Equifax hackers targeted 15.2 million UK records – a lot more than the 400k they originally said

Equifax has admitted that almost double the number of UK customers had their information stolen in a major data breach earlier this year than it originally thought, and that millions more could have had their details compromised.

The credit rating firm said it is contacting nearly 700,000 customers in the UK to alert them that their data had been stolen in the attack, which was revealed in September.

The company originally estimated that the number of people affected in the UK was “fewer than 400,000”.

But on Tuesday night it emerged that cyber criminals had targeted 15.2 million records in the UK. It said 693,665 people could have had their data exposed, including email addresses, passwords, driving license numbers, phone numbers. The stolen data included partial credit card details of less than 15,000 customers.

Hackers potentially compromised a further 14.5 million records that could have contained names and dates of births.

Source: Equifax hackers targeted 15.2 million UK records

Equifax breach included 10 million US driving licenses

10.9 million US driver’s licenses were stolen in the massive breach that Equifax suffered in mid-May, according to a new report by The Wall Street Journal. In addition, WSJ has revealed that the attackers got a hold of 15.2 million UK customers’ records, though only 693,665 among them had enough info in the system for the breach to be a real threat to their privacy. Affected customers provided most of the driver’s licenses on file to verify their identities when they disputed their credit-report information through an Equifax web page. That page was one of the entry points the attackers used to gain entry into the credit reporting agency’s system.

While leaked SSNs and bank details are definitely worse, driver’s licenses contain some info that could make it easier to steal someone’s identity, including people’s height and eye color. A bad player could use the name, address and physical characteristics in those stolen licenses as a verfication for someone else’s identity or to carry out scams in someone else’s name. If you verified your identity using your license through Equifax’s website in the past and want to ensure your security, it’s probably best to get a new license number.

Source: Equifax breach included 10 million US driving licenses

Hackers nick $60m from Taiwanese bank in tailored SWIFT attack

Hackers managed to pinch $60m from the Far Eastern International Bank in Taiwan by infiltrating its computers last week. Now, most of the money has been recovered, and two arrests have been made in connection with the cyber-heist.

On Friday, the bank admitted the cyber-crooks planted malware on its PCs and servers in order to gain access to its SWIFT terminal, which is used to transfer funds between financial institutions across the world.

The malware’s masterminds, we’re told, managed to harvest the credentials needed to commandeer the terminal and drain money out of the bank. By the time staff noticed the weird transactions, $60m had already been wired to banks in the US, Cambodia, and Sri Lanka.
[…]
According to the Taipei Times, the Taiwanese Premier William Lai has thrust a probe into the affair, and has asked the banking sector to investigate. Interpol has already begun its inquiries, and – thanks to security mechanism introduced between banks – all but $500,000 has been recovered.

Two arrests connected to the theft were made in Sri Lanka and, according to the Colombo Gazette, one of them is Shalila Moonesinghe. He’s the head of the state-run Litro Gas company and was cuffed after police allegedly found $1.1m of the Taiwanese funds in his personal bank account. Another suspect is still at large.

Source: Hackers nick $60m from Taiwanese bank in tailored SWIFT attack

If you don’t want Sonos to have your personal data, they will brick your players for you

Sonos’ policy change, outlined by chief legal officer Craig Shelburne, allows the gizmo manufacturer to slurp personal information about each owner, such as email addresses and locations, and system telemetry – collectively referred to as functional data – in order to implement third-party services, specifically voice control through Amazon’s Alexa software, and for its own internal use.

“If you choose not to provide the functional data, you won’t be able to receive software updates,” a Sonos spokesperson explained at the time. “It’s not like if you don’t accept it, we’d be shutting down your device or intentionally bricking it.”

A handful of customers, however, have managed to brick their Sonos speakers by refusing to accept the data harvesting terms accompanying version 7.4+ of the firmware and then subsequently updating their Sonos mobile app to a version out of sync with their legacy firmware.

In an email to The Register, a reader by the name of Dave wrote: “You should know that in the latest update it is now impossible to use the player without updating, effectively bricking my three devices. Numerous attempts to contact Sonos have met with silence on the issue, and the phone number in the app for support is no longer valid.”

Source: Rejecting Sonos’ private data slurp basically bricks bloke’s boombox

Incredible that a company can change the terms of their product so one-sidedly without you having any recourse. And it’s not like these players are cheap!

Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack | why it’s a great idea to entrust personal data to governments (not)

In November 2016, the Australian Signals Directorate (ASD) was alerted by a “partner organisation” that an attacker had gained access to the network of a 50-person aerospace engineering firm that subcontracts to the Department of Defence.

Restricted technical information on the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft, the Joint Direct Attack Munition (JDAM) smart bomb kit, and “a few Australian naval vessels” was among the sensitive data stolen from a small Australian defence contractor in 2016.

The secret information was restricted under the International Traffic in Arms Regulations (ITAR), the US system designed to control the export of defence- and military-related technologies, according to Mitchell Clarke, an incident response manager at the ASD who worked on the case
[…]
The victim’s network was small. One person managed all IT-related functions, and they’d only been in the role for nine months. High staff turnover was typical.

There was no protective DMZ network, no regular patching regime, and a common Local Administrator account password on all servers. Hosts had many internet-facing services.

Access was initially gained by exploiting a 12-month-old vulnerability in the company’s IT Helpdesk Portal, which was mounting the company’s file server using the Domain Administrator account. Lateral movement using those same credentials eventually gave the attacker access to the domain controller and the remote desktop server, and to email and other sensitive information.

“This isn’t uncommon,” Clarke said. “Only about 12 months old, if you look at government, that’s not that out of date, unfortunately.”

The attacker needn’t have bothered with that, however. The ASD’s investigation found that internet-facing services still had their default passwords, admin::admin and guest::guest.

An important aspect of this incident is that a small company, with resources that were clearly inadequate given the sensitivity of the data they held, still managed to obtain and hold ITAR certification.

According to Clarke, an application for ITAR certification is usually only “two or three pages”, and asks only basic questions about organisations’ security posture.

Source: Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack | ZDNet

Companies overlook risks in open source software: compliance and policy

Open source code helps software suppliers to be nimble and build products faster, but a new report reveals hidden software supply chain risks of open source that all software suppliers and IoT manufacturers should know about.
[…]
“We can’t lose sight that open source is indeed a clear win. Ready-to-go code gets products out the door faster, which is important given the lightning pace of the software space,” says Jeff Luszcz, vice president of product management at Flexera. “However, most software engineers don’t track open source use, and most software executives don’t realize there’s a gap and a security/compliance risk.”

Flexera surveyed 400 software suppliers, Internet of Things manufacturers and in-house development teams. It finds only 37 percent of respondents to the survey have an open source acquisition or usage policy, while 63 percent say either their companies either don’t have a policy, or they don’t know if one exists. Worryingly, of the 63 percent who say their companies don’t have an open source acquisition or usage policy, 43 percent say they contribute to open source projects.

There is an issue over who takes charge of open source software too. No one within their company is responsible for open source compliance, or they don’t know who is, according to 39 percent of respondents.

“Open source processes protect products and brand reputation. But, most software and IoT vendors don’t realize there is a problem, so they’re not protecting themselves and their customers,” adds Luszcz. “This endangers the entire software supply chain – for the vendors whose products are exposed to compliance and vulnerability risk. And also for their customers who most likely don’t even know they’re running open source and other third-party software, or that it may contain software vulnerabilities.”

Source: Companies overlook risks in open source software

It’s long beyond time the FOSS community grows up and understands the necessity of compliance to professional corporations. Likewise, these corporations should understand that FOSS is subject to the same compliance and security update policies as their commercial software.

MS Windows 10 suddenly installs an app you never asked for without permission. And no-one knows what it does.

Microsoft’s update servers are pushing out a new Photos Add-on app, with no explanation of what it does. Windows 10 users aren’t taking it well.

Source: Microsoft’s mystery update arouses anger, suspicion among Windows 10 users | ZDNet

4 TOR marketplaces being DDOSed

Four of the world’s key illicit marketplaces—Dream, Tochka, Trade Route, and Wall Street—went down suddenly on Friday. And no one seems to know why.

Now, someone is trying to take the four largest drug marketplaces offline, seemingly by flooding them with a torrent of traffic. These sites offer a mail-order service for pretty much any drug a customer could imagine, from LSD to varieties of heroin. As of at least Friday morning, several marketplaces were inaccessible or could only be visited from backup website addresses, and at the time of publication are still facing problems. It’s not totally clear who is behind the outages, but the downtime has disrupted the dark-web community somewhat.

“We are facing a DDoS attack atm [at the moment] and I guess many other markets as well,” a Reddit moderator for the site dubbed Wall Street, one of the affected marketplaces, told The Daily Beast.

Source: Someone Is Trying to Knock the Dark Web Drug Trade Offline

Dutch privacy regulator says Windows 10 breaks the law: wants MS to inform you how it’s breaching your privacy, not stop it.

The lack of clear information about what Microsoft does with the data that Windows 10 collects prevents consumers from giving their informed consent, says the Dutch Data Protection Authority (DPA). As such, the regulator says that the operating system is breaking the law.

To comply with the law, the DPA says that Microsoft needs to get valid user consent: this means the company must be clearer about what data is collected and how that data is processed. The regulator also complains that the Windows 10 Creators Update doesn’t always respect previously chosen settings about data collection. In the Creators Update, Microsoft introduced new, clearer wording about the data collection—though this language still wasn’t explicit about what was collected and why—and it forced everyone to re-assert their privacy choices through a new settings page. In some situations, though, that page defaulted to the standard Windows options rather than defaulting to the settings previously chosen.

In the Creators Update, Microsoft also explicitly enumerated all the data collected in Windows 10’s “Basic” telemetry setting. However, the company has not done so for the “Full” option, and the Full option remains the default.

The Windows 10 privacy options continue to be a work in progress for Microsoft. The Fall Creators Update, due for release on October 17, makes further changes to the way the operating system and applications collect data and the consent required to do so. Microsoft says that it will work with the DPA to “find appropriate solutions” to ensure that Windows 10 complies with the law. However, in its detailed response to the DPA’s findings, Microsoft disagrees with some of the DPA’s objections. In particular, the company claims that its disclosure surrounding the Full telemetry setting—both in terms of what it collects and why—is sufficient and that users are capable of making informed decisions.

The DPA’s complaint doesn’t call for Microsoft to offer a complete opt out of the telemetry and data collection, instead focusing on ensuring that Windows 10 users know what the operating system and Microsoft are doing with their data. The regulator says that Microsoft wants to “end all violations,” but if the software company fails to do so, it faces sanctions.

Source: Dutch privacy regulator says Windows 10 breaks the law

Note: the DPA is fine with MS collecting your data, as long as you know what data it is you are collecting. For a product you buy, this seems insane to me, which is why I am running Linux Mint on a day to day basis nowadays.

Equifax, TransUnion and 1000 other sites serving malware due to fireclick.js / 3rd party script

Equifax’s website is once again infected, this time with malvertising. Further investigation reveals TransUnion was also targeted.

Source: Malvertising on Equifax, TransUnion tied to third party script

Equifax, TransUnion Websites Served Up Adware, Malware

OnePlus Admits It Was Snooping on OxygenOS Users, Says It Will Tweak Data Collection Program. Current fix still spies on you.

Earlier this month, software engineer Christopher Moore discovered that Shenzen, China-based phone manufacturer OnePlus was secretly collecting a trove of data about users without their consent and communicating it to company servers. Moore had routed his OnePlus 2’s internet traffic through security tool OWASP ZAP for a holiday hack challenge, but noticed his device was regularly transmitting large amounts of data to a server at open.oneplus.net.

According to Moore’s analysis, captured information included his phone’s IMEI and serial number, phone numbers, MAC addresses, mobile network names and IMSI prefixes, and wireless network data. OnePlus was also collecting data on when its users were opening applications and what they were doing in those apps, including Outlook and Slack. With the cat out of the bag, OnePlus admitted to the non-consensual snooping in a post to its customer service forum on Friday, but said the intent of the program was improving user experience on its OxygenOS software.

“The reason we collect some device information is to better provide after-sales support,” OnePlus wrote. “If you opt out of the user experience program, your usage analytics will not be tied to your device information.”

“We’d like to emphasize that at no point have we shared this information with outside parties,” the company added. “The analytics we’re discussing in this post, which we only look at in aggregate, are collected with the intention of improving our product and service offerings.”

According to OnePlus, it will also stop collecting “telephone numbers, MAC Addresses and WiFi information,” and by the end of October, the company will clearly prompt all users on how and why it collects data and provide users with an option to not participate in its “user experience program.”

Multiple users responded by saying their concerns were not resolved, as some of the data collected—like telephone numbers and wireless network information—was of limited use from a support perspective and instead could have been mined for its value to marketers.

As TechCrunch noted, the opt-out provision also does not appear to actually stop the data collection, but simply removes tags linking the data to a specific device. So no matter which way you slice it, this is not a very good situation for OnePlus users to find themselves in. As Moore noted, there are few good options to stop the data collection entirely:

Source: OnePlus Admits It Was Snooping on OxygenOS Users, Says It Will Tweak Data Collection Program

Russia tweaks Telegram with tiny fine for decryption denial

Encrypted messaging app Telegram must pay 800,000 roubles for resisting Russia’s FSB’s demand that it help decrypt user messages.

The fine translates to just under US$14,000, making it less of a serious punishment and more a shot across the bows.
[…]
Telegram founder Pavel Durov has posted to Russian social site VK.com that it’s not possible to comply.

“In addition to the fact that the requirements of the FSB are not technically feasible, they contradict Article 23 of the Constitution of the Russian Federation: ‘Everyone has the right to privacy of correspondence, telephone conversations, postal, telegraphic and other communications,’” he wrote.

He indicated his intention to appeal, and keep doing so “until the claim of the FSB is considered by a judge familiar with the basic law of Russia – its Constitution”

Source: Russia tweaks Telegram with tiny fine for decryption denial

However, does this mean that Telegram is being seen to speak up for privacy whilst in reality it’s not?

KRACK attacks WPA2 – ie all the WiFis

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.

Krackattacks.com

Paramount group acquires 4 French dual seat Mirage F-1 fighters for agressor training

Paramount Aerospace Systems has been in negotiation with the French Government to acquire four Dual-Seater Mirage F1s. These aircraft are compatible with the existing fleet of Mirage F1 aircraft that was acquired by Paramount group from the South African Government.

The Company has extensive capability on this aircraft type with full airframe and engine overhaul capability, as well as the ability to upgrade, modernise avionics and mission systems.

Brian Greyling, CEO of Paramount Aerospace Systems said: “One of the most important trends in today’s military aviation market is the increasing utilisation of legacy aircraft for adversary training by air forces. The new acquisition of the Mirage F1 aircraft will inject additional ‘top gun’ capability into Paramount Group’s advanced pilot training programmes. Paramount Aerospace Systems is now recognised as the only privately-owned aerospace company in the world that is capable of offering military type aircraft training from ab initio to supersonic fighter capability.”

Paramount group

Disqus discovers its comments tool was hacked in 2012. 17.5m accounts involved, 2/3rds without passwords.

Disqus has confirmed its web commenting system was hacked.

The company, which builds and provides a web-based comment plugin for news websites, said Friday that hackers stole more than 17.5 million email addresses in a data breach in July 2012.

About a third of those accounts contained passwords, salted and hashed using the weak SHA-1 algorithm, which has largely been deprecated in recent years in favor of stronger password scramblers. The data also contained sign-up dates and the date of the last login.

Some of the exposed user information dates back to 2007.

Many of the accounts don’t have passwords because they signed up to the commenting tool using a third-party service, like Facebook or Google.

The theft was only discovered this week after the database was sent to Troy Hunt, who runs data breach notification service Have I Been Pwned, who then informed Disqus of the breach.

The company said in a blog post, posted less than a day after Hunt’s private disclosure, that although there was no evidence of unauthorized logins, affected users will be emailed about the breach.

Users whose passwords were exposed will have their passwords force-reset.

The company warned users who have used their Disqus password on other sites to change the password on those accounts

Source: Disqus reveals its comments tool was hacked

These guys obviously have a well thought out CERT in place. Unlike many others.

Dutch defence minister and top general step down for munition problem out of their control. How is this taking responsibility?

Due to an accident caused by a mortar exploding within the launch tube, both the Dutch minister of Defence, Jeanine Hennis-Plasschaert, and commander of the armed forces, Tom Middendorp have both fallen on their swords.

The incident involved the sloppy purchasing of a mortar grenade in 2006 (expedited for the Afghan war), which led to it being used in an unsafe manner. Rapport here

Both people stepping down were obviously nowhere near this purchase in 2006. It was also not their fault that the Ministry of Defence has been woefully underfunded for years. However political responsibility requires that they step down? I don’t really understand this.

The fact is that in a cabinet with jokers, the minister was doing a good job and the only minister in the NL who understands fully the necessity of broad co-operation – not only with NATO – but within the EU. Tom Middendorp is respected by his coalition partners. The Netherlands is losing two good people for political expediency. It’s a waste.

BLE is weak and can be used to map and hack sex toys, hearing aids. The rise of screwdriving

Using your favourite BLE sniffing hardware (we used a Bluefruit but an Ubertooth is just as great) you can visualise the BLE packets in Wireshark.

In this case we can see the app has caused the Hush to start vibrating when the handle 0x000e has “Vibrate:5” written to it.
We can also start to replay commands from within Kali, so no smartphone app is required.
BLE devices also advertise themselves for discovery, which anyone can find, in this case the Hush calls itself LVS-Z001 – this is the same across all Hush devices we’ve looked at, so it’s like a unique fingerprint.
Note that there is no PIN or password protection, or the PIN is static and generic (0000 / 1234 etc) on these devices. This isn’t a problem just with the Hush, we’ve found the same problem in the following:

Kiiroo Fleshlight
Lelo
Lovense Nora and Max

In fact, we’ve found this issue in every Bluetooth adult toy we’ve looked at!

The challenge is the lack of a UI to enter a classic Bluetooth pairing PIN. Where do you put a UI on a butt plug, after all?

The only protection you have is that BLE devices will generally only pair with one device at a time, but range is limited and if the user walks out of range of their smartphone or the phone battery dies, the adult toy will become available for others to connect to without any authentication.

[…]
It’s important at this point to say that we’ve not set out to kink-shame anyone for their use of these devices: adult toys appeal to a huge spectrum of people and their ubiquity allows people to enjoy a sex-positive life, however we think that these same people should be able to use them without fear of compromise or injury. Talking about these issues will hopefully lead the industry to improve the security of its toys.

Having an adult toy unexpectedly start vibrating could cause a great deal of embarrassment.
[…]
I managed to find them [hearing aids] broadcasting whilst we were having lunch one day. They have BLE in them to allow you to play back music, but also control and adjust their settings (like if you’re in a noisy restaurant or a concert hall). These things cost £3500 and need to be programmed by an audiologist so not only could an attacker damage or deprive someone of their hearing, but it’s going to cost them to get it fixed.

Azure fell over for 7 hours in Europe because someone accidentally set off the fire extinguishers

During a routine periodic fire suppression system maintenance, an unexpected release of inert fire suppression agent occurred. When suppression was triggered, it initiated the automatic shutdown of Air Handler Units (AHU) as designed for containment and safety. While conditions in the data center were being reaffirmed and AHUs were being restarted, the ambient temperature in isolated areas of the impacted suppression zone rose above normal operational parameters. Some systems in the impacted zone performed auto shutdowns or reboots triggered by internal thermal health monitoring to prevent overheating of those systems.
[…]
However, some of the overheated servers and storage systems “did not shutdown in a controlled manner,” and it took a while to bring them back online.

As a result, virtual machines were axed to avoid any data corruption by keeping them alive. Azure Backup vaults were not available, and this caused backup and restore operation failures. Azure Site Recovery lost failover ability and HDInsight, Azure Scheduler and Functions dropped jobs as their storage systems went offline.

Azure Monitor and Data Factory showed serious latency and errors in pipelines, Azure Stream Analytics jobs stopped processing input and producing output, albeit only for a few minutes, and Azure Media Services saw failures and latency issues for streaming requests, uploads, and encoding.

Source: Azure fell over for 7 hours in Europe because someone accidentally set off the fire extinguishers

ouch cloud!

Many Protostellar and cometary detections of organohalogens: probably not alien in origin.

Organohalogens, a class of molecules that contain at least one halogen atom bonded to carbon, are abundant on the Earth where they are mainly produced through industrial and biological processes1. Consequently, they have been proposed as biomarkers in the search for life on exoplanets2. Simple halogen hydrides have been detected in interstellar sources and in comets, but the presence and possible incorporation of more complex halogen-containing molecules such as organohalogens into planet-forming regions is uncertain3,4. Here we report the interstellar detection of two isotopologues of the organohalogen CH3Cl and put some constraints on CH3F in the gas surrounding the low-mass protostar IRAS 16293–2422, using the Atacama Large Millimeter/submillimeter Array (ALMA). We also find CH3Cl in the coma of comet 67P/Churyumov–Gerasimenko (67P/C-G) by using the Rosetta Orbiter Spectrometer for Ion and Neutral Analysis (ROSINA) instrument. The detections reveal an efficient pre-planetary formation pathway of organohalogens. Cometary impacts may deliver these species to young planets and should thus be included as a potential abiotical production source when interpreting future organohalogen detections in atmospheres of rocky planets.

Organohalogens are well known for their use in industry and for their detrimental effect on the ozone layer1. Some organohalogens are also produced naturally5, through different geological and biological processes. Because of their relationship to biology and industry on Earth, organohalogens have been proposed as biomarkers on other planets2,6,7. Methyl chloride (CH3Cl), the most abundant organohalogen in the Earth’s atmosphere, has both natural and synthetic production pathways. Its total production rate approaches 3 megatonnes per year, with most originating from biological processes8. Recent observations of Cl-bearing organic molecules, including methyl chloride, on Mars by the rover Curiosity, has challenged a straightforward connection between organohalides and biology; one proposed source of Cl-bearing organic molecules on Mars is meteoritic impacts9,10. This naturally raises the question of whether circumstellar and interstellar environments can produce organohalogens abiotically, and, if so, in what amounts

Source: Protostellar and cometary detections of organohalogens

ieit turns out that these co,pounds are fairly common in space and so probably don’t mean they come from alein beings, as previously thought.

Equifax breach: 2.5m US citizens larger than thought. A timeline.

Equifax said late Monday that an outside review determined about 2.5 million additional U.S. consumers were potentially impacted, for a revised total of 145.5 million.

The company said the review also found that just 8,000 Canadian citizens were impacted, rather than up to 100,000 Canadians, as previously announced.

Equifax was alerted to the breach by the U.S. Homeland Security Department on March 9, Smith said in the testimony, but it was not patched.
Related Coverage

On March 15, Equifax’s information security department ran scans that should have identified any systems that were vulnerable to the software issue but did not, the testimony said.

As a result, “the vulnerability remained in an Equifax web application much longer than it should have,” Smith said. “It was this unpatched vulnerability that allowed hackers to access personal identifying information.”

In his testimony, Smith said it appears the first date hackers accessed sensitive information may have been on May 13. He said “between May 13 and July 30, there is evidence to suggest that the attacker(s) continued to access sensitive information.”

Smith said security personnel noticed suspicious activity on July 29 and disabled the web application on July 30, ending the hacking. He said he was alerted the following day, but was not aware of the scope of the stolen data.

On Aug. 2, the company alerted the FBI and retained a law firm and consulting firm to provide advice. Smith notified the board’s lead director on Aug. 22.

Source: Equifax failed to patch security vulnerability in March: former CEO

Amateur Radio Hams get Satellite from the US to run BBS on

FalconSAT-3 was built in 2005 and 2006 by cadets and faculty in the Space Systems Research Center at the US Air Force Academy in Colorado Springs, CO.

In amateur service the downlink is at 435.103 MHz transmitting 1W into a ¼ whip that extends from a corner of the satellite near the Lightband separation ring. The uplink is at 145.840 MHz and the receive antenna is a ¼ whip on the opposite side of the satellite near the S-band antennas. All UHF and S-band equipment on NTIA licensed frequencies has been disabled. The ARS VHF receiver is very sensitive. Modulation is 9600 bps GMSK for the uplink and downlink. The broadcast callsign is PFS3-11, and the BBS callsign is PFS3-12, Unproto APRS via PFS3-1.

The core avionics were designed and built Mark, N4TPY, and Dino, KC4YMG at SpaceQuest and have performed remarkably well for 10 years on orbit. Jim, WD0E, was the lead engineer for FalconSAT-3 at the AFA and managed the design, construction, testing and early operations of the satellite. Inquiries about current operations should be directed to AMSAT VP Operations Drew Glasbrenner, KO4MA (ko4ma@amsat.org)

Amsat Falconsat 3 page

Kalashnikov Unveils Flying ‘Hovercycle’

A Russian defense manufacturer named after the inventor of the AK-47 showed off its “flying car” to company officials and the Internet. The “car,” which has sixteen sets of rotors, could have military applications down the road including scouting, communications, and other tasks.

The unnamed vehicle was demonstrated Monday by officials at Kalashnikov Concern, part of the Russian defense giant Rostec and named after AK-47 designer M.T. Kalashnikov. The company develops and manufactures a wide variety of military small arms, from modernized versions of the AK-47 in service with the Russian military today to sniper rifles and guided artillery rounds.
[…]
The new vehicle, dubbed a “flying car” by the Russian media, has eights pairs of rotors that provide lift. The vehicle has a skeletal metal frame and is controlled by a pair of joysticks.

A video released by Kalashnikov shows there is surprisingly little to the “car”—there is no gasoline or diesel engine. Two banks of what appear to be batteries are located under the rider and likely provide electricity to the eight pairs of rotors. A shell or chassis is shown superimposed over the vehicle at the end.

Source: Kalashnikov Unveils Flying ‘Hovercycle’

Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy ‘login details leaked’

Yes, that’s Gartner’s security consultancy of the year
[…]
On Tuesday, what seemed to be a collection of Deloitte’s corporate VPN passwords, user names, and operational details were found lurking within a public-facing GitHub-hosted repository. These have since been removed in the past hour or so. In addition, it appears that a Deloitte employee uploaded company proxy login credentials to his public Google+ page. The information was up there for over six months – and was removed in the past few minutes.
[…]
On top of these potential leaks of corporate login details, Deloitte has loads of internal and potentially critical systems unnecessarily facing the public internet with remote-desktop access enabled. All of this gear should be behind a firewall and/or with two-factor authentication as per industry best practices. And likely the best practices Deloitte recommends to its clients, ironically.

“Just in the last day I’ve found 7,000 to 12,000 open hosts for the firm spread across the globe,” security researcher Dan Tentler, founder of Phobos Group, told The Register today. “We’re talking dozens of business units around the planet with dozens of IT departments showing very different aptitude levels. The phrase ‘truly exploitable’ comes to mind.”

For example, he found a Deloitte-owned Windows Server 2012 R2 box in South Africa with RDP wide open, acting as what appears to be an Active Directory server – a crucial apex of a Microsoft-powered network – and with, worryingly, security updates still pending installation. Other cases show IT departments using outdated software, and numerous other security failings.

Source: Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy ‘login details leaked’

Ouch

Broadcom SoC allow remote code execution in many wifi equiped phones, routers

Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS.
[…]
However, since the “Channel Number” field is not validated, an attacker can arbitrarily provide a large value. While the maximal allowed channel number is 0xE0, by providing a larger value (such as 0xFF), the function above will increment a 16-bit word beyond the bounds of the heap-allocated buffer, thereby performing an OOB write. Note that the same insufficient validation is also present in the internal function 0xAC07C.

I’ve been able to verify that this code path exists on various different firmware versions, including those present on the iPhone 7 and Galaxy S7 Edge.

Broadcom: OOB write when handling 802.11k Neighbor Report Response

comes with iphone PoC

Artificial intelligence just made guessing your password a whole lot easier

Scientists have harnessed the power of artificial intelligence (AI) to create a program that, combined with existing tools, figured more than a quarter of the passwords from a set of more than 43 million LinkedIn profiles. Yet the researchers say the technology may also be used to beat baddies at their own game.
[…]
The Stevens team created a GAN it called PassGAN and compared it with two versions of hashCat and one version of John the Ripper. The scientists fed each tool tens of millions of leaked passwords from a gaming site called RockYou, and asked them to generate hundreds of millions of new passwords on their own. Then they counted how many of these new passwords matched a set of leaked passwords from LinkedIn, as a measure of how successful they’d be at cracking them.

On its own, PassGAN generated 12% of the passwords in the LinkedIn set, whereas its three competitors generated between 6% and 23%. But the best performance came from combining PassGAN and hashCat. Together, they were able to crack 27% of passwords in the LinkedIn set, the researchers reported this month in a draft paper posted on arXiv. Even failed passwords from PassGAN seemed pretty realistic: saddracula, santazone, coolarse18.

Source: Artificial intelligence just made guessing your password a whole lot easier

 
Skip to toolbar