Reader wiredmikey writes: Security researchers at Cisco have come across a piece of software that installed backdoors on 12 million computers around the world. Researchers determined that the application, installed with administrator rights, was capable not only of downloading and installing other tools, such as a known scareware called System Healer, but also of harvesting personal information. The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC. The “features” have led Cisco Talos to classify the Tuto4PC software as a “full backdoor capable of a multitude of undesirable functions on the victim machine.” Tuto4PC said its network consisted of nearly 12 million PCs in 2014, which could explain why Cisco’s systems detected the backdoor on 12 million devices. An analysis of a sample set revealed infections in the United States, Australia, Japan, Spain, the UK, France and New Zealand.Tuto4PC has received flak from many over the years, including French regulators. Read more of this story at Slashdot.
Tag: advertising
Former Tor Developer Created Malware To Hack Tor Users For The FBI
Patrick O’Neill writes: Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the nonprofit that builds Tor software and maintains the network, almost a decade ago. Since then, he’s developed potent malware used by law enforcement to unmask Tor users. It’s been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases. The Tor Project has confirmed this report in a statement after being contacted by the Daily Dot, “It has come to out attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware.” Maybe Tor users will now be less likely to anonymously check Facebook each month… Read more of this story at Slashdot.
Follow this link:
Former Tor Developer Created Malware To Hack Tor Users For The FBI
House Passes Email Privacy Act, Requiring Warrants For Obtaining Emails
An anonymous reader quotes a report from TechCrunch: The U.S. House of Representatives has passed H.R. 699, the Email Privacy Act, sending it on to the Senate and from there, hopefully anyhow, to the President. The yeas were swift and unanimous. The bill, which was introduced in the House early last year and quickly found bipartisan support, updates the 1986 Electronic Communications Privacy Act, closing a loophole that allowed emails and other communications to be obtained without a warrant. It’s actually a good law, even if it is arriving a couple of decades late. “Under current law, there are more protections for a letter in a filing cabinet than an email on a server, ” said Congresswoman Suzan Delbene during the debate period. An earlier version of the bill also required that authorities disclose that warrant to the person it affected within 10 days, or 3 if the warrant related to a government entity. That clause was taken out in committee — something trade groups and some of the Representatives objected to as an unpleasant compromise. Read more of this story at Slashdot.
Continue Reading:
House Passes Email Privacy Act, Requiring Warrants For Obtaining Emails
Tesla Will Install More Energy Storage With SolarCity In 2016 Than The US Installed In 2015
An anonymous reader writes: Tesla is scheduled to install more energy storage capacity in 2016 with SolarCity alone than all of the US installed in 2015. It was revealed in a recent filing with the U.S. Securities and Exchange Commission (SEC) that Tesla foresees an almost 10x increase in sales to SolarCity for behind the meter storage. [From the SEC filing: “We recognized approximately $4.9 million in revenue from SolarCity during fiscal year 2015 for sales of energy storage governed by this master supply agreement, and anticipate recognizing approximately $44.0 million in such revenues during fiscal year 2016.”] This revenue projection means Tesla expects to install approximately 116 MWh of behind the meter storage. The U.S. for example installed about 76 MWh of behind the meter storage. SolarCity and Tesla Energy doubled their battery installation volume last year. What’s particularly noteworthy is that the 116 MWh expectation does not include SolarCity’s biggest project — Kauai Island’s coming 52 MWh system. Hawaii is aiming for 100% renewable energy by 2045 and has contracted with SolarCity to balance the two 12MW Solar Power plants with the Kauai Island Utility Cooperative (KIUC). By 2020, there will be 70 GWh of Tesla battery storage on the road, and Straubel expects there to be 10 GWh of controllable load in those cars. Read more of this story at Slashdot.
View article:
Tesla Will Install More Energy Storage With SolarCity In 2016 Than The US Installed In 2015
Mozilla Seeks New Home For Email Client Thunderbird
Reader chefmonkey writes: In a report commissioned by Mozilla to explore the next home for Thunderbird, two potential new hosts have been offered: the Software Freedom Conservancy (host to git, boost, QEMU, and a host of other projects) and The Document Foundation (home of LibreOffice). At the same time, the report discusses completely uncoupling Thunderbird from the rest of the Mozilla codebase and bringing in a dedicated technical architect to chart the software’s roadmap. Given that the two named organizations are already on board with taking Thunderbird under their wing, is this a new lease on life for the email program Mozilla put out to pasture four years ago?In December last year, Mozilla Foundation chairperson Mitchell Baker had argued that the organization should disentangle itself from the Thunderbird email client in order to focus on Firefox. It appears the Firefox-maker is all set to part ways with Thunderbird. Read more of this story at Slashdot.
Over 1M BeautifulPeople Dating Site User Details Leak Online
An anonymous reader writes: Personal information of over one million users stored by popular dating site BeautifulPeople has leaked, and is now accessible online. We already knew that BeautifulPixel.com was hacked (it happened in November 2015), but this is the first confirmation from a security researcher that the details are legitimate. (BeautifulPeople had downplayed it at the time, saying that it was a staging server, and not a production server, that was hacked.) Security researcher Troy Hunt, citing a source, noted that the data has been sold online. The leaked personal information include email addresses, phone numbers, as well as hair color, weight, job and other details.Troy also noted that of the 1.1 million users details, 170 of them have government email addresses. Some of you may remember BeautifulPixel as the creator the “Shrek” virus. Read more of this story at Slashdot.
Read More:
Over 1M BeautifulPeople Dating Site User Details Leak Online
This Battery-Free Computer Sucks Power Out Of Thin Air
An anonymous reader shares an article on Fast Co Design (edited and condensed for clarity): Researchers at University of Washington’s Sensor Lab have created the WISP, or Wireless Identification and Sensing Platform: a combination sensor and computing chip that doesn’t need a battery or a wired power source to operate. Instead, it sucks in radio waves emitted from a standard, off-the-shelf RFID reader — the same technology that retail shops use to deter shoplifters — and converts them into electricity. The WISP isn’t designed to compete with the chips in your smartphone or your laptop. It has about the same clock speed as the processor in a Fitbit and similar functionality, including embedded accelerometers and temperature sensors. It has about the same bandwidth as Bluetooth Low Energy mode, the wireless power-sipping technology which drives most Bluetooth speakers and wireless headphones. Read more of this story at Slashdot.
Read More:
This Battery-Free Computer Sucks Power Out Of Thin Air
MongoDB Config Error Exposed 93M Mexican Voter Records
An anonymous reader cites an article on CSOOnline: A 132 GB database, containing the personal information on 93.4 million Mexican voters has finally been taken offline. The database sat exposed to the public for at least eight days after its discovery by researcher Chris Vickery, but originally went public in September 2015. Vickery, who works as a security researcher at Kromtech, discovered the MongoDB instance on April 14, but had difficulty tracking down the person or company responsible for placing the voter data on Amazon’s AWS. He first reached out to the U.S. State Department, as well as the Mexican Embassy, but had little success. The database contains all of the information that Mexican citizens need for their government-issued photo IDs that enable them to vote. Along with their municipality, and district information, the database records include the voter’s name, address, voter ID number, date of birth, the names of their parents, occupation, and more. Given that the database has been online since September 2015, it isn’t clear how many people have accessed the records. Additionally, the actual owner of the account hosting the data remains unknown. Read more of this story at Slashdot.
More here:
MongoDB Config Error Exposed 93M Mexican Voter Records
The ‘Impossible’ EM Drive Being Tested By NASA May Finally Be Explained
MarkWhittington writes: The EmDrive, the so-called “impossible” space drive that uses no propellant, has roiled the aerospace world for the past several years ever since it was proposed by British aerospace engineer Robert Shawyer. In essence, the claim advanced by Shawyer and others is that if you bounced microwaves in a truncated cone, thrust would be produced out the open end. Most scientists have snorted at the idea, noting correctly that such a thing would violate physical laws. However, organizations as prestigious as NASA have replicated the same results, that prototypes of the EmDrive produces thrust. How does one reconcile the experimental results with the apparent scientific impossibility? MIT Technology Review suggested a reason why. Read more of this story at Slashdot.
Read the original post:
The ‘Impossible’ EM Drive Being Tested By NASA May Finally Be Explained
Hacker’s Account of How He Took Down Hacking Team’s Servers
An anonymous reader writes: FinFisher, the hacker that broke into Italian firm Hacking Team, has published a step-by-step account of how he carried out the attacks, what tools he used, and what he learned from scouting HackingTeam’s network. Published on PasteBin, the attack’s timeline reveals he entered their network through a zero-day exploit in an (unnamed) embedded device, accessed a MongoDB database that had no password, discovered backups in the database, found a BES admin password in the backups, and eventually got admin access to the Windows Domain Server. From here, it was easy to reach into their email server and steal all the company’s emails, and later access Git repos and steal the source code of their surveillance software. Read more of this story at Slashdot.
Taken from:
Hacker’s Account of How He Took Down Hacking Team’s Servers