fnself-program1 – Page 11 – Tech Today w/ Ken May

Low-cost IMSI catcher for 4G/LTE networks tracks phone’s precise locations

Enlarge (credit: Shaik, et al. ) Researchers have devised a low-cost way to discover the precise location of smartphones using the latest LTE standard for mobile networks , a feat that shatters widely held perceptions that it’s immune to the types of attacks that targeted earlier specifications. The attacks target the LTE specification , which is expected to have a user base of about 1.37 billion people by the end of the year. They require about $1,400 worth of hardware that run freely available open-source software. The equipment can cause all LTE-compliant phones to leak their location to within a 32- to 64-foot (about 10 to 20 meter) radius and in some cases their GPS coordinates, although such attacks may be detected by savvy phone users. A separate method that’s almost impossible to detect teases out locations to within an area of roughly one square mile in an urban setting. The researchers have devised a separate class of attacks that causes phones to lose connections to LTE networks, a scenario that could be exploited to silently downgrade devices to the less secure 2G and 3G mobile specifications. The 2G, or GSM, protocol has long been known to be susceptible to man-in-the-middle attacks using a form of fake base station known as an IMSI catcher (like the Stingray). 2G networks are also vulnerable to attacks that reveal a phone’s location within about 0.6 square mile . 3G phones suffer from a similar tracking flaw . The new attacks, described in a research paper published Monday, are believed to be the first to target LTE networks, which have been widely viewed as more secure than their predecessors. Read 12 remaining paragraphs | Comments

See original article:
Low-cost IMSI catcher for 4G/LTE networks tracks phone’s precise locations

First ever online-only NFL game draws over 15 million viewers

(credit: Jaguars.com ) Over the weekend, the NFL and Yahoo streamed the first ever online-only NFL game , a Bills/Jaguars matchup in London. The game was mostly seen as an experiment for the NFL to test the viability of online distribution for a football game. Yahoo seems happy with the turnout, trumpeting 15.2 million unique viewers and 33.6 million total views for the game. The site also claims 33 percent of the streams came from international users. As Deadspin notes, the numbers were seriously pumped up by Yahoo thanks to auto-playing streams on the Yahoo and Tumblr homepages. Anyone who visited either high-traffic homepage counted as a viewer for the game. Still, Yahoo notes that “460 million total minutes” of the game were streamed, which means that each of the 15.2 million viewers hung around for an average of 30 minutes. When the Yahoo/NFL deal was announced, a CNN Money report said that Yahoo paid “at least $10 million” for the rights to the game. The game was available for free online, supported only by advertising. Yahoo promised advertisers 3.5 million viewers in the United States, so things seem to have gone better than expected. Read 4 remaining paragraphs | Comments

See the original article here:
First ever online-only NFL game draws over 15 million viewers

Prison phone companies fight for right to charge inmates $14 a minute

(credit: Jason Farrar ) The Federal Communications Commission is about to face another lawsuit, this time over a vote to cap the prices prisoners pay for phone calls. Yesterday’s vote came after complaints that inmate-calling companies are overcharging prisoners, their families, and attorneys. Saying the price of calls sometimes hits $14 per minute, the FCC has now capped rates at 11¢ per minute. “None of us would consider ever paying $500 a month for a voice-only service where calls are dropped for seemingly no reason, where fees and commissions could be as high at 60 percent per call and, if we are not careful, where a four-minute call could cost us a whopping $54,” FCC Commissioner Mignon Clyburn said before yesterday’s vote. Read 16 remaining paragraphs | Comments

Today’s OS X El Capitan update should fix Microsoft Office crashes

An update to OS X El Capitan released by Apple today promises to improve compatibility with Microsoft Office 2016. Office 2016 has been crashing a lot on the latest Mac operating system, which was released on September 30 . Although Microsoft released an Office update on October 13 that contained “stability improvements,” Microsoft told Ars at the time that the update “doesn’t address the issues experienced by Office customers with OS X 10.11 El Capitan.” Microsoft said it was working with Apple to fix the problems, and that work resulted in today’s release of OS X 10.11.1. Read 3 remaining paragraphs | Comments

More:
Today’s OS X El Capitan update should fix Microsoft Office crashes

Support scams that plagued Windows users for years now target Mac customers

Enlarge (credit: Malwarebytes) For years, scammers claiming that they’re “calling from Windows” have dialed up Microsoft customers and done their best to trick them into parting with their money or installing malicious wares. Now, the swindlers are turning their sights on Mac users. Researchers at antivirus provider Malwarebytes spotted a Web-based campaign that attempts to trick OS X and iOS users into thinking there’s something wrong with their devices . The ruse starts with a pop-up window that’s designed to look like an official OS notification. “Critical Security Warning!” it says. “Your Device (iPad, iPod, iPhone) is infected with a malicious adward [sic] attack.” It goes on to provide a phone number people can call to receive tech support. The site ara-apple.com is designed to masquerade as https://ara.apple.com/ , Apple’s official remote technical support page. People who are experiencing problems with their Macs can go there to get an official Apple tech support provider to remotely access the person’s computer desktop. Ara-apple provides links to the remote programs the supposed technician will use to log in to targets’ Macs. Read 1 remaining paragraphs | Comments

Read this article:
Support scams that plagued Windows users for years now target Mac customers

Breaking 512-bit RSA with Amazon EC2 is a cinch. So why all the weak keys?

(credit: martinak15 ) The cost and time required to break 512-bit RSA encryption keys has plummeted to an all-time low of just $75 and four hours using a recently published recipe that even computing novices can follow. But despite the ease and low cost, reliance on the weak keys to secure e-mails, secure-shell transactions, and other sensitive communications remains alarmingly high. The technique, which uses Amazon’s EC2 cloud computing service , is described in a paper published last week titled Factoring as a Service . It’s the latest in a 16-year progression of attacks that have grown ever faster and cheaper. When 512-bit RSA keys were first factored in 1999, it took a supercomputer and hundreds of other computers seven months to carry out. Thanks to the edicts of Moore’s Law – which holds that computing power doubles every 18 months or so – the factorization attack required just seven hours and $100 in March, when “FREAK,” a then newly disclosed attack on HTTPS-protected websites with 512-bit keys , came to light. In the seven months since FREAK’s debut, websites have largely jettisoned the 1990s era cipher suite that made them susceptible to the factorization attack. And that was a good thing, since the factorization attack made it easy to obtain the secret key needed to cryptographically impersonate the webserver or to decipher encrypted traffic passing between the server and end users. But e-mail servers, by contrast, remain woefully less protected. According to the authors of last week’s paper, the RSA_EXPORT cipher suite is used by an estimated 30.8 percent of e-mail services using the SMTP protocol , 13 percent of POP3S servers . and 12.6 percent of IMAP-based e-mail services . Read 6 remaining paragraphs | Comments

See more here:
Breaking 512-bit RSA with Amazon EC2 is a cinch. So why all the weak keys?

Marijuana exposure in utero has lifelong consequences

A newborn mouse. (credit: Credit: Wikimedia Commons ) As marijuana is legalized in more states, questions about its safety and the health consequences of cannabis use are becoming mainstream. A new study published in PNAS finds that use of cannabis by pregnant women can have implications for the neural development of her child, and that some of the consequences continue into adulthood, So, like alcohol, another recreational drug that is legal in the US, marijuana is likely best avoided by pregnant women. The most prominent active ingredient in marijuana is a compound known as THC, which interacts with the naturally occurring cannabinoid receptors in the nervous system. Cannabinoid receptors are known to play an important role in the regulation of brain development, and this paper examines the influence of a prenatal THC exposure on the maturation of pathways regulated by these receptors. The study examined prenatal cannabis consumption in mice, with the aim of identifying the mechanisms responsible for cannabis-related changes in brain function. During the study, pregnant mice were exposed to daily injections of THC or injections of a control liquid. Then the offspring were run through a battery of behavioral tests. The animals’ brains were also examined closely using immunoflouresence and confocal microscopy. Embryonic brain tissue from some litters was also collected and checked for irregularities. Read 5 remaining paragraphs | Comments

View original post here:
Marijuana exposure in utero has lifelong consequences

Cage against the EMP: New composite cases protect against the electro-apocalypse

A Faraday Cases travel case, configured to keep communications gear safe in transit from unfriendly electromagnetism. 2 more images in gallery WASHINGTON, DC—A small company from Utah has developed a composite material that combines carbon fibers with a nickel coating. The result is an extremely lightweight electric-conducting material with the properties of plastic. And now that material is being used to create cases and computer enclosures that are essentially lightweight Faraday cages—containing electromagnetic radiation from digital devices and shielding them from electronic eavesdropping or electromagnetic pulse attacks. Ars got a brief hands-on with some of the materials at the Association of the United States Army expo this week. The company, Conductive Composites , is now selling cases built with the Nickel Chemical Vapor Deposition (NiCVD) composite material through its Faraday Cases division . The cases range in size from suitcase-sized units for carrying smaller digital devices to wheeled portable enclosures that can house servers—providing what is essentially an EMP-shielded portable data center. The cases and enclosures are being marketed not just to the military but to consumers, corporations, and first responders as well. The materials used in Faraday Cases can also be used to create ultra-lightweight antennas, satellite communications reflector dishes, and hundreds of other things that currently need to be made with conductive metal. And they could be a boon to anyone trying to prevent electronic eavesdropping—be it through active wireless bugs, radio retroreflectors used by nation-state intelligence agencies, or passive surveillance through anything from Wi-FI hacking to electromagnetic signals leaking from computer cables and monitors. And in some cases, they could make it possible to create the kind of secure spaces used by government agencies to prevent eavesdropping nearly anywhere. Read 9 remaining paragraphs | Comments

View article:
Cage against the EMP: New composite cases protect against the electro-apocalypse

New zero-day exploit hits fully patched Adobe Flash [Updated]

Update on October 14 at 1:15pm PDT: Adobe officials have confirmed this vulnerability affects Flash version 19.0.0.207 , which was released on Tuesday. The vulnerability has been cataloged as CVE-2015-7645. The company expects to release a fix next week. Attackers are exploiting a previously unknown vulnerability in fully patched versions of Adobe’s Flash Player so they can surreptitiously install malware on end users’ computers, security researchers warned Tuesday. So far, the attacks are known to target only government agencies as part of a long-running espionage campaign carried out by a group known as Pawn Storm, researchers from antivirus provider Trend Micro said in a blog post published Tuesday . It’s not unusual for such zero-day exploits to be more widely distributed once the initial element of surprise wanes. The critical security flaw is known to reside in Flash versions 19.0.0.185 and 19.0.0.207 and may also affect earlier versions. At this early stage, no other technical details are available. The researchers wrote: Read 3 remaining paragraphs | Comments

See more here:
New zero-day exploit hits fully patched Adobe Flash [Updated]

How Soviets used IBM Selectric keyloggers to spy on US diplomats

(credit: Etan J. Tal ) A National Security Agency memo that recently resurfaced a few years after it was first published contains a detailed analysis of what very possibly was the world’s first keylogger—a 1970s bug that Soviet spies implanted in US diplomats’ IBM Selectric typewriters to monitor classified letters and memos. The electromechanical implants were nothing short of an engineering marvel. The highly miniaturized series of circuits were stuffed into a metal bar that ran the length of the typewriter, making them invisible to the naked eye. The implant, which could only be seen using X-ray equipment, recorded the precise location of the little ball Selectric typewriters used to imprint a character on paper. With the exception of spaces, tabs, hyphens, and backspaces, the tiny devices had the ability to record every key press and transmit it back to Soviet spies in real time. A “lucrative source of information” The Soviet implants were discovered through the painstaking analysis of more than 10 tons’ worth of equipment seized from US embassies and consulates and shipped back to the US. The implants were ultimately found inside 16 typewriters used from 1976 to 1984 at the US embassy in Moscow and the US consulate in Leningrad. The bugs went undetected for the entire eight-year span and only came to light following a tip from a US ally whose own embassy was the target of a similar eavesdropping operation. Read 7 remaining paragraphs | Comments

Read the original post:
How Soviets used IBM Selectric keyloggers to spy on US diplomats