security – Page 146

Slack To Disable Thousands of Logins Leaked on GitHub

An anonymous reader writes: Thursday one technology site reported that thousands of developers building bots for the team-collaboration tool Slack were exposing their login credentials in public GitHub repositories and tickets. “The irony is that a lot of these bots are mostly fun ‘weekend projects’, reported Detectify. “We saw examples of fit bots, reminding you to stretch throughout the day, quote bots, quoting both Jurassic Park…and Don Quixote….” Slack responded that they’re now actively searching for publicly-posted login credentials, “and when we find any, we revoke the tokens and notify both the users who created them, as well as the owners of affected teams.” Detectify notes the lapse in security had occurred at a wide variety of sites, including “Forbes 500 companies, payment providers, multiple internet service providers and health care providers… University classes at some of the world’s best-known schools. Newspapers sharing their bots as part of stories. The list goes on and on…” Read more of this story at Slashdot.

Visit link:
Slack To Disable Thousands of Logins Leaked on GitHub

House Passes Email Privacy Act, Requiring Warrants For Obtaining Emails

An anonymous reader quotes a report from TechCrunch: The U.S. House of Representatives has passed H.R. 699, the Email Privacy Act, sending it on to the Senate and from there, hopefully anyhow, to the President. The yeas were swift and unanimous. The bill, which was introduced in the House early last year and quickly found bipartisan support, updates the 1986 Electronic Communications Privacy Act, closing a loophole that allowed emails and other communications to be obtained without a warrant. It’s actually a good law, even if it is arriving a couple of decades late. “Under current law, there are more protections for a letter in a filing cabinet than an email on a server, ” said Congresswoman Suzan Delbene during the debate period. An earlier version of the bill also required that authorities disclose that warrant to the person it affected within 10 days, or 3 if the warrant related to a government entity. That clause was taken out in committee — something trade groups and some of the Representatives objected to as an unpleasant compromise. Read more of this story at Slashdot.

Continue Reading:
House Passes Email Privacy Act, Requiring Warrants For Obtaining Emails

Facebook was the victim of a backdoor hack

Even a tech giant like Facebook isn’t immune to significant security breaches. Devcore’s Orange Tsai recently discovered that someone had installed a backdoor on one of Facebook’s corporate servers (that is, not the social network itself) in a bid to swipe workers’ login details. While it’s not clear how successful the script-based exploit was, Tsai noted that the file transfer app hosted on the server had several vulnerabilities that effectively gave any intruder free rein. The attacker could have checked employee email, for instance, or even connected to Facebook’s virtual private network to get access to the company’s inner workings. Thankfully, this is all past tense. You’re only hearing about this now because Tsai reported the bugs to Facebook (to get a bounty, naturally), and waited until the firm completed its investigation before disclosing the flaws. That backdoor isn’t there anymore, folks. All the same, the incident is bound to humble Facebook a bit — it’s proof that the company is a prime target for hackers, and that it can’t assume it’s always on top of every possible security flaw. Via: Hacker News Source: Devcore

View post:
Facebook was the victim of a backdoor hack

Log in with your skull via bone conduction biometrics

Researchers looking for a better way to secure their face computers have come up with a novel solution for hands-free, head-mounted password entry. A device could potentially identify its wearer by emitting an ultrasonic hum through their skull and listening for the unique frequency that bounces back. The ” SkullConduct ” setup was devised by university researchers in Germany and works on a modified pair of Google Glass. Using the integrated bone conduction speaker and microphone, the device played an imperceptible sound that was then picked up by the microphone. A test device was able to correctly identify the user 97 percent of the time in a lab. While the researchers originally envisioned the system as a way to keep unwanted users from accessing devices like Glass, Gizmodo thinks it could potentially be another TouchID for your skull. Imagine, if you will, a scenario where you can unlock your phone by placing it against your ear. But, then again, who actually takes phone calls anymore?

Continued here:
Log in with your skull via bone conduction biometrics

Australian researchers developed a blood test for Parkinson’s

By the time Parkinson’s disease makes itself known in humans, it’s already too late for treatment. But La Trobe University in Australia has developed a test that detects a biomarker present in blood cells in folks with the disease. The school describes the test as a means of detecting problems within cell mitochondria that cause an energy-and-stress-sensing protein, dubbed AMPK, to permanently activate and start damaging cells. The research is being bankrolled in part by Parkinson’s perhaps highest-profile patient, Michael J. Fox. Well, his foundation dedicated to further research on the debilitating malady , that is. The downside is that even with Fox’s Foundation for Parkinson’s Research and the Shake It Up Australia Foundation’s $640, 000 grant to La Trobe, more money is still needed for the test to be ready for the public. And beyond that, it’d still take five years to hit the market with additional funding. For now, the school is increasing the amount of testing it’s doing, going from a group of 38 people to 70. According to The Guardian , the ultimate goal is to do a longitudinal study with “thousands” of people in their 40s prior to them being at risk for the disease and before they start showing physical symptoms. From there, the researchers could test beyond Parkinson’s and see if the same method could be used to diagnose other neurological disorders, like Alzheimer’s, as well. Via: Popular Science Source: La Trobe University

More:
Australian researchers developed a blood test for Parkinson’s

‘World of Warcraft’ keeps growing with ‘Legion’ in August

Blizzard will launch World of Warcraft ‘s sixth expansion, Legion , on August 30th, unleashing hordes of hellish beasts and fresh quests into the game world. Legion adds the Demon Hunter hero class, customizable artifact weapons and a new continent called the Broken Isles, among other updates. Pre-orders are live now in two flavors: the $50 Standard Edition or the $70 Digital Deluxe Edition, which includes an adorable demon dog as a pet, the Illidari Felstalker mount, and in-game goodies for Heroes of the Storm , StarCraft 2 and Diablo 3 (all of which are Blizzard properties as well). Pre-ordering the Standard or Digital Deluxe versions of Legion grants players the ability to boost one character up to level 100 and early access to the Demon Hunter class. Plus, there’s one more way to give Blizzard your money: The $90 Collector’s Edition includes everything from the Digital Deluxe version plus a hardcover art book, a two-disc behind-the-scenes Blu-ray / DVD set, a CD soundtrack and a Legion mousepad. This bundle will be available at retail only. World of Warcraft is an MMO that debuted in 2004 and quickly evolved into one of the most popular video games in the world. It hit a player-count high in 2010 with 12 million subscribers, but that number fell to 10 million in 2014 and finally 5.5 million in September 2015. That’s still millions of players, but the decline has fueled whispers of WoW ‘s demise — something that Blizzard will surely try to silence with Legion . Starting in 2016, Blizzard will no longer report subscriber numbers for World of Warcraft , so we’ll have to rely on gut feelings going forward. Source: BusinessWire

More here:
‘World of Warcraft’ keeps growing with ‘Legion’ in August

Homeland Security urges you to uninstall QuickTime on Windows

The Department of Homeland Security is echoing Trend Micro’s advice to uninstall QuickTime if you have it on your Windows computer. While the multimedia program’s working just fine, the security firm has discovered two new critical vulnerabilities lurking within it that could allow remote attackers to take over your system. Unfortunately, they might never be patched up: Trend Micro says Apple will no longer release security updates for the Windows version of the software, hence the call to jettison it completely. The good news is that Trend Micro hasn’t spotted any active attacks targeting those specific vulnerabilities yet. But both the firm and Homeland Security stress that because Apple has abandoned the program, the only way to protect yourself from potential threats is to dump it — Windows has a lot of safer alternatives you can use anyway. These flaws don’t affect QuickTime for Mac in any way, though, so OS X users can carry on. Source: Reuters , Department of Homeland Security , Trend Micro

The ‘Game of Thrones’ credits are more fun in 360-degrees

There are still ten days to go until Game of Thrones season six debuts, but HBO is doing its best to keep fans’ appetites for new footage satiated until then. After dropping a dingy new trailer on Monday, and some behind-the-scenes footage yesterday, it’s now released a 360-degree video of the show’s opening credits on Facebook. The extended sequence lets you explore the famous clockwork map of Westeros and Essos. The map is arranged inside a sphere, which means looking in the right direction will give you a little peek across the water at Sothoryos and the Basilisk Isles. Many of the show’s iconic locations are there, from King’s Landing and Winterfell to Dorne. There are more than a few easter eggs to discover just by looking around as well, including a glimpse of an unnamed direwolf by the wall — make of that what you will — and a PG-13 view of the Titan of Braavos. Via: Deadline Source: Game of Thrones (Facebook)

WhatsApp Enables End-To-End Encryption For All Forms of Communications By Default

Popular instant messaging app WhatsApp, on Tuesday, announced that it is turning on end-to-end encryption for all its users by default. The company says that every call a user makes, every text message they send, all photos and videos they share will now be more secure. Furthermore, the encryption status of any chat is visible under the chat’s preferences screen. The announcement comes a little over a year after the Facebook-owned company partnered with Open Whisper Systems, a nonprofit software group that develops collaborative open source projects with a mission to “make private communication simple.” The end-to-end encryption feature is available on the latest version of the app. In a blog post, Open Whisper Systems further explains the feature: Once a client recognizes a contact as being fully e2e capable, it will not permit transmitting plaintext to that contact, even if that contact were to downgrade to a version of the software that is not fully e2e capable. This prevents the server or a network attacker from being able to perform a downgrade attack. In a blog post, WhatsApp writes: While WhatsApp is among the few communication platforms to build full end-to-end encryption that is on by default for everything you do, we expect that it will ultimately represent the future of personal communication. WhatsApp has also made available the technical details about how the two companies implemented this feature (PDF). For those of you who haven’t heard of WhatsApp, it’s an instant messaging and voice calling app. The free service, which is available across all popular platforms, is used by more than a billion people worldwide every month. A report on Wired says that a team of only 15 engineers enabled this security feature for over a billion users. Privacy researcher and activist Christopher Soghoian rightfully adds, “Google has no excuse.” Read more of this story at Slashdot.

View the original here:
WhatsApp Enables End-To-End Encryption For All Forms of Communications By Default

Huge data leak reveals the hidden wealth of the rich and famous

In one of the biggest data leaks ever (even larger than the NSA wires leak in 2013 ), Panama-based legal firm Mossack Fonseca has seen 2.6 terabytes of its private data leaked to journalists. Shared with German newspaper Suddeutsche Zeitung , it was then spread to a wider network of journalists globally — 370 reporters from 100 media organizations have looked into the leak for a year. The research has already unearthed that 12 national leaders, including monarchs, presidents and prime ministers, have been using offshore tax havens, including a $2 billion paper trail that leads to Russia’s Vladimir Putin . Meanwhile, FIFA’s attempts to clean itself up faces fresh criticism after the leak appears to connect executives being investigated to members of the ethics committee itself. The sheer volume of data means that files are still being pored over, although you can attempt to follow along with this Reddit thread . It sheds light on the huge, lucrative, complex world of offshore finance and special tax laws. Mossack Fonseca is the world’s fourth biggest offshore law firm, meaning that the leak has plenty of new information and insight globally, from Russia’s rich to property developers in Hong Kong , Lionel Messi and politicians across the world . There’s a big focus on the UK too: more than half of the companies are either registered there or in British-administered tax havens. The company denies any accusations of wrongdoing. Source: The Guardian , Reddit

Ken May

Tag: security