News & Updates

Remember the ‘Olympic Destroyer’ cyber attack?

The group behind it is still alive, kicking and has now been found targeting biological and chemical threat prevention laboratories in Europe and Ukraine, and a few financial organisation in Russia.

Earlier this year, an unknown group of notorious hackers targeted Winter Olympic Games 2018, held in South Korea, using a destructive malware that


Source: http://feeds.feedburner.com/TheHackersNews

Enlarge (credit: Amazon)

Hotel rooms will serve as the newest homes for Amazon’s Alexa starting this summer. Amazon announced a special version of its virtual assistant, Alexa for Hospitality, that will live across Echo devices placed in hotels, vacation rentals, and other similar locations.

Alexa in these devices will be able to do special things for both hospitality professionals and their customers. Amazon claims its Alexa for Hospitality experience will let hotel professionals “deepen engagement” through its voice controls that customers can use. Hotels can also customize some of the experience that they want their customers to have by choosing default music services, creating special Alexa Skills that only their guests can use, and monitor device online status and other connectivity issues.

Guests staying in a room with an Echo device will likely find the experience either convenient or invasive. Guests can ask Alexa to do things like order room service, answer questions about hotel services, control some in-room connected devices like lights and blinds, and more. Alexa Skills will also be available, so guests can use a Skill such as Flight Tracker to check the status of their flight before checking out.

Read 6 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge / The view of the new Tesla Sprung tent, shot from the Warm Springs BART station. (credit: Cyrus Farivar)

FREMONT, Calif.—Tesla’s new tented facility isn’t just a new temporary “assembly line” but is seemingly the first phase of an entirely new building, dubbed “Factory 2.0.”

On June 16, CEO Elon Musk publicly announced a “new general assembly line” made with “minimal resources.” However, a January 2018 geotechnical investigation report newly on file with the city building permit office notes that Tesla has plans to build a 500,000 square foot “multi story building north of the existing North Paint Building.”

The tent is easily visible from the nearby Warm Springs BART station platform. When Ars visited on Monday afternoon, there appeared to be cranes and forklifts moving around the site. We could not easily see inside the long white temporary structure, but there did not appear to be any newly completed vehicles rolling off the lines in the adjacent parking lot.

Read 11 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

The Internet-Draft document if approved formally deprecates Transport Layer Security versions 1.0 (TLS 1.0) [RFC2246] and 1.1 (TLS 1.1) [RFC4346].

In March, the Internet Engineering Task Force (IETF) finally announced the approval of TLS 1.3, the new version of the Transport Layer Security traffic encryption protocol.

It was a long journey, the IETF has been analyzing proposals for TLS 1.3 since April 2014, the final release is the result of the work on 28 drafts.

The TLS protocol was designed to allow client/server applications to communicate over the Internet in a secure way preventing message forgery, eavesdropping, and tampering.

TLS 1.2 and TLS 1.3 are quite different, the new version introduces many major features to improve performance and to make the protocol more resilient to certain attacks such as the ROBOT technique.

Surprisingly the both TLS 1.0 and TLS 1.1 version are still adopted online, in many cases the migration of application is still waiting for the commitment of the management to start exposing users to serious risks.

Some experts argue the best way to make the Internet more secure is to ban application fallback to both TLS 1.0 and 1.1 standards.

The PCI Council’s deprecation deadline of June 30, 2018, is upon us and the Internet-Draft urges the deprecation of insecure protocols.

The support for TLSv1.0 has been removed or will be by July 2018 from several standards, products, and services, including 3GPP 5G, CloudFare, Amazon Elastic Load Balancing, o GitHub.

The Draft also highlights that supporting older versions also requires additional effort for library and product maintenance.

“This document [if approved] formally deprecates Transport Layer Security (TLS) versions 1.0 [RFC2246] and 1.1 [RFC4346] and moves these documents to the historic state. These versions lack support for current and recommended cipher suites, and various government and industry profiiles of applications using TLS now mandate avoiding these old TLS versions.” reads the Draft.

TLS 1.0 deprecated

“Pragmatically, clients MUST NOT send a ClientHello with ClientHello.client_version set to {03,01}. Similarly, servers MUST NOT send a ServerHello with ServerHello.server_version set to {03,01}.” continues the draft. “Any party receiving a Hello message with the protocol version set to {03,01} MUST respond with a ‘protocol_version’ alert message and close the connection.”

The publication of TLS 1.3 will happen very soon, it is currently under the final review.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – TLS, encryption)


The post Deprecating TLS 1.0 and TLS 1.1 … kill them now! appeared first on Security Affairs.

Source: Security affairs

Enlarge / Trump meeting with Chinese president Xi Jinping in China last year. (credit: Thomas Peter – Pool/Getty Images)

The US Senate on Monday voted to block implementation of a settlement that would lift a sweeping ban on US technology being exported to ZTE. The export ban, which the Trump administration imposed on ZTE in April, amounts to a de facto death sentence for the Chinese company, which is heavily dependent on American-made chips and software.

The Trump administration recently signed a deal that would lift the export ban in exchange for a $1 billion fine and the firing of all of ZTE’s senior leadership. But a bipartisan group of senators believes the deal was too lenient.

“The death penalty is an appropriate punishment for their behavior,” said Sen. Tom Cotton (R-Ark.) in an interview with The Wall Street Journal last week.

Read 12 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

In spite of countless leaks and pre-show announcements, this year’s Electronic Entertainment Expo (E3) still managed to surprise us. Perhaps the biggest surprise of all was the presence of so many well-crafted, single-player delights. We were also happy to see way fewer battle royale cash-ins than we’d feared—though maybe they are just taking longer to develop.

Since attending the show last week, our E3 brain trust (Kyle Orland, Sam Machkovech, Samuel Axon) has been arguing over our favorite hands-on and hands-off demos. We managed to settle on this definitive top-ten list, along with a slew of honorable mentions.

Our selected games are listed in alphabetical order, not ranked.

Read 57 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

(video link)

The US Air Force has kicked off the procurement for another round of wing replacements for A-10 Thunderbolt II attack aircraft, known affectionately by many as the Warthog. With new wings, the A-10s will help fill a gap left by the delayed volume delivery of F-35A fighters, which were intended to take over the A-10’s close air support (CAS) role in “contested environments”—places where enemy aircraft or modern air defenses would pose a threat to supporting aircraft. For now, the A-10 is being used largely in uncontested environments, where the greatest danger pilots face is small arms fire or possibly a Stinger-like man-portable air defense system (MANPADS) missile. But the Warthog is also being deployed to Eastern Europe as part of the NATO show of strength in response to Russia.

While the A-10 will keep flying through 2025 under current plans, Air Force leadership has perceived (or was perhaps convinced to see) a need for an aircraft that could take over the A-10’s role in low-intensity and uncontested environments—something relatively inexpensive and easy to maintain that could be flown from relatively unimproved airfields to conduct armed reconnaissance, interdiction, and close air support missions. The replacement would also double as advanced trainer aircraft for performing weapons qualifications and keeping pilots’ flight-time numbers up.

Read 7 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: National Archives Archeological Site)

The advanced hacking group that sabotaged the Pyeongchang Winter Olympics in February has struck again, this time in attacks that targeted financial institutions in Russia and chemical- and biological-threat prevention labs in France, Switzerland, the Netherlands, and Ukraine, researchers said.

The new campaigns began last month with spear-phishing emails that were designed to infect targeted companies with malware that collected detailed information about their computers and networks. One of the malicious Word documents referred to Spiez Convergence, a biochemical threat conference that’s organized by the Spiez Laboratory, which played a key role in the investigation of the poisoning in March of a former Russian spy in the UK. UK government officials have said Russia was behind the poisoning. A second document targeted health and veterinary control authorities in Ukraine.

Researchers from Moscow-based Kaspersky Lab said that documents in the phishing emails closely resemble those used to infect organizers, suppliers, and partners of the Winter Olympic Games in the months preceding the February Pyeongchang attack. These initial infections allowed the attackers to spend months developing detailed knowledge of the networks supporting the games. One of the key reasons the malware dubbed Olympic Destroyer was so successful in disrupting the Olympics was that it used this knowledge to sabotage the networks. The discovery of a new phishing campaign by the same group raises the possibility that they are intended to support new sabotage hacks.

Read 8 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

BitTorrent, the company which owns the popular file-sharing client uTorrent, has quietly been sold for $140 million in cash to Justin Sun, the founder of blockchain-focused startup TRON.

TRON is a decentralized entertainment and content-sharing platform that uses blockchain and distributed storage technology. It allows users to publish content without having to use third-party platforms such


Source: http://feeds.feedburner.com/TheHackersNews

Enlarge (credit: SAUL LOEB/AFP/Getty Images)

A federal grand jury has formally indicted Joshua Adam Schulte, a former CIA employee who prosecutors say was behind the Vault 7 trove of the agency’s hacking tools, which were sent to WikiLeaks.

Schulte, who had previously been prosecuted for possession of child pornography, has been expected to be indicted on the leaking charges for some time now. The New York-based engineer was arrested in August 2017.

According to the new superseding indictment, which was made public on Monday, Schulte faces numerous charges, including illegal gathering of national defense information, transmission of this information, and obstruction of justice, among others.

Read 6 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/