A collection point
...and some of my own.
Frozen Fridges? Matthew Hughes: A report from consumer advocates Which? highlights the short lifespan of "smart" appliances, with some losing software support after just a few years, despite costing vastly more than "dumb" alternatives. That lifespan varies between manufacturers: Most vendors were vague, Meie and Beko offer about 10 years, LG states patches would be made available as required, but Samsung said it would offer software support for only two years. Remember the average lifespan of a fridge is 11-20 years. In 2016, owners of the Revolv smart home hub were infuriated after the Google-owned Nest deactivated the servers required for it to work. More recently, Belkin turned off its WeMo NetCam IP cameras, offering refunds only to those users whose devices were still in warranty and had their receipt. Given that smart appliances are essentially computers with a persistent connection to the internet, there's a risk hackers could co-opt unpatched fridges and dishwashers, turning them into drones in vast botnets. So these devices really do need to have the commitment of regular updates for as long as they function. Because, remember, there's precedent. The Mirai botnet, for example, was effectively composed of hacked routers and IP cameras. Owners of DDoS-for-Hire Service vDOS Get 6 Months Community Service Brian Krebs: The co-owners of vDOS, a now-defunct service that for four years helped paying customers launch more than two million distributed denial-of-service (DDoS) attacks that knocked countless Internet users and websites offline, each have been sentenced to six months of community service by an Israeli court. A judge in Israel handed down the sentences plus fines and probation against Yarden Bidani and Itay Huri, both Israeli citizens arrested in 2016 at age 18 in connection with an FBI investigation into vDOS. Until it was shuttered in 2016, vDOS was by far the most reliable and powerful DDoS-for-hire or “booter” service on the market, allowing even completely unskilled Internet users to launch crippling assaults capable of knocking most websites offline. vDOS advertised the ability to launch attacks at up to 50 gigabits of data per second (Gbps) — well more than enough to take out any site that isn’t fortified with expensive anti-DDoS protection services. Chinese Hackers Target Biden Campaign and Iranian Actors Hit Trump Campaign Google's Threat Analysis Group said on Thursday that a China-linked hacking group known as APT 31 or Zirconium has targeted Joseph Biden's presidential campaign staff with phishing attacks, and that the Iran-linked actor APT 35 or Charming Kitten has been launching phishing attacks against Donald Trump's campaign. Shane Huntley, who leads TAG, said the researchers have not seen signs that these assaults were successful. Google sent warnings to impacted users about the behavior and also informed federal law enforcement. Microsoft issued a similar warning in October that APT 35 was targeting the Trump campaign. The activity is also in keeping with Russia's actions ahead of the 2016 United States presidential election in which Russian hackers launched highly consequential phishing attacks against campaigns and political organizations. Anonymous Resurfaces Amidst Nationwide Protests The leaderless hacktivist collective known as Anonymous hasn't been much of a force to be reckoned with since 2011 or so, when it rampaged across the internet in a so-called "summer of lulz." But as Movement for Black Lives protests grew over the past week, someone self-identifying as Anonymous has raised its flag again. News outlets picked up new threats from the group against Donald Trump and the Minneapolis Police Department, which is responsible for the killing of George Floyd that set off a new wave of demonstrations. A collection of email addresses and passwords of Minneapolis police officers published by the group, however, turned out to be old credentials picked out of previous hacker dumps. The group's new actions seemed to have amounted to a short-lived distributed denial-of-service attack on the Minneapolis Police website. How to Protest Safely in the Age of Surveillance Lily Hay Newman: militarized police in cities across the United States have deployed armored vehicles and rubber bullets against protesters and bystanders alike. If you're going out to protest—as is a US Citizen's right under the First Amendment—and bringing your smartphone with you, there are some basic steps you should take to safeguard your privacy. The surveillance tools that state and federal law enforcement groups have used at protests for years put it at risk right along with your physical wellbeing. There are two main aspects of digital surveillance to be concerned about while at a protest. One is the data that police could potentially obtain from your phone if you are detained, arrested, or they confiscate your device. The other is law enforcement surveillance, which can include wireless interception of text messages and more, and tracking tools like license plate scanners and facial recognition. “The device in your pocket is definitely going to give off information that could be used to identify you,” says Harlo Holmes, director of newsroom security at the Freedom of the Press Foundation, For that reason, Holmes suggests that protesters who want anonymity leave their primary phone at home altogether. If you do need a phone for coordination or as a way to call friends or a lawyer in case of an emergency, keep it off as much as possible to reduce the chances that it connects to a rogue cell tower or Wi-Fi hot spot being used by law enforcement for surveillance. Sort out logistics with friends in advance so you only need to turn your phone on if something goes awry. Or to be even more certain that your phone won’t be tracked, keep it in a Faraday bag that blocks all of its radio communications. You can skip buying a faraday bag by simply wrapping your phone up in aluminum foil. Open the bag only when necessary. If you are using your phone but want end to end encryption try Signal, but remember that the recipient has to be using the same app. The next thing to protect is your phone's contents: Your phone should be encrypted (both it and the SD card if your phone allows that), then you need to have your phone set to a strong passcode rather than biometric unlock as a search warrant is required for the latter. On an iPhone you can enable the pin, if you had been using biometric unlocking, by holding the wake button and one of the volume buttons at the same time. If you use a device to take photos or videos during a protest, it’s important to keep in mind how this content could potentially be used to identify and track you and others. Files you upload to social media might contain metadata like time stamps and location information that could help law enforcement track crowds and movement. Police departments and other federal agencies have a long history of monitoring social media sites. As protests continue—and as law enforcement and even the federal government escalate their response—be prepared too for forms of digital surveillance that have never been used before to counter civil disobedience, or to retaliate against protesters after the fact. That means protesters will need to stay vigilant—against digital threats as well as bodily ones. Military Surveillance Planes Flew Over US Protests High above the ubiquitous helicopters hovering over US cities during the current protests, military planes usually used in Iraq and Afghanistan were also watching the dissent below. Tech news site Motherboard reviewed data from ADS-B Exchange, a repository of air traffic control information, and found evidence that a RC-26B military-style reconnaissance aircraft was circling Las Vegas. The FBI also deployed small Cessna aircraft, which the Freedom of the Press Foundation believes likely carried devices known as "dirtboxes," airborne versions of the IMSI catcher systems that impersonate cell phone towers to intercept users' communications and track the identities of protestors. Apple publishes free resources to improve password security Apple's new set of tools, collectively called the Password Manager Resources, were open-sourced on GitHub last last week. Apple says the new tools are primarily meant to help developers of password manager applications create a better experience for users. The tools include lists of password selection rules for many of today's most popular websites. The tools were published to address a long-standing issue with password manager applications that impact users across all operating systems, and not solely macOS and iOS, because while password managers may create unique and strong passwords, often, those passwords aren't compatible with the websites they are being created for. Users encountering errors while generating a random password will often resort to choosing their own one instead, which many times is shorter and less secure than the one normally generated by the password manager app. Apple claims that password managers that use its list of rules will start generating passwords that are both strong and unique, but also compatible with the websites they are being used for, and, hence, reduce user experience (UX) errors and instances where users tend to choose their passwords -- a situation Apple wants to avid Leave a Reply. |
Linking the world
Sharing is caring Archives
May 2024
Categories |