Tag: internet

US Studying Ways To End Use of Social Security Numbers For ID

wiredmikey quotes a report from Security Week: U.S. officials are studying ways to end the use of social security numbers for identification following a series of data breaches compromising the data for millions of Americans, Rob Joyce, the White House cybersecurity coordinator, said Tuesday. Joyce told a forum at the Washington Post that officials were studying ways to use “modern cryptographic identifiers” to replace social security numbers. “I feel very strongly that the social security number has outlived its usefulness, ” Joyce said. “It’s a flawed system.” For years, social security numbers have been used by Americans to open bank accounts or establish their identity when applying for credit. But stolen social security numbers can be used by criminals to open bogus accounts or for other types of identity theft. Joyce said the administration has asked officials from several agencies to come up with ideas for “a better system” which may involve cryptography. This may involve “a public and private key” including “something that could be revoked if it has been compromised, ” Joyce added. Read more of this story at Slashdot.

See the original post:
US Studying Ways To End Use of Social Security Numbers For ID

Google Scraps Controversial Policy That Gave Free Access To Paywalled Articles Through Search

For years, Google has provided a nifty trick to get around subscriptions for newspapers and magazines. But the company is now doing away with it. From a report: Google is ending its controversial First Click Free (FCF) policy that publishers loathed because it required them to allow Google search results access to news articles hidden behind a paywall. The company is replacing the decade-old FCF with Flexible Sampling, which allows publishers instead to decide how many (if any) articles they want to allow potential subscribers to access. Google says it’s also working on a suite of new tools to help publishers reach new audiences and grow revenue. Via FCF, users could access an article for free but would be prompted to log-in or subscribe if they clicked anywhere else on the page. Publishers were required to allow three free articles per day which Google indexed so that they appeared in searches for a particular topic or keyword. Opting out of the FCF feature was detrimental because it demoted a publisher’s ranking on Google Search and Google News. Read more of this story at Slashdot.

See the original article here:
Google Scraps Controversial Policy That Gave Free Access To Paywalled Articles Through Search

Microsoft and Facebook’s massive undersea data cable is complete

Last year, we reported that Microsoft and Facebook were teaming up to build a massive undersea cable that would cross the Atlantic , connecting Virginia Beach to the northern city of Bilbao in Spain. Last week, Microsoft announced that the cable, called Marea, is complete. Marea, which means “tide” in Spanish, lies over 17, 000 feet below the Atlantic Ocean’s surface and is around 4, 000 miles long. It weighs 10.25 million pounds. The data rates (which let’s face it, that’s what we’re all really interested in) are equally staggering: Marea can transmit at a rate of 160 TB/second. And it was finished in less than two years. What’s really interesting about Marea, though, is that it has an open design. This means that Microsoft and Facebook are trying to make the cable as future proof as possible. It can evolve as technology changes and demands increase for more data and higher speeds. Its flexibility means that upgrading the cable and its equipment to be compatible with newer technology will be easier. If you’re interested in learning more about Marea, you can watch the recorded livestream of a celebration of the cable that happened last Friday. It’s nice to see tech companies working together, and on big projects that will help them meet future demands for Internet usage. Source: Microsoft

See the original post:
Microsoft and Facebook’s massive undersea data cable is complete

Backdoor Found In WordPress Plugin With More Than 200,000 Installations

According to Bleeping Computer, a WordPress plug that goes by the name Display Widgets has been used to install a backdoor on WordPress sites across the internet for the past two and a half months. While the WordPress.org team removed the plugin from the official WordPress Plugins repository, the plugin managed to be installed on more than 200, 000 sites at the time of its removal. The good news is that the backdoor code was only found between Display Widgets version 2.6.1 (released June 30) and version 2.6.3 (released September 2), so it’s unlikely everyone who installed the plugin is affected. WordPress.org staff members reportedly removed the plugin three times before for similar violations. Bleeping Computer has compiled a history of events in its report, put together with data aggregated from three different investigations by David Law, White Fir Design, and Wordfence. The report adds: The original Display Widgets is a plugin that allowed WordPress site owners to control which, how, and when WordPress widgets appear on their sites. Stephanie Wells of Strategy11 developed the plugin, but after switching her focus to a premium version of the plugin, she decided to sell the open source version to a new developer who would have had the time to cater to its userbase. A month after buying the plugin in May, its new owner released a first new version — v2.6.0 — on June 21. Read more of this story at Slashdot.

See the original post:
Backdoor Found In WordPress Plugin With More Than 200,000 Installations

Equifax Blames Open-Source Software For Its Record-Breaking Security Breach

The blame for the record-breaking cybersecurity breach that affects at least 143 million people falls on the open-source server framework, Apache Struts, according to an unsubstantiated report by equity research firm Baird. The firm’s source, per one report, is believed to be Equifax. ZDNet reports: Apache Struts is a popular open-source software programming Model-View-Controller (MVC) framework for Java. It is not, as some headlines have had it, a vendor software program. It’s also not proven that Struts was the source of the hole the hackers drove through. In fact, several headlines — some of which have since been retracted — all source a single quote by a non-technical analyst from an Equifax source. Not only is that troubling journalistically, it’s problematic from a technical point of view. In case you haven’t noticed, Equifax appears to be utterly and completely clueless about their own technology. Equifax’s own data breach detector isn’t just useless: it’s untrustworthy. Adding insult to injury, the credit agency’s advice and support site looks, at first glance, to be a bogus, phishing-type site: “equifaxsecurity2017.com.” That domain name screams fake. And what does it ask for if you go there? The last six figures of your social security number and last name. In other words, exactly the kind of information a hacker might ask for. Equifax’s technical expertise, it has been shown, is less than acceptable. Could the root cause of the hack be a Struts security hole? Two days before the Equifax breach was reported, ZDNet reported a new and significant Struts security problem. While many jumped on this as the security hole, Equifax admitted hackers had broken in between mid-May through July, long before the most recent Struts flaw was revealed. “It’s possible that the hackers found the hole on their own, but zero-day exploits aren’t that common, ” reports ZDNet. “It’s far more likely that — if the problem was indeed with Struts — it was with a separate but equally serious security problem in Struts, first patched in March.” The question then becomes: is it the fault of Struts developers or Equifax’s developers, system admins, and their management? “The people who ran the code with a known ‘total compromise of system integrity’ should get the blame, ” reports ZDNet. Read more of this story at Slashdot.

View post:
Equifax Blames Open-Source Software For Its Record-Breaking Security Breach

TechCrunch: Equifax Hack-Checking Web Site Is Returning Random Results

An anonymous reader quotes security researcher Brian Krebs: The web site that Equifax advertised as the place where concerned Americans could go to find out whether they were impacted by this breach — equifaxsecurity2017.com — is completely broken at best, and little more than a stalling tactic or sham at worst. In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones. TechCrunch has concluded that “the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach.” One user reports that entering the same information twice produced two different answers. And ZDNet’s security editor reports that even if you just enter Test or 123456, “it says your data has been breached.” TechCrunch writes: The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID. What this means is not only are none of the last names tied to your Social Security number, but there’s no way to tell if you were really impacted. It’s clear Equifax’s goal isn’t to protect the consumer or bring them vital information. It’s to get you to sign up for its revenue-generating product TrustID. Meanwhile, one web engineer claims the secret 10-digit “security freeze” PIN being issued by Equifax “is just a timestamp of when you made the freeze.” Read more of this story at Slashdot.

More:
TechCrunch: Equifax Hack-Checking Web Site Is Returning Random Results

AI Can Detect Sexual Orientation Based On Person’s Photo

ugen shares a report from CNBC: Artificial Intelligence (AI) can now accurately identify a person’s sexual orientation by analyzing photos of their face, according to new research. The Stanford University study, which is set to be published in the Journal of Personality and Social Psychology and was first reported in The Economist, found that machines had a far superior “gaydar” when compared to humans. Slashdot reader randomlygeneratename adds: Researchers built classifiers trained on photos from dating websites to predict the sexual orientation of users. The best classifier used logistic regression over features extracted from a VGG-Face conv-net. The latter was done to prevent overfitting to background, non-facial information. Classical facial feature extraction also worked with a slight drop in accuracy. From multiple photos, they achieved an accuracy of 91% for men and 83% for women (and 81% / 71% for a single photo). Humans were only able to get 61% and 54%, respectively. One caveat is the paper mentions it only used Caucasian faces. The paper went on to discuss how this capability can be an invasion of privacy, and conjectured that other types of personal information might be detectable from photos. The source paper can be found here. Read more of this story at Slashdot.

Read More:
AI Can Detect Sexual Orientation Based On Person’s Photo

The internet has finally killed off the Yellow Pages

If you’re after a plumber you look on Checkatrade, if you need a cab you fire up the Uber app , and if you’re craving pizza you simply ask Alexa to order one . With all the conveniences the internet affords, it was inevitable the local listings tome that is the Yellow Pages would go the way of the dodo eventually. Yell has announced that the large paper doorstop is indeed approaching its final hour. After distributing a penultimate edition in Kingston in January next year, Yell will officially say goodbye to the Yellow Pages in January 2019, when the last ever copies will hit doorsteps in Brighton — back where it all began in 1966. Yell embraced online many moons ago, of course, with a listings site and mobile apps, but this will mark “the company’s full transition to a purely digital business.” The Yellow Pages is a British institution, but even icons have to roll with the times. Take telephone boxes, for example, which are being ripped out and replaced left, right and centre on account of them being obsolete in the mobile age. The internet has had a particularly broad impact on publishing, causing the closure or moving online of various print publications over the years. Playboy even scrapped nudity because of all the nakedness available online — well, for a year at least. Via: BBC , Gizmodo Source: Yell

Continued here:
The internet has finally killed off the Yellow Pages

A Canadian University Gave $11 Million To a Scammer

A Canadian university transferred more than $11 million CAD (around $9 million USD) to a scammer that university staff believed to be a vendor in a phishing attack, a university statement published on Thursday states. From a report: Staff at MacEwan University in Edmonton, Alberta became aware of the fraud on Wednesday, August 23, the statement says. According to the university, the attacker sent a series of emails that convinced staff to change payment details for a vendor, and that these changes resulted in the transfer of $11.8 million CAD into bank accounts that the school has traced to Canada and Hong Kong. The school is working with authorities in Edmonton, Montreal, London, and Hong Kong, the statement reads. According to the university, its IT systems were not compromised and no personal or financial information was stolen. A phishing scam is not technically a “hack, ” it should be noted, and only requires the attacker to convince the victim to send money. The school’s preliminary investigation found that “controls around the process of changing vendor banking information were inadequate, and that a number of opportunities to identify the fraud were missed.” Read more of this story at Slashdot.

Original post:
A Canadian University Gave $11 Million To a Scammer

How the NSA Identified Satoshi Nakamoto

An anonymous reader shares a report: The ‘creator’ of Bitcoin, Satoshi Nakamoto, is the world’s most elusive billionaire. Very few people outside of the Department of Homeland Security know Satoshi’s real name. In fact, DHS will not publicly confirm that even THEY know the billionaire’s identity. Satoshi has taken great care to keep his identity secret employing the latest encryption and obfuscation methods in his communications. Despite these efforts (according to my source at the DHS) Satoshi Nakamoto gave investigators the only tool they needed to find him — his own words. Using stylometry one is able to compare texts to determine authorship of a particular work. Throughout the years Satoshi wrote thousands of posts and emails and most of which are publicly available. According to my source, the NSA was able to the use the ‘writer invariant’ method of stylometry to compare Satoshi’s ‘known’ writings with trillions of writing samples from people across the globe. By taking Satoshi’s texts and finding the 50 most common words, the NSA was able to break down his text into 5, 000 word chunks and analyse each to find the frequency of those 50 words. This would result in a unique 50-number identifier for each chunk. The NSA then placed each of these numbers into a 50-dimensional space and flatten them into a plane using principal components analysis. The result is a ‘fingerprint’ for anything written by Satoshi that could easily be compared to any other writing. The NSA then took bulk emails and texts collected from their mass surveillance efforts. First through PRISM and then through MUSCULAR, the NSA was able to place trillions of writings from more than a billion people in the same plane as Satoshi’s writings to find his true identity. The effort took less than a month and resulted in positive match. Read more of this story at Slashdot.

Visit site:
How the NSA Identified Satoshi Nakamoto