Dex Hex - Slashdot User

Comment Governments don't need to wait for Adobe (Score 1) 161

by Dex Hex on Friday November 04, 2016 @11:31AM (#53212889) Attached to: Adobe Is Working On 'Photoshop For Audio' That Will Let You Add Words Someone Never Said

What if this technology is already available and being used in combination with man-in-the-middle attacks for the modification of communications in real time? A state-sponsored malicious actor can even start wars between unsuspected countries. Governments don't need to wait for Adobe to write software for their cyberwar arsenals.

The only way to (try and) guard against this that I can think of is cryptographically signing and verifying all important communications, whether between country leaders or between corporations. Maybe this is necessary for personal communications too.

Submission + - Android Spyware Targets Business Executives (helpnetsecurity.com)

Submitted by Orome1 on Thursday November 03, 2016 @09:55AM

Orome1 writes: Researchers from mobile security outfit Skycure have recently analyzed a malicious app they found on an Android 6.0.1 device owned by a VP at a global technology company. The name of the malicious package is “com.android.protect”, and it comes disguised as a Google Play Services app. It disables Samsung’s SPCM service in order to keep running, installs itself as a system package to prevent removal by the user (if it can get root access), and also hides itself from the launcher. The spyware is able to collect chats and messages sent and received via SMS, MMS, and popular email and IM apps; record audio and telephone calls; collect pictures and take screenshots; collect contacts, browser histories, the contents of the calendar, and so on.

Submission + - Investigation into spyware-related political espionage case halted

Submitted by Anonymous Coward on Thursday November 03, 2016 @09:34AM

An anonymous reader writes: Reuter reports that Switzerland's attorney general has halted an investigation into suspected political espionage at a Geneva hotel, which was opened a month after talks on Iran's nuclear plans took place.

The reason for opening the investigation in the first place was the spyware discovered on hotel computers.

The attorney general's office said it was suspending proceedings because no evidence regarding the perpetrators' identities had been obtained.

Comment Class action lawsuit most definitely in order (Score 1) 95

by Dex Hex on Friday October 14, 2016 @03:37AM (#53074567) Attached to: Android Devices That Contain Foxconn Firmware May Have a Secret Backdoor

Only a huge payout will make companies lose their appetite for such "accidental" and "I-didn't-know-about-it" backdoors in the future.

Submission + - Private phone and chat conversations ended up in tech company

Submitted by Dex Hex on Friday September 30, 2016 @03:13PM

Dex Hex writes: The Volkstrant reports: "The private communications of thousands of Dutch citizens has fallen into the hands of the Australian technology company Appen. It concerns telephone and chat conversations from 2010 and 2011. According to telecom experts, the only explanation is that this communication was tapped by the British intelligence service GCHQ and was then handed over to Appen with the aim of improving software for converting speech into text."

Can you believe the arrogance?

Comment Link of particulate matter to dementia (Score 1) 115

by Dex Hex on Thursday September 29, 2016 @07:51AM (#52982613) Attached to: 92% of the World's Population Exposed To Unsafe Levels of Air Pollution: WHO

TFA correctly mentions cardiovascular diseases, stroke, chronic obstructive pulmonary disease and lung cancer, which often lead to death. It fails to mention the link to dementia, which can be a fate far worse than death.

Comment Re: Why is this news? (Score 2) 94

by Dex Hex on Friday August 26, 2016 @10:23AM (#52774569) Attached to: Facebook's WhatsApp Data Gambit Faces Federal Privacy Complaint

Serious businesses don't change the active contracts with their clients whenever they feel like it, without first discussing it with the rest of the affected parties in order to reach an agreement. This should be the normal practice for the ToS as well.

Comment Re:Those were marketing claims (Score 5, Interesting) 94

by Dex Hex on Friday August 26, 2016 @10:17AM (#52774543) Attached to: Facebook's WhatsApp Data Gambit Faces Federal Privacy Complaint

Indeed. Including the magic clause "[company] may rewrite the terms of service from time to time, and it's the users responsibility to check the website periodically [...]" solves all future problems.

I always believed that no court in the universe will find this valid. Are you sure it's allowed in the US?

Comment Re: Linux. (Score 1) 405

by Dex Hex on Tuesday August 23, 2016 @07:00AM (#52754273) Attached to: Ask Slashdot: How Will You Handle Microsoft's New 'Cumulative' Windows Updates?

A lady was recently awarded around 10K $ if I'm not mistaken. This was compensation for the windows 10 upgrade disrupting her work. 10K buys you plenty of macs.

Submission + - The coral die-off crisis is a climate crime and Exxon fired the gun (theguardian.com) 1

Submitted by mspohr on Wednesday August 17, 2016 @12:30PM

mspohr writes: An article published by Bill McKibben in The Guardian points the finger at Exxon for spreading climate change denial which led to lack of action to prevent widespread coral die-off.
"We know the biggest culprits now, because great detective work by investigative journalists has uncovered key facts in the past year. The world’s biggest oil company, Exxon, knew everything there was to know about climate change by the late 1970s and early 1980s. Its scientists understood how much and how fast it was going to warm, and how much damage that was going to do. And the company knew the scientists were right: that’s why they started “climate-proofing” their own installations, for instance building their drilling rigs to accommodate the sea level rise they knew was coming.

What they didn’t do was tell the rest of us. Instead, they – and many other players in the fossil fuel industry – bankrolled the rise of the climate denial industry, helping fund the “thinktanks” and front groups that spent the last generation propagating the phoney idea that there was a deep debate about the reality of global warming. As a result, we’ve wasted a quarter century in a phoney argument about whether the climate was changing."

Submission + - NSA worried about implications of leaked toolkits (businessinsider.com)

Submitted by wierd_w on Tuesday August 16, 2016 @05:41PM

wierd_w writes: According to business insider, the NSA is worried about the possible scope of information leaked from the agency, after a group calling themselves the "Shadow Brokers" absconded with a sizable trove of penetration tools and technical exploits, which it plans to sell on the black market.

Among the concerns, are worries that active operations may have been exposed. Business insider quotes an undisclosed source as stating the possibility of the loss of such security and stealth (eg privacy) has had chilling effects for the agency, as they attempt to determine the fullness and scope of the leak.

(Does anyone besides me feel a little tickled about the irony of the NSA complaining about chilling effects of possibly being monitored?)

Submission + - Snowden Speculates Leak of NSA Spying Tools Is Tied To Russian DNC Hack (arstechnica.com)

Submitted by Anonymous Coward on Tuesday August 16, 2016 @04:40PM

An anonymous reader writes: Two former employees of the National Security Agency—including exiled whistleblower Edward Snowden—are speculating that Monday's leak of what are now confirmed to be advanced hacking tools belonging to the US government is connected to the separate high-profile hacks and subsequent leaks of two Democratic groups. Private security firms brought in to investigate the breach of the Democratic National Committee and a separate hack of the Democratic Congressional Campaign Committee have said that the software left behind implicates hackers tied to the Russian government. US intelligence officials have privately said they, too, have high confidence of Russian government involvement. Both Snowden and Dave Aitel, an offensive security expert who spent six years as an NSA security scientist, are speculating that Monday's leak by a group calling itself Shadow Brokers is in response to growing tensions between the US and Russia over the hacks on the Democratic groups. As this post was being prepared, researchers with Kaspersky Lab confirmed that the tools belong to Equation Group, one of the most sophisticated hacking groups they've ever investigated. "Why did they do it?" Snowden wrote in a series of tweets early Tuesday morning. "No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack." In a brief post of his own, Aitel agreed that Russia is the most likely suspect behind both the Democratic hacks and the leaking of the NSA spying tools. He also said the NSA data was likely obtained by someone with physical access to an NSA secure area who managed to walk out with a USB stick loaded with secrets.

Submission + - Windows UAC Bypass Permits Code Execution (threatpost.com)

Submitted by msm1267 on Tuesday August 16, 2016 @04:01PM

msm1267 writes: A Windows UAC bypass has been publicly disclosed that not only bypasses the security feature meant to prevent unauthorized installs, but can be used to run code on compromised machines without leaving a trace on the hard disk.

The bypass relies on Event Viewer (eventvwr.exe), a native Windows feature used to view event logs locally or remotely. Researcher Matt Nelson said he figured out a way to use eventvwr to hijack a registry process, start Powershell and execute commands on Windows machines; he collaborated with fellow researcher Matt Graeber on a proof-of-concept exploit, which was tested against Windows 7 and 10. A report published today by Nelson said it would work against any version of the OS that implements UAC.

An attacker would already need to be on the machine to use this technique, Nelson said. The attack allows an admin user to execute code in a high-integrity context without requiring the user to approve the administrative action via the UAC pop-up.

Microsoft, the researcher said, does not consider UAC bypasses a security boundary worthy of a bulletin and patch. It's unclear how Microsoft will address this issue.

Comment Re:Try Linphone (Score 1) 237

by Dex Hex on Tuesday August 16, 2016 @05:39AM (#52710451) Attached to: Ask Slashdot: Are There Secure Alternatives To Skype?

Linphone looks good. How about trustworthy SIP public servers / providers? Do you have some in mind that also offer encryption?

Submission + - 1.4 Billion Android Devices Affected by Linux TCP Flaw (softpedia.com)

Submitted by Anonymous Coward on Monday August 15, 2016 @05:36PM

An anonymous reader writes: The security bug discovered in the Linux kernel's implementation of the TCP protocol also affects a large portion of the Android ecosystem, mobile security experts have discovered. CVE-2016-5696, the Linux TCP bug discovered last week, affects around 80 percent of all Android devices in use today, which is around 1.4 billion devices. All Android versions from version 4.4 (KitKat) and higher are affected. The reason is that this is the first Android version that featured the Linux kernel 3.6, the first version affected by the TCP flaw. Google said it was notified of the issue and is working on a patch.

Slashdot Top Deals