Site Overlay

I’m An Airline, Fly Me

This an email from a bona fide airline:  Dear Sir/Madam, Please be informed that your transaction with [international carrier] has been confirmed. Due to fraud prevention procedure against Credit Card transaction, we would like to validate your recent transaction with [international carrier] by filling information below : Passenger(s) name : Route :Date of Travel :Cardholder name :Address : Also, we need to confirm and validate your name and last four digit of your card number. Please kindly provide scanned/image of your front side credit card that used to buy the ticket. You may cover the rest information on the card. Please reply in 8 hoursContinue readingI’m An Airline, Fly Me

All at sea: global shipping fleet exposed to hacking threat

[Original link: this one includes links to the source material where available] (Reuters) – The next hacker playground: the open seas – and the oil tankers and container vessels that ship 90 percent of the goods moved around the planet. In this internet age, as more devices are hooked up online, so they become more vulnerable to attack. As industries like maritime and energy connect ships, containers and rigs to computer networks, they expose weaknesses that hackers can exploit. Hackers recently shut down a floating oil rig by tilting it, while another rig was so riddled with computer malware that it took 19 days toContinue readingAll at sea: global shipping fleet exposed to hacking threat

ZTE confirms security hole in U.S. phone

This is a piece I wrote with my colleague Lee Chyen Yee on the ZTE vulnerability.  ZTE Corp, the world’s No.4 handset vendor and one of two Chinese companies under U.S. scrutiny over security concerns, said one of its mobile phone models sold in the United States contains a vulnerability that researchers say could allow others to control the device. The hole affects ZTE’s Score model that runs on Google Inc’s Android operating system and was described by one researcher as “highly unusual.” “I’ve never seen it before,” said Dmitri Alperovitch, co-founder of cybersecurity firm, CrowdStrike. The hole, usually called a backdoor, allows anyone withContinue readingZTE confirms security hole in U.S. phone

True Video Lies

This is a longer version of a piece I recorded for the BBC World Service. The other day my wife lost her phone out shopping. We narrowed it down to either the supermarket or the taxi. So we took her shopping receipt to the supermarket and asked to see their CCTV to confirm she still had the phone when she left. To my surprise they admitted us into their control room. Banks of monitors covering nooks, crannies, whole floors, each checkout line. There they let us scroll through the security video—I kind of took over, because the guy didn’t seem to know how to useContinue readingTrue Video Lies

Carrier IQ’s Opt-Out Data Collection Patent

ZDNet writes here about an Carrier IQ patent that outlines keylogging and ability to target individual devices . Which is interesting. But Carrier IQ owns a dozen patents, including this one, which to me is much more interesting. This patent indicates what Carrier IQ software could do—not what it does—but it is revealing nonetheless: A communication device and a data server record and collect events and event-related data to create an activity record. A user of the communication device may request that events and related data be recorded and collected using a configuration option on the communication device or through an interaction with the dataContinue readingCarrier IQ’s Opt-Out Data Collection Patent

Former Soviet Bloc, Allies, Under Lurid Attack

Trend Micro researchers David Sancho and Nart Villeneuve have written up an interesting attack they’ve dubbed LURID on diplomatic missions, government ministries, space-related government agencies and other companies and research institutions in the former Soviet bloc and its allies. (Only China was not a Soviet bloc member or ally in the list, and it was the least affected by the attack.) Although they don’t say, or speculate, about the attacker, it’s not hard to conclude who might be particularly interested in what the attacks are able to dig up: Although our research didn’t reveal precisely which data was being targeted, we were able to determine that,Continue readingFormer Soviet Bloc, Allies, Under Lurid Attack

Taking Shady RAT to the Next Level

I know I’ve drawn attention to this before, but the timeline of McAfee’s Operation Shady RAT by Dmitri Alperovitch raises questions again about WikiLeaks’ original data. Alperovitch points out that their data goes back to mid-2006: We have collected logs that reveal the full extent of the victim population since mid-2006 when the log collection began. Note that the actual intrusion activity may have begun well before that time but that is the earliest evidence we have for the start of the compromises. This was around the time that Julian Assange was building up the content that, he recounted in emails at the time, that his hardContinue readingTaking Shady RAT to the Next Level

Data, WikiLeaks and War

I’m not going to get into the rights and wrongs of the WikiLeaks thing. Nor am I going to look at the bigger implications for the balance of power between governed and governing, and between the U.S. and its allies and foes. Others have written much better than I can on these topics. I want to look at what the cables tell us about the sorting, sifting and accessing of this information. In short, what does this tell us about how the world’s most powerful nation organized some of its most prized data? To start, with, I want to revisit a conversation I had sittingContinue readingData, WikiLeaks and War

A pale white man shows us what journalism is

My weekly Loose Wire Service column. Is the Internet replacing journalism? It’s a question that popped up as I gazed at the blurred, distorted web-stream of a press conference from London by the founder of WikiLeaks, a website designed to “protect whistleblowers, journalists and activists who have sensitive materials to communicate to the public”. On the podium there’s Julian Assange. You can’t make a guy like this up. White haired, articulate and defensive, aloof and grungy, specific and then sweepingly angry. Fascinating. In a world of people obsessed by the shininess of their iPhones, Assange is either a throwback to the past or a gulfContinue readingA pale white man shows us what journalism is

Design: It’s All About Alarm Clocks

Business writer and entrepreneur Seth Godin throws out product ideas like other people throw out orange juice cartons: For twenty cents or so, alarm clock manufacturers can add a chip that not only knows the time (via a radio signal) but knows what day it is too. Which means that they can add a switch that says “weekends.” Which means that the 98% of the population that doesn’t want to wake up on the same time on weekends as they do on weekdays will be happier (and better rested.) But he’s not touting a new alarm clock, he’s making a point: “So why doesn’t everyContinue readingDesign: It’s All About Alarm Clocks

Copyright © 2020 loose wire blog. All Rights Reserved. | Catch Sketch by Catch Themes