Statcheck: a data-fakery algorithm that flagged 50,000 articles

050-056c026d-1c66-4d42-9fae-a8

Michèle B. Nuijten and co's statcheck program re-examines the datasets in peer-reviewed science and flags anomalies that are associated with fakery, from duplication of data to internal inconsistencies. Read the rest

300 million Adultfriendfinder accounts breached

050-056c026d-1c66-4d42-9fae-a8

Adultfriendfinder, "the world's largest sex & swinger community," has suffered a major breach, leaking 300,000,000 accounts' worth of personal information, namely email addresses, passwords, usernames, IP addresses and browser information. Read the rest

Anti-burglary advice, from burglars

050-056c026d-1c66-4d42-9fae-a8

KGW Portland surveyed 86 Oregon inmates serving time for burglary to see what they looked for when casing a house that is safe to break into and likely to contain valuables. One important lesson: "NRA sticker on car bumper = Lots of guns to steal." Read the rest

The internet's core infrastructure is dangerously unsupported and could crumble (but we can save it!)

image-i35w_collapse_-_day_4_-_

Nadia Eghbal's Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure is a long, detailed report on the structural impediments to maintaining key pieces of free/open software that underpin the internet -- it reveals the startling fragility of tools that protect the integrity, safety, privacy and finances of billions of people, which are often maintained by tiny numbers of people (sometimes just one person). Read the rest

A lightbulb worm could take over every smart light in a city in minutes

animation-2

Researchers from Dalhousie University (Canada) and the Weizmann Institute of Science (Israel) have published a working paper detailing a proof-of-concept attack on smart lightbulbs that allows them to wirelessly take over the bulbs from up to 400m, write a new operating system to them, and then cause the infected bulbs to spread the attack to all the vulnerable bulbs in reach, until an entire city is infected. Read the rest

Chrome is about to start warning users that non-HTTPS sites are insecure

achtung-svg-png

An imminently forthcoming version of Google's Chrome browser will flip the way that browsers convey information about privacy and security to users: instead of discreetly informing users that the HTTPS-enabled sites they're browsing are more secure, they'll flag any non-HTTPS site as insecure, with a series of escalating alerts that will end -- at some unspecified date -- by displaying an exclamation point inside red triangle and the letters HTTP next to the web addresses of non-HTTPS sites. Read the rest

Internet of Things botnet threatens to knock the entire country of Liberia offline

un-liberia-png

The various Mirai botnets, which use "clumsy, amateurish code to take over even more clumsy and amateurish CCTVs, routers, PVRs and other Internet of Things devices, have been responsible for some eye-popping attacks this season: first there was the 620Gbps attack on journalist Brian Krebs (in retaliation for his coverage of a couple of petty Israeli crooks); then there was the infrastructure attack that took out Level 3, Netflix, Twitter, Dyn, and many more of the internet's best-defended services. Read the rest

Artist celebrates Patriot Act's anniversary by handing out "Official Air Travel Replacement Knives" to arriving SFO passengers

knives-michele-pred-720x720

Last week, artist Michelle Pred celebrated the anniversary of the Patriot Act by dressing up as an old-timey Pan Am flight attendant (she wore her mother's old Pan Am hat!) and handing out "Official Air Travel Replacement Knives" to people waiting for their bags at SFO (she had 50 knives, but it took more than 50 tries to give them away, as more than half of the people she approached refused to engage with her). Read the rest

UK hospitals shut down by malware, advise patients to go somewhere else for the duration

hospital-major-incident-grab

3 NHS hospitals under the Northern Lincolnshire and Goole NHS Foundation Trust have been infected by "a virus" that administrators detected on Sunday; the hospitals are on limited operations and turning away patients until the hospitals can "isolate and destroy" the malware. Read the rest

Researchers trick facial recognition systems with facial features printed on big glasses

050-056c026d-1c66-4d42-9fae-a8

In Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition, researchers from Carnegie-Mellon and UNC showed how they could fool industrial-strength facial recognition systems (including Alibaba's "smile to pay" transaction system) by printing wide, flat glasses frames with elements of other peoples' faces with "up to 100% success." Read the rest

New, fast-spreading IoT botnet hybridizes two less-effective strains to achieve quick dominance

8001

Linux/IRCTelnet is a new strain of Internet of Things malware that borrows its password-guessing routines from Mirai, the malware that helped take down Paypal, Netflix and Twitter, and adds them to the scanning routines from a newer IoT bot called Bashlight. Read the rest

Leading DNS experts say they've found a secret dedicated link between Trump and a giant Russian bank

pol_161031_screenshotlarge-png

After the DNC hack, security experts began playing close attention to the security of servers associated with the Trump campaign, on the assumption that if the Democrats had been targeted, the Republicans would be, too. Read the rest

Unsecured Internet of Things gadgets get hacked within 40 minutes of being connected to the net

960c3530a

The Atlantic's Andrew McGill set up a virtual server on Amazon's cloud that presented to the internet as a crappy, insecure Internet of Things toaster; 41 minutes later, a hacked IoT device connected to it and tried to hack it. Within a day, the "toaster" had been hacked more than 300 times. Read the rest

Sneaky ultrasonic adware makes homes vulnerable to ultrasonic hacking

ear_e-2_psf-png

Earlier this year, companies like Silverpush were outed for sneaking ultrasonic communications channels into peoples' devices, so that advertisers could covertly link different devices to a single user in order to build deeper, more complete surveillance profiles of them. Read the rest

Insecure internet-connected "honeypot" toaster hacked within an hour

lead_960

Andrew McGill's internet-connected toaster isn't really a toaster: it's a "honeypot" designed to resemble the insecure "internet of things" gadgets— cameras, LED lightbulbs, fridges, etc—that make up the vast botnets behind recent internet attacks. The honeypot was hacked within an hour.

I switched on the server at 1:12 p.m. Wednesday, fully expecting to wait days—or weeks—to see a hack attempt.

Wrong! The first one came at 1:53 p.m.

Lots of the hacking attempts use the password xc3511, the factory default of many old webcams. Amazing. I love the little bot's eye view of the toaster! Read the rest

Free cybersecurity course from the University of Helsinki and F-Secure

maxresdefault

It's free for anyone to take, and Finns can get credit at the Open University of University of Helsinki (yes, that's what it's called). Read the rest

Every Android device potentially vulnerable to "most serious" Linux escalation attack, ever

mud_cow_racing_-_pacu_jawi_-_w

The Dirty Cow vulnerability dates back to code included in the Linux kernel in 2007, and it can be trivially weaponized into an easy-to-run exploit that allows user-space programs to execute as root, meaning that attackers can take over the entire device by getting their targets to run apps without administrator privileges. Read the rest

More posts