COMPUTERS/INTERNET/SECURITY | WHAT REALLY HAPPENED

COMPUTERS/INTERNET/SECURITY

Feb 27 07:48

March of the microscopic robots

Feb 27 07:47

Mafia-type gangs, not foreign powers, hacked French hospitals, says minister, as some doctors continue to work with pen and paper

The French minister for digital transformation has said mafia-type gangs from Eastern Europe are probably behind a spate of attacks on French hospitals and laboratories during the pandemic, rather than foreign state actors.

“Concerning the hospitals, in all likelihood, it is not foreign powers, but rather Mafia-type organizations – often situated in eastern countries but not just limited to there – who are looking for money,” Cedric O, the secretary of state for digital transformation, told France 2 television on Thursday.

The minister said that the gangs normally attempt to steal confidential data with the aim of ransoming the organization in question, adding that the situation had stabilized following a spate of attacks earlier in the year.

While many hospitals and healthcare organizations have returned to normal, Cedric O claimed that hospitals in Dax and Villefranche-sur-Saône were still working with pen and paper after their computer systems were hit.

Feb 26 11:39

Google looks at bypass in Chromium's ASLR security defense, throws hands up, won't patch garbage issue

In early November, a developer contributing to Google's open-source Chromium project reported a problem with Oilpan, the garbage collector for the browser's Blink rendering engine: it can be used to break a memory defense known as address space layout randomization (ASLR).

About two weeks later, Google software security engineer Chris Palmer marked the bug "WontFix" because Google has resigned itself to the fact that ASLR can't be saved – Spectre and Spectre-like processor-level flaws can defeat it anyway, whether or not Oilpan can be exploited.

Or as Palmer put it, "we already have to plan for a world in which ASLR is bypassable."

Feb 26 10:51

Google Demonetizes Information Liberation For Sharing Video Of Capitol Police Shooting Ashli Babbitt

Information Liberation has been suspended from Google AdSense after some 15 years for sharing video of Capitol police shooting Air Force veteran Ashli Babbitt in an article without any Google ads -- video which CNN and NBC paid $35,000 each to air on live TV and tons of other corporate media sites have fully monetized with Google's approval.

Feb 26 08:23

AFRICAN GOVERNMENTS ARE CRUSHING OPPOSITION USING ISRAELI SPYWARE

As internet penetration and smartphone usage increases across Africa, digital spaces have become increasingly important for organising political uprisings and opposition movements. In response, several of the continent’s regimes have shut down the internet or blocked social media apps. To sidestep the economic costs and global criticism that these online shutdowns incur, governments have turned to digital surveillance technology as a shrewder way to crush all opposition.

Feb 26 08:22

GOOGLE'S ERIC SCHMIDT & THE ARTIFICIAL INTELLIGENCE MILITARY-INDUSTRIAL COMPLEX

In late January, the National Security Commission on Artificial Intelligence (NSCAI), or the AI Commission, released a draft of their upcoming report to Congress, rejecting calls to ban AI-powered autonomous weapons, characterized by critics as “killer robots”. While the AI Commission did briefly address privacy and civil liberties concerns, they ultimately called on Congress to double AI research and funding annually up to $32 billion a year by 2026. The report also failed to note clear conflicts of interest between the Commission’s Chairman, and former Google CEO, Eric Schmidt.

Opponents of the advancing AI-powered surveillance and police states include privacy advocates concerned about a future where law enforcement are wearing glasses equipped with facial recognition software powered by secret AI algorithms.

Feb 25 13:52

You can control an armed Spot robot online, and Boston Dynamics is not happy

Boston Dynamics' lineup of robots have been taking turns wowing us with their stunts and fueling our nightmares (thanks in no small part to that Black Mirror episode). Now an artsy startup has finally gone ahead and combined the light and dark sides of the company's robotic dog, Spot, into a chaotic online event.

Starting at 10 a.m. PT Wednesday, random visitors to a website will be able to control a Spot robot equipped with a paintball gun as it ransacks an art gallery set up for the purpose.

MSCHF Product Studio / Screenshot by CNET
Spot's Rampage is the latest effort from MSCHF Product Studio, which is the same outfit that re-created episodes of The Office entirely in Slack and sells a cap for your Alexa device that jams its microphone.

To participate, you'll need to download the MSCHF App and visit the Spot's Rampage website where the chaos will be livestreamed. Every two minutes, control of Spot via the app will be passed to a random viewer on the website.

Feb 25 13:51

These are the most common ways hackers will attack your computer

Computer security has dominated tech news headlines in recent weeks, with reports of one hack and data breach after another as hackers get increasingly brazen and aggressive when it comes to different ways of stealing your information.

We’ve noted in previous posts some of the different steps you can take to make yourself less of a target in the next data breach, but in the meantime, researchers from the cybersecurity company Proofpoint have prepared a report that looks at some of the most common steps hackers take in order to break into your PC. They include phishing emails, whereby hackers trick users into opening messages and interacting with them in a way that triggers a malicious action. Indeed, the Proofpoint researchers warn in their report, for those of you not aware, that “email is by far the biggest channel for cyber attacks. We saw a wide range of email attack techniques in the fourth quarter, but almost all of them included some form of social engineering.”

Feb 24 11:45

A quantum computer just solved a decades-old problem three million times faster than a classical computer

Scientists from quantum computing company D-Wave have demonstrated that, using a method called quantum annealing, they could simulate some materials up to three million times faster than it would take with corresponding classical methods.

Together with researchers from Google, the scientists set out to measure the speed of simulation in one of D-Wave's quantum annealing processors, and found that performance increased with both simulation size and problem difficulty, to reach a million-fold speedup over what could be achieved with a classical CPU.

Feb 24 10:18

Trust Stamp – Bill Gates Funded Program That Will Create Your Digital Identity Based On Your Vaccination History

Trust Stamp is a vaccination based digital identity program funded by Bill Gates and implemented by Mastercard and GAVI, that will soon link your biometric digital identity to your vaccination records. The program said to “evolve as you evolve” is part of the Global War on Cash and has the potential dual use for the purposes of surveillance and “predictive policing” based on your vaccination history. Those who may not wish to be vaccinated may be locked out of the system based on their trust score.

Feb 24 10:16

Israeli cyber firm: Chinese hacking tool was modeled on NSA spyware

An Israeli cybersecurity firm announced Monday that China has used a hacking tool initially developed by the US National Security Agency.

In a new report, Check Point Software Technologies said the Chinese malware, which it dubbed “Jian,” exploited a vulnerability in Windows. It said the exploit was a replica of one used by the secretive “Equation Group” at the NSA.

Check Point said the tool was developed in 2014 and has been used since at least the following year, two years before cyber weapons made by the Equation Group were leaked online. The Tel Aviv-based firm hypothesized that Chinese spies may have obtained the code during an Equation Group operation against a target in China, captured it while monitoring an Equation Group attack against a third party, or acquired it during a Chinese operation against the Equation Group.

Feb 24 09:48

60 Years After Eisenhower's Warning, Distinct Signs Of A 'Digital-Intelligence Complex'

In June 2019, Susan Gordon stood on a stage at the Washington Convention Center. Behind her loomed three giant letters, “AWS,” the abbreviation for Amazon Web Services, the cloud computing division of the giant Internet retailer.

After three decades at the Central Intelligence Agency, Gordon had risen to one of the top jobs in the cloak-and-dagger world: principal deputy director of national intelligence. From that perch she publicly extolled the virtues of Amazon Web Services and the cloud services the tech giant provides the CIA.

She told the crowd that the intelligence community’s 2013 decision to sign a multi-year, $600 million contract with AWS for cloud computing “will stand as one of those that caused the greatest leap forward. … The investment we made so many years ago in order to be able to try and harness the power of the cloud with a partner who wanted to learn and grow with us has left us not only ready for today but positioned for tomorrow.”

Feb 24 09:24

Arizona's $24-Million Prison Management Software Is Keeping People Locked Up Past The End Of Their Sentences

The Arizona Department of Corrections is depriving inmates of freedom they've earned. Its $24 million tracking software isn't doing what it's supposed to when it comes to calculating time served credits. That's according to whistleblowers who've been ignored by the DOC and have taken their complaints to the press. Here's Jimmy Jenkins of KJZZ, who was given access to documents showing the bug has been well-documented and remains unfixed, more than a year after it was discovered.

According to Arizona Department of Corrections whistleblowers, hundreds of incarcerated people who should be eligible for release are being held in prison because the inmate management software cannot interpret current sentencing laws.

Feb 24 08:37

Microsoft President Blames Russia Intelligence Agency for SolarWinds Hack

Microsoft President Brad Smith told a US Senate panel there is substantial evidence that a Russian intelligence agency was involved in the massive SolarWinds hacking attack and there are no leads that would incriminate other suspects.

"I do think we can say this. At this stage we have seen substantial evidence that points to the Russian foreign intelligence agency. And we have found no evidence that leads us anywhere else," Smith said in a testimony to the Senate Select Committee on Intelligence.

US officials have said they agree that Russian hackers are likely behind a massive cyberattack that targeted at least nine federal agencies and 17,000 private companies. The suspects reportedly embedded malware in SolarWinds updates and patches to penetrate the networks in search for sensitive data. Russia has denied the allegations.

"We will wait for the rest of formal steps to be taken by the government and others. But there is not a lot of suspense at this moment," Smith said.

Feb 23 10:44

Find and Remove the New 'Silver Sparrow' macOS Malware

What’s Silver Sparrow? No, it’s not a Game of Thrones character—has that ship sailed?—but rather a new piece of macOS malware that runs on both Intel and M1-based Macs. That makes it the second piece of known malware for the latter, but there’s a silver lining: Researchers discovered the malicious software before it had a chance to actually harm your system.

As Red Canary’s Tony Lambert writes:

“...the ultimate goal of this malware is a mystery. We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution. Based on data shared with us by Malwarebytes, the nearly 30,000 affected hosts have not downloaded what would be the next or final payload.”

Feb 23 10:33

NASA’s New Mars Rover Is Less Powerful Than Many Smartphones

If you thought a NASA rover that cost $2.4 billion to build and launch would be more powerful than your old smartphone, you have another thing coming.

NASA’s Perseverance rover, which landed successfully on Mars Thursday, is powered by an old chipset that gives it about the same processing power as an iMac from 1998, according to PCMag‘s breakdown. More specifically, it’s packing 256MB of RAM and 2GB of storage, with a 200MHz processor.

For comparison’s sake, that’s substantially less computing power than the original Apple Watch, which packs 512MB of RAM and 8GB of storage, with a 520MHz processor.

But don’t be down on NASA — space engineers tend to use extremely time-tested computing components for maximum reliability. After all, if Perseverance runs into trouble, the nearest Apple Store is tens of millions of miles away.

Feb 23 08:33

Pieces Of Color: When YouTube’s oversensitive filters think CHESS VIDEOS are racist, will language have to adapt to Big Tech?

With all its talk of black-on-white war, YouTube’s “hate speech”-filtering AI can’t tell the difference between chess players and violent racists. Perhaps leaving robots in charge of the English language isn’t such a good idea.

Croatian chess player Antonio Radic, known to his million subscribers as ‘Agadmator,’ runs the world’s most popular chess channel on YouTube. Last summer he found his account suspended due to its “harmful and dangerous” content. Radic, who was in the middle of a show with Grandmaster Hikaru Nakamura at the time, was puzzled. He received no explanation for the ban, which was reversed on appeal, but speculated that YouTube’s censorship algorithm may have heard him say something like “black goes to B6 instead of C6, white will always be better.”

“If that's the case, I'm sure all [all of] my 1,800 videos will be taken down as it's black against white to the death in every video,” he told the Sun at the time.

Feb 23 08:20

Chinese Spies Hijack NSA Hacking Tools To Use Against The US

The NSA (and its army of expert hackers) has once again been hoist upon its own petard. And this time, it's not a shadowy group of hackers using aliases like "the Shadow Brokers" that's stealing the agency's code. It's the Chinese government, and its massive security apparatus.

According to Reuters, Chinese spies managed to hijack code first developed by the NSA to support the agency's hacking operations, the latest example of how malicious software developed by the US federal government has been used against the US, or its allies. Chinese spies reportedly first used the code developed by the NSA to support their own operations.

Feb 22 10:57

30,000 Macs infected with new Silver Sparrow malware

Security researchers have spotted a new malware operation targeting Mac devices that has silently infected almost 30,000 systems.

Named Silver Sparrow, the malware was discovered by security researchers from Red Canary and analyzed together with researchers from Malwarebytes and VMWare Carbon Black.

"According to data provided by Malwarebytes, Silver Sparrow had infected 29,139 macOS endpoints across 153 countries as of February 17, including high volumes of detection in the United States, the United Kingdom, Canada, France, and Germany," Red Canary's Tony Lambert wrote in a report published last week.

But despite the high number of infections, details about how the malware was distributed and infected users are still scarce, and it's unclear if Silver Sparrow was hidden inside malicious ads, pirated apps, or fake Flash updaters —the classic distribution vector for most Mac malware strains these days.

Feb 22 10:20

Scam artists lurking on dating apps and social media made away with a record haul in 2020

We expect love to have an emotional impact on us, but a new report released by the Federal Trade Commission revealed it's also hurting wallets. A record $304 million was reported lost to romance scams in 2020.

Scammers lurk on dating apps and social media, striking up conversation with strangers until they build up trust to eventually ask for money. The prevalence of these types of scams has been steadily rising for the past four years. In 2020, there was a 50% jump in reported dollar losses from romance scams from 2019. The pandemic has only made things easier, creating legitimate reasons for scammers to hide their real motives, claiming they cannot meet in person or need money for medical treatment.

Feb 22 07:54

Watch: US Army Conducts First Autonomous Vehicle Test At New Facility Near Baltimore 

US Army researchers began experimenting with autonomous vehicles at a new testing facility within Aberdeen Proving Ground (APG) in Middle River, Maryland.

APG allotted Army Research Laboratory (ARL) with 200 acres to prove and refine autonomous vehicles' performance. The facility has been home to the service for nearly a century, where munitions and weapons have been tested.

"The one-of-its-kind research campus was established to advance Army knowledge of autonomy and intelligent systems through basic and applied research of unmanned technologies that integrate artificial intelligence, autonomy, robotics and human teaming elements in complex environments," Jeffrey Westrich, an ARL program manager said.

Feb 21 13:01

Facebook now tracking OFFLINE interactions with partner stores to stalk users with targeted ads

You might expect social media platforms like Facebook to collect information about what you do on their site for ad targeting purposes, but did you know that they are also tracking your offline interactions with partner stores?

In its quest to know everything about everyone, Facebook partners with numerous retailers to learn what its users are buying, both from online retailers and in brick-and-mortar stores. They then use this data to target ads to you based on what they believe you are likely to buy. This explains why you might suddenly see a rise in the number of ads on Facebook related to a store you’ve visited or item you’ve bought recently.

Feb 21 08:42

New malware found on 30,000 Macs has security pros stumped

A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, which are still trying to understand precisely what it does and what purpose its self-destruct capability serves.

Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

Feb 21 08:41

Google Fires Another Top Researcher on Its AI Ethics Team

Google has fired another top artificial intelligence researcher, Margaret Mitchell, in the latest escalation of internal tensions at the company following December’s controversial ouster of Timnit Gebru, a Black AI ethicist. As if the PR fire with Google’s AI ethics team didn’t have enough fuel already.

Mitchell, who formerly led the team alongside Gebru, was caught using automated scripts to comb through her work emails to find evidence of discrimination and harassment to back up Gebru’s claims, Axios reports. In January, she lost access to her corporate email after Google launched an investigation into her activity. In a statement to Reuters, Google claims Mitchell’s firing followed disciplinary recommendations by investigators and a review committee. Google said she violated the company’s code of conduct and security policies and transferred electronic files outside the company.

Feb 19 12:22

California DMV Warns Millions of Records May Have Been Exposed in Worrisome Data Breach

The California Department of Motor Vehicles has warned state residents that over a year’s worth of data—including customer addresses and license plate numbers—may have been compromised in a recent cyberattack on a third-party contractor.

That contractor—Automatic Funds Transfer Services (AFTS)—is a financial services and data management firm, which California uses to verify changes of address for car owners.

AFTS was hit by a ransomware attack sometime between Feb. 3 and 4, potentially exposing “the last 20 months of California vehicle registration records that contain names, addresses, license plate numbers and vehicle identification numbers (VIN),” the DMV has said. As should be obvious, that means millions and millions of records.

Feb 19 08:52

The essential 10 programming languages developers need to know this year

Curious what the top programming languages are this year? Coding Dojo has made it easy by scouring job ads to see which languages are popping up the most on Indeed.com.

Ease of learning, potential salary draw, longevity and demand are all factors that developers consider when they're looking for a new language to study.

Richard Wang, CEO of Coding Dojo, said, "We track which programming language cropped up most often in job descriptions and compare it to previous years. For the first time every language has dropped due to COVID. With so many people out of work due to COVID and layoffs, this year's report has important insights for anyone looking to train for a new or more lucrative job in tech."

Feb 19 08:35

French village up in arms against planned satellite ground station for SpaceX’s Starlink (VIDEO)

Residents of Saint-Senier-de-Beuvron are at odds with Elon Musk’s SpaceX after the tech giant announced plans to erect a massive satellite array there. The ambitious idea has prompted health concerns among locals.

Saint-Senier-de-Beuvron is a small rural village located in the north-western French province of Normandy. Home to some 350 residents, it attracted some unexpected – and unwelcome – attention earlier this month when it got named one of three locations across the country to get a Starlink ground station.

Feb 19 07:09

DATA DISASTER: A CALL FOR AN INVESTIGATION INTO THE CDC’S CRIMINAL CONDUCT DURING COVID-19

Feb 18 15:50

ORWELLIAN: YouTube censors all videos from an academic conference on the dangers of censorship

“My initial reaction was ‘that’s absurd;’ there must have been a mistake or an accident or it must have gotten swept under somehow. There is no violation, there was no reasoning, there was no warning, there was not an explanation, there was no nothing. The entire channel was just gone.”

Feb 18 10:34

Private firms can't protect us from digital attacks. Government must step in.

Unless you've been living under a rock, you know that our digital infrastructure is under attack. ZDNet's excellent security coverage has daily updates, usually with names I've never heard of before. As the ZDNet security tagline says, "Let's face it. Software has holes. And hackers love to exploit them. New vulnerabilities appear almost daily."

Sadly, that's not hyperbole. "SolarWinds attack is not an outlier, but a moment of reckoning for security industry, says Microsoft exec" is a recent headline.

Vasu Jakkal, Microsoft's corporate vice president of security, compliance and identity, said,

Feb 17 11:33

Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam

The owners of a popular barcode scanner application that became a malicious nuisance on millions of devices with one update insist that a third-party buyer was to blame.

Earlier this month, cybersecurity firm Malwarebytes explored how a trusted, useful barcode and QR code scanner app on Google Play that accounted for over 10 million installs became malware overnight.

Having gained a following and acting as innocent software for years, in recent months, users began to complain that their mobile devices were suddenly full of unwanted adverts.

Barcode Scanner was fingered as the culprit and the source of the nuisanceware, tracked as Android/Trojan.HiddenAds.AdQR. The researchers tracked malicious updates as the reason -- with aggressive advert pushing implemented in the app's code.

The app's analytics code was also modified and updates were heavily obfuscated.

Feb 17 07:37

Law firm that represented Trump in his bid to overturn the election is hacked: Cyber-criminals steal 100GB of files and post them on the dark web

Hackers claim to have stolen files belonging to the global law firm Jones Day and have posted a number of the purported illicitly obtained documents on the dark web.

The firm famously - and controversially - represented former President Donald Trump in several of his unsuccessful attempts to overturn the results of the 2020 election citing unfounded claims of voter fraud.

The hackers, who go by the name Cl0p Ransomware, recently posted several gigabytes of data allegedly belonging to Jones Day on a site where they publicize their infringements, Databreaches.net reported.

Feb 16 15:32

Bank of America now acting as government intelligence agency snooping on customer data for feds to identify Capitol rioters

Prior to the Biden regime, the U.S. government had 17 bonafide intelligence agencies spread across the Justice Department, the Department of Homeland Security, the U.S. military and the Intelligence Community. -- But now, it looks like we can add an 18th agency: Bank of America.

Feb 16 10:42

Great News — Activist Post is Google Free!

By Activist Post

Well, it finally happened -- a site-wide ban has been imposed. We can only guess that peace, love and liberty is not the message they were looking for!

It should serve as a cautionary tale to other sites as well, but here is how we are moving forward...

Feb 16 08:04

Cashing in on Covid: Facial Recognition and Thermal Imaging Techs Are Booming at the Cost of Your Privacy

The COVID-19 pandemic has proven to be the biggest gift possible for tyrants all across the globe. From economic power grabs made by corporations and the incineration of basic civil liberties, the ruling class has introduced itself as the arbiters and dictators of virtually all human interaction.

And the surveillance industry has also benefited massively from the pandemic.

For instance, facial recognition technology is being rolled out at an alarmingly fast pace. The tech is more and more exact in its capabilities and no longer handicapped by mask wearing or face coverings. In a report by the Department of Homeland Security released in early January 2021, the department admitted to having conducted tests regarding the efficacy of facial recognition technologies in relation to mask wearers.

Feb 15 11:21

Conversation of the year? Tesla founder Elon Musk asks famously internet-averse Vladimir Putin to join him for ‘Clubhouse’ chat

Elon Musk has asked Russian President Vladimir Putin if he would be interested in chatting with him on the audio-only social media platform Clubhouse, sparking excitement and speculation about the pair’s potential discussion.

On Saturday, the Tesla CEO and world’s current richest man tweeted at the official Twitter handle of the president of Russia, asking, “Would you like to join me for a conversation on Clubhouse?”

Flexing his linguistic skills, Musk added in Russian: “It would be a great honor to speak with you.” However, he didn’t specify which language would be used for the proposed chat. As well as his native tongue, Putin speaks fluent German and reasonably good English.

Feb 15 10:01

ADVANCED A.I. SOFTWARE DEVELOPED FOR “SMART CITIES” WILL CREATE “SPOTLIGHT” ON THE TRACKED SUBJECT

There’s good reason to be concerned about Artificial Intelligence (AI) technology. It’s replacing human jobs (see 1, 2). It’s being used for highly disputed applications (see 1, 2, 3, 4), including often unwarranted surveillance and data collection in “Smart Cities.”

Some cities (New York and New Orleans) have already become “Smart” – maybe yours has too. If your community is installing 5G, it may be for “Smart City” efforts (see 1, 2).

Opposition to “Smart Cities” has been ongoing (see 1, 2, 3). Unfortunately, improved surveillance software has been developed to make tracking citizens even easier.

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA