Story 1NNSC The Coming Internet-Of-Things Horror Show Similar


The Coming Internet-Of-Things Horror Show

Similar News

Indian hacking gang goes on three-year Chinese phishing trip
Gang has cunning way of hiding itself by using multiple names Suspected hackers based in India have compromised thousands of computers, going about their business as far back as 2013.…
Census 2016: outage due to 'overcautious' response, not hacking, government says
Bureau of Statistics and government deny cyberattack took place, instead blaming it on a ‘confluence of events’The federal government and Australian Bureau of Statistics (ABS) have explained the outage of the online census was the result of a systems failure and an “overcautious” response to a denial of service attack.At a press conference on Wednesday to explain the outage since about 7.30pm on Tuesday, the small business minister, Michael McCormack, blamed the failure on a “confluence of events” but said the system had not been breached and no data was lost. Continue reading...
Kepler gets $5M to launch a network of football-sized IoT network satellites
Kepler Communications has raised $5 million in seed funding to create a network of small, easily replaced satellites to create a real-time network through with internet of things (IoT) devices can communicate, essentially building a cellular network in space through which machinery and equipment can talk to one another and to its handlers. “You can think of it as a cell phone tower… Read More
Will DNC Email Hacking Make Legislators More Friendly To Encryption?
Kashmir Hill is asking an interesting question over at Fusion: in the wake of Democratic National Committee email hacking, will political leaders start scaling back their war on encryption?
UK faces Human Rights challenge to state’s bulk hacking abroad
Privacy rights organization Privacy International has filed another legal challenge to the UK government’s use of bulk hacking against foreigners. The filing, with the European Court of Human Rights, follows Privacy International’s attempt earlier this year to challenge the use of bulk hacking against foreigners via the local oversight court for the UK’s intelligence… Read More
Neue Klage gegen GCHQ-Hacking vor dem Menschengerichtshof
Auch Privacy International und andere Organisationen haben jetzt in Straßburg Beschwerde eingelegt gegen die Internet- und Computerspionage des britischen Geheimdiensts GCHQ. In London waren sie zunächst nicht erfolgreich.
Symantec appoints first cybersecurity czar to woo hacking talent
Uber-nerd Tarah Wheeler aims to build bridges DEF CON Hardcore hackers and the corporate security industry have never really got on that well. Symantec is looking to change that after hiring Tarah Wheeler to act as its cybersecurity czar.…
Privacy warriors drag GCHQ into Euro human rights court over blanket spying, hacking
Brit overseers not interested, so groups ask ECHR instead Having failed in its bid to block GCHQ's hacking activities at the UK's Investigatory Powers Tribunal, advocacy group Privacy International says it will now take its fight with the UK government to the European Court of Human Rights.…
Is The DNC Hacking A New Cold War... Or Just The Continuation Of What Every Intelligence Agency Does?
Various degrees of hand-wringing (and hasty resignations) have greeted the news that our old Cold War foe -- the Russkies -- were behind the hacking of the Democratic National Committee's computers. (And the eventual embarrassment of those caught on unofficial record jumping on the Hillary Clinton bandwagon well before it became clear Bernie Sanders wasn't going to land the nomination.)Certainly, Vladimir Putin gives absolutely no indication that he cares at all what the rest of the world thinks of him, much less the United States. And if the US government feels the Russian government can't be trusted, a) it's probably right and b) Putin will remain unperturbed. There are indications this was done to assist Trump in his presidential run, but I imagine it makes little difference to those handing down hacking orders -- just as long as it embarrassed US government officials and political leaders.But if there's a high road to be had, the US government can't really claim it. As James Bamford explains in his commentary piece for Reuters, US spy agencies haven't exactly stayed out of world affairs, including local elections.
Windows 10 IoT Core for the Raspberry Pi Is Now Easier to Set Up, Adds Remote Client Access and More
Windows 10 on the Raspberry Pi is a great way to create your own internet connected devices , and today Microsoft pushed out an update that makes the set up process a bit easier.
Exploring the security challenges in Linux-based IoT devices
In a talk at the Embedded Linux Conference, Mike Anderson, CTO of The PTR Group, explored the unique security challenges that face Linux-based IoT devices.
XMPP: Swiss Army Knife for IoT (also a History on XMPP/Jabber)
Kazakhstan accused of hacking journos, activists by EFF
Malware Learnings Make Hideous Detriment People of Kazakhstan Black Hat The Electronic Frontier Foundation (EFF) has accused the Kazakhstan Government of sending malware-laced phishing emails to two investigative journalists in the country, along with activists, and family members to help spy, locate and extradite targets.…
LXer: Exploring the security challenges in Linux-based IoT devices
Published at LXer: In a talk at the Embedded Linux Conference, Mike Anderson, CTO of The PTR Group, explored the unique security challenges that face Linux-based IoT devices. Read More......
Free IoT development and management platform adds Arduino
myDevices announced Arduino support for its web- and mobile-based, Raspberry Pi compatible “Cayenne” drag-and-drop IoT development and management platform. Cayenne, with which developers, designers, and engineers can “quickly prototype and share their connected device projects,” has expanded support beyond the Raspberry Pi to Arduino boards, says myDevices.
Hacking the election
During what was likely the first presidential campaign fundraiser held at the Black Hat security conference in Las Vegas, campaigners made their case for Hillary Clinton as the cyber candidate.Last night, Jeff Moss, the founder of Black Hat, and Jake Braun, a former Obama campaign staffer and security consultant to the Department of Homeland Security, pitched Clinton to the security pros… Read More
LXer: Free IoT development and management platform adds Arduino
Published at LXer: myDevices announced Arduino support for its web- and mobile-based, Raspberry Pi compatible “Cayenne” drag-and-drop IoT development and management platform. Cayenne, with which...
The Mr. Robot Hack Report: Hacking Android phones with a rogue femtocell
Mr. Robot is a show built on hacks. The mother of all hacks serves as the big cliffhanger at the end of the show's first season, and nearly every plot development leading up to it was nudged along by some kind of exploit. It’s rare to get through an episode without at least one digital intrusion, often drawn from real life. Each week, we'll be running through Mr. Robot's C Y B E R activities — who got hacked, why, and how much magic would be required to make them actually work.* * * S P O I L E R S F O L L O W * * * Continue reading…
What To Do About Lawless Government Hacking And The Weakening Of Digital Security
The EFF has put a lot of thought into how we should deal with the issue of government hacking and how it impacts digital security, and so we're reposting Andrew Crocker's excellent article here.In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don't have clear, enforceable rules for government activities like hacking and "digital sabotage." And this is no abstract question—these actions increasingly endanger everyone's security.The problem became especially clear this year during the San Bernardino case, involving the FBI's demand that Apple rewrite its iOS operating system to defeat security features on a locked iPhone. Ultimately the FBI exploited an existing vulnerability in iOS and accessed the contents of the phone with the help of an "outside party." Then, with no public process or discussion of the tradeoffs involved, the government refused to tell Apple about the flaw. Despite the obvious fact that the security of the computers and networks we all use is both collective and interwoven—other iPhones used by millions of innocent people presumably have the same vulnerability—the government chose to withhold information Apple could have used to improve the security of its phones.Other examples include intelligence activities like Stuxnet and Bullrun, and law enforcement investigations like the FBI's mass use of malware against Tor users engaged in criminal behavior. These activities are often disproportionate to stopping legitimate threats, resulting in unpatched software for millions of innocent users, overbroad surveillance, and other collateral effects.That's why we're working on a positive agenda to confront governmental threats to digital security. Put more directly, we're calling on lawyers, advocates, technologists, and the public to demand a public discussion of whether, when, and how governments can be empowered to break into our computers, phones, and other devices; sabotage and subvert basic security protocols; and stockpile and exploit software flaws and vulnerabilities.Smart people in academia and elsewhere have been thinking and writing about these issues for years. But it's time to take the next step and make clear, public rules that carry the force of law to ensure that the government weighs the tradeoffs and reaches the right decisions.This long post outlines some of the things that can be done. It frames the issue, then describes some of the key areas where EFF is already pursuing this agenda—in particular formalizing the rules for disclosing vulnerabilities and setting out narrow limits for the use of government malware. Finally it lays out where we think the debate should go from here.Recognizing That Government Intrusion and Subversion of Digital Security Is a Single IssueThe first step is to understand a wide range of government activities as part of one larger threat to security. We see the U.S. government attempt to justify and compartmentalize its efforts with terms like "lawful hacking" and "computer network attack." It is easy for the government to argue that the FBI's attempts to subvert the security of Apple iOS in the San Bernardino case are entirely unrelated to the NSA's apparent sabotage of the Dual_EC_DRBG algorithm. Likewise, the intelligence community's development of the Stuxnet worm to target the Iranian nuclear program was governed by a set of rules entirely separate from the FBI's use of malware to target criminals using Tor hidden services.These activities are carried out by different agencies with different missions. But viewing them as separate—or allowing government to present it that way—misses the forest for the trees. When a government takes a step to create, acquire, stockpile or exploit weaknesses in digital security, it risks making us all less safe by failing to bolster that security.Each of these techniques should involve consideration of the tradeoffs involved, and none of them should be viewed as risk-free to the public. They require oversight and clear rules for usage, including consideration of the safety of innocent users of affected technologies.There is hope, albeit indirectly. In the United States, high-ranking government officials have acknowledged that "cyber threats" are the highest priority, and that we should be strengthening our digital security rather weakening it to facilitate government access. In some cases, this is apparently reflected in government policy. For instance, in explaining the government's policy on software vulnerabilities, the cybersecurity coordinator for the White House and the Office of the Director of National Intelligence have both stated in blog posts that the there is a "strong presumption" in favor of disclosing these vulnerabilities to the public so they can be fixed.But the government shouldn't engage in "policy by blog post." Government action that actively sabotages or even collaterally undermines digital security is too important to be left open to executive whim.Finding Models for Transparency and Limits on When Government Can Harm Digital SecurityWhile government hacking and other activities that have security implications for the rest of us are not new, they are usually secret. We should demand more transparency and real, enforceable rules.Fortunately, this isn't the first time that new techniques have required balancing public safety along with other values. Traditional surveillance law gives us models to draw from. The Supreme Court's 1967 decision in Berger v. New Yorkis alandmark recognition that electronic wiretapping presents a significant danger to civil liberties. The Court held that because wiretapping is both invasive and surreptitious, the Fourth Amendment required "precise and discriminate" limits on its use.Congress added considerable structure to the Berger Court's pronouncements with the Wiretap Act, first passed as Title III of the Omnibus Crime Control and Safe Streets Act of 1968. First, Title III places a high bar for applications to engage in wiretapping, so that it is more of an exception than a rule, to be used only in serious cases. Second, it imposes strict limits on using the fruits of surveillance, and third, it requires that the public be informed on a yearly basis about the number and type of government wiretaps.Other statutes concerned with classified information also find ways of informing the public while maintaining basic secrecy. For example, the USA Freedom Act, passed in 2015 to reform the intelligence community, requires that significant decisions of the FISA Court either be published in redacted form or be summarized in enough detail to be understood by the public.These principles provide a roadmap that can be used to prevent government from unnecessarily undermining our digital security. Here are a few areas where EFF is working to craft these new rules:Item 1: Rules for When Government Stockpiles VulnerabilitiesIt's no secret that governments look for vulnerabilities in computers and software that they can exploit for a range of intelligence and surveillance purposes. The Stuxnet worm, which was notable for causing physical or "kinetic" damage to its targets, relied on several previously unknown vulnerabilities, or "zero days," in Windows. Similarly, the FBI relied on a third party's knowledge of a vulnerability in iOS to access the contents of the iPhone in the San Bernardino case.News reports suggest that many governments—including the U.S.—collect these vulnerabilities for future use. The problem is that if a vulnerability has been discovered, it is likely that other actors will also find out about it, meaning the same vulnerability may be exploited by malicious third parties, ranging from nation-state adversaries to simple thieves. This is only exacerbated by the practice of selling vulnerabilities to multiple buyers, sometimes even multiple agencies within a single government.Thanks to a FOIA suit by EFF, we have seen the U.S. government's internal policy on how to decide whether to retain or disclose a zero day, the Vulnerabilities Equities Process (VEP). Unfortunately, the VEP is not a model of clarity, setting out a bureaucratic process without any substantive guidelines in favor of disclosure, More concerning, we've seen no evidence of how the VEP actually functions. As a result, we have no confidence that the government discloses vulnerabilities as often as claimed. The lack of transparency fuels an ongoing divide between technologists and the government.A report published in June by two ex-government officials—relying heavily on the document from EFF's lawsuit—offers a number of helpful recommendations for improving the government's credibility and fueling transparency.These proposals serve as an excellent starting point for legislation that would create a Vulnerabilities Equities Process with the force of law, formalizing and enforcing a presumption in favor of disclosure. VEP legislation should also:
Uber + Instacart + the IoT—for Your Swimming Pool
ConnectedYard is the kind of company that could only have been cooked up at a backyard barbecue in Silicon Valley
$67M in bitcoin stolen as hacking typhoon lashes Hong Kong's Bitfinex
Withdrawal limits mysteriously evaporated as someone lifted the loot One of the world's most popular Bitcoin exchanges Bitfinex has been torn apart with hackers making off with around US$65 million (£49 million, A$87 million) in the cryptocurrency.…
Clerk printed lottery tickets she didn’t pay for but didn’t break hacking law
Oregon Supreme Court: Woman stole, but she was "authorized" to use lottery machine.
Seven automated hacking systems will compete for a $2 million prize on Thursday
This Thursday, seven teams of researchers will face off in a live hacking challenge at Defcon, competing for a grand prize of $2 million. It’s a common sight at the conference, but this challenge comes with a twist — instead of human teams, Thursday’s challenge will be entirely automated, with experimental software programs hacking, patching, and defending networks with no human intervention.It’s the end of a three-year project by DARPA, the experimental military research group that brought us stealth motorcycles, high-speed self-piloting drones, and the internet. This particular contest is one of DARPA’s Grand Challenges, which have tasked researchers with building robots that can navigate obstacle courses and cars that can drive... Continue reading…
How fog computing pushes IoT intelligence to the edge
As the Internet of Things evolves into the Internet of Everything and expands its reach into virtually every domain, high-speed data processing, analytics and shorter response times are becoming more necessary than ever. Meeting these requirements is somewhat problematic through the current centralized, cloud-based model powering IoT systems, but can be made possible through fog computing. Read More
Donald Trump proves he is a bigger threat to democracy than hacking
Speaking today in Ohio, Donald Trump moved from questioning the integrity of primary elections to questioning the integrity of the upcoming general election, which is not the most shocking thing he's done, but perhaps one of the most dangerous. "I'm afraid the election is going to be rigged," Trump said. Forget conspiracy theories about rigged voting machines and stolen elections — what Trump just said is the real danger.Trump has alarmed people of all political stripes for his ignorant and careless comments, so his latest throwaway remark is not surprising — but it is remarkably threatening nonetheless. US elections aren't plagued by fraud, but they are plagued by routine attempts by state and local governments to blockade minority... Continue reading…
The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse
After sparking a 1.4 million vehicle Chrysler recall, the security researchers offer a new lesson: It could have been---and could still be---much worse. The post The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse appeared first on WIRED.
'Hacking nerves can control disease'
Controlling human nerve cells with electricity could treat a range of disease including type-2 diabetes, a new company says.
FBI's Hacking Tool Found To Have Compromised Dozens Of Computers In Austria
The FBI is already having problems here at home with the hacking tool it deployed during its dark web child porn investigation. A few judges have ruled that the warrant used to deploy the Network Investigative Technique (NIT) was invalid because the FBI's "search" of computers around the United States violated Rule 41(b)'s jurisdictional limits.Now, we'll get to see how this stacks up against international law. It's already common knowledge that the FBI obtained user information from computers around the world during its two weeks operating as the site administrator for the seized Playpen server. More information is now coming to light, thanks (inadvertently) to a foreign government's inquiries into domestic anti-child porn efforts. Joseph Cox of Motherboard has the details:
Why Russia Keeps Getting Away with Hacking America
Why I stopped hacking the Amazon Dash button and learned to solder
The Hacking of the 2016 Election – Did I Write the Script?
Well, it's about time. People are finally realizing how easy it would be to hack an election - assuming it hasn't happened already.
LXer: The Hacking of the 2016 Election – Did I Write the Script?
Published at LXer: Well, it's about time. People are finally realizing how easy it would be to hack an election - assuming it hasn't happened already. Read More......
Hacking imgur for fun and profit
Bruce Schneier Sounds The Alarm: If You're Worried About Russians Hacking, Maybe Help Fix Voting Machine Security
We've been writing about the lack of security (and accountability) in electronic voting machines almost since Techdirt began. Our very first post on the subject, way back in 2000, declared that e-voting is not safe. Of course, over the years, we've seen more and more examples of this, from the Diebold debacle to Sequoia's security disaster. Basically e-voting is a complete clusterfuck. The machines have long been easily hackable, and the companies behind them don't really seem to care much. They frequently don't do common security practices, such as allowing for outside testing of their machines (or, even better, open sourcing their code for security testing). Instead, it's a big "trust us" and any time security researchers have gotten their hands on these things, they've discovered that the trust is totally and completely misplaced. The machines are a disaster.
Security Bots Will Battle in Vegas for Darpa’s Hacking Crown
The contest next week will be a true test of how well software can protect software. If the bots succeed, they could transform the way cybersecurity works. The post Security Bots Will Battle in Vegas for Darpa's Hacking Crown appeared first on WIRED.
What does the former US ambassador to Russia think of Trump's hacking request?
Donald Trump held a news conference in Miami in which he called on Russia to find Hillary Clinton's missing emails. So what does the former US ambassador to Russia think of Trump's comments?
Tutorial shows how to create a cheap, DIY IoT cloud platform
RTL has published a tutorial about creating a secure IoT platform based on its free “SharkSSL-lite” software, plus ARM mbed-enabled SBCs and a low cost VPS. Real Time Logic (RTL), which is known for its BarracudaDrive remote file manager and lightweight, embeddable Mako Server webserver, has released a set of instructions and videos for how […]
LXer: Tutorial shows how to create a cheap, DIY IoT cloud platform
Published at LXer: RTL has published a tutorial about creating a secure IoT platform based on its free “SharkSSL-lite” software, plus ARM mbed-enabled SBCs and a low cost VPS. Real Time Logic...
TechCrunch falls victim to OurMine hacking group
Hackers deface technology site while telling visitors attack is only a security test in latest high-profile breachVerizon-owned prominent technology site TechCrunch has become the latest victim of the OurMine hacking group.
Hacking Game Quadrilateral Cowboy Is a Bit Messy, But You Won’t Forget It
The new PC game "Quadrilateral Cowboy" is a love letter to '80s cyberpunk and collaborative creation. The post Hacking Game Quadrilateral Cowboy Is a Bit Messy, But You Won’t Forget It appeared first on WIRED.
ArchStrike Ethical Hacking Linux Operating System Gets Its First ISO Builds
The ArchStrike developers have announced today that their Arch Linux-based operating system designed for ethical hackers now has official installation mediums as ISO images.
LXer: ArchStrike Ethical Hacking Linux Operating System Gets Its First ISO Builds
Published at LXer: The ArchStrike developers have announced today that their Arch Linux-based operating system designed for ethical hackers now has official installation mediums as ISO images. ...
FBI untersucht Hacking-Vorfall bei US-Demokraten
Extradition ruling in Lauri Love hacking case set for September
US officials want Love to face charges of hacking NASA, the FBI, and the US Army.
Bruce Schneier on the coming IoT security dumpster-fire
Bruce Schneier warns us that the Internet of Things security dumpster-fire isn't just bad laptop security for thermostats: rather, that "software control" (of an ever-widening pool of technologies); interconnections; and autonomy (systems designed to act without human intervention, often responding faster than humans possibly could) creates an urgency over security questions that presents an urgent threat the like of which we've never seen. (more…)
Fare Hacking on BART
Hacking poverty through mobile tech and social entrepreneurship
In Silicon Valley the term “hacker” has evolved to connote high praise for someone particularly creative, ingenious and adept at finding clever new ways to accomplish a difficult task. And it’s with that framework in mind, rather than some of the other meanings that “hack” has represented over time, that I suggested during my recent TEDx talk that Pope Francis and… Read More
This smart home hub uses Tor to make IoT devices secure
I’ve ranted before about lacking security on Internet of Things devices. General consumers are often left to decipher the black box of security on their own or just resign themselves to having faith that companies make it a priority. The internet itself can be pretty insecure, too, which is why some people turn to Tor to help mask their identity. (Although Tor’s been attacked as well.) Now, a non-profit called Guardian Project is taking Tor’s technique for obscuring and encrypting users’ identities and applying it to smart home devices.Guardian Project took a Raspberry Pi and turned it into a smart hub that runs its new HomeAssistant software. The software acts like a Tor hidden service, which keeps server IP addresses hidden.... Continue reading…
Bosses at UK infosec biz Quadsys confess to hacking rival reseller
Sentencing set for September Five men working at UK-based IT security reseller Quadsys confessed today to hacking into a rival's database.…
Geohot will discuss the hacking hardware and the auto industry’s self-driving future at Disrupt SF
When he was seventeen, George “geohot” Hotz became the first person to jailbreak an iPhone, back when Apple really didn’t take too kindly to such things. Three years later, he moved his unlocking efforts over to the PlayStation 3. Again, Sony wasn’t feeling it. The young hacker has since joined forces with a number of high-profile tech corporations, first at… Read More