102019088
submission
Trailrunner7 writes:
Twitter has something of a bot problem. Anyone who uses the platform on even an occasional basis likely could point out automated accounts without much trouble. But detecting bots at scale is a much more complex problem, one that a pair of security researchers decided to tackle by building their own classifier and analyzing the characteristics and behavior of 88 million Twitter accounts.
Using a machine learning model with a set of 20 distinct characteristics such as the number of tweets relative to the age of the account and the speed of replies and retweets, the classifier is able to detect bots with about 98 percent accuracy. The tool outputs a probability that a given account is a bot, with anything above 50 percent likely being a bot. During their research, conducted from May through July, Jordan Wright and Olabode Anise of Duo Security discovered an organized network of more than 15,000 bots that was being used to promote a cryptocurrency scam. The botnet, which is still partially active, spoofs many legitimate accounts and even took over some verified accounts as part of a scheme designed to trick victims into sending small amounts of the cryptocurrency Ethereum to a specific address.
Unlike most botnets, the Ethereum network has a hierarchical structure, with a division of labor among the bots. Usually, each bot in a network performs the same task, whether that’s launching a DDoS attack or mining Bitcoin on a compromised machine. But the Ethereum botnet had clusters of bots with a three-tier organization. Some of the bots published the scam tweets, while others amplified those tweets or served as hub accounts for others to follow. Wright and Anise mapped the social media connections between the various accounts and looked at which accounts followed which others to create a better picture of the network.
Anise and Wright will discuss the results of their research during a talk at the Black Hat USA conference on Wednesday and will release their detection tool as an open source project that day, too.
102018856
submission
schwit1 writes:
The Navy’s first nuclear-powered aircraft carrier, the Enterprise was commissioned in 1961, and built at a cost of $3.9 billion, in current dollars.
The Enterprise was the first and only Enterprise-class carrier ever built, and the longest naval vessel ever constructed. The carrier sailed more than 1 million miles over 51 years of service.
Since she was decommissioned last year, the Enterprise has been awaiting strip-down and dismantling at Puget Sound Naval Shipyard in Washington state.
Now, the GAO warns that the ‘unprecedented’ undertaking of dismantling and disposing of the ship could cost between $1 billion and $1.55 billion.
Under the current plan, the work on the ship’s nuclear components, including the eight nuclear reactors that powered the carrier, is to be carried out by Navy workers at the Puget Sound Shipyard, with the non-nuclear components handled by a private contractor.
CVN 65 was the eighth ship to bear the name Enterprise and the name will live on, with CVN 80.
101127640
submission
Trailrunner7 writes:
A new bill that will bear some similarities to Europe's new General Data Protection Regulation (GDPR) is on the horizon, legislation that could alter how businesses treat users' private data.
Sen. Richard Blumenthal (D-Conn.) said he plans to introduce a bill soon that will include what he called a “privacy bill of rights”, based in part on GDPR, a comprehensive privacy and breach-notification framework that went into effect late last month. One of the key elements of GDPR is its requirement that users must give consent for their data to be shared publicly, and they can revoke that consent whenever they choose. Blumenthal said that there are so many privacy threats right now that most people don’t even have a handle on what they are.
“The way to begin the course ahead is to alert the American people to what those threats are,” he said during a hearing of the Senate Committee on Commerce, Science, and Transportation.
100541044
submission
Trailrunner7 writes:
When seven young men from Boston wearing borrowed or newly purchased suits walked into a Senate hearing room in May 1998 to talk about the emerging threats to the world’s computer networks, the Internet as we think of it today was just stumbling out of the cave on shaky legs, blinking at the bright lights. Few people--and almost none in Washington--understood the fragility and vulnerability of this network. But when those men walked out of the hearing a couple of hours later, it was painfully clear to everyone in the room that Internet and computer security needed to be a national priority.
The men who sat at the witness table in front of the Senate Committee on Governmental Affairs were members of the L0pht hacker group and they were not there on a lark. They appeared by invitation, driving down I-95 in a rented van, making an unscheduled and somehow-not-disastrous accidental pit stop at the NSA headquarters in Maryland. When they told the members of the committee that the Internet’s weaknesses were manifest and had serious national security implications, they spoke with the authority that comes from experience. They had probed, tested, and broken the software and protocols that ran the network and they knew what was possible.
They knew and they shared that knowledge, hoping it would make a difference.
“We were the hackers using our outsider, attacker perspective to try to make changes,” Chris Wysopal, CTO of CA Veracode and one of the L0pht members who testified that day 20 years ago, said during a panel in Washington Tuesday that brought four of the members back together: Cris Thomas, Wysopal, Peiter Zatko, and Joe Grand.
99849019
submission
Trailrunner7 writes:
In the summer of 2008, security researcher Dan Kaminsky disclosed how he had found a huge flaw in the Internet that could let attackers redirect web traffic to alternate servers and disrupt normal operations. Kaminsky found a fundamental design flaw in DNS that made it possible to inject incorrect information into the nameserver's cache, or DNS cache poisoning. In this case, if an attacker crafted DNS queries looking for sibling names to existing domains, such as 1.example.com, 2.example.com, and 3.example.com, while claiming to be the official "www" server for example.com, the nameserver will save that server IP address for “www” in its cache.
His find resulted in a secret, emergency meeting of dozens of security and networking experts at Microsoft headquarters in Redmond. The group eventually came up with a temporary fix, one that's still in place. This is the story of how it all went down, in Kaminsky's own words.
99307931
submission
Trailrunner7 writes:
There is a hidden malware revolution going on under the covers of millions of browsers, one that feels both familiar and fresh.
Attackers have begun moving away from what has been their most reliable revenue-generator in recent years--ransomware--and toward the green field of malicious cryptomining, a tactic that offers faster payouts for less work. Malicious cryptomining, sometimes known as cryptojacking, is a natural evolution of the cryptocurrency boom and it represents a clear opportunity for cybercriminals who already have established infrastructures and decent skill sets.
“This is riding on the coattails of ransomware, but ransomware requires people to install it and then eventually pay. But monetizing cryptomining is easier because the mining goes on in the background,” said Paul Burbage, a senior malware researcher at Flashpoint.
“It’s a quicker return on investment. With ransomware the attackers have to worry about moving the coins around. Now, they’re generating a pretty solid anonymous cryptocurrency they can put right into their pockets.”
98610273
submission
Trailrunner7 writes:
In 1992, the hacker scene in Boston was thriving. The city, along with Cambridge, its funkier neighbor across the river, had been ground zero for many of the technologies and companies that helped lay the foundation of the Internet in the 1970s and 1980s, and as the 1990s dawned, a new generation of free thinkers, coders, tinkerers, and engineers was emerging. This was the first generation with easy access to personal computers and many of the people who emerged from the Boston scene had spent their formative years teaching themselves how to write code and taking apart early IBM PCs, Apple Macintoshes, VAX machines, and whatever other hardware they could get their hands on.
With the web still several years away from taking over, hackers and hobbyists relied on BBS boards for communication and to trade tools, techniques, and information. It was on boards such as The Works that some of the key figures in the Boston scene first came together. Later, the local 2600 meetings became the center of gravity for much of the community, which was growing quickly by the early 1990s. The meetings brought together the disparate threads of the community: professional coders, engineers, self-taught developers, hackers, college students, and even some high school kids.
Out of that mix emerged a small, loosely connected group of hackers that would help shape the future of the hacker scene and go on to define the security industry as we know it today. Over time, the group included Count Zero, White Knight, Brian Oblivion, Golgo 13, Weld Pond, Silicosis, Space Rogue, Kingpin, Mudge, John Tan, Dildog, and Stefan Von Neumann.
That group became known as the L0pht, one of the more influential hacker crews of the last 25 years. They were the varsity. And this is their story, in four parts.
93380721
submission
dryriver writes:
The BBC reports: "Whole streets in Texas are underwater, and social media has filled with images of clumps of floating fire ants, massed together in a structure on the surface. People are warned not to touch the ants, as they can get agitated and cover a person in dangerous stings. Entomologists say the floating rafts are normal behavior after the ants' underground homes get flooded out. In fact it's something they did routinely in the South American floodplains they originated in. Each raft can contain as many as 100,000 individual ants, which use their waxy, water-resistant bodies to link together around their queen as they travel in search of a new place to create the tunnels and chambers that make up their nests. But the ants on the bottom of the raft have not, as you might think, been sacrificed for the greater good of the queen. They are still alive. A system of air pockets keeps them able to take in oxygen through the air tubes on their bodies — the same way all insects breathe. 'All insects float,' Prof Jim Hardie of the Royal Entomological Society told the BBC. 'The ones at the bottom are properly fine."'
93374703
submission
chicksdaddy writes:
Patch or hack? That's the question the FDA says that doctors and patients need to weigh before they apply a (now) FDA-approved patch from St. Jude Medical (Abbott) for six implantable pacemakers.
In a safety warning published on Tuesday (https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm), the FDA said that patients using any of six pacemaker and CRT-P (cardiac resynchronization therapy pacemaker) devices manufactured by St. Jude Medical should consider applying a software update to fix the security holes, some of which could cause harm to patients.
“Patients and their health care providers (should) discuss the risks and benefits of the cybersecurity vulnerabilities and the associated firmware update designed to address such vulnerabilities at their next regularly scheduled visit,” the FDA said.
The risks associated with applying the patch are low. Abbott and FDA said there is a .003 percent chance of "complete loss of device functionality" and a .161 percent chance that the device will lose its currently programmed device settings. However, the risks associated with hacking are also characterized as remote. In a letter to physicians (https://www.sjm.com/~/media/galaxy/hcp/resources-reimbursement/technical-resources/product-adviseries-archive/cybersecurity-pacemaker-firmware/pacemaker-firmware-update-doctor-letter-aug2017-us.pdf), Abbott — citing the Department of Homeland Security — said that only a "highly complex" attack could compromise the devices. However, that runs contrary to statements by the firm MedSec, which analyzed the St. Jude devices (https://securityledger.com/2016/08/the-big-short-alleged-security-flaws-fuel-bet-against-st-jude-medical/) and found that many attacks — though they would require physical proximity to the device — would not be difficult to carry out and could cause harm to patients.
So, who to believe?
92946263
submission
Trailrunner7 writes:
Police in Ukraine have arrested a 51-year-old man in connection with spreading the notorious Petya ransomware earlier this summer.
In their statement, the Ukraine Cyberpolice did not say that the man was accused of creating Petya, only that he allegedly helped spread it. The outbreak of a ransomware connected to Petya in June was centered in Ukraine and most of the corporate victims of it were in that country. The ransomware in that campaign, known as NotPetya, also had the ability to wipe the master boot record on infected machines and could spread over networks.
Ukrainian officials searched the residence of the suspect arrested this week and said they found computers that were used to help spread Petya.
92849291
submission
turkeydance writes:
A very unique USAF surveillance aircraft has been flying highly defined circles over Seattle and its various suburbs for nine days now. Nobody at the DoD seems to know who the aircraft belongs to or what exactly it is doing flying so many missions over the Seattle area. But based on its visibly exotic configuration, and information collected by open source flight tracking websites, we can get a good idea of its capabilities and guess as to what it’s up to.
92830537
submission
Trailrunner7 writes:
The FBI’s latest biometric database, which contains a host of identifying information from a wide range of sources, will be exempt from many of the restrictions of the Privacy Act.
In a final rule published this week by the Department of Justice, the FBI announced that the Next Generation Identification system would not be subject to the Privacy Act. That means that even people whose information is contained in the database will not be able to request data on it. The NGI system is a law enforcement database, but it contains records from a variety of non-law enforcement sources. It has fingerprints and other biometric identifiers from some employment records, humanitarian and relief efforts, and from some foreign sources. The FBI last year announced that it was seeking to exempt the NGI from the Privacy Act, arguing that opening it up to public inquiries would harm national security.
92588521
submission
chicksdaddy writes:
Amid increasing concerns about cyber threats to healthcare environments, a global network of labs will test the security of medical devices, according to an announcement on Monday by a consortium of healthcare industry firms, universities and technology firms, The Security Ledger reports. (https://securityledger.com/2017/07/exclusive-whistl-labs-will-be-cyber-range-for-medical-devices/)
The “World Health Information Security Testing Labs (or “WHISTL”) will adopt a model akin to the Underwriters Laboratory, which started out testing electrical devices, and focus on issues related to cyber security and privacy, helping medical device makers “address the public health challenges” created by connected health devices and complex, connected healthcare environments, according to a statement by The Medical Device Innovation, Safety and Security Consortium (http://www.mdiss.org/).
“MDISS WHISTL facilities will dramatically improve access to medical device security know-how while protecting patient privacy and the intellectual property of our various stakeholders,” said Dr. Nordenberg, MD, Executive Director of MDISS.
The labs will be one of the only independent, open and non-profit network of labs specifically designed for the needs of medical field, including medical device designers, hospital IT, and clinical engineering professionals. Experts will assess the security of medical devices using standards and specifications designed by testing organizations like Underwriters Labs. Evaluations will include application security testing like “fuzzing,” static code analysis and penetration testing of devices.
Any vulnerabilities found will be reported directly to manufacturers in accordance with best practices, and publicly disclosed to the international medical device vulnerability database (MDVIPER) which is maintained by MDISS and the National Health Information Sharing and Analysis Center (NH-ISAC).
The group says it plans for 10 new device testing labs by the end of the year including in U.S. in states like New York to Indiana, Tennessee and California and outside North America in the UK, Israel, Finland, and Singapore. The WHISTL facilities will work with Underwriters Labs as well as AAMI, the Association for the Advancement of Medical Instrumentation. Specifically, MDISS labs will base its work on the UL Cybersecurity Assurance Program specifications (UL CAP) and follow testing standards developed by both groups including the UL 2900 and AAMI 80001 standards.
92382095
submission
Trailrunner7 writes:
A group of House Democrats has introduced a bill that would formalize a policy of the United States not sharing cyber intelligence with Russia.
The proposed law is a direct response to comments President Donald Trump made earlier this week after he met with Russian President Vladimir Putin. After the meeting, Trump said on Twitter that he and Putin had discussed forming an “impenetrable Cyber Security unit” to prevent future attacks, including election hacking. The idea was roundly criticized by security and foreign policy experts and within a few hours Trump walked it back, saying it was just an idea and couldn’t actually happen.
But some legislators are not taking the idea of information sharing with Russia as a hypothetical. On Wednesday, Rep. Ted Lieu (D-Calif.), Rep. Brendan Boyle (D-Pa.), and Rep. Ruben Gallego (D-Ariz.) introduced the No Cyber Cooperation With Russia Act to ensure that the U.S. doesn’t hand over any cybersecurity intelligence on attacks or vulnerabilities to Moscow. Recent attacks such as the NotPetya malware outbreak have been linked to Russia, as have the various attacks surrounding the 2016 presidential election.
92239423
submission
Trailrunner7 writes:
A team of researchers from China has developed a new attack on one of the ciphers used to secure the communications of satellite phones that enables them to recover a 64-bit key in a fraction of a second under some circumstances.
The work focuses on the GMR-2 cipher used in Inmarsat satellite phones and the attack the researchers developed cuts the time needed for a brute-force attack on the encryption key by reducing the space that has to be searched.
“With the help of an extra 6KB memory storage, this attack can reduce the exhaustive search space from 264 to about 213 on average when one frame (15 bytes) keystream is available. This indicates that the inversion attack is very efficient and practical which could lead to a real time crack on the GMR-2 cipher. The experimental results on a 3.3GHz platform demonstrate that the 64-bit encryption-key can be completely retrieved in around 0.02s,” the researchers wrote in their paper, “A Real-time Inversion Attack on the GMR-2 Cipher Used in the Satellite Phones“.
