Chrome is about to start warning users that non-HTTPS sites are insecure

achtung-svg-png

An imminently forthcoming version of Google's Chrome browser will flip the way that browsers convey information about privacy and security to users: instead of discreetly informing users that the HTTPS-enabled sites they're browsing are more secure, they'll flag any non-HTTPS site as insecure, with a series of escalating alerts that will end -- at some unspecified date -- by displaying an exclamation point inside red triangle and the letters HTTP next to the web addresses of non-HTTPS sites. Read the rest

Internet of Things botnet threatens to knock the entire country of Liberia offline

un-liberia-png

The various Mirai botnets, which use "clumsy, amateurish code to take over even more clumsy and amateurish CCTVs, routers, PVRs and other Internet of Things devices, have been responsible for some eye-popping attacks this season: first there was the 620Gbps attack on journalist Brian Krebs (in retaliation for his coverage of a couple of petty Israeli crooks); then there was the infrastructure attack that took out Level 3, Netflix, Twitter, Dyn, and many more of the internet's best-defended services. Read the rest

UK hospitals shut down by malware, advise patients to go somewhere else for the duration

hospital-major-incident-grab

3 NHS hospitals under the Northern Lincolnshire and Goole NHS Foundation Trust have been infected by "a virus" that administrators detected on Sunday; the hospitals are on limited operations and turning away patients until the hospitals can "isolate and destroy" the malware. Read the rest

New, fast-spreading IoT botnet hybridizes two less-effective strains to achieve quick dominance

8001

Linux/IRCTelnet is a new strain of Internet of Things malware that borrows its password-guessing routines from Mirai, the malware that helped take down Paypal, Netflix and Twitter, and adds them to the scanning routines from a newer IoT bot called Bashlight. Read the rest

Leading DNS experts say they've found a secret dedicated link between Trump and a giant Russian bank

pol_161031_screenshotlarge-png

After the DNC hack, security experts began playing close attention to the security of servers associated with the Trump campaign, on the assumption that if the Democrats had been targeted, the Republicans would be, too. Read the rest

Unsecured Internet of Things gadgets get hacked within 40 minutes of being connected to the net

960c3530a

The Atlantic's Andrew McGill set up a virtual server on Amazon's cloud that presented to the internet as a crappy, insecure Internet of Things toaster; 41 minutes later, a hacked IoT device connected to it and tried to hack it. Within a day, the "toaster" had been hacked more than 300 times. Read the rest

Sneaky ultrasonic adware makes homes vulnerable to ultrasonic hacking

ear_e-2_psf-png

Earlier this year, companies like Silverpush were outed for sneaking ultrasonic communications channels into peoples' devices, so that advertisers could covertly link different devices to a single user in order to build deeper, more complete surveillance profiles of them. Read the rest

Free cybersecurity course from the University of Helsinki and F-Secure

maxresdefault

It's free for anyone to take, and Finns can get credit at the Open University of University of Helsinki (yes, that's what it's called). Read the rest

Every Android device potentially vulnerable to "most serious" Linux escalation attack, ever

mud_cow_racing_-_pacu_jawi_-_w

The Dirty Cow vulnerability dates back to code included in the Linux kernel in 2007, and it can be trivially weaponized into an easy-to-run exploit that allows user-space programs to execute as root, meaning that attackers can take over the entire device by getting their targets to run apps without administrator privileges. Read the rest

Audit reveals significant vulnerabilities in Truecrypt and its successors

050-056c026d-1c66-4d42-9fae-a8

Veracrypt was created to fill the vacuum left by the implosion of disk-encryption tool Truecrypt, which mysteriously vanished in 2014, along with a "suicide note" (possibly containing a hidden message) that many interpreted as a warning that an intelligence agency had inserted a backdoor into the code, or was attempting to force Truecrypt's anonymous creators to do so. Read the rest

Donald Trump's mail-servers are running Windows 2003

050-056c026d-1c66-4d42-9fae-a8

Security researcher Kevin Beaumont had a look at the mail servers operated by the Trump organization and found a veritable dumpster fire: systems running Windows 2003 (!), unpatched, badly configured. Read the rest

California DMV thinks "INFOS3C" is a dirty word

license_20161017210841_22288

The California DMV has rejected Opendns founder David Ulevitch's application for an "1NFOS3C" vanity license plate because it includes "a term of lust or depravity." Read the rest

After being outed for massive hack and installing an NSA "rootkit," Yahoo cancels earnings call

national_security_agency_headq

What do you do if your ailing internet giant has been outed for losing, and then keeping silent about, 500 million user accounts, then letting American spy agencies install a rootkit on its mail service, possibly scuttling its impending, hail-mary acquisition by a risk-averse, old economy phone company? Just cancel your investor call and with it, any chance of awkward, on-the-record questions. (via /.) Read the rest

Joi Ito interviews Barack Obama for Wired: machine learning, neurodiversity, basic research and Star Trek

ito1-1

Joi Ito (previously) -- director of MIT Media Lab, former Creative Commons chief, investor, entrepreneur, and happy mutant -- interviewed Barack Obama for a special, Obama-edited issue of Wired. Read the rest

Information security needs its own National Institutes of Health

nih_clinical_research_center_a

Superstar security researcher Dan Kaminsky (previously) wants to create a "National Institutes of Health for computer security" -- a publicly funded research institution that figures out how to prevent and cope with large-scale security issues in networked devices. Read the rest

The clumsy, amateurish IoT botnet has now infected devices in virtually all of the world's countries

1476217504747570

Mirai, the clumsily written Internet of Things virus that harnessed so many devices in an attack on journalist Brian Krebs that it overloaded Akamai, has now spread to devices in either 164 or 177 countries -- that is, pretty much everywhere with reliable electricity and internet access.

Imperva, a company that provides protection to websites against Distributed Denial of Service (DDoS) attacks, is among the ones who have been busy investigating Mirai. According to their tally, the botnet made of Mirai-infected devices has reached a total of 164 countries. A pseudonymous researcher that goes by the name MalwareTech has also been mapping Mirai, and according to his tally, the total is even higher, at 177 countries.

Internet of Things Malware Has Apparently Reached Almost All Countries on Earth [Lorenzo Franceschi-Bicchierai/Motherboard] Read the rest

The Copyright Office wants your comments on whether it should be illegal to fix your own stuff

1201-cases-5-og

Under Section 1201 of the DMCA, a law passed in 1998, people who fix things can be sued (and even jailed!) for violating copyright law, if fixing stuff involves bypassing some kind of copyright lock; this has incentivized manufacturers so that fixing your stuff means breaking this law, allowing them to decide who gets to fix your stuff and how much you have to pay to have it fixed. Read the rest

More posts