just

now browsing by tag

 
 

Greg Inglis charged with drink driving, speeding just hours after being named Kangaroos captain | #childabductors | #parenting | #parenting | #kids

NRL star Greg Inglis has been charged with speeding and drink driving, just hours after being named captain of the Australian rugby league team. The ABC understands Inglis was returning […] View full post on National Cyber Security

#deepweb | Google Just Gave Millions Of Users A Reason To Quit Chrome

Source: National Cyber Security – Produced By Gregory Evans

Google Chrome’s seamless updates have long been a big part of its appeal. But perhaps not anymore. With the latest version of Chrome already installed on hundreds of millions of computers and smartphones around the world, a significant warning has been issued that you might not like what it has running inside. 

Picked up by The Register, Chrome 80 (check your version by going to Settings > About Chrome) contains a new browser capability called ScrollToTextFragment. This is deep linking technology tied to website text, but multiple sources have revealed it is a potentially invasive privacy nightmare. 

To understand why requires a brief guide to how ScrollToTextFragment works. The simple version is it allows Google to index websites and share links down to a single word of text and its position on the page. It does this by creating its own anchors to text (using the format: #:~:text=[prefix-,]textStart[,textEnd][,-suffix]) and it doesn’t require the permission of the web page author to do so. Google gives the harmless example: 

“[https://en.wikipedia.org/wiki/Cat#:~:text=On islands, birds can contribute as much as 60% of a cat’s diet] This loads the page for Cat, highlights the specified text, and scrolls directly to it.”

The deep linking freedom of ScrollToTextFragment can be very useful for sharing very specific links to parts of webpages. The problem is it can also be exploited. Warning about the development of ScrollToTextFragment in December, Peter Snyder, a privacy researcher at Brave Browser explained: 

“Consider a situation where I can view DNS traffic (e.g. company network), and I send a link to the company health portal, with [the anchor] #:~:text=cancer. On certain page layouts, I might be able [to] tell if the employee has cancer by looking for lower-on-the-page resources being requested.” 

And it was Snyder who spotted that ScrollToTextFragment is now active inside Chrome 80 stating that “Imposing privacy and security leaks to existing sites (many of which will never be updated) REALLY should be a ‘don’t break the web’, never-cross, redline. This spec does that.”

David Baron, a principal engineer at Mozilla, maker of Firefox, also warned against the development of ScrollToTextFragment, saying: “My high-level opinion here is that this a really valuable feature, but it might also be one where all of the possible solutions have major issues/problems.” 

Defending the decision, Google’s engineers have issued a document outlining the pros/cons of the deep linking technology in ScrollToTextFragment and Chromium engineer David Bokan wrote this week that “We discussed this and other issues with our security team and, to summarize, we understand the issue but disagree on the severity so we’re proceeding with allowing this without requiring opt-in.” 

Bokan says the company will work on an opt-out option, but how many will even know ScrollToTextFragment exists? And here lies the nub of it: Google has such power it can be judge and jury to decide what is or isn’t acceptable. So ScrollToTextFragment, with its unresolved privacy concerns and lack of support from other browser makers, is now out there, running in the background of hundreds of millions of Chrome installations. 

Whether you want to be part of that is up to you. 

___

Follow Gordon on Facebook

More On Forbes

Google Pixel 4, Pixel 4 XL Review: Smart Phones, Dumb Decisions

Google Pixel 3a Review: The Best Smartphone Under $500

Apple iPhone 12: Everything We Know So Far

Apple AirPods Pro Vs AirPods: What’s The Difference?

Source link
——————————————————————————————————

The post #deepweb | <p> Google Just Gave Millions Of Users A Reason To Quit Chrome <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Mobile phone scam warning – reminder to just hang up

Source: National Cyber Security – Produced By Gregory Evans If you receive a phone call from anyone claiming to be an employee of an online shopping site or ‘buy first – pay later’ business advising you there are issues associated with your account – just hang up and contact the company using an independently verified […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Clop Ransomware Not Just a CryptoMix Variant

Source: National Cyber Security – Produced By Gregory Evans When Clop was discovered by Jakub Kroustek in February 2019, all indicators showed that it was a new CryptoMix with the .CLOP, or in some circumstances .CIOP, extension tagged onto encrypted files. Since this discovery, the ransomware operators behind Clop have steadily been developing it to […] View full post on AmIHackerProof.com

#cybersecurity | #infosec | Man who hacked National Lottery for just £5 is jailed for nine months – HOTforSecurity

Source: National Cyber Security – Produced By Gregory Evans

A 29-year-old British man has been jailed for nine months after admitting using hacking tools to break into UK National Lottery gambling accounts.

Anwar Batson, of Notting Hill, West London, downloaded the readily-available Sentry MBA hacking tool to launch a credential stuffing attack against the National Lottery website.

Credential stuffing takes lists of usernames and passwords exposed in data breaches and uses the same credentials to see if they will unlock other accounts online. As so many users make the mistake of reusing passwords on different websites, credential stuffing is a technique commonly deployed by attackers and tools such as Sentry MBA make the process even easier for the attacker.

Prosecutors told Southwark Crown Court that after Batson downloaded Sentry MBA he joined a WhatsApp group devoted to hacking under the alias of “Rosegold,” and provided to accomplices a configuration file specifically designed to launch Sentry MBA against the National Lottery website.

The attack, in late 2016, caused National Lottery operators Camelot to issue a warning to thousands of gamblers that their accounts may have been accessed, and forced a password reset on affected accounts.

Batson’s accomplices, Daniel Thompson and Idris Akinwunmi, were jailed in 2018 after admitting their involvement in the attack.

Batson was arrested in May 2017 by the National Crime Agency (NCA), and initially denied that he was involved in the attack – claiming that his devices had been cloned or hacked
by online trolls.

But when NCA officers examined his devices they uncovered the conversations between Rosegold and others on WhatsApp where they discussed hacking, the buying and selling of lists of usernames and password, and more.

In addition, officers found at Batson’s flat clothes which had been addressed to someone calling themself “Rosegold”.

Time and time again, people roll out the adage that “crime doesn’t pay.”

Well, it certainly doesn’t pay in the case of Batson.

As the NCA reports, Batson gave the username and password of one National Lottery player to Akinwunmi, who stole the entire contents of the account – a grand total of £13. Batson’s split of the ill-gotten gains? A mere £5.

Lottery operator Camelot says that responding to the attack cost it £230,000, and that 250 players had closed their accounts due to the negative publicity.

Source link

The post #cybersecurity | #infosec | Man who hacked National Lottery for just £5 is jailed for nine months – HOTforSecurity appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Just 12% of ICS Security Pros Very Sure of Orgs’ Ability to Respond to Digital Attacks

Source: National Cyber Security – Produced By Gregory Evans

Malicious actors are increasingly launching digital attacks against industrial organizations. Many of these campaigns have been successful, particularly those that have targeted energy utilities and manufacturing plants. In late spring 2019, for instance, aircraft parts manufacturer ASCO temporarily suspended operations worldwide after falling victim to a ransomware attack. It was about a month later when […]… Read More

The post Just 12% of ICS Security Pros Very Sure of Orgs’ Ability to Respond to Digital Attacks appeared first on The State of Security.

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/ics-security-respond-digital-attacks/

Source link

The post #cybersecurity | #hackerspace |<p> Just 12% of ICS Security Pros Very Sure of Orgs’ Ability to Respond to Digital Attacks <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Op-Ed: Cybersecurity is Not Just for IT Professionals Anymore

Source: National Cyber Security – Produced By Gregory Evans October was National Cybersecurity Awareness Month, and as it wrapped up for the 16th year, it’s never been more important. Cybercrime has reached epidemic levels, The University of Maryland found that an attack occurs every 39 seconds on average, affecting one in three Americans every year, and […] View full post on AmIHackerProof.com

#deepweb | A fake movie review show just spawned one of the year’s best comedies

Source: National Cyber Security – Produced By Gregory Evans

A parody movie review show has, surprisingly enough, spawned an elaborate fictional universe spanning almost a decade. Now it’s making the jump to feature film, and there’s no sign of it losing steam.

The story of Mister America, the new mockumentary about a long-shot campaign for local office out on video on demand Friday, is a complicated one. It begins in 2011 when comedians Tim Heidecker and Gregg Turkington launched the spoof podcast On Cinema, episodes of which center around discussions of classic movies. But the amateur critics, fictional characters who share Heidecker and Turkington’s real names, supply the opposite of insightful commentary, generically declaring “it’s a classic!” before quickly wrapping up.

The gag continued as the podcast became a web series called On Cinema at the Cinema, a shabby Siskel and Ebert-type show with Tim and Gregg reviewing new releases. Once again, there’s no expertise to be found. Observations from the fumbling hosts are always either uproariously wrong or worthlessly broad, and nearly every film gets a glowing review. Both projects hilariously poke at the fact that the internet has fostered a culture of amateur creators oblivious to the uselessness of their creation and amateur commentators clueless about the very topics they’re commenting on.

But beyond being a spoof of pointless online content, On Cinema is also an examination of two pathetic, borderline psychopathic characters. Tim, an egotistical blowhard, and Gregg, a pretentious film “expert” who knows little about film, make each other miserable yet have nothing in their lives but this lousy show, meaning their constant on-screen fights and meltdowns always resolve with a return to set the following episode. The longer they continue coming back and failing to improve themselves or On Cinema, the bleaker, and funnier, it gets.

As On Cinema progresses, references to both characters’ dreary off-screen lives develop a deep mythology, and running jokes build a language for fans to use online while maintaining the charade that the show isn’t fiction. Heidecker and Turkington also further storylines with in-character tweets, essentially creating a year-round alternate reality game. Getting into the series requires patience, seeing as episodes don’t have obvious setups and punchlines. But once you start appreciating the dry humor of the hosts’ passive aggression and believably dumb remarks, there’s nothing quite like it.

Over the years, On Cinema has only grown more ambitious with numerous spin-offs, including Decker, a spy series Tim ineptly directs and stars in that subtly advances the larger story in a way that’s legitimately inventive. One edition of On Cinema, for instance, features Tim interviewing Gregg in front of a green screen for reasons that aren’t clear until Tim later that month uses the footage to insert Gregg into an episode of Decker without his permission, prompting yet another gut-busting squabble in a gag that takes weeks to show its true form. The wildest spin-off of all, though, came in 2017 when Tim faced murder charges in On Cinema‘s ninth season, the latest in a nutty sequence of soap opera level plot turns, and Adult Swim actually streamed a five-hour, surprisingly realistic trial.

This helped launch Mister America, the new mockumentary which follows Tim as he runs for district attorney to exact vengeance upon the prosector who charged him. Shot in a mind-boggling three days, it’s quite small in scale, and like On Cinema itself, it’s not so much about traditional setups and punchlines as it is about stewing in delusion and subtle stupidity; scenes often consist of little more than Tim dictating a nonsensical press release between burps or bloviating about Martin Luther King Jr. While unlikely to have much wide appeal, for On Cinema devotees, it’s a riot.

In a testament to how sprawling On Cinema has become, Mister America pulls from jokes that originated not only in the web series but on Decker, the murder trial, and even the comedians’ social media, where the election storyline unfolded last year. Naturally, it’s hard to imagine key scenes registering with newcomers. But when, for instance, Gregg speaks about Sully in an interview, it gets a huge laugh from those who realize the subtext: he’s only doing so to get in a petty dig at Tim as part of an argument they’ve had, primarily on Twitter, dating back years. When Tim watches Mister America and hears everything Gregg said, not to mention sees everything else he instructed the fictional director not to include, he’ll surely freak out on On Cinema, which is currently in the middle of a new season. This kind of slow burn multimedia storytelling is the series at its very best.

Mister America isn’t any sort of a masterpiece, to be sure; it’s limited by its tiny budget and isn’t as effective of a political satire as it could have been, especially seeing as a final monologue attempting to make a broader point feels at odds with the way the story actually played out. But it’s still consistently funny, and as a small piece of the larger project, it delivers.

This is in contrast to Between Two Ferns: The Movie, another spin-off of a web series about a terrible talk show. With that film, it was clear there had been little thought previously paid to the world the sketch occupies or who its central character is outside of the show, and so the struggle to turn it into a 90-minute feature was palpable. That Mister America, in contrast, feels like a natural evolution of everything that’s been cooking since 2011 is a testament to Heidecker and Turkington’s brilliant creation. It sounds strange to say about a silly spoof, but On Cinema has become a genuinely rich comedic world, and even after all this time, its creators are still finding new ways to expand it.

Want more essential commentary and analysis like this delivered straight to your inbox? Sign up for The Week’s “Today’s best articles” newsletter here.

Source link
——————————————————————————————————

The post #deepweb | <p> A fake movie review show just spawned one of the year’s best comedies <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Diversifying #IT #investment: It’s not #just #cyber-security

It is important that the company continues to look at all areas of the business in order to build a robust IT infrastructure.

Investing in a company’s IT systems is now a regular part of planning. However, it is easy for the team to focus on only a few areas of the business instead of taking a holistic approach. An overemphasis on data protection, for example, can overshadow other areas of the business; this has been seen most recently with Deloitte’s decision to increase its cyber-security investment to $600 million. In order to avoid this scenario, it is important that the company continues to look at all areas of the business in order to build a robust IT infrastructure.

When it comes to improving IT, many businesses are put off by the challenge of migrating legacy systems and platforms. It is a time-consuming process, especially if the business has expanded through M&A activity or partnerships. In most cases, data will be stored on different systems and in different formats, so a consolidation exercise is quite significant and will inevitably require a sizeable investment.

advertisement:

This issue can often go ignored as staff grow used to working with disparate data sets and systems. However, the impact on productivity and output is severely hampered as employees navigate through multiple programs to find client information or historical data. It is also likely that mistakes can be made when the data does not exist on a single accessible platform. Through well-thought migration and consolidation, processes will be streamlined, and the business can focus on delivering results rather than searching for and manipulating information.

Bringing on help

To achieve the best possible results, IT investment often needs to go beyond in-house systems and tools. As competition increases, businesses need to improve both their output and processes; this is where investment in outsourcing providers can prove invaluable. This solution is often overlooked, however, largely due to how outsourcing is historically viewed by IT and the business as a whole.

It is important for these groups to remember that outsourcing does not mean removing the internal team and replacing them with a third party – that is an option but is by no means the only choice available. More often than not, outsourcing is used to provide enhanced support on projects and services, alleviate the burden of certain processes or simply get advice on current business practices. If outsourced effectively, the IT team will have more time to develop and improve processes and applications for the business, while the third party can deal with the other day-to-day Business as usual (BAU)tasks.

Planning for the worst

IT investment typically aims to improve current technology or streamline certain processes, but there can be a huge gap when it comes to planning. Businesses are so familiar with using technology they often forget to strategically plan how to mitigate risks and unforeseen issues that can occur when things go wrong – be it a sudden office closure, a system failure, a catastrophic security incident or transport strikes. At a simple level, when the company is hit by an unexpected event, staff can often scramble to continue their working day. Without a clear strategy in place, the business risks losing vast sums of money due to the inability for staff to work effectively and efficiently. This doesn’t even take into account areas, such as reputational damage and regulatory penalties the company may face.

 

IT has a vital role to play in providing a comprehensive, structured and strategic business continuity plan that is able to respond to any challenges that can impact company operations. A key barrier to making improvements in this area is due to how the company views its IT priorities. Regulation, data protection and the general running of the hardware can seem like the most important parts of the business. However, if the day-to-day is not accounted for, these large-scale IT challenges will not matter – the business will simply suffer from lack of planning.

Here’s What’s at Stake for Companies That Don’t Comply With GDPR

IT investment is a vital part of how a company operates. However, it cannot be focused on a single area or aspect of the business. Simply investing in cyber security alone will not improve internal processes or streamline activity. As such, there needs to be a balanced approach to this activity, one that takes into account all aspects of the business in order to build a comprehensive and fully functioning IT operation.

The post Diversifying #IT #investment: It’s not #just #cyber-security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Tinder #vulnerability allows #hackers to take over #accounts with just one #phone number

Source: National Cyber Security News

After it was reported last month that online dating app Tinder had a security flaw, which allows strangers to see users’ photos and matches, security firm, Appsecure has now uncovered a new flaw which is potentially more damaging.

Infiltrators who exploit the vulnerability will be able to get access to users’ account with the help of their login phone number. The issue has, however, been fixed after Tinder was alerted by Appsecure.

Appsecure says, the hackers could have taken advantage of two vulnerabilities to attack accounts, with one being Tinder’s own API and the other in Facebook’s Account Kit system which Tinder uses to manage the logins.

In a statement sent to The Verge, a Tinder spokesperson said, “Security is a top priority at Tinder. However, we do not discuss any specific security measures or strategies, so as not to tip off malicious hackers.”

The vulnerability exposed the access tokens of the users. If a hacker is able to obtain a user’s valid access token then he/she can easily take over a user account.

“We quickly addressed this issue and we’re grateful to the researcher who brought it to our attention,” The Verge quoted a Facebook representative as saying.

Read More….

advertisement:

View full post on National Cyber Security Ventures