background preloader

17/02 - “omnipotent” hackers tied to NSA hid for 14 years—and were found at last

17/02 - “omnipotent” hackers tied to NSA hid for 14 years—and were found at last
CANCUN, Mexico — In 2009, one or more prestigious researchers received a CD by mail that contained pictures and other materials from a recent scientific conference they attended in Houston. The scientists didn't know it then, but the disc also delivered a malicious payload developed by a highly advanced hacking operation that had been active since at least 2001. The CD, it seems, was tampered with on its way through the mail. It wasn't the first time the operators—dubbed the "Equation Group" by researchers from Moscow-based Kaspersky Lab—had secretly intercepted a package in transit, booby-trapped its contents, and sent it to its intended destination. In 2002 or 2003, Equation Group members did something similar with an Oracle database installation CD in order to infect a different target with malware from the group's extensive library. A long list of almost superhuman technical feats illustrate Equation Group's extraordinary skill, painstaking work, and unlimited resources.

https://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/

Related:  Le tekos - La revue de presseSecurityStuff 2

17/02 - Flash Drives Replace Disks at Amazon, Facebook, Dropbox SAN JOSE, CALIFORNIA — If you drive south from San Jose until the buildings are few and far between, exit the highway, and take a quick left, you’ll find a data center occupied by some of the biggest names on the web. Run by a company called Equinix, the facility is a place where the likes of Google, Facebook, and Amazon can plug their machines straight into the big internet service providers. If you’re allowed inside and you walk past the cages of servers and other hardware, you can’t see much. In most cages, the lights are off, and even when they’re on, there are few ways of knowing what gear belongs to what company. Some companies don’t want you to see.

The NSA hides surveillance software in hard drives It's been known for a while that the NSA will intercept and bug equipment to spy on its soon-to-be owners, but the intellgency agency's techniques are apparently more clever than first thought. Security researchers at Kaspersky Lab have discovered apparently state-created spyware buried in the firmware of hard drives from big names like Seagate, Toshiba and Western Digital. When present, the code lets snoops collect data and map networks that would otherwise be inaccessible -- all they need to retrieve info is for an unwitting user to insert infected storage (such as a CD or USB drive) into an internet-connected PC.

Scientists Used Virtual Reality to Teleport People into Different Bodies This article originally appeared on Motherboard While surgery bots like Da Vinci XI are already letting doctors perform surgery through machines, we could see humans teleoperating robots from greater distances in the future. Say, for example, a doctor in London operating on someone in Mumbai, or a human operating a robot on Mars. But what goes on in your brain when you’re under the illusion of embodying a robot? In a study published today, researchers at Sweden’s Karolinksa Institute set out to answer that question by creating an out-of-body illusion where volunteers were "teleported" into a foreign body with the help of virtual reality headsets.

09/02 - Hello HTTP/2 HTTP is the fundamental networking protocol that powers the web. The majority of sites use version 1.1 of HTTP, which was defined in 1999 with RFC2616. A lot has changed on the web since then, and a new version of the protocol named HTTP/2 is well on the road to standardization. We plan to gradually roll out support for HTTP/2 in Chrome 40 in the upcoming weeks. “SSL hijacker” behind Superfish debacle imperils large number of users Thursday's revelations that Lenovo PCs ship with adware that intercepts sensitive HTTPS-protected traffic have focused intense scrutiny on Superfish, the company that markets the intrusive software. But lost in the furor is the central role a company called Komodia plays in needlessly exposing the passwords and other sensitive data of not just Lenovo customers but also a much larger base of PC users. As this post was being prepared, Komodia's website was only sporadically available, with the company's homepage saying it was under distributed denial of service attacks.

Typeset In The Future The opening credits for Alien are nothing short of a typographic masterpiece. You can watch them in their entirety on the Art Of The Title web site, but here's the general gist: a slow, progressive disclosure of a disjointed, customized Futura reveals the movie's central theme over 90 seconds of beautifully-spaced angular lettering. UPDATE: Susan Bradley (and others) have pointed out that this is much more like Helvetica Black than Futura. I'd based my original claim on Art Of The Title's interview with the creators, despite a mismatch when I checked it against Futura myself. However, after a detailed comparison with Helvetica Black, I tend to agree with Susan.

02/02 - Raspberry Pi 2 The Raspberry Pi Foundation is likely to provoke a global geekgasm today with the surprise release of the Raspberry Pi 2 Model B: a turbocharged version of the B+ boasting a new Broadcom BCM2836 900MHz quad-core system-on-chip with 1GB of RAM – all of which will drive performance "at least 6x" that of the B+. Speaking to The Register last week, foundation head honcho Eben Upton said: "I think it's a usable PC now. It was always the case that you could use a Raspberry Pi 1 as a PC but you had to say 'this is a great PC in so far as it cost me 35 bucks'. We've removed the caveat that you had to be a bit forgiving with it. Now it's just good." Outwardly, there's little to distinguish the Pi 2 from the Pi 1 Model B+, as it's now designated.

Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections [Updated] Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said. The critical threat is present on Lenovo PCs that have adware from a company called Superfish installed. As unsavory as many people find software that injects ads into Web pages, there's something much more nefarious about the Superfish package. It installs a self-signed root HTTPS certificate that can intercept encrypted traffic for every website a user visits.

Do It Yourself Microwave Popcorn Recipe Did you know you can Make your Own Microwave Popcorn in under 4 minutes? Store bought Microwave popcorn is convenient, but it happens to be loaded with fats/oils/sodium, etc. You can make your own healthier, dirt cheap microwave popcorn, complete with various flavors of seasoning in under 4 minutes. You'll Need: paper bag (lunch size) 1/4 cup popcorn kernels 2 to 3 tablespoons melted butter (optional) Popcorn salt or table salt, to taste (optional) 1 tablespoon grated Parmesan cheese or other cheese sprinkle (optional) Pour the (unpopped kernels) of popcorn in the paper bag. Fold the top of the bag over twice to close. A tale of two viewports Page last changed today In this mini-series I will explain how viewports and the widths of various important elements work, such as the <html> element, as well as the window and the screen. This page is about the desktop browsers, and its sole purpose is to set the stage for a similar discussion of the mobile browsers. Most web developers will already intuitively understand most desktop concepts. On mobile we’ll find the same concepts, but more complicated, and a prior discussion on terms everybody already knows will greatly help your understanding of the mobile browsers. The first concept you need to understand is CSS pixels, and the difference with device pixels.

DHS licenses malware forensics Cybersecurity DHS licenses malware forensics By Mark RockwellFeb 23, 2015 How US students get a university degree for free in Germany - BBC News While the cost of college education in the US has reached record highs, Germany has abandoned tuition fees altogether for German and international students alike. An increasing number of Americans are taking advantage and saving tens of thousands of dollars to get their degrees. In a kitchen in rural South Carolina one night, Hunter Bliss told his mother he wanted to apply to university in Germany. Amy Hall chuckled, dismissed it, and told him he could go if he got in.

Sad Foursquare :( By Michael Carney On March 11, 2015 With SXSW fast approaching, it seems clear that Meerkat will be the belle of this year’s new product ball. In fact, several dozen startup tastemakers have already anointed themselves the event’s unofficial correspondents, having signed up to broadcast the best moments of the week-long festival to non-attendees around the world. But while this is great news for the team behind Meerkat, which is at the very earliest stages of what could be an exciting growth story, at the same time it forces us to consider the sad state of one SXSW darling of years gone by. Foursquare may be the product most synonymous with “South by” – even more so than Twitter – launching at the festival to a rabid response in 2009.

Utah government sees 10,000-fold increase in cyberattacks Utah government sees 10,000-fold increase in cyberattacks By Mark PomerleauFeb 10, 2015 For government IT managers, cyberattacks are a daily reality and they are typically prepared with a host of detection and remediation tools to ensure sensitive data is not compromised. But the state of Utah has recently been subject to an unusual level of cyber malice that many believe is attributable to the $1 billion National Security Agency data center located there. Estimates on the number of attacks on Utah’s state computer networks range from 300 million per day to 500 million. In contrast, in 2013 the state was only seeing 50,000 to 20 million cyberattacks daily.

Related: