Tech News - Security

Last month, researchers from USA, China, and Hong Kong published a paper in collaboration, titled as ‘Beware of Your Screen: Anonymous Fingerprinting of Device Screens for Off-line Protection’. This paper, presented at The 34th Annual Computer Security Applications Conference, highlights a new technique to enhance the security protection of QR-based payment, without undermining the payer’s privacy. The technique used by the researchers takes advantage of the unique luminance unevenness of a payer’s screen that is introduced by the imperfect manufacture process. The paper also presents a way to ensure that even when the payer’s digital wallet has compromised, an unauthorized payment cannot succeed. Besides this, the paper also takes into consideration the privacy issues that may arise if the screen’s features were naively deployed to authenticate the payer; as it could be misused by the vendors to link one’s different purchases together. To tackle this, the researchers have presented ‘AnonPrint’ that obfuscates the phone screen during each payment transaction. QR-code mobile payment systems are used by almost everyone today, including banks, service providers, and other commercial organizations. These payment systems are deployed solely using software without any hardware support. The paper highlights that in the absence of hardware support, a users wallet ‘can be vulnerable to an Os-level adversary’ which could be misused to generate a user’s payment tokens. To overcome this adversary, the researchers have demonstrated a method as a second factor authentication mechanism in the form of the physical features of a mobile's screen. The research takes advantage of the taried luminance levels of the pixels on the screen (which occurs due to the flaws in the manufacturing process) and can be used to uniquely characterize the screen. An advantage of this method is that, since the adversary cannot observe the physical features of the screen the physical fingerprint cannot be stolen even when the OS is fully compromised. Also, this second-factor authentication is fool-proof even when the secret key for generating QR codes is stolen or when a user’s phone has been fully compromised by the adversary. How is Anonymous screen Fingerprinting carried out? In order to enable service providers to utilize the screen to enhance security protection as well as preserve users privacy, the researchers have designed a new technique called ‘AnonPrint’. AnonPrint randomly generates visual one- time masks which is a pixel pattern with dots set to various brightness levels to obfuscate the distinguishable features of a user’s screen. The technique randomly creates a smooth textured pattern for each transaction (this pattern is also known to the provider), and displays a pattern as the background of QR code to disarrange the brightness of a screen, in line with the screen’s real-world physical properties i.e. the neighboring dots are correlated and the levels of brightness change smoothly. This will hide the physical properties of a screen, and the party that knows the mask, like the payment service provider, can verify whether the features collected from the protected screen are related to the authorized device or not. Here is an overview of how the system works: First, the user needs to submit the original screen fingerprint of their device to the payment provider when they open an account. The wallet app is modified to synchronize a secret random seed with the provider. This seed could be achieved through hashing the time for the payment together with a shared secret using a cryptographic hash function (e.g., SHA-256). This duo then bootstraps a pseudo random number generator (PRNG) each time when the wallet app needs to provide each party a sequence of random numbers for mask generation. The mask is displayed as the background for displaying the QR payment token, from which the POS scanner extracts the obfuscated screen fingerprint in addition to decoding the QR code, finally passing the information to the payment provider. The provider retrieves the shared secret and the original screen fingerprint using the claimed ID. Next, the same mask used by the payer is re-constructed and used with the with the original ngerprint as inputs for synthesizing a new obfuscated fingerprint. This is compared with the fingerprint  from the payer’s screen and the transaction can be approved the similarity of these two prints is above a certain threshold and other security checks are completed. How does AnonPrint obfuscate the screen? AnonPrint creates a ‘mask’, to hide the screen’s hardware fingerprint for every payment transaction. Such a mask is automatically generated by a digital wallet app, seeding a PRNG with a random number synchronized with the payment service provider. To obfuscate this hardware fingerprint and to maintain a screen’s realistic look, the researchers performed the following steps: (1) They first performed a ‘Random zone selection’, in which they produced a 180*108 pure white (with all pixels set to 255) image as the background and randomly selected from the image 20 mutually disjoint zones, each of size 16*16. (2) Next, came the ‘Dot darkening’ step.  From each zone, they randomly chose 3 pixels and set their pixel value to a random number between 0 to 100. (3) The team then performed Smoothing in which for every zone, AnonPrint blurs it using Gaussian Smoothing that , “smoothes out” the dark color of the selected pixels to its neighboring pixels. (4) Finally, they performed ‘Resizing’ where the mask image is resized and scaled to a 1800*1080 matrix whose values range from 220 to 255. The size of this image is iden- tical to the original fingerprint. Each user needs to register to the payment provider with an image of their unprotected screen when all pixels are set to the maximum gray-scale. During the payment, an image of a masked screen is used to authenticate the payer done on the payment service provider’s side by reconstructing the mask using the shared secret, and then obfuscate the fingerprint for comparing with the image from the vendor. Results and Discussion The researchers conducted various experiments in which they collected 100 smartphones- including iPhone, Samsung and many others.  All 100 phones were used to understand the effectiveness of the screen fingerprint in identifying the device. 50 phones were used to evaluate the anonymity protection and the effectiveness of AnonPrint separately.  iPhone 6s was used to capture images for screen fingerprinting. They implemented an Android application to display QR code and obfuscate a screen using masks derived from given random numbers for anonymous payment. To collect the fingerprints from each device, they displayed a QR code without obfuscation, and then continue to show 5 different masks on the screen with the same code. Each time, they took a picture from the screen and used the image to extract fingerprints. Their experiment concluded that for 88.75% of transactions, the vendors can accurately identify other transactions from the same customer, by simply looking at the features of their screens. Their experiment also proved that Anon Print indeed breaks vendors’ capability of linking screen fingerprint and that the overhead introduced by AnonPrint (only 50ms) is small for the offline payment. Fingerprint verification takes 2.4 seconds on average to be completed. You can head over to the paper for a detailed explanation on every experiment conducted to check fingerprint accuracy, anonymity protection, fingerprint verification and much more. The research results look promising and it will be interesting to see some potential implementation in the QR-payment systems of today. Head over to the paper for more insights on this news. NeurIPS 2018 paper: DeepMind researchers explore autoregressive discrete autoencoders (ADAs) to model music in raw audio at scale Cyber security researcher withdraws public talk on hacking Apple’s Face ID from Black Hat Conference 2019: Reuters report Stanford researchers introduce DeepSolar, a deep learning framework that mapped every solar panel in the US  

A day after Christmas, Philips Hue experienced an outage where customers were experiencing issues creating new accounts, logging in and linking their account to third parties. The company concluded that this was due to “a lot of new activations”. According to a TechCrunch post, “many people received Hue’s connected lighting products over the holidays and were now trying to set up their smart bulbs and other devices all around the same time. Hue’s servers couldn’t keep up with the demand and weren’t responding to the incoming requests”. This meant that users could not create or log into their MyHue account, or connect their lights to their Amazon Echo or Google Home. Philips Hue’s Twitter account didn’t make a public announcement about the outage until Dec 26. Instead, the company was only replying to individual users. https://twitter.com/tweethue/status/1077996790035689474 The company then tweeted that the issue preventing successful account setup and device linking was resolved. https://twitter.com/tweethue/status/1078415024908128259 Almost a week after the company claimed that the issue was resolved, the company tweeted that they were having an issue with remote connectivity (Out of Home, voice commands). The company said that they would resolve the issue soon. However, the local connection via Wi-Fi would not be affected, the company tweeted. https://twitter.com/tweethue/status/1080867645858164736 One of the users tweeted pointing out that the company chose Twitter to let the users know and not via a notification email. https://twitter.com/bigjonvtpa/status/1080928370655924224 The company, however, informed the users that this issue will be resolved soon. If not, they could also disconnect their bridge for 30 seconds or try again later. To know more about this news in detail, head over to Philips Hue’s twitter thread. CenturyLink suffers a major outage; affects 911 services across several states in the US Fortnite server suffered a minor outage, Epic Games was quick to address the issue Ericsson’s expired software certificate issue causes massive outages in UK’s O2 and Japan’s SoftBank network services

A China-based cyber security researcher, Wish Wu, canceled his briefing on how he could crack biometric facial recognition on Apple Inc iPhones to be held at the Black Hat Asia hacking conference 2019. In a message to Reuters on Twitter, Wu said that his talk entitled 'Bypass Strong Face ID: Everyone Can Deceive Depth and IR Camera and Algorithms' was called as ‘misleading’ by his employer, and he was requested to withdraw his briefing from Black Hat- one of the most prestigious cybersecurity conferences- to be held at Singapore this year. In late December, Black Hat withdrew an abstract of the talk from their website after Wu’s employer- Ant Financial- uncovered problems with the research. The abstract stated that Face ID could be hacked with an image printed on an ordinary black-and-white printer and some tape. Ant Financial said in a statement that “'The research on the face ID verification mechanism is incomplete and would be misleading if presented”. Wu told Reuters that 'In order to ensure the credibility and maturity of the research results, we decided to cancel the speech’. He further added that he agreed with the decision to withdraw his talk, saying he was only able to reproduce hacks on iPhone X under certain conditions, but that it did not work with iPhone XS and XS Max. Black Hat conference spokeswoman Kimberly Samra said, “Black Hat accepted the talk after believing the hack could be replicated based on the materials provided by the researcher”. According to Apple, there is a one in 1 million chance a random person could unlock a Face ID, and 1 in 50,000 chance that would happen with the iPhone's fingerprint sensor. Thus, the idea that Face ID could be defeated or rather hacked into is disturbing. Especially because Face ID is used to lock down numerous functions on millions of iPhones which include banking apps, healthcare apps, emails, text messages, photos and much more. If fallen into the wrong hands, the hack could have damaging consequences and possibly compromise sensitive information. Head over to Reuters for more insights on this news. 7 Black Hat USA 2018 conference cybersecurity training highlights: Hardware attacks, IO campaigns, Threat Hunting, Fuzzing, and more Microsoft calls on governments to regulate Facial recognition tech now, before it is too late DC Airport nabs first imposter using its newly deployed facial recognition security system

On Wednesday, a hacker duo hijacked thousands of Google’s Chromecast streaming adapters, Google Home smart speakers and smart TVs with built-in Chromecast technology to play a video urging users to subscribe to Swedish Youtuber ‘PewDiePie's’ Youtube channel. The hacked smart TV’s also displayed a message on the similar lines. The hackers behind this hacking campaign --codenamed CastHack-- are known on Twitter as TheHackerGiraffe and j3ws3r. The attack took advantage of badly configured routers to find streaming devices exposed to the public internet. Once found, the hackers renamed the device’s Wi-Fi name, and then played a PewDiePie Youtube video. A website detailing the hack lists the statistics on the number of devices forced to play the video, total renamed devices, total exposed devices and much more. The website shared some of the information the hackers had access to, including “what WIFI your Chromecast/Google Home is connected to, what bluetooth devices it has paired to, how long it’s been on, what WiFi networks your device remembers, what alarms you have set, and much more.” However, they state that “We’re only trying to protect you and inform you of this before someone takes real advantage of it. Imagine the consequences of having access to the information above.” They further added that  “We want to help you, and also our favorite Youtubers (mostly PewDiePie)’. According to Variety, the attack was part of a marketing campaign- “Subscribe to PewDiePie”-that fans of the Swedish video-game streamer and vlogger have been engaged in since late last year. The goal of that campaign is to defeat the Indian Youtube channel T-Series for the title of ‘Youtube's most popular channel’ by gaining more subscribers than the latter. How did the attack take place? The attack exploited a Chromecast bug allegedly ignored by Google for almost five years. According to ZDNet, the ongoing CastHack takes advantage of users who use incorrectly configured routers that have the UPnP (Universal Plug'n'Play) service enabled, a service which forwards specific ports from the internal network on the Internet. The ports are 8008, 8009, and 8443, normally used by smart TVs, Chromecasts, and Google Home for various management functions. The streaming devices expose these ports on internal networks, where users can operate them by sending commands from their smartphones or computers to the devices for remote management purposes. Routers with incorrectly configured UPnP settings make these ports available on the internet. This allowed FriendlyH4xx0r to scan the entire internet for devices with these ports exposed. Once devices are identified, the hacker said another script renames the devices to "HACKED_SUB2PEWDS_#" and then tries to autoplay a video (now taken down by Youtube) to promote PewDiePie’s channel. A Google spokesperson, told Variety via email: “To restrict the ability for external videos to be played on their devices, users can turn off Universal Plug and Play (UPnP). Please note that turning off UPnP may disable some devices (e.g. printers, game consoles, etc.) that depend on it for local device discovery.” This is the second time that HackerGiraffe and j3ws3r have teamed up to promote PewDiePie’s channel. Both said they were behind a hack in November that forced printers around the world to print out sheets of paper telling people to subscribe to PewDiePie. https://twitter.com/maddybenavente1/status/1068017390246600704 You can head over to The Verge for more insights on this news. How IRA hacked American democracy using social media and meme warfare to promote disinformation and polarization: A new report to Senate Intelligence Committee 16 year old hacked into Apple’s servers, accessed ‘extremely secure’ customer accounts for over a year undetected Quora Hacked: Almost a 100 Million users’ data compromised!

Privacy International, a UK registered charity firm that promotes the right to privacy, released a report last week, that shows how popular Android apps (Qibla Connect, Period Tracker Clue, Indeed, My talking tom, etc) share user data with Facebook, despite not having a Facebook account. The report raises questions about transparency and use of important app data by Facebook. As per the report, Facebook uses Facebook Business tools to routinely track users, non-users and logged-out users outside its platform. App developers use Facebook software development Kit (SDK) to share data with Facebook. To track these data sharing practices, Privacy International used “mitmproxy” (interactive HTTPS proxy), a free and open source software tool to analyze the data sent to Facebook via 34 apps on Android. All of these apps were put to test between August and December 2018. The latest re-test was done between 3rd and 11th of December 2018. Findings from the analysis The report states that at least 61% of tested apps transferred data to Facebook the moment a user opened the app. It doesn’t matter whether a person has a Facebook account or not, or whether they are logged into Facebook or not. Privacy International found out that the data that gets transmitted first is “events data”. This kind of data tells Facebook that the Facebook SDK is initialized by transmitting data like "App installed” and "SDK Initialized". This data gives information that a specific app is being used by a user, every single time that user opens an app. It was found that apps that automatically transfer the data to Facebook share this data together with a unique identifier i.e. the Google advertising ID (AAID). These advertising IDs enable advertisers to link data about user behavior from different apps into a “comprehensive profile”, i.e. a clear and intimate picture of a person’s activities, interests, behaviors, and routines. This comprehensive profile can also reveal information about a person’s health or religion. The analysis also revealed that event data such as "App installed”, "SDK Initialized" and “Deactivate app” offer a detailed insight into the behavior of users and the apps that they use. Moreover, the report also revealed that some of the apps send data to Facebook that is highly detailed and sometimes sensitive. This data is often related to people who are either logged out of Facebook and even those with no Facebook account. The report states that Facebook’s Cookies Policy describes two ways where people with no Facebook account can control Facebook's use of cookies to show them ads. Privacy International analyzed both the ways and found out that it didn’t have much impact on the data sharing process. The report also mentions that the default implementation of the Facebook SDK automatically transmits event data to Facebook due to which many developers have filed bug reports, over the concerns that Facebook SDK shares user data without consent. After May 25th, 2018, when GDPR came into force, Facebook came out with a voluntary feature that enables developers to delay collecting logged events until they acquire user consent. Facebook responded to the report in an email saying that “Prior to our introduction of the ‘delay’ option, developers had the ability to disable transmission of automatic event logging data, except for a signal that the SDK had been initialized. Following the June change to our SDK, we also removed the signal that the SDK was initialized for developers that disabled automatic event logging.” However, Private International mentions that before this voluntary feature was released, many apps that used Facebook SDK in the Android ecosystem could not prevent or delay the SDK from automatically collecting and sharing that the SDK has been initialized. This data, in turn, informs Facebook about a user using a particular app, when they use it and for how long. “Without any further transparency from Facebook, it is impossible to know for certain, how the data that we have described in this report is being used. Our findings also raise a number of legal questions”, says Private International. For more information, check out the official Private International report. ProPublica shares learnings of its Facebook Political Ad Collector project Facebook halted its project ‘Common Ground’ after Joel Kaplan, VP, public policy, raised concerns over potential bias allegations NYT says Facebook has been disclosing personal data to Amazon, Microsoft, Apple and other tech giants; Facebook denies claims with obfuscating press release

Julia Reda, EU member of the parliament, announced, last week, that EU will be funding the internet bug bounty programs for 14 out of the total 15 open source projects, starting January 2019. The Internet Bug Bounty programs are rewards for friendly hackers who actively search for security vulnerabilities and issues. The program is managed by a group of volunteers that are selected from the security community. The amount of the bounty depends on how severe the issue uncovered is and the importance of the software. The amount ranges from 25,000,00 Euros and all the way up to 89,000,00 Euros. The 14 open source projects include: Filezilla Apache Kafka Notepad++ PuTTY VLC media player FLUX TL KeePass 7-zip Digital Signature services (DSS) Drupal GNU C library (glibc) The Symfony PHP framework Apache Tomcat WSO2 MidPoint. EU is sponsoring the bug bounty programs as a part of their third edition of the Free and Open Source Software Audit project (FOSSA). Reda mentions that FOSSA project that started in 2015, was an initiative to encourage promotion of free and open source software. “In 2014, security vulnerabilities were found in important Free Software projects. One of the issues was found in the Open Source encryption library OpenSSL.The issue made lots of people realize how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure”, mentions Reda. People can contribute to the projects mentioned by EU by analyzing the software, and submitting any bugs or issues found in these software on bug bounty platforms such as Hackerone and Intigriti/Deloitte. For more information, check out Julia Reda’s official blog post. Mozilla funds winners of the 2018 Creative Media Awards for highlighting unintended consequences of AI in society Airtable, a Slack-like coding platform for non-techies, raises $100 million in funding The ‘Flock’ program provides grants to Aragon teams worth $1 million

A cyber-attack into one of United States’ biggest media groups, the Tribune Publishing, caused major printing and delivery disruptions for several major US newspapers over the weekend. This cyber attack affected the printing centers operated by the publishing firm and also its former property, the Los Angeles Times. The attack that took place on Saturday seemed to have originated from outside the United States, according to the Los Angeles Times report. This led to the distribution delays in the Saturday edition of the Times, the Tribune, the Sun and other newspapers that share a production platform in Los Angeles. According to The New York Times, “a news article in The Los Angeles Times, and one outside computer expert said the attack shared characteristics with a form of ransomware called Ryuk, which was used to target a North Carolina water utility in October and other critical infrastructure.” According to The Los Angeles Times report, “The Times and the San Diego paper became aware of the problem near midnight on Thursday. Programmers worked to isolate the bug, which Tribune Publishing identified as a malware attack, but at every turn, the programmers ran into additional issues trying to access a myriad of files, including advertisements that needed to be added to the pages or paid obituaries.” “After identifying the server outage as a virus, technology teams made progress on Friday quarantining it and bringing back servers, but some of their security patches didn’t hold and the virus began to reinfect the network, impacting a series of servers used for news production and manufacturing processes”, the report added. By late Friday, the attack was hindering the transmission of pages from offices across Southern California to printing presses as publication deadlines approached. Tribune Publishing said in a statement on Saturday, “the personal data of our subscribers, online users, and advertising clients have not been compromised. We apologize for any inconvenience and thank our readers and advertising partners for their patience as we investigate the situation.” It was unclear whether company officials have been in contact with law enforcement regarding the suspected attack. Katie Waldman, a spokeswoman for the Department of Homeland Security, said “we are aware of reports of a potential cyber incident affecting several news outlets, and are working with our government and industry partners to better understand the situation”, the Los Angeles Times reported. Pam Dixon, executive director of the World Privacy Forum, a nonprofit public interest research group, said, “usually when someone tries to disrupt a significant digital resource like a newspaper, you're looking at an experienced and sophisticated hacker”. She added that the holidays are "a well known time for mischief" by digital troublemakers because organizations are more thinly staffed. Read more about this news on The Los Angeles Times’ complete report. Hackers are our society’s immune system – Keren Elazari on the future of Cybersecurity Anatomy of a Crypto Ransomware Sennheiser opens up about its major blunder that let hackers easily carry out man-in-the-middle attacks

CenturyLink, one of the largest American telecommunications provider, suffered a major outage  that lasted for almost two days, affecting internet, television, and 911 services across the US. The outage started at 17:18 UTC on Thursday and got resolved at 19:49 UTC on Saturday, as per the Century Link’s status page. CenturyLink team was working on fixing the issue and also updated its customers on Twitter about the outage: https://twitter.com/CenturyLink/status/1078350118938730496 https://twitter.com/CenturyLink/status/1078418494427938816 https://twitter.com/CenturyLink/status/1079095167930589184 As far as the cause of the outage is concerned, CenturyLink might post a detailed analysis on the outage later, however this has not been confirmed by CenturyLink yet. As of now,  Brian Krebs, an independent investigative journalist, posted a copy of a notice on his twitter that was sent to CenturyLink’s core customers. The post gives an insight into what the cause could possibly be. https://twitter.com/briankrebs/status/1079135599309791235 The post blames a “card” at CenturyLink’s data center in Colorado for “propagating invalid frame packets across devices”. Therefore, to restore the services, the card had to be removed from the equipment along with secondary communication channel tunnels between specific devices. Additionally, a polling filter had to be applied to adjust the way the packets were being received by the equipment. The outage crippled CenturyLink’s internet, phone, television, and home-security services affecting its customers across several states in the US. Moreover, 911 services were also affected by the outage across several states in the US including Seattle, Washington, Arizona, Minnesota, and Missouri. In this case, the outage affected only cellular calls to 911, and not landline calls. Emergency alerts were sent to the residents across several states warning them of the outage and an alternate number to 911 was also tweeted out by different police departments. The US Federal Communication Commission (FCC) has launched a public investigation into this outage with FCC chairman, Ajit Pai, calling the outage “completely unacceptable”, and one whose “breadth and duration are particularly troubling”. https://twitter.com/AjitPaiFCC/status/1078678912035684353 “I have spoken with CenturyLink to underscore the urgency of of restoring service immediately. We will continue to monitor this situation closely to ensure that customers’ access to 911 is restored as quickly as possible,” added Pai. At 1:44 UTC on Saturday, the company updated on its status page that “all consumer services impacted by this event, including voice and 911, have been restored”. It took more than two days for CenturyLink to give a green signal about the outage getting resolved. The company updated at 19:49 UTC on Saturday, stating that “the network event experienced by CenturyLink Thursday has been resolved. Services for business and residential customers affected by the event have been restored. CenturyLink knows how important connectivity is to our customers, so we view any disruption as a serious matter and sincerely apologize for any inconvenience that resulted”. For more information, check out CenturyLink’s official page. Worldwide Outage: YouTube, Facebook, and Google Cloud goes down affecting thousands of users GitHub down for a complete day due to failure in its data storage system Fortnite server suffered a minor outage, Epic Games was quick to address the issue

Popular Bitcoin wallet Electrum and Bitcoin Cash wallet Electron Cash are subject to an ongoing phishing attack. The hacker, or hackers, have already got away with over 200 Bitcoin (around $718,000 as of press) and with the attack still ongoing, it is quite possible that they get away with much more. The phishing attack urged wallet users to download and install a malicious software update from an unauthorized GitHub repository, according to ZDNet. The hack began last Friday i.e on December 21, and the vulnerability at the heart of this attack has remained unpatched. The official Electrum blog at GitHub says that the wallet’s admins privately received a screenshot from a German chat room, in response to the issue where new malware was being distributed that disguises itself as the "real" Electrum. Source: GitHub Immediately after investigating the reasons for the error message, they silently made mitigations in 5248613 and 5dc240d; and released Electrum wallet version 3.3.2. The attacker then stopped with the phishing attack, temporarily. Yesterday, one of the electrum developers-SomberNight, announced on GitHub that the attacker has started the malicious activity again.  Electrum wallet admins are taking steps to mitigate its usability for the attacker. Execution of the ongoing phishing attack In order to launch such a major attack, the attacker added tens of malicious servers to the Electrum wallet network. When users of legitimate Electrum wallets initiate a Bitcoin transaction, and if the transaction reaches one of the malicious servers, the servers reply with an error message urging users to download a wallet app update from a malicious website (GitHub repo). If the user clicks the given link, the malicious update gets downloaded following which the app asks the user for a two-factor authentication (2FA) code. However, these 2FA codes are only requested before sending funds, and not at wallet startup. This stealthily obtains users’ 2FA code to steal their funds and transfer them to the attacker's Bitcoin addresses. The major drawback here is that Electrum servers are allowed to trigger popups with custom text inside users' wallets. Steps taken by Electrum admins to create user awareness The developers at Electrum, have updated Electrum the wallet so that whenever an attacker sends a malicious message, the message does not appear like a rich-text-based organized message. Instead, the user receives a non-formatted error that looks more like unreadable code. This alerts the user that the transaction is malicious and not a legitimate one. Following is the screenshot of how the ongoing attack looks in the new Electrum wallet version: Source: GitHub Blockchain reporter says that “The Electrum Development team has identified some 33 malicious Electrum servers, though the total number is suspected to be between 40 and 50.” You can head over to Reddit for more insights on this news. Malicious code in npm ‘event-stream’ package targets a bitcoin wallet and causes 8 million downloads in two months There and back again: Decrypting Bitcoin`s 2017 journey from $1000 to $20000 Bitcoin Core escapes a collapse from a Denial-of-Service vulnerability  

This Christmas eve, team DragonFly released the 54th version, DragonFly BSD 5.4.1, a free and open-source Unix-like operating system. This version comes with a new system compiler in GCC 8, improved NUMA support, a large number of network and virtual machine driver updates. This release also has significant HAMMER2 improvements and better WLAN interface handling. https://twitter.com/dragonflybsd/status/1077205440650534912 What’s new in DragonFly BSD 5.4.1 Big-ticket items This release comes with much better support for asymmetric NUMA (Non-Uniform Memory Access) configurations. Both the memory subsystem and the scheduler now understand the functionality of Threadripper 2990WX's architecture. The team at DragonFly has been working on improving fairness for shared-vs-exclusive lock clashes, reducing cache ping-ponging due to non-contending SMP locks. This release comes with major updates to dports. Concurrency across multiple ttys and ptys have been improved. GCC 8 DragonFly 5.4.1 comes with GCC 8.0, and runs as the default compiler. It is also used for building dports. HAMMER2 This release comes with HAMMER2 which is the default root filesystem in non-clustered mode. It increases bulkfree cache to reduce the number of iterations required. It also fixed numerous bugs. This release comes with improved support on low-memory machines. This release comes with significant pre-work on the XOP API to help support future networked operations. Major changes Security Issues The machdep.spectre_supportsysctl can be now used to probe the spectre support, and machdep.spectre_mitigation sysctl to enable/disable support. The default /root perms has been changed from 755 to 700 in the build template. Delayed FP state has been removed to avoid the known side-channel attack. This release comes with clean FP state on switch to avoid known side-channel attack. There zero user registers on entry into kernel (syscall, interrupt, or exception) to avoid speculative side-channel attacks. Kernel This release comes with updated drm to match Linux kernel 4.7.10 in a number of locations. The radeon driver has been updated; currently matches Linux 3.18. CVE-2018-8897 has been mitigated. This release comes with an added timer support x2apic A private_data field thas been added to struct file for improving application support. SPINLOCK and acpi_timer performance has been improved. A dirty vnode management facility has been added Bottlenecks from the rlimit handling code has been removed. The size of the vm_object hash table has been increased by 4x to reduce collisions. Concurrent tmpfs and allocvnode() has been improved. The namecache performance has been improved. The syscall path has been optimized to improve performance. Driver updates With this release, serial-output-only installs are now possible. This version of DragonFly comes with  virtio_balloon memory driver. With this release, /dev/sndstat can now be opened multiple times by the same device. MosChip PCIe serial communications are now supported. Missing descriptions for usb4bsd C610/X99 controllers have been added. This release comes with an added support for PCIe serial com and console support. Old PCI and ISA serial drivers have been removed. Userland This release comes with an added rc support for ipfw3. Vis(3) and unvis(3) have been updated. With this release, pciconf database has been updated. tcsetsid() has been added to libc. The buildworld concurrency has been improved. Networking With this release, the network tunnel driver, tun(4), has been cleaned up and updated. It's now clonable for anyone building VPN links. The arp issue in the bridge code has now been fixed. Interface groups are now supported in the kernel and pf(4). The ENA(Elastic Network Adapter) network driver has been added to DragonFly 5.4.1. Package updates With this release, there are a number of options for running a web browser on DragonFly which includes, Chromium, Firefox, Opera, Midori, Palemoon, etc. Users are appreciating the efforts taken for this project and especially, the hammer storage is being appreciated. Though few users are complaining about the speed of the process which is very slow. The HAMMER2 used in this release is BSD licensed so it might have better potential as a Linux kernel module. Read more about this release on DragonFly BSD. Google employees join hands with Amnesty International urging Google to drop Project Dragonfly Key Takeaways from Sundar Pichai’s Congress hearing over user data, political bias, and Project Dragonfly As Pichai defends Google’s “integrity” ahead of today’s Congress hearing, over 60 NGOs ask him to defend human rights by dropping DragonFly

Researchers from Italy have published a research paper showcasing that quantum communication is feasible between high-orbiting satellites and a station on the ground. This new research proves that quantum communication is possible on a global scale by using a Global Navigation Satellite System (GNSS). The reports of the study are presented in a paper published last week titled Towards quantum communication from global navigation satellite system. In the experiment conducted, a single photon was exchanged over a distance of 20,000km between a ground station and a high-orbit satellite. The exchange was between the retroreflector array mounted on Russian GLONASS satellites and the Space Geodesy Centre on the Earth, Italian space agency. The challenge in high-orbit satellites is that the distance causes high diffraction losses in the channel. One of the co-authors, Dr. Giuseppe Vallone, University of Padova said to IOP Publishing: “Satellite-based technologies enable a wide range of civil, scientific and military applications like communications, navigation and timing, remote sensing, meteorology, reconnaissance, search and rescue, space exploration and astronomy.” He mentions that the crux of such systems is to safely transmit information from satellites in the air to the ground. It is important that these channels be protected from interference by third parties. “Space quantum communications (QC) represents a promising way to guarantee unconditional security for satellite-to-ground and inter-satellite optical links, by using quantum information protocols as quantum key distribution (QKD).” The quantum key distribution (QKD) protocols used in the experiment guarantee strong security for communication between satellites and satellites to Earth. In QKD, data is encrypted using quantum mechanics and interferences are detected quickly. Another co-author, Prof. Villoresi talks to IOP Publishing about their focus on high-orbit satellites despite the challenges: "The high orbital speed of low earth orbit (LEO) satellites is very effective for the global coverage but limits their visibility periods from a single ground station. On the contrary, using satellites at higher orbits can extend the communication time, reaching few hours in the case of GNSS.” After the experiments, the researchers estimated the requirements needed for an active source on a GNSS satellite. They aim towards QC from GNSS with state-of-the-art technology. This does not really mean faster internet/communication as only a single photon was transmitted in the experiment. This means that transferring large amounts of data quickly, i.e., faster internet is not likely gonna happen with this application. However, it does show that data transmission can be done over a large distance with a secure channel. For more details, you can check out the research paper on the IOPSCIENCE website. The US to invest over $1B in quantum computing, President Trump signs a law UK researchers build the world’s first quantum compass to overthrow GPS Quantum computing – Trick or treat?

On 18th December, an internal HR memo was sent out to all NASA employees by Bob Gibbs, assistant administrator for the office of human capital management, alerting them of a possible compromise to their servers in late October. The memo was shared by SpaceRef and it states that servers stored personally identifiable information about NASA employees, including their social security numbers. What is surprising is that NASA learned of the incident in October 2018 but chose to remain silent till the memo was rolled out. Bill says in the memo that the space agency took immediate steps to contain the breach and that the investigation is still ongoing. The scope of the breach is unclear. The memo states that NASA is ‘examining the servers to determine the scope of the potential data exfiltration and identify potentially affected individuals’. This message is sent to all NASA employees, regardless of whether or not their information may have been compromised. NASA Civil Service employees who were on-boarded, separated from the agency, and/or transferred between centers, from July 2006 to October 2018, may also have been affected. NASA’s Office of Inspector General (OIG) has continually criticized the space agencies cybersecurity practices, reporting shortfalls in NASA’s overall information technology (IT) management. The office stated in its latest semi-annual report, dated Oct. 31: “Through its audits, the OIG has identified systemic and recurring weaknesses in NASA’s IT security program that adversely affect the Agency’s ability to protect the information and information systems vital to its mission.” In May, the OIG published The audit of NASA’s Security Operations Center (SOC) and found several issues with the center, right from high management turnover to a lack of formal authority to manage information security issues for some parts of the agency. An October 2017 report stated that “Lingering confusion about security roles coupled with poor IT inventory practices continues to negatively impact NASA’s security posture.” According to Hacker News, this is not the first time when the agency's servers have been hacked into. NASA suffered a massive security breach in 2016 where 276GB of sensitive data was released. This data included flight logs and credentials of thousands of its employees. All these facts draw attention to the poor security practices followed at NASA. It will be interesting to see how NASA will deal with this security breach and what measures it will take to secure its systems to prevent future cyber attacks. Head over to SpaceNews.com to know more about this news. Justice Department’s indictment report claims Chinese hackers breached business  and government network Former Senior VP’s take on the Mariott data breach; NYT reports suspects Chinese hacking ties Equifax data breach could have been “entirely preventable”, says House oversight and government reform committee staff report

On Friday, The American Civil Liberties Union (ACLU), Privacy International, and the University at Buffalo Law School’s Civil Liberties & Transparency Clinic filed a Freedom of Information Act lawsuit against 11 federal criminal and immigration enforcement agencies, including the FBI, Immigration and Customs Enforcement, and the Drug Enforcement Administration. This lawsuit demands disclosure of basic information about government hacking. They have demanded that the agencies disclose which hacking tools and methods they use, how often these tools are used, the legal basis for employing these methods, and any internal rules that govern them. They also seek any internal audits or investigations related to their use. The ACLU, in their blog post, state that the hacking by the government raises “grave privacy concerns”, creating “surveillance possibilities” that could pose a security risk because even “lawful hacking” can take advantage of unpatched vulnerabilities in a users devices and software. They believe that by hacking into a phone, laptop, or another device, federal agents can obtain any sensitive/confidential information. They can perform activities like activating a device’s camera and microphone, log keystrokes, or hijack a device’s functions. Most of the time users are completely unaware that they are being surveilled and there is not much information on what comprises a ‘lawful hacking’. ACLU argues that "Law enforcement use of hacking presents a unique threat to individual privacy." They have supported this claim by giving examples of a case in which the government commandeered an internet hosting service in order to set up a “watering hole” attack that is suspected to have spread malware to many innocent people that visited websites on the server. In another case, an FBI agent, posing as a reporter, investigating fake bomb threats impersonated an Associated Press reporter to deploy malware on a suspect’s computer. The agent created a fake story and sent a link to the story to a high school student. When the student visited the website, it implanted malware on his computer in order to report back identifying information to the FBI. To get a better understanding of what the government is doing, along with what rules it follows; the lawsuit will clarify whether and when the government should engage in hacking. It will also help users understand whether the government is collecting excessive information about the people it surveils, and how investigators handle innocent bystanders’ information. You can head over to ACLU’s official blog to know more about this news. IBM faces age discrimination lawsuit after laying off thousands of older workers, Bloomberg reports Microsoft calls on governments to regulate Facial recognition tech now, before it is too late British parliament publishes confidential Facebook documents that underscore the growth at any cost culture at Facebook

According to an Indictment report from the U.S. Justice Department released on Thursday, the Chinese hackers working on behalf of China’s Ministry of State Security breached the networks of dozens of tech companies and government departments, largely in an effort to steal intellectual property. The report stated that the attacks were being carried out by a group known as APT10, which various security companies have linked to the Chinese state. Speaking to Wired, Benjamin Read, senior manager for cyberespionage analysis at FireEye, said, “MSPs are incredibly valuable targets. They are people that you pay to have privileged access to your network. It’s a potential foothold into hundreds of organizations.” What organizations did the Chinese cybercriminal group target? According to Reuters, hackers successfully targeted Hewlett Packard Enterprise, IBM and both companies customers. In response to the attack, IBM said that it “has been aware of the reported attacks and already has taken extensive counter-measures worldwide as part of our continuous efforts to protect the company and our clients against constantly evolving threats. We take responsible stewardship of client data very seriously, and have no evidence that sensitive IBM or client data has been compromised by this threat.” HPE also responded. The company said in a statement that it had spun out a large managed-services business in a 2017 merger with Computer Sciences Corp that formed a new company, DXC Technology. “The security of HPE customer data is our top priority. We are unable to comment on the specific details described in the indictment, but HPE’s managed services provider business moved to DXC Technology in connection with HPE’s divestiture of its Enterprise Services business in 2017.” The hackers are believed to have used a technique known as spearphishing. This is a highly targeted form of phishing, where a website is disguised as reputable and trustworthy in order to scam the targets. Dmitri Alperovitch, Chief Technology Officer at CrowdStrike, said, “Today’s announcement of indictments against Ministry of State Security (MSS), whom we deem now to be the most active Chinese cyber threat actor, is another step in a campaign that has been waged to indicate to China that its blatant theft of IP is unacceptable and will not be tolerated”. Alperovitch added that “while this action alone will not likely solve the issue and companies in the US, Canada, Europe, Australia, and Japan will continue to be targeted by MSS for industrial espionage, it is an important element in raising the cost and isolating them internationally.” The U.K. government also said, “The National Cyber Security Centre assesses with the highest level of probability that the group widely known as APT10 is responsible for this sustained cyber campaign focused on large-scale service providers. The group almost certainly continues to target a range of global companies, seeking to gain access to commercial secrets.” “China has long rebuffed complaints from other nations accusing it of cyber attacks and espionage but didn’t immediately comment on Thursday’s indictment”, per TechCrunch. Former Senior VP’s take on the Mariott data breach; NYT reports suspects Chinese hacking ties Chinese hackers use snail mails to send malware on board government PCs Chinese company ZTE Corp to assist the Venezuelan government to monitor citizen behavior using ‘Fatherland Card’

IEEE Computer Society (IEEE-CS) released its annual tech future predictions, earlier this week, unveiling the top ten most likely to be adopted technology trends in 2019. "The Computer Society's predictions are based on an in-depth analysis by a team of leading technology experts, identify top technologies that have substantial potential to disrupt the market in the year 2019," mentions Hironori Kasahara, IEEE Computer Society President. Let’s have a look at their top 10 technology trends predicted to reach wide adoption in 2019. Top ten trends for 2019 Deep learning accelerators According to IEEE computer society, 2019 will see widescale adoption of companies designing their own deep learning accelerators such as GPUs, FPGAs, and TPUs, which can be used in data centers. The development of these accelerators would further allow machine learning to be used in different IoT devices and appliances. Assisted transportation Another trend predicted for 2019 is the adoption of assisted transportation which is already paving the way for fully autonomous vehicles. Although the future of fully autonomous vehicles is not entirely here, the self-driving tech saw a booming year in 2018. For instance, AWS introduced DeepRacer, a self-driving race car, Tesla is building its own AI hardware for self-driving cars, Alphabet’s Waymo will be launching the world’s first commercial self-driving cars in upcoming months, and so on. Other than self-driving, assisted transportation is also highly dependent on deep learning accelerators for video recognition. The Internet of Bodies (IoB) As per the IEEE computer society, consumers have become very comfortable with self-monitoring using external devices like fitness trackers and smart glasses. With digital pills now entering the mainstream medicine, the body-attached, implantable, and embedded IoB devices provide richer data that enable development of unique applications. However, IEEE mentions that this tech also brings along with it the concerns related to security, privacy, physical harm, and abuse. Social credit algorithms Facial recognition tech was in the spotlight in 2018. For instance, Microsoft President- Brad Smith requested governments to regulate the evolution of facial recognition technology this month, Google patented a new facial recognition system that uses your social network to identify you, and so on.  According to the IEEE, social credit algorithms will now see a rise in adoption in 2019. Social credit algorithms make use of facial recognition and other advanced biometrics that help identify a person and retrieve data about them from digital platforms. This helps them check the approval or denial of access to consumer products and services. Advanced (smart) materials and devices IEEE computer society predicts that in 2019, advanced materials and devices for sensors, actuators, and wireless communications will see widespread adoption. These materials include tunable glass, smart paper, and ingestible transmitters, will lead to the development of applications in healthcare, packaging, and other appliances.   “These technologies will also advance pervasive, ubiquitous, and immersive computing, such as the recent announcement of a cellular phone with a foldable screen. The use of such technologies will have a large impact on the way we perceive IoT devices and will lead to new usage models”, mentions the IEEE computer society. Active security protection From data breaches ( Facebook, Google, Quora, Cathay Pacific, etc) to cyber attacks, 2018 saw many security-related incidents. 2019 will now see a new generation of security mechanisms that use an active approach to fight against these security-related accidents. These would involve hooks that can be activated when new types of attacks are exposed and machine-learning mechanisms that can help identify sophisticated attacks. Virtual reality (VR) and augmented reality (AR) Packt’s 2018 Skill Up report highlighted what game developers feel about the VR world. A whopping 86% of respondents replied with ‘Yes, VR is here to stay’. IEEE Computer Society echoes that thought as it believes that VR and AR technologies will see even greater widescale adoption and will prove to be very useful for education, engineering, and other fields in 2019. IEEE believes that now that there are advertisements for VR headsets that appear during prime-time television programs, VR/AR will see widescale adoption in 2019. Chatbots 2019 will also see an expansion in the development of chatbot applications. Chatbots are used quite frequently for basic customer service on social networking hubs. They’re also used in operating systems as intelligent virtual assistants. Chatbots will also find its applications in interaction with cognitively impaired children for therapeutic support. “We have recently witnessed the use of chatbots as personal assistants capable of machine-to-machine communications as well. In fact, chatbots mimic humans so well that some countries are considering requiring chatbots to disclose that they are not human”, mentions IEEE.   Automated voice spam (robocall) prevention IEEE predicts that the automated voice spam prevention technology will see widespread adoption in 2019. It will be able to block a spoofed caller ID and in turn enable “questionable calls” where the computer will ask questions to the caller for determining if the caller is legitimate. Technology for humanity (specifically machine learning) IEEE predicts an increase in the adoption rate of tech for humanity. Advances in IoT and edge computing are the leading factors driving the adoption of this technology. Other events such as fires and bridge collapses are further creating the urgency to adopt these monitoring technologies in forests and smart roads. "The technical community depends on the Computer Society as the source of technology IP, trends, and information. IEEE-CS predictions represent our commitment to keeping our community prepared for the technological landscape of the future,” says the IEEE Computer Society. For more information, check out the official IEEE Computer Society announcement. Key trends in software development in 2019: cloud native and the shrinking stack Key trends in software infrastructure in 2019: observability, chaos, and cloud complexity Quantum computing, edge analytics, and meta learning: key trends in data science and big data in 2019