Bismillah writes: Researchers at NATO's Cooperative Cyber Defence Centre of Excellence and Estonia's University of Tallinn have worked out how to set up communications channels using IPv6 transition mechanisms, to exfiltrate data and for systems control over IPv4-only and dual-stack networks — without being spotted by network intrusion detection systems.
Bismillah writes: Researchers tested a bunch of network middle boxes and antiviruses that break TLS to intercept and analyse traffic, and found most seriously degraded the security of connections, rather than the opposite. Bad TLS implementations in the intercepting products meant they introduced weak ciphers, POODLE, LOGJAM and CRIME vulnerabilities. Configuration of middle boxes sounds like a nightmare, adding to the woes. Some vendors' response? "It's the customer's responsibility to configure the middle boxes correctly."
Bismillah writes: A seven-year study has found a correlation between increased internet activity per capita, and gross domestic product. And, the study mapped changing sleep patterns around the world as well.
Bismillah writes: Westfield's Scentre Group has removed SMS notifications for its ticketless parking system after it was discovered they could be used to track other people's cars unnoticed. The system allows you to enter any licence plate, which in turn will be scanned upon entry and exit at mall parking facilities — and when the free parking time is up, a notification message is sent to the mobile phone number entered, with the exact location of the car.
schwit1 writes: The NSA didn’t know it was already sitting on a “goldmine” of data on one of its targets until one of its analysts discovered it by “sheer luck,” according to an internal newsletter entry leaked by Edward Snowden.
The article, dated March 23, 2011, was written by a signals development analyst in SIDtoday, an NSA in-house newsletter. He explains how he discovered the contact and personal information for over 10,000 people, as well as some 900 account login details, after “a ton of hard work,” according to reports from The Intercept and teleSUR.
“By sheer luck, (and a ton of hard work) I discovered an important new access to an existing target and am working with TAO to leverage a new mission capability,” the analyst wrote to colleagues. TAO refers to Tailored Access Operations, an NSA hacking team which had collected the 900 usernames and passcodes.
The “existing target” was Petróleos de Venezuela, a Venezuelan state oil company also referred to as PDVSA.
Bismillah writes: Samsung Electronics has proposed a ‘space internet’ network consisting of 4600 micro-satellites that could act as backhaul for terrestrial cellular networks and bring low-cost internet to “everyone in the world”.