2019-01-01 00:00:00 ..
2019-08-18 13:49:50 UTC
2019-08-19 13:33:31 UTC
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
Phishing is still the most common way for cyber attackers to gain entry into networks. Whether it's crooks looking for financial gain or state-backed hacking operations engaging in cyber espionage, it almost always starts with a message designed to make someone click a link or give away sensitive information. Just one person falling victim can be enough to provide hackers with the foothold they need to gain access to the whole corporate network and the confidential information stored within.
But blaming the victim rarely solves anything – especially given how phishing emails can be so highly tailored towards victims, meaning it can be almost impossible to distinguish a real message from a spoofed one created as part of an attack.
"It's fairly easy for an attacker to get hold of an email address and pretend to be somebody," says Amanda Widdowson, cybersecurity champion for the Chartered Institute of Ergonomics & Human Factors and human factors capability lead for Thales Cyber & Consulting.
[...] "There's a power play going on in a lot of these emails. There's somebody impersonating a position of authority, of seniority, effectively saying don't ask questions, just get it done, which is effective," says Tim Sadler, CEO of email security provider Tessian.
"When people send spear-phishing emails, they're taking on the persona or identity of a trusted person. That personalisation makes it highly effective in terms of getting the target to comply with the request, pay the invoice, do what they need to do," he adds.
[...] "There's very little to let the person receiving the email know the person they're receiving it from is who they say they are. It's a little asymmetric, asking a person to do the hard bit, then making not life easy for them," says James Hatch, director of cyber services at BAE Systems.
This behavior isn't restricted to email either; there are times when banks, utilities, telecommunications and other service providers will call customers out of the blue, and then ask the customer to provide their personal security details to verify it's them, yet the customer has no way of identifying if the call is a hoax or not.
In August last year, the AFP obtained a warrant under section 3LA of the Crimes Act to unlock a gold-coloured Samsung phone found in the centre console of the man’s car when he was pulled over and searched.
The man supplied the password for a laptop also in the car, and a second phone did not have a pin to unlock, but when asked about the gold phone, he answered “no comment” and would not provide a password for the phone.
He later claimed it wasn’t his phone and he didn’t know the password to access it.
The federal court last month overturned the magistrate’s decision to grant a warrant forcing the man to provide assistance in unlocking the phone.
The decision was overturned on several grounds, notably judge Richard White found that the Samsung phone was not a computer or data storage device as defined by the federal Crimes Act.
The law does not define a computer, but defines data storage devices as a “thing containing, or designed to contain, data for use by a computer”.
White found that the phone could not be defined as a computer or data storage device.
“While a mobile phone may have the capacity to ‘perform mathematical computations electronically according to a series of stored instructions called a program’, it does not seem apt to call such an item a computer,” he said.
“Mobile phones are primarily devices for communicating although it is now commonplace for them to have a number of other functions ... Again, the very ubiquity of mobile phones suggests that, if the parliament had intended that they should be encompassed by the term ‘computer’ it would have been obvious to say so.”
The same artificial intelligence technique typically used in facial recognition systems could help improve prediction of hailstorms and their severity, according to a new study from the National Center for Atmospheric Research (NCAR).
Instead of zeroing in on the features of an individual face, scientists trained a deep learning model called a convolutional neural network to recognize features of individual storms that affect the formation of hail and how large the hailstones will be, both of which are notoriously difficult to predict.
The promising results, published in the American Meteorological Society's Monthly Weather Review, highlight the importance of taking into account a storm's entire structure, something that's been challenging to do with existing hail-forecasting techniques.
"We know that the structure of a storm affects whether the storm can produce hail," said NCAR scientist David John Gagne, who led the research team. "A supercell is more likely to produce hail than a squall line, for example. But most hail forecasting methods just look at a small slice of the storm and can't distinguish the broader form and structure."
[...] Current computer models are limited in what they can look at because of the mathematical complexity it takes to represent the physical properties of an entire storm. Machine learning offers a possible solution because it bypasses the need for a model that actually solves all the complicated storm physics. Instead, the machine learning neural network is able to ingest large amounts of data, search for patterns, and teach itself which storm features are crucial to key off of to accurately predict hail.
For the new study, Gagne turned to a type of machine learning model designed to analyze visual images. He trained the model using images of simulated storms, along with information about temperature, pressure, wind speed, and direction as inputs and simulations of hail resulting from those conditions as outputs. The weather simulations were created using the NCAR-based Weather Research and Forecasting model (WRF).
The machine learning model then figured out which features of the storm are correlated with whether or not it hails and how big the hailstones are. After the model was trained and then demonstrated that it could make successful predictions, Gagne took a look to see which aspects of the storm the model's neural network thought were the most important. He used a technique that essentially ran the model backwards to pinpoint the combination of storm characteristics that would need to come together to give the highest probability of severe hail.
In general, the model confirmed those storm features that have previously been linked to hail, Gagne said. For example, storms that have lower-than-average pressure near the surface and higher-than-average pressure near the storm top (a combination that creates strong updrafts) are more likely to produce severe hail. So too are storms with winds blowing from the southeast near the surface and from the west at the top. Storms with a more circular shape are also most likely to produce hail.
[...] The next step for the newer machine learning model is to also begin testing it using storm observations and radar-estimated hail, with the goal of transitioning this model into operational use as well. Gagne is collaborating with researchers at the University of Oklahoma on this project.
"I think this new method has a lot of promise to help forecasters better predict a weather phenomenon capable of causing severe damage," Gagne said. "We are excited to continue testing and refining the model with observations of real storms."
Submitted via IRC for SoyCow2718
Kaspersky antivirus solutions injected in the web pages visited by its users an identification number unique for each system. This started in late 2015 and could be used to track a user's browsing interests.
Versions of the antivirus product, paid and free, up to 2019, displayed this behavior that allows tracking regardless of the web browser used, even when users started private sessions.
Scripts on a website can read the HTML source and glean the Kaspersky identifier, which Eikenberg determined to remain unchanged on the system.
"In other words, any website can read the user's Kaspersky ID and use it for tracking. If the same Universally Unique Identifier comes back, or appears on another website of the same operator, they can see that the same computer is being used."
The purpose of the script is perfectly legitimate. One of its uses is to warn users which search results are dangerous to follow by applying a corresponding checkmark next to them. Kaspersky is not the only antivirus to do this.
Kaspersky acknowledged the issue and that it could be leveraged by third parties to "potentially compromise user privacy by using unique product id."
The company released a patch in early June. According to an advisory from July 11, an attacker could take advantage of this through a script deployed on a server they control.
Before reporting the problem to Kaspersky, Eikenberg tested the potential of his discovery by spending about half an hour creating a website that automatically copied the visitors' Kaspersky IDs.
Eikenberg argues that if he could find this issue, which is now identified as CVE-2019-8286, it is possible that marketers, malicious actors, and companies specializing in profiling website visitors have discovered this user data leak years ago and exploited it; there is no evidence to support this, though.
Also at ArsTechnica
Submitted via IRC for SoyCow7671
Multiple vulnerabilities were found by security researchers in 4G routers manufactured by several companies, with the flaws exposing users to information leaks and command execution attacks.
Pen Test Partners researcher 'G Richter' shared the flaws found in 4G devices during this year's DEF CON hacking conference, saying that "a lot of existing 4G modems and routers are pretty insecure."
"We found critical remotely-exploitable flaws in a selection of devices from variety of vendors, without having to do too much work," Richter said.
"Plus, there’s only a small pool of OEMs working seriously with cellular technologies, and their hardware (& software dependencies) can be found running in all sorts of places."
The worst part is that the security flaws were discovered after examining a limited set of 4G routers, covering the entire prices spectrum, from consumer-grade routers and dongles to very pricey devices designed to be used in large enterprise networks.
All the security flaws found were reported to the vendors who fixed most of the discovered issues before the Pen Test Partners report was published but, unfortunately, the disclosure process didn't go as smooth as expected.
On an August morning in Paris, when most of the city is in an advanced state of summer torpor, hundreds of young men and women are sweating it out in the third week of a gruelling month-long endurance test.
While the trial is called the "piscine" (swimming pool) and towels dot the ultra-modern building, the contest is not about physical prowess.
Welcome instead to the tryouts for Ecole 42, a free computer coding college founded by French telecoms billionaire Xavier Niel in 2013 to help young people find work in IT or, better still, become their own bosses.
Named after the offbeat answer to "the ultimate question of life" in Douglas Adam's comic classic "The Hitchhiker's Guide To The Galaxy," the ultra-modern college, with neither teachers nor conventional tuition, quickly gained cult status.
Around 40,000 people apply each year for one of roughly 1,000 spots on the programme.
Around 3,000 make it to the daunting "piscine" stage, in which the candidates spend 10 to 16 hours a day over four weeks completing projects and doing exams.
Submitted via IRC for SoyCow7671
In a post to the "Nmap Announce" mailing list, developer Gordon Lyon announced the release of Nmap 7.80 while attending the DEF CON security conference.
"I'm here in Las Vegas for Defcon and delighted to release Nmap 7.80. It's the first formal Nmap release in more than a year, and I hope you find it worth the wait!"
With this release, Nmap is updated to version 7.80 and contains numerous improvements to the Npacp[sic] packet capture library, which provides better support for Windows 10 compared to the previous Winpcap library.
[...] Also included in Nmap 7.80 are eleven additional Nmap Scripting Engine (NSE) scripts that were contributed by 8 different authors.
This past Wednesday (and about 900 million years ago), for the first time according to scientists at Australian National University (ANU) gravitational-wave discovery machines detected a black hole swallowing a neutron star
Professor Susan Scott, from the ANU Research School of Physics, said the achievement completed the team's trifecta of observations on their original wish list, which included the merger of two black holes and the collision of two neutron stars.
"About 900 million years ago, this black hole ate a very dense star, known as a neutron star, like Pac-man—possibly snuffing out the star instantly," said Professor Scott, Leader of the General Relativity Theory and Data Analysis Group at ANU and a Chief Investigator with the ARC Centre of Excellence for Gravitational Wave Discovery (OzGrav).
Professor Scott notes that there is an alternative, but unlikely, possibility as well
there is the slight but intriguing possibility that the swallowed object was a very light black hole—much lighter than any other black hole we know about in the Universe. That would be a truly awesome consolation prize.
[...] The ANU SkyMapper Telescope responded to the detection alert and scanned the entire likely region of space where the event occurred, but we've not found any visual confirmation.
The scientists continue to analyze the data and search for the event in the sky and expect to publish the final results once complete.
Also at c|net.
Apple has reportedly committed an eye-popping $5 billion dollars more to its original video content budget in a bid to better compete with Amazon, Disney, HBO, Netflix, and Hulu, according to a new report from the Financial Times.
The company had originally set aside $1 billion for former Sony Pictures Television executives Jamie Erlicht and Zack Van Amburg to court well-known creators and Hollywood stars to its platform. According to the FT, that number has jumped to $6 billion as more shows have moved through production and budgets have ballooned.
One production — a high-profile comedy-drama about morning television featuring Jennifer Aniston, Reese Witherspoon, and Steve Carrell called The Morning Show — has cost Apple hundreds of millions of dollars, the FT reports. Separately, Bloomberg reports that Apple is spending $300 million on just the first two seasons of the show.
That makes it more expensive on a per episode basis than the final season of HBO's Game of Thrones, which enjoyed a budget of roughly $15 million per episode and ranks as the most expensive season of television ever.
The bitcoin scam worked — almost too well. In 2012, back when almost no one had heard of the digital coin, he’d started modestly, asking people he found on the dark web for $200 or $300 worth of bitcoin as a way to test out his investment scheme. He told them he could exploit the then huge price differences between various bitcoin exchanges and promised huge rewards. But once they sent the funds, he vanished into the ether to find his next stooge.
There was a certain genius criminal irony to it: He would hype an untraceable anonymous digital currency, then get paid in it.
[...] But he had a problem. It was getting harder to turn the most overhyped currency since the tulip into actual cash.
[...] All of this means that people like our guy who are very rich on paper (or, more accurately, on the blockchain) must devise highly complex methods to convert their ill-gotten gains, or risk losing quite a bit of value, said Tom Robinson, co-founder of the blockchain analytics company Elliptic. “Funds from illicit activities are just lying dormant, and they are waiting to find effective means of cashing out,” he said.
Yet if we know anything about criminals, it’s that they’re resourceful. As financial institutions and regulators the world over grapple with bitcoin’s adaptation to mainstream use, some of these criminals have devised ingenious hacks for converting their money; still others are turning to alternative coins as they seek greater privacy for their transactions and to stay ahead of the law.
Submitted via IRC for SoyCow2718
Most employees have some awareness about malware attacks. Many probably know that you should never open an executable file from a stranger or install a thumb drive found in the parking lot, for example. But videos, or links to videos, can deliver malware just like that executable or thumb drive. Do your employees know this too? And even if they do know it, will they be tricked into chasing malicious videos anyway?
Here's why it's time to start focusing on video malware.
[...] The video habit (or addiction) in our culture has paved the way for video malware — malicious code embedded into video files. Video malware is part of a larger trend toward more effective stealth in the delivery of malware. It's also the latest, and probably the most interesting, example of malicious steganography — the embedding of something secret inside some other medium. When the medium is an executable file, it's called stegware.
Malware has been embedded in still-image file formats, such as JPG, PNG and BMP formats, for years. Now, it appears that video malware is having a moment.
Submitted via IRC for AndyTheAbsurd
The proposal is part of Sanders' broader plan for police reform.
Wait, they used WOODY HARRELSON as a template? And I'm not sure why facial recognition is the focus here, when I feel that the end of providing military equipment to police forces is much more impactful a change.
The United Kingdom says it will take steps to halt the spread of misinformation about vaccines as a result of losing its "measles-free" status after the highly infectious disease was declared eliminated in the country three years ago.
Measles, which is almost entirely preventable with two doses of vaccine, is making a comeback globally. In the first half of the year, there have been almost three times as many cases as the same time last year. Cases globally are at the highest level since 2006, according to the World Health Organization.
"After a period of progress where we were once able to declare Britain measles free, we've now seen hundreds of cases of measles in the UK this year. One case of this horrible disease is too many, and I am determined to step up our efforts to tackle its spread," Prime Minister Boris Johnson said in a statement.
"The UK generally has a great record on fighting measles, but for the first time we're suddenly going in the wrong direction," Johnson said on a visit to a hospital in Truro, south-west England. "I'm afraid people have just been listening to that superstitious mumbo-jumbo on the internet, all that anti-vax stuff, and thinking that the MMR vaccine is a bad idea. That's wrong, please get your kids vaccinated."
Submitted via IRC for Bytram
The thick scent of smoke hung in the midday air when a trail along the Kings River opened up to an ominous scene: flames in the trees and thick gray smoke shrouding canyon walls.
Firefighters were on the job. In fact, they had started the blaze that chewed through thick ferns, blackened downed trees and charred the forest floor. The prescribed burn—a low-intensity, closely managed fire—was intended to clear out undergrowth and protect the heart of Kings Canyon National Park from future wildfires that are growing larger and more frequent amid climate change.
The tactic is considered one of the best ways to prevent the kind of catastrophic destruction that has become common from wildfires, but its use falls woefully short of goals in the U.S. West. A study published in the journal Fire in April found prescribed burns on federal land in the last 20 years across the West has stayed level or fallen despite calls for more.
Prescribed fires are credited with making forests healthier and stopping or slowing the advance of some blazes. Despite those successes, there are plenty of reasons they are not set as often as officials would like, ranging from poor conditions to safely burn to bureaucratic snags and public opposition.
After a wildfire last year largely leveled the city of Paradise and killed 86 people, the state prioritized 35 brush and other vegetation-reduction projects that could all involve some use of intentional fire, said Mike Mohler, deputy director of the California Department of Forestry and Fire Protection.
Despite the push for more burns, there are disastrous reminders of prescribed fires blowing out of control—such as a 2012 Colorado burn that killed three people and damaged or destroyed more than two dozen homes.
Seconds before a memory pops up, certain nerve cells jolt into collective action [DOI: 10.1126/science.aax1030] [DX]. The discovery of this signal, described in the Aug. 16 Science, sheds light on the mysterious brain processes that store and recall information.
Electrodes implanted in the brains of epilepsy patients picked up neural signals in the hippocampus, a key memory center, while the patients were shown images of familiar people and places, including former President Barack Obama and the Eiffel Tower in Paris. As the participants took in this new information, electrodes detected a kind of brain activity called sharp-wave ripples, created by the coordinated activity of many nerve cells in the hippocampus.
Later blindfolded, the patients were asked to remember the pictures. One to two seconds before the participants began describing each picture, researchers noticed an uptick in sharp-wave ripples, echoing the ripples detected when the subjects had first seen the images.