fbpx
Open post

Net neutrality and the FCC’s use of deceased people’s name

Lately the internet has been abuzz about net neutrality and preventing it from being stolen from us, lest we want to see a degradation in our society. Even knowing this, and having sent the FCC millions of petitions and signatures, the chair of the FCC still ignored the pleas of the masses and voted for tearing down our rights to online access and freedom to roam. Not only did the FCC ignore the masses, but the FCC also decided to revive the dead and use them against us.

 

What is net neutrality? 

First lets quick cover the basis of what net neutrality is. Net neutrality is basically a guiding rule or principle. It preserves our right to roam and communicate freely online, without the interference of those in a higher power position. It is free speech for the internet. This allows us to have access to all forms of information without any bias in the mix, restricting what we see and read and learn. For example, if net neutrality does become history, Fox news could pay to have specific internet providers show news from them, and them alone. This would cause a great tunnel vision in our society, and depending on peoples specific situations, cause a rift in general knowledge and understanding, leading to more chaos separation in our society.

Deceased commentators 

So back to the first paragraph, deceased persons coming to life. On multiple instances, there has been a realization that people who have passed away are somehow posting onto the FCC’s site, tickets that are in favor of getting rid of net neutrality. Family members of these deceased commentators have outright called on the FCC for their immoral and illegal actions, demanding they stop such horrid actions and be taken to court for just desserts.

Comments by the deceased were sometimes word for word, the same as other comments by other deceased persons. This shows the action as being a form of spam. But the issue at hand is that the FCC is using identities of Americans who have died to try and defend their actions by putting words in their mouths and pretending they were still alive.

As a response, the FCC has said that unvetted commentary has lost all forms of power online, and will therefore be dismissed. The only way comments will be considered is if they are cryptographically secure identities, tied to living persons.

The FCC has stated they will not help in the pursuit of those using deceased Americans identities.

Net neutrality is obviously something very important for more than just online surfing, it gives access for students and education, for keeping the world in mind and staying up to date on global events and being able to read both sides and come to ones own conclusions. Net neutrality is so much more than just “the internet” it is a necessity in a world ever growing in technological involvement.

Educated yourself on the issue

Learn about net neutrality, make an educated, well thought out decision on the matter, and then give your comments to the FCC. Here is a helpful link to the FCC’s site where you can submit your comments. http://gofccyourself.com

Open post

Follow up information on the Uber data breach

Earlier today, it was made public the specifics that were stolen during the Uber data breach. Uber gives a more in-depth idea of the information accessed by the hackers, giving customers and drivers a stronger understanding of their vulnerability.

Some U.S. senators have been hounding Uber for more information on their security breach and what it meant for the customers who’s information was involved. Uber had hired an outside cybersecurity firm after the massive data breach, to get some more detailed information on the event. The cybersecurity firm has stated that they found no evidence of any riders’ credit card information, bank account information or social security numbers being downloaded by the two hackers. Uber has however disclosed that in some cases, the hackers had retrieved the location information from the place where people signed up for Uber, as well has some heavily encoded versions of the user passwords.

The company has stated that they have not seen any evidence of account fraud or misuse of data from the breach. As a response to the data breach concealment, there has been two employees who were fired for not “informing the appropriate parties”. The two employees were anonymously contacted by the hackers, being told they had just been breached and demanded payment. Through the tracking of the breach using private cloud data stored on Amazon’s web services, Uber was able to shut down access from the hackers.

The two employee’s agreed to pay the hackers $100,000 so that they would delete the data. Later on, the hackers real identities were identified, and they signed documents saying that all breached data was deleted, ensuring that the information could not be abused. It was disocvered that the hackers first gained access to Uber’s network on Oct. 13th, 2016 and the last use point of contact was on Nov. 15th. 2016.

It is still unclear if a criminal investigation has been started. Uber has since installed a stronger online defense to prevent the same issue from arising again. 

Open post

Data breach at the Department of Social Services

This just in, the department of Social Services credit card system has been breached, as of yesterday. This isn’t something to be thankful for that’s for sure.

8,500 people have received warnings that their personal data held by a contractor has been breached. Past and current employees alike are vulnerable. The breach included employee names, user names, work phone numbers, work email, credit card information, Australian government  service number, public service classification, organisation unit and system passwords. In early November, the department alerted it’s employees to the system breach prior to 2016.

There was not a communication of how long the data was exposed for, however a DSS spokesman said the contractor, business information services, said the data was open from June 2016 until October 2017. The data related to the period 2004-2015.

So far the DSS is putting blame on the third-party providers actions, stating that the breach is in no way a fault of the DSS. Recently stated, the DSS said the data has now been secured, and that there was no evidence of improper use of the departments credit cards. It was stated that the type of information that was stolen can be a strong factor to identity theft, fraud and masquerading, where the attacker is pretending to be an authorized user.

 

Open post

Uber made a Uber mistake

Recently disclosed by Uber was a mishap that affects millions of customers and drivers, but it was swept under the rug, potentially putting millions at a higher risk.

Apparently late 2016, Uber had been hacked, and millions of customers and drivers’ sensitive information had become known to the malicious online hackers. Instead of disclosing this information to the proper channels, Uber instead chose to pay hackers 100,000$ to destroy data on millions of customers and drivers, to hide the incident from victims and authorities.

Attorney generals in at least four U.S. states have launched investigations into the incident. Due to Ubers decision to go against regulations and report the incident, they are now in hot water with their customers and drivers, as well as local governments.

The FTC, which looks into companies who handle sensitive personal information, is now looking into Uber to assess the damage and serious issues that are prevalent in response to the breach.

This issue does not only affect the US, but the UK as well. The UK criticized Uber for it’s lack of communication, preventing UK government to look into the problem and asses the damage for those affected. The UK has a 500,000 pound penalty delivering to Uber for their inability to follow regulations.

The information that was stolen includes email, phone numbers, names, as well as license numbers. An estimated 600,000 drivers license numbers were stolen.

Uber has been tight-lipped with reporters looking for more inquiry about the problem that arose and how it was handled.  Uber executives have been fleeing one by one for one reason or another, involving sexual harassment, data privacy, and business practice. London has pulled Uber’s operating license because of their failure to deal with public safety and security isssues. 

Open post

FCC is pushing out low-income subscribers, because apparently they’re not good enough

Recently made public, is the news arriving about the FCC and their customer base.

The federal Lifeline program that lets low-income people use a 9.25$  monthly household subsidy to buy internet or phone access, is being scaled back due to a recent vote by the FCC. This change comes in response to a new spending cap that basically prevents people who qualify for the subsidies, to actually receive them. It doesn’t stop there, apparently the FCC is going to lengths to ensure resellers- telecom providers that don’t operate on their own infrastructure- from offering a Lifeline service subsidized plan.

Some of the aforementioned changes take place immediately, as for other aspects, the FCC is taking into account public approval first. The FCC has put out a public comment to see what everyone thinks about a potential ban on resellers participating in the program.

This news from the FCC may affect up to 70% of wireless phone users with Lifeline subsidies, which may force them to find new providers. If resellers are excluded from the program, there would be a limitation of other options on the market. This may result in low-income people from finding any provider that will accept Lifeline and essentially forsaking those people and limiting them even more so. So much for a lifeline.

There has also been a change in the eligibility for Tribal residents. The FCC eliminated the 25$ extra subsidy for Tribal residents who live in urban areas. Only in rural areas will the 25$ extra subsidy be available for Tribal residents.

The FCC stated that they took these measures to help prevent fraud and abuse  as well as waste. They also stated that they are beginning to create a new implementation to help ensure minimal abuse and falsification.

When a representative was asked about how many Lifeline subscribers they had talked to before commencing with these changes, their answer was more so an avoidance of the question, rather than a response. 

Open post

Update on the wild Bad Rabbit

Ukraine speaks out on the Bad Rabbit running rampant in Russia, stating that the hackers behind the NotPetya virus were the probable group responsible for the release of Bad Rabbit.

A Ukrainian official stated that the attacks from Bad Rabbit could have been mitigated greatly had organisations followed the recommended methods of malware handling, as well as basics on not clicking on suspicious messages. A prominent characteristic of the Bad Rabbit virus is the coding  and method of approach, which leads to further believing that the same group who released the NotPetya, also released Bad Rabbit.

Thus far, it is believed that the hacker group known as Black Energy are responsible for the NotPetya and Bad Rabbit virus’. This hacker group is a Ukrainian hacker group know to work in favor of Russia.

As of late, Ukraine has been the victim of multiple cyber attacks, having power knocked out in thousands of homes, frozen super market tills, and government computers that were left paralyzed. Ukrainian officials have stated that they think Russia sees the Ukraine as a testing ground for cyber attacks.

The US and Ukraine have been working together to teach comprehensive hacking combat techniques and skills.

Ukrainian officials believe there are many more cyber attacks on the way.

Open post

Ransomeware inbound! Another threat is looming on the web

This year alone, there has already been three large outbreaks involving online security and breaches.

Recently a new ransomware campaign has begun, and the targets have been high profile, for example Russia and Eastern Europe. This new threat has been named Bad Rabbit. The appearance of Bad Rabbit had been a grand event, simultaneously hitting organisations causing those affected to reminisce about the attacks earlier this year, like WannaCry and Petya.

So let’s break down what Bad Rabbit is

  • Russia, Ukraine, Germany, Turkey, Poland, South Korea, have all had reports of Bad Rabbit hoping out of it’s hole and causing a stir.
  • Bad Rabbit sent out file-encrypting malware to at least three media organisations in Russia, while also taking one news agency offline for a time.
  • Other organisations include the Odessa International Airport and Kiev Metro.
  • This far it is thought that 200 targets have been infected, and continue to be causing problems for infected organisations.

Bad Rabbit is a ransomware, which means once your infected, your at the mercy of the host of the hostile program.

  • Once the ransomware is active there is a note that takes up the screen informing the reader that all files are locked out unless payment is received and the acquired password is typed in.
  •  Victims are directed to a Tor payment page, where further instructions lie. The hackers demand payment through bitcoins and give a timer, to enhance the tension, saying the price will rise once the timer reaches zero.
  • The encryption used in the ransomware is called DiskCryptor. DiskCryptor is a open source software that is also legitimate and widely used. Keys are generated using CryptGenRandom and then protected by a hardcoded RSA 2048 public key.

Bad Rabbit takes it’s inspiration from one of the earlier malicious outbreaks known as Petya.

  • There is speculation that this ransomware is an alteration of the Petya dynamic link library. This being said, means there is a strong correlation between Bad Rabbit and Petya in terms of functionality/looks and possibly both stemming from the same group/person.
  • The way Bad Rabbit has spread is through drive-by downloads on hacked websites. A website is hacked and will begin to feature a false flash update that will begin to download if clicked at all.
  • It is estimated that some site have been hacked since June, featuring Bad Rabbits strong presence.

How far does Bad Rabbit go?

  • It’s important to know that Bad Rabbit spreads laterally across networks.
  • This means that Bad Rabbit can propogate without user interaction. So while your counting the timer down, the ransomeware is spreading across infected networks.
  • The ability to spread laterally across networks is due to the list given to Bad Rabbit, that has combinations of simple usernames and passwords which it uses to force itself into networks.

Bad Rabbit may have targets in mind.

  • Researchers have noticed a curious movement of Bad Rabbit, suggesting it has specific locations in mind, rather than indiscriminately infecting. Corporate networks seem to have the most focus, possibly suggesting that corporations are the enemy of the hacker/group.

Last bits of information.

  • There is still no claim as to who is behind this ransomware. Some believe that it’s the same group involved with the Petya virus.
  • Some believe it is not a Russian group due to Russia being under alot of heat from Bad Rabbit, and customarily Eastern Europe cyber-criminals avoid attacking the “Motherland”.
  • The code of Bad Rabbit has references to Game of Thrones.
  • It is possible to protect yourself from becoming infected. A way to prevent the execution of the file is to block ‘c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.’ to help avoid infection at all.

Another day, another hacker, another virus. It’s never too late to up your defenses and avoid the mess of a breached network. 

Open post

WPA2 protocol leaves all access points vulnerable! Including yours!

Recently, some online researchers have discovered a fatal flaw in the WPA2 protocol. This flaw can affect anyone and everyone that is involved with Wi-Fi access.

This flaw allows potential attackers to manipulate vulnerable information such as passwords, e-mails, and other encrypted data, whilst intercepting that information they may also leave ransomware or other malicious content into a website a client is visiting.

The point of weakness is called KRACK, short for Key Reinstallation Attacks. Supposedly the research has been kept under wraps and was designated for disclosure on Monday at 8am.

This point of weakness affects the core WPA2 protocol itself and is highly effective against devices running Android and Linux as well as OpenBSD. To a less extreme measure. it also affects macOS, Windows, and MediaTek Linksys, along with other types of devices. It’s believed that attackers can exploit the flaw to decrypt a cache of data that is normally secured by the ubiquitous Wi-Fi encryption protocol.

The vulnerability allows potential access to credit card numbers, passwords, chat messages, emails, photos among many other possibilities. All modern Wi-Fi protected networks.

The attack functions by forcing the phone/device to reinstall an all-zero encryption key, rather than a real key.  Some may think that visiting only HTTPS-protected pages would solve the issue, however the risk remains due to many sites possibly being improperly configured allowing the forceful action of dropping encrypted HTTPS traffic and instead transmitting unencrypted HTTP data.

Patches have started to be developed for devices at the most risk currently. Thus far Linux patches have been developed but there is no word when they will be released. Some however not all Wi-Fi access points have patches available right now.

There will be an official address on November 1st at the ACM conference on Computer and Communications Security in Dallas. Its believed the address will also be available on krackattack.com’s site.

This could become one of the biggest threats to large corporations and government Wi-Fi networks.

Its advised to abstain from Wi-Fi use until patches are available and instead use a wired connection.

contact use with any questions/concerns about your vulnerability 

Open post

The US is close to separating military-focused Cyber Command from the NSA

The United States after long debate is reportedly moving forward with plants to separate its military focused Cyber Command branch from the National Security Agency. According to the Associated Press, the changes should come within the coming weeks.

Cyber Command has been under the same command as the NSA since 2009. But these two operate in different ways: The NSA focuses on electronic intelligence gathering while Cyber Command focuses on digital warfare. These two roles have caused tension, especially in the battle against ISIS, according to the Associated Press.

cyber command

Replacing Admiral Michael Rogers, who also leads the NSA, would be Army Lt. Gen. William Mayville. He will reportedly be nominated the lead Cyber Command. Leadership of the NSA could be turned over to a civilian.

Last year a plan for the split was sent to President Obama by then-Defense Secretary Ash Carter. It seems now that the Drumpf Administration is going to moving ahead with said plans. Further details are still being worked out.

This seems to be a good thing. Maybe it’s just the beginning of more changes in cyber security at the government level in the near future. We’ve all seen the influx of hacks and ransomware hitting lately. This could be just the beginning.

Open post

Your apps might be tracking you using ultrasonic frequencies

There is a chance your phone has been tossing out ultrasonic tones to be picked up by other devices. Sounds that the human ear cannot pick up but devices can.

The German government hired a research team and they discovered that more than 230 apps on the Androids market hosted by Google, were secretly tracking users through the use of ultrasonic audio. The ultrasonic beacons can help the apps manufactures create intimate profiles on people, and also be able to tie them into your other devices that are communicating with said beacon.

It works like this: Let’s say your at your friends place , and his smart TV uses the beacon, and you are watching your favorite tv show that comes on every week. Let’s also assume that you have the Mcdonalds app on your phone as well. Now, a Mcdonalds commercial comes on the TV.  During this commercial an ultrasonic tone is sent out and picked up by your Mcdonalds app on your phone. Now Mcdonalds knows that your watching what ever show at what ever time. They learn more and more information about you. Now let’s say your friend also has this app. His phone also picks up the ultrasonic tone. Now Mcdonalds knows that you and your friend both watch whatever show every week at this certain time.

Google confirmed to CBS News that they have recently suspended or forced applications that were doing this to be updated to meet the company’s privacy policy. If a company wants to continue doing this research, they have to ask the user if it’s okay to use their phones microphone for said use.

This just goes to show  you that we are not as private as we may think. How many other applications are doing this that haven’t been caught? And to take this a step further, what devices are listening into our conversations with out our knowledge or consent?

Posts navigation

1 2
Scroll to top