Surge in Anonymous Asia Twitter Accounts Sparks Bot Fears

Quoting SecurityWeek: Hong Kong – It has been jokingly referred to as “Botmageddon”. But a surge in new, anonymous Twitter accounts across swathes of Southeast and East Asia has deepened fears the region is in the throes of US-style mass social media manipulation. SecurityWeek.

from Google Alert – anonymous https://ift.tt/2HjRyGj
via IFTTT

from Blogger http://insidenothing.blogspot.com/2018/04/surge-in-anonymous-asia-twitter.html
via IFTTT

Advertisements

Meteor Over Crater Lake

Did you see it? One of the more common questions during a meteor shower occurs because the time it takes for a meteor to flash is typically less than the time it takes for a head to turn. Possibly, though, the glory of seeing bright meteors shoot across and knowing that they were once small granules on another world might make it all worthwhile, even if your observing partner(s) could not share in every particular experience. Peaking late tonight, a dark sky should enable the Lyrids meteor shower to exhibit as many as 20 visible meteors per hour from some locations. In the featured composite of nine exposures taken during the 2012 shower, a bright Lyrid meteor streaks above picturesque Crater Lake in Oregon, USA. Snow covers the foreground, while the majestic central band of our home galaxy arches well behind the serene lake. Other meteor showers this year — and every year — include the Perseids in mid-August and the Leonids in mid-November. via NASA https://ift.tt/2qVMv8f

from Blogger http://insidenothing.blogspot.com/2018/04/meteor-over-crater-lake.html
via IFTTT

Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data

Not just Facebook, a new vulnerability discovered in Linkedin’s popular AutoFill functionality found leaking its users’ sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites can use to let LinkedIn users quickly fill in profile data, including their full name, phone number, email address,

from The Hacker News https://ift.tt/2Hil0AG
via IFTTT

from Blogger http://insidenothing.blogspot.com/2018/04/flaw-in-linkedin-autofill-plugin-lets.html
via IFTTT

British Schoolboy Who Hacked CIA Director Gets 2-Year Prison Term

The British teenager who managed to hack into the online accounts of several high-profile US government employees sentenced to two years in prison on Friday. Kane Gamble, now 18, hacked into email accounts of former CIA director John Brennan, former Director of National Intelligence James Clapper, former FBI Deputy Director Mark Giuliano, and other senior FBI officials—all from his parent’s

from The Hacker News https://ift.tt/2HJB91c
via IFTTT

from Blogger http://insidenothing.blogspot.com/2018/04/british-schoolboy-who-hacked-cia.html
via IFTTT

[FD] [SE-2011-01] The origin and impact of vulnerabilities in ST chipsets

Hello All, We have published an initial document describing the origin and impact of the vulnerabilities discovered in ST chipsets along some rationale indicating why it’s worth to dig further into this case: https://ift.tt/2vt3C6C This document is a work in progress. As such, it will be updated once new information is acquired regarding the impact of the issues found. ST vulnerabilities are still a mystery to many and we keep receiving inquiries about them regardless of the fact that almost 6 years had passed since the disclosure. STMicroelectronics, although out of STB and DVB chipset business, has not provided us with any details regarding the impact of the issues found. We have reasons to believe that vulnerable IP (TKD Crypto core of STi7111 SoC) might be part of other ST chipsets and/or part of other vendors’ solutions, not necessarily related to PayTV industry (e-passports, banking cards and SIM cards). We have reasons to believe that ST actions were aimed to hide the impact of the issues found, that company’s shareholders were not aware of these vulnerabilities, their impact and associated liabilities. We have reasons to believe that the issues have not been resolved up to this day. In Mar 2018, we asked CERT-FR (French governmental CSIRT) and IT-CERT (CERT Nazionale Italia) for assistance aimed at obtaining information from STMicroelectronics regarding security issues found in their chipsets (ST is a French-Italian company and both French and Italian governments hold 13.8% of its stake each). For some unknown reason, both CERTs have stopped responding to our messages [1]. We are still to hear from US-CERT. Over the last 20+ years, we have been dealing with various vendors and ecosystems (desktop, cloud, mobile, etc.). The case of STMicroelectronics vulnerabilities is however truly unique as we have never met with such a persistent and long-term refusal to provide information pertaining to the impact and addressing of security vulnerabilities found. The usual “crisis management” conducted by vendors for disclosures of high impact flaws involve carefully-worded statements indicating that the issues affect older products only or in case of low / limited impact flaws, a vendor usually publishes a list of vulnerable products to clearly emphasize the low nature of the issues found. ST refusal to provide any information pertaining to the impact of the flaws found in its chipsets can be perceived in terms of intentionally hiding the impact of a much larger magnitude than anticipated by the reporting party, customers or the public. It could be that these actions are aimed at avoiding the liabilities associated with manufacturing flawed products, the costs of their recalls and/or replacements. ST has all the means to end any speculation pertaining to the nature of the issues found in its chipsets and their impact by simply delivering clear impact information to general public (vulnerable chipset models, whether vulnerable IP is used in other products, possible remediation steps, etc). Security Explorations will continue engaging various entities such as US-CERT in a goal to acquire accurate information pertaining to the impact and addressing of ST vulnerabilities. The newly published document and our SE-2011-01 Vendor Status page will reflect any new information acquired and the steps taken to obtain it. We are also ready to release to the public all unpublished bits pertaining to our research of ST chipsets such as SRP-2018-01 [2] material if deemed necessary. Thank you. Best Regards, Adam Gowdiak

Source: Gmail -> IFTTT-> Blogger

from Blogger http://insidenothing.blogspot.com/2018/04/fd-se-2011-01-origin-and-impact-of.html
via IFTTT

TESS Launch Close Up

NASA’s Transiting Exoplanet Survey Satellite (TESS) began its search for planets orbiting other stars by leaving planet Earth on April 18. The exoplanet hunter rode to orbit on top of a Falcon 9 rocket. The Falcon 9 is so designated for its 9 Merlin first stage engines seen in this sound-activated camera close-up from Space Launch Complex 40 at Cape Canaveral Air Force Station. In the coming weeks, TESS will use a series of thruster burns to boost it into a high-Earth, highly elliptical orbit. A lunar gravity assist maneuver will allow it to reach a previously untried stable orbit with half the orbital period of the Moon and a maximum distance from Earth of about 373,000 kilometers (232,000 miles). From there, TESS will carry out a two year survey to search for planets around the brightest and closest stars in the sky. via NASA https://ift.tt/2vChwDG

from Blogger http://insidenothing.blogspot.com/2018/04/tess-launch-close-up.html
via IFTTT