Information Security Blog | Cyber Security Blog

Blog

Information Security Blog | Cyber Security Blog
Read More
Putin declares it to be a dark-day for Russia after introducing surveillance measures into law - 2.0 out of 5 based on 1 review

Russian President Vladimir Putin signed legislation Thursday compelling telephone companies and internet providers to save and store the private communications of its customers, notwithstanding concerns raised by human rights advocates and big business alike.

Included within a package of amendments proposed as antiterrorism measures, the law will require telecoms to collect and keep copies of customers' phone calls, text messages and emails for six months, as well as maintain metadata concerning those communications for up to three years.

Other provisions effectively outlaw the use of digital encryption within Russia and introduce new penalties for individuals accused of inciting terrorism through social media.

Edward Snowden, the former National Security Agency contractor who leaked information about the U.S. government's intelligence gathering operations, said on Twitter that Mr. Putin's signature authorizes "a repressive new law that violates not only human rights, but common sense," and "must be condemned."

"Dark day for Russia," Mr. Snowden tweeted Thursday.

Upon signing the legislative package, Mr. Putin instructed Russia's Federal Security Service, or FSB, to acquire in two weeks the means necessary to decrypt all data sent across the internet.

Mr. Putin has been condemned by international human rights groups during his rein for routinely restricting internet access within Russia's border and censoring websites critical of the Kremlin. By requiring all "organizers of information distribution" to provide authorities with encryption keys that could be used to decipher secure communications, the legislation will further limit Russian citizens' ability to communicate under the radar of an increasingly repressive government.

Last week, the United Nation Human Rights Council passed a resolution which "condemns unequivocally measures to intentionally prevent or disrupt access to or dissemination of information online in violation of international human rights law."

Human rights concerns aside, Russian telecoms have largely opposed the package by claiming the new rules for keeping customers' data will require the deployment of additional and expensive infrastructure.

"Putting aside the ethics, morale and philosophy of these amendments, operators will need to make huge investments into new infrastructure which does not exist at the moment," said Egor Fedorov, an analyst of ING Bank, Bloomberg News reported.

Megafon CEO Sergei Soldatenkov told Kommersant newspaper Thursday that the bill "financially kills the telecommunication industry."

Mr. Snowden, who has lived in Russia since exposing secrets concerning the NSA's own surveillance endeavors, said those investments amount to a "$33 billion tax on Russia's internet."

In announcing Mr. Putin's decision to sign the amendments into law Thursday, spokesman Dmitry Peskov told reporters that the president instructed the government to make adjustments if the measures indeed due pose any "financial risks."

"The government will keep a close eye on how this law is implemented, and if some unpleasant consequences are discovered, the president will ask [the government] to take steps," he said.

Read More
As your day-to-day apparel and accessories are turning into networked mobile electronic devices that attach to your body like smartwatch or fitness band, the threat to our personal data these devices collect has risen exponentially. A recent study from Binghamton University also suggests your smartwatch or fitness tracker is not as secure as you think – and it could be used to steal your ATM PIN code. The risk lies in the motion sensors used by these wearable devices. The sensors also collect information about your hand movements among other data, making it possible for "attackers to reproduce the trajectories" of your hand and "recover secret key entries." In the paper, titled "Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN," computer scientists from the Stevens Institute of Technology and Binghamton University used a computer algorithm that can guess your password and PIN with about 80% success rate on the first attempt, and over 90% of the time with 3 tries. Researchers say their "Backward PIN-Sequence Inference" algorithm can be used to capture anything a person type on any keyboard – from automatic teller machine or ATM keypads to mobile keypads – through infected smartwatches, even if the person makes the slight hand movements while entering PINs. "The team was able to record millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a hand's pose," reports Phys.org. Although the researchers do not name specific wearable devices that are vulnerable, they note that attackers can record information about your hand movements... bottom Line: The team says it doesn't have any robust solution to prevent this attack but recommends manufacturers and developers to confuse attackers by inserting "a certain type of noise data" that would allow the device to be still used for fitness tracking, but not for guessing keystrokes. Another way is to take a low-tech approach – Always enter your passwords or PINs with the hand that is not having a wearable device with the highly sophisticated motion tracker.
Read More

Now a day’s nothing seems to be inevitable for hackers, even the CEO of Twitter can’t escape from becoming a prey of these invaders. Jack Dorsey joins the expanding list of High profile CEO’s whose social networking accounts are hacked.

A group of hackers under the name OurMine had hacked Dorsey’s Twitter account and posted few benign videos. The hacker tweeted “Hey, it’s OurMine, we are testing your security” from Jack’s account. It all happened at 2:50 AM ET and they linked the tweet to their website.

Twitter was quick to react and deleted those tweets within a short time. The attackers actually posted these messages via Dorsey’s Vine account which they have used a source to get access to the Twitter account.

Jack Dorsey probably had an old/shared password on his Vine account which may link it to another service that was compromised. Another reason for this incident can be Dorsey is using the same Vine’s password for a long time.

It had given a way for intruders to get into the company’s CEO account. It’s the same technique that OurMine had followed in its previous hacks of other famous people.

Whatever may be the reason Hackers proved that even high profiled people’s social networking accounts are not 100% secured.

This issue seems to be growing and is increasing user’s privacy concerns. Social networking platforms should find a permanent solution to these type of problems. On user’s part, everyone should follow some basic steps to prevent these hacks. Make sure you’re using a different password for every site, if you are unable to do you can use password managers like 1Password or LastPass.

Frequently update passwords of all your accounts and most importantly turn on two-factor authentication for services that have it. This authentication method sends a pin number via text message to your linked mobile number.

The same group named as OurMine were behind the hacks of social media accounts of Google and Facebook’s CEOs.

Read More

Charles King, central investigator at Pund-IT, Inc. says quantum PCs are unique in relation to traditional PCs in a few vital ways.

“For one, while traditional frameworks are outlined on parallel standards (where opening/shutting semiconductor entryways speaks to on/off, or 0/1) quantum frameworks use “qubits’ which can be on, off or both on and off. In principle, that will permit coming about frameworks to perform capacities on information using wonders from quantum mechanics, for example, superposition and snare,” King disclosed to TechCrunch in an email.

IBM has made its own quantum chip running at 5 qubits. Chow evaluates that it could take a machine running somewhere around 50 and 100 qubits to surpass the abilities of today’s speediest super PCs. We have an approaches to go here, yet this is a decent beginning stage.

However, arriving is harder than basically taking after Moore’s Law with advanced PCs on silicon chips. While IBM is as yet utilizing silicon, there are two or three gigantic obstacles required in getting more steady utilization. As a matter of first importance there is building the PC and second making sense of how to program it, Earl Joseph, who covers superior computing for IDC clarified in an email.

“This test gives the chance to an expansive gathering of individuals to begin to figure out how to program quantum PCs, which will create approaches to utilize this new kind of innovation,” Joseph composed.

He brings up there are other such tests in advancement. “NASA Ames and Google are doing some exceptionally intriguing work. The vast grand slam will be from a more broadly useful and huge size quantum PC. I think it will be a transformative procedure, with more applications going ahead line like clockwork.”

The trust is that by offering this instrument, it will push intrigue and comprehension of quantum computing and make a group of intrigued people, foundations and specialists who can cooperate to propel information about these PCs in the coming years.

Read More

A team of anonymous hackers has claimed a $1 million (£648,000) bounty for remotely jailbreaking Apple's latest mobile operating system, iOS9.

Jailbreaking is the practice of removing Apple's restrictions on their devices, allowing users to install a range of unauthorised apps and tweaks on their phones and tablets.

Jailbreaking is often done willingly by people looking to customise their device, but since it bypasses the security restrictions, jailbreaking can also be a technique used by hackers to break into phones and install spyware.

The hefty prize was offered by cybersecurity company Zerodium, who offered $1 million to any person or team who could come up with a browser-based untethered jailbreak for iOS9 in September this year.

The conditions of the competition required that the hacking process "should be achieveable remotely, reliably, silently and without requiring any user interaction except visiting a web page or reading a SMS/MMS."

In other words, the winning team found a way to remotely install an app on phones running iOS9 simply by getting the the user to open a certain webpage or read a text message.

The terms required that the break-in would have to be truly remote - any solutions that involved the iPhone being plugged in to a computer, or being accessed through Bluetooth or NFC did not qualify.

Read More

China's Tianhe-2 supercomputer has retained its position as the world's most powerful system for the sixth consecutive time, according to a biannual Top500 list of supercomputers released Monday.

Tianhe-2, or Milky Way­2, with a performance of 33.86 petaflops per second (Pflop/s), was developed by China's National University of Defense Technology and deployed at the National Supercomputer Center in Guangzhou. It has held the title since June 2013.

The Chinese system is almost twice as fast as the next on the list, Titan of the US Department of Energy, which has a performance of 17.59 Pflop/s.

In fact, there has been no change among the ranking of the world's top5 supercomputers since June 2013 in the latest edition of the closely watched list.

"The top five computers are very powerful and expensive," Jack Dongarra, professor of the University of Tennessee and editor of the report, said in an email. "It will take perhaps another year before a new system enters the top five."

Among the significant changes to this list from July 2015's list is the sharp decline in the number of systems in the United States, now at 201.

"This is down from 231 in July and is the lowest number of systems installed in the US since the list was started in 1993," the statement said.

In contrast, China made "a great leap" to 109 systems.

"China received a big boost from Sugon, Lenovo and Inspur," said Dongarra. "The large number of submissions came from Sugon."

According to the Top500 statement, Sugon has overtaken IBM in the system category with 49 systems, while Lenovo, which acquired IBM's x86 server business last year, has 25 systems in the list, up from just three systems on the July 2015 list.

In addition, some systems that were previously listed as IBM are now labeled as both IBM/Lenovo and Lenovo/IBM.

Inspur, the third vendor from China, now has 15 systems on the list.

"China is ... carving out a bigger share as a manufacturer of high performance computers with multiple Chinese manufacturers becoming more active in this field," the statement concluded.

Overall, HP leads the list with 156 systems followed by Cray with 69 systems and China's Sugon with 49 systems. IBM ranks fourth with 45 systems. Lenovo ranked sixth while Inspur ranked eighth on the list.

The Top500 list is considered one of the most authoritative rankings of the world's supercomputers. It is compiled on the basis of the machines' performance on the Linpack benchmark by experts from the United States and Germany.

Read More

A single hacker from a small town in Russia compiled a whopping 272 million unique stolen email addresses and passwords, researchers say.

A strange recent transaction with a young Russian hacker left the security research firm Hold Security and the Russian with an enormous trove of compromised email addresses and passwords, the firm says.

It started when Tanya Tabakar, an analyst at cybersecurity firm Hold Security, found a post on a Russian-language dark net forum—the type where stolen data and credentials, often sometimes old and repackaged, are often bought and sold. The hacker insisted on being paid for the account information—even though he only charged 50 rubles ($0.75). “I am just getting rid of it but I won’t do it for free,” he said, as Tabakar wrote. After she told him ethically couldn’t pay, he eventually agreed to trade the information for a like on his page on the popular Russian social media site VK.

“Honestly, it’s the first time I personally saw such a big amount of data,” Tabakar told Vocativ. Estimates vary on just how much personal data is traded on such forums, though it’s undeniably huge. Previous studies estimate about half of Americans are hacked in some form each year. Email accounts that don’t enable two-factor authentication—registering a phone number, for example, which must be verified before a user can change their password—are at far greater risk.

Tabakar was able to glean precious little about the hacker, and how he was able to acquire that information. A resident of a small town in rural Russia, he didn’t fit the mold of a criminal mastermind. “He’s a real young person and he was very friendly,” Tabakar said. The fact that he possessed such data doesn’t mean he was the first to acquire or even to compile it—it’s just noteworthy that such a person was in possession of it, and could share it for next to nothing.

“He has a lot of friends all over the world [on VK],” she said. “Hackers like him play a lot of online games and that’s how they meet people and talk to people.”

The actual number of accounts the hacker sent her was nearly a billion addresses—917 million—but some of those were duplicates, and far more weren’t original, and existed in previous known data dumps from other hackers. Still, that left 272 million unique ones. More half of those came from popular email services like Yahoo, Gmail and AOL. Russian mail site mail.ru was the hardest hit, with more than 56 million accounts compromised.

Read More

We’ve heard a lot about sales and projections for smartphones in China – such as 199 percent smartphone growth in the past year – but how about active mobiles in the hands of Chinese users? The cross-promotion and ads platform Umeng has released its newest report accompanied by an infographic. It shows that, at the end of 2012, China has 160 million active Android users, with 85 million engaged in using iOS.

Newly activated Android devices really started to rocket in numbers last summer, the report notes. Across both platforms, smartphones are now so ingrained in the lives of Chinese mobile users that mobile app sessions rose 16-fold in 2012, with a 12-fold increase in the time spent within the apps that Umeng observed.

As well as lots of interesting demographics and app trends in the infographic, it also points out that iOS jailbreaking is on the decline in the long-run – down from 42.4 percent of Apple iOS gadgets in September 2012 to just 32.3 percent a few weeks ago.

Read More

Apple really doesn't want you to record videos where it's forbidden.

The company is working on a technology that can disable phones' photo and video recording capabilities using an infrared signal, a newly approved patent filing has shown.

The technology could stop people from making illegal recordings at concert venues, in cinemas or theaters.

The patent described how an infrared signal could be fired in places where video recording is prohibited. The phone would detect the signal and either alter what's shown on the screen or shut down its video features completely.

The patent approval was first reported by Patently Apple.

The patent filing suggests video capabilities would only be disabled if the phone is pointed in a certain direction. So users would be still able to take photos of their friends in the crowd, but their camera would switch off if they point it at the stage.

Apple also suggested the infrared signal could be used to alter what the user sees on their screen and provide extra information. For example, if pointed at a piece of art in a museum, the phone could display details about the artwork.

Read More

Facebook users are falling for a chain status update hoax that claims to protect their personal information under copyright laws.

The message has a few variations with date modifications to continually trick new users into reposting the scam. A nearly identical hoax which attempted to entice victims to sites filled with malware and viruses merged back in 2011, reports CBS. The first variation claims that Facebook will begin to charge a subscription fee to maintain private accounts:

“Now it’s official! It has been published in the media. Facebook has just released the entry price: $5.99 to keep the subscription of your status to be set to “private”. If you paste this message on your page, it will be offered free (paste not share) if not tomorrow, all your posts can become public. Even the messages that have been deleted or the photos not allowed. After all, it does not cost anything for a simple copy and paste.”

The second alludes to irrelevant treaties that will supposedly protect a user’s Facebook information from copyright infringement. This misleading post, which has been around since 2012, reads:

“As of September 28 2015 1146 am Eastern standard time, I do not give Facebook or any entities associated with Facebook permission to use my pictures, information, or posts, both past and future. By this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents.

The content of this profile is private and confidential information. The violation of privacy can be punished by law (UCC 1-308- 1 1 308-103 and the Rome Statute). NOTE: Facebook is now a public entity. All members must post a note like this. If you prefer, you can copy and paste this version. If you do not publish a statement at least once it will be tactically allowing the use of your photos, as well as the information contained in the profile status updates. DO NOT SHARE. You MUST copy and paste.”

Facebook does not own users’ media as Facebook spokesman Andrew Noyes announced in a statement reported by USA Today:

“We have noticed some statements that suggest otherwise and we wanted to take a moment to remind you of the facts–when you post things like photos to Facebook, we do not own them. Under our terms, you grant Facebook permission to use, distribute, and share things you post, subject to the terms and applicable privacy settings.”