Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

October 8, 2018

Cash Spitting ATMs Near You?

Filed under: Cybersecurity,Hacking — Patrick Durusau @ 10:19 am

Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash by Swati Khandelwal.

Fromt the post:

The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra.

Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and has previously launched attacks against a number of media organizations, aerospace, financial and critical infrastructure sectors across the world.

The group had also reportedly been associated with the WannaCry ransomware menace that last year shut down hospitals and big businesses worldwide, the SWIFT Banking attack in 2016, as well as the Sony Pictures hack in 2014.

Now, the FBI, the Department of Homeland Security (DHS), and the Department of the Treasury have released details about a new cyber attack, dubbed “FASTCash,” that Hidden Cobra has been using since at least 2016 to cash out ATMs by compromising the bank server.

See Khandelwal’s post for more details but the disruption/fun factor of such a hack is readily evident.

Most effective on Black Friday (a U.S. orgy of consumerism the day after Thanksgiving) or Christmas Eve (December 24th).

Remind testers of the hazards of facial recognition. Holiday masks are sold at many locations.

A Red Teamer’s guide to pivoting

Filed under: Cybersecurity,Hacking — Patrick Durusau @ 9:30 am

A Red Teamer’s guide to pivoting by Artem Kondratenko.

From the post:

Penetration testers often traverse logical network boundaries in order to gain access to client’s critical infrastracture. Common scenarios include developing the attack into the internal network after successful perimeter breach or gaining access to initialy unroutable network segments after compromising hosts inside the organization. Pivoting is a set of techniques used during red team/pentest engagements which make use of attacker-controlled hosts as logical network hops with the aim of amplifying network visibility. In this post I’ll cover common pivoting techniques and tools available.

A handy list of pivoting techniques to refresh/test your skills.

Enjoy!

October 4, 2018

The Atlas of Endangered Alphabets – Navajo Code Writers?

Filed under: Language — Patrick Durusau @ 8:40 am

The Atlas of Endangered Alphabets by Tim Brookes.

From the Kickstarter page:

Dear lovers of language, supporters of human rights, and Kickstarter allies past, present and future:

When I give exhibitions and talks on the Endangered Alphabets Project, everyone is fascinated. They want to know more about the scripts I carve, where they come from, the cultures that have created them and, above all, they ask, “How can we help?”

But here’s the problem: there’s no one source for such information. And when information remains scattered and hard to find, both the problems and the solutions seem vague, distant, over the horizon.

So I’m in the process of creating a free online Atlas of Endangered Alphabets, and I need your help. But first I need to explain why endangered alphabets are so important.

Every culture has its own spoken language, and many have their own written languages, too—languages they have developed to express their own beliefs, their own experiences, their understanding of their world. What they have collectively written in those languages is the record of their cultural identity: spiritual texts, historical documents, land deeds, letters between family members, poems.

In scores of countries, though, those minority languages are untaught, unofficial, suppressed, ignored, even illegal, and everything is transacted in the alphabets of the dominant cultures, even the conquerors. And when that happens, within two generations everything important enough to be written down becomes incomprehensible, and is lost.

Denying members of a minority culture the right to read, write and speak in their mother tongue defines them as inferior and unimportant, and leaves them vulnerable, marginalized, and open to abuse. The extent and quality of education go down, while levels of homelessness and incarceration, and even suicide go up—the kind of situation that has led to the endangerment or eradication of hundreds of Aboriginal languages in Australia and Native American languages in the U.S.

It’s my aim to help reverse that global loss, and the Atlas of Endangered Alphabets is my most ambitious and far-reaching effort in that direction.(You can hear me talking about the Atlas and the Endangered Alphabets Project, by the way, in a public radio interview HERE.)

Although the US intelligence community is often stymied by mainstream languages such as Arabic, Chinese, Russian, AI-assisted language tools will eventually bring them an elementary understanding of texts in those languages.

Begin preparing for that unhappy day by supporting the The Atlas of Endangered Alphabets!

Using endangered alphabets puts you in a position similar to the Navaho code talkers in WWII. Your enemies know it is a communication, that it is in a language, but their knowledge ends at that point. No AI tools to assist them.

If you don’t find the reasons Brookes advances compelling enough to support this project, consider the potential to stymy world class intelligence operations as an additional one. Interested now?

Patent Prior Art Archive – Malware Prior Art?

Filed under: Cybersecurity,Malware,Patents — Patrick Durusau @ 8:18 am

Coming together to create a prior art archive by Ian Wetherbee and Mike Lee.

From the post:

Patent quality is a two-way street. Patent applicants should submit detailed disclosures describing their inventions and actively participate in the examination process to define clear distinctions between their inventions and existing technology. Examiners reviewing patent applications should conduct thorough searches of existing technology, reject any attempts to patent existing technology, and develop a clear record of the differences between the patent claims and what came before. The more that the patent system supports and incentivizes these activities, the more reliable the rights that issue from patent offices will be, and the more those patents will promote innovation.

A healthy patent system requires that patent applicants and examiners be able to find and access the best documentation of state-of-the-art technology. This documentation is often found in sources other than patents. Non-patent literature can be particularly hard to find and access in the software field, where it may take the form of user manuals, technical specifications, or product marketing materials. Without access to this information, patent offices may issue patents covering existing technology, or not recognize trivial extensions of published research, removing the public’s right to use it and bringing the reliability of patent rights into question.

To address this problem, academia and industry have worked together to launch the Prior Art Archive, created through a collaboration between the MIT Media Lab, Cisco and the USPTO, and hosted by MIT. The Prior Art Archive is a new, open access system that allows anyone to upload those hard-to-find technical materials and make them easily searchable by everyone.

Believe it or not, Wetherbee and Lee write an entire post on Google and the Prior Art Archive, without ever giving the web address of the Prior Art Archive.

There, fixed that problem on the web. 😉 You know, it’s possible to be so self-centered as to be self-defeating.

The problems of malware prior art are orders of magnitude greater than patent prior art. The literature, posts, etc., alone are spread across ephemeral and often inaccessible forums, blogs, emails, chat groups, to say nothing of the self-defeating secrecy of security researchers themselves. (Not to mention information in languages other than English.)

A malware prior art archive would present numerous indexing, searching, machine translation, clustering and other problems. Perhaps not as lucrative as the results of the Patent Prior Art Archive but at least as interesting.

Thoughts? Suggestions?

PS: You can search the Prior Art Archive through Google Patents. Two other relevant Google resources: TDCommons (non-patented information) and Google Patents Public Datasets.

October 3, 2018

Someone is wrong on the Internet: Turing complete/weird machines

Filed under: Cybersecurity,Hacking — Patrick Durusau @ 10:43 am

Turing completeness, weird machines, Twitter, and muddled terminology by halvar.flake.

From the post:

First off, an apology to the reader: I normally spend a bit of effort to make my blog posts readable / polished, but I am under quite a few time constraints at the moment, so the following will be held to lesser standards of writing than usual.

A discussion arose on Twitter after I tweeted that the use of the term “Turing-complete” in academic exploit papers is wrong. During that discussion, it emerged that there are more misunderstandings of terms that play into this. Correcting these things on Twitter will not work (how I long for the days of useful mailing lists), so I ended up writing a short text. Pastebin is not great for archiving posts either, so for lack of a better place to put it, here it comes:

No apologies necessary for this highly entertaining and useful post!

Our misuse of “Turing completeness” and “weird machine” is harmful and confusing (emphasis in original)

Corrections of public ignorance rarely succeed but at least within exploit research, it’s worth a try. Watch for mis-use of Turing complete and weird machines and cite halvar.flake‘s correction.

PS: Personally I would not correct such misunderstandings by government sponsored researchers. Their ignorance and confusion doesn’t trouble me. Your call.

New Release: Tor Browser 8.0.2 – Upgrade Time!

Filed under: Privacy,Tor — Patrick Durusau @ 10:25 am

New Release: Tor Browser 8.0.2

From the post:

Tor Browser 8.0.2 is now available from the Tor Browser Project page and also from our distribution target=”_blank”directory.

This release features important security updates to Firefox. We picked up the necessary patches, but because we needed to start building before Mozilla was ready with a first candidate build, we did not bump the Firefox version to 60.2.2esr. Thus, users are fine with Tor Browser 8.0.2 even though the Firefox version is 60.2.1esr.

Grab the latest version of Tor Browser today!

You are the last and best hope for your personal privacy.

October 2, 2018

Tracking Potential Security Fails: The Pentagon and Its Familiars

Filed under: Hacking,Journalism,News,Reporting — Patrick Durusau @ 7:37 pm

Want to Track the Pentagon’s Funding? Here’s How You Can Follow the Money by Michael Morisy.

From the post:

In the 2017 financial year, the US Department of Defense alone spent about $590 billion, according to data from the Congressional Budget Office in Washington, DC. Even veteran journalists who cover the US government extensively can find themselves stumped.

“It was like an acid flashback getting your email,” said Steve Fainaru, winner of the 2008 Pulitzer Prize for International Reporting. “This was a huge issue for us. We couldn’t get these contracts.”

His reporting from Iraq shows millions in cost overruns for security contractors.

Since that series, new databases have been posted online that can help those looking to follow the money wherever it flows, including making it easier to trace contracts from companies in a specific country or servicing a particular area.

I’m not sure you will agree with “…making it easier to trace contracts from companies…(emphasis added)” but perhaps it is “easier” than before recent changes.

Certainly a very helpful article for journalists and anyone interested in information the government is willing to share. I take sharing of information by governments and corporations to indicate the shared information is of little value.

That said, tracking Pentagon funding also turns up entities, people and locations with access to data that isn’t intended for sharing. A ripe field for pentesting and security upgrade services.

Perhaps not the intent of the information sources mentioned by Morisy, but then information you can’t weaponize isn’t very interesting is it?

More Free Speech Lost at Twitter

Filed under: Censorship,Free Speech,Hacking,Twitter — Patrick Durusau @ 7:19 pm

Twitter bans distribution of hacked materials ahead of US midterm elections by Catalin Cimpanu.

From the post:


Twitter already had rules in place that prohibited the distribution of hacked materials that contain private information or trade secrets, but after Monday’s update, the platform’s review teams will also ban accounts that claim responsibility for a hack, make hacking threats, or issue incentives to hack specific people and accounts.

Nevertheless, the social network hasn’t been that successful, barely putting a dent in spam-related reports, with the number of complaints going down from 17,000 in May to only 16,000 in September. More work needs to be done, and Twitter just gave its staff sharper teeth to go about their job.

See Cimpanu’s post for the full scope of the damage being done to free speech at Twitter.

Any Twitter investor’s with insight into how much Twitter wastes on its censorship operations every year?

As an investor, I would want to see some ROI from censorship. You?

« Newer Posts

Powered by WordPress