Tag: article

Cisco Subdomain Private Key Found in Embedded Executable

Earlier this month, a developer accidentally discovered the private key of a Cisco subdomain. An anonymous reader shares the post: Last weekend, in an attempt to get Sky’s NOW TV video player (for Mac) to work on my machine, I noticed that one of the Cisco executables contains a private key that is associated with the public key in a trusted certificate for a cisco.com sub domain. This certificate is used in a local WebSocket server, presumably to allow secure Sky/NOW TV origins to communicate with the video player on the users’ local machines. I read the Baseline Requirements document (version 1.4.5, section 4.9.1.1), but I wasn’t entirely sure whether this is considered a key compromise. I asked Hanno Bock on Twitter, and he advised me to post the matter to this mailing list. The executable containing the private key is named ‘CiscoVideoGuardMonitor’, and is shipped as part of the NOW TV video player. In case you are interested, the installer can be found here (SHA-256: 56feeef4c3d141562900f9f0339b120d4db07ae2777cc73a31e3b830022241e6). I would recommend to run this installer in a virtual machine, because it drops files all over the place, and installs a few launch items (agents/daemons). The executable ‘CiscoVideoGuardMonitor’ can be found at ‘$HOME/Library/Cisco/VideoGuardPlayer/VideoGuardMonitor/ VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor’. Certificate details: Serial number: 66170CE2EC8B7D88B4E2EB732E738FE3A67CF672, DNS names: drmlocal.cisco.com, Issued by: HydrantID SSL ICA G2. The issuer HydrantID has since communicated with the certificate holder Cisco, and the certificate has been revoked. Read more of this story at Slashdot.

Link:
Cisco Subdomain Private Key Found in Embedded Executable

You Can Hack Some Mazda Cars With a USB Flash Drive

An anonymous reader writes: “Mazda cars with next-gen Mazda MZD Connect infotainment systems can be hacked just by plugging in a USB flash drive into their dashboard, thanks to a series of bugs that have been known for at least three years, ” reports Bleeping Computer. “The issues have been discovered and explored by the users of the Mazda3Revolution forum back in May 2014. Since then, the Mazda car owner community has been using these ‘hacks’ to customize their cars’ infotainment system to tweak settings and install new apps. One of the most well-designed tools is MZD-AIO-TI (MZD All In One Tweaks Installer).” Recently, a security researcher working for Bugcrowd has put together a GitHub repository that automates the exploitation of these bugs. The researcher says an attacker can copy the code of his GitHub repo on a USB flash drive, add malicious scripts and carry out attacks on Mazda cars. Mazda said the issues can’t be exploited to break out of the infotainment system to other car components, but researchers disagreed with the company on Twitter. In the meantime, the car maker has finally plugged the bugs via a firmware update released two weeks ago. Read more of this story at Slashdot.

See the original article here:
You Can Hack Some Mazda Cars With a USB Flash Drive

Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain

An anonymous reader writes: Samsung cellphones used to have a stock app called S Suggest. The company apparently discontinued the app recently, and then forgot to renew a domain that was used to control it. This snafu left millions of smartphone users vulnerable to hackers who could’ve registered the domain and installed malicious apps on the phones. Read more of this story at Slashdot.

Originally posted here:
Samsung Left Millions Vulnerable To Hackers Because It Forgot To Renew a Domain

Intel Announces X299, Skylake-X, and Kaby Lake-X Release Schedule

Ian Cutress, writing for AnandTech: At Computex a couple of weeks ago, Intel announced its new Basin Falls platform, consisting of the X299 chipset with motherboards based on it, a pair of Kaby Lake-X processors, and a set of Skylake-X processors going all the way up to eighteen cores, denoting the first use of Intel’s enterprise level high core-count silicon in a consumer product. As part of Intel’s E3 press release, as well as their presentations at the show, the new Core i9 processors were discussed, along with Intel’s continued commitment towards eSports. Intel gave the dates for the new platform as the following: 4, 6, 8 and 10-core parts available for pre-order from June 19th; 4, 6, 8 and 10-core parts shipping to consumers from June 26th; 12-core parts expected to ship in August; and 14, 16 and 18 core parts expected to ship in October. Read more of this story at Slashdot.

Read More:
Intel Announces X299, Skylake-X, and Kaby Lake-X Release Schedule

Malware Uses Obscure Intel CPU Feature To Steal Data and Avoid Firewalls

An anonymous reader writes: Microsoft’s security team has come across a malware family that uses Intel’s Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool. The problem with Intel AMT SOL is that it’s part of Intel’s ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off. Inside Intel’s ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. Furthermore, because this virtual network interface runs inside ME, firewalls and security products installed on the main OS won’t detected malware using AMT SOL to exfiltrate data. The malware was created and used by a nation-state cyber-espionage unit codenamed PLATINUM, active since 2009, and which has targeted countries around the South China Sea. PLATINUM is by far one of the most sophisticated hacking groups ever discovered. Last year [PDF], the OS maker said the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer. Details about PLATINUM’s recent targets and attacks are available in a report [PDF] Microsoft released yesterday. Read more of this story at Slashdot.

View the original here:
Malware Uses Obscure Intel CPU Feature To Steal Data and Avoid Firewalls

Airbnb Announces Its Plan To House 100,000 People In Need

New submitter mirandakatz writes: Airbnb has just unveiled its Open Homes Platform, a home-sharing site for hosts motivated by goodwill instead of profits — and for guests motivated by need rather than wanderlust. Specifically, Airbnb is going to begin by connecting refugees with hosts in Canada, France, Greece, and the United States. Ultimately, refugees will be just one group that the site aims to help: Site visitors can also nominate other groups of people for temporary placements, and the platform will expand to include them eventually. At Backchannel, Jessi Hempel dives into the home-sharing platform’s latest effort, and places it in the context of the company’s broader business strategy. Read more of this story at Slashdot.

Originally posted here:
Airbnb Announces Its Plan To House 100,000 People In Need

Electric Vehicles Have Another Record Year, Reaching 2 Million Cars In 2016

An anonymous reader shares a report from the International Energy Agency: The number of electric cars on the roads around the world rose to 2 million in 2016, following a year of strong growth in 2015, according to the latest edition of the International Energy Agency’s Global EV Outlook. China remained the largest market in 2016, accounting for more than 40% of the electric cars sold in the world. With more than 200 million electric two-wheelers and more than 300, 000 electric buses, China is by far the global leader in the electrification of transport. China, the US and Europe made up the three main markets, totaling over 90% of all EVs sold around the world. Electric car deployment in some markets is swift. In Norway, electric cars had a 29% market share last year, the highest globally, followed by the Netherlands with 6.4%, and Sweden with 3.4%. The electric car market is set to transition from early deployment to mass market adoption over the next decade or so. Between 9 and 20 million electric car could be deployed by 2020, and between 40 and 70 million by 2025, according to estimates based on recent statement from carmakers. Read more of this story at Slashdot.

Read More:
Electric Vehicles Have Another Record Year, Reaching 2 Million Cars In 2016

Verizon Expected To Cut Up To 1,000 Yahoo, AOL Jobs After Acquisition

Verizon’s acquisition and merger of AOL and Yahoo will result in many job cuts. According to Recode, up to 1, 000 AOL and Yahoo jobs are expected to take place across the two companies as the merger is completed. From the report: This action is not unexpected, given that both companies have a lot of redundancies, including in human resources, finance, marketing and general administration. The merger between the two companies — after Verizon bought both in succession to add tech and content to its mobile services — is expected to be completed in the next week. The shareholder meeting to approve the deal takes place tomorrow. Plans to combine both companies have been in the works for a while, as the pair attempt to make a cohesive unit out of two entities that have multiple assets and also multiple problems. It will be headed by AOL CEO Tim Armstrong, who will become the CEO of Oath, the new name for the Verizon subsidiary. Read more of this story at Slashdot.

See the article here:
Verizon Expected To Cut Up To 1,000 Yahoo, AOL Jobs After Acquisition

At $75,560, Housing a Prisoner in California Now Costs More Than a Year at Harvard

The cost of imprisoning each of California’s 130, 000 inmates is expected to reach a record $75, 560 in the next year, the AP reported. From the article: That’s enough to cover the annual cost of attending Harvard University and still have plenty left over for pizza and beer Gov. Jerry Brown’s spending plan for the fiscal year that starts July 1 includes a record $11.4 billion for the corrections department while also predicting that there will be 11, 500 fewer inmates in four years (alternative source) because voters in November approved earlier releases for many inmates. The price for each inmate has doubled since 2005, even as court orders related to overcrowding have reduced the population by about one-quarter. Salaries and benefits for prison guards and medical providers drove much of the increase. The result is a per-inmate cost that is the nation’s highest — and $2, 000 above tuition, fees, room and board, and other expenses to attend Harvard. Since 2015, California’s per-inmate costs have surged nearly $10, 000, or about 13%. New York is a distant second in overall costs at about $69, 000. Read more of this story at Slashdot.

Follow this link:
At $75,560, Housing a Prisoner in California Now Costs More Than a Year at Harvard

Trump Wants To Modernize Air Travel By Turning Over Control To the Big Airlines

An anonymous reader quotes a report from The Verge: Today, President Donald Trump endorsed a plan to hand over oversight of the nation’s airspace to a non-profit corporation that will likely be largely controlled by the major airlines. Republicans argue that privatizing air traffic control will help save money and fast track important technological upgrades. But Democrats and consumer groups criticize that plan as a corporate giveaway that will inevitably harm passengers. The air traffic reform proposal, which fell short in Congress last year, would transfer oversight from the Federal Aviation Administration (FAA) to a government-sanctioned, independent entity that would be made up of appointees from industry stakeholders. The effort picked up steam when the union representing air traffic controllers endorsed the plan, citing years of understaffing by the FAA. Some passengers may balk at the idea of handing over day-to-day management of the nation’s highly complex air traffic control system to the same companies that rack up tens of thousands of customer complaints a year, and occasionally physically assault or drag passengers off their planes. But the Trump administration argues this is the only way to modernize a system that still runs on technology that’s been around since World War II. The FAA is already years into a technology upgrade known as NextGen, which involves moving from the current system based on radar and voice communications to one based on satellite navigation and digital communications. The FAA wants to use GPS technology to shorten routes, save time and fuel, and reduce traffic delays by increasing capacity. Read more of this story at Slashdot.

Read More:
Trump Wants To Modernize Air Travel By Turning Over Control To the Big Airlines