Next Page: 10000

          Nach Bränden Zeugen gesucht (mit Bild)      Cache   Translate Page   Web Page Cache   
Am Dienstagabend kam es in Heimenhofen und Buchackern zu Bränden von Holzhaufen. Die Kantonspolizei Thurgau sucht Zeugen.
          Samsung Galaxy S7 phones vulnerable to hacking      Cache   Translate Page   Web Page Cache   
Samsung's Galaxy S7 smartphones are vulnerable to a microchip flaw uncovered earlier this year called Meltdown, putting tens of millions of devices at risk of cyber attacks by hackers looking to spy on their users, researchers told Reuters.

          Government-backed research suggests millions of smartphones have built-in security flaws - BGR      Cache   Translate Page   Web Page Cache   

BGR

Government-backed research suggests millions of smartphones have built-in security flaws
BGR
Well, this is comforting. Researchers funded by the Dept. of Homeland Security have found security vulnerabilities built into smartphones at the device level, vulnerabilities that reportedly exist across devices offered by the four leading U.S. cell ...
DHS-Funded Research Reveals Mobile Flaws Affecting MillionsAndroid Headlines
DHS warns of vulnerabilities in millions of smartphonesTechSpot
Dept of Homeland Security discovers security flaws in millions of US smartphones9to5Mac
fifthdomain.com
all 14 news articles »

          The chip maker for the iPhone will lose $ 250 million due to the WannaCry virus      Cache   Translate Page   Web Page Cache   

More than a year ago, thousands of computers around the world were infected with the WannaCry virus . Vredoinos demanded to perform a transfer to bitcoin wallet, after which the hackers promised to decrypt the contents of the hard drive. The WannaCry epidemic lasted for several months, but the echoes of the virus have only reached the largest […]

The post The chip maker for the iPhone will lose $ 250 million due to the WannaCry virus appeared first on HybridTechCar.


           Nawazuddin Siddiqui encourages farming       Cache   Translate Page   Web Page Cache   

Nawazuddin Siddiqui may have reached exponential heights as one of the finest actors in the country today; however, the star continues to remain grounded to his roots. Sources reveal that Nawaz who hailed from a small town (Budhana) and has a background in agriculture is scouting for a plot in Kasara. The actor in his small way hopes to pursue farming and also educate local farmers about the advancements in agricultural technology and other methods for a better harvest.

Nawazuddin Siddiqui encourages farming

Nawazuddin's brother Shamas Siddiqui says, "Of late, it has become difficult for Nawaz bhai to travel all the way to our village, owing to his hectic schedule. We wanted to buy a plot close to Mumbai so that he can drive down to Kasara whenever he has the time. We have finalised a few plots that are close to the river, and will seal the deal by this week." Adding that, "Last year, we had implemented new irrigation techniques in Budhana, which helped the farmers there tremendously. Similarly, Nawaz bhai and I want to create awareness here too."

Back on the work front, Nawazuddin Siddiqui who was recently seen in Sacred Games will next be seen on the big screen in Genius, Manto and Thackeray.

Also Read: Nawazuddin Siddiqui’s recent tweet about a stunning lady has left everyone curious!


          Snapchat source Code leaked after an iOS update exposed it      Cache   Translate Page   Web Page Cache   

Hackers leaked the Snapchat source code on GitHub, after they attempted to contact the company for a reward. Hackers gained access to the source code of the frontend of Snapchat instant messaging app for iOS and leaked it on GitHub. A GitHub account associated with a person with the name Khaled Alshehri who claimed to […]

The post Snapchat source Code leaked after an iOS update exposed it appeared first on Security Affairs.


          CallBar X Tweak Fixes The Obnoxious iPhone Call Screen      Cache   Translate Page   Web Page Cache   

The default incoming call screen on the iPhone is obnoxious and annoying. Its annoying because not only can you not get rid of the call screen until you pick or reject the call but it takes up full screen, preventing you from doing anything else on your device. The popular CallBar tweak, which has been […]

The post CallBar X Tweak Fixes The Obnoxious iPhone Call Screen appeared first on iOS Hacker.


          7 New Cydia Tweaks: Shutter, TapVideoConfig, ChromaHomeBar And More      Cache   Translate Page   Web Page Cache   

Thanks to the ongoing contribution from jailbreak developers we now have hundreds of new and old Cydia tweaks that work perfectly with the iOS 11 jailbreak. If you are a jailbreak user who has a jailbroken iOS 11 device, then you have come to the right place. In this roundup we have featured some of […]

The post 7 New Cydia Tweaks: Shutter, TapVideoConfig, ChromaHomeBar And More appeared first on iOS Hacker.


          Notorious Hacker Group 'Music Mafia' Remains Online — Despite Heavy RIAA Pressure - Digital Music News      Cache   Translate Page   Web Page Cache   

Digital Music News

Notorious Hacker Group 'Music Mafia' Remains Online — Despite Heavy RIAA Pressure
Digital Music News
Understandably, this type of leaked content can be very damaging to the music industry, so it's no surprise that the RIAA is trying to crack down on the hacker group. Music Mafia has proved their chops by releasing two unreleased Kayne West songs ...


          The trap of sales driven development      Cache   Translate Page   Web Page Cache   
Who does your software team _really_ serve?
"Who profits by a sin has done the sin."
          WIFI PASSWORD ALL IN ONE v3.0.4 [Unlocked] [Latest]      Cache   Translate Page   Web Page Cache   

Wifi password all in one contains all the applications to protect you from hackers and crackers. Includes four functions View the list of WiFi networks available in your area Generate a password web, wpa and wpa2 for your wifi router See who is on your wifi network See the signal and all the information about your wifi Optimized for mobiles and tablets. Compatible with Android 8.0 and more. WHAT’S NEW Optimizations and improvements Compatible with Android 8.0 Updated libraries Bugs fixed This app has no advertisements Screenshots Downloads WIFI PASSWORD ALL IN ONE v3.0.4 / Mirror Older Version WIFI PASSWORD ALL IN ONE v3.0.0 / Mirror WIFI PASSWORD ALL IN ONE v2.5.6 / Mirror

The post WIFI PASSWORD ALL IN ONE v3.0.4 [Unlocked] [Latest] appeared first on APK4Free.


          Samsung Galaxy S7 é vulnerável a ataque de hackers      Cache   Translate Page   Web Page Cache   

Segundo pesquisadores, modelo tem uma falha na segurança dos microchips [...]

O post Samsung Galaxy S7 é vulnerável a ataque de hackers apareceu primeiro em Forbes Brasil.


          Samsung Galaxy S7 phones vulnerable to hacking      Cache   Translate Page   Web Page Cache   
Samsung's Galaxy S7 smartphones are vulnerable to a microchip flaw uncovered earlier this year called Meltdown, putting tens of millions of devices at risk of cyber attacks by hackers looking to spy on their users, researchers told Reuters.

          如何正确使用async/await?      Cache   Translate Page   Web Page Cache   

  ES7引入的async/await是JavaScript异步编程的一个重大改进,提供了在不阻塞主线程的情况下使用同步代码异步访问资源的能力。在本文中,我们将从不同的角度探索async/await,并演示如何正确有效地使用它们。

 async/await的好处

  async/await给我们带来的最重要的好处是同步编程风格。我们来看一个例子。

// async/await
async getBooksByAuthorWithAwait(authorId) {
  const books = await bookModel.fetchAll();
  return books.filter(b => b.authorId === authorId);
}
// promise
getBooksByAuthorWithPromise(authorId) {
  return bookModel.fetchAll()
    .then(books => books.filter(b => b.authorId === authorId));
}

  很显然,async/await比promise更容易理解。如果忽略掉await关键字,代码看起来与其他任意一门同步语言一样(如Python)。

  除了可读性,async/await还对浏览器提供了原生支持。目前所有的主流浏览器都完全支持异步功能。



  原生支持意味着不需要编译代码。更重要的是,它调试起来很方便。在函数入口设置断点并执行跳过await行之后,调试器会在bookModel.fetchAll()执行时暂停一会儿,然后移动到下一行(也就是.filter)!这比使用promise要容易调试得多,因为你必须在.filter这一行设置另一个断点。



  另一个好处是async关键字,尽管看起来不是很明显。它声明getBooksByAuthorWithAwait()函数的返回值是一个promise,因此调用者可以安全地调用getBooksByAuthorWithAwait().then(…)或await getBooksByAuthorWithAwait()。比如像下面这段代码:

getBooksByAuthorWithPromise(authorId) {
  if (!authorId) {
    return null;
  }
  return bookModel.fetchAll()
    .then(books => books.filter(b => b.authorId === authorId));
  }
}

  在上面的代码中,getBooksByAuthorWithPromise可能返回一个promise(正常情况)或null(异常情况),在这种情况下,调用者无法安全地调用.then()。而如果使用async声明,则不会出现这种情况。

 async/await可能会引起误解

  有些文章将async/await与promise进行了比较,并声称它是JavaScript异步编程演变的下一代,但我非常不同意这一观点。async/await是一种改进,但它不过是一种语法糖,它不会完全改变我们的编程风格。

  从本质上讲,异步函数仍然是promise。在正确使用异步函数之前,你必须了解promise,更糟糕的是,大部分时间需要同时使用promise和异步函数。

  考虑上例中的getBooksByAuthorWithAwait()和getBooksByAuthorWithPromises()函数。请注意,它们不仅功能相同,接口也是完全一样的!

  这意味着如果直接调用getBooksByAuthorWithAwait(),它将返回一个promise。

  不过这不一定是件坏事。只是await会给人一种感觉:“它可以将异步函数转换为同步函数”。但这实际上是错误的。

 async/await的陷阱

  那么人们在使用async/await时可能会犯什么错误?下面列举了一些常见的错误。

  太过串行化

  虽然await可以让你的代码看起来像是同步的,但请记住,它们仍然是异步的,要避免太过串行化。

async getBooksAndAuthor(authorId) {
  const books = await bookModel.fetchAll();
  const author = await authorModel.fetch(authorId);
  return {
    author,
    books: books.filter(book => book.authorId === authorId),
  };
}

  上面的代码在逻辑上看起来很正确,但这样做其实是不对的。

  1. await bookModel.fetchAll()将等到fetchAll()返回。
  2. 然后await authorModel.fetch(authorId)将被调用。

  注意,authorModel.fetch(authorId)不依赖bookModel.fetchAll()的结果,事实上它们可以并行调用!然而,因为在这里使用了await,两个调用变成串行的,总的执行时间将比并行版本要长得多。

  正确的方法应该是:

async getBooksAndAuthor(authorId) {
  const bookPromise = bookModel.fetchAll();
  const authorPromise = authorModel.fetch(authorId);
  const book = await bookPromise;
  const author = await authorPromise;
  return {
    author,
    books: books.filter(book => book.authorId === authorId),
  };
}

  或者更糟糕的是,如果你想要逐个获取物品清单,你必须使用promise:

async getAuthors(authorIds) {
  // WRONG, this will cause sequential calls
  // const authors = _.map(
  //   authorIds,
  //   id => await authorModel.fetch(id));
// CORRECT
  const promises = _.map(authorIds, id => authorModel.fetch(id));
  const authors = await Promise.all(promises);
}

  总之,你仍然需要将流程视为异步的,然后使用await写出同步的代码。在复杂的流程中,直接使用promise可能更方便。

 错误处理

  在使用promise时,异步函数有两个可能的返回值。对于正常情况,可以使用.then(),而对于异常情况,则使用.catch()。不过在使用async/await时,错误处理可能会变得有点蹊跷。

  try…catch

  最标准的(也是我推荐的)方法是使用try…catch语句。在调用await函数时,如果出现非正常状况就会跑出异常。比如:

class BookModel {
  fetchAll() {
    return new Promise((resolve, reject) => {
      window.setTimeout(() => { reject({'error': 400}) }, 1000);
    });
  }
}
// async/await
async getBooksByAuthorWithAwait(authorId) {
try {
  const books = await bookModel.fetchAll();
} catch (error) {
  console.log(error);    // { "error": 400 }
}

  在捕捉到异常之后,我们有几种方法来处理它:

  • 处理异常,并返回一个正常值。(不在catch块中使用任何return语句相当于使用return undefined,undefined也是一个正常值。)
  • 如果你想让调用者来处理它,就将它抛出。你可以直接抛出错误对象,比如throw error,这样就可以在promise链中使用await getBooksByAuthorWithAwait()函数(也就是像getBooksByAuthorWithAwait().then(...).catch(error => …)这样调用它)。或者你可以将错误包装成Error对象,比如throw new Error(error),那么在控制台中显示这个错误时它将给出完整的堆栈跟踪信息。
  • 拒绝它,比如return Promise.reject(error)。这相当于throw error,因此不推荐使用。

  使用try…catch的好处是:

  • 简单,传统。只要你有其他语言(如Java或C++)的编程经验,要理解这一点就不会有任何困难。
  • 如果没有必要逐步进行错误处理,那么可以在单个try…catch块中包装多个await调用,这样就可以在一个地方处理所有错误。

  这种方法也有一个缺陷。由于try...catch会捕获代码块中的每个异常,所以通常不会被promise捕获的异常也会被捕获到。比如:

class BookModel {
  fetchAll() {
    cb();    // note `cb` is undefined and will result an exception
    return fetch('/books');
  }
}
try {
  bookModel.fetchAll();
} catch(error) {
  console.log(error);  // This will print "cb is not defined"
}

  运行此代码,你将会在控制台看到“ReferenceError:cb is not defined”错误,消息的颜色是黑色的。错误消息是通过console.log()输出的,而不是JavaScript本身。有时候这可能是致命的:如果BookModel被包含在一系列函数调用中,并且其中一个调用把错误吞噬掉了,那么找到这样的undefined错误将非常困难。

 让函数返回两个值

  错误处理的另一种方式是受到了Go语言启发,它允许异步函数返回错误和结果。

  简单地说,我们可以像这样使用异步函数:

[err, user] = await to(UserModel.findById(1));

  我个人不喜欢这种方法,因为它将Go语言的风格带入到了JavaScript中,感觉不自然。但在某些情况下,这可能相当有用。

  使用.catch

  我们要介绍的最后一种方法是继续使用.catch()。

  回想一下await的功能:它将等待promise完成工作。另外,promise.catch()也会返回一个promise!所以我们可以这样进行错误处理:

// books === undefined if error happens,
// since nothing returned in the catch statement
let books = await bookModel.fetchAll()
  .catch((error) => { console.log(error); });

  这种方法有两个小问题:

  • 它是promise和异步函数的混合体。你仍然需要了解promise的工作原理才能看懂这段代码。
  • 错误处理出现在普通代码逻辑之前,这样不直观。

 结论

  ES7引入的async/await关键字绝对是对JavaScript异步编程的重大改进。它让代码更易于阅读和调试。然而,要正确使用它们,人们必须了解promise。它们不过是语法糖,本质上仍然是promise。

  英文原文:https://hackernoon.com/javascript-async-await-the-good-part-pitfalls-and-how-to-use-9b759ca21cda


          Big Brother Spoilers Housemeeting “Congratz I’m still voting you out you have a power”      Cache   Translate Page   Web Page Cache   

***updated****



12:25pm HOUSEMEETING

Angela and kaycee in the HOH get called down for the house meeting
Angela - if she's the Hacker I'll be like umm OK
Kaycee - walk away

H - guys I'm going to start out with I love everyone in this room
H - there's several people in this room that owe bayleigh an apology including myself.. LAst Thursday I won the hacker competition
H - Tyler I didn't put you up for personal reasons when Kailtyn was in this game she told me several comments that there isn't one person that would put you up in this house
H - So that combined with your 4 comp wins makes you a choice
H - Angela - I never wanted to steal you power, never wanted to take something away from you.. I had a chance to make a move so I took it.

Big Brother Spoilers
Big Brother Spoilers Housemeeting “Congratz I’m still voting you out you have a power”


          A Google Chrome Browser Extension That Will Help you Quickly Delete Years of Facebook Posts       Cache   Translate Page   Web Page Cache   
If you are a Facebook junkie and also use the Google Chrome Browser take a look at the Social Book Post Manager that is featured on Lifehacker… Called Social Book Post Manager, the extension allows you to delete all your posts on the social network before a specific date, or specify the types of posts... Continue Reading →
          New Spectre-style attack discovered      Cache   Translate Page   Web Page Cache   

New Spectre-style attack discovered

Security experts are constantly discovering new potential threats, and quite recently, they’ve found a new type of Spectre-style attack more dangerous than the original. Here’s a quick rundown of the new Spectre variant.

Spectre 101
For those who don’t know, Spectre is a vulnerability in modern computer chips like Intel and AMD that allows hackers to steal confidential information stored in an application’s memory, including passwords, instant messages, and emails.

The post New Spectre-style attack discovered appeared first on Abussi.


          DOE to vet grid’s ability to reboot after a cyberattack      Cache   Translate Page   Web Page Cache   
The Department of Energy is planning an unprecedented, "hands-on" test of the grid's ability to bounce back from a blackout caused by hackers, E&E News has learned. The "Liberty Eclipse" exercise will simulate the painstaking process of re-energizing the power grid while squaring off against a simultaneous cyberattack on electric, oil and natural gas infrastructure.
          Perry says cyberthreats to gas justify help for coal, nuclear      Cache   Translate Page   Web Page Cache   
The potential for cyberattacks on gas pipelines and the electric grid makes it important to keep coal and nuclear plants online, Energy Secretary Rick Perry said. Perry, speaking at a conservative political conference here, cited recent news about Russian hackers infiltrating U.S. utility control systems as a reason for protecting the conventional baseline power plants against competition.
          Strike fear into the hearts of hackers with this online class      Cache   Translate Page   Web Page Cache   
To beat a hacker, you must become a hacker.

That’s what ethical hacking is all about: you learn the tricks and tools that cyber-criminals use to infiltrate the networks of major institutions, use that knowledge to set up secure safeguards, and get paid handsome sums by those companies. ... Reported by Mashable 5 hours ago.
          Blockchain bug hunters feature prominently at this year’s Pwnie Awards      Cache   Translate Page   Web Page Cache   

Researchers have been diligently prodding cryptocurrency and blockchain companies for kinks in their security – and it seems some of them are finally getting recognition for their work. Three researchers are up for Pwnie Awards this year – an annual showcase of the best and worst in information security. Little toy ponies are given to the most deserving hackers and security researchers. MIT Digital Currency Initiative director Neha Narula and Boston University researcher Ethan Heilman have been nominated for “Best Cryptographic Attack” after cracking a hash function in popular cryptocurrency IOTA. In addition to that, ConsenSys security engineer Bernard Mueller…

This story continues at The Next Web
          With $417K, EOS accounts for two-thirds of all cryptocurrency bug bounties in 2018      Cache   Translate Page   Web Page Cache   

As interest, adoption, and venture funding in blockchain tech continue to rise, so do attacks from hackers. In an effort to counteract potential threats, a growing list of startups in the cryptocurrency space have opted to launch programs to invite hackers to disclose vulnerabilities responsibly – instead of exploiting them for personal gains. And data suggests the strategy is working. The total number of blockchain companies with active vulnerability disclosure programs has almost doubled since last year, according to HackerOne stats shared exclusively with Hard Fork. The stats also suggests the overall number of vulnerability submissions for blockchain companies is also…

This story continues at The Next Web
          Whatsapp flaw could allow hackers to modify, send fake messages      Cache   Translate Page   Web Page Cache   
Researchers at Israeli cybersecurity firm said Wednesday they had found a flaw in WhatsApp that could allow hackers to modify and send fake messages in the popular social messaging app.
          How to Improve the California Consumer Privacy Act of 2018      Cache   Translate Page   Web Page Cache   

On June 28, California enacted the Consumer Privacy Act (A.B. 375), a well-intentioned but flawed new law that seeks to protect the data privacy of technology users and others by imposing new rules on companies that gather, use, and share personal data. There's a lot to like about the Act, but there is substantial room for improvement. Most significantly:

  • The Act allows businesses to charge a higher price to users who exercise their privacy rights.
  • The Act does not provide users the power to bring violators to court, with the exception of a narrow set of businesses if there are data breaches.
  • For data collection, the Act does not require user consent.
  • For data sale, while the Act does require user consent, adults have only opt-out rights, and not more-protective opt-in rights.
  • The Act’s right-to-know should be more granular, extending not just to general categories of sources and recipients of personal data, but also to the specific sources and recipients. Also, the right-to-know should be tailored to avoid news gathering.

The law goes into effect in January 2020, which means privacy advocates have 18 months to strengthen it—and to stave off regulated companies' attempts to weaken it.

Background to the Act

For many years, a growing number of technology users have objected to the myriad ways that companies harvest and monetize their personal data, and users have called on companies and legislators to do a better job at protecting their data privacy. EFF has long supported data privacy protections as well.

In March 2018, the Cambridge Analytica scandal broke. The public learned that private data was harvested from more than 50 million Facebook users, without their knowledge and consent, and that the Trump presidential campaign used this private data to target political advertisements. Demand for better data privacy rules increased significantly.

In May 2018, supporters of a California ballot initiative on data privacy filed more than 600,000 signatures in support of presenting the initiative to voters, nearly twice the number of signatures required to do so. But ballot initiatives are an imperfect way to make public policy on a complex subject like data privacy. Before enactment, it can be difficult for stakeholders to help improve an initiative’s content. And after enactment, an initiative can be difficult to amend.

California legislators hoped to do better, but now they faced a deadline. June 28 was the last day the initiative’s sponsor could remove it from the ballot, and the sponsor told the legislature that he would do so only if they passed data privacy legislation first. Legislators rushed to meet this deadline, but that rush meant privacy advocates didn’t have much chance to weigh in before it was passed.

The Basics of the CCPA

The CCPA creates four basic rights for California consumers: 

  • A right to know what personal information a business has about them, and where (by category) that personal information came from or was sent. See Sections 100, 110, 115. See also Section 140(c) (defining “business”), and Section 140(o) (defining “personal information”).
  • A right to delete personal information that a business collected from them. See Section 105. While the right-to-know extends to all information a business collected about a consumer, the right-to-delete extends to just the information a business collected from them.
  • A right to opt-out of sale of personal information about them. See Section 120. See also Section 140(t) (defining “sale”).
  • A right to receive equal service and pricing from a business, even if they exercise their privacy rights under the Act, but with significant exceptions. See Section 125.

The Act also creates a limited right for consumers to sue businesses for data security breaches, based on California’s existing data breach notification law. See Section 150. Most of the Act’s enforcement punch, however, rests with the California Attorney General (AG), who can file civil actions against violations of the Act. See Section 155. The AG is also responsible for promulgating regulations to flesh out or update the CCPA framework. See Section 185.

As we explained above, the CCPA was put together quickly, and with many important terms undefined or not clearly defined. As a result, these rights in some cases look better than they really are. Fortunately, the new CCPA is generally understood to be a work in progress. Legislators, privacy advocates, and regulated companies will all be seeking substantive revisions before the law goes into effect. The rest of this post focuses on EFF's suggestions.

Opt-in Consent to Collection

Many online services gather personal data from technology users, without their knowledge or consent, both when users visit their websites, and, by means of tracking tools, when users visit other websites. Many online services monetize this personal data by using it to sell targeted advertising. New legislation could require these online services to obtain the users’ opt-in consent to collect personal data, particularly where that collection is not necessary to provide the service.

The CCPA does not require online services to obtain opt-in consent before collecting personal data from users. Nor does it provide users an opportunity to opt-out of collection. The law does require notice, at or before the point of collection, of the categories of collected data, and the purposes of collection. See Section 100(b). But when it comes to users’ autonomy to make their own decisions about the privacy of their data, while notice is a start, consent is much better. The legislature should amend the Act to require it.

Some limits are in order. For example, opt-in consent might not be required for a service to perform actions the user themselves have requested (though clear notice should be required). Also, any new regulations should explore ways to avoid the “consent fatigue” that can be caused by a high volume of opt-in consent requests.

“Right to Know” About Data Gathering and Sharing

Technology users should have an affirmative “right to know” what personal data companies have gathered about them, where the companies got it, and with whom the companies shared it, subject to some limits to ensure that the right to know does not impinge on other rights.

The CCPA creates a right to know, empowering “consumers” to obtain the following information from “businesses”:

  • The categories of personal information collected. See Sections 100(a), 110a)(1), 110(c)(1), 115(a)(1).
  • The categories of sources of the personal information. See Sections 110(a)(2), 110(c)(2).
  • The purposes for collecting the personal information. See Sections 110(a)(3), 110(c)(3).
  • The categories of third parties with whom businesses shares personal information. See Sections 110(a)(4).
  • The categories of personal information sold. See Sections 115(a)(2), 115(c)(1).

The Act defines a “consumer” as any natural person who resides in California. See Section 140(g). The Act defines a “business” as a for-profit legal entity with: (i) annual gross revenue of $25 million; (ii) annual receipt or disclosure of the personal information of 50,000 consumers, households, or devices; or (iii) receipt of 50% or more of its annual revenue from selling personal information. See Section 140(c).

The Act’s right-to-know would be more effective if it was more granular. It allows people to learn just the “categories” of sources and recipients of their personal data. People should be able to learn the specific sources and recipients.

Moreover, the Act’s right-to-know should be tailored to avoid impacting news gathering, which is protected by the First Amendment, when undertaken by professional reporters and lay members of the public alike. For example, if a newspaper tracked visitors to its online edition, the visitors’ right-to-know could cover that tracked information, but should not also extend to a reporters’ investigative file.

Data Portability

Users generally should have a legal right to data portability, that is, to obtain a copy of the data they provided to an online service. People might use this data in myriad ways, including self-publishing their own content, better understanding their service provider, or taking their data to a rival service.

The CCPA advances data portability. Consumers may obtain from businesses the “specific pieces” of personal information collected about them. See Sections 100(a), 110(c)(5). Moreover, the Act provides that if “provided electronically, the information shall be in a portable and, to the extent technically feasible, in a readily useable format that allows the consumer to transmit their information to another entity.” See Section 100(d).

It will be important to ensure that “technical infeasibility” does not become an exception that swallows the rule.

Also, it may be appropriate to address scenarios where multiple users’ data is entangled. For example, suppose Alice posts a photo of herself on social media, under a privacy setting that allows only certain people to see the photo, and Bob (one of those people) posts a comment on the photo. If Bob seeks to obtain a copy of the data he provided to that social media, he should get his comment, but not automatically Alice’s photo.

Consent to Data Sharing

As discussed above, EFF supports properly tailored legislation that requires companies to get opt-in consent before collecting a user’s personal data. Opt-in consent should also be required before a company shares that data with a third party. The more broadly that personal data is disseminated, the greater the risk of theft by malicious hackers, misuse by company employees, and expanded uses by company managers. Technology users should have the power to control their personal data by deciding when it may be transferred from one entity to another.

The CCPA addresses sale of personal data. It defines “sale” to include any data transfer “for monetary or other valuable consideration.” See Section 140(t). Adults have a right to opt-out of sales. See Sections 120(a), 120(c). To facilitate such opt-outs, businesses must provide a “do not sell my personal information” link on their homepages. See Section 135(a)(1). Minors have a right to be free from sales absent their opt-in consent. See Sections 120(c), 120(d). Also, if a third party buys a user’s personal data from a company that acquired it from the user, the third party cannot re-sell that personal data, unless they notify the user and give them an opportunity to opt-out. See Section 115(d).

However, the Act’s provisions on consent to data sharing are incomplete. First, all users—adults as well as minors—should be free from data sales and re-sales without their opt-in consent. While opt-out consent is good, opt-in consent is a better way to promote user autonomy to make their own decisions about their data privacy.

Second, the opt-in consent rules should apply to data transfers that do not yield (in the Act’s words) “valuable consideration.” For example, a company may find it to be in its business interests to give user data away for free. The user should be able to say “no” to such a transfer. Under the current Act, they cannot do so. By contrast, the original ballot initiative defined “sale” to include sharing data with other businesses for free.

Notably, the Act empowers the California Attorney General to issue regulations to ensure that the Act’s various notices and information are provided “in a manner that may be easily understood by the average consumer.” See Section 185(a)(6). We hope these regulations will address the risk of “consent fatigue” that can result from opt-in requests.

Deletion

The CCPA provides that a consumer may compel a business to “delete” personal information that the business collected from the consumer. See Section 105(a).

The Act provides several exceptions. Two bear emphasis. First, a business need not delete a consumer’s personal information if the business needs it to “exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.” See Section 105(d)(4). Second, a business may keep personal information “to enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.” See Section 105(d)(7).  Confusingly, another exception uses similar language, and it’s unclear how these interact. See Section 105(d)(9) (“Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information”).

Deletion is a particularly tricky aspect of data privacy, given the potential countervailing First Amendment rights at issue. For example, suppose that Alice and Bob use the same social media service, that Alice posts a photo of herself, that Bob re-posts it with a caption criticizing what Alice is doing in the photo, and that Alice becomes embarrassed by the photo. A statute empowering Alice to compel the service to delete all copies of the photo might intrude on Bob’s First Amendment interest in continuing to re-post the photo. EFF is working with privacy and speech advocates to find ways to make sure the CCPA ultimately strikes the right balance.

But EFF will strongly oppose any provision empowering users to compel third-party services (including search engines) to de-list public information about them. Laws outside the United States that do this are often called the “right to be forgotten.” EFF opposes such laws, because they violate the rights to free speech and to gather information. Many of us may be embarrassed by accurate published reports about us. But it does not follow that we should be able to force other people to forget these reports. Technology users should be free to seek out and locate information they find relevant.

Non-discrimination

The CCPA provides that if a user exercises one of the foregoing statutory data privacy rights (i.e., denial of consent to sell, right to know, data portability, or deletion), then a business may not discriminate against the user by denying service, charging a higher price, or providing lower quality. See Section 125(a)(1). This is a critical provision. Without it, businesses could effectively gut the law by discriminating against users that exercise their rights.

Unfortunately, the Act contains a broad exemption that threatens to swallow the non-discrimination rule. Specifically, a business may offer “incentives” to a user to collect and sell their data, including “payments.” See Section 125(b)(1). For example, if a service costs money, and a user of this service refuses to consent to collection and sale of their data, then the service may charge them more than it charges users that do consent. This will discourage users from exercising their privacy rights. Also, it will lead to unequal classes of privacy “haves” and “have nots,” depending upon the income of the user. EFF urges the California legislature to repeal this exemption from the non-discrimination rule.

This problem is not solved by the Act’s forbidding financial incentives that are “unjust, unreasonable, coercive, or usurious.” See Section 125(b)(4). This will not stop companies from charging more from users who exercise their privacy rights.

The Act also allows price and quality differences that are “reasonably related” or “directly related” to “the value provided to the consumer by the consumer’s data.” See Sections 125(a)(2), 125(b)(1). These exemptions from the non-discrimination rule are unclear and potentially far-reaching, and need clarification and limitation.

Empowering Users to Enforce the Law

One of the most powerful ways to ensure enforcement of a privacy law is to empower users to take violators to court. This is often called a “private cause of action.” Government agencies may fail to enforce privacy laws, for any number of reasons, including lack of resources, competing priorities, or regulatory capture. When a business violates the statutory privacy rights of a user, the user should have the power to decide for themselves whether to enforce the law. Many privacy statutes allow this, including federal laws on wiretaps, stored electronic communications, video rentals, driver’s licenses, and cable subscriptions.

Unfortunately, the private right of action in the CCPA is woefully inadequate. It may only be brought to remedy certain data breaches. See Section 150(a)(1). The Act does not empower users to sue businesses that sell their data without consent, that refuse to comply with right-to-know requests, and that refuse to comply with data portability requests. EFF urges the California legislature to expand the Act’s private cause of action to cover violations of these privacy rights, too.

The Act empowers the California Attorney General to bring suit against a business that violates any provision of the Act. See Section 155(a). As just explained, this is not enough.

Waivers

Too often, users effectively lose their new rights when they “agree” to fine print in unilateral form contracts with large businesses that have far greater bargaining power. Users may unwittingly waive their privacy rights, or find themselves stuck with mandatory arbitration of their privacy rights (as opposed to their day in an independent court).

So we are very pleased that the CCPA expressly provides that contract provisions are void if they purport to waive or limit a user’s privacy rights and enforcement remedies under the Act. See Section 192. This is an important provision that could be a model for other states as well.

Rule Making

The CCPA empowers the California Attorney General to adopt regulations, after it solicits broad public participation. See Section 185. These regulations will address, among other things, new categories of “personal information,” new categories of “unique identifiers” of users, new exceptions to comply with state and federal law, and the clarity of notices.

EFF will participate in this regulatory process, to help ensure that new regulations strengthen data privacy without undue burden, particularly for nonprofits and open-source projects.

Next Steps

The CCPA is just a start. Between now and the Act’s effective date in January 2020, much work remains to be done. The Act itself makes important findings about the high stakes:

The proliferation of personal information has limited Californians’ ability to properly protect and safeguard their privacy. It is almost impossible to apply for a job, raise a child, drive a car, or make an appointment without sharing personal information. . . . Many businesses collect personal information from California consumers. They may know where a consumer lives and how many children a consumer has, how fast a consumer drives, a consumer’s personality, sleep habits, biometric and health information, financial information, precise geolocation information, and social networks, to name a few categories. . . . People desire privacy and more control over their information.

EFF looks forward to advocating for improvements to the Act in the months and years to come.


          Here's the report that showed the FCC lied about being hacked and then lied about lying      Cache   Translate Page   Web Page Cache   

Yesterday, the FCC published an admission that it had lied about a supposed hack-attack that it blamed for the collapse of its public comments portal that led to the agency eventually shutting down public comment and announcing that it would give equal weight to obviously forged anti-Net Neutrality comments and the pro-Neutrality comments it received. (more…)


          Falha do WhatsApp permite que hackers interceptem mensagens e até alterem conteúdo      Cache   Translate Page   Web Page Cache   
Pesquisadores da Check Point Research divulgaram nessa terça-feira (7) um relatório sobre uma falha de segurança identificada no WhatsApp, o mensageiro mais usado do mundo. Segundo o documento, a brecha encontrada permite que hackers interceptem mensagens e até mesmo alterem … Continua
          WhatsApp flaw lets hackers intercept and manipulate messages      Cache   Translate Page   Web Page Cache   
Report warns WhatsApp could be hijacked to spread fake news.
          And now professional golf is being ransomed for bitcoin      Cache   Translate Page   Web Page Cache   
TwitterFacebook

Raise that single gloved-hand to your mouth in shock: The hackers have gone after golf.

America's last bastion of proud visor-wearers is scrambling this week, after unknown criminals took over the PGA of America’s servers on Tuesday — locking the golf association out of its files just days before the official Aug. 9 start of the PGA Championship in Missouri. And you better believe those hackers want bitcoin

SEE ALSO: Ransomware has been around for almost 30 years, so why does it feel like it's getting worse?

That's right, the PGA was hit with ransomware

So reports Golfweek, which notes that the now-encrypted files include "extensive promotional banners and logos used in digital and print communications," in addition to "development work on logos for future PGA Championships." Read more...

More about Hackers, Bitcoin, Ransomware, Golf, and Tech
          A simple introduction to Python’s asyncio      Cache   Translate Page   Web Page Cache   
An article by Apoorv Garg on hackernoon.com gives a simple introduction to Python’s asyncio. He writes: Why do we want to write asynchronous programs you say — because it could increase the performance of your program many many times. Imagine you have a single core machine you are running your app on. You receive a request, and you […]
          Achtung! Einfallstor für Hacker auf WhatsApp entdeckt      Cache   Translate Page   Web Page Cache   
Angreifer können Nachrichten manipulieren.
Sicherheitsexperten haben eine Schwachstelle im beliebten Messengerdienst WhatsApp entdeckt, durch die Nachrichten manipuliert werden können. Wie die israelische Sicherheitsfirma CheckPoint am Mittwoch mitteilte, sind sowohl Gruppenchats als auch Privatkonversationen betroffen.
          Election - State officials say Russian hackers stole 76K Illinois voters' info in 2016, not 500K      Cache   Translate Page   Web Page Cache   
State Board of Elections officials said Wednesday that federal officials investigating Russian hacking involving the 2016 election confirmed the state's initial assessment that...
          Big Brother 20 Live Feeds: House Meeting Blows Up      Cache   Translate Page   Web Page Cache   
The Big Brother 20 Live Feeds were explosive Wednesday afternoon as Haleigh called a house meeting to reveal to everyone that she, and not Balyeigh, is the Hacker this week. Flashback to 12:23 PM BBT, [...]
          Big Brother 20: Counting The Votes In Week 6 [POLL]      Cache   Translate Page   Web Page Cache   
Eight Houseguests are eligible to vote this week but only seven of them will get the chance to enter the Diary Room during Thursday’s Big Brother 20 episode thanks to the Hacker. Haleigh won the [...]
          Tonight On Big Brother 20: Power of Veto Events      Cache   Translate Page   Web Page Cache   
Tonight on CBS and streaming live on All Access, Big Brother 20 is back with its latest Power of Veto episode starting at 8/7c as the Hacker comp may have changed things up, but the [...]
          Hackers found and cracked this fake electricity substation network in just two days | ZDNet      Cache   Translate Page   Web Page Cache   
Hackers found and cracked this fake electricity substation network in just two days | ZDNet: Nation states aren't the only threat to critical infrastructure.
          Reine Winter Morning by Daniel Fleischhacker      Cache   Translate Page   Web Page Cache   


Reine Winter Morning by Daniel Fleischhacker


Many techniques used on this image are demonstrated in my set of video tutorials. Just check out my website for more information. VIDEO TUTORIALS WEBSITE I also offer personalized video workshops where I demonstrate my advanced processing techniques used on your own images. More information can be found on my website. WORKSHOP ______________ Viele der hier angewandten Techniken werden sehr ausführlich in meinen Video Tutorials demonstriert. Mehr Informationen dazu findet Ihr auf meiner Website.


Daniel Fleischhacker: Photos


          Hackers die jonge vrouwen chanteerden met naaktfoto’s veroordeeld tot 3 jaar cel      Cache   Translate Page   Web Page Cache   
De rechtbank in Amsterdam heeft twee mannen veroordeeld tot celstraffen tot drie jaar, waarvan een jaar voorwaardelijk, voor onder meer het hacken en downloaden van honderden iCloud-accounts. Het duo was vooral op zoek naar pikante foto’s van jonge vrouwen.
          Hackers target PGA servers, seek Bitcoin ransom      Cache   Translate Page   Web Page Cache   
ST. LOUIS — It’s not just elections. Hackers are now targeting major golf tournaments too. Shadowy bandits have hijacked (...)
          rebelhacker.com      Cache   Translate Page   Web Page Cache   

Rebel Hacker: A name that focuses on security and authority.

rebelhacker.com
Keywords: 
rebel, hacker, security, authority, firm, marketing, agency, crowd, sourcing, crowdsourcing, software, program

          A world without Facebook      Cache   Translate Page   Web Page Cache   

Since 2016, we've learned in drip-drip-drip revelations how our social media giants, especially Facebook, have made us disconnected divided, discordant, isolated into like-minded silos, and manipulated by hackers working for the Kremlin.

Why it matters: For many years, becoming "connected" has been the zeitgeist — to long-lost family, friends, whole new communities, potential business partners at home and abroad, perhaps a romantic interest.


We asked the question of experts from a number of fields — what would be the pluses and minuses if you just could snap your fingers and make Facebook disappear?

  • No one cheered the idea of losing Facebook entirely; yet all found something seriously wrong with the current state of affairs.
  • Ian Bremmer, president of Eurasia Group, said a world without Facebook would mean "less time spent online, less addictive consumer-driven behavior in citizens, less algorithm driven personalized-news, less fake news, less political polarization in population. Breathing room for non-social media."
  • But it would also mean "value destruction for shareholders, job losses, negative impact on economy. Ceding social media battle globally to China-driven monopolies. A big win for TenCent/WeChat," Bremmer said in an email.

Nicholas Wright, a British neurologist who studies artificial intelligence and politics, contemplating a government shutdown of the platform, said such an action "would be a terrible blow to the U.S. capitalist system. How could anyone trust the Government not to shut down other companies and lay off tens of thousands of workers etc.?"

  • One thing is that it's not necessary to outright kill Facebook, said Scott Galloway, a NYU professor and author of The Four, a critique of U.S. big tech who called for Facebook's breakup under anti-trust laws.

But both Galloway and Wright found plenty to like about the idea of Facebook's disappearance, too.

  • "FB has fomented the false notion that connecting the world is a good thing," Galloway said. "We, as a species, are tribal and lies spread faster than truth. With no guardrails or (expensive) human discretion screening content/advertisers, we have offered up the mother of all Trojan horses for bad actors."
  • "Power corrupts, and Facebook is corrupted," Galloway said.
  • More competition would arise absent Facebook, Wright said, and less control of personal data."Preventing excessive integration of data is crucial to prevent us sleepwalking into constructing authoritarian capabilities," he said.

The big picture: The same criticism can justifiably be made against Twitter, YouTube and Google generally, and — in a broader sense — Amazon. Complaints about algorithms and monopolistic behavior are on the rise. But all also have a defense of creating a broadly valued service.

Go deeper: The mistakes that led to Google and Facebook dominating ads


          Hackers Already Attacking Midterm Elections, Raising U.S. Alarms      Cache   Translate Page   Web Page Cache   
The U.S. midterm elections are at increasing risk of interference by foreign adversaries led by Russia, and cybersecurity experts warn the Trump administration isn’t adequately defending against the meddling.
          Stress, bad workplace cultures are still driving security folk to drink      Cache   Translate Page   Web Page Cache   

Self-medicating with booze is no answer, hackers warned at conference

Black Hat In a personal and powerful presentation, a computer security veteran has warned that too many infosec bods are fighting a losing battle with the bottle.…


          La historia del supuesto hacker de 20 años que está siendo acusado de robar más de 5 millones de dólares en bitcoins      Cache   Translate Page   Web Page Cache   

Imagen.Primero posted a photo:

La historia del supuesto hacker de 20 años que está siendo acusado de robar más de 5 millones de dólares en bitcoins

bit.ly/2MxvwT0


          Government-backed research suggests millions of smartphones have built-in security flaws - BGR      Cache   Translate Page   Web Page Cache   

BGR

Government-backed research suggests millions of smartphones have built-in security flaws
BGR
Well, this is comforting. Researchers funded by the Dept. of Homeland Security have found security vulnerabilities built into smartphones at the device level, vulnerabilities that reportedly exist across devices offered by the four leading U.S. cell ...
DHS-Funded Research Reveals Mobile Flaws Affecting MillionsAndroid Headlines
Dept of Homeland Security discovers security flaws in millions of US smartphones9to5Mac
Homeland Security finds vulnerabilities on millions of US cellphonesCult of Mac
The Mac Observer -Phone Arena -PYMNTS.com -fifthdomain.com
all 16 news articles »

          8月8日(水)のつぶやき その1      Cache   Translate Page   Web Page Cache   

昭和の名優・津川雅彦さんが死去、78歳 4月に亡くなった妻・朝丘雪路さんを追うように a.msn.com/07/ja-jp/BBLC6…

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:21

「軽減税率見送りなら信義違反」=菅長官、石破氏を批判 a.msn.com/01/ja-jp/BBLBc…

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:21

日本は40年も前に「中国人には想像できないほどの豊かさを手に入れていた」=中国メディア a.msn.com/01/ja-jp/BBLAO…

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:22

損保調査:あおり運転、半数「受けた」 北海道・東北多く a.msn.com/01/ja-jp/BBLBI…

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:22

【自民党総裁選】竹下亘会長、石破氏支持表明へ 衆院は首相支持多く 派の対応分裂の見通し - 産経ニュース sankei.com/politics/news/… @Sankei_newsさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:24

脱走ミーアキャット捕まる 3週間、みさき公園内に潜伏 - 産経WEST sankei.com/west/news/1808… @SankeiNews_WESTさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:25

「双子産んだ」…ウソでした! 出産一時金詐取未遂でフィリピン国籍の女逮捕 - 産経WEST sankei.com/west/news/1808… @SankeiNews_WESTさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:26

淡路島最古参ラブホ「伊勢の森・ハーブの森」、観光客向けホテル「グリーン・コジー」にリニューアル(2/2ページ) - 産経WEST sankei.com/west/news/1807… @SankeiNews_WESTさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:26

「宇宙観光」がいよいよ現実に? 米企業が2019年にも商用フライトの可能性(5/5ページ) - 産経ニュース sankei.com/wired/news/180… @Sankei_newsさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:28

前代未聞! 文科省有志の実名“連判状”の中身とは… 「反乱軍」「踏み込み不足」の声も(3/3ページ) - 産経ニュース sankei.com/premium/news/1… @Sankei_newsさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:30

北京五輪から10年経って…「取材の自由」は有名無実化 - 産経ニュース sankei.com/world/news/180… @Sankei_newsさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:30

【衝撃事件の核心】中国に「旧日本軍が残した札束」はすべて偽札だった(4/4ページ) - 産経WEST sankei.com/west/news/1808… @SankeiNews_WESTさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:32

「架空請求はがき」実物を紹介 滋賀県警などが「防犯かもめーる」 - 産経WEST sankei.com/west/news/1808… @SankeiNews_WESTさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:33

新婚アッキーナ号泣「ボロボロ網タイツ…」 よゐこ濱口おのろけ、愛情料理の失敗談 - 産経WEST sankei.com/west/news/1808… @SankeiNews_WESTさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:33

島根3号機新規稼働申請へ 中国電力、知事が了解 東日本大震災以降2例目(1/2ページ) - 産経WEST sankei.com/west/news/1808… @SankeiNews_WESTさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:35

【朝日新聞研究】国旗・国歌を戦争と軍国主義に結びつける“特殊”な主張 慰安婦問題と同じ… 日本だけを問題視する朝日の「日本差別」 zakzak.co.jp/soc/news/18080… @zakdeskさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:36

ラオス国民が韓国企業に怒り“暴発”寸前 ダム決壊の死者34人に 「人災」の見方強まる zakzak.co.jp/soc/news/18080… @zakdeskさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:37

平成30年8月7日 森東京オリンピック・パラリンピック競技大会組織委員会会長等による表敬 | 平成30年 | 総理の一日 | 総理大臣 | 首相官邸ホームページ kantei.go.jp/jp/98_abe/acti…

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:40

山根明会長の連盟「私物化」に…元世界4団体王者・高山勝成氏も反旗 アマ転向拒絶に「ショックだ」と憤り zakzak.co.jp/spo/news/18080… @zakdeskさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:42

山根明会長、夕刊フジ取材に“マル暴”交際認めた「元組長との付き合いは58年」 韓国、家族、村田問題を赤裸々に語る zakzak.co.jp/spo/news/18080… @zakdeskさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 04:44

和田政宗『湊川神社で国家安泰を祈願』
ameblo.jp/wada-masamune/… #アメブロ @ameba_officialさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 05:30

舛添要一『20世紀文明論(6):生活革命①「異常な世紀」・・❻』
ameblo.jp/shintomasuzoe/… #アメブロ @ameba_officialさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 05:31

山本一太『明晩(8月8日)の「直滑降ストリーム」(21時30分〜)は「選挙ドットコム」との対談!』
ameblo.jp/ichita-y/entry… #アメブロ @ameba_officialさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 05:32

美味しくて楽すぎるチャーハンの作り方 山本ゆりさんのTwitterレシピが反響 ch.nicovideo.jp/ch222/blomaga/… #blomaga

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 06:44

英ウィリアム王子が、王室の称号をはく奪された故ダイアナ元妃に誓った事とは?
ch.nicovideo.jp/fabloid/blomag… #blomaga

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 06:45

エヴァー探偵社~調査ファイル~Vol.6 ch.nicovideo.jp/inlifeweb/blom… #blomaga

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 06:46

プールに潜む危険から子どもを守る12の注意点 ch.nicovideo.jp/lifehacker/blo… #blomaga

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 06:47

「いのちの電話に240回電話」した女性 その対応に「信じられない」絶句広がる news.nicovideo.jp/watch/nw3731583

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 06:57

辺野古反対派に押し倒され防衛省職員が大けが 被害届提出 嘉手納署が傷害事件で捜査 - 産経ニュース sankei.com/politics/news/… @Sankei_newsさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 19:33

ウラジオ市がゾルゲ記念像の建設計画を発表 日本における20世紀最大のスパイ事件の首謀者 - 産経ニュース sankei.com/world/news/180… @Sankei_newsさんから

— 田中_jack 新生日本情報局 (@jacknikurausu) 2018年8月8日 - 19:33
          Comentario en Seminario Oficial CrossFit Weightlifting – 7 y 8 de junio en Madrid por hacker hire      Cache   Translate Page   Web Page Cache   
<strong>hacker hire</strong> [...]that is the end of this post. Right here you?ll locate some sites that we assume you?ll value, just click the hyperlinks over[...]
          Government-backed research suggests millions of smartphones have built-in security flaws - BGR      Cache   Translate Page   Web Page Cache   

BGR

Government-backed research suggests millions of smartphones have built-in security flaws
BGR
Well, this is comforting. Researchers funded by the Dept. of Homeland Security have found security vulnerabilities built into smartphones at the device level, vulnerabilities that reportedly exist across devices offered by the four leading U.S. cell ...
DHS-Funded Research Reveals Mobile Flaws Affecting MillionsAndroid Headlines
Dept of Homeland Security discovers security flaws in millions of US smartphones9to5Mac
Homeland Security finds vulnerabilities on millions of US cellphonesCult of Mac
The Mac Observer -Phone Arena -PYMNTS.com -fifthdomain.com
all 18 news articles »

          Microsoft to hackers: Finding Hyper-V bugs is hard. Change my mind. PS: Here's a head start...      Cache   Translate Page   Web Page Cache   

Prove us wrong, kids, and bag $250,000

Black Hat Not that many moons ago, Microsoft was seemingly reluctant to open a bug bounty program. It also once described Linux as a cancer. Now it claims to love Linux, and is offering bounties on bugs. How times change.…


          Haven schakelt hulp in van internationale hackers      Cache   Translate Page   Web Page Cache   

Het Havenbedrijf en de Antwerpse start-up Junction brengen in oktober 130 hackers drie dagen en twee nachten onder één dak in Antwerp Expo. De Haven wil daarmee geen duister genootschap oprichten om computers te kraken, maar gaat op zoek naar innovatieve oplossingen voor de toekomst.


          Cybersecurity expert found people could hack computers using Microsoft's Cortana      Cache   Translate Page   Web Page Cache   
Tal Be’ery, Kzen Networks co-founder, sits down with CNBC's Josh Lipton at the Black Hat Conference in Las Vegas to discuss how he uncovered a security flaw that allows hackers to access computers by targeting Microsoft’s Cortana.
          Internetového prodejce Rohlik.cz napadli hackeři. Zákazníci měli smůlu      Cache   Translate Page   Web Page Cache   
Internetový obchod s potravinami Rohlik.cz v úterý večer čelil hackerskému útoku, který zahltit server, a online obchod byl čtvrt hodiny nedostupný. Šlo o tzv. DDoS útok, při kterém byl e-shop přehlcen četnými požadavky vysílanými z rozptýlených počítačů po celém světě. Firma o tom informovala ČTK.
          The David Pakman Show - August 8, 2018      Cache   Translate Page   Web Page Cache   

--On the Show:

--Andrew Yang, author, entrepreneur, and 2020 Democratic presidential candidate running on universal basic income, Medicare for All, and human-centered capitalism joins David to discuss UBI and his platform

--Republicans spend millions on the Ohio 12th Congressional district special election and barely hold on in a race that is still officially too close to call between Republican Troy Balderson and Democrat Danny O'Connor in what is another sign that the November midterms might not be good for House Republicans

--For the first time ever, voters repeal a "right to work" law by ballot referendum, as Missouri Republicans see the law which would further repress worker and union rights rejected by voters

--Hatriot Mail is back

--The FCC and its Trump-appointed Chairman Ajit Pai admit they lied when they claimed that the comment submission form was taken down by "hackers" during the debate about repealing Net Neutrality, but Ajit Pai blames Obama

--Contrary to what Donald Trump has most recently claimed, the Trump Tower meeting with Russians to get "dirt on Hillary" Clinton was not "totally legal"

--A Marine is kicked out of the Marines for his role in the white supremacist march that took place in Charlottesville, Virginia

--Voicemail caller claims that people who watch Alex Jones are "insane"

--On the Bonus Show: Pope says death penalty always wrong, mobile phone voting experiment, Snapchat dysmorphia, much more...

--Become a Supporter: http://www.davidpakman.com/membership

--Follow us on Twitter: http://twitter.com/davidpakmanshow

--Subscribe on YouTube: http://www.youtube.com/thedavidpakmanshow

--Like us on Facebook: http://www.facebook.com/davidpakmanshow

--Leave us a message at The David Pakman Show Voicemail Line (219)-2DAVIDP


          CCNT “Soul in Silico & Filter Dysmorphia” - 08.08.2018      Cache   Translate Page   Web Page Cache   

This week on Canary Cry NewsTalk, Forbes publishes pro-transhumanist and anti-god propaganda; plastic surgeons are noticing Snapchat dysmorphia; an update on Flippy’s growing family, and Bezos could do so much better. If you want MORE, Become a Patron, join the exclusive community, and receive Extended Reports of CCNT every week!

AGG for the WEEK OF July 31-Aug 7

YOU HEARD IT HERE FIRST FOLKS! (Updates on stories)

Ancestry and 23andMe Agree to New Rules to Make You Feel Safer Handing Over Your DNA

Tesla suspends shares after Elon Musk tweets he wants to take the carmaker private

 

TECHNOLOGY/AI

AI Vs. God: Who Stays And Who Leaves?

The future of artificial intelligence is the toaster

New Artificial Intelligence Device Identifies Objects at the Speed of Light

Particle physicists team up with AI to solve toughest science problems

World class AI experts share what their favorite algorithm is

Video Friday: Professor Ishiguro’s New Robot Child, and More - IEEE Spectrum

Lip-reading artificial intelligence could help the deaf—or spies | Science | AAAS

ai: The beginning of a wave: AI tiptoes into the workplace - The Economic Times

Ethics and the pursuit of artificial intelligence | South China Morning Post

Artificial intelligence: Scary predictions for AI

20 terrifying uses of artificial intelligence - TechRepublic

BBC - Future - 12 new tech terms you need to understand the future

 

BIOMEDICAL/GENETICS/TRANSHUMANISM

Shivom is creating a genomic data hub to elongate human life with AI | VentureBeat

Captain America on Mars - Scientific American Blog Network

Genetics technology could lead to more crops, fresher food

 

CRYPTOCURRENCY/B-B-B-BLOCKCHAIN

Weed's Biggest Wedding Announcement Just Happened And Cryptocurrency Is The Bride

 

CONSPIRACY THEORIES AND SOMETIMES FACTS!

Freemasons Reportedly Ready to Welcome Transgender Women - Sputnik International

Are you being recorded while placed on hold? - abcactionnews.com WFTS-TV

Alex Jones' Infowars Still Not Banned On App Stores, Instagram And Twitter

#QAnon, the pro-Trump conspiracy theory, explained - Vox

Why the GOP is so easily infiltrated by bonkers conspiracy theorists - The Washington Post

 

SPACE/ALIEN/ETs/UFOs

A Mysterious, Powerful Force is Flinging Radio Waves at Us From Deep Space

NASA space telescope TESS starts search for Earth-like planets

Top Scientists Explain to Senators Why We Must Look for Aliens

Is Humanity About To Accidentally Declare Interstellar War On Alien Civilizations?

Should the Moon Be Quarantined? - Scientific American

 

STORIES THAT DOVETAIL OTHER RESEARCHER’S WORK

Stonehenge mystery solved, says breakthrough scientific study | Fox News

Ancient Roman Library Discovered Beneath German City

 

SOCIAL MEDIA/GOOGLE/AMAZON

Plastic surgeons say more patients coming in with 'Snapchat dysmorphia' | TheHill

Social media is making children regress to mentality of three-year-olds, says top brain scientist

Facebook: Hey Can We Pretty Please Maybe Have Lots of Your Banking Information Too?

Facebook Dating offerings can be seen in leaked pre-launch screenshots | Fox News

Without Sergey Brin, Google has lost its fear of authoritarian China — Quartz

Senators Demand Answers About Google’s Censored Chinese Search Engine | Fortune

Employees at Google, Amazon and Microsoft Have Threatened to Walk Off the Job Over the Use of AI



“THE FOUR HORSEMEN of the TECHNOCALYPSE!”

Amazon’s Jeff Bezos would need to spend $28 million a day to avoid getting richer - MarketWatch

Elon Musk says Tesla is making a mini-car that can fit an adult - Business Insider

Elon Musk: I know more about nuking Mars than scientists

Is Mark Zuckerberg Wet or Dry?

 

BASIL’S CAREER ADVICE

Upwork: Blockchain the Fastest Growing Skill in US Freelance Job Market

7 Job Skills Of The Future (That AIs And Robots Can't Do Better Than Humans)

How to Get Started in Machine Learning and Robotics

DeepMind Cofounder Gives Teenage AI Fan 5 Pieces Of Advice

 

THE DOORS OF PERCEPTION AND OTHER NEAT THINGS ABOUT THE BRAIN

10-Year-Old Boy Recovers Impressively After One-Sixth of His Brain Is Removed

Past experiences shape what we see more than what we are looking at now

The DolphinView headset lets you ‘see’ like your favorite sea creature - The Verge

Telepathic communication just 'a matter of time' as twins reveal blueprint for brain interface

Can you hear these silent GIFs? You may have a new form of synesthesia. - Vox

 

OTHER INTERESTING STORIES THAT POINT TOWARDS THE END TIMES

USPS: Carriers to wear flea repellent for deliveries in Sacramento County neighborhood

Donald Trump's star voted off Hollywood Walk of Fame

 

ICKY NEWS UPDATE

Catherine Oxenberg feels 'horrendous guilt' after bringing daughter into alleged sex cult | Fox News

Nikki Goldstein visits sex robots with artificial intelligence | Daily Mail Online

German Couple Convicted Of Selling Child On The Darknet : NPR

 


          Transformers      Cache   Translate Page   Web Page Cache   

In the scene in the interrogation room with the two programmers there is a big plate of doughnuts which the hacker eats very quickly. But take a look at the plate between shots when he's talking and you'll see that the amount of doughnut left on the plate varies greatly: Sometimes there's one whole doughnut left, other times, in the same conversation, there's only crumbs.

See more mistakes from Transformers


          4 trucos para que aprendas a escribir más rápido en tu celular      Cache   Translate Page   Web Page Cache   

En el mundo de las tecnologías digitales y la comunicación instantánea escribir rápido se ha convertido en una necesidad social.
Si no lo haces te arriesgas a colmar la paciencia de tu receptor, que probablemente suspire con ansia mientras observa los puntos suspensivos que le indican que (apenas) 5 minutos después de haber recibido su mensaje, (¿todavía?) sigues escribiendo la respuesta.
Es lo que se conoce como "tecnoestrés", el estrés tecnológico que nos obliga a estar conectados en todo momento... y a ser capaces de teclear a toda velocidad.
Pero escribir a mil por hora no es una tarea fácil para todos, especialmente para quienes no crecieron con celulares inteligentes o smartphones. Es decir, gran parte de los millennials y el resto de generaciones anteriores.
Pero no te abrumes. La solución está en tus manos. Literalmente.

1. Dos pulgares o un dedo índice

¿Cómo colocas tus manos cuando escribes en el celular? Puede que parezca algo secundario, pero si quieres ganar velocidad, es importante que lo tengas en cuenta.
Sostener tu teléfono con ambas manos y usar los dos pulgares para escribir suele ser lo más rápido.
Sin embargo, muchos prefieren agarrar el smartphone con una sola mano y usar el índice de la otra para teclear cada una de las letras. Y cuanto más grande sea el teléfono, mayor será la tendencia a hacerlo.
¿Qué opción es mejor?
"No hay una respuesta correcta, depende de cada persona", explica el editor del sitio tecnológico How To GeekChris Hoffman.
"Escribir con los dos pulgares te permite tener dos dedos para alcanzar más deprisa las letras del teclado, pero mucha gente se siente más cómoda con el método del dedo índice y encuentra que comete menos errores. Prueba las dos y observa cuál es mejor para ti".
Hoffman también recomienda tener en cuenta la orientación del teléfono. Si es horizontal, usar los dos pulgares puede funcionar mejor, pero no tanto en vertical.

2. Dile "sí" al autocorrector

El autocorrector puede llegar a ser muy odiado, por eso Google está repleto de búsquedas sobre cómo desactivarlo.
Sin embargo, el software de tu celular puede ayudarte a ser mucho más veloz.
Es capaz de detectar tus errores y corregirlos automáticamente mientras sigues tecleando, o de completar las letras que faltan en una palabra.
Por lo tanto, si quieres escribir rápido no lo dudes: "¡Abraza el uso del autocorrector!", dice Hoffman.
Esta herramienta ha ayudado a corregir miles de fallos ortográficos y a evitar los errores tipográficos que a menudo se comenten cuando uno trata de escribir deprisa.
Pero no abuses de él.
Tal y como dijo el escritor de tecnología Clive Thompson -autor de un estudio publicado por Journal of Applied Communication Research en el que analizó cientos de errores en mensajes "enviados desde el iPhone"- el autocorrector se presta mucho a errores.
"(El autocorrector) ha hecho que las palabras mal colocadas y la mala puntuación sean más aceptables en la escritura", asegura Thompson.

3. Escribe con tu voz

Puedes ser muy veloz en los teclados... pero hablar siempre costará menos tiempo que escribir.
¿Has probado alguna vez la función de "dictado" en tu celular?
Esta opción está disponible tanto en teclados iOS (iPhone) como en Android. Para activarla, debes hacer clic en el icono del micrófono que hay en el teclado y comenzar a hablar.
Es un poco diferente a las cada vez más populares notas de voz porque el receptor no te escuchará, sino que recibirá un mensaje como si tú mismo lo hubieras escrito.
Gracias a este sistema, el teléfono va convirtiendo en texto las palabras que dices a medida que hablas.
Puede ayudarte a "escribir" un texto más rápidamente, pero ten en cuenta que el reconocimiento de voz no es perfecto y deberás ser cuidadoso de pronunciar y vocalizar las palabras lo más claramente posible, advierte Hoffman.
También debes tener en cuenta que deberás explicar los signos de puntuaciónque quieras incluir a medida que hablas: "Signo de exclamación inicial hola coma Juan coma..."
Parece complicado pero, en realidad, no es nada más que hacerle un dictado a tu teléfono.

4. Usa otro teclado

Otra opción es instalar un teclado adicional de un tercero.
Hay varias opciones diseñadas especialmente para dispositivos con pantalla táctil: Gboard (te da sugerencias sobre palabras), SwiftKey (usa trucos de inteligencia artificial), Fleksy (lo personaliza)... elige la opción que te guste más. Todas ellas están disponibles para Android y Apple.
BBC

          Report: Hackers Attack PGA, Demand Bitcoin Ransom      Cache   Translate Page   Web Page Cache   

The PGA of America has been locked out of important computer files this week after an attack by unidentified hackers, according to a report from Golfweek. The golf organization was taken down on Tuesday morning, when an attempt to open certain files led to a message saying, “Your network has been penetrated. All files…

Read more...


          This cryptocurrency-mining router got hot enough to fry an egg, so we did - CNET      Cache   Translate Page   Web Page Cache   
It's the breakfast of champion hackers.
          Gizmodo Oh Great, Americans Have a New Tick to Worry About | Jalopnik American Pickers Found Aerosmi      Cache   Translate Page   Web Page Cache   

Gizmodo Oh Great, Americans Have a New Tick to Worry About | Jalopnik American Pickers Found Aerosmith’s Original International Metro Tour Van and It’s Extremely Cool | Kotaku RIP Luigi (1983-2018) | Lifehacker How to Prevent Robocalls and Minimize Phone Spam | The Takeout Florida restaurant publicly cancels NFL cable…

Read more...


          REMOVE bgtools2.exe PROCESS      Cache   Translate Page   Web Page Cache   

bgtools2.exe – What is it? bgtools2.exe Trojan Miner or BitCoin Miner refers to the computer threats which aim to hide any signs of the penetration. This malicious application serves hackers to mine digital currency like Bitcoin, Monero, DarkNetCoin and others. It is able to use computer resources without user’s permission … Continue reading

The post REMOVE bgtools2.exe PROCESS appeared first on Malware Removal Solution.


          How to Block winboxtest.exe?      Cache   Translate Page   Web Page Cache   

winboxtest.exe – What is it? winboxtest.exe Trojan Miner or BitCoin Miner refers to the computer threats which aim to hide any signs of the penetration. This malicious application serves hackers to mine digital currency like Bitcoin, Monero, DarkNetCoin and others. It is able to use computer resources without user’s permission … Continue reading

The post How to Block winboxtest.exe? appeared first on Malware Removal Solution.


          How to Block MSTTSEngine.exe?      Cache   Translate Page   Web Page Cache   

MSTTSEngine.exe – What is it? MSTTSEngine.exe Trojan Miner or BitCoin Miner refers to the computer threats which aim to hide any signs of the penetration. This malicious application serves hackers to mine digital currency like Bitcoin, Monero, DarkNetCoin and others. It is able to use computer resources without user’s permission … Continue reading

The post How to Block MSTTSEngine.exe? appeared first on Malware Removal Solution.


          8月8日(水)のつぶやき その1      Cache   Translate Page   Web Page Cache   

The latest 日刊レインボーリング! paper.li/InfoRring/1316… Thanks to @zenquestnews

— レインボーリング運営委員 (@InfoRring) 2018年8月8日 - 06:09

坂本龍馬や岩崎弥太郎が率いた亀山社中や海援隊が、英国の支援を受ける武器商人だったのは明らか。しかも倒幕を目指す薩長の武器調達を担い第二次長州征伐では直接戦闘にも参加し幕府側を撃破している。今でいうワッハビ派テロ集団と何ら違いはしな… twitter.com/i/web/status/1…

— よーすけ (@yoshimichi0409) 2018年8月8日 - 01:56

五輪のために2年だけ導入するサマータイムが、どう地球環境の持続に役立つのか。意味不明もほどほどにせよ。 pic.twitter.com/tInAQGAoUi

— 毛ば部とる子 (@kaori_sakai) 2018年8月8日 - 00:03

そんなに女性が入学しちゃ困るなら、最初から男女で定員分ければいいじゃないか。浪人も定員分ければいいじゃないか。

「1点のため死ぬ気で」女子減点、憤る医学生と女性医師

asahi.com/articles/ASL86…

— 藤原直哉 (@naoyafujiwara) 2018年8月7日 - 21:35

オバマ大統領、ロバート・F・ケネディ人権賞を受賞

ケネディ兄弟はオバマと違い軍産やネオコンに立ち向かいベトナム戦争と冷戦を止めさせようとして暗殺された。リビアやシリアを侵略したオバマがこの賞を授与するのはナンセンスであろう。
jp.sputniknews.com/world/20180808…

— よーすけ (@yoshimichi0409) 2018年8月8日 - 05:59

houdoukyoku.jp/clips/CONN0039…
日本ボクシング連盟の山根会長が暴力団と黒い交際があったことに、スポーツ庁・鈴木長官は「辞任に値する」と言ってるんだけど、選挙戦で安倍事務所が暴力団に選挙妨害を依頼した話はどうなるの?… twitter.com/i/web/status/1…

— Dr.サキ (@XKyuji) 2018年8月8日 - 00:28

そんなヤクザみたいなことがあるのか?と思ったけど、アレは“暴力団関係者”だから、あるのかな 笑

冷や飯食わせる、干してやる… 石破氏「そんなバカな」:朝日新聞デジタル asahi.com/articles/ASL87…

— Hiromi1961 (@Hiromi19611) 2018年8月7日 - 19:46

【千葉女児殺害】渋谷恭正のFacebook・嫁と子供など家族情報!!ベトナム女児リンちゃん遺棄事件犯人の正体がヤバイ【画像あり】 : NEWSまとめもりー|2chまとめブログ akb48matomemory.com/archives/10654… こんな外道は極刑に!見守り隊? 物色してたんじゃねーか!

— 夕月夜 (@k81mission) 2017年4月15日 - 00:27

千葉のベトナム人の子殺したの見守り隊的ポジの人なの、、、、なんかもう何を信じたらいいのか、、、

— グラブル貼るだけくん (@_kiminonawa) 2017年4月14日 - 21:47

【ベトナム女児殺害】TBS

澁谷容疑者は、①保護者会会長。②見守り隊として事件後に先頭に立っていた。③ベトナムへの帰国の寄付金集めにも奔走。 pic.twitter.com/grXhibsIbe

— 林 志行 (@linsbar) 2017年4月14日 - 11:08

ベトナム女児 殺害事件 父親が綴った「悲憤の手紙」全文掲載・・・事件後にTVインタビューに平然と写り、「無罪」を主張する厚顔。「子供見守り隊」を利用して無抵抗な子供に性暴行殺害。鬼畜には地獄を・・・news.nifty.com/article/domest…

— Tomson iv (@Tomson_iv) 2018年6月25日 - 13:18

冤罪が疑わしい事件に限って、判決が早いんだよね。

当然、上告すると思いますが。

【本編】澁谷恭正容疑者に会ってきた。我孫子女児遺棄 youtu.be/qS_jmH6ymDI @YouTubeさんから

— 俺のFX ◢ ◤ドル円 BTCFX (@tam420fx) 2018年7月6日 - 15:24

澁谷容疑者が冤罪である可能性はまだ残っていると個人的に考える。精神科の通院歴や薬物常習の情報は出ていない。地域社会と交流して普通に家庭を持つ人間が突然狂ったよう無茶な犯罪を犯すと普通は考えにくい。真犯人が現れた時、マスコミはそれまでの人権無視の報道に対してどう責任をとるのだろう。

— もえタクシー (@moetaxi) 2017年4月21日 - 00:18

【澁谷恭正被告(47)】裁判中に渋谷容疑者が家族に向かって叫んだ言葉がヤバイ・・・/千葉
is.gd/E0C4Ak
#まとめ #タイ #殺人 #裁判 pic.twitter.com/L2npC0pUVH

— LH MAGAZINE (@Life_hacker_net) 2018年6月21日 - 18:35

被害者1名での死刑判決はいくつもある。
裁判員は、澁谷被告に更正の可能性を感じたのだろうか?

【千葉・9歳女児殺害】渋谷恭正被告に無期懲役判決 殺害の計画性「むしろ場当たり的」 sankei.com/affairs/news/1… @Sankei_newsから

— Tomiko_Mitsuhashi (@ma_amyachan110) 2018年7月16日 - 09:26

【ニュース】去年松戸市の小学生の女の子を登校途中に連れ去って殺害した罪などに問われている保護者会の元会長澁谷恭正被告の裁判員裁判が千葉地裁で始まり、起訴された内容について「検察が架空ねつ造したことであり私は事件に関わっていない」と… twitter.com/i/web/status/1…

— NHK千葉&ラッカ星人 (@nhk_chiba) 2018年6月4日 - 10:28

<識者が選ぶ、これが平成の100人だ!⑤>
【社会・事件】AKB48、東浩紀、麻原彰晃、宮台真司、宮崎勤、大塚英志、酒鬼薔薇聖斗、ホリエモン、勝間和代、加藤智大、宅間守、山田昌弘、古市憲寿、津田大介、吉田昌郎、乙武洋匡、奥田愛基、… twitter.com/i/web/status/9…

— 中央公論編集部 (@chukoedi) 2017年12月22日 - 08:05

@AbeShinzo 地下鉄サリン散布テロは「徳仁皇太子開祖の祝いとして起こされたクーデター」である。これは断固事実である。麻原彰晃(松本智津夫)は犯行の全てを背負わされたのである。徳仁皇太子が地下鉄サリン散布テロの指示をだし、配… twitter.com/i/web/status/1…

— 水政 文彦 (@DenkiNisyu) 2018年7月9日 - 06:26

@AbeShinzo 徳仁皇太子が オウム真理教の最高幹部であり、オウム真理教の開祖である。麻原彰晃(松本智津夫)は徳仁皇太子(なるちゃん)には逆らえないのである。

— 水政 文彦 (@DenkiNisyu) 2018年7月9日 - 06:29

@AbeShinzo 徳仁皇太子は酒鬼薔薇聖斗の実行犯でもあり主犯であることも把握している。

— 水政 文彦 (@DenkiNisyu) 2018年7月9日 - 06:32

元少年Aこと酒鬼薔薇聖斗の現在は結婚して子供も?今の名前・本名や画像は?東真一郎から改名し整形も…神戸連続児童殺傷事件の犯人の情報まとめ endia.net/sakakibara-sei…

— ある@Courage (@AruCourage) 2018年7月30日 - 10:45

@JunjiHattori 信じたくないけど 今後いっさいニュースでは出ない。

— 地球人 (@tanq103) 2018年8月7日 - 07:52

どひゃー、酒鬼薔薇聖斗も皇太子だった!冤罪被害者の元少年A~小児性愛(ペドフィリア)殺人など無差別大量殺人鬼と猟奇殺人犯は天皇家・皇族・旧華族というのが日本の定番~
nipponseigenbaku.com/?p=449
元少年A酒鬼薔薇… twitter.com/i/web/status/1…

— 服部順治(脱戦争/脱原発) (@JunjiHattori) 2018年8月8日 - 11:40

どひゃー、酒鬼薔薇聖斗も皇太子だった!冤罪被害者の元少年A~小児性愛(ペドフィリア)殺人など無差別大量殺人鬼と猟奇殺人犯は天皇家・皇族・旧華族というのが日本の定番~
nipponseigenbaku.com/?p=449
元少年A酒鬼薔薇… twitter.com/i/web/status/1…

— 服部順治(脱戦争/脱原発) (@JunjiHattori) 2018年8月8日 - 11:40

アホぼん三世、絶対に朝鮮半島に関わってくれるな。きみの日本国民への貢献は、1日も早く辞めることだ。アホぼん三世が朝鮮半島に関わると、国富をドブに捨てることになる。金正恩に手玉に取られ、究極の日本破壊がはじまる。5.tvasahi.jp/000133415?a=ne…

— 兵頭正俊 (@hyodo_masatoshi) 2018年8月8日 - 16:12

最後の力を振り絞っての撤回表明だったのだろうな。公約をやり抜くことが叶わず無念でしょうが、今は治療に専念してほしい。ご回復を心から祈ります。

翁長知事、辞職へ 職務代理者に謝花副知事 知事選前倒しも(琉球新報) - headlines.yahoo.co.jp/hl?a=20180808-…

— 布施祐仁 (@yujinfuse) 2018年8月8日 - 16:23

政権批判の消えた『報ステ』から小川彩佳アナも降板との情報が。古舘時代からのリベラルなスタッフは全員切られるということか…→『報道ステーション』から安倍政権批判が消えた理由! 杉田水脈問題も赤坂自民亭もスルーする異常事態 lite-ra.com/2018/07/post-4…

— litera (@litera_web) 2018年8月8日 - 16:15

「人事で干す」恫喝が裏目に…参院竹下派“石破支持”の矜持
nikkan-gendai.com/articles/view/…

— 藤原直哉 (@naoyafujiwara) 2018年8月8日 - 17:07

ドイツの議員がダマスカスを訪問。アサド大統領と会談し「戦争は終わりそうですね」と語った。この事実をドイツ紙が報じる。 twitter.com/Syrian_Uruk/st…

— mko (@trappedsoldier) 2018年8月8日 - 15:35

北朝鮮、対立を再開しようとしているとして韓国を非難

韓国軍部や保守勢力は米国ネオコンと組み南北融和の動きをブチ壊そうと水面下で動いている。彼らは戦争が起きれば真っ先に逃亡し同胞の殺戮をほしいままにする売国奴である!
jp.sputniknews.com/asia/201808085…

— よーすけ (@yoshimichi0409) 2018年8月8日 - 16:37
          Advice appreciated - internet banking hack      Cache   Translate Page   Web Page Cache   
Hello Ive had some great advice from MSE’ers in the past and looking for some more. If ;m posting in the wrong place please let me know, there doesnt seem to be a fraud thread. Around a month ago, we were returning from holiday in car/Caravan when I received a text from my bank, with a one off passcode to use regarding my recent call to phone bank. I hadn;t called phonebank, so I rang the bank back to discuss. Long story short, it would appear someone had tried to access my phonebank but had failed the security questions, this had generated the text. My accounts were frozen until I could get into my branch with ID, which I duly did. Over the next few days we began to get a number of withheld silent phone calls to our landline house phone. I did not think too much about it. Then a BT engineer turned up at our house saying we had requested a visit as we were experiencing problems with our line. We had not requested this. When I rang BT, apparently someone had called them asking for calls to be diverted from our home phone number to a mobile, but when they couldnt answer basic security they hung up. BT, (ironically)could not give me any idea of the number used to make the call etc...and just told me they had added a note to my account saying we were the victims of malicious or nuisance behaviour, and any further requests for engineer visits, call diverts were to be ignored but logged. At this stage I thought it might be some weird prankster who knew us....didnt connect it with the forthcoming attempted banking fraud. This morning when I tried to access internet banking I was unable to, and advised to call my branch. I was asked to go in yet again with ID as there appeared to be suspicious activity on my account. It would appear someone had phoned again but their voice did not match my profile. They then somehow managed to get INTO my online banking account and transfer a large amount of money from my esavings to my main current account. They then tried to transfer part of this money out of the account - at which point the bank apparently realised fraudulent activity and again froze the accounts. I have spent four hours today with my bank checking recent activity, direct debits and standing orders. I spoke at length with the fraud team who did not give me any reassurance, or explanation as to how this could have happened. . Thankfully no money was removed from my account but someone has hacked into it. I am getting on a bit, but I am very security conscious.... I even have a sticking plaster over my webcam after watching some tv prog on the dark web, clever scammers and their technology. I never EVER compromise security when it comes to internet banking. I have a complicated password and memorable information, and I have absolutely no idea how someone has got my details. In fact, I had to change all my details first time my account was frozen last month, so the hacker has somehow even got my new, changed details. We are fairly computer savvy and never click on email links. I have Malwarebytes and other firewall and virus checkers, none of which have alerted me that someone may have remotely accessed my computer or installed a Keylogger.
          A company that Google acquired in 2008 could be the key to its plans to re-enter China (GOOGL, GOOG)      Cache   Translate Page   Web Page Cache   

Google China

  • Google used one of the sites it owns in China to test a censored search engine.
  • The site is 265.com, which Google acquired in 2008.
  • China's government has indicated Google is welcome back as long as it follows the law.

Details continue to trickle out about Google's work on a search engine built specifically to appease the Chinese government, which keeps a tight grip on the flow of information in that country.

To refine the search engine, Google engineers relied on samples of search queries obtained from 265.com, a Chinese-based web directory that Google acquired in 2008, the Intercept reported Wednesday.  

It was the Intercept that broke the news last week, that Google was building a search engine that complied with China's strict ban on certain web sites and search terms. The move would be a reversal of a 2010 decision by the company to pull search operations out of China rather than censor information.

The apparent flip-flop brought heaps of criticism on Google's leadership, from politicians, media pundits, and even some employees. Earlier this year, Google appeared to put some distance between itself and the military when it promised never to use artificial intelligence to build weapons or cause harm.

Many people asked why Google refused to work with the US military but was seeking to help a communist government supress free speech.  One group that wasn't critical of Google's decision was the Chinese government. Chinese state media welcomed Google back to the country, saying things will be fine as long as the company follows the law, according to a story in The Washington Post

Right now, Google.com and some of the companies other services, such as YouTube are not accessible in China, but 265.com is not blocked, the Intercept reported. 

"It appears that Google," the Intercept wrote, "has used 265.com as a de facto honeypot for market research, storing information about Chinese users’ searches before sending them along to Baidu (Google's largest competitor in China)."

Google did not respond to a request for comment at the time of publication.

SEE ALSO: Some Google employees are confused and angry about a recent report that Google is creating a censored search engine for China

Join the conversation about this story »

NOW WATCH: 5 easy ways to protect yourself from hackers


          There's a $37 million waterfront property up for sale, situated in the tech capital of the world, that offers the ultimate private beach oasis      Cache   Translate Page   Web Page Cache   

2800 paradise dr san francisco

  • There's a 14-acre chunk of a peninsula north of San Francisco currently for sale for a whopping $37 million — and that's excluding home construction costs.
  • The property features 2,000 square feet of bay shoreline, private sandy beaches and approved plans for a 15,000-square-foot residence.
  • Though the infamously competitive Bay Area real estate market has seen plenty of unique listings, this one is a rarity in that it's an expansive undeveloped waterfront parcel situated in the tech capital of the world.

In the San Francisco Bay Area housing market, it's not uncommon to find fire-gutted properties listed for a cool $2 million or a 1-acre dirt lot selling for $15 million.

But it seems the most overheated and competitive real estate market in the nation has finally seen something it's not used to: a rare 14.73-acre undeveloped waterfront chunk of a peninsula listed for $37 million. And that's excluding home construction costs.

The forested bay front property, known as Bluff Point, at 2800 Paradise Drive in Tiburon, California, sits on the end of the Tiburon Peninsula and spans a whopping 2,000 square feet of shoreline. It offers its future owners an unrivaled bayside oasis, complete with private sandy beaches and views of the Golden Gate Bridge, just an hour from downtown San Francisco.

2800 paradise Dr. san francisco listing

The acreage is about 45 minutes by car from downtown San Francisco, though sadly it looks like views of the glistening city lights won't be seen from the property. Angel Island State Park sits squarely between Bluff's Point and downtown.

You can also reach it via a 45-minute ferry ride to Tiburon. From the ferry's drop off point to Bluff Point is a seven-minute drive.

That commute would be even further if you're coming from south of the city, from Silicon Valley, which is a strong possibility considering the island's price tag and opulence would attract the region's wealthy tech clientele.

According to the listing, property plans are approved for a 15,000-square-foot main residence, an estimated 2,200-square-foot guest house and a 700-square-foot "caretaker's cottage." And if the listing in and of itself wasn't rare enough, the property's ownership has only changed once in the last 100 years.

It'll change once more when the land finally sells, though its 532 days spent listed on Zillow doesn't exactly spell a promising forecast. Still, it's the ultimate private beach paradise nestled in the tech capital of the world. What tech bigwig wouldn't jump at that?

SEE ALSO: Silicon Valley's housing crisis is so dire that this 897-square-foot Palo Alto home is selling for $2.59 million — take a look inside

Join the conversation about this story »

NOW WATCH: 5 easy ways to protect yourself from hackers


          Russian Hackers Have Broken Into Some of Florida’s Voter-Registration Systems, Senator Says      Cache   Translate Page   Web Page Cache   
"They now have free rein to move about," Sen. Bill Nelson warned.
          Comentario en AFICHE-farcavi-LOBOS-2015-01.jpg por internet      Cache   Translate Page   Web Page Cache   
Hello! Do you know if they make any plugins to protect against hackers? I'm kinda paranoid about losing everything I've worked hard on. Any tips?
          Amerikaanse senator: 'Russen zijn verkiezingssystemen Florida binnengedrongen'      Cache   Translate Page   Web Page Cache   
De Amerikaanse Democratische senator Bill Nelson van Florida zegt dat Russische hackers enkele verkiezingssystemen in Florida zijn binnengedrongen. Zij zouden kiezers voorafgaand aan de verkiezingen in november kunnen verwijderen als de systemen niet voldoende worden beschermd.
          ESET Endpoint Security 6.6.2086.1 (x86/x64) + Crack CracksNow-3DMSOFT Torrent Free Download      Cache   Translate Page   Web Page Cache   
ESET Endpoint Security 6.6.2086.1 (x86/x64) + Crack [CracksNow]

Protect company data with multi-layered protection built on 25 years of AV industry innovation. Complete protection for company endpoints combining proven antivirus technology with a built-in firewall, web control, device control and remote administration. 

FEATURES - 

ESET Endpoint Security: your best choice 
- Comprehensive Endpoint Protection for Windows 
- Virtualization Support + New Technology. Supports VMs and provides protection from hackers and botnets. 
- Built-In Data Access Control. With Web Control to limit website access, and Two-Way Firewall. 
- Low System Demands. Leaves more system resources free while still delivering complete protection. 
- Remote Management. Fully manageable via the new ESET Remote Administrator web-console. 

Antivirus and Antispyware Protection 
Eliminates all types of threats, including viruses, rootkits, worms and spyware with optional cloud-powered scanning for even better performance and detection. 

Advanced Memory Scanner 
Monitors the behavior of malicious processes and scans them once they decloak, allowing for effective infection prevention, even from heavily obfuscated malware. 

Exploit Blocker - Fighting Targeted Attacks 
New detection technology that strengthens protection against targeted attacks and previously unknown exploits – i.e. zero-day attacks. 

Optimized for the Virtual Environment 
ESET Shared Local Cache stores the metadata of scanned files so replica files on one machine are not scanned again on other virtual machines. 

Anti-Phishing - Avoid Being Hooked 
Protects end users from attempts by fake websites to acquire sensitive information such as usernames, passwords or banking and credit card details. 

Vulnerability Shield 
Protects against vulnerabilities for which a patch has not yet been released or deployed. Improves detection of Common Vulnerabilities and Exposures (CVEs). 

Web Control 
Secures company traffic and increases users' productivity. Limits users' website access by category, e.g. gaming, social networking, and others. 

Two-Way Firewall 
Prevents unauthorized access to your company network. Provides anti-hacker protection and data exposure prevention. 

Device Control 
Ensure no unauthorized offline media are used within your network. Blocks unauthorized devices, or allows different access levels. 

Botnet Protection 
Protects against infiltration by botnet malware – preventing spam and network attacks launched from the endpoint. 

Low System Demands – Keep Business Moving Along 
ESET Endpoint Security delivers proven protection while leaving more system resources for essential programs that end users depend on daily. 

RIP & Replace - Seamless Deployment 
Enjoy seamless deployment: superfluous security software is detected and uninstalled during installation, so minimal time and IT resources are spent on roll-out. 

Extremely User-Friendly Remote Administration 
ESET Endpoint Security comes fully manageable via ESET Remote Administrator. delivering a perfect “look & see” overview of the network security status. 

Customizable User Interface Visibility 
ESET solutions can be made completely invisible to end users, with even the option of no tray icon. Users won’t be distracted by any pop-ups or warnings. 

System Requirements: 
- Operating systems: Microsoft Windows® 10, 8, 7, Vista, XP, 2000 
- Compatible with the new ESET Remote Administrator 6 
- Note: Not compatible with previous versions of ESET Remote Administrator 

Torrent Free Download Here

          Hackers Already Attacking Midterm Elections, Raising US Alarms      Cache   Translate Page   Web Page Cache   
The U.S. midterm elections are at increasing risk of interference by foreign adversaries led by Russia, and cybersecurity experts warn the Trump administration isn’t adequately defending against the meddling. At stake is control of Congress. The risks range from social media campaigns intended to fool American voters to sophisticated computer hacking that could change the […]
           Samsung Galaxy S7 smartphones vulnerable to hacking       Cache   Translate Page   Web Page Cache   

Samsung’s Galaxy S7 smartphones contain a microchip security flaw, uncovered earlier this year, that has put tens of millions of devices at risk to hackers looking to spy on their users, researchers told Reuters.


          Samsung Galaxy S7 smartphones vulnerable to hacking      Cache   Translate Page   Web Page Cache   
Samsung 's Galaxy S7 smartphones turned out to be vulnerable to the popular Meltdown security flaw that could allow hackers to spy on tens of millions of users.Samsung phones were previously thought to be immune to Meltdown, which is said to endanger most computing devices. The team will release its findings at the Black Hat security conference in Las Vegas on Thursday. "Samsung takes security very seriously and our products and services are designed with security as a priority. Since being ...
          Microchip Security Flaw inside Samsung Galaxy S7 smartphones      Cache   Translate Page   Web Page Cache   



A security flaw inside a microchip of  the Samsung’s Galaxy S7 smartphones has put millions of devices at risk of being spied by the hackers, say security researchers.

Initially, Samsung phones were thought to be safe from a security vulnerability known as Meltdown, which was found to be present in most of the PCs, smartphones, and other devices. The security team from Austria’s Graz Technical University will present their findings at the Black Hat security conference in Las Vegas on Thursday.

The researchers told Reuters that they have found a way out to exploit the Meltdown vulnerability to attack the so-called immune Galaxy S7 smartphones.

However, Samsung spokesperson released a statement: "Samsung takes security very seriously and our products and services are designed with security as a priority. Since being notified by Google, we've promptly rolled out security updates to address the issues in January 2018 and released software updates including additional patches in May 2018 to further protect devices at the chipset level."

"We recommend that all customers keep their devices updated with the latest software to ensure their device is protected at an optimal level," the statement read.

One of the security researchers, Michael Schwarz believe that there could be many more other devices that are vulnerable to the Meltdown vulnerability.

“There are potentially even more phones affected that we don’t know about yet. There are potentially hundreds of millions of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know,” said one of the researchers, Michael Schwarz.

          Uddhav Thackeray to govt: Must resolve issues of employees      Cache   Translate Page   Web Page Cache   
none
          Sen. Nelson: Russian hackers already have 'free rein' over some US voting machines      Cache   Translate Page   Web Page Cache   
Voting machines in at least one U.S. state may have already been compromised by Russian operatives ahead of the midterm elections, according to one democrat senator.
          How I gained commit access to Homebrew in 30 minutes      Cache   Translate Page   Web Page Cache   

This issue was publicly disclosed on the Homebrew blog at https://brew.sh/2018/08/05/security-incident-disclosure/

Since the recent NPM, RubyGems, and Gentoo incidents, I’ve become increasingly interested, and concerned, with the potential for package managers to be used in supply chain attacks to distribute malicious software. Specifically with how the maintainers and infrastructure of these projects can be targeted as an attack vector.

On Jun 31st, I went in with the intention of seeing if I could gain access to Homebrew’s GitHub repositories. About 30 minutes later, I made my first commit to Homebrew/homebrew-core.

Let’s get leaky

My initial strategy going in was based on credential theft; find if there were any credentials leaked by members of the Homebrew GitHub org.

An OSSINT tool from Michael Henriksen called gitrob makes automating this search really easy. I ran it across the Homebrew organization, but ultimately didn’t come up with anything interesting.

Next, I took a look at previously disclosed issues on https://hackerone.com/Homebrew. From there, I found that Homebrew runs a Jenkins instance that’s (intentionally) publicly exposed at https://jenkins.brew.sh.

After some digging, I noticed something interesting; builds in the “Homebrew Bottles” project were making authenticated pushes to the BrewTestBot/homebrew-core repo:

This got me thinking, “where are the credentials stored?”. I noticed the “Environment Variables” link on the left, which led to an exposed GitHub API token:

I tested it locally to see what scopes the token had:

$ curl https://api.github.com/user/repos -u $GITHUB_API_TOKEN:x-oauth-basic | jq '.[] | {repo: .full_name, permissions: .permissions}'
{
  "repo": "BrewTestBot/homebrew-core",
  "permissions": {
    "admin": true,
    "push": true,
    "pull": true
  }
}
{
  "repo": "Homebrew/brew",
  "permissions": {
    "admin": false,
    "push": true,
    "pull": true
  }
}
{
  "repo": "Homebrew/formulae.brew.sh",
  "permissions": {
    "admin": false,
    "push": true,
    "pull": true
  }
}
{
  "repo": "Homebrew/homebrew-core",
  "permissions": {
    "admin": false,
    "push": true,
    "pull": true
  }
}

Which suggested that I had commit access to these core Homebrew repos:

  • Homebrew/brew
  • Homebrew/homebrew-core
  • Homebrew/formulae.brew.sh

Just to make sure, I tested this by creating a blob in the Homebrew/homebrew-core repo:

$ curl https://api.github.com/repos/Homebrew/homebrew-core/git/blobs -u $GITHUB_API_TOKEN:x-oauth-basic -d '{"content":"test"}' -H "Content-Type: application/json"
{
  "sha": "30d74d258442c7c65512eafab474568dd706c430",
  "url": "https://api.github.com/repos/Homebrew/homebrew-core/git/blobs/30d74d258442c7c65512eafab474568dd706c430"
}

And then subsequently reported the issue to the Homebrew maintainers.

What this means

Let me put this in perspective:

  • Hundreds of thousands of people use Homebrew, including employees at some of the biggest companies in Silicon Valley.
  • The most frequently installed package in the last 30 days is openssl, which was installed over 500k times: https://formulae.brew.sh/analytics/install/30d/
  • I had direct commit access to the Homebrew/homebrew-core repo. At the time, this repo did not have a protected master branch, meaning I would have been able to make a fast-forward change to refs/heads/master. Anyone that freshly installed Homebrew, or ran brew update would have my malicious formulae.

If I were a malicious actor, I could have made a small, likely unnoticed change to the openssl formulae, placing a backdoor on any machine that installed it.

If I can gain access to commit in 30 minutes, what could a nation-state with dedicated resources achieve against a team of 17 volunteers? How many private company networks could be accessed? How many of these could be used to escalate to large-scale data breaches? What other package management systems have similar weaknesses?

This is my growing concern, and it’s been proven time and time again that package managers, and credential leaks, are a weak point in the security of the internet, and that supply chain attacks are a real and persistent threat. This is not a weakness in Homebrew, but rather a systemic problem in the industry, and one where we need more security research.

What’s being done

Homebrew has publicly disclosed the issue on the blog at https://brew.sh/2018/08/05/security-incident-disclosure/. The Homebrew team worked with GitHub to audit and ensured that the given access token wasn’t used maliciously, and didn’t make any unexpected commits to the core Homebrew repos. I want to give special thanks to Mike McQuaid for his quick and professional handling of my report while on his paternity leave.

It’s clear that there’s a lot of work that could be done to improve the security of the Homebrew project. If you use Homebrew at your place of work, consider asking them to donate to the project. As an industry, we need to invest in the well being of core OSS software that we all use and depend on.


          Trump won't testify      Cache   Translate Page   Web Page Cache   
Spare us the interviews with Rudy Giuliani and the endless debates among cable TV lawyers about the terms and conditions of Donald Trump's testimony to special counsel Robert Mueller.

Can't we please, please put one piece of Fake News to bed?

Spare us the interviews with Rudy Giuliani and the endless debates among cable TV lawyers about the terms and conditions of Donald Trump's testimony to special counsel Robert Mueller.

There's never going to be any testimony. It's all a charade. Come what may, Trump will never appear under oath in the Russia investigation. No defense attorney worth his law license would allow it.

Those tales The New York Times reporters pass along about how the president's confident he can talk his way out of anything? He's stalling, playing for time. If push comes to shove, Trump will plead the Fifth Amendment, political consequences be damned.

He'll just keep calling the Mueller probe a partisan witch-hunt, invoke the privilege against self-incrimination and brazen it out.

Short of provoking a constitutional crisis, it's his only real play.

How many votes would the president lose that he hasn't lost already? Courtesy of a recent Facebook exchange, here's what dedicated Trumpists already believe: "I call the NY Times conspiring with the FBI and DOJ, and the Hillary Clinton campaign to fix the 2016 election and to cripple the president with the Russia collusion nonsense the behavior of the 'enemies of the people.' "

That's not quite the QAnon conspiracy, but it's in the ballpark.

But I doubt it will come to that. Mueller can issue all the subpoenas he wants, if he wants. But what for? He'd actually be doing Trump a favor, helping him to stall with tedious Supreme Court theater. Already, The Washington Post's Greg Sargent is warning us to "Get ready for this nightmare scenario involving Trump, Mueller and [Supreme Court nominee Brett] Kavanaugh."

Far better for Mueller to let the question of the president's testimony simmer on the back burner while proceeding with widely anticipated indictments of Trump campaign officials for "conspiracy to defraud the United States" along with Russian military hackers. Maybe the president could be persuaded to testify in defense of his son Donald Jr., although I doubt it.

The president basically convicted himself as an accessory after the fact on Twitter last weekend anyway. He condemned as "Fake News" a report that he was "concerned about the meeting my wonderful son, Donald, had in Trump Tower. This was a meeting to get information on an opponent, totally legal and done all the time in politics — and it went nowhere. I did not know about it!"

In short, virtually everything Trump has previously stated about the ill-fated June 2016 meeting between Donald Jr., Jared Kushner, Paul Manafort and a passel of Kremlin-connected Russians was a lie. Supposedly, it was about Russian adoptions, remember? That was the gist of the scripted denial Trump dictated aboard Air Force One and falsely attributed to his son.

A few weeks later, The New York Times obtained a series of emails between Donald Jr. and Rob Goldstone, the British-born publicist who helped arrange the Trump Tower get together by promising "dirt" on Hillary Clinton as "part of Russia and its government's support for Mr. Trump."

"If it's what you say," Donald Jr. replied, "I love it."

No mention of Russian orphans.

Meanwhile, two days before the ill-fated meeting that Trump insists he knew nothing about, he'd promised a "major speech" on June 13 regarding "all of the things that have taken place with the Clintons." Evidently because the Russian "dirt" was of low quality, that speech was never delivered.

Nevertheless, it's clear that an offer had been made and a price agreed upon. The Russians wanted repeal of the Magnitsky Act, a law making it hard for Kremlin oligarchs to launder money.

U.S. election law makes it a crime to receive from foreigners "a contribution or donation of money or other thing of value ... in connection with a Federal, State, or local election." "Dirt," aka opposition research, can be an expensive commodity. (Also contrary to Trump, hiring an agent like Christopher Steele to do opposition research is perfectly legal. It's a question of who's paying: the candidate or a hostile foreign government.)

Former George W. Bush speechwriter David Frum puts it succinctly as possible:

"They knew they would be meeting with representatives of the Russian State.

"They knew they were being offered Russian state intelligence.

"They intended to use Russian intelligence offered by Russian agents against American opponents.

"They did not alert the FBI."

Even former Trump sidekick Steve Bannon, scourge of the "Deep State," thought meeting Russian agents inside Trump Tower was at best deeply stupid. "Even if you thought that this was not treasonous, or unpatriotic, or bad s***," he said, "and I happen to think it's all of that, you should have called the FBI immediately."

And if it weren't all those things, the White House wouldn't have had to lie about it for so long.

So, no, Trump will never testify.


          State of the Arts 2018: Jeannie Hacker-Cerulean      Cache   Translate Page   Web Page Cache   
Jeannie Hacker-Cerulean has always wanted to bring stories to life. When she was five years old, she put her dolls in long dresses as ugly stepsisters and directed her sister to play Cinderella. By the time she graduated from high school in ...
          Cyber Security: Profitieren von der digitalen Sicherheit      Cache   Translate Page   Web Page Cache   
Hackerangriffe und Datenpannen kosten der Weltwirtschaft jedes Jahr Milliarden. «Cyber Security» ist demzufolge in aller Munde und gilt auch an der Börse als chancenreiches Zukunftsthema.
          Comment on Hack Your Discussion Forum by Gonzalez logan      Cache   Translate Page   Web Page Cache   
Email(JEAJAMHACKER@GMAIL. COM) for your quick hack into your spouse cell phone and many more. This hacker is the best cause he has also worked for me and i swear to GOD you wont get disappointed tell him you are from me and watch out for your quick results in 24 hours.
          Trump won't testify      Cache   Translate Page   Web Page Cache   
Spare us the interviews with Rudy Giuliani and the endless debates among cable TV lawyers about the terms and conditions of Donald Trump's testimony to special counsel Robert Mueller.

Can't we please, please put one piece of Fake News to bed?

Spare us the interviews with Rudy Giuliani and the endless debates among cable TV lawyers about the terms and conditions of Donald Trump's testimony to special counsel Robert Mueller.

There's never going to be any testimony. It's all a charade. Come what may, Trump will never appear under oath in the Russia investigation. No defense attorney worth his law license would allow it.

Those tales The New York Times reporters pass along about how the president's confident he can talk his way out of anything? He's stalling, playing for time. If push comes to shove, Trump will plead the Fifth Amendment, political consequences be damned.

He'll just keep calling the Mueller probe a partisan witch-hunt, invoke the privilege against self-incrimination and brazen it out.

Short of provoking a constitutional crisis, it's his only real play.

How many votes would the president lose that he hasn't lost already? Courtesy of a recent Facebook exchange, here's what dedicated Trumpists already believe: "I call the NY Times conspiring with the FBI and DOJ, and the Hillary Clinton campaign to fix the 2016 election and to cripple the president with the Russia collusion nonsense the behavior of the 'enemies of the people.' "

That's not quite the QAnon conspiracy, but it's in the ballpark.

But I doubt it will come to that. Mueller can issue all the subpoenas he wants, if he wants. But what for? He'd actually be doing Trump a favor, helping him to stall with tedious Supreme Court theater. Already, The Washington Post's Greg Sargent is warning us to "Get ready for this nightmare scenario involving Trump, Mueller and [Supreme Court nominee Brett] Kavanaugh."

Far better for Mueller to let the question of the president's testimony simmer on the back burner while proceeding with widely anticipated indictments of Trump campaign officials for "conspiracy to defraud the United States" along with Russian military hackers. Maybe the president could be persuaded to testify in defense of his son Donald Jr., although I doubt it.

The president basically convicted himself as an accessory after the fact on Twitter last weekend anyway. He condemned as "Fake News" a report that he was "concerned about the meeting my wonderful son, Donald, had in Trump Tower. This was a meeting to get information on an opponent, totally legal and done all the time in politics — and it went nowhere. I did not know about it!"

In short, virtually everything Trump has previously stated about the ill-fated June 2016 meeting between Donald Jr., Jared Kushner, Paul Manafort and a passel of Kremlin-connected Russians was a lie. Supposedly, it was about Russian adoptions, remember? That was the gist of the scripted denial Trump dictated aboard Air Force One and falsely attributed to his son.

A few weeks later, The New York Times obtained a series of emails between Donald Jr. and Rob Goldstone, the British-born publicist who helped arrange the Trump Tower get together by promising "dirt" on Hillary Clinton as "part of Russia and its government's support for Mr. Trump."

"If it's what you say," Donald Jr. replied, "I love it."

No mention of Russian orphans.

Meanwhile, two days before the ill-fated meeting that Trump insists he knew nothing about, he'd promised a "major speech" on June 13 regarding "all of the things that have taken place with the Clintons." Evidently because the Russian "dirt" was of low quality, that speech was never delivered.

Nevertheless, it's clear that an offer had been made and a price agreed upon. The Russians wanted repeal of the Magnitsky Act, a law making it hard for Kremlin oligarchs to launder money.

U.S. election law makes it a crime to receive from foreigners "a contribution or donation of money or other thing of value ... in connection with a Federal, State, or local election." "Dirt," aka opposition research, can be an expensive commodity. (Also contrary to Trump, hiring an agent like Christopher Steele to do opposition research is perfectly legal. It's a question of who's paying: the candidate or a hostile foreign government.)

Former George W. Bush speechwriter David Frum puts it succinctly as possible:

"They knew they would be meeting with representatives of the Russian State.

"They knew they were being offered Russian state intelligence.

"They intended to use Russian intelligence offered by Russian agents against American opponents.

"They did not alert the FBI."

Even former Trump sidekick Steve Bannon, scourge of the "Deep State," thought meeting Russian agents inside Trump Tower was at best deeply stupid. "Even if you thought that this was not treasonous, or unpatriotic, or bad s***," he said, "and I happen to think it's all of that, you should have called the FBI immediately."

And if it weren't all those things, the White House wouldn't have had to lie about it for so long.

So, no, Trump will never testify.


          “A Senator Claims That Russian Hackers Are In Florida’s Voter Systems. Local Officials Are Skeptical.”      Cache   Translate Page   Web Page Cache   
BuzzFeed: Florida Senator Bill Nelson claimed Wednesday that Russian hackers “right now” are “in (the) records” of county election offices, prompting confusion from Florida state and county officials who said they are unaware of such an attack. Speaking to the … Continue reading
          “A Senator Claims That Russian Hackers Are In Florida’s Voter Systems. Local Officials Are Skeptical.”      Cache   Translate Page   Web Page Cache   
BuzzFeed: Florida Senator Bill Nelson claimed Wednesday that Russian hackers “right now” are “in (the) records” of county election offices, prompting confusion from Florida state and county officials who said they are unaware of such an attack. Speaking to the … Continue reading
          New Wi-Fi attack can crack your passwords | Avast      Cache   Translate Page   Web Page Cache   

When you’re using a Wi-Fi network these days, chances are you are counting on one of these protocols: WPA or WPA2. In short, your Wi-Fi signal is protected by the Wi-Fi Protected Access (WPA or WPA2) encryption standard. These wireless industry standards were designed to prevent potential hackers from intercepting the signal and reading your browsing data. Here’s the bad news: It was just reported that while investigating the new WP3 standard, a security researcher managed to break the encryption. So what’s the good news? At least now we know.


          Review: Dulce Vida Paloma and Margarita      Cache   Translate Page   Web Page Cache   

Austin-based Dulce Vida Spirits makes an exceptional line of tequilas, and the latest addition to the mix is this duo of ready-to-drink, classic tequila cocktails. Boasting “100% natural freshness,” these premixed cocktails are made with 100% agave blanco tequila, plus authentic ingredients — meaning real juice. So, hats off. Let’s give these ready-to-go concoctions the old […]

The post Review: Dulce Vida Paloma and Margarita appeared first on Drinkhacker: The Insider's Guide to Good Drinking.


          Weekly doing      Cache   Translate Page   Web Page Cache   

photoSquidwrench hackerspace

What is a Squidwrench weekly doing? It is our weekly meeting where you, the meeting-goer, bring a project you are currently working on, or interested in, researching, and you do/learn about/create/teach others/etc said project in the company of others. Pretty much, it's the tinkering you would be doing at home on your own, but now you're out doing it socially. Don't have a project? Come anyway!

Highland, NY 12528 - USA

Tuesday, August 14 at 7:00 PM

4

https://www.meetup.com/squidwrench/events/253631535/


          Weekly doing      Cache   Translate Page   Web Page Cache   

photoSquidwrench hackerspace

What is a Squidwrench weekly doing? It is our weekly meeting where you, the meeting-goer, bring a project you are currently working on, or interested in, researching, and you do/learn about/create/teach others/etc said project in the company of others. Pretty much, it's the tinkering you would be doing at home on your own, but now you're out doing it socially. Don't have a project? Come anyway!

Highland, NY 12528 - USA

Tuesday, October 16 at 7:00 PM

4

https://www.meetup.com/squidwrench/events/dkvcpfyxnbvb/


          Siêu Thánh SIM – khi mọi thứ chỉ để phục vụ người dùng      Cache   Translate Page   Web Page Cache   

Sau Thánh SIM, Siêu thánh SIM của Vietnamobile tiếp tục tạo “cơn sốt” bằng gói cước quyến rũ đầu tháng 6 vừa qua, khi cung cấp 4GB dữ liệu tốc độ cao mỗi ngày, cũng như miễn phí nội mạng thoại, nhắn nhe và giá cước thoại ngoại mạng chỉ 550 đồng/phút. Đây quả thực là những ưu đãi có một không hai tại thị trường viễn thông Việt Nam.

Nhưng câu hỏi đặt ra là, giá rẻ liệu có đi kèm chất lượng tốt?

Vietnamobile đã khá phóng khoáng khi cung cấp tới 4GB dữ liệu miễn phí mỗi ngày. Đây có thể xem là mức dung lượng đủ để người dùng di động dùng trong một ngày cho các tác vụ lướt web, mạng xã hội, đọc báo… hay thậm chí là xem video với thời lượng vừa phải. Tuy nhiên, việc chưa tương trợ mạng 4G khiến chiếc sim này bị ngờ về tốc độ kết nối.

Nhưng trên thực tế, kết quả về tốc độ mạng có thể khiến bạn sửng sốt. Khi đo bằng phần mềm chuyên dụng SpeedTest, Siêu thánh SIM gắn trên smartphone của Xiaomi cho tốc độ tải lên (upload) là 3.5 Mbps còn tốc độ tải về (download) đạt 4.62 Mbps – một con số khá cao. Trong thí điểm đọc báo bằng trình duyệt, tốc độ truy cập chưa tới một giây, hay vào Facebook cũng khá nhanh. Riêng việc xem clip trên YouTube với chất lượng Full HD (1080p) cũng không bị giật, lag, ngưng giữa chừng hay thao tác tua video cũng không bị “đứng hình” quá lâu.

Thậm chí, khi sử dụng Siêu thánh SIM cho cục phát Wi-Fi di động hoặc dùng để phát Wi-Fi từ smartphone, tốc độ truy cập trên máy tính hay các thiết bị di động khác khi kết nối với chúng cũng không suy giảm nhiều. Điều này là giải pháp hay cho những ai muốn chia sẻ Internet cho người nhà, bạn bè dùng chung, nhất là ở những nơi không có Wi-Fi hoặc lo ngại Wi-Fi công cộng kém an toàn, dễ bị hacker tấn công.

Là một người dùng điện thoại, việc nhắn tin, gọi điện là điều thế tất xảy ra và trên thực tế nó là nhu cầu cần thiết trong cuộc sống hiện đại. Tuy nhiên, mặt bằng chung về giá cước hiện nay khá cao, từ 890 đồng/phút dành cho ngoại mạng và mức 790 đồng/phút cho nội mạng, đồng nghĩa người dùng phải bỏ ra chi phí không nhỏ cho liên lạc. Nhưng với giá cước gọi nội mạng miễn phí và chỉ 550 đồng/phút ngoại mạng của Siêu thánh SIM, rõ ràng bạn đã hà tiện được không ít tài chính mỗi tháng, nhất là những ai thẳng tắp liên lạc.

Mới đây, Vietnamobile đã bắt tay Xiaomi – một hãng điện thoại non trẻ nhưng gây dựng được thành công lớn với smartphone và hệ sinh thái sáng ý. Đánh dấu sự “kết duyên” là chương trình độc quyền “Combo Thánh SIM FPT” ứng dụng khi mua điện thoại Redmi Note 5 tại cửa hàng thuộc hệ thống FPT Shop. Theo đó, người tiêu dùng có thể mua Redmi Note 5 3GB -32GB với mức giá ưu đãi 4.799.000 VNĐ kèm gói dữ liệu data miễn phí, thoại nội mạng, tin nhắn nội mạng với 420 phút gọi ngoại mạng trong vòng 12 tháng. Combo này sẽ là sự tương trợ không thể ráo hơn cho những ai mới bắt đầu sử dụng smartphone, với nhu cầu từ căn bản đến chuyên dụng.

Siêu Thánh SIM – khi mọi thứ chỉ để phục vụ người dùng - Ảnh 1.

Nhưng việc phối hợp giữa Vietnamobile và Xiaomi không chỉ có thế. Như đã đề cập, đằng sau Xiaomi còn là một hệ sinh thái phục vụ cho nhà sáng ý với những camera, quạt, bóng đèn, khóa điện tử, máy chiếu, TV… và quơ chúng sẽ được điều khiển bởi duy nhất smartphone. Từ đó, có thể mường tưởng viễn cảnh bạn kiểm soát các thiết bị IoT ( trong ngôi nhà của mình ở bất cứ đâu, bất cứ thi bang lai a2 khi nào bằng smartphone của Xiaomi duyệt dữ liệu miễn phí của Vietnamobile khôn xiết tiện lợi.

Như vậy, sự phối hợp giữa hai thương hiệu nổi lên với các sản phẩm tiện ích, nhiều công năng và giá cả hợp lý như Vietnamobile - Xiaomi, người dùng Việt càng sớm có cơ hội tiếp cận nhiều hơn các dịch vụ và công nghệ hàng đầu, từ đó kiến tạo nên một cuộc sống sáng dạ, thoải mái hơn trong ngày mai.


           Hacked.It - Hacker News Reader (News)      Cache   Translate Page   Web Page Cache   

Hacked.It - Hacker News Reader 1.1


Device: iOS iPhone
Category: News
Price: Free, Version: 1.1 (iTunes)

Description:

A minimalist dark mode Hacker News reader.
Clean & simple UI with big text!

***
Credits:
github/RCiesielczuk/HackerBuzz-ReactNative

What's New

-UI Fix

Hacked.It - Hacker News Reader


          ‘Big Brother’ 20 episode 19 recap: Did the Veto save either Tyler or Rockstar on August 8? [UPDATING LIVE BLOG]      Cache   Translate Page   Web Page Cache   
Tyler Crispen, our frontrunner to win “Big Brother” Season 20, got a taste of being on the block this week when the show’s first-ever Hacker Comp winner Haleigh Broucher secretly nominated him for eviction. Haleigh removed her buddy Scottie Salton from the block and replaced him with Tyler, who applauded the mysterious hacker for making […]
          Voice of concern: Smart assistants are creating new openings for hackers/Let's talk about the security of smart speakers."      Cache   Translate Page   Web Page Cache   
none
          MONEY CARD       Cache   Translate Page   Web Page Cache   
GUESS WHAT THEIR IS A NEW WAY OF MAKING MONEY VERY EASY WITHOUT STRESS AND ITS CALLED MEYER BLANK ATM CARD NO NEED TO BE LOOKING FOR A LOAN GET THE CARD AND THE MONEY IS YOURS THERE IS NO PAY BACK LIKE LOAN AND YOU CAN EASILY GET THE CARD GET YOURS NOW THERE IS A BONANZA GOING ON With draw cash freely from ATM machines any where around you unoticed . With a smart blank ATM hacker card, you can now say a final "BYE" to poverty, with real money pouring out of the ATM machine results! Our cards can withdraw from a minimum of $ 5,500, to a maximum of $ 100,000 daily. These cards are programmed with high tech softwares which makes it untreaceable by any camera monitoring satellites,even if you have to use the card any where in the world. INTERESTED? contact ( atmcardmachine2@gmail.com )or via whatsapp(+14848346318) for more information on how to get a blank card
          Яна_М: ВСЕГО 3 СТОЛОВЫХ ЛОЖКИ В ДЕНЬ, ВЫ ОПУСТИТЕ СВОЙ ХОЛЕСТЕРИН И ПОТЕРЯЕТЕ БРЮШНОЙ ЖИР, КАК СУМАСШЕДШИЙ!      Cache   Translate Page   Web Page Cache   

Это цитата сообщения VezunchikI Оригинальное сообщениеВсего 3 столовых ложки в день, вы опустите свой холестерин и потеряете брюшной жир, как сумасшедший!

Здесь мы представляем вам рецепт, который считается одним из лучших натуральных средств и действительно может творить чудеса для вашего здоровья. Этот чесночный напиток улучшает функции органов, очищает кровь и укрепляет вашу иммунную систему вместе с кровеносными сосудами и сердцем.

Это прекрасное природное средство, которое ускорит обмен веществ и способствует снижению веса. Оно очищает ваш организм и удаляет все вредные токсины.

ИНГРЕДИЕНТЫ:

12 зубчиков чеснока (очищенных)
1/2 литра красного вина
ИНСТРУКЦИИ:

Сначала порежьте чесночные зубчики на кусочки и положите их в банку. Затем залейте их вином. Закройте бутылку и оставьте ее в солнечном месте на 2 недели. Встряхивайте бутылку каждый день. Поместите жидкость в бутылку из темного стекла через 14 дней и храните ее. Потребляйте 1 столовую ложку этого напитка 3 раза в день в течение 1 месяца. Затем сделайте перерыв на 6 месяцев.

 

ПРЕИМУЩЕСТВА.

Этот напиток богат различными антибиотическими, противовоспалительными, противораковыми и антибактериальными свойствами. Вот лишь некоторые из преимуществ, которые он может вам предложить:

Лечит воспалительные заболевания
Улучшает обмен веществ
Снижает уровень холестерина
Удаляет излишки соли из организма
Устраняет токсины из организма
Очистить кровь
Увеличивает энергию
Сжигание жира
Поддерживает здоровье кровеносных сосудов и сердца
Увеличивает выносливость
Красное вино содержит ресвератрол и антиоксидантные, противовоспалительные свойства, что означает, что оно может предотвратить образование сгустков крови, которые могут привести к сердечным приступам и сердечной недостаточности. Это вещество препятствует росту и распространению раковых клеток. Оно имеет способность убивать их, при этом оставляя здоровые клетки нетронутыми.

Источник, отсюда


          Spam Never Expires      Cache   Translate Page   Web Page Cache   
Happy birthday spam! It’s been 40 years since the delivery of the first spam email to an unsuspecting user’s inbox. Hackers don’t appear to want spam emails to slow down as they continue to use these emails for malware and malicious URLs. The methods may have advanced over time, but the idea of sending out large quantities of emails to unsuspecting users’ inboxes has remained the same. A simple click by an end user equals a fairly lucrative reward for cybercriminals. Malware delivered via spam appears to follow a predictable pattern. According to F-Secure, spam typically can be categorized as one of three ways, “46 percent are dating scams, 23 percent are emails with malicious attachments, and 31 percent contain links to malicious websites.” Despite spam hitting the big 4-0 this year and being a popular vehicle of attack for cybercriminals, success rates are actually growing in recent years. Last month, Barracuda Networks reported that an…
          That was no cyberattack on the FCC, inspector general says -- just John Oliver fans - CNN      Cache   Translate Page   Web Page Cache   

CNN

That was no cyberattack on the FCC, inspector general says -- just John Oliver fans
CNN
Washington (CNN) The Federal Communications Commission's website did not fall victim last year to "deliberate attempts by external actors to bombard the FCC's comment system," a government investigation has determined. The surge in traffic was actually ...
FCC lied to Congress about made-up DDoS attack, investigation foundArs Technica
The FCC Website Reportedly Crashed Because Of John Oliver's Fans — Not HackersBustle
John Oliver viewers, not hackers, responsible for FCC system outageFox Business
Google Drive -Federal Communications Commission
all 51 news articles »

          Sen. Nelson: Russian hackers already have 'free rein' over some US voting machines      Cache   Translate Page   Web Page Cache   
Voting machines in at least one U.S. state may have already been compromised by Russian operatives ahead of the midterm elections, according to one democrat senator.
          Firefox’s New DNS Resolution      Cache   Translate Page   Web Page Cache   
ungleich (via Rob Griffiths, Hacker News): With their next patch Mozilla will introduce two new features to their Firefox browser they call “DNS over HTTPs” (DoH) and Trusted Recursive Resolver (TRR). In this article we want to talk especially about the TRR.[…]When Mozilla turns this on by default, the DNS changes you configured in your […]
          MEN: Darin Silvers Fucks Justin Matthews in ‘The Disciplinarian’      Cache   Translate Page   Web Page Cache   

The Disciplinarian (Darin Silvers Fucks Justin Matthews) at BigDicksAtSchool

Tattooed stud Darin Silvers is shocked that all he got was detention so he grabs ahold of Justin Matthews bends him over the teacher’s desk and spanks his ass.

The post MEN: Darin Silvers Fucks Justin Matthews in ‘The Disciplinarian’ appeared first on WAYBIG.


          Esquemas de engenharia social renderam quase $10 Milhões de dólares aos hackers no ano passado      Cache   Translate Page   Web Page Cache   
Esquemas de engenharia social renderam quase $10 Milhões de dólares aos hackers no ano passado

O fenómeno das criptomoedas e o aumento de um público interessado no mesmo nunca passaria despercebido aos hackers. Para atingir os seus objetivos maliciosos, os hackers recorrem a clássicas técnicas de phishing que vão além dos típicos cenários utilizados anteriormente. Inspirando-se nos investimentos ICO (Initial Coin Offering – Oferta de Moeda Inicial) e na distribuição gratuita de criptomoedas, os hackers conseguem beneficiar igualmente de investidores de criptomoedas e novatos.

Alguns dos alvos mais populares são investidores ICO, que procuram investir os seus fundos em start-ups para obter lucros no futuro. Para eles, os hackers criam páginas falsas que simulam sites oficiais de projetos ICO, ou tentam obter acesso aos seus contactos para lhes enviar um email de phishing contendo o número de uma e-wallet para onde os investidores deverão enviar as suas criptomoedas. Os ataques mais bem-sucedidos tiram partido de projetos conhecidos de ICO. Por exemplo, ao explorar o ICO Switcheo utilizando uma proposta de distribuição gratuita de moedas, os hackers roubaram mais de $25.000 mil dólares em criptomoedas após difundirem o link através de uma falsa conta de Twitter.

Outro exemplo é a criação de sites phishing para o projeto ICO OmaseGo, que permitiu aos hackers roubar mais de $1.1 milhões de dólares em criptomoedas. De igual interesse entre os hackers foram os rumores associados ao ICO do Telegram, que resultaram na criação de milhares de sites falsos que recolhiam “investimentos”.

Outra tendência bastante procurada envolve burlas de oferta de criptomoedas. Para isso, é pedido às vítimas que enviem um pequeno valor em criptomoedas em troca de um pagamento mais elevado, na mesma moeda, no futuro. Neste caso, os hackers chegaram mesmo a recorrer a perfis em redes sociais de famosos, como o magnata Elon Musk e o fundador do Telegram, Pavel Durov. Ao criarem contas falsas ou responderem a utilizadores legítimos através de falsos perfis, os hackers conseguem confundir os utilizadores do Twitter e levá-los a confiar no esquema ao clicarem nas respostas de contas fraudulentas.

De acordo com as estimativas da Kaspersky Lab, os hackers conseguiram obter mais de 21.000 ETH (The Ether Cryptocurrency – a criptomoedas Ether, que utiliza blockchain gerado pela plataforma Ethereum) o que equivale a mais de 10 milhões de dólares, à taxa de câmbio atual, no ano passado e utilizando os esquemas já mencionados. Esta quantia não inclui os ataques clássicos de phishing ou os casos que envolvem a criação de endereços individuais para cada vítima.

Os resultados da nossa investigação demonstram que os hackers se mantêm atualizados e estão a desenvolver recursos para atingirem o melhor resultado possível a nível de phishing de criptomoedas. Estes novos esquemas fraudulentos têm como base simples métodos de engenharia social, mas destacam-se dos restantes ataques mais comuns por renderem milhões de dólares aos seus autores. O sucesso que os hackers atingiram revela conhecimento sobre como explorar o fator humano, um dos pontos mais fracos a nível de cibersegurança, para monetizar o comportamento dos utilizadores,” – afirmou Nadezhda Demidova, Investigadora de conteúdo web na Kaspersky Lab.

Para proteger as suas criptomoedas, os investigadores da Kaspersky Lab aconselham os utilizadores a adotarem algumas regras simples:

  • Lembrem-se que nada é gratuito – quando uma oferta parece boa demais para ser verdade, provavelmente é porque é.
  • Verifiquem as fontes oficiais para informações sobre a distribuição gratuita de criptomoedas. Por exemplo, se detetarem a distribuição de criptomoedas em nome do Binance, um ecossistema de blockchain recentemente hackeado, clarifique essa informação em fontes oficiais.
  • Verifiquem se existem parceiros associados à carteira para onde pretendem transferir os seus investimentos. Uma forma de o fazer é através de motores de busca de blockchain como o etherscan.io ou o blockchain.info, que permite aos utilizadores verificar informações detalhadas sobre quaisquer transações de criptomoedas e identificar se a carteira em questão é perigosa.
  • Verifiquem sempre os links e os dados na barra de endereços – por exemplo, deveriam ser “blockchain.info” e não “blackchaen.info”.
  • Guardem o endereço das suas e-wallets num separador à parte, para um acesso mais fácil e seguro – caso cometam um erro na barra de endereços e acabem num site de phishing.

Mais informações sobre o desenvolvimento de phishing para criptomoedas estão disponíveis no site Securelist.com.


          UPDATE 2-Samsung Galaxy S7 smartphones vulnerable to hacking -researchers      Cache   Translate Page   Web Page Cache   
LONDON, Aug 8- Samsung's Galaxy S7 smartphones contain a microchip security flaw, uncovered earlier this year, that has put tens of millions of devices at risk to hackers looking to spy on their users, researchers told Reuters. But researchers from Austria's Graz Technical University told Reuters they have figured out a way to exploit the Meltdown...
          La historia del supuesto hacker de 20 años que está siendo acusado de robar más de 5 millones de dólares en bitcoins      Cache   Translate Page   Web Page Cache   

Bitcoin Hack

Joel Ortiz, un joven estudiante de 20 años de Boston, Estados Unidos, fue detenido en el aeropuerto de Los Ángeles cuando se dirigía a Europa, ¿la razón? Está siendo acusado de ser la cabeza de un grupo de hackers dedicados a robar criptomonedas.

Las autoridades de California mencionaron que Ortiz tiene denuncias de más de 40 personas a quienes supuestamente les habría secuestrado sus números de teléfono móvil, lo que lo habría ayudado a robar más de cinco millones de dólares en criptomonedas, principalmente bitcoins.

El 'SIM swapping' ataca otra vez

Ortiz es el primer caso denunciado en Estados Unidos de robo de criptomonedas usando el 'SIM swapping', una técnica que empieza a volverse muy popular para ataques, sólo basta recordar el caso del reciente hackeo a Reddit. El 'SIM swapping' consiste en engañar a la operadora móvil para que transfiera el número telefónico de una víctima hacia una SIM en propiedad del hacker.

Una vez que el atacante tiene la SIM con el número de su víctima, el siguiente paso es cambiar sus contraseñas, principalmente de correo electrónico y redes sociales, así como de sus carteras de criptodivisas como en este caso en concreto. Al tener el número telefónico, tampoco importa que las cuentas estén protegidas por autenticación de dos pasos por medio de SMS, ya que todo se recibe en el SIM secuestrada.

Joel Ortiz enfrenta un total de 28 cargos: 13 por robo de identidad, 13 por hackeo y dos por robo mayor. Todas las demandas provienen de inversores en criptodivisas y participantes de la pasada conferencia Consensus, que se llevó a cabo en Nueva York el pasado mes de mayo, y la cual se enfoca en temas de blockchain y criptomonedas.

Hack Bitcoin

De acuerdo a los primeros datos de la investigación, Ortiz pertenece al grupo autodenominado OGUSERS, quienes se encargan de hackear e intercambiar cuentas de personajes famosos e importantes en Twitter e Instagram, donde el objetivo es siempre tratar de robar criptodivisas.

En todos los casos, las víctimas reportaron que su número de teléfono móvil había muerto, y cuando se acercaron con su operadora para recuperarlo, es cuando se percataron del robo. Entre los afectados, está un inversor que perdió millón y medio en bitcoins, y un empresario que perdió un millón.

Según los investigadores, Ortiz ya había atacado antes, entre febrero y marzo, a un inversor de quien secuestró su número en dos ocasiones, restableciendo sus contraseñas de Gmail y accesos a sus sitios de carteras de criptomonedas. Incluso aseguran que Ortiz uso el número para llamar y amenazar a la esposa e hija de su víctima.

Las autoridades tuvieron que ejercer presión a las tecnológicas

Allied Alforcement, un grupo integrado por diversos especialistas en delitos cibernéticos de la policía de California, fue el departamento encargado de investigar las actividades de Ortiz. Enviaron solicitudes de información a la operadora AT&T, donde pedían el registro de llamadas de los números robados mientras estaban secuestrados, con lo que encontraron dos IMEI que apuntaban a dos smartphones Samsung con Android.

Bitcoin Hack 1

Una vez que tuvieron los IMEI de los smartphones, lo siguiente fue ponerse en contacto con Google para pedir todos los datos conectados a esos smartphones. Aquí fue donde encontraron una cuenta de Gmail y una de Microsoft, las cuales mostraban la actividad de Ortiz, como cambios de contraseñas, conversaciones con otros miembros de OGUSERS y datos para el SIM swapping. Así como pruebas del intercambio de bitcoins en sitios como Coinbase, Bittrex y Binance, donde aseguran hay movimientos millonarios.

Asimismo, AT&T también proporcionó un documento con todos los números que se activaron en esos IMEI durante el mes de mayo, y es así como descubrieron que habían sido más de 40 los afectados, ya que sólo algunos denunciaron. Una vez que tuvieron los números, lo siguiente fue llamar a los dueños y preguntar si habían sufrido algún robo durante mayo, lo cual fue determinante para emprender acciones legales en contra de Ortiz.

Las autoridades aseguran que hasta el momento han logrado confiscarle a Ortiz 250.000 dólares en bitcoins, pero no han podido encontrar el resto del dinero en otras criptomonedas.

A día de hoy, Ortiz está encarcelado en California y se le ha fijado una fianza de un millón de dólares, aunque este 9 de agosto se llevará a cabo su audiencia donde se espera que se declare culpable y se ofrezca para ayudar a capturar al resto de los miembros de OGUSERS. Algo que, en teoría, le ayudará a reducir su sentencia.

En Xataka | Proteger tus cuentas con autenticación en dos pasos es una gran idea: hacerlo con SMS no tanto

También te recomendamos

O me das tus bitcoins o te pego un tiro: hay quien roba bitcoins a la vieja usanza

Eres Youtuber de criptodivisas y te hackean para robarte dos millones de dólares en criptomonedas: el caso de Ian Balina

Las matemáticas seguirán siendo la base del futuro, ¿estamos preparados?

-
La noticia La historia del supuesto hacker de 20 años que está siendo acusado de robar más de 5 millones de dólares en bitcoins fue publicada originalmente en Xataka por Raúl Álvarez .


          John Oliver viewers, not hackers, responsible for FCC system outage - Fox Business      Cache   Translate Page   Web Page Cache   

Fox Business

John Oliver viewers, not hackers, responsible for FCC system outage
Fox Business
Former FCC Commissioner Robert McDowell on the impact of the repeal of Net Neutrality and the upcoming decision in the Department Justice lawsuit to block AT&T's acquisition of Time Warner. Concerned viewers of HBO host John Oliver's “Last Week ...

and more »

          Samsung Galaxy S7 Susceptible to Meltdown Attacks      Cache   Translate Page   Web Page Cache   

The Samsung Galaxy S7 has a serious security flaw, according to researchers from Austria’s Graz Technical University. A microchip security issue leaves the S7 open to Meltdown attacks. Meltdown takes advantage of a CPU tool called speculative execution, which allows processors to predict where instructions will travel. Hackers could use certain techniques to manipulate speculative execution in order to access privileged memory, such as that of the kernel. Meltdown and a similar vulnerability called Spectre were discovered to impact devices from a wide range of manufacturers late last year and early this year. "There are potentially hundreds of million of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know," said the researchers. They plan to look at devices from other phone makers to see if other models are impacted by the flaw. Samsung claims to have plugged the Meltdown security hole in patches issued in January and again in July. "Samsung takes security very seriously and our products and services are designed with security as a priority," said the company. There are no known cases of Meltdown being used to attack the Galaxy S7. The Galaxy S7 was first released in 2016 and is used by about 30 million people, according to Strategy Analytics.


          money and business       Cache   Translate Page   Web Page Cache   
GUESS WHAT THEIR IS A NEW WAY OF MAKING MONEY VERY EASY WITHOUT STRESS AND ITS CALLED MEYER BLANK ATM CARD NO NEED TO BE LOOKING FOR A LOAN GET THE CARD AND THE MONEY IS YOURS THERE IS NO PAY BACK LIKE LOAN AND YOU CAN EASILY GET THE CARD GET YOURS NOW AND With draw cash freely from ATM machines any where around you unnoticed . With a smart blank ATM hacker card, you can now say a final "BYE" to poverty, with real money pouring out of the ATM machine results! Our card can withdraw from a minimum of $ 5,500, to a maximum of $ 100,000 daily. These cards are programmed with high tech softwares which makes it untraceable by any camera monitoring satellites,even if you have to use the card any where in the world. INTERESTED? contact (atmcardmachine2@gmail.com )or via WhatsApp(+14848346318) for more information on how to get a blank card
          MONEY CARD       Cache   Translate Page   Web Page Cache   
GUESS WHAT THEIR IS A NEW WAY OF MAKING MONEY VERY EASY WITHOUT STRESS AND ITS CALLED MEYER BLANK ATM CARD NO NEED TO BE LOOKING FOR A LOAN GET THE CARD AND THE MONEY IS YOURS THERE IS NO PAY BACK LIKE LOAN AND YOU CAN EASILY GET THE CARD GET YOURS NOW THERE IS A BONANZA GOING ON With draw cash freely from ATM machines any where around you unnoticed . With a smart blank ATM hacker card, you can now say a final "BYE" to poverty, with real money pouring out of the ATM machine results! Our card can withdraw from a minimum of $ 5,500, to a maximum of $ 100,000 daily. These cards are programmed with high tech softwares which makes it untraceable by any camera monitoring satellites,even if you have to use the card any where in the world. INTERESTED? contact (atmcardmachine2@gmail.com )or via WhatsApp(+14848346318) for more information on how to get a blank card
          MONEY CARD       Cache   Translate Page   Web Page Cache   
GUESS WHAT THEIR IS A NEW WAY OF MAKING MONEY VERY EASY WITHOUT STRESS AND ITS CALLED MEYER BLANK ATM CARD NO NEED TO BE LOOKING FOR A LOAN GET THE CARD AND THE MONEY IS YOURS THERE IS NO PAY BACK LIKE LOAN AND YOU CAN EASILY GET THE CARD GET YOURS NOW THERE IS A BONANZA GOING ON With draw cash freely from ATM machines any where around you unoticed . With a smart blank ATM hacker card, you can now say a final "BYE" to poverty, with real money pouring out of the ATM machine results! Our cards can withdraw from a minimum of $ 5,500, to a maximum of $ 100,000 daily. These cards are programmed with high tech softwares which makes it untreaceable by any camera monitoring satellites,even if you have to use the card any where in the world. INTERESTED? contact ( atmcardmachine2@gmail.com )or via whatsapp(+14848346318) for more information on how to get a blank card
           Looking forward with Google Play      Cache   Translate Page   Web Page Cache   

Posted by Purnima Kochikar, Director, Google Play, Apps & Games

On Monday we released Android 9 Pie. As we continue to push the Android platform forward, we're always looking to provide new ways to distribute your apps efficiently, help people discover and engage with your work, and improve the overall security of our ecosystem. Google Play has had a busy year so far with some big milestones around helping you reach more users, including:

  • Shrinking download size: Android App Bundle & Dynamic Delivery has helped reduce app sizes by up to 65%, leading to increased downloads and fewer uninstalls.
  • Helpling improve quality: New tools in the Play Console have helped you reduce crash rates by up to 70%.
  • Improving discovery: Improvements to the discovery experience has increased Google Play Store visits by 30% over the last 12 months.
  • Keeping users safe: Google Play Protect scans more than 50 billion apps a day and Android API level 26 adoption requirements improve app security and performance.

Google Play is dedicated to helping you build and grow quality app businesses, reach the more than 2 billion Android devices globally and provide your users with better experiences. Here are some of the important areas we're prioritizing this year:

Innovative Distribution

We've added more testing tools to the popular Play Console to help developers de-risk app launches with internal and external test tracks and staged rollouts to get valuable early feedback. This year we've expanded the Start on Android program globally that provides developers new to Android additional guidance to optimize their apps before launch. Google Play Instant remains a huge bet to transform app discovery and improve conversions by letting users engage without the friction of installing. We're seeing great results from early adopters and are working on new places to surface instant experience, including ads, and making them easier to build throughout the year.

Improving App Quality

Google Play plays an important role helping developers understand and fix quality and performance issues. At I/O, we showcased how we expanded the battery, stability and rendering of Android vitals reporting to include app start time & permission denials, enabling developers to cut application not responding errors by up to 95%. We also expanded the functionality of automated device testing with the pre-launch report to enable games testing. Recently, we increased the importance of app quality in our search and discovery recommendations that has resulted in higher engagement and satisfaction with downloaded games.

Richer Discovery

Over the last year we've rolled out more editorial content and improved our machine learning to deliver personalized recommendations for apps and games that engage users. Since most game downloads come from browsing (as opposed to searching or deep linking into) the store, we've put particular focus on games discovery, with a new games home page, special sections for premium and new games, immersive video trailers and screenshots, and the ability to try games instantly. We've also introduced new programs to help drive app downloads through richer discovery. For example, since launching our app pre-registration program in 2016, we've seen nearly 250 million app pre-registrations. Going forward, we'll be expanding on these programs and others like LiveOps cards to help developers engage more deeply with their audience.

Expanding Commerce Platform

Google Play now collects payments in 150 markets via credit card, direct carrier billing (DCB), Paypal, and gift cards. Direct carrier billing is now enabled across 167 carriers in 64 markets. In 2018, we have focused on expanding our footprint in Africa and Latam with launches in Ghana, Kenya, Tanzania, Nigeria, Peru & Colombia. And users can now buy Google Play credit via gift cards or other means in more 800,000 retail locations around the world. This year, we also launched seller support in 18 new markets bringing the total markets with seller support to 98. Our subscription offering continues to improve with ML-powered fraud detection and even more control for subscribers and developers. Google Play's risk modeling automatically helps detect fraudulent transactions and purchase APIs help you better analyze your refund data to identify suspicious activity.

Maintaining a Safe & Secure Ecosystem

Google Play Protect and our other systems scan and analyze more than 50 billion apps a day to keep our ecosystem safe for users and developers. In fact, people who only download apps from Google Play are nine times less likely to download a potentially harmful app than those who download from other sources. We've made significant improvements in our ability to detect abuse—such as impersonation, inappropriate content, fraud, or malware—through new machine learning models and techniques. The result is that 99% of apps with abusive content are identified and rejected before anyone can install them. We're also continuing to run the Google Play Security Rewards Program through a collaboration with Hacker One to discover other vulnerabilities.

We are continually inspired by what developers build—check out #IMakeApps for incredible examples—and want every developer to have the tools needed to succeed. We can't wait to see what you do next!


          (IT) Penetration Tester      Cache   Translate Page   Web Page Cache   

Rate: £500 - £650 per day   Location: Hampshire   

Penetration Tester - Reverse Engineering - Contract - Hampshire Square One are searching for a Penetration Tester to work with one of our clients in Hampshire on a 3 month contract. Responsibilities * Hands on server-side pen testing * Hands on device-side pen testing (desirable) * Documentation of knowledge and findings in the form of guidelines, checklists and examples to be used by remedial teams Required experience * Strong experience as an ethical hacker, testing web applications, operating systems, databases etc * Strong knowledge of debuggers, de-compilers, dis-assemblers and de-obfuscators * Experience with static and dynamic binary analysis and binary injection * Experience with packet sniffers * Excellent analytical skills * Experience with both Linux and Windows OS Desirable experience * Experience as a device-side ethical hacker, testing mobiles, tablets, routers, industrial equipment etc * Anti-tamper tools and techniques * Hardware/software attack vectors * Malware analysis * Cryptography (RSA, SHA-1, AES) * Networking protocols * Experience with reverse engineering tools and techniques Penetration Tester - Reverse Engineering - Contract - Hampshire If you are interested in this opportunity, please apply now with your updated CV in word/PDF format. Notwithstanding any guidelines given to level of experience sought, we will consider candidates from outside this range if they can demonstrate the necessary competencies. Square One is acting as both an employment agency and an employment business, and is an equal opportunities recruitment business. Square One embraces diversity and will treat everyone equally: Please see our website for our full diversity statement.
 
Rate: £500 - £650 per day
Type: Contract
Location: Hampshire
Country: UK
Contact: David Meikle
Advertiser: Square One Resources
Start Date: 20/08/2018
Reference: JS-102708

          Notorious Hacker Group 'Music Mafia' Remains Online — Despite Heavy RIAA Pressure - Digital Music News      Cache   Translate Page   Web Page Cache   

Digital Music News

Notorious Hacker Group 'Music Mafia' Remains Online — Despite Heavy RIAA Pressure
Digital Music News
Understandably, this type of leaked content can be very damaging to the music industry, so it's no surprise that the RIAA is trying to crack down on the hacker group. Music Mafia has proved their chops by releasing two unreleased Kayne West songs ...


          Here's the report that showed the FCC lied about being hacked and then lied about lying      Cache   Translate Page   Web Page Cache   

Yesterday, the FCC published an admission that it had lied about a supposed hack-attack that it blamed for the collapse of its public comments portal that led to the agency eventually shutting down public comment and announcing that it would give equal weight to obviously forged anti-Net Neutrality comments and the pro-Neutrality comments it received. (more…)


          Merasa Difitnah, PKS akan Bawa Cuitan Jenderal Kardus ke Ranah Hukum      Cache   Translate Page   Web Page Cache   

Liputan6.com, Jakarta - Partai Keadilan Sejahtera (PKS) menyatakan, pernyataan Wasekjen Partai Demokrat Andi Arief yang menyebut partainya menerima uang dari Sandiaga Uno terkait pencapresan merupakan fitnah keji.

Ketua DPP PKS Ledia Hanifa menegaskan, tudingan Andi Arief sangat serius karena menerima mahar politik dalam proses pencalonan presiden adalah tindakan pidana pemilu yang fatal.

"Pernyataan Andi Arief jelas fitnah keji. Ini tudingan tidak main-main yang memiliki konsekuensi hukum terhadap yang bersangkutan," ujar Ledia di Jakarta, dalam keterangan tertulis yang diterima pada Kamis (9/8/2018).

Dia mengatakan, PKS siap untuk membawa cuitan fitnah Andi Arief ke ranah hukum.

Ledia menambahkan, sebagai sebagai petinggi partai politik yang sempat berkuasa di Indonesia, Andi Arief tidak selayaknya sembarangan melempar fitnah kepada institusi secara terbuka.

"Saya melihat tidak ada klarifikasi resmi dari partainya sehingga kami menyimpulkan ini juga merupakan sikap institusi partai tempat Andi Arief bernaung," papar Ledia.

Pernyataan Andi Arief

Wakil Sekretaris Jenderal Partai Demokrat Andi Arief menulis sejumlah kritikan keras terhadap Ketua Umum DPP Partai Gerindra Prabowo Subianto di akun Twitternya. Dalam cuitannya tersebut, dia membawa sejumlah partai politik, termasuk PKS.

Sejumlah tweetan Andi yang ditulis tadi Rabu malam 8 Agustus 2018 di antara berbunyi:

"Prabowo ternyata kardus, malam ini kami menolak kedatangan ke kuningan. bahkan keinginan dia menjelaskan lewat surat sudah tidak perlu lagi. Prabowo lebih menghargai uang ketimbang perjuangan, jenderal kardus."

Dilanjut dengan tweet berikutnya,

"Jenderal kardus punya kualitas buruk, kemarin sore bertemu ketum Demokrat dengan janji manis perjuangan. belum dua puluh empat jam mentalnya jatuh ditubruk uang Sandi uno untuk mengentertain PAN dan PKS."

Andi mengaku kekecewa terhadap Prabowo Subianto, yang dianggapnya tidak komitmen dengan ucapannya.

"Benar, saya dengar dan bisa dicek dalam karir politik saya bahwa saya tidak pernah bohong," kata Andi di Rumah Susilo Bambang Yudhoyono (SBY), Jalan Kuningan, Jakarta Selatan, Kamis (9/8/2018) dini hari.

Menurut Andi, Prabowo sebagai calon presiden telah berselingkuh dan tak sejalan dengan karirnya sebagai mantan jenderal militer. Andi pun yakin, bahwa Prabowo telah melakukan politik transaksional dengan menerima suntikan dana segar sebesar Rp 500 miliar.

"Saya Andi Arief tidak pernah membuat isu dalam karir politik saya," kata dia saat menjawab keabsahan kabar mahar tersebut.

 

Saksikan video pilihan di Bawah ini:


          Tiếng Anh công chức thuế phần 2:A hay AN?      Cache   Translate Page   Web Page Cache   
Tiếng Anh công chức thuế  2018 phần 2:A hay AN?A hay AN?. Nguyên tắc dùng A hay AN là tùy theo cách đọc chứ không phải theo cách viết. Trước khi quyết định dùng A hay AN ta hãy đọc thử xem chữ đó bắt đầu là nguyên âm hay phụ âm. Nếu nguyên âm thì dùng AN còn nếu phụ âm thì dùng a. Việc này cũng không đòi hỏi các ta phải nắm vững cách phiên âm bằng tiếng Anh mà ta có thể dùng tiếng Việt để kiểm tra.

___book. Book đọc là /búc/ (theo tiếng Việt) bắt đấu là chữ b - phụ âm nên dùng a
___hour. Đọc là /áo ơ / (Cũng là đọc theo tiếng Việt à nha !) => chữ á là nguyên âm nên dùng an.

Trong quá trình làm bài về loại này các ta lưu ý một số trường hợp sau:
1. Các chữ bắt đầu bằng H:
Thông thường h đọc là /h/, nhưng cần nhớ một số chữ h là âm câm (không đọc) sau đây: hour, honest (là các gia đình từ của nó như honesty... honour, honourary, hourable...)
Ví dụ: ____honest man. Honest đọc là /ó nợst/ - Nguyên âm nên dùng an => An honest man
2. Các chữ bắt đầu bằng O:
Có 2 cách đọc là: /w/ (phụ âm) và /o/ hoặc /ô/ (nguyên âm)
Ví dụ: One /w/=> a one...                Officer /o/ => an officer
3. Các chữ bắt đầu bằng số đếm:
Lưu ý các số 8 (đọc /ây/)và các số bắt đầu bằng 8 như 80, 81, 800..., 11(đọc /i lé vơn /) thì dùng an các số còn lại dùng a.
Ví dụ: An 8-storey-house            A 5-seat-car
4.  Các chữ viết tắt:
Lưu ý là các chữ viết tắt sẽ được đọc theo cách đọc chữ cái trước các chữ sau đều dùng an: M, F, L, N, R, S, X
Ví dụ: _____ M.L member                     M đọc là /em/- e là nguyên âm nên dùng an
=> An M.L member                             
+ Các chữ bắt đầu bằng U
U có hai cách đọc là /â/ (nguyên âm ) và /diu/ (phụ âm )
Ví dụ: …………….…..  umbrella ./âmbrélơ/ nguyên âm nên dùng an    => An umbrella
____ University ./diu ni vớ si ti/, d là phụ âm nên dùng a => A university


EXERCISES
Điền a hoặc an vào các chỗ trống sau đây.

1. _____  x-ray machine
2. _____ taxi driver
3. _____ apple
4. _____ European table
5. _____ waiter
6. _____ 6-storey house
7. _____ 8- wheel- car
8. _____11-head-animal
9. _____ one-man show
10. _____ honest man
11. _____unit 12. _____ hacker
13. _____ hour
14. _____ umbrella
15. _____ PR department
16. _____ electric cooker
17. _____ housewife
18. _____ calendar
19. _____ eel
20. _____ soccer player
21. _____ ruler
22. _____ zero


          How to Improve the California Consumer Privacy Act of 2018      Cache   Translate Page   Web Page Cache   

On June 28, California enacted the Consumer Privacy Act (A.B. 375), a well-intentioned but flawed new law that seeks to protect the data privacy of technology users and others by imposing new rules on companies that gather, use, and share personal data. There's a lot to like about the Act, but there is substantial room for improvement. Most significantly:

  • The Act allows businesses to charge a higher price to users who exercise their privacy rights.
  • The Act does not provide users the power to bring violators to court, with the exception of a narrow set of businesses if there are data breaches.
  • For data collection, the Act does not require user consent.
  • For data sale, while the Act does require user consent, adults have only opt-out rights, and not more-protective opt-in rights.
  • The Act’s right-to-know should be more granular, extending not just to general categories of sources and recipients of personal data, but also to the specific sources and recipients. Also, the right-to-know should be tailored to avoid news gathering.

The law goes into effect in January 2020, which means privacy advocates have 18 months to strengthen it—and to stave off regulated companies' attempts to weaken it.

Background to the Act

For many years, a growing number of technology users have objected to the myriad ways that companies harvest and monetize their personal data, and users have called on companies and legislators to do a better job at protecting their data privacy. EFF has long supported data privacy protections as well.

In March 2018, the Cambridge Analytica scandal broke. The public learned that private data was harvested from more than 50 million Facebook users, without their knowledge and consent, and that the Trump presidential campaign used this private data to target political advertisements. Demand for better data privacy rules increased significantly.

In May 2018, supporters of a California ballot initiative on data privacy filed more than 600,000 signatures in support of presenting the initiative to voters, nearly twice the number of signatures required to do so. But ballot initiatives are an imperfect way to make public policy on a complex subject like data privacy. Before enactment, it can be difficult for stakeholders to help improve an initiative’s content. And after enactment, an initiative can be difficult to amend.

California legislators hoped to do better, but now they faced a deadline. June 28 was the last day the initiative’s sponsor could remove it from the ballot, and the sponsor told the legislature that he would do so only if they passed data privacy legislation first. Legislators rushed to meet this deadline, but that rush meant privacy advocates didn’t have much chance to weigh in before it was passed.

The Basics of the CCPA

The CCPA creates four basic rights for California consumers: 

  • A right to know what personal information a business has about them, and where (by category) that personal information came from or was sent. See Sections 100, 110, 115. See also Section 140(c) (defining “business”), and Section 140(o) (defining “personal information”).
  • A right to delete personal information that a business collected from them. See Section 105. While the right-to-know extends to all information a business collected about a consumer, the right-to-delete extends to just the information a business collected from them.
  • A right to opt-out of sale of personal information about them. See Section 120. See also Section 140(t) (defining “sale”).
  • A right to receive equal service and pricing from a business, even if they exercise their privacy rights under the Act, but with significant exceptions. See Section 125.

The Act also creates a limited right for consumers to sue businesses for data security breaches, based on California’s existing data breach notification law. See Section 150. Most of the Act’s enforcement punch, however, rests with the California Attorney General (AG), who can file civil actions against violations of the Act. See Section 155. The AG is also responsible for promulgating regulations to flesh out or update the CCPA framework. See Section 185.

As we explained above, the CCPA was put together quickly, and with many important terms undefined or not clearly defined. As a result, these rights in some cases look better than they really are. Fortunately, the new CCPA is generally understood to be a work in progress. Legislators, privacy advocates, and regulated companies will all be seeking substantive revisions before the law goes into effect. The rest of this post focuses on EFF's suggestions.

Opt-in Consent to Collection

Many online services gather personal data from technology users, without their knowledge or consent, both when users visit their websites, and, by means of tracking tools, when users visit other websites. Many online services monetize this personal data by using it to sell targeted advertising. New legislation could require these online services to obtain the users’ opt-in consent to collect personal data, particularly where that collection is not necessary to provide the service.

The CCPA does not require online services to obtain opt-in consent before collecting personal data from users. Nor does it provide users an opportunity to opt-out of collection. The law does require notice, at or before the point of collection, of the categories of collected data, and the purposes of collection. See Section 100(b). But when it comes to users’ autonomy to make their own decisions about the privacy of their data, while notice is a start, consent is much better. The legislature should amend the Act to require it.

Some limits are in order. For example, opt-in consent might not be required for a service to perform actions the user themselves have requested (though clear notice should be required). Also, any new regulations should explore ways to avoid the “consent fatigue” that can be caused by a high volume of opt-in consent requests.

“Right to Know” About Data Gathering and Sharing

Technology users should have an affirmative “right to know” what personal data companies have gathered about them, where the companies got it, and with whom the companies shared it, subject to some limits to ensure that the right to know does not impinge on other rights.

The CCPA creates a right to know, empowering “consumers” to obtain the following information from “businesses”:

  • The categories of personal information collected. See Sections 100(a), 110(a)(1), 110(c)(1), 115(a)(1).
  • The categories of sources of the personal information. See Sections 110(a)(2), 110(c)(2).
  • The purposes for collecting the personal information. See Sections 110(a)(3), 110(c)(3).
  • The categories of third parties with whom businesses shares personal information. See Sections 110(a)(4).
  • The categories of personal information sold. See Sections 115(a)(2), 115(c)(1).

The Act defines a “consumer” as any natural person who resides in California. See Section 140(g). The Act defines a “business” as a for-profit legal entity with: (i) annual gross revenue of $25 million; (ii) annual receipt or disclosure of the personal information of 50,000 consumers, households, or devices; or (iii) receipt of 50% or more of its annual revenue from selling personal information. See Section 140(c).

The Act’s right-to-know would be more effective if it was more granular. It allows people to learn just the “categories” of sources and recipients of their personal data. People should be able to learn the specific sources and recipients.

Moreover, the Act’s right-to-know should be tailored to avoid impacting news gathering, which is protected by the First Amendment, when undertaken by professional reporters and lay members of the public alike. For example, if a newspaper tracked visitors to its online edition, the visitors’ right-to-know could cover that tracked information, but should not also extend to a reporters’ investigative file.

Data Portability

Users generally should have a legal right to data portability, that is, to obtain a copy of the data they provided to an online service. People might use this data in myriad ways, including self-publishing their own content, better understanding their service provider, or taking their data to a rival service.

The CCPA advances data portability. Consumers may obtain from businesses the “specific pieces” of personal information collected about them. See Sections 100(a), 110(c)(5). Moreover, the Act provides that if “provided electronically, the information shall be in a portable and, to the extent technically feasible, in a readily useable format that allows the consumer to transmit their information to another entity.” See Section 100(d).

It will be important to ensure that “technical infeasibility” does not become an exception that swallows the rule.

Also, it may be appropriate to address scenarios where multiple users’ data is entangled. For example, suppose Alice posts a photo of herself on social media, under a privacy setting that allows only certain people to see the photo, and Bob (one of those people) posts a comment on the photo. If Bob seeks to obtain a copy of the data he provided to that social media, he should get his comment, but not automatically Alice’s photo.

Consent to Data Sharing

As discussed above, EFF supports properly tailored legislation that requires companies to get opt-in consent before collecting a user’s personal data. Opt-in consent should also be required before a company shares that data with a third party. The more broadly that personal data is disseminated, the greater the risk of theft by malicious hackers, misuse by company employees, and expanded uses by company managers. Technology users should have the power to control their personal data by deciding when it may be transferred from one entity to another.

The CCPA addresses sale of personal data. It defines “sale” to include any data transfer “for monetary or other valuable consideration.” See Section 140(t). Adults have a right to opt-out of sales. See Sections 120(a), 120(c). To facilitate such opt-outs, businesses must provide a “do not sell my personal information” link on their homepages. See Section 135(a)(1). Minors have a right to be free from sales absent their opt-in consent. See Sections 120(c), 120(d). Also, if a third party buys a user’s personal data from a company that acquired it from the user, the third party cannot re-sell that personal data, unless they notify the user and give them an opportunity to opt-out. See Section 115(d).

However, the Act’s provisions on consent to data sharing are incomplete. First, all users—adults as well as minors—should be free from data sales and re-sales without their opt-in consent. While opt-out consent is good, opt-in consent is a better way to promote user autonomy to make their own decisions about their data privacy.

Second, the opt-in consent rules should apply to data transfers that do not yield (in the Act’s words) “valuable consideration.” For example, a company may find it to be in its business interests to give user data away for free. The user should be able to say “no” to such a transfer. Under the current Act, they cannot do so. By contrast, the original ballot initiative defined “sale” to include sharing data with other businesses for free.

Notably, the Act empowers the California Attorney General to issue regulations to ensure that the Act’s various notices and information are provided “in a manner that may be easily understood by the average consumer.” See Section 185(a)(6). We hope these regulations will address the risk of “consent fatigue” that can result from opt-in requests.

Deletion

The CCPA provides that a consumer may compel a business to “delete” personal information that the business collected from the consumer. See Section 105(a).

The Act provides several exceptions. Two bear emphasis. First, a business need not delete a consumer’s personal information if the business needs it to “exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.” See Section 105(d)(4). Second, a business may keep personal information “to enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.” See Section 105(d)(7).  Confusingly, another exception uses similar language, and it’s unclear how these interact. See Section 105(d)(9) (“Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information”).

Deletion is a particularly tricky aspect of data privacy, given the potential countervailing First Amendment rights at issue. For example, suppose that Alice and Bob use the same social media service, that Alice posts a photo of herself, that Bob re-posts it with a caption criticizing what Alice is doing in the photo, and that Alice becomes embarrassed by the photo. A statute empowering Alice to compel the service to delete all copies of the photo might intrude on Bob’s First Amendment interest in continuing to re-post the photo. EFF is working with privacy and speech advocates to find ways to make sure the CCPA ultimately strikes the right balance.

But EFF will strongly oppose any provision empowering users to compel third-party services (including search engines) to de-list public information about them. Laws outside the United States that do this are often called the “right to be forgotten.” EFF opposes such laws, because they violate the rights to free speech and to gather information. Many of us may be embarrassed by accurate published reports about us. But it does not follow that we should be able to force other people to forget these reports. Technology users should be free to seek out and locate information they find relevant.

Non-discrimination

The CCPA provides that if a user exercises one of the foregoing statutory data privacy rights (i.e., denial of consent to sell, right to know, data portability, or deletion), then a business may not discriminate against the user by denying service, charging a higher price, or providing lower quality. See Section 125(a)(1). This is a critical provision. Without it, businesses could effectively gut the law by discriminating against users that exercise their rights.

Unfortunately, the Act contains a broad exemption that threatens to swallow the non-discrimination rule. Specifically, a business may offer “incentives” to a user to collect and sell their data, including “payments.” See Section 125(b)(1). For example, if a service costs money, and a user of this service refuses to consent to collection and sale of their data, then the service may charge them more than it charges users that do consent. This will discourage users from exercising their privacy rights. Also, it will lead to unequal classes of privacy “haves” and “have nots,” depending upon the income of the user. EFF urges the California legislature to repeal this exemption from the non-discrimination rule.

This problem is not solved by the Act’s forbidding financial incentives that are “unjust, unreasonable, coercive, or usurious.” See Section 125(b)(4). This will not stop companies from charging more from users who exercise their privacy rights.

The Act also allows price and quality differences that are “reasonably related” or “directly related” to “the value provided to the consumer by the consumer’s data.” See Sections 125(a)(2), 125(b)(1). These exemptions from the non-discrimination rule are unclear and potentially far-reaching, and need clarification and limitation.

Empowering Users to Enforce the Law

One of the most powerful ways to ensure enforcement of a privacy law is to empower users to take violators to court. This is often called a “private cause of action.” Government agencies may fail to enforce privacy laws, for any number of reasons, including lack of resources, competing priorities, or regulatory capture. When a business violates the statutory privacy rights of a user, the user should have the power to decide for themselves whether to enforce the law. Many privacy statutes allow this, including federal laws on wiretaps, stored electronic communications, video rentals, driver’s licenses, and cable subscriptions.

Unfortunately, the private right of action in the CCPA is woefully inadequate. It may only be brought to remedy certain data breaches. See Section 150(a)(1). The Act does not empower users to sue businesses that sell their data without consent, that refuse to comply with right-to-know requests, and that refuse to comply with data portability requests. EFF urges the California legislature to expand the Act’s private cause of action to cover violations of these privacy rights, too.

The Act empowers the California Attorney General to bring suit against a business that violates any provision of the Act. See Section 155(a). As just explained, this is not enough.

Waivers

Too often, users effectively lose their new rights when they “agree” to fine print in unilateral form contracts with large businesses that have far greater bargaining power. Users may unwittingly waive their privacy rights, or find themselves stuck with mandatory arbitration of their privacy rights (as opposed to their day in an independent court).

So we are very pleased that the CCPA expressly provides that contract provisions are void if they purport to waive or limit a user’s privacy rights and enforcement remedies under the Act. See Section 192. This is an important provision that could be a model for other states as well.

Rule Making

The CCPA empowers the California Attorney General to adopt regulations, after it solicits broad public participation. See Section 185. These regulations will address, among other things, new categories of “personal information,” new categories of “unique identifiers” of users, new exceptions to comply with state and federal law, and the clarity of notices.

EFF will participate in this regulatory process, to help ensure that new regulations strengthen data privacy without undue burden, particularly for nonprofits and open-source projects.

Next Steps

The CCPA is just a start. Between now and the Act’s effective date in January 2020, much work remains to be done. The Act itself makes important findings about the high stakes:

The proliferation of personal information has limited Californians’ ability to properly protect and safeguard their privacy. It is almost impossible to apply for a job, raise a child, drive a car, or make an appointment without sharing personal information. . . . Many businesses collect personal information from California consumers. They may know where a consumer lives and how many children a consumer has, how fast a consumer drives, a consumer’s personality, sleep habits, biometric and health information, financial information, precise geolocation information, and social networks, to name a few categories. . . . People desire privacy and more control over their information.

EFF looks forward to advocating for improvements to the Act in the months and years to come.


          Kremlin Eyes U.S. Power Grid as Pols Take a Powder      Cache   Translate Page   Web Page Cache   
Kremlin-connected cyber-criminals are capable of turning off our electric power from afar while power-plant employees watch helplessly. In the last two weeks, the Department of Homeland Security held four briefings, including one in New York City on July 31, warning that Russian hackers are already practicing how to throw the switch and cause a blackout in the United States. We'd have no lights, no gas at the pump, no life support in hospitals, no mass transit, no food supply. Yet nearly al...
          And now professional golf is being ransomed for bitcoin      Cache   Translate Page   Web Page Cache   
TwitterFacebook

Raise that single gloved-hand to your mouth in shock: The hackers have gone after golf.

America's last bastion of proud visor-wearers is scrambling this week, after unknown criminals took over the PGA of America’s servers on Tuesday — locking the golf association out of its files just days before the official Aug. 9 start of the PGA Championship in Missouri. And you better believe those hackers want bitcoin

SEE ALSO: Ransomware has been around for almost 30 years, so why does it feel like it's getting worse?

That's right, the PGA was hit with ransomware

So reports Golfweek, which notes that the now-encrypted files include "extensive promotional banners and logos used in digital and print communications," in addition to "development work on logos for future PGA Championships." Read more...

More about Hackers, Bitcoin, Ransomware, Golf, and Tech
          Comment on Let’s You and Him Fight by Election hackers at it again, Facebook says; don’t help by falling into the ‘troll trap’ – bobsullivan.net      Cache   Translate Page   Web Page Cache   
[…] a series of painful relationship games in his seminal  book, “Games People Play.”  Let’s You and Him Fight is among the more famous.  A character who wants to start a fight says to one potential […]
          Fortnite sur Android : attention aux fausses pubs qui cachent des malwares      Cache   Translate Page   Web Page Cache   
Alors que la version Android de Fortnite pourrait arriver dans les prochaines semaines, des hackers mal intentionnés profitent de la popularité du titre pour arnaquer les mobinautes. Méfiance !


          4 причины, почему мы не делаем то, что хотим, и как с ними справиться      Cache   Translate Page   Web Page Cache   
Андрей Якомаскин

Преподаватель и писатель. Делится вдохновляющими историями в своей группе в соцсети «ВКонтакте».

Вопрос «Почему человек не делает?» каверзный. Обычно ответ заключается в незнании, что делать и как делать. Но сегодня для большинства «хочу» поисковики выдают сотню идей и советов, о чём бы ни шла речь: от похудения до поиска призвания. Если всё так просто, то почему бы не взять и сделать?

Потому что на деле проблема в желании. А вот как его пробудить — совсем другой вопрос.

Есть множество причин, по которым люди даже с сильной мотивацией умудряются топтаться на одном месте. Ниже я привожу свои варианты и уверен, что знакомство с ними поможет вам продвинуться вперёд.

1. Мы не знаем, с чего начать

Это первый вопрос, который должен возникать, когда у нас появляется любое желание. Только я говорю не про «ну было бы неплохо», а про то, что действительно хочется сделать.

В этом плане люди делятся по принципу «если» и «когда». Первые придумывают тысячу условий для того, чтобы начать, а вторые определяют ближайший срок выполнения.

Если вопрос «С чего начать?» задан вовремя, процесс сдвинется с мёртвой точки. Захотелось стать художником? Сегодня записываемся на курсы, завтра покупаем краски и холст. Человек не готов совершить минимальные действия для реализации желания только в одном случае — если на самом деле он этого и не хотел.

Правда в том, что, как говорит китайская пословица, путь в тысячу ли начинается с первого шага. Всегда.

2. Мы не умеем расставлять приоритеты

Ну ладно, знаю я, с чего начать. Например, я хочу похудеть, и нужно начать с бега. Дальше что? Нужно же кроссовки купить, с другом договориться, проверить прогноз погоды…

Нет.

Нужно выйти на улицу и бежать. Как Форрест Гамп. Помните, как было в фильме?

― Почему вы это делаете?

― Мне просто хочется бежать.

Когда у нас возникает желание и мы определяемся с первым шагом, по инерции в голове возникает второй, третий, четвёртый и, как следствие, пара-тройка альтернатив и отвлекающих манёвров. Тут мы теряемся и забываем, что нам, собственно, нужно.

Правило для борьбы с этим недугом простое — всегда доводи первый этап плана до конца.

Собираетесь начать бегать? Надевайте кроссовки и выходите на улицу, намотайте пару кругов вокруг дома. Я серьёзно, прямо сейчас. Если это не понравится сейчас, с полным зарядом мотивации, то с чего вдруг понравится потом? Потому что вы будете бежать на стадионе и в любимой футболке? Определяйтесь с приоритетами: попробуйте, доведите до конца и решайте.

3. Мы всё усложняем

Любимая фраза человека, который не хочет ничего менять, — «всё не так просто». Сколько я ни спрашивал о примерах того, что именно включает это сложное «всё», пока что безрезультатно. Каждый раз оказывалось, что можно и альтернативу найти, и подстроиться. Было бы желание.

Любое дело, разбитое на маленькие задачи, выполняется легче. Чтобы привести себя в форму, кажется, не так просто сбросить 10 кг, но довольно легко тратить 15 минут в день на зарядку и исключить рафинированный сахар из рациона.

Согласен, бывают ситуации, когда не мы всё усложняем, а ситуация оказывается действительно трудной. Тогда спросите себя: «Как всё упростить?» Я ни за что не поверю, что нельзя будет найти ни одной альтернативы.

А дальше всё упирается в известное выражение: «Не бывает плохих вариантов, есть варианты, которые нам не нравятся».

4. Мы боимся

Из кирпичиков страха строится стена вокруг зоны комфорта. «Мне здесь хорошо, значит, за пределами будет плохо». Поэтому всё новое воспринимается нами в штыки. Исходя из этого, люди делятся на две категории.

Первые — консерваторы. Они боятся что-то менять, ничего не пробуют и живут в своём пузыре всю жизнь. Это неплохо, если его всё устраивает. При условии, что человек не хочет перемен, но при этом добивается, чего хочет, и счастлив, — флаг ему в руки.

Вторые — новаторы. Они, наоборот, боятся останавливаться. Для них страх рождается в вопросе «Что, если я оставлю всё как есть?». Они боятся потерять время, здоровье, отношения и поэтому прикладывают больше усилий.

В обоих случаях человек боится. Только в первом случае страх заставляет его стоять, а во втором — двигаться и меняться.

Спросите себя: «Что, если я оставлю всё как есть?» Если ответ вас устраивает, поздравляю, записывайтесь в группу счастливых консерваторов. Если нет, пора что-то менять.

Эти причины, конечно, нельзя назвать исчерпывающими. Я выделил те из них, которые мне приходилось встречать. Надеюсь, они позволят вам избежать моих ошибок.

Как говорил спортсмен Джо Льюис, «вы живёте всего один раз, но если вы всё делаете верно, то этого достаточно».

Читайте также


          Comment on Hackers Help: Adhesive for TROFAST LEGO hack by Becky      Cache   Translate Page   Web Page Cache   
Hi Nicola, materials scientist here. The Ikea website lists Trofast rails as being made from polypropylene plastic. Polypropylene is a really difficult material to glue. The technical reason is that adhesives work by either wetting or penetrating surfaces, but polypropylene has a wax-like surface - basically, it's too waxy for the glue to get in and stick. To improve adhesion I would recommend sanding the surface you want to glue with coarse sandpaper to make it rough. This will give your glue something to key in to. I guess you should thoroughly sand back the line of superglue that fell apart too, since you'll presumably need to stick the rail back in the same place as before.
          PKS Benarkan Situsnya Diretas Hacker      Cache   Translate Page   Web Page Cache   

intelijen – Situs web Partai Keadilan Sejahtera (PKS) dengan alamat pks.id sempat diretas oleh hacker pada Kamis (9/8/2018) pagi. Hacker yang meretas situs tersebut mengaku diri sebagai @kakekdetektif. Adanya upaya peretasan situs PKS pun dibenarkan oleh DPP PKS melalui akun resminya @PKSejahtera. “Iya benar, sedang dalam penanganan. Ada pihak tidak bertanggung jawab yang ingin mencederai... Read more »

The post PKS Benarkan Situsnya Diretas Hacker appeared first on INTELIJEN.


          Ukrainische Hacker erbeuteten 1,2 Milliarden US-Dollar      Cache   Translate Page   Web Page Cache   

video previewYouTube


          Falha grave no WhatsApp permite interceptar mensagens      Cache   Translate Page   Web Page Cache   
Ontem (07/08) foi divulgado pela equipe de pesquisadores da Check Point Research, um relatório sobre uma falha grave de segurança encontrada no WhatsApp, que permite com que um hacker intercepte ou até mesmo altere o conteúdo de uma mensagem, isso poderia ser feito tanto em grupos do WhatsApp quanto em mensagens privadas, com isso um […]
          Código fonte do Snapchat é vazado por Hacker      Cache   Translate Page   Web Page Cache   
O código fonte ou source de um aplicativo, sistema ou programa, contém todas as linhas de código na linguagem de programação utilizada para o desenvolvimento do software, algumas linhas são de rotinas simples como por exemplo conexão com servidores, tratamento de sockets, tratamento da base de dados etc, mas também há as linhas de código […]
          Cyclonis Password Manager      Cache   Translate Page   Web Page Cache   

Warum brauchen die Benutzer einen Passwortgenerator? Die Erstellung von Passwörtern war ein ziemlich einfacher Prozess. Die Benutzer würden etwas auswählen, das leicht zu tippen und leicht zu merken ist, und viele von ihnen wären in Ordnung. In der Vergangenheit waren Hackerangriffe nur auf hochrangige Ziele ausgerichtet. Als sich das Internet entwickelte, wie auch immer, begannen […]

Der Beitrag Cyclonis Password Manager erschien zuerst auf IT-I-Ko.


          That XKCD on voting machine software is wrong      Cache   Translate Page   Web Page Cache   
The latest XKCD comic on voting machine software is wrong, profoundly so. It's the sort of thing that appeals to our prejudices, but mistakes the details.


Accidents vs. attack

The biggest flaw is that the comic confuses accidents vs. intentional attack. Airplanes and elevators are designed to avoid accidental failures. If that's the measure, then voting machine software is fine and perfectly trustworthy. Such machines are no more likely to accidentally record a wrong vote than the paper voting systems they replaced -- indeed less likely. The reason we have electronic voting machines in the first place was due to the "hanging chad" problem in the Bush v. Gore election of the year 2000. After that election, a wave of new, software-based, voting machines replaced the older inaccurate paper machines.

The question is whether software voting machines can be attacked. Well, if that's the measure, then airplanes aren't safe at all. Security against human attack consists of the entire infrastructure outside the plane, such as TSA forcing us to take off our shoes, to trade restrictions to prevent the proliferation of Stinger missiles.

Confusing the two, accidents vs. attack, is used here because it makes the reader feel superior. We get to mock and feel superior to those stupid software engineers for not living up to what's essentially a fictional standard of reliability.

To repeat: software is better than the mechanical machines they replaced, which is why there are so many software-based machines in the United States. The issue isn't normal accuracy, but their robustness against a different standard, against attack -- a standard which airplanes and elevators suck at.

The problems are as much hardware as software

Last year at the DEF CON hacking conference they had an "Election Hacking Village" where they hacked a number of electronic voting machines. Most of those "hacks" were against the hardware, such as soldering on a JTAG device or accessing USB ports. Other errors have been voting machines being sold on eBay whose data wasn't wiped, allowing voter records to be recovered.

What we want to see is hardware designed more like an iPhone, where the FBI can't decrypt a phone even when they really really want to. This requires special chips, such as secure enclaves, signed boot loaders, and so on. Only once we get the hardware right can we complain about the software being deficient.

To be fair, software problems were also found at DEF CON, like an exploit over WiFi. Though, a lot of problems are questionable whether the fault lies in the software design or the hardware design, fixable in either one. The situation is better described as the entire design being flawed, from the "requirements",  to the high-level system "architecture", and lastly to the actual "software" code.

It's lack of accountability/fail-safes

We imagine the threat is that votes can be changed in the voting machine, but it's more profound than that. The problem is that votes can be changed invisibly. The first change experts want to see is adding a paper trail, rather than fixing bugs.

Consider "recounts". With many of today's electronic voting machines, this is meaningless, with nothing to recount. The machine produces a number, and we have nothing else to test against whether that number is correct or false. You can press a button and do an instant recount, but it won't tell you any other answer than the original one.

A paper trail changes this. After the software voting machine records the votes, it prints them to paper for the voter to check. This retains the features of better user-interface design than the horrible punch-hole machines of yore, and retains the feature of quick and cheap vote tabulation, so we know the results of the election quickly. But, if there's an irregularity, there exists an independent record that we can go back, with some labor, and verify.

It's like fail-systems in industrial systems, where we are less concerned about whether the normal systems have an error, but much more concerned about whether the fail-safe system works. It's like how famously Otis is not the inventor of elevators, but the inventor of elevator brakes that will safely stop the car from plummeting to your death if the cable snaps.

What's lacking in election machines therefore is not good or bad software engineering, but the failure of anybody to create fail-safes in the design, fail-safes that will work regardless of how the software works.

It's not just voting machines

It's actually really hard for the Russians to hack voting machines, as they have to be attacked them on a one-by-one basis. It's hard for a mass hack that affects them all.

It's much easier to target the back-end systems that tabulate the votes, which are more often normal computers connected to the Internet.

In addition, there are other ways that hackers can target elections. For example, the political divide in America between rural (Republican) and urban (Democrat) voters is well known. An attack against traffic lights, causing traffic jams, is enough to swing the vote slightly in the direction of rural voters. That makes a difference in places like last night's by-election in Ohio where a House candidate won by a mere 1,700 votes.

Voting machines are important, but there's way to much focus on them as if they are the only target to worry about.

Conclusion

The humor of this comic rests on smug superiority. But it's wrong. It's applying a standard (preventing accidents) against a completely different problem (stopping attackers) -- software voting machines are actually better against accidents than the paper machines they replace. It's ignoring the problems, which are often more system and hardware design than software. It ignores the solution, which isn't to fix software bugs, but to provide an independent, auditable paper trail.



          What the Caesars (@DefCon) WiFi situation looks like      Cache   Translate Page   Web Page Cache   
So I took a survey of WiFi at Caesar's Palace and thought I'd write up some results.


When we go to DEF CON in Vegas, hundreds of us bring our WiFi tools to look at the world. Actually, no special hardware is necessary, as modern laptops/phones have WiFi built-in, while the operating system (Windows, macOS, Linux) enables “monitor mode”. Software is widely available and free. We still love our specialized WiFi dongles and directional antennas, but they aren’t really needed anymore.

It’s also legal, as long as you are just grabbing header information and broadcasts. Which is about all that’s useful anymore as encryption has become the norm -- we can pretty much only see what we are allowed to see. The days of grabbing somebody’s session-cookie and hijacking their web email are long gone (though the was a fun period). There are still a few targets around if you want to WiFi hack, but most are gone.

So naturally I wanted to do a survey of what Caesar’s Palace has for WiFi during the DEF CON hacker conference located there.

Here is a list of access-points (on channel 1 only) sorted by popularity, the number of stations using them. These have mind-blowing high numbers in the ~3000 range for “CAESARS”. I think something is wrong with the data.



I click on the first one to drill down, and I find a source of the problem. I’m seeing only “Data Out” packets from these devices, not “Data In”.


These are almost entirely ARP packets from devices, associated with other access-points, not actually associated with this access-point. The hotel has bridged (via Ethernet) all the access-points together. We can see this in the raw ARP packets, such as the one shown below:

WiFi packets have three MAC addresses, the source and destination (as expected) and also the address of the access-point involved. The access point is the actual transmitter, but it's bridging the packet from some other location on the local Ethernet network.

Apparently, CAESARS dumps all the guests into the address range 10.10.x.x, all going out through the router 10.10.0.1. We can see this from the ARP traffic, as everyone seems to be ARPing that router.

I'm probably seeing all the devices on the CAESARS WiFi. In other words, if I sit next to another access-point, such as one on a different channel, I'm likely to see the same list. Each broadcast appears to be transmitted by all access-points, carried via the backend bridged Ethernet network.

The reason Caesars does it this way is so that you can roam, so that you can call somebody on  FaceTime and walk to the end of the Forum shops on back and not drop the phone call. At least in theory, I haven’t tested it to see if things actually work out this way. It’s the way massive complexes like Caesars ought to work, but which many fail at doing well. Like most "scale" problems, it sounds easy and straightforward until you encounter all the gotchas along the way.

Apple’s market share for these devices is huge, with roughly 2/3rds of all devices being Apple. Samsung has 10% Apple’s share. Here's a list of vendor IDs (the first 3 bytes of the MAC address) by popularity, that I'm seeing on that one access-point:

  •     2327 Apple
  •       257 Samsung
  •       166 Intel
  •       132 Murata
  •         55 Huawei
  •         29 LG
  •         27 HTC-phone
  •         23 Motorola
  •         21 Foxconn
  •         20 Microsoft
  •         17 Amazon
  •         16 Lite-On
  •         13 OnePlus
  •         12 Rivet Networks (Killer)
  •         11 (random)
  •         10 Sony Mobile
  •         10 Microsoft
  •           8 AsusTek
  •           7 Xiaomi
  •           7 Nintendo  

Apparently, 17 people can't bear to part with their Amazon Echo/Alexa devices during their trip to Vegas and brought the devices with them. Or maybe those are Kindle devices.

Remember that these are found by tracking the vendor ID from the hardware MAC addresses built into every phone/laptop/device. Historically, we could also track these MAC addresses via “probe” WiFi broadcasts from devices looking for access-points. As I’ve blogged before, modern iPhones and Androids randomize these addresses so we can no longer track the phones when they are just wandering around unconnected. Only once they connect do they use their real MAC addresses.

In the above sample, I’ve found ~1300 probers, ~90% of whose MAC addresses are randomized. As you can see, because of the way Caesars sets up their network, I can track MAC addresses better because of ARP broadcasts than I can with tracking WiFi probe broadcasts.

While mobile devices are the biggest source of MAC addresses, they also identify the fixed infrastructure. For example, some of the suites in Caesars have devices with a “Creston” MAC address. Somebody is releasing an exploit at BlackHat for Creston devices. There’s a patch available, but chances are good that hackers will start hacking these devices before Caesars gets around to patching them.

WPA-3 is promising to get rid of the open WiFi hotspots like CAESARS, but doing "optimistic encryption" by default. This is better, preventing me from even seeing the contents of ARP packets passively. However, as I understand the standard, it'll still allow me to collect the MAC addresses passively, as in this example.

Conclusion

This post doesn't contain any big hack. It's fascinating how big WiFi has become ,as everyone seems to be walking around with a WiFi device, and most are connecting to the hotel WiFi. Yet, with ubiquitous SSL and WPA encryption, there's much less opportunity for mischief, even though there's a lot more to see.

The biggest takeaway is that even from a single point on the big network on the CAESARS compound, I can get a record of some identifier that can in ideal circumstances be traced back to you. In theory, I could sit an airport, or drive around your neighborhood, an match up those records with these records. However, because of address randomization in probes, I can only do this is you've actually connected to the networks.

Finally, for me, the most interesting bit is to appreciate how the huge CAESARS networks actually works to drop everyone on the same WiFi connection.


          Cerca de 40% dos sites brasileiros não têm certificado de segurança      Cache   Translate Page   Web Page Cache   
Ausência desse recurso torna as páginas vulneráveis a ataques de hackers e outras formas de invasões, além de prejudicar os sites em buscas
          Southeast Region Certified Ethical Hacker v10 Course      Cache   Translate Page   Web Page Cache   
Southeast Region Certified Ethical Hacker v10 Course
          Adding Animations to Your App – The Boring Flutter Development Show, Ep. 5      Cache   Translate Page   Web Page Cache   
In this episode, Filip is joined by Emily, a Developer Advocate on the Flutter team (and previously a compiler engineer on the Dart team). Together they extend the BLoC pattern to add loading animations to the Hacker News reader app – they showcase the progress indicator animations that Flutter provides out-of-the-box, as well as building […]
          Ceslava2009: Невероятная польза хозяйственного мыла!      Cache   Translate Page   Web Page Cache   

Это цитата сообщения БЕЛОЯР_2 Оригинальное сообщениеНевероятная польза хозяйственного мыла!

Для чего нам хозяйственное мыло, в чем его положительные качества и недостатки?

На прилавках многих отечественных магазинов до сих пор можно увидеть невзрачные, коричневого цвета куски хозяйственного мыла. Стоит этот продукт копейки, запах оставляет желать лучшего, при изобилии современных моющих средств, кажется, что данный товар совершенно не конкурентоспособный на рынке.

Наверное, только наши бабушки по старинке приобретают его, или молодое поколение тоже использует его в быту? Почему же производители выпускают этот товар, а магазины выбрасывают его на свои прилавки?

Для чего нам хозяйственное мыло, в чем его положительные качества и недостатки? Что за цифры выбиты на «теле» мыла? Мы попытаемся ответить на эти вопросы в нашей статье.

Что означают цифры на куске мыла?
72%, 70%, 65% — это процент содержания жирных кислот.

Чем больше цифра на куске хозяйственного мыла, тем лучше оно справляется с грязью и инфекцией.

ПЛЮСЫ — В действительности хозяйственное мыло имеет ряд свойств, не присущих другим моющим средствам.

Первый плюс хозяйственного мыла в том, что продукт изготовлен только из натуральных и экологически чистых материалов, растительных масел и животных жиров, мыло гипоаллергенно и совершенно безвредно для организма человека.

· Данный продукт часто рекомендуют использовать для стирки одежды и постельного белья маленьких детей. После стирки, мыльной водой вы даже можете поливать свои домашние растения, вода не нанесет им вреда, потому как в мыле отсутствую химикаты.

· Хозяйственное мыло – незаменимый помощник для дачника. Используйте его для чистки любых поверхностей и утвари.

· Так же хозяйственное мыло благоприятно влияет на качества некоторых тканей, например, шерсти. После стирки шерстяных изделий хозяйственным мылом они приобретают пышность и изначальную мягкость

Давно…Тогда в душевой текла только холодная вода, и мыло выдавали хозяйственное. Но зато когда отец приходил стричься, парикмахерши удивлялись: такие густые волосы — и совершенно нет перхоти! Всё допытывались, чем это он таким голову моет…

· Моя одноклассница имела густую роскошную шевелюру ниже попы. Такую, что сама расчесывать не могла. Ей все вслед ахали, а я не удержалась и выпытала, как она за ними ухаживает.

Первый помыв — шампунем (смываем основную грязь), потом — хоз. мылом. Я попробовала! Через полгода вместо моих трех тонких волосин — клевые волосы и 0 перхоти. Уже 9 лет прической довольна.

· Наша соседка рассказывала, что в войну мыла голову именно хозяйственным мылом, и волосы выглядели лучше, чем после мытья шампунем.

· Кто-то из знакомых, по совету воспитателя, избавил ребенка от начинающегося серьезного воспаления на ноге при помощи хозяйственного мыла.

· Хозяйственное мыло успешно применяется для лечения воспалительных процессов (вплоть до начинающейся гангрены).

· Хозяйственным мылом успешно лечат даже гинекологические заболевания (в некоторых роддомах его используют для мытья пола в отделениях, где находятся новорожденные).

Хирурги знают об удивительной способности хозяйственного мыла заменять хирургические перчатки (если его намылить на руки и оставить подсыхать) – говорят, что тогда даже при порезе во время операции риск заражения минимален.

Хозяйственное мыло является и противовирусным средством. И с этим назначением с успехом применяется в интимной сфере для профилактики различных заболеваний.

· Моя голову хозяйственным мылом, можно добиться того, что волосы становятся густыми и здоровыми (исчезает и перхоть, и ломкость волос).

Правда, чтобы кожа головы не была после такого мытья пересушена, нужно все же затем ополоснуть голову кислым раствором на основе уксуса или лимонного сока.

· Хозяйственным мылом советуют умываться – хотя бы 2 раза в неделю – для того, чтобы кожа всегда молодо выглядела. После умывания надо смазывать кожу обыкновенным детским кремом.

Причем эффект от таких умываний, как говорят те, кто попробовал, лучше, чем от использования дорогой профессиональной косметики.

· Очень хорошо очищает кожу мытье в парной с березовым веником, замоченным в растворе хозяйственного мыла: кожа замечательно очищается и потом как бы светится изнутри.

· Можно излечиться с помощью хозяйственного мыла от начинающегося насморка. Нужно сделать мыльный раствор, обмакнуть туда ватный тампон и обработать носовые пазухи.

Тогда (хотя и будет первое время немного щипать) нос никогда не будет заложен, а через 2-3 такие обработки вы надолго забудете о простуде.

· При укусе собаки для предотвращения попадания в рану инфекции советуют дать стечь крови из раны (она вымоет и бактерии), а потом или приложить марлю или забинтовать бинтом, смоченным в растворе хозяйственного мыла.

· Успешно справляется хозяйственное мыло и с лечением грибковых заболеваний стоп. Советуют тщательно мыть пораженные области на коже мылом со щеткой, после чего обрабатывать поверхность кожи йодом.

· Хозяйственным мылом обрабатывают кожу при легких ожогах (например, бытовом ожоге на кухне).

· После депиляции, чтобы исключить покраснение кожи на чувствительных участках, люди также используют хозяйственное мыло. Достаточно просто один раз намылиться и раздражения не будет.

· Хозяйственным мылом успешно лечится молочница и потница. Им хорошо подмываться, оно убивает все бактерии и грибок типа молочницы.

При молочнице здорово помогает, намылить безымянный палец и обмазать влагалище на сколько палец влезет, так мне в роддоме сказали.

· Если имеются какие-либо проблемы в ротовой полости, можно обрабатывать зубную щетку раствором хозяйственного мыла и оставлять на ночь. К утру вы будете уверены, что ваша зубная щетка полностью обеззаражена.

В хозяйственном мыле много щелочей, быстро и качественно растворяющих грязь и к тому же обладающих антимикробным действием. Недаром в медицине грубое хозяйственное мыло до сих пор используют в качестве антисептика.

· Я когда служил в армии лечил грибок на ногах хозяйственным мылом. Просто на протяжении 1 недели утром и вечером моешь ноги в холодной воде с хозяйственным мылом и грибка как не бывало!

· Несколько лет назад мои только что проколотые уши воспалились — сзади на мочке образовался просто комок черный.

Я уже настроилась снять сережки и «зарастить» уши, но моя мама взяла обычное хозяйственное мыло, натерла его мелкой стружкой, добавила сок лука и все это приложила мне на мочку на день.

Вечером все сняла, потом я еще пару дней смазывала ухо спиртом, и все прошло. Больше проблем не было.

· Хозяйственное мыло – прекрасное средство для снятия отёка. Для этого достаточно развести мыло в воде и натереть полученным раствором ушиб. Производить процедуру необходимо несколько раз за день.

· Средство от прыщей. Настрогать хозяйственное мыло в мисочку, добавить воды и взбить его помазком в пену. Теперь взять 1 ст. л. получившейся пены, 1 ч. л. соли «экстра» и перемешать. Эту смесь накладывать на хорошо вымытое лицо.

Предупреждаю — будет сильно щипать, но это как раз и означает, что идет лечебный процесс. Держать маску полчаса.

У вас на лице останется сухая соль, смахните ее и умойтесь сначала горячей, а потом холодной водой. Делать такую процедуру нужно 2-3 раза в день в течение 2-3 недель.

· Средство от нарывов. Смешать в равных частях натертый лук, хозяйственное мыло и сахар. Эту мазь наложить на нарыв и забинтовать. Делать это нужно на ночь, утром вы увидите, что рана полностью очистилась.

· Врачи рекомендуют раз в две недели мыться хозяйственным мылом: вы защитите себя от вирусов и бактерий.

· От трещин на пятках и натоптышей делают ванночку из 2 литров горячей воды, 1 чайной ложки соды и 1 столовой ложки наструганного хозяйственного мыла.

· Хозяйственное мыло и дождевая вода от выпадения волос избавят навсегда. Применять для намыливания волос только темное хозяйственное мыло. Никаких других моющих средств не использовать.

Мыть голову следует 2 раза в неделю. Я делала так в течение двух месяцев. Результат прекрасный.

· Если ушибленное место помазать хозяйственным мылом — синяка не будет.

· Домашний пилинг: нанести на влажную кожу лица пену из хозяйственного мыла и ваткой, смоченной хлористым кальцием, протереть лицо по массажным линиям.

Кожа очень хорошо очищается.

· Хозяйственное мыло — средство от ожогов. Если вы обожгли руку или что-то еще (на кухне, например, огнем или кипятком), сразу намыльте место ожога хозяйственным мылом и дайте подсохнуть. Не будет не только пузырей от ожога, но и покраснения не останется!

по материалам сайта: «Здоровье»


          Cybertraining Election Officials For This Year's Voting      Cache   Translate Page   Web Page Cache   
If anyone knows how easily voting can be disrupted, it's a county election supervisor in the state of Florida. That's one reason several dozen of them gathered in Orlando recently to discuss ways to protect against the most recent threat — cyberattacks by Russia or others intent on disrupting U.S. elections. Marion County elections supervisor Wesley Wilcox said he realizes the threat has evolved far beyond the butterfly ballots and hanging chads that upended the 2000 presidential race. And even beyond the lone hacker. "It's no longer the teenager in his basement eating Cheetos that's trying to get into my system," said Wilcox. "There are now nation states that are, in a coordinated effort, trying to do something." CIA Director Mike Pompeo is the latest intelligence official to warn the Russians will likely try to interfere in this year's elections, as they did in 2016. And Florida was among at least 21 states that intelligence agencies say had their election systems probed by Russian
          Trump Official On Russian Hacking: 'A National Security Issue'      Cache   Translate Page   Web Page Cache   
President Trump has shown little interest in fighting the threat of Russians hacking U.S. elections. He's shown a lot of interest in fighting voter fraud, something he insists — without evidence — is widespread. Parts of his administration are doing just the opposite. Bob Kolasky, an acting deputy undersecretary at the Department of Homeland Security (DHS), told a group of election officials gathered in Washington, D.C., this week that the threat of Russian hacking in future elections is "a national security issue." "We have seen no evidence that the Russian government has changed its intent or changed its capability to cause duress to our election system. That may not be the only concern we have in the future," Kolasky said, adding that another nation-state or bad actor could also attempt to interfere in U.S. voting. The intelligence community concluded last year that Russian hackers probed election systems in at least 21 states before the 2016 election, although there's no evidence
          Learning 2016's Lessons, Virginia Prepares Election Cyberdefenses      Cache   Translate Page   Web Page Cache   
This fall's statewide elections in Virginia and New Jersey are the first big test of security measures taken in response to last year's attempts by Russia to meddle with the nation's voting system. Virginia was among 21 states whose systems were targeted by Russian hackers last year for possible cyberattacks. While officials say the hackers scanned the state's public website and online voter registration system for vulnerabilities and there's no sign they gained access, state authorities have been shoring up the security of their election systems. One of the most drastic steps was a decision by the Virginia Board of Elections earlier this month to order 22 counties and towns to adopt all new paper-backed voting machines before November. The board decided that the paperless electronic equipment they had been using was vulnerable to attack and should be replaced. "Got thrown a curve ball," says David Bjerke, director of election in Falls Church, a city in northern Virginia that was among
          10 Months After Election Day, Feds Tell States More About Russian Hacking      Cache   Translate Page   Web Page Cache   
Updated at 8:15 p.m. ET One of the public's unanswered questions about Russia's attempts to break into election systems last year was which states were targeted. On Friday, states found out. The Department of Homeland Security said earlier this year that it had evidence of Russian activity in 21 states, but it failed to inform individual states whether they were among those targeted. Instead, DHS authorities say they told those who had "ownership" of the systems — which in some cases were private vendors or local election offices. State election officials were finally contacted by federal authorities on Friday about whether their election systems were among those targeted for attack last year by Russian hackers. State election officials have complained for months that the lack of information from the federal government was hampering their efforts to secure future elections. "We heard that feedback," says Bob Kolasky, acting deputy undersecretary for DHS's National Protection and
          8/9/2018: STAD EN RAND: Haven schakelt hulp in van internationale hackers      Cache   Translate Page   Web Page Cache   

Het Havenbedrijf en de Antwerpse start-up Junction brengen in oktober 130 hackers drie dagen en twee nachten onder één dak in Antwerp Expo. De Haven wil daarmee geen duister genootschap oprichten om computers te kraken, maar gaat op zoek naar...
          ‘Big Brother 20’ recap: ‘A new HOH has to deal with the Hacker Twist’      Cache   Translate Page   Web Page Cache   
  Day 44 in the Big Brother house and Angela has just won HOH. Level 6 is back in power. The other side of the house is confused and paranoid. We also find out that Brett/Angela came up with the plan to expose Bayleigh’s Power App. We also find out that Tyler was covering his… The post ‘Big Brother 20’ recap: ‘A new HOH has to deal with the Hacker Twist’ appeared first on TheCelebrityCafe.com.
          Heboh Jenderal Kardus, Gibran Dompleng Promosi Kardus Baru Markobar      Cache   Translate Page   Web Page Cache   

Liputan6.com, Jakarta - Jejaring sosial Twitter hingga kini diramaikan dengan perbincangan jenderal kardus. Perbincangan tersebut bermula ketika Wasekjen Demokrat Andi Arief melalui akunnya dengan nama @AndiArif_ membuat twit mengenai jenderal kardus.

Julukan jenderal kardus bermula dari batalnya pertemuan antara Ketua Umum Partai Demokrat Susilo Bambang Yudhoyono (SBY) dan Ketua Umum Partai Gerindra Prabowo Subianto. Batalnya pertemuan itu disampaikan oleh Andi Arief pada Rabu (8/8/2018) pagi.

 

 

(AndiArief_/twitter.com)#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000

Dalam twit-nya itu, Andi mengungkapkan kalau Demokrat menolak kehadiran Prabowo. Twit selanjutnya, politisi itu pun semakin ragu dengan mental Prabowo. Selain itu pula, Andi menyindir sikap Prabowo yang lebih menghargai uang daripada perjuangan.

Ramainya perbincangan jenderal kardus, ternyata dimanfaatkan Gibran Rakabuming yang ikut mempromosikan kardus terbaru bisnis kulinernya, Markobar.

Dompleng Isu Jenderal Kardus

(@Chili_pari/twitter.com)#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000

Putra sulung Presiden Jokowi itu pun rupanya memanfaatkan momentum atas viralnya 'Jenderal Kardus'. Lewat akun Twitter miliknya @Chili_pari yang diunggah pada Rabu (8/8/2018), Gibran menyebut akan merilis desain baru kardus pembungkus martabak yang bisa dijadikan sebagai papan permainan.

Memiliki jiwa bisnis yang mumpuni, Gibran sangat paham bagaimana memanfaatkan momentum yang sedang ramai dibicarakan. Ia pun mengunggah penampilan kardus tersebut di akun Twitter-nya.

Dalam video tersebut, kardus martabak memiliki pola-pola tertentu yang menjadi bagian dari papan permainan. Papan permainan ini semacam papan ular tangga namun lebih tampak modern. Gibran juga menyebutkan setelah martabaknya habis, jangan langsung dibuang kardus pembungkusnya karena bisa dijadikan sarana bermain yang menyenangkan.

 

Penampakan Kardus Markobar

(@markobar1996/twitter.com)#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000

Promosi kardus Markobar yang dilakukan Gibran tentu menuai beragam respons warganet. Banyak dari warganet memuji strategi Gibran menjadikan momen tersebut sebagai bisnisnya.

Berikut beragam respons warganet yang berhasil dirangkum dari Twitter.

"Memanfaatkan trending untuk bisnis, keren laaahh," kata akun @Daavy04.

"Ternyata yg lagi heboh strategi marketing tukang martabak nih," komentar akun @reeccou.

"Emang dah ... marketing ulung , pesan brand tingkat tinggi, manfaatkan momentumOmzet menanjak drastis," kata akun @_mollucan_.

"Pengusaha itu tanggap dan kreatif. Kardus aja bisa jadi inspirasi," kata akun @fahriGagar.

"Oke pembelajaran marketing yang bagus haha," kata akun @guido_dayax.

Strategi bisnis yang dilakukan Gibran patut dicontoh ya. Bagaimana menurutmu?

Reporter:

Rizky Mandasari

Sumber: Brilio.net


          WhatsApp users beware! New bug allows hackers to send fake messages pretending to be you – and there's nothing you can do to stop them      Cache   Translate Page   Web Page Cache   

A newly-discovered WhatsApp bug allows hackers to infiltrate and message your group chats and private conversations.

If combined with other existing glitches, the vulnerability could allow cyber criminals to impersonate you and send fake messages to your friends and family, security experts have warned.

Researchers who unearthed the bug believe it is of the 'utmost importance' WhatsApp fixes the problem – as it could be used to quickly spread misinformation.

The Facebook-owned company says it is aware of the flaw but has no plans to patch the problem as the exploited vulnerability forms a core part of the app's design.


          New Wi-Fi attack can hack your password no matter how strong      Cache   Translate Page   Web Page Cache   
If you think securing your Wi-Fi network with a strong password is enough to keep hackers away, well, think again. A researcher has detailed a new kind of attack, discovered by accident, which would allow hackers to crack your password with ease, no matter how strong the password. The security researcher was actually looking at...
          Hackers can invade WhatsApp to spread fake messages      Cache   Translate Page   Web Page Cache   
Whatsapp users are being warned of a newly discovered attack that lets hackers infiltrate your private messages and group chats. Coupled with other tricks, the flaw could allow scammers to impersonate you and even spread fake messages to your friends on the Facebook-owned chat app. The exploit, spotted by Check Point Research’s cyber-security scientists, is...
          Galaxy S7 phones vulnerable to hacking, researchers say      Cache   Translate Page   Web Page Cache   
Samsung’s Galaxy S7 smartphones contain a microchip security flaw, uncovered earlier this year, that put tens of millions of devices at risk to hackers looking to spy on their users, researchers told Reuters. The Galaxy S7 and other smartphones made by Samsung Electronics were previously thought to be immune to a security vulnerability known as...
          PGA Computer Servers Targeted by Hackers in Extortion Attempt      Cache   Translate Page   Web Page Cache   
Hackers have reportedly gained access to the PGA of America's servers with the 100th PGA Championship set to begin Thursday at Bellerive Golf Course in St. Louis, Missouri...
          Comment on Four Colors Into Sixteen: Terminal Innovation on the Atari ST by MarkP      Cache   Translate Page   Web Page Cache   
It's weird how effective that trick is, even though it should be a horrible flickery mess much like most other attempts at field-sequential colour that operate slower than e.g. the 180+ fps of a DLP projector utilising the technique (and even those tend to switch more frequently and with higher precision using a seven-segment colour wheel - the primaries, secondaries, and white - to improve brightness and reduce flicker / colour trails). Presumably the phosphor afterglow, which appears to be fairly long even at 240fps, helps paper over some of the gaps. Also the use of red, green and cyan is a bit strange ... I mean, you need that to be able to show both yellow and white without the latter being a somewhat low-intensity grey that suffers a lot of flicker by needing three frames to appear, but I do wonder how the primary blue visible on one of the screens is produced... and also how it would treat magenta? Maybe it's that it is actually completely changing the palette on each frame (maybe even line by line, and by that I don't mean row by row but every scanline, which lets you do some vertical as well as temporal dither, and is a technique I've seen used quite effectively on the Oric and even the CGA PC), rather than just flitting between two screenbuffers with different pixel patterns in, and there are six different colours that can appear and mix, plus the fixed black background... between them you might be able to come up with a reasonable facsimile of the ANSI 16...? Especially if dithering vertically you could still manage the already-dithered characters of the standard set by reducing their own dither to vertical bars, though maybe they would still work OK with the technique anyway? Still got an analogue modem in the back of the cupboard so I might have to get an image for that program and dial into a surviving BBS with my own ST when I get it working again, just to witness the effect. As well as Megaroids of course - as noted on its own post page, I'm part skeptical, part extremely curious about what's actually going on there. It's not palette flickering but swapping between the halves of a double buffer, that much is fairly plain, but beyond that it's a bit of an enigma ... does it actually interlace, or is it simply going for a bit of temporal anti-aliasing because the roids themselves eat up the palette entry that would otherwise be used to simply draw a pre-smoothed sprite? (FWIW, Quantum Paint is one of the few high-colour programs on the ST that actually does flicker between palettes, as its claim to fame was, in an era before Photochrome and various other super high colour demos, achieving "4096" colours - actually more like 3200 or so - on an original ST rather than an STe... but, it only did that to increase the colour palette depth, its more-colours-per-line, new-colours every line technique was much more mundane and similar to other programs like Canvas, Neochrome Master, Spectrum512 and indeed Spectrum4096. Those ones just swapped palettes without any interframe flicker, either line by line, or across the course of each line, throwing fresh values into the shifter's registers as fast as the CPU (and later, blitter) could manage... mainly picking from just the regular 512, with Spectrum4096 being STe-only and still only using the static hardware-provided colours. IIRC Photochrome was the groundbreaker that combined the two techniques to give more than 48 colours per line as well as an extended master palette) It'd be interesting to see what a modern attempt at the same idea might be like; whether it might be possible to bring in some intra-line palette swapping to try and make as many changes as possible across a line (48 across, or maybe more like 40 in medrez when really pushing hard, might be enough alongside vertical dither and variation in where the actual swaps take place, as well as temporal dither, to give a much more convincing, genuine provision of 80 unique blocks of both foreground and background colour with less flickeriness and closer matching to the originals; and in any case, IIRC true ANSI only has 8, low intensity BG colours vs 16 foreground, so that opens up the possibility of vert-dithering with black and/or complementary colours to fake it more convincingly), maybe with a bit of border opening to use a wider font (9 or even 10 pixels per column would be possible, depending on how much overscan your monitor can handle) and get as close a match between colour switching frequency and the character rate... Alternatively, a different tack a bit like that used for word processors on 8-bits that didn't have 80 column modes or cards available. Set it into low rez but use deep overscan; 400 pixels width isn't a particular challenge for demo writers these days (in fact they can manage about 412, but those from about 404 to 408 are blanked out by the most common "stabiliser" techniques that prevent the opened borders on one line causing the next line to be garbled), and that would allow us 80 columns with a 5-pixel wide character cell, which is just about enough to be readable with a bit of finagling of the character set (some of the 8-bit "compressed" modes even used 4 pixels, though that's really pushing it for legibility). And we can then just set and forget the colour palette. I wonder too whether it might be possible with some clever hackery to effect a half-pixel horizontal shift (find some way to write an odd number of medrez pixels then shift back to low? I have a feeling there's a hundred reasons why that wouldn't work, though) and use that in conjunction with double buffering to do a bit of semi-flickery *horizontal* antialiasing of the text? To my knowledge no-one's tried anything like that... but it sure seems like it would be worth a go. Another idea I had myself ages ago was that... it strikes me that the missing shifter mode really should be a "/3" one. High is /1 (the 32MHz input clock is divided by 1, and the shifter cycle is reading in one word then shifting it out as 1-bit pixels), Medium is /2 (32MHz becomes 16, and two words are read in then shifted out as 2 parallel bits to a pixel), and Low is /4 (...I think you get the idea). On colour monitors the same ~40us active period ends up containing 320 or 640 pixels; on a mono one, only 20us is active, and again has 640 pixels (which is another argument against the possibility of a 640x400 interlace mode; it would work entirely differently to everything else, instead of just being the mono clock on a colour screen... which would itself instead create something like the Amiga's hopeless SuperHiRez 1280x200 mode). Three of the four possible mode settings (using two bits) are accounted for, but there's an unused slot. The input clock is fixed at 32MHz, you can only - with that generation of tech - divide by integers, the internal shift registers are only four "lanes" wide (with medium and mono using just 2 or 1 of them), and there's only 16 colour registers anyway. So ... why not a ~10.6MHz, 3-bit-pixel mode? The resulting horizontal rez is a somewhat inconvenient 426.67 pixels if we keep the exact same clock, but there's no reason that we need to do that. For convenience it's best if the width is divisible by 16 (our 3-word blocks are going to be 16 pixels wide because of the memory architecture, and the memory *access* cycle runs every 5.33 pixels (x3 = 16), as a read takes two CPU clocks and can only happen every four clocks, which are themselves divided by four from the 32MHz crystal). Timing is weirded a bit in terms of matching pixels to clock cycles across each line, as one CPU clock is no longer 1, 2 or 4 pixels but 4/3rds, so it's maybe best to think in blocks of 12 clocks which are the smallest that we can reliably time and conveniently also 16 pixels wide (or in other words, just the same as how things are in hirez). The oddest thing being that line length can't now easily be a free choice of x4 or x8 pixels (or x4 clocks) as it technically was for low and medium, but has to be x12 to not waste CPU cycles (or if we take the Amiga model of halting the entire system for between one and three clocks at the end of each line to "correct" the timing, we could have x6 or even x3 pixels, as well as even freer choices in low and medium). The 512 and 508 cycles of PAL and NTSC are no longer possible; the closest we can get are 516 or 504, which messes up the line frequency somewhat, though 504 with the early ST/STe crystals isn't even as high as certain Japanese computers routinely ran their "15khz" modes at, and 516 with the later TT/MSTe crystal is easily close enough to ISO-PAL frequency to still work. If instead the timing is jiggled a bit to allow a x6 pixel count (maybe the CPU gets an extra 2 cycles it wouldn't normally enjoy and the video system is paused, or the CPU is just halted for ~0.2% of the time, or that slack bandwidth is reserved for refresh, audio DMA, floppy DMA, blitting or any of a whole bunch of things down to and including a single 1bpp 16-pixel wide sprite...) we can get 510 clocks. Anyway, that's bogging down in the minutiae. Upshot being we can have a minimum of 400 pixels within the normal underscan area in that mode, giving us the 5-pixel/80 column setup without any special tricks, and 8 colours to use likewise. More likely you'd go for 416 or 432 which are a little either side of normal width (equivalent to 312 or 324 low-rez pixels), and the latter allowing a variant terminal standard of 72 columns at least with a 6 pixel font. But really, if you're reengineering the shifter at the last moment to fit this mode in, what you'd want to do is make it 480 pixels wide (equivalent to 360 low-rez). Which with a 10.7MHz clock is almost exactly as wide as the Amiga's 320/640 pixel modes using its 7.1/14.2MHz clocks, so it would fit nicely within the limits of a typical monitor or TV, and not be so finely pixeled as to lose clarity on most of them. And with a 6-pixel-wide font, a little coarse but not the most unusual of things, there's your 80 columns. In 8 colours, which is compatible with at least a lower flavour of ANSI. And I fancy it wouldn't be too hard to come up with a colour switching and/or per-line dithering/palette swapping routine that could make a much more convincing, stabler facsimile of the 8-and-16-colour standard if indeed not the full 16-and-16 colour extension possible with CGA. Plus it'd be pretty good for other serious software. Word processors, DTP, etc. With the palette set to primary colours and liberal use of dithering you could retain reasonably good resolution as well as being able to simulate any given colour, even make a somewhat rudimentary stab at representing photographic images, as a sort of (5+ years earlier) stepping stone towards what was done later with 16 colours and somewhat higher resolution in standard VGA mode across a whole generation of Windows PCs and their software, or even the earliest Mac IIs/LCs. And unlike 640x200 mode with 8 or 16 colours on the Amiga, there'd be no slowdown (using more than 4 colours at that rez, or 16 at 320x200, steals cycles from the CPU and slows the processing down even further vs its already reduced rate compared to the ST). And it'd be fairly good for converting all manner of things from e.g. the NEC PC88 and PC98 which started out with 640x200 / 640x400 modes in 3-bit RGB (fixed as primaries, not even being able to set the colours independently at first... something actually shared with a lot of late 80s upgrade graphics cards for the PC, too... 8-colour modes often featured alongside 16s and 4s, and if you were on a TTL monitor usually that meant 1 bit for each of R, G and B...). Just have to reduce the horizontal rez somewhat. Maybe increasing the vertical a bit with simpler software overscan tricks to compensate - 480x224 would be reasonably possible on NTSC and 480x272 (same as the PSP, not far off the Mac's actual resolution but with "full" colour, and about a quarter FullHD in each dimension, using just under 48kb...) for PAL... At the same time it might have been possible to put a normal/wide switch (and a normal/tall one?) in for all of the modes that could extend them out as wide as that... 720 for medium and high, 352 or 368 for low (360 doesn't divide into 16... though you could maybe just ignore the last 8 pixels entirely or co-opt the difference for smoothscroll purposes?), eating a little extra screen memory in order to better fill the available horizontal width without quite overscanning... and without need for complicated, performance sapping software border-opening tricks... (480 would drop down to 432 instead in "normal", I suppose - 432x200 in 3bpp still comes in under 32kb; and similarly 200/400 lines could increase to 240/480, without actually needing interlace... 240 being a bit of a compromise to ensure multiregion compatibility even though it would be decidedly overscanned in NTSC and need programmers to take care to centre their must-be-visible content, whilst still being decidedly underscanned in PAL... maximum memory take still wouldn't be massive, just a touch over 43kb, which kinda begs the question of why didn't they implement that option in the first place as it would be barely any more logic gates for a very useful set of functions, and the extra memory take would have been tolerable even with a 128kb machine, especially as the regular just-under-32kb modes would remain the default) Might have helped the machine hold its own a bit better against the Amiga, PC and Mac, getting a few more sales at its height and lasting a little longer in the market, especially if they extended the functionality somewhat in the MegaSTe to build on that and maybe do the same rez with 64 "direct" colours (or 16 register entries plus 48 shadow/highlight/inverted ones...? Or 4x4x3 direct plus 16 custom... and medrez in 16 colours, high in 4 colours or 1280x400 mono - more useful than the Amiga equivalent especially with the crispness of the mono monitors, maybe upping the tube size a bit too - and lowrez with 256 direct colours (8x8x4) or some kind of other trick mode e.g. 6x7x6 plus 8 custom colours out of the 4096, or 6x6x6/6x8x5 plus 16 custom...) with the memory, MMU and shifter accelerated x2 as well as the CPU... Ah, what could have been, just with some small changes in what decisions were made at certain crucial points... ...also a shame more use wasn't made of the cartridge port, especially for standalone games. I guess Megaroids' "thing" was that it ran under GEM, so for the early machines you *had* to load it from disc anyway, but I've seen a few conversions of games (generally older ones, but not exclusively - the only crucial thing, unless you want to roll your own "mapper", is that they can be made to fit within 128kb and their files arranged within the cart's not-quite-DOS virtual filesystem) to cartridge images that can be run in emulators or burned to EPROMs and stuffed in a homebrew cart and they work quite well, with some surprising entries amongst them - Xenon, for example, which probably could have worked very nicely as a standalone cart on a discless 130ST. Megaroids might also have managed similar, with the bare core GEM routines it needed to run its menu system included amongst the code, or just converted to have a simpler, more conventional game menu that could be navigated with joystick or just keyboard meaning all you'd need to be able to play it on an (130?)STM would be the computer, power supply, TV plus RF cable, and the cartridge... (which thought is now annoying me by reminding me that I still haven't been able to find our old FaST BASIC cart ... I wanted to plug it in with the STF's internal floppy disconnected - which if you power the machine up like that and without an external drive gives a near-instant GEM desktop but with no icons other than the trash - and see if the cartridge icon automatically appeared and if anything could be run from it... the thing still wouldn't have been useful without either TOS ROMs or disc TOS plus a disc drive anyway, I expect, but it'd be interesting to try out and see what might have been the original intentions...)
          DHS-Funded Researchers Say They've Found Security Flaws in Phones With All Major Carriers - Gizmodo      Cache   Translate Page   Web Page Cache   

Gizmodo

DHS-Funded Researchers Say They've Found Security Flaws in Phones With All Major Carriers
Gizmodo
Department of Homeland Security-funded research by Virginia-based security firm Kryptowire has allegedly discovered major security flaws in numerous phones, according to a report on cybersecurity site Fifth Domain. According to the report, DHS Science ...
Government-backed research suggests millions of smartphones have built-in security flawsBGR
Dept of Homeland Security discovers security flaws in millions of US smartphones9to5Mac
DHS warns of vulnerabilities in millions of smartphonesTechSpot
Cult of Mac -The Mac Observer -Phone Arena -PYMNTS.com
all 20 news articles »

          Cerca de 40% dos sites brasileiros não têm certificado de segurança      Cache   Translate Page   Web Page Cache   

Cerca de 40% dos sites brasileiros ainda não usam protocolo de segurança chamado de SSL (Secure Socket Layer), segundo pesquisa da empresa BigDataCorp. A ausência desse recurso torna as páginas vulneráveis a ataques de hackers e outras formas de invasões, além de prejudicar os sites em mecanismos de busca, como no caso do Google. O ...

O post Cerca de 40% dos sites brasileiros não têm certificado de segurança apareceu primeiro em Diário de Araxá.


          Samsung Galaxy S7 phones vulnerable to hacking      Cache   Translate Page   Web Page Cache   
Samsung's Galaxy S7 smartphones are vulnerable to a microchip flaw uncovered earlier this year called Meltdown, putting tens of millions of devices at risk of cyber attacks by hackers looking to spy on their users, researchers told Reuters.

          EOS 官方 API 中 Asset 结构体的乘法运算溢出漏洞描述      Cache   Translate Page   Web Page Cache   

作者:古河@360 Vulcan Team
作者博客:奇虎360技术博客

综述

asset是EOS官方头文件中提供的用来代表货币资产(如官方货币EOS或自己发布的其它货币单位)的一个结构体。在使用asset进行乘法运算(operator *=)时,由于官方代码的bug,导致其中的溢出检测无效化。造成的结果是,如果开发者在智能合约中使用了asset乘法运算,则存在发生溢出的风险。

漏洞细节

问题代码存在于contracts/eosiolib/asset.hpp:

      asset& operator*=( int64_t a ) {

         eosio_assert( a == 0 || (amount * a) / a == amount, "multiplication overflow 
or underflow" );                                      <== (1)

         eosio_assert( -max_amount <= amount, "multiplication underflow" );  <= (2)

         eosio_assert( amount <= max_amount,  "multiplication overflow" );   <= (3)

         amount *= a;

         return *this;

      }

可以看到,这里官方代码一共有3处检查,用来防范溢出的发生。不幸的是,这三处检查没有一处能真正起到作用。

首先我们来看检查(2)和(3),比较明显,它们是用来检查乘法的结果是否在合法取值范围[-max_amouont, max_amount]之内。这里的问题是他们错误地被放置在了amouont *= a这句代码之前,正确的做法是将它们放到amouont *= a之后,因为它的目的是检测运算结果的合法性。正确的代码顺序应该是这样:

amount *= a;

eosio_assert( -max_amount <= amount, "multiplication underflow" );  <= (2)

eosio_assert( amount <= max_amount,  "multiplication overflow" );   <= (3)

下面来看检测(1),这是一个非常重要的检测,目的是确保两点:

  1. 乘法结果没有导致符号改变(如两个正整数相乘,结果变成了负数)

  2. 乘法结果没有溢出64位符号数(如两个非零正整数数相乘,结果比其中任意一个都小)

  eosio_assert( a == 0 || (amount * a) / a == amount, "multiplication 
overflow or underflow" );                                    <== (1)

这里的问题非常隐晦,直接看C++源代码其实看不出什么问题。但是我们要知道,EOS的智能合约最终是编译成webassembly字节码文件来执行的,让我们来看看编译后的字节码长什么样子:

  (call $eosio_assert

   (i32.const 1)    //  always true

   (i32.const 224)  // "multiplication overflow or underflow\00")

  )

上述字节码对应于源码中的:

  eosio_assert( a == 0 || (amount * a) / a == amount, "multiplication 
overflow or underflow" );                                    <== (1)

这个结果让我们非常吃惊,应为很明显,生成的字节码代表的含义是:

  eosio_assert(1, "multiplication overflow or underflow" );

相当于说这个assert的条件变成了永远是true,这里面的溢出检测就这样凭空消失了!!!

根据我们的经验,会发生这样的问题,很可能是编译器优化导致的。于是我们查看了一下官方提供的编译脚本(eosiocpp):

($PRINT_CMDS; /root/opt/wasm/bin/clang -emit-llvm -O3 --std=c++14 --target
=wasm32 -nostdinc \

可以看到它是调用clang进行编译的,并且默认开启了编译器优化,优化级别是O3,比较激进的一个级别。

我们尝试关闭编译器优化(使用-O0),然后重新编译相同的代码,这次得到的对应字节码如下:

  (block $label$0

   (block $label$1

    (br_if $label$1

     (i64.eqz

      (get_local $1)

     )

    )

    (set_local $3

     (i64.eq

      (i64.div_s

       (i64.mul

        (tee_local $1

         (i64.load

          (get_local $0)

         )

        )

        (tee_local $2

         (i64.load

          (get_local $4)

         )

        )

       )

       (get_local $2)

      )

      (get_local $1)

     )

    )

    (br $label$0)

   )

   (set_local $3

    (i32.const 1)

   )

  )

  (call $eosio_assert

   (get_local $3)     // condition based on "a == 0 || (amount * a) / a == amount"

   (i32.const 192)   // "multiplication overflow or underflow\00")

可以看到这次生成的字节码中完整保留了溢出检测的逻辑,至此我们可以确定这个问题是编译器优化造成的。

为什么编译器优化会导致这样的后果呢?这是因为在下面的语句中,amount和a的类型都是有符号整数:

eosio_assert( a == 0 || (amount * a) / a == amount, "multiplication 
overflow or underflow" );

在C/C++标准中,有符号整数的溢出属于“未定义行为(undefined behavior)”。当出现未定义行为时,程序的行为是不确定的。所以当一些编译器(包括gcc,clang)做优化时,不会去考虑出现未定义行为的情况(因为一旦出现未定义行为,整个程序就处于为定义状态了,所以程序员需要自己在代码中去避免未定义行为)。简单来讲,在这个例子里面,clang在做优化时不会去考虑以下乘法出现溢出的情况:

(amount * a)

那么在不考虑上面乘法溢出的前提下,下面的表达式将永远为true:

a == 0 || (amount * a) / a == amount

于是一旦打开编译器优化,整个表达式就直接被优化掉了。

官方补丁

8月7日EOS官方发布了这个漏洞的补丁:

https://github.com/EOSIO/eos/commit/b7b34e5b794e323cdc306ca2764973e1ee0d168f//github.com/EOSIO/eos/commit/b7b34e5b794e323cdc306ca2764973e1ee0d168f>

漏洞的危害

由于asset乘法中所有的三处检测通通无效,当合约中使用asset乘法时,将会面临所有可能类型的溢出,包括:

  1. a > 0, b > 0, a * b < 0
  2. a > 0, b > 0, a * b < a
  3. a * b > max_amount
  4. a * b < -max_amount

响应建议

对于EOS开发者,如果您的智能合约中使用到了asset的乘法操作,我们建议您更新对应的代码并重新编译您的合约。因为像asset这样的工具代码是静态编译进合约中的,必须重新编译才能解决其中的安全隐患。

同时,我们也建议各位EOS开发者重视合约中的溢出问题,在编写代码时提高安全意识,避免造成不必要的损失。

时间线

2018-7-26: 360 Vulcan团队在代码审计中发现asset中乘法运算的溢出问题

2018-7-27: 通过Hackerone平台将漏洞提交给EOS官方

2018-8-7: EOS官方发布补丁修复漏洞


Paper 本文由 Seebug Paper 发布,如需转载请注明来源。本文地址:https://paper.seebug.org/658/


          The Economics of Hacking an Election      Cache   Translate Page   Web Page Cache   

CircleID CircleID: There have been many news stories of late about potential attacks on the American electoral system. Which attacks are actually serious? As always, the answer depends on economics.

There are two assertions I'll make up front. First, the attacker — any attacker — is resource-limited. They may have vast resources, and in particular, they may have more resources than the defenders — but they're still limited. Why? They'll throw enough resources at the problem to solve it, i.e., to hack the election, and use anything left over for the next problem, e.g., hacking the Brexit II referendum… There's always another target.

Second, elections are a system. That is, there are multiple interacting pieces. The attacker can go after any of them; the defender has to protect them all. And protecting just one piece very well won't help; after all, "you don't go through strong security, you go around it." But again, the attacker has limited resources. Their strategy, then, is to find the greatest leverage, the point to attack that costs the defenders the most to protect.

There are many pieces to a voting system; I'll concentrate on the major ones: the voting machines, the registration system, electronic poll books, and vote-tallying software. Also note that many of these pieces can be attacked indirectly, via a supply chain attack on the vendors.

There's another point to consider: what are the attacker's goals? Some will want to change vote totals; others will be content with causing enough obvious errors that no one believes the results — and that can result in chaos.

The actual voting machines get lots of attention. That's partly a hangover from the 2000 Bush–Gore election, where myriad technological problems in Florida's voting system (e.g., the butterfly ballot in Palm Beach County and the hanging chads on the punch card voting machines) arguably cost Gore the state and hence the presidential election.

And purely computerized (DRE — Direct Recording Electronic) voting machines are indeed problematic. They make mistakes. If there's ever a real problem, there's nothing to recount. It's crystal-clear to virtually every computer scientist who has studied the issue that DRE machines are a bad idea. But: if you want to change the results of a nation-wide election or set of elections in the U.S., going after DRE machines is probably the wrong idea. Why not? Because it's too expensive.

There are many different election administrations in the U.S.: about 10,000 of them. Yes, sometimes an entire state uses the same type of machine — but each county administers its own machines. Storing the voting machines? Software updates? Done by the county. Programming the ballot? Done by the county. And if you want to attack them? Yup — you have to go to that county. And voting machines are rarely, if ever, connected to the Internet, which means that you pretty much need physical presence to do anything nasty.

Now, to be sure, if you are at the polling place you may be able to do really nasty things to some voting machines. But it's not an attack that scales well for the attacker. It may be a good way to attack a local election, but nothing larger. A single Congressional race? Maybe, but let's do a back-of-the-envelope calculation. The population of the U.S. is about 325,000,000. That means that each election area has about 32,500 people. (Yes, I know it's very non-uniform. This is a back-of-the-envelope calculation.) There are 435 representatives, so each one has about 747,000 constituents, or about 75 election districts. (Again: back of the envelope.) So: you'd need a physical presence in seven different counties, and maybe many precincts in each county to tamper with the machines there. As I said, it's not an attack that scales very well. We need to fix our voting machines — after all, think of Florida in 2000 — but for an attacker who wants to change the result of a national election, it's not the best approach.

There's one big exception: a supply chain attack might be very feasible for a nation-state attacker. There are not many vendors of voting equipment; inserting malware in just a few places could work very well. But there's a silver lining in that cloud: because there are many fewer places to defend than 50 states or 10,000 districts, defense is much less expensive and hence more possible — if we take the problem seriously.

And don't forget the chaos issue. If, say, every voting machine in a populous county of a battleground state showed a preposterous result — perhaps a 100% margin for some candidate, or 100 times as many votes cast as there are registered voters in the area — no one will believe that that result is valid. What then? Rerun the voting in just that county? Here's what the Constitution says:

The Congress may determine the Time of chusing the Electors, and the Day on which they shall give their Votes; which Day shall be the same throughout the United States.

The voter registration systems are a more promising target for an attacker. While these are, again, locally run, there is often a statewide portal to them. In fact, 38 states have or are about to have online voter registration.

In 2016, Russia allegedly attacked registration systems in a number of states. Partly, they wanted to steal voter information, but an attacker could easily delete or modify voter records, thus effectively disenfranchising people. Provisional ballots? Sure, if your polling place has enough of them, and if you and the poll workers know what to do. I've been a poll worker. Let's just say that handling exceptional cases isn't the most efficient process. And consider the public reaction if many likely supporters (based on demographics) of a given candidate are the ones who are disproportionately deleted. (Could the attackers register phony voters? Sure, but to what end? In-person voter fraud is exceedingly rare; how many times can Boris and Natasha show up to vote? Again, that doesn't scale. That's also why requiring an ID to vote is solving a non-problem.)

There's another point. Voting software is specialized; its attack surface should be low. It's possible to get that wrong, as in some now-decertified Virginia voting machines, and there's always the underlying operating system; still, if the machines aren't networked, during voting the only exposure should be via the voting interface.

A lot of registration software, though, is a more-or-less standard web platform and is, therefore, subject to all of the risks of any other web service. SQL injection, in particular, is a very real risk. So an attack on the registration system is not only more scalable, it's easier.

Before the election, voter rolls are copied to what are known as poll books. Sometimes, these are paper books; other places use electronic ones. The electronic ones are networked to each other; however, they are generally not connected to the Internet. If that networking is set up incorrectly, there can be risks; generally, though, they're networked on a LAN. That means that you have to be at the polling place to exploit them. In other words, there's some risk, but it's not much greater than the voting machines.

There's one more critical piece: the vote-tallying software. Tallies from each precinct are transmitted to the county's election board; there may be links to the state, to news media, etc. In other words, this software is networked and hence very subject to attack. However: this is used for the election night count; different procedures can be and often are used for the official canvas. And even without attacks, many things can go wrong:

In Iowa, a hard-to-read fax from Scott County caused election officials initially to give Vice President Gore an extra 2,006 votes. In Outagamie County, Wis., a typo in a tally sheet threw Mr. Bush hundreds of votes he hadn't won.

But: the ability to do a more accurate count the second time around depends on there being something different to count: paper ballots. That's what saved the day in 2000 in Bernalillo County, New Mexico. The problem: ``The paper tallies, resembling grocery-store receipts, seemed to show that many more ballots had been cast overall than were cast in individual races. For example, tallies later that night would show that, of about 38,000 early ballots cast, only 25,000 were cast for Mr. Gore or Mr. Bush.'' And the cause? Programming the vote-counting system:

As they worked, Mr. Lucero's computer screen repeatedly displayed a command window offering a pull-down menu. From the menu, the two men should have clicked on "straight party." Either they didn't make the crucial click, or they did and the software failed to work. As a result, the Accu-Vote machines counted a straight-party vote as one ballot cast, but didn't distribute any votes to each of the individual party candidates.

To illustrate: If a voter filled in the oval for straight-party Democrat, the scanner would record one ballot cast but wouldn't allocate votes to Mr. Gore and other Democratic candidates.

Crucially, though, once they fixed the programming they could re-tally those paper ballots. (By the way, programming the tallying computer can itself be complex. Bernalillo County, which had a population of 557,000 then, required 114 different ballots.)

There's a related issue: the systems that distribute votes to the world. Alaska already suffered such an attack; it could happen elsewhere, too. And it doesn't have to be via hacking; a denial of service attack could also do the job of causing chaos.

The best way to check the ballot-counting software is risk-limiting audits. A risk-limiting audit checks a random subset of the ballots cast. The closer the apparent margin, the more ballots are checked by hand. "Risk-limiting audits guarantee that if the vote tabulation system found the wrong winner, there is a large chance of a full hand count to correct the results." And it doesn't matter whether the wrong count was due to buggy software or an attack. In other words, if there is a paper trail, and if it's actually looked at, via either a full hand-count or a risk-limiting audit, the tallying software isn't a good target for an attacker. One caveat: how much chaos might there be if the official count or the recount deliver results significantly different than the election night fast count?

There's one more point: much of the election machinery, other than the voting machines themselves, are an ordinary IT installation, and hence are subject to all of the security ills that any other IT organization can be subject to. This specifically includes things like insider attacks and ransomware — and some attackers have been targeting local governments:

Attempted ransomware attacks against local governments in the United States have become unnervingly common. A 2016 survey of chief information officers for jurisdictions across the country found that obtaining ransom was the most common purpose of cyberattacks on a city or county government, accounting for nearly one-third of all attacks.

The threat of attacks has induced at least one jurisdiction to suspend online return of absentee ballots. They're wise to be cautious — and probably should have been that cautious to start.

Again, elections are complex. I've only covered the major pieces here; there are many more ways things can go wrong. But of this sample, it's pretty clear that the attackers' best target is the registration system. (Funny, the Russians seemed to know that, too.) Actual voting machines are not a great target, but the importance of risk-limiting audits (even if the only problem is a close race) means that replacing DRE voting machines with something that provides a paper trail is quite important. The vote-counting software is even less interesting if proper audits are done, though don't discount the utility to some parties of chaos and mistrust.

Acknowledgments:Many thanks to Joseph Lorenzo Hall, Avi Rubin, and Matt Blaze for many helpful comments on this blog post.
Written by Steven Bellovin, Professor of Computer Science at Columbia UniversityFollow CircleID on TwitterMore under: Cyberattack, Cybersecurity

The post The Economics of Hacking an Election appeared first on iGoldRush Domain News and Resources.


          Safeguard Your Privacy Online with This Award-Winning VPN      Cache   Translate Page   Web Page Cache   
A Virtual Private Network (VPN) is the first and most important line of defense against everything from nefarious hackers to spying government agencies, and a lifetime subscription to VPN Unlimited—on ... - Source: www.xda-developers.com
          Song Seung Heon And Krystal’s OCN Drama Sets Premiere Date      Cache   Translate Page   Web Page Cache   

Upcoming OCN drama “Player” has announced its premiere date. Starring Song Seung Heon and f(x)’s Krystal as the main leads, “Player” will be a revenge story that brings together people who are talented in their respective fields like a genius con artist, hacker, driver, and fighter. Song Seung Heon is acting as genius con artist Kang Ha Ri, […]

The post Song Seung Heon And Krystal’s OCN Drama Sets Premiere Date appeared first on Soompi.


          La historia del supuesto hacker de 20 años que está siendo acusado de robar más de 5 millones de dólares en bitcoins      Cache   Translate Page   Web Page Cache   

Joel Ortiz, un joven estudiante de 20 años de Boston, Estados Unidos, fue detenido en el aeropuerto de Los Ángeles cuando se dirigía a Europa, ¿la razón? Está siendo acusado de ser la cabeza de un grupo de hackers

etiquetas: hacker, bitcoins, robar, acusado

» noticia original (www.xataka.com)


          “La bestia”, ovvero del come funziona la propaganda di Salvini      Cache   Translate Page   Web Page Cache   

DI STEVEN FORTI rollingstone.it Intervista a Alessandro Orlowski, ex hacker e spin doctor digitale, che ci parla della strategia comunicativa della Lega, dell’affaire Cambridge Analytica, del business dei falsi profili twitter, del Gdpr, Facebook e molto altro Alessandro Orlowski è seduto a un tavolino di un bar di Barcellona. Nato a Parma nel 1967, vive …

L'articolo “La bestia”, ovvero del come funziona la propaganda di Salvini sembra essere il primo su Come Don Chisciotte - Controinformazione - Informazione alternativa.


          1,8 Milliarden Nutzer sind betroffen: Hacker fälschen Whatsapp-Nachrichten      Cache   Translate Page   Web Page Cache   
Ein Hacker-Team veröffentlicht drei riesige Sicherheitslücken beim Nachrichten-Riesen Whatsapp. Demnach können ganze Nachrichten gefälscht werden. Whatsapp arbeitet bereits an der Schliessung der Schwachstellen.
          Heboh Jenderal Kardus, Gibran Dompleng Promosi Kardus Baru Markobar      Cache   Translate Page   Web Page Cache   

Liputan6.com, Jakarta - Jejaring sosial Twitter hingga kini diramaikan dengan perbincangan jenderal kardus. Perbincangan tersebut bermula ketika Wasekjen Demokrat Andi Arief melalui akunnya dengan nama @AndiArif_ membuat twit mengenai jenderal kardus.

Julukan jenderal kardus bermula dari batalnya pertemuan antara Ketua Umum Partai Demokrat Susilo Bambang Yudhoyono (SBY) dan Ketua Umum Partai Gerindra Prabowo Subianto. Batalnya pertemuan itu disampaikan oleh Andi Arief pada Rabu (8/8/2018) pagi.

 

 

(AndiArief_/twitter.com)#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000

Dalam twit-nya itu, Andi mengungkapkan kalau Demokrat menolak kehadiran Prabowo. Twit selanjutnya, politisi itu pun semakin ragu dengan mental Prabowo. Selain itu pula, Andi menyindir sikap Prabowo yang lebih menghargai uang daripada perjuangan.

Ramainya perbincangan jenderal kardus, ternyata dimanfaatkan Gibran Rakabuming yang ikut mempromosikan kardus terbaru bisnis kulinernya, Markobar.

Dompleng Isu Jenderal Kardus

(@Chili_pari/twitter.com)#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000

Putra sulung Presiden Jokowi itu pun rupanya memanfaatkan momentum atas viralnya 'Jenderal Kardus'. Lewat akun Twitter miliknya @Chili_pari yang diunggah pada Rabu (8/8/2018), Gibran menyebut akan merilis desain baru kardus pembungkus martabak yang bisa dijadikan sebagai papan permainan.

Memiliki jiwa bisnis yang mumpuni, Gibran sangat paham bagaimana memanfaatkan momentum yang sedang ramai dibicarakan. Ia pun mengunggah penampilan kardus tersebut di akun Twitter-nya.

Dalam video tersebut, kardus martabak memiliki pola-pola tertentu yang menjadi bagian dari papan permainan. Papan permainan ini semacam papan ular tangga namun lebih tampak modern. Gibran juga menyebutkan setelah martabaknya habis, jangan langsung dibuang kardus pembungkusnya karena bisa dijadikan sarana bermain yang menyenangkan.

 

Penampakan Kardus Markobar

(@markobar1996/twitter.com)#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000

Promosi kardus Markobar yang dilakukan Gibran tentu menuai beragam respons warganet. Banyak dari warganet memuji strategi Gibran menjadikan momen tersebut sebagai bisnisnya.

Berikut beragam respons warganet yang berhasil dirangkum dari Twitter.

"Memanfaatkan trending untuk bisnis, keren laaahh," kata akun @Daavy04.

"Ternyata yg lagi heboh strategi marketing tukang martabak nih," komentar akun @reeccou.

"Emang dah ... marketing ulung , pesan brand tingkat tinggi, manfaatkan momentumOmzet menanjak drastis," kata akun @_mollucan_.

"Pengusaha itu tanggap dan kreatif. Kardus aja bisa jadi inspirasi," kata akun @fahriGagar.

"Oke pembelajaran marketing yang bagus haha," kata akun @guido_dayax.

Strategi bisnis yang dilakukan Gibran patut dicontoh ya. Bagaimana menurutmu?

Reporter:

Rizky Mandasari

Sumber: Brilio.net


          WhatsApp: Κενό ασφαλείας επιτρέπει στους hackers να αλλάζουν το περιεχόμενο των μηνυμάτων! [Video]      Cache   Translate Page   Web Page Cache   

Techgear.gr

Η Facebook προσπαθεί να καταπολεμήσει το φαινόμενο της διάδοσης ψευδών ειδήσεων μέσω και της πλατφόρμας WhatsApp και γι' αυτό πρόσφατα είδαμε να θέτει περιορισμό στον αριθμό των μηνυμάτων που μπορεί να προωθήσει ο κάθε χρήστης, ενώ εμφανίζει και μήνυμα ότι … Continue reading

WhatsApp: Κενό ασφαλείας επιτρέπει στους hackers να αλλάζουν το περιεχόμενο των μηνυμάτων! [Video]


          Amerikaanse senator: 'Russen hebben verkiezingssystemen Florida gehackt'      Cache   Translate Page   Web Page Cache   
De Amerikaanse Democratische senator Bill Nelson van Florida zegt dat Russische hackers enkele verkiezingssystemen in Florida zijn binnengedrongen.
          Beware! WhatsApp flaw allows hackers to send fake messages, pretending to be you      Cache   Translate Page   Web Page Cache   
Researchers at Israeli cybersecurity firm said they had found a flaw in WhatsApp that could allow hackers to modify and send fake messages in the popular social messaging app. CheckPoint said the vulnerability gives a hacker the possibility "to intercept and manipulate messages sent by those ... Reported by DNA 4 hours ago.
          旅行を台無しにしないために。カード情報を盗み取るATMスキムの手口と対策4つ      Cache   Translate Page   Web Page Cache   
旅行にセキュリティリスクはつきものです。初めて訪れるよく知らない街では、不当なタクシー料金を請求されたり、スリに遭ったりするかもしれません。あるいは、ATMスキマーでカード情報を読み取られ、現金を盗まれてしまうケースもあるでしょう。米Lifehackerは、クラウドセキュリティ会社Radwareのセキュリティ研究員であるDaniel Smith氏に話を聞き、旅行先で怪しいATMを使わないようにする方法を教えてもらいました。ATMスキマーとは?ATMスキマーは、詐欺師がATMのカードリーダー 全文
ライフハッカー[日本版] 08月08日 22時05分


          07_10_1964: Всего 3 столовых ложки в день, вы опустите свой холестерин и потеряете брюшной жир, как сумасшедший!      Cache   Translate Page   Web Page Cache   

Это цитата сообщения VezunchikI Оригинальное сообщениеВсего 3 столовых ложки в день, вы опустите свой холестерин и потеряете брюшной жир, как сумасшедший!

Здесь мы представляем вам рецепт, который считается одним из лучших натуральных средств и действительно может творить чудеса для вашего здоровья. Этот чесночный напиток улучшает функции органов, очищает кровь и укрепляет вашу иммунную систему вместе с кровеносными сосудами и сердцем.

Это прекрасное природное средство, которое ускорит обмен веществ и способствует снижению веса. Оно очищает ваш организм и удаляет все вредные токсины.

ИНГРЕДИЕНТЫ:

12 зубчиков чеснока (очищенных)
1/2 литра красного вина
ИНСТРУКЦИИ:

Сначала порежьте чесночные зубчики на кусочки и положите их в банку. Затем залейте их вином. Закройте бутылку и оставьте ее в солнечном месте на 2 недели. Встряхивайте бутылку каждый день. Поместите жидкость в бутылку из темного стекла через 14 дней и храните ее. Потребляйте 1 столовую ложку этого напитка 3 раза в день в течение 1 месяца. Затем сделайте перерыв на 6 месяцев.

 

ПРЕИМУЩЕСТВА.

Этот напиток богат различными антибиотическими, противовоспалительными, противораковыми и антибактериальными свойствами. Вот лишь некоторые из преимуществ, которые он может вам предложить:

Лечит воспалительные заболевания
Улучшает обмен веществ
Снижает уровень холестерина
Удаляет излишки соли из организма
Устраняет токсины из организма
Очистить кровь
Увеличивает энергию
Сжигание жира
Поддерживает здоровье кровеносных сосудов и сердца
Увеличивает выносливость
Красное вино содержит ресвератрол и антиоксидантные, противовоспалительные свойства, что означает, что оно может предотвратить образование сгустков крови, которые могут привести к сердечным приступам и сердечной недостаточности. Это вещество препятствует росту и распространению раковых клеток. Оно имеет способность убивать их, при этом оставляя здоровые клетки нетронутыми.

Источник, отсюда


          Hacker Halted Security Conference Free for Women through IBM Security...      Cache   Translate Page   Web Page Cache   

For the second consecutive year, in order to increase female representation in information security, IBM is funding a scholarship that will cover 100% of the entry fees for women to attend...

(PRWeb August 09, 2018)

Read the full story at https://www.prweb.com/releases/hacker_halted_security_conference_free_for_women_through_ibm_security_scholarship/prweb15682054.htm


          Report: Hackers are specifically targeting industrial control systems      Cache   Translate Page   Web Page Cache   
A Cybereason study reports that hackers are targeting industrial control systems as a way to breach operational technology as -More

          New Cyberbully on the Block? Iran Adds New Weapon to Arsenal of Terror      Cache   Translate Page   Web Page Cache   
Iran is adding a new weapon to its arsenal of terror: cyber-espionage. CBN News has learned investigators found Iranian hackers targeting our nation's power grid.
          Coinfirm’s AMLT Network Helps Fight Against Cryptojacking      Cache   Translate Page   Web Page Cache   

There’s a popular new hacker tool: cryptojacking software. But it won’t be very useful for long.

(PRWeb August 09, 2018)

Read the full story at https://www.prweb.com/releases/coinfirms_amlt_network_helps_fight_against_cryptojacking/prweb15676667.htm


          Brain Food: NAU Cybercrime Research Aims to Prevent Future Attacks       Cache   Translate Page   Web Page Cache   
Cybercriminals of the future may be able to do a lot more than steal identities, mine for data and interfere with computer systems. Sophisticated hackers could shut down power grids, hospitals, planes and more, says Bertrand Cambou, a researcher and professor at Northern Arizona University’s School of Informatics, Computing and Cyber Systems.
          Egy amerikai szenátor szerint az oroszok képesek kitörölni neveket a floridai választási névjegyzékből      Cache   Translate Page   Web Page Cache   

Az illetékes hatóságok a gyanúját nem erősítették meg, de korábban már egy republikánus társa is aggódott az orosz hackerek floridai kavarásai miatt.


          Snapchat's leaked source code is clean, literally - TNW - TNW      Cache   Translate Page   Web Page Cache   

TNW


          Advanced SystemCare Ultimate 11.1.0.72      Cache   Translate Page   Web Page Cache   
Advanced SystemCare Ultimate 11 is a powerful and full-scale antivirus utility for PC security and performance. It provides a one-stop solution to clean, optimize, speed up, and protect your system. With the new IObit Anti-ransomware Engine and the world-leading antivirus engine Bitdefender, Advanced SystemCare Ultimate 11 brings PC security to a higher level. It not only prevents your files from being encrypted by hackers and illegal access by third-party programs, but also protects your PC against various viruses and malware. Advanced SystemCare Ultimate 11 also optimizes and enhances several important protections like FaceID, Homepage Advisor, and Surfing Protection & Ads- Removal to better secure your privacy and provide ads-free online surfing. Meanwhile, Advanced SystemCare Ultimate 11 offers you 1-click approach to achieve top PC performance. The redesigned Performance Monitor monitors and displays your PC's RAM/CPU/Disk usage, CPU/GPU/Mainboard temperature, and fan speed more accurately in real-time. What's more, it allows you to quickly end the processes that slow down your PC to make it more responsive and run faster. What's new: + Bigger database to remove more virus, ransomware, spyware, etc. for a more secure PC. + Upgraded Surfing Protection & Ads Removal to block Cryptocurrency Mining and avoid high CPU usage caused by this. + Enhanced Privacy Sweep to support Chrome 65.0, Firefox 59.0, Opera 52.0, VLC Media Player 3.0, Adobe Flash Player 28.0, and more. + Strengthened Junk File Clean to support Dropbox 44.4, SUPERAntiSpyware 6.0.1254, TeamViewer 13.0, Avira Free Antivirus 15.0.33, Glary Utilities 5.88, and more. + Expanded the database of Startup Optimization, Startup Manager, Real-time Protector, and Surfing Protection & Ads Removal. + Newly supported to start a scan directly from Performance Monitor. + Optimized the scan algorithm of AutoCare. + Optimized the stability of Homepage Advisor. + Fixed all known bugs. + Updated multiple languages.
          Iron Sysadmin Episode 44 – Cons!      Cache   Translate Page   Web Page Cache   
Welcome to Episode 44   News https://thehackernews.com/2018/08/android-9-pie.html https://thehackernews.com/2018/08/mikrotik-router-hacking.html https://www.slashdot.org/story/344278 https://thehackernews.com/2018/08/fortnite-android-apk-download.html https://arstechnica.com/tech-policy/2018/08/georgia-defends-voting-system-despite-243-percent-turnout-in-one-precinct/ Announcements This Charles guy (bailed on us) https://oggcamp.org/ in Sheffield, UK on 18th/19th August Hacker Mecca https://www.imdb.com/title/tt7547410/fullcredits?ref_=tt_cl_sm#cast http://www.collegehumor.com/e/6789072   Chat Star trek: the next conversation podcast Admin Admin podcast reviewed our “Don’t be like Nate” episode. Their Episode 65 https://www.adminadminpodcast.co.uk/admin-admin-podcast-65-learning-to-accept-failure/   Main topic The …
          Trillium Challenges World's Top Hackers to "Pass GO"      Cache   Translate Page   Web Page Cache   
Invites hackers to attack cybersecurity platform during Black Hat 2018 / DEFCON26
          Samsung Galaxy S7 phones ‘vulnerable to being hacked’      Cache   Translate Page   Web Page Cache   
Samsung’s Galaxy S7 smartphones — thousands of which have been sold to Irish customers — contain a microchip security flaw uncovered earlier this year that put tens of millions of devices at risk to hackers looking to spy on their users, researchers have said.
          DHS-Funded Researchers Say They've Found Security Flaws in Phones With All Major Carriers - Gizmodo      Cache   Translate Page   Web Page Cache   

Gizmodo

DHS-Funded Researchers Say They've Found Security Flaws in Phones With All Major Carriers
Gizmodo
An analyst at the DHS' cyber defense facility in Idaho Falls, Idaho who is supposedly staring at a DHS emblem superimposed on a circuit board graphic for some reason. Photo: Mark J. Terrill (AP). Department of Homeland Security-funded research by ...
Government-backed research suggests millions of smartphones have built-in security flawsBGR
New bugs leave millions of phones vulnerable to hackersfifthdomain.com

all 22 news articles »

          SpyHunter      Cache   Translate Page   Web Page Cache   

SpyHunter es un anti-spyware muy efectivo con una interfaz muy simple y fácil de usar. Este programa es una elección excelente, tanto para expertos en seguridad como para usuarios de PC. Puede ser usado para eliminar spywares y parásitos ranwomares, adwares, hackers de navegador y similares programas indeseados. Hay dos versiones diferentes disponibles en el […]
          15 причин, почему могут отказать в кредите      Cache   Translate Page   Web Page Cache   
15 причин, почему могут отказать в кредитеОстаться без займа можно из-за слишком высокого дохода или отсутствия стационарного телефона в офисе.
          Бесплатные приложения и скидки App Store 9 августа      Cache   Translate Page   Web Page Cache   
Не пропустите все самые интересные акции на приложения для ваших iPhone, iPad и Mac. Только лучшее за этот день!
          Как профессионалы в сфере безопасности защищают личные данные      Cache   Translate Page   Web Page Cache   
Как профессионалы в сфере безопасности защищают личные данныеИмеет ли смысл отказываться от публичного Wi-Fi и банковских приложений и заводить отдельную карту для онлайн-покупок — мнение специалиста по информационной безопасности.
          Бесплатные приложения и скидки в Google Play 9 августа      Cache   Translate Page   Web Page Cache   
Самые горячие распродажи приложений и игр Google Play — в нашей ежедневной рубрике. Лайфхакер отбирает для вас и ваших Android-устройств только лучшее!
          4 причины, почему мы не делаем то, что хотим, и как с ними справиться      Cache   Translate Page   Web Page Cache   
4 причины, почему мы не делаем то, что хотим, и как с ними справитьсяЕсли с ними не бороться, страх, привычка всё усложнять и другие причины всегда будут мешать вам исполнять свои желания.
          DHS-Funded Researchers Say They've Found Security Flaws in Phones With All Major Carriers - Gizmodo      Cache   Translate Page   Web Page Cache   

Gizmodo

DHS-Funded Researchers Say They've Found Security Flaws in Phones With All Major Carriers
Gizmodo
An analyst at the DHS' cyber defense facility in Idaho Falls, Idaho who is supposedly staring at a DHS emblem superimposed on a circuit board graphic for some reason. Photo: Mark J. Terrill (AP). Department of Homeland Security-funded research by ...
Government-backed research suggests millions of smartphones have built-in security flawsBGR
DHS-Funded Research Reveals Mobile Flaws Affecting MillionsAndroid Headlines
Dept of Homeland Security discovers security flaws in millions of US smartphones9to5Mac
fifthdomain.com
all 22 news articles »

          Facial recognition tool helps penetration testing      Cache   Translate Page   Web Page Cache   
Using fake social media profiles is a common technique among hackers in order to gain the confidence of targets and direct them to credential stealing sites. For security and penetration testing teams to replicate this is time consuming as often people have profiles across multiple sites. Ethical hacking specialist Trustwave is using a new tool called Social Mapper that can correlate profiles across multiple sites and make analyzing a person's online presence easier. Social Mapper is an open source tool that takes an automated approach to searching popular social media sites for names and pictures of individuals to accurately detect… [Continue Reading]

          Decentralized Identity 101: What It Is and Why It Matters      Cache   Translate Page   Web Page Cache   

Guest Author: Vinny Lingham, CEO, Civic Technologies

Bitcoin. Blockchain. Crypto. Decentralization. Tokens. A lot of buzzwords have emerged alongside the rise of blockchain technology. Yet, there is often a lack of context about what those terms actually mean and the impact they will have.

Decentralized identity re-envisions the way people share access, control, and share their personal information. It gives people power back over their identity.

Current identity challenges all tie back to the way we collect and store data. The world has evolved from floppy disks to the Cloud, but now, every single time that data is collected, processed, or stored, security and privacy concerns emerge. With the rise of the digital economy, consumers have unintentionally turned banks, governments, and stores into identity management organizations, responsible for the storage and protection of an unprecedented amount of personal data. Unfortunately, as recent hacks have shown, not all of them were ready to deal with this new role.

Decentralized identity puts that power and responsibility back in the hands of the individual, giving them the ability to control and protection their own personal information. This concept is made possible by the decentralized nature of blockchain and the trust created by consensus algorithms.

 

How Blockchain Creates Trust

The most prominent blockchain application to date is Bitcoin, a technology that emerged following the U.S. financial crisis of 2008 when trust in institutions was at an all-time low. Blockchain technology, specifically the public blockchain, has several unique characteristics that solve problems of trust and make it a great fit for identity solutions.

First, blockchain is immutable, or unchangeable. Blockchain transactions are processed by a network. Computers work together to confirm a transaction, and every computer in the network must eventually confirm every transaction in the chain. These transactions are processed in blocks, and each block is linked to the preceding block. This structure makes it reasonably impossible to go back and alter a transaction. Additionally, blockchain is transparent. Every computer in the network has a record of every transaction that occurred.

Decentralization is the essence of blockchain: no one party control the data, so there is no single point of failure or someone who can override a transaction. Second, it is reasonably impossible to alter blockchain transactions. And this is how blockchain builds trust: when data cannot be modified and is independently verifiable, it can be trusted. 

 

How Blockchain Helps Decentralized Identity

Currently, there is a presumption that knowledge of information is identity. If a person knows a social security number or password, they are presumed to be the person who that information represents. And if a person knows your personal information, they can impersonate you.

Using blockchain technology to decentralize identity is about digital validation and keys. For example, a digital wallet with cryptographic keys that cannot be recreated. You must have physical access to a device to validate identity. With a decentralized identity system, a remote hacker might have access to pieces of personal information but being able to prove an actual identity would require physical possession of that person’s device. Decentralized identity is literally putting the power back in the hands of the people.

 

Why It Matters

In 2017, Equifax became one of the worst data breaches in corporate history, exposing personal information of over 147 million people, including Social Security numbers, dates of birth, home addresses, driver’s license numbers, and credit card numbers.

In 2018, the Cambridge Analytica scandal about user data misuse has continued to unfold, as the F.B.I and Justice Department are investigating Facebook for failing to safeguard 87 million user profiles.

Equifax and Cambridge Analytica are two prime examples of how current systems for sharing and storing personal information have proven to be not as safe, secure, or trustworthy as previously thought.

And everyone feels this impact.

Governments are implementing more stringent laws and regulations for consumer protection. In May, the General Data Protection Regulation (GDPR), a standard for data collection and storage, went into effect. In July, California passed the California Consumer Protection Act enacting similar standards. And this is probably the first in a wave of consumer protection and privacy policies that will come to life.

Consumers are concerned as well. In a recent Deloitte study, 81 percent of U.S. respondents feel they have lost control over the way their personal data are collected and used. 

The ability to prove you are who you say you are is critical to engaging with the world and being a part of the economy. Decentralized identity gives that control back to people. 

Get to know more about Blockchain and listen to my Keynote "Practical Examples of Decentralized ID's in the Real World" at the Consumer Identity World USA in Seattle in September.

For a deep dive into the Blockchain topic please find the following blog posts:


          DHS-Funded Researchers Say They've Found Security Flaws in Phones With All Major Carriers - Gizmodo      Cache   Translate Page   Web Page Cache   

Gizmodo

DHS-Funded Researchers Say They've Found Security Flaws in Phones With All Major Carriers
Gizmodo
An analyst at the DHS' cyber defense facility in Idaho Falls, Idaho who is supposedly staring at a DHS emblem superimposed on a circuit board graphic for some reason. Photo: Mark J. Terrill (AP). Department of Homeland Security-funded research by ...
Government-backed research suggests millions of smartphones have built-in security flawsBGR
New bugs leave millions of phones vulnerable to hackersfifthdomain.com

all 22 news articles »

          These 4 Antivirus Tools Are Using AI to Protect Your System      Cache   Translate Page   Web Page Cache   

The future of antivirus protection is exciting. Much like our cars, trains, and boats, the future of antivirus runs on artificial intelligence. AI technology is one of the fastest growing sectors around the world and security researchers are continually evaluating and integrating the technology into their consumer products.

Consumer antivirus products with AI or machine learning elements are appearing thick and fast. Does your next antivirus subscription need to include AI, or is it just another security buzzword? Let’s take a look.

Traditional Antivirus vs. AI Antivirus

The term “artificial intelligence” once conjured fantastical images of futuristic technology, but AI is now a reality. To understand what AI antivirus is, you need to understand how traditional antivirus works.

Traditional Antivirus

A traditional antivirus uses file and data signatures, and pattern analysis to compare potential malicious activity to previous instances. That is, the antivirus knows what the malicious file looks like, and can move swiftly to stop those files from infecting your system, should you pick one up. That’s a very basic explanation. You can read more about how it works and what scans to use right here The 3 Types of Antivirus Scans and When to Use Each One The 3 Types of Antivirus Scans and When to Use Each One Scanning your system with an antivirus program is important for keeping your system secure. But which type of antivirus scan should you use? Full, Quick, or Custom? Read More .

The antivirus on your system works well, don’t get me wrong. However, the number of malware attacks continues to rise, and security researchers regularly discover extremely advanced malware variants, such as Mylobot What Is Mylobot Malware? How It Works and What to Do About It What Is Mylobot Malware? How It Works and What to Do About It Every so often, a truly new malware strain appears. Mylobot is a perfect example. Learn more about what it is, why it's dangerous, and what to do about it. Read More . Furthermore, some traditional or legacy antivirus solutions cannot compete with advanced threats such as the devastating WannaCry ransomworm The Global Ransomware Attack and How to Protect Your Data The Global Ransomware Attack and How to Protect Your Data A massive cyberattack has struck computers around the globe. Have you been affected by the highly virulent self-replicating ransomware? If not, how can you protect your data without paying the ransom? Read More , or the Petya ransomware that encrypts your Master Boot Record Will The Petya Ransomware Crack Bring Back Your Files? Will The Petya Ransomware Crack Bring Back Your Files? A new ransomware variant, Petya, has been cracked by an irate victim. This is a chance to get one over on the cybercriminals, as we show you how to unlock your ransomed data. Read More .

As the threat landscape shifts, so must the antivirus detection mechanisms.

AI Antivirus

AI antivirus (or in some cases, machine learning―more on this distinction in a moment) works differently. There are a few different approaches, but AI antivirus learns about specific threats within its network environment and executes defensive activities without prompt.

AI and machine learning antivirus leverage sophisticated mathematical algorithms combined with the data from other deployments to understand what the baseline of security is for a given system. As well as this, they learn how to react to files that step outside that window of normal functionality.

Machine Learning vs. Artificial Intelligence

Another important distinction in the future of antivirus is between machine learning algorithms and artificial intelligence. The two words are sometimes used interchangeably but are not the same thing.

Artificial Intelligence (AI): AI refers to programs and machines that execute tasks with the characteristics of human intelligence Google Duplex Will Identify Itself as an AI Google Duplex Will Identify Itself as an AI Google Duplex was quite the talking point at I/O 2018, with serious morality questions being asked about the AI. However, Google has now made it clear Duplex will identify itself as not human. Read More , including problem-solving, forward planning, and learning. Broadly speaking, machines that can carry out human tasks in a manner we consider “intelligent.” Machine Learning (ML): ML refers to a broad spectrum of the current applications of AI technologies focusing on the idea that machines with data access and the correct programming can learn for themselves. Broadly speaking, machine learning is a means to an end for achieving AI What Is Machine Learning? Google's Free Course Breaks It Down for You What Is Machine Learning? Google's Free Course Breaks It Down for You Google has designed a free online course to teach you the fundamentals of machine learning. Read More .

Machine learning and AI are deeply intertwined, and you can see how the terms see occasional misuse. The difference in meaning with regards to antivirus is an important distinction. Most (if not all) of the latest antivirus suites implement some form of machine learning, but some algorithms are more advanced than others.

Machine learning in antivirus technologies isn’t new. It is getting more intelligent, and is easier to use as a marketing tool now that the wider public is more aware of ML and AI.

How Security Companies Use AI in Antivirus

There are a few antivirus solutions that use advanced algorithms to protect your system, but the use of true AI is still rare. Still, there are several antivirus tools with excellent AI and ML implementations that show how the security industry is evolving to protect you from the latest threats.

1. Cylance Smart Antivirus

Cylance is a well-known name in machine learning and artificial intelligence cybersecurity. The enterprise-grade CylancePROTECT uses AI-techniques to protect a huge number of businesses, and they count several Fortune 100 organizations among their clientele. Cylance Smart Antivirus is their first foray into consumer antivirus products, bringing that enterprise-level AI protection into your home.

Cylance Smart Antivirus relies entirely on AI and ML to distinguish malware from legitimate data. The result is an antivirus that doesn’t bog your system down by constantly scanning and analyzing files. ( Or informing you of its status every 15-minutes Top Free Antivirus Apps Without Nag Screens and Bloatware Top Free Antivirus Apps Without Nag Screens and Bloatware Nagging antivirus apps are a huge pain. You don't have to put up with them, even for free. Here are the best antivirus programs that don't come with popups or bundled junk. Read More .) Rather, Cylance Smart Antivirus waits until the moment of execution and immediately kills the threat―without human intervention.

“Consumers deserve security software that is fast, easy to use, and effective,” said Christopher Bray, senior vice president, Cylance Consumer. “The consumer antivirus market is long overdue for a ground-breaking solution built on robust technology that allows them to control their security environment.”

Thanks for the shout out @sawaba I can vouch that the primary reason we launched Cylance Smart Antivirus is because our customers have told us they’ve grown frustrated with everything on the market now.

― Hiep Dang (@Hiep_Dang) June 19, 2018

Smart Antivirus does, however, have some downsides. Unlike other antivirus suites with active monitoring, Cylance Smart Antivirus allows you to visit potentially malicious sites. I assume this is confidence that the product will stop malicious downloads, but it doesn’t protect against phishing attacks or similar threats.

A single Cylance Smart Antivirus license costs $29 per year , while a $69 household pack lets you install on five different systems.

2. Deep Instinct D-Client

Deep Instinct uses deep learning (a machine learning technique) to detect “any file before it is accessed or executed” on your system. The Deep Instinct D-Client makes use of static file analysis in conjunction with a threat prediction model that allows it to eliminate malware and other system threats autonomously.

Deep Instinct’s D-Client uses vast quantities of raw data to continue improving its detection algorithms. Deep Instinct is one of the only companies with private deep learning infrastructure dedicated to improving their detection accuracy, too.

3. Avast Free Antivirus

For most people, Avast is a familiar name in security. Avast Free Antivirus is the most popular antivirus on the market, and its history of protections goes back decades. Avast Free Antivirus has been “using AI and machine learning for years” to protect users from evolving threats. In 2012, the Avast Research Lab announced three powerful backend tools for their products.

The “Malware Similarity Search” allows almost instantaneous categorization of huge samples of incoming malware. Avast Free Antivirus quickly analyzes similarities between existing malware files using both static and dynamic analysis. “Evo-Gen” is similar “but a bit subtler in nature.” Evo-Gen is a genetic algorithm that works to find short and generic descriptions of malware in massive datasets. “MDE” is a database that works on top of the indexed data, allowing heavy parallel access.

These three machine learning technologies collectively evolved as the foundation for Avast’s CyberCapture .

CyberCapture is a core feature of the Avast security suite, specifically targeting unknown malware and zero-days. When an unknown suspicious file enters a system, CyberCapture activates and immediately isolates the host system. The suspect file automatically uploads to an Avast cloud server for data analysis. Afterwards, the user receives a positive or negative notification regarding the status of the file. All the while, your data is feeding back into the algorithms to define further and enhance yours and others’ system security.

Download:Avast Free Antivirus for windows | Mac | linux

Download:Avast Mobile Security for Android

4. Windows Defender Security Center

The Windows Defender Security Center for enterprise and business solutions will receive a phenomenal boost as Microsoft turns to artificial intelligence to bulk out its security. The 2017 WannaCry ransomworm ripped through Windows systems Prevent WannaCry Malware Variants by Disabling This Windows 10 Setting Prevent WannaCry Malware Variants by Disabling This Windows 10 Setting WannaCry has thankfully stopped spreading, but you should still disable the old, insecure protocol it exploited. Here's how to do it on your own computer in just a moment. Read More after hackers released a CIA trove of zero-day vulnerabilities into the wild.

Microsoft is creating a 400 million computer-strong machine learning network to build its next generation of security tools. The new AI-backed security features will start with its enterprise customers, but eventually filter down to Windows 10 systems for regular consumers. Windows Defender is constantly improving in other ways, too, and is now one of the top enterprise and consumer security solutions . The below image illustrates a snapshot of how Windows Defender machine learning protections works.


These 4 Antivirus Tools Are Using AI to Protect Your System

Want a prime example of how machine learning antivirus springs into action? Randy Treit, a senior security researcher for Windows Defender Research, writes up the Bad Rabbit ransomware detection example . It’s worth a read (it’s short!).

Antivirus: More Advanced Than You Realized

Is your antivirus suite more advanced than you realized? Machine learning and artificial intelligence are undoubtedly making larger inroads with security products. But their current prominence is more buzzword than effective deployment.

Try not to worry too much about whether your antivirus has AI or is implementing machine learning techniques. In the meantime, here’s a comparison of the best free antivirus products The 10 Best Free Anti-Virus Programs The 10 Best Free Anti-Virus Programs You must know by now: you need antivirus protection. Macs, Windows and Linux PCs all need it. You really have no excuse. So grab one of these ten and start protecting your computer! Read More for you to check out. AI or not, it is important to protect your system at all times.

Image Credit: Wavebreakmedia/ Depositphotos


          '90s hacker collective man turned infosec VIP: Internet security hasn't improved ...      Cache   Translate Page   Web Page Cache   

InterviewIt has been 20 years since Chris Wysopal (AKA Weld Pond) and his colleagues at the Boston-based L0pht* hacker collective famously testified before the US Senate that the internet was hopelessly insecure.

Youtube Video

Wysopal, now a successful entrepreneur and computer security luminary, recently went back to Capitol Hill, Washington**, with three of his colleagues (Space Rogue, Kingpin andMudge) to mark the anniversary of the first cybersecurity hearing in Congress.

Not much has improved in the two decades since, as we discovered when El Reg caught up with Wysopal, co-founder and CTO of application security firm Veracode, at the recent Infosec conference in London.

John Leyden, for The Register : I'd like to start by asking you how L0pht (the band) got together?

Chris Wysopal (AKA Weld Pond): L0pht had just started when I joined. It had only been in existence for less than a year. And I ran into one of the founding members, Brian Oblivion, on a bulletin board system because it's free. This is pre-internet, 1992. If you were on the internet then you've [ either ] got a corporate or academic connection.

I was working at Lotus at the time and I was dabbling with understanding the internet. But there was no way to talk to other people really that I knew of. So I was on the local bulletin board. Some of them were kind of hacker-oriented and I ran into this guy Brian Oblivion. He had some you technical files. He was hardware oriented. He was basically taking apart cell phones and looking at the firmware and figuring out how they worked.

I didn't know anyone else doing that, so I started an online friendship with him and then we met in person and he got to know me over just a few weeks. He said: "We've got this place in Boston called the loft. Why don't you come by there?"

There was a kind of like a vetting process to be like a credible hacker, I guess. I got invited over there and it was just this really rough space an old factory on the second floor. There was five other guys there and they had set up desks and they had all this old computer equipment there.

When I started to talk to them they said: "We started this place because our wives and girlfriends kicked us out of apartments because we had so much computer equipment."


'90s hacker collective man turned infosec VIP: Internet security hasn't improved ...

Chris Wysopal (AKA Weld Pond) has become a successful computer security businessman and infosec luminary

El Reg : And weren't the telephone bills of the time quite high? [ This was the era of dial-up internet connections. ] Wysopal: Sure, having some shared resources [ was important ]. Back then it was paper manuals. We actually had binders of manuals. They had a library. The idea was: let's share all of our resources and computers because not everyone can have a Mac and have a BT 100 terminal and have a PC.

And so I thought the place was really cool and I said: "Can I join with you guys?" I shared a desk with this guy Kingpin. He was the youngest member. I think I was probably like 26, 27 at the time; I was the oldest. Kingpin was the youngest. He was 16.

That was the age span. People were in their early 20s.


'90s hacker collective man turned infosec VIP: Internet security hasn't improved ...

L0pht's den in the early '90s (Photo via Chris Wysopal)

I joined up with them and it was really just a place to just play with the technology and just explore it. And then over time we started to sort of get a little bit more serious about it. We said: "Let's install a network, let's put a linux gateway in and let's build a website. Let's build a shell machine so we can let other people use our computers. People can log in remotely."

It started to go from just a shared space to sort of feeling like an organization, over time. There was never really any hierarchy. We each had our own areas of expertise: some people were hardware guys, some were software guys.

I was a windows programmer. The transition from DOS to Windows was happening at that time, actuallyWindows NT. That was what I had to offer in programming. I learned Linux from the other guys. So I learned Linux. I actually set up the first gateway and the first web server. I was a system administrator.

Back then the threat actors were basically were basically the teenage hacker; those people defacing websites and the occasional criminal. It wasn't the organized crime of today where people set out or even governments set out to steal money and monetise attacks...

So that's sort of how we got into this mode of being an organization and organizing different skills. Around '93 we got connected to the internet when the public internet was available. We had a 56K modem and we were on the internet.

We had all the bulletin board files that Brian [ Oblivion ] had on his bulletin board and other things.

El Reg : How did you come to be invited to testify before the Senate?

Wysopal: So what happened was once we started to get organized we started down this path of doing vulnerability research. We started looking at a lot of Microsoft products because we did see other people analyzing Microsoft. People were looking at Unix and Linux. We started looking at Microsoft and we found vulnerabilities in Windows, and in their Internet Explorer, and we said, well, this is like a consumer operating system. People are using Windows 95. People have no idea that the software they're using has many vulnerabilities. They don't know they need to patch their machine. They don't know anything about this.

So we started publicizing this online on our website and at some point reporters started to come to our website and say L0pht is saying Windows isn't secure.

This was new back then. We were one of the first people calling them [ Microsoft ] out. And so we got we got some notoriety about hacking Microsoft although we weren't hacking their network we were hacking their software.

El Reg : I started writing about security around that time. L0pht had the slogan of making the theoretical possible.

Wysopal: Microsoft were saying "this is a theoretical vulnerability" so what they were saying was you're going to have to write an exploit or we're not going to fix it.

So we started to get notoriety for calling out big corporations like Microsoft, IBM [and] Oracle. We got an article written about us in The New York Times Magazine. They came and interviewed us all, [ took ] pictures and explained what we were. Someone in The Washington Post saw that and then like a month or two later there was an article about us in The Washington Post . And I guess someone on Capitol Hill, they all read The Washington Post , they read it and there was a hearing. It was the very first hearing on government security. It was the committee on governmental affairs. Senator [ Fred ] Thompson was the majority leader: he is a Republican. His committee directed the Government Auditing Office to audit all the government agencies . This was in 1998: the very first audit of government agencies. Before then they had no idea how insecure they were. So they were going to have the GAO peopl
          Hackers Target US Payment Processors via BGP Hijacking Attacks      Cache   Translate Page   Web Page Cache   

Hackers Target US Payment Processors via BGP Hijacking Attacks

Us payment processors report that they are being targeted by hackers using BGP hijacking attacks. This is a complex method used by experienced groups as it requires both resources and knowledge to execute one directly.

BGP Hijacking Attacks Used Against US Payment Processors

One of the most heavily attacked companies over the last few years are the payment processors, particularly the ones located in the USA. The reason for this is that they operate the payment card transactions and work together both with the banks and the online merchants. Their security should be impenetrable however this has not warded off the potential intruders. Over the years attacks using the BGP hijacking method have increased.

BGP stands for Border Gateway Protocol and is the standard language that devices use when exchanging information about routing and reachability over large networks on the Internet. Such attacks require the use of malware DNS servers that return forged responses when accessing payment gateways, banks and online services. A dangerous feature of these responses is that they maximize the duration of attack by employing a cache with longer expiration. This means that even after a successful attack has been stopped the damage will continue for quite some time.

Related Story: Dixons Carphone Data Breach Exposes 5.9 Million Payment Cards

Successful attacks rely on the creation and setup of false servers that send the requests. The most common way is to set up the required machines based on infected hosts ― botnets of hijacked computers due to virus attacks. The hackers announce false information that practically confuses the network and disrupts the normal flow of information. The network traffic is forwarded to a hacker-controlled server which can lead to very successful phishing attacks.

The first major attack was reported by Oracle on July 6, an Indonesian (Read more...)


          GitHub撤下被泄露的Snapchat源码 黑客扬言重新上传      Cache   Translate Page   Web Page Cache   

Snapchat 是一款主打“阅后即焚”功能的消息应用,不过近日,这款 app 的源码也在代码托管网上上玩了一回“阅后即焚”。事情的起因是,一位据说来自巴基斯坦东南部 Sindh 省 Tando Bago 村的“the handle i5xx”,在 GitHub 上创建了一个名叫“Source-Snapchat”的资源库。


GitHub撤下被泄露的Snapchat源码 黑客扬言重新上传

尽管发稿时,该资源已经被 Snap 公司依据《数字千年版权法案》(DMCA)提出的版权撤除请求而被 GitHub 移除,但事件还是引起了很大的反响。

据悉,该资源库自称为‘SnapChat 源代码’,并通过苹果的 Objective-C 语言编写,所以曝光的应该是 iOS 版 Snapchat 应用的全部或部分内容。

不过当前,我们还无法确定它属于其中服务的一个小组件,还是该公司的一个单独项目。


GitHub撤下被泄露的Snapchat源码 黑客扬言重新上传

至于发布者‘i5xx’的身份,其账号信息关联的是‘Khaled Alshehri’,但很可能是个假名。外媒 TNW 指出,其姓氏在巴基斯坦并不常见。

此外,账号简介链接到了一个位于沙特的在线服务,其提供从安全扫描、iCloud 删除,到软件 开发 和 iTunes 礼品卡销售在内的各种技术服务。

四天前,GitHub 发布了一份来自 Snap Inc. 的 DMCA 版权撤除请求,不过它可能是在更早之前提交的(在线时间或超过 2 个月)。


GitHub撤下被泄露的Snapchat源码 黑客扬言重新上传

需要指出的是,Snap Inc. 在 DMCA 请求中使用的语气(多段纯大写字母组成的句子),传达出了一种切实的恐慌感(甚至措辞来不及做得更加严谨)。

Snapchat 源代码被泄露,有人将它放到了这个 GitHub 资源库中。我司无法给出确切的 URL 指向,也不会公开发布它。

显然,这从侧面反映了此前上传的资源库内容的重要性。


GitHub撤下被泄露的Snapchat源码 黑客扬言重新上传

然而有知情者指出,本次泄露并非出于恶意,只是某位研究人员无法将他的某些发现传达给该公司。在 GitHub 根据 DMCA 请求撤除之后,他还威胁再次上传源代码,直到该公司正式作出回应。

不过事实是,Snap Inc. 在 HackerOne 上有一个活跃的账户和 bug 赏金计划,且响应速度极快 ―― 安全研究人员是很容易与该公司取得联系的。

根据 HackerOne 的官方统计数据,其在 12 小时内回复了初步报告,并已支付超过 22 万美元的奖金。外媒 TNW 已经联系 Snap 发表评论,感兴趣的朋友可以留意我们的后续报道。

[编译自: TNW ]
          The FCC Website Reportedly Crashed Because Of John Oliver's Fans — Not Hackers - Bustle      Cache   Translate Page   Web Page Cache   

Bustle

The FCC Website Reportedly Crashed Because Of John Oliver's Fans — Not Hackers
Bustle
In May of 2017, an influx of visitors crashed part of the FCC's website, and until very recently, the commission said they believed this was because of a coordinated attack by an unknown entity. It turns out that this was very much not the case ...
John Oliver, not bot attack, a source of FCC's flood of negative web comments on net neutrality repeal: WatchdogABC News
John Oliver viewers, not hackers, responsible for FCC system outageFox Business

all 62 news articles »

          WhatsApp Flaw Could Allow Hackers to Modify Text, Send Fake Messages      Cache   Translate Page   Web Page Cache   
WhatsApp has been in the news for all the wrong reasons recently, thanks to multiple incidents of violence thanks to rumours that spread through fake news and incendiary messages on the app. While WhatsApp has been reprimanded by the government and some cyber experts, the company has been taking steps to ensure that such incidents are curbed. […]
          Re: [PATCH 2/4] m68k: Replace NR_syscalls macro from asm/unistd.h      Cache   Translate Page   Web Page Cache   
Geert Uytterhoeven writes: (Summary) Hi Firoz,
Hi Firoz,
One first comment below...
One first comment below...
On Thu, Aug 9, 2018 at 7:16 AM Firoz Khan <firoz.khan@linaro.org> wrote: header to simplifies the implementation.
It can indeed not be part of the UAPI, as UAPI definitions can never change, while new syscalls will be added in the future, increasing the number ;-) while new syscalls will be added in the future, increasing the number ;-) Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker.
          Hackers Already Attacking Midterm Elections, Raising U.S. Alarms      Cache   Translate Page   Web Page Cache   
The U.S. midterm elections are at increasing risk of interference by foreign adversaries led by Russia, and cybersecurity experts warn the Trump administration isn’t adequately defending against the m ... - Source: www.itprotoday.com
          That was no cyberattack on the FCC, inspector general says -- just John Oliver fans - CNN      Cache   Translate Page   Web Page Cache   

CNN

That was no cyberattack on the FCC, inspector general says -- just John Oliver fans
CNN
Washington (CNN) The Federal Communications Commission's website did not fall victim last year to "deliberate attempts by external actors to bombard the FCC's comment system," a government investigation has determined. The surge in traffic was actually ...
FCC lied to Congress about made-up DDoS attack, investigation foundArs Technica
John Oliver, not bot attack, a source of FCC's flood of negative web comments on net neutrality repeal: WatchdogABC News
The FCC Website Reportedly Crashed Because Of John Oliver's Fans — Not HackersBustle
New York Magazine -Fox Business -NBCNews.com -Federal Communications Commission
all 67 news articles »

          WhatsApp security snafu 'could allow message manipulation'      Cache   Translate Page   Web Page Cache   

You could put words in people's mouths, claim researchers

Researchers have uncovered security shortcomings in WhatsApp that create a means for hackers to intercept and manipulate messages sent in both private and group conversations.…


           Criptomonedele, de la reduceri de costuri pentru afaceri la instrumente de furt pentru hackeri analiză EY      Cache   Translate Page   Web Page Cache   
Potențialul criptomonedelor de a crește viteza și a reduce costul afacerilor este amenințat de furt, securitate slabă și activitate infracțională. Criptomonedele au capacitatea de a schimba în mod pozitiv serviciile financiare prin creșterea vitezei și reducerea costurilor afacerilor. Dar sunt necesare acțiuni internaționale coordonate în ceea ce privește verificarea reglementărilor, în vederea asigurării că aceste noi monede nu permit activitatea infracțională și evaziunea fiscală - explică Alexander Milcev, Liderul Departamentului de asistență fiscală și juridică, EY România.
          DHS-Funded Researchers Say They've Found Security Flaws in Phones With All Major Carriers - Gizmodo      Cache   Translate Page   Web Page Cache   

Gizmodo

DHS-Funded Researchers Say They've Found Security Flaws in Phones With All Major Carriers
Gizmodo
An analyst at the DHS' cyber defense facility in Idaho Falls, Idaho who is supposedly staring at a DHS emblem superimposed on a circuit board graphic for some reason. Photo: Mark J. Terrill (AP). Department of Homeland Security-funded research by ...
Dept of Homeland Security discovers security flaws in millions of US smartphones9to5Mac
New bugs leave millions of phones vulnerable to hackersfifthdomain.com

all 22 news articles »

          The Economics of Hacking an Election      Cache   Translate Page   Web Page Cache   

CircleID CircleID: There have been many news stories of late about potential attacks on the American electoral system. Which attacks are actually serious? As always, the answer depends on economics.

There are two assertions I'll make up front. First, the attacker — any attacker — is resource-limited. They may have vast resources, and in particular, they may have more resources than the defenders — but they're still limited. Why? They'll throw enough resources at the problem to solve it, i.e., to hack the election, and use anything left over for the next problem, e.g., hacking the Brexit II referendum… There's always another target.

Second, elections are a system. That is, there are multiple interacting pieces. The attacker can go after any of them; the defender has to protect them all. And protecting just one piece very well won't help; after all, "you don't go through strong security, you go around it." But again, the attacker has limited resources. Their strategy, then, is to find the greatest leverage, the point to attack that costs the defenders the most to protect.

There are many pieces to a voting system; I'll concentrate on the major ones: the voting machines, the registration system, electronic poll books, and vote-tallying software. Also note that many of these pieces can be attacked indirectly, via a supply chain attack on the vendors.

There's another point to consider: what are the attacker's goals? Some will want to change vote totals; others will be content with causing enough obvious errors that no one believes the results — and that can result in chaos.

The actual voting machines get lots of attention. That's partly a hangover from the 2000 Bush–Gore election, where myriad technological problems in Florida's voting system (e.g., the butterfly ballot in Palm Beach County and the hanging chads on the punch card voting machines) arguably cost Gore the state and hence the presidential election.

And purely computerized (DRE — Direct Recording Electronic) voting machines are indeed problematic. They make mistakes. If there's ever a real problem, there's nothing to recount. It's crystal-clear to virtually every computer scientist who has studied the issue that DRE machines are a bad idea. But: if you want to change the results of a nation-wide election or set of elections in the U.S., going after DRE machines is probably the wrong idea. Why not? Because it's too expensive.

There are many different election administrations in the U.S.: about 10,000 of them. Yes, sometimes an entire state uses the same type of machine — but each county administers its own machines. Storing the voting machines? Software updates? Done by the county. Programming the ballot? Done by the county. And if you want to attack them? Yup — you have to go to that county. And voting machines are rarely, if ever, connected to the Internet, which means that you pretty much need physical presence to do anything nasty.

Now, to be sure, if you are at the polling place you may be able to do really nasty things to some voting machines. But it's not an attack that scales well for the attacker. It may be a good way to attack a local election, but nothing larger. A single Congressional race? Maybe, but let's do a back-of-the-envelope calculation. The population of the U.S. is about 325,000,000. That means that each election area has about 32,500 people. (Yes, I know it's very non-uniform. This is a back-of-the-envelope calculation.) There are 435 representatives, so each one has about 747,000 constituents, or about 75 election districts. (Again: back of the envelope.) So: you'd need a physical presence in seven different counties, and maybe many precincts in each county to tamper with the machines there. As I said, it's not an attack that scales very well. We need to fix our voting machines — after all, think of Florida in 2000 — but for an attacker who wants to change the result of a national election, it's not the best approach.

There's one big exception: a supply chain attack might be very feasible for a nation-state attacker. There are not many vendors of voting equipment; inserting malware in just a few places could work very well. But there's a silver lining in that cloud: because there are many fewer places to defend than 50 states or 10,000 districts, defense is much less expensive and hence more possible — if we take the problem seriously.

And don't forget the chaos issue. If, say, every voting machine in a populous county of a battleground state showed a preposterous result — perhaps a 100% margin for some candidate, or 100 times as many votes cast as there are registered voters in the area — no one will believe that that result is valid. What then? Rerun the voting in just that county? Here's what the Constitution says:

The Congress may determine the Time of chusing the Electors, and the Day on which they shall give their Votes; which Day shall be the same throughout the United States.

The voter registration systems are a more promising target for an attacker. While these are, again, locally run, there is often a statewide portal to them. In fact, 38 states have or are about to have online voter registration.

In 2016, Russia allegedly attacked registration systems in a number of states. Partly, they wanted to steal voter information, but an attacker could easily delete or modify voter records, thus effectively disenfranchising people. Provisional ballots? Sure, if your polling place has enough of them, and if you and the poll workers know what to do. I've been a poll worker. Let's just say that handling exceptional cases isn't the most efficient process. And consider the public reaction if many likely supporters (based on demographics) of a given candidate are the ones who are disproportionately deleted. (Could the attackers register phony voters? Sure, but to what end? In-person voter fraud is exceedingly rare; how many times can Boris and Natasha show up to vote? Again, that doesn't scale. That's also why requiring an ID to vote is solving a non-problem.)

There's another point. Voting software is specialized; its attack surface should be low. It's possible to get that wrong, as in some now-decertified Virginia voting machines, and there's always the underlying operating system; still, if the machines aren't networked, during voting the only exposure should be via the voting interface.

A lot of registration software, though, is a more-or-less standard web platform and is, therefore, subject to all of the risks of any other web service. SQL injection, in particular, is a very real risk. So an attack on the registration system is not only more scalable, it's easier.

Before the election, voter rolls are copied to what are known as poll books. Sometimes, these are paper books; other places use electronic ones. The electronic ones are networked to each other; however, they are generally not connected to the Internet. If that networking is set up incorrectly, there can be risks; generally, though, they're networked on a LAN. That means that you have to be at the polling place to exploit them. In other words, there's some risk, but it's not much greater than the voting machines.

There's one more critical piece: the vote-tallying software. Tallies from each precinct are transmitted to the county's election board; there may be links to the state, to news media, etc. In other words, this software is networked and hence very subject to attack. However: this is used for the election night count; different procedures can be and often are used for the official canvas. And even without attacks, many things can go wrong:

In Iowa, a hard-to-read fax from Scott County caused election officials initially to give Vice President Gore an extra 2,006 votes. In Outagamie County, Wis., a typo in a tally sheet threw Mr. Bush hundreds of votes he hadn't won.

But: the ability to do a more accurate count the second time around depends on there being something different to count: paper ballots. That's what saved the day in 2000 in Bernalillo County, New Mexico. The problem: ``The paper tallies, resembling grocery-store receipts, seemed to show that many more ballots had been cast overall than were cast in individual races. For example, tallies later that night would show that, of about 38,000 early ballots cast, only 25,000 were cast for Mr. Gore or Mr. Bush.'' And the cause? Programming the vote-counting system:

As they worked, Mr. Lucero's computer screen repeatedly displayed a command window offering a pull-down menu. From the menu, the two men should have clicked on "straight party." Either they didn't make the crucial click, or they did and the software failed to work. As a result, the Accu-Vote machines counted a straight-party vote as one ballot cast, but didn't distribute any votes to each of the individual party candidates.

To illustrate: If a voter filled in the oval for straight-party Democrat, the scanner would record one ballot cast but wouldn't allocate votes to Mr. Gore and other Democratic candidates.

Crucially, though, once they fixed the programming they could re-tally those paper ballots. (By the way, programming the tallying computer can itself be complex. Bernalillo County, which had a population of 557,000 then, required 114 different ballots.)

There's a related issue: the systems that distribute votes to the world. Alaska already suffered such an attack; it could happen elsewhere, too. And it doesn't have to be via hacking; a denial of service attack could also do the job of causing chaos.

The best way to check the ballot-counting software is risk-limiting audits. A risk-limiting audit checks a random subset of the ballots cast. The closer the apparent margin, the more ballots are checked by hand. "Risk-limiting audits guarantee that if the vote tabulation system found the wrong winner, there is a large chance of a full hand count to correct the results." And it doesn't matter whether the wrong count was due to buggy software or an attack. In other words, if there is a paper trail, and if it's actually looked at, via either a full hand-count or a risk-limiting audit, the tallying software isn't a good target for an attacker. One caveat: how much chaos might there be if the official count or the recount deliver results significantly different than the election night fast count?

There's one more point: much of the election machinery, other than the voting machines themselves, are an ordinary IT installation, and hence are subject to all of the security ills that any other IT organization can be subject to. This specifically includes things like insider attacks and ransomware — and some attackers have been targeting local governments:

Attempted ransomware attacks against local governments in the United States have become unnervingly common. A 2016 survey of chief information officers for jurisdictions across the country found that obtaining ransom was the most common purpose of cyberattacks on a city or county government, accounting for nearly one-third of all attacks.

The threat of attacks has induced at least one jurisdiction to suspend online return of absentee ballots. They're wise to be cautious — and probably should have been that cautious to start.

Again, elections are complex. I've only covered the major pieces here; there are many more ways things can go wrong. But of this sample, it's pretty clear that the attackers' best target is the registration system. (Funny, the Russians seemed to know that, too.) Actual voting machines are not a great target, but the importance of risk-limiting audits (even if the only problem is a close race) means that replacing DRE voting machines with something that provides a paper trail is quite important. The vote-counting software is even less interesting if proper audits are done, though don't discount the utility to some parties of chaos and mistrust.

Acknowledgments:Many thanks to Joseph Lorenzo Hall, Avi Rubin, and Matt Blaze for many helpful comments on this blog post.
Written by Steven Bellovin, Professor of Computer Science at Columbia UniversityFollow CircleID on TwitterMore under: Cyberattack, Cybersecurity

The post The Economics of Hacking an Election appeared first on iGoldRush Domain News and Resources.


          8/9/2018: Front Page: Major flaw found in WhatsApp      Cache   Translate Page   Web Page Cache   
Researchers at a cybersecurity firm said yesterday they had found a flaw in WhatsApp that could allow hackers to modify and send fake messages in the social messaging app. CheckPoint said the vulnerability gives a hacker the possibility “to intercept...
          【FreeBuf字幕组】HackerOne优秀白帽黑客采访系列-Brett Buerhaus      Cache   Translate Page   Web Page Cache   
人物介绍 Brett Buerhaus,美国人,昵称@ziot,曾是Ebay、Yahoo、Twitter、Facebook等多家知名公司网站高危漏洞上报者,其中,最让人印象深刻的是发现了Google某网站的双重认证(2FA)绕过漏洞。 在2017年的H1-212黑客马拉松比赛中,Brett 发现了美国空军网络高危漏洞,藉此荣获H1-212 最有价值黑客称号(MVH)。另外,Brett 也是DEFCON 23和24届 Uber Badge 挑战赛冠军,以及多家互联网公司漏洞名人堂致谢者。从参加工作开始,Brett 就一直服务于暴雪娱乐公司(Blizzard Entertainment),他从低级别的QA Hacks干到应用安全工程师,再到现在的红队高级专家,Brett 始终初心不变,热爱安全。 观看视频 看不到视频点这里 *本课程翻译自Youtube精选系列教程,喜欢的点一波关注(每周更新)! * 本文作者:willhuang,FreeBuf视频组荣誉出品,转载须注明来自FreeBuf.COM
          New Genre of Artificial Intelligence Programs Take Computer Hacking to Another Level      Cache   Translate Page   Web Page Cache   

New Genre of Artificial Intelligence Programs Take Computer Hacking to Another LevelThe most advanced nation-state hackers have already shown that they can build attack programs that activate only when they have reached a target.



          That was no cyberattack on the FCC, inspector general says -- just John Oliver fans - CNN      Cache   Translate Page   Web Page Cache   

CNN

That was no cyberattack on the FCC, inspector general says -- just John Oliver fans
CNN
Washington (CNN) The Federal Communications Commission's website did not fall victim last year to "deliberate attempts by external actors to bombard the FCC's comment system," a government investigation has determined. The surge in traffic was actually ...
FCC lied to Congress about made-up DDoS attack, investigation foundArs Technica
John Oliver, not bot attack, a source of FCC's flood of negative web comments on net neutrality repeal: WatchdogABC News
The FCC Website Reportedly Crashed Because Of John Oliver's Fans — Not HackersBustle
New York Magazine -Boing Boing -Fox Business -Federal Communications Commission
all 67 news articles »

          Game thủ chống hack giữa thanh thiên bạch nhật nhận cái kết 'đắng lòng'      Cache   Translate Page   Web Page Cache   

(infogame.vn) - Một trường hợp chống hack trong tựa game RoS đến khó tin của game thủ Việt mới đây khiến cộng đồng phải nghi ngờ. ]]>
          Game thủ tự tổ chức giải đấu dành riêng cho hacker bị cộng đồng lên án      Cache   Translate Page   Web Page Cache   

(infogame.vn) - Mới đây, một giải đấu tự phát dành riêng cho hacker đã bị cộng đồng game thủ lên án tố cáo, chửi rủa không thương tiếc. ]]>
          Không riêng bản PC, cảnh sát Trung Quốc còn truy quét hacker PUBG trên cả mobile      Cache   Translate Page   Web Page Cache   

(infogame.vn) - Không chỉ riêng hoạt động ở phiên bản PC, mới đây phía NPH Tencent đã tìm ra một băng nhóm tội phạm ẩn mình trong cả phiên bản PUBG Mobile. ]]>
          Cảnh sát Trung Quốc tiếp tục bắt giữ thêm 141 hacker PUBG thu về gần 200 tỷ đồng      Cache   Translate Page   Web Page Cache   

(infogame.vn) - Sau hàng loạt hang ổ, mới đây cảnh sát Trung Quốc lại tiếp tục bắt giữ thêm một hang ổ hack PUBG cực lớn từ trước tới nay. ]]>
          That was no cyberattack on the FCC, inspector general says -- just John Oliver fans - CNN      Cache   Translate Page   Web Page Cache   

CNN

That was no cyberattack on the FCC, inspector general says -- just John Oliver fans
CNN
Washington (CNN) The Federal Communications Commission's website did not fall victim last year to "deliberate attempts by external actors to bombard the FCC's comment system," a government investigation has determined. The surge in traffic was actually ...
FCC lied to Congress about made-up DDoS attack, investigation foundArs Technica
John Oliver, not bot attack, a source of FCC's flood of negative web comments on net neutrality repeal: WatchdogABC News
The FCC Website Reportedly Crashed Because Of John Oliver's Fans — Not HackersBustle
New York Magazine -Fox Business -NBCNews.com -Federal Communications Commission
all 67 news articles »

          Pět tisíc požadavků za minutu. Rohlík.cz čelil útoku hackerů - Aktuálně.cz      Cache   Translate Page   Web Page Cache   

Aktuálně.cz


Aktuálně.cz
Šlo o takzvaný DDoS útok, při kterém byl e-shop přehlcen četnými požadavky vysílanými z rozptýlených počítačů po celém světě. Praha - Internetový obchod s potravinami Rohlik.cz v úterý večer čelil hackerskému útoku, který zahltit server a on-line ...

          IO Interloper – Pre-Alpha Download      Cache   Translate Page   Web Page Cache   

IO Interloper is a very cleverly crafted corporate espionage sim that sees you hacking into phones, computers, cameras, doors and drones as you attempt to steal valuable company secrets.

In IO Interloper you take on the role of a hacker who can infiltrate an office building and steal secrets from the comfort of your computer desktop. The current pre-alpha build features one mission that takes … Read More


          lipa_fv: ЙОГА ДЛЯ ЖИВОТА: 5 НЕСЛОЖНЫХ ПОЗ, КОТОРЫЕ ПОМОГУТ ВЕРНУТЬ СТРОЙНОСТЬ      Cache   Translate Page   Web Page Cache   

Жир на животе часто появляется даже у худых людей, и от него очень непросто избавиться. Мало того, что выпирающий животик сразу видно и он приносит немало душевных страданий. Он к тому же влияет и на общее состояние здоровья. Жир в области живота может привести к сахарному диабету второго типа, проблемам с сердцем и раковым заболеваниям, поэтому очень важно избавиться от него.

4843185_1__cover_14387626531140x570 (700x350, 187Kb)

Йога — очень эффективный способ справиться с этой проблемой, это подтвердит любой человек, который хоть немного ею занимался. Конечно, одними только упражнениями всего не решить: занятия йогой помогут зрительно уменьшить живот, но 70% успеха зависит от правильного питания.

1. Поза кобры (бхуджангасана)

Эта поза не только помогает убрать живот, но и укрепляет мышцы брюшной полости. Упражнение в целом укрепляет верхнюю часть туловища, а спина становится более сильной и гибкой.

4843185_2__Depositphotos_5704363_l2015_1437643353630x359 (630x359, 12Kb)

Поза не рекомендуется больным с язвой, грыжей, травмой спины, а также беременным.
Лягте на живот, вытяните ноги и обопритесь на ладони (они должны располагаться прямо под плечами).
Подбородок и пальцы ног должны касаться пола.
Медленно вдыхая, поднимите корпус на руках. Прогните спину назад так далеко, как только можете.
В зависимости от самочувствия, удерживайте эту позицию 15–30 секунд.
Медленно выдыхая, вернитесь в исходное положение.
Повторите упражнение пять раз с небольшими перерывами по 15 секунд.

2. Поза лука (дханурасана)

Поза укрепляет центральную часть живота. Чтобы добиться хороших результатов, во время выполнения упражнения попробуйте не торопясь раскачиваться вперёд и назад. Это улучшает пищеварение и тренирует гибкость всего тела.

4843185_3__Depositphotos_57034043_original_1437644258630x420 (630x420, 18Kb)

Лягте на живот, согните колени, поднимите вверх голени, заведите руки за спину и захватите лодыжки с внешней стороны.
Вдохните, с выдохом максимально прогнитесь, приподняв таз и грудь от пола. Голову нужно отвести как можно дальше назад.
Попытайтесь удерживать эту позу 15–30 секунд и следите за дыханием.
На выдохе вернитесь в исходное положение, вытянув руки и ноги.
Повторите упражнение пять раз с 15-секундными перерывами.

3. Поза лодки (наукасана)

Замечательная поза, чтобы убрать жир с талии. Кроме того, она благотворно влияет на аппетит и укрепляет мышцы ног.

4843185_4__Depositphotos_22173935_original_1437644448630x420 (630x420, 16Kb)

Лягте на спину, вытяните ноги, руки положите рядом с корпусом ладонями вверх.
Вдохните и медленно поднимите ноги, старайтесь держать их прямо и не сгибайте колени.
Тяните носочки и старайтесь поднять ноги как можно выше.
Вытяните руки и попытайтесь достать ими пальцы ног; удерживайте своё тело под углом в 45 градусов.
Дышите ровно, удерживайте позицию 15 секунд.
Глубоко выдохните.
Повторите упражнение пять раз с перерывами по 15 секунд.

4. Планка (кумбхакасана)

Кумбхакасана — одна из самых лёгких поз в йоге, но в то же время очень эффективная для сжигания жира. Планка тонизирует и укрепляет плечи, руки, спину и ягодицы.
Упражнение противопоказано людям с повышенным давлением и тем, у кого болит спина или плечи.

4843185_5__Depositphotos_22567313_original_1437644778630x418 (630x418, 19Kb)

Встаньте на колени, поставьте руки перед собой.
Отведите ноги назад и поднимитесь на пальцах ног, как при отжиманиях; приподнимитесь на руках.
Глубоко вдохните, вытяните шею и смотрите прямо перед собой; спина должна быть прямая, вы почувствуете небольшое напряжение в области живота.
От головы до пяток ваше тело должно быть как прямая линия.
Удерживайте такое положение от 15 до 30 секунд; если чувствуете в себе силы, постарайтесь делать это как можно дольше.
Повторите пять раз с небольшими перерывами.

5. Поза освобождения ветра (паванамуктасана)

Помимо того, что эта асана уменьшает боль в пояснице и укрепляет область живота и бёдер, у неё есть ещё много плюсов. Например, поза освобождения ветра улучшает работу кишечника, нормализует уровень кислотности, ускоряет метаболизм.

4843185_6__Depositphotos_14068551_original_1437645040630x472 (630x472, 15Kb)

Лягте на спину, вытяните ноги, параллельно протяните руки.
Потяните ноги, пятки держите вместе.
На выдохе согните ноги в коленях и медленно поднимите их к груди.
Чтобы удерживать правильное положение, обхватите колени руками.
Глубоко дышите и удерживайте эту позу 1–1,5 минуты.
На выдохе опустите ноги и руки на пол.
Повторите это упражнение пять раз с перерывами.

Если вы хотите разогнать метаболизм, рекомендуем выполнять этот комплекс упражнений по утрам. А для быстрого достижения результата повторяйте эти позы три дня в неделю по три-пять раз в день.

Источник


          СМИ узнали об отказе США вместе с Россией бороться против хакеров       Cache   Translate Page   Web Page Cache   

США отказались сотрудничать с Россией в предотвращении кибератак на критическую инфраструктуру (электростанции, больницы, госорганы), а также договориться о недопустимости «дестабилизирующих действий в отношении внутренних политических процессов, включая выборы», пишет «Коммерсантъ» со ссылкой на источники в России и США.

Указанные положения российская сторона предложила включить в подготовленное совместное заявление на саммите в Хельсинки, который прошел 16 июля. Итоговый документ по итогам саммита не был подписан.

Ранее СМИ со ссылкой на федеральные власти сообщили, что связанные с Россией хакеры получили доступ к энергосистеме США и могут устроить массовые отключения электричества по всей стране, используя украденные личные данные сотрудников обслуживающих фирм.


          Webmaster - Come si gestisce un sito multilingua (sayhem)      Cache   Translate Page   Web Page Cache   
Dal sito https:/ trovalost.it, sayhem scrive nella categoria Webmaster che: Un buon modo per iniziare potrebbe essere: perchè voglio un sito multilingua? Più che rispondere frettolosamente “per allargare la mia clientela” (e fare tanti $$$, non so bene come, ma vabbè…), direi che una risposta migliore potrebbe essere “perchè ho necessità di averne uno, devo pubblicare – ad
SI parla anche di Webmaster
1 Voti Come si gestisce un sito multilingua

Vai all'articolo completo » .Come si gestisce un sito multilingua.
Come si gestisce un sito multilingua
          Offer - yahoo password reset contact number 1-800-234-6190 - San Francisco      Cache   Translate Page   Web Page Cache   
To keep your email account secure often users change their password, you can also do it to for Yahoo mail. If you are receiving the bulk of spam mail then to avoid these issues you should yahoo password reset contact number 1-800-234-6190. Receiving bulk of email can be a sign of hacked account, so to protect your account against hackers you should change the password. Visit here: contact yahoo forgot password
          FCC admits it lied about being 'hacked'      Cache   Translate Page   Web Page Cache   
The FCC and its Trump-appointed Chairman Ajit Pai admit they lied when they claimed that the comment submission form was taken down by 'hackers' during the debate about repealing Net Neutrality, but Ajit Pai blames Obama
          Bungo Stray Dogs (French Dub) - Episode 6 - The Azure Messenger      Cache   Translate Page   Web Page Cache   

The Agency investigates a series of disappearances in Yokohama. Kunikida enlists the help of a hacker named Taguchi Rokuzou, but all they find are photos of the victims and mention of a mysterious figure called the Azure Messenger. They follow the trail of clues to an abandoned hospital...

          to consider 2018 "the BIG list" (no replies)      Cache   Translate Page   Web Page Cache   
New adds: Dan Reed Network (nov), Evanescence (oct)

In bold, the last updates.


AUG 2018
Crossfaith: Ex_Machina 3.8
Manticora: To kill to live to kill 3.8 ViciSolum Records
Ultraphonix: Original human music 3.8 earMUSIC
3.2: The rules have changed 10.8
Airrace: Untold stories 10.8 Frontiers Records
Daniel Trigger: Right turn 10.8 MelodicRock Records
ENuff Z Nuff: Diamond boy 10.8
Jim Shepard: Jaded 10.8 MelodicRock Records
King Company: Queen of hearts 10.8 Frontiers Records
Mad Max: 35 10.8 Steamhammer/SPV
The Magpie Salute: High water I 10.8 Eagle Rock/Mascot
Night Demon: Live darkness 10.8 SPV/Steamhammer
Primal Fear: Apocalypse 10.8 Frontiers Records
Sinsaenum: Repulsion for humanity 10.8 earMUSIC
Van Canto: Trust in rust 10.8 Napalm Records
Dark Sky: One 17.8
Doro: Forever warriors, forever united 17.8 Nuclear Blast
Status Quo: Down down & dirty at Wacken 17.8 earMUSIC
Alice In Chains: Rainier fog 24.8 BMG
Mob Rules: Beast reborn 24.8 Steamhammer
Nonpoint: X 24.8 Spinefarm Records
The Radio Sun: Beautiful strange 24.8 Pride & Joy Music
The Sign: Signs Of Life /The Second Coming 24.8 Escape Music
DeVicious: Never say never 28.8 Pride & Joy Music
Alice Cooper: A paranormal evening at The Olympia Paris 31.8 earMUSIC
Angel: The Casablanca years Box 31.8 Caroline/Ume
Beyond The Black: Heart of the hurricane 31.8 Napalm Records
Conan: Existential void guardian 31.8 Napalm Records
The Javelins: Ian Gillan & The Javelins 31.8 earMUSIC
Koritni: Rolling 31.8
Taste: Moral decay 31.8 AOR Heaven
U.D.O: Steelfactory 31.8 AFM Records
Electric Boys: new album

SEP 2018
Narnia: We still believe Made in Brazil 1.9
Alex Skolnick Trio: Conundrum 7.9 Palmetto/MRI
Alter Bridge: Live at The Royal Albert Hall 7.9 Napalm Records
Cauldron: New Gods 7.9 Dissonance Productions
Clutch: Book of bad decisions 7.9
Korpiklaani: Kulkija 7.9 Nuclear Blast
Krisiun: Scourge of the enthroned 7.9 Century Media Records
Lenny Kravitz: Raise vibration 7.9
Metal Allegiance: Volume II - Power drunk majesty 7.9 Nuclear Blast
Monstrosity: The passage of existence 7.9 Metal Blade Records
Nashville Pussy: Pleased to eat you 7.9 Verycord Records
Satan: Cruel magic 7.9 Metal Blade Records
The Skull: The endless road turns dark 7.9 Tee Pee Records
YES Feat Jon Anderson, Trevor Rabin, Rick Wakeman: Yes: 50th Anniversary Live At The Apollo 7.9 Eagle Vision
Ann Wilson: Immortal 14.9 BMG
DC4: Atomic highway 14.9 HighVolMusic
Deicide: Overtures of blasphemy 14.9 Century Media
Dream Child: Until death do we meet again 14.9 Frontiers Records
Good Charlotte: Generation RX 14.9 BMG
Grave Digger: The living dead 14.9 Napalm Records
Groundbreaker: s/t 14.9 Frontiers Records
The Guess Who: The future is what it used to be 14.9 Cleopatra Records
Hawkwind: Road to utopia 14-9 Cherry Red Records
Livesay: Chronicles 14.9 RFL Records
Outloud: Virtual hero society 14.9 Rock of Angels Records
Snakes In Paradise: Step into the light 14.9 Frontiers Records
Tony Mitchell: Beggars gold 14.9 MelodicRock Records
Treat: Tunguska 14.9 Frontiers Records
The Unity: Rise 14.9 SPV/Steamhammer
Uriah Heep: Living the dream 14.9 Frontiers Records
Fair Warning: Live Club Citta 19.9
Aborted: TerrorVision 21.9 Century Media Records
Atlas: In pursuit of memory 21.9 AOR Heaven
Billy F Gibbons: The big bad Blues 21.9 Concord Records
Black Majesty: Children of the abyss 21.9 Pride and Joy Music
Dark Sarah: The golden moth 21.9
Dion Bayman: Better days 21.9 Art of Melody Music
Dragonlord: Dominion 21.9 Spinefarm Records
Dream Patrol: Phantoms of the past 21.9 Mighty Music
Freak Kitchen: Confusion to the enemy 21.9
Hardcore Superstars: You can't kill my Rock'N'Roll 21.9 Gain Music
Joe Bonamassa: Redemption 21.9 J&R Adventures
King Diamond: Songs from the dead live 21.9 Metal Blade Records
Kix: Fuse 30 Reblown 21.9
Lioncage: Turn back time 21.9 Pride & Joy Music
Slash Ft. Myles Kennedy & The Conspirators: Living the dream 21.9
Therapy?: Cleave 21.9 Marshall Records
Voivod: The wake 21.9 Century Media Records
Dallas: Dallas 24.8 AOR Blvd Records
Dynazty: Firesign 28.9 AFM Records
Jimmy Waldo-Steven Rosen: Voices from the past 28.9 MelodicRock Records
Newman: Decade II 28.9 AOR Heaven
Riverside: Wasteland 28.9 InsideOut Music
Ted Poley: Modern art 28.9 Ted Poley.com
Vulcain: Vinyle 28.9 Season Of Mist
Fifth Angel: The third secret Nuclear Blast

OCT 2018
Coheed And Cambria: The unheavenly creatures 5.10 Roadrunner Records
Hank Erix (Houston): Nothing but trouble 5.10 Cargo Records
High On Fire: Electric messiah 5.10 eOne
Leah: The quest 5.10 Inner Wound Recordings
Rock Goddess: This time 5.10 Bite You To Death Records
City Of Thieves: Beast reality 12.10 Frontiers Records
Creye: Creye 12.10 Frontiers Records
Darkness: First class violence 12.10 Massacre Records
Evanescence: Synthesis Live 12.10 Eagle
Gama Bomb: Speed between the lines 12.10 AFM Records
Impellitteri: The nature of the beast 12.10 Frontiers Records
Nazareth: Tattooed on my brain 12.10 Frontiers Records
Seventh Wonder: Tiara 12.10 Frontiers Records
Heir Apparent: The view from below 15.10 No Remorse Records
Aldo Nova: 2 19.10
Firmo: Rehab 19.10 Street Symphonies Records
Roulette: new album 19.10
Whitesnake: Unzipped cd-box 19.10
Hamlet: Berlin 26.10
Perfect View: Timeless 29.10 Lions Pride Music
Midnite City: new album AOR Heaven
Sirenia: new album Napalm Records
Verni: solo album Mighty Music.

NOV 2018
Flotsam And Jetsam: The end of chaos 9.11 AFM Records
Holter: Vlad the impaler 9.11 Frontiers Records
Nordic Union: Second coming 9.11 Frontiers Records
Red Dragon Cartel: Patina 9.11Frontiers Records
Reece: Resilient heart 9.11 Mighty Music
Stephen Pearcy: View to a thrill 9.11 Frontiers Records
Ten: Illuminati 9.11 Frontiers Records
Accept: Symphonic Terror - Live At Wacken 2017 23.11 Nuclear Blast
Brett Walker: Last parade MelodicRock Records
Dan Reed Network: Origins

DEC 2018
Sinestress: Fear Art Of Melody Music

2018
220 Volt
38 Special:
91 Suite: new album
Abysmal Dawn: new album Season Of Mist Records
Acacia Avenue: Worlds apart
Ace Frehley: Spaceman
Adriangale: MelodicRock Records
Alissa (White-Gluz): solo album Napalm Records
Allen/Lande:
Amon Amarth:
Angelus Apatrida: Hidden Livevolution
Animal Drive: Frontiers Records
Arsis: new album Agonia Records
Art Nation:
Atheist: new album Agonia Records
Axe: The last offering Escape Music
Baby Snakes:
Bad Brains: new album
Beggars & Thieves: live album
Beggars & Thieves: new album
Benediction:
Biffy Clyro: Balance, not symmetry
Block Buster:
Bloodbath: new album
Brainstorm:
Brian Howe:
Brigade
The Brink: Frontiers Records
Bruce Dickinson:
Bryan Cole
Burning Rain: new album Frontiers Records
Cancer: new album Peaceville Records
Care of Night:
Carcass:
Catalano:
Cheap Trick
Children Of Bodom:
Circus Maximus
Coastland Ride:
Come Taste The Band: new album AOR Heaven
Coroner:
The Crown: new album Metal Blade Records
Cruzh:
Crystal Ball: new album
The Damned: new album Search & Destroy Records
D.A.D:
Dalton:
Danko Jones: new album
Dare: new album
Dare: Best of
Dark Angel:
Darkhorse:
Dark Moor:
The Darren Phillips Project:
Dave Bickler: Darklight
Death Dealer:
Dead Of Night: Pride & Joy Music
Diamond Head:
Dino Cazares: solo album
DIO Disciples: debut album BMG
Disturbed:
East Temple Avenue
Eden's Curse:
Entombed A.D:
Extreme:
Fahran: Vapours
Gathering Of Kings:
Göran Edman:
Greta Van Fleet: new album Lava/Republic Records
Gypsy Rose: new album
Hackers:
Hearts On Fire: Call of destiny MelodicRock Records
Helloween: Live in Madrid
Hittman:
Hoobastank: new album Napalm Records
House Of Shakira:
Hurricane:
Icarus Witch:Goodbye cruel world Cleopatra Records
Jack Russell’s Great White: Once acoustically bitten
JaR:
Jerome Mazza: solo album Escape Music
Jetboy: Frontiers Records
Jesse Damon
Jonathan Davis
John Sykes: Sy-Ops
Johnny Gioeli: One voice
Jordan Rudess: new album Mascot Records
Jorn: new album Frontiers Records
Jorn: Box Set
Jungle Rot: new album Victory Records
Kane Roberts: new album Frontiers Records
Kenny Leckremo:
Killer Bee:
King's X
Lagoon:
Lillian Axe: From Womb To Tomb
Lita Ford:
Mad Invasion:
Magic Dance: New eyes Frontiers Records
Malevolent Creation: new album Hammerheart Records
Mason Hill: Frontiers Records
Master: Vindictive miscreant Transcending Obscurity Records
Mats Karlsson
Metal Church:
Mick Mars: solo album
Michael Monroe:
Michael Thompson Band:
MisterMiss:
Mother Road:
MPG "Martie Peters Group": Unfinished business
Muse:
Nile:
Nils Patrik Johansson: Evil Deluxe MetalVille Records
Nita Strauss: Controlled chaos
Nitro:
Obús: new album
The Offspring: new album
On The Rise:
One Desire:
The Order:
Osukaru:
Outlasted: new album MelodicRock Records
Palace: new album Frontiers Records
Papa Roach:
Pete Way: solo album
Player:
Pleasure Maker: Dancin' with danger Lions Pride Music
Pretty Maids: live-dvd/cd Frontiers Records
Queensryche:
Rachel Lorin: new album Frontiers Records
Raspberry Park: new album AOR Heaven Records
Razor:
Reckless Love
The Red Jumpsuit Apparatus: The Awakening
Rival Sons: new album Low Country Sound/Atlantic
Romeo's Daughter:
The Ron Keel Band:
Room Experience:
Royal Flush
Royal Mess
Sadus:
Saint Deamond
Santa Ana Winds: Inherit the wind AOR Blvd Records
Sebastian Bach:
Scorpions
Silent:
Skeletonwitch:
Soilwork:
Soulfly: new album Nuclear Blast
Spirits Of Fire: Frontiers Records
Starbreaker:
Starz:
State Cows: Challenges
State Of Rock: new album AOR Heaven
State Of Salazar: new album Frontiers Records
Steelheart: Live DVD
Steve Overland:
Super Stroke:
The Swedish Funk Connection:
Tango Down: new album Kivel Records
Ted Nugent: The music made me do it
Tempt:
Terror: Total retaliation Nuclear Blast
Tom Keifer:
Tony Martin: Thornz
Toseland: new album Frontiers Records
Tourniquet: Gazing at Medusa Pathogenic Records
Venom:
Viana:
Vimic: Open your omen Universal Music Enterprises
Violet Janine:
Warlord: new album Frontiers Records
Waysted:
Work of Art
X Japan:

2019
7HY: new album Lions Pride Music
Anthrax:
Armored Saint: new album
Assassin: new album Massacre Records
Avenged Sevenfold:
Backyard Babies: Silver and gold Century Media
Battle Beast
Biff Byford: School of hard knocks
Black Star Riders: new album
Buckcherry: new album
Bush:
The Circle:
Def Leppard:
Delain: new album
Demons & Wizards
Down 'N' Outz
Exciter:
Exodus:
Faithsedge:
Find Me: new album
Fit For An Autopsy: album debut Nuclear Blast
Fortune: comeback album Frontiers Records
Hammerfall:
Helix:
Helloween: new album
Killer Dwarfs: new album EMP Label Group
Killswitch Engage: New album Metal Blade Records
King Of Hearts: new album
Kreator:
Last In Line:
Leverage: new album Frontiers Records
The Magpie Salute: High water II Mascot/Eagle Rock
Megadeth:
Overkill:
Pearl Jam:
Pretty Maids: new album
Ratt:
Rob Zombie:
Roxy Blue: new album Frontiers Records
Running Wild:
Sabaton:
Sacred Reich: new album Metal Blade Records
Slipknot:
Spread Eagle: new album Frontiers Records
Stratovarius: new album
Symphony X:
Ted Poley: new album Frontiers Records
Terra Nova:
Thunder:
Tesla: Shock Frontiers Records
Tora Tora: new album Frontiers Records
Volbeat: new album
Waiting For Monday: debut album Frontiers Records
Whitesnake: Flesh & Blood Frontiers Records

JAN 2019
Avantasia: Moonglow Nuclear Blast

FEB 2019
Dream Theater: new album
Inglorious: new album Frontiers Records
Overkill: new album

APR 2019
Testament: new album

MAY 2019
Bai Bang: Best Of 4 Lions Pride Music

SEP 2019
Dragonforce: new album

2020
Nightwish: new album
          Metoda inedită prin care hackerii ne pot afla parolele      Cache   Translate Page   Web Page Cache   
Infractorii cibernetici ar avea posibilitatea să intre în posesia parolelor utilizatorilor de internet în primul minut după ce aceştia le-au tastat, folosindu-se de căldura reziduală rămasă pe tastele recent atinse, este noua descoperire a cercetătorilor de la Universitatea din California, Irvine (UCI), publicată în lucrarea "Thermal Residue-Based Post Factum Attacks On Keyboard Password Entry”.
          FCC’s “Cyber Attack” Excuse Turns Out to Be About as Real as It Sounds      Cache   Translate Page   Web Page Cache   
Dade yells "Hack the Planet" in Hackers
No one has ever, ever believed an "I was hacked" excuse for things going wrong on the internet without direct confirmation that it was actually true. In terms of believability, it comes in just barely ahead of "the Ambien made me racist." The FCC's claim that a cyber attack was responsible for bringing down the agency's public comment system, while they were taking comments on their wildly unpopular plan to roll back net neutrality rules in May 2018, ranked just behind that.
          Def Con Conference to Scrutinize Election Websites with the Help of Child Hackers      Cache   Translate Page   Web Page Cache   

 

WIRED has reported that at the conference of Def Con hacker next week, a contest has been organized for the child hackers to hack replicas of the state government websites. The contest is being co-sponsored by the DNC (Democratic National Committee). All the child hackers will be aged between eight and 16. The replica websites that are to be hacked in the contest are those which the secretaries of state will be using for posting the post election outcome. DNC will award an amount of $500 to the kid who will propose best defensive strategy. Prize money of $2,000 has been announced to be given to the child hacker who will successfully break a website's defenses. The event is also being sponsored by r00tz Asylum, a non-profit organization, along with University of Chicago.

 

...

Read the rest of: Def Con Conference to Scrutinize Election Websites with the Help of Child Hackers


          Event: Bruce Sterling: Speculative Architecture      Cache   Translate Page   Web Page Cache   
Event Date: Sep 26, 2018; Event City: Los Angeles, CA, US

The native architecture of the mid 21st century. It’s post-digital, post-Internet, and post-human. The Anthropocene couldn’t be more obvious in 2050: they’re old people, in big cities, afraid of the sky. But what excites them about their own built environment? What do they themselves look forward to, thirty years from now? Why do they hop out of their intelligent beds in the morning, trembling with excitement about architecture?

Bruce Sterling, author, journalist, editor, and critic, was born in 1954. Best known for his ten science fiction novels, he also writes short stories, book reviews, design criticism, opinion columns, and introductions for books ranging from Ernst Juenger to Jules Verne. His nonfiction works include THE HACKER CRACKDOWN: LAW AND DISORDER ON THE ELECTRONIC FRONTIER (1992), TOMORROW NOW: ENVISIONING THE NEXT FIFTY YEARS (2003), SHAPING THINGS (2005), and THE EPIC STRUGGLE OF THE INTERNET OF THINGS (2014).

His most recent book is a collection of Italian fantascienza stories, "UTOPIA PIRATA: I RACCONTI DI BRUNO ARGENTO." (2016)


Read the full post on Bustler
          Hackers 'can steal money' from insecure stock apps      Cache   Translate Page   Web Page Cache   
Security vulnerabilities in stock trading apps could allow hackers to steal money, researchers have warned.
          Big Brother spoilers: Bayleigh goes off on Tyler during house meeting      Cache   Translate Page   Web Page Cache   
Bayleigh looking angry on the live feeds
Big Brother 20 has been in full chaos this week. When the hacker twist was revealed, no one knew how it would truly impact the game. Since Haleigh secretly nominated Tyler on Friday night, things have been rocky in the Big Brother house. Everyone believed that Bayleigh was the hacker since Friday night. Unfortunately, they were all wrong. Haleigh made the move to nominate Tyler, but her friend was getting all the flack for her decisions. Earlier today, Swaggy C wrote out a tweet blaming some of the men in the house for bullying Bayleigh even though they knew she […]

The post Big Brother spoilers: Bayleigh goes off on Tyler during house meeting appeared first on Monsters and Critics.


          Phones sold by the four major US carriers could have a major security flaw      Cache   Translate Page   Web Page Cache   
Customers using devices from four major cell phone carriers could unknowingly be exposing sensitive data to hackers, according to the Leer mas Via:: Engadget
          Researchers find security flaws in “smart city” technology      Cache   Translate Page   Web Page Cache   

IBM and Threatcare researchers say these bugs have been patched, but similar vulnerabilities could let hackers induce panic or cover up sabotage by tampering with sensors.

Researchers at IBM and Threatcare have found vulnerabilities in “smart city” devices, which are used for everything from traffic monitoring to radiation detection, the companies said Thursday.

Read Full Story


          WhatsApp kullananlara çok kötü haber      Cache   Translate Page   Web Page Cache   
WhatsApp kullananlara çok kötü haberWhatsApp kullananlara çok kötü haber
WhatsApp'ta hacker'ların sizin adınıza arkadaş listenizdeki kişilere mesaj göndermesine olanak sağlayan bir açık keşfedildi.

          Get Total Online Security and Privacy with 66% off ProtonVPN Plus      Cache   Translate Page   Web Page Cache   

If you care about digital security and privacy, using a VPN is pretty essential nowadays. While many providers claim to offer foolproof protection, few will actually keep your data safe. ProtonVPN is one of the few you can trust. Developed by scientists from MIT and CERN, this VPN offers strong encryption and Swiss legal protection. Right now, you can get two years of service for $72.99 at MakeUseOf Deals when you use the code PROTONVPN10 at checkout. Total Protection We all have different reasons for protecting our digital lives. Some people want to stop hackers, while others fear government spying....

Read the full article: Get Total Online Security and Privacy with 66% off ProtonVPN Plus


           Criptomonedele, de la reduceri de costuri pentru afaceri la instrumente de furt pentru hackeri analiză EY      Cache   Translate Page   Web Page Cache   
Potențialul criptomonedelor de a crește viteza și a reduce costul afacerilor este amenințat de furt, securitate slabă și activitate infracțională. Criptomonedele au capacitatea de a schimba în mod pozitiv serviciile financiare prin creșterea vitezei și reducerea costurilor afacerilor. Dar sunt necesare acțiuni internaționale coordonate în ceea ce privește verificarea reglementărilor, în vederea asigurării că aceste noi monede nu permit activitatea infracțională și evaziunea fiscală - explică Alexander Milcev, Liderul Departamentului de asistență fiscală și juridică, EY România.
          Which was the best and most successful marketing campaign in history?      Cache   Translate Page   Web Page Cache   
by Archie D'Cruz, Editor, Designer, Writer, Quora.com

Chances are, you’ve already fallen victim to this one. And not just once, but time and time and time again.

In fact, you’ve probably been trudging to the stores each week and paying up to 10,000 times what it’s worth…even though it’s available to you for almost free, right in your home! What’s this product I’m talking about?

Bottled water.
woman drinking bottled water

In almost all of North America, Western Europe, Australia, New Zealand and parts of Asia, it is safe to drink water straight out of the tap. (See which countries guarantee drinkable tap water).

And yet, somehow, the manufacturers of bottled water have convinced us that unspeakable things might happen if we choose to drink from the tap. So successful has this marketing campaign been that worldwide, we spend more than $150 billion a year on bottled water. In the US, bottled water has outpaced milk, coffee, juice and alcohol to sit second only to soft drinks in packaged drink sales. It is projected to be number one by 2016.

“But, but, but…” you protest, “bottled water is better! It’s fresh from the spring!”

--see if that's true at Quora.com--

          WhatsApp mesajları tehlikede!      Cache   Translate Page   Web Page Cache   
WhatsApp mesajları tehlikede!WhatsApp mesajları tehlikede!
WhatsApp'ta hacker'ların sizin adınıza arkadaş listenizdeki kişilere mesaj göndermesine olanak sağlayan bir açık keşfedildi.

          Un adolescente jugando al Doom en el monedero de bitcoines «imposible de hackear» de John McAfee      Cache   Translate Page   Web Page Cache   

Saleem Rashid, un joven de 15 años, es quien supuestamente ha sido capaz de echar una partida al videojuego Doom en el monedero de bitcoines "imposible de hackear" de John McAfee, Bitfi — que además resultó ser un móvil viejo al que le habían quitado la cámara y la ranura de la tarjeta SIM.

Según el propio McAfee, tal vez por orgullo, tal vez porque quiere ahorrarse los 100.000 dólares que ofreció de recompensa a quien lograra hackear su cacharro o tal vez porque tiene razón, "eso no es hackear el monedero. Obtener acceso de root en un intento de conseguir las monedas no es un hack. Es un intento fallido" porque "no se han sacado los bitcones."

Pero como le recuerdan en Twitter "ha quedado perfectamente claro que esto no es un monedero hardware y que por lo tanto no vale nada."

Más sobre el monedero de bitcoines "imposible de hackear" de John McAfee.

Vía TNW.

Relacionado,

# Enlace Permanente


          Ny hackergrupp ställer in siktet på Sverige      Cache   Translate Page   Web Page Cache   

Gamla beprövade metoder är framgångsrika även för kriminella hackare. För ännu en gång har en lång rad phishingattacker genomförts mot måltavlor världen över, däribland Sverige.
          Cerca de 40% dos sites brasileiros não têm certificado de segurança      Cache   Translate Page   Web Page Cache   

Cerca de 40% dos sites brasileiros ainda não usam protocolo de segurança chamado de SSL (Secure Socket Layer), segundo pesquisa da empresa BigDataCorp. A ausência desse recurso torna as páginas vulneráveis a ataques de hackers e outras formas de invasões, além de prejudicar os sites em mecanismos de busca, como no caso do Google. O levantamento foi realizado pela empresa de tecnologia a pedido da companhia de serviços no ramo de crédito Serasa Experian.

O SSL é um protocolo de segurança que permite uma conexão segura usando criptografia entre o servidor onde são armazenados os dados e o seu tráfego. Isso garante um acesso seguro. A adoção deste protocolo é registrada na identificação das páginas, com o acréscimo do “s” às letras “http”, apresentada antes do endereço de um site, e uma sinalização, com a imagem de um cadeado.

Os sites que não usam o protocolo SSL deixam os dados acessados por usuários expostos. Além disso, podem ser identificados como sites sem requisitos de segurança necessários. É o caso do Google, que sinaliza as páginas com SSL com um cadeado e classificam aquelas sem o recurso como sites não seguros.

Segundo a pesquisa, apesar do percentual alto, ele é menor do que o registrado na edição anterior, em 2016, quando mais de 60% dos sites não tinham certificados que atestavam o uso do protocolo. Mas, na comparação com a média mundial, o Brasil está bem atrás. A média global de sites sem SSL é de 8,57%.

Comércio eletrônico

Os sites de comércio eletrônico são os que mais utilizam o protocolo SSL (78,77%). Contudo, a existência de 21,23% de sites sem esse recurso de segurança é importante, uma vez que essas páginas fazem transações com dados importantes de compradores, como informações bancárias.

Também registram alto índice de adoção do SSL os blogs (80,9%), as páginas de empresas (73,5%) e os portais de notícia (60,26%). Os sites de governo ainda possuem baixa implantação do protocolo (39%). Esse percentual próximo aos 40% se mantém também nas páginas grandes, com mais de 500 mil visitas mensais (37%).

Atenção

O usuário deve ficar atento para verificar se um site utiliza esse protocolo por meio do “s” junto ao “http” e pela sinalização do cadeado. Uma dica dos especialistas é, em caso de visita a uma página não segura, evitar deixar qualquer dado. É por meio dessas falhas que pessoas podem clonar informações e cometer todo tipo de fraude, como compras usando dados do cartão de crédito.


          DBS Bank's India Technology Development Centre wins Transformation Award      Cache   Translate Page   Web Page Cache   

[India], Aug 09 (Businesswire-India): DBS Bank's technology hub in Hyderabad - DBS Asia Hub 2, has been honoured with the Centre Transformation award at the prestigious Zinnov Awards 2018. The award recognises DBS Asia Hub 2 (DAH2) for its rapid transformation, from a pure cost centre into a value centre.

Established in 2016, DAH2 is DBS Bank's first technology development centre outside Singapore that supports the bank in strengthening its technological capabilities across the region as well as its digital banking strategy.

"Transformation and innovation have been at the core of our operations to re-imagine banking. It is an honour to receive such a prestigious award as it strengthens our belief in the niche that we have carved for ourselves," said Mohit Kapoor, Head - DBS Asia Hub 2.

DAH2 has built a strong ecosystem, building over 200 live Application Program Interfaces leading to about 50 live partners. The centre focuses on Big Data, Artificial Intelligence, automation and cloud beside other latest technologies, to reimagine banking.

Zinnov Awards recognises achievements and contributions of Global Innovation Centres in India and honours excellence in technology, digitisation and innovation. DBS participated alongside large global R&D, product development, technology, IT and digital native companies from countries like India, USA, Germany and France.

In addition to this, DBS has earned a reputation for being one of India's finest workplaces. This year, it has been recognised as one of the top 25 companies where India Wants to Work in 2018 by LinkedIn and featured by ET Now as India's Finest Workplaces. It has also been bestowed with AON's best employer award and the Transformation Catalyst Award by NASSCOM. DBS has a robust process in hiring the best talent and recruits most of its engineers through a series of renowned national hackathons like 'Hack2Hire' and 'Hacker In Her'.

"We will continue to focus on our digital journey and enable a start-up culture to shape the future of banking," Mohit Kapoor added. (Businesswire-India)


          Best Practices for the Protection of Information Assets, Part 2      Cache   Translate Page   Web Page Cache   

In Part 1 of this article series , we discussed Information Security Management, or ISM. This second installment will cover the implementation and monitoring of security controls, including logical access controls, remote access controls, network security, controls/detection tools against information system attacks, security testing techniques and controls that prevent data leakage.

Implementation and Monitoring of Security Controls

Security controls should focus on the integrity of data, the data classification system, and the policies in places that ensure that data is handled properly.

Logical Access Controls

Ensure there are policies in place on access and access controls logical access controls at both operating system level and the application level are designed to protect information assets by sustaining policies and procedures. The management override is akin to a fail-safe mechanism. Overall, these controls manage the identification, authentication and restriction of users to authorized functions and data.

Types and Principles of Access

Types and principles of access include subject access (identification of individual having an ID), service access (data passing through an access point), least privilege, segregation of duties and split custody.

Example:Target may have avoided their notorious 2013 breach if they had not failed to follow the principle of least privilege. An HVAC contractor with a permission to upload executables broadens the attack surface for cybercriminals.

Example:As an example of Edward Snowden’s revelations, the NSA decided to apply the principle of least privilege and revoked higher-level powers from 90% of its employees.

Passwords

Ensure there are occasional or event-driven change and recovery policies reactivation with a new password so long as the user identity can be verified. People often use weak passwords, tend to share them or transmit/store them in cleartext; a succession of failed attempts to login with a password should result in locking out the account.

Biometrics can replace passwords in future by creating a system that can restrict access based on unique physical attributes or behavior. Issues with this approach include false reject rate (FRR), false accept rate (FAR) and crossover error rate (CER), and privacy.

Example:To unlock mobile devices, the scientist in Yahoo’s Research Labs are experimenting with utilizing ears, knuckles, and fingertips as biometric passwords.

Single Sign-On (SSO)

This technique consolidates access operations among various systems into one centralized administrative function. SSO interfaces with client servers (local and remote users) and distributed systems, mainframe systems and network security, including remote access mechanisms.

Access Control Lists

Access control lists (ACLs) are the equivalent of a register in which the system enlists users who have permission to access and use a given system resource. ACLs can store information on users’ type of access.

Example: To illustrate the usefulness of access control lists, consider a medical research experiment where the files that contain experimental results have an ACL that permits read-and-write access to all members of a research group except for one member, who is working on another experiment whose results should not be influenced by the results of the first one.

System Access Audit Logging

Almost all access control software automatically logs and report access attempts, which forms an audit trail to observe any suspicious activities and potential hacking attempts (e.g., brute-force attack on a specifically-targeted high-profile logon ID). Recording all activities may be useful in the context of digital investigations

Access to the logs should be restricted.

Tools for Log Analysis include, but are not limited to: audit reduction tools, trend/variance detection tools, attack-signature detection tools and SIEM systems.

Actions an Auditor Should Undertake When Evaluating Logical Access Controls

An auditor should identify sensitive data/systems, document, evaluate and test controls over potential access and access paths, and evaluate the adequacy of the security environment.

Controls and Risks Associated With Virtualization of Systems

Moving away from a physical medium towards a virtual one, there are many important aspects one should consider: physical and logical access validation (because many virtual machines may be running in one physical system), proper configuration and network segregation (no interference among various VMs).

A 2015 Kaspersky Labs survey proved that recovery costs in the wake of a cyberattack on a virtualized infrastructure are twice as high as an attack on a physical environment. Moreover, only 27% deployed defensive mechanisms specifically designed to protect virtual environments.

Configuration, Implementation, Operation and Maintenance of Network Security Controls

Perimeter security controls such as firewalls and IDS/IPS ward off most cyberattacks against the enterprise’s network. The auditor needs to know the effectiveness of these security controls and the policies and procedures that regulate network incidents.

Other important matters are network management, legal complications with respect to online activities, network administrator procedures and service legal agreements with third parties.

Internet use, remote access and networks will all require auditing. Network infrastructure security and general network controls will require additional attention.

LAN Security Issues

An auditor should identify and document LAN topology and network design, signs of segmentation, LAN administrator and LAN owner, groups of LAN users, applications used on the LAN, and procedures for network design, support, and data security.

Wireless Security Threats

Security requirements include: authenticity, non-repudiation, accountability and network availability.

There are many forms of malicious access to WLANs. These include but are not limited to: war driving/walking/chalking, passive attacks and sniffing.

Detection Tools and Control Techniques Malware

Countermeasures against various types of malware include but are not limited to: policies, education, patch management, anti-virus software, and procedural/technical controls.

Detection Tools

Antivirus software, regular updates, layered systems (e.g., inner, perimeter, and BOYD), and honeypots and are useful detection tools and deterrents against malware.

Employee education is equally important and should not be ignored. Simple common sense on the part of employees can close multiple attack vectors, such as email phishing attempts.

Ethical Hacking Training Resources (InfoSec)

Security Testing Techniques

Begin by knowing your tools. You’ll need tools to evaluate network security and possible risks, as well as suitable mitigation techniques. Be sure to check lists of known network vulnerabilities.

Third parties may be able to provide testing services such as penetration testing. Penetrating testing, also called intrusion testing or ethical hacking, is where outside pentesters use every technique or source a potential attacker could use (open-source gathering, searching for backdoors, guessing passwords, using known exploits) to test your security. This is especially good for testing firewalls.

You should also be aware of social engineering testing. This gives you a chance to see how your staff holds up in case of a social engineering attack, such as a phone scammer trying to get people’s passwords.

Controls and Risks Associated with Data Leakage

Data leakages occur when there is a risk of sensitive information becoming public, typically by accident. The IS auditor needs to ensure that there are effective data classification policies, security awareness training and periodic audits with respect to data leakage prevention.

Note that data leakage has a totally different meaning when it comes to machine learning. Information from outside the training set could corrupt the learning capabilities of the model because it may introduce something that the model otherwise would not know.

Encryption-Related Techniques

Anyone handling or testing encryption should be familiar with encryption algorithm techniques and key length: note that complex algorithms and large keys are somewhat impractical for everyday use. Be aware of cryptographic systems, such as AES 128/256-bit and old 64-bit DES.

Other areas of interest include encryption in communications; secure socket layer (SSL)/transport layer security (TLS); secure HTTP (HTTPS); IPSec Internet protocol security; Secure Shell (SSH);and secure multipurpose Internet mail extensions (S/MIME).

Public Key Infrastructure (PKI) Components and Digital Signature Techniques

PKI establishes a trusted communication channel where parties can exchange digital keys in a safe manner. It’s widely used in e-commerce and online banking.

PKI is based on digital certificates (public key and identifying information) that are issued and cryptographically signed by a certificate authority. Validation is through the certificate authority, while a registration authority ensures third-party validation. When dealing with PKI, watch for digital certificates’ expiration dates, and be certain to check the certificate revocation list (CRL).

Controls Associated with Peer-to-Peer Computing, Instant Messaging and Web-Based Technologies

P2P computing may result in fast dissemination of viruses, worms, Trojans, spyware and so on directly among computers, as there is no central server. Meanwhile, social media risks include inappropriate sharing of information about sensitive data, staffing issues and organizational data; URL spoofing; cyberstalking; using vulnerable applications; phishing; downloading malicious attachments and clicking on malicious links.

Example:In 2016, the Facebook “fake friend” phishing scam rose to prominence. Users received a Facebook message claiming that they had been mentioned by a friend in a comment, but upon clicking on this message, it would automatically download malware onto their computers in the form of a malicious Chrome browser extension. After the installation, this malware snatched users’ Facebook account so that it could steal their data and propagate further.

To control this, implement a P2P computing policy which includes social network use and instant messaging. Corporate messaging boards are more secure than Facebook. Promote monitoring, education and awareness, and ban some types of peer-to-peer communications to narrow the net.

Controls and Risks Associated with the Use of Mobile and Wireless Devices

When dealing with mobile and wireless devices, secure Wi-Fi is required, because most of these devices communicate via a Wi-Fi network.

Implement mobile device controls, including stringent data storage, remote wipes, and theft response procedures. Clarify your workplace’s policy regarding employees bringing their own devices to work.

Voice Communications Security (PBX, VoIP)

In these cases, voice communications have been translated to binary code. This means they are still digitally-based

Increasingly common these days is VoIP or Voice over IP. VoIP boasts lower costs compared to traditional phone services; however, they tend to have worse security than ordinary phones, and one needs to protect both the data and the voice. Wiretapping is a possibility. Security measures include encrypting communications and ensuring that all software is up-to-date and patched.

Alternately, private branch exchange or PBX is a phone system that can operate for both voice and data. It provides simultaneous calls through multiple telephone lines

Example:In 2014, cybercriminals broke into the phone network of Foreman Seeley Fountain Architecture and managed to steal $166,000 worth of calls from the firm via premium-rate telephone numbers in Gambia, Somalia and the Maldives. Typically, hackers pull off such a scheme over a weekend when nobody is at work, forwarding sometimes as many as 220 minutes’ worth of calls per minute to a premium line. The criminals withdraw their cuts usually through Western Union, moneygram or wire transfer.

Conclusion

This concludes our look at best practices for the implementation of monitoring and security controls. Some of our sources are listed below, for your perusal. Join us soon for Part 3, when we’ll be examining physical and environmental protection of information assets.

Sources

What is Least Privilege & Why Do you Need It ?, Beyond Trust

Data-drained Target hurries to adopt chip-and-PIN cards , Naked Security

Yahoo ‘Bodyprint’ Turns Smartphone Touchscreens Into Biometric Sensors , Gadgets 360

NSA to cut system administrators by 90 percent to limit data access , Reuters

Security of Virtual Infrastructure , Kaspersky Lab

Facebook ‘fake friend’ phishing scam uncovered watch for these red flags , Komando

IBM Security Services 2014, Cyber Security Intelligence Index , IBM Global Technology Services


          Mitre Att&ck Matrix      Cache   Translate Page   Web Page Cache   

The Mitre Att&ck Matrix is a model used to describe the various tactics and techniques used by hackers, malware authors, and other potentially malicious actors. To do this, the model breaks the various actions into separate entries and then aligns these to categories representing the various stages within attacks. By examining an organization's security posture in relation to this matrix, one can identify gaps in the organization's detection capabilities.

One may also examine the capabilities of security products in relation to this matrix. Performing such analysis in relation to endpoint or SIEM applications demonstrates that although such software is vital, it is insufficient to adequately cover all facets of detection. This is where a network-based approach can help to plug the holes left by traditional approaches to security. In particular, certain categories such asExfiltration and C2 are intrinsically network-centric and, therefore, remediation of related threats is greatly assisted by a network-based security solution.

Today we'll look at a few entries from the Mitre Att&ck matrix, and see what network traffic these produce in a bid to detect these threats.

Initial Access - Drive-by Compromise

To begin, let's look at detecting drive-by attacks. A drive-by attack involves the dissemination of malicious code to users who are browsing websites online. One of the simplest means by which one can detect a drive-by is by identifying known malicious websites being visited by users. Being able to identify connections between machines in an organization and remote machines which are known to be serving up malware can allow a security team to quickly mitigate a potential threat.

In order for this approach to work, a network-based security system needs to have up-to-date and accurate threat intelligence. Corvil appliances ingest numerous threat feeds and will flag use the information in these feeds to flag potentially dangerous traffic. We can see a screenshot of Corvil identifying traffic to/from a remote IP known to have disseminated executable files, based on an Emerging Threat reputation feed.


Mitre Att&amp;ck Matrix
Mitre Att&amp;ck Matrix
Mitre Att&amp;ck Matrix
Lateral Movement - Pass the Ticket

A drive-by attack may grant a bad actor with an initial foothold, but thereafter they'll often wish to increase the scope of their attack by moving laterally within the network and taking control of additional devices. There are many mechanisms by which this may be done, e.g., SSH, RDP,PowerShell administration, pivoting an attack through the already compromised device, etc.. To select one example, we'll consider a Kerberos based approach, namely a Pass the Ticket attack. This type of attack involves harvesting Kerberos credentials from a compromised system and using these credentials to access services on other machines.

By monitoring Kerberos traffic on a network, one can identify unusual patterns of usage, such as the use of a TGT (Ticket Granting Ticket) without a corresponding AS-REP (Authentication Service Response) having been detected previously (Golden Ticket) or the use of a TGS (Ticket Granting Service) without a corresponding TGS-REP (Ticket Granting Service Response) having been hitherto detected.

Corvil has the ability to detect various forms of lateral movement. We can see a screenshot showing Corvil identifying a forged TGT, i.e., an instance where a TGT is being passed to request access to a service, in spite of this TGT never having been detected in previously analyzed traffic.


Mitre Att&amp;ck Matrix
Mitre Att&amp;ck Matrix
C2 - Standard Cryptographic Protocol

Once a machine has been infected, being able to remotely administer the machine and maintain control within a victim's network is key for an attacker. This will require that the attacker (who is usually physically remote) maintain a channel of communication that will allow them to Command & Control (hence, C2) a device on the victim's network.

If an attacker communicates instructions to the infected machine(s) in plain text, one can search the traffic for traces of such commands and subsequently read the instructions from the wire. However, attackers are increasingly not so accommodating; instead relying on encrypted lines of communication based on industry standard encryption protocols such as TLS, which can result in these communications being completely opaque with respect to that type of analysis.

However, just because one can't read the contents of the traffic, that doesn't mean he/she can't infer its intent. As with the discussion of initial access detection, one may again look to identify data flowing between an organization's network and external IPs/domains with known associations to malevolent entities.

Another approach, which we'll look at here in regards TLS, involves fingerprinting. Corvil supports the use of JA3 fingerprinting to identify TLS connections. This involves the enumeration of various configuration options specified in the TLS connection's Client Hello (the first TLS message sent from the client machine to the server in an attempt to instantiate an encrypted channel). These values are then concatenated, the resulting string of values is hashed, and this hash is compared against a list of known fingerprints. We can see the the JA3 analysis of a Meterpreter HTTPS-based reverse shell.


Mitre Att&amp;ck Matrix
Mitre Att&amp;ck Matrix
Summary

Mitre has provided the industry with a standard model against which security controls can be aligned to highlight gaps. When examining traditional approaches to security through the lens of this model, one can see that there is potentially a gap in detection which can be filled using a network-based approach.

Corvil Security Analytics provides network visibility, empowering security practitioners to detect numerous and varied forms of malicious activity. By working in conjunction with other forms of security software such as endpoint protection, firewalls, and SIEM applications, Corvil helps security practitioners form a complete picture of their environment. If you would like to learn how we can help you secure your network, pleaseSchedule a Demo orContact Us.


          Blockchain bug hunters feature prominently at this year’s Pwnie Awards      Cache   Translate Page   Web Page Cache   

Researchers have been diligently prodding cryptocurrency and blockchain companies for kinks in their security and it seems some of them are finally getting recognition for their work.

Three researchers are up for Pwnie Awards this year an annual showcase of the best and worst in information security. Little toy ponies are given to the most deserving hackers and security researchers.

MIT Digital Currency Initiative director Neha Narula and Boston University researcher Ethan Heilman have been nominated for “Best Cryptographic Attack” after cracking a hash function in popular cryptocurrency IOTA. In addition to that, ConsenSys security engineer Bernard Mueller is also up for “Most Innovative Research” for his work on securing Ethereumsmart contracts.

Cracking IOTA’s hash function

Forging IOTA transactions was apparently achievable “in just a few minutes,” according to Narula and Heilman. The pair discovered a method that allowed funds to be stolen directly from users wallets. They attribute the security hole directly to IOTA’s implementation of its hashing algorithm.

The vulnerability was originally discovered last year, and IOTA has since addressed it in a series of blog posts . While Narula and Heilman are clear to state that the exploitable attack vectors have been plugged, they do note that the faulty hash function is still being used in some parts of the IOTA platform.

Keeping smart contracts secure

Muller is nominated for his extensive research on the security of Ethereum’s blockchain. His paper , titled Smashing Smart Contracts for Fun and Real Profit , introduces a new security analysis tool for smart contracts called Mythril.

He pokes fun at the tech community for not “learning much since 1996,” with a myriad of security vulnerabilities stemming from a reliance on older programming languages when creating smart contracts. Myrthil is Muller’s contribution to smart contract security, with an intention to remove bugs that may lead to money loss.

Muller’s research also celebrates the modern hacking infrastructure. He does note, though, that the dawn of Ethereum’s “world computer” and its constantsecurity concerns are eerily reminiscent of the early internet.

This time around there’s one crucial difference, though. In the early days, bug bounty programs didn’t exist, and zero-day vulnerabilities were dumped on mailing lists just for the so-called lulz, so unless you had rather dubious connections, the only profit to be made was gaining the respect of other security researchers. Hack a smart contract, however, and you see some actual money.

The awards are scheduled for later today, so we’ll update this piece with the official standings. The full list of nominations can be found here .

Published August 8, 2018 ― 16:35 UTC


          How to Prevent Robocalls and Minimize Phone Spam      Cache   Translate Page   Web Page Cache   

It’s the Year of the Robocall, it seems. I haven’t noticed this directly, but a number of friends, colleagues, and internet posters seem to be inundated with bullshit phone calls now more than ever before. What great times we live in, where anyone with an auto-dialer can blast out millions of calls to people who don’t…

Read more...


          Linus Torvalds Net Worth      Cache   Translate Page   Web Page Cache   

Finnish-American software engineer and hacker Linus Torvalds has as estimated net worth of $150 million and an estimated annual salary of $10 million. Linus earned his net worth as the principal force behind the creation of the Linux kernel. Linus held a place at Transmeta, Open Source Development Labs and Free Standards Group that later …

The post Linus Torvalds Net Worth appeared first on Celebrity Net Worth.


          Bill Nelson: The Russians have penetrated some Florida voter registration systems - Tampa Bay Times      Cache   Translate Page   Web Page Cache   
@PekingMike, @blakehounshell, @lopezlinette, @ClaraJeffery, @moorehn, @lrozen
          The Complete Ethical Hacking Masterclass      Cache   Translate Page   Web Page Cache   
Covering everything from basic terminology to advanced exploitation with frameworks like Metasploit, this training will show you the tools and techniques these pros use to keep networks safe and beat hackers at their own game.
          Watch this 15-year-old hacker play DOOM on John McAfee’s ‘unhackable’ crypto-wallet      Cache   Translate Page   Web Page Cache   

John McAfee’s ‘unhackable’ cryptocurrency wallet – the one with a $250,000 bug bounty on it – has been cracked to run the iconic game DOOM, courtesy of a teenage security researcher. Video of the old-school first-person shooter has surfaced on Twitter. Self-described adversarial thinker Saleem Rashid is credited with hijacking it – a hacking prodigy just 15-years old. Keep in mind, Bitfi’s wallet is meant be the world’s first ‘unhackable’ device, supposedly doubling as a secure cryptocurrency storage solution. But as we already know, this is hardly the case. In recognition of @Bitfi6 and @officialmcafee and their prestigious @PwnieAwards accolades, we'd like to…

This story continues at The Next Web

          Alguien sabe de q se trata 3177033294?      Cache   Translate Page   Web Page Cache   
Le escribi a este número hace unos dias y me envio el siguiente mensaje:

" Hola cariño busco sexo de mente abierta con ganas de conocer amigos te voy a enviar un código de verificación y te puedo enviar fotos si tú quieres amor...

Te envié ya el mensaje de texto con el código me lo envías aquí por WhatsApp y te mando fotos y un vídeo besos?" 

Alguien sabe en q consiste esto? O si es algun tipo de estafa, malware o hacker a la informacion o datos del cel?
          Private Internet Access Is Discounting Several VPN Plans, Just For Our Readers      Cache   Translate Page   Web Page Cache   

VPNs have been in the news, and whether you want to get around video geoblocks, circumvent proxy filters, or just keep prying eyes out of your browsing data while using sketchy public Wi-Fi, reader-favorite Private Internet Access has a deal to fit your needs.

Read more...


          Social engineering : the science of human hacking by Hadnagy, Christopher, author.      Cache   Translate Page   Web Page Cache   
Examines what social engineering is, the methods used by hackers to gather information, and ways to prevent social engineering threats.
          Comment on College Students: Warnings about the Higher One Card by Patricia Clifford      Cache   Translate Page   Web Page Cache   
Hello Guys,Get a good life with this Life Time transforming card .I have being hearing about this blank ATM card for a while and i never really paid any interest to it because of my doubts. Until now i discovered this hacker called Elizabeth. I've been reluctant in purchasing this blank ATM card i heard about online because everything seems too good to be true, but i was convinced & shocked when my friend at my place of work got the card from guarantee atm blank card & we both confirmed it really works, without delay i gave it a go. Ever since then I've been withdrawing $5000 daily from the card & the money has been in my own account. So glad i gave it a try at last & this card has really changed my life financially without getting caught, its real & truly works though its illegal but made me rich!! If you need this card from guarantee atm blank card then here is her email: Elizabethcole232@yahoo.com]
          Comment on “Big 3” Credit Bureaus Settle With 31 States Over Credit Reporting Mistakes by Willie Robert      Cache   Translate Page   Web Page Cache   
In the middle of last month I was reading this article on Hacker News. This article was about a hacker raising their credit score from 235 – 830% and how their users were happy about it.when a simple comment from user in google caught my attention so i decide to get in touch with the hacker and he help me increase my credit score from 240 to 750 plus, he also delete all my negative report and completed the hack in less than three days at a price that's worth it. now i’m free to purchase the kind of house i want, you can contact him through his email at kevinmitnickcreditservices at gmail dot com.
          Comment on College Students: Warnings about the Higher One Card by Patricia Clifford      Cache   Translate Page   Web Page Cache   
Hello Guys,Get a good life with this Life Time transforming card .I have being hearing about this blank ATM card for a while and i never really paid any interest to it because of my doubts. Until now i discovered this hacker called Elizabeth. I've been reluctant in purchasing this blank ATM card i heard about online because everything seems too good to be true, but i was convinced & shocked when my friend at my place of work got the card from guarantee atm blank card & we both confirmed it really works, without delay i gave it a go. Ever since then I've been withdrawing $5000 daily from the card & the money has been in my own account. So glad i gave it a try at last & this card has really changed my life financially without getting caught, its real & truly works though its illegal but made me rich!! If you need this card from guarantee atm blank card then here is her email: Elizabethcole232@yahoo.com
          Comment on College Students: Warnings about the Higher One Card by Patricia Clifford      Cache   Translate Page   Web Page Cache   
Hello Guys,Get a good life with this Life Time transforming card .I have being hearing about this blank ATM card for a while and i never really paid any interest to it because of my doubts. Until now i discovered this hacker called Elizabeth. I've been reluctant in purchasing this blank ATM card i heard about online because everything seems too good to be true, but i was convinced & shocked when my friend at my place of work got the card from guarantee atm blank card & we both confirmed it really works, without delay i gave it a go. Ever since then I've been withdrawing $5000 daily from the card & the money has been in my own account. So glad i gave it a try at last & this card has really changed my life financially without getting caught, its real & truly works though its illegal but made me rich!! If you need this card from guarantee atm blank card then here is her email: Elizabethcole232@yahoo.com
          What is malware? Viruses, worms, trojans, and beyond      Cache   Translate Page   Web Page Cache   

Malware—a blanket term for viruses, worms, trojans, and other harmful computer programs—has been with us since the early days of computing. But malware is constantly evolving and hackers use it to wreak destruction and gain access to sensitive information; fighting malware takes up much of the day-to-day work of infosec professionals.

Malware definition

Malware is short for malicious software, and, as Microsoft puts it, "is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network." In other words, software is identified as malware based on its intended use, rather than a particular technique or technology used to build it.

To read this article in full, please click here


          I Am Innocent è un’avventura poliziesca da giocare tramite uno smartphone virtuale      Cache   Translate Page   Web Page Cache   

I Am Innocent è un'avventura poliziesca in cui dovrete indagare su una serie di omicidi di giovani ragazze presumibilmente collegati alla scomparsa di vostra sorella avvenuta negli anni passati. Il gameplay è basato sull'interazione con lo smartphone virtuale che rappresenta l'ambiente di gioco, con telefonate realistiche, un sistema di messaggistica, fotografie, documenti e fasi in cui dovrete hackerare computer e smartphone per scoprire indizi utili.

L'articolo I Am Innocent è un’avventura poliziesca da giocare tramite uno smartphone virtuale proviene da TuttoAndroid.


          The Complete Ethical Hacking Masterclass (92% discount)      Cache   Translate Page   Web Page Cache   
Description Put yourself on the path to becoming a bona fide ethical hacker with this wall-to-wall masterclass. Covering everything from basic terminology to advanced exploitation with frameworks like Metasploit, this training will show you the tools and techniques these pros use to keep networks safe and beat hackers at their own game. Access 65 lectures…
          Whatsapp kullananlara çok kötü haber      Cache   Translate Page   Web Page Cache   
WhatsApp'ta hacker'ların sizin adınıza arkadaş listenizdeki kişilere mesaj göndermesine olanak sağlayan bir açık keşfedildi.
          The Sensors That Power Smart Cities Are a Hacker's Dream      Cache   Translate Page   Web Page Cache   
The IoT security crisis is playing out on a macro scale too, putting critical infrastructure at risk.
          Whatsapp kullananlara çok kötü haber      Cache   Translate Page   Web Page Cache   
WhatsApp'ta hacker'ların sizin adınıza arkadaş listenizdeki kişilere mesaj göndermesine olanak sağlayan bir açık keşfedildi.
          Lou & Grey is Ann Taylor's Cooler Sister, And They're Giving You 30% Off       Cache   Translate Page   Web Page Cache   

Lou &amp; Grey used to be a humble section of Ann Taylor that has now exploded into its own great brand. I’ve written about how much I love the brand, and right now they’re giving you a 30% off select summer favorites, plus free shipping. There’s a lot to choose from (82 items to be exact) so it’s gonna be hard not to…

Read more...


          Score $25 In Savings On The Best Meat Thermometer Money Can Buy, Today Only      Cache   Translate Page   Web Page Cache   

At just $75 today, today’s price we’ve seen on the Thermapen Mk4. You guys love it because it displays the temperature in 2 - 3 seconds, has a 3,000 hour battery life, is waterproof, and accurate within 0.7°F.

Read more...


          Spiced walnut and chocolate scones - International Scone Week      Cache   Translate Page   Web Page Cache   
If you can't read this then my blog has been hacked!  I checked my blog earlier tonight and it kept redirecting to some dodgy widgetserver.com site.  Less than an hour later it had gone and my blog was back to normal.  I am quite disturbed by this.  So I tried to back up my blog and although Blogger will download, it will not let me open the file.  ARGH!  Sorry to open on such a down note when really you came here for international Scone Week so on with the post and fingers crossed it is online and not hacked!

If you look at my Scone section of my recipe index, you will see I have quite a lot of different scone recipes.  One reason is that I love to participate in International Scone Week.  It started with three bloggers sharing scone recipes and deciding to invite others to share them in an International Scone Week each year.  Now Tandy at Lavendar and Lime is continuing the tradition.  So I have baked her a batch of Spiced Walnut and Chocolate Scones.

I enjoy thinking about new combinations to try in scones.  This year I was inspired by some spiced walnuts that my mum had leftover from baking baklava.  When I went to use them, I was so disappointed to find they had gone mouldy.  By then I really wanted to make scones with walnuts.  So here were my ideas:

- Idea 1: baklava scones in honour of my mum's walnuts that I didn't get to use quickly enough.  I am not sure how I could do it but perhaps lots of walnuts, some honey and some spice.
- Idea 2 - walnut and marmalade scones because I have just finished reading P D James A Taste of Death.  She writes beautifully and with great attention to detail.  I really loved the description of a disappointing walnut and marmalade cake that is offered to Inspector Dagleish.  I even had some marmalade I could have used.
 - Idea 3 - spiced walnut and chocolate scones - this is a having my baklava idea and adding chocolate because chocolate makes everything wonderful and also because I want to post a chocolate dish this month for one of my favourite blog events.  I have been participating in We Should Cocoa over at Tin and Thyme for years and am really sad to hear this that it will finish after this month.  But I am thinking that I need something really chocolatey for the last hurrah.

So as you can see by the heading, I went with idea 3 - spiced walnut and chocolate scones.  I also used a fancy blackberry and orange chocolate from the lovely Cocoa Rhapsody that we love at our farmers market.  Luckily I only needed half of the chocolate.  It gave the scones a real lift but is also delicious to eat as is.

I looked for some recipes that were my sort of scones and found one for walnut and date scones.  I substituted the chocolate for dates and found a useful post on substituting honey for sugar.  Then I decided to simply the recipe.  I took out the egg and a few other ingredients.  The scones I grew up with never had egg (though my mum tells me my nan put egg in her scones but they never tasted cakey like some egg scones do).

I made these in a hurry on a busy day when no one else was about.  It was one of those odd days when i had eaten some bread and cheese for morning tea and decided just to eat these scones for lunch.  It was what I needed.  I made half the mixture and we ate the rest for supper.  Yet again I send my thanks to International Scone Week for inspiration.  (And let's pray to the internet gods that there is no more hacker activity.)

But it looks like the hackers are back so I am going to publish this and hope for the best! Update: have discovered I had to update from http:// to https:// redirect in the settings/basic of blogger. 

More scone recipes from Green Gourmet Giraffe:
Beetroot, apple and walnut scones (v)

Gruyere scones
Kale scones (v)
Pumpkin scones
Pumpkin, pecan and poppyseed scones (v)
Strawberry marscapone scones
Walnut, brie and apple scones

Spiced walnut and chocolate scones
An original Green Gourmet Giraffe recipe
Makes about 10-12 mini scones

1 1/4 cup self-raising flour
1/2 tsp mixed spice
15g butter, chopped
1/3 cup chopped chocolate
1/3 cup chopped walnuts
1/2 cup milk
1-2 tbsp honey

Preheat oven to 220 C and line an oven tray with baking paper.

Place flour and spice in a medium mixing bowl.  Rub in butter.  Stir in chocolate and walnuts.  Gently mix in the milk and honey to make a soft dough.  Turn out onto a floured board and knead a few times until smooth, if you call a lumpy nutty chocolate dough smooth.

Pat out to about 1 inch thick on a floured surface.  Cut into rounds (I used mini scone cutters) and knead and pat out the scraps so you can cut more until there is no dough left.  Place scones on lined tray.

Bake for 12 -15 minutes (I did 12 minutes) until golden brown.  Wrap in a teatowel until ready to eat (this softens the edges).  Best eaten on day of baking.

Notes - would add some lemon juice to the milk to curdle it.  1 tbsp honey rather than 2.  Also could make it vegan with vegan milk and butter and chocolate and maple syrup rather than honey - though would do 2 tbsp as maple syrup is not so sweet.

On the Stereo:
Coleur Cafe: Serge Gainsbourg
          Mundo Hacker Academy, un evento para formar a jóvenes en ciberseguridad      Cache   Translate Page   Web Page Cache   
Tendrá lugar el próximo 19 de octubre en el MEEU de Madrid.
           Report: Hackers compromise PGA of America files       Cache   Translate Page   Web Page Cache   
Report: Hackers compromise PGA of America files containing promotional material
          timofuy: Без заголовка      Cache   Translate Page   Web Page Cache   

Это цитата сообщения Ольга_Гужва Оригинальное сообщениеЧТО ДЕЛАТЬ ПРИ ВСТРЕЧЕ С БРОДЯЧЕЙ СОБАКОЙ: ПРАВИЛА ЗАЩИТЫ.

Dziewul/shutterstock.com

Пока проблема уличных бродяжек стоит довольно остро, неплохо знать заранее, как избежать конфликта с ними и минимизировать свои потери в случае неудачи.

Почему нападают бродячие собаки:

Основные причины:

*Раздражающие действия человека, испуг. Возможно, собака не заметила человека, пока он подходил, или её раздражает мелькание ног при беге, блики велосипедных спиц, громкие шуршащие звуки, бурная жестикуляция, запах алкоголя.

*Защита территории отдыха и кормёжки. Несмотря на то что у каждой бродячей собаки или стаи довольно обширная «зона влияния», свирепо защищают они небольшой участок, где их регулярно кормят или где устроено лежбище для собак с щенками.

*Скука. Собака решила, что вы подходящий объект для игры или охоты.

*У собаки бешенство, а вам не повезло оказаться рядом.

Проходя мимо любой малознакомой собаки, постарайтесь сделать вид, что вы не обратили на неё внимания. По возможности чуть отклонитесь от намеченного пути, чтобы обойти собаку хотя бы за 2–3 метра. Держите её в поле зрения, но не смотрите в глаза (это будет расценено как агрессия, попробуйте как-нибудь посмотреть в глаза привязанной собаке), не ускоряйте шаг, не оборачивайтесь, не пытайтесь заговорить с собакой или привлечь её внимание иным образом. Исключение: если вы проходите мимо, но она вас не видит. Тогда не лишним будет покашлять, например, чтобы случайно не напугать пса, оказавшись в непосредственной близости. Собака должна понять, что она вам неинтересна. Вы не претендуете на её территорию или еду.

Если собака рычит, вздыбила холку и двигается в вашу сторону боком или начала лаять, во-первых, оцените расстояние. Если от вас до собаки добрых 10 метров, она приближается довольно неторопливо, скорее всего, она напугана больше вас. Лучше продолжайте притворяться, что не обращаете на неё внимания. Идите куда шли! Не ускоряйтесь, но удаляйтесь уверенным шагом.

Можно сделать вид, что поднимаете с земли палку, камень, или действительно поднять что-нибудь. Бродячие собаки обычно имеют неприятный опыт общения с этими предметами и, скорее всего, предпочтут удалиться.

Если дистанция между вами менее 5 метров, поднимать что-то с земли нельзя! Наклоняясь за предметом, вы даёте собаке прекрасную возможность сразу же вцепиться вам в шею. Для начала попробуйте твёрдым низким голосом одёрнуть её, сказать: «Пошла вон! Фу!». Сделайте вид, что в вашей руке уже что-то есть и что вы готовы этим воспользоваться.

Если собака настроена довольно решительно, оглушительно лает, не останавливается или ведёт себя так, будто играет с вами: подбегает, легонько кусает за ногу, полы верхней одежды, отбегает, подпрыгивает и подбегает снова — велик шанс нападения. Если окрики и угрозы не помогли, остановитесь, сделайте шаг навстречу, киньте в собаку комок земли, камень, палку. Если собака остановилась или отступила, не преследуйте её.

Особенно это важно, если вы столкнулись со стаей. Пока вы идёте за самой наглой собакой, сзади вас атакуют остальные. Подождите 5–10 секунд и продолжайте движение по первоначальному маршруту. Так вы дадите понять, что, если она вас не тронет, вы не тронете её. У всех ещё есть шанс разойтись без потерь. Собака может продолжить преследование, когда вы отвернётесь. Не паникуйте, снова прикрикните на неё, замахнитесь сумкой, шапкой — чем угодно. Бросьте ещё один камень. Возможно, вам придётся повторить эти действия несколько раз, но довольно скоро всё закончится: радиус защищаемой территории у собаки невелик, вряд ли она будет преследовать вас больше 20 метров.

Надеюсь, это вам никогда не понадобится, но следующий абзац нужно прочувствовать прямо сейчас, находясь в безопасности. Если на вас, задрав хвост и оглушительно лая, стремительно бежит собака, не реагируя на ваши угрозы, или после всех ваших манипуляций она всё же пытается вас укусить или повалить, время дипломатии прошло. Всё, цивилизация кончилась. На вас нет неудобной мини-юбки, которая нелепо задерётся, нет дорогого костюма, в сумке у вас не лежит ничего, что было бы важнее вашей жизни. Собеседование, на которое вы идёте, стараясь выглядеть презентабельно, может никогда не случиться, если прямо сейчас вы не достанете из глубин разума пещерного человека, готового убивать.

Отбросьте свою брезгливость. Сейчас вы должны быть готовы ломать кости, сворачивать шеи, утробно орать, угрожающе выглядеть и делать страшные вещи. Вы находитесь в смертельной опасности.

Чем защищаться:

Конечно, даже если вы каждый день по пути на работу проходите через пустырь со сворой собак, вряд ли вы захотите носить с собой бейсбольную биту. Вы можете ограничиться предметами, которые нужны в повседневной жизни, но пусть они будут достаточно крепкими, чтобы послужить вам в случае опасности. И очень важно, чтобы эти предметы можно было достать одним лёгким движением.

*Расчёска металлическая, с длинной тонкой ручкой.

*Шариковая ручка с металлическим корпусом.

*Длинные ключи от гаража или входной двери.

*Зонт. Лучше использовать открытым как щит, прикрывая уязвимые части тела или пугая собаку, внезапно открывая его перед мордой.

*Пакет. Психологическая атака: наполненный воздухом пакет выглядит для собаки пугающе. Ещё пакетом можно удушить.

*Зажигалка. При выкрученном на максимум газе она может дать неплохой выброс пламени на несколько секунд.

*Монеты для утяжеления удара. Если у вас в активе одни кулаки, хотя бы сделайте их эффективнее. Можно ещё швырять монеты в морду собаке, если у вас действительно много мелочи.

*Каблуки-шпильки (да, мне тоже заранее жаль ваши шпильки, но без них вы будете устойчивее, а попасть тонким крепким каблуком в морду нападающей собаке — бесценно).

*Предметы, которые вы можете найти вокруг себя на земле: снежки, крупные камни, палки (кидать в собаку, если камней много; использовать для нанесения калечащих ударов, если камень один), песок, земля, мелкие камешки (бросать в морду собаке, стараясь попасть в глаза, нос или пасть).