Skip to content

Archive for

31
May

The US will protect Japan against cyberattacks


A Japanese variant of the F-15 Eagle

The US knows that it’s not enough to protect its own networks against cyberattacks — its allies have to be safe, too. Appropriately, it’s agreeing to shield Japan from digital assaults against its military and critical systems. The move gives the island nation a big security boost (its online defense unit has a mere 90 people) and hopefully reduces the chances that less-than-sympathetic neighbors China and North Korea will compromise a strategically vital country. While it’s doubtful that the pact will deter many hacking attempts, it could make any local cyberwarfare campaigns that much tougher.

[Image credit: AP Photo/Eugene Hoshiko]

Filed under: Internet

Comments

Source: Reuters

Advertisements
31
May

WiFi from LG Watch Urbane hacked onto LG G Watch R


LG_Watch_Urbane_Main_Gold_And_Silver_TA

Owners of the LG G Watch R who are willing to do some hacking work on the device now have an option available to enable the WiFi chip on the device. User Tasssadar on the XDA site figured out how to get the needed drivers off an LG Watch Urbane, with the help of intersectRaven, in order to make this possible.

The files needed to make everything work have been put together as a flashable ZIP for G Watch R owners who are willing to give it a go. Currently the solution has only been tested on devices running the 5.1.1 Android update. Users will also need TWRP installed as a custom recovery and an unlocked bootloader.

Tasssadar does note that this solution breaks over-the-air updates, so owners will have to be prepared to restore to a stock image when the next Android update rolls out if they want to get it OTA. In addition, although most people think LG did not enable WiFi on the G Watch R as a way to push buyers to the Watch Urbane, there is a possibility that some actual hardware issue exists and this could cause permanent hardware damage.

If you have a G Watch R and want to give this a try, just hit the source link below for links to the ZIP file and some kernels that will be needed.

source: XDA

Come comment on this article: WiFi from LG Watch Urbane hacked onto LG G Watch R

31
May

Apple Looking to Sign Drake, Pharrell and David Guetta as iTunes Radio Guest DJs


Apple is in talks to sign Toronto-born rapper Drake, hip-hop artist Pharrell Williams and electronic music DJ David Guetta as guest DJs for a revamped iTunes Radio, according to the New York Post. The report also claims that Apple continues to negotiate with record labels for Apple Music and wants to offer a three-month free trial period for the $10-a-month streaming music service.

iTunes Radio Devices
Apple Music will reportedly combine the best features of Pandora, Spotify and YouTube into one service, including streaming music and video, artist pages, a YouTube-style sharing section called Apple Connect and a refreshed version of iTunes Radio. Apple also wanted to offer lyrics as part of the service, but does not want to pay extra to record labels to offer the feature.

Apple is expected to announce its new streaming music service on June 8 at its annual Worldwide Developers Conference in San Francisco, building upon the assets it acquired through its Beats Music purchase last year. The company will reportedly push customers to sign up for Apple Music by offering SoundCloud-like sharing, exclusive content and the aforementioned three-month free trial period.




31
May

@LlabTooFeR leaks upcoming battery update for the One M9


HTC_One_M9_Back_HTC_Logo_TA

Notorious leaker @LlabTooFeR took to his Twitter account today to share a couple of screenshots from an upcoming software update for the One M9, which is scheduled to start rolling out as early as next week.

This upgrade carries version number 1.40 and appears to be primarily aimed at improving the many battery issues that users have been complaining about recently — so now they’re handset should finally last more than a day on a single charge.

Screen Shot 2015-05-31 at 18.11.24
Screen Shot 2015-05-31 at 18.12.20

That’s all we know for the time being, but be sure to check back for more information as we’ll let you know the instant HTC starts pushing out the over-the-air update.

Source: Twitter

Come comment on this article: @LlabTooFeR leaks upcoming battery update for the One M9

31
May

Tesla loses its shot at direct car sales in Texas


Tesla Model S in Texas

If you want to buy a Model S in Texas, you’re going to have to jump through some hoops for at least the next couple of years. Bills that would let Tesla sell cars directly to customers aren’t going to get a vote before the state’s legislative session wraps up on June 1st, leaving the electric vehicle maker high and dry until the next session kicks off in 2017. This doesn’t mean that you’re completely out of luck if you want Tesla-made transportation in Austin (see above for proof), but you can’t simply pick one up.

The setback isn’t completely surprising given how fiercely dealership lobby groups fight to protect their business model, but Texas poses some additional challenges. A lot of the state’s political clout rests in rural areas, where dealerships are more vital to the community in terms of both jobs and sponsorships. Representatives are more likely to support these local businesses than a California company trying to up-end the dealership model, even if it would help both competition and the environment.

[Image credit: the author, Flickr]

Filed under:

Comments

Source: Bloomberg

31
May

Android Authority this week – May 31, 2015


google io 2015 aa (3 of 13)

Android fans, it was an amazingly busy week in the Googleverse. At its annual developer conference, Google introduced Android M, which brings few visual changes, but many much needed improvements and refinements, including doze mode, better volume controls, Android Pay, app state back up, and Google Now on Tap. It wasn’t just M; Photos is now an independent app; Project Brillo was announced as Google’s new IoT operating system; updates were announced for Inbox, Google Maps, and the Play Store; and Google ATAP blew our minds with its new projects – Jaquard, Soli, and Abacus. In other news Lenovo showed off some crazy concepts; Sony introduced the Xperia Z3+; the Galaxy S6 Iron Man edition launched; and Microsoft unveiled Cortana for Android.

Inside AA HQ

It probably won’t be a surprise that we spent this preparing for Google I/O, and from Thursday, in a mad dash to bring you all the news coming out of Google’s announcement-packed conference.

We’re all pretty excited to try out Android M, and most of the team is already rocking the M developer preview on various devices. Google only touched on a fraction of the changes and new features in Android M, and we’ve been busy perusing the developer previews to spot all the new stuff. To keep up with everything, check out our Diving into M series, where we take a closer look at the smaller new features in Android M.

Android M Easter Egg Lol watermark

Google I/O is over, but the tech world is still revving at full speed. This week, Darcy attended Lenovo’s TechWorld conference and over the next days he will be reporting from Taipei, where Computex is about to start. Computex has always been Asus’ stomping ground, and this year is no different. We expect to see the Zenwatch 2 and some updated tablets come next week.

In celebration of Google I/O, we’re giving away a Nexus 9! Get your ticket for our weekly giveaway from here.

The stuff you shouldn’t miss

Top news of the week

And here are the top news in the Android world this week:

Microsoft loves Android

hi-cortana

Xperia Z3+ is here

sony xperia z3 + plus press renders (6)

Galaxy S6 Iron Man edition has landed

samsung galaxy s6 edge iron man

Android M: everything to know

Android M Easter Egg 1 Watermark

More Google I/O news

google io 2015 aa (2 of 13)

Google ATAP epic projects

project jacquard

Lenovo TechWorld

Lenovo-TechWorld-2015-highlights-aa-(16-of16)

Sound off

We always want to hear your feedback. Whether it’s criticism or praise, feel free to tell us what you think about Android Authority’s content, design, and community. Comment here or get in touch with us on our social channels:

Happy Sunday!

31
May

Spotify is my new running mate, even if it doesn’t know me well


Apparently, after all these years, Spotify still doesn’t really get me. I’ve used the service since 2010. Technically I was a subscriber since before it hit US shores. And yet, Spotify clearly has no idea what kind of music I like. I say this because I recently traded in my carefully curated running playlist for Spotify’s dynamically generated ones and, not to spoil the rest of the story, it really failed. But let’s start at the beginning.

I got up nice and early Sunday morning, left my house and began the slow slog up hill past Silver Lake Park. When I started to hit my stride I pulled out my iPhone and found the new Running option in sidebar of the updated Spotify app. The first stop on my journey was the running specific Hip Hop and R&B playlist. A pleasant female voice instructed me to start running and let me know that it was using the phone’s sensors to detect my pace. Then, as promised, it spat out songs perfectly matched to the tempo of my run.

The first batch of tracks got me up the steep slope, but almost none of the artists were recognizable to me. And honestly, most were not particularly good; there was a reason I had never heard most of these songs before. The final nail in the playlist’s coffin was Immortal Technique’s The Cause of Death. Whether you’re a fan of his or not, I think we can all agree that listening to the Harlem-based MC rap about how 9/11 was an inside job doesn’t make for an enjoyable run.

The trouble is that, while Spotify supposedly takes my taste into account when building these playlists, you’d never know it. Neither the Upbeat Run or Mood Booster Run playlists fared any better. And, after suffering through Bleachers and Demi Lovato’s Unbroken, I gave up. It seems that the combination of Spotify’s beat matching algorithm and its human curators just couldn’t make me happy.

There was one other place I might find running nirvana, however. Spotify has a selection of running specific original tracks. These aren’t collections of songs, they’re long pieces of instrumental music designed specifically for you to listen to and zone out while you keep those legs moving. There are six pieces to choose from: The Chase, Blissed Out, Lock the Flow, Seasons, Epic and Burn. Honestly, those first five aren’t great. In fact they sound like they were pulled from a library of nondescript royalty-free music. But, like the playlist options, if you’re just looking for something to help you keep pace, they do the job.

Burn is different. It’s created by Dutch DJ and producer Tiësto, and it’s pretty much perfection. I’m not normally a huge fan of Tiësto; he’s the sort of artist that plays best in a club when you’re pumped full of ecstasy… or so I thought. Burn, once it locks into your rhythm, ebbs and flows with the right amount of energy to keep you running for about 45 minutes, uninterrupted. In that way, it’s not unlike LCD Soundsystem’s 45:33. But where that song is about simply locking into a groove, Burn is constantly building and shifting to keep you moving and engaged. It feels like it constantly wants you to go faster. When it finally reaches a crescendo, however, it backs off to let you enjoy that runner’s zen for a bit before pushing you again with filtered drum buildups. It’s cheap shot after cheap shot, but it works beautifully for a nice long run.

Spotify definitely has some work to do with its running feature. I never want to hear Demi Lovato again, and songs about government conspiracies aren’t really motivating me to push myself. That being said, the technology part works quite well. I do wish that the running originals and playlists would sample your pace multiple times over the course of a run, rather than stick to a steady pace (I can’t help but start to slow down around mile five). But the songs selected rarely failed to lock to my tempo. If the company can get more expertly crafted originals like Tiësto’s Burn, it will have something truly special on its hands. For now, I’ll be putting my running playlist on the shelf and sticking to Spotify, exclusively because of that track.

Filed under: Software

Comments

31
May

Inhabitat’s Week in Green: Self-driving Audis and free solar panels


Each week our friends at Inhabitat recap the week’s most interesting green developments and clean tech news for us — it’s the Week in Green.

Inhabitat's Week in Green

California is giving away free solar panels to its poorest residents. Between now and 2016, the state will donate 1,600 free photovoltaic systems — and each array will save a household $22,800 in energy costs over 30 years. Meanwhile in Southern California, director James Cameron gifted his wife a field of solar sunflowers to power her sustainable school. In other energy news, Tesla‘s battery-producing Gigafactory is starting to take shape in Nevada — and this week we took a first look at the gigantic building thanks to an aerial drone.

Speaking of Tesla, the automaker has had a tough time opening stories in some states — so it’s taking its show on the road with a new pop-up store! The compact shop packs into a special shipping container that can be transported on a flatbed truck. Self-driving cars are popping up everywhere lately — and Audi’s latest autonomous vehicle is a stunner. At CES Asia, the automaker unveiled a souped-up self-driving R8 with killer looks and an all-electric powertrain. Even Uber is getting in on the action — this past week, the company’s autonomous driving test vehicle was spotted in Pittsburgh, so fleets of self-driving taxis may be right around the corner. And one Volvo owner experienced the chilling pitfalls of self-driving technology as his vehicle crashed into a crowd of people because he didn’t pay for a feature that brakes for humans. Green vehicles also set several records this week — a poop-powered bus broke a world speed record in the UK, and a Canadian inventor set the record for the world’s farthest hoverboard flight.

Before heading out into the sun, you need to check out this latest article. It turns out that 80 percent of popular sunscreens don’t protect your skin — and they may actually be harmful to your health. We rounded up 34 of the worst offenders — so check your sunscreen and avoid these brands at all costs. In other health and technology news, researchers have developed a new bionic lens could give you perfect vision for the rest of your life. The developer of the painless implant claims that it will allow patients to see three times better than 20/20.

Filed under: Misc

Comments

31
May

Hackers On Demand


In 2013, a pair of private investigators in the Bay Area embarked on a fairly run-of-the-mill case surrounding poached employees. But according to a federal indictment unsealed in February, their tactics sounded less like a California noir and something more like sci-fi: To spy on the clients’ adversaries, prosecutors say, they hired a pair of hackers.

Nathan Moser and Peter Siragusa were working on behalf of Internet marketing company ViSalus to investigate a competitor, which ViSalus had sued for poaching some of its former employees. Next, the government alleges, Moser and Siragusa-a retired, 29-year veteran of the San Francisco police department-recruited two hackers to break into the email and Skype accounts of the competing firm. To cover their tracks, they communicated by leaving messages in the draft folder of the Gmail account “krowten.a.lortnoc”-“control a network” in reverse, according to the indictment.

A posting by a person searching for exploits and using the email address of accused hacker Sumit Gupta.

Federal prosecutors did not specify how the defendants found their hackers, but an email address apparently belonging to one of the hackers, Sumit Gupta of Jabalpur, India, was also used last year on the freelancer message board WorkingBase by someone seeking software that could compromise computers running Windows and Microsoft Office. The poster, who was offering $250 to $750, wrote, “Code should be FUD,” meaning fully undetectable, “and fully working. Looking a cheap cost.”

Clients span from executives hoping to gain an edge over their competitors to spurned lovers hoping to spy on their exes.

The California case sheds light on a burgeoning cybercrime market, where freelance hackers, both on public forums and in black markets, cater to everyone from cheating students and jealous boyfriends to law firms and executives, according to Jeffrey Carr, president of Seattle-based security firm Taia Global. He calls the industry “espionage as a service.”

While it is difficult to verify the legitimacy or the quality of the hacker postings on a half-dozen online exchanges that Fast Company examined, some sites boast eBay-like feedback mechanisms that let users vouch for reliable sellers and warn each other of scams. Carr describes a range of expertise, from amateur teenagers wielding off-the-shelf spyware who may charge up to $300 for a single operation, to sophisticated industrial espionage services that make tens of thousands of dollars or more smuggling intellectual property across international lines. “The threat landscape is very complex,” he says. “A hacker group will sell to whoever wants to pay.”

At Hackers List, for instance, hackers bid on projects in a manner similar to other contract-work marketplaces like Elance. Those in the market for hackers can post jobs for free, or pay extra to have their listings displayed more prominently. Hackers generally pay a $3 fee to bid on projects, and users are also charged for sending messages. The site provides an escrow mechanism to ensure vendors get paid only when the hacking’s done.

While Hackers List says it’s intended only for “legal and ethical use” like recovering lost passwords, it boasts about a dozen job listings a day, in some cases to anyone capable of hacking into private websites, social media accounts, and online games.


On Hackers List, customers search for exploits and hackers.

The basic methods of intrusion are often the same: the age-old technique of tricking a target into installing malware by opening an email attachment or a malicious website. “It just works.”

In a report released in March, Europol, the European Union’s law enforcement arm, predicts online networking sites and anonymous cash-transfer mechanisms like cryptocurrencies will continue to contribute to the growth of “crime as a service” and to criminals who “work on a freelance basis . . . facilitated by social networking online with its ability to provide a relatively secure environment to easily and anonymously communicate.”

The environment isn’t always secure. Earlier this month, one security sleuth unmasked the apparent owner of Hackers List as Charles Tendell, a Denver-based security expert. Soon after, Stanford legal scholar Jonathan Mayer crawled the site’s data, revealing the identities of thousands of the site’s visitors and their requests for hacks.

Mayer found only 21 satisfied requests, including “i need hack account facebook of my girlfriend,” completed for $90 in January, “need access to a g mail account,” finished for $350 in February, and “I need [a database hacked] because I need it for doxing,” done for $350 in April. A majority of requests on the service involve compromising Facebook (expressly referenced in 23% of projects) and Google (14%), and are sparked by a business dispute, jilted romance, or the desire to artificially improve grades, with targets including the University of California, UConn, and the City College of New York.

While most requests “are unsophisticated and unlawful, very few deals are actually struck, and most completed projects appear to be criminal,” Mayer wrote on his blog, the requests were a “fair cross-section of the hacks that ordinary Internet users might seek out.” Still, he wrote, Hackers List “certainly isn’t representative of the market for high-end, bespoke attacks.”

Whatever the software or however expert the hackers, the basic methods of intrusion are often the same: the age-old technique of tricking a target into installing malware by opening an email attachment or a malicious website. “It’s like we still use gasoline in gasoline-driven engines,” says Carr, “’cause it just works.”

A Silk Road For Hackers

On the message board site HackForums.net, users openly post ads offering to hack into computers and online accounts, knock servers offline with denial-of-service attacks, and track down strangers’ personal information, all for a fee. Hackers are ranked through a rating system, and high-reputation users even offer “middleman” services, holding cryptocurrency payments in escrow until sellers deliver what they’ve promised.

I dont aks them anything… because I don’t care I just give them a warning that using R.A.T.s for iligal purpeses can get them to jail…

“I will Hunt someone for you and get you all the informations of the person. ( emails, IMs, Social accounts, location, phone number, Home address etc),” says one post on the site, which is registered in the Cayman Islands. “I will hack someone for you and get you all the files, key logs, webcam videos, anything from his system. on your need, i can transfer them on your rat/botnet, so you can play with him.” A RAT is a remote administration trojan: a piece of software that, once surreptitiously installed on your target’s computer, tablet, or phone, allows you to read files, intercept keystrokes, and generally take control of the machine’s operations.

One forum user named Hax0r818 said in a Skype chat that his service, which mentors neophyte RAT users, has had about 300 customers in roughly a year. “I just help them get started because R.A.T.s are not for hacking they were made for parents to check what there children are looking on the net,” he wrote. “I dont aks them anything I dont because I don’t care I just give them a warning that using R.A.T.s for iligal purpeses can get them to jail and I let them agree to my Terms.”

Hax0r818, who would say only that he is under 21 and based in Australia, charges $5 a month in exchange for training RAT novices in using the tools and providing a testbed virtual machine for them to practice on.

In addition to websites accessible through the web, a dozen deep web markets-with names like Hell, Agora, Outlaw, and Nucleus, and only reachable through the Tor browseroffer menus of RATs and other hacking software and services, with transactions conducted in Bitcoin.

“Hacking and social engineering is my business since i was 16 years old, never had a real job so i had the time to get really good at hacking and i made a good amount of money last +-20 years,” writes the owner of Hacker for Hire, a dark web site that charges 200 euros for small jobs and up to 500 euros for larger ones, including “ruining people, espionage, website hacking.” “I have worked for other people before, now im also offering my services for everyone with enough cash here.”

Typical prices for RATs-with names like darkcomet, cybergate, predator pain, and Dark DDoser-range from $20 to $50, according to a December Dell SecureWorks report. This represents a significant drop from the previous year, when the tools typically sold for between $50 and $250. (The price drop may have resulted from the recent leak of some RATs source code.) The price for hacking into a website has also dropped, from a high of $300 to $200, according to the Dell report.

Prices of hacking services online.

One RAT-making group called Blackshades took in more than $350,000 over four years selling a $40 RAT on hacker forums and its own website to thousands of buyers around the world, according to a federal indictment unsealed last May in New York. Customers had used the software to steal financial information and spy on unsuspecting victims through their webcams, officials said.

“The RAT is inexpensive and simple to use, but its capabilities are sophisticated and its invasiveness breathtaking,” Manhattan U.S. Attorney Preet Bharara said at the time. His investigation, part of an “unprecedented” and ongoing global effort, has so far resulted in more than 90 arrests.

Big Business And Big Crime

Hacking software, which can cost up to $3,000 and more, isn’t itself illegal, and can be used for benign tasks like remotely administering servers and monitoring corporate computers. But in practice, these software toolkits and related services are often used for fraud, denial-of-service attacks, or network intrusion.

“If someone is gaining unauthorized access to another computer system, anything digital, that is against the law, that is criminal,” says Jonathan Rajewski, a computer forensic examiner and assistant professor at Vermont’s Champlain College.


Freelance hacker marketplaces.

Hacking software and exploits exist in a legal limbo.

Hacker marketplaces, meanwhile, exist “in legal limbo,” according to Mayer, the Stanford law lecturer. While websites are generally not liable for user misdeeds, there is an exception for federal criminal offenses, including violations of the Computer Fraud and Abuse Act, which governs hacking. That leaves the operators of these markets open to possible accomplice or conspiracy charges, which could land them in prison.

The operator of the Silk Road, where hackers advertised alongside drug sellers, was convicted on hacking conspiracy charges, along with six other counts. A newer dark net marketplace called TheRealDeal Market, also accessible through the anonymized Tor network, focuses specifically on exploit code, though the terms of service say the site allows the sale of anything except child pornography, human trafficking, or “services which involve murder.”

Last week, the U.S. Commerce Department published a proposal that would require anyone selling unpublished “zero-day” exploits internationally to have a license, classifying intrusion software, like other “dual use” items, as potential weapons. The number of zero-day exploits discovered in the wild hit an all-time high last year of 24, according to a recent Symantec report.

The new law could help law enforcement fight hacker black markets, but it would also hinder a number of companies that openly sell intrusion software and software exploits. The French security firm Vupen, which bills itself as a provider of “offensive cyber security,” charges clients-including the NSA-up to $100,000 per year for access to techniques letting them compromise widely used software, from Microsoft Word to popular web browsers and Apple’s iOS. The Italian company Hacking Team has sold RATs to the FBI. Other firms that buy and sell exploits include Netragard and Endgame, as well as larger defense contractors like Northrop Grumman and Raytheon.

Recent estimates have predicted industrial espionage and other digital crime costs companies hundreds of billions of dollars per year. A new study by the Ponemon Institute found that the average cost of a compromised record for a corporate hacking victim rose to $154 in 2014, up 8 percent over the previous year.

Selling To The Highest Bidder

To Carr, the security researcher, the consumer hacking-for-hire market is only the tip of the iceberg. Now, more sophisticated hacker groups are offering their services to wealthy overseas businesses and governments interested in buying “on demand” hacking. An entrepreneur or a C-level executive might hire a hacker to gain an edge over competitors, for instance, or to “hack back” against cyber intruders, a practice that Sony reportedly employed in its effort to fight websites hosting the company’s leaked data.

With so much recent focus on allegations of hacking by government agencies, Carr thinks threats from sophisticated commercial operations have been somewhat overlooked.

Su Bin, a Chinese businessman indicted in the U.S. on hacking charges

“We’ve completely missed until recently the espionage-as-a-service game, and most likely we’ve confused these guys with actual government intelligence agencies or government military operations,” he said.

Hacker groups will generally find work by exploiting connections to unscrupulous companies, either striking deals to obtain particular data or by stealing valuable information themselves and selling it to the highest bidder they can find, according to a white paper recently released by Carr’s firm, Taia Global.

Most likely we’ve confused these guys with actual government intelligence agencies or government military operations.

Carr pointed to the case of a Chinese businessman named Su Bin, who was arrested in Canada last year on charges he worked with two unidentified hackers to steal and sell trade secrets about the F-35 and other military aircraft from U.S. defense contractors. In one email, one of Bin’s alleged accomplices attempts to buy an undetectable copy of “the Poisonivy Program,” a well-known RAT tool that is available in encrypted form, from a HackForums.net seller for just a few dollars.

But in spite of widespread reports about hackers stealing secrets for the Chinese government, Bin, who lived and worked in Canada, seemed more motivated by financial rather than nationalistic interests. “These buyers weren’t necessarily Chinese companies,” according to the Taia Global publication. “One email from Bin . . . indicated that he was unhappy with how cheap one Chinese company’s offer was and that he would look for other buyers.”

One sophisticated espionage-focused group, dubbed Hidden Lynx by security firm Symantec, used two pieces of custom malware to penetrate hundreds of organizations around the world. Based on the variety of targets the group has targeted, Symantec believes it to be an “adaptable and determined” hacker-for-hire organization.

“We believe they’re specifically tasked with going after information and then passing that information to the clients that want it,” said Symantec senior threat analyst Stephen Doherty, one of the authors of the paper, who says his firm has been following dozens of similar groups. “Symantec is tracking over 70 groups from all around the world that fit into the various buckets of those involved in direct espionage, those involved in cybercrime, those maybe doing a bit of both,” he said.

Hidden Lynx, which Symantec says employs between 50 and 100 hackers operating mostly out of China, breached the servers of security firm Bit9 in 2012, making off with security certificates used to digitally sign software Bit9 has certified as safe. The hackers then gained access to computers belonging to political, defense, and financial organizations in the Boston and Washington areas by penetrating web servers likely to be visited by employees of target companies and using them to distribute malware, some of it signed with the stolen Bit9 credentials.

Playing Defense (And Offense)

As hacker groups have become more sophisticated, defensive efforts by international law enforcement and private security groups have grown more coordinated, with the ultimate goal of making such attacks that much less worthwhile, said Doherty. Last year, the tide against Hidden Lynx changed: A coordinated effort by a number of security vendors helped develop better protections against the malware used by the group, Symantec says. “All our indications are that the activity involved with this group has very much gone underground,” he said.

Just because they’re your vendor doesn’t mean you can trust them.

“I think you’re seeing a breakdown of the kind of silos where everyone’s fixing their own, or looking after their own client base,” said Doherty. Previously, he said, “whether it’s an [antivirus] company, or whether it’s a bank, they all would have very much worked close to home, but now we’re seeing a much broader effort. There’s much more visibility into what’s going on.”

Doherty said people and companies hoping to defend against these kinds of attacks should take traditional online security precautions: Keep up to date with software upgrades and security patches, watch for unusual network activity, and take special care to lock down systems known to store valuable company secrets.

Companies should also take careful stock of which third-party vendors have access to their sensitive information, said Carr. “You also need to do due diligence on all of your supply chain,” he said. “You have to be aware of who you’re sharing your data with: Just because they’re your vendor doesn’t mean you can trust them.”

One tactic Carr advises against: “hacking back,” the risky and legally murky technique of retaliating against the networks of criminals who infiltrate corporate networks.

“That’s always a bad idea,” he said. “It’s like that old saying, never pick a fight with a stranger-you don’t know who you’re throwing a punch at. It could be a commando.”

Filed under: Misc

Comments

31
May

Uber will let drivers track your location, but only if you agree


Uber has rewritten its privacy policy to make it easier to grok and added some very important changes. According to the updated guidelines, the ride-sharing app will soon give drivers the power to track your location if you allow it to, so long as it remains running in the background. This, Uber claims, will allow them to pick you up a lot faster than just dropping a pin to signal where you’re waiting. Drivers will be able to meet you on the way, for instance, or right out the door you used to exit a large building. Also, the app will start asking for permission to access your contact list, so the service can send promotional materials to your friends and family.

This update comes after an external review of Uber’s privacy program, prompted by a series of issues and PR catastrophes involving customer privacy. If you recall, some Uber employees used the “God View” tracker embedded in the app to spy on the whereabouts of a Buzzfeed reporter and a high-profile venture capitalist last year. All its corporate employees (but not its drivers) reportedly had access to God View and could monitor a user’s activities. Let’s not forget the time an exec made a remark about hiring a team to dig up personal dirt on journalists that criticize the service, as well.

In addition to the aforementioned changes, the new privacy policy lists what kind of data it collects from customers. It makes clear that Uber keeps a record of your transactions (amount, distance traveled, date and time, et cetera) and gathers info about your device (model, OS version, serial number, UDID, mobile network, preferred language and more). Uber can access any call and SMS details between the driver and yourself, as well as see your device’s IP address, browser, the website you visited before it, so on and so forth.

The new Privacy Statement will take effect on July 15th, so expect to see the app asking you for permission to switch on real-time tracking and to access your address book by then. If you’re not exactly fond of these changes, don’t worry: the company told TechCrunch that the app will work just fine even if you choose not to switch them on.

Filed under: Misc

Comments

Via: TechCrunch

Source: Uber (1), (2)

%d bloggers like this: