I take security and privacy issues seriously, but sometimes I despair when news stories such as that regarding Samsung TVs eavesdropping on private conversation explode across the media as happened last week. The reason for my despondency has less to do with the data privacy debate and more to do with the human stupidity one. That said, let's get the technical bit out of the way first. The privacy scare story kicked off after someone, eventually, noticed that privacy policy relating to Samsung smart TVs included the line: "Please be aware that if your spoken words include personal or other …

Member Avatar
Member Avatar
+3 forum 7

It's all too easy to think that spam is an old problem, and one that has largely been dealt with. Certainly, many people will tell you that they see very little evidence of spam in their mailboxes. This, however, has less to do with the demise of the spammer and everything to do with the effectiveness of spam filters. The latest Kaspersky Lab analysis of the spam and phishing threat landscape for the first quarter of 2015 suggests that some 59.2 per cent of email traffic was actually spam, which is good news in as far as that number is …

Member Avatar
Member Avatar
+3 forum 3

[ATTACH=RIGHT]17007[/ATTACH] Come with me if you want to rock. What is easily the greatest thing you’ve seen all week looks like an alternate ending to [I]Terminator 2: Judgment Day[/I], one that didn't leave me in tears and featured Ahhhnold rocking the main stage at Ozzfest, which isn't a far stretch this year with a leather-clad Rob Halford as a supporting act. The stainless steel stand, created by artist Christopher Conte, is a true marvel in every sense, much like the man behind the work. The Norwegian born illustration major earned his Bachelor’s Degree in Fine Art (BFA) from the Pratt …

Member Avatar
Member Avatar
+0 forum 1

As [news breaks](http://www.usatoday.com/story/tech/2015/06/12/office-of-personnel-management-hack-china/71146452/) that a second breach at the federal Office of Personnel Management may have seen another set of data, potentially more valuable than that accessed during [the first](http://arstechnica.com/security/2015/06/why-the-biggest-government-hack-ever-got-past-opm-dhs-and-nsa/), Philip Lieberman, President of privileged identity management specialists [Lieberman Software](http://www.liebsoft.com/), has been talking about what went wrong. Here's what he had to say on the matter: > The apparent US Government policy with regard to the protection of commercial enterprises attacked by nation states and others has been benign neglect (perhaps a shoulder to cry on). Current law and government policy forbid commercial enterprises to take any action against the …

Member Avatar
Member Avatar
+2 forum 5

The Electronic Frontier Foundation (EFF) has released the latest version of its 'Who Has Your Back?' [report](https://www.eff.org/who-has-your-back-government-data-requests-2015) and accompanying infographic, and it makes for interesting reading. Once you appreciate that what the EFF is talking about here is how good, measured as a response to a handful of yes or no questions, a bunch of leading tech companies are at protecting our data from government snooping requests. It's not about privacy in the larger scheme of things, just from that particular angle. That said, let's look at how the EFF came to the conclusions that can be seen in the …

Member Avatar
+1 forum 0

Speaking to TrustedReviews this week, Alexander Moiseev, Kaspersky Europe's Managing Director, has warned that your car is at serious risk of being hacked. He is, however, wrong and I'm going to explain why. ![bongosmall.jpg](/attachments/large/0/a4cebc93cab0ce6d2a6e28f218a2de8d.jpg "align-center") Kaspersky Lab and Mr Moiseev may well insist that the threats to the automotive industry are very real, and very much here and now; and while I don't dispute that there are concerns I do think there is a very real element of [Mandy Rice-Davies Applies](https://en.wikipedia.org/wiki/MRDA_(slang)) about the entire debate. With the demise, albeit a long and drawn out death, of desktop AntiVirus as the …

Member Avatar
Member Avatar
+3 forum 7

Researchers at security company AppRiver have issued a [warning](http://blog.appriver.com/2015/06/amazon-based-malware-targets-crypto-currency/) regarding a variant of the Fareit malware family which is using fake Amazon purchase confirmation emails to inject itself and steal any type of crypto currency that can be found on the target machine. ![amazonmalware.jpg](/attachments/large/0/4ed9d9dbe506fcd950aef08620e1e144.jpg "align-center") Troy Gill, manager of security research at AppRiver, details how his team have been monitoring, and blocking, what he describes as a stream of malicious emails during the last week. All posing as legitimate Amazon purchase confirmations, all stating that 'your order has been confirmed’ and all directing the reader to the attached, and infected, …

Member Avatar
+1 forum 0

Another month, another flaw related to the historical US export restrictions on cryptography; this time in the form of LogJam. It hits SSL 3.0 and TLS 1.0 which supported reduced-strength DHE_EXPORT ciphersuites, restricted to primes no longer than 512 bits, meaning that a man-in-the-middle attack is possible to force the usage of the lower export strength cipher without the user being aware and which impacts something like eight per cent of the top one million web domains and all the major web browser clients. Well almost, because Internet Explorer has already been patched (nice one Microsoft) with Firefox expected to …

Member Avatar
+2 forum 0

In what has quite possibly been one of the longest periods between security problems being revealed and action being taken, the Virginia Board of Elections voted on Tuesday to remove the certification of more than 300 AVS WINVote touchscreen voting machines. The Virginia Information Technology Agency, and consultancy Pro V&V, uncovered multiple flaws in the voting technology which had also been used in other states including Mississippi and Pennsylvania. The scandal here is that there have been concerted efforts to remove these machines from the electoral system since 2008 when experts investigating irregularities first flagged their concerns. They have consistently …

Member Avatar
Member Avatar
+2 forum 3

According to the latest [Verizon 2015 Data Breach Investigations Report](http://www.verizonenterprise.com/DBIR/) all but four per cent of the security incidents analyzed by researchers could be accounted for by just nine basic attack types. That's pretty useful information for enterprise looking to prioritize their approach to security in terms of establishing a stronger security posture. So, as far as the nearly 80,000 incidents that were analyzed to form the basis of the report, what were these nine basic patterns then? Verizon states that the nine threat patterns are: 1. Miscellaneous errors (such as sending an email to the wrong person for example) …

Member Avatar
+1 forum 0

Although the term 'reflection DoS' is nothing new, I recall reading something about it three years ago when a high profile security researcher [used it to describe](http://www.understandingcomputers.ca/articles/grc/drdos_copy.html) how malicious SYN packets were being reflected off bystanding TCP servers and the SYN/ACK responses used to flood his bandwidth. More recently, Garrett Gross from security vendor AlienVault [recently wrote about](https://www.alienvault.com/blogs/security-essentials/emerging-threat-reflection-using-sql-servers) the relatively new method of amplification Denial of Service (DoS), also known as a reflection attack, using SQL servers. This was actually first reported at the back end of last year when servers belonging to the City of Columbia, Missouri were hit …

Member Avatar
Member Avatar
+1 forum 2

After a week of Jewish holidays bookending Advertising Week, SMX East, IAB Mixx, and OMMA, I took a break this past weekend to attend Comic Con NY at the Javits Center. A couple of first impressions: while the website announces it had the largest attendance to date, it seemed eerily empty as compared to previous years. That isn't to say it wasn't absolutely packed, because of course it was. But people were free to roam around and weren't packed in like sardines, unable to push through the crowds, which tended to be the norm on previous Comic Con Saturday afternoons. …

Member Avatar
Member Avatar
+0 forum 6

The hacker collective known as Anonymous first declared war on Islamic State (formerly known as ISIS) supporters back in the Summer of 2014 with [Operation NO2ISIS](http://www.forbes.com/sites/jasperhamill/2014/06/27/anonymous-hacktivists-prepare-for-strike-against-isis-supporters/) which promised to target the online infrastructure of those countries sponsoring Islamic State militants. This declaration followed the hacking of an Anonymous Twitter account, @TheAnonMessage, which was then used to post photos of a terrorist assault near Baghdad. At the time, an Anonymous spokesperson stated that "these savages who have no religion or morality are bent on burning everything in their path, killing and pillaging as they go. They must be stopped." Because Islamic …

Member Avatar
Member Avatar
+4 forum 9

According to the [Daily Mirror](http://www.mirror.co.uk/news/technology-science/technology/charlie-hebdo-isis-flag-death-4946579), a number of official websites connected to French municipalities were hacked at the end of last week to coincide with the Charlie Hebdo massacre and the hostage taking at the Jewish supermarket. The newspaper reported that the home screens of websites belonging to the towns of Jouy-le-Moutier, Piscop, Goussainville, Val D'Oise and Ezanville (all surrounding Paris) were defaced with a Jihadist ISIS black flag and a message which translates as "The Islamic State Stay Inchallah, Free Palestine, Death to France, Death to Charlie." The hacker concerned declares himself to be an Algerian using the name …

Member Avatar
Member Avatar
+1 forum 1

It's the festive season but would you really expect Lady Gaga to give you a free iPad 2? That was the exact message being broadcast from Lady Gaga's Twitter account earlier, promising each and every one of her 17 million followers an iPad 2 and all they had to do was click the link for details. [ATTACH=RIGHT]23296[/ATTACH]Of course, there was no iPad. The Lady Gaga Twitter account had been hacked and if you clicked on that link it would take you to a number of different sites via redirects and then dump you at a survey designed to scam you …

Member Avatar
Member Avatar
+1 forum 6

American technology companies are by implication evil, and aiding terrorist groups such as Islamic State/ISIS according to a number of highly influential but terribly ill-informed Western players. Apple and Google have become the command and control networks of choice for terrorists and implementing full-device encryption by default will help Islamic State to plan future attacks, if we are to believe certain spy masters and career politicians. I use the term 'terribly ill-informed' wisely, and am aware that I will no doubt get plenty of flack from those who think the head of the UK Government Communications Headquarters (GCHQ) or Director …

Member Avatar
Member Avatar
+4 forum 2

My name is Davey Winder, and I am a phoneaphobic. At first glance it would appear that I am anything but alone if the results of a recent study into attitudes towards mobile phone usage are to be believed. But first impressions are often misleading and that's the case here, as unlike me it seems that the majority of people do not have a phobia of simply speaking on the phone (or more accurately having my train of thought interrupted by meaningless telephone conversations when an email will usually suffice) but rather the exact opposite. [URL="http://en.wikipedia.org/wiki/Nomophobia"]Nomophobia[/URL] is the fear of …

Member Avatar
Member Avatar
+2 forum 17

[ATTACH=RIGHT]22544[/ATTACH]Three and a half years ago, DaniWeb was reporting how [URL="http://www.daniweb.com/hardware-and-software/networking/news/218954"]stolen credit cards could be purchased online[/URL] for as little as $10 per card, complete with a guarantee that the accounts behind the cards were active, when purchased in larger volumes. So how has the market changed since the start of 2008? It should come as no real surprise, given the number of high profile data breaches which have resulted in the loss of credit card information from online databases, that the underground cybercrime marketplace has become pretty saturated with credit cards for sale. And whenever a market gets saturated …

Member Avatar
Member Avatar
+1 forum 9

The Iranian Cyber Army may be the latest elite military hacking squad to hit the headlines, but Iran has a long way to go if it's to catch up with China in terms of international data disruption. According to one newly published report into the threat from Chinese state-sponsored espionage activity, the true scale and nature of these cyber-attacks is really quite interesting. [ATTACH=RIGHT]24125[/ATTACH]Context Information Security argues in the '[URL="http://www.contextis.com/news/articles/targetedattacks/Targeted_Attacks_Whitepaper.pdf"]Hidden Tiger, Crouching Dragon, Stolen Data[/URL]' report that while cyber-attacks originating from China are nothing new, they have grown in both size and scope in recent years in order to support …

Member Avatar
Member Avatar
+0 forum 1

Following the arrest of 25 suspected members of the Anonymous hacking collective in Europe and South America, the INTERPOL website went offline. Coincidence? I don't think so. After all, Anonymous has already proven it isn't scared, or indeed incapable. of taking down law enforcement sites. Earlier in the month it managed to [URL="http://www.youtube.com/watch?v=pPZc-CqXG3U"]take the CIA website offline[/URL] and even managed to [URL="http://www.itpro.co.uk/638788/do-british-police-get-cyber-security"]listen in to a private conference call between FBI agents and Scotland Yard detectives[/URL] who were discussing how to deal with Anonymous hacking attacks amongst other things. The fact that the INTERPOL site went down within hours of INTERPOL …

Member Avatar
Member Avatar
+3 forum 1

If you use, or operate, a password-free wireless network then legal action being taken in the US by the adult movie industry might just be about to rain on your parade warns one European IT threat mitigation expert. [ATTACH=RIGHT]23826[/ATTACH]The lawsuit was filed by Liberty Media Holdings, a producer of adult movie content based in San Diego, and accuses in excess of 50 people in Massachusetts (where the lawsuit has been filed) of downloading and consequently sharing a gay porn movie illegally via BitTorrent. The complaint itself makes a point of claiming that the defendants either have direct responsibility as they …

Member Avatar
Member Avatar
+1 forum 10

[URL="http://en.wikipedia.org/wiki/Man-in-the-middle_attack"]Man-in-the-Middle (MITM) attacks[/URL] are, sadly, not news these days; they are a fact of online life. But word of how the latest SpyEye Trojan-driven MITM attacks are using clever post transaction fraud systems to effectively erase the evidence of the crime from the victims' view certainly deserve to be. Attacking online bank accounts in both the US and UK, the attacks were first spotted just before the seasonal holidays took hold by researchers at [URL="http://www.trusteer.com"]Trusteer[/URL], a security company which works with banks to protect customers from just such threats as MITM attacks. What is a MITM attack exactly? Well, simply …

Member Avatar
Member Avatar
+0 forum 2

Sykipot is not a new Trojan Horse by any means, but the variation found to be attacking Department of Defense smart cards is certainly something that government agencies need to be worried about. United States government agencies, that is. It's doubtful the Chinese government will be too worried about them, considering that the Sykipot-led attacks against these US government agencies would appear to be originating from China itself. [ATTACH=RIGHT]23494[/ATTACH]Security specialist [URL="http://www.alienvault.com"]AlienVault[/URL] has uncovered evidence that the attacks might stretch right back as far as March 2011 and have been targeting a number of agencies which use ActivIdentity, or more specifically …

Member Avatar
Member Avatar
+0 forum 1

[URL="https://www.facebook.com/TeaMp0isoN"]TeaMp0isoN[/URL], a black-hat hacking collective, has announced that it is to collaborate with Anonymous on Operation Robin Hood which swears to take money from the banks (in the form of stolen credit card data) and redistribute the wealth from the 1% to the 99% in support of the Occupy Movement. But just who exactly are TeaMp0isoN and what impact is Operation Robin Hood likely to have? [ATTACH=RIGHT]23129[/ATTACH]Let's start with the easy stuff first and get a handle on TeaMp0isoN. Although you might think that finding anything out about a hacking collective which does things the likes of the FBI and …

Member Avatar
Member Avatar
+0 forum 1

[ATTACH=RIGHT]22459[/ATTACH]Just how desperately are you looking for love? Unfortunately, for some the answer is all too often all too desperately; to the point where common sense leaps out of the window and is quickly followed by the bank balance. According to new research by the University of Leicester in the UK, hundreds of thousands of people have already fallen to what is being referred to as the online romance scam. In what is thought to be the first formal academic study of its kind, researchers at Leicester University have attempted to measure the true scale of online dating danger from …

Member Avatar
Member Avatar
+0 forum 6

The whispers have been [URL="http://arstechnica.com/apple/news/2009/08/leaks-begin-to-pile-up-concerning-legendary-apple-tablet.ars"]getting louder[/URL] lately that Apple will be be announcing the long-rumored Tablet next month at its September keynote. We have all learned that these rumors are [URL="http://www.daniweb.com/blogs/entry3626.html"]often wrong[/URL] and Apple moves at its own pace, but the idea of an Apple Tablet with a 10 inch touch-screen--effectively an iPhone with a large screen--is so intriguing that it's hard for a blogger like to me to ignore. That's why I've come up with a list of five reasons you'll want to own this baby if in fact it ever comes to fruition. [B]1. Super eBook Reader[/B] As …

Member Avatar
Member Avatar
+0 forum 7

[ATTACH=RIGHT]22151[/ATTACH]It would appear that a Florida bank has been the victim of a $13 million ATM heist, but just how did the cyber-robbers pull it off? Although the security breach which led to the ATM fraud itself seems to have taken place in March, and was disclosed in the first quarter earnings statement for Fidelity National Information Services Inc (FIS) back in May, details of exactly what happened are only just starting to leak from the FBI probe that followed. FIS, based in Jacksonville, is one of the world's biggest processors of prepaid debit cards with more than 775 million …

Member Avatar
Member Avatar
+3 forum 10

[attach=right]21629[/attach]There is an app for most things, but flying a helicopter has been (perhaps understandably) absent from the list. Sure, you can pilot a virtual helicopter or play a game involving a helicopter on-screen, but how about flying an actual helicopter in the actual sky using an actual iPhone? Griffin Technology Inc, best known for a whole load of innovative hardware accessories for the original iPod, has today been demonstrating how to fly a real helicopter using an iPhone, or an iPad for that matter. OK, so it's a small helicopter, a remote controlled one in fact, but it's real …

Member Avatar
Member Avatar
+0 forum 11

[ATTACH=RIGHT]22256[/ATTACH]England just scraped to a hard fought win against a physical and enthusiastic Argentina side in their opening match of the 2011 Rugby World Cup campaign in New Zealand. But while sports fans the world over get excited about how their country is performing in the initial pool group matches, some folk have other motives for clapping their hands with joy over the current wave of interest in Rugby Union: cyber-criminals are raking in the money with a whole host of Rugby World Cup 2011 scams. Nick Johnston, a senior software engineer with Symantec, [URL="http://www.symantec.com/connect/blogs/419-scammers-take-advantage-rugby-world-cup-fake-lottery"]has warned[/URL] that advance fee fraud …

Member Avatar
Member Avatar
+0 forum 4

It may seem like email has been around forever, but actually it is exactly 40 years since the first email was sent by the man credited with inventing it, engineer Ray Tomlinson, on Wednesday 8th June 1971. [attach]21227[/attach] Tomlinson was a computer engineer who was working for a company that had been hired to help build the Arpanet, the predecessor to the Internet, at the time. And in case you were wondering, that very first email message simply said: 'QWERTYUIOP' which as any self-respecting geek will know is the top line of letters on a standard QWERTY keyboard. QWERTYUIOP is …

Member Avatar
Member Avatar
+1 forum 11

The End.