August 2020 - Webteam

PSA: CenturyLink outage takes down Amazon, Hulu, Playstation Network, etc for many users - 9to5Mac
by Dejan Ristanovic 30 Aug '20

30 Aug '20

https://9to5mac.com/2020/08/30/centurylink-outage/ PSA: CenturyLink outage takes down Amazon, Hulu, Playstation Network, etc for many users Bradley Chambers If you’re waking up this morning finding that a lot of the services you use on the internet are not working, don’t worry, it’s not just you. Earlier this morning, an outage with CenturyLink has interrupted services for many across the world. When I woke up this morning, I found my abode security system to be disconnected from Wi-Fi and connected to its LTE connection. I quickly noticed that I had several other services that didn’t seem to be working when connected to Wi-Fi. I initially thought it was something with my local internet provider, but as the rest of the US began waking up, it became clear that the outage was widespread. Downdetector is reporting issues with Amazon, Starbucks, Chase, GoDaddy, Peloton, Venmo, and countless others. Searching for Hulu on Twitter also shows many users are having difficulty accessing the service this morning. So it’s safe to say if you’re having issues with your internet this morning, it’s not just you. CenturyLink purchased Level 3 in 2017, and it provides core IP, voice, video, and content delivery for many internet carriers in North America, Latin America, Europe, and parts of Asia. FTC: We use income earning auto affiliate links. More. Check out 9to5Mac on YouTube for more Apple news: Sent from my iPad 2018

1 0

Odmor
by Bbubanja＠orion.rs 29 Aug '20

29 Aug '20

Samo da javim da sam na putu do 14. septembra i da do tada neću biti u mogućnosti da pišem vesti. Pozdrav, Buba

2 1

FW: Research: GDPR fines top €60 million, with over 124 fines issued year-to-date
by Vesna Čarknajev 25 Aug '20

25 Aug '20

Izgleda mi zanimljivo, ko će da preuzme? Vesna Čarknajev CEO PC Press | Osmana Đikića 4 | 11000 Beograd | Srbija Tel: +381 11 2765-533 | Mob: +381 63 234-801 E-mail: vesna(a)pcpress.rs <mailto:vesna@pcpress.rs> From: Oliver Scott [mailto:office@finbold.com] Sent: Tuesday, August 25, 2020 10:07 AM To: vesna(a)pcpress.rs Subject: Research: GDPR fines top €60 million, with over 124 fines issued year-to-date Hi Vesna, New research released today by Finbold reveals which countries in Europe violate GDPR guidelines the most, as well as the total combined GDPR fines of EU countries to date. You can view the research in full here: https://finbold.com/gdpr-fines-2020/ With it being over two years since GDPR was implemented in the EU and EEA, the team over at Finbold has studied the fines and penalties that data protection authorities have imposed in the EU, by sourcing data from the GDPR Enforcement Tracker fines database. The top ten EU countries with the biggest total GDPR fines are: Rank Country Total Fines (€) No. Of Fines 1 Italy 45,609,000 13 2 Sweden 7,031,800 4 3 Netherlands 2,080,000 3 4 Spain 1,952,810 76 5 Germany 1,240,000 1 6 Norway 742,060 8 7 Belgium 717,000 7 8 Hungary 299,300 6 9 Finland 200,500 4 10 Ireland 115,000 2 Other key findings from this report include: * €60,181,250 is the total GDPR fine of EU countries, as of 2020 * The most common GDPR violation is the insufficient legal basis for data processing * The country with the most GDPR violations is Spain, with 76 fines * Italy is the country with the biggest GDPR fine total at €45.6 million You can view the research in full by simply clicking here. If you would like to embed the key findings of this research into a feature, please find the embed code below: <img src="https://finbold.com/gdpr-fines-2020/assets/images/gdpr_fines_finbold.png" style="width: 100% !important;padding: 0px !important; margin-bottom: 0px !important;" alt="GDRP Fines 2020 - Finbold"><p style="margin-bottom: 20px;padding: 5px 10px;">View full data <a href="https://finbold.com/gdpr-fines-2020/" target="_blank">here</a></p> If you would like to write about this research, and require anything else to support a feature, or have any questions about the data at all, please do not hesitate to reach out - I’d be more than happy to help with anything you need! Thanks, Oliver Scott Finbold.com Editor-in-chief office(a)finbold.com <mailto:office@finbold.com> --- 424 Margate Road, Westwood Ramsgate Kent, England, CT12 6SJ If you would rather not receive future communications from Finbold.com, let us know by clicking here. Finbold.com, 424 Margate Road Westwood Ramsgate, Kent, . CT12 6SJ United Kingdom <https://u7061146.ct.sendgrid.net/wf/open?upn=b6-2B3K9PVkuhLR3FQTwus2FxXUoxe…> -- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus

1 0

FW: Hackers can eavesdrop on mobile calls with $7, 000 worth of equipment | Ars Technica
by Dejan Ristanovic 13 Aug '20

13 Aug '20

Možda zanimljivo... https://arstechnica.com/information-technology/2020/08/your-mobile-calls-ma… Doduše, prema mom shvatanju, to je za one koji koriste VoLTE. Korisnici VIP-a to mogu da koriste, dakle u opasnosti su, ali Telenor je bezbedan jer tamo je to dozvoljeno samo skupljim paketima... Dok ovo uključeno, ne radi internet tokom poziva. Zvuk je kao bolji, veza se uspostavlja trenutno itd, ali džaba... Hackers can eavesdrop on mobile calls with $7,000 worth of equipment VoLTE calls were supposed to be more secure. A fatal flaw can unravel that promise. <https://arstechnica.com/author/dan-goodin/> Dan Goodin - 8/13/2020, 1:55 PM <https://cdn.arstechnica.net/wp-content/uploads/2020/08/revolte-800x340.jpg> <https://cdn.arstechnica.net/wp-content/uploads/2020/08/revolte.jpg> Enlarge <https://revolte-attack.net> Rupprecht et al. The emergence of mobile voice calls over the standard known as Long Term Evolution has been a boon for millions of cell phone users around the world. VoLTE, short for Voice over LTE, provides up to three times the capacity of the earlier 3G standard, resulting in high-definition sound quality that’s a huge improvement over earlier generations. VoLTE also uses the same IP standard used to send data over the Internet, so it has the ability to work with a wider range of devices. VoLTE does all of this while also providing a layer of security not available in predecessor cellular technologies. Now, researchers have demonstrated a weakness that allows attackers with modest resources to eavesdrop on calls. Their technique, dubbed ReVoLTE, uses a software-defined radio to pull the signal a carrier’s base station transmits to a phone of an attacker’s choosing, as long as the attacker is connected to the same cell tower (typically, within a few hundred meters to few kilometers) and knows the phone number. Because of an error in the way many carriers implement VoLTE, the attack converts cryptographically scrambled data into unencrypted sound. The result is a threat to the privacy of a growing segment of cell phone users. The cost: about $7,000. So much for more secure “Data confidentiality is one of the central LTE security aims and a fundamental requirement for trust in our communication infrastructure,” the researchers, from Ruhr University Bochum and New York University, wrote in a <https://revolte-attack.net/media/revolte_camera_ready.pdf> paper presented Wednesday at the <https://www.usenix.org/conference/usenixsecurity20> 29th USENIX Security Symposium. “We introduced the ReVoLTE attack, which enables an adversary to eavesdrop and recover encrypted VoLTE calls based on an implementation flaw of the LTE protocol.” VoLTE encrypts call data as it passes between a phone and a base station. The base station then decrypts the traffic to allow it to be passed to any circuit-switched portion of a cellular network. The base station on the other end will then encrypt the call as it’s transmitted to the other party. The implementation error ReVoLTE exploits is the tendency for base stations to use some of the same cryptographic material to encrypt two or more calls when they’re made in close succession. The attack seizes on this error by capturing the encrypted radio traffic of a target’s call, which the researchers call the target or first call. When the first call ends, the attacker quickly initiates what the researchers call a keystream call with the target and simultaneously sniffs the encrypted traffic and records the unencrypted sound, commonly known as plaintext. The researchers described it this way: The attack consists of two main phases: the recording phase in which the adversary records the target call of the victim, and the call phase with a subsequent call with the victim. For the first phase, the adversary must be capable of sniffing radiolayer transmissions in downlink direction, which is possible with affordable hardware for less than $1,400 [1]. Furthermore, the adversary can decode recorded traffic up to the encryption data (PDCP) when she has learned the radio configuration of the targeted eNodeB. However, our attacker model does not require the possession of any valid key material of the victim. The second phase requires a Commercial Off-TheShelf (COTS) phone and knowledge of the victim’s phone number along with his/her current position (i.e., radio cell). The attacker then compares the encrypted and plaintext traffic from the second call to deduce the cryptographic bits used to encrypt the call. Once in possession of this so-called “ <https://en.wikipedia.org/wiki/Keystream> keystream, the attacker uses it to recover the plaintext of the target call. “The ReVoLTE attacks exploit the reuse of the same keystream for two subsequent calls within one radio connection,” the researchers wrote in a <https://revolte-attack.net/> post explaining the attack. “This weakness is caused by an implementation flaw of the base station (eNodeB).” The figure below depicts the steps involved, and the video below the figure shows ReVoLTE in action: <https://cdn.arstechnica.net/wp-content/uploads/2020/08/revolte-diagram.jpg> <https://cdn.arstechnica.net/wp-content/uploads/2020/08/revolte-diagram.jpg> Enlarge Rupprecht et al. Demonstration of the ReVoLTE attack in a commercial LTE network. Limited, but practical in the real world ReVoLTE has its limitations. Matt Green, a Johns Hopkins University professor who specializes in cryptography, <https://blog.cryptographyengineering.com/2020/08/12/attack-of-the-week-voic…> explained that real-world constraints—including the specific codecs in use, vagaries in the way encoded audio is transcoded, and compression of packet headers—can make it difficult to obtain the full digital plaintext of a call. Without the plaintext, the decryption attack won't work. He also said that keystream calls must be made within about 10 seconds of the target call ending. Additionally, the amount of the target call that can be decrypted depends on how long the keystream call lasts. A keystream call that lasts only 30 seconds will provide only enough keystream material to recover 30 seconds of the target call. ReVoLTE also won’t work when base stations follow the LTE standard that dictates against the reuse of keystreams. And as already mentioned, the attacker has to be in radio range of the same cell tower as the target. Despite the limitations, the researchers were able to recover 89 percent of the conversations they eavesdropped on, an accomplishment that demonstrates that ReVoLTE is effective in real-world settings, as long as base stations incorrectly implement LTE. The equipment required includes (1) commercial off-the-shelf phones that connect to cellular networks and record traffic and (2) commercially available <https://www.softwareradiosystems.com/products/> Airscope software radio to perform real-time decoding of LTE downlink traffic. “An adversary needs to invest less than $7,000 to create a setup with the same functionality and, eventually, the ability to decrypt downlink traffic,” the researchers wrote. “While our downlink ReVoLTE is already feasible, a more sophisticated adversary can improve the attack’s efficiency by extending the setup with an uplink sniffer, e. g., the <https://www.sanjole.com/brochures-2/WaveJudge4900A-LTEHandout-Feb11-2012.pdf> WaveJudge5000 by SanJole where we can exploit the same attack vector, and access both directions simultaneously.” Am I vulnerable? In initial tests, the researchers found that 12 of 15 randomly selected base stations in Germany reused keystreams, making all VoLTE calls transmitted through them vulnerable. After reporting their findings to the industry group <https://www.gsma.com/security/gsma-coordinated-vulnerability-disclosure-pro…> Global System for Mobile Applications, a retest found that the affected German carriers had fixed their base stations. With more than 120 providers around the world and over 1,200 different device types supporting VoLTE, it will likely take more time for the eavesdropping weakness to be fully eradicated. “However, we need to consider a large number of providers worldwide and their large deployments,” the researchers wrote. “It is thus crucial to raise awareness about the vulnerability.” The researchers have released an <https://github.com/RUB-SysSec/mobile_sentinel> Android app that will test if a network connection is vulnerable. The app requires a rooted device that supports VoLTE and runs a Qualcomm chipset. Unfortunately, those requirements will make it hard for most people to use the app. I emailed AT&T, Verizon and Sprint/T-Mobile to ask if any of their base stations are vulnerable to ReVoLTE. So far none of them has responded. This post will be updated if replies come later. “Utterly devastating” ReVoLTE builds off of a <https://www.cs.ubbcluj.ro/~forest/rdsos/articole/security/krack-lte4g.pdf> seminal research paper published in 2018 by computer scientists at the University of California at Los Angeles. They found that LTE data was often encrypted in a way that used the same keystream more than once. By using what's known as an <https://en.wikipedia.org/wiki/Exclusive_or> XOR operation on the encrypted data and the corresponding plaintext traffic, the researchers could generate keystream. With that in hand, it was trivial to decrypt the data from the first call. The figure below shows how ReVoLTE does this: <https://cdn.arstechnica.net/wp-content/uploads/2020/08/revolte-decryption-o…> <https://cdn.arstechnica.net/wp-content/uploads/2020/08/revolte-decryption-o…> Enlarge Rupprecht et al. “The keystream call allows the attacker to extract the keystream by XOR-ing the sniffed traffic with the keystream call plaintext,” ReVoLTE researchers explained. “The keystream block is then used to decrypt the corresponding captured target ciphertext. The attacker thus computes the target call plaintext.” While ReVoLTE exploits the incorrect implementation of LTE, Johns Hopkins’ Green said some of the fault lies in the opaqueness of the standard itself, a shortcoming that he likens to “begging toddlers not to play with a gun.” “Inevitably, they’re going to do that and terrible things will happen,” he wrote. “In this case, the discharging gun is a keystream re-use attack in which two different messages get XORed with the same keystream bytes. This is known to be utterly devastating for message confidentiality.” The researchers provide several suggestions that cellular providers can follow to fix the problem. Obviously, that means not reusing the same keystream, but it turns out that's not as straightforward as it might seem. A short-term countermeasure is to increase the number of what are known as radio bearer identities, but because there's a finite number of these, carriers should also use inter-cell handovers. Normally, these handovers allow a phone to remain connected as it transfers from one cell to another. A built-in key reuse avoidance makes the procedure useful for security as well. “[As] a long-term solution, we recommend specifying mandatory media encryption and integrity protection for VoLTE,” the researchers wrote. “This provides long-term mitigation for known issues, e. g., key reuse, and missing integrity protection on the radio layer, and introduces an additional layer of security.” Sent from my iPad 2018

1 0

FW: Boeing 747s still get critical updates via floppy disks - The Verge
by Dejan Ristanovic 13 Aug '20

13 Aug '20

:) https://www.theverge.com/2020/8/11/21363122/boeing-747s-floppy-disc-updates… Boeing 747s still get critical updates via floppy disks <https://www.theverge.com/authors/tom-warren> Tom WarrenAug 11, 2020, 7:08am EDT <https://cdn.vox-cdn.com/thumbor/DN8aduOgBpXot6U1XCXkpfMSDao=/0x0:5408x3600/…> Photo by Matthew Horwood/Getty Images Boeing’s 747-400 aircraft, first introduced in 1988, is still receiving critical software updates through 3.5-inch floppy disks. <https://www.theregister.com/2020/08/10/boeing_747_floppy_drive_updates_walk…> The Register reports that security researchers at Pen Test Partners recently got access to a British Airways 747, after the airline decided to retire its fleet following a plummet in travel during the coronavirus pandemic. The team was able to inspect the full avionics bay beneath the passenger deck, with its data center-like racks of modular black boxes that perform different functions for the plane. Pen Test Partners discovered a 3.5-inch floppy disk drive in the cockpit, which is used to load important navigation databases. It’s a database that has to be updated every 28 days, and an engineer visits each month with the latest updates. While it might sound surprising that 3.5-inch floppy disks are still in use on airplanes today, many of Boeing’s 737s have also been using floppy disks to load avionics software for years. The databases housed on these floppy discs are increasingly getting bigger, according to a 2015 <https://www.aviationtoday.com/2014/08/29/teledyne-brings-aircraft-informati…> report from Aviation Today. Some airlines have been moving away from the use of floppy discs, but others are stuck with engineers visiting each month to sit and load eight floppies with updates to airports, flight paths, runways, and more. The 10-minute video tour of the 747 (above) is a fascinating insight into the parts of the plane you never get to see, particularly on a decades-old airliner. The tour is part of this year’s virtual Def Con conference, the US’ largest hacker conference. As modern planes rely upon ever more sophisticated technology, security researchers are increasingly interested in how planes prevent passengers from interfering with flights. <https://cdn.vox-cdn.com/thumbor/1vE213LQCTaJCIH4YxGYcsE_GOs=/0x0:1666x934/1…> Boeing’s 747 floppy disk drive. Aerospace Village ( <https://youtu.be/yq8wgJO-JXY> YouTube) Security is particularly relevant when it comes to in-flight entertainment systems. A cybersecurity professor <https://go.redirectingat.com?id=66960X1514734&xs=1&url=https%3A%2F%2Fwww.li…> discovered a buffer overflow exploit onboard a British Airways flight last year. The professor was able to use a USB mouse to input long strings of text into an in-flight chat app, crashing the entire in-flight entertainment system for his seat. Security researchers are still hunting for vulnerabilities that would allow them to communicate with flight systems from publicly accessible parts of planes. A focus on security is even more important on the latest aircraft. Modern planes like Boeing’s 777X and 787 use fiber networks, where all the avionics plug into this network and are controlled by a pair of computers that run flight critical software. It’s more of a traditional network like you’d find inside an office building, and some of the latest airliners even receive software updates over the air. The software that powers modern aircraft isn’t always reliable, though. Boeing only just <https://www.theverge.com/2020/5/27/21272478/boeing-737-max-resumes-producti…> resumed production of its troubled 737 Max airplane after software glitches led to <https://www.theverge.com/2019/3/22/18275736/boeing-737-max-plane-crashes-gr…> two fatal crashes that killed a total of 346 passengers and crew members. Despite modern technology being available, it hasn’t stopped floppy disks from persisting in other industries. The US Defense Department only <https://www.theverge.com/2019/10/25/20931800/usa-nuclear-8-inch-floppy-disk…> ended the use of 8-inch floppy disks for coordinating the country’s nuclear forces in October, and the International Space Station is <https://www.theverge.com/2018/11/22/18107919/international-space-station-fl…> full of floppy disks. Sent from my iPad 2018

1 0

NBA Virtual Fans Powered by MS Teams
by Dejan Ristanovic 08 Aug '20

08 Aug '20

Ko prati NBA završnicu može da vidi "publiku" na velikim LED ekranima pored terena. Za tu kerefeku se koristi tzv Together Mode u MS Teamsu. <https://www.theverge.com/2020/7/24/21337326/nba-microsoft-teams-together-mo de-basketball-virtual-experience-fans> https://www.theverge.com/2020/7/24/21337326/nba-microsoft-teams-together-mod e-basketball-virtual-experience-fans m.

1 0

FW: Meet The Man Who Lost The Most Money In Human History | Celebrity Net Worth
by Dejan Ristanovic 04 Aug '20

04 Aug '20

Možda zanimljivo - ko je izgubio najviše novca u istoriji? From: Dejan Ristanovic <dejan(a)ristanovic.com> Sent: Tuesday, August 4, 2020 9:58 PM Subject: Meet The Man Who Lost The Most Money In Human History | Celebrity Net Worth https://www.celebritynetworth.com/articles/entertainment-articles/meet-the-… Meet The Man Who Lost The Most Money In Human History By Brian Warner on August 2, 2020 in Articles › Entertainment Back in 2014, Brazilian businessman Eike Batista lost an <https://www.celebritynetworth.com/articles/entertainment-articles/eike-bati…> astonishing amount of money thanks to a precipitous drop in the worldwide commodities market. In less than a year, Eike's net worth dropped from $35.5 billion to less than $200 million. You might assume that that losing $34.3 billion might be the largest drop in personal wealth of all time, but that is not true. That honor belongs to a Japanese man by the name of <https://www.celebritynetworth.com/richest-businessmen/richest-billionaires/…> Masayoshi Son. Masayoshi Son is the founder and CEO of Japanese telecommunications conglomerate SoftBank. In the year 2000, as the dotcom bubble swelled, Masayoshi Son's net worth peaked at $76 billion. Then the bubble burst. Exploded might actually be a better word. As Softbank's share price plummeted, Masayoshi Son experienced the single largest loss of personal net worth in human history. Here is that story… Masayoshi Son moved with his family from Japan to California when he was just 16 years old. He barely spoke English but eventually graduated from UC Berkeley with degrees in both economics and computer science. One of his first businesses was importing cheap knock-off versions of the arcade game Space Invaders then renting them to laundromats. Soon after turning 24, Masayoshi Son founded SoftBank in Tokyo. Within a year, SoftBank was developing various programs for the PC on top of publishing two popular magazines that focused on the personal computer industry. Always striving for bigger and better, Masayoshi Son spent the next decade transforming SoftBank into a full fledged media and telecommunications empire. By the mid 90s, SoftBank was operating a stock brokerage firm and Japan's #1 satellite television provider. He also convinced Yahoo to allow him to independently launch what would become Japan's largest search engine, Yahoo! Japan. <https://vz.cnwimg.com/thumb-900x/wp-content/uploads/2014/08/GettyImages-477…> Koki Nagahama/Getty Images After taking SoftBank public in 1995, Masayoshi Son became an overnight billionaire. Over the next five years, he used SoftBank's newly acquired war chest to expand his empire at a very rapid pace just as the Dotcom bubble was heating. By 1999, SoftBank was one of the largest internet technology companies in the world. Through SoftBank, Masayoshi Son purchased large stakes in dozens of high flying companies like E*Trade, Alibaba, and Japan's Nippon Credit Bank. For a time, these investments looked brilliant and SoftBank's market cap grew to an all time high of $180 billion. As the owner of 42% of SoftBank's equity, Masayoshi Son's net worth swelled to a whopping $76 billion in early 2000. Two months later, on March 10, 2000, the NASDAQ Composite (the stock exchange that listed nearly all bubble internet companies), peaked at 5,048, more than twice the value from one year earlier. At this point in history, there were more than 300 publicly traded internet companies on the NASDAQ with a combined value of $1.3 trillion that essentially did not exist three years prior. Two months later, in May 2000, the NASDAQ composite had dropped to 3,300. On September 28, 2001 (as the nation reeled from 9/11), the NASDAQ dropped to 1,500. Another year later the market bottomed at 1,200. That's a 76% drop over two very painful years. A company like SoftBank, with so much exposure to the internet sector, did not fare well in these difficult times. Every single investment Masayoshi Son had championed over the previous five years was decimated. As just one example, Softbank's $400 million investment in E*Trade was reduced to just $22 million. Softbank's market cap dropped a mind-numbing 98% from $180 billion to $2.5 billion. And with that drop, Masayoshi Son's net worth plummeted from an all time high of $76 billion to an all time low of $1.1 billion. A personal loss of $74.9 billion. Ouch. Ok he was still a billionaire, and maybe we shouldn't feel too bad for him. But in the words of the great Chris Rock, "If Bill Gates woke up tomorrow with Oprah's money, he'd jump out a fuckin' window and slit his throat on the way down saying, "I can't even put gas in my plane!" So perhaps we give the guy a tiny bit of sympathy. And if you do feel bad for Masayoshi Son we have some good news. With time, Softbank slowly started to recover and rebuild. Today, Softbank is the third largest internet company in Japan thanks largely to its acquisition of cell phone giant Sprint. As of August 2017, Masayoshi Son owns 22% of Softbank and has a personal net worth of $31 billion. Masayoshi Son lives in a $50 million three story mansion in Tokyo that features a private, programmable golf-range that can mimic temperature and weather conditions of every top golf course in the world. When <https://www.celebritynetworth.com/richest-businessmen/richest-billionaires/…> Bill Gates visited his house, he was reportedly speechless. In 2012, Masayoshi Son dropped a cool $117 million to purchase a mansion in Woodside, California near Silicon Valley. He also owns a professional Japanese baseball team called the Softbank Hawks. He may not have $76 billion anymore, but it looks like he's surviving. How would you feel after realizing your net worth dropped $74.5 billion? Sent from my iPad 2018

1 0

Rat algoritama
by Dejan Ristanovic 04 Aug '20

04 Aug '20

Kako zamaskirati sliku This Tool Could Protect Your Photos From Facial Recognition Researchers at the University of Chicago want you to be able to post selfies without worrying that the next Clearview AI will use them to identify you. Before and after photographs of, from left, Jessica Simpson, Gwyneth Paltrow and Patrick Dempsey that were cloaked by the Fawkes team. Credit...SAND Lab, University of Chicago By <https://www.nytimes.com/by/kashmir-hill> Kashmir Hill * Aug. 3, 2020 * Updated 2:24 p.m. ET In recent years, companies have been <https://onezero.medium.com/this-simple-facial-recognition-search-engine-can -track-you-down-across-the-internet-518c7129e454> prowling the web for public photos associated with people's names that they can use to build enormous databases of faces and <https://www.nytimes.com/interactive/2019/10/11/technology/flickr-facial-rec ognition.html> improve their facial-recognition systems, adding to a growing sense that personal privacy is being lost, bit by digital bit. A start-up called Clearview AI, for example, scraped <https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-reco gnition.html> billions of online photos to build a tool for police that could lead them from a face to a Facebook account, revealing a person's identity. Now researchers are trying to foil those systems. A team of computer engineers at the University of Chicago has developed a tool that disguises photos with pixel-level changes that confuse facial recognition systems. Named <http://sandlab.cs.uchicago.edu/fawkes/> Fawkes in honor of the <https://www.nytimes.com/2019/11/05/opinion/guy-fawkes-day-v-for-vendetta.ht ml> Guy Fawkes mask favored by protesters worldwide, the software was made available to developers on the researchers' website last month. After being discovered by <https://news.ycombinator.com/item?id=23917337> Hacker News, it has been downloaded more than 50,000 times. The researchers are working on a free app version for noncoders, which they hope to make available soon. The software is not intended to be just a one-off tool for privacy-loving individuals. If deployed across millions of images, it would be a broadside against facial recognition systems, poisoning the accuracy of the so-called data sets they gather from the web. "Our goal is to make Clearview go away," said Ben Zhao, a professor of computer science at the University of Chicago. Fawkes converts an image - or "cloaks" it, in the researchers' parlance - by subtly altering some of the features that facial recognition systems depend on when they construct a person's face print. In a <https://arxiv.org/pdf/2002.08327.pdf> research paper, reported earlier by <https://onezero.medium.com/this-filter-makes-your-photos-invisible-to-facia l-recognition-a26929b5ccf> OneZero, the team describes "cloaking" photos of the actress Gwyneth Paltrow using the actor Patrick Dempsey's face, so that a system learning what Ms. Paltrow looks like based on those photos would start associating her with some of the features of Mr. Dempsey's face. The changes, usually subtle and not perceptible to the naked eye, would prevent the system from recognizing Ms. Paltrow when presented with a real, uncloaked photo of her. In testing, the researchers were able to fool facial recognition systems from Amazon, Microsoft and the Chinese tech company Megvii. To test the tool, I asked the team to cloak some images of me and my family. I then uploaded the originals and the cloaked images to Facebook to see if it fooled the social network's <https://www.facebook.com/help/122175507864081> facial recognition system. It worked: Facebook tagged me in the original photo but did not recognize me in the cloaked version. However, the changes to the photos were noticeable to the naked eye. In the altered images, I looked ghoulish, my 3-year-old daughter sprouted what looked like facial hair and my husband appeared to have a black eye. The researchers had a few explanations for this. One is that the software is designed to match you with the face template of someone who looks as much unlike you as possible, pulling from <http://www.robots.ox.ac.uk/~vgg/data/vgg_face2/> a database of celebrity faces. That usually ends up being a person of the opposite gender, which leads to obvious problems. "Women get mustaches, and guys get extra eyelashes or eye shadow," Mr. Zhao said. He is enthusiastic about what he calls "privacy armor" and previously helped design <https://www.nytimes.com/2020/02/14/technology/alexa-jamming-bracelet-privac y-armor.html> a bracelet that stops smart speakers from overhearing conversations. The team says it plans to tweak the software so that it will no longer subtly change the gender of users. The other issue is that my experiment wasn't what the tool was designed to do, so Shawn Shan, a Ph.D. student at the University of Chicago who is one of the creators of the Fawkes software, made the changes to my photos as extreme as possible to ensure that it worked. Fawkes isn't intended to keep a facial recognition system like Facebook's from recognizing someone in a single photo. It's trying to more broadly corrupt facial recognition systems, performing an algorithmic attack called data poisoning. The researchers said that, ideally, people would start cloaking all the images they upload. That would mean a company like Clearview that scrapes those photos wouldn't be able to create a functioning database, because an unidentified photo of you from the real world wouldn't match the template of you that Clearview would have built over time from your online photos. But Clearview's chief executive, Hoan Ton-That, ran a version of my Facebook experiment on the Clearview app and said the technology did not interfere with his system. In fact, he said his company could use images cloaked by Fawkes to improve its ability to make sense of altered images. "There are billions of unmodified photos on the internet, all on different domain names," Mr. Ton-That said. "In practice, it's almost certainly too late to perfect a technology like Fawkes and deploy it at scale." Other experts were also skeptical that Fawkes would work. Joseph Atick, a facial recognition pioneer <https://www.nytimes.com/2014/05/18/technology/never-forgetting-a-face.html> who has come to regret the surveillance society he helped to create, said the volume of images of ourselves that we have already made available will be too hard to overcome. "The cat is out of the bag. We're out there," Dr. Atick said. "While I encourage this type of research, I'm highly skeptical this is a solution to solve the problem that we're faced with." Dr. Atick thinks that only lawmakers can ensure that people have a right to facial anonymity. No such federal law is on the horizon, though Democratic senators did recently propose a <https://www.markey.senate.gov/news/press-releases/senators-markey-and-merkl ey-and-reps-jayapal-pressley-to-introduce-legislation-to-ban-government-use- of-facial-recognition-other-biometric-technology> ban on government use of facial recognition. "I personally think that no matter which approach you use, you lose," said Emily Wenger, a Ph.D. student who helped create Fawkes. "You can have these technological solutions, but it's a cat-and-mouse game. And you can have a law, but there will always be illegal actors." Ms. Wenger thinks "a two-prong approach" is needed, where individuals have technological tools and a privacy law to protect themselves. Elizabeth Joh, a law professor at the University of California, Davis, has written about tools like Fawkes as " <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2285095> privacy protests," where individuals want to thwart surveillance but not for criminal reasons. She has repeatedly seen what she called a "tired rubric" of surveillance, then countersurveillance and then anti-countersurveillance, as new monitoring technologies are introduced. "People are feeling a sense of privacy exhaustion," Ms. Joh said. "There are too many ways that our conventional sense of privacy is being exploited in real life and online." For Fawkes to have an immediate effect, we would need all the photos of ourselves that we have already posted to be cloaked overnight. That could happen if a huge platform that maintains an enormous number of online images decided to roll out Fawkes systemwide. A platform like Facebook adopting Fawkes would prevent a future Clearview from scraping its users' images to identify them. "They could say, 'Give us your real photos, we'll cloak them, and then we'll share them with the world so you'll be protected,'" Mr. Zhao said. Jay Nancarrow, a Facebook spokesman, did not rule out that possibility when asked for comment. "As part of our efforts to protect people's privacy, we have a dedicated team exploring this type of technology and other methods of preventing photo misuse," Mr. Nancarrow said. "I'm actually interning on that exact team at Facebook right now," said the Fawkes co-creator Mr. Shan.

1 0

TikTok
by Dejan Ristanovic 04 Aug '20

04 Aug '20

Microsoft kupuje TikTok? https://techcrunch.com/2020/08/03/trump-calls-tiktok-a-hot-brand-demands-a-c hunk-of-its-sale-price/?tpcc=ECTW2020

1 0

Garmin Ransomware
by Dejan Ristanovic 02 Aug '20

02 Aug '20

Izgleda da je Garmin platio... Pozdrav, Dejan https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-de… Confirmed: Garmin received decryptor for WastedLocker ransomware <https://www.bleepingcomputer.com/author/lawrence-abrams/> Lawrence Abrams <https://www.bleepstatic.com/content/hl-images/2020/08/01/garmin-office.jpg> BleepingComputer can confirm that Garmin has received the decryption key to recover their files encrypted in the WastedLocker Ransomware attack. On July 23rd, 2020, Garmin suffered a worldwide outage where customers could not access their connected services, including the Garmin Connect, flyGarmin, Strava, inReach solutions. <https://img.connatix.com/067e5169-ece3-4ce8-87ad-c7961b8bb396/1.png> Top Articles Havenly discloses data breach after 1.3M accounts leaked online <https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/38f5f20e-b939…> <https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/4fc0f2a9-3800…> <https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/b969cbb7-3e49…> <https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/d828405c-3cb5…> <https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/63bc408d-2330…> Read More BleepingComputer was the first to confirm that they suffered a <https://www.bleepingcomputer.com/news/security/garmin-outage-caused-by-conf…> cyberattack by the WastedLocker Ransomware operators after employees shared photos of encrypted workstations, and we found a sample of the ransomware utilized in the attack. <https://www.bleepstatic.com/images/news/ransomware/attacks/g/garmin-wastedl…> Photo of encrypted Garmin workstation Employees later shared with BleepingComputer that the ransom demand was $10 million. After a four day outage, Garmin suddenly announced that they were <https://www.bleepingcomputer.com/news/security/garmin-confirms-ransomware-a…> starting to restore services, and it made us suspect that they paid the ransom to receive a decryptor. Garmin refused, though, to comment any further. Confirmed: Garmin received a WastedLocker decryption key Today, BleepingComputer gained access to an executable created by the Garmin IT department to decrypt a workstation and then install a variety of security software on the machine. WastedLocker is an enterprise-targeting ransomware with no known weaknesses in their encryption algorithm. This lack of flaws means that a decryptor can not be made for free. If you work at Garmin or know someone working there with first-hand information on this incident, you can confidentially contact us on Signal at <tel:+16469613731> +16469613731. To obtain a working decryption key, Garmin must have paid the ransom to the attackers. It is not known how much was paid, but as previously stated, an employee had told BleepingComputer that the original ransom demand was for $10 million When extracted, this restoration package includes various security software installers, a decryption key, a WastedLocker decryptor, and a script to run them all. <https://www.bleepstatic.com/images/news/security/attacks/g/garmin/restorati…> Garmin restoration package contents When executed, the restoration package decrypts the computer and then preps the machine with security software. <https://www.bleepstatic.com/images/news/security/attacks/g/garmin/script.jpg> Garmin script to restore a workstation Garmin's script contains a timestamp of '07/25/2020', which indicates that the ransom was paid either on July 24th or July 25th. Using the sample of WastedLocker from the Garmin attack, BleepingComputer encrypted a virtual machine and tested the decryptor to see if it would decrypt our files. In our test, demonstrated in the video below, the decryptor had no problems decrypting our files. All companies should follow the general rule of wiping all computers and installing a clean image after a ransomware attack. This reinstall is necessary as you never know what the attackers changed during their incursion. Based on the script above, it does not appear that Garmin is following this guideline and is simply decrypting the workstations and installing security software. Custom decryptor used The decryptor enclosed in the package includes references to both cybersecurity firm Emsisoft and ransomware negotiation service firm Coveware. When BleepingComputer reached out to Coveware, we were told that they do not comment on any ransomware incidents reported in the media. In a similar response, Emsisoft told us that they could not comment on any cases, but that they create decryption tools and are not involved in ransom payments. "I cannot comment on specific cases, but generally speaking, Emsisoft has no involvement whatsoever in negotiating or transacting ransom payments. We simply create decryption tools," Brett Callow, a threat analyst at security firm Emsisoft, told BleepingComputer. Emsisoft commonly makes custom ransomware decryptors when the tools supplied by the threat actors are buggy or if companies are concerned that they may contain backdoors. "If the ransom has been paid but the attacker-provided decryptor is slow or faulty, we can extract the decryption code and create a custom-built solution that decrypts up to 50 percent faster with less risk of data damage or loss," Emsisoft's <https://help.emsisoft.com/en/2863/ransomware-advisory-and-recovery-services/> ransomware recovery services page states. As Evil Corp has been attributed as the creator of WastedLocker and was <https://home.treasury.gov/news/press-releases/sm845> placed on the US sanctions list for using Dridex to <https://www.bleepingcomputer.com/news/security/evil-corp-hackers-charged-fo…> cause more than $100 million in financial damages, paying this ransomware could lead to hefty fines from the government. Due to these sanctions, sources familiar with Coveware have told BleepingComputer that the negotiation company has placed WastedLocker on their restricted list in early July, and are not handling negotiations for related attacks. Garmin has not responded to our queries at this time. Related Articles: <https://www.bleepingcomputer.com/news/security/garmin-confirms-ransomware-a…> Garmin confirms ransomware attack, services coming back online <https://www.bleepingcomputer.com/news/security/garmin-outage-caused-by-conf…> Garmin outage caused by confirmed WastedLocker ransomware attack <https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-…> The Week in Ransomware - July 31st 2020 - Cooked Crab <https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-…> The Week in Ransomware - July 24th 2020 - Navigation failure <https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-…> The Week in Ransomware - July 3rd 2020 - Yes, Macs need antivirus Sent from my iPad 2018

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

Webteam August 2020