Tuesday, 12 December 2017

On 23:22 by Vismit Rakhecha   No comments
President Donald Trump signed into law  legislation that bans the use of Kaspersky Lab within the US government, capping a months-long effort to purge the Moscow-based antivirus firm from federal agencies amid concerns it was vulnerable to Kremlin influence.
A view shows the software produced by Russia's Kaspersky Lab at the company's office in Moscow, Russia. Image: Reuters

The ban, included as part of a broader defense policy spending bill that Trump signed, reinforces a directive issued by the Trump administration in September that civilian agencies remove Kaspersky Lab software within 90 days. The law applies to both civilian and military networks.
“The case against Kaspersky is well-documented and deeply concerning. This law is long overdue,” said Democratic Senator Jeanne Shaheen, who led calls in Congress to scrub the software from government computers. She added that the company’s software represented a “grave risk” to US national security.
Kaspersky Lab has repeatedly denied that it has ties to any government and said it would not help a government with cyber espionage. In an attempt to address suspicions, the company said in October it would submit the source code of its software and future updates for inspection by independent parties.
US officials have said that step, while welcomed, would not be sufficient.
In a statement, Kaspersky Lab said it continued to have “serious concerns” about the law “due to its geographic-specific approach to cybersecurity.”
It added that the company was assessing its options and would continue to “protect its customers from cyber threats (while) collaborating globally with the IT security community to fight cybercrime.”
On Tuesday, Christopher Krebs, a senior cybersecurity official at the Department of Homeland Security, told reporters that nearly all government agencies had fully removed Kaspersky products from their networks in compliance with the September order.
Kaspersky’ official response to the ban did not appear to contain any information that would change the administration’s assessment of Kaspersky Lab, Krebs said.
On 23:15 by Vismit Rakhecha in    No comments
In 2017, the fingerprint reader is still the most common and preferred method when it comes to securing a smartphone. Up until this point, the sensor has always been exposed on the exterior of the device in plain sight. While companies have been talking about relocating it under the display for a couple years now, no one has released a device into retail distribution with this technology. Earlier in the year, Vivo showed off a prototype featuring its under-display fingerprint scanner. Now, Synaptics has revealed its own fingerprint sensor that can reside under a display.

The firm announced that the new fingerprint sensor, the Clear ID FS9500, has gone into mass production and is specifically designed for smartphones. According to Synaptics, the sensor will even function properly with wet, dry, or even cold fingers. Like its other products, the sensor is secure, guarded by technologies like SentryPoint, Quantum Matcher, PurePrint, and SecureLink.

Kevin Barber, senior vice president and general manager of Synaptics' Mobile Division stated:
“Consumers prefer fingerprint authentication on the front of the phone, and with the industry quickly shifting to bezel-free OLED infinity displays, the natural placement of the fingerprint sensor is in the display itself.”
“Synaptics’ Clear ID fingerprint sensors are faster, more convenient, and more secure than alternative biometrics, and this optical technology represents a major innovation shift and opportunity for the smartphone market.”

The firm closed by stating that a handset with the technology will be revealed at CES 2018, which is less than a month away.
On 23:11 by Vismit Rakhecha   No comments
The Fedora Project has announced that the year-old Fedora 25 has now reached end-of-life (EOL) status as of December 12th. Since its release last November, the Fedora Project has pushed out two subsequent releases; Fedora 26 and Fedora 27.

The Fedora Project has a somewhat intriguing release cycle which is different to that of Ubuntu and its derivatives. In a blog post, the Fedora Project said:
“[We provide] updates for a particular release until a month after the second subsequent version of Fedora is released. For example, updates for Fedora 26 continue until one month after the release of Fedora 28. Fedora 27 continues to be supported up until one month after the release of Fedora 29.”
Fedora releases have been known in the past to miss expected release dates so, therefore, the support cycle that the maintainers have opted for is definitely one of the better options. The main reason for such short release cadences is because the distributions aim to offer bleeding edge features upon a reasonably stable base.

Fedora 25 was a huge release for the wider Linux community because it was one of the first big distributions to launch with the Wayland display server which replaced the legacy X11 system, giving the new technology more legitimacy. Wayland’s developers claim that their software is smoother, offers a richer experience for graphical environments, and offers better capabilities for modern graphics hardware.

If you're still on Fedora 25 you're recommended to upgrade to a newer version to continue receiving updates for your system.

Monday, 11 December 2017

On 02:03 by Vismit Rakhecha   No comments
Yesterday, the Chicago Board Options Exchange (CBOE) officially launched its much-anticipated Bitcoin future contracts. Things haven't gone over too smoothly, with the exchange crashing shortly after the 6 AM EST opening. The exchange quickly pointed out on Twitter that trades have not been affected by the website experiencing downtime. Bitcoin, on the other hand, has seen extreme swings recently, dropping from a high of around $19,000 last week, to $14,500 just before these futures went on sale.

However, it seems that the excitement for these contracts was quite palpable. According to Coindesk, the price of Bitcoin quickly jumped shortly after to around $15,732. Future prices saw even greater surges. For example, the January 17, 2018 price of Bitcoin reached $18,700 at time of publishing, with the February 17 price for the same year hitting $19,090. The CBOE is the first major exchange to offer Bitcoin futures in the US, with the CME Group following next week, as we reported previously.

Future contracts allow individual investors or larger entities the ability to buy Bitcoin - or any other commodity - ahead of time at a price that is determined by the contract before it expires. If the price is higher, or lower than the actual market price after the fact, it will have no effect, and the contract is still valid.

In other Bitcoin news, last week the mining platform NiceHash experienced a security breach that saw its entire corporate Bitcoin wallet being emptied. Since then the company has launched a full-scale investigation into this event, promising full disclosure to those affected. It noted that operations would be stopped for 24 hours, however, it has yet to go live again.

This followed the announcement by Steam, which stopped accepting the cryptocurrency in trade for games and services, reportedly due to the extremely high transaction costs and the time it takes to validate a single payment. It comes as no surprise, since it was found that one Bitcoin transaction consumes enough energy to power an average US home for a week - although some disagree with this.

Investors in Bitcoin have been targeted as well, with the UK government announcing its intention to force companies like Coinbase to disclose the holdings, transactions, and trades exceeding $20,000 in a bid to curb tax evasion.

Sunday, 10 December 2017

On 23:57 by Vismit Rakhecha   No comments

It’s the holiday season and everyone is looking for a deal, I get it.  But, you still need to be on the lookout for a good old fashioned scam.  Someone asked me about a GTX 960 the other day they found on eBay and after a quick look I knew something was fishy. After all a GeForce GTX 960 4GB for $39 is a heck of a deal. Sure, it’s an older arch, but depending on what games they’re playing it might be more than enough.
Except I’ve never seen this particular design on a GTX 960. In fact, it reminded me of an older ‘scam’ I’ve seen in the past with a GTX 750 Ti, so a little digging was in order.  I almost ordered one myself as I found tons of them on eBay ranging from $39-$50 and all were ‘sponsored’, meaning they would be more noticeable than legitimate GTX 960s being sold on eBay. Thankfully the bozos trying to scam people put up a poorly Photoshopped GPU-Z screen where they simply changed the card name.
So what is it you’re actually getting for the $50 you’re getting scammed out of? Well, looking at the GPU-Z screenshot, I saw several huge indicators that this wasn’t a GTX 960:
  • Core Count
  • Memory Bandwidth
  • Shader Clock
They were sorta slick with this one, after all they had the name right and even the Vendor ID, but those few things caught my eye real quick.  Memory bandwidth of 57.7GB/s is a far cry from the 112.2GB/s that the GTX 960 pumps out, at least they got the 128 bit bus right.  The biggest offender comes in the form of them leaving the Shader Clock displayed as NVIDIA hasn’t used this since they moved from Fermi. 
At the end of the day, what you’re really getting for your hard earned money is really just a GTS 450.  A card that is hardly comparable to a GTX 960 in any way other than being made by NVIDIA.  First gen Fermi even.  Just compare the specs that weren’t edited to the spec page from NVIDIA themselves and you’ll see that they’re the same.
But Keith, the scam card says it has 4GB and we know the GTS 450 was a 1GB card.  Okay, I’ll give you that since the most likely memory capacity you’ll find on a GTS 450 was 1GB of GDDR5.  I did a little looking, using Google, and found a model that was available in China with 4GB of DDR3 so it’s likely that this where all these cards are coming from.

Long story short: don’t get caught by this scam and warn your friends or family to be cautious of listings that are too good to be true.  If you’re not in tune with the industry very well I could easily see how you could fall prey to a listing like this.  After all, one of the listings sold over 60 units in one day.
On 23:51 by Vismit Rakhecha   No comments

An Australian airport had sensitive security details and building plans stolen after its computer systems were hacked.Perth Airport was hacked by Vietnamese man Le Duc Hoang Hai, who used the credentials of a third-party contractor to get access to the systems in March last year, The West Australian has reported.
Hai, 31, has been jailed by the Vietnamese military court for four years for illegally accessing Perth Airport’s corporate network in 2016.
Kevin Brown, Perth Airport CEO, said in a statement issued to Nine.com.au: “We detected a cyber intrusion of one of our networks in 2016 and notified the Australian Cyber Security Centre and the Australian Federal Police.
“The assistance and hard work of these two agencies has resulted in the successful identification and prosecution of the individual responsible for the cyber intrusion.
“Based on evidence gathered by the Australian Federal Police, it appears that credit card theft was the motivation for the illegal accessing of our system.
“No personal data of members of the public, such as details of credit card numbers, was accessed but other Perth Airport documents were taken.”
Brown said the airport has completed a full risk assessment of the data stolen and concluded there was no threat or risk to the travelling public.
“At no time was the safety or security of the airport, its staff, passengers or partners compromised,” he said.
Perth Airport has since invested $2 million in additional security measures.
Prime Minister Malcolm Turnbull’s cybersecurity adviser Alastair MacGibbon told The West Australian the man stole “a significant amount of data” relating to the airport, including building schematics and details of physical security at airport buildings.
MacGibbon said Hai did not access radars or other systems.
He explained Perth Airport detected the hack, passing the information on to the Federal Government’s cybersecurity centre in Canberra.
The AFP traced the hack to Vietnam and police there were tipped off and began investigating which culminated in Hai’s arrest.
He was sentenced to four years jail last week.
It emerged Perth Airport wasn’t his only target – Hai was found to have hacked infrastructure and websites in Vietnam, including banks, telecommunications and an online military newspaper.
Perth Airport is thought to have been his only Australian-based target.

Thursday, 7 December 2017

On 05:25 by Vismit Rakhecha   No comments
Cyber-criminals will use Artificial Intelligence (AI) and Machine Learning (ML) to explore victims' networks in 2018, global cybersecurity leader Symantec said on 7 December.
Image: Reuters

Furthermore, the Internet of Things (IoT) devices will be hijacked and used in Distributed Denial of Service (DDoS) attacks, warned Tarun Kaura, Director, Product Management, APJ, Symantec.
"2018 is the first year where we will see AI versus AI in a cybersecurity context. Cybercriminals will use AI to attack and explore victims' networks, which is typically the most labour-intensive part of compromise after an incursion," Kaura said in a statement.
In 2017, we saw massive DDoS attacks using hundreds of thousands of compromised IoT devices in people's homes and workplaces to generate traffic. "This is not expected to change with cyber-criminals looking to exploit the poor security settings and management of home IoT devices," Kaura added.
The inputs and sensors of these IoT devices will also be hijacked, with attackers feeding audio, visual or other faked inputs to make these devices do what they want rather than what users expect them to do.
Beyond DDoS attacks and ransomware, home IoT devices will be compromised by cyber criminals to provide persistent access to a victim's network. "Home users generally do not consider the cybersecurity implications of their home IoT devices, leaving default settings and not vigilantly updating them like they do with their computers," Kaura said.
Persistent access means that no matter how many times a victim cleans their machine or protects their computer, the attacker will always have a backdoor into victims' network and the systems that they connect to.
When it comes to Blockchain technology, instead of attacking Blockchain technology itself, cybercriminals will focus on compromising coin-exchanges and users' coin-wallets since these are the easiest targets, and provide high returns.
Supply chain attacks have been a mainstay of the classical espionage and signals-intelligence operators, compromising upstream contractors/systems/companies and suppliers. "They are proven to have a high-level of effectiveness, with nation-state actors using a mix of human intelligence to compromise the weakest link in the chain," Symantec said.