A Russian group has hacked 1.2 billion usernames and passwords belonging to more than 500 million email addresses, according to Hold Security – a US firm specialising in discovering breaches.
Hold Security described the hack as the "largest data breach known to date".
It claimed the stolen information came from more than 420,000 websites, including "many leaders in virtually all industries across the world".
via BBC News – Russia gang hacks 1.2 billion usernames and passwords.
General Dynamics C4 Systems and NICTA are pleased to announce the open sourcing of seL4, the world’s first operating-system kernel with an end-to-end proof of implementation correctness and security enforcement. It is still the world’s most highly-assured OS.
What’s being released?
It includes all of the kernel’s source code, all the proofs, plus other code and proofs useful for building highly trustworthy systems. All is under standard open-source licensing terms — either GPL version 2, or the 2-clause BSD licence.
via Home | seL4.
Unique about seL4 is its unprecedented degree of assurance, achieved through formal verification. Specifically, the ARM version of seL4 is the first (and still only) general-purpose OS kernel with a full code-level functional correctness proof, meaning a mathematical proof that the implementation (written in C) adheres to its specification. In short, the implementation is proved to be bug-free (see below). This also implies a number of other properties, such as freedom from buffer overflows, null pointer exceptions, use-after-free, etc
Using the Epson Moverio glasses, Augmented reality projects the following features onto the lenses in 3D.
Airports
Navigation Aids
ADS-B traffic
Flight Plan route & waypoints
Airways
Geographic points of interest (cities, villages, visual navigation points)
Soon followed by:
Airspaces
Terrain elevation
Procedures
ILS approach cones
FLARM traffic (for glider)
Weather
Dynamic Data (NOTAM, TFRs)
Ground Phase stuff other than runways (taxiways, gates etc)
3D Terrain Avoidance
Obstacles
They plan to sell them for around $700,- which is very cheap for a fighter pilot helmet / Heads up display / HUD!
As the entry point, they exploit a vulnerability in Microsoft Word with the help of a crafted Word document they spread via email. The same approach would work with any other exploit.
After that, they make sure that the malicious activities survive system re-boot by creating an encoded autostart registry key. To remain undetected, this key is disguised/hidden.
Decoding this key shows two new aspects: Code which makes sure the affected system has Microsoft PowerShell installed and additional code.
The additional code is a Base64-encoded PowerShell script, which calls and executes the shellcode (assembly).
As a final step, this shellcode executes a Windows binary, the payload. In the case analyzed, the binary tried to connect to hard coded IP addresses to receive further commands, but the attackers could have triggered any other action at this point.
All activities are stored in the registry. No file is ever created.
Malware that resides in the registry only – a rare and rather new approach
“to ensure users’ rights to privacy of their personal data and personal information, and information security for government agencies and corporate clients”
Once reprogrammed, benign devices can turn malicious in many ways, including:
A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.
via Turning USB peripherals into BadUSB | Security Research Labs.
Looks like Karsten Nohl has done it again!
US State Department database used to process passports and visas still hasn’t recovered from a crash last week — leaving tens of thousands of people stranded overseas.
via Passport Database Outage: 'We Regret The Inconvenience' – InformationWeek.
Yep, the power of big centralised databases!
British scientist Roger Shawyer has been trying to interest people in his EmDrive for some years through his company SPR Ltd. Shawyer claims the EmDrive converts electric power into thrust, without the need for any propellant by bouncing microwaves around in a closed container. He has built a number of demonstration systems[…]a US scientist, Guido Fetta, has built his own propellant-less microwave thruster, and managed to persuade Nasa to test it out. The test results were presented on July 30 at the 50th Joint Propulsion Conference in Cleveland, Ohio. Astonishingly enough, they are positive[…]he Nasa team has avoided trying to explain its results in favour of simply reporting what it found: “This paper will not address the physics of the quantum vacuum plasma thruster, but instead will describe the test integration, test operations, and the results obtained from the test campaign.”[…]A working microwave thruster would radically cut the cost of satellites and space stations and extend their working life, drive deep-space missions, and take astronauts to Mars in weeks rather than months. In hindsight, it may turn out to be another great British invention that someone else turned into a success.
via Nasa validates 'impossible' space drive (Wired UK).
In January 2013, a chap called Jonathan Moylan sent a single email that caused an AU$314m – £174m or $295m – dip in a coal company’s value.
The email was a fake press release stating that Whitehaven Coal’s bank, ANZ, had decided not to lend the mining firm the billion or so dollars needed to open a new pit.
Moylan’s message was sent from a domain that riffed on ANZ Bank’s name, used the bank’s logo and included the name of an ANZ Bank PR person and a phone number. That number was Moylan’s own, so when journalists called to confirm the details of the fake press release, Moylan simply told them it was all kosher.
ONE EMAIL costs mining company $300 MEEELION • The Register.
Think W3 Limited was hacked in December 2012 in an attack that relied on what the ICO described as "insecure" coding on the website of its subsidiary business, Essential Travel Ltd. The unidentified hacker behind the attack siphoned off a total of 1,163,996 credit and debit card records (431K current and 733K expired).
"Cardholder details had not been deleted since 2006 and there had been no security checks or reviews since the system had been installed," according to a subsequent investigation into the incident by data privacy watchdogs at the Information Commissioner’s Office (ICO). Think W3 was found guilty of a "serious" breach of the DPA.
via Who has your credit card data? 1 million HOLIDAY-MAKERS' RECORDS exposed • The Register.
A Minnesota man and his two sons were asked to leave a Southwest Airlines flight after the man sent a tweet complaining about being treated rudely by a gate agent.
[…] a tweet that read “RUDEST AGENT IN DENVER. KIMBERLY S. GATE C39. NOT HAPPY @SWA.” […] after he boarded, an announcement came over the plane asking his family to exit the aircraft. Once at the gate, the agent said that unless the tweet was deleted, police would be called and the family would not be allowed back onboard.
via Minnesota man asked to leave Southwest flight after critical tweet | Reuters.
Little Nazi flight people. I think stewards feel self entitled and forget that their job is to actually help people.
The European Central Bank (ECB) said on Thursday there had been a breach of the security protecting a database serving its public website. This led to the theft of email addresses and other contact data left by people registering for events at the ECB.
via ECB: ECB announces theft of contact information.
In a court case in which the government (mr Plasterk) was taken to task for using NSA data – private information gotten through illegal means according to Dutch law – the NL courts have ruled that secret services can use this data freely, because “it’s important”. This is a bit like allowing evidence gained under torture. It may be illegal in NL, but hey – another person gave it to us and it’s really important, so let’s use it!
Another real problem is that this ruling allows the NL secret service to circumvent the checks and balances applying to the Dutch democracy by sending data to the US, or allowing the US to capture it, have it be analysed there and then returned to NL. In this way the AIVD can perform illegal data mining “legally”.
Rechter: Nederland mag NSA-data blijven gebruiken – IT Pro – Nieuws – Tweakers.
FossaMail is an Open Source, Mozilla Thunderbird-based mail, news and chat client for Windows, brought to you by the Pale Moon developer (and therefore not affiliated with the Mozilla Corporation). It is an optimized and reconfigured re-build of Mozilla Thunderbird ESR.
via FossaMail.
In an unbelievably sane move, the UK has accepted that piracy exists and that cutting people from the internet won’t work very well.
Geoff Taylor, chief executive of music trade body the BPI, said VCAP was about “persuading the persuadable, such as parents who do not know what is going on with their net connection.”
He added: “VCAP is not about denying access to the internet. It’s about changing attitudes and raising awareness so people can make the right choice.”
Britain just decriminalised online game piracy | VG247.
The change, the most dramatic policy shift since Japan set up its post-war armed forces 60 years ago, will widen Japan’s military options by ending the ban on exercising "collective self-defense", or aiding a friendly country under attack.
Abe’s cabinet adopted a resolution outlining the shift, which also relaxes limits on activities in U.N.-led peace-keeping operations and "grey zone" incidents short of full-scale war, Defence Minister Itsunori Onodera told reporters.
via Japan takes historic step from post-war pacifism, OKs fighting for allies | Reuters.
And now it’s arming up with UAV’s / drones – Global Hawks
The real story behind Japan’s drone boom
Design and build space ships, create an empire, explore the galaxy, fight invaders, trade, it has it all!
Deep Space Settlement – a 4X RTS.
Download 3d printer templates for all kinds of stuff from here.
Thingiverse – Digital Designs for Physical Objects.
De GEMMA Softwarecatalogus bevat het software-aanbod van ruim 130 ICT-leveranciers die zich committeren aan e-overheid standaarden. In de softwarecatalogus kunnen gemeenten eenvoudig hun eigen applicatieportfolio invoeren en een eigen applicatielandschap plotten. Gemeenten kunnen zoeken en kijken in elkaars applicatieportfolio om vervolgens ervaringen en kennis uit te wisselen.
Instructions and links to plans here!
3D Print Your Own Jet Engine – Imgur.
Thank you General Electric!
The ships will be 65,000 tonnes at full displacement – over three times the size of the current Invincible Class Aircraft Carriers.
Range; 8,000 to 10,000 nautical miles.
Each ship has two propellers which together will output 80MW of power – enough to run 1,000 family cars or 50 high speed trains.
56m from keel to masthead, which is four metres taller than Niagara Falls!
The distribution network on board will manage enough energy to power 300,000 kettles or 5,500 family homes.
Each ship has 1.5 million m2 of paintwork, which is 370 acres or slightly more than acreage of Hyde Park
Each ship’s two propellers will weigh 33 tonnes each – nearly two and half times as heavy as a double decker bus and one and half times as high.
Capable of a top speed in excess of 25 knots
80,000 tonnes of steel will be used in the construction of the two ships, three times that used in Wembley Stadium
Each of the two huge aircraft lifts can move two Joint Strike Fighters from the hangar to the flight deck in 60 seconds. They’re so powerful that together they could lift the entire ship’s crew.
Key Facts – Aircraft Carrier Alliance.
From 1972 onwards, until his retirement in 1984, he took extensive manuscript notes of many of the papers passing through his hands. Following his retirement he organised this material geographically and typed out systematic studies of KGB operations in different parts of the world in 10 volumes. He and his family and his archive were exfiltrated from the Soviet Union by the Secret Intelligence Service in 1992. Once in London, Mitrokhin continued to work on transcribing and typing his manuscript notes, producing a further 26 typed volumes, which provided the basis for the two volume book with Professor Christopher Andrew, "The Mitrokhin Archive" (Penguin, 1999). Vasiliy Mitrokhin died in January 2004.
The collection comprises manuscript notes, and the redacted and edited typescript copies of the original notes, of documents from the KGB archive. All documents are in Russian.
via Janus: The Papers of Vasiliy Mitrokhin.
