Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#hacking’

pp

Drone-hacking cybersecurity boot camp launched in UK

November 3, 2016

Budding cyberspies will learn how to hack into drones and crack codes at a new cybersecurity boot camp backed by the government.
Matt Hancock, the minister for digital and culture, said students would gain the skills needed to “fight cyber-attacks” and help keep the UK safe.
The 10-week course has been “certified” by UK spy agency GCHQ.
But some security experts raised questions about the need for the course and the intent behind it.
“If I were a company, I would not hire security consultants who had been approved by GCHQ,” said Prof Ross Anderson, who leads the security group at Cambridge University’s Computer Laboratory.
“I would simply not be able trust them. GCHQ’s goal is that no-one should be able to shield themselves from surveillance, ever,” he told the BBC.
‘Skills gap’
The Cyber Retraining Academy will be operated by cybersecurity training firm Sans Institute. It will be funded as part of the government’s £1.9bn National Cybersecurity Strategy.
Sans Institute said “leading cybersecurity employers” would be able to track students’ performance throughout the course, with a view to recruiting talented individuals.
Would-be recruits must pass a series of competency tests to be considered for the boot camp, including a multiple-choice quiz before they can even submit an application.
The successful 50 candidates will attend the academy in London in 2017, and will receive two years of training condensed into 10 weeks.
Rik Ferguson of cybersecurity firm Trend Micro said the scheme could help people learn the skills to “hit the ground running” in a security-related role, but questioned why the scheme was needed.
“Employers often complain about the ‘cybersecurity skills gap’ – a gap that I would argue doesn’t exist,” he told the BBC.
“The problem is rather that employers are not looking beyond very narrowly specified certifications or degree courses in security-related subjects.
“If advertising a cyber-retraining programme as ‘drone hacking’ is going to get individuals with the right character and curiosity applying for this course, then it can only be a good thing.
“But obviously it takes more than 10 weeks, however intense, to create a well-rounded security professional.”

Tags: , , , ,

Unlock-iPhone

Ethereum to Add Zcash Privacy, Says Vitalik Buterin

October 31, 2016

The power of smart contracts may be combined with absolute privacy according to a new statement by Ethereum’s founder, Vitalik Buterin.

“[Z]ero knowledge proofs are on ethereum’s roadmap and have been for over two months.” – Buterin publicly stated yesterday, before adding in a short interview for CCN that, realistically, it would take around four months to one year for Zec like privacy to be added to ethereum.

A fully private ethereum raises the prospects of a solution to one seemingly intractable blockchain problem: how do you transact privately as far as the world is concerned, while at the same time revealing to whoever you wish the exact transactions you are undertaking. Zooko Wilcox, Zcash founder and a participant in the now famous mailing list thread discussion where Nakamoto made his first public announcement, stated during a devcon2 presentation titled Zcash + Ethereum = Love, that in the past four years or so, researchers have made a discovery that allows one to transact completely privately while, at the same time, allowing others to see their transaction if they so choose.

This discovery was not available to Nakamoto, Zooko stated, therefore he was unable to use it, but now, through mathematical advancements made by researchers currently working on Zcash, it is very much possible to not only allow validators, aka miners, to be certain a transaction is valid according to stated network rules, without knowing anything about the transaction, but to also, at the same time, allow potential employees, regulators, specific customers, or anyone else, to see, and therefore be able to verify, any undertaken transaction while prohibiting all others, in any way, from gaining any information whatever, about the exchange.

Zcash, therefore, instead of providing solely anonymity, gives us a mechanism to solve a very serious problem. That is, it allows us all to use the public blockchain by not revealing anything while, at the same time, revealing everything in a way that makes it impossible to corrupt the data, to those who need to know what must, necessarily, be revealed.

In combination with smart contracts, this technology can become very powerful, allowing for incremental improvement of our current infrastructure in a way that may profoundly increase our productivity, efficiency and well-being.

This is a sentiment echoed by Buterin who stated:

“[C]ombining blockchain tech and strong privacy may well be one of the next major frontiers in secure application development.”

Privacy Down, Scalability and Usability to Go

The only problem now left is scalability, and, of course, usability. Z-knowledge proofs, the high maths that makes all this wizardry possible, use much memory and ram. Some, therefore, suggest that for ethereum this new invention should be used at a contract/project level, rather than at the protocol level itself, some otherwise.

In addressing scalability, Buterin stated that : zero knowledge proof transactions do take longer than ordinary transactions to process, “so you won’t be seeing 15 zkp transactions per second the way we do with regular ones (though if our VM improvements are good enough you may well; hard to tell at this point).” In further indicating a preference for both approaches – incorporation at the contract and protocol level – Buterin stated that “we need some precompiles for optimization.”

Regardless of whatever coders decide, ethereum’s sharding solution, whereby certain nodes validate only some transactions, creating a complex web which amounts to, effectively, all nodes validating all transactions, goes a long way towards addressing any scalability concerns. Work, therefore, has already began towards incorporating Zec like privacy on eth’s smart contracts with the skeleton code for a project Zec on Eth launched during this summer.

Furthermore, Zooko stated in his presentation that there may be a zec relay for ethereum, indicating a close collaboration between eth and zec developers. The world may, therefore, see a potent force in the combined brain power of these two grounded men: Zooko Wilcox and Vitalik Buterin.

Tags: , , , ,

investment-banking-101

Hackers Are Trying to Hold a Los Angeles Investment Bank to Ransom

September 28, 2016

Hackers have stolen apparent internal documents from a Californian investment bank and published them online, likely in an effort to extort money from the victim company.
The hacker or hackers, who call themselves The Dark Overlord, recently tried to extort a series of health care organisations into paying hefty ransoms. This most recent target, however, is WestPark Capital, based in Los Angeles.
“WestPark Capital is a ‘full service investment banking and securities brokerage firm’ whose CEO, Richard Rappaport, spat in our face after making our signature and quite frankly, handsome, business proposal and so our hand has been forced,” The Dark Overlord wrote on Pastebin on Sunday.
Along with their statement, The Dark Overlord provided a link to several stolen files from the investment firm. They include non-disclosure agreements, internal presentations, reports, contracts, and more. In all, just under 20 files have been released.
“We made a handsome proposal to Mr. Rappaport that would involve us withholding this news. However, Mr. Rappaport chose to not cooperate with us in what could have been a very clean and quiet business opportunity for himself,” a spokesperson for The Dark Overlord told Motherboard in an online chat.
The Dark Overlord first appeared in June, when they advertised a slew of alleged medical organisation records on the dark web, before following up with 9 million supposed health care insurance details. The general strategy wasn’t to actually sell the data, but to intimidate the victim into paying a ransom. In return, the hackers wouldn’t release the company’s records.
Although the spokesperson wouldn’t explicitly say this was the same approach in this case, they did say that, “We are open and available for further communications with Mr. Rappaport if he chooses to mitigate what may be to come.”

Tags: , , , , ,

screen-shot-2015-02-05-at-3-44-09-pm-100567029-primary-idge-100573576-primary-idge-100574407-large-idge-100650434-primary-idge

Hackers Take Control of a Moving Tesla’s Brakes at a 12 miles distance.

September 26, 2016

Now that cars such as Tesla’s are increasingly high-tech and connected to the internet, cybersecurity has become as big an issue as traditional safety features, and Chinese researchers were able to interfere with the car’s brakes, door locks and other electronic features, demonstrating an attack that could cause havoc.

Three months since the first fatal crash involving a Tesla driving in autopilot mode, hackers have taken remote control of a Tesla Model S from a distance of 12 miles, interfering with the car’s brakes, door locks, dashboard computer screen and other electronically controlled features in the high-tech car.
A team of Chinese security researchers – Samuel LV, Sen Nie, Ling Liu and Wen Lu from Keen Security Lab – were able to target the car wirelessly and remotely in an attack that could cause havoc for any Tesla driver.
The hack targeted the car’s controller area network, or Can bus, the collection of connected computers found inside every modern vehicle that control everything from its indicators to its brakes. In a video demonstrating the vulnerability, the hackers targeted both the Tesla Model S P85 and Model 75D, although they said it would work on other models too.
Three months since the first fatal crash involving a Tesla driving in autopilot mode, hackers have taken remote control of a Tesla Model S from a distance of 12 miles, interfering with the car’s brakes, door locks, dashboard computer screen and other electronically controlled features in the high-tech car.
A team of Chinese security researchers – Samuel LV, Sen Nie, Ling Liu and Wen Lu from Keen Security Lab – were able to target the car wirelessly and remotely in an attack that could cause havoc for any Tesla driver.
The hack targeted the car’s controller area network, or Can bus, the collection of connected computers found inside every modern vehicle that control everything from its indicators to its brakes. In a video demonstrating the vulnerability, the hackers targeted both the Tesla Model S P85 and Model 75D, although they said it would work on other models too.
The researchers acted responsibly in disclosing the vulnerabilities they had discovered to Tesla, and the company created a software update that it delivered over-the-air.
Tesla said of the vulnerability: “The issue demonstrated is only triggered when the web browser is used, and also required the car to be physically near to and connected to a malicious Wi-Fi hotspot. Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly.”
The hackers said in a blogpost that it “appreciates the proactive attitude and efforts” of Tesla’s security team on fixing the problems efficiently.
This is not the first time that Tesla has been hacked. A group of researchers at the University of South Carolina were able to fool the Tesla Model S’s autopilot system into perceiving objects where none existed or in other cases to miss a real object in Tesla’s path.
Now that cars are increasingly high-tech and connected to the internet, cybersecurity has become as big an issue as more traditional safety features.
Tesla is known for its commitment to this challenge and has hired dozens of security researchers to test its cars. The company also runs a bug bounty program, which invites other hackers to point out vulnerabilities – as happened with Keen Security Lab – in return for cash prizes.

Tags: , , , , , , , ,

shutterstock_104336624

Ransomware Targets UK Hospitals, But NHS Won’t Pay Up

August 31, 2016

Ransomware has caused massive headaches for hospitals. In February of this year, at least a dozen hospitals around the world had been seriously infected with malware demanding cash to retrieve their files. Some even resorted to pen-and-paper systems, and others gave the hackers over $10,000 worth of bitcoin to unlock their systems.
But judging by responses to Freedom of Information requests, UK hospitals are not paying hackers when ransomware strikes.
Motherboard asked National Health Service (NHS) trusts for details on attack figures and payments stretching back to January 2012. Many had been successfully hacked at some point (although on a limited scale, infecting only a small number of computers). Another piece of research carried out by cybersecurity company NCC Group found nearly half of 60 NHS Trusts suffered a ransomware attack in the last year.
All of the hospitals that said they had been successfully infected with ransomware said they had not paid the attackers
But successful infections are not necessarily the most important thing here. Successful payments are: a ransomware operator gets nothing for their time and effort if the victim doesn’t cough up the bitcoin. If a hospital hasn’t paid a hacker, presumably it has managed to protect patient or other files from permanent loss.
That’s exactly what many of the hospitals contacted by Motherboard did. All of the hospitals that said they had been successfully infected with ransomware said they had not paid the attackers.
The East and North Hertfordshire NHS Trust said it had faced two successful infections of “Crypto Locker,” a particularly popular form of ransomware. “In both cases for the Trust, we did not pay the ransom, we simply recovered the data from an internal backup,” Freedom of Information Officer Jude Archer wrote in her response. “We backup all Trust data each and every day. I can confirm that there is no evidence the data that was encrypted [by the ransomware] was copied or moved off site at any time.”
The Health and Social Care Information Centre (HSCIC) had the same strategy, and added that it has a policy of not paying attackers.
“According to records HSCIC has been infected with ransomware on 3 occasions since January 2012, in every instance HSCIC has been prepared for this eventuality and has been able to contain and eradicated the ransomware infection and restore all affected systems and files from full backups, without any breaches to patient data or disruptions to the delivery of patient care,” Information Governance Advisor Graeme Holmes wrote in his response.
The NHS may have a decent track record of not paying hackers, but clearly there is still money to be made elsewhere: Earlier this month, researchers from FireEye spotted an uptick in the number of Locky infections hitting US-based hospitals.

Tags: , , , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more
privacy-coins-and-bitcoin-dominance-guide
9 Important Privacy Settings for Windows 10
June 3, 2019

Matt Powell On Jun 3, 2019 At first glance, the Digital Age may seem like a wonderful thing. And ...

Read more
apple
Apple exec dismisses Google CEO’s criticism over turning privacy into a ‘luxury good’
May 29, 2019

By Jacob Kastrenakes@jake_k May 27, 2019, 12:18pm EDT Apple’s software chief, Craig Federigh...

Read more
telegram-3m
Your Privacy Is Our Business
April 30, 2019

Let us reassure you: You’re worried only because you don’t understand anything about anything. ...

Read more