Monthly Archives: December 2016

Plug on Thousands of Dark Net

This incident supposedly was the first hack carried out by the attacker, who claimed responsibility in an interview with Motherboard. In addition to taking Freedom II offline, the person stole 74 gigabytes in files and a 2.3-GB database.

The database stolen from Freedom II contains 381,000 email addresses — thousands of them with .gov extensions, Troy Hunt, who runs the Have I Been Pwned website, told Wired.

However, those .gov addresses may not be legitimate, he noted.

The hack of Freedom II was relatively rudimentary, said Tim Condello, technical account manager and security researcher at RedOwl.

“They identified a configuration issue and used it to identify the root user of the system and gain control of it that way,” he told TechNewsWorld. After gaining control of the system, “they overwrote the index file and redirected the landing page for all the websites to a landing page containing their message.”

 

Shared Vulnerabilities

This attack demonstrates that when it comes to resistance to vulnerabilities, the Dark Web doesn’t have an edge.

“The underlying technology of the Dark Web isn’t anything revolutionary. The way a content management system or a hosting service operates is identical to how it’s done on the open Web,” Condello said.

“The difference is how the content is communicated, so it’s accessible only through the Dark Web,” he continued.

“The code that’s used for a forum on the Dark Web is the same code that’s used on the clear Web,” Condello explained, “so if there’s a vulnerability identified for WordPress, that vulnerability can be exploited on a Dark Web website using WordPress just as it would on the open Web.”

 

Flaws in Dark Web

The attack on Freedom II also shows the danger of concentrating resources in a central location.

“The fact that so many sites used this single particular hosting provider meant that a breach of that provider meant a breach of thousands of sites,” noted Danny Rogers, CEO of Terbium Labs.

“The anonymity of the Dark Web relies on its distributed nature,” he told TechNewsWorld. “These sorts of centralizations create significant weaknesses.”

Although breaking into servers and stealing data on the open Web is illegal, it remains to be seen what the consequences may be for the hacker of Freedom II.

“I’m sure they angered a lot of people, but I’m not sure how much anyone can do about it,” Rogers said.

There may be legal ramifications from the attack, but they could be for the people identified in the dump of stolen data rather than for the hacker.

“The data release is going to be a major boon to law enforcement,” Rogers observed.

Personal Cargo Robots

Welcome to Gadget Dreams and Nightmares, the column that occasionally stops gaping at contentious Senate confirmation hearings and votes to peruse the latest gadget announcements.

This time around, we’re looking at some of the gadgets that perhaps got a little lost in the noise after CES in January but caught our eye, for better or worse. Among them are a 4-D arcade machine and a robot designed to carry all the things you don’t want to.

As ever, dear readers, this is not a review column, in part because these products have yet to reach the public sphere, but mostly because the chances of my actually ever using said products are slim. The ratings relate only to how much I’d like to try them, should the stars align.

Reality Bites

Regular readers will know that I’ve played games my entire life. I hold deep reverence for the care and attention that go into creating these experiences, and I’ve rarely met a game I didn’t want to conquer.

Yet I am nervous about virtual reality. I’ve tried it and found those disorientating worlds difficult to handle, though I suspect that over time I could grow more accustomed to it. I doubt I could say the same for an arcade machine that both locks me into a VR world and pelts me with physical stimuli.

Koei Tecmo Wave’s VR Sense machine is a virtual reality arcade cabinet that houses you and subjects you to what I can only imagine is sheer torture. It has what Koei Tecmo Wave calls a “3D seat,” which attempts to draw players further into the games through touch, movement, aroma, wind, and temperature and precipitation changes. It’s not completely clear as yet whether you have to wear a headset for the full VR effect.

It’s launching with three games: a horse-riding simulator, a version of Koei Tecno Wave’s Dynasty Warrior franchise (with a stab at replicating in-game flames while you swelter in your moving chair), and a horror game.

I enjoy horror titles. However, I’d be less likely to welcome a VR horror game, as I’d probably come close to having a heart attack or three. There’s next to no chance I’d ever try Horror Sense.

That’s in large part due to the game apparently mimicking bugs falling from the ceiling and critters scuttling along the floor. I have a lot of questions about this, but ultimately, I’d tear off a VR headset in a second if I thought there were bugs falling on me while playing. No thank you, ma’am.

Apps Vulnerable to WiFi Snooping

Strafach categorized another 24 iOS apps as “medium risk.” Potentially intercepted information included service login credentials and session authentication tokens for users logged onto the network.

Strafach labeled the remaining apps “high risk” because potentially intercepted information included the snatching of financial or medical services login credentials.

He did not identify the medium and high risk apps by name, in order to give their makers time to patch the vulnerability in their apps.

How concerned should users be about their security when using these apps?

“I tried to leave out anything regarding concern level, as I do not want to freak people out too much,” Strafach told TechNewsWorld.

“While this is indeed a big concern in my opinion, it can be mostly mitigated by turning off WiFi and using a cellular connection to perform sensitive actions — such as checking bank balances — while in public,” he said.

 

Man in the Middle Attack

If anything, Strafach is understating the problem, maintained Dave Jevans, vice president for mobile security products at Proofpoint.

“We’ve analyzed millions of apps and found this is a widespread problem,” he told TechNewsWorld, “and it’s not just iOS. It’s Android, too.”

Still, it likely is not yet a cause for great alarm, according to Seth Hardy, director of security research at Appthority.

“It’s something to be concerned about, but we’ve never seen it actively exploited in the wild,” he told TechNewsWorld.

What the vulnerability does is enable a classic man-in-the-middle attack. Data from the target phone is intercepted before it reaches its destination. It is then decrypted, stored, re-encrypted and then sent to its destination — all without the user’s knowledge.

To do that, an app needs to be fooled into thinking it’s communicating with a destination and not an evesdropper.

“In order for a man-in-the-middle attack to be successful, the attacker needs a digital certificate that’s either trusted by the application, or the application is not properly vetting the trust relationship,” explained Slawek Ligier, vice president of engineering for security at Barracuda Networks.

“In this case, it appears that developers are developing applications in a way that allows any certificate to be accepted,” he told TechNewsWorld. “If the certificate is issued and not expired, they’re accepting it. They’re not checking if it’s been revoked or even if it’s properly signed.”

The Birth of Magic

As in crazy short, in a very short period of time we have two very different companies looking at two very different ways to eliminate traffic. Tesla wantsto tunnel under the ground to avoid traffic, while Uber wants to fly overhead.

Transportation has been a tad static for the last 40 years or so, and that apparently is about to change big time, as some folks even are reconsidering lighter-than-air transport.

This is just the start. There are amazing efforts cropping up all over the U.S., suggesting that we may be building a lot of things that truly are magical. I’ll share my thoughts on this coming industrial revolution and close with my product of the week: a very advanced, almost pocketable drone that is small enough for inside and powerful enough to fly outside.

The Death of Innovation

Both transportation and advancement have a mixed history. At the beginning of the 20th century, we moved from horses to cars. Ford even created one of the most reliable airliners in the world and was well down the path toward creating a flying car.

During the Great Depression, perhaps in response to an increase in regulations, advancements in personal transportation seemed to slow and become far more linear. Yes, cars in the 1960s were better than those in the 1930s — but given that we’d come from horses, the speed of advancement was far slower.

Air travel seemed to peak with the brief creation of supersonic transports, which proved uneconomical and unsafe. The current U.S. president, Donald Trump, is looking into why the next Airforce One is basically a plane that was designed back when Ronald Reagan was president and was considered obsolete in many ways even then.

Largely because of fuel shortages and regulations (sound, environmental, safety) we hit a wall in the 1970s in all forms of transportation. Trains in the U.S. are kind of an international embarrassment, given that we once were the leader in rail technology.

I still remember the $9M that California put into studies to determine that the monorail Walt Disney wanted to build to the airport, which was budgeted to cost just $3M, would be unprofitable. It was that kind of regulatory insanity that likely killed what once was the most innovative industry in the U.S.

It seemed that after we made it to the moon, we just stopped pushing the envelope — but that now seems to be changing, a lot.

 

Innovation Is Coming Back?!

I think what is going on, in part, is that a new breed is transforming the workforce — people who haven’t had it drummed into them that they couldn’t do something different. They’re not just filling entry positions, either. A large number of successful startups have come from trailblazers like Elon Musk and Jeff Bezos who, rather than asking “why?” effectively are asking “why not?”

It is fascinating that their ideas are all over the map. We suddenly are making advancements both above and below the ground. We are applying ever more intelligence to everything from toys to cars. The result is the emergence of what some are calling the “new industrial revolution.”

It is very difficult to see just how unprecedented this level of change is while we’re in the middle of it.

Consider this: In the 1990s Amazon started out as a bookseller in a garage in Seattle. Now it scares the crap out of Walmart. Google didn’t even exist until 1998, but it now is arguably the most powerful company in the world. And then there is Facebook.

Still, traditional industries like transportation were left alone until recently — that is, until Tesla popped in, made GM’s electric car efforts look foolish, and spun the auto market on its head.

Now, giant car companies all over the world are working to catch up, and Musk isn’t just running a car company. He has a solar energy company and arocket ship company as well. Seriously, he has a rocket ship company, and he isn’t alone — Jeff Bezos has one too.