HackSpace magazine lowers its US print subscription price

In case you don't know, HackSpace is a terrific monthly maker magazine from the U.K. Published by the Raspberry Pi Foundation, HackSpace includes articles by bunnie huang, Andrew Lewis, Marc de Vinck, Sophy Wong, Bob Knetzger, and many other authors you many recognize from the pages of Make: magazine and other domains of the maker movement. I contribute a monthly tips and tutorials column.

One of the great benefits to HackSpace is that it has always been a free PDF for those who can't afford the high (over $100/year) international subscription rate. Well, good news, everyone! You can now get HackSpace for $60 a year (12 issues) and your sub comes with an Adafruit Circuit Playground Express (worth $25). Read the rest

Researchers say Voatz voting app has big security flaws, 4 states using it for 2020 elections anyway

Researchers at MIT say the voting app Voatz, which is being used by at least 4 states in the 2020 elections, has major security flaws that could allow an attacker to intercept and alter votes, while making voters think their votes have been cast correctly, or trick the votes server into accepting connections from an attacker. Read the rest

Feds charge Evil Corp, Russia-based creators of Dridex malware, in $100 million bank hacking spree

The most on-brand name since “Fraud Guarantee.” Read the rest

How China grabbed NSA hacking tools and used them to attack U.S. allies

Chinese spies got a hold of NSA hacking tools, and “repurposed them in 2016 to attack American allies and private companies in Europe and Asia,” reports the NYT. How'd they get those cyberweapons? Symantec researchers “believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers — like a gunslinger who grabs an enemy’s rifle and starts blasting away.” Read the rest

Ex-NSA American mercenaries for UAE used 'Karma' to hack journalists and human rights activists

Former NSA spies have been working for the government of the United Arab Emirates as hacker mercenaries, helping the UAE attack journalists, dissidents, and human rights activists. This is a great read, and a shocking story from Reuters. Read the rest

DHS issues security order after DNS hijack attacks from Iran, 6 agency domains already affected

The Department of Homeland Security on Tuesday issued an “emergency” security alert urging federal civilian agencies to secure login credentials for their respective internet domain records. Read the rest

Marriott hack update: Hotel now admits hackers got passport numbers

The Marriott hotel chain today said that a smaller number of customers were affected by a recent hack than initially estimated, but admitted that the hackers got customer passport numbers. Read the rest

NASA got hacked

It seems that we can't have nice, unhacked things. According to Gizmodo, someone has hacked NASA's personnel database to gain access to social security numbers and other personal information of the space agency's staff.

News of the security breach was only disseminated via memo to NASA's employees on December 18th, despite the fact that the agency became aware of the hack back on October 23rd.

From Gizmodo:

According to the memo, NASA is working with federal investigators to determine the extent of the breach and who might be responsible. It said that servers were accessed that contained the personal information of employees that worked at the agency between July 2006 and October 2018. The message was sent to inform employees to take the necessary precautions to prevent possible identity theft. It seems that investigators still haven’t narrowed down the employees who may have been effected, however the agency promised to notify individuals as that information becomes available.

When contacted for comment by Gizmodo, a NASA spokesperson could not say exactly how many employees’ information was potentially exposed, but they did confirm that the agency “does not believe that any agency missions were jeopardized by the intrusions.”

If anyone knows who's responsible for the hack, they're keeping their mouths shut about it. Hacking's so hot right now -- the breach could have been pulled off by anyone from a code-savvy lone-acting lady at a coffee shop to a high-falootin' government sponsored collective in Eastern Europe. Also, China. It'll be interesting to see what, if anything, is done with information that was obtained during the hack. Read the rest

Sandsifter program finds bugs, secret instructions and other oddities in computer processors

Sandsifter throws random machine code instructions at microprocessors, just to see what happens.

The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor's instruction set, and monitoring execution for anomalies. Sandsifter has uncovered secret processor instructions from every major vendor; ubiquitous software bugs in disassemblers, assemblers, and emulators; flaws in enterprise hypervisors; and both benign and security-critical hardware bugs in x86 chips.

With the multitude of x86 processors in existence, the goal of the tool is to enable users to check their own systems for hidden instructions and bugs.

I demand to see this scene in technothrillers pronto. Read the rest

Russian agents allegedly tried to hack lab associated with Skirpal poisoning investigation

The Organization for the Prohibition of Chemical Weapons (OPCW) has been elbows-deep in the investigation of the Novichok nerve agent attack on Sergei and Yulia Skirpal. As part of their investigation into where the nerve agent may have originated, the OPCW sent samples of the chemical weapon to a number of independent labs.

Using multiple labs provides a fail safe against false positive results and bias – two things you'd want to avoid considering the fact that the results of the tests could trigger a significant international incident. One of the labs that the OPCW may have used (I mean, they're not going to come right out and say that this is where they're sending dangerous shit) was Switzerland's Spiez Laboratory. Since Russia has denied that it had any role in the poisoning of the Skirpals and the other collateral victims of the Novichok attack, it's really really surprising to be surprised by the surprise expulsion of two Russian intelligence agents (surprise!) from The Hague, where OPCW is based. Apparently, they were trying to tinker with Spiez Laboratory's computers.

From NPR:

Swiss and Dutch authorities did not immediately respond to NPR's request for comment. Andreas Bucher, a spokesperson for Spiez Laboratory, also declined to comment on the deportations. However, he confirms the laboratory's computer systems have been probed by unknown hackers in recent months.

"We've had indications that we were in the crosshairs," Bucher says. No data has been stolen from the lab, he adds.

Although Spiez Laboratory has not officially acknowledged receiving a sample, it is widely believed to have done so, according to Jean Pascal Zanders, an independent chemical weapons expert based in France.

Read the rest

Former NSA contractor Reality Winner sentenced to 5+ years in prison for leaking secret report on Russian election hacking to The Intercept

Former Air Force language specialist and intelligence contractor Reality Winner has been sentenced to 63 months in prison. Read the rest

DNC alerts FBI to phishing attack on its voter database

The Democratic National Committee called the FBI Tuesday, after discovering what the DNC says was the early phase of a sophisticated phishing attempt to hack its voter database. Read the rest

Facebook kills 652 more political disinformation accounts, Russia and Iran blamed

Facebook announced today they are taking down 652 pages, groups and fake accounts for "coordinated inauthentic behavior." Read the rest

'I've had Twitter sex with 12 Russian hackers,' nude model who sexted Guccifer 2.0 tells tabloids

A former nude model and “Bond girl” exchanged sexual messages via Twitter with the online persona now believed to be an unknown number of Russian spies who are accused of attacking the 2016 US elections, the UK tabloid Sun Online posted today.

They're really awful and I don't want to link to them, but this is too rich, you guys. Motherboard has a more credible piece up, you should read that one, too.

In today's garbage interview, Robbin Young told The Sun she "fell madly in love" with Twitter user Guccifer 2.0, and sent him photographs of her breasts and exchanged sexually explicit messages with him or them.

Excerpt:

She was left stunned last week after the US government announced it had indicted 12 Russian spies who they believe ran the Guccifer 2.0 account, hacked into Democratic party computers and leaked stolen documents in a bid to interfere with the 2016 election result.

In an exclusive interview, Robbin, 63, told Sun Online: "I thought he was one Romanian man and I fell in love with him - now to be told it could have been 12 Russian spies running that account - I'm shocked.

"If this is all true it's like I've had Twitter sex with 12 Russian hackers."

Robbin Young once starred with ​007 Roger Moore in 'For Your Eyes Only.'

Guccifer is no Roger Moore.

Get a load of this shit.

In one message he wrote: "Wow u r making me breath harder .. ur soul's so pure and unspoiled ..

Read the rest

WATCH: U.S. intel chief warns of new cyberattacks on U.S. infrastructure by Russia, North Korea, Iran, China

The “warning lights are blinking red again,” said the American government's top intelligence official on Friday.

Director of National Intelligence Dan Coats warned of newly resurgent threats by Russia, Iran, North Korea, and China on critical U.S. infrastructure while speaking at the Hudson Institute think tank.

Coats happened to be speaking at the event just after the Department of Justice revealed an indictment against 12 Russian military agents for hacking the 2016 U.S. presidential elections. Read the rest

John Kelly's phone was hacked

NEW REPORTING CONFIRMS what previous stories speculated: chief of staff John Kelly's phone was hacked, and now they know where. They still don't know by whom, or how, or why, or what the damage was. Read the rest

FBI says to reboot your router ASAP to avoid Russia malware VPNFilter

Have you tried turning it off and on again?

The FBI sent out an urgent bulletin advising anyone with a home or small office internet router to immediately turn it off and then turn it on again as a way to help stop the spread of a malware outbreak with origins in Russia. Read the rest

More posts