New developments in research etc.

Concerns new Tor weakness is being exploited prompt dark market shutdown

A dark market website that relies on the Tor privacy network to keep its operators anonymous is temporarily shutting down amid concerns attackers are exploiting a newly reported weakness that can identify server locations.

As Ars reported last month, the technique requires the adversary to control the Tor entry point for the server hosting the hidden service. It also requires the attacker to have previously collected unique network characteristics that can serve as a fingerprint for that particular service. Still, once that bar is met, the attack has an 88-percent accuracy rate. Hidden services are sites that are accessible only from within the Tor, which conceals IP addresses of servers and users.

The Basic Principles of Security (and Why They Matter)

When people make general statements about Linux being more secure than Windows, know it or not, they are generally referring to architectural security. As a descendant of Unix, unlike Windows, Linux was designed from its earliest days as a multi-user system, which historically has meant that it is better adapted than Windows to modern computing.

That doesn’t mean, however, that all Linux installations are more secure than all Windows ones. As the shipping condition of many phones and tablets shows, it is all too easy for a Linux or Android system to be configured so that it is essentially wide open. Instead, what it means is that Linux has been easier to secure than Windows because, when you harden the system, you are working with it rather than against it, and with core parts of the system rather than add-ons.

Low Skilled Humans Need Not Apply: Exponential Job Disruption

I wish to emphasise before I begin that robots taking jobs is not the problem, the issue is the current government policies that are not ready to handle this disruption. I am not against automation, far from it, I want as much automation as possible but it would be naive to not consider any potential side effects with the way policies currently are and how slow government and culture can change regarding attitudes towards the most vulnerable in our society. The way the unemployed are treated and the government's acceptance of spiralling education costs, low social mobility and rising wealth/income inequality are difficult. but optimistically. not insurmountable obstacles.

Jeb Bush wants “a new arrangement with Silicon Valley” to ease crypto

Jeb Bush, one of the leading Republican presidential candidates, told a national security forum that Washington, DC needs a stronger link to Silicon Valley.

"There's a place to find common ground between personal civil liberties and NSA doing its job," Bush said Tuesday, according to the Associated Press. "I think the balance has actually gone the wrong way."

Algorithms are producing profiles of you. What do they say? You probably don’t have the right to know

The infancy of the internet is over. As online spaces mature, Facebook, Google, Apple, Amazon, and other powerful corporations are setting the rules that govern competition among journalists, writers, coders, and e-commerce firms. Uber and Postmates and other platforms are adding a code layer to occupations like driving and service work. Cyberspace is no longer an escape from the ‘real world’. It is now a force governing it via algorithms: recipe-like sets of instructions to solve problems.

From Google search to OkCupid matchmaking, software orders and weights hundreds of variables into clean, simple interfaces, taking us from query to solution. Complex mathematics govern such answers, but it is hidden from plain view, thanks either to secrecy imposed by law, or to complexity outsiders cannot unravel.

Fears Windows 10 will blow data caps

Consumer groups have slammed Microsoft for its policy of forced updates for Windows 10, which is hitting customers in remote locations with massive bill shocks by blowing out their data caps. But they warn bill shock may affect many more customers, regardless of where they are located. And, with many customers yet to receive their monthly internet bills, the full extent of the problem may not yet be apparent.

Maureen Hilyard, an internet user in the Cook Islands, an autonomous region associated with New Zealand, claims she faces a bill as much as $NZ600 ($A532) for the month of August, thanks to Windows 10 automatic updates.

Lenovo caught using rootkit-like technique to reload bloatware on clean Windows installs

Some geeky types like to wipe a new system clean when they take it home to make sure there’s no bloat. But Lenovo owners have discovered bloatware that can re-spawn in the background even after a fresh Windows install.

These folks weren’t reinstalling from a Lenovo recovery image, either. They were using vanilla Windows media, yet somehow Lenovo software was sneaking back on to their systems after the installation had completed — and with no active connection to the Internet.

How is that possible? Because Lenovo was utilizing a rootkit-like mechanism to put it back. First Superfish, now this. It hasn’t been a great PR year for Lenovo.

Even when told not to, Windows 10 just can’t stop talking to Microsoft

Windows 10 uses the Internet a lot to support many of its features. The operating system also sports numerous knobs to twiddle that are supposed to disable most of these features and the potentially privacy-compromising connections that go with them.

Unfortunately for privacy advocates, these controls don't appear to be sufficient to completely prevent the operating system from going online and communicating with Microsoft's servers.

For example, even with Cortana and searching the Web from the Start menu disabled, opening Start and typing will send a request to to request a file called threshold.appcache which appears to contain some Cortana information, even though Cortana is disabled. The request for this file appears to contain a random machine ID that persists across reboots.

Hack-Fueled ‘Unprecedented’ Insider Trading Ring Nets $100M

Hackers based in Ukraine and Russia allegedly broke into servers belonging to several newswires and passed sensitive information onto an underground trading ring as part of what’s being referred to as an unprecedented new level of insider trading.

Prosecutors claimed Tuesday that corporate information gleaned in the hacks was funneled to a sophisticated insider trading ring that earned those involved nearly $100 million.

HTC caught storing fingerprint data in unencrypted plain text

For the past few years, both Apple and the various Android manufacturers have been pushing the idea of fingerprint readers, typically on the dubious grounds that biometric security is a better choice compared to a good passcode. New research from the security firm FireEye seems to blow that claim wide open, however. According to FireEye, multiple Android manufacturers protect your fingerprint so poorly, it can be read by plugging the phone into a computer and knowing which folder to access.

Syndicate content