Случайны выбор дневника Раскрыть/свернуть полный список возможностей

Найдено 6402 сообщений
Cообщения с меткой

security - Самое интересное в блогах

Следующие 30  »

"Smart home" companies refuse to say whether law enforcement is using your gadgets to spy on you

Суббота, 20 Октября 2018 г. 15:47 (ссылка)

Transparency reports are standard practice across the tech industry, disclosing the nature, quantity and scope of all the law enforcement requests each company receives in a given year.

But there's a notable exception to this practice: the "smart home" companies who sell you products that fill your house with gadgets that know every intimate fact of your life -- all-seeing eyes, all-listening ears, all-surveillance network taps. The companies that sell these products refuse to say whether (or how) they are being suborned to serve as state surveillance adjuncts by law enforcement.

What the smaller but notable smart home players said

August, a smart lock maker, said it “does not currently have a transparency report and we have never received any National Security Letters or orders for user content or non-content information under the Foreign Intelligence Surveillance Act (FISA),” but did not comment on the number of subpoenas, warrants and court orders it receives. “August does comply with all laws and when faced with a court order or warrant, we always analyze the request before responding,” a spokesperson said.

Roomba maker iRobot said it “has not received any demands from governments for customer data,” but wouldn’t say if it planned to issue a transparency report in the future.

Both Arlo, the former Netgear smart home division, and Signify, formerly Philips Lighting, said they do not have transparency reports. Arlo didn’t comment on its future plans, and Signify said it has no plans to publish one.

Ring, a smart doorbell and security device maker, did not answer our questions on why it doesn’t have a transparency report, but said it “will not release user information without a valid and binding legal demand properly served on us” and that Ring “objects to overbroad or otherwise inappropriate demands as a matter of course.” When pressed, a spokesperson said it plans to release a transparency report in the future, but did not say when.

Read the rest


Метки:   Комментарии (0)КомментироватьВ цитатник или сообщество

Security researchers identify "fingerprints" in 3D printed objects that can be used to trace their manufacturing

Суббота, 20 Октября 2018 г. 15:03 (ссылка)

PrinTracker: Fingerprinting 3D Printers using Commodity Scanners
(Scihub mirror), a paper to be presented at the ACM SIGSAC Conference on Computer and Communications Security conference in Toronto this month, a group of U Buffalo and Northeastern researchers present a model for uniquely identifying which 3D printer produced a given manufactured object, which may allow for forensic investigators to associate counterfeit goods, illegal guns, and other printed objects with the device that manufactured them.

The technique uses "slight imperfections" in infill created by the "printer's model type, filament, nozzle size and other factors" to uniquely identify a printer's output.

The technique examines the output of stereolithography and extrusion printers, which produce lower-resolution, more fragile output than the more expensive selective laser-sintering. It's not clear whether a printer could be modified between prints to change the "fingerprint" it creates when it prints -- this could be a relatively easy countermeasure to defeat the forensic technique.

To test PrinTracker, the research team created five door keys each from 14 common 3D printers -- 10 fused deposition modeling (FDM) printers and four stereolithography (SLA) printers.

With a common scanner, the researchers created digital images of each key. From there, they enhanced and filtered each image, identifying elements of the in-fill pattern. They then developed an algorithm to align and calculate the variations of each key to verify the authenticity of the fingerprint.

Having created a fingerprint database of the 14 3D printers, the researchers were able to match the key to its printer 99.8 percent of the time.

Read the rest


Метки:   Комментарии (0)КомментироватьВ цитатник или сообщество

В EVE Online появится виртуальная тюрьма для читеров

Пятница, 19 Октября 2018 г. 15:43 (ссылка)

­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­
Нарушителей заставят копать бесполезную руду

Комментарии (0)КомментироватьВ цитатник или сообщество

Child goes through X-ray baggage scanner

Четверг, 18 Октября 2018 г. 23:08 (ссылка)

A child reportedly rode through an X-ray baggage scanner last week at the Xiaolan Railway Station in South China. According to the state-owned China Global Television Network, the young'n snuck away from his father and hopped onto the conveyor belt. Apparently he is fine. As you'll recall, earlier this year a woman in Dongguan, China rode through an X-ray machine to keep an eye on her handbag.

Read the rest


Метки:   Комментарии (0)КомментироватьВ цитатник или сообщество

В The Elder Scrolls V: Skyrim появился Веном

Среда, 17 Октября 2018 г. 16:43 (ссылка)

­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­
Персонажа можно нанять в качестве компаньона

Комментарии (0)КомментироватьВ цитатник или сообщество

Undetectably bypass voting machines' anti-tamper mechanism with a bit of a soda-can

Вторник, 16 Октября 2018 г. 20:37 (ссылка)

When security researchers report on the ghastly defects in voting machines, the officials who bought these machines say dismiss their concerns by saying that the tamper-evident seals they put around the machines prevent bad guys from gaining access to their internals.

But University of Michigan grad student Matt Bernhard has demonstrated that he can bypass the tamper-evident seals in seconds, using a shim made from a slice of a soda can. The bypass is undetectable and doesn't damage the seal, which can be resecured after an attacker gains access to the system.

Fred Woodhams from the Michigan Secretary of State's office dismissed Bernhard's warning: "the seal that is shown in the video was not affixed to anything, and the video does not represent a real-world scenario of how seals are used and affixed."

"The seal that is shown in the video was not affixed to anything, and the video does not represent a real-world scenario of how seals are used and affixed," spokesman Fred Woodhams said in an email to Motherboard. "The video also provides no context about the sum total of security measures for tabulators and sealed ballot containers, which are stored in locked area within a clerk’s office, among other security measures that help prevent election tampering. I would note that the sealed ballot containers store ballots that already have been counted."

Bernhard, however, said that although voting machines may be locked when they are stored in the county clerk's building, they are left unattended for days at polling places—high school gyms, churches, and community centers—prior to elections.

Read the rest


Метки:   Комментарии (0)КомментироватьВ цитатник или сообщество

A dating website for Trump supporters leaked its customers' data ON DAY ONE

Понедельник, 16 Октября 2018 г. 01:42 (ссылка)

Donalddaters.com is an app for people who want to have sex with white supremacists; it launched today and promptly leaked all 1600 of its users' data: "users' names, profile pictures, device type, their private messages — and access tokens, which can be used to take over accounts."

The data was accessible from a public and exposed Firebase data repository, which was hardcoded in the app. Shortly after TechCrunch contacted the app maker, the data was pulled offline.

Donald Daters, a dating app for Trump supporters, leaked its users’ data [Zack Whittaker/Techcrunch]

Read the rest


Метки:   Комментарии (0)КомментироватьВ цитатник или сообщество

Forensics company advises cops not to look at seized Iphones, to avoid facial-recognition lockouts

Суббота, 13 Октября 2018 г. 18:33 (ссылка)

A leaked police-training presentation from digital forensics company Elcomsoft (a company that made history due to its early run-in with the DMCA) advises officers not to look at Iphones seized from suspects in order to avoid tripping the phones' facial recognition systems -- if Iphones sense too many unlock attempts with faces other than those registered as trusted, they fall back to requiring additional unlock measures like passcodes or fingerprints.

“iPhone X: don’t look at the screen, or else… The same thing will occur as happened on Apple’s event,” the slide, from forensics company Elcomsoft, reads. Motherboard obtained the presentation from a non-Elcomsoft source, and the company subsequently confirmed its veracity.

“This is quite simple. Passcode is required after five unsuccessful attempts to match a face,” Vladimir Katalov, CEO of Elcomsoft, told Motherboard in an online chat, pointing to Apple’s own documentation on Face ID. “So by looking into suspect’s phone, [the] investigator immediately lose one of [the] attempts.”

Cops Told ‘Don’t Look’ at New iPhones to Avoid Face ID Lock-Out [Joseph Cox/Motherboard]

Read the rest


Метки:   Комментарии (0)КомментироватьВ цитатник или сообщество

Facebook: Hackers got (very) personal data from 29M users. FIND OUT if your info was breached.

Пятница, 13 Октября 2018 г. 00:35 (ссылка)

The good news: Facebook downgrades the number of accounts hit in the breach they disclosed two weeks ago to 29 million, down from 50 million. The bad news: Uh, that's still a LOT. And if you were one of those 29 million Facebook users, A LOT of your intimate personal data was stolen.

Facebook disclosed this in a corporate blog post, “An Update on the Security Issue,” with more details on the massive privacy breach.

Facebook Product Management VP Guy Rosen says:

People can check whether they were affected by visiting our Help Center. In the coming days, we’ll send customized messages to the 30 million people affected to explain what information the attackers might have accessed, as well as steps they can take to help protect themselves, including from suspicious emails, text messages, or calls.

This attack did not include Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.

Naturally they published at the end of the day on Friday, when all bad news gets dumped to minimize impact.

“For 15 million people, attackers accessed two sets of information — name and contact details (phone number, email, or both, depending on what people had on their profiles),” writes Rosen in the post.

“For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles.”

Bu “other details,” he means your location, gender, relationship status, your recent search and personal physical location data. Read the rest


Метки:   Комментарии (0)КомментироватьВ цитатник или сообщество

Судный день: Киев ждет автокефалию http://dnevn.arc-n-ciel.com

Четверг, 11 Октября 2018 г. 18:08 (ссылка)

­  ­  ­  ­  ­  ­  ­  ­  ­  ­  ­  ­  ­  ­  ­  ­  
Москва следит за принятием решения Священного Синода по автокефалии Украинской православной церкви, при этом в Кремле выразили надежду на то, что шаги, которые ведут к расколу в мире православия, приниматься не будут. Вместе с тем, экзарх Вселенского патриарха, архиепископ Даниил из Соединенных Штатов уже анонсировал: официальное заявление по поводу предоставления автокефалии УПЦ будет сделано в четверг, 11 октября, до конца дня.

Комментарии (0)КомментироватьВ цитатник или сообщество

EFF to Texas AG: Epson is screwing Texans

Среда, 10 Октября 2018 г. 23:56 (ссылка)

You remember when HP tricked its users into downgrading their printers by sending them a fake "security update" that actually made the printers refuse third-party and refilled ink cartridges?

Well, now it's Epson's turn.

The company's fake software update screwed over owners of many printer models, deceptively reconfiguring their printers so that they could no longer use third-party ink.

This violates all kinds of state laws, including the laws of Texas, where an Electronic Frontier Foundation supporter lives; when he tipped us off about the Epson scam, we complained to the Texas Attorney General on his behalf.

If you got shafted by Epson and you're in the USA, we want to hear from you, too.

With these shenanigans, Epson and HP aren't just engaged in a garden-variety ripoff. Teaching Internet users to mistrust software updates is a dangerous business. In recent years, some of the Internet's most important services have been brought to their knees by malicious software running on compromised home devices. Compromises to your home devices don't just endanger the public Internet, either: once your printer is infected, it can be turned against you, used to steal data from the documents you print, to probe the devices on your local network, and to attack those devices and send the data stolen from them to a criminal's computer.

It's bad enough that Epson and HP have pursued their profits through these deceptive and illegitimate means, but what's even worse is that in so doing, they have actively poisoned the cybersecurity well.

Read the rest


Метки:   Комментарии (0)КомментироватьВ цитатник или сообщество

Следующие 30  »

<security - Самое интересное в блогах

Страницы: [1] 2 3 ..
.. 10

LiveInternet.Ru Ссылки: на главную|почта|знакомства|одноклассники|фото|открытки|тесты|чат
О проекте: помощь|контакты|разместить рекламу|версия для pda