Monday, April 10, 2017

This 13-Year-Old Hacker Has Found Bugs at Some Top Tech Companies

Sad Day for AUSTRALIA - Satirist John Clarke, of Clarke and Dawe fame, dies aged 68

 

Cambridge Analytica arrives in Australia to STEAL our democracy! Cambridge. Analytica of M7 fame Firm that claims credit for Trump and Brexit arrives to pitch marketers and pollies
One third IBM staff in India Bangladesh


 Bitcoins and the future of tickets



 
Verona Burgess: leak investigators land a target that can’t be controlled


As a teenage hacker in the early 1990s, David Mirza Ahmad quickly learned that even the savviest techies can be "owned," old-school computer slang for exposing someone's identity. After Mr. Ahmad tangled with rival hackers on a local online message board, they discovered his name and quickly found out his phone number at his parent's home in Calgary. 


Workplace Surveillance Is The New Office ‘Perk’ Vocativ 

Want to protect your internet privacy at home now that the government has offered up your data? Here's where to start



Meet Ahsan Tahir, a 13-year-old hacker from Karachi, Pakistan, who is already schooling some of the biggest technology companies when it comes to cybersecurity. Tahir is an "ethical hacker," putting his skills to work through bug bounty programs, helping companies find and fix vulnerabilities in their websites in exchange for cash and swag



The syringe slides in between the thumb and index finger. Then, with a click, a microchip is injected in the employee’s hand. Another “cyborg” is created.
What could pass for a dystopian vision of the workplace is almost routine at the Swedish startup hub Epicenter. The company offers to implant its workers and startup members with microchips the size of grains of rice that function as swipe cards: to open doors, operate printers, or buy smoothies with a wave of the hand.
The injections have become so popular that workers at Epicenter hold parties for those willing to get implanted.
“The biggest benefit I think is convenience,” said Patrick Mesterton, co-founder and CEO of Epicenter. As a demonstration, he unlocks a door by merely waving near it. “It basically replaces a lot of things you have, other communication devices, whether it be credit cards or keys.”
Kerr, Orin S. and Schneier, Bruce, Encryption Workarounds (March 20, 2017). Available at SSRN: https://ssrn.com/abstract=2938033 or http://dx.doi.org/10.2139/ssrn.2938033“The widespread use of encryption has triggered a new step in many criminal investigations: the encryption workaround. We define an encryption workaround as any lawful government effort to reveal an unencrypted version of a target’s data that has been concealed by encryption. This essay provides an overview of encryption workarounds. It begins with a taxonomy of the different ways investigators might try to bypass encryption schemes. We classify six kinds of workarounds: find the key, guess the key, compel the key, exploit a flaw in the encryption software, access plaintext while the device is in use, and locate another plaintext copy 
Lawyers at EFF, the ACLU, and the National Association of Criminal Defense Lawyersreleased a report today outlining strategies for challenging law enforcement hacking, a technique of secretly and remotely spying on computer users to gather evidence


From The New York Times: How Uber uses psychological tricks to push its drivers’ buttons




Reuters

The Dutch parliament's website was briefly hit by a so-called 'ransomware' attack on Tuesday, Dutch news agency ANP reported. The form of attack in which hackers scramble a computer system and seek a ransom to unscramble it came amid concerns that Turkish hackers are targeting the Netherlands. Turkey's relations with several European Union countries, including the Netherlands and Germany, have been badly strained after Turkish ministers were banned from campaigning in their cities ahead of an April 16 referendum that would give Turkish President Tayyip Erdogan sweeping powers. The Dutch parliament said it had taken "appropriate measures" in response to the breach but declined to give details.



Reuters

The German parliament was the target of fresh cyber attacks in January that attempted to piggy-back on an Israeli newspaper site to target politicians in Germany, Berlin's cyber security watchdog said on Wednesday. Cyber defenses installed after a 2015 hack of the parliament helped avert the attempted breaches, the Federal Office for Information Security (BSI) said in a statement. The hackers appeared to use advertising running on the Jerusalem Post website to redirect users to a malicious site, it said. The BSI looked into unusual activity on the parliament's network early this year and has just completed a detailed analysis of the incident, which was first reported by the Sueddeutsche Zeitung newspaper on Wednesday. At least 10 German lawmakers from all parliamentary groups were affected by the attempted hack, the Munich daily reported. "The technical analysis is complete. The website of the Jerusalem Post was manipulated and had been linked to a malicious third party site," the agency said in a statement. "BSI found no malware or infections as part of its analysis of the Bundestag networks."



The Telegraph

Britain’s businesses are increasingly aware of the threat of cyber attacks, but often do not know how to combat digital crimes or how to report attacks. A total of 94pc of firms believe IT security is important, but only 56pc have a strategy in place to deal with it, according to a study from the Institute of Directors and Barclays. Although attacks are increasingly common, 40pc of the nearly 1,000 companies surveyed said that if they were a victim of online fraud they would not know which law enforcement to inform. The report comes at a time of significant cybersecurity threats. The IoD said companies should put formal training systems in place for their staff, as 44pc of companies do not have any cyber security awareness schemes currently.



AP
Georgia-based Arby’s restaurant chain failed to prevent hackers from stealing customer information at hundreds of its stores, a Connecticut couple said in a new federal lawsuit. Since early February, eight credit unions and banks from Indiana, Alabama, Arkansas, Louisiana, Michigan, Pennsylvania and Montana have filed seven other federal lawsuits. All make similar allegations about what the credit unions describe as a massive data breach. Arby’s said in a statement Monday that it’s not commenting on the pending litigation, but “we believe the claims are without merit and intend to vigorously defend against them.”  


FCW
Founded in 2014 as a consortium of cybersecurity firms seeking to improve threat-information sharing and incident response, the Cyber Threat Alliance is now a formal non-profit with former White House cyber czar Michael Daniel as its president. After two weeks at the helm of CTA, Daniel told FCW that he believes the growing member association can drive a number of changes in the cybersecurity ecosystem.  


Ars Technica
Developers of the widely used LastPass password manager are scrambling to fix a serious vulnerability that makes it possible for malicious websites to steal user passcodes and in some cases execute malicious code on computers running the program. The flaw, which affects the latest version of the LastPass browser extension, was briefly described on Saturday by Tavis Ormandy, a researcher with Google's Project Zero vulnerability reporting team. When people have the LastPass binary running, the vulnerability allows malicious websites to execute code of their choice. Even when the binary isn't present, the flaw can be exploited in a way that lets malicious sites steal passwords from the protected LastPass vault.  


Reuters
McDonald's Corp's Canadian unit said on Friday personal information of about 95,000 restaurant job applicants was compromised in a cyber attack on its careers website. The information included names, addresses, email addresses, phone numbers and employment backgrounds of candidates who applied online for jobs at McDonald's Canada restaurants between March 2014 and March 2017.