead it lets Curiosity pick its own targets on which to focus its ChemCam, an instrument that first vaporizes Martian rocks with a laser and then studies the resulting gases. AEGIS does so after analysing images captured by Curiosity’s NavCam, which snaps stereo images, Read more about Humanity uploaded an AI to Mars and lets it shoot rocks with lasers[…]
[As you fill out a form] You change your mind and close the page before clicking the Submit button and agreeing to Quicken’s privacy policy.[…]Your email address and phone number have already been sent to a server at “murdoog.com,” which is owned by NaviStone, a company that advertises its ability to unmask anonymous website visitors Read more about Navistone saves filled in form data on hundreds of sites before you submit it![…]
Days after arch-rival Amazon announced plans to buy Whole Foods for $13.7 billion, Walmart is apparently ramping up its defense. That acquisition takes square aim at Walmart’s bread-and-butter grocery business by giving the online retailer 465 new retail locations—thus a much bigger brick-and-mortar presence. Now, Walmart is telling some partners and suppliers that their software Read more about Walmart Gears Up Anti-Amazon Stance in Wake of Whole Foods Deal[…]
mazda_getInfo – A PoC that the USB port is an attack surface for a Mazda car’s infotainment system and how Mazda hacks are made