70489171
submission
itwbennett writes:
New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users’ PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo. PrivDog is marketed as a solution to protect users against malicious advertising without completely blocking ads. The program is designed to replace potentially bad ads with safer ones that are reviewed by a compliance team from a company called Adtrustmedia. However, according to people who recently looked at PrivDog’s HTTPS interception functionality, consumers might actually lose when it comes to their system’s security if they use the product.
70428861
submission
itwbennett writes:
U.S. and U.K. intelligence agencies reportedly hacked into the computer network of giant SIM card maker Gemalto and took smartphone encryption keys potentially used by customers of hundreds of mobile phone carriers worldwide. According to a story in The Intercept, the hack, which was detailed in a 2010 GCHQ document leaked by former NSA contractor Edward Snowden, allowed the two spy agencies to monitor a large portion of the world’s mobile phone voice and data traffic.
70428693
submission
itwbennett writes:
In October 2013 Cryptography professor Matthew Green and security researcher Kenneth White launched a project to perform a professional security audit of TrueCrypt, partly prompted by the leaks from Edward Snowden that suggested the NSA was engaged in efforts to undermine encryption. Their report, published in April 2014, covered the first phase of the audit. Phase two was supposed to involve a formal review of the program’s encryption functions, with the goal of uncovering any potential errors in the cryptographic implementations—but then the unexpected happened. In May 2014, the developers of TrueCrypt, who had remained anonymous over the years for privacy reasons, abruptly announced that they were discontinuing the project and advised users to switch to alternatives. Now, almost a year later, the project is back on track.
70411793
submission
jfruh writes:
Hunter Moore, the infamous creator of Is Anybody Up, a site that posted nude photos that had been pilfered from people's email accounts, is facing prison time. He pled guilty to unauthorized access to a protected computer for private financial gain, and will serve a minimum prison sentence of two years in prison. But the legality of the act of posting nude photos online without the subjects' permission is still up in the air.
70384605
submission
itwbennett writes:
A week ago, the revelation that Samsung collects words spoken by consumers when they use the voice recognition feature in their smart TVs enraged privacy advocates, since according to Samsung’s own privacy policy those words can in some cases include personal or sensitive information. Following the incident, David Lodge, a researcher with a U.K.-based security firm called Pen Test Partners, intercepted and analyzed the Internet traffic generated by a Samsung smart TV and found that Samsung does send captured voice data to a remote server using a connection on port 443, a port typically associated with encrypted HTTPS, but that the data was not encrypted. 'It’s not even HTTP data, it’s a mix of XML and some custom binary data packet,' said Lodge in a blog post.
70383139
submission
itwbennett writes:
A Forbes article last month explored some of the potentially darker sides of open data — from creating a new kind of digital divide to making an argument in favor of privatizing certain government services. But how real are these downsides of open data? The World Wide Web Foundation’s Open Data Program Manager Jose Alonso is unconcerned, telling ITworld's Phil Johnson via email that the WWWF 'believes there is no substantial evidence yet that the availability of Open Data leads to the marketisation of public services or public spending cuts.' But Ben Wellington, a professor in the City & Regional Planning program at the Pratt Institute in Brooklyn, New York and author of the popular blog I Quant NY, takes a more cautious stance, acknowledging that there are some real concerns that may call for regulation. But, at least for now, 'there’s a lot more innovation and positive things coming out than these corner cases,' says Wellington.
70381485
submission
jfruh writes:
There were a lot of rumored features of the Xbox One that vanished after public outcry — that it would need an always-on Internet connection, for instance. But another rumor from that era was that every Xbox One sold would include a dev kit that would allow anyone to create games — and it looks like this is one dream that might be coming true soon.
70381443
submission
alphadogg writes:
Now more than ever, the development of the Linux kernel is a matter for the professionals, as unpaid volunteer contributions to the project reached their lowest recorded levels in the latest “Who Writes Linux” report, http://www.linuxfoundation.org... which was released today. According to the report, which is compiled by the Linux Foundation, just 11.8% of kernel development last year was done by unpaid volunteers – a 19% downturn from the 2012 figure of 14.6%. The foundation says that the downward trend in volunteer contributions has been present for years.
70371027
submission
itwbennett writes:
Security company CrowdStrike said it found similarities between the malware used against Sony and a piece of destructive code deployed in 2013 by a group that has already been linked to several attacks on South Korea and the U.S. Parts of the code used in each attack are almost identical in their structure and functionality, CrowdStrike CTO Dmitri Alperovitch said during a webcast Tuesday in which he described how the Sony attack was carried out. What’s more, he said, the malware used in both attacks contains the same typographical error in the same place.
70370877
submission
itwbennett writes:
A Russian man accused of high-profile cyberattacks on Nasdaq, Dow Jones, Heartland Payment Systems and 7-Eleven has been extradited to the U.S. and appeared in court in Newark, New Jersey, Tuesday. Vladimir Drinkman, 34, of Syktyykar and Moscow, Russia, was charged for his alleged role in a data theft conspiracy that targeted major corporate networks and stole more than 160 million credit card numbers, the U.S. Department of Justice said in a press release. Drinkman appeared Tuesday in U.S. District Court for the District of New Jersey and entered a plea of not guilty to 11 counts he faces. His trial is scheduled to begin in April.
70361159
submission
mrspoonsi writes:
The US government has developed spyware that invades the firmware of hard drives and eavesdrops on everything the user does. The software has been found on the computers around the world. The latest spyware software was discovered by the Russian computer security company, Kaspersky Lab, which found computers of government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists were infected. The software was found in 30 countries, including Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. But only a few high-valued computers were infected. The firmware of hard drives is highly valued among spies and hackers as any malicious software that is stored there runs automatically every time a computer is turned on and the software is near impossible to remove, even when the hard drive is wiped completely. The spyware software works on most major hard drive manufacturers, including Western Digital, Seagate, Toshiba, IBM, Micron and Samsung.
70334135
submission
itwbennett writes:
'Japanese mobile carrier SoftBank introduced a talking household machine called Pepper last year, and it’s now hooking up with Watson, IBM’s artificial intelligence platform,' reports IDG News Service's Tim Hornyak. But don't expect the cute robot to suddenly become useful. Pepper was designed to convey emotion, not to perform tasks, but with Watson on board, Pepper still faces communication challenges. 'Watson requires a degree of robustness in voice recognition that Pepper lacks,' Osaka University roboticist Hiroshi Ishiguro, known for his extremely lifelike android-style humanoid robots, said in an email. 'SoftBank and IBM are planning to use Watson with Pepper, but they haven’t specified how,' says Hornyak.
70333545
submission
itwbennett writes:
Jo Seong-jin, the head of LG’s home appliance division, was indicted Sunday by prosecutors in Seoul for allegedly damaging Samsung Electronics’ washing machines before the IFA electronics show in Berlin last September. The company says it was his regular practice to test the rival company’s machines, something he has done while working for LG for the past 38 years, and has released closed-circuit television footage in his defense showing him testing Samsung products including washing machines, dish washers and refrigerators. Jo and two other employees are charged with vandalism, defamation and obstruction of business.
70323839
submission
An anonymous reader writes:
In an attempt to bring order to increasingly chaotic skies, the Federal Aviation Administration on Sunday proposed long-awaited rules on the commercial use of small drones, requiring operators to be certified, fly only during daylight and keep their aircraft in sight. The rules, though less restrictive than the current ones, appear to prohibit for now the kind of drone delivery services being explored by Amazon, Google and other companies, since the operator or assigned observers must be able to see the drone at all times without binoculars. But company officials believe the line-of-sight requirement could be relaxed in the future to accommodate delivery services.
70320583
submission
itwbennett writes:
A still-active cybercriminal gang, whose members are suspected to be from Russia, Ugraine, other parts of Europe and China, has stolen up to a $1 billion from banks in at least 25 countries since 2013, Kaspersky Lab said Sunday. The gang infiltrated networks with malware and spied on employees’ computers to facilitate large wire transfers.
