The hacktivist group Anonymous breached into the website of United Nations Framework Convention on Climate Change (UNFCCC) and leaked a trove of personal information of 1415 officials.
Source: Anonymous Hacks UN Climate Change Site Against Police Attack on Cop21 March
The Chinese scientist behind the world’s biggest cloning factory has technology advanced enough to replicate humans, he told AFP, and is only holding off for fear of the public reaction.
Boyalife Group and its partners are building the giant plant in the northern Chinese port of Tianjin, where it is due to go into production within the next seven months and aims for an output of one million cloned cows a year by 2020.
But cattle are only the beginning of chief executive Xu Xiaochun’s ambitions.
In the factory pipeline are also thoroughbred racehorses, as well as pet and police dogs, specialised in searching and sniffing.
The firm does not currently engage in human cloning activities, Xu said, adding that it has to be “self-restrained” because of possible adverse reaction.
But social values can change, he pointed out, citing changing views of homosexuality and suggesting that in time humans could have more choices about their own reproduction.
Source: China ‘clone factory’ scientist eyes human replication
If storing the personal data of almost 5 million parents and more than 200,000 kids wasn’t bad enough, it turns out that hacked toymaker VTech also left thousands of pictures of parents and kids and a year’s worth of chat logs stored online in a way easily accessible to hackers.
On Friday, Motherboard revealed that earlier this month a hacker broke into the servers of VTech, a Hong Kong-based company that makes internet-connected gadgets and toys. Inside the servers, the hacker found the names, email addresses, passwords, and home addresses of 4,833,678 parents, and the first names, genders and birthdays of more than 200,000 kids.
Source: Hacker Obtained Children’s Headshots and Chatlogs From Toymaker VTech
British programmer and writer John Graham-Cumming has spotted something interesting in the opening protocol of any HTTP/2 connection: an array of explicitly formatted code which spells the word PRISM, in an apparent reference to the NSA’s primary program for mass-surveillance of the internet, as disclosed by Edward Snowden in 2013.
The HTTP/2 client connection begins its work with a 24-octet sequence which unravels to PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n. Anyone who has ever tried to make a line wrap in web server output will discount the returns and line breaks (such as ‘\r’ and ‘\n’) and see the word ‘PRISM’ stripped away from the code which it is sitting inside.
Source: Anti-NSA Easter egg in HTTP/2, it seems
Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases.
The FBI also claims authority to obtain cell-site location information with an NSL, which effectively turns a cell phone into a location tracking device. In court filings, the FBI said that at some point it stopped gathering location data as a matter of policy, but that it could secretly choose to resume the practice under existing authority.
Source: Revealed: What info the FBI can collect with a National Security Letter
That’s a hell of a lot of information they can collect without a court warrant… And they’ve been doing it for 11 years so far!
It appears in May this year CryptoPeak Solutions, based in Longview, Texas, got its hands on US Patent 6,202,150, which describes “auto-escrowable and auto-certifiable cryptosystems.”
CryptoPeak reckons TLS-secured websites that use elliptic curve cryptography are infringing the patent – so it’s suing owners of HTTPS websites that use ECC. Top tip: loads of websites use ECC these days to securely encrypt their traffic.
Source: Sued for using HTTPS: Big brands told to cough up in crypto patent fight
TrackMeNot runs in Firefox and Chrome as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and Bing. It hides users’ actual search trails in a cloud of ‘ghost’ queries, significantly increasing the difficulty of aggregating such data into accurate or identifying user profiles. TMN serves as a means of amplifying users’ discontent with advertising networks that not only disregard privacy, but also facilitate the bulk surveillance agendas of corporate and government agencies, as documented recently in disclosures by Edward Snowden and others. To better simulate user behavior TrackMeNot uses a dynamic query mechanism to ‘evolve’ each client (uniquely) over time, parsing the results of its searches for ‘logical’ future query terms with which to replace those already used.
Source: TrackMeNot
AdNauseam is a browser extension designed to obfuscate browsing data and protect users from surveillance and tracking by advertising networks. Simultaneously, AdNauseam serves as a means of amplifying users’ discontent with advertising networks that disregard privacy and facilitate bulk surveillance agendas.
Source: ADNAUSEAM – Clicking Ads So You Don’t Have To
The Air Force has hired civilian defense contractors to fly MQ-9 Reaper drones to help track suspected militants and other targets in global hot spots, a previously undisclosed expansion in the privatization of once-exclusively military functions.
Source: Air Force hires civilian drone pilots for combat patrols; critics question legality
Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage.
Source: Sneaky Microsoft renamed its data slurper before sticking it back in Windows 10
US hotel chain Hilton revealed Tuesday that hackers infected some of its point-of-sale computer systems with malware crafted to steal credit card information.
Hilton would not disclose whether data was taken, but advised anyone who used payment cards at Hilton Worldwide hotels between November 18 and December 5 of last year or April 21 and July 27 of this year to watch for irregular activity on credit or debit card accounts.
Malicious code that infected registers at hotels had the potential to take cardholders’ names along with card numbers, security codes and expiration dates, Hilton said in an online post.
Source: Hilton hotels hit by cyber attack
Allows you to store all of your credit cards and magstripes in one device Works on traditional magstripe readers wirelessly (no NFC/RFID required) Can disable Chip-and-PIN (code not included) Correctly predicts Amex credit card numbers + expirations from previous card number (code not included) Supports all three magnetic stripe tracks, and even supports Track 1+2 simultaneously Easy to build using Arduino or other common parts MagSpoof is a device that can spoof/emulate any
Source: samyk/magspoof · GitHub
Commercial spaceflight start-up Blue Origin has achieved a historic first by vertically landing and recovering the launcher stage of the New Shepard suborbital system after delivering a payload to space.
Source: Historic touchdown for Blue Origin’s New Shepard space vehicle
Identity Mixer is designed to protect users’ privacy by focusing just on the essentials of the proof. Thanks to a set of algorithms based on cryptography work done at IBM Research, the tool allows developers to build apps that can authenticate users’ identities using what’s known as a “zero-knowledge proof” that collects no personal data.
Specifically, Identity Mixer authenticates users by asking them to provide a public key. Each user has a single secret key, and it corresponds with multiple public keys, or identities. Each transaction a user makes receives a different public key and leaves no privacy “breadcrumbs.”
So, in the streaming service example, users would have both identity and subscription credentials stored in a personal Credential Wallet. To access a movie, they could use that electronic wallet to prove that they’re entitled to watch the selected content without having to expose any other details.
The result, according to IBM, is that users’ privacy is better preserved, and the service provider is spared the need to protect and secure all that extraneous data.
Source: New IBM tech lets apps authenticate you without personal data
Satellites are being weaponised, with the anti-satellite missles, manoevering satellites that can hit other objects and satellites that hack into feeds, giving false information to the receiver. Countriies have been holding on to a balance for ages, but in the last 10 or so years, countries have been gradually upping their game.
Source: Satellite wars – FT.com
Turns out that companies have been writing information that makes US citizens not believe in climate change science.
“The comprehensive data include all individual and organizational actors in the climate change countermovement (164 organizations), as well as all written and verbal texts produced by this network between 1993–2013 (40,785 texts, more than 39 million words). Two main findings emerge. First, that organizations with corporate funding were more likely to have written and disseminated texts meant to polarize the climate change issue. Second, and more importantly, that corporate funding influences the actual thematic content of these polarization efforts, and the discursive prevalence of that thematic content over time. ”
Corporate funding and ideological polarization about climate change
And now here’s how you can really destroy it
Source: Superfish 2.0 worsens: Dell’s dodgy security certificate is an unkillable zombie
It’s a motion platform that tilts and rotates to simulate the experience of being in a car, plane, or pretty much any other vehicle. It comes ready-to-go, with an on-board computer, monitors, a 900 watt surround sound system, and the most powerful force feedback wheel in the business.
Source: force dynamics – Force Dynamics
The document addresses the findings of a mobile App research and summarizes concerns and approaches required to improve the state of mobile app security.
Source: The State of Mobile Application Security 2014-2015 – Checkmarx.com
Earlier this week the Center for Democracy and Technology (CDT) warned that an Indian firm called SilverPush has technology that allows adverts to ping inaudible commands to smartphones and tablets.
Now someone has reverse-engineered the code and published it for everyone to check.
SilverPush’s software kit can be baked into apps, and is designed to pick up near-ultrasonic sounds embedded in, say, a TV, radio or web browser advert. These signals, in the range of 18kHz to 19.95kHz, are too high pitched for most humans to hear, but can be decoded by software.
An application that uses SilverPush’s code can pick up these messages from the phone or tablet’s builtin microphone, and be directed to send information such as the handheld’s IMEI number, location, operating system version, and potentially the identity of the owner, to the application’s backend servers.
Source: How TV ads silently ping commands to phones: Sneaky SilverPush code reverse-engineered
NASA took a significant step Friday toward expanding research opportunities aboard the International Space Station with its first mission order from Hawthorne, California based-company SpaceX to launch astronauts from U.S. soil.
Source: NASA Orders SpaceX Crew Mission to International Space Station | NASA
Beliefs about honesty seem to be driven by psychological features, such as self-projection. Surprisingly, people were more pessimistic about the honesty of people in their own country than of people in other countries. One explanation for this could be that people are more exposed to news stories about dishonesty taking place in their own country than in others
Source: Study finds honesty varies significantly between countries
Laat de voertuigbeveiliging installeren door een erkend inbouwbedrijf. U ontvangt dan een VbV-SCM certificaat en uw auto wordt voorzien van een keurmerksticker. De registratie wordt door VbV – SCM vastgelegd..
Source: Doe de kentekencheck – Laat je auto niet hacken.nl
Who thinks these things up?
Researchers find ways to p0wn industrial control systems
Source: SAP pumps 70m barrels of oil a day … and might also blow them up