Posts Tagged ‘security’

WikiLeaks Shows How the CIA Can Hack a Mac’s Hidden Code

March 25, 2017

WikiLeaks Shows How the CIA Can Hack a Mac
https://www.wired.com/2017/03/wikileaks-shows-cia-can-hack-macs-hidden-code/ Modifying the firmware of Thunderbolt adapters to make spyware implanters

QT:{{”
“The CIA’s documents describe a series of tools that agents can use to install “implants” on target machines, capable of silently monitoring everything that occurs within its operating system and transmitting it to a remote operator. One manual explains how to modify the firmware of a standard Apple Thunderbolt-to-ethernet adapter, turniing it into an spyware-planting tool the CIA calls “Sonic Screwdriver.” When plugged in, the altered adapter can trick a Mac into thinking it’s booting its operating from a spoofed network source that the adapter impersonates, allowing tweaks to its firmware even in the rare cases when the user has set a password for any changes to that deep-seated code.”
“}}

The Demon Voice That Can Control Your Smartphone

January 30, 2017

The Demon Voice That Can Control Your…phone
https://www.theatlantic.com/technology/archive/2017/01/the-demon-voice-that-can-talk-to-your-smartphone/513743 Verbal malware: Yell into a crowd, “Hey #Siri, text mom, I’m pregnant”

QT:{{”

“Here’s a fun experiment: Next time you’re on a crowded bus, loudly announce, “Hey Siri! Text mom, ‘I’m pregnant.’” Chances are you’ll get some horrified looks as your voice awakens iPhones in nearby commuters’ pockets and bags. They’ll dive for their phones to cancel your command.

But what if there was a way to talk to phones with sounds other than words? Unless the phones’ owners were prompted for confirmation—and realized what was going on in time to intervene—they’d have no idea that”
“}}

The Demon Voice That Can Control Your Smartphone

January 30, 2017

The Demon Voice That Can Control Your…phone
https://www.theatlantic.com/technology/archive/2017/01/the-demon-voice-that-can-talk-to-your-smartphone/513743 Verbal malware: Yell into a crowd, “Hey #Siri, text mom, I’m pregnant”

QT:{{”

“Here’s a fun experiment: Next time you’re on a crowded bus, loudly announce, “Hey Siri! Text mom, ‘I’m pregnant.’” Chances are you’ll get some horrified looks as your voice awakens iPhones in nearby commuters’ pockets and bags. They’ll dive for their phones to cancel your command.

But what if there was a way to talk to phones with sounds other than words? Unless the phones’ owners were prompted for confirmation—and realized what was going on in time to intervene—they’d have no idea that”
“}}

Yahoo discloses hack of 1 billion accounts

January 10, 2017

Yahoo discloses #hack of 1 billion accounts
http://social.techcrunch.com/2016/12/14/yahoo-discloses-hack-of-1-billion-accounts/ Seems the scale of this affects a large fraction of all Internet users

Have I been pwned? Check if your email has been compromised in a data breach

November 3, 2016

https://haveibeenpwned.com/

Inside macOS Sierra: Apple’s Optimized Storage and management features – Mac OS X Discussions on AppleInsider Forums

October 17, 2016

Inside…Sierra: $AAPL’s Optimized Storage
http://forums.appleinsider.com/discussion/196115/inside-macos-sierra-apples-optimized-storage-and-management-features Strong filesystem-icloud integration. Maybe good but also heavy handed

QT:{{”

“paxman said:
I am curious though, what do you mean by a very secure iCloud account? Do you just mean that you use two step verification and ‘difficult’ password? or is there something more?
Extremely strong password becaue it’s an internet-facing account that hold so much personal data
Password unique to that account
2FA
Notifcations of access attempts (if that’s possible to set up. I forget) Answers to personal questinons and birthday purposely inaccurate (in other words, the questions are a key to the get the correct answer generated randomly)”
“}}

Yahoo Says Hackers Stole Data on 500 Million Users in 2014 – The New York Times

September 25, 2016

Yahoo Says Hackers Stole Data on 500M in ’14
http://www.nytimes.com/2016/09/23/technology/yahoo-hackers.html I haven’t yet received notice from @Yahoo to change my passwd. Why?

Also:
https://www.ft.com/content/266aa154-8165-11e6-8e50-8ec15fb462f4

Bitcoin Rival Ethereum Gains Traction – WSJ

July 4, 2016

#Bitcoin Rival Ethereum Gains Traction…. but suffers $55m theft due to hacked code. Wow!
http://www.wsj.com/articles/bitcoin-rival-ether-gains-traction-1466461279

NCBI retiring HapMap Resource

July 1, 2016

Worrisome in rel. to #reproducibleresearch & maintaining secure resources https://twitter.com/adamauton/status/745304911483535360 … #saveHapMap Cf http://papers.gersteinlab.org/papers/security

@adamauton: Even as a @1000genomes advocate, this is not cool: http://www.ncbi.nlm.nih.gov/variation/news/NCBI_retiring_HapMap/ #saveHapMap

http://www.ncbi.nlm.nih.gov/variation/news/NCBI_retiring_HapMap/

Google Search Technique Aided N.Y. Dam Hacker in Iran

April 10, 2016

Google Search Technique Aided NY Dam Hacker in Iran
http://www.wsj.com/articles/google-search-technique-aided-n-y-dam-hacker-in-iran-1459122543 Appears to be ‘#Google dorking,’ using operators like inurl: