Tag: open source

TechCrunch: Equifax Hack-Checking Web Site Is Returning Random Results

An anonymous reader quotes security researcher Brian Krebs: The web site that Equifax advertised as the place where concerned Americans could go to find out whether they were impacted by this breach — equifaxsecurity2017.com — is completely broken at best, and little more than a stalling tactic or sham at worst. In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones. TechCrunch has concluded that “the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach.” One user reports that entering the same information twice produced two different answers. And ZDNet’s security editor reports that even if you just enter Test or 123456, “it says your data has been breached.” TechCrunch writes: The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID. What this means is not only are none of the last names tied to your Social Security number, but there’s no way to tell if you were really impacted. It’s clear Equifax’s goal isn’t to protect the consumer or bring them vital information. It’s to get you to sign up for its revenue-generating product TrustID. Meanwhile, one web engineer claims the secret 10-digit “security freeze” PIN being issued by Equifax “is just a timestamp of when you made the freeze.” Read more of this story at Slashdot.

More:
TechCrunch: Equifax Hack-Checking Web Site Is Returning Random Results

An Intelligent Speed Bump Uses Non-Newtonian Liquid

turkeydance quotes Business Insider: A Spanish company has designed a speed bump that won’t hinder slow drivers but will still stop motorists driving too fast. The speed bump is filled with a non-Newtonian liquid which changes viscosity when pressure is applied at high velocity. They’ve been installed in Villanueva de Tapia, Spain and there has also been interest from Israel and Germany. There’s a video on the site showing the speed bump in action. Read more of this story at Slashdot.

Read this article:
An Intelligent Speed Bump Uses Non-Newtonian Liquid

Hackers Have Penetrated Energy Grid, Symantec Warns

An anonymous reader quotes a report from Fortune: Hackers have been burrowing their way inside the critical infrastructure of energy and other companies in the U.S. and elsewhere, warns cybersecurity giant Symantec. In a new report, Symantec claims that the threat of cyberattack-induced power outages in the west has elevated from a theoretical concern to a legitimate one in recent months. “We’re talking about activity we’re seeing on actual operational networks that control the actual power grid, ” Eric Chien, technical director of security technology and response at Symantec, told Fortune on a call. Reports surfaced over the summer of hackers targeting staff at nuclear energy facilities with phishing attacks, designed to steal login credentials or install malware on machines. The extent of the campaign as well as the question of whether the attackers had breached operational IT networks, rather than merely administrative ones, was unclear at the time. Symantec is now erasing all doubt. “There are no more technical hurdles for them to cause some sort of disruption, ” Chien said of the hackers. “All that’s left is really motivation.” Symantec detailed its findings in a report released Wednesday morning. The paper tracks the exploits of a hacker group that Symantec has dubbed DragonFly 2.0, an outfit that the company says it has linked to an earlier series of attacks perpetrated between 2011 and 2014 by a group it dubbed DragonFly. Read more of this story at Slashdot.

Read the original:
Hackers Have Penetrated Energy Grid, Symantec Warns

Over 28 Million Records Stolen In Breach of Latin American Social Network Taringa

Taringa, also known as “The Latin American Reddit, ” has been compromised in a massive data breach that has resulted in the leaked login credentials of almost all of its over 28 million users. The Hackers News reports: The Hacker News has been informed by LeakBase, a breach notification service, who has obtained a copy of the hacked database containing details on 28, 722, 877 accounts, which includes usernames, email addresses and hashed passwords for Taringa users. The hashed passwords use an ageing algorithm called MD5 — which has been considered outdated even before 2012 — that can easily be cracked, making Taringa users open to hackers. Wanna know how weak is MD5? LeakBase team has already cracked 93.79 percent (nearly 27 Million) of hashed passwords successfully within just a few days. The data breach reportedly occurred last month, and the company then alerted its users via a blog post: “It is likely that the attackers have made the database containing nicks, email addresses and encrypted passwords. No phone numbers and access credentials from other social networks have been compromised as well as addresses of bitcoin wallets from the Taringa program! Creators.” the post (translated) says. “At the moment there is no concrete evidence that the attackers continue to have access to the Taringa code! and our team continues to monitor unusual movements in our infrastructure.” Read more of this story at Slashdot.

Excerpt from:
Over 28 Million Records Stolen In Breach of Latin American Social Network Taringa

Nearly 3,000 Bitcoin Miners Exposed Online Via Telnet Ports, Without Passwords

An anonymous reader quotes a report from Bleeping Computer: Dutch security researcher Victor Gevers has discovered 2, 893 Bitcoin miners left exposed on the internet with no passwords on their Telnet port. Gevers told Bleeping Computer in a private conversation that all miners process Bitcoin transactions in the same mining pool and appear to belong to the same organization. “The owner of these devices is most likely a state sponsored/controlled organization part of the Chinese government, ” Gevers says, basing his claims on information found on the exposed miners and IP addresses assigned to each device. “At the speed they were taken offline, it means there must be serious money involved, ” Gevers added. “A few miners is not a big deal, but 2, 893 [miners] working in a pool can generate a pretty sum.” According to a Twitter user, the entire network of 2, 893 miners Gevers discovered could generate an income of just over $1 million per day, if mining Litecoin. Read more of this story at Slashdot.

View original post here:
Nearly 3,000 Bitcoin Miners Exposed Online Via Telnet Ports, Without Passwords

Sharp Announces 8K Consumer TVs Now That We All Have 4K

Thuy Ong reports via The Verge: Now that you’ve upgraded to a shiny new 4K TV, Sharp has revealed its latest screen to stoke your fear of missing out: a 70-inch Aquos 8K TV. That 8K (7, 680 x 4, 320) resolution is 16 times that of your old Full HD (1920 x 1080) TV. Sharp calls it “ultimate reality, with ultra-fine details even the naked eye cannot capture, ” which doesn’t seem like a very good selling point. Keep in mind that having a screen with more pixels doesn’t buy you much after a certain point, because those pixels are invisible from a distance — while an 8K panel would be beneficial as a monitor, where you’re sitting close, it won’t buy you much when leaning back on the couch watching TV. HDR, however, is something else entirely, and fortunately, Sharp’s new 8K set is compatible with Dolby Vision HDR and BDA-HDR (for Blu-ray players). The lack of available 8K HDR content is also a problem. But there is some content floating around. The TV will be rolling out to China and Japan later this year, and then Taiwan in February 2018. Sharp is repurposing its 70-inch 8K TV as an 8K monitor (model LV-70X500E) for Europe, which will be on sale in March. There is no news about a U.S. release. Read more of this story at Slashdot.

Originally posted here:
Sharp Announces 8K Consumer TVs Now That We All Have 4K

60,000 Germans Evacuate While Officials Try To Defuse a WWII Bomb

More than 70 years ago the UK’s Royal Air Force dropped an 1, 100-pound bomb on Germany. They just found it. An anonymous reader quotes ABC: Residents in two German cities are evacuating their homes as authorities prepare to dispose of World War II-era bombs found during construction work this week. About 21, 000 people have been ordered to leave their homes and workplaces in the western city of Koblenz as a precaution before specialists attempt to defuse the 500-kilogram bomb on Saturday afternoon (local time). Among those moved to safety are prison inmates and hospital patients. Officials in the financial capital Frankfurt, meanwhile, are carrying out what is described as Germany’s biggest evacuation. Frankfurt city officials have said more than 60, 000 residents will have to leave their homes for at least 12 hours. Failure to defuse the bomb could cause a big enough explosion to flatten a city block, a fire department official said. “This bomb has more than 1.4 tonnes of explosives, ” Frankfurt fire chief Reinhard Ries said. “It’s not just fragments that are the problem, but also the pressure that it creates that would dismantle all the buildings in a 100-metre radius”… Police will ring every doorbell and use helicopters with heat-sensing cameras to make sure nobody is left behind before they start diffusing the bomb. Reuters notes that every year Germany discovers more than 2, 000 tons of live bombs and munitions, adding “In July, a kindergarten was evacuated after teachers discovered an unexploded World War Two bomb on a shelf among some toys.” Read more of this story at Slashdot.

Read the article:
60,000 Germans Evacuate While Officials Try To Defuse a WWII Bomb

A Canadian University Gave $11 Million To a Scammer

A Canadian university transferred more than $11 million CAD (around $9 million USD) to a scammer that university staff believed to be a vendor in a phishing attack, a university statement published on Thursday states. From a report: Staff at MacEwan University in Edmonton, Alberta became aware of the fraud on Wednesday, August 23, the statement says. According to the university, the attacker sent a series of emails that convinced staff to change payment details for a vendor, and that these changes resulted in the transfer of $11.8 million CAD into bank accounts that the school has traced to Canada and Hong Kong. The school is working with authorities in Edmonton, Montreal, London, and Hong Kong, the statement reads. According to the university, its IT systems were not compromised and no personal or financial information was stolen. A phishing scam is not technically a “hack, ” it should be noted, and only requires the attacker to convince the victim to send money. The school’s preliminary investigation found that “controls around the process of changing vendor banking information were inadequate, and that a number of opportunities to identify the fraud were missed.” Read more of this story at Slashdot.

Original post:
A Canadian University Gave $11 Million To a Scammer

China Plans 600 MPH Train To Rival Elon Musk’s Hyperloop

In addition to relaunching the world’s fastest bullet train, China is working on developing technology similar to Elon Musk’s Hyperloop, which will allow passengers to travel at speeds up to 4, 000 km/h (~2, 500 mph). The first stage of the company’s plan, however, will be to create a network of these “flying trains” operating at 1, 000 km/h (~600 mph). Shanghaiist reports: Earlier today, the China Aerospace Science and Industry Corporation (CASIC), one of the nation’s major space contractors, announced that it had begun research and development into a new, futuristic type of transport which would operate via supersonic “near ground flight.” The system would presumably be similar to that of the Hyperloop, proposed earlier this decade by Elon Musk, in which capsules would fly at ultrafast speeds down reduced-pressure tubes, dramatically reducing travel times. Of course, the CASIC isn’t looking to reach speeds of 4, 000 km/h right away. The first stage of the company’s plan will be to create an intercity network of these “flying trains” operating at 1, 000 km/h. In the second phase, this network would be extended and the max speed of the pods increased to 2, 000 km/h. Finally, in the third stage, the speed would be boosted all the way up to 4, 000 km/h — five times the speed of civil aviation aircraft today. Read more of this story at Slashdot.

See more here:
China Plans 600 MPH Train To Rival Elon Musk’s Hyperloop

The IRS Decides Who To Audit By Data Mining Social Media

In America the Internal Revenue Service used to pick who got audited based on math mistakes or discrepancies with W-2 forms — but not any more. schwit1 shares an article from the Vanderbilt Journal of Entertainment and Technology Law describing their new technique: The IRS is now engaging in data mining of public and commercial data pools (including social media) and creating highly detailed profiles of taxpayers upon which to run data analytics. This article argues that current IRS practices, mostly unknown to the general public, are violating fair information practices. This lack of transparency and accountability not only violates federal law regarding the government’s data collection activities and use of predictive algorithms, but may also result in discrimination. While the potential efficiencies that big data analytics provides may appear to be a panacea for the IRS’s budget woes, unchecked these activities are a significant threat to privacy [PDF]. Other concerns regarding the IRS’s entrée into big data are raised including the potential for political targeting, data breaches, and the misuse of such information. While tax evasion cost the U.S.$3 trillion between 2000 and 2009, one of the report’s authors argues that people should be aware âoethat what they say and do onlineâ could be used against them. Read more of this story at Slashdot.

View original post here:
The IRS Decides Who To Audit By Data Mining Social Media